diff --git a/Makefile b/Makefile index 30f83d917276..c5aa90352703 100644 --- a/Makefile +++ b/Makefile @@ -171,6 +171,7 @@ schema-%: curl.ensure jq.ensure # As a courtesy to reviewers, please make changes to this list and the committed schema files in a # separate commit from other changes, as online code review tools may balk at rendering these diffs. get_schemas: \ + schema-aws!4.15.0 \ schema-aws!4.26.0 \ schema-aws!4.36.0 \ schema-aws!4.37.1 \ diff --git a/pkg/codegen/schema/docs_test.go b/pkg/codegen/schema/docs_test.go index fe1271bff1d2..16bc315f3343 100644 --- a/pkg/codegen/schema/docs_test.go +++ b/pkg/codegen/schema/docs_test.go @@ -13,9 +13,12 @@ import ( "strings" "testing" + "github.com/blang/semver" "github.com/pgavlin/goldmark/ast" "github.com/pgavlin/goldmark/testutil" + "github.com/pulumi/pulumi/pkg/v3/codegen/testing/utils" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) // Note to future engineers: keep each file tested as a single test, do not use `t.Run` in the inner @@ -164,6 +167,21 @@ func TestParseAndRenderDocs(t *testing.T) { } } +func pkgInfo(t *testing.T, filename string) (string, *semver.Version) { + filename = strings.TrimSuffix(filename, ".json") + idx := 0 + for { + i := strings.IndexByte(filename[idx:], '-') + idx + require.Truef(t, i != -1, "Could not parse %q into (pkg, version)", filename) + name := filename[:i] + version := filename[i+1:] + if v, err := semver.Parse(version); err == nil { + return name, &v + } + idx = i + 1 + } +} + func TestReferenceRenderer(t *testing.T) { t.Parallel() @@ -172,29 +190,31 @@ func TestReferenceRenderer(t *testing.T) { t.Fatalf("could not read test data: %v", err) } + seenNames := map[string]struct{}{} + //nolint:paralleltest // false positive because range var isn't used directly in t.Run(name) arg for _, f := range files { f := f - if filepath.Ext(f.Name()) != ".json" { + if filepath.Ext(f.Name()) != ".json" || f.Name() == "types.json" { continue } + name, version := pkgInfo(t, f.Name()) + + if _, ok := seenNames[name]; ok { + continue + } else { + seenNames[name] = struct{}{} + } t.Run(f.Name(), func(t *testing.T) { t.Parallel() - path := filepath.Join(testdataPath, f.Name()) - contents, err := ioutil.ReadFile(path) - if err != nil { - t.Fatalf("could not read %v: %v", path, err) - } - - var spec PackageSpec - if err = json.Unmarshal(contents, &spec); err != nil { - t.Fatalf("could not unmarshal package spec: %v", err) - } - pkg, err := ImportSpec(spec, nil) + host := utils.NewHost(testdataPath) + defer host.Close() + loader := NewPluginLoader(host) + pkg, err := loader.LoadPackage(name, version) if err != nil { - t.Fatalf("could not import package: %v", err) + t.Fatalf("could not import package %s,%s: %v", name, version, err) } //nolint:paralleltest // these are large, compute heavy tests. keep them in a single thread diff --git a/pkg/codegen/testing/test/testdata/aws-4.15.0.json b/pkg/codegen/testing/test/testdata/aws-4.15.0.json new file mode 100644 index 000000000000..8359d2bc927b --- /dev/null +++ b/pkg/codegen/testing/test/testdata/aws-4.15.0.json @@ -0,0 +1,305878 @@ +{ + "name": "aws", + "description": "A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.", + "keywords": [ + "pulumi", + "aws" + ], + "homepage": "https://pulumi.io", + "license": "Apache-2.0", + "attribution": "This Pulumi package is based on the [`aws` Terraform Provider](https://github.com/terraform-providers/terraform-provider-aws).", + "repository": "https://github.com/pulumi/pulumi-aws", + "meta": { + "moduleFormat": "(.*)(?:/[^/]*)" + }, + "config": { + "variables": { + "accessKey": { + "type": "string", + "description": "The access key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.\n" + }, + "allowedAccountIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "assumeRole": { + "$ref": "#/types/aws:config/assumeRole:assumeRole" + }, + "defaultTags": { + "$ref": "#/types/aws:config/defaultTags:defaultTags", + "description": "Configuration block with settings to default resource tags across all resources.\n" + }, + "endpoints": { + "type": "array", + "items": { + "$ref": "#/types/aws:config/endpoints:endpoints" + } + }, + "forbiddenAccountIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "ignoreTags": { + "$ref": "#/types/aws:config/ignoreTags:ignoreTags", + "description": "Configuration block with settings to ignore resource tags across all resources.\n" + }, + "insecure": { + "type": "boolean", + "description": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted,default value is `false`\n" + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.\n" + }, + "profile": { + "type": "string", + "description": "The profile for API operations. If not set, the default profile created with `aws configure` will be used.\n", + "defaultInfo": { + "environment": [ + "AWS_PROFILE" + ] + } + }, + "region": { + "type": "string", + "$ref": "#/types/aws:index/region:Region", + "description": "The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc.\n", + "defaultInfo": { + "environment": [ + "AWS_REGION", + "AWS_DEFAULT_REGION" + ] + } + }, + "s3ForcePathStyle": { + "type": "boolean", + "description": "Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By\ndefault, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY).\nSpecific to the Amazon S3 service.\n" + }, + "secretKey": { + "type": "string", + "description": "The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.\n" + }, + "sharedCredentialsFile": { + "type": "string", + "description": "The path to the shared credentials file. If not set this defaults to ~/.aws/credentials.\n" + }, + "skipCredentialsValidation": { + "type": "boolean", + "description": "Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS\navailable/implemented.\n", + "default": true + }, + "skipGetEc2Platforms": { + "type": "boolean", + "description": "Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.\n", + "default": true + }, + "skipMetadataApiCheck": { + "type": "boolean", + "default": true + }, + "skipRegionValidation": { + "type": "boolean", + "description": "Skip static validation of region name. Used by users of alternative AWS-like APIs or users w/ access to regions that are\nnot public (yet).\n", + "default": true + }, + "skipRequestingAccountId": { + "type": "boolean", + "description": "Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.\n" + }, + "token": { + "type": "string", + "description": "session token. A session token is only required if you are using temporary security credentials.\n" + } + }, + "defaults": [ + "region" + ] + }, + "types": { + "aws:acm/CertificateDomainValidationOption:CertificateDomainValidationOption": { + "properties": { + "domainName": { + "type": "string", + "description": "A domain name for which the certificate should be issued\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceRecordName": { + "type": "string", + "description": "The name of the DNS record to create to validate the certificate\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceRecordType": { + "type": "string", + "description": "The type of DNS record to create\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceRecordValue": { + "type": "string", + "description": "The value the DNS record needs to have\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "domainName", + "resourceRecordName", + "resourceRecordType", + "resourceRecordValue" + ] + } + } + }, + "aws:acm/CertificateOptions:CertificateOptions": { + "properties": { + "certificateTransparencyLoggingPreference": { + "type": "string", + "description": "Specifies whether certificate details should be added to a certificate transparency log. Valid values are `ENABLED` or `DISABLED`. See https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:acmpca/CertificateAuthorityCertificateAuthorityConfiguration:CertificateAuthorityCertificateAuthorityConfiguration": { + "properties": { + "keyAlgorithm": { + "type": "string", + "description": "Type of the public key algorithm and size, in bits, of the key pair that your key pair creates when it issues a certificate. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthorityConfiguration.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "signingAlgorithm": { + "type": "string", + "description": "Name of the algorithm your private CA uses to sign certificate requests. Valid values can be found in the [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/APIReference/API_CertificateAuthorityConfiguration.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subject": { + "$ref": "#/types/aws:acmpca/CertificateAuthorityCertificateAuthorityConfigurationSubject:CertificateAuthorityCertificateAuthorityConfigurationSubject", + "description": "Nested argument that contains X.500 distinguished name information. At least one nested attribute must be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "keyAlgorithm", + "signingAlgorithm", + "subject" + ] + }, + "aws:acmpca/CertificateAuthorityCertificateAuthorityConfigurationSubject:CertificateAuthorityCertificateAuthorityConfigurationSubject": { + "properties": { + "commonName": { + "type": "string", + "description": "Fully qualified domain name (FQDN) associated with the certificate subject. Must be less than or equal to 64 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "country": { + "type": "string", + "description": "Two digit code that specifies the country in which the certificate subject located. Must be less than or equal to 2 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "distinguishedNameQualifier": { + "type": "string", + "description": "Disambiguating information for the certificate subject. Must be less than or equal to 64 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "generationQualifier": { + "type": "string", + "description": "Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third. Must be less than or equal to 3 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "givenName": { + "type": "string", + "description": "First name. Must be less than or equal to 16 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "initials": { + "type": "string", + "description": "Concatenation that typically contains the first letter of the `given_name`, the first letter of the middle name if one exists, and the first letter of the `surname`. Must be less than or equal to 5 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "locality": { + "type": "string", + "description": "The locality (such as a city or town) in which the certificate subject is located. Must be less than or equal to 128 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "organization": { + "type": "string", + "description": "Legal name of the organization with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "organizationalUnit": { + "type": "string", + "description": "A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated. Must be less than or equal to 64 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pseudonym": { + "type": "string", + "description": "Typically a shortened version of a longer `given_name`. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza. Must be less than or equal to 128 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "state": { + "type": "string", + "description": "State in which the subject of the certificate is located. Must be less than or equal to 128 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "surname": { + "type": "string", + "description": "Family name. In the US and the UK for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first. Must be less than or equal to 40 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "title": { + "type": "string", + "description": "A title such as Mr. or Ms. which is pre-pended to the name to refer formally to the certificate subject. Must be less than or equal to 64 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:acmpca/CertificateAuthorityRevocationConfiguration:CertificateAuthorityRevocationConfiguration": { + "properties": { + "crlConfiguration": { + "$ref": "#/types/aws:acmpca/CertificateAuthorityRevocationConfigurationCrlConfiguration:CertificateAuthorityRevocationConfigurationCrlConfiguration", + "description": "Nested argument containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:acmpca/CertificateAuthorityRevocationConfigurationCrlConfiguration:CertificateAuthorityRevocationConfigurationCrlConfiguration": { + "properties": { + "customCname": { + "type": "string", + "description": "Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public. Must be less than or equal to 253 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "expirationInDays": { + "type": "integer", + "description": "Number of days until a certificate expires. Must be between 1 and 5000.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BucketName": { + "type": "string", + "description": "Name of the S3 bucket that contains the CRL. If you do not provide a value for the `custom_cname` argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You must specify a bucket policy that allows ACM PCA to write the CRL to your bucket. Must be less than or equal to 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3ObjectAcl": { + "type": "string", + "description": "Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. Defaults to `PUBLIC_READ`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "expirationInDays" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "expirationInDays", + "s3ObjectAcl" + ] + } + } + }, + "aws:acmpca/CertificateValidity:CertificateValidity": { + "properties": { + "type": { + "type": "string", + "description": "Determines how `value` is interpreted. Valid values: `DAYS`, `MONTHS`, `YEARS`, `ABSOLUTE`, `END_DATE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "If `type` is `DAYS`, `MONTHS`, or `YEARS`, the relative time until the certificate expires. If `type` is `ABSOLUTE`, the date in seconds since the Unix epoch. If `type` is `END_DATE`, the date in RFC 3339 format.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "value" + ] + }, + "aws:acmpca/getCertificateAuthorityRevocationConfiguration:getCertificateAuthorityRevocationConfiguration": { + "properties": { + "crlConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:acmpca/getCertificateAuthorityRevocationConfigurationCrlConfiguration:getCertificateAuthorityRevocationConfigurationCrlConfiguration" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "crlConfigurations" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:acmpca/getCertificateAuthorityRevocationConfigurationCrlConfiguration:getCertificateAuthorityRevocationConfigurationCrlConfiguration": { + "properties": { + "customCname": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "expirationInDays": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BucketName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3ObjectAcl": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "customCname", + "enabled", + "expirationInDays", + "s3BucketName", + "s3ObjectAcl" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/IpAddressType:IpAddressType": { + "type": "string", + "enum": [ + { + "name": "Ipv4", + "value": "ipv4" + }, + { + "name": "Dualstack", + "value": "dualstack" + } + ] + }, + "aws:alb/ListenerDefaultAction:ListenerDefaultAction": { + "properties": { + "authenticateCognito": { + "$ref": "#/types/aws:alb/ListenerDefaultActionAuthenticateCognito:ListenerDefaultActionAuthenticateCognito", + "description": "Configuration block for using Amazon Cognito to authenticate users. Specify only when `type` is `authenticate-cognito`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidc": { + "$ref": "#/types/aws:alb/ListenerDefaultActionAuthenticateOidc:ListenerDefaultActionAuthenticateOidc", + "description": "Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `type` is `authenticate-oidc`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponse": { + "$ref": "#/types/aws:alb/ListenerDefaultActionFixedResponse:ListenerDefaultActionFixedResponse", + "description": "Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forward": { + "$ref": "#/types/aws:alb/ListenerDefaultActionForward:ListenerDefaultActionForward", + "description": "Configuration block for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `target_group_arn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `target_group_arn`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "description": "Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between `1` and `50000`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirect": { + "$ref": "#/types/aws:alb/ListenerDefaultActionRedirect:ListenerDefaultActionRedirect", + "description": "Configuration block for creating a redirect action. Required if `type` is `redirect`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "description": "ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "order", + "type" + ] + } + } + }, + "aws:alb/ListenerDefaultActionAuthenticateCognito:ListenerDefaultActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "Set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "Name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "Maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "description": "ARN of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "description": "ID of the Cognito user pool client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "description": "Domain prefix or fully-qualified domain name of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ] + } + } + }, + "aws:alb/ListenerDefaultActionAuthenticateOidc:ListenerDefaultActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "description": "Authorization endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "OAuth 2.0 client identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "description": "OAuth 2.0 client secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "OIDC issuer identifier of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "Set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "Name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "Maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "description": "Token endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "description": "User info endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "tokenEndpoint", + "userInfoEndpoint" + ] + } + } + }, + "aws:alb/ListenerDefaultActionFixedResponse:ListenerDefaultActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "description": "Content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "description": "Message body.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "contentType", + "statusCode" + ] + } + } + }, + "aws:alb/ListenerDefaultActionForward:ListenerDefaultActionForward": { + "properties": { + "stickiness": { + "$ref": "#/types/aws:alb/ListenerDefaultActionForwardStickiness:ListenerDefaultActionForwardStickiness", + "description": "Configuration block for target group stickiness for the rule. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerDefaultActionForwardTargetGroup:ListenerDefaultActionForwardTargetGroup" + }, + "description": "Set of 1-5 target group blocks. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetGroups" + ] + }, + "aws:alb/ListenerDefaultActionForwardStickiness:ListenerDefaultActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "description": "Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Whether target group stickiness is enabled. Default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration" + ] + }, + "aws:alb/ListenerDefaultActionForwardTargetGroup:ListenerDefaultActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "Weight. The range is 0 to 999.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:alb/ListenerDefaultActionRedirect:ListenerDefaultActionRedirect": { + "properties": { + "host": { + "type": "string", + "description": "Hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Absolute path, starting with the leading \"/\". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "description": "Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading \"?\". Defaults to `#{query}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statusCode" + ] + }, + "aws:alb/ListenerRuleAction:ListenerRuleAction": { + "properties": { + "authenticateCognito": { + "$ref": "#/types/aws:alb/ListenerRuleActionAuthenticateCognito:ListenerRuleActionAuthenticateCognito", + "description": "Information for creating an authenticate action using Cognito. Required if `type` is `authenticate-cognito`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidc": { + "$ref": "#/types/aws:alb/ListenerRuleActionAuthenticateOidc:ListenerRuleActionAuthenticateOidc", + "description": "Information for creating an authenticate action using OIDC. Required if `type` is `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponse": { + "$ref": "#/types/aws:alb/ListenerRuleActionFixedResponse:ListenerRuleActionFixedResponse", + "description": "Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forward": { + "$ref": "#/types/aws:alb/ListenerRuleActionForward:ListenerRuleActionForward", + "description": "Information for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `target_group_arn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `target_group_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirect": { + "$ref": "#/types/aws:alb/ListenerRuleActionRedirect:ListenerRuleActionRedirect", + "description": "Information for creating a redirect action. Required if `type` is `redirect`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "order", + "type" + ] + } + } + }, + "aws:alb/ListenerRuleActionAuthenticateCognito:ListenerRuleActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "The set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "The name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "The maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "description": "The ARN of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "description": "The ID of the Cognito user pool client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "description": "The domain prefix or fully-qualified domain name of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "onUnauthenticatedRequest", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ] + } + } + }, + "aws:alb/ListenerRuleActionAuthenticateOidc:ListenerRuleActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "description": "The authorization endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "The OAuth 2.0 client identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "description": "The OAuth 2.0 client secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "The OIDC issuer identifier of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "The set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "The name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "The maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "description": "The token endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "description": "The user info endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "tokenEndpoint", + "userInfoEndpoint" + ] + } + } + }, + "aws:alb/ListenerRuleActionFixedResponse:ListenerRuleActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "description": "The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "description": "The message body.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "contentType", + "statusCode" + ] + } + } + }, + "aws:alb/ListenerRuleActionForward:ListenerRuleActionForward": { + "properties": { + "stickiness": { + "$ref": "#/types/aws:alb/ListenerRuleActionForwardStickiness:ListenerRuleActionForwardStickiness", + "description": "The target group stickiness for the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerRuleActionForwardTargetGroup:ListenerRuleActionForwardTargetGroup" + }, + "description": "One or more target groups block.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetGroups" + ] + }, + "aws:alb/ListenerRuleActionForwardStickiness:ListenerRuleActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "description": "The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether target group stickiness is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration" + ] + }, + "aws:alb/ListenerRuleActionForwardTargetGroup:ListenerRuleActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "The weight. The range is 0 to 999.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:alb/ListenerRuleActionRedirect:ListenerRuleActionRedirect": { + "properties": { + "host": { + "type": "string", + "description": "The hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The absolute path, starting with the leading \"/\". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "The port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "description": "The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading \"?\". Defaults to `#{query}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statusCode" + ] + }, + "aws:alb/ListenerRuleCondition:ListenerRuleCondition": { + "properties": { + "hostHeader": { + "$ref": "#/types/aws:alb/ListenerRuleConditionHostHeader:ListenerRuleConditionHostHeader", + "description": "Contains a single `values` item which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpHeader": { + "$ref": "#/types/aws:alb/ListenerRuleConditionHttpHeader:ListenerRuleConditionHttpHeader", + "description": "HTTP headers to match. HTTP Header block fields documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpRequestMethod": { + "$ref": "#/types/aws:alb/ListenerRuleConditionHttpRequestMethod:ListenerRuleConditionHttpRequestMethod", + "description": "Contains a single `values` item which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (\\_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pathPattern": { + "$ref": "#/types/aws:alb/ListenerRuleConditionPathPattern:ListenerRuleConditionPathPattern", + "description": "Contains a single `values` item which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a `query_string` condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStrings": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerRuleConditionQueryString:ListenerRuleConditionQueryString" + }, + "description": "Query strings to match. Query String block fields documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceIp": { + "$ref": "#/types/aws:alb/ListenerRuleConditionSourceIp:ListenerRuleConditionSourceIp", + "description": "Contains a single `values` item which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in the `X-Forwarded-For` header, use `http_header` condition instead.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:alb/ListenerRuleConditionHostHeader:ListenerRuleConditionHostHeader": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:alb/ListenerRuleConditionHttpHeader:ListenerRuleConditionHttpHeader": { + "properties": { + "httpHeaderName": { + "type": "string", + "description": "Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a `host-header` condition instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "httpHeaderName", + "values" + ] + }, + "aws:alb/ListenerRuleConditionHttpRequestMethod:ListenerRuleConditionHttpRequestMethod": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:alb/ListenerRuleConditionPathPattern:ListenerRuleConditionPathPattern": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:alb/ListenerRuleConditionQueryString:ListenerRuleConditionQueryString": { + "properties": { + "key": { + "type": "string", + "description": "Query string key pattern to match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Query string value pattern to match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "aws:alb/ListenerRuleConditionSourceIp:ListenerRuleConditionSourceIp": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:alb/LoadBalancerAccessLogs:LoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "description": "The S3 bucket name to store the logs in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `access_logs`. Defaults to `false`, even when `bucket` is specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The S3 bucket prefix. Logs are stored in the root if not configured.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "aws:alb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping": { + "properties": { + "allocationId": { + "type": "string", + "description": "The allocation ID of the Elastic IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6Address": { + "type": "string", + "description": "An ipv6 address within the subnet to assign to the internet-facing load balancer.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outpostId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateIpv4Address": { + "type": "string", + "description": "A private ipv4 address within the subnet to assign to the internal-facing load balancer.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "The id of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "subnetId" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "outpostId", + "subnetId" + ] + } + } + }, + "aws:alb/LoadBalancerType:LoadBalancerType": { + "type": "string", + "enum": [ + { + "name": "Application", + "value": "application" + }, + { + "name": "Network", + "value": "network" + } + ] + }, + "aws:alb/TargetGroupHealthCheck:TargetGroupHealthCheck": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `stickiness`. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "healthyThreshold": { + "type": "integer", + "description": "Number of consecutive health checks successes required before considering an unhealthy target healthy. Defaults to 3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "description": "Approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds. For `lambda` target groups, it needs to be greater as the `timeout` of the underlying `lambda`. Default 30 seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "matcher": { + "type": "string", + "description": "Response codes to use when checking for a healthy responses from a target. You can specify multiple values (for example, \"200,202\" for HTTP(s) or \"0,12\" for GRPC) or a range of values (for example, \"200-299\" or \"0-99\"). Required for HTTP/HTTPS/GRPC ALB. Only applies to Application Load Balancers (i.e., HTTP/HTTPS/GRPC) not Network Load Balancers (i.e., TCP).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "description": "Amount of time, in seconds, during which no response means a failed health check. For Application Load Balancers, the range is 2 to 120 seconds, and the default is 5 seconds for the `instance` target type and 30 seconds for the `lambda` target type. For Network Load Balancers, you cannot set a custom value, and the default is 10 seconds for TCP and HTTPS health checks and 6 seconds for HTTP health checks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "description": "Number of consecutive health check failures required before considering the target unhealthy. For Network Load Balancers, this value must be the same as the `healthy_threshold`. Defaults to 3.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "matcher", + "path", + "timeout" + ] + } + } + }, + "aws:alb/TargetGroupStickiness:TargetGroupStickiness": { + "properties": { + "cookieDuration": { + "type": "integer", + "description": "Only used when the type is `lb_cookie`. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookieName": { + "type": "string", + "description": "Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is `app_cookie`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `stickiness`. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of sticky sessions. The only current possible values are `lb_cookie`, `app_cookie` for ALBs, and `source_ip` for NLBs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:alb/getListenerDefaultAction:getListenerDefaultAction": { + "properties": { + "authenticateCognitos": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/getListenerDefaultActionAuthenticateCognito:getListenerDefaultActionAuthenticateCognito" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidcs": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/getListenerDefaultActionAuthenticateOidc:getListenerDefaultActionAuthenticateOidc" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponses": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/getListenerDefaultActionFixedResponse:getListenerDefaultActionFixedResponse" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "forwards": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/getListenerDefaultActionForward:getListenerDefaultActionForward" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirects": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/getListenerDefaultActionRedirect:getListenerDefaultActionRedirect" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticateCognitos", + "authenticateOidcs", + "fixedResponses", + "forwards", + "order", + "redirects", + "targetGroupArn", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getListenerDefaultActionAuthenticateCognito:getListenerDefaultActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticationRequestExtraParams", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getListenerDefaultActionAuthenticateOidc:getListenerDefaultActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticationRequestExtraParams", + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getListenerDefaultActionFixedResponse:getListenerDefaultActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType", + "messageBody", + "statusCode" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getListenerDefaultActionForward:getListenerDefaultActionForward": { + "properties": { + "stickinesses": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/getListenerDefaultActionForwardStickiness:getListenerDefaultActionForwardStickiness" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/getListenerDefaultActionForwardTargetGroup:getListenerDefaultActionForwardTargetGroup" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "stickinesses", + "targetGroups" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getListenerDefaultActionForwardStickiness:getListenerDefaultActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration", + "enabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getListenerDefaultActionForwardTargetGroup:getListenerDefaultActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the listener. Required if `load_balancer_arn` and `port` is not set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "weight" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getListenerDefaultActionRedirect:getListenerDefaultActionRedirect": { + "properties": { + "host": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port of the listener. Required if `arn` is not set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "host", + "path", + "port", + "protocol", + "query", + "statusCode" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "enabled", + "prefix" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getLoadBalancerSubnetMapping:getLoadBalancerSubnetMapping": { + "properties": { + "allocationId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6Address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "outpostId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateIpv4Address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationId", + "ipv6Address", + "outpostId", + "privateIpv4Address", + "subnetId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getTargetGroupHealthCheck:getTargetGroupHealthCheck": { + "properties": { + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "healthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "matcher": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled", + "healthyThreshold", + "interval", + "matcher", + "path", + "port", + "protocol", + "timeout", + "unhealthyThreshold" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:alb/getTargetGroupStickiness:getTargetGroupStickiness": { + "properties": { + "cookieDuration": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookieDuration", + "cookieName", + "enabled", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:amplify/AppAutoBranchCreationConfig:AppAutoBranchCreationConfig": { + "properties": { + "basicAuthCredentials": { + "type": "string", + "description": "The basic authorization credentials for the autocreated branch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "buildSpec": { + "type": "string", + "description": "The build specification (build spec) for the autocreated branch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableAutoBuild": { + "type": "boolean", + "description": "Enables auto building for the autocreated branch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableBasicAuth": { + "type": "boolean", + "description": "Enables basic authorization for the autocreated branch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enablePerformanceMode": { + "type": "boolean", + "description": "Enables performance mode for the branch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enablePullRequestPreview": { + "type": "boolean", + "description": "Enables pull request previews for the autocreated branch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "environmentVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The environment variables for the autocreated branch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "framework": { + "type": "string", + "description": "The framework for the autocreated branch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pullRequestEnvironmentName": { + "type": "string", + "description": "The Amplify environment name for the pull request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stage": { + "type": "string", + "description": "Describes the current stage for the autocreated branch. Valid values: `PRODUCTION`, `BETA`, `DEVELOPMENT`, `EXPERIMENTAL`, `PULL_REQUEST`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:amplify/AppCustomRule:AppCustomRule": { + "properties": { + "condition": { + "type": "string", + "description": "The condition for a URL rewrite or redirect rule, such as a country code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "source": { + "type": "string", + "description": "The source pattern for a URL rewrite or redirect rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The status code for a URL rewrite or redirect rule. Valid values: `200`, `301`, `302`, `404`, `404-200`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "target": { + "type": "string", + "description": "The target pattern for a URL rewrite or redirect rule.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "source", + "target" + ] + }, + "aws:amplify/AppProductionBranch:AppProductionBranch": { + "properties": { + "branchName": { + "type": "string", + "description": "The branch name for the production branch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lastDeployTime": { + "type": "string", + "description": "The last deploy time of the production branch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The status code for a URL rewrite or redirect rule. Valid values: `200`, `301`, `302`, `404`, `404-200`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "thumbnailUrl": { + "type": "string", + "description": "The thumbnail URL for the production branch.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "branchName", + "lastDeployTime", + "status", + "thumbnailUrl" + ] + } + } + }, + "aws:amplify/DomainAssociationSubDomain:DomainAssociationSubDomain": { + "properties": { + "branchName": { + "type": "string", + "description": "The branch name setting for the subdomain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dnsRecord": { + "type": "string", + "description": "The DNS record for the subdomain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The prefix setting for the subdomain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "verified": { + "type": "boolean", + "description": "The verified status of the subdomain.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "branchName", + "prefix" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "branchName", + "dnsRecord", + "prefix", + "verified" + ] + } + } + }, + "aws:apigateway/AccountThrottleSettings:AccountThrottleSettings": { + "properties": { + "burstLimit": { + "type": "integer", + "description": "The absolute maximum number of times API Gateway allows the API to be called per second (RPS).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rateLimit": { + "type": "number", + "description": "The number of times API Gateway allows the API to be called per second on average (RPS).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "burstLimit", + "rateLimit" + ] + } + } + }, + "aws:apigateway/DocumentationPartLocation:DocumentationPartLocation": { + "properties": { + "method": { + "type": "string", + "description": "The HTTP verb of a method. The default value is `*` for any method.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the targeted API entity.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The URL path of the target. The default value is `/` for the root resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code of a response. The default value is `*` for any status code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of API entity to which the documentation content applies. e.g. `API`, `METHOD` or `REQUEST_BODY`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:apigateway/DomainNameEndpointConfiguration:DomainNameEndpointConfiguration": { + "properties": { + "types": { + "type": "string", + "description": "A list of endpoint types. This resource currently only supports managing a single value. Valid values: `EDGE` or `REGIONAL`. If unspecified, defaults to `EDGE`. Must be declared as `REGIONAL` in non-Commercial partitions. Refer to the [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/create-regional-api.html) for more information on the difference between edge-optimized and regional APIs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "types" + ] + }, + "aws:apigateway/DomainNameMutualTlsAuthentication:DomainNameMutualTlsAuthentication": { + "properties": { + "truststoreUri": { + "type": "string", + "description": "An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, `s3://bucket-name/key-name`.\nThe truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "truststoreVersion": { + "type": "string", + "description": "The version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "truststoreUri" + ] + }, + "aws:apigateway/IntegrationTlsConfig:IntegrationTlsConfig": { + "properties": { + "insecureSkipVerification": { + "type": "boolean", + "description": "Specifies whether or not API Gateway skips verification that the certificate for an integration endpoint is issued by a [supported certificate authority](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-supported-certificate-authorities-for-http-endpoints.html). This isn’t recommended, but it enables you to use certificates that are signed by private certificate authorities, or certificates that are self-signed. If enabled, API Gateway still performs basic certificate validation, which includes checking the certificate's expiration date, hostname, and presence of a root certificate authority. Supported only for `HTTP` and `HTTP_PROXY` integrations.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:apigateway/MethodSettingsSettings:MethodSettingsSettings": { + "properties": { + "cacheDataEncrypted": { + "type": "boolean", + "description": "Specifies whether the cached responses are encrypted.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cacheTtlInSeconds": { + "type": "integer", + "description": "Specifies the time to live (TTL), in seconds, for cached responses. The higher the TTL, the longer the response will be cached.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cachingEnabled": { + "type": "boolean", + "description": "Specifies whether responses should be cached and returned for requests. A cache cluster must be enabled on the stage for responses to be cached.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dataTraceEnabled": { + "type": "boolean", + "description": "Specifies whether data trace logging is enabled for this method, which effects the log entries pushed to Amazon CloudWatch Logs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "loggingLevel": { + "type": "string", + "description": "Specifies the logging level for this method, which effects the log entries pushed to Amazon CloudWatch Logs. The available levels are `OFF`, `ERROR`, and `INFO`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricsEnabled": { + "type": "boolean", + "description": "Specifies whether Amazon CloudWatch metrics are enabled for this method.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "requireAuthorizationForCacheControl": { + "type": "boolean", + "description": "Specifies whether authorization is required for a cache invalidation request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throttlingBurstLimit": { + "type": "integer", + "description": "Specifies the throttling burst limit. Default: `-1` (throttling disabled).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throttlingRateLimit": { + "type": "number", + "description": "Specifies the throttling rate limit. Default: `-1` (throttling disabled).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unauthorizedCacheControlHeaderStrategy": { + "type": "string", + "description": "Specifies how to handle unauthorized requests for cache invalidation. The available values are `FAIL_WITH_403`, `SUCCEED_WITH_RESPONSE_HEADER`, `SUCCEED_WITHOUT_RESPONSE_HEADER`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "cacheDataEncrypted", + "cacheTtlInSeconds", + "cachingEnabled", + "dataTraceEnabled", + "loggingLevel", + "metricsEnabled", + "requireAuthorizationForCacheControl", + "unauthorizedCacheControlHeaderStrategy" + ] + } + } + }, + "aws:apigateway/RestApiEndpointConfiguration:RestApiEndpointConfiguration": { + "properties": { + "types": { + "type": "string", + "description": "A list of endpoint types. This resource currently only supports managing a single value. Valid values: `EDGE`, `REGIONAL` or `PRIVATE`. If unspecified, defaults to `EDGE`. Must be declared as `REGIONAL` in non-Commercial partitions. Refer to the [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/create-regional-api.html) for more information on the difference between edge-optimized and regional APIs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcEndpointIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of VPC Endpoint identifiers. It is only supported for `PRIVATE` endpoint type. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-endpoint-configuration` extension `vpcEndpointIds` property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html). If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "types" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "types", + "vpcEndpointIds" + ] + } + } + }, + "aws:apigateway/StageAccessLogSettings:StageAccessLogSettings": { + "properties": { + "destinationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. If you specify a Kinesis Data Firehose delivery stream, the stream name must begin with `amazon-apigateway-`. Automatically removes trailing `:*` if present.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "format": { + "type": "string", + "description": "The formatting and values recorded in the logs.\nFor more information on configuring the log format rules visit the AWS [documentation](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destinationArn", + "format" + ] + }, + "aws:apigateway/UsagePlanApiStage:UsagePlanApiStage": { + "properties": { + "apiId": { + "type": "string", + "description": "API Id of the associated API stage in a usage plan.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stage": { + "type": "string", + "description": "API stage name of the associated API stage in a usage plan.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "apiId", + "stage" + ] + }, + "aws:apigateway/UsagePlanQuotaSettings:UsagePlanQuotaSettings": { + "properties": { + "limit": { + "type": "integer", + "description": "The maximum number of requests that can be made in a given time period.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "offset": { + "type": "integer", + "description": "The number of requests subtracted from the given limit in the initial time period.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "period": { + "type": "string", + "description": "The time period in which the limit applies. Valid values are \"DAY\", \"WEEK\" or \"MONTH\".\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "limit", + "period" + ] + }, + "aws:apigateway/UsagePlanThrottleSettings:UsagePlanThrottleSettings": { + "properties": { + "burstLimit": { + "type": "integer", + "description": "The API request burst limit, the maximum rate limit over a time ranging from one to a few seconds, depending upon whether the underlying token bucket is at its full capacity.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rateLimit": { + "type": "number", + "description": "The API request steady-state rate limit.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:apigateway/getDomainNameEndpointConfiguration:getDomainNameEndpointConfiguration": { + "properties": { + "types": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of endpoint types.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "types" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:apigateway/getRestApiEndpointConfiguration:getRestApiEndpointConfiguration": { + "properties": { + "types": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcEndpointIds": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "types", + "vpcEndpointIds" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:apigatewayv2/ApiCorsConfiguration:ApiCorsConfiguration": { + "properties": { + "allowCredentials": { + "type": "boolean", + "description": "Whether credentials are included in the CORS request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of allowed HTTP headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowMethods": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of allowed HTTP methods.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowOrigins": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of allowed origins.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "exposeHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of exposed HTTP headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxAge": { + "type": "integer", + "description": "The number of seconds that the browser should cache preflight request results.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:apigatewayv2/AuthorizerJwtConfiguration:AuthorizerJwtConfiguration": { + "properties": { + "audiences": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "The base domain of the identity provider that issues JSON Web Tokens, such as the `endpoint` attribute of the `aws.cognito.UserPool` resource.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:apigatewayv2/DomainNameDomainNameConfiguration:DomainNameDomainNameConfiguration": { + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of an AWS-managed certificate that will be used by the endpoint for the domain name. AWS Certificate Manager is the only supported source.\nUse the `aws.acm.Certificate` resource to configure an ACM certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "endpointType": { + "type": "string", + "description": "The endpoint type. Valid values: `REGIONAL`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hostedZoneId": { + "type": "string", + "description": "The Amazon Route 53 Hosted Zone ID of the endpoint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityPolicy": { + "type": "string", + "description": "The Transport Layer Security (TLS) version of the [security policy](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-custom-domain-tls-version.html) for the domain name. Valid values: `TLS_1_2`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetDomainName": { + "type": "string", + "description": "The target domain name.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateArn", + "endpointType", + "securityPolicy" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "certificateArn", + "endpointType", + "hostedZoneId", + "securityPolicy", + "targetDomainName" + ] + } + } + }, + "aws:apigatewayv2/DomainNameMutualTlsAuthentication:DomainNameMutualTlsAuthentication": { + "properties": { + "truststoreUri": { + "type": "string", + "description": "An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example, `s3://bucket-name/key-name`.\nThe truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "truststoreVersion": { + "type": "string", + "description": "The version of the S3 object that contains the truststore. To specify a version, you must have versioning enabled for the S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "truststoreUri" + ] + }, + "aws:apigatewayv2/IntegrationResponseParameter:IntegrationResponseParameter": { + "properties": { + "mappings": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A key-value map. The key of ths map identifies the location of the request parameter to change, and how to change it. The corresponding value specifies the new data for the parameter.\nSee the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code in the range 200-599.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mappings", + "statusCode" + ] + }, + "aws:apigatewayv2/IntegrationTlsConfig:IntegrationTlsConfig": { + "properties": { + "serverNameToVerify": { + "type": "string", + "description": "If you specify a server name, API Gateway uses it to verify the hostname on the integration's certificate. The server name is also included in the TLS handshake to support Server Name Indication (SNI) or virtual hosting.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:apigatewayv2/RouteRequestParameter:RouteRequestParameter": { + "properties": { + "requestParameterKey": { + "type": "string", + "description": "Request parameter key. This is a [request data mapping parameter](https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-data-mapping.html#websocket-mapping-request-parameters).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "required": { + "type": "boolean", + "description": "Boolean whether or not the parameter is required.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "requestParameterKey", + "required" + ] + }, + "aws:apigatewayv2/StageAccessLogSettings:StageAccessLogSettings": { + "properties": { + "destinationArn": { + "type": "string", + "description": "The ARN of the CloudWatch Logs log group to receive access logs. Any trailing `:*` is trimmed from the ARN.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "format": { + "type": "string", + "description": "A single line [format](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#apigateway-cloudwatch-log-formats) of the access logs of data, as specified by [selected $context variables](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-logging.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destinationArn", + "format" + ] + }, + "aws:apigatewayv2/StageDefaultRouteSettings:StageDefaultRouteSettings": { + "properties": { + "dataTraceEnabled": { + "type": "boolean", + "description": "Whether data trace logging is enabled for the default route. Affects the log entries pushed to Amazon CloudWatch Logs.\nDefaults to `false`. Supported only for WebSocket APIs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "detailedMetricsEnabled": { + "type": "boolean", + "description": "Whether detailed metrics are enabled for the default route. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "loggingLevel": { + "type": "string", + "description": "The logging level for the default route. Affects the log entries pushed to Amazon CloudWatch Logs.\nValid values: `ERROR`, `INFO`, `OFF`. Defaults to `OFF`. Supported only for WebSocket APIs. This provider will only perform drift detection of its value when present in a configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throttlingBurstLimit": { + "type": "integer", + "description": "The throttling burst limit for the default route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throttlingRateLimit": { + "type": "number", + "description": "The throttling rate limit for the default route.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "loggingLevel" + ] + } + } + }, + "aws:apigatewayv2/StageRouteSetting:StageRouteSetting": { + "properties": { + "dataTraceEnabled": { + "type": "boolean", + "description": "Whether data trace logging is enabled for the route. Affects the log entries pushed to Amazon CloudWatch Logs.\nDefaults to `false`. Supported only for WebSocket APIs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "detailedMetricsEnabled": { + "type": "boolean", + "description": "Whether detailed metrics are enabled for the route. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "loggingLevel": { + "type": "string", + "description": "The logging level for the route. Affects the log entries pushed to Amazon CloudWatch Logs.\nValid values: `ERROR`, `INFO`, `OFF`. Defaults to `OFF`. Supported only for WebSocket APIs. This provider will only perform drift detection of its value when present in a configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "routeKey": { + "type": "string", + "description": "Route key.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throttlingBurstLimit": { + "type": "integer", + "description": "The throttling burst limit for the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throttlingRateLimit": { + "type": "number", + "description": "The throttling rate limit for the route.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "routeKey" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "loggingLevel", + "routeKey" + ] + } + } + }, + "aws:apigatewayv2/getApiCorsConfiguration:getApiCorsConfiguration": { + "properties": { + "allowCredentials": { + "type": "boolean", + "description": "Whether credentials are included in the CORS request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of allowed HTTP headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowMethods": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of allowed HTTP methods.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowOrigins": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of allowed origins.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "exposeHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of exposed HTTP headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxAge": { + "type": "integer", + "description": "The number of seconds that the browser should cache preflight request results.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allowCredentials", + "allowHeaders", + "allowMethods", + "allowOrigins", + "exposeHeaders", + "maxAge" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:appautoscaling/PolicyStepScalingPolicyConfiguration:PolicyStepScalingPolicyConfiguration": { + "properties": { + "adjustmentType": { + "type": "string", + "description": "Specifies whether the adjustment is an absolute number or a percentage of the current capacity. Valid values are `ChangeInCapacity`, `ExactCapacity`, and `PercentChangeInCapacity`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricAggregationType": { + "type": "string", + "description": "The aggregation type for the policy's metrics. Valid values are \"Minimum\", \"Maximum\", and \"Average\". Without a value, AWS will treat the aggregation type as \"Average\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minAdjustmentMagnitude": { + "type": "integer", + "description": "The minimum number to adjust your scalable dimension as a result of a scaling activity. If the adjustment type is PercentChangeInCapacity, the scaling policy changes the scalable dimension of the scalable target by this amount.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stepAdjustments": { + "type": "array", + "items": { + "$ref": "#/types/aws:appautoscaling/PolicyStepScalingPolicyConfigurationStepAdjustment:PolicyStepScalingPolicyConfigurationStepAdjustment" + }, + "description": "A set of adjustments that manage scaling. These have the following structure:\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appautoscaling/PolicyStepScalingPolicyConfigurationStepAdjustment:PolicyStepScalingPolicyConfigurationStepAdjustment": { + "properties": { + "metricIntervalLowerBound": { + "type": "string", + "description": "The lower bound for the difference between the alarm threshold and the CloudWatch metric. Without a value, AWS will treat this bound as negative infinity.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricIntervalUpperBound": { + "type": "string", + "description": "The upper bound for the difference between the alarm threshold and the CloudWatch metric. Without a value, AWS will treat this bound as infinity. The upper bound must be greater than the lower bound.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scalingAdjustment": { + "type": "integer", + "description": "The number of members by which to scale, when the adjustment bounds are breached. A positive value scales up. A negative value scales down.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "scalingAdjustment" + ] + }, + "aws:appautoscaling/PolicyTargetTrackingScalingPolicyConfiguration:PolicyTargetTrackingScalingPolicyConfiguration": { + "properties": { + "customizedMetricSpecification": { + "$ref": "#/types/aws:appautoscaling/PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecification:PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecification", + "description": "A custom CloudWatch metric. Documentation can be found at: [AWS Customized Metric Specification](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_CustomizedMetricSpecification.html). See supported fields below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "disableScaleIn": { + "type": "boolean", + "description": "Indicates whether scale in by the target tracking policy is disabled. If the value is true, scale in is disabled and the target tracking policy won't remove capacity from the scalable resource. Otherwise, scale in is enabled and the target tracking policy can remove capacity from the scalable resource. The default value is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "predefinedMetricSpecification": { + "$ref": "#/types/aws:appautoscaling/PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecification:PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecification", + "description": "A predefined metric. See supported fields below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scaleInCooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scale in activity completes before another scale in activity can start.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scaleOutCooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scale out activity completes before another scale out activity can start.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetValue": { + "type": "number", + "description": "The target value for the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetValue" + ] + }, + "aws:appautoscaling/PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecification:PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecification": { + "properties": { + "dimensions": { + "type": "array", + "items": { + "$ref": "#/types/aws:appautoscaling/PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationDimension:PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationDimension" + }, + "description": "Configuration block(s) with the dimensions of the metric if the metric was published with dimensions. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricName": { + "type": "string", + "description": "The name of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "description": "The namespace of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statistic": { + "type": "string", + "description": "The statistic of the metric. Valid values: `Average`, `Minimum`, `Maximum`, `SampleCount`, and `Sum`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unit": { + "type": "string", + "description": "The unit of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "metricName", + "namespace", + "statistic" + ] + }, + "aws:appautoscaling/PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationDimension:PolicyTargetTrackingScalingPolicyConfigurationCustomizedMetricSpecificationDimension": { + "properties": { + "name": { + "type": "string", + "description": "The name of the policy. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Value of the dimension.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:appautoscaling/PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecification:PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecification": { + "properties": { + "predefinedMetricType": { + "type": "string", + "description": "The metric type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceLabel": { + "type": "string", + "description": "Reserved for future use. Must be less than or equal to 1023 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "predefinedMetricType" + ] + }, + "aws:appautoscaling/ScheduledActionScalableTargetAction:ScheduledActionScalableTargetAction": { + "properties": { + "maxCapacity": { + "type": "integer", + "description": "The maximum capacity. At least one of `max_capacity` or `min_capacity` must be set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minCapacity": { + "type": "integer", + "description": "The minimum capacity. At least one of `min_capacity` or `max_capacity` must be set.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appconfig/ConfigurationProfileValidator:ConfigurationProfileValidator": { + "properties": { + "content": { + "type": "string", + "description": "Either the JSON Schema content or the Amazon Resource Name (ARN) of an AWS Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of validator. Valid values: `JSON_SCHEMA` and `LAMBDA`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:appconfig/EnvironmentMonitor:EnvironmentMonitor": { + "properties": { + "alarmArn": { + "type": "string", + "description": "ARN of the Amazon CloudWatch alarm.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "alarmRoleArn": { + "type": "string", + "description": "ARN of an IAM role for AWS AppConfig to monitor `alarm_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "alarmArn" + ] + }, + "aws:applicationloadbalancing/IpAddressType:IpAddressType": { + "type": "string", + "enum": [ + { + "name": "Ipv4", + "value": "ipv4" + }, + { + "name": "Dualstack", + "value": "dualstack" + } + ] + }, + "aws:applicationloadbalancing/ListenerDefaultAction:ListenerDefaultAction": { + "properties": { + "authenticateCognito": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerDefaultActionAuthenticateCognito:ListenerDefaultActionAuthenticateCognito", + "description": "Configuration block for using Amazon Cognito to authenticate users. Specify only when `type` is `authenticate-cognito`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidc": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerDefaultActionAuthenticateOidc:ListenerDefaultActionAuthenticateOidc", + "description": "Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `type` is `authenticate-oidc`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponse": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerDefaultActionFixedResponse:ListenerDefaultActionFixedResponse", + "description": "Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forward": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerDefaultActionForward:ListenerDefaultActionForward", + "description": "Configuration block for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `target_group_arn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `target_group_arn`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "description": "Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between `1` and `50000`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirect": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerDefaultActionRedirect:ListenerDefaultActionRedirect", + "description": "Configuration block for creating a redirect action. Required if `type` is `redirect`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "description": "ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "order", + "type" + ] + } + } + }, + "aws:applicationloadbalancing/ListenerDefaultActionAuthenticateCognito:ListenerDefaultActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "Set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "Name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "Maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "description": "ARN of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "description": "ID of the Cognito user pool client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "description": "Domain prefix or fully-qualified domain name of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ] + } + } + }, + "aws:applicationloadbalancing/ListenerDefaultActionAuthenticateOidc:ListenerDefaultActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "description": "Authorization endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "OAuth 2.0 client identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "description": "OAuth 2.0 client secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "OIDC issuer identifier of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "Set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "Name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "Maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "description": "Token endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "description": "User info endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "tokenEndpoint", + "userInfoEndpoint" + ] + } + } + }, + "aws:applicationloadbalancing/ListenerDefaultActionFixedResponse:ListenerDefaultActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "description": "Content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "description": "Message body.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "contentType", + "statusCode" + ] + } + } + }, + "aws:applicationloadbalancing/ListenerDefaultActionForward:ListenerDefaultActionForward": { + "properties": { + "stickiness": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerDefaultActionForwardStickiness:ListenerDefaultActionForwardStickiness", + "description": "Configuration block for target group stickiness for the rule. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerDefaultActionForwardTargetGroup:ListenerDefaultActionForwardTargetGroup" + }, + "description": "Set of 1-5 target group blocks. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetGroups" + ] + }, + "aws:applicationloadbalancing/ListenerDefaultActionForwardStickiness:ListenerDefaultActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "description": "Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Whether target group stickiness is enabled. Default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration" + ] + }, + "aws:applicationloadbalancing/ListenerDefaultActionForwardTargetGroup:ListenerDefaultActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "Weight. The range is 0 to 999.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:applicationloadbalancing/ListenerDefaultActionRedirect:ListenerDefaultActionRedirect": { + "properties": { + "host": { + "type": "string", + "description": "Hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Absolute path, starting with the leading \"/\". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "description": "Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading \"?\". Defaults to `#{query}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statusCode" + ] + }, + "aws:applicationloadbalancing/ListenerRuleAction:ListenerRuleAction": { + "properties": { + "authenticateCognito": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleActionAuthenticateCognito:ListenerRuleActionAuthenticateCognito", + "description": "Information for creating an authenticate action using Cognito. Required if `type` is `authenticate-cognito`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidc": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleActionAuthenticateOidc:ListenerRuleActionAuthenticateOidc", + "description": "Information for creating an authenticate action using OIDC. Required if `type` is `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponse": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleActionFixedResponse:ListenerRuleActionFixedResponse", + "description": "Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forward": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleActionForward:ListenerRuleActionForward", + "description": "Information for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `target_group_arn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `target_group_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirect": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleActionRedirect:ListenerRuleActionRedirect", + "description": "Information for creating a redirect action. Required if `type` is `redirect`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "order", + "type" + ] + } + } + }, + "aws:applicationloadbalancing/ListenerRuleActionAuthenticateCognito:ListenerRuleActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "The set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "The name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "The maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "description": "The ARN of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "description": "The ID of the Cognito user pool client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "description": "The domain prefix or fully-qualified domain name of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "onUnauthenticatedRequest", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ] + } + } + }, + "aws:applicationloadbalancing/ListenerRuleActionAuthenticateOidc:ListenerRuleActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "description": "The authorization endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "The OAuth 2.0 client identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "description": "The OAuth 2.0 client secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "The OIDC issuer identifier of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "The set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "The name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "The maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "description": "The token endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "description": "The user info endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "tokenEndpoint", + "userInfoEndpoint" + ] + } + } + }, + "aws:applicationloadbalancing/ListenerRuleActionFixedResponse:ListenerRuleActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "description": "The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "description": "The message body.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "contentType", + "statusCode" + ] + } + } + }, + "aws:applicationloadbalancing/ListenerRuleActionForward:ListenerRuleActionForward": { + "properties": { + "stickiness": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleActionForwardStickiness:ListenerRuleActionForwardStickiness", + "description": "The target group stickiness for the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleActionForwardTargetGroup:ListenerRuleActionForwardTargetGroup" + }, + "description": "One or more target groups block.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetGroups" + ] + }, + "aws:applicationloadbalancing/ListenerRuleActionForwardStickiness:ListenerRuleActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "description": "The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether target group stickiness is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration" + ] + }, + "aws:applicationloadbalancing/ListenerRuleActionForwardTargetGroup:ListenerRuleActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "The weight. The range is 0 to 999.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:applicationloadbalancing/ListenerRuleActionRedirect:ListenerRuleActionRedirect": { + "properties": { + "host": { + "type": "string", + "description": "The hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The absolute path, starting with the leading \"/\". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "The port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "description": "The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading \"?\". Defaults to `#{query}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statusCode" + ] + }, + "aws:applicationloadbalancing/ListenerRuleCondition:ListenerRuleCondition": { + "properties": { + "hostHeader": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleConditionHostHeader:ListenerRuleConditionHostHeader", + "description": "Contains a single `values` item which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpHeader": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleConditionHttpHeader:ListenerRuleConditionHttpHeader", + "description": "HTTP headers to match. HTTP Header block fields documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpRequestMethod": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleConditionHttpRequestMethod:ListenerRuleConditionHttpRequestMethod", + "description": "Contains a single `values` item which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (\\_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pathPattern": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleConditionPathPattern:ListenerRuleConditionPathPattern", + "description": "Contains a single `values` item which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a `query_string` condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStrings": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleConditionQueryString:ListenerRuleConditionQueryString" + }, + "description": "Query strings to match. Query String block fields documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceIp": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleConditionSourceIp:ListenerRuleConditionSourceIp", + "description": "Contains a single `values` item which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in the `X-Forwarded-For` header, use `http_header` condition instead.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:applicationloadbalancing/ListenerRuleConditionHostHeader:ListenerRuleConditionHostHeader": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:applicationloadbalancing/ListenerRuleConditionHttpHeader:ListenerRuleConditionHttpHeader": { + "properties": { + "httpHeaderName": { + "type": "string", + "description": "Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a `host-header` condition instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "httpHeaderName", + "values" + ] + }, + "aws:applicationloadbalancing/ListenerRuleConditionHttpRequestMethod:ListenerRuleConditionHttpRequestMethod": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:applicationloadbalancing/ListenerRuleConditionPathPattern:ListenerRuleConditionPathPattern": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:applicationloadbalancing/ListenerRuleConditionQueryString:ListenerRuleConditionQueryString": { + "properties": { + "key": { + "type": "string", + "description": "Query string key pattern to match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Query string value pattern to match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "aws:applicationloadbalancing/ListenerRuleConditionSourceIp:ListenerRuleConditionSourceIp": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:applicationloadbalancing/LoadBalancerAccessLogs:LoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "description": "The S3 bucket name to store the logs in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `access_logs`. Defaults to `false`, even when `bucket` is specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The S3 bucket prefix. Logs are stored in the root if not configured.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "aws:applicationloadbalancing/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping": { + "properties": { + "allocationId": { + "type": "string", + "description": "The allocation ID of the Elastic IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6Address": { + "type": "string", + "description": "An ipv6 address within the subnet to assign to the internet-facing load balancer.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outpostId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateIpv4Address": { + "type": "string", + "description": "A private ipv4 address within the subnet to assign to the internal-facing load balancer.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "The id of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "subnetId" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "outpostId", + "subnetId" + ] + } + } + }, + "aws:applicationloadbalancing/LoadBalancerType:LoadBalancerType": { + "type": "string", + "enum": [ + { + "name": "Application", + "value": "application" + }, + { + "name": "Network", + "value": "network" + } + ] + }, + "aws:applicationloadbalancing/TargetGroupHealthCheck:TargetGroupHealthCheck": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `stickiness`. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "healthyThreshold": { + "type": "integer", + "description": "Number of consecutive health checks successes required before considering an unhealthy target healthy. Defaults to 3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "description": "Approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds. For `lambda` target groups, it needs to be greater as the `timeout` of the underlying `lambda`. Default 30 seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "matcher": { + "type": "string", + "description": "Response codes to use when checking for a healthy responses from a target. You can specify multiple values (for example, \"200,202\" for HTTP(s) or \"0,12\" for GRPC) or a range of values (for example, \"200-299\" or \"0-99\"). Required for HTTP/HTTPS/GRPC ALB. Only applies to Application Load Balancers (i.e., HTTP/HTTPS/GRPC) not Network Load Balancers (i.e., TCP).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "description": "Amount of time, in seconds, during which no response means a failed health check. For Application Load Balancers, the range is 2 to 120 seconds, and the default is 5 seconds for the `instance` target type and 30 seconds for the `lambda` target type. For Network Load Balancers, you cannot set a custom value, and the default is 10 seconds for TCP and HTTPS health checks and 6 seconds for HTTP health checks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "description": "Number of consecutive health check failures required before considering the target unhealthy. For Network Load Balancers, this value must be the same as the `healthy_threshold`. Defaults to 3.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "matcher", + "path", + "timeout" + ] + } + } + }, + "aws:applicationloadbalancing/TargetGroupStickiness:TargetGroupStickiness": { + "properties": { + "cookieDuration": { + "type": "integer", + "description": "Only used when the type is `lb_cookie`. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookieName": { + "type": "string", + "description": "Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is `app_cookie`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `stickiness`. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of sticky sessions. The only current possible values are `lb_cookie`, `app_cookie` for ALBs, and `source_ip` for NLBs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:applicationloadbalancing/getListenerDefaultAction:getListenerDefaultAction": { + "properties": { + "authenticateCognitos": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/getListenerDefaultActionAuthenticateCognito:getListenerDefaultActionAuthenticateCognito" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidcs": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/getListenerDefaultActionAuthenticateOidc:getListenerDefaultActionAuthenticateOidc" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponses": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/getListenerDefaultActionFixedResponse:getListenerDefaultActionFixedResponse" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "forwards": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/getListenerDefaultActionForward:getListenerDefaultActionForward" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirects": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/getListenerDefaultActionRedirect:getListenerDefaultActionRedirect" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticateCognitos", + "authenticateOidcs", + "fixedResponses", + "forwards", + "order", + "redirects", + "targetGroupArn", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getListenerDefaultActionAuthenticateCognito:getListenerDefaultActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticationRequestExtraParams", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getListenerDefaultActionAuthenticateOidc:getListenerDefaultActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticationRequestExtraParams", + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getListenerDefaultActionFixedResponse:getListenerDefaultActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType", + "messageBody", + "statusCode" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getListenerDefaultActionForward:getListenerDefaultActionForward": { + "properties": { + "stickinesses": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/getListenerDefaultActionForwardStickiness:getListenerDefaultActionForwardStickiness" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/getListenerDefaultActionForwardTargetGroup:getListenerDefaultActionForwardTargetGroup" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "stickinesses", + "targetGroups" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getListenerDefaultActionForwardStickiness:getListenerDefaultActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration", + "enabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getListenerDefaultActionForwardTargetGroup:getListenerDefaultActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the listener. Required if `load_balancer_arn` and `port` is not set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "weight" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getListenerDefaultActionRedirect:getListenerDefaultActionRedirect": { + "properties": { + "host": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port of the listener. Required if `arn` is not set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "host", + "path", + "port", + "protocol", + "query", + "statusCode" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "enabled", + "prefix" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getLoadBalancerSubnetMapping:getLoadBalancerSubnetMapping": { + "properties": { + "allocationId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6Address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "outpostId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateIpv4Address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationId", + "ipv6Address", + "outpostId", + "privateIpv4Address", + "subnetId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getTargetGroupHealthCheck:getTargetGroupHealthCheck": { + "properties": { + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "healthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "matcher": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled", + "healthyThreshold", + "interval", + "matcher", + "path", + "port", + "protocol", + "timeout", + "unhealthyThreshold" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:applicationloadbalancing/getTargetGroupStickiness:getTargetGroupStickiness": { + "properties": { + "cookieDuration": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookieDuration", + "cookieName", + "enabled", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:appmesh/GatewayRouteSpec:GatewayRouteSpec": { + "properties": { + "grpcRoute": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecGrpcRoute:GatewayRouteSpecGrpcRoute", + "description": "The specification of a gRPC gateway route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "http2Route": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecHttp2Route:GatewayRouteSpecHttp2Route", + "description": "The specification of an HTTP/2 gateway route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpRoute": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecHttpRoute:GatewayRouteSpecHttpRoute", + "description": "The specification of an HTTP gateway route.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/GatewayRouteSpecGrpcRoute:GatewayRouteSpecGrpcRoute": { + "properties": { + "action": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecGrpcRouteAction:GatewayRouteSpecGrpcRouteAction", + "description": "The action to take if a match is determined.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "match": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecGrpcRouteMatch:GatewayRouteSpecGrpcRouteMatch", + "description": "The criteria for determining a request match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "match" + ] + }, + "aws:appmesh/GatewayRouteSpecGrpcRouteAction:GatewayRouteSpecGrpcRouteAction": { + "properties": { + "target": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecGrpcRouteActionTarget:GatewayRouteSpecGrpcRouteActionTarget", + "description": "The target that traffic is routed to when a request matches the gateway route.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "target" + ] + }, + "aws:appmesh/GatewayRouteSpecGrpcRouteActionTarget:GatewayRouteSpecGrpcRouteActionTarget": { + "properties": { + "virtualService": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecGrpcRouteActionTargetVirtualService:GatewayRouteSpecGrpcRouteActionTargetVirtualService", + "description": "The virtual service gateway route target.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualService" + ] + }, + "aws:appmesh/GatewayRouteSpecGrpcRouteActionTargetVirtualService:GatewayRouteSpecGrpcRouteActionTargetVirtualService": { + "properties": { + "virtualServiceName": { + "type": "string", + "description": "The name of the virtual service that traffic is routed to. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualServiceName" + ] + }, + "aws:appmesh/GatewayRouteSpecGrpcRouteMatch:GatewayRouteSpecGrpcRouteMatch": { + "properties": { + "serviceName": { + "type": "string", + "description": "The fully qualified domain name for the service to match from the request.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "serviceName" + ] + }, + "aws:appmesh/GatewayRouteSpecHttp2Route:GatewayRouteSpecHttp2Route": { + "properties": { + "action": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecHttp2RouteAction:GatewayRouteSpecHttp2RouteAction", + "description": "The action to take if a match is determined.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "match": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecHttp2RouteMatch:GatewayRouteSpecHttp2RouteMatch", + "description": "The criteria for determining a request match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "match" + ] + }, + "aws:appmesh/GatewayRouteSpecHttp2RouteAction:GatewayRouteSpecHttp2RouteAction": { + "properties": { + "target": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecHttp2RouteActionTarget:GatewayRouteSpecHttp2RouteActionTarget", + "description": "The target that traffic is routed to when a request matches the gateway route.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "target" + ] + }, + "aws:appmesh/GatewayRouteSpecHttp2RouteActionTarget:GatewayRouteSpecHttp2RouteActionTarget": { + "properties": { + "virtualService": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecHttp2RouteActionTargetVirtualService:GatewayRouteSpecHttp2RouteActionTargetVirtualService", + "description": "The virtual service gateway route target.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualService" + ] + }, + "aws:appmesh/GatewayRouteSpecHttp2RouteActionTargetVirtualService:GatewayRouteSpecHttp2RouteActionTargetVirtualService": { + "properties": { + "virtualServiceName": { + "type": "string", + "description": "The name of the virtual service that traffic is routed to. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualServiceName" + ] + }, + "aws:appmesh/GatewayRouteSpecHttp2RouteMatch:GatewayRouteSpecHttp2RouteMatch": { + "properties": { + "prefix": { + "type": "string", + "description": "Specifies the path to match requests with. This parameter must always start with `/`, which by itself matches all requests to the virtual service name.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "prefix" + ] + }, + "aws:appmesh/GatewayRouteSpecHttpRoute:GatewayRouteSpecHttpRoute": { + "properties": { + "action": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecHttpRouteAction:GatewayRouteSpecHttpRouteAction", + "description": "The action to take if a match is determined.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "match": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecHttpRouteMatch:GatewayRouteSpecHttpRouteMatch", + "description": "The criteria for determining a request match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "match" + ] + }, + "aws:appmesh/GatewayRouteSpecHttpRouteAction:GatewayRouteSpecHttpRouteAction": { + "properties": { + "target": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecHttpRouteActionTarget:GatewayRouteSpecHttpRouteActionTarget", + "description": "The target that traffic is routed to when a request matches the gateway route.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "target" + ] + }, + "aws:appmesh/GatewayRouteSpecHttpRouteActionTarget:GatewayRouteSpecHttpRouteActionTarget": { + "properties": { + "virtualService": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpecHttpRouteActionTargetVirtualService:GatewayRouteSpecHttpRouteActionTargetVirtualService", + "description": "The virtual service gateway route target.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualService" + ] + }, + "aws:appmesh/GatewayRouteSpecHttpRouteActionTargetVirtualService:GatewayRouteSpecHttpRouteActionTargetVirtualService": { + "properties": { + "virtualServiceName": { + "type": "string", + "description": "The name of the virtual service that traffic is routed to. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualServiceName" + ] + }, + "aws:appmesh/GatewayRouteSpecHttpRouteMatch:GatewayRouteSpecHttpRouteMatch": { + "properties": { + "prefix": { + "type": "string", + "description": "Specifies the path to match requests with. This parameter must always start with `/`, which by itself matches all requests to the virtual service name.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "prefix" + ] + }, + "aws:appmesh/MeshSpec:MeshSpec": { + "properties": { + "egressFilter": { + "$ref": "#/types/aws:appmesh/MeshSpecEgressFilter:MeshSpecEgressFilter", + "description": "The egress filter rules for the service mesh.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/MeshSpecEgressFilter:MeshSpecEgressFilter": { + "properties": { + "type": { + "type": "string", + "description": "The egress filter type. By default, the type is `DROP_ALL`.\nValid values are `ALLOW_ALL` and `DROP_ALL`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/RouteSpec:RouteSpec": { + "properties": { + "grpcRoute": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRoute:RouteSpecGrpcRoute", + "description": "The gRPC routing information for the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "http2Route": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2Route:RouteSpecHttp2Route", + "description": "The HTTP/2 routing information for the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpRoute": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRoute:RouteSpecHttpRoute", + "description": "The HTTP routing information for the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "integer", + "description": "The priority for the route, between `0` and `1000`.\nRoutes are matched based on the specified value, where `0` is the highest priority.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tcpRoute": { + "$ref": "#/types/aws:appmesh/RouteSpecTcpRoute:RouteSpecTcpRoute", + "description": "The TCP routing information for the route.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/RouteSpecGrpcRoute:RouteSpecGrpcRoute": { + "properties": { + "action": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteAction:RouteSpecGrpcRouteAction", + "description": "The action to take if a match is determined.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "match": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteMatch:RouteSpecGrpcRouteMatch", + "description": "The criteria for determining an gRPC request match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "retryPolicy": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteRetryPolicy:RouteSpecGrpcRouteRetryPolicy", + "description": "The retry policy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteTimeout:RouteSpecGrpcRouteTimeout", + "description": "The types of timeouts.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action" + ] + }, + "aws:appmesh/RouteSpecGrpcRouteAction:RouteSpecGrpcRouteAction": { + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteActionWeightedTarget:RouteSpecGrpcRouteActionWeightedTarget" + }, + "description": "The targets that traffic is routed to when a request matches the route.\nYou can specify one or more targets and their relative weights with which to distribute traffic.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "weightedTargets" + ] + }, + "aws:appmesh/RouteSpecGrpcRouteActionWeightedTarget:RouteSpecGrpcRouteActionWeightedTarget": { + "properties": { + "virtualNode": { + "type": "string", + "description": "The virtual node to associate with the weighted target. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "The relative weight of the weighted target. An integer between 0 and 100.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualNode", + "weight" + ] + }, + "aws:appmesh/RouteSpecGrpcRouteMatch:RouteSpecGrpcRouteMatch": { + "properties": { + "metadatas": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteMatchMetadata:RouteSpecGrpcRouteMatchMetadata" + }, + "description": "The data to match from the gRPC request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "methodName": { + "type": "string", + "description": "The method name to match from the request. If you specify a name, you must also specify a `service_name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The value sent by the client must begin with the specified characters. Must be between 1 and 255 characters in length.\nThis parameter must always start with /, which by itself matches all requests to the virtual router service name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceName": { + "type": "string", + "description": "The fully qualified domain name for the service to match from the request.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/RouteSpecGrpcRouteMatchMetadata:RouteSpecGrpcRouteMatchMetadata": { + "properties": { + "invert": { + "type": "boolean", + "description": "If `true`, the match is on the opposite of the `match` criteria. Default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "match": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteMatchMetadataMatch:RouteSpecGrpcRouteMatchMetadataMatch", + "description": "The data to match from the request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the route. Must be between 1 and 50 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:appmesh/RouteSpecGrpcRouteMatchMetadataMatch:RouteSpecGrpcRouteMatchMetadataMatch": { + "properties": { + "exact": { + "type": "string", + "description": "The value sent by the client must match the specified value exactly. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The value sent by the client must begin with the specified characters. Must be between 1 and 255 characters in length.\nThis parameter must always start with /, which by itself matches all requests to the virtual router service name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "range": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteMatchMetadataMatchRange:RouteSpecGrpcRouteMatchMetadataMatchRange", + "description": "The object that specifies the range of numbers that the value sent by the client must be included in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regex": { + "type": "string", + "description": "The value sent by the client must include the specified characters. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "suffix": { + "type": "string", + "description": "The value sent by the client must end with the specified characters. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/RouteSpecGrpcRouteMatchMetadataMatchRange:RouteSpecGrpcRouteMatchMetadataMatchRange": { + "properties": { + "end": { + "type": "integer", + "description": "The end of the range.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "integer", + "description": "The start of the range.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "end", + "start" + ] + }, + "aws:appmesh/RouteSpecGrpcRouteRetryPolicy:RouteSpecGrpcRouteRetryPolicy": { + "properties": { + "grpcRetryEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of gRPC retry events.\nValid values: `cancelled`, `deadline-exceeded`, `internal`, `resource-exhausted`, `unavailable`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpRetryEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of HTTP retry events.\nValid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream).\nValid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of retries.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "perRetryTimeout": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteRetryPolicyPerRetryTimeout:RouteSpecGrpcRouteRetryPolicyPerRetryTimeout", + "description": "The per-retry timeout.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tcpRetryEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of TCP retry events. The only valid value is `connection-error`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxRetries", + "perRetryTimeout" + ] + }, + "aws:appmesh/RouteSpecGrpcRouteRetryPolicyPerRetryTimeout:RouteSpecGrpcRouteRetryPolicyPerRetryTimeout": { + "properties": { + "unit": { + "type": "string", + "description": "Retry unit. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "Retry value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/RouteSpecGrpcRouteTimeout:RouteSpecGrpcRouteTimeout": { + "properties": { + "idle": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteTimeoutIdle:RouteSpecGrpcRouteTimeoutIdle", + "description": "The idle timeout. An idle timeout bounds the amount of time that a connection may be idle.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "perRequest": { + "$ref": "#/types/aws:appmesh/RouteSpecGrpcRouteTimeoutPerRequest:RouteSpecGrpcRouteTimeoutPerRequest", + "description": "The per request timeout.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/RouteSpecGrpcRouteTimeoutIdle:RouteSpecGrpcRouteTimeoutIdle": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/RouteSpecGrpcRouteTimeoutPerRequest:RouteSpecGrpcRouteTimeoutPerRequest": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/RouteSpecHttp2Route:RouteSpecHttp2Route": { + "properties": { + "action": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteAction:RouteSpecHttp2RouteAction", + "description": "The action to take if a match is determined.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "match": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteMatch:RouteSpecHttp2RouteMatch", + "description": "The criteria for determining an gRPC request match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "retryPolicy": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteRetryPolicy:RouteSpecHttp2RouteRetryPolicy", + "description": "The retry policy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteTimeout:RouteSpecHttp2RouteTimeout", + "description": "The types of timeouts.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "match" + ] + }, + "aws:appmesh/RouteSpecHttp2RouteAction:RouteSpecHttp2RouteAction": { + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteActionWeightedTarget:RouteSpecHttp2RouteActionWeightedTarget" + }, + "description": "The targets that traffic is routed to when a request matches the route.\nYou can specify one or more targets and their relative weights with which to distribute traffic.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "weightedTargets" + ] + }, + "aws:appmesh/RouteSpecHttp2RouteActionWeightedTarget:RouteSpecHttp2RouteActionWeightedTarget": { + "properties": { + "virtualNode": { + "type": "string", + "description": "The virtual node to associate with the weighted target. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "The relative weight of the weighted target. An integer between 0 and 100.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualNode", + "weight" + ] + }, + "aws:appmesh/RouteSpecHttp2RouteMatch:RouteSpecHttp2RouteMatch": { + "properties": { + "headers": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteMatchHeader:RouteSpecHttp2RouteMatchHeader" + }, + "description": "The client request headers to match on.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "type": "string", + "description": "The client request header method to match on. Valid values: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The value sent by the client must begin with the specified characters. Must be between 1 and 255 characters in length.\nThis parameter must always start with /, which by itself matches all requests to the virtual router service name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scheme": { + "type": "string", + "description": "The client request header scheme to match on. Valid values: `http`, `https`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "prefix" + ] + }, + "aws:appmesh/RouteSpecHttp2RouteMatchHeader:RouteSpecHttp2RouteMatchHeader": { + "properties": { + "invert": { + "type": "boolean", + "description": "If `true`, the match is on the opposite of the `match` method and value. Default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "match": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteMatchHeaderMatch:RouteSpecHttp2RouteMatchHeaderMatch", + "description": "The method and value to match the header value sent with a request. Specify one match method.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "A name for the HTTP header in the client request that will be matched on.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:appmesh/RouteSpecHttp2RouteMatchHeaderMatch:RouteSpecHttp2RouteMatchHeaderMatch": { + "properties": { + "exact": { + "type": "string", + "description": "The value sent by the client must match the specified value exactly. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The value sent by the client must begin with the specified characters. Must be between 1 and 255 characters in length.\nThis parameter must always start with /, which by itself matches all requests to the virtual router service name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "range": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteMatchHeaderMatchRange:RouteSpecHttp2RouteMatchHeaderMatchRange", + "description": "The object that specifies the range of numbers that the value sent by the client must be included in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regex": { + "type": "string", + "description": "The value sent by the client must include the specified characters. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "suffix": { + "type": "string", + "description": "The value sent by the client must end with the specified characters. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/RouteSpecHttp2RouteMatchHeaderMatchRange:RouteSpecHttp2RouteMatchHeaderMatchRange": { + "properties": { + "end": { + "type": "integer", + "description": "The end of the range.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "integer", + "description": "The start of the range.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "end", + "start" + ] + }, + "aws:appmesh/RouteSpecHttp2RouteRetryPolicy:RouteSpecHttp2RouteRetryPolicy": { + "properties": { + "httpRetryEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of HTTP retry events.\nValid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream).\nValid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of retries.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "perRetryTimeout": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteRetryPolicyPerRetryTimeout:RouteSpecHttp2RouteRetryPolicyPerRetryTimeout", + "description": "The per-retry timeout.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tcpRetryEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of TCP retry events. The only valid value is `connection-error`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxRetries", + "perRetryTimeout" + ] + }, + "aws:appmesh/RouteSpecHttp2RouteRetryPolicyPerRetryTimeout:RouteSpecHttp2RouteRetryPolicyPerRetryTimeout": { + "properties": { + "unit": { + "type": "string", + "description": "Retry unit. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "Retry value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/RouteSpecHttp2RouteTimeout:RouteSpecHttp2RouteTimeout": { + "properties": { + "idle": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteTimeoutIdle:RouteSpecHttp2RouteTimeoutIdle", + "description": "The idle timeout. An idle timeout bounds the amount of time that a connection may be idle.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "perRequest": { + "$ref": "#/types/aws:appmesh/RouteSpecHttp2RouteTimeoutPerRequest:RouteSpecHttp2RouteTimeoutPerRequest", + "description": "The per request timeout.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/RouteSpecHttp2RouteTimeoutIdle:RouteSpecHttp2RouteTimeoutIdle": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/RouteSpecHttp2RouteTimeoutPerRequest:RouteSpecHttp2RouteTimeoutPerRequest": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/RouteSpecHttpRoute:RouteSpecHttpRoute": { + "properties": { + "action": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteAction:RouteSpecHttpRouteAction", + "description": "The action to take if a match is determined.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "match": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteMatch:RouteSpecHttpRouteMatch", + "description": "The criteria for determining an HTTP request match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "retryPolicy": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteRetryPolicy:RouteSpecHttpRouteRetryPolicy", + "description": "The retry policy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteTimeout:RouteSpecHttpRouteTimeout", + "description": "The types of timeouts.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "match" + ] + }, + "aws:appmesh/RouteSpecHttpRouteAction:RouteSpecHttpRouteAction": { + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteActionWeightedTarget:RouteSpecHttpRouteActionWeightedTarget" + }, + "description": "The targets that traffic is routed to when a request matches the route.\nYou can specify one or more targets and their relative weights with which to distribute traffic.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "weightedTargets" + ] + }, + "aws:appmesh/RouteSpecHttpRouteActionWeightedTarget:RouteSpecHttpRouteActionWeightedTarget": { + "properties": { + "virtualNode": { + "type": "string", + "description": "The virtual node to associate with the weighted target. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "The relative weight of the weighted target. An integer between 0 and 100.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualNode", + "weight" + ] + }, + "aws:appmesh/RouteSpecHttpRouteMatch:RouteSpecHttpRouteMatch": { + "properties": { + "headers": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteMatchHeader:RouteSpecHttpRouteMatchHeader" + }, + "description": "The client request headers to match on.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "type": "string", + "description": "The client request header method to match on. Valid values: `GET`, `HEAD`, `POST`, `PUT`, `DELETE`, `CONNECT`, `OPTIONS`, `TRACE`, `PATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The value sent by the client must begin with the specified characters. Must be between 1 and 255 characters in length.\nThis parameter must always start with /, which by itself matches all requests to the virtual router service name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scheme": { + "type": "string", + "description": "The client request header scheme to match on. Valid values: `http`, `https`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "prefix" + ] + }, + "aws:appmesh/RouteSpecHttpRouteMatchHeader:RouteSpecHttpRouteMatchHeader": { + "properties": { + "invert": { + "type": "boolean", + "description": "If `true`, the match is on the opposite of the `match` method and value. Default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "match": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteMatchHeaderMatch:RouteSpecHttpRouteMatchHeaderMatch", + "description": "The method and value to match the header value sent with a request. Specify one match method.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "A name for the HTTP header in the client request that will be matched on.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:appmesh/RouteSpecHttpRouteMatchHeaderMatch:RouteSpecHttpRouteMatchHeaderMatch": { + "properties": { + "exact": { + "type": "string", + "description": "The value sent by the client must match the specified value exactly. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The value sent by the client must begin with the specified characters. Must be between 1 and 255 characters in length.\nThis parameter must always start with /, which by itself matches all requests to the virtual router service name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "range": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteMatchHeaderMatchRange:RouteSpecHttpRouteMatchHeaderMatchRange", + "description": "The object that specifies the range of numbers that the value sent by the client must be included in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regex": { + "type": "string", + "description": "The value sent by the client must include the specified characters. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "suffix": { + "type": "string", + "description": "The value sent by the client must end with the specified characters. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/RouteSpecHttpRouteMatchHeaderMatchRange:RouteSpecHttpRouteMatchHeaderMatchRange": { + "properties": { + "end": { + "type": "integer", + "description": "The end of the range.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "integer", + "description": "The start of the range.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "end", + "start" + ] + }, + "aws:appmesh/RouteSpecHttpRouteRetryPolicy:RouteSpecHttpRouteRetryPolicy": { + "properties": { + "httpRetryEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of HTTP retry events.\nValid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream).\nValid values: `client-error` (HTTP status code 409), `gateway-error` (HTTP status codes 502, 503, and 504), `server-error` (HTTP status codes 500, 501, 502, 503, 504, 505, 506, 507, 508, 510, and 511), `stream-error` (retry on refused stream).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of retries.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "perRetryTimeout": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteRetryPolicyPerRetryTimeout:RouteSpecHttpRouteRetryPolicyPerRetryTimeout", + "description": "The per-retry timeout.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tcpRetryEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of TCP retry events. The only valid value is `connection-error`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxRetries", + "perRetryTimeout" + ] + }, + "aws:appmesh/RouteSpecHttpRouteRetryPolicyPerRetryTimeout:RouteSpecHttpRouteRetryPolicyPerRetryTimeout": { + "properties": { + "unit": { + "type": "string", + "description": "Retry unit. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "Retry value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/RouteSpecHttpRouteTimeout:RouteSpecHttpRouteTimeout": { + "properties": { + "idle": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteTimeoutIdle:RouteSpecHttpRouteTimeoutIdle", + "description": "The idle timeout. An idle timeout bounds the amount of time that a connection may be idle.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "perRequest": { + "$ref": "#/types/aws:appmesh/RouteSpecHttpRouteTimeoutPerRequest:RouteSpecHttpRouteTimeoutPerRequest", + "description": "The per request timeout.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/RouteSpecHttpRouteTimeoutIdle:RouteSpecHttpRouteTimeoutIdle": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/RouteSpecHttpRouteTimeoutPerRequest:RouteSpecHttpRouteTimeoutPerRequest": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/RouteSpecTcpRoute:RouteSpecTcpRoute": { + "properties": { + "action": { + "$ref": "#/types/aws:appmesh/RouteSpecTcpRouteAction:RouteSpecTcpRouteAction", + "description": "The action to take if a match is determined.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "$ref": "#/types/aws:appmesh/RouteSpecTcpRouteTimeout:RouteSpecTcpRouteTimeout", + "description": "The types of timeouts.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action" + ] + }, + "aws:appmesh/RouteSpecTcpRouteAction:RouteSpecTcpRouteAction": { + "properties": { + "weightedTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/RouteSpecTcpRouteActionWeightedTarget:RouteSpecTcpRouteActionWeightedTarget" + }, + "description": "The targets that traffic is routed to when a request matches the route.\nYou can specify one or more targets and their relative weights with which to distribute traffic.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "weightedTargets" + ] + }, + "aws:appmesh/RouteSpecTcpRouteActionWeightedTarget:RouteSpecTcpRouteActionWeightedTarget": { + "properties": { + "virtualNode": { + "type": "string", + "description": "The virtual node to associate with the weighted target. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "The relative weight of the weighted target. An integer between 0 and 100.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualNode", + "weight" + ] + }, + "aws:appmesh/RouteSpecTcpRouteTimeout:RouteSpecTcpRouteTimeout": { + "properties": { + "idle": { + "$ref": "#/types/aws:appmesh/RouteSpecTcpRouteTimeoutIdle:RouteSpecTcpRouteTimeoutIdle", + "description": "The idle timeout. An idle timeout bounds the amount of time that a connection may be idle.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/RouteSpecTcpRouteTimeoutIdle:RouteSpecTcpRouteTimeoutIdle": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/VirtualGatewaySpec:VirtualGatewaySpec": { + "properties": { + "backendDefaults": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaults:VirtualGatewaySpecBackendDefaults", + "description": "The defaults for backends.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "listener": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListener:VirtualGatewaySpecListener", + "description": "The listeners that the mesh endpoint is expected to receive inbound traffic from. You can specify one listener.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logging": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecLogging:VirtualGatewaySpecLogging", + "description": "The inbound and outbound access logging information for the virtual gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "listener" + ] + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaults:VirtualGatewaySpecBackendDefaults": { + "properties": { + "clientPolicy": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicy:VirtualGatewaySpecBackendDefaultsClientPolicy", + "description": "The default client policy for virtual gateway backends.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicy:VirtualGatewaySpecBackendDefaultsClientPolicy": { + "properties": { + "tls": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTls:VirtualGatewaySpecBackendDefaultsClientPolicyTls", + "description": "The Transport Layer Security (TLS) client policy.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTls:VirtualGatewaySpecBackendDefaultsClientPolicyTls": { + "properties": { + "certificate": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificate:VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificate", + "description": "The listener's TLS certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enforce": { + "type": "boolean", + "description": "Whether the policy is enforced. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ports": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "One or more ports that the policy is enforced for.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "validation": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidation:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidation", + "description": "The listener's Transport Layer Security (TLS) validation context.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "validation" + ] + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificate:VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificate": { + "properties": { + "file": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateFile:VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateFile", + "description": "A local file certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sds": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateSds:VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateSds", + "description": "A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateFile:VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateFile": { + "properties": { + "certificateChain": { + "type": "string", + "description": "The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateKey": { + "type": "string", + "description": "The private key for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateChain", + "privateKey" + ] + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateSds:VirtualGatewaySpecBackendDefaultsClientPolicyTlsCertificateSds": { + "properties": { + "secretName": { + "type": "string", + "description": "The name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "secretName" + ] + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidation:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidation": { + "properties": { + "subjectAlternativeNames": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames", + "description": "The SANs for a virtual gateway's listener's Transport Layer Security (TLS) validation context.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "trust": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrust:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrust", + "description": "The TLS validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "trust" + ] + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames": { + "properties": { + "match": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch", + "description": "The criteria for determining a SAN's match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "match" + ] + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch": { + "properties": { + "exacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The values sent must match the specified values exactly.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "exacts" + ] + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrust:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrust": { + "properties": { + "acm": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustAcm:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustAcm", + "description": "The TLS validation context trust for an AWS Certificate Manager (ACM) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "file": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustFile:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustFile", + "description": "The TLS validation context trust for a local file certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sds": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustSds:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustSds", + "description": "The TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustAcm:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustAcm": { + "properties": { + "certificateAuthorityArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more ACM Amazon Resource Name (ARN)s.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateAuthorityArns" + ] + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustFile:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustFile": { + "properties": { + "certificateChain": { + "type": "string", + "description": "The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateChain" + ] + }, + "aws:appmesh/VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustSds:VirtualGatewaySpecBackendDefaultsClientPolicyTlsValidationTrustSds": { + "properties": { + "secretName": { + "type": "string", + "description": "The name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "secretName" + ] + }, + "aws:appmesh/VirtualGatewaySpecListener:VirtualGatewaySpecListener": { + "properties": { + "connectionPool": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerConnectionPool:VirtualGatewaySpecListenerConnectionPool", + "description": "The connection pool information for the listener.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "healthCheck": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerHealthCheck:VirtualGatewaySpecListenerHealthCheck", + "description": "The health check information for the listener.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "portMapping": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerPortMapping:VirtualGatewaySpecListenerPortMapping", + "description": "The port mapping information for the listener.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tls": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTls:VirtualGatewaySpecListenerTls", + "description": "The Transport Layer Security (TLS) properties for the listener\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "portMapping" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerConnectionPool:VirtualGatewaySpecListenerConnectionPool": { + "properties": { + "grpc": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerConnectionPoolGrpc:VirtualGatewaySpecListenerConnectionPoolGrpc", + "description": "Connection pool information for gRPC listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "http": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerConnectionPoolHttp:VirtualGatewaySpecListenerConnectionPoolHttp", + "description": "Connection pool information for HTTP listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "http2": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerConnectionPoolHttp2:VirtualGatewaySpecListenerConnectionPoolHttp2", + "description": "Connection pool information for HTTP2 listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualGatewaySpecListenerConnectionPoolGrpc:VirtualGatewaySpecListenerConnectionPoolGrpc": { + "properties": { + "maxRequests": { + "type": "integer", + "description": "Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxRequests" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerConnectionPoolHttp2:VirtualGatewaySpecListenerConnectionPoolHttp2": { + "properties": { + "maxRequests": { + "type": "integer", + "description": "Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxRequests" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerConnectionPoolHttp:VirtualGatewaySpecListenerConnectionPoolHttp": { + "properties": { + "maxConnections": { + "type": "integer", + "description": "Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxPendingRequests": { + "type": "integer", + "description": "Number of overflowing requests after `max_connections` Envoy will queue to upstream cluster. Minimum value of `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxConnections" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerHealthCheck:VirtualGatewaySpecListenerHealthCheck": { + "properties": { + "healthyThreshold": { + "type": "integer", + "description": "The number of consecutive successful health checks that must occur before declaring listener healthy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "intervalMillis": { + "type": "integer", + "description": "The time period in milliseconds between each health check execution.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The destination path for the health check request. This is only required if the specified protocol is `http` or `http2`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "integer", + "description": "The destination port for the health check request. This port must match the port defined in the `port_mapping` for the listener.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol for the health check request. Valid values are `http`, `http2`, and `grpc`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutMillis": { + "type": "integer", + "description": "The amount of time to wait when receiving a response from the health check, in milliseconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "description": "The number of consecutive failed health checks that must occur before declaring a virtual gateway unhealthy.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "healthyThreshold", + "intervalMillis", + "protocol", + "timeoutMillis", + "unhealthyThreshold" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "healthyThreshold", + "intervalMillis", + "port", + "protocol", + "timeoutMillis", + "unhealthyThreshold" + ] + } + } + }, + "aws:appmesh/VirtualGatewaySpecListenerPortMapping:VirtualGatewaySpecListenerPortMapping": { + "properties": { + "port": { + "type": "integer", + "description": "The port used for the port mapping.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol used for the port mapping. Valid values are `http`, `http2`, `tcp` and `grpc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "port", + "protocol" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerTls:VirtualGatewaySpecListenerTls": { + "properties": { + "certificate": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTlsCertificate:VirtualGatewaySpecListenerTlsCertificate", + "description": "The listener's TLS certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mode": { + "type": "string", + "description": "The listener's TLS mode. Valid values: `DISABLED`, `PERMISSIVE`, `STRICT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "validation": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTlsValidation:VirtualGatewaySpecListenerTlsValidation", + "description": "The listener's Transport Layer Security (TLS) validation context.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificate", + "mode" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerTlsCertificate:VirtualGatewaySpecListenerTlsCertificate": { + "properties": { + "acm": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTlsCertificateAcm:VirtualGatewaySpecListenerTlsCertificateAcm", + "description": "An AWS Certificate Manager (ACM) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "file": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTlsCertificateFile:VirtualGatewaySpecListenerTlsCertificateFile", + "description": "A local file certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sds": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTlsCertificateSds:VirtualGatewaySpecListenerTlsCertificateSds", + "description": "A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualGatewaySpecListenerTlsCertificateAcm:VirtualGatewaySpecListenerTlsCertificateAcm": { + "properties": { + "certificateArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateArn" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerTlsCertificateFile:VirtualGatewaySpecListenerTlsCertificateFile": { + "properties": { + "certificateChain": { + "type": "string", + "description": "The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateKey": { + "type": "string", + "description": "The private key for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateChain", + "privateKey" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerTlsCertificateSds:VirtualGatewaySpecListenerTlsCertificateSds": { + "properties": { + "secretName": { + "type": "string", + "description": "The name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "secretName" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerTlsValidation:VirtualGatewaySpecListenerTlsValidation": { + "properties": { + "subjectAlternativeNames": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNames:VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNames", + "description": "The SANs for a virtual gateway's listener's Transport Layer Security (TLS) validation context.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "trust": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTlsValidationTrust:VirtualGatewaySpecListenerTlsValidationTrust", + "description": "The TLS validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "trust" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNames:VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNames": { + "properties": { + "match": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNamesMatch:VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNamesMatch", + "description": "The criteria for determining a SAN's match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "match" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNamesMatch:VirtualGatewaySpecListenerTlsValidationSubjectAlternativeNamesMatch": { + "properties": { + "exacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The values sent must match the specified values exactly.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "exacts" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerTlsValidationTrust:VirtualGatewaySpecListenerTlsValidationTrust": { + "properties": { + "file": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTlsValidationTrustFile:VirtualGatewaySpecListenerTlsValidationTrustFile", + "description": "The TLS validation context trust for a local file certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sds": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecListenerTlsValidationTrustSds:VirtualGatewaySpecListenerTlsValidationTrustSds", + "description": "The TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualGatewaySpecListenerTlsValidationTrustFile:VirtualGatewaySpecListenerTlsValidationTrustFile": { + "properties": { + "certificateChain": { + "type": "string", + "description": "The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateChain" + ] + }, + "aws:appmesh/VirtualGatewaySpecListenerTlsValidationTrustSds:VirtualGatewaySpecListenerTlsValidationTrustSds": { + "properties": { + "secretName": { + "type": "string", + "description": "The name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "secretName" + ] + }, + "aws:appmesh/VirtualGatewaySpecLogging:VirtualGatewaySpecLogging": { + "properties": { + "accessLog": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecLoggingAccessLog:VirtualGatewaySpecLoggingAccessLog", + "description": "The access log configuration for a virtual gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualGatewaySpecLoggingAccessLog:VirtualGatewaySpecLoggingAccessLog": { + "properties": { + "file": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpecLoggingAccessLogFile:VirtualGatewaySpecLoggingAccessLogFile", + "description": "The file object to send virtual gateway access logs to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualGatewaySpecLoggingAccessLogFile:VirtualGatewaySpecLoggingAccessLogFile": { + "properties": { + "path": { + "type": "string", + "description": "The file path to write access logs to. You can use `/dev/stdout` to send access logs to standard out. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "aws:appmesh/VirtualNodeSpec:VirtualNodeSpec": { + "properties": { + "backendDefaults": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaults:VirtualNodeSpecBackendDefaults", + "description": "The defaults for backends.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "backends": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackend:VirtualNodeSpecBackend" + }, + "description": "The backends to which the virtual node is expected to send outbound traffic.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "listener": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListener:VirtualNodeSpecListener", + "description": "The listeners from which the virtual node is expected to receive inbound traffic.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logging": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecLogging:VirtualNodeSpecLogging", + "description": "The inbound and outbound access logging information for the virtual node.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceDiscovery": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecServiceDiscovery:VirtualNodeSpecServiceDiscovery", + "description": "The service discovery information for the virtual node.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecBackend:VirtualNodeSpecBackend": { + "properties": { + "virtualService": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualService:VirtualNodeSpecBackendVirtualService", + "description": "Specifies a virtual service to use as a backend for a virtual node.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualService" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendDefaults:VirtualNodeSpecBackendDefaults": { + "properties": { + "clientPolicy": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicy:VirtualNodeSpecBackendDefaultsClientPolicy", + "description": "The default client policy for virtual service backends. See above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicy:VirtualNodeSpecBackendDefaultsClientPolicy": { + "properties": { + "tls": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTls:VirtualNodeSpecBackendDefaultsClientPolicyTls", + "description": "The Transport Layer Security (TLS) client policy.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTls:VirtualNodeSpecBackendDefaultsClientPolicyTls": { + "properties": { + "certificate": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificate:VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificate", + "description": "The listener's TLS certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enforce": { + "type": "boolean", + "description": "Whether the policy is enforced. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ports": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "One or more ports that the policy is enforced for.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "validation": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidation:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidation", + "description": "The listener's Transport Layer Security (TLS) validation context.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "validation" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificate:VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificate": { + "properties": { + "file": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateFile:VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateFile", + "description": "A local file certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sds": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateSds:VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateSds", + "description": "A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateFile:VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateFile": { + "properties": { + "certificateChain": { + "type": "string", + "description": "The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateKey": { + "type": "string", + "description": "The private key for a certificate stored on the file system of the virtual node that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateChain", + "privateKey" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateSds:VirtualNodeSpecBackendDefaultsClientPolicyTlsCertificateSds": { + "properties": { + "secretName": { + "type": "string", + "description": "The name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "secretName" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidation:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidation": { + "properties": { + "subjectAlternativeNames": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames", + "description": "The SANs for a TLS validation context.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "trust": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrust:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrust", + "description": "The TLS validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "trust" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNames": { + "properties": { + "match": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch", + "description": "The criteria for determining a SAN's match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "match" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationSubjectAlternativeNamesMatch": { + "properties": { + "exacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The values sent must match the specified values exactly.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "exacts" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrust:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrust": { + "properties": { + "acm": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustAcm:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustAcm", + "description": "The TLS validation context trust for an AWS Certificate Manager (ACM) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "file": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustFile:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustFile", + "description": "The TLS validation context trust for a local file certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sds": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustSds:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustSds", + "description": "The TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustAcm:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustAcm": { + "properties": { + "certificateAuthorityArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more ACM Amazon Resource Name (ARN)s.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateAuthorityArns" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustFile:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustFile": { + "properties": { + "certificateChain": { + "type": "string", + "description": "The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateChain" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustSds:VirtualNodeSpecBackendDefaultsClientPolicyTlsValidationTrustSds": { + "properties": { + "secretName": { + "type": "string", + "description": "The name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "secretName" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualService:VirtualNodeSpecBackendVirtualService": { + "properties": { + "clientPolicy": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicy:VirtualNodeSpecBackendVirtualServiceClientPolicy", + "description": "The client policy for the backend.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualServiceName": { + "type": "string", + "description": "The name of the virtual service that is acting as a virtual node backend. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualServiceName" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicy:VirtualNodeSpecBackendVirtualServiceClientPolicy": { + "properties": { + "tls": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTls:VirtualNodeSpecBackendVirtualServiceClientPolicyTls", + "description": "The Transport Layer Security (TLS) client policy.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTls:VirtualNodeSpecBackendVirtualServiceClientPolicyTls": { + "properties": { + "certificate": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificate:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificate", + "description": "The listener's TLS certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enforce": { + "type": "boolean", + "description": "Whether the policy is enforced. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ports": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "One or more ports that the policy is enforced for.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "validation": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidation:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidation", + "description": "The listener's Transport Layer Security (TLS) validation context.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "validation" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificate:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificate": { + "properties": { + "file": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateFile:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateFile", + "description": "A local file certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sds": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateSds:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateSds", + "description": "A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateFile:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateFile": { + "properties": { + "certificateChain": { + "type": "string", + "description": "The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateKey": { + "type": "string", + "description": "The private key for a certificate stored on the file system of the virtual node that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateChain", + "privateKey" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateSds:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsCertificateSds": { + "properties": { + "secretName": { + "type": "string", + "description": "The name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "secretName" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidation:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidation": { + "properties": { + "subjectAlternativeNames": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNames:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNames", + "description": "The SANs for a TLS validation context.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "trust": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrust:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrust", + "description": "The TLS validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "trust" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNames:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNames": { + "properties": { + "match": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNamesMatch:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNamesMatch", + "description": "The criteria for determining a SAN's match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "match" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNamesMatch:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationSubjectAlternativeNamesMatch": { + "properties": { + "exacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The values sent must match the specified values exactly.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "exacts" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrust:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrust": { + "properties": { + "acm": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustAcm:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustAcm", + "description": "The TLS validation context trust for an AWS Certificate Manager (ACM) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "file": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustFile:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustFile", + "description": "The TLS validation context trust for a local file certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sds": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustSds:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustSds", + "description": "The TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustAcm:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustAcm": { + "properties": { + "certificateAuthorityArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more ACM Amazon Resource Name (ARN)s.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateAuthorityArns" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustFile:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustFile": { + "properties": { + "certificateChain": { + "type": "string", + "description": "The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateChain" + ] + }, + "aws:appmesh/VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustSds:VirtualNodeSpecBackendVirtualServiceClientPolicyTlsValidationTrustSds": { + "properties": { + "secretName": { + "type": "string", + "description": "The name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "secretName" + ] + }, + "aws:appmesh/VirtualNodeSpecListener:VirtualNodeSpecListener": { + "properties": { + "connectionPool": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerConnectionPool:VirtualNodeSpecListenerConnectionPool", + "description": "The connection pool information for the listener.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "healthCheck": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerHealthCheck:VirtualNodeSpecListenerHealthCheck", + "description": "The health check information for the listener.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outlierDetection": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerOutlierDetection:VirtualNodeSpecListenerOutlierDetection", + "description": "The outlier detection information for the listener.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "portMapping": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerPortMapping:VirtualNodeSpecListenerPortMapping", + "description": "The port mapping information for the listener.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeout:VirtualNodeSpecListenerTimeout", + "description": "Timeouts for different protocols.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tls": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTls:VirtualNodeSpecListenerTls", + "description": "The Transport Layer Security (TLS) properties for the listener\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "portMapping" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerConnectionPool:VirtualNodeSpecListenerConnectionPool": { + "properties": { + "grpc": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerConnectionPoolGrpc:VirtualNodeSpecListenerConnectionPoolGrpc", + "description": "Connection pool information for gRPC listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "http": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerConnectionPoolHttp:VirtualNodeSpecListenerConnectionPoolHttp", + "description": "Connection pool information for HTTP listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "http2": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerConnectionPoolHttp2:VirtualNodeSpecListenerConnectionPoolHttp2", + "description": "Connection pool information for HTTP2 listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tcp": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerConnectionPoolTcp:VirtualNodeSpecListenerConnectionPoolTcp", + "description": "Connection pool information for TCP listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecListenerConnectionPoolGrpc:VirtualNodeSpecListenerConnectionPoolGrpc": { + "properties": { + "maxRequests": { + "type": "integer", + "description": "Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxRequests" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerConnectionPoolHttp2:VirtualNodeSpecListenerConnectionPoolHttp2": { + "properties": { + "maxRequests": { + "type": "integer", + "description": "Maximum number of inflight requests Envoy can concurrently support across hosts in upstream cluster. Minimum value of `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxRequests" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerConnectionPoolHttp:VirtualNodeSpecListenerConnectionPoolHttp": { + "properties": { + "maxConnections": { + "type": "integer", + "description": "Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxPendingRequests": { + "type": "integer", + "description": "Number of overflowing requests after `max_connections` Envoy will queue to upstream cluster. Minimum value of `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxConnections" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerConnectionPoolTcp:VirtualNodeSpecListenerConnectionPoolTcp": { + "properties": { + "maxConnections": { + "type": "integer", + "description": "Maximum number of outbound TCP connections Envoy can establish concurrently with all hosts in upstream cluster. Minimum value of `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxConnections" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerHealthCheck:VirtualNodeSpecListenerHealthCheck": { + "properties": { + "healthyThreshold": { + "type": "integer", + "description": "The number of consecutive successful health checks that must occur before declaring listener healthy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "intervalMillis": { + "type": "integer", + "description": "The time period in milliseconds between each health check execution.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The destination path for the health check request. This is only required if the specified protocol is `http` or `http2`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "integer", + "description": "The destination port for the health check request. This port must match the port defined in the `port_mapping` for the listener.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol for the health check request. Valid values are `http`, `http2`, `tcp` and `grpc`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutMillis": { + "type": "integer", + "description": "The amount of time to wait when receiving a response from the health check, in milliseconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "description": "The number of consecutive failed health checks that must occur before declaring a virtual node unhealthy.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "healthyThreshold", + "intervalMillis", + "protocol", + "timeoutMillis", + "unhealthyThreshold" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "healthyThreshold", + "intervalMillis", + "port", + "protocol", + "timeoutMillis", + "unhealthyThreshold" + ] + } + } + }, + "aws:appmesh/VirtualNodeSpecListenerOutlierDetection:VirtualNodeSpecListenerOutlierDetection": { + "properties": { + "baseEjectionDuration": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerOutlierDetectionBaseEjectionDuration:VirtualNodeSpecListenerOutlierDetectionBaseEjectionDuration", + "description": "The base amount of time for which a host is ejected.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerOutlierDetectionInterval:VirtualNodeSpecListenerOutlierDetectionInterval", + "description": "The time interval between ejection sweep analysis.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxEjectionPercent": { + "type": "integer", + "description": "Maximum percentage of hosts in load balancing pool for upstream service that can be ejected. Will eject at least one host regardless of the value.\nMinimum value of `0`. Maximum value of `100`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxServerErrors": { + "type": "integer", + "description": "Number of consecutive `5xx` errors required for ejection. Minimum value of `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "baseEjectionDuration", + "interval", + "maxEjectionPercent", + "maxServerErrors" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerOutlierDetectionBaseEjectionDuration:VirtualNodeSpecListenerOutlierDetectionBaseEjectionDuration": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerOutlierDetectionInterval:VirtualNodeSpecListenerOutlierDetectionInterval": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerPortMapping:VirtualNodeSpecListenerPortMapping": { + "properties": { + "port": { + "type": "integer", + "description": "The port used for the port mapping.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol used for the port mapping. Valid values are `http`, `http2`, `tcp` and `grpc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "port", + "protocol" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTimeout:VirtualNodeSpecListenerTimeout": { + "properties": { + "grpc": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutGrpc:VirtualNodeSpecListenerTimeoutGrpc", + "description": "Timeouts for gRPC listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "http": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutHttp:VirtualNodeSpecListenerTimeoutHttp", + "description": "Timeouts for HTTP listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "http2": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutHttp2:VirtualNodeSpecListenerTimeoutHttp2", + "description": "Timeouts for HTTP2 listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tcp": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutTcp:VirtualNodeSpecListenerTimeoutTcp", + "description": "Timeouts for TCP listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutGrpc:VirtualNodeSpecListenerTimeoutGrpc": { + "properties": { + "idle": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutGrpcIdle:VirtualNodeSpecListenerTimeoutGrpcIdle", + "description": "The idle timeout. An idle timeout bounds the amount of time that a connection may be idle.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "perRequest": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutGrpcPerRequest:VirtualNodeSpecListenerTimeoutGrpcPerRequest", + "description": "The per request timeout.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutGrpcIdle:VirtualNodeSpecListenerTimeoutGrpcIdle": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutGrpcPerRequest:VirtualNodeSpecListenerTimeoutGrpcPerRequest": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutHttp2:VirtualNodeSpecListenerTimeoutHttp2": { + "properties": { + "idle": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutHttp2Idle:VirtualNodeSpecListenerTimeoutHttp2Idle", + "description": "The idle timeout. An idle timeout bounds the amount of time that a connection may be idle.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "perRequest": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutHttp2PerRequest:VirtualNodeSpecListenerTimeoutHttp2PerRequest", + "description": "The per request timeout.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutHttp2Idle:VirtualNodeSpecListenerTimeoutHttp2Idle": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutHttp2PerRequest:VirtualNodeSpecListenerTimeoutHttp2PerRequest": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutHttp:VirtualNodeSpecListenerTimeoutHttp": { + "properties": { + "idle": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutHttpIdle:VirtualNodeSpecListenerTimeoutHttpIdle", + "description": "The idle timeout. An idle timeout bounds the amount of time that a connection may be idle.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "perRequest": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutHttpPerRequest:VirtualNodeSpecListenerTimeoutHttpPerRequest", + "description": "The per request timeout.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutHttpIdle:VirtualNodeSpecListenerTimeoutHttpIdle": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutHttpPerRequest:VirtualNodeSpecListenerTimeoutHttpPerRequest": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutTcp:VirtualNodeSpecListenerTimeoutTcp": { + "properties": { + "idle": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTimeoutTcpIdle:VirtualNodeSpecListenerTimeoutTcpIdle", + "description": "The idle timeout. An idle timeout bounds the amount of time that a connection may be idle.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecListenerTimeoutTcpIdle:VirtualNodeSpecListenerTimeoutTcpIdle": { + "properties": { + "unit": { + "type": "string", + "description": "The unit of time. Valid values: `ms`, `s`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The number of time units. Minimum value of `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTls:VirtualNodeSpecListenerTls": { + "properties": { + "certificate": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTlsCertificate:VirtualNodeSpecListenerTlsCertificate", + "description": "The listener's TLS certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mode": { + "type": "string", + "description": "The listener's TLS mode. Valid values: `DISABLED`, `PERMISSIVE`, `STRICT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "validation": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTlsValidation:VirtualNodeSpecListenerTlsValidation", + "description": "The listener's Transport Layer Security (TLS) validation context.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificate", + "mode" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTlsCertificate:VirtualNodeSpecListenerTlsCertificate": { + "properties": { + "acm": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTlsCertificateAcm:VirtualNodeSpecListenerTlsCertificateAcm", + "description": "An AWS Certificate Manager (ACM) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "file": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTlsCertificateFile:VirtualNodeSpecListenerTlsCertificateFile", + "description": "A local file certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sds": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTlsCertificateSds:VirtualNodeSpecListenerTlsCertificateSds", + "description": "A [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecListenerTlsCertificateAcm:VirtualNodeSpecListenerTlsCertificateAcm": { + "properties": { + "certificateArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateArn" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTlsCertificateFile:VirtualNodeSpecListenerTlsCertificateFile": { + "properties": { + "certificateChain": { + "type": "string", + "description": "The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateKey": { + "type": "string", + "description": "The private key for a certificate stored on the file system of the virtual node that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateChain", + "privateKey" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTlsCertificateSds:VirtualNodeSpecListenerTlsCertificateSds": { + "properties": { + "secretName": { + "type": "string", + "description": "The name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "secretName" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTlsValidation:VirtualNodeSpecListenerTlsValidation": { + "properties": { + "subjectAlternativeNames": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTlsValidationSubjectAlternativeNames:VirtualNodeSpecListenerTlsValidationSubjectAlternativeNames", + "description": "The SANs for a TLS validation context.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "trust": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTlsValidationTrust:VirtualNodeSpecListenerTlsValidationTrust", + "description": "The TLS validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "trust" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTlsValidationSubjectAlternativeNames:VirtualNodeSpecListenerTlsValidationSubjectAlternativeNames": { + "properties": { + "match": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTlsValidationSubjectAlternativeNamesMatch:VirtualNodeSpecListenerTlsValidationSubjectAlternativeNamesMatch", + "description": "The criteria for determining a SAN's match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "match" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTlsValidationSubjectAlternativeNamesMatch:VirtualNodeSpecListenerTlsValidationSubjectAlternativeNamesMatch": { + "properties": { + "exacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The values sent must match the specified values exactly.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "exacts" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTlsValidationTrust:VirtualNodeSpecListenerTlsValidationTrust": { + "properties": { + "file": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTlsValidationTrustFile:VirtualNodeSpecListenerTlsValidationTrustFile", + "description": "The TLS validation context trust for a local file certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sds": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecListenerTlsValidationTrustSds:VirtualNodeSpecListenerTlsValidationTrustSds", + "description": "The TLS validation context trust for a [Secret Discovery Service](https://www.envoyproxy.io/docs/envoy/latest/configuration/security/secret#secret-discovery-service-sds) certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecListenerTlsValidationTrustFile:VirtualNodeSpecListenerTlsValidationTrustFile": { + "properties": { + "certificateChain": { + "type": "string", + "description": "The certificate trust chain for a certificate stored on the file system of the mesh endpoint that the proxy is running on. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificateChain" + ] + }, + "aws:appmesh/VirtualNodeSpecListenerTlsValidationTrustSds:VirtualNodeSpecListenerTlsValidationTrustSds": { + "properties": { + "secretName": { + "type": "string", + "description": "The name of the secret for a virtual node's Transport Layer Security (TLS) Secret Discovery Service validation context trust.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "secretName" + ] + }, + "aws:appmesh/VirtualNodeSpecLogging:VirtualNodeSpecLogging": { + "properties": { + "accessLog": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecLoggingAccessLog:VirtualNodeSpecLoggingAccessLog", + "description": "The access log configuration for a virtual node.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecLoggingAccessLog:VirtualNodeSpecLoggingAccessLog": { + "properties": { + "file": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecLoggingAccessLogFile:VirtualNodeSpecLoggingAccessLogFile", + "description": "The file object to send virtual node access logs to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecLoggingAccessLogFile:VirtualNodeSpecLoggingAccessLogFile": { + "properties": { + "path": { + "type": "string", + "description": "The file path to write access logs to. You can use `/dev/stdout` to send access logs to standard out. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "aws:appmesh/VirtualNodeSpecServiceDiscovery:VirtualNodeSpecServiceDiscovery": { + "properties": { + "awsCloudMap": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecServiceDiscoveryAwsCloudMap:VirtualNodeSpecServiceDiscoveryAwsCloudMap", + "description": "Specifies any AWS Cloud Map information for the virtual node.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dns": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpecServiceDiscoveryDns:VirtualNodeSpecServiceDiscoveryDns", + "description": "Specifies the DNS service name for the virtual node.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualNodeSpecServiceDiscoveryAwsCloudMap:VirtualNodeSpecServiceDiscoveryAwsCloudMap": { + "properties": { + "attributes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A string map that contains attributes with values that you can use to filter instances by any custom attribute that you specified when you registered the instance. Only instances that match all of the specified key/value pairs will be returned.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespaceName": { + "type": "string", + "description": "The name of the AWS Cloud Map namespace to use.\nUse the `aws.servicediscovery.HttpNamespace` resource to configure a Cloud Map namespace. Must be between 1 and 1024 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceName": { + "type": "string", + "description": "The name of the AWS Cloud Map service to use. Use the `aws.servicediscovery.Service` resource to configure a Cloud Map service. Must be between 1 and 1024 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "namespaceName", + "serviceName" + ] + }, + "aws:appmesh/VirtualNodeSpecServiceDiscoveryDns:VirtualNodeSpecServiceDiscoveryDns": { + "properties": { + "hostname": { + "type": "string", + "description": "The DNS host name for your virtual node.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "hostname" + ] + }, + "aws:appmesh/VirtualRouterSpec:VirtualRouterSpec": { + "properties": { + "listener": { + "$ref": "#/types/aws:appmesh/VirtualRouterSpecListener:VirtualRouterSpecListener", + "description": "The listeners that the virtual router is expected to receive inbound traffic from.\nCurrently only one listener is supported per virtual router.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "listener" + ] + }, + "aws:appmesh/VirtualRouterSpecListener:VirtualRouterSpecListener": { + "properties": { + "portMapping": { + "$ref": "#/types/aws:appmesh/VirtualRouterSpecListenerPortMapping:VirtualRouterSpecListenerPortMapping", + "description": "The port mapping information for the listener.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "portMapping" + ] + }, + "aws:appmesh/VirtualRouterSpecListenerPortMapping:VirtualRouterSpecListenerPortMapping": { + "properties": { + "port": { + "type": "integer", + "description": "The port used for the port mapping.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol used for the port mapping. Valid values are `http`,`http2`, `tcp` and `grpc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "port", + "protocol" + ] + }, + "aws:appmesh/VirtualServiceSpec:VirtualServiceSpec": { + "properties": { + "provider": { + "$ref": "#/types/aws:appmesh/VirtualServiceSpecProvider:VirtualServiceSpecProvider", + "description": "The App Mesh object that is acting as the provider for a virtual service. You can specify a single virtual node or virtual router.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualServiceSpecProvider:VirtualServiceSpecProvider": { + "properties": { + "virtualNode": { + "$ref": "#/types/aws:appmesh/VirtualServiceSpecProviderVirtualNode:VirtualServiceSpecProviderVirtualNode", + "description": "The virtual node associated with a virtual service.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualRouter": { + "$ref": "#/types/aws:appmesh/VirtualServiceSpecProviderVirtualRouter:VirtualServiceSpecProviderVirtualRouter", + "description": "The virtual router associated with a virtual service.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appmesh/VirtualServiceSpecProviderVirtualNode:VirtualServiceSpecProviderVirtualNode": { + "properties": { + "virtualNodeName": { + "type": "string", + "description": "The name of the virtual node that is acting as a service provider. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualNodeName" + ] + }, + "aws:appmesh/VirtualServiceSpecProviderVirtualRouter:VirtualServiceSpecProviderVirtualRouter": { + "properties": { + "virtualRouterName": { + "type": "string", + "description": "The name of the virtual router that is acting as a service provider. Must be between 1 and 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualRouterName" + ] + }, + "aws:appmesh/getMeshSpec:getMeshSpec": { + "properties": { + "egressFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/getMeshSpecEgressFilter:getMeshSpecEgressFilter" + }, + "description": "The egress filter rules for the service mesh.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "egressFilters" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:appmesh/getMeshSpecEgressFilter:getMeshSpecEgressFilter": { + "properties": { + "type": { + "type": "string", + "description": "The egress filter type.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:appmesh/getVirtualServiceSpec:getVirtualServiceSpec": { + "properties": { + "providers": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/getVirtualServiceSpecProvider:getVirtualServiceSpecProvider" + }, + "description": "The App Mesh object that is acting as the provider for a virtual service.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "providers" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:appmesh/getVirtualServiceSpecProvider:getVirtualServiceSpecProvider": { + "properties": { + "virtualNodes": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/getVirtualServiceSpecProviderVirtualNode:getVirtualServiceSpecProviderVirtualNode" + }, + "description": "The virtual node associated with the virtual service.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualRouters": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/getVirtualServiceSpecProviderVirtualRouter:getVirtualServiceSpecProviderVirtualRouter" + }, + "description": "The virtual router associated with the virtual service.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualNodes", + "virtualRouters" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:appmesh/getVirtualServiceSpecProviderVirtualNode:getVirtualServiceSpecProviderVirtualNode": { + "properties": { + "virtualNodeName": { + "type": "string", + "description": "The name of the virtual node that is acting as a service provider.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualNodeName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:appmesh/getVirtualServiceSpecProviderVirtualRouter:getVirtualServiceSpecProviderVirtualRouter": { + "properties": { + "virtualRouterName": { + "type": "string", + "description": "The name of the virtual router that is acting as a service provider.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "virtualRouterName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:apprunner/CustomDomainAssociationCertificateValidationRecord:CustomDomainAssociationCertificateValidationRecord": { + "properties": { + "name": { + "type": "string", + "description": "The certificate CNAME record name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The current state of the certificate CNAME record validation. It should change to `SUCCESS` after App Runner completes validation with your DNS.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The record type, always `CNAME`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The certificate CNAME record value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "name", + "status", + "type", + "value" + ] + } + } + }, + "aws:apprunner/ServiceEncryptionConfiguration:ServiceEncryptionConfiguration": { + "properties": { + "kmsKey": { + "type": "string", + "description": "The ARN of the KMS key used for encryption.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "kmsKey" + ] + }, + "aws:apprunner/ServiceHealthCheckConfiguration:ServiceHealthCheckConfiguration": { + "properties": { + "healthyThreshold": { + "type": "integer", + "description": "The number of consecutive checks that must succeed before App Runner decides that the service is healthy. Defaults to 1. Minimum value of 1. Maximum value of 20.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "description": "The time interval, in seconds, between health checks. Defaults to 5. Minimum value of 1. Maximum value of 20.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The URL to send requests to for health checks. Defaults to `/`. Minimum length of 0. Maximum length of 51200.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The IP protocol that App Runner uses to perform health checks for your service. Valid values: `TCP`, `HTTP`. Defaults to `TCP`. If you set protocol to `HTTP`, App Runner sends health check requests to the HTTP path specified by `path`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "description": "The time, in seconds, to wait for a health check response before deciding it failed. Defaults to 2. Minimum value of 1. Maximum value of 20.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "description": "The number of consecutive checks that must fail before App Runner decides that the service is unhealthy. Defaults to 5. Minimum value of 1. Maximum value of 20.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:apprunner/ServiceInstanceConfiguration:ServiceInstanceConfiguration": { + "properties": { + "cpu": { + "type": "string", + "description": "The number of CPU units reserved for each instance of your App Runner service represented as a String. Defaults to `1024`. Valid values: `1024|2048|(1|2) vCPU`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceRoleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of an IAM role that provides permissions to your App Runner service. These are permissions that your code needs when it calls any AWS APIs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "memory": { + "type": "string", + "description": "The amount of memory, in MB or GB, reserved for each instance of your App Runner service. Defaults to `2048`. Valid values: `2048|3072|4096|(2|3|4) GB`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instanceRoleArn" + ] + }, + "aws:apprunner/ServiceSourceConfiguration:ServiceSourceConfiguration": { + "properties": { + "authenticationConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceSourceConfigurationAuthenticationConfiguration:ServiceSourceConfigurationAuthenticationConfiguration", + "description": "Describes resources needed to authenticate access to some source repositories. See Authentication Configuration below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "autoDeploymentsEnabled": { + "type": "boolean", + "description": "Whether continuous integration from the source repository is enabled for the App Runner service. If set to `true`, each repository change (source code commit or new image version) starts a deployment. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "codeRepository": { + "$ref": "#/types/aws:apprunner/ServiceSourceConfigurationCodeRepository:ServiceSourceConfigurationCodeRepository", + "description": "Description of a source code repository. See Code Repository below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imageRepository": { + "$ref": "#/types/aws:apprunner/ServiceSourceConfigurationImageRepository:ServiceSourceConfigurationImageRepository", + "description": "Description of a source image repository. See Image Repository below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:apprunner/ServiceSourceConfigurationAuthenticationConfiguration:ServiceSourceConfigurationAuthenticationConfiguration": { + "properties": { + "accessRoleArn": { + "type": "string", + "description": "ARN of the IAM role that grants the App Runner service access to a source repository. Required for ECR image repositories (but not for ECR Public)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "connectionArn": { + "type": "string", + "description": "ARN of the App Runner connection that enables the App Runner service to connect to a source repository. Required for GitHub code repositories.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:apprunner/ServiceSourceConfigurationCodeRepository:ServiceSourceConfigurationCodeRepository": { + "properties": { + "codeConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceSourceConfigurationCodeRepositoryCodeConfiguration:ServiceSourceConfigurationCodeRepositoryCodeConfiguration", + "description": "Configuration for building and running the service from a source code repository. See Code Configuration below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "repositoryUrl": { + "type": "string", + "description": "The location of the repository that contains the source code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceCodeVersion": { + "$ref": "#/types/aws:apprunner/ServiceSourceConfigurationCodeRepositorySourceCodeVersion:ServiceSourceConfigurationCodeRepositorySourceCodeVersion", + "description": "The version that should be used within the source code repository. See Source Code Version below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "repositoryUrl", + "sourceCodeVersion" + ] + }, + "aws:apprunner/ServiceSourceConfigurationCodeRepositoryCodeConfiguration:ServiceSourceConfigurationCodeRepositoryCodeConfiguration": { + "properties": { + "codeConfigurationValues": { + "$ref": "#/types/aws:apprunner/ServiceSourceConfigurationCodeRepositoryCodeConfigurationCodeConfigurationValues:ServiceSourceConfigurationCodeRepositoryCodeConfigurationCodeConfigurationValues", + "description": "Basic configuration for building and running the App Runner service. Use this parameter to quickly launch an App Runner service without providing an apprunner.yaml file in the source code repository (or ignoring the file if it exists). See Code Configuration Values below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "configurationSource": { + "type": "string", + "description": "The source of the App Runner configuration. Valid values: `REPOSITORY`, `API`. Values are interpreted as follows:\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "configurationSource" + ] + }, + "aws:apprunner/ServiceSourceConfigurationCodeRepositoryCodeConfigurationCodeConfigurationValues:ServiceSourceConfigurationCodeRepositoryCodeConfigurationCodeConfigurationValues": { + "properties": { + "buildCommand": { + "type": "string", + "description": "The command App Runner runs to build your application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "The port that your application listens to in the container. Defaults to `\"8080\"`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "runtime": { + "type": "string", + "description": "A runtime environment type for building and running an App Runner service. Represents a programming language runtime. Valid values: `python3`, `nodejs12`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "runtimeEnvironmentVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Environment variables available to your running App Runner service. A map of key/value pairs. Keys with a prefix of `AWSAPPRUNNER` are reserved for system use and aren't valid.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "startCommand": { + "type": "string", + "description": "The command App Runner runs to start your application.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "runtime" + ] + }, + "aws:apprunner/ServiceSourceConfigurationCodeRepositorySourceCodeVersion:ServiceSourceConfigurationCodeRepositorySourceCodeVersion": { + "properties": { + "type": { + "type": "string", + "description": "The type of version identifier. For a git-based repository, branches represent versions. Valid values: `BRANCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A source code version. For a git-based repository, a branch name maps to a specific version. App Runner uses the most recent commit to the branch.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "value" + ] + }, + "aws:apprunner/ServiceSourceConfigurationImageRepository:ServiceSourceConfigurationImageRepository": { + "properties": { + "imageConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceSourceConfigurationImageRepositoryImageConfiguration:ServiceSourceConfigurationImageRepositoryImageConfiguration", + "description": "Configuration for running the identified image. See Image Configuration below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imageIdentifier": { + "type": "string", + "description": "The identifier of an image. For an image in Amazon Elastic Container Registry (Amazon ECR), this is an image name. For the\nimage name format, see Pulling an image in the Amazon ECR User Guide.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imageRepositoryType": { + "type": "string", + "description": "The type of the image repository. This reflects the repository provider and whether the repository is private or public. Valid values: `ECR` , `ECR_PUBLIC`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "imageIdentifier", + "imageRepositoryType" + ] + }, + "aws:apprunner/ServiceSourceConfigurationImageRepositoryImageConfiguration:ServiceSourceConfigurationImageRepositoryImageConfiguration": { + "properties": { + "port": { + "type": "string", + "description": "The port that your application listens to in the container. Defaults to `\"8080\"`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "runtimeEnvironmentVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Environment variables available to your running App Runner service. A map of key/value pairs. Keys with a prefix of `AWSAPPRUNNER` are reserved for system use and aren't valid.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "startCommand": { + "type": "string", + "description": "A command App Runner runs to start the application in the source image. If specified, this command overrides the Docker image’s default start command.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appsync/DataSourceDynamodbConfig:DataSourceDynamodbConfig": { + "properties": { + "region": { + "type": "string", + "description": "AWS region of Elasticsearch domain. Defaults to current region.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tableName": { + "type": "string", + "description": "Name of the DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "useCallerCredentials": { + "type": "boolean", + "description": "Set to `true` to use Amazon Cognito credentials with this data source.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "tableName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "region", + "tableName" + ] + } + } + }, + "aws:appsync/DataSourceElasticsearchConfig:DataSourceElasticsearchConfig": { + "properties": { + "endpoint": { + "type": "string", + "description": "HTTP URL.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "AWS region of Elasticsearch domain. Defaults to current region.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "endpoint" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "endpoint", + "region" + ] + } + } + }, + "aws:appsync/DataSourceHttpConfig:DataSourceHttpConfig": { + "properties": { + "endpoint": { + "type": "string", + "description": "HTTP URL.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "endpoint" + ] + }, + "aws:appsync/DataSourceLambdaConfig:DataSourceLambdaConfig": { + "properties": { + "functionArn": { + "type": "string", + "description": "The ARN for the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "functionArn" + ] + }, + "aws:appsync/GraphQLApiAdditionalAuthenticationProvider:GraphQLApiAdditionalAuthenticationProvider": { + "properties": { + "authenticationType": { + "type": "string", + "description": "The authentication type. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "openidConnectConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig:GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig", + "description": "Nested argument containing OpenID Connect configuration. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiAdditionalAuthenticationProviderUserPoolConfig:GraphQLApiAdditionalAuthenticationProviderUserPoolConfig", + "description": "The Amazon Cognito User Pool configuration. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticationType" + ] + }, + "aws:appsync/GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig:GraphQLApiAdditionalAuthenticationProviderOpenidConnectConfig": { + "properties": { + "authTtl": { + "type": "integer", + "description": "Number of milliseconds a token is valid after being authenticated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iatTtl": { + "type": "integer", + "description": "Number of milliseconds a token is valid after being issued to a user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "issuer" + ] + }, + "aws:appsync/GraphQLApiAdditionalAuthenticationProviderUserPoolConfig:GraphQLApiAdditionalAuthenticationProviderUserPoolConfig": { + "properties": { + "appIdClientRegex": { + "type": "string", + "description": "A regular expression for validating the incoming Amazon Cognito User Pool app client ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "awsRegion": { + "type": "string", + "description": "The AWS region in which the user pool was created.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "userPoolId" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "awsRegion", + "userPoolId" + ] + } + } + }, + "aws:appsync/GraphQLApiLogConfig:GraphQLApiLogConfig": { + "properties": { + "cloudwatchLogsRoleArn": { + "type": "string", + "description": "Amazon Resource Name of the service role that AWS AppSync will assume to publish to Amazon CloudWatch logs in your account.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "excludeVerboseContent": { + "type": "boolean", + "description": "Set to TRUE to exclude sections that contain information such as headers, context, and evaluated mapping templates, regardless of logging level. Valid values: `true`, `false`. Default value: `false`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldLogLevel": { + "type": "string", + "description": "Field logging level. Valid values: `ALL`, `ERROR`, `NONE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cloudwatchLogsRoleArn", + "fieldLogLevel" + ] + }, + "aws:appsync/GraphQLApiOpenidConnectConfig:GraphQLApiOpenidConnectConfig": { + "properties": { + "authTtl": { + "type": "integer", + "description": "Number of milliseconds a token is valid after being authenticated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "Client identifier of the Relying party at the OpenID identity provider. This identifier is typically obtained when the Relying party is registered with the OpenID identity provider. You can specify a regular expression so the AWS AppSync can validate against multiple client identifiers at a time.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iatTtl": { + "type": "integer", + "description": "Number of milliseconds a token is valid after being issued to a user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "Issuer for the OpenID Connect configuration. The issuer returned by discovery MUST exactly match the value of iss in the ID Token.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "issuer" + ] + }, + "aws:appsync/GraphQLApiUserPoolConfig:GraphQLApiUserPoolConfig": { + "properties": { + "appIdClientRegex": { + "type": "string", + "description": "A regular expression for validating the incoming Amazon Cognito User Pool app client ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "awsRegion": { + "type": "string", + "description": "The AWS region in which the user pool was created.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "defaultAction": { + "type": "string", + "description": "The action that you want your GraphQL API to take when a request that uses Amazon Cognito User Pool authentication doesn't match the Amazon Cognito User Pool configuration. Valid: `ALLOW` and `DENY`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "defaultAction", + "userPoolId" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "awsRegion", + "defaultAction", + "userPoolId" + ] + } + } + }, + "aws:appsync/ResolverCachingConfig:ResolverCachingConfig": { + "properties": { + "cachingKeys": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of caching key.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ttl": { + "type": "integer", + "description": "The TTL in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:appsync/ResolverPipelineConfig:ResolverPipelineConfig": { + "properties": { + "functions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of Function ID.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:athena/DatabaseEncryptionConfiguration:DatabaseEncryptionConfiguration": { + "properties": { + "encryptionOption": { + "type": "string", + "description": "The type of key; one of `SSE_S3`, `SSE_KMS`, `CSE_KMS`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKey": { + "type": "string", + "description": "The KMS key ARN or ID; required for key types `SSE_KMS` and `CSE_KMS`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "encryptionOption" + ] + }, + "aws:athena/WorkgroupConfiguration:WorkgroupConfiguration": { + "properties": { + "bytesScannedCutoffPerQuery": { + "type": "integer", + "description": "Integer for the upper data usage limit (cutoff) for the amount of bytes a single query in a workgroup is allowed to scan. Must be at least `10485760`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enforceWorkgroupConfiguration": { + "type": "boolean", + "description": "Boolean whether the settings for the workgroup override client-side settings. For more information, see [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html). Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "publishCloudwatchMetricsEnabled": { + "type": "boolean", + "description": "Boolean whether Amazon CloudWatch metrics are enabled for the workgroup. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resultConfiguration": { + "$ref": "#/types/aws:athena/WorkgroupConfigurationResultConfiguration:WorkgroupConfigurationResultConfiguration", + "description": "Configuration block with result settings. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:athena/WorkgroupConfigurationResultConfiguration:WorkgroupConfigurationResultConfiguration": { + "properties": { + "encryptionConfiguration": { + "$ref": "#/types/aws:athena/WorkgroupConfigurationResultConfigurationEncryptionConfiguration:WorkgroupConfigurationResultConfigurationEncryptionConfiguration", + "description": "Configuration block with encryption settings. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outputLocation": { + "type": "string", + "description": "The location in Amazon S3 where your query results are stored, such as `s3://path/to/query/bucket/`. For more information, see [Queries and Query Result Files](https://docs.aws.amazon.com/athena/latest/ug/querying.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:athena/WorkgroupConfigurationResultConfigurationEncryptionConfiguration:WorkgroupConfigurationResultConfigurationEncryptionConfiguration": { + "properties": { + "encryptionOption": { + "type": "string", + "description": "Indicates whether Amazon S3 server-side encryption with Amazon S3-managed keys (`SSE_S3`), server-side encryption with KMS-managed keys (`SSE_KMS`), or client-side encryption with KMS-managed keys (`CSE_KMS`) is used. If a query runs in a workgroup and the workgroup overrides client-side settings, then the workgroup's setting for encryption is used. It specifies whether query results must be encrypted, for all queries that run in this workgroup.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "For `SSE_KMS` and `CSE_KMS`, this is the KMS key Amazon Resource Name (ARN).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:autoscaling/GroupInitialLifecycleHook:GroupInitialLifecycleHook": { + "properties": { + "defaultResult": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "heartbeatTimeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "lifecycleTransition": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the Auto Scaling Group. By default generated by this provider. Conflicts with `name_prefix`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notificationMetadata": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "notificationTargetArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "lifecycleTransition", + "name" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "defaultResult", + "lifecycleTransition", + "name" + ] + } + } + }, + "aws:autoscaling/GroupInstanceRefresh:GroupInstanceRefresh": { + "properties": { + "preferences": { + "$ref": "#/types/aws:autoscaling/GroupInstanceRefreshPreferences:GroupInstanceRefreshPreferences", + "description": "Override default parameters for Instance Refresh.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "strategy": { + "type": "string", + "description": "The strategy to use for instance refresh. The only allowed value is `Rolling`. See [StartInstanceRefresh Action](https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_StartInstanceRefresh.html#API_StartInstanceRefresh_RequestParameters) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "triggers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of additional property names that will trigger an Instance Refresh. A refresh will always be triggered by a change in any of `launch_configuration`, `launch_template`, or `mixed_instances_policy`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "strategy" + ] + }, + "aws:autoscaling/GroupInstanceRefreshPreferences:GroupInstanceRefreshPreferences": { + "properties": { + "instanceWarmup": { + "type": "string", + "description": "The number of seconds until a newly launched instance is configured and ready to use. Default behavior is to use the Auto Scaling Group's health check grace period.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minHealthyPercentage": { + "type": "integer", + "description": "The amount of capacity in the Auto Scaling group that must remain healthy during an instance refresh to allow the operation to continue, as a percentage of the desired capacity of the Auto Scaling group. Defaults to `90`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:autoscaling/GroupLaunchTemplate:GroupLaunchTemplate": { + "properties": { + "id": { + "type": "string", + "description": "The ID of the launch template. Conflicts with `name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the Auto Scaling Group. By default generated by this provider. Conflicts with `name_prefix`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "Template version. Can be version number, `$Latest`, or `$Default`. (Default: `$Default`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "name" + ] + } + } + }, + "aws:autoscaling/GroupMixedInstancesPolicy:GroupMixedInstancesPolicy": { + "properties": { + "instancesDistribution": { + "$ref": "#/types/aws:autoscaling/GroupMixedInstancesPolicyInstancesDistribution:GroupMixedInstancesPolicyInstancesDistribution", + "description": "Nested argument containing settings on how to mix on-demand and Spot instances in the Auto Scaling group. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchTemplate": { + "$ref": "#/types/aws:autoscaling/GroupMixedInstancesPolicyLaunchTemplate:GroupMixedInstancesPolicyLaunchTemplate", + "description": "Nested argument containing launch template settings along with the overrides to specify multiple instance types and weights. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "launchTemplate" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "instancesDistribution", + "launchTemplate" + ] + } + } + }, + "aws:autoscaling/GroupMixedInstancesPolicyInstancesDistribution:GroupMixedInstancesPolicyInstancesDistribution": { + "properties": { + "onDemandAllocationStrategy": { + "type": "string", + "description": "Strategy to use when launching on-demand instances. Valid values: `prioritized`. Default: `prioritized`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onDemandBaseCapacity": { + "type": "integer", + "description": "Absolute minimum amount of desired capacity that must be fulfilled by on-demand instances. Default: `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onDemandPercentageAboveBaseCapacity": { + "type": "integer", + "description": "Percentage split between on-demand and Spot instances above the base on-demand capacity. Default: `100`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotAllocationStrategy": { + "type": "string", + "description": "How to allocate capacity across the Spot pools. Valid values: `lowest-price`, `capacity-optimized`, `capacity-optimized-prioritized`. Default: `lowest-price`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotInstancePools": { + "type": "integer", + "description": "Number of Spot pools per availability zone to allocate capacity. EC2 Auto Scaling selects the cheapest Spot pools and evenly allocates Spot capacity across the number of Spot pools that you specify. Default: `2`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotMaxPrice": { + "type": "string", + "description": "Maximum price per unit hour that the user is willing to pay for the Spot instances. Default: an empty string which means the on-demand price.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "onDemandAllocationStrategy", + "onDemandBaseCapacity", + "onDemandPercentageAboveBaseCapacity", + "spotAllocationStrategy", + "spotInstancePools" + ] + } + } + }, + "aws:autoscaling/GroupMixedInstancesPolicyLaunchTemplate:GroupMixedInstancesPolicyLaunchTemplate": { + "properties": { + "launchTemplateSpecification": { + "$ref": "#/types/aws:autoscaling/GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification:GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification", + "description": "Override the instance launch template specification in the Launch Template.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "overrides": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/GroupMixedInstancesPolicyLaunchTemplateOverride:GroupMixedInstancesPolicyLaunchTemplateOverride" + }, + "description": "List of nested arguments provides the ability to specify multiple instance types. This will override the same parameter in the launch template. For on-demand instances, Auto Scaling considers the order of preference of instance types to launch based on the order specified in the overrides list. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "launchTemplateSpecification" + ] + }, + "aws:autoscaling/GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification:GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecification": { + "properties": { + "launchTemplateId": { + "type": "string", + "description": "The ID of the launch template. Conflicts with `launch_template_name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchTemplateName": { + "type": "string", + "description": "The name of the launch template. Conflicts with `launch_template_id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "Template version. Can be version number, `$Latest`, or `$Default`. (Default: `$Default`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "launchTemplateId", + "launchTemplateName" + ] + } + } + }, + "aws:autoscaling/GroupMixedInstancesPolicyLaunchTemplateOverride:GroupMixedInstancesPolicyLaunchTemplateOverride": { + "properties": { + "instanceType": { + "type": "string", + "description": "Override the instance type in the Launch Template.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchTemplateSpecification": { + "$ref": "#/types/aws:autoscaling/GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecification:GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecification", + "description": "Override the instance launch template specification in the Launch Template.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weightedCapacity": { + "type": "string", + "description": "The number of capacity units, which gives the instance type a proportional weight to other instance types.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:autoscaling/GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecification:GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecification": { + "properties": { + "launchTemplateId": { + "type": "string", + "description": "The ID of the launch template. Conflicts with `launch_template_name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchTemplateName": { + "type": "string", + "description": "The name of the launch template. Conflicts with `launch_template_id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "Template version. Can be version number, `$Latest`, or `$Default`. (Default: `$Default`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "launchTemplateId", + "launchTemplateName" + ] + } + } + }, + "aws:autoscaling/GroupTag:GroupTag": { + "properties": { + "key": { + "type": "string", + "description": "Key\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "propagateAtLaunch": { + "type": "boolean", + "description": "Enables propagation of the tag to\nAmazon EC2 instances launched via this ASG\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Value\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "propagateAtLaunch", + "value" + ] + }, + "aws:autoscaling/GroupWarmPool:GroupWarmPool": { + "properties": { + "maxGroupPreparedCapacity": { + "type": "integer", + "description": "Specifies the total maximum number of instances that are allowed to be in the warm pool or in any state except Terminated for the Auto Scaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minSize": { + "type": "integer", + "description": "Specifies the minimum number of instances to maintain in the warm pool. This helps you to ensure that there is always a certain number of warmed instances available to handle traffic spikes. Defaults to 0 if not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "poolState": { + "type": "string", + "description": "Sets the instance state to transition to after the lifecycle hooks finish. Valid values are: Stopped (default) or Running.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:autoscaling/Metric:Metric": { + "description": "See https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_EnableMetricsCollection.html", + "type": "string", + "enum": [ + { + "value": "GroupMinSize" + }, + { + "value": "GroupMaxSize" + }, + { + "value": "GroupDesiredCapacity" + }, + { + "value": "GroupInServiceInstances" + }, + { + "value": "GroupInServiceCapacity" + }, + { + "value": "GroupPendingInstances" + }, + { + "value": "GroupPendingCapacity" + }, + { + "value": "GroupStandbyInstances" + }, + { + "value": "GroupStandbyCapacity" + }, + { + "value": "GroupTerminatingInstances" + }, + { + "value": "GroupTerminatingCapacity" + }, + { + "value": "GroupTotalInstances" + }, + { + "value": "GroupTotalCapacity" + } + ] + }, + "aws:autoscaling/MetricsGranularity:MetricsGranularity": { + "description": "See https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_EnableMetricsCollection.html", + "type": "string", + "enum": [ + { + "name": "OneMinute", + "value": "1Minute" + } + ] + }, + "aws:autoscaling/NotificationType:NotificationType": { + "description": "See https://docs.aws.amazon.com/autoscaling/ec2/APIReference/API_NotificationConfiguration.html", + "type": "string", + "enum": [ + { + "name": "InstanceLaunch", + "value": "autoscaling:EC2_INSTANCE_LAUNCH" + }, + { + "name": "InstanceTerminate", + "value": "autoscaling:EC2_INSTANCE_TERMINATE" + }, + { + "name": "InstanceLaunchError", + "value": "autoscaling:EC2_INSTANCE_LAUNCH_ERROR" + }, + { + "name": "InstanceTerminateError", + "value": "autoscaling:EC2_INSTANCE_TERMINATE_ERROR" + }, + { + "name": "TestNotification", + "value": "autoscaling:TEST_NOTIFICATION" + } + ] + }, + "aws:autoscaling/PolicyPredictiveScalingConfiguration:PolicyPredictiveScalingConfiguration": { + "properties": { + "maxCapacityBreachBehavior": { + "type": "string", + "description": "Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity of the Auto Scaling group. Valid values are `HonorMaxCapacity` or `IncreaseMaxCapacity`. Default is `HonorMaxCapacity`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxCapacityBuffer": { + "type": "string", + "description": "The size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity. Valid range is `0` to `100`. If set to `0`, Amazon EC2 Auto Scaling may scale capacity higher than the maximum capacity to equal but not exceed forecast capacity.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricSpecification": { + "$ref": "#/types/aws:autoscaling/PolicyPredictiveScalingConfigurationMetricSpecification:PolicyPredictiveScalingConfigurationMetricSpecification", + "description": "This structure includes the metrics and target utilization to use for predictive scaling.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mode": { + "type": "string", + "description": "The predictive scaling mode. Valid values are `ForecastAndScale` and `ForecastOnly`. Default is `ForecastOnly`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schedulingBufferTime": { + "type": "string", + "description": "The amount of time, in seconds, by which the instance launch time can be advanced. Minimum is `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "metricSpecification" + ] + }, + "aws:autoscaling/PolicyPredictiveScalingConfigurationMetricSpecification:PolicyPredictiveScalingConfigurationMetricSpecification": { + "properties": { + "predefinedLoadMetricSpecification": { + "$ref": "#/types/aws:autoscaling/PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedLoadMetricSpecification:PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedLoadMetricSpecification", + "description": "The load metric specification.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "predefinedMetricPairSpecification": { + "$ref": "#/types/aws:autoscaling/PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedMetricPairSpecification:PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedMetricPairSpecification", + "description": "The metric pair specification from which Amazon EC2 Auto Scaling determines the appropriate scaling metric and load metric to use.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "predefinedScalingMetricSpecification": { + "$ref": "#/types/aws:autoscaling/PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedScalingMetricSpecification:PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedScalingMetricSpecification", + "description": "The scaling metric specification.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetValue": { + "type": "integer", + "description": "The target value for the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetValue" + ] + }, + "aws:autoscaling/PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedLoadMetricSpecification:PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedLoadMetricSpecification": { + "properties": { + "predefinedMetricType": { + "type": "string", + "description": "Describes a scaling metric for a predictive scaling policy. Valid values are `ASGAverageCPUUtilization`, `ASGAverageNetworkIn`, `ASGAverageNetworkOut`, or `ALBRequestCountPerTarget`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceLabel": { + "type": "string", + "description": "A label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "predefinedMetricType", + "resourceLabel" + ] + }, + "aws:autoscaling/PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedMetricPairSpecification:PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedMetricPairSpecification": { + "properties": { + "predefinedMetricType": { + "type": "string", + "description": "Describes a scaling metric for a predictive scaling policy. Valid values are `ASGAverageCPUUtilization`, `ASGAverageNetworkIn`, `ASGAverageNetworkOut`, or `ALBRequestCountPerTarget`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceLabel": { + "type": "string", + "description": "A label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "predefinedMetricType", + "resourceLabel" + ] + }, + "aws:autoscaling/PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedScalingMetricSpecification:PolicyPredictiveScalingConfigurationMetricSpecificationPredefinedScalingMetricSpecification": { + "properties": { + "predefinedMetricType": { + "type": "string", + "description": "Describes a scaling metric for a predictive scaling policy. Valid values are `ASGAverageCPUUtilization`, `ASGAverageNetworkIn`, `ASGAverageNetworkOut`, or `ALBRequestCountPerTarget`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceLabel": { + "type": "string", + "description": "A label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "predefinedMetricType", + "resourceLabel" + ] + }, + "aws:autoscaling/PolicyStepAdjustment:PolicyStepAdjustment": { + "properties": { + "metricIntervalLowerBound": { + "type": "string", + "description": "The lower bound for the\ndifference between the alarm threshold and the CloudWatch metric.\nWithout a value, AWS will treat this bound as infinity.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricIntervalUpperBound": { + "type": "string", + "description": "The upper bound for the\ndifference between the alarm threshold and the CloudWatch metric.\nWithout a value, AWS will treat this bound as infinity. The upper bound\nmust be greater than the lower bound.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scalingAdjustment": { + "type": "integer", + "description": "The number of members by which to\nscale, when the adjustment bounds are breached. A positive value scales\nup. A negative value scales down.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "scalingAdjustment" + ] + }, + "aws:autoscaling/PolicyTargetTrackingConfiguration:PolicyTargetTrackingConfiguration": { + "properties": { + "customizedMetricSpecification": { + "$ref": "#/types/aws:autoscaling/PolicyTargetTrackingConfigurationCustomizedMetricSpecification:PolicyTargetTrackingConfigurationCustomizedMetricSpecification", + "description": "A customized metric. Conflicts with `predefined_metric_specification`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "disableScaleIn": { + "type": "boolean", + "description": "Indicates whether scale in by the target tracking policy is disabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "predefinedMetricSpecification": { + "$ref": "#/types/aws:autoscaling/PolicyTargetTrackingConfigurationPredefinedMetricSpecification:PolicyTargetTrackingConfigurationPredefinedMetricSpecification", + "description": "A predefined metric. Conflicts with `customized_metric_specification`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetValue": { + "type": "number", + "description": "The target value for the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetValue" + ] + }, + "aws:autoscaling/PolicyTargetTrackingConfigurationCustomizedMetricSpecification:PolicyTargetTrackingConfigurationCustomizedMetricSpecification": { + "properties": { + "metricDimensions": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricDimension:PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricDimension" + }, + "description": "The dimensions of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricName": { + "type": "string", + "description": "The name of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "description": "The namespace of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statistic": { + "type": "string", + "description": "The statistic of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unit": { + "type": "string", + "description": "The unit of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "metricName", + "namespace", + "statistic" + ] + }, + "aws:autoscaling/PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricDimension:PolicyTargetTrackingConfigurationCustomizedMetricSpecificationMetricDimension": { + "properties": { + "name": { + "type": "string", + "description": "The name of the dimension.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the dimension.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:autoscaling/PolicyTargetTrackingConfigurationPredefinedMetricSpecification:PolicyTargetTrackingConfigurationPredefinedMetricSpecification": { + "properties": { + "predefinedMetricType": { + "type": "string", + "description": "Describes a scaling metric for a predictive scaling policy. Valid values are `ASGAverageCPUUtilization`, `ASGAverageNetworkIn`, `ASGAverageNetworkOut`, or `ALBRequestCountPerTarget`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceLabel": { + "type": "string", + "description": "A label that uniquely identifies a specific Application Load Balancer target group from which to determine the request count served by your Auto Scaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "predefinedMetricType" + ] + }, + "aws:autoscaling/getAmiIdsFilter:getAmiIdsFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter. The valid values are: `auto-scaling-group`, `key`, `value`, and `propagate-at-launch`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The value of the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:autoscaling/getGroupLaunchTemplate:getGroupLaunchTemplate": { + "properties": { + "id": { + "type": "string", + "description": "Name of the Auto Scaling Group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Specify the exact name of the desired autoscaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "id", + "name", + "version" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:autoscalingplans/ScalingPlanApplicationSource:ScalingPlanApplicationSource": { + "properties": { + "cloudformationStackArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of a AWS CloudFormation stack.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tagFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanApplicationSourceTagFilter:ScalingPlanApplicationSourceTagFilter" + }, + "description": "A set of tags.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:autoscalingplans/ScalingPlanApplicationSourceTagFilter:ScalingPlanApplicationSourceTagFilter": { + "properties": { + "key": { + "type": "string", + "description": "The tag key.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The tag values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key" + ] + }, + "aws:autoscalingplans/ScalingPlanScalingInstruction:ScalingPlanScalingInstruction": { + "properties": { + "customizedLoadMetricSpecification": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanScalingInstructionCustomizedLoadMetricSpecification:ScalingPlanScalingInstructionCustomizedLoadMetricSpecification", + "description": "The customized load metric to use for predictive scaling. You must specify either `customized_load_metric_specification` or `predefined_load_metric_specification` when configuring predictive scaling.\nMore details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_CustomizedLoadMetricSpecification.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "disableDynamicScaling": { + "type": "boolean", + "description": "Boolean controlling whether dynamic scaling by AWS Auto Scaling is disabled. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxCapacity": { + "type": "integer", + "description": "The maximum capacity of the resource. The exception to this upper limit is if you specify a non-default setting for `predictive_scaling_max_capacity_behavior`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minCapacity": { + "type": "integer", + "description": "The minimum capacity of the resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "predefinedLoadMetricSpecification": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanScalingInstructionPredefinedLoadMetricSpecification:ScalingPlanScalingInstructionPredefinedLoadMetricSpecification", + "description": "The predefined load metric to use for predictive scaling. You must specify either `predefined_load_metric_specification` or `customized_load_metric_specification` when configuring predictive scaling.\nMore details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_PredefinedLoadMetricSpecification.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "predictiveScalingMaxCapacityBehavior": { + "type": "string", + "description": "Defines the behavior that should be applied if the forecast capacity approaches or exceeds the maximum capacity specified for the resource.\nValid values: `SetForecastCapacityToMaxCapacity`, `SetMaxCapacityAboveForecastCapacity`, `SetMaxCapacityToForecastCapacity`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "predictiveScalingMaxCapacityBuffer": { + "type": "integer", + "description": "The size of the capacity buffer to use when the forecast capacity is close to or exceeds the maximum capacity.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "predictiveScalingMode": { + "type": "string", + "description": "The predictive scaling mode. Valid values: `ForecastAndScale`, `ForecastOnly`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceId": { + "type": "string", + "description": "The ID of the resource. This string consists of the resource type and unique identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scalableDimension": { + "type": "string", + "description": "The scalable dimension associated with the resource. Valid values: `autoscaling:autoScalingGroup:DesiredCapacity`, `dynamodb:index:ReadCapacityUnits`, `dynamodb:index:WriteCapacityUnits`, `dynamodb:table:ReadCapacityUnits`, `dynamodb:table:WriteCapacityUnits`, `ecs:service:DesiredCount`, `ec2:spot-fleet-request:TargetCapacity`, `rds:cluster:ReadReplicaCount`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scalingPolicyUpdateBehavior": { + "type": "string", + "description": "Controls whether a resource's externally created scaling policies are kept or replaced. Valid values: `KeepExternalPolicies`, `ReplaceExternalPolicies`. Defaults to `KeepExternalPolicies`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scheduledActionBufferTime": { + "type": "integer", + "description": "The amount of time, in seconds, to buffer the run time of scheduled scaling actions when scaling out.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceNamespace": { + "type": "string", + "description": "The namespace of the AWS service. Valid values: `autoscaling`, `dynamodb`, `ecs`, `ec2`, `rds`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetTrackingConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanScalingInstructionTargetTrackingConfiguration:ScalingPlanScalingInstructionTargetTrackingConfiguration" + }, + "description": "The structure that defines new target tracking configurations. Each of these structures includes a specific scaling metric and a target value for the metric, along with various parameters to use with dynamic scaling.\nMore details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_TargetTrackingConfiguration.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxCapacity", + "minCapacity", + "resourceId", + "scalableDimension", + "serviceNamespace", + "targetTrackingConfigurations" + ] + }, + "aws:autoscalingplans/ScalingPlanScalingInstructionCustomizedLoadMetricSpecification:ScalingPlanScalingInstructionCustomizedLoadMetricSpecification": { + "properties": { + "dimensions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The dimensions of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricName": { + "type": "string", + "description": "The name of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "description": "The namespace of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statistic": { + "type": "string", + "description": "The statistic of the metric. Currently, the value must always be `Sum`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unit": { + "type": "string", + "description": "The unit of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "metricName", + "namespace", + "statistic" + ] + }, + "aws:autoscalingplans/ScalingPlanScalingInstructionPredefinedLoadMetricSpecification:ScalingPlanScalingInstructionPredefinedLoadMetricSpecification": { + "properties": { + "predefinedLoadMetricType": { + "type": "string", + "description": "The metric type. Valid values: `ALBTargetGroupRequestCount`, `ASGTotalCPUUtilization`, `ASGTotalNetworkIn`, `ASGTotalNetworkOut`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceLabel": { + "type": "string", + "description": "Identifies the resource associated with the metric type.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "predefinedLoadMetricType" + ] + }, + "aws:autoscalingplans/ScalingPlanScalingInstructionTargetTrackingConfiguration:ScalingPlanScalingInstructionTargetTrackingConfiguration": { + "properties": { + "customizedScalingMetricSpecification": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanScalingInstructionTargetTrackingConfigurationCustomizedScalingMetricSpecification:ScalingPlanScalingInstructionTargetTrackingConfigurationCustomizedScalingMetricSpecification", + "description": "A customized metric. You can specify either `customized_scaling_metric_specification` or `predefined_scaling_metric_specification`.\nMore details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_CustomizedScalingMetricSpecification.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "disableScaleIn": { + "type": "boolean", + "description": "Boolean indicating whether scale in by the target tracking scaling policy is disabled. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "estimatedInstanceWarmup": { + "type": "integer", + "description": "The estimated time, in seconds, until a newly launched instance can contribute to the CloudWatch metrics.\nThis value is used only if the resource is an Auto Scaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "predefinedScalingMetricSpecification": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanScalingInstructionTargetTrackingConfigurationPredefinedScalingMetricSpecification:ScalingPlanScalingInstructionTargetTrackingConfigurationPredefinedScalingMetricSpecification", + "description": "A predefined metric. You can specify either `predefined_scaling_metric_specification` or `customized_scaling_metric_specification`.\nMore details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_PredefinedScalingMetricSpecification.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scaleInCooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scale in activity completes before another scale in activity can start.\nThis value is not used if the scalable resource is an Auto Scaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scaleOutCooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scale-out activity completes before another scale-out activity can start.\nThis value is not used if the scalable resource is an Auto Scaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetValue": { + "type": "number", + "description": "The target value for the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetValue" + ] + }, + "aws:autoscalingplans/ScalingPlanScalingInstructionTargetTrackingConfigurationCustomizedScalingMetricSpecification:ScalingPlanScalingInstructionTargetTrackingConfigurationCustomizedScalingMetricSpecification": { + "properties": { + "dimensions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The dimensions of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricName": { + "type": "string", + "description": "The name of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "description": "The namespace of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statistic": { + "type": "string", + "description": "The statistic of the metric. Valid values: `Average`, `Maximum`, `Minimum`, `SampleCount`, `Sum`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unit": { + "type": "string", + "description": "The unit of the metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "metricName", + "namespace", + "statistic" + ] + }, + "aws:autoscalingplans/ScalingPlanScalingInstructionTargetTrackingConfigurationPredefinedScalingMetricSpecification:ScalingPlanScalingInstructionTargetTrackingConfigurationPredefinedScalingMetricSpecification": { + "properties": { + "predefinedScalingMetricType": { + "type": "string", + "description": "The metric type. Valid values: `ALBRequestCountPerTarget`, `ASGAverageCPUUtilization`, `ASGAverageNetworkIn`, `ASGAverageNetworkOut`, `DynamoDBReadCapacityUtilization`, `DynamoDBWriteCapacityUtilization`, `ECSServiceAverageCPUUtilization`, `ECSServiceAverageMemoryUtilization`, `EC2SpotFleetRequestAverageCPUUtilization`, `EC2SpotFleetRequestAverageNetworkIn`, `EC2SpotFleetRequestAverageNetworkOut`, `RDSReaderAverageCPUUtilization`, `RDSReaderAverageDatabaseConnections`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceLabel": { + "type": "string", + "description": "Identifies the resource associated with the metric type.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "predefinedScalingMetricType" + ] + }, + "aws:backup/PlanAdvancedBackupSetting:PlanAdvancedBackupSetting": { + "properties": { + "backupOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs. Set to `{ WindowsVSS = \"enabled\" }` to enable Windows VSS backup option and create a VSS Windows backup.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceType": { + "type": "string", + "description": "The type of AWS resource to be backed up. For VSS Windows backups, the only supported resource type is Amazon EC2. Valid values: `EC2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "backupOptions", + "resourceType" + ] + }, + "aws:backup/PlanRule:PlanRule": { + "properties": { + "completionWindow": { + "type": "integer", + "description": "The amount of time AWS Backup attempts a backup before canceling the job and returning an error.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "copyActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:backup/PlanRuleCopyAction:PlanRuleCopyAction" + }, + "description": "Configuration block(s) with copy operation settings. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableContinuousBackup": { + "type": "boolean", + "description": "Enable continuous backups for supported resources.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lifecycle": { + "$ref": "#/types/aws:backup/PlanRuleLifecycle:PlanRuleLifecycle", + "description": "The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. Fields documented above.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recoveryPointTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the resources that you create.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleName": { + "type": "string", + "description": "An display name for a backup rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schedule": { + "type": "string", + "description": "A CRON expression specifying when AWS Backup initiates a backup job.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "startWindow": { + "type": "integer", + "description": "The amount of time in minutes before beginning a backup.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetVaultName": { + "type": "string", + "description": "The name of a logical container where backups are stored.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "ruleName", + "targetVaultName" + ] + }, + "aws:backup/PlanRuleCopyAction:PlanRuleCopyAction": { + "properties": { + "destinationVaultArn": { + "type": "string", + "description": "An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lifecycle": { + "$ref": "#/types/aws:backup/PlanRuleCopyActionLifecycle:PlanRuleCopyActionLifecycle", + "description": "The lifecycle defines when a protected resource is copied over to a backup vault and when it expires. Fields documented above.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destinationVaultArn" + ] + }, + "aws:backup/PlanRuleCopyActionLifecycle:PlanRuleCopyActionLifecycle": { + "properties": { + "coldStorageAfter": { + "type": "integer", + "description": "Specifies the number of days after creation that a recovery point is moved to cold storage.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deleteAfter": { + "type": "integer", + "description": "Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:backup/PlanRuleLifecycle:PlanRuleLifecycle": { + "properties": { + "coldStorageAfter": { + "type": "integer", + "description": "Specifies the number of days after creation that a recovery point is moved to cold storage.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deleteAfter": { + "type": "integer", + "description": "Specifies the number of days after creation that a recovery point is deleted. Must be 90 days greater than `cold_storage_after`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:backup/SelectionSelectionTag:SelectionSelectionTag": { + "properties": { + "key": { + "type": "string", + "description": "The key in a key-value pair.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "An operation, such as `StringEquals`, that is applied to a key-value pair used to filter resources in a selection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value in a key-value pair.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "type", + "value" + ] + }, + "aws:batch/ComputeEnvironmentComputeResources:ComputeEnvironmentComputeResources": { + "properties": { + "allocationStrategy": { + "type": "string", + "description": "The allocation strategy to use for the compute resource in case not enough instances of the best fitting instance type can be allocated. Valid items are `BEST_FIT_PROGRESSIVE`, `SPOT_CAPACITY_OPTIMIZED` or `BEST_FIT`. Defaults to `BEST_FIT`. See [AWS docs](https://docs.aws.amazon.com/batch/latest/userguide/allocation-strategies.html) for details. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bidPercentage": { + "type": "integer", + "description": "Integer of minimum percentage that a Spot Instance price must be when compared with the On-Demand price for that instance type before instances are launched. For example, if your bid percentage is 20% (`20`), then the Spot price must be below 20% of the current On-Demand price for that EC2 instance. This parameter is required for SPOT compute environments. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "desiredVcpus": { + "type": "integer", + "description": "The desired number of EC2 vCPUS in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ec2KeyPair": { + "type": "string", + "description": "The EC2 key pair that is used for instances launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imageId": { + "type": "string", + "description": "The Amazon Machine Image (AMI) ID used for instances launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceRole": { + "type": "string", + "description": "The Amazon ECS instance role applied to Amazon EC2 instances in a compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of instance types that may be launched. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchTemplate": { + "$ref": "#/types/aws:batch/ComputeEnvironmentComputeResourcesLaunchTemplate:ComputeEnvironmentComputeResourcesLaunchTemplate", + "description": "The launch template to use for your compute resources. See details below. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxVcpus": { + "type": "integer", + "description": "The maximum number of EC2 vCPUs that an environment can reach.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minVcpus": { + "type": "integer", + "description": "The minimum number of EC2 vCPUs that an environment should maintain. For `EC2` or `SPOT` compute environments, if the parameter is not explicitly defined, a `0` default value will be set. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 security group that are associated with instances launched in the compute environment.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotIamFleetRole": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon EC2 Spot Fleet IAM role applied to a SPOT compute environment. This parameter is required for SPOT compute environments. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnets into which the compute resources are launched.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pair tags to be applied to resources that are launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of compute environment. Valid items are `EC2`, `SPOT`, `FARGATE` or `FARGATE_SPOT`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxVcpus", + "securityGroupIds", + "subnets", + "type" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "desiredVcpus", + "maxVcpus", + "securityGroupIds", + "subnets", + "type" + ] + } + } + }, + "aws:batch/ComputeEnvironmentComputeResourcesLaunchTemplate:ComputeEnvironmentComputeResourcesLaunchTemplate": { + "properties": { + "launchTemplateId": { + "type": "string", + "description": "ID of the launch template. You must specify either the launch template ID or launch template name in the request, but not both.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchTemplateName": { + "type": "string", + "description": "Name of the launch template.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "The version number of the launch template. Default: The default version of the launch template.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:batch/JobDefinitionRetryStrategy:JobDefinitionRetryStrategy": { + "properties": { + "attempts": { + "type": "integer", + "description": "The number of times to move a job to the `RUNNABLE` status. You may specify between `1` and `10` attempts.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "evaluateOnExits": { + "type": "array", + "items": { + "$ref": "#/types/aws:batch/JobDefinitionRetryStrategyEvaluateOnExit:JobDefinitionRetryStrategyEvaluateOnExit" + }, + "description": "The evaluate on exit conditions under which the job should be retried or failed. If this parameter is specified, then the `attempts` parameter must also be specified. You may specify up to 5 configuration blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:batch/JobDefinitionRetryStrategyEvaluateOnExit:JobDefinitionRetryStrategyEvaluateOnExit": { + "properties": { + "action": { + "type": "string", + "description": "Specifies the action to take if all of the specified conditions are met. The values are not case sensitive. Valid values: `RETRY`, `EXIT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onExitCode": { + "type": "string", + "description": "A glob pattern to match against the decimal representation of the exit code returned for a job.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onReason": { + "type": "string", + "description": "A glob pattern to match against the reason returned for a job.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onStatusReason": { + "type": "string", + "description": "A glob pattern to match against the status reason returned for a job.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action" + ] + }, + "aws:batch/JobDefinitionTimeout:JobDefinitionTimeout": { + "properties": { + "attemptDurationSeconds": { + "type": "integer", + "description": "The time duration in seconds after which AWS Batch terminates your jobs if they have not finished. The minimum value for the timeout is `60` seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:batch/getJobQueueComputeEnvironmentOrder:getJobQueueComputeEnvironmentOrder": { + "properties": { + "computeEnvironment": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "computeEnvironment", + "order" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:budgets/BudgetActionActionThreshold:BudgetActionActionThreshold": { + "properties": { + "actionThresholdType": { + "type": "string", + "description": "The type of threshold for a notification. Valid values are `PERCENTAGE` or `ABSOLUTE_VALUE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "actionThresholdValue": { + "type": "number", + "description": "The threshold of a notification.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "actionThresholdType", + "actionThresholdValue" + ] + }, + "aws:budgets/BudgetActionDefinition:BudgetActionDefinition": { + "properties": { + "iamActionDefinition": { + "$ref": "#/types/aws:budgets/BudgetActionDefinitionIamActionDefinition:BudgetActionDefinitionIamActionDefinition", + "description": "The AWS Identity and Access Management (IAM) action definition details. See IAM Action Definition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scpActionDefinition": { + "$ref": "#/types/aws:budgets/BudgetActionDefinitionScpActionDefinition:BudgetActionDefinitionScpActionDefinition", + "description": "The service control policies (SCPs) action definition details. See SCP Action Definition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ssmActionDefinition": { + "$ref": "#/types/aws:budgets/BudgetActionDefinitionSsmActionDefinition:BudgetActionDefinitionSsmActionDefinition", + "description": "The AWS Systems Manager (SSM) action definition details. See SSM Action Definition.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:budgets/BudgetActionDefinitionIamActionDefinition:BudgetActionDefinitionIamActionDefinition": { + "properties": { + "groups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of groups to be attached. There must be at least one group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "policyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the policy to be attached.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of roles to be attached. There must be at least one role.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "users": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of users to be attached. There must be at least one user.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "policyArn" + ] + }, + "aws:budgets/BudgetActionDefinitionScpActionDefinition:BudgetActionDefinitionScpActionDefinition": { + "properties": { + "policyId": { + "type": "string", + "description": "The policy ID attached.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of target IDs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "policyId", + "targetIds" + ] + }, + "aws:budgets/BudgetActionDefinitionSsmActionDefinition:BudgetActionDefinitionSsmActionDefinition": { + "properties": { + "actionSubType": { + "type": "string", + "description": "The action subType. Valid values are `STOP_EC2_INSTANCES` or `STOP_RDS_INSTANCES`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The EC2 and RDS instance IDs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "The Region to run the SSM document.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "actionSubType", + "instanceIds", + "region" + ] + }, + "aws:budgets/BudgetActionSubscriber:BudgetActionSubscriber": { + "properties": { + "address": { + "type": "string", + "description": "The address that AWS sends budget notifications to, either an SNS topic or an email.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subscriptionType": { + "type": "string", + "description": "The type of notification that AWS sends to a subscriber. Valid values are `SNS` or `EMAIL`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "address", + "subscriptionType" + ] + }, + "aws:budgets/BudgetCostFilter:BudgetCostFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of a budget. Unique within accounts.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:budgets/BudgetCostTypes:BudgetCostTypes": { + "properties": { + "includeCredit": { + "type": "boolean", + "description": "A boolean value whether to include credits in the cost budget. Defaults to `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeDiscount": { + "type": "boolean", + "description": "Specifies whether a budget includes discounts. Defaults to `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeOtherSubscription": { + "type": "boolean", + "description": "A boolean value whether to include other subscription costs in the cost budget. Defaults to `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeRecurring": { + "type": "boolean", + "description": "A boolean value whether to include recurring costs in the cost budget. Defaults to `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeRefund": { + "type": "boolean", + "description": "A boolean value whether to include refunds in the cost budget. Defaults to `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeSubscription": { + "type": "boolean", + "description": "A boolean value whether to include subscriptions in the cost budget. Defaults to `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeSupport": { + "type": "boolean", + "description": "A boolean value whether to include support costs in the cost budget. Defaults to `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeTax": { + "type": "boolean", + "description": "A boolean value whether to include tax in the cost budget. Defaults to `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeUpfront": { + "type": "boolean", + "description": "A boolean value whether to include upfront costs in the cost budget. Defaults to `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "useAmortized": { + "type": "boolean", + "description": "Specifies whether a budget uses the amortized rate. Defaults to `false`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "useBlended": { + "type": "boolean", + "description": "A boolean value whether to use blended costs in the cost budget. Defaults to `false`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:budgets/BudgetNotification:BudgetNotification": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "(Required) Comparison operator to use to evaluate the condition. Can be `LESS_THAN`, `EQUAL_TO` or `GREATER_THAN`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notificationType": { + "type": "string", + "description": "(Required) What kind of budget value to notify on. Can be `ACTUAL` or `FORECASTED`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subscriberEmailAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "(Optional) E-Mail addresses to notify. Either this or `subscriber_sns_topic_arns` is required.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subscriberSnsTopicArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "(Optional) SNS topics to notify. Either this or `subscriber_email_addresses` is required.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "threshold": { + "type": "number", + "description": "(Required) Threshold when the notification should be sent.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "thresholdType": { + "type": "string", + "description": "(Required) What kind of threshold is defined. Can be `PERCENTAGE` OR `ABSOLUTE_VALUE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "notificationType", + "threshold", + "thresholdType" + ] + }, + "aws:cfg/ConfigurationAggregatorAccountAggregationSource:ConfigurationAggregatorAccountAggregationSource": { + "properties": { + "accountIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of 12-digit account IDs of the account(s) being aggregated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allRegions": { + "type": "boolean", + "description": "If true, aggregate existing AWS Config regions and future regions.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of source regions being aggregated.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "accountIds" + ] + }, + "aws:cfg/ConfigurationAggregatorOrganizationAggregationSource:ConfigurationAggregatorOrganizationAggregationSource": { + "properties": { + "allRegions": { + "type": "boolean", + "description": "If true, aggregate existing AWS Config regions and future regions.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of source regions being aggregated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "ARN of the IAM role used to retrieve AWS Organization details associated with the aggregator account.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn" + ] + }, + "aws:cfg/ConformancePackInputParameter:ConformancePackInputParameter": { + "properties": { + "parameterName": { + "type": "string", + "description": "The input key.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameterValue": { + "type": "string", + "description": "The input value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "parameterName", + "parameterValue" + ] + }, + "aws:cfg/DeliveryChannelSnapshotDeliveryProperties:DeliveryChannelSnapshotDeliveryProperties": { + "properties": { + "deliveryFrequency": { + "type": "string", + "description": "- The frequency with which AWS Config recurringly delivers configuration snapshots. e.g. `One_Hour` or `Three_Hours`. Valid values are listed [here](https://docs.aws.amazon.com/config/latest/APIReference/API_ConfigSnapshotDeliveryProperties.html#API_ConfigSnapshotDeliveryProperties_Contents).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cfg/OrganizationConformancePackInputParameter:OrganizationConformancePackInputParameter": { + "properties": { + "parameterName": { + "type": "string", + "description": "The input key.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameterValue": { + "type": "string", + "description": "The input value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "parameterName", + "parameterValue" + ] + }, + "aws:cfg/RecorderRecordingGroup:RecorderRecordingGroup": { + "properties": { + "allSupported": { + "type": "boolean", + "description": "Specifies whether AWS Config records configuration changes for every supported type of regional resource (which includes any new type that will become supported in the future). Conflicts with `resource_types`. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeGlobalResourceTypes": { + "type": "boolean", + "description": "Specifies whether AWS Config includes all supported types of *global resources* with the resources that it records. Requires `all_supported = true`. Conflicts with `resource_types`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list that specifies the types of AWS resources for which AWS Config records configuration changes (for example, `AWS::EC2::Instance` or `AWS::CloudTrail::Trail`). See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types. In order to use this attribute, `all_supported` must be set to false.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cfg/RemediationConfigurationParameter:RemediationConfigurationParameter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceValue": { + "type": "string", + "description": "The value is dynamic and changes at run-time.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "staticValue": { + "type": "string", + "description": "The value is static and does not change at run-time.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:cfg/RuleScope:RuleScope": { + "properties": { + "complianceResourceId": { + "type": "string", + "description": "The IDs of the only AWS resource that you want to trigger an evaluation for the rule. If you specify a resource ID, you must specify one resource type for `compliance_resource_types`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "complianceResourceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of resource types of only those AWS resources that you want to trigger an evaluation for the rule. e.g. `AWS::EC2::Instance`. You can only specify one type if you also specify a resource ID for `compliance_resource_id`. See [relevant part of AWS Docs](http://docs.aws.amazon.com/config/latest/APIReference/API_ResourceIdentifier.html#config-Type-ResourceIdentifier-resourceType) for available types.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tagKey": { + "type": "string", + "description": "The tag key that is applied to only those AWS resources that you want you want to trigger an evaluation for the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tagValue": { + "type": "string", + "description": "The tag value applied to only those AWS resources that you want to trigger an evaluation for the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cfg/RuleSource:RuleSource": { + "properties": { + "owner": { + "type": "string", + "description": "Indicates whether AWS or the customer owns and manages the AWS Config rule. Valid values are `AWS` or `CUSTOM_LAMBDA`. For more information about managed rules, see the [AWS Config Managed Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html). For more information about custom rules, see the [AWS Config Custom Rules documentation](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html). Custom Lambda Functions require permissions to allow the AWS Config service to invoke them, e.g. via the `aws.lambda.Permission` resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceDetails": { + "type": "array", + "items": { + "$ref": "#/types/aws:cfg/RuleSourceSourceDetail:RuleSourceSourceDetail" + }, + "description": "Provides the source and type of the event that causes AWS Config to evaluate your AWS resources. Only valid if `owner` is `CUSTOM_LAMBDA`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceIdentifier": { + "type": "string", + "description": "For AWS Config managed rules, a predefined identifier, e.g `IAM_PASSWORD_POLICY`. For custom Lambda rules, the identifier is the ARN of the Lambda Function, such as `arn:aws:lambda:us-east-1:123456789012:function:custom_rule_name` or the `arn` attribute of the `aws.lambda.Function` resource.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "owner", + "sourceIdentifier" + ] + }, + "aws:cfg/RuleSourceSourceDetail:RuleSourceSourceDetail": { + "properties": { + "eventSource": { + "type": "string", + "description": "The source of the event, such as an AWS service, that triggers AWS Config to evaluate your AWS resources. This defaults to `aws.config` and is the only valid value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maximumExecutionFrequency": { + "type": "string", + "description": "The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires `message_type` to be `ScheduledNotification`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageType": { + "type": "string", + "description": "The type of notification that triggers AWS Config to run an evaluation for a rule. You can specify the following notification types:\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudformation/CloudFormationTypeLoggingConfig:CloudFormationTypeLoggingConfig": { + "properties": { + "logGroupName": { + "type": "string", + "description": "Name of the CloudWatch Log Group where CloudFormation sends error logging information when invoking the type's handlers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role CloudFormation assumes when sending error logging information to CloudWatch Logs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "logGroupName", + "logRoleArn" + ] + }, + "aws:cloudformation/StackSetAutoDeployment:StackSetAutoDeployment": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether or not auto-deployment is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "retainStacksOnAccountRemoval": { + "type": "boolean", + "description": "Whether or not to retain stacks when the account is removed.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudformation/getCloudFormationTypeLoggingConfig:getCloudFormationTypeLoggingConfig": { + "properties": { + "logGroupName": { + "type": "string", + "description": "Name of the CloudWatch Log Group where CloudFormation sends error logging information when invoking the type's handlers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role CloudFormation assumes when sending error logging information to CloudWatch Logs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "logGroupName", + "logRoleArn" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOrigin:CachePolicyParametersInCacheKeyAndForwardedToOrigin": { + "properties": { + "cookiesConfig": { + "$ref": "#/types/aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfig:CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfig", + "description": "Object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Cookies Config for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableAcceptEncodingBrotli": { + "type": "boolean", + "description": "A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableAcceptEncodingGzip": { + "type": "boolean", + "description": "A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headersConfig": { + "$ref": "#/types/aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfig:CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfig", + "description": "Object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Headers Config for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStringsConfig": { + "$ref": "#/types/aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfig:CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfig", + "description": "Object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Query Strings Config for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookiesConfig", + "headersConfig", + "queryStringsConfig" + ] + }, + "aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfig:CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfig": { + "properties": { + "cookieBehavior": { + "type": "string", + "description": "Determines whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `none`, `whitelist`, `allExcept`, `all`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookies": { + "$ref": "#/types/aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookies:CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookies", + "description": "Object that contains a list of cookie names. See Items for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookieBehavior" + ] + }, + "aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookies:CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookies": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of item names (cookies, headers, or query strings).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfig:CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfig": { + "properties": { + "headerBehavior": { + "type": "string", + "description": "Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `none`, `whitelist`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headers": { + "$ref": "#/types/aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeaders:CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeaders", + "description": "Object that contains a list of header names. See Items for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeaders:CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeaders": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of item names (cookies, headers, or query strings).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfig:CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfig": { + "properties": { + "queryStringBehavior": { + "type": "string", + "description": "Determines whether any URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `none`, `whitelist`, `allExcept`, `all`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStrings": { + "$ref": "#/types/aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryStrings:CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryStrings", + "description": "Object that contains a list of query string names. See Items for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "queryStringBehavior" + ] + }, + "aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryStrings:CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryStrings": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of item names (cookies, headers, or query strings).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudfront/DistributionCustomErrorResponse:DistributionCustomErrorResponse": { + "properties": { + "errorCachingMinTtl": { + "type": "integer", + "description": "The minimum amount of time you want\nHTTP error codes to stay in CloudFront caches before CloudFront queries your\norigin to see whether the object has been updated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "errorCode": { + "type": "integer", + "description": "The 4xx or 5xx HTTP status code that you want to\ncustomize.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseCode": { + "type": "integer", + "description": "The HTTP status code that you want CloudFront\nto return with the custom error page to the viewer.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responsePagePath": { + "type": "string", + "description": "The path of the custom error page (for\nexample, `/custom_404.html`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "errorCode" + ] + }, + "aws:cloudfront/DistributionDefaultCacheBehavior:DistributionDefaultCacheBehavior": { + "properties": { + "allowedMethods": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Controls which HTTP methods CloudFront\nprocesses and forwards to your Amazon S3 bucket or your custom origin.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cachePolicyId": { + "type": "string", + "description": "The unique identifier of the cache policy that\nis attached to the cache behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cachedMethods": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Controls whether CloudFront caches the\nresponse to requests using the specified HTTP methods.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compress": { + "type": "boolean", + "description": "Whether you want CloudFront to automatically\ncompress content for web requests that include `Accept-Encoding: gzip` in\nthe request header (default: `false`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "defaultTtl": { + "type": "integer", + "description": "The default amount of time (in seconds) that an\nobject is in a CloudFront cache before CloudFront forwards another request\nin the absence of an `Cache-Control max-age` or `Expires` header.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldLevelEncryptionId": { + "type": "string", + "description": "Field level encryption configuration ID\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedValues": { + "$ref": "#/types/aws:cloudfront/DistributionDefaultCacheBehaviorForwardedValues:DistributionDefaultCacheBehaviorForwardedValues", + "description": "The forwarded values configuration that specifies how CloudFront\nhandles query strings, cookies and headers (maximum one).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "functionAssociations": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionDefaultCacheBehaviorFunctionAssociation:DistributionDefaultCacheBehaviorFunctionAssociation" + }, + "description": "A config block that triggers a cloudfront\nfunction with specific actions (maximum 2).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambdaFunctionAssociations": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionDefaultCacheBehaviorLambdaFunctionAssociation:DistributionDefaultCacheBehaviorLambdaFunctionAssociation" + }, + "description": "A config block that triggers a lambda\nfunction with specific actions (maximum 4).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxTtl": { + "type": "integer", + "description": "The maximum amount of time (in seconds) that an\nobject is in a CloudFront cache before CloudFront forwards another request\nto your origin to determine whether the object has been updated. Only\neffective in the presence of `Cache-Control max-age`, `Cache-Control\ns-maxage`, and `Expires` headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minTtl": { + "type": "integer", + "description": "The minimum amount of time that you want objects to\nstay in CloudFront caches before CloudFront queries your origin to see\nwhether the object has been updated. Defaults to 0 seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originRequestPolicyId": { + "type": "string", + "description": "The unique identifier of the origin request policy\nthat is attached to the behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "realtimeLogConfigArn": { + "type": "string", + "description": "The ARN of the real-time log configuration\nthat is attached to this cache behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "smoothStreaming": { + "type": "boolean", + "description": "Indicates whether you want to distribute\nmedia files in Microsoft Smooth Streaming format using the origin that is\nassociated with this cache behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetOriginId": { + "type": "string", + "description": "The value of ID for the origin that you want\nCloudFront to route requests to when a request matches the path pattern\neither for a cache behavior or for the default cache behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "trustedKeyGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies.\nSee the [CloudFront User Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) for more information about this feature.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "trustedSigners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS account IDs (or `self`) that you want to allow to create signed URLs for private content.\nSee the [CloudFront User Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) for more information about this feature.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "viewerProtocolPolicy": { + "type": "string", + "description": "Use this element to specify the\nprotocol that users can use to access the files in the origin specified by\nTargetOriginId when a request matches the path pattern in PathPattern. One\nof `allow-all`, `https-only`, or `redirect-to-https`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allowedMethods", + "cachedMethods", + "targetOriginId", + "viewerProtocolPolicy" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "allowedMethods", + "cachedMethods", + "defaultTtl", + "maxTtl", + "targetOriginId", + "trustedKeyGroups", + "trustedSigners", + "viewerProtocolPolicy" + ] + } + } + }, + "aws:cloudfront/DistributionDefaultCacheBehaviorForwardedValues:DistributionDefaultCacheBehaviorForwardedValues": { + "properties": { + "cookies": { + "$ref": "#/types/aws:cloudfront/DistributionDefaultCacheBehaviorForwardedValuesCookies:DistributionDefaultCacheBehaviorForwardedValuesCookies", + "description": "The forwarded values cookies\nthat specifies how CloudFront handles cookies (maximum one).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the Headers, if any, that you want\nCloudFront to vary upon for this cache behavior. Specify `*` to include all\nheaders.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "type": "boolean", + "description": "Indicates whether you want CloudFront to forward\nquery strings to the origin that is associated with this cache behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStringCacheKeys": { + "type": "array", + "items": { + "type": "string" + }, + "description": "When specified, along with a value of\n`true` for `query_string`, all query strings are forwarded, however only the\nquery string keys listed in this argument are cached. When omitted with a\nvalue of `true` for `query_string`, all query string keys are cached.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookies", + "queryString" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "cookies", + "headers", + "queryString", + "queryStringCacheKeys" + ] + } + } + }, + "aws:cloudfront/DistributionDefaultCacheBehaviorForwardedValuesCookies:DistributionDefaultCacheBehaviorForwardedValuesCookies": { + "properties": { + "forward": { + "type": "string", + "description": "Specifies whether you want CloudFront to forward\ncookies to the origin that is associated with this cache behavior. You can\nspecify `all`, `none` or `whitelist`. If `whitelist`, you must include the\nsubsequent `whitelisted_names`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "whitelistedNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If you have specified `whitelist` to\n`forward`, the whitelisted cookies that you want CloudFront to forward to\nyour origin.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "forward" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "forward", + "whitelistedNames" + ] + } + } + }, + "aws:cloudfront/DistributionDefaultCacheBehaviorFunctionAssociation:DistributionDefaultCacheBehaviorFunctionAssociation": { + "properties": { + "eventType": { + "type": "string", + "description": "The specific event to trigger this function.\nValid values: `viewer-request` or `viewer-response`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "functionArn": { + "type": "string", + "description": "ARN of the Cloudfront function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "eventType", + "functionArn" + ] + }, + "aws:cloudfront/DistributionDefaultCacheBehaviorLambdaFunctionAssociation:DistributionDefaultCacheBehaviorLambdaFunctionAssociation": { + "properties": { + "eventType": { + "type": "string", + "description": "The specific event to trigger this function.\nValid values: `viewer-request` or `viewer-response`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeBody": { + "type": "boolean", + "description": "When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: `true`, `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambdaArn": { + "type": "string", + "description": "ARN of the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "eventType", + "lambdaArn" + ] + }, + "aws:cloudfront/DistributionLoggingConfig:DistributionLoggingConfig": { + "properties": { + "bucket": { + "type": "string", + "description": "The Amazon S3 bucket to store the access logs in, for\nexample, `myawslogbucket.s3.amazonaws.com`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeCookies": { + "type": "boolean", + "description": "Specifies whether you want CloudFront to\ninclude cookies in access logs (default: `false`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "An optional string that you want CloudFront to prefix\nto the access log filenames for this distribution, for example, `myprefix/`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "aws:cloudfront/DistributionOrderedCacheBehavior:DistributionOrderedCacheBehavior": { + "properties": { + "allowedMethods": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Controls which HTTP methods CloudFront\nprocesses and forwards to your Amazon S3 bucket or your custom origin.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cachePolicyId": { + "type": "string", + "description": "The unique identifier of the cache policy that\nis attached to the cache behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cachedMethods": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Controls whether CloudFront caches the\nresponse to requests using the specified HTTP methods.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compress": { + "type": "boolean", + "description": "Whether you want CloudFront to automatically\ncompress content for web requests that include `Accept-Encoding: gzip` in\nthe request header (default: `false`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "defaultTtl": { + "type": "integer", + "description": "The default amount of time (in seconds) that an\nobject is in a CloudFront cache before CloudFront forwards another request\nin the absence of an `Cache-Control max-age` or `Expires` header.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldLevelEncryptionId": { + "type": "string", + "description": "Field level encryption configuration ID\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedValues": { + "$ref": "#/types/aws:cloudfront/DistributionOrderedCacheBehaviorForwardedValues:DistributionOrderedCacheBehaviorForwardedValues", + "description": "The forwarded values configuration that specifies how CloudFront\nhandles query strings, cookies and headers (maximum one).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "functionAssociations": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOrderedCacheBehaviorFunctionAssociation:DistributionOrderedCacheBehaviorFunctionAssociation" + }, + "description": "A config block that triggers a cloudfront\nfunction with specific actions (maximum 2).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambdaFunctionAssociations": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOrderedCacheBehaviorLambdaFunctionAssociation:DistributionOrderedCacheBehaviorLambdaFunctionAssociation" + }, + "description": "A config block that triggers a lambda\nfunction with specific actions (maximum 4).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxTtl": { + "type": "integer", + "description": "The maximum amount of time (in seconds) that an\nobject is in a CloudFront cache before CloudFront forwards another request\nto your origin to determine whether the object has been updated. Only\neffective in the presence of `Cache-Control max-age`, `Cache-Control\ns-maxage`, and `Expires` headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minTtl": { + "type": "integer", + "description": "The minimum amount of time that you want objects to\nstay in CloudFront caches before CloudFront queries your origin to see\nwhether the object has been updated. Defaults to 0 seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originRequestPolicyId": { + "type": "string", + "description": "The unique identifier of the origin request policy\nthat is attached to the behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pathPattern": { + "type": "string", + "description": "The pattern (for example, `images/*.jpg)` that\nspecifies which requests you want this cache behavior to apply to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "realtimeLogConfigArn": { + "type": "string", + "description": "The ARN of the real-time log configuration\nthat is attached to this cache behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "smoothStreaming": { + "type": "boolean", + "description": "Indicates whether you want to distribute\nmedia files in Microsoft Smooth Streaming format using the origin that is\nassociated with this cache behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetOriginId": { + "type": "string", + "description": "The value of ID for the origin that you want\nCloudFront to route requests to when a request matches the path pattern\neither for a cache behavior or for the default cache behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "trustedKeyGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies.\nSee the [CloudFront User Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) for more information about this feature.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "trustedSigners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS account IDs (or `self`) that you want to allow to create signed URLs for private content.\nSee the [CloudFront User Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) for more information about this feature.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "viewerProtocolPolicy": { + "type": "string", + "description": "Use this element to specify the\nprotocol that users can use to access the files in the origin specified by\nTargetOriginId when a request matches the path pattern in PathPattern. One\nof `allow-all`, `https-only`, or `redirect-to-https`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allowedMethods", + "cachedMethods", + "pathPattern", + "targetOriginId", + "viewerProtocolPolicy" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "allowedMethods", + "cachedMethods", + "defaultTtl", + "maxTtl", + "pathPattern", + "targetOriginId", + "viewerProtocolPolicy" + ] + } + } + }, + "aws:cloudfront/DistributionOrderedCacheBehaviorForwardedValues:DistributionOrderedCacheBehaviorForwardedValues": { + "properties": { + "cookies": { + "$ref": "#/types/aws:cloudfront/DistributionOrderedCacheBehaviorForwardedValuesCookies:DistributionOrderedCacheBehaviorForwardedValuesCookies", + "description": "The forwarded values cookies\nthat specifies how CloudFront handles cookies (maximum one).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the Headers, if any, that you want\nCloudFront to vary upon for this cache behavior. Specify `*` to include all\nheaders.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "type": "boolean", + "description": "Indicates whether you want CloudFront to forward\nquery strings to the origin that is associated with this cache behavior.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStringCacheKeys": { + "type": "array", + "items": { + "type": "string" + }, + "description": "When specified, along with a value of\n`true` for `query_string`, all query strings are forwarded, however only the\nquery string keys listed in this argument are cached. When omitted with a\nvalue of `true` for `query_string`, all query string keys are cached.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookies", + "queryString" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "cookies", + "headers", + "queryString", + "queryStringCacheKeys" + ] + } + } + }, + "aws:cloudfront/DistributionOrderedCacheBehaviorForwardedValuesCookies:DistributionOrderedCacheBehaviorForwardedValuesCookies": { + "properties": { + "forward": { + "type": "string", + "description": "Specifies whether you want CloudFront to forward\ncookies to the origin that is associated with this cache behavior. You can\nspecify `all`, `none` or `whitelist`. If `whitelist`, you must include the\nsubsequent `whitelisted_names`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "whitelistedNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If you have specified `whitelist` to\n`forward`, the whitelisted cookies that you want CloudFront to forward to\nyour origin.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "forward" + ] + }, + "aws:cloudfront/DistributionOrderedCacheBehaviorFunctionAssociation:DistributionOrderedCacheBehaviorFunctionAssociation": { + "properties": { + "eventType": { + "type": "string", + "description": "The specific event to trigger this function.\nValid values: `viewer-request` or `viewer-response`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "functionArn": { + "type": "string", + "description": "ARN of the Cloudfront function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "eventType", + "functionArn" + ] + }, + "aws:cloudfront/DistributionOrderedCacheBehaviorLambdaFunctionAssociation:DistributionOrderedCacheBehaviorLambdaFunctionAssociation": { + "properties": { + "eventType": { + "type": "string", + "description": "The specific event to trigger this function.\nValid values: `viewer-request` or `viewer-response`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeBody": { + "type": "boolean", + "description": "When set to true it exposes the request body to the lambda function. Defaults to false. Valid values: `true`, `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambdaArn": { + "type": "string", + "description": "ARN of the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "eventType", + "lambdaArn" + ] + }, + "aws:cloudfront/DistributionOrigin:DistributionOrigin": { + "properties": { + "connectionAttempts": { + "type": "integer", + "description": "The number of times that CloudFront attempts to connect to the origin. Must be between 1-3. Defaults to 3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "connectionTimeout": { + "type": "integer", + "description": "The number of seconds that CloudFront waits when trying to establish a connection to the origin. Must be between 1-10. Defaults to 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customHeaders": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOriginCustomHeader:DistributionOriginCustomHeader" + }, + "description": "One or more sub-resources with `name` and\n`value` parameters that specify header data that will be sent to the origin\n(multiples allowed).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customOriginConfig": { + "$ref": "#/types/aws:cloudfront/DistributionOriginCustomOriginConfig:DistributionOriginCustomOriginConfig", + "description": "The CloudFront custom\norigin configuration information. If an S3\norigin is required, use `s3_origin_config` instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "domainName": { + "type": "string", + "description": "The DNS domain name of either the S3 bucket, or\nweb site of your custom origin.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originId": { + "type": "string", + "description": "The unique identifier of the member origin\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originPath": { + "type": "string", + "description": "An optional element that causes CloudFront to\nrequest your content from a directory in your Amazon S3 bucket or your\ncustom origin.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originShield": { + "$ref": "#/types/aws:cloudfront/DistributionOriginOriginShield:DistributionOriginOriginShield", + "description": "The CloudFront Origin Shield\nconfiguration information. Using Origin Shield can help reduce the load on your origin. For more information, see [Using Origin Shield](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/origin-shield.html) in the Amazon CloudFront Developer Guide.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3OriginConfig": { + "$ref": "#/types/aws:cloudfront/DistributionOriginS3OriginConfig:DistributionOriginS3OriginConfig", + "description": "The CloudFront S3 origin\nconfiguration information. If a custom origin is required, use\n`custom_origin_config` instead.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "domainName", + "originId" + ] + }, + "aws:cloudfront/DistributionOriginCustomHeader:DistributionOriginCustomHeader": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:cloudfront/DistributionOriginCustomOriginConfig:DistributionOriginCustomOriginConfig": { + "properties": { + "httpPort": { + "type": "integer", + "description": "The HTTP port the custom origin listens on.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpsPort": { + "type": "integer", + "description": "The HTTPS port the custom origin listens on.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originKeepaliveTimeout": { + "type": "integer", + "description": "The Custom KeepAlive timeout, in seconds. By default, AWS enforces a limit of `60`. But you can request an [increase](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-request-timeout).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originProtocolPolicy": { + "type": "string", + "description": "The origin protocol policy to apply to\nyour origin. One of `http-only`, `https-only`, or `match-viewer`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originReadTimeout": { + "type": "integer", + "description": "The Custom Read timeout, in seconds. By default, AWS enforces a limit of `60`. But you can request an [increase](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html#request-custom-request-timeout).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originSslProtocols": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The SSL/TLS protocols that you want\nCloudFront to use when communicating with your origin over HTTPS. A list of\none or more of `SSLv3`, `TLSv1`, `TLSv1.1`, and `TLSv1.2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "httpPort", + "httpsPort", + "originProtocolPolicy", + "originSslProtocols" + ] + }, + "aws:cloudfront/DistributionOriginGroup:DistributionOriginGroup": { + "properties": { + "failoverCriteria": { + "$ref": "#/types/aws:cloudfront/DistributionOriginGroupFailoverCriteria:DistributionOriginGroupFailoverCriteria", + "description": "The failover criteria for when to failover to the secondary origin\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "members": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOriginGroupMember:DistributionOriginGroupMember" + }, + "description": "Ordered member configuration blocks assigned to the origin group, where the first member is the primary origin. You must specify two members.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originId": { + "type": "string", + "description": "The unique identifier of the member origin\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "failoverCriteria", + "members", + "originId" + ] + }, + "aws:cloudfront/DistributionOriginGroupFailoverCriteria:DistributionOriginGroupFailoverCriteria": { + "properties": { + "statusCodes": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "A list of HTTP status codes for the origin group\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statusCodes" + ] + }, + "aws:cloudfront/DistributionOriginGroupMember:DistributionOriginGroupMember": { + "properties": { + "originId": { + "type": "string", + "description": "The unique identifier of the member origin\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "originId" + ] + }, + "aws:cloudfront/DistributionOriginOriginShield:DistributionOriginOriginShield": { + "properties": { + "enabled": { + "type": "boolean", + "description": "A flag that specifies whether Origin Shield is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "originShieldRegion": { + "type": "string", + "description": "The AWS Region for Origin Shield. To specify a region, use the region code, not the region name. For example, specify the US East (Ohio) region as us-east-2.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled", + "originShieldRegion" + ] + }, + "aws:cloudfront/DistributionOriginS3OriginConfig:DistributionOriginS3OriginConfig": { + "properties": { + "originAccessIdentity": { + "type": "string", + "description": "The [CloudFront origin access\nidentity][5] to associate with the origin.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "originAccessIdentity" + ] + }, + "aws:cloudfront/DistributionRestrictions:DistributionRestrictions": { + "properties": { + "geoRestriction": { + "$ref": "#/types/aws:cloudfront/DistributionRestrictionsGeoRestriction:DistributionRestrictionsGeoRestriction", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "geoRestriction" + ] + }, + "aws:cloudfront/DistributionRestrictionsGeoRestriction:DistributionRestrictionsGeoRestriction": { + "properties": { + "locations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The [ISO 3166-1-alpha-2 codes][4] for which you\nwant CloudFront either to distribute your content (`whitelist`) or not\ndistribute your content (`blacklist`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "restrictionType": { + "type": "string", + "description": "The method that you want to use to restrict\ndistribution of your content by country: `none`, `whitelist`, or\n`blacklist`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "restrictionType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "locations", + "restrictionType" + ] + } + } + }, + "aws:cloudfront/DistributionTrustedKeyGroup:DistributionTrustedKeyGroup": { + "properties": { + "enabled": { + "type": "boolean", + "description": "A flag that specifies whether Origin Shield is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "items": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionTrustedKeyGroupItem:DistributionTrustedKeyGroupItem" + }, + "description": "List of nested attributes for each trusted signer\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "enabled", + "items" + ] + } + } + }, + "aws:cloudfront/DistributionTrustedKeyGroupItem:DistributionTrustedKeyGroupItem": { + "properties": { + "keyGroupId": { + "type": "string", + "description": "The ID of the key group that contains the public keys\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "keyPairIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of active CloudFront key pairs associated with the signer account\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "keyGroupId", + "keyPairIds" + ] + } + } + }, + "aws:cloudfront/DistributionTrustedSigner:DistributionTrustedSigner": { + "properties": { + "enabled": { + "type": "boolean", + "description": "A flag that specifies whether Origin Shield is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "items": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionTrustedSignerItem:DistributionTrustedSignerItem" + }, + "description": "List of nested attributes for each trusted signer\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "enabled", + "items" + ] + } + } + }, + "aws:cloudfront/DistributionTrustedSignerItem:DistributionTrustedSignerItem": { + "properties": { + "awsAccountNumber": { + "type": "string", + "description": "AWS account ID or `self`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "keyPairIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of active CloudFront key pairs associated with the signer account\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "awsAccountNumber", + "keyPairIds" + ] + } + } + }, + "aws:cloudfront/DistributionViewerCertificate:DistributionViewerCertificate": { + "properties": { + "acmCertificateArn": { + "type": "string", + "description": "The ARN of the [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/)\ncertificate that you wish to use with this distribution. Specify this,\n`cloudfront_default_certificate`, or `iam_certificate_id`. The ACM\ncertificate must be in US-EAST-1.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudfrontDefaultCertificate": { + "type": "boolean", + "description": "`true` if you want viewers to use HTTPS\nto request your objects and you're using the CloudFront domain name for your\ndistribution. Specify this, `acm_certificate_arn`, or `iam_certificate_id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iamCertificateId": { + "type": "string", + "description": "The IAM certificate identifier of the custom viewer\ncertificate for this distribution if you are using a custom domain. Specify\nthis, `acm_certificate_arn`, or `cloudfront_default_certificate`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minimumProtocolVersion": { + "type": "string", + "description": "The minimum version of the SSL protocol that\nyou want CloudFront to use for HTTPS connections. Can only be set if\n`cloudfront_default_certificate = false`. See all possible values in\n[this](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html)\ntable under \"Security policy.\" Some examples include: `TLSv1.2_2019` and\n`TLSv1.2_2021`. Default: `TLSv1`. **NOTE**:\nIf you are using a custom certificate (specified with `acm_certificate_arn`\nor `iam_certificate_id`), and have specified `sni-only` in\n`ssl_support_method`, `TLSv1` or later must be specified. If you have\nspecified `vip` in `ssl_support_method`, only `SSLv3` or `TLSv1` can be\nspecified. If you have specified `cloudfront_default_certificate`, `TLSv1`\nmust be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sslSupportMethod": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudfront/MonitoringSubscriptionMonitoringSubscription:MonitoringSubscriptionMonitoringSubscription": { + "properties": { + "realtimeMetricsSubscriptionConfig": { + "$ref": "#/types/aws:cloudfront/MonitoringSubscriptionMonitoringSubscriptionRealtimeMetricsSubscriptionConfig:MonitoringSubscriptionMonitoringSubscriptionRealtimeMetricsSubscriptionConfig", + "description": "A subscription configuration for additional CloudWatch metrics. See below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "realtimeMetricsSubscriptionConfig" + ] + }, + "aws:cloudfront/MonitoringSubscriptionMonitoringSubscriptionRealtimeMetricsSubscriptionConfig:MonitoringSubscriptionMonitoringSubscriptionRealtimeMetricsSubscriptionConfig": { + "properties": { + "realtimeMetricsSubscriptionStatus": { + "type": "string", + "description": "A flag that indicates whether additional CloudWatch metrics are enabled for a given CloudFront distribution. Valid values are `Enabled` and `Disabled`. See below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "realtimeMetricsSubscriptionStatus" + ] + }, + "aws:cloudfront/OriginRequestPolicyCookiesConfig:OriginRequestPolicyCookiesConfig": { + "properties": { + "cookieBehavior": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookies": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyCookiesConfigCookies:OriginRequestPolicyCookiesConfigCookies", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookieBehavior" + ] + }, + "aws:cloudfront/OriginRequestPolicyCookiesConfigCookies:OriginRequestPolicyCookiesConfigCookies": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudfront/OriginRequestPolicyHeadersConfig:OriginRequestPolicyHeadersConfig": { + "properties": { + "headerBehavior": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "headers": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyHeadersConfigHeaders:OriginRequestPolicyHeadersConfigHeaders", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudfront/OriginRequestPolicyHeadersConfigHeaders:OriginRequestPolicyHeadersConfigHeaders": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudfront/OriginRequestPolicyQueryStringsConfig:OriginRequestPolicyQueryStringsConfig": { + "properties": { + "queryStringBehavior": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStrings": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyQueryStringsConfigQueryStrings:OriginRequestPolicyQueryStringsConfigQueryStrings", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "queryStringBehavior" + ] + }, + "aws:cloudfront/OriginRequestPolicyQueryStringsConfigQueryStrings:OriginRequestPolicyQueryStringsConfigQueryStrings": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudfront/RealtimeLogConfigEndpoint:RealtimeLogConfigEndpoint": { + "properties": { + "kinesisStreamConfig": { + "$ref": "#/types/aws:cloudfront/RealtimeLogConfigEndpointKinesisStreamConfig:RealtimeLogConfigEndpointKinesisStreamConfig", + "description": "The Amazon Kinesis data stream configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "streamType": { + "type": "string", + "description": "The type of data stream where real-time log data is sent. The only valid value is `Kinesis`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "kinesisStreamConfig", + "streamType" + ] + }, + "aws:cloudfront/RealtimeLogConfigEndpointKinesisStreamConfig:RealtimeLogConfigEndpointKinesisStreamConfig": { + "properties": { + "roleArn": { + "type": "string", + "description": "The ARN of an IAM role that CloudFront can use to send real-time log data to the Kinesis data stream.\nSee the [AWS documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-iam-role) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "streamArn": { + "type": "string", + "description": "The ARN of the Kinesis data stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "streamArn" + ] + }, + "aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOrigin:getCachePolicyParametersInCacheKeyAndForwardedToOrigin": { + "properties": { + "cookiesConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfig:getCachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfig" + }, + "description": "Object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Cookies Config for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableAcceptEncodingBrotli": { + "type": "boolean", + "description": "A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableAcceptEncodingGzip": { + "type": "boolean", + "description": "A flag that can affect whether the Accept-Encoding HTTP header is included in the cache key and included in requests that CloudFront sends to the origin.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headersConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfig:getCachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfig" + }, + "description": "Object that determines whether any HTTP headers (and if so, which headers) are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Headers Config for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStringsConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfig:getCachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfig" + }, + "description": "Object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the cache key and automatically included in requests that CloudFront sends to the origin. See Query Strings Config for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookiesConfigs", + "enableAcceptEncodingBrotli", + "enableAcceptEncodingGzip", + "headersConfigs", + "queryStringsConfigs" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfig:getCachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfig": { + "properties": { + "cookieBehavior": { + "type": "string", + "description": "Determines whether any cookies in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `none`, `whitelist`, `allExcept`, `all`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookies": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookie:getCachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookie" + }, + "description": "Object that contains a list of cookie names. See Items for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookieBehavior", + "cookies" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookie:getCachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookie": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of item names (`cookies`, `headers`, or `query_strings`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "items" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfig:getCachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfig": { + "properties": { + "headerBehavior": { + "type": "string", + "description": "Determines whether any HTTP headers are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `none`, `whitelist`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headers": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeader:getCachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeader" + }, + "description": "Object that contains a list of header names. See Items for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "headerBehavior", + "headers" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeader:getCachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeader": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of item names (`cookies`, `headers`, or `query_strings`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "items" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfig:getCachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfig": { + "properties": { + "queryStringBehavior": { + "type": "string", + "description": "Determines whether any URL query strings in viewer requests are included in the cache key and automatically included in requests that CloudFront sends to the origin. Valid values are `none`, `whitelist`, `allExcept`, `all`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStrings": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryString:getCachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryString" + }, + "description": "Object that contains a list of query string names. See Items for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "queryStringBehavior", + "queryStrings" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryString:getCachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryString": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of item names (`cookies`, `headers`, or `query_strings`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "items" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getOriginRequestPolicyCookiesConfig:getOriginRequestPolicyCookiesConfig": { + "properties": { + "cookieBehavior": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookies": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getOriginRequestPolicyCookiesConfigCookie:getOriginRequestPolicyCookiesConfigCookie" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookieBehavior", + "cookies" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getOriginRequestPolicyCookiesConfigCookie:getOriginRequestPolicyCookiesConfigCookie": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "items" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getOriginRequestPolicyHeadersConfig:getOriginRequestPolicyHeadersConfig": { + "properties": { + "headerBehavior": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "headers": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getOriginRequestPolicyHeadersConfigHeader:getOriginRequestPolicyHeadersConfigHeader" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "headerBehavior", + "headers" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getOriginRequestPolicyHeadersConfigHeader:getOriginRequestPolicyHeadersConfigHeader": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "items" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getOriginRequestPolicyQueryStringsConfig:getOriginRequestPolicyQueryStringsConfig": { + "properties": { + "queryStringBehavior": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStrings": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getOriginRequestPolicyQueryStringsConfigQueryString:getOriginRequestPolicyQueryStringsConfigQueryString" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "queryStringBehavior", + "queryStrings" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudfront/getOriginRequestPolicyQueryStringsConfigQueryString:getOriginRequestPolicyQueryStringsConfigQueryString": { + "properties": { + "items": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "items" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudhsmv2/ClusterClusterCertificate:ClusterClusterCertificate": { + "properties": { + "awsHardwareCertificate": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clusterCertificate": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clusterCsr": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "hsmCertificate": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "manufacturerHardwareCertificate": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "awsHardwareCertificate", + "clusterCertificate", + "clusterCsr", + "hsmCertificate", + "manufacturerHardwareCertificate" + ] + } + } + }, + "aws:cloudhsmv2/getClusterClusterCertificates:getClusterClusterCertificates": { + "properties": { + "awsHardwareCertificate": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clusterCertificate": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clusterCsr": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "hsmCertificate": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "manufacturerHardwareCertificate": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "awsHardwareCertificate", + "clusterCertificate", + "clusterCsr", + "hsmCertificate", + "manufacturerHardwareCertificate" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:cloudtrail/TrailEventSelector:TrailEventSelector": { + "properties": { + "dataResources": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudtrail/TrailEventSelectorDataResource:TrailEventSelectorDataResource" + }, + "description": "Configuration block for data events. See details below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includeManagementEvents": { + "type": "boolean", + "description": "Whether to include management events for your trail.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "readWriteType": { + "type": "string", + "description": "Type of events to log. Valid values are `ReadOnly`, `WriteOnly`, `All`. Default value is `All`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudtrail/TrailEventSelectorDataResource:TrailEventSelectorDataResource": { + "properties": { + "type": { + "type": "string", + "description": "Resource type in which you want to log data events. You can specify only the following value: \"AWS::S3::Object\", \"AWS::Lambda::Function\" and \"AWS::DynamoDB::Table\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of ARN strings or partial ARN strings to specify selectors for data audit events over data resources. ARN list is specific to single-valued `type`. For example, `arn:aws:s3:::/` for all objects in a bucket, `arn:aws:s3:::/key` for specific objects, `arn:aws:lambda` for all lambda events within an account, `arn:aws:lambda:::function:` for a specific Lambda function, `arn:aws:dynamodb` for all DDB events for all tables within an account, or `arn:aws:dynamodb:::table/` for a specific DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "values" + ] + }, + "aws:cloudtrail/TrailInsightSelector:TrailInsightSelector": { + "properties": { + "insightType": { + "type": "string", + "description": "Type of insights to log on a trail. The valid value is `ApiCallRateInsight`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "insightType" + ] + }, + "aws:cloudwatch/EventConnectionAuthParameters:EventConnectionAuthParameters": { + "properties": { + "apiKey": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersApiKey:EventConnectionAuthParametersApiKey", + "description": "Parameters used for API_KEY authorization. An API key to include in the header for each authentication request. A maximum of 1 are allowed. Conflicts with `basic` and `oauth`. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "basic": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersBasic:EventConnectionAuthParametersBasic", + "description": "Parameters used for BASIC authorization. A maximum of 1 are allowed. Conflicts with `api_key` and `oauth`. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "invocationHttpParameters": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersInvocationHttpParameters:EventConnectionAuthParametersInvocationHttpParameters", + "description": "Invocation Http Parameters are additional credentials used to sign each Invocation of the ApiDestination created from this Connection. If the ApiDestination Rule Target has additional HttpParameters, the values will be merged together, with the Connection Invocation Http Parameters taking precedence. Secret values are stored and managed by AWS Secrets Manager. A maximum of 1 are allowed. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "oauth": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersOauth:EventConnectionAuthParametersOauth", + "description": "Parameters used for OAUTH_CLIENT_CREDENTIALS authorization. A maximum of 1 are allowed. Conflicts with `basic` and `api_key`. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventConnectionAuthParametersApiKey:EventConnectionAuthParametersApiKey": { + "properties": { + "key": { + "type": "string", + "description": "Header Name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Header Value. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "value" + ] + }, + "aws:cloudwatch/EventConnectionAuthParametersBasic:EventConnectionAuthParametersBasic": { + "properties": { + "password": { + "type": "string", + "description": "A password for the authorization. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "username": { + "type": "string", + "description": "A username for the authorization.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "password", + "username" + ] + }, + "aws:cloudwatch/EventConnectionAuthParametersInvocationHttpParameters:EventConnectionAuthParametersInvocationHttpParameters": { + "properties": { + "bodies": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersInvocationHttpParametersBody:EventConnectionAuthParametersInvocationHttpParametersBody" + }, + "description": "Contains additional body string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following:\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headers": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersInvocationHttpParametersHeader:EventConnectionAuthParametersInvocationHttpParametersHeader" + }, + "description": "Contains additional header parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following:\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStrings": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersInvocationHttpParametersQueryString:EventConnectionAuthParametersInvocationHttpParametersQueryString" + }, + "description": "Contains additional query string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following:\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventConnectionAuthParametersInvocationHttpParametersBody:EventConnectionAuthParametersInvocationHttpParametersBody": { + "properties": { + "isValueSecret": { + "type": "boolean", + "description": "Specified whether the value is secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "Header Name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Header Value. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventConnectionAuthParametersInvocationHttpParametersHeader:EventConnectionAuthParametersInvocationHttpParametersHeader": { + "properties": { + "isValueSecret": { + "type": "boolean", + "description": "Specified whether the value is secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "Header Name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Header Value. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventConnectionAuthParametersInvocationHttpParametersQueryString:EventConnectionAuthParametersInvocationHttpParametersQueryString": { + "properties": { + "isValueSecret": { + "type": "boolean", + "description": "Specified whether the value is secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "Header Name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Header Value. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventConnectionAuthParametersOauth:EventConnectionAuthParametersOauth": { + "properties": { + "authorizationEndpoint": { + "type": "string", + "description": "The URL to the authorization endpoint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientParameters": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersOauthClientParameters:EventConnectionAuthParametersOauthClientParameters", + "description": "Contains the client parameters for OAuth authorization. Contains the following two parameters.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpMethod": { + "type": "string", + "description": "A password for the authorization. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "oauthHttpParameters": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersOauthOauthHttpParameters:EventConnectionAuthParametersOauthOauthHttpParameters", + "description": "OAuth Http Parameters are additional credentials used to sign the request to the authorization endpoint to exchange the OAuth Client information for an access token. Secret values are stored and managed by AWS Secrets Manager. A maximum of 1 are allowed. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationEndpoint", + "httpMethod", + "oauthHttpParameters" + ] + }, + "aws:cloudwatch/EventConnectionAuthParametersOauthClientParameters:EventConnectionAuthParametersOauthClientParameters": { + "properties": { + "clientId": { + "type": "string", + "description": "The client ID for the credentials to use for authorization. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "description": "The client secret for the credentials to use for authorization. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "clientId", + "clientSecret" + ] + }, + "aws:cloudwatch/EventConnectionAuthParametersOauthOauthHttpParameters:EventConnectionAuthParametersOauthOauthHttpParameters": { + "properties": { + "bodies": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersOauthOauthHttpParametersBody:EventConnectionAuthParametersOauthOauthHttpParametersBody" + }, + "description": "Contains additional body string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following:\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headers": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersOauthOauthHttpParametersHeader:EventConnectionAuthParametersOauthOauthHttpParametersHeader" + }, + "description": "Contains additional header parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following:\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStrings": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParametersOauthOauthHttpParametersQueryString:EventConnectionAuthParametersOauthOauthHttpParametersQueryString" + }, + "description": "Contains additional query string parameters for the connection. You can include up to 100 additional body string parameters per request. Each additional parameter counts towards the event payload size, which cannot exceed 64 KB. Each parameter can contain the following:\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventConnectionAuthParametersOauthOauthHttpParametersBody:EventConnectionAuthParametersOauthOauthHttpParametersBody": { + "properties": { + "isValueSecret": { + "type": "boolean", + "description": "Specified whether the value is secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "Header Name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Header Value. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventConnectionAuthParametersOauthOauthHttpParametersHeader:EventConnectionAuthParametersOauthOauthHttpParametersHeader": { + "properties": { + "isValueSecret": { + "type": "boolean", + "description": "Specified whether the value is secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "Header Name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Header Value. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventConnectionAuthParametersOauthOauthHttpParametersQueryString:EventConnectionAuthParametersOauthOauthHttpParametersQueryString": { + "properties": { + "isValueSecret": { + "type": "boolean", + "description": "Specified whether the value is secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "Header Name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Header Value. Created and stored in AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventPermissionCondition:EventPermissionCondition": { + "properties": { + "key": { + "type": "string", + "description": "Key for the condition. Valid values: `aws:PrincipalOrgID`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of condition. Value values: `StringEquals`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Value for the key.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "type", + "value" + ] + }, + "aws:cloudwatch/EventTargetBatchTarget:EventTargetBatchTarget": { + "properties": { + "arraySize": { + "type": "integer", + "description": "The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jobAttempts": { + "type": "integer", + "description": "The number of times to attempt to retry, if the job fails. Valid values are 1 to 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jobDefinition": { + "type": "string", + "description": "The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jobName": { + "type": "string", + "description": "The name to use for this execution of the job, if the target is an AWS Batch job.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "jobDefinition", + "jobName" + ] + }, + "aws:cloudwatch/EventTargetDeadLetterConfig:EventTargetDeadLetterConfig": { + "properties": { + "arn": { + "type": "string", + "description": "- ARN of the SQS queue specified as the target for the dead-letter queue.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventTargetEcsTarget:EventTargetEcsTarget": { + "properties": { + "enableEcsManagedTags": { + "type": "boolean", + "description": "Specifies whether to enable Amazon ECS managed tags for the task.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableExecuteCommand": { + "type": "boolean", + "description": "Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "group": { + "type": "string", + "description": "Specifies an ECS task group for the task. The maximum length is 255 characters.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchType": { + "type": "string", + "description": "Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. Valid values include: an empty string `\"\"` (to specify no launch type), `EC2`, or `FARGATE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkConfiguration": { + "$ref": "#/types/aws:cloudwatch/EventTargetEcsTargetNetworkConfiguration:EventTargetEcsTargetNetworkConfiguration", + "description": "Use this if the ECS task uses the awsvpc network mode. This specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. Required if launch_type is FARGATE because the awsvpc mode is required for Fargate tasks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "placementConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/EventTargetEcsTargetPlacementConstraint:EventTargetEcsTargetPlacementConstraint" + }, + "description": "An array of placement constraint objects to use for the task. You can specify up to 10 constraints per task (including constraints in the task definition and those specified at runtime). See Below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "platformVersion": { + "type": "string", + "description": "Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0. This is used only if LaunchType is FARGATE. For more information about valid platform versions, see [AWS Fargate Platform Versions](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "propagateTags": { + "type": "string", + "description": "Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags are not propagated. Tags can only be propagated to the task during task creation.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to ecs resources.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "taskCount": { + "type": "integer", + "description": "The number of tasks to create based on the TaskDefinition. The default is 1.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "taskDefinitionArn": { + "type": "string", + "description": "The ARN of the task definition to use if the event target is an Amazon ECS cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "taskDefinitionArn" + ] + }, + "aws:cloudwatch/EventTargetEcsTargetNetworkConfiguration:EventTargetEcsTargetNetworkConfiguration": { + "properties": { + "assignPublicIp": { + "type": "boolean", + "description": "Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The subnets associated with the task or service.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "subnets" + ] + }, + "aws:cloudwatch/EventTargetEcsTargetPlacementConstraint:EventTargetEcsTargetPlacementConstraint": { + "properties": { + "expression": { + "type": "string", + "description": "Cluster Query Language expression to apply to the constraint. Does not need to be specified for the `distinctInstance` type. For more information, see [Cluster Query Language in the Amazon EC2 Container Service Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of constraint. The only valid values at this time are `memberOf` and `distinctInstance`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:cloudwatch/EventTargetHttpTarget:EventTargetHttpTarget": { + "properties": { + "headerParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Enables you to specify HTTP headers to add to the request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pathParameterValues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of values that correspond sequentially to any path variables in your endpoint ARN (for example `arn:aws:execute-api:us-east-1:123456:myapi/*/POST/pets/*`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStringParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Represents keys/values of query string parameters that are appended to the invoked endpoint.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventTargetInputTransformer:EventTargetInputTransformer": { + "properties": { + "inputPaths": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key value pairs specified in the form of JSONPath (for example, time = $.time)\n* You can have as many as 100 key-value pairs.\n* You must use JSON dot notation, not bracket notation.\n* The keys can't start with \"AWS\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "inputTemplate": { + "type": "string", + "description": "Template to customize data sent to the target. Must be valid JSON. To send a string value, the string value must include double quotes. Values must be escaped for both JSON and the provider, e.g. `\"\\\"Your string goes here.\\\\nA new line.\\\"\"`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "inputTemplate" + ] + }, + "aws:cloudwatch/EventTargetKinesisTarget:EventTargetKinesisTarget": { + "properties": { + "partitionKeyPath": { + "type": "string", + "description": "The JSON path to be extracted from the event and used as the partition key.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventTargetRedshiftTarget:EventTargetRedshiftTarget": { + "properties": { + "database": { + "type": "string", + "description": "The name of the database.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dbUser": { + "type": "string", + "description": "The database user name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "secretsManagerArn": { + "type": "string", + "description": "The name or ARN of the secret that enables access to the database.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sql": { + "type": "string", + "description": "The SQL statement text to run.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statementName": { + "type": "string", + "description": "The name of the SQL statement.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "withEvent": { + "type": "boolean", + "description": "Indicates whether to send an event back to EventBridge after the SQL statement runs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "database" + ] + }, + "aws:cloudwatch/EventTargetRetryPolicy:EventTargetRetryPolicy": { + "properties": { + "maximumEventAgeInSeconds": { + "type": "integer", + "description": "The age in seconds to continue to make retry attempts.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maximumRetryAttempts": { + "type": "integer", + "description": "maximum number of retry attempts to make before the request fails\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/EventTargetRunCommandTarget:EventTargetRunCommandTarget": { + "properties": { + "key": { + "type": "string", + "description": "Can be either `tag:tag-key` or `InstanceIds`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If Key is `tag:tag-key`, Values is a list of tag values. If Key is `InstanceIds`, Values is a list of Amazon EC2 instance IDs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "values" + ] + }, + "aws:cloudwatch/EventTargetSqsTarget:EventTargetSqsTarget": { + "properties": { + "messageGroupId": { + "type": "string", + "description": "The FIFO message group ID to use as the target.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cloudwatch/LogMetricFilterMetricTransformation:LogMetricFilterMetricTransformation": { + "properties": { + "defaultValue": { + "type": "string", + "description": "The value to emit when a filter pattern does not match a log event. Conflicts with `dimensions`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dimensions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of fields to use as dimensions for the metric. Up to 3 dimensions are allowed. Conflicts with `default_value`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the CloudWatch metric to which the monitored log information should be published (e.g. `ErrorCount`)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "description": "The destination namespace of the CloudWatch metric.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unit": { + "type": "string", + "description": "The unit to assign to the metric. If you omit this, the unit is set as `None`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "What to publish to the metric. For example, if you're counting the occurrences of a particular term like \"Error\", the value will be \"1\" for each occurrence. If you're counting the bytes transferred the published value will be the value in the log event.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "namespace", + "value" + ] + }, + "aws:cloudwatch/MetricAlarmMetricQuery:MetricAlarmMetricQuery": { + "properties": { + "expression": { + "type": "string", + "description": "The math expression to be performed on the returned data, if this object is performing a math expression. This expression can use the id of the other metrics to refer to those metrics, and can also use the id of other expressions to use the result of those expressions. For more information about metric math expressions, see Metric Math Syntax and Functions in the [Amazon CloudWatch User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html#metric-math-syntax).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "A short name used to tie this object to the results in the response. If you are performing math expressions on this set of data, this name represents that data and can serve as a variable in the mathematical expression. The valid characters are letters, numbers, and underscore. The first character must be a lowercase letter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "label": { + "type": "string", + "description": "A human-readable label for this metric or expression. This is especially useful if this is an expression, so that you know what the value represents.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metric": { + "$ref": "#/types/aws:cloudwatch/MetricAlarmMetricQueryMetric:MetricAlarmMetricQueryMetric", + "description": "The metric to be returned, along with statistics, period, and units. Use this parameter only if this object is retrieving a metric and not performing a math expression on returned data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "returnData": { + "type": "boolean", + "description": "Specify exactly one `metric_query` to be `true` to use that `metric_query` result as the alarm.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "id" + ] + }, + "aws:cloudwatch/MetricAlarmMetricQueryMetric:MetricAlarmMetricQueryMetric": { + "properties": { + "dimensions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The dimensions for this metric. For the list of available dimensions see the AWS documentation [here](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricName": { + "type": "string", + "description": "The name for this metric.\nSee docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "description": "The namespace for this metric. See docs for the [list of namespaces](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html).\nSee docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "period": { + "type": "integer", + "description": "The period in seconds over which the specified `stat` is applied.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stat": { + "type": "string", + "description": "The statistic to apply to this metric.\nEither of the following is supported: `SampleCount`, `Average`, `Sum`, `Minimum`, `Maximum`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unit": { + "type": "string", + "description": "The unit for this metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "metricName", + "period", + "stat" + ] + }, + "aws:cloudwatch/MetricStreamExcludeFilter:MetricStreamExcludeFilter": { + "properties": { + "namespace": { + "type": "string", + "description": "Name of the metric namespace in the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "namespace" + ] + }, + "aws:cloudwatch/MetricStreamIncludeFilter:MetricStreamIncludeFilter": { + "properties": { + "namespace": { + "type": "string", + "description": "Name of the metric namespace in the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "namespace" + ] + }, + "aws:codeartifact/RepositoryExternalConnections:RepositoryExternalConnections": { + "properties": { + "externalConnectionName": { + "type": "string", + "description": "The name of the external connection associated with a repository.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "packageFormat": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "externalConnectionName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "externalConnectionName", + "packageFormat", + "status" + ] + } + } + }, + "aws:codeartifact/RepositoryUpstream:RepositoryUpstream": { + "properties": { + "repositoryName": { + "type": "string", + "description": "The name of an upstream repository.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "repositoryName" + ] + }, + "aws:codebuild/ProjectArtifacts:ProjectArtifacts": { + "properties": { + "artifactIdentifier": { + "type": "string", + "description": "Artifact identifier. Must be the same specified inside the AWS CodeBuild build specification.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encryptionDisabled": { + "type": "boolean", + "description": "Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`, this value is ignored. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "location": { + "type": "string", + "description": "Location of the source code from git or s3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the project. If `type` is set to `S3`, this is the name of the output artifact object\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespaceType": { + "type": "string", + "description": "Namespace to use in storing build artifacts. If `type` is set to `S3`, then valid values are `BUILD_ID` or `NONE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "overrideArtifactName": { + "type": "boolean", + "description": "Whether a name specified in the build specification overrides the artifact name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "packaging": { + "type": "string", + "description": "Type of build output artifact to create. If `type` is set to `S3`, valid values are `NONE`, `ZIP`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "If `type` is set to `S3`, this is the path to the output artifact.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of repository that contains the source code to be built. Valid values: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3`, `NO_SOURCE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:codebuild/ProjectBuildBatchConfig:ProjectBuildBatchConfig": { + "properties": { + "combineArtifacts": { + "type": "boolean", + "description": "Specifies if the build artifacts for the batch build should be combined into a single artifact location.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "restrictions": { + "$ref": "#/types/aws:codebuild/ProjectBuildBatchConfigRestrictions:ProjectBuildBatchConfigRestrictions", + "description": "Specifies the restrictions for the batch build.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceRole": { + "type": "string", + "description": "Specifies the service role ARN for the batch build project.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutInMins": { + "type": "integer", + "description": "Specifies the maximum amount of time, in minutes, that the batch build must be completed in.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "serviceRole" + ] + }, + "aws:codebuild/ProjectBuildBatchConfigRestrictions:ProjectBuildBatchConfigRestrictions": { + "properties": { + "computeTypesAlloweds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of strings that specify the compute types that are allowed for the batch build. See [Build environment compute types](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-compute-types.html) in the AWS CodeBuild User Guide for these values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maximumBuildsAllowed": { + "type": "integer", + "description": "Specifies the maximum number of builds allowed.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codebuild/ProjectCache:ProjectCache": { + "properties": { + "location": { + "type": "string", + "description": "Location of the source code from git or s3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "modes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies settings that AWS CodeBuild uses to store and reuse build dependencies. Valid values: `LOCAL_SOURCE_CACHE`, `LOCAL_DOCKER_LAYER_CACHE`, `LOCAL_CUSTOM_CACHE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of repository that contains the source code to be built. Valid values: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3`, `NO_SOURCE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codebuild/ProjectEnvironment:ProjectEnvironment": { + "properties": { + "certificate": { + "type": "string", + "description": "ARN of the S3 bucket, path prefix and object key that contains the PEM-encoded certificate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "computeType": { + "type": "string", + "description": "Information about the compute resources the build project will use. Valid values: `BUILD_GENERAL1_SMALL`, `BUILD_GENERAL1_MEDIUM`, `BUILD_GENERAL1_LARGE`, `BUILD_GENERAL1_2XLARGE`. `BUILD_GENERAL1_SMALL` is only valid if `type` is set to `LINUX_CONTAINER`. When `type` is set to `LINUX_GPU_CONTAINER`, `compute_type` must be `BUILD_GENERAL1_LARGE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "environmentVariables": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/ProjectEnvironmentEnvironmentVariable:ProjectEnvironmentEnvironmentVariable" + }, + "description": "Configuration block. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "image": { + "type": "string", + "description": "Docker image to use for this build project. Valid values include [Docker images provided by CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html) (e.g `aws/codebuild/standard:2.0`), [Docker Hub images](https://hub.docker.com/) (e.g. `nginx:latest`), and full Docker repository URIs such as those for ECR (e.g. `137112412989.dkr.ecr.us-west-2.amazonaws.com/amazonlinux:latest`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imagePullCredentialsType": { + "type": "string", + "description": "Type of credentials AWS CodeBuild uses to pull images in your build. Valid values: `CODEBUILD`, `SERVICE_ROLE`. When you use a cross-account or private registry image, you must use SERVICE_ROLE credentials. When you use an AWS CodeBuild curated image, you must use CodeBuild credentials. Defaults to `CODEBUILD`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "privilegedMode": { + "type": "boolean", + "description": "Whether to enable running the Docker daemon inside a Docker container. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "registryCredential": { + "$ref": "#/types/aws:codebuild/ProjectEnvironmentRegistryCredential:ProjectEnvironmentRegistryCredential", + "description": "Configuration block. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of repository that contains the source code to be built. Valid values: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3`, `NO_SOURCE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "computeType", + "image", + "type" + ] + }, + "aws:codebuild/ProjectEnvironmentEnvironmentVariable:ProjectEnvironmentEnvironmentVariable": { + "properties": { + "name": { + "type": "string", + "description": "Name of the project. If `type` is set to `S3`, this is the name of the output artifact object\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of repository that contains the source code to be built. Valid values: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3`, `NO_SOURCE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Environment variable's value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:codebuild/ProjectEnvironmentRegistryCredential:ProjectEnvironmentRegistryCredential": { + "properties": { + "credential": { + "type": "string", + "description": "ARN or name of credentials created using AWS Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "credentialProvider": { + "type": "string", + "description": "Service that created the credentials to access a private Docker registry. Valid value: `SECRETS_MANAGER` (AWS Secrets Manager).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "credential", + "credentialProvider" + ] + }, + "aws:codebuild/ProjectFileSystemLocation:ProjectFileSystemLocation": { + "properties": { + "identifier": { + "type": "string", + "description": "The name used to access a file system created by Amazon EFS. CodeBuild creates an environment variable by appending the identifier in all capital letters to CODEBUILD\\_. For example, if you specify my-efs for identifier, a new environment variable is create named CODEBUILD_MY-EFS.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "location": { + "type": "string", + "description": "A string that specifies the location of the file system created by Amazon EFS. Its format is `efs-dns-name:/directory-path`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountOptions": { + "type": "string", + "description": "The mount options for a file system created by AWS EFS.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The location in the container where you mount the file system.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Authorization type to use. The only valid value is `OAUTH`. This data type is deprecated and is no longer accurate or used. Use the `aws.codebuild.SourceCredential` resource instead.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codebuild/ProjectLogsConfig:ProjectLogsConfig": { + "properties": { + "cloudwatchLogs": { + "$ref": "#/types/aws:codebuild/ProjectLogsConfigCloudwatchLogs:ProjectLogsConfigCloudwatchLogs", + "description": "Configuration block. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3Logs": { + "$ref": "#/types/aws:codebuild/ProjectLogsConfigS3Logs:ProjectLogsConfigS3Logs", + "description": "Configuration block. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codebuild/ProjectLogsConfigCloudwatchLogs:ProjectLogsConfigCloudwatchLogs": { + "properties": { + "groupName": { + "type": "string", + "description": "Group name of the logs in CloudWatch Logs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "Current status of logs in S3 for a build project. Valid values: `ENABLED`, `DISABLED`. Defaults to `DISABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "streamName": { + "type": "string", + "description": "Stream name of the logs in CloudWatch Logs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codebuild/ProjectLogsConfigS3Logs:ProjectLogsConfigS3Logs": { + "properties": { + "encryptionDisabled": { + "type": "boolean", + "description": "Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`, this value is ignored. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "location": { + "type": "string", + "description": "Location of the source code from git or s3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "Current status of logs in S3 for a build project. Valid values: `ENABLED`, `DISABLED`. Defaults to `DISABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codebuild/ProjectSecondaryArtifact:ProjectSecondaryArtifact": { + "properties": { + "artifactIdentifier": { + "type": "string", + "description": "Artifact identifier. Must be the same specified inside the AWS CodeBuild build specification.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encryptionDisabled": { + "type": "boolean", + "description": "Whether to disable encrypting output artifacts. If `type` is set to `NO_ARTIFACTS`, this value is ignored. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "location": { + "type": "string", + "description": "Location of the source code from git or s3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the project. If `type` is set to `S3`, this is the name of the output artifact object\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespaceType": { + "type": "string", + "description": "Namespace to use in storing build artifacts. If `type` is set to `S3`, then valid values are `BUILD_ID` or `NONE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "overrideArtifactName": { + "type": "boolean", + "description": "Whether a name specified in the build specification overrides the artifact name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "packaging": { + "type": "string", + "description": "Type of build output artifact to create. If `type` is set to `S3`, valid values are `NONE`, `ZIP`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "If `type` is set to `S3`, this is the path to the output artifact.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of repository that contains the source code to be built. Valid values: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3`, `NO_SOURCE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "artifactIdentifier", + "type" + ] + }, + "aws:codebuild/ProjectSecondarySource:ProjectSecondarySource": { + "properties": { + "auth": { + "$ref": "#/types/aws:codebuild/ProjectSecondarySourceAuth:ProjectSecondarySourceAuth", + "description": "Configuration block with the authorization settings for AWS CodeBuild to access the source code to be built. This information is for the AWS CodeBuild console's use only. Use the `aws.codebuild.SourceCredential` resource instead. Auth blocks are documented below.\n", + "deprecationMessage": "Use the aws_codebuild_source_credential resource instead", + "language": { + "python": { + "mapCase": false + } + } + }, + "buildStatusConfig": { + "$ref": "#/types/aws:codebuild/ProjectSecondarySourceBuildStatusConfig:ProjectSecondarySourceBuildStatusConfig", + "description": "Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is `GITHUB`, `GITHUB_ENTERPRISE`, or `BITBUCKET`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "buildspec": { + "type": "string", + "description": "Build specification to use for this build project's related builds. This must be set when `type` is `NO_SOURCE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gitCloneDepth": { + "type": "integer", + "description": "Truncate git history to this many commits. Use `0` for a `Full` checkout which you need to run commands like `git branch --show-current`. See [AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-gitclone.html) for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gitSubmodulesConfig": { + "$ref": "#/types/aws:codebuild/ProjectSecondarySourceGitSubmodulesConfig:ProjectSecondarySourceGitSubmodulesConfig", + "description": "Configuration block. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "insecureSsl": { + "type": "boolean", + "description": "Ignore SSL warnings when connecting to source control.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "location": { + "type": "string", + "description": "Location of the source code from git or s3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "reportBuildStatus": { + "type": "boolean", + "description": "Whether to report the status of a build's start and finish to your source provider. This option is only valid when the `type` is `BITBUCKET` or `GITHUB`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceIdentifier": { + "type": "string", + "description": "Source identifier. Source data will be put inside a folder named as this parameter inside AWS CodeBuild source directory\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of repository that contains the source code to be built. Valid values: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3`, `NO_SOURCE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "sourceIdentifier", + "type" + ] + }, + "aws:codebuild/ProjectSecondarySourceAuth:ProjectSecondarySourceAuth": { + "properties": { + "resource": { + "type": "string", + "description": "Resource value that applies to the specified authorization type. Use the `aws.codebuild.SourceCredential` resource instead.\n", + "deprecationMessage": "Use the aws_codebuild_source_credential resource instead", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of repository that contains the source code to be built. Valid values: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3`, `NO_SOURCE`.\n", + "deprecationMessage": "Use the aws_codebuild_source_credential resource instead", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:codebuild/ProjectSecondarySourceBuildStatusConfig:ProjectSecondarySourceBuildStatusConfig": { + "properties": { + "context": { + "type": "string", + "description": "Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetUrl": { + "type": "string", + "description": "Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codebuild/ProjectSecondarySourceGitSubmodulesConfig:ProjectSecondarySourceGitSubmodulesConfig": { + "properties": { + "fetchSubmodules": { + "type": "boolean", + "description": "Whether to fetch Git submodules for the AWS CodeBuild build project.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fetchSubmodules" + ] + }, + "aws:codebuild/ProjectSource:ProjectSource": { + "properties": { + "auth": { + "$ref": "#/types/aws:codebuild/ProjectSourceAuth:ProjectSourceAuth", + "description": "Configuration block with the authorization settings for AWS CodeBuild to access the source code to be built. This information is for the AWS CodeBuild console's use only. Use the `aws.codebuild.SourceCredential` resource instead. Auth blocks are documented below.\n", + "deprecationMessage": "Use the aws_codebuild_source_credential resource instead", + "language": { + "python": { + "mapCase": false + } + } + }, + "buildStatusConfig": { + "$ref": "#/types/aws:codebuild/ProjectSourceBuildStatusConfig:ProjectSourceBuildStatusConfig", + "description": "Contains information that defines how the build project reports the build status to the source provider. This option is only used when the source provider is `GITHUB`, `GITHUB_ENTERPRISE`, or `BITBUCKET`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "buildspec": { + "type": "string", + "description": "Build specification to use for this build project's related builds. This must be set when `type` is `NO_SOURCE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gitCloneDepth": { + "type": "integer", + "description": "Truncate git history to this many commits. Use `0` for a `Full` checkout which you need to run commands like `git branch --show-current`. See [AWS CodePipeline User Guide: Tutorial: Use full clone with a GitHub pipeline source](https://docs.aws.amazon.com/codepipeline/latest/userguide/tutorials-github-gitclone.html) for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gitSubmodulesConfig": { + "$ref": "#/types/aws:codebuild/ProjectSourceGitSubmodulesConfig:ProjectSourceGitSubmodulesConfig", + "description": "Configuration block. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "insecureSsl": { + "type": "boolean", + "description": "Ignore SSL warnings when connecting to source control.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "location": { + "type": "string", + "description": "Location of the source code from git or s3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "reportBuildStatus": { + "type": "boolean", + "description": "Whether to report the status of a build's start and finish to your source provider. This option is only valid when the `type` is `BITBUCKET` or `GITHUB`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of repository that contains the source code to be built. Valid values: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3`, `NO_SOURCE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:codebuild/ProjectSourceAuth:ProjectSourceAuth": { + "properties": { + "resource": { + "type": "string", + "description": "Resource value that applies to the specified authorization type. Use the `aws.codebuild.SourceCredential` resource instead.\n", + "deprecationMessage": "Use the aws_codebuild_source_credential resource instead", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of repository that contains the source code to be built. Valid values: `CODECOMMIT`, `CODEPIPELINE`, `GITHUB`, `GITHUB_ENTERPRISE`, `BITBUCKET`, `S3`, `NO_SOURCE`.\n", + "deprecationMessage": "Use the aws_codebuild_source_credential resource instead", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:codebuild/ProjectSourceBuildStatusConfig:ProjectSourceBuildStatusConfig": { + "properties": { + "context": { + "type": "string", + "description": "Specifies the context of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetUrl": { + "type": "string", + "description": "Specifies the target url of the build status CodeBuild sends to the source provider. The usage of this parameter depends on the source provider.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codebuild/ProjectSourceGitSubmodulesConfig:ProjectSourceGitSubmodulesConfig": { + "properties": { + "fetchSubmodules": { + "type": "boolean", + "description": "Whether to fetch Git submodules for the AWS CodeBuild build project.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fetchSubmodules" + ] + }, + "aws:codebuild/ProjectVpcConfig:ProjectVpcConfig": { + "properties": { + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Security group IDs to assign to running builds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Subnet IDs within which to run builds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "ID of the VPC within which to run builds.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "securityGroupIds", + "subnets", + "vpcId" + ] + }, + "aws:codebuild/ReportGroupExportConfig:ReportGroupExportConfig": { + "properties": { + "s3Destination": { + "$ref": "#/types/aws:codebuild/ReportGroupExportConfigS3Destination:ReportGroupExportConfigS3Destination", + "description": "contains information about the S3 bucket where the run of a report is exported. see S3 Destination documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The export configuration type. Valid values are `S3` and `NO_EXPORT`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:codebuild/ReportGroupExportConfigS3Destination:ReportGroupExportConfigS3Destination": { + "properties": { + "bucket": { + "type": "string", + "description": "The name of the S3 bucket where the raw data of a report are exported.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encryptionDisabled": { + "type": "boolean", + "description": "A boolean value that specifies if the results of a report are encrypted.\n**Note: the API does not currently allow setting encryption as disabled**\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encryptionKey": { + "type": "string", + "description": "The encryption key for the report's encrypted raw data. The KMS key ARN.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "packaging": { + "type": "string", + "description": "The type of build output artifact to create. Valid values are: `NONE` (default) and `ZIP`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The path to the exported report's raw data results.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "encryptionKey" + ] + }, + "aws:codebuild/WebhookFilterGroup:WebhookFilterGroup": { + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/WebhookFilterGroupFilter:WebhookFilterGroupFilter" + }, + "description": "A webhook filter for the group. Filter blocks are documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codebuild/WebhookFilterGroupFilter:WebhookFilterGroupFilter": { + "properties": { + "excludeMatchedPattern": { + "type": "boolean", + "description": "If set to `true`, the specified filter does *not* trigger a build. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pattern": { + "type": "string", + "description": "For a filter that uses `EVENT` type, a comma-separated string that specifies one event: `PUSH`, `PULL_REQUEST_CREATED`, `PULL_REQUEST_UPDATED`, `PULL_REQUEST_REOPENED`. `PULL_REQUEST_MERGED` works with GitHub & GitHub Enterprise only. For a filter that uses any of the other filter types, a regular expression.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The webhook filter group's type. Valid values for this parameter are: `EVENT`, `BASE_REF`, `HEAD_REF`, `ACTOR_ACCOUNT_ID`, `FILE_PATH`, `COMMIT_MESSAGE`. At least one filter group must specify `EVENT` as its type.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "pattern", + "type" + ] + }, + "aws:codecommit/TriggerTrigger:TriggerTrigger": { + "properties": { + "branches": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The branches that will be included in the trigger configuration. If no branches are specified, the trigger will apply to all branches.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customData": { + "type": "string", + "description": "Any custom data associated with the trigger that will be included in the information sent to the target of the trigger.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "destinationArn": { + "type": "string", + "description": "The ARN of the resource that is the target for a trigger. For example, the ARN of a topic in Amazon Simple Notification Service (SNS).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "events": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The repository events that will cause the trigger to run actions in another service, such as sending a notification through Amazon Simple Notification Service (SNS). If no events are specified, the trigger will run for all repository events. Event types include: `all`, `updateReference`, `createReference`, `deleteReference`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the trigger.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destinationArn", + "events", + "name" + ] + }, + "aws:codedeploy/DeploymentConfigMinimumHealthyHosts:DeploymentConfigMinimumHealthyHosts": { + "properties": { + "type": { + "type": "string", + "description": "The type can either be `FLEET_PERCENT` or `HOST_COUNT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "The value when the type is `FLEET_PERCENT` represents the minimum number of healthy instances as\na percentage of the total number of instances in the deployment. If you specify FLEET_PERCENT, at the start of the\ndeployment, AWS CodeDeploy converts the percentage to the equivalent number of instance and rounds up fractional instances.\nWhen the type is `HOST_COUNT`, the value represents the minimum number of healthy instances as an absolute value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentConfigTrafficRoutingConfig:DeploymentConfigTrafficRoutingConfig": { + "properties": { + "timeBasedCanary": { + "$ref": "#/types/aws:codedeploy/DeploymentConfigTrafficRoutingConfigTimeBasedCanary:DeploymentConfigTrafficRoutingConfigTimeBasedCanary", + "description": "The time based canary configuration information. If `type` is `TimeBasedLinear`, use `time_based_linear` instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeBasedLinear": { + "$ref": "#/types/aws:codedeploy/DeploymentConfigTrafficRoutingConfigTimeBasedLinear:DeploymentConfigTrafficRoutingConfigTimeBasedLinear", + "description": "The time based linear configuration information. If `type` is `TimeBasedCanary`, use `time_based_canary` instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of traffic routing config. One of `TimeBasedCanary`, `TimeBasedLinear`, `AllAtOnce`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentConfigTrafficRoutingConfigTimeBasedCanary:DeploymentConfigTrafficRoutingConfigTimeBasedCanary": { + "properties": { + "interval": { + "type": "integer", + "description": "The number of minutes between the first and second traffic shifts of a `TimeBasedCanary` deployment.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "percentage": { + "type": "integer", + "description": "The percentage of traffic to shift in the first increment of a `TimeBasedCanary` deployment.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentConfigTrafficRoutingConfigTimeBasedLinear:DeploymentConfigTrafficRoutingConfigTimeBasedLinear": { + "properties": { + "interval": { + "type": "integer", + "description": "The number of minutes between each incremental traffic shift of a `TimeBasedLinear` deployment.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "percentage": { + "type": "integer", + "description": "The percentage of traffic that is shifted at the start of each increment of a `TimeBasedLinear` deployment.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupAlarmConfiguration:DeploymentGroupAlarmConfiguration": { + "properties": { + "alarms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of alarms configured for the deployment group. _A maximum of 10 alarms can be added to a deployment group_.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether the alarm configuration is enabled. This option is useful when you want to temporarily deactivate alarm monitoring for a deployment group without having to add the same alarms again later.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ignorePollAlarmFailure": { + "type": "boolean", + "description": "Indicates whether a deployment should continue if information about the current state of alarms cannot be retrieved from CloudWatch. The default value is `false`.\n* `true`: The deployment will proceed even if alarm status information can't be retrieved.\n* `false`: The deployment will stop if alarm status information can't be retrieved.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupAutoRollbackConfiguration:DeploymentGroupAutoRollbackConfiguration": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Indicates whether a defined automatic rollback configuration is currently enabled for this Deployment Group. If you enable automatic rollback, you must specify at least one event type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "events": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The event type or types that trigger a rollback. Supported types are `DEPLOYMENT_FAILURE` and `DEPLOYMENT_STOP_ON_ALARM`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupBlueGreenDeploymentConfig:DeploymentGroupBlueGreenDeploymentConfig": { + "properties": { + "deploymentReadyOption": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOption:DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOption", + "description": "Information about the action to take when newly provisioned instances are ready to receive traffic in a blue/green deployment (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "greenFleetProvisioningOption": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOption:DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOption", + "description": "Information about how instances are provisioned for a replacement environment in a blue/green deployment (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "terminateBlueInstancesOnDeploymentSuccess": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccess:DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccess", + "description": "Information about whether to terminate instances in the original fleet during a blue/green deployment (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "greenFleetProvisioningOption" + ] + } + } + }, + "aws:codedeploy/DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOption:DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOption": { + "properties": { + "actionOnTimeout": { + "type": "string", + "description": "When to reroute traffic from an original environment to a replacement environment in a blue/green deployment.\n* `CONTINUE_DEPLOYMENT`: Register new instances with the load balancer immediately after the new application revision is installed on the instances in the replacement environment.\n* `STOP_DEPLOYMENT`: Do not register new instances with load balancer unless traffic is rerouted manually. If traffic is not rerouted manually before the end of the specified wait period, the deployment status is changed to Stopped.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "waitTimeInMinutes": { + "type": "integer", + "description": "The number of minutes to wait before the status of a blue/green deployment changed to Stopped if rerouting is not started manually. Applies only to the `STOP_DEPLOYMENT` option for `action_on_timeout`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOption:DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOption": { + "properties": { + "action": { + "type": "string", + "description": "The method used to add instances to a replacement environment.\n* `DISCOVER_EXISTING`: Use instances that already exist or will be created manually.\n* `COPY_AUTO_SCALING_GROUP`: Use settings from a specified **Auto Scaling** group to define and create instances in a new Auto Scaling group. _Exactly one Auto Scaling group must be specified_ when selecting `COPY_AUTO_SCALING_GROUP`. Use `autoscaling_groups` to specify the Auto Scaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccess:DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccess": { + "properties": { + "action": { + "type": "string", + "description": "The action to take on instances in the original environment after a successful blue/green deployment.\n* `TERMINATE`: Instances are terminated after a specified wait time.\n* `KEEP_ALIVE`: Instances are left running after they are deregistered from the load balancer and removed from the deployment group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "terminationWaitTimeInMinutes": { + "type": "integer", + "description": "The number of minutes to wait after a successful blue/green deployment before terminating instances from the original environment.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupDeploymentStyle:DeploymentGroupDeploymentStyle": { + "properties": { + "deploymentOption": { + "type": "string", + "description": "Indicates whether to route deployment traffic behind a load balancer. Valid Values are `WITH_TRAFFIC_CONTROL` or `WITHOUT_TRAFFIC_CONTROL`. Default is `WITHOUT_TRAFFIC_CONTROL`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deploymentType": { + "type": "string", + "description": "Indicates whether to run an in-place deployment or a blue/green deployment. Valid Values are `IN_PLACE` or `BLUE_GREEN`. Default is `IN_PLACE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupEc2TagFilter:DeploymentGroupEc2TagFilter": { + "properties": { + "key": { + "type": "string", + "description": "The key of the tag filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of the tag filter, either `KEY_ONLY`, `VALUE_ONLY`, or `KEY_AND_VALUE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the tag filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupEc2TagSet:DeploymentGroupEc2TagSet": { + "properties": { + "ec2TagFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupEc2TagSetEc2TagFilter:DeploymentGroupEc2TagSetEc2TagFilter" + }, + "description": "Tag filters associated with the deployment group. See the AWS docs for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupEc2TagSetEc2TagFilter:DeploymentGroupEc2TagSetEc2TagFilter": { + "properties": { + "key": { + "type": "string", + "description": "The key of the tag filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of the tag filter, either `KEY_ONLY`, `VALUE_ONLY`, or `KEY_AND_VALUE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the tag filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupEcsService:DeploymentGroupEcsService": { + "properties": { + "clusterName": { + "type": "string", + "description": "The name of the ECS cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceName": { + "type": "string", + "description": "The name of the ECS service.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "clusterName", + "serviceName" + ] + }, + "aws:codedeploy/DeploymentGroupLoadBalancerInfo:DeploymentGroupLoadBalancerInfo": { + "properties": { + "elbInfos": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupLoadBalancerInfoElbInfo:DeploymentGroupLoadBalancerInfoElbInfo" + }, + "description": "The Classic Elastic Load Balancer to use in a deployment. Conflicts with `target_group_info` and `target_group_pair_info`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupInfos": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupLoadBalancerInfoTargetGroupInfo:DeploymentGroupLoadBalancerInfoTargetGroupInfo" + }, + "description": "The (Application/Network Load Balancer) target group to use in a deployment. Conflicts with `elb_info` and `target_group_pair_info`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupPairInfo": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupLoadBalancerInfoTargetGroupPairInfo:DeploymentGroupLoadBalancerInfoTargetGroupPairInfo", + "description": "The (Application/Network Load Balancer) target group pair to use in a deployment. Conflicts with `elb_info` and `target_group_info`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupLoadBalancerInfoElbInfo:DeploymentGroupLoadBalancerInfoElbInfo": { + "properties": { + "name": { + "type": "string", + "description": "The name of the load balancer that will be used to route traffic from original instances to replacement instances in a blue/green deployment. For in-place deployments, the name of the load balancer that instances are deregistered from so they are not serving traffic during a deployment, and then re-registered with after the deployment completes.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupLoadBalancerInfoTargetGroupInfo:DeploymentGroupLoadBalancerInfoTargetGroupInfo": { + "properties": { + "name": { + "type": "string", + "description": "The name of the target group that instances in the original environment are deregistered from, and instances in the replacement environment registered with. For in-place deployments, the name of the target group that instances are deregistered from, so they are not serving traffic during a deployment, and then re-registered with after the deployment completes.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupLoadBalancerInfoTargetGroupPairInfo:DeploymentGroupLoadBalancerInfoTargetGroupPairInfo": { + "properties": { + "prodTrafficRoute": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRoute:DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRoute", + "description": "Configuration block for the production traffic route (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroup:DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroup" + }, + "description": "Configuration blocks for a target group within a target group pair (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "testTrafficRoute": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTestTrafficRoute:DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTestTrafficRoute", + "description": "Configuration block for the test traffic route (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "prodTrafficRoute", + "targetGroups" + ] + }, + "aws:codedeploy/DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRoute:DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRoute": { + "properties": { + "listenerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Amazon Resource Names (ARNs) of the load balancer listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "listenerArns" + ] + }, + "aws:codedeploy/DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroup:DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroup": { + "properties": { + "name": { + "type": "string", + "description": "Name of the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:codedeploy/DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTestTrafficRoute:DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTestTrafficRoute": { + "properties": { + "listenerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Amazon Resource Names (ARNs) of the load balancer listeners.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "listenerArns" + ] + }, + "aws:codedeploy/DeploymentGroupOnPremisesInstanceTagFilter:DeploymentGroupOnPremisesInstanceTagFilter": { + "properties": { + "key": { + "type": "string", + "description": "The key of the tag filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of the tag filter, either `KEY_ONLY`, `VALUE_ONLY`, or `KEY_AND_VALUE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the tag filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codedeploy/DeploymentGroupTriggerConfiguration:DeploymentGroupTriggerConfiguration": { + "properties": { + "triggerEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The event type or types for which notifications are triggered. Some values that are supported: `DeploymentStart`, `DeploymentSuccess`, `DeploymentFailure`, `DeploymentStop`, `DeploymentRollback`, `InstanceStart`, `InstanceSuccess`, `InstanceFailure`. See [the CodeDeploy documentation](http://docs.aws.amazon.com/codedeploy/latest/userguide/monitoring-sns-event-notifications-create-trigger.html) for all possible values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "triggerName": { + "type": "string", + "description": "The name of the notification trigger.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "triggerTargetArn": { + "type": "string", + "description": "The ARN of the SNS topic through which notifications are sent.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "triggerEvents", + "triggerName", + "triggerTargetArn" + ] + }, + "aws:codepipeline/PipelineArtifactStore:PipelineArtifactStore": { + "properties": { + "encryptionKey": { + "$ref": "#/types/aws:codepipeline/PipelineArtifactStoreEncryptionKey:PipelineArtifactStoreEncryptionKey", + "description": "The encryption key block AWS CodePipeline uses to encrypt the data in the artifact store, such as an AWS Key Management Service (AWS KMS) key. If you don't specify a key, AWS CodePipeline uses the default key for Amazon Simple Storage Service (Amazon S3). An `encryption_key` block is documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "location": { + "type": "string", + "description": "The location where AWS CodePipeline stores artifacts for a pipeline; currently only `S3` is supported.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "The region where the artifact store is located. Required for a cross-region CodePipeline, do not provide for a single-region CodePipeline.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of the artifact store, such as Amazon S3\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "location", + "type" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "location", + "region", + "type" + ] + } + } + }, + "aws:codepipeline/PipelineArtifactStoreEncryptionKey:PipelineArtifactStoreEncryptionKey": { + "properties": { + "id": { + "type": "string", + "description": "The KMS key ARN or ID\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of key; currently only `KMS` is supported\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "id", + "type" + ] + }, + "aws:codepipeline/PipelineStage:PipelineStage": { + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:codepipeline/PipelineStageAction:PipelineStageAction" + }, + "description": "The action(s) to include in the stage. Defined as an `action` block below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the stage.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "actions", + "name" + ] + }, + "aws:codepipeline/PipelineStageAction:PipelineStageAction": { + "properties": { + "category": { + "type": "string", + "description": "A category defines what kind of action can be taken in the stage, and constrains the provider type for the action. Possible values are `Approval`, `Build`, `Deploy`, `Invoke`, `Source` and `Test`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "configuration": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of the action declaration's configuration. Configurations options for action types and providers can be found in the [Pipeline Structure Reference](http://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html#action-requirements) and [Action Structure Reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference.html) documentation.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "inputArtifacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of artifact names to be worked on.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The action declaration's name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "description": "The namespace all output variables will be accessed from.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outputArtifacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of artifact names to output. Output artifact names must be unique within a pipeline.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "owner": { + "type": "string", + "description": "The creator of the action being called. Possible values are `AWS`, `Custom` and `ThirdParty`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "provider": { + "type": "string", + "description": "The provider of the service being called by the action. Valid providers are determined by the action category. Provider names are listed in the [Action Structure Reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference.html) documentation.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "The region in which to run the action.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM service role that will perform the declared action. This is assumed through the roleArn for the pipeline.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "runOrder": { + "type": "integer", + "description": "The order in which actions are run.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "A string that identifies the action type.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "category", + "name", + "owner", + "provider", + "version" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "category", + "name", + "owner", + "provider", + "region", + "runOrder", + "version" + ] + } + } + }, + "aws:codepipeline/WebhookAuthenticationConfiguration:WebhookAuthenticationConfiguration": { + "properties": { + "allowedIpRange": { + "type": "string", + "description": "A valid CIDR block for `IP` filtering. Required for `IP`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "secretToken": { + "type": "string", + "description": "The shared secret for the GitHub repository webhook. Set this as `secret` in your `github_repository_webhook`'s `configuration` block. Required for `GITHUB_HMAC`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:codepipeline/WebhookFilter:WebhookFilter": { + "properties": { + "jsonPath": { + "type": "string", + "description": "The [JSON path](https://github.com/json-path/JsonPath) to filter on.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "matchEquals": { + "type": "string", + "description": "The value to match on (e.g. `refs/heads/{Branch}`). See [AWS docs](https://docs.aws.amazon.com/codepipeline/latest/APIReference/API_WebhookFilterRule.html) for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "jsonPath", + "matchEquals" + ] + }, + "aws:codestarconnections/HostVpcConfiguration:HostVpcConfiguration": { + "properties": { + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "he ID of the security group or security groups associated with the Amazon VPC connected to the infrastructure where your provider type is installed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of the subnet or subnets associated with the Amazon VPC connected to the infrastructure where your provider type is installed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tlsCertificate": { + "type": "string", + "description": "The value of the Transport Layer Security (TLS) certificate associated with the infrastructure where your provider type is installed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "The ID of the Amazon VPC connected to the infrastructure where your provider type is installed.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "securityGroupIds", + "subnetIds", + "vpcId" + ] + }, + "aws:codestarnotifications/NotificationRuleTarget:NotificationRuleTarget": { + "properties": { + "address": { + "type": "string", + "description": "The ARN of notification rule target. For example, a SNS Topic ARN.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The status of the notification rule. Possible values are `ENABLED` and `DISABLED`, default is `ENABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of the notification target. Default value is `SNS`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "address" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "address", + "status" + ] + } + } + }, + "aws:cognito/IdentityPoolCognitoIdentityProvider:IdentityPoolCognitoIdentityProvider": { + "properties": { + "clientId": { + "type": "string", + "description": "The client ID for the Amazon Cognito Identity User Pool.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "providerName": { + "type": "string", + "description": "The provider name for an Amazon Cognito Identity User Pool.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serverSideTokenCheck": { + "type": "boolean", + "description": "Whether server-side token validation is enabled for the identity provider’s token or not.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cognito/IdentityPoolRoleAttachmentRoleMapping:IdentityPoolRoleAttachmentRoleMapping": { + "properties": { + "ambiguousRoleResolution": { + "type": "string", + "description": "Specifies the action to be taken if either no rules match the claim value for the Rules type, or there is no cognito:preferred_role claim and there are multiple cognito:roles matches for the Token type. `Required` if you specify Token or Rules as the Type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "identityProvider": { + "type": "string", + "description": "A string identifying the identity provider, for example, \"graph.facebook.com\" or \"cognito-idp.us-east-1.amazonaws.com/us-east-1_abcdefghi:app_client_id\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mappingRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/IdentityPoolRoleAttachmentRoleMappingMappingRule:IdentityPoolRoleAttachmentRoleMappingMappingRule" + }, + "description": "The Rules Configuration to be used for mapping users to roles. You can specify up to 25 rules per identity provider. Rules are evaluated in order. The first one to match specifies the role.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The role mapping type.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "identityProvider", + "type" + ] + }, + "aws:cognito/IdentityPoolRoleAttachmentRoleMappingMappingRule:IdentityPoolRoleAttachmentRoleMappingMappingRule": { + "properties": { + "claim": { + "type": "string", + "description": "The claim name that must be present in the token, for example, \"isAdmin\" or \"paid\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "matchType": { + "type": "string", + "description": "The match condition that specifies how closely the claim value in the IdP token must match Value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The role ARN.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A brief string that the claim must match, for example, \"paid\" or \"yes\".\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "claim", + "matchType", + "roleArn", + "value" + ] + }, + "aws:cognito/ResourceServerScope:ResourceServerScope": { + "properties": { + "scopeDescription": { + "type": "string", + "description": "The scope description.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scopeName": { + "type": "string", + "description": "The scope name.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "scopeDescription", + "scopeName" + ] + }, + "aws:cognito/UserPoolAccountRecoverySetting:UserPoolAccountRecoverySetting": { + "properties": { + "recoveryMechanisms": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/UserPoolAccountRecoverySettingRecoveryMechanism:UserPoolAccountRecoverySettingRecoveryMechanism" + }, + "description": "List of Account Recovery Options of the following structure:\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recoveryMechanisms" + ] + }, + "aws:cognito/UserPoolAccountRecoverySettingRecoveryMechanism:UserPoolAccountRecoverySettingRecoveryMechanism": { + "properties": { + "name": { + "type": "string", + "description": "Name of the attribute.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "integer", + "description": "Positive integer specifying priority of a method with 1 being the highest priority.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "priority" + ] + }, + "aws:cognito/UserPoolAdminCreateUserConfig:UserPoolAdminCreateUserConfig": { + "properties": { + "allowAdminCreateUserOnly": { + "type": "boolean", + "description": "Set to True if only the administrator is allowed to create user profiles. Set to False if users can sign themselves up via an app.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "inviteMessageTemplate": { + "$ref": "#/types/aws:cognito/UserPoolAdminCreateUserConfigInviteMessageTemplate:UserPoolAdminCreateUserConfigInviteMessageTemplate", + "description": "Invite message template structure. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cognito/UserPoolAdminCreateUserConfigInviteMessageTemplate:UserPoolAdminCreateUserConfigInviteMessageTemplate": { + "properties": { + "emailMessage": { + "type": "string", + "description": "Email message template. Must contain the `{####}` placeholder. Conflicts with `email_verification_message` argument.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "emailSubject": { + "type": "string", + "description": "Subject line for the email message template. Conflicts with `email_verification_subject` argument.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "smsMessage": { + "type": "string", + "description": "SMS message template. Must contain the `{####}` placeholder. Conflicts with `sms_verification_message` argument.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cognito/UserPoolClientAnalyticsConfiguration:UserPoolClientAnalyticsConfiguration": { + "properties": { + "applicationArn": { + "type": "string", + "description": "Application ARN for an Amazon Pinpoint application. Conflicts with `external_id` and `role_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "applicationId": { + "type": "string", + "description": "Application ID for an Amazon Pinpoint application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "externalId": { + "type": "string", + "description": "ID for the Analytics Configuration. Conflicts with `application_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "ARN of an IAM role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics. Conflicts with `application_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userDataShared": { + "type": "boolean", + "description": "If set to `true`, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "roleArn" + ] + } + } + }, + "aws:cognito/UserPoolClientTokenValidityUnits:UserPoolClientTokenValidityUnits": { + "properties": { + "accessToken": { + "type": "string", + "description": "Time unit in for the value in `access_token_validity`, defaults to `hours`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "idToken": { + "type": "string", + "description": "Time unit in for the value in `id_token_validity`, defaults to `hours`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "refreshToken": { + "type": "string", + "description": "Time unit in for the value in `refresh_token_validity`, defaults to `days`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cognito/UserPoolDeviceConfiguration:UserPoolDeviceConfiguration": { + "properties": { + "challengeRequiredOnNewDevice": { + "type": "boolean", + "description": "Whether a challenge is required on a new device. Only applicable to a new device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceOnlyRememberedOnUserPrompt": { + "type": "boolean", + "description": "Whether a device is only remembered on user prompt. `false` equates to \"Always\" remember, `true` is \"User Opt In,\" and not using a `device_configuration` block is \"No.\"\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cognito/UserPoolEmailConfiguration:UserPoolEmailConfiguration": { + "properties": { + "configurationSet": { + "type": "string", + "description": "Email configuration set name from SES.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "emailSendingAccount": { + "type": "string", + "description": "Email delivery method to use. `COGNITO_DEFAULT` for the default email functionality built into Cognito or `DEVELOPER` to use your Amazon SES configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fromEmailAddress": { + "type": "string", + "description": "Sender’s email address or sender’s display name with their email address (e.g. `john@example.com`, `John Smith ` or `\\\"John Smith Ph.D.\\\" `). Escaped double quotes are required around display names that contain certain characters as specified in [RFC 5322](https://tools.ietf.org/html/rfc5322).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "replyToEmailAddress": { + "type": "string", + "description": "REPLY-TO email address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceArn": { + "type": "string", + "description": "ARN of the SES verified email identity to to use. Required if `email_sending_account` is set to `DEVELOPER`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cognito/UserPoolLambdaConfig:UserPoolLambdaConfig": { + "properties": { + "createAuthChallenge": { + "type": "string", + "description": "ARN of the lambda creating an authentication challenge.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customEmailSender": { + "$ref": "#/types/aws:cognito/UserPoolLambdaConfigCustomEmailSender:UserPoolLambdaConfigCustomEmailSender", + "description": "A custom email sender AWS Lambda trigger. See custom_email_sender Below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customMessage": { + "type": "string", + "description": "Custom Message AWS Lambda trigger.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customSmsSender": { + "$ref": "#/types/aws:cognito/UserPoolLambdaConfigCustomSmsSender:UserPoolLambdaConfigCustomSmsSender", + "description": "A custom SMS sender AWS Lambda trigger. See custom_sms_sender Below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "defineAuthChallenge": { + "type": "string", + "description": "Defines the authentication challenge.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "The Amazon Resource Name of Key Management Service Customer master keys. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to CustomEmailSender and CustomSMSSender.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "postAuthentication": { + "type": "string", + "description": "Post-authentication AWS Lambda trigger.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "postConfirmation": { + "type": "string", + "description": "Post-confirmation AWS Lambda trigger.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "preAuthentication": { + "type": "string", + "description": "Pre-authentication AWS Lambda trigger.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "preSignUp": { + "type": "string", + "description": "Pre-registration AWS Lambda trigger.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "preTokenGeneration": { + "type": "string", + "description": "Allow to customize identity token claims before token generation.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userMigration": { + "type": "string", + "description": "User migration Lambda config type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "verifyAuthChallengeResponse": { + "type": "string", + "description": "Verifies the authentication challenge response.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "customEmailSender", + "customSmsSender" + ] + } + } + }, + "aws:cognito/UserPoolLambdaConfigCustomEmailSender:UserPoolLambdaConfigCustomEmailSender": { + "properties": { + "lambdaArn": { + "type": "string", + "description": "he Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambdaVersion": { + "type": "string", + "description": "The Lambda version represents the signature of the \"request\" attribute in the \"event\" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is `V1_0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "lambdaArn", + "lambdaVersion" + ] + }, + "aws:cognito/UserPoolLambdaConfigCustomSmsSender:UserPoolLambdaConfigCustomSmsSender": { + "properties": { + "lambdaArn": { + "type": "string", + "description": "he Lambda Amazon Resource Name of the Lambda function that Amazon Cognito triggers to send SMS notifications to users.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambdaVersion": { + "type": "string", + "description": "The Lambda version represents the signature of the \"request\" attribute in the \"event\" information Amazon Cognito passes to your custom SMS Lambda function. The only supported value is `V1_0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "lambdaArn", + "lambdaVersion" + ] + }, + "aws:cognito/UserPoolPasswordPolicy:UserPoolPasswordPolicy": { + "properties": { + "minimumLength": { + "type": "integer", + "description": "Minimum length of the password policy that you have set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "requireLowercase": { + "type": "boolean", + "description": "Whether you have required users to use at least one lowercase letter in their password.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "requireNumbers": { + "type": "boolean", + "description": "Whether you have required users to use at least one number in their password.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "requireSymbols": { + "type": "boolean", + "description": "Whether you have required users to use at least one symbol in their password.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "requireUppercase": { + "type": "boolean", + "description": "Whether you have required users to use at least one uppercase letter in their password.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "temporaryPasswordValidityDays": { + "type": "integer", + "description": "In the password policy you have set, refers to the number of days a temporary password is valid. If the user does not sign-in during this time, their password will need to be reset by an administrator.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cognito/UserPoolSchema:UserPoolSchema": { + "properties": { + "attributeDataType": { + "type": "string", + "description": "Attribute data type. Must be one of `Boolean`, `Number`, `String`, `DateTime`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "developerOnlyAttribute": { + "type": "boolean", + "description": "Whether the attribute type is developer only.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mutable": { + "type": "boolean", + "description": "Whether the attribute can be changed once it has been created.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the attribute.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberAttributeConstraints": { + "$ref": "#/types/aws:cognito/UserPoolSchemaNumberAttributeConstraints:UserPoolSchemaNumberAttributeConstraints", + "description": "Configuration block for the constraints for an attribute of the number type. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "required": { + "type": "boolean", + "description": "Whether a user pool attribute is required. If the attribute is required and the user does not provide a value, registration or sign-in will fail.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stringAttributeConstraints": { + "$ref": "#/types/aws:cognito/UserPoolSchemaStringAttributeConstraints:UserPoolSchemaStringAttributeConstraints", + "description": "Constraints for an attribute of the string type. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "attributeDataType", + "name" + ] + }, + "aws:cognito/UserPoolSchemaNumberAttributeConstraints:UserPoolSchemaNumberAttributeConstraints": { + "properties": { + "maxValue": { + "type": "string", + "description": "Maximum value of an attribute that is of the number data type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minValue": { + "type": "string", + "description": "Minimum value of an attribute that is of the number data type.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cognito/UserPoolSchemaStringAttributeConstraints:UserPoolSchemaStringAttributeConstraints": { + "properties": { + "maxLength": { + "type": "string", + "description": "Maximum length of an attribute value of the string type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minLength": { + "type": "string", + "description": "Minimum length of an attribute value of the string type.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:cognito/UserPoolSmsConfiguration:UserPoolSmsConfiguration": { + "properties": { + "externalId": { + "type": "string", + "description": "External ID used in IAM role trust relationships. For more information about using external IDs, see [How to Use an External ID When Granting Access to Your AWS Resources to a Third Party](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snsCallerArn": { + "type": "string", + "description": "ARN of the Amazon SNS caller. This is usually the IAM role that you've given Cognito permission to assume.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "externalId", + "snsCallerArn" + ] + }, + "aws:cognito/UserPoolSoftwareTokenMfaConfiguration:UserPoolSoftwareTokenMfaConfiguration": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Boolean whether to enable software token Multi-Factor (MFA) tokens, such as Time-based One-Time Password (TOTP). To disable software token MFA When `sms_configuration` is not present, the `mfa_configuration` argument must be set to `OFF` and the `software_token_mfa_configuration` configuration block must be fully removed.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ] + }, + "aws:cognito/UserPoolUserPoolAddOns:UserPoolUserPoolAddOns": { + "properties": { + "advancedSecurityMode": { + "type": "string", + "description": "Mode for advanced security, must be one of `OFF`, `AUDIT` or `ENFORCED`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "advancedSecurityMode" + ] + }, + "aws:cognito/UserPoolUsernameConfiguration:UserPoolUsernameConfiguration": { + "properties": { + "caseSensitive": { + "type": "boolean", + "description": "Whether username case sensitivity will be applied for all users in the user pool through Cognito APIs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "caseSensitive" + ] + }, + "aws:cognito/UserPoolVerificationMessageTemplate:UserPoolVerificationMessageTemplate": { + "properties": { + "defaultEmailOption": { + "type": "string", + "description": "Default email option. Must be either `CONFIRM_WITH_CODE` or `CONFIRM_WITH_LINK`. Defaults to `CONFIRM_WITH_CODE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "emailMessage": { + "type": "string", + "description": "Email message template. Must contain the `{####}` placeholder. Conflicts with `email_verification_message` argument.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "emailMessageByLink": { + "type": "string", + "description": "Email message template for sending a confirmation link to the user, it must contain the `{##Click Here##}` placeholder.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "emailSubject": { + "type": "string", + "description": "Subject line for the email message template. Conflicts with `email_verification_subject` argument.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "emailSubjectByLink": { + "type": "string", + "description": "Subject line for the email message template for sending a confirmation link to the user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "smsMessage": { + "type": "string", + "description": "SMS message template. Must contain the `{####}` placeholder. Conflicts with `sms_verification_message` argument.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "emailMessage", + "emailMessageByLink", + "emailSubject", + "emailSubjectByLink", + "smsMessage" + ] + } + } + }, + "aws:config/assumeRole:assumeRole": { + "properties": { + "durationSeconds": { + "type": "integer" + }, + "externalId": { + "type": "string" + }, + "policy": { + "type": "string" + }, + "policyArns": { + "type": "array", + "items": { + "type": "string" + } + }, + "roleArn": { + "type": "string" + }, + "sessionName": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitiveTagKeys": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aws:config/defaultTags:defaultTags": { + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "aws:config/endpoints:endpoints": { + "properties": { + "accessanalyzer": { + "type": "string" + }, + "acm": { + "type": "string" + }, + "acmpca": { + "type": "string" + }, + "amplify": { + "type": "string" + }, + "apigateway": { + "type": "string" + }, + "appconfig": { + "type": "string" + }, + "applicationautoscaling": { + "type": "string" + }, + "applicationinsights": { + "type": "string" + }, + "appmesh": { + "type": "string" + }, + "apprunner": { + "type": "string" + }, + "appstream": { + "type": "string" + }, + "appsync": { + "type": "string" + }, + "athena": { + "type": "string" + }, + "auditmanager": { + "type": "string" + }, + "autoscaling": { + "type": "string" + }, + "autoscalingplans": { + "type": "string" + }, + "backup": { + "type": "string" + }, + "batch": { + "type": "string" + }, + "budgets": { + "type": "string" + }, + "chime": { + "type": "string" + }, + "cloud9": { + "type": "string" + }, + "cloudformation": { + "type": "string" + }, + "cloudfront": { + "type": "string" + }, + "cloudhsm": { + "type": "string" + }, + "cloudsearch": { + "type": "string" + }, + "cloudtrail": { + "type": "string" + }, + "cloudwatch": { + "type": "string" + }, + "cloudwatchevents": { + "type": "string" + }, + "cloudwatchlogs": { + "type": "string" + }, + "codeartifact": { + "type": "string" + }, + "codebuild": { + "type": "string" + }, + "codecommit": { + "type": "string" + }, + "codedeploy": { + "type": "string" + }, + "codepipeline": { + "type": "string" + }, + "codestarconnections": { + "type": "string" + }, + "cognitoidentity": { + "type": "string" + }, + "cognitoidp": { + "type": "string" + }, + "configservice": { + "type": "string" + }, + "connect": { + "type": "string" + }, + "cur": { + "type": "string" + }, + "dataexchange": { + "type": "string" + }, + "datapipeline": { + "type": "string" + }, + "datasync": { + "type": "string" + }, + "dax": { + "type": "string" + }, + "detective": { + "type": "string" + }, + "devicefarm": { + "type": "string" + }, + "directconnect": { + "type": "string" + }, + "dlm": { + "type": "string" + }, + "dms": { + "type": "string" + }, + "docdb": { + "type": "string" + }, + "ds": { + "type": "string" + }, + "dynamodb": { + "type": "string" + }, + "ec2": { + "type": "string" + }, + "ecr": { + "type": "string" + }, + "ecrpublic": { + "type": "string" + }, + "ecs": { + "type": "string" + }, + "efs": { + "type": "string" + }, + "eks": { + "type": "string" + }, + "elasticache": { + "type": "string" + }, + "elasticbeanstalk": { + "type": "string" + }, + "elastictranscoder": { + "type": "string" + }, + "elb": { + "type": "string" + }, + "emr": { + "type": "string" + }, + "emrcontainers": { + "type": "string" + }, + "es": { + "type": "string" + }, + "firehose": { + "type": "string" + }, + "fms": { + "type": "string" + }, + "forecast": { + "type": "string" + }, + "fsx": { + "type": "string" + }, + "gamelift": { + "type": "string" + }, + "glacier": { + "type": "string" + }, + "globalaccelerator": { + "type": "string" + }, + "glue": { + "type": "string" + }, + "greengrass": { + "type": "string" + }, + "guardduty": { + "type": "string" + }, + "iam": { + "type": "string" + }, + "identitystore": { + "type": "string" + }, + "imagebuilder": { + "type": "string" + }, + "inspector": { + "type": "string" + }, + "iot": { + "type": "string" + }, + "iotanalytics": { + "type": "string" + }, + "iotevents": { + "type": "string" + }, + "kafka": { + "type": "string" + }, + "kinesis": { + "type": "string" + }, + "kinesisanalytics": { + "type": "string" + }, + "kinesisanalyticsv2": { + "type": "string" + }, + "kinesisvideo": { + "type": "string" + }, + "kms": { + "type": "string" + }, + "lakeformation": { + "type": "string" + }, + "lambda": { + "type": "string" + }, + "lexmodels": { + "type": "string" + }, + "licensemanager": { + "type": "string" + }, + "lightsail": { + "type": "string" + }, + "location": { + "type": "string" + }, + "macie": { + "type": "string" + }, + "macie2": { + "type": "string" + }, + "managedblockchain": { + "type": "string" + }, + "marketplacecatalog": { + "type": "string" + }, + "mediaconnect": { + "type": "string" + }, + "mediaconvert": { + "type": "string" + }, + "medialive": { + "type": "string" + }, + "mediapackage": { + "type": "string" + }, + "mediastore": { + "type": "string" + }, + "mediastoredata": { + "type": "string" + }, + "mq": { + "type": "string" + }, + "mwaa": { + "type": "string" + }, + "neptune": { + "type": "string" + }, + "networkfirewall": { + "type": "string" + }, + "networkmanager": { + "type": "string" + }, + "opsworks": { + "type": "string" + }, + "organizations": { + "type": "string" + }, + "outposts": { + "type": "string" + }, + "personalize": { + "type": "string" + }, + "pinpoint": { + "type": "string" + }, + "pricing": { + "type": "string" + }, + "qldb": { + "type": "string" + }, + "quicksight": { + "type": "string" + }, + "ram": { + "type": "string" + }, + "rds": { + "type": "string" + }, + "redshift": { + "type": "string" + }, + "resourcegroups": { + "type": "string" + }, + "resourcegroupstaggingapi": { + "type": "string" + }, + "route53": { + "type": "string" + }, + "route53domains": { + "type": "string" + }, + "route53recoverycontrolconfig": { + "type": "string" + }, + "route53recoveryreadiness": { + "type": "string" + }, + "route53resolver": { + "type": "string" + }, + "s3": { + "type": "string" + }, + "s3control": { + "type": "string" + }, + "s3outposts": { + "type": "string" + }, + "sagemaker": { + "type": "string" + }, + "schemas": { + "type": "string" + }, + "sdb": { + "type": "string" + }, + "secretsmanager": { + "type": "string" + }, + "securityhub": { + "type": "string" + }, + "serverlessrepo": { + "type": "string" + }, + "servicecatalog": { + "type": "string" + }, + "servicediscovery": { + "type": "string" + }, + "servicequotas": { + "type": "string" + }, + "ses": { + "type": "string" + }, + "shield": { + "type": "string" + }, + "signer": { + "type": "string" + }, + "sns": { + "type": "string" + }, + "sqs": { + "type": "string" + }, + "ssm": { + "type": "string" + }, + "ssoadmin": { + "type": "string" + }, + "stepfunctions": { + "type": "string" + }, + "storagegateway": { + "type": "string" + }, + "sts": { + "type": "string" + }, + "swf": { + "type": "string" + }, + "synthetics": { + "type": "string" + }, + "timestreamwrite": { + "type": "string" + }, + "transfer": { + "type": "string" + }, + "waf": { + "type": "string" + }, + "wafregional": { + "type": "string" + }, + "wafv2": { + "type": "string" + }, + "worklink": { + "type": "string" + }, + "workmail": { + "type": "string" + }, + "workspaces": { + "type": "string" + }, + "xray": { + "type": "string" + } + }, + "type": "object" + }, + "aws:config/ignoreTags:ignoreTags": { + "properties": { + "keyPrefixes": { + "type": "array", + "items": { + "type": "string" + } + }, + "keys": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object" + }, + "aws:datasync/EfsLocationEc2Config:EfsLocationEc2Config": { + "properties": { + "securityGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Amazon Resource Names (ARNs) of the EC2 Security Groups that are associated with the EFS Mount Target.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EC2 Subnet that is associated with the EFS Mount Target.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "securityGroupArns", + "subnetArn" + ] + }, + "aws:datasync/LocationSmbMountOptions:LocationSmbMountOptions": { + "properties": { + "version": { + "type": "string", + "description": "The specific SMB version that you want DataSync to use for mounting your SMB share. Valid values: `AUTOMATIC`, `SMB2`, and `SMB3`. Default: `AUTOMATIC`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:datasync/NfsLocationMountOptions:NfsLocationMountOptions": { + "properties": { + "version": { + "type": "string", + "description": "The specific NFS version that you want DataSync to use for mounting your NFS share. Valid values: `AUTOMATIC`, `NFS3`, `NFS4_0` and `NFS4_1`. Default: `AUTOMATIC`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:datasync/NfsLocationOnPremConfig:NfsLocationOnPremConfig": { + "properties": { + "agentArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Amazon Resource Names (ARNs) of the DataSync Agents used to connect to the NFS server.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "agentArns" + ] + }, + "aws:datasync/S3LocationS3Config:S3LocationS3Config": { + "properties": { + "bucketAccessRoleArn": { + "type": "string", + "description": "Amazon Resource Names (ARN) of the IAM Role used to connect to the S3 Bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketAccessRoleArn" + ] + }, + "aws:datasync/TaskExcludes:TaskExcludes": { + "properties": { + "filterType": { + "type": "string", + "description": "The type of filter rule to apply. Valid values: `SIMPLE_PATTERN`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A single filter string that consists of the patterns to include or exclude. The patterns are delimited by \"|\" (that is, a pipe), for example: `/folder1|/folder2`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:datasync/TaskOptions:TaskOptions": { + "properties": { + "atime": { + "type": "string", + "description": "A file metadata that shows the last time a file was accessed (that is when the file was read or written to). If set to `BEST_EFFORT`, the DataSync Task attempts to preserve the original (that is, the version before sync `PREPARING` phase) `atime` attribute on all source files. Valid values: `BEST_EFFORT`, `NONE`. Default: `BEST_EFFORT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bytesPerSecond": { + "type": "integer", + "description": "Limits the bandwidth utilized. For example, to set a maximum of 1 MB, set this value to `1048576`. Value values: `-1` or greater. Default: `-1` (unlimited).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gid": { + "type": "string", + "description": "Group identifier of the file's owners. Valid values: `BOTH`, `INT_VALUE`, `NAME`, `NONE`. Default: `INT_VALUE` (preserve integer value of the ID).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logLevel": { + "type": "string", + "description": "Determines the type of logs that DataSync publishes to a log stream in the Amazon CloudWatch log group that you provide. Valid values: `OFF`, `BASIC`, `TRANSFER`. Default: `OFF`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mtime": { + "type": "string", + "description": "A file metadata that indicates the last time a file was modified (written to) before the sync `PREPARING` phase. Value values: `NONE`, `PRESERVE`. Default: `PRESERVE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "overwriteMode": { + "type": "string", + "description": "Determines whether files at the destination should be overwritten or preserved when copying files. Valid values: `ALWAYS`, `NEVER`. Default: `ALWAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "posixPermissions": { + "type": "string", + "description": "Determines which users or groups can access a file for a specific purpose such as reading, writing, or execution of the file. Valid values: `NONE`, `PRESERVE`. Default: `PRESERVE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "preserveDeletedFiles": { + "type": "string", + "description": "Whether files deleted in the source should be removed or preserved in the destination file system. Valid values: `PRESERVE`, `REMOVE`. Default: `PRESERVE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "preserveDevices": { + "type": "string", + "description": "Whether the DataSync Task should preserve the metadata of block and character devices in the source files system, and recreate the files with that device name and metadata on the destination. The DataSync Task can’t sync the actual contents of such devices, because many of the devices are non-terminal and don’t return an end of file (EOF) marker. Valid values: `NONE`, `PRESERVE`. Default: `NONE` (ignore special devices).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "taskQueueing": { + "type": "string", + "description": "Determines whether tasks should be queued before executing the tasks. Valid values: `ENABLED`, `DISABLED`. Default `ENABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "transferMode": { + "type": "string", + "description": "Determines whether DataSync transfers only the data and metadata that differ between the source and the destination location, or whether DataSync transfers all the content from the source, without comparing to the destination location. Valid values: `CHANGED`, `ALL`. Default: `CHANGED`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uid": { + "type": "string", + "description": "User identifier of the file's owners. Valid values: `BOTH`, `INT_VALUE`, `NAME`, `NONE`. Default: `INT_VALUE` (preserve integer value of the ID).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "verifyMode": { + "type": "string", + "description": "Whether a data integrity verification should be performed at the end of a task execution after all data and metadata have been transferred. Valid values: `NONE`, `POINT_IN_TIME_CONSISTENT`, `ONLY_FILES_TRANSFERRED`. Default: `POINT_IN_TIME_CONSISTENT`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:datasync/TaskSchedule:TaskSchedule": { + "properties": { + "scheduleExpression": { + "type": "string", + "description": "Specifies the schedule you want your task to use for repeated executions. For more information, see [Schedule Expressions for Rules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "scheduleExpression" + ] + }, + "aws:dax/ClusterNode:ClusterNode": { + "properties": { + "address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "availabilityZone": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "integer", + "description": "The port used by the configuration endpoint\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "address", + "availabilityZone", + "id", + "port" + ] + } + } + }, + "aws:dax/ClusterServerSideEncryption:ClusterServerSideEncryption": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable encryption at rest. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:dax/ParameterGroupParameter:ParameterGroupParameter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value for the parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:directoryservice/DirectoryConnectSettings:DirectoryConnectSettings": { + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "connectIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IP addresses of the AD Connector servers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customerDnsIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The DNS IP addresses of the domain to connect to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customerUsername": { + "type": "string", + "description": "The username corresponding to the password provided.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "The identifier of the VPC that the directory is in.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "customerDnsIps", + "customerUsername", + "subnetIds", + "vpcId" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "availabilityZones", + "connectIps", + "customerDnsIps", + "customerUsername", + "subnetIds", + "vpcId" + ] + } + } + }, + "aws:directoryservice/DirectoryVpcSettings:DirectoryVpcSettings": { + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the subnets for the directory servers (2 subnets in 2 different AZs).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "The identifier of the VPC that the directory is in.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "subnetIds", + "vpcId" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "availabilityZones", + "subnetIds", + "vpcId" + ] + } + } + }, + "aws:directoryservice/getDirectoryConnectSetting:getDirectoryConnectSetting": { + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "connectIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IP addresses of the AD Connector servers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customerDnsIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The DNS IP addresses of the domain to connect to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customerUsername": { + "type": "string", + "description": "The username corresponding to the password provided.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the subnets for the connector servers (2 subnets in 2 different AZs).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC that the connector is in.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "availabilityZones", + "connectIps", + "customerDnsIps", + "customerUsername", + "subnetIds", + "vpcId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:directoryservice/getDirectoryVpcSetting:getDirectoryVpcSetting": { + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the subnets for the connector servers (2 subnets in 2 different AZs).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC that the connector is in.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "availabilityZones", + "subnetIds", + "vpcId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:dlm/LifecyclePolicyPolicyDetails:LifecyclePolicyPolicyDetails": { + "properties": { + "resourceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of resource types that should be targeted by the lifecycle policy. `VOLUME` is currently the only allowed value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schedules": { + "type": "array", + "items": { + "$ref": "#/types/aws:dlm/LifecyclePolicyPolicyDetailsSchedule:LifecyclePolicyPolicyDetailsSchedule" + }, + "description": "See the `schedule` configuration block.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tag keys and their values. Any resources that match the `resource_types` and are tagged with _any_ of these tags will be targeted.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceTypes", + "schedules", + "targetTags" + ] + }, + "aws:dlm/LifecyclePolicyPolicyDetailsSchedule:LifecyclePolicyPolicyDetailsSchedule": { + "properties": { + "copyTags": { + "type": "boolean", + "description": "Copy all user-defined tags on a source volume to snapshots of the volume created by this policy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "createRule": { + "$ref": "#/types/aws:dlm/LifecyclePolicyPolicyDetailsScheduleCreateRule:LifecyclePolicyPolicyDetailsScheduleCreateRule", + "description": "See the `create_rule` block. Max of 1 per schedule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "A name for the schedule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "retainRule": { + "$ref": "#/types/aws:dlm/LifecyclePolicyPolicyDetailsScheduleRetainRule:LifecyclePolicyPolicyDetailsScheduleRetainRule", + "description": "See the `retain_rule` block. Max of 1 per schedule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tagsToAdd": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tag keys and their values. DLM lifecycle policies will already tag the snapshot with the tags on the volume. This configuration adds extra tags on top of these.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "createRule", + "name", + "retainRule" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "copyTags", + "createRule", + "name", + "retainRule" + ] + } + } + }, + "aws:dlm/LifecyclePolicyPolicyDetailsScheduleCreateRule:LifecyclePolicyPolicyDetailsScheduleCreateRule": { + "properties": { + "interval": { + "type": "integer", + "description": "How often this lifecycle policy should be evaluated. `1`, `2`,`3`,`4`,`6`,`8`,`12` or `24` are valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "intervalUnit": { + "type": "string", + "description": "The unit for how often the lifecycle policy should be evaluated. `HOURS` is currently the only allowed value and also the default value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "times": { + "type": "string", + "description": "A list of times in 24 hour clock format that sets when the lifecycle policy should be evaluated. Max of 1.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "interval" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "interval", + "times" + ] + } + } + }, + "aws:dlm/LifecyclePolicyPolicyDetailsScheduleRetainRule:LifecyclePolicyPolicyDetailsScheduleRetainRule": { + "properties": { + "count": { + "type": "integer", + "description": "How many snapshots to keep. Must be an integer between 1 and 1000.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "count" + ] + }, + "aws:dms/EndpointElasticsearchSettings:EndpointElasticsearchSettings": { + "properties": { + "endpointUri": { + "type": "string", + "description": "Endpoint for the Elasticsearch cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "errorRetryDuration": { + "type": "integer", + "description": "Maximum number of seconds for which DMS retries failed API requests to the Elasticsearch cluster. Defaults to `300`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fullLoadErrorPercentage": { + "type": "integer", + "description": "Maximum percentage of records that can fail to be written before a full load operation stops. Defaults to `10`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceAccessRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role with permissions to write to the Elasticsearch cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "endpointUri", + "serviceAccessRoleArn" + ] + }, + "aws:dms/EndpointKafkaSettings:EndpointKafkaSettings": { + "properties": { + "broker": { + "type": "string", + "description": "Kafka broker location. Specify in the form broker-hostname-or-ip:port.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "topic": { + "type": "string", + "description": "Kafka topic for migration. Defaults to `kafka-default-topic`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "broker" + ] + }, + "aws:dms/EndpointKinesisSettings:EndpointKinesisSettings": { + "properties": { + "messageFormat": { + "type": "string", + "description": "Output format for the records created. Defaults to `json`. Valid values are `json` and `json_unformatted` (a single line with no tab).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceAccessRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role with permissions to write to the Kinesis data stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "streamArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Kinesis data stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:dms/EndpointMongodbSettings:EndpointMongodbSettings": { + "properties": { + "authMechanism": { + "type": "string", + "description": "Authentication mechanism to access the MongoDB source endpoint. Defaults to `default`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authSource": { + "type": "string", + "description": "Authentication database name. Not used when `auth_type` is `no`. Defaults to `admin`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authType": { + "type": "string", + "description": "Authentication type to access the MongoDB source endpoint. Defaults to `password`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "docsToInvestigate": { + "type": "string", + "description": "Number of documents to preview to determine the document organization. Use this setting when `nesting_level` is set to `one`. Defaults to `1000`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "extractDocId": { + "type": "string", + "description": "Document ID. Use this setting when `nesting_level` is set to `none`. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "nestingLevel": { + "type": "string", + "description": "Specifies either document or table mode. Defaults to `none`. Valid values are `one` (table mode) and `none` (document mode).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:dms/EndpointS3Settings:EndpointS3Settings": { + "properties": { + "bucketFolder": { + "type": "string", + "description": "S3 Bucket Object prefix.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucketName": { + "type": "string", + "description": "S3 Bucket name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compressionType": { + "type": "string", + "description": "Set to compress target files. Defaults to `NONE`. Valid values are `GZIP` and `NONE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "csvDelimiter": { + "type": "string", + "description": "Delimiter used to separate columns in the source files. Defaults to `,`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "csvRowDelimiter": { + "type": "string", + "description": "Delimiter used to separate rows in the source files. Defaults to `\\n`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "datePartitionEnabled": { + "type": "boolean", + "description": "Partition S3 bucket folders based on transaction commit dates. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "externalTableDefinition": { + "type": "string", + "description": "JSON document that describes how AWS DMS should interpret the data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceAccessRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role with permissions to read from or write to the S3 Bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:docdb/ClusterParameterGroupParameter:ClusterParameterGroupParameter": { + "properties": { + "applyMethod": { + "type": "string", + "description": "Valid values are `immediate` and `pending-reboot`. Defaults to `pending-reboot`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the documentDB parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the documentDB parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:dynamodb/GlobalTableReplica:GlobalTableReplica": { + "properties": { + "regionName": { + "type": "string", + "description": "AWS region name of replica DynamoDB Table. e.g. `us-east-1`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "regionName" + ] + }, + "aws:dynamodb/TableAttribute:TableAttribute": { + "properties": { + "name": { + "type": "string", + "description": "The name of the index\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Attribute type, which must be a scalar type: `S`, `N`, or `B` for (S)tring, (N)umber or (B)inary data\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "type" + ] + }, + "aws:dynamodb/TableGlobalSecondaryIndex:TableGlobalSecondaryIndex": { + "properties": { + "hashKey": { + "type": "string", + "description": "The name of the hash key in the index; must be\ndefined as an attribute in the resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the index\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "nonKeyAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Only required with `INCLUDE` as a\nprojection type; a list of attributes to project into the index. These\ndo not need to be defined as attributes on the table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "projectionType": { + "type": "string", + "description": "One of `ALL`, `INCLUDE` or `KEYS_ONLY`\nwhere `ALL` projects every attribute into the index, `KEYS_ONLY`\nprojects just the hash and range key into the index, and `INCLUDE`\nprojects only the keys specified in the _non_key_attributes_\nparameter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rangeKey": { + "type": "string", + "description": "The name of the range key; must be defined\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "readCapacity": { + "type": "integer", + "description": "The number of read units for this index. Must be set if billing_mode is set to PROVISIONED.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "writeCapacity": { + "type": "integer", + "description": "The number of write units for this index. Must be set if billing_mode is set to PROVISIONED.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "hashKey", + "name", + "projectionType" + ] + }, + "aws:dynamodb/TableLocalSecondaryIndex:TableLocalSecondaryIndex": { + "properties": { + "name": { + "type": "string", + "description": "The name of the index\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "nonKeyAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Only required with `INCLUDE` as a\nprojection type; a list of attributes to project into the index. These\ndo not need to be defined as attributes on the table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "projectionType": { + "type": "string", + "description": "One of `ALL`, `INCLUDE` or `KEYS_ONLY`\nwhere `ALL` projects every attribute into the index, `KEYS_ONLY`\nprojects just the hash and range key into the index, and `INCLUDE`\nprojects only the keys specified in the _non_key_attributes_\nparameter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rangeKey": { + "type": "string", + "description": "The name of the range key; must be defined\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "projectionType", + "rangeKey" + ] + }, + "aws:dynamodb/TablePointInTimeRecovery:TablePointInTimeRecovery": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Indicates whether ttl is enabled (true) or disabled (false).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ] + }, + "aws:dynamodb/TableReplica:TableReplica": { + "properties": { + "kmsKeyArn": { + "type": "string", + "description": "The ARN of the CMK that should be used for the AWS KMS encryption.\nThis attribute should only be specified if the key is different from the default DynamoDB CMK, `alias/aws/dynamodb`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regionName": { + "type": "string", + "description": "Region name of the replica.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "regionName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "kmsKeyArn", + "regionName" + ] + } + } + }, + "aws:dynamodb/TableServerSideEncryption:TableServerSideEncryption": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Indicates whether ttl is enabled (true) or disabled (false).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN of the CMK that should be used for the AWS KMS encryption.\nThis attribute should only be specified if the key is different from the default DynamoDB CMK, `alias/aws/dynamodb`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "enabled", + "kmsKeyArn" + ] + } + } + }, + "aws:dynamodb/TableTtl:TableTtl": { + "properties": { + "attributeName": { + "type": "string", + "description": "The name of the table attribute to store the TTL timestamp in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether ttl is enabled (true) or disabled (false).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN of the CMK that should be used for the AWS KMS encryption.\nThis attribute should only be specified if the key is different from the default DynamoDB CMK, `alias/aws/dynamodb`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "attributeName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "attributeName", + "kmsKeyArn" + ] + } + } + }, + "aws:dynamodb/getTableAttribute:getTableAttribute": { + "properties": { + "name": { + "type": "string", + "description": "The name of the DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:dynamodb/getTableGlobalSecondaryIndex:getTableGlobalSecondaryIndex": { + "properties": { + "hashKey": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "nonKeyAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "projectionType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "rangeKey": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "readCapacity": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "writeCapacity": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "hashKey", + "name", + "nonKeyAttributes", + "projectionType", + "rangeKey", + "readCapacity", + "writeCapacity" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:dynamodb/getTableLocalSecondaryIndex:getTableLocalSecondaryIndex": { + "properties": { + "name": { + "type": "string", + "description": "The name of the DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "nonKeyAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "projectionType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "rangeKey": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "nonKeyAttributes", + "projectionType", + "rangeKey" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:dynamodb/getTablePointInTimeRecovery:getTablePointInTimeRecovery": { + "properties": { + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:dynamodb/getTableReplica:getTableReplica": { + "properties": { + "kmsKeyArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "regionName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "kmsKeyArn", + "regionName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:dynamodb/getTableServerSideEncryption:getTableServerSideEncryption": { + "properties": { + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled", + "kmsKeyArn" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:dynamodb/getTableTtl:getTableTtl": { + "properties": { + "attributeName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "attributeName", + "enabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ebs/SnapshotImportClientData:SnapshotImportClientData": { + "properties": { + "comment": { + "type": "string", + "description": "A user-defined comment about the disk upload.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uploadEnd": { + "type": "string", + "description": "The time that the disk upload ends.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uploadSize": { + "type": "number", + "description": "The size of the uploaded disk image, in GiB.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uploadStart": { + "type": "string", + "description": "The time that the disk upload starts.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "uploadEnd", + "uploadSize", + "uploadStart" + ] + } + } + }, + "aws:ebs/SnapshotImportDiskContainer:SnapshotImportDiskContainer": { + "properties": { + "description": { + "type": "string", + "description": "The description of the disk image being imported.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "format": { + "type": "string", + "description": "The format of the disk image being imported. One of `VHD` or `VMDK`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "url": { + "type": "string", + "description": "The URL to the Amazon S3-based disk image being imported. It can either be a https URL (https://..) or an Amazon S3 URL (s3://..). One of `url` or `user_bucket` must be set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userBucket": { + "$ref": "#/types/aws:ebs/SnapshotImportDiskContainerUserBucket:SnapshotImportDiskContainerUserBucket", + "description": "The Amazon S3 bucket for the disk image. One of `url` or `user_bucket` must be set. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "format" + ] + }, + "aws:ebs/SnapshotImportDiskContainerUserBucket:SnapshotImportDiskContainerUserBucket": { + "properties": { + "s3Bucket": { + "type": "string", + "description": "The name of the Amazon S3 bucket where the disk image is located.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3Key": { + "type": "string", + "description": "The file name of the disk image.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3Bucket", + "s3Key" + ] + }, + "aws:ebs/getEbsVolumesFilter:getEbsVolumesFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVolumes.html).\nFor example, if matching against the `size` filter, use:\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nEBS Volume IDs will be selected if any one of the given values match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ebs/getSnapshotFilter:getSnapshotFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ebs/getSnapshotIdsFilter:getSnapshotIdsFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ebs/getVolumeFilter:getVolumeFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/AmiCopyEbsBlockDevice:AmiCopyEbsBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Boolean controlling whether the EBS volumes created to\nsupport each created instance will be deleted once that instance is terminated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "description": "The path at which the device is exposed to created instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshot_id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "Number of I/O operations per second the\ncreated volumes will support.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "description": "The id of an EBS snapshot that will be used to initialize the created\nEBS volumes. If set, the `volume_size` attribute must be at least as large as the referenced\nsnapshot.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "description": "The throughput that the EBS volume supports, in MiB/s. Only valid for `volume_type` of `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "The size of created volumes in GiB.\nIf `snapshot_id` is set and `volume_size` is omitted then the volume will have the same size\nas the selected snapshot.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "The type of EBS volume to create. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `standard`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "deleteOnTermination", + "deviceName", + "encrypted", + "iops", + "snapshotId", + "throughput", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/AmiCopyEphemeralBlockDevice:AmiCopyEphemeralBlockDevice": { + "properties": { + "deviceName": { + "type": "string", + "description": "The path at which the device is exposed to created instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "A name for the ephemeral device, of the form \"ephemeralN\" where\n*N* is a volume number starting from zero.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "deviceName", + "virtualName" + ] + } + } + }, + "aws:ec2/AmiEbsBlockDevice:AmiEbsBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Boolean controlling whether the EBS volumes created to\nsupport each created instance will be deleted once that instance is terminated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "description": "The path at which the device is exposed to created instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshot_id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "Number of I/O operations per second the\ncreated volumes will support.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "description": "The id of an EBS snapshot that will be used to initialize the created\nEBS volumes. If set, the `volume_size` attribute must be at least as large as the referenced\nsnapshot.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "description": "The throughput that the EBS volume supports, in MiB/s. Only valid for `volume_type` of `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "The size of created volumes in GiB.\nIf `snapshot_id` is set and `volume_size` is omitted then the volume will have the same size\nas the selected snapshot.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "The type of EBS volume to create. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `standard`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "deviceName", + "throughput", + "volumeSize" + ] + } + } + }, + "aws:ec2/AmiEphemeralBlockDevice:AmiEphemeralBlockDevice": { + "properties": { + "deviceName": { + "type": "string", + "description": "The path at which the device is exposed to created instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "A name for the ephemeral device, of the form \"ephemeralN\" where\n*N* is a volume number starting from zero.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName", + "virtualName" + ] + }, + "aws:ec2/AmiFromInstanceEbsBlockDevice:AmiFromInstanceEbsBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Boolean controlling whether the EBS volumes created to\nsupport each created instance will be deleted once that instance is terminated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "description": "The path at which the device is exposed to created instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshot_id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "Number of I/O operations per second the\ncreated volumes will support.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "description": "The id of an EBS snapshot that will be used to initialize the created\nEBS volumes. If set, the `volume_size` attribute must be at least as large as the referenced\nsnapshot.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "description": "The throughput that the EBS volume supports, in MiB/s. Only valid for `volume_type` of `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "The size of created volumes in GiB.\nIf `snapshot_id` is set and `volume_size` is omitted then the volume will have the same size\nas the selected snapshot.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "The type of EBS volume to create. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `standard`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "deleteOnTermination", + "deviceName", + "encrypted", + "iops", + "snapshotId", + "throughput", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/AmiFromInstanceEphemeralBlockDevice:AmiFromInstanceEphemeralBlockDevice": { + "properties": { + "deviceName": { + "type": "string", + "description": "The path at which the device is exposed to created instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "A name for the ephemeral device, of the form \"ephemeralN\" where\n*N* is a volume number starting from zero.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "deviceName", + "virtualName" + ] + } + } + }, + "aws:ec2/DefaultNetworkAclEgress:DefaultNetworkAclEgress": { + "properties": { + "action": { + "type": "string", + "description": "The action to take.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block to match. This must be a valid network mask.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fromPort": { + "type": "integer", + "description": "The from port to match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "icmpCode": { + "type": "integer", + "description": "The ICMP type code to be used. Default 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "icmpType": { + "type": "integer", + "description": "The ICMP type to be used. Default 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleNo": { + "type": "integer", + "description": "The rule number. Used for ordering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "The to port to match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "fromPort", + "protocol", + "ruleNo", + "toPort" + ] + }, + "aws:ec2/DefaultNetworkAclIngress:DefaultNetworkAclIngress": { + "properties": { + "action": { + "type": "string", + "description": "The action to take.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block to match. This must be a valid network mask.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fromPort": { + "type": "integer", + "description": "The from port to match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "icmpCode": { + "type": "integer", + "description": "The ICMP type code to be used. Default 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "icmpType": { + "type": "integer", + "description": "The ICMP type to be used. Default 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleNo": { + "type": "integer", + "description": "The rule number. Used for ordering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "The to port to match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "fromPort", + "protocol", + "ruleNo", + "toPort" + ] + }, + "aws:ec2/DefaultRouteTableRoute:DefaultRouteTableRoute": { + "properties": { + "cidrBlock": { + "type": "string", + "description": "The CIDR block of the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "destinationPrefixListId": { + "type": "string", + "description": "The ID of a managed prefix list destination of the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "egressOnlyGatewayId": { + "type": "string", + "description": "Identifier of a VPC Egress Only Internet Gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gatewayId": { + "type": "string", + "description": "Identifier of a VPC internet gateway or a virtual private gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceId": { + "type": "string", + "description": "Identifier of an EC2 instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The Ipv6 CIDR block of the route\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "natGatewayId": { + "type": "string", + "description": "Identifier of a VPC NAT gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkInterfaceId": { + "type": "string", + "description": "Identifier of an EC2 network interface.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of an EC2 Transit Gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcEndpointId": { + "type": "string", + "description": "Identifier of a VPC Endpoint. This route must be removed prior to VPC Endpoint deletion.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "Identifier of a VPC peering connection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/DefaultSecurityGroupEgress:DefaultSecurityGroupEgress": { + "properties": { + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CIDR blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description of this rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fromPort": { + "type": "integer", + "description": "Start port (or ICMP type number if protocol is `icmp`)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv6 CIDR blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefixListIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of prefix list IDs (for allowing access to VPC endpoints)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol. If you select a protocol of \"-1\" (semantically equivalent to `all`, which is not a valid value here), you must specify a `from_port` and `to_port` equal to `0`. If not `icmp`, `tcp`, `udp`, or `-1` use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "self": { + "type": "boolean", + "description": "Whether the security group itself will be added as a source to this egress rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "End range port (or ICMP code if protocol is `icmp`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fromPort", + "protocol", + "toPort" + ] + }, + "aws:ec2/DefaultSecurityGroupIngress:DefaultSecurityGroupIngress": { + "properties": { + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CIDR blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description of this rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fromPort": { + "type": "integer", + "description": "Start port (or ICMP type number if protocol is `icmp`)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv6 CIDR blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefixListIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of prefix list IDs (for allowing access to VPC endpoints)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol. If you select a protocol of \"-1\" (semantically equivalent to `all`, which is not a valid value here), you must specify a `from_port` and `to_port` equal to `0`. If not `icmp`, `tcp`, `udp`, or `-1` use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "self": { + "type": "boolean", + "description": "Whether the security group itself will be added as a source to this egress rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "End range port (or ICMP code if protocol is `icmp`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fromPort", + "protocol", + "toPort" + ] + }, + "aws:ec2/FleetLaunchTemplateConfig:FleetLaunchTemplateConfig": { + "properties": { + "launchTemplateSpecification": { + "$ref": "#/types/aws:ec2/FleetLaunchTemplateConfigLaunchTemplateSpecification:FleetLaunchTemplateConfigLaunchTemplateSpecification", + "description": "Nested argument containing EC2 Launch Template to use. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "overrides": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/FleetLaunchTemplateConfigOverride:FleetLaunchTemplateConfigOverride" + }, + "description": "Nested argument(s) containing parameters to override the same parameters in the Launch Template. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "launchTemplateSpecification" + ] + }, + "aws:ec2/FleetLaunchTemplateConfigLaunchTemplateSpecification:FleetLaunchTemplateConfigLaunchTemplateSpecification": { + "properties": { + "launchTemplateId": { + "type": "string", + "description": "ID of the launch template.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchTemplateName": { + "type": "string", + "description": "Name of the launch template.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "Version number of the launch template.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "version" + ] + }, + "aws:ec2/FleetLaunchTemplateConfigOverride:FleetLaunchTemplateConfigOverride": { + "properties": { + "availabilityZone": { + "type": "string", + "description": "Availability Zone in which to launch the instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "Instance type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxPrice": { + "type": "string", + "description": "Maximum price per unit hour that you are willing to pay for a Spot Instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "number", + "description": "Priority for the launch template override. If `on_demand_options` `allocation_strategy` is set to `prioritized`, EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity. The highest priority is launched first. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. Valid values are whole numbers starting at 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "ID of the subnet in which to launch the instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weightedCapacity": { + "type": "number", + "description": "Number of units provided by the specified instance type.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/FleetOnDemandOptions:FleetOnDemandOptions": { + "properties": { + "allocationStrategy": { + "type": "string", + "description": "How to allocate the target capacity across the Spot pools. Valid values: `diversified`, `lowestPrice`. Default: `lowestPrice`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/FleetSpotOptions:FleetSpotOptions": { + "properties": { + "allocationStrategy": { + "type": "string", + "description": "How to allocate the target capacity across the Spot pools. Valid values: `diversified`, `lowestPrice`. Default: `lowestPrice`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceInterruptionBehavior": { + "type": "string", + "description": "Behavior when a Spot Instance is interrupted. Valid values: `hibernate`, `stop`, `terminate`. Default: `terminate`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instancePoolsToUseCount": { + "type": "integer", + "description": "Number of Spot pools across which to allocate your target Spot capacity. Valid only when Spot `allocation_strategy` is set to `lowestPrice`. Default: `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maintenanceStrategies": { + "$ref": "#/types/aws:ec2/FleetSpotOptionsMaintenanceStrategies:FleetSpotOptionsMaintenanceStrategies", + "description": "Nested argument containing maintenance strategies for managing your Spot Instances that are at an elevated risk of being interrupted. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/FleetSpotOptionsMaintenanceStrategies:FleetSpotOptionsMaintenanceStrategies": { + "properties": { + "capacityRebalance": { + "$ref": "#/types/aws:ec2/FleetSpotOptionsMaintenanceStrategiesCapacityRebalance:FleetSpotOptionsMaintenanceStrategiesCapacityRebalance", + "description": "Nested argument containing the capacity rebalance for your fleet request. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/FleetSpotOptionsMaintenanceStrategiesCapacityRebalance:FleetSpotOptionsMaintenanceStrategiesCapacityRebalance": { + "properties": { + "replacementStrategy": { + "type": "string", + "description": "The replacement strategy to use. Only available for fleets of `type` set to `maintain`. Valid values: `launch`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/FleetTargetCapacitySpecification:FleetTargetCapacitySpecification": { + "properties": { + "defaultTargetCapacityType": { + "type": "string", + "description": "Default target capacity type. Valid values: `on-demand`, `spot`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onDemandTargetCapacity": { + "type": "integer", + "description": "The number of On-Demand units to request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotTargetCapacity": { + "type": "integer", + "description": "The number of Spot units to request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "totalTargetCapacity": { + "type": "integer", + "description": "The number of units to request, filled using `default_target_capacity_type`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "defaultTargetCapacityType", + "totalTargetCapacity" + ] + }, + "aws:ec2/InstanceCapacityReservationSpecification:InstanceCapacityReservationSpecification": { + "properties": { + "capacityReservationPreference": { + "type": "string", + "description": "Indicates the instance's Capacity Reservation preferences. Can be `\"open\"` or `\"none\"`. (Default: `\"open\"`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "capacityReservationTarget": { + "$ref": "#/types/aws:ec2/InstanceCapacityReservationSpecificationCapacityReservationTarget:InstanceCapacityReservationSpecificationCapacityReservationTarget", + "description": "Information about the target Capacity Reservation. See Capacity Reservation Target below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/InstanceCapacityReservationSpecificationCapacityReservationTarget:InstanceCapacityReservationSpecificationCapacityReservationTarget": { + "properties": { + "capacityReservationId": { + "type": "string", + "description": "The ID of the Capacity Reservation in which to run the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/InstanceCreditSpecification:InstanceCreditSpecification": { + "properties": { + "cpuCredits": { + "type": "string", + "description": "Credit option for CPU usage. Valid values include `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/InstanceEbsBlockDevice:InstanceEbsBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Whether the volume should be destroyed on instance termination. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "description": "Name of the device to mount.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "Enables [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) on the volume. Defaults to `false`. Cannot be used with `snapshot_id`. Must be configured to perform drift detection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volume_type of `io1`, `io2` or `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "description": "Snapshot ID to mount.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "description": "Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volume_type` of `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeId": { + "type": "string", + "description": "ID of the volume. For example, the ID can be accessed like this, `aws_instance.web.root_block_device.0.volume_id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "Size of the volume in gibibytes (GiB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "deviceName", + "encrypted", + "iops", + "kmsKeyId", + "snapshotId", + "throughput", + "volumeId", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/InstanceEnclaveOptions:InstanceEnclaveOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether Nitro Enclaves will be enabled on the instance. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "enabled" + ] + } + } + }, + "aws:ec2/InstanceEphemeralBlockDevice:InstanceEphemeralBlockDevice": { + "properties": { + "deviceName": { + "type": "string", + "description": "The name of the block device to mount on the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "boolean", + "description": "Suppresses the specified device included in the AMI's block device mapping.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "[Instance Store Device Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames) (e.g. `ephemeral0`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName" + ] + }, + "aws:ec2/InstanceLaunchTemplate:InstanceLaunchTemplate": { + "properties": { + "id": { + "type": "string", + "description": "The ID of the launch template. Conflicts with `name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the launch template. Conflicts with `id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "Template version. Can be a specific version number, `$Latest` or `$Default`. The default value is `$Default`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "name" + ] + } + } + }, + "aws:ec2/InstanceMetadataOptions:InstanceMetadataOptions": { + "properties": { + "httpEndpoint": { + "type": "string", + "description": "Whether the metadata service is available. Valid values include `enabled` or `disabled`. Defaults to `enabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpPutResponseHopLimit": { + "type": "integer", + "description": "Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from `1` to `64`. Defaults to `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpTokens": { + "type": "string", + "description": "Whether or not the metadata service requires session tokens, also referred to as _Instance Metadata Service Version 2 (IMDSv2)_. Valid values include `optional` or `required`. Defaults to `optional`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "httpEndpoint", + "httpPutResponseHopLimit", + "httpTokens" + ] + } + } + }, + "aws:ec2/InstanceNetworkInterface:InstanceNetworkInterface": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Whether or not to delete the network interface on instance termination. Defaults to `false`. Currently, the only valid value is `false`, as this is only supported when creating new network interfaces when launching an instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceIndex": { + "type": "integer", + "description": "Integer index of the network interface attachment. Limited by instance type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkInterfaceId": { + "type": "string", + "description": "ID of the network interface to attach.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceIndex", + "networkInterfaceId" + ] + }, + "aws:ec2/InstancePlatform:InstancePlatform": { + "type": "string", + "enum": [ + { + "name": "LinuxUnix", + "value": "Linux/UNIX" + }, + { + "name": "RedHatEnterpriseLinux", + "value": "Red Hat Enterprise Linux" + }, + { + "name": "SuseLinux", + "value": "SUSE Linux" + }, + { + "name": "Windows", + "value": "Windows" + }, + { + "name": "WindowsWithSqlServer", + "value": "Windows with SQL Server" + }, + { + "name": "WindowsWithSqlServerEnterprise", + "value": "Windows with SQL Server Enterprise" + }, + { + "name": "WindowsWithSqlServerStandard", + "value": "Windows with SQL Server Standard" + }, + { + "name": "WindowsWithSqlServerWeb", + "value": "Windows with SQL Server Web" + } + ] + }, + "aws:ec2/InstanceRootBlockDevice:InstanceRootBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Whether the volume should be destroyed on instance termination. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "description": "Name of the device to mount.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "Whether to enable volume encryption. Defaults to `false`. Must be configured to perform drift detection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volume_type of `io1`, `io2` or `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "description": "Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volume_type` of `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeId": { + "type": "string", + "description": "ID of the volume. For example, the ID can be accessed like this, `aws_instance.web.root_block_device.0.volume_id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "Size of the volume in gibibytes (GiB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "deviceName", + "encrypted", + "iops", + "kmsKeyId", + "throughput", + "volumeId", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/InstanceType:InstanceType": { + "type": "string", + "enum": [ + { + "name": "A1_2XLarge", + "value": "a1.2xlarge" + }, + { + "name": "A1_4XLarge", + "value": "a1.4xlarge" + }, + { + "name": "A1_Large", + "value": "a1.large" + }, + { + "name": "A1_Medium", + "value": "a1.medium" + }, + { + "name": "A1_Metal", + "value": "a1.metal" + }, + { + "name": "A1_XLarge", + "value": "a1.xlarge" + }, + { + "name": "C1_Medium", + "value": "c1.medium" + }, + { + "name": "C1_XLarge", + "value": "c1.xlarge" + }, + { + "name": "C3_2XLarge", + "value": "c3.2xlarge" + }, + { + "name": "C3_4XLarge", + "value": "c3.4xlarge" + }, + { + "name": "C3_8XLarge", + "value": "c3.8xlarge" + }, + { + "name": "C3_Large", + "value": "c3.large" + }, + { + "name": "C3_XLarge", + "value": "c3.xlarge" + }, + { + "name": "C4_2XLarge", + "value": "c4.2xlarge" + }, + { + "name": "C4_4XLarge", + "value": "c4.4xlarge" + }, + { + "name": "C4_8XLarge", + "value": "c4.8xlarge" + }, + { + "name": "C4_Large", + "value": "c4.large" + }, + { + "name": "C4_XLarge", + "value": "c4.xlarge" + }, + { + "name": "C5_12XLarge", + "value": "c5.12xlarge" + }, + { + "name": "C5_18XLarge", + "value": "c5.18xlarge" + }, + { + "name": "C5_24XLarge", + "value": "c5.24xlarge" + }, + { + "name": "C5_2XLarge", + "value": "c5.2xlarge" + }, + { + "name": "C5_4XLarge", + "value": "c5.4xlarge" + }, + { + "name": "C5_9XLarge", + "value": "c5.9xlarge" + }, + { + "name": "C5_Large", + "value": "c5.large" + }, + { + "name": "C5_Metal", + "value": "c5.metal" + }, + { + "name": "C5_XLarge", + "value": "c5.xlarge" + }, + { + "name": "C5a_12XLarge", + "value": "c5a.12xlarge" + }, + { + "name": "C5a_16XLarge", + "value": "c5a.16xlarge" + }, + { + "name": "C5a_24XLarge", + "value": "c5a.24xlarge" + }, + { + "name": "C5a_2XLarge", + "value": "c5a.2xlarge" + }, + { + "name": "C5a_4XLarge", + "value": "c5a.4xlarge" + }, + { + "name": "C5a_8XLarge", + "value": "c5a.8xlarge" + }, + { + "name": "C5a_Large", + "value": "c5a.large" + }, + { + "name": "C5a_XLarge", + "value": "c5a.xlarge" + }, + { + "name": "C5ad_12XLarge", + "value": "c5ad.12xlarge" + }, + { + "name": "C5ad_16XLarge", + "value": "c5ad.16xlarge" + }, + { + "name": "C5ad_24XLarge", + "value": "c5ad.24xlarge" + }, + { + "name": "C5ad_2XLarge", + "value": "c5ad.2xlarge" + }, + { + "name": "C5ad_4XLarge", + "value": "c5ad.4xlarge" + }, + { + "name": "C5ad_8XLarge", + "value": "c5ad.8xlarge" + }, + { + "name": "C5ad_Large", + "value": "c5ad.large" + }, + { + "name": "C5ad_XLarge", + "value": "c5ad.xlarge" + }, + { + "name": "C5d_12XLarge", + "value": "c5d.12xlarge" + }, + { + "name": "C5d_18XLarge", + "value": "c5d.18xlarge" + }, + { + "name": "C5d_24XLarge", + "value": "c5d.24xlarge" + }, + { + "name": "C5d_2XLarge", + "value": "c5d.2xlarge" + }, + { + "name": "C5d_4XLarge", + "value": "c5d.4xlarge" + }, + { + "name": "C5d_9XLarge", + "value": "c5d.9xlarge" + }, + { + "name": "C5d_Large", + "value": "c5d.large" + }, + { + "name": "C5d_Metal", + "value": "c5d.metal" + }, + { + "name": "C5d_XLarge", + "value": "c5d.xlarge" + }, + { + "name": "C5n_18XLarge", + "value": "c5n.18xlarge" + }, + { + "name": "C5n_2XLarge", + "value": "c5n.2xlarge" + }, + { + "name": "C5n_4XLarge", + "value": "c5n.4xlarge" + }, + { + "name": "C5n_9XLarge", + "value": "c5n.9xlarge" + }, + { + "name": "C5n_Large", + "value": "c5n.large" + }, + { + "name": "C5n_Metal", + "value": "c5n.metal" + }, + { + "name": "C5n_XLarge", + "value": "c5n.xlarge" + }, + { + "name": "C6g_12XLarge", + "value": "c6g.12xlarge" + }, + { + "name": "C6g_16XLarge", + "value": "c6g.16xlarge" + }, + { + "name": "C6g_2XLarge", + "value": "c6g.2xlarge" + }, + { + "name": "C6g_4XLarge", + "value": "c6g.4xlarge" + }, + { + "name": "C6g_8XLarge", + "value": "c6g.8xlarge" + }, + { + "name": "C6g_Large", + "value": "c6g.large" + }, + { + "name": "C6g_Medium", + "value": "c6g.medium" + }, + { + "name": "C6g_Metal", + "value": "c6g.metal" + }, + { + "name": "C6g_XLarge", + "value": "c6g.xlarge" + }, + { + "name": "C6gd_12XLarge", + "value": "c6gd.12xlarge" + }, + { + "name": "C6gd_16XLarge", + "value": "c6gd.16xlarge" + }, + { + "name": "C6gd_2XLarge", + "value": "c6gd.2xlarge" + }, + { + "name": "C6gd_4XLarge", + "value": "c6gd.4xlarge" + }, + { + "name": "C6gd_8XLarge", + "value": "c6gd.8xlarge" + }, + { + "name": "C6gd_Large", + "value": "c6gd.large" + }, + { + "name": "C6gd_Medium", + "value": "c6gd.medium" + }, + { + "name": "C6gd_Metal", + "value": "c6gd.metal" + }, + { + "name": "C6gd_XLarge", + "value": "c6gd.xlarge" + }, + { + "name": "Cc2_8XLarge", + "value": "cc2.8xlarge" + }, + { + "name": "D2_2XLarge", + "value": "d2.2xlarge" + }, + { + "name": "D2_4XLarge", + "value": "d2.4xlarge" + }, + { + "name": "D2_8XLarge", + "value": "d2.8xlarge" + }, + { + "name": "D2_XLarge", + "value": "d2.xlarge" + }, + { + "name": "D3_2XLarge", + "value": "d3.2xlarge" + }, + { + "name": "D3_4XLarge", + "value": "d3.4xlarge" + }, + { + "name": "D3_8XLarge", + "value": "d3.8xlarge" + }, + { + "name": "D3_XLarge", + "value": "d3.xlarge" + }, + { + "name": "D3en_12XLarge", + "value": "d3en.12xlarge" + }, + { + "name": "D3en_2XLarge", + "value": "d3en.2xlarge" + }, + { + "name": "D3en_4XLarge", + "value": "d3en.4xlarge" + }, + { + "name": "D3en_6XLarge", + "value": "d3en.6xlarge" + }, + { + "name": "D3en_8XLarge", + "value": "d3en.8xlarge" + }, + { + "name": "D3en_XLarge", + "value": "d3en.xlarge" + }, + { + "name": "F1_16XLarge", + "value": "f1.16xlarge" + }, + { + "name": "F1_2XLarge", + "value": "f1.2xlarge" + }, + { + "name": "F1_4XLarge", + "value": "f1.4xlarge" + }, + { + "name": "G2_2XLarge", + "value": "g2.2xlarge" + }, + { + "name": "G2_8XLarge", + "value": "g2.8xlarge" + }, + { + "name": "G3_16XLarge", + "value": "g3.16xlarge" + }, + { + "name": "G3_4XLarge", + "value": "g3.4xlarge" + }, + { + "name": "G3_8XLarge", + "value": "g3.8xlarge" + }, + { + "name": "G3s_XLarge", + "value": "g3s.xlarge" + }, + { + "name": "G4ad_16XLarge", + "value": "g4ad.16xlarge" + }, + { + "name": "G4ad_4XLarge", + "value": "g4ad.4xlarge" + }, + { + "name": "G4ad_8XLarge", + "value": "g4ad.8xlarge" + }, + { + "name": "G4dn_12XLarge", + "value": "g4dn.12xlarge" + }, + { + "name": "G4dn_16XLarge", + "value": "g4dn.16xlarge" + }, + { + "name": "G4dn_2XLarge", + "value": "g4dn.2xlarge" + }, + { + "name": "G4dn_4XLarge", + "value": "g4dn.4xlarge" + }, + { + "name": "G4dn_8XLarge", + "value": "g4dn.8xlarge" + }, + { + "name": "G4dn_Metal", + "value": "g4dn.metal" + }, + { + "name": "G4dn_XLarge", + "value": "g4dn.xlarge" + }, + { + "name": "H1_16XLarge", + "value": "h1.16xlarge" + }, + { + "name": "H1_2XLarge", + "value": "h1.2xlarge" + }, + { + "name": "H1_4XLarge", + "value": "h1.4xlarge" + }, + { + "name": "H1_8XLarge", + "value": "h1.8xlarge" + }, + { + "name": "I2_2XLarge", + "value": "i2.2xlarge" + }, + { + "name": "I2_4XLarge", + "value": "i2.4xlarge" + }, + { + "name": "I2_8XLarge", + "value": "i2.8xlarge" + }, + { + "name": "I2_XLarge", + "value": "i2.xlarge" + }, + { + "name": "I3_16XLarge", + "value": "i3.16xlarge" + }, + { + "name": "I3_2XLarge", + "value": "i3.2xlarge" + }, + { + "name": "I3_4XLarge", + "value": "i3.4xlarge" + }, + { + "name": "I3_8XLarge", + "value": "i3.8xlarge" + }, + { + "name": "I3_Large", + "value": "i3.large" + }, + { + "name": "I3_XLarge", + "value": "i3.xlarge" + }, + { + "name": "I3_Metal", + "value": "i3.metal" + }, + { + "name": "I3en_12XLarge", + "value": "i3en.12xlarge" + }, + { + "name": "I3en_24XLarge", + "value": "i3en.24xlarge" + }, + { + "name": "I3en_2XLarge", + "value": "i3en.2xlarge" + }, + { + "name": "I3en_3XLarge", + "value": "i3en.3xlarge" + }, + { + "name": "I3en_6XLarge", + "value": "i3en.6xlarge" + }, + { + "name": "I3en_Large", + "value": "i3en.large" + }, + { + "name": "I3en_Metal", + "value": "i3en.metal" + }, + { + "name": "I3en_XLarge", + "value": "i3en.xlarge" + }, + { + "name": "Inf1_24XLarge", + "value": "inf1.24xlarge" + }, + { + "name": "Inf1_2XLarge", + "value": "inf1.2xlarge" + }, + { + "name": "Inf1_6XLarge", + "value": "inf1.6xlarge" + }, + { + "name": "Inf1_XLarge", + "value": "inf1.xlarge" + }, + { + "name": "M1_Large", + "value": "m1.large" + }, + { + "name": "M1_Medium", + "value": "m1.medium" + }, + { + "name": "M1_Small", + "value": "m1.small" + }, + { + "name": "M1_XLarge", + "value": "m1.xlarge" + }, + { + "name": "M2_2XLarge", + "value": "m2.2xlarge" + }, + { + "name": "M2_4XLarge", + "value": "m2.4xlarge" + }, + { + "name": "M2_XLarge", + "value": "m2.xlarge" + }, + { + "name": "M3_2XLarge", + "value": "m3.2xlarge" + }, + { + "name": "M3_Large", + "value": "m3.large" + }, + { + "name": "M3_Medium", + "value": "m3.medium" + }, + { + "name": "M3_XLarge", + "value": "m3.xlarge" + }, + { + "name": "M4_10XLarge", + "value": "m4.10xlarge" + }, + { + "name": "M4_16XLarge", + "value": "m4.16xlarge" + }, + { + "name": "M4_2XLarge", + "value": "m4.2xlarge" + }, + { + "name": "M4_4XLarge", + "value": "m4.4xlarge" + }, + { + "name": "M4_Large", + "value": "m4.large" + }, + { + "name": "M4_XLarge", + "value": "m4.xlarge" + }, + { + "name": "M5_12XLarge", + "value": "m5.12xlarge" + }, + { + "name": "M5_16XLarge", + "value": "m5.16xlarge" + }, + { + "name": "M5_24XLarge", + "value": "m5.24xlarge" + }, + { + "name": "M5_2XLarge", + "value": "m5.2xlarge" + }, + { + "name": "M5_4XLarge", + "value": "m5.4xlarge" + }, + { + "name": "M5_8XLarge", + "value": "m5.8xlarge" + }, + { + "name": "M5_Large", + "value": "m5.large" + }, + { + "name": "M5_Metal", + "value": "m5.metal" + }, + { + "name": "M5_XLarge", + "value": "m5.xlarge" + }, + { + "name": "M5a_12XLarge", + "value": "m5a.12xlarge" + }, + { + "name": "M5a_16XLarge", + "value": "m5a.16xlarge" + }, + { + "name": "M5a_24XLarge", + "value": "m5a.24xlarge" + }, + { + "name": "M5a_2XLarge", + "value": "m5a.2xlarge" + }, + { + "name": "M5a_4XLarge", + "value": "m5a.4xlarge" + }, + { + "name": "M5a_8XLarge", + "value": "m5a.8xlarge" + }, + { + "name": "M5a_Large", + "value": "m5a.large" + }, + { + "name": "M5a_XLarge", + "value": "m5a.xlarge" + }, + { + "name": "M5ad_12XLarge", + "value": "m5ad.12xlarge" + }, + { + "name": "M5ad_16XLarge", + "value": "m5ad.16xlarge" + }, + { + "name": "M5ad_24XLarge", + "value": "m5ad.24xlarge" + }, + { + "name": "M5ad_2XLarge", + "value": "m5ad.2xlarge" + }, + { + "name": "M5ad_4XLarge", + "value": "m5ad.4xlarge" + }, + { + "name": "M5ad_8XLarge", + "value": "m5ad.8xlarge" + }, + { + "name": "M5ad_Large", + "value": "m5ad.large" + }, + { + "name": "M5as_XLarge", + "value": "m5ad.xlarge" + }, + { + "name": "M5d_12XLarge", + "value": "m5d.12xlarge" + }, + { + "name": "M5d_16XLarge", + "value": "m5d.16xlarge" + }, + { + "name": "M5d_24XLarge", + "value": "m5d.24xlarge" + }, + { + "name": "M5d_2XLarge", + "value": "m5d.2xlarge" + }, + { + "name": "M5d_4XLarge", + "value": "m5d.4xlarge" + }, + { + "name": "M5d_8XLarge", + "value": "m5d.8xlarge" + }, + { + "name": "M5d_Large", + "value": "m5d.large" + }, + { + "name": "M5d_Metal", + "value": "m5d.metal" + }, + { + "name": "M5d_XLarge", + "value": "m5d.xlarge" + }, + { + "name": "M5dn_12XLarge", + "value": "m5dn.12xlarge" + }, + { + "name": "M5dn_16XLarge", + "value": "m5dn.16xlarge" + }, + { + "name": "M5dn_24XLarge", + "value": "m5dn.24xlarge" + }, + { + "name": "M5dn_2XLarge", + "value": "m5dn.2xlarge" + }, + { + "name": "M5dn_4XLarge", + "value": "m5dn.4xlarge" + }, + { + "name": "M5dn_8XLarge", + "value": "m5dn.8xlarge" + }, + { + "name": "M5dn_Large", + "value": "m5dn.large" + }, + { + "name": "M5dn_XLarge", + "value": "m5dn.xlarge" + }, + { + "name": "M5n_12XLarge", + "value": "m5n.12xlarge" + }, + { + "name": "M5n_16XLarge", + "value": "m5n.16xlarge" + }, + { + "name": "M5n_24XLarge", + "value": "m5n.24xlarge" + }, + { + "name": "M5n_2XLarge", + "value": "m5n.2xlarge" + }, + { + "name": "M5n_4XLarge", + "value": "m5n.4xlarge" + }, + { + "name": "M5n_8XLarge", + "value": "m5n.8xlarge" + }, + { + "name": "M5n_Large", + "value": "m5n.large" + }, + { + "name": "M5n_XLarge", + "value": "m5n.xlarge" + }, + { + "name": "M5zn_12XLarge", + "value": "m5zn.12xlarge" + }, + { + "name": "M5zn_2XLarge", + "value": "m5zn.2xlarge" + }, + { + "name": "M5zn_3XLarge", + "value": "m5zn.3xlarge" + }, + { + "name": "M5zn_6XLarge", + "value": "m5zn.6xlarge" + }, + { + "name": "M5zn_Large", + "value": "m5zn.large" + }, + { + "name": "M5zn_Metal", + "value": "m5zn.metal" + }, + { + "name": "M5zn_XLarge", + "value": "m5zn.xlarge" + }, + { + "name": "M6g_12XLarge", + "value": "m6g.12xlarge" + }, + { + "name": "M6g_16XLarge", + "value": "m6g.16xlarge" + }, + { + "name": "M6g_2XLarge", + "value": "m6g.2xlarge" + }, + { + "name": "M6g_4XLarge", + "value": "m6g.4xlarge" + }, + { + "name": "M6g_8XLarge", + "value": "m6g.8xlarge" + }, + { + "name": "M6g_Large", + "value": "m6g.large" + }, + { + "name": "M6g_Medium", + "value": "m6g.medium" + }, + { + "name": "M6g_Metal", + "value": "m6g.metal" + }, + { + "name": "M6g_XLarge", + "value": "m6g.xlarge" + }, + { + "name": "M6gd_12XLarge", + "value": "m6gd.12xlarge" + }, + { + "name": "M6gd_16XLarge", + "value": "m6gd.16xlarge" + }, + { + "name": "M6gd_2XLarge", + "value": "m6gd.2xlarge" + }, + { + "name": "M6gd_4XLarge", + "value": "m6gd.4xlarge" + }, + { + "name": "M6gd_8XLarge", + "value": "m6gd.8xlarge" + }, + { + "name": "M6gd_Large", + "value": "m6gd.large" + }, + { + "name": "M6gd_Medium", + "value": "m6gd.medium" + }, + { + "name": "M6gd_Metal", + "value": "m6gd.metal" + }, + { + "name": "M6gd_XLarge", + "value": "m6gd.xlarge" + }, + { + "name": "Mac1_Metal", + "value": "mac1.metal" + }, + { + "name": "P2_16XLarge", + "value": "p2.16xlarge" + }, + { + "name": "P2_8XLarge", + "value": "p2.8xlarge" + }, + { + "name": "P2_XLarge", + "value": "p2.xlarge" + }, + { + "name": "P3_16XLarge", + "value": "p3.16xlarge" + }, + { + "name": "P3_2XLarge", + "value": "p3.2xlarge" + }, + { + "name": "P3_8XLarge", + "value": "p3.8xlarge" + }, + { + "name": "P3dn_24XLarge", + "value": "p3dn.24xlarge" + }, + { + "name": "P4d_24XLarge", + "value": "p4d.24xlarge" + }, + { + "name": "R3_2XLarge", + "value": "r3.2xlarge" + }, + { + "name": "R3_4XLarge", + "value": "r3.4xlarge" + }, + { + "name": "R3_8XLarge", + "value": "r3.8xlarge" + }, + { + "name": "R3_Large", + "value": "r3.large" + }, + { + "name": "R3_XLarge", + "value": "r3.xlarge" + }, + { + "name": "R4_16XLarge", + "value": "r4.16xlarge" + }, + { + "name": "R4_2XLarge", + "value": "r4.2xlarge" + }, + { + "name": "R4_4XLarge", + "value": "r4.4xlarge" + }, + { + "name": "R4_8XLarge", + "value": "r4.8xlarge" + }, + { + "name": "R4_Large", + "value": "r4.large" + }, + { + "name": "R4_XLarge", + "value": "r4.xlarge" + }, + { + "name": "R5_12XLarge", + "value": "r5.12xlarge" + }, + { + "name": "R5_16XLarge", + "value": "r5.16xlarge" + }, + { + "name": "R5_24XLarge", + "value": "r5.24xlarge" + }, + { + "name": "R5_2XLarge", + "value": "r5.2xlarge" + }, + { + "name": "R5_4XLarge", + "value": "r5.4xlarge" + }, + { + "name": "R5_8XLarge", + "value": "r5.8xlarge" + }, + { + "name": "R5_Large", + "value": "r5.large" + }, + { + "name": "R5_Metal", + "value": "r5.metal" + }, + { + "name": "R5_XLarge", + "value": "r5.xlarge" + }, + { + "name": "R5a_12XLarge", + "value": "r5a.12xlarge" + }, + { + "name": "R5a_16XLarge", + "value": "r5a.16xlarge" + }, + { + "name": "R5a_24XLarge", + "value": "r5a.24xlarge" + }, + { + "name": "R5a_2XLarge", + "value": "r5a.2xlarge" + }, + { + "name": "R5a_4XLarge", + "value": "r5a.4xlarge" + }, + { + "name": "R5a_8XLarge", + "value": "r5a.8xlarge" + }, + { + "name": "R5a_Large", + "value": "r5a.large" + }, + { + "name": "R5a_XLarge", + "value": "r5a.xlarge" + }, + { + "name": "R5ad_12XLarge", + "value": "r5ad.12xlarge" + }, + { + "name": "R5ad_16XLarge", + "value": "r5ad.16xlarge" + }, + { + "name": "R5ad_24XLarge", + "value": "r5ad.24xlarge" + }, + { + "name": "R5ad_2XLarge", + "value": "r5ad.2xlarge" + }, + { + "name": "R5ad_4XLarge", + "value": "r5ad.4xlarge" + }, + { + "name": "R5ad_8XLarge", + "value": "r5ad.8xlarge" + }, + { + "name": "R5ad_Large", + "value": "r5ad.large" + }, + { + "name": "R5ad_XLarge", + "value": "r5ad.xlarge" + }, + { + "name": "R5b_12XLarge", + "value": "r5b.12xlarge" + }, + { + "name": "R5b_16XLarge", + "value": "r5b.16xlarge" + }, + { + "name": "R5b_24XLarge", + "value": "r5b.24xlarge" + }, + { + "name": "R5b_2XLarge", + "value": "r5b.2xlarge" + }, + { + "name": "R5b_4XLarge", + "value": "r5b.4xlarge" + }, + { + "name": "R5b_8XLarge", + "value": "r5b.8xlarge" + }, + { + "name": "R5b_Large", + "value": "r5b.large" + }, + { + "name": "R5b_Metal", + "value": "r5b.metal" + }, + { + "name": "R5b_XLarge", + "value": "r5b.xlarge" + }, + { + "name": "R5d_12XLarge", + "value": "r5d.12xlarge" + }, + { + "name": "R5d_16XLarge", + "value": "r5d.16xlarge" + }, + { + "name": "R5d_24XLarge", + "value": "r5d.24xlarge" + }, + { + "name": "R5d_2XLarge", + "value": "r5d.2xlarge" + }, + { + "name": "R5d_4XLarge", + "value": "r5d.4xlarge" + }, + { + "name": "R5d_8XLarge", + "value": "r5d.8xlarge" + }, + { + "name": "R5d_Large", + "value": "r5d.large" + }, + { + "name": "R5d_Metal", + "value": "r5d.metal" + }, + { + "name": "R5d_XLarge", + "value": "r5d.xlarge" + }, + { + "name": "R5dn_12XLarge", + "value": "r5dn.12xlarge" + }, + { + "name": "R5dn_16XLarge", + "value": "r5dn.16xlarge" + }, + { + "name": "R5dn_24XLarge", + "value": "r5dn.24xlarge" + }, + { + "name": "R5dn_2XLarge", + "value": "r5dn.2xlarge" + }, + { + "name": "R5dn_4XLarge", + "value": "r5dn.4xlarge" + }, + { + "name": "R5dn_8XLarge", + "value": "r5dn.8xlarge" + }, + { + "name": "R5dn_Large", + "value": "r5dn.large" + }, + { + "name": "R5dn_XLarge", + "value": "r5dn.xlarge" + }, + { + "name": "R5n_12XLarge", + "value": "r5n.12xlarge" + }, + { + "name": "R5n_16XLarge", + "value": "r5n.16xlarge" + }, + { + "name": "R5n_24XLarge", + "value": "r5n.24xlarge" + }, + { + "name": "R5n_2XLarge", + "value": "r5n.2xlarge" + }, + { + "name": "R5n_4XLarge", + "value": "r5n.4xlarge" + }, + { + "name": "R5n_8XLarge", + "value": "r5n.8xlarge" + }, + { + "name": "R5n_Large", + "value": "r5n.large" + }, + { + "name": "R5n_XLarge", + "value": "r5n.xlarge" + }, + { + "name": "R6g_12XLarge", + "value": "r6g.12xlarge" + }, + { + "name": "R6g_16XLarge", + "value": "r6g.16xlarge" + }, + { + "name": "R6g_2XLarge", + "value": "r6g.2xlarge" + }, + { + "name": "R6g_4XLarge", + "value": "r6g.4xlarge" + }, + { + "name": "R6g_8XLarge", + "value": "r6g.8xlarge" + }, + { + "name": "R6g_Large", + "value": "r6g.large" + }, + { + "name": "R6g_Medium", + "value": "r6g.medium" + }, + { + "name": "R6g_Metal", + "value": "r6g.metal" + }, + { + "name": "R6g_XLarge", + "value": "r6g.xlarge" + }, + { + "name": "R6gd_12XLarge", + "value": "r6gd.12xlarge" + }, + { + "name": "R6gd_16XLarge", + "value": "r6gd.16xlarge" + }, + { + "name": "R6gd_2XLarge", + "value": "r6gd.2xlarge" + }, + { + "name": "R6gd_4XLarge", + "value": "r6gd.4xlarge" + }, + { + "name": "R6gd_8XLarge", + "value": "r6gd.8xlarge" + }, + { + "name": "R6gd_Large", + "value": "r6gd.large" + }, + { + "name": "R6gd_Medium", + "value": "r6gd.medium" + }, + { + "name": "R6gd_Metal", + "value": "r6gd.metal" + }, + { + "name": "R6gd_XLarge", + "value": "r6gd.xlarge" + }, + { + "name": "T1_Micro", + "value": "t1.micro" + }, + { + "name": "T2_2XLarge", + "value": "t2.2xlarge" + }, + { + "name": "T2_Large", + "value": "t2.large" + }, + { + "name": "T2_Medium", + "value": "t2.medium" + }, + { + "name": "T2_Micro", + "value": "t2.micro" + }, + { + "name": "T2_Nano", + "value": "t2.nano" + }, + { + "name": "T2_Small", + "value": "t2.small" + }, + { + "name": "T2_XLarge", + "value": "t2.xlarge" + }, + { + "name": "T3_2XLarge", + "value": "t3.2xlarge" + }, + { + "name": "T3_Large", + "value": "t3.large" + }, + { + "name": "T3_Medium", + "value": "t3.medium" + }, + { + "name": "T3_Micro", + "value": "t3.micro" + }, + { + "name": "T3_Nano", + "value": "t3.nano" + }, + { + "name": "T3_Small", + "value": "t3.small" + }, + { + "name": "T3_XLarge", + "value": "t3.xlarge" + }, + { + "name": "T3a_2XLarge", + "value": "t3a.2xlarge" + }, + { + "name": "T3a_Large", + "value": "t3a.large" + }, + { + "name": "T3a_Medium", + "value": "t3a.medium" + }, + { + "name": "T3a_Micro", + "value": "t3a.micro" + }, + { + "name": "T3a_Nano", + "value": "t3a.nano" + }, + { + "name": "T3a_Small", + "value": "t3a.small" + }, + { + "name": "T3a_XLarge", + "value": "t3a.xlarge" + }, + { + "name": "T4g_2XLarge", + "value": "t4g.2xlarge" + }, + { + "name": "T4g_Large", + "value": "t4g.large" + }, + { + "name": "T4g_Medium", + "value": "t4g.medium" + }, + { + "name": "T4g_Micro", + "value": "t4g.micro" + }, + { + "name": "T4g_Nano", + "value": "t4g.nano" + }, + { + "name": "T4g_Small", + "value": "t4g.small" + }, + { + "name": "T4g_XLarge", + "value": "t4g.xlarge" + }, + { + "name": "X1_16XLarge", + "value": "x1.16xlarge" + }, + { + "name": "X1_32XLarge", + "value": "x1.32xlarge" + }, + { + "name": "X1e_16XLarge", + "value": "x1e.16xlarge" + }, + { + "name": "X1e_2XLarge", + "value": "x1e.2xlarge" + }, + { + "name": "X1e_32XLarge", + "value": "x1e.32xlarge" + }, + { + "name": "X1e_4XLarge", + "value": "x1e.4xlarge" + }, + { + "name": "X1e_8XLarge", + "value": "x1e.8xlarge" + }, + { + "name": "X1e_XLarge", + "value": "x1e.xlarge" + }, + { + "name": "Z1d_12XLarge", + "value": "z1d.12xlarge" + }, + { + "name": "Z1d_2XLarge", + "value": "z1d.2xlarge" + }, + { + "name": "Z1d_3XLarge", + "value": "z1d.3xlarge" + }, + { + "name": "Z1d_6XLarge", + "value": "z1d.6xlarge" + }, + { + "name": "Z1d_Large", + "value": "z1d.large" + }, + { + "name": "Z1d_Metal", + "value": "z1d.metal" + }, + { + "name": "Z1d_XLarge", + "value": "z1d.xlarge" + }, + { + "name": "U_12tb1Metal", + "value": "u-12tb1.metal", + "deprecationMessage": "This instancetype has been deprecated" + }, + { + "name": "U_6tb1Metal", + "value": "u-6tb1.metal", + "deprecationMessage": "This instancetype has been deprecated" + }, + { + "name": "U_9tb1Metal", + "value": "u-9tb1.metal", + "deprecationMessage": "This instancetype has been deprecated" + }, + { + "name": "Hs1_8XLarge", + "value": "hs1.8xlarge", + "deprecationMessage": "This instancetype has been deprecated" + } + ] + }, + "aws:ec2/LaunchConfigurationEbsBlockDevice:LaunchConfigurationEbsBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "deviceName", + "encrypted", + "iops", + "snapshotId", + "throughput", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/LaunchConfigurationEphemeralBlockDevice:LaunchConfigurationEphemeralBlockDevice": { + "properties": { + "deviceName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName", + "virtualName" + ] + }, + "aws:ec2/LaunchConfigurationMetadataOptions:LaunchConfigurationMetadataOptions": { + "properties": { + "httpEndpoint": { + "type": "string", + "description": "The state of the metadata service: `enabled`, `disabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpPutResponseHopLimit": { + "type": "integer", + "description": "The desired HTTP PUT response hop limit for instance metadata requests.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpTokens": { + "type": "string", + "description": "If session tokens are required: `optional`, `required`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "httpEndpoint", + "httpPutResponseHopLimit", + "httpTokens" + ] + } + } + }, + "aws:ec2/LaunchConfigurationRootBlockDevice:LaunchConfigurationRootBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "encrypted", + "iops", + "throughput", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/LaunchTemplateBlockDeviceMapping:LaunchTemplateBlockDeviceMapping": { + "properties": { + "deviceName": { + "type": "string", + "description": "The name of the device to mount.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebs": { + "$ref": "#/types/aws:ec2/LaunchTemplateBlockDeviceMappingEbs:LaunchTemplateBlockDeviceMappingEbs", + "description": "Configure EBS volume properties.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "string", + "description": "Suppresses the specified device included in the AMI's block device mapping.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "The [Instance Store Device\nName](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames)\n(e.g. `\"ephemeral0\"`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplateBlockDeviceMappingEbs:LaunchTemplateBlockDeviceMappingEbs": { + "properties": { + "deleteOnTermination": { + "type": "string", + "description": "Whether the volume should be destroyed on instance termination. Defaults to `false` if not set. See [Preserving Amazon EBS Volumes on Instance Termination](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#preserving-volumes-on-termination) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "string", + "description": "Enables [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html)\non the volume (Default: `false`). Cannot be used with `snapshot_id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "The amount of provisioned\n[IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html).\nThis must be set with a `volume_type` of `\"io1/io2\"`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use when creating the encrypted volume.\n`encrypted` must be set to `true` when this is set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "description": "The Snapshot ID to mount.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "description": "The throughput to provision for a `gp3` volume in MiB/s (specified as an integer, e.g. 500), with a maximum of 1,000 MiB/s.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "The volume type. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `gp2`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "iops", + "throughput", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/LaunchTemplateCapacityReservationSpecification:LaunchTemplateCapacityReservationSpecification": { + "properties": { + "capacityReservationPreference": { + "type": "string", + "description": "Indicates the instance's Capacity Reservation preferences. Can be `open` or `none`. (Default `none`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "capacityReservationTarget": { + "$ref": "#/types/aws:ec2/LaunchTemplateCapacityReservationSpecificationCapacityReservationTarget:LaunchTemplateCapacityReservationSpecificationCapacityReservationTarget", + "description": "Used to target a specific Capacity Reservation:\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplateCapacityReservationSpecificationCapacityReservationTarget:LaunchTemplateCapacityReservationSpecificationCapacityReservationTarget": { + "properties": { + "capacityReservationId": { + "type": "string", + "description": "The ID of the Capacity Reservation to target.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplateCpuOptions:LaunchTemplateCpuOptions": { + "properties": { + "coreCount": { + "type": "integer", + "description": "The number of CPU cores for the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "threadsPerCore": { + "type": "integer", + "description": "The number of threads per CPU core. To disable Intel Hyper-Threading Technology for the instance, specify a value of 1.\nOtherwise, specify the default value of 2.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplateCreditSpecification:LaunchTemplateCreditSpecification": { + "properties": { + "cpuCredits": { + "type": "string", + "description": "The credit option for CPU usage. Can be `\"standard\"` or `\"unlimited\"`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplateElasticGpuSpecification:LaunchTemplateElasticGpuSpecification": { + "properties": { + "type": { + "type": "string", + "description": "The [Elastic GPU Type](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/elastic-gpus.html#elastic-gpus-basics)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:ec2/LaunchTemplateElasticInferenceAccelerator:LaunchTemplateElasticInferenceAccelerator": { + "properties": { + "type": { + "type": "string", + "description": "Accelerator type.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:ec2/LaunchTemplateEnclaveOptions:LaunchTemplateEnclaveOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "If set to `true`, Nitro Enclaves will be enabled on the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplateHibernationOptions:LaunchTemplateHibernationOptions": { + "properties": { + "configured": { + "type": "boolean", + "description": "If set to `true`, the launched EC2 instance will hibernation enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "configured" + ] + }, + "aws:ec2/LaunchTemplateIamInstanceProfile:LaunchTemplateIamInstanceProfile": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the instance profile.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the instance profile.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplateInstanceMarketOptions:LaunchTemplateInstanceMarketOptions": { + "properties": { + "marketType": { + "type": "string", + "description": "The market type. Can be `spot`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateInstanceMarketOptionsSpotOptions:LaunchTemplateInstanceMarketOptionsSpotOptions", + "description": "The options for [Spot Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplateInstanceMarketOptionsSpotOptions:LaunchTemplateInstanceMarketOptionsSpotOptions": { + "properties": { + "blockDurationMinutes": { + "type": "integer", + "description": "The required duration in minutes. This value must be a multiple of 60.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceInterruptionBehavior": { + "type": "string", + "description": "The behavior when a Spot Instance is interrupted. Can be `hibernate`,\n`stop`, or `terminate`. (Default: `terminate`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxPrice": { + "type": "string", + "description": "The maximum hourly price you're willing to pay for the Spot Instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotInstanceType": { + "type": "string", + "description": "The Spot Instance request type. Can be `one-time`, or `persistent`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "validUntil": { + "type": "string", + "description": "The end date of the request.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "validUntil" + ] + } + } + }, + "aws:ec2/LaunchTemplateLicenseSpecification:LaunchTemplateLicenseSpecification": { + "properties": { + "licenseConfigurationArn": { + "type": "string", + "description": "ARN of the license configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "licenseConfigurationArn" + ] + }, + "aws:ec2/LaunchTemplateMetadataOptions:LaunchTemplateMetadataOptions": { + "properties": { + "httpEndpoint": { + "type": "string", + "description": "Whether the metadata service is available. Can be `\"enabled\"` or `\"disabled\"`. (Default: `\"enabled\"`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpPutResponseHopLimit": { + "type": "integer", + "description": "The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Can be an integer from `1` to `64`. (Default: `1`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpTokens": { + "type": "string", + "description": "Whether or not the metadata service requires session tokens, also referred to as _Instance Metadata Service Version 2 (IMDSv2)_. Can be `\"optional\"` or `\"required\"`. (Default: `\"optional\"`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "httpEndpoint", + "httpPutResponseHopLimit", + "httpTokens" + ] + } + } + }, + "aws:ec2/LaunchTemplateMonitoring:LaunchTemplateMonitoring": { + "properties": { + "enabled": { + "type": "boolean", + "description": "If `true`, the launched EC2 instance will have detailed monitoring enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplateNetworkInterface:LaunchTemplateNetworkInterface": { + "properties": { + "associateCarrierIpAddress": { + "type": "string", + "description": "Associate a Carrier IP address with `eth0` for a new network interface. Use this option when you launch an instance in a Wavelength Zone and want to associate a Carrier IP address with the network interface. Boolean value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "associatePublicIpAddress": { + "type": "string", + "description": "Associate a public ip address with the network interface. Boolean value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deleteOnTermination": { + "type": "string", + "description": "Whether the network interface should be destroyed on instance termination. Defaults to `false` if not set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description of the network interface.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceIndex": { + "type": "integer", + "description": "The integer index of the network interface attachment.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interfaceType": { + "type": "string", + "description": "The type of network interface. To create an Elastic Fabric Adapter (EFA), specify `efa`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv4AddressCount": { + "type": "integer", + "description": "The number of secondary private IPv4 addresses to assign to a network interface. Conflicts with `ipv4_addresses`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv4Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more private IPv4 addresses to associate. Conflicts with `ipv4_address_count`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6AddressCount": { + "type": "integer", + "description": "The number of IPv6 addresses to assign to a network interface. Conflicts with `ipv6_addresses`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. Conflicts with `ipv6_address_count`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface to attach.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateIpAddress": { + "type": "string", + "description": "The primary private IPv4 address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "The VPC Subnet ID to associate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplatePlacement:LaunchTemplatePlacement": { + "properties": { + "affinity": { + "type": "string", + "description": "The affinity setting for an instance on a Dedicated Host.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone for the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupName": { + "type": "string", + "description": "The name of the placement group for the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hostId": { + "type": "string", + "description": "The ID of the Dedicated Host for the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hostResourceGroupArn": { + "type": "string", + "description": "The ARN of the Host Resource Group in which to launch instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "partitionNumber": { + "type": "integer", + "description": "The number of the partition the instance should launch in. Valid only if the placement group strategy is set to partition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spreadDomain": { + "type": "string", + "description": "Reserved for future use.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tenancy": { + "type": "string", + "description": "The tenancy of the instance (if the instance is running in a VPC). Can be `default`, `dedicated`, or `host`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/LaunchTemplateTagSpecification:LaunchTemplateTagSpecification": { + "properties": { + "resourceType": { + "type": "string", + "description": "The type of resource to tag.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/ManagedPrefixListEntry:ManagedPrefixListEntry": { + "properties": { + "cidr": { + "type": "string", + "description": "CIDR block of this entry.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description of this entry. Due to API limitations, updating only the description of an existing entry requires temporarily removing and re-adding the entry.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidr" + ] + }, + "aws:ec2/NetworkAclEgress:NetworkAclEgress": { + "properties": { + "action": { + "type": "string", + "description": "The action to take.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block to match. This must be a\nvalid network mask.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fromPort": { + "type": "integer", + "description": "The from port to match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "icmpCode": { + "type": "integer", + "description": "The ICMP type code to be used. Default 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "icmpType": { + "type": "integer", + "description": "The ICMP type to be used. Default 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol to match. If using the -1 'all'\nprotocol, you must specify a from and to port of 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleNo": { + "type": "integer", + "description": "The rule number. Used for ordering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "The to port to match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "fromPort", + "protocol", + "ruleNo", + "toPort" + ] + }, + "aws:ec2/NetworkAclIngress:NetworkAclIngress": { + "properties": { + "action": { + "type": "string", + "description": "The action to take.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block to match. This must be a\nvalid network mask.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fromPort": { + "type": "integer", + "description": "The from port to match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "icmpCode": { + "type": "integer", + "description": "The ICMP type code to be used. Default 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "icmpType": { + "type": "integer", + "description": "The ICMP type to be used. Default 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol to match. If using the -1 'all'\nprotocol, you must specify a from and to port of 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleNo": { + "type": "integer", + "description": "The rule number. Used for ordering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "The to port to match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "fromPort", + "protocol", + "ruleNo", + "toPort" + ] + }, + "aws:ec2/NetworkInterfaceAttachment:NetworkInterfaceAttachment": { + "properties": { + "attachmentId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceIndex": { + "type": "integer", + "description": "Integer to define the devices index.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instance": { + "type": "string", + "description": "ID of the instance to attach to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceIndex", + "instance" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "attachmentId", + "deviceIndex", + "instance" + ] + } + } + }, + "aws:ec2/PeeringConnectionOptionsAccepter:PeeringConnectionOptionsAccepter": { + "properties": { + "allowClassicLinkToRemoteVpc": { + "type": "boolean", + "description": "Allow a local linked EC2-Classic instance to communicate\nwith instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection\nto the remote VPC. This option is not supported for inter-region VPC peering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowRemoteVpcDnsResolution": { + "type": "boolean", + "description": "Allow a local VPC to resolve public DNS hostnames to\nprivate IP addresses when queried from instances in the peer VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowVpcToRemoteClassicLink": { + "type": "boolean", + "description": "Allow a local VPC to communicate with a linked EC2-Classic\ninstance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink\nconnection. This option is not supported for inter-region VPC peering.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/PeeringConnectionOptionsRequester:PeeringConnectionOptionsRequester": { + "properties": { + "allowClassicLinkToRemoteVpc": { + "type": "boolean", + "description": "Allow a local linked EC2-Classic instance to communicate\nwith instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection\nto the remote VPC. This option is not supported for inter-region VPC peering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowRemoteVpcDnsResolution": { + "type": "boolean", + "description": "Allow a local VPC to resolve public DNS hostnames to\nprivate IP addresses when queried from instances in the peer VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowVpcToRemoteClassicLink": { + "type": "boolean", + "description": "Allow a local VPC to communicate with a linked EC2-Classic\ninstance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink\nconnection. This option is not supported for inter-region VPC peering.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/PlacementStrategy:PlacementStrategy": { + "description": "The strategy of the placement group determines how the instances are organized within the group.\nSee https://docs.aws.amazon.com/cli/latest/reference/ec2/create-placement-group.html", + "type": "string", + "enum": [ + { + "name": "Spread", + "description": "A `spread` placement group places instances on distinct hardware.", + "value": "spread" + }, + { + "name": "Cluster", + "description": "A `cluster` placement group is a logical grouping of instances within a single\nAvailability Zone that benefit from low network latency, high network throughput.", + "value": "cluster" + } + ] + }, + "aws:ec2/ProtocolType:ProtocolType": { + "type": "string", + "enum": [ + { + "name": "All", + "value": "all" + }, + { + "name": "TCP", + "value": "tcp" + }, + { + "name": "UDP", + "value": "udp" + }, + { + "name": "ICMP", + "value": "icmp" + } + ] + }, + "aws:ec2/RouteTableRoute:RouteTableRoute": { + "properties": { + "carrierGatewayId": { + "type": "string", + "description": "Identifier of a carrier gateway. This attribute can only be used when the VPC contains a subnet which is associated with a Wavelength Zone.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block of the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "destinationPrefixListId": { + "type": "string", + "description": "The ID of a managed prefix list destination of the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "egressOnlyGatewayId": { + "type": "string", + "description": "Identifier of a VPC Egress Only Internet Gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gatewayId": { + "type": "string", + "description": "Identifier of a VPC internet gateway or a virtual private gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceId": { + "type": "string", + "description": "Identifier of an EC2 instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The Ipv6 CIDR block of the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "localGatewayId": { + "type": "string", + "description": "Identifier of a Outpost local gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "natGatewayId": { + "type": "string", + "description": "Identifier of a VPC NAT gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkInterfaceId": { + "type": "string", + "description": "Identifier of an EC2 network interface.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of an EC2 Transit Gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcEndpointId": { + "type": "string", + "description": "Identifier of a VPC Endpoint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "Identifier of a VPC peering connection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/SecurityGroupEgress:SecurityGroupEgress": { + "properties": { + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CIDR blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description of this egress rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fromPort": { + "type": "integer", + "description": "Start port (or ICMP type number if protocol is `icmp`)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv6 CIDR blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefixListIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Prefix List IDs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol. If you select a protocol of `-1` (semantically equivalent to `all`, which is not a valid value here), you must specify a `from_port` and `to_port` equal to 0. The supported values are defined in the `IpProtocol` argument in the [IpPermission](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IpPermission.html) API reference. This argument is normalized to a lowercase value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "self": { + "type": "boolean", + "description": "Whether the security group itself will be added as a source to this egress rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "End range port (or ICMP code if protocol is `icmp`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fromPort", + "protocol", + "toPort" + ] + }, + "aws:ec2/SecurityGroupIngress:SecurityGroupIngress": { + "properties": { + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CIDR blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description of this egress rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fromPort": { + "type": "integer", + "description": "Start port (or ICMP type number if protocol is `icmp`)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv6 CIDR blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefixListIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Prefix List IDs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol. If you select a protocol of `-1` (semantically equivalent to `all`, which is not a valid value here), you must specify a `from_port` and `to_port` equal to 0. The supported values are defined in the `IpProtocol` argument in the [IpPermission](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_IpPermission.html) API reference. This argument is normalized to a lowercase value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group Group Names if using EC2-Classic, or Group IDs if using a VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "self": { + "type": "boolean", + "description": "Whether the security group itself will be added as a source to this egress rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "End range port (or ICMP code if protocol is `icmp`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fromPort", + "protocol", + "toPort" + ] + }, + "aws:ec2/SpotFleetRequestLaunchSpecification:SpotFleetRequestLaunchSpecification": { + "properties": { + "ami": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "associatePublicIpAddress": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "availabilityZone": { + "type": "string", + "description": "The availability zone in which to place the request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchSpecificationEbsBlockDevice:SpotFleetRequestLaunchSpecificationEbsBlockDevice" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "ebsOptimized": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchSpecificationEphemeralBlockDevice:SpotFleetRequestLaunchSpecificationEphemeralBlockDevice" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "iamInstanceProfile": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "iamInstanceProfileArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "The type of instance to request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "keyName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "monitoring": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "placementGroup": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "placementTenancy": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "rootBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchSpecificationRootBlockDevice:SpotFleetRequestLaunchSpecificationRootBlockDevice" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "spotPrice": { + "type": "string", + "description": "The maximum spot bid for this override request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "The subnet in which to launch the requested instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userData": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "weightedCapacity": { + "type": "string", + "description": "The capacity added to the fleet by a fulfilled request.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "ami", + "instanceType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "ami", + "availabilityZone", + "ebsBlockDevices", + "ephemeralBlockDevices", + "instanceType", + "keyName", + "placementGroup", + "rootBlockDevices", + "subnetId", + "vpcSecurityGroupIds" + ] + } + } + }, + "aws:ec2/SpotFleetRequestLaunchSpecificationEbsBlockDevice:SpotFleetRequestLaunchSpecificationEbsBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "deviceName", + "encrypted", + "iops", + "kmsKeyId", + "snapshotId", + "throughput", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/SpotFleetRequestLaunchSpecificationEphemeralBlockDevice:SpotFleetRequestLaunchSpecificationEphemeralBlockDevice": { + "properties": { + "deviceName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName", + "virtualName" + ] + }, + "aws:ec2/SpotFleetRequestLaunchSpecificationRootBlockDevice:SpotFleetRequestLaunchSpecificationRootBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "encrypted", + "iops", + "kmsKeyId", + "throughput", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/SpotFleetRequestLaunchTemplateConfig:SpotFleetRequestLaunchTemplateConfig": { + "properties": { + "launchTemplateSpecification": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecification:SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecification", + "description": "Launch template specification. See Launch Template Specification below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "overrides": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchTemplateConfigOverride:SpotFleetRequestLaunchTemplateConfigOverride" + }, + "description": "One or more override configurations. See Overrides below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "launchTemplateSpecification" + ] + }, + "aws:ec2/SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecification:SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecification": { + "properties": { + "id": { + "type": "string", + "description": "The ID of the launch template. Conflicts with `name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the launch template. Conflicts with `id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "Template version. Unlike the autoscaling equivalent, does not support `$Latest` or `$Default`, so use the launch_template resource's attribute, e.g. `\"${aws_launch_template.foo.latest_version}\"`. It will use the default version if omitted.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/SpotFleetRequestLaunchTemplateConfigOverride:SpotFleetRequestLaunchTemplateConfigOverride": { + "properties": { + "availabilityZone": { + "type": "string", + "description": "The availability zone in which to place the request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "The type of instance to request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "number", + "description": "The priority for the launch template override. The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotPrice": { + "type": "string", + "description": "The maximum spot bid for this override request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "The subnet in which to launch the requested instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weightedCapacity": { + "type": "number", + "description": "The capacity added to the fleet by a fulfilled request.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "priority", + "spotPrice", + "subnetId", + "weightedCapacity" + ] + } + } + }, + "aws:ec2/SpotFleetRequestSpotMaintenanceStrategies:SpotFleetRequestSpotMaintenanceStrategies": { + "properties": { + "capacityRebalance": { + "$ref": "#/types/aws:ec2/SpotFleetRequestSpotMaintenanceStrategiesCapacityRebalance:SpotFleetRequestSpotMaintenanceStrategiesCapacityRebalance", + "description": "Nested argument containing the capacity rebalance for your fleet request. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/SpotFleetRequestSpotMaintenanceStrategiesCapacityRebalance:SpotFleetRequestSpotMaintenanceStrategiesCapacityRebalance": { + "properties": { + "replacementStrategy": { + "type": "string", + "description": "The replacement strategy to use. Only available for spot fleets with `fleet_type` set to `maintain`. Valid values: `launch`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/SpotInstanceRequestCapacityReservationSpecification:SpotInstanceRequestCapacityReservationSpecification": { + "properties": { + "capacityReservationPreference": { + "type": "string", + "description": "Indicates the instance's Capacity Reservation preferences. Can be `\"open\"` or `\"none\"`. (Default: `\"open\"`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "capacityReservationTarget": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestCapacityReservationSpecificationCapacityReservationTarget:SpotInstanceRequestCapacityReservationSpecificationCapacityReservationTarget", + "description": "Information about the target Capacity Reservation. See Capacity Reservation Target below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/SpotInstanceRequestCapacityReservationSpecificationCapacityReservationTarget:SpotInstanceRequestCapacityReservationSpecificationCapacityReservationTarget": { + "properties": { + "capacityReservationId": { + "type": "string", + "description": "The ID of the Capacity Reservation in which to run the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/SpotInstanceRequestCreditSpecification:SpotInstanceRequestCreditSpecification": { + "properties": { + "cpuCredits": { + "type": "string", + "description": "Credit option for CPU usage. Valid values include `standard` or `unlimited`. T3 instances are launched as unlimited by default. T2 instances are launched as standard by default.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/SpotInstanceRequestEbsBlockDevice:SpotInstanceRequestEbsBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Whether the volume should be destroyed on instance termination. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "description": "Name of the device to mount.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "Enables [EBS encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html) on the volume. Defaults to `false`. Cannot be used with `snapshot_id`. Must be configured to perform drift detection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volume_type of `io1`, `io2` or `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "description": "Snapshot ID to mount.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "description": "Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volume_type` of `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "Size of the volume in gibibytes (GiB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "deviceName", + "encrypted", + "iops", + "kmsKeyId", + "snapshotId", + "throughput", + "volumeId", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/SpotInstanceRequestEnclaveOptions:SpotInstanceRequestEnclaveOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether Nitro Enclaves will be enabled on the instance. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "enabled" + ] + } + } + }, + "aws:ec2/SpotInstanceRequestEphemeralBlockDevice:SpotInstanceRequestEphemeralBlockDevice": { + "properties": { + "deviceName": { + "type": "string", + "description": "The name of the block device to mount on the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "boolean", + "description": "Suppresses the specified device included in the AMI's block device mapping.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "[Instance Store Device Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames) (e.g. `ephemeral0`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName" + ] + }, + "aws:ec2/SpotInstanceRequestLaunchTemplate:SpotInstanceRequestLaunchTemplate": { + "properties": { + "id": { + "type": "string", + "description": "The ID of the launch template. Conflicts with `name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the launch template. Conflicts with `id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "Template version. Can be a specific version number, `$Latest` or `$Default`. The default value is `$Default`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "name" + ] + } + } + }, + "aws:ec2/SpotInstanceRequestMetadataOptions:SpotInstanceRequestMetadataOptions": { + "properties": { + "httpEndpoint": { + "type": "string", + "description": "Whether the metadata service is available. Valid values include `enabled` or `disabled`. Defaults to `enabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpPutResponseHopLimit": { + "type": "integer", + "description": "Desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel. Valid values are integer from `1` to `64`. Defaults to `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpTokens": { + "type": "string", + "description": "Whether or not the metadata service requires session tokens, also referred to as _Instance Metadata Service Version 2 (IMDSv2)_. Valid values include `optional` or `required`. Defaults to `optional`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "httpEndpoint", + "httpPutResponseHopLimit", + "httpTokens" + ] + } + } + }, + "aws:ec2/SpotInstanceRequestNetworkInterface:SpotInstanceRequestNetworkInterface": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Whether or not to delete the network interface on instance termination. Defaults to `false`. Currently, the only valid value is `false`, as this is only supported when creating new network interfaces when launching an instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceIndex": { + "type": "integer", + "description": "Integer index of the network interface attachment. Limited by instance type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkInterfaceId": { + "type": "string", + "description": "ID of the network interface to attach.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceIndex", + "networkInterfaceId" + ] + }, + "aws:ec2/SpotInstanceRequestRootBlockDevice:SpotInstanceRequestRootBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Whether the volume should be destroyed on instance termination. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "description": "Name of the device to mount.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "Whether to enable volume encryption. Defaults to `false`. Must be configured to perform drift detection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "Amount of provisioned [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html). Only valid for volume_type of `io1`, `io2` or `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the KMS Key to use when encrypting the volume. Must be configured to perform drift detection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "description": "Throughput to provision for a volume in mebibytes per second (MiB/s). This is only valid for `volume_type` of `gp3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "Size of the volume in gibibytes (GiB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "Type of volume. Valid values include `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1`, or `st1`. Defaults to `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "deviceName", + "encrypted", + "iops", + "kmsKeyId", + "throughput", + "volumeId", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:ec2/Tenancy:Tenancy": { + "type": "string", + "enum": [ + { + "name": "Default", + "value": "default" + }, + { + "name": "Dedicated", + "value": "dedicated" + } + ] + }, + "aws:ec2/TrafficMirrorFilterRuleDestinationPortRange:TrafficMirrorFilterRuleDestinationPortRange": { + "properties": { + "fromPort": { + "type": "integer", + "description": "Starting port of the range\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "Ending port of the range\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/TrafficMirrorFilterRuleSourcePortRange:TrafficMirrorFilterRuleSourcePortRange": { + "properties": { + "fromPort": { + "type": "integer", + "description": "Starting port of the range\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "Ending port of the range\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/VpcEndpointDnsEntry:VpcEndpointDnsEntry": { + "properties": { + "dnsName": { + "type": "string", + "description": "The DNS name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hostedZoneId": { + "type": "string", + "description": "The ID of the private hosted zone.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "dnsName", + "hostedZoneId" + ] + } + } + }, + "aws:ec2/VpcEndpointServicePrivateDnsNameConfiguration:VpcEndpointServicePrivateDnsNameConfiguration": { + "properties": { + "name": { + "type": "string", + "description": "Name of the record subdomain the service provider needs to create.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "state": { + "type": "string", + "description": "Verification state of the VPC endpoint service. Consumers of the endpoint service can use the private name only when the state is `verified`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Endpoint service verification type, for example `TXT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Value the service provider adds to the private DNS name domain record before verification.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "name", + "state", + "type", + "value" + ] + } + } + }, + "aws:ec2/VpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter": { + "properties": { + "allowClassicLinkToRemoteVpc": { + "type": "boolean", + "description": "Allow a local linked EC2-Classic instance to communicate\nwith instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection\nto the remote VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowRemoteVpcDnsResolution": { + "type": "boolean", + "description": "Allow a local VPC to resolve public DNS hostnames to\nprivate IP addresses when queried from instances in the peer VPC. This is\n[not supported](https://docs.aws.amazon.com/vpc/latest/peering/modify-peering-connections.html) for\ninter-region VPC peering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowVpcToRemoteClassicLink": { + "type": "boolean", + "description": "Allow a local VPC to communicate with a linked EC2-Classic\ninstance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink\nconnection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/VpcPeeringConnectionAccepterAccepter:VpcPeeringConnectionAccepterAccepter": { + "properties": { + "allowClassicLinkToRemoteVpc": { + "type": "boolean", + "description": "Indicates whether a local ClassicLink connection can communicate\nwith the peer VPC over the VPC Peering Connection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowRemoteVpcDnsResolution": { + "type": "boolean", + "description": "Indicates whether a local VPC can resolve public DNS hostnames to\nprivate IP addresses when queried from instances in a peer VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowVpcToRemoteClassicLink": { + "type": "boolean", + "description": "Indicates whether a local VPC can communicate with a ClassicLink\nconnection in the peer VPC over the VPC Peering Connection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/VpcPeeringConnectionAccepterRequester:VpcPeeringConnectionAccepterRequester": { + "properties": { + "allowClassicLinkToRemoteVpc": { + "type": "boolean", + "description": "Indicates whether a local ClassicLink connection can communicate\nwith the peer VPC over the VPC Peering Connection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowRemoteVpcDnsResolution": { + "type": "boolean", + "description": "Indicates whether a local VPC can resolve public DNS hostnames to\nprivate IP addresses when queried from instances in a peer VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowVpcToRemoteClassicLink": { + "type": "boolean", + "description": "Indicates whether a local VPC can communicate with a ClassicLink\nconnection in the peer VPC over the VPC Peering Connection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/VpcPeeringConnectionRequester:VpcPeeringConnectionRequester": { + "properties": { + "allowClassicLinkToRemoteVpc": { + "type": "boolean", + "description": "Allow a local linked EC2-Classic instance to communicate\nwith instances in a peer VPC. This enables an outbound communication from the local ClassicLink connection\nto the remote VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowRemoteVpcDnsResolution": { + "type": "boolean", + "description": "Allow a local VPC to resolve public DNS hostnames to\nprivate IP addresses when queried from instances in the peer VPC. This is\n[not supported](https://docs.aws.amazon.com/vpc/latest/peering/modify-peering-connections.html) for\ninter-region VPC peering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowVpcToRemoteClassicLink": { + "type": "boolean", + "description": "Allow a local VPC to communicate with a linked EC2-Classic\ninstance in a peer VPC. This enables an outbound communication from the local VPC to the remote ClassicLink\nconnection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ec2/VpnConnectionRoute:VpnConnectionRoute": { + "properties": { + "destinationCidrBlock": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "source": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "state": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "destinationCidrBlock", + "source", + "state" + ] + } + } + }, + "aws:ec2/VpnConnectionVgwTelemetry:VpnConnectionVgwTelemetry": { + "properties": { + "acceptedRouteCount": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "lastStatusChange": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "outsideIpAddress": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusMessage": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "acceptedRouteCount", + "lastStatusChange", + "outsideIpAddress", + "status", + "statusMessage" + ] + } + } + }, + "aws:ec2/getAmiBlockDeviceMapping:getAmiBlockDeviceMapping": { + "properties": { + "deviceName": { + "type": "string", + "description": "The physical name of the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebs": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map containing EBS information, if the device is EBS based. Unlike most object attributes, these are accessed directly (e.g. `ebs.volume_size` or `ebs[\"volume_size\"]`) rather than accessed through the first element of a list (e.g. `ebs[0].volume_size`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "string", + "description": "Suppresses the specified device included in the block device mapping of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "The virtual device name (for instance stores).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName", + "ebs", + "noDevice", + "virtualName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getAmiFilter:getAmiFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the AMI that was provided during image creation.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getAmiIdsFilter:getAmiIdsFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getAmiProductCode:getAmiProductCode": { + "properties": { + "productCodeId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "productCodeType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "productCodeId", + "productCodeType" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getCoipPoolFilter:getCoipPoolFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCoipPools.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA COIP Pool will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getCoipPoolsFilter:getCoipPoolsFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeCoipPools.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA COIP Pool will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getCustomerGatewayFilter:getCustomerGatewayFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getElasticIpFilter:getElasticIpFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getInstanceCreditSpecification:getInstanceCreditSpecification": { + "properties": { + "cpuCredits": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cpuCredits" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInstanceEbsBlockDevice:getInstanceEbsBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "If the root block device will be deleted on termination.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "description": "The physical name of the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "If the EBS volume is encrypted.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "`0` If the volume is not a provisioned IOPS image, otherwise the supported IOPS count.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "description": "The ID of the snapshot.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the Instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "description": "The throughput of the volume, in MiB/s.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "The size of the volume, in GiB.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "The type of the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deleteOnTermination", + "deviceName", + "encrypted", + "iops", + "kmsKeyId", + "snapshotId", + "tags", + "throughput", + "volumeId", + "volumeSize", + "volumeType" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInstanceEnclaveOption:getInstanceEnclaveOption": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether Nitro Enclaves are enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInstanceEphemeralBlockDevice:getInstanceEphemeralBlockDevice": { + "properties": { + "deviceName": { + "type": "string", + "description": "The physical name of the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "boolean", + "description": "Whether the specified device included in the device mapping was suppressed or not (Boolean).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "The virtual device name.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInstanceFilter:getInstanceFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getInstanceMetadataOption:getInstanceMetadataOption": { + "properties": { + "httpEndpoint": { + "type": "string", + "description": "The state of the metadata service: `enabled`, `disabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpPutResponseHopLimit": { + "type": "integer", + "description": "The desired HTTP PUT response hop limit for instance metadata requests.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpTokens": { + "type": "string", + "description": "If session tokens are required: `optional`, `required`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "httpEndpoint", + "httpPutResponseHopLimit", + "httpTokens" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInstanceRootBlockDevice:getInstanceRootBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "If the root block device will be deleted on termination.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "description": "The physical name of the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "If the EBS volume is encrypted.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "`0` If the volume is not a provisioned IOPS image, otherwise the supported IOPS count.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the Instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "description": "The throughput of the volume, in MiB/s.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "The size of the volume, in GiB.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "The type of the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deleteOnTermination", + "deviceName", + "encrypted", + "iops", + "kmsKeyId", + "tags", + "throughput", + "volumeId", + "volumeSize", + "volumeType" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInstanceTypeFpga:getInstanceTypeFpga": { + "properties": { + "count": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "manufacturer": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "memorySize": { + "type": "integer", + "description": "Size of the instance memory, in MiB.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "count", + "manufacturer", + "memorySize", + "name" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInstanceTypeGpus:getInstanceTypeGpus": { + "properties": { + "count": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "manufacturer": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "memorySize": { + "type": "integer", + "description": "Size of the instance memory, in MiB.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "count", + "manufacturer", + "memorySize", + "name" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInstanceTypeInferenceAccelerator:getInstanceTypeInferenceAccelerator": { + "properties": { + "count": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "manufacturer": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "count", + "manufacturer", + "name" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInstanceTypeInstanceDisk:getInstanceTypeInstanceDisk": { + "properties": { + "count": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "count", + "size", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInstanceTypeOfferingFilter:getInstanceTypeOfferingFilter": { + "properties": { + "name": { + "type": "string", + "description": "Name of the filter. The `location` filter depends on the top-level `location_type` argument and if not specified, defaults to the current region.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more values for the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getInstanceTypeOfferingsFilter:getInstanceTypeOfferingsFilter": { + "properties": { + "name": { + "type": "string", + "description": "Name of the filter. The `location` filter depends on the top-level `location_type` argument and if not specified, defaults to the current region.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more values for the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getInstancesFilter:getInstancesFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getInternetGatewayAttachment:getInternetGatewayAttachment": { + "properties": { + "state": { + "type": "string", + "description": "The current state of the attachment between the gateway and the VPC. Present only if a VPC is attached\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "The ID of an attached VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "state", + "vpcId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getInternetGatewayFilter:getInternetGatewayFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInternetGateways.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nAn Internet Gateway will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getLaunchConfigurationEbsBlockDevice:getLaunchConfigurationEbsBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Whether the EBS Volume will be deleted on instance termination.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "description": "The Name of the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "Whether the volume is Encrypted.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "The provisioned IOPs of the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "boolean", + "description": "Whether the device in the block device mapping of the AMI is suppressed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "description": "The Snapshot ID of the mount.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "boolean", + "description": "The Throughput of the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "The Size of the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "The Type of the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deleteOnTermination", + "deviceName", + "encrypted", + "iops", + "noDevice", + "snapshotId", + "throughput", + "volumeSize", + "volumeType" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchConfigurationEphemeralBlockDevice:getLaunchConfigurationEphemeralBlockDevice": { + "properties": { + "deviceName": { + "type": "string", + "description": "The Name of the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "The Virtual Name of the device.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName", + "virtualName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchConfigurationMetadataOption:getLaunchConfigurationMetadataOption": { + "properties": { + "httpEndpoint": { + "type": "string", + "description": "The state of the metadata service: `enabled`, `disabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpPutResponseHopLimit": { + "type": "integer", + "description": "The desired HTTP PUT response hop limit for instance metadata requests.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpTokens": { + "type": "string", + "description": "If session tokens are required: `optional`, `required`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "httpEndpoint", + "httpPutResponseHopLimit", + "httpTokens" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchConfigurationRootBlockDevice:getLaunchConfigurationRootBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Whether the EBS Volume will be deleted on instance termination.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "Whether the volume is Encrypted.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "The provisioned IOPs of the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "boolean", + "description": "The Throughput of the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "The Size of the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "The Type of the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deleteOnTermination", + "encrypted", + "iops", + "throughput", + "volumeSize", + "volumeType" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateBlockDeviceMapping:getLaunchTemplateBlockDeviceMapping": { + "properties": { + "deviceName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebs": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateBlockDeviceMappingEb:getLaunchTemplateBlockDeviceMappingEb" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName", + "ebs", + "noDevice", + "virtualName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateBlockDeviceMappingEb:getLaunchTemplateBlockDeviceMappingEb": { + "properties": { + "deleteOnTermination": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "throughput": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deleteOnTermination", + "encrypted", + "iops", + "kmsKeyId", + "snapshotId", + "throughput", + "volumeSize", + "volumeType" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateCreditSpecification:getLaunchTemplateCreditSpecification": { + "properties": { + "cpuCredits": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cpuCredits" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateElasticGpuSpecification:getLaunchTemplateElasticGpuSpecification": { + "properties": { + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateEnclaveOption:getLaunchTemplateEnclaveOption": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether Nitro Enclaves are enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateFilter:getLaunchTemplateFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribeLaunchTemplates API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLaunchTemplates.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getLaunchTemplateHibernationOption:getLaunchTemplateHibernationOption": { + "properties": { + "configured": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "configured" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateIamInstanceProfile:getLaunchTemplateIamInstanceProfile": { + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the launch template.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribeLaunchTemplates API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLaunchTemplates.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "name" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateInstanceMarketOption:getLaunchTemplateInstanceMarketOption": { + "properties": { + "marketType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateInstanceMarketOptionSpotOption:getLaunchTemplateInstanceMarketOptionSpotOption" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "marketType", + "spotOptions" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateInstanceMarketOptionSpotOption:getLaunchTemplateInstanceMarketOptionSpotOption": { + "properties": { + "blockDurationMinutes": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceInterruptionBehavior": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxPrice": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotInstanceType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "validUntil": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "blockDurationMinutes", + "instanceInterruptionBehavior", + "maxPrice", + "spotInstanceType", + "validUntil" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateMetadataOption:getLaunchTemplateMetadataOption": { + "properties": { + "httpEndpoint": { + "type": "string", + "description": "The state of the metadata service: `enabled`, `disabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpPutResponseHopLimit": { + "type": "integer", + "description": "The desired HTTP PUT response hop limit for instance metadata requests.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpTokens": { + "type": "string", + "description": "If session tokens are required: `optional`, `required`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "httpEndpoint", + "httpPutResponseHopLimit", + "httpTokens" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateMonitoring:getLaunchTemplateMonitoring": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether Nitro Enclaves are enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateNetworkInterface:getLaunchTemplateNetworkInterface": { + "properties": { + "associateCarrierIpAddress": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "associatePublicIpAddress": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "deleteOnTermination": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description of the launch template.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceIndex": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "interfaceType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv4AddressCount": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv4Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6AddressCount": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "networkInterfaceId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateIpAddress": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "associateCarrierIpAddress", + "description", + "deviceIndex", + "interfaceType", + "ipv4AddressCount", + "ipv4Addresses", + "ipv6AddressCount", + "ipv6Addresses", + "networkInterfaceId", + "privateIpAddress", + "securityGroups", + "subnetId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplatePlacement:getLaunchTemplatePlacement": { + "properties": { + "affinity": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "availabilityZone": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "hostId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "hostResourceGroupArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "partitionNumber": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "spreadDomain": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "tenancy": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "affinity", + "availabilityZone", + "groupName", + "hostId", + "hostResourceGroupArn", + "partitionNumber", + "spreadDomain", + "tenancy" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLaunchTemplateTagSpecification:getLaunchTemplateTagSpecification": { + "properties": { + "resourceType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match a pair on the desired Launch Template.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceType", + "tags" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getLocalGatewayFilter:getLocalGatewayFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA Local Gateway will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getLocalGatewayRouteTableFilter:getLocalGatewayRouteTableFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTables.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA local gateway route table will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getLocalGatewayRouteTablesFilter:getLocalGatewayRouteTablesFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayRouteTables.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA Local Gateway Route Table will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getLocalGatewayVirtualInterfaceFilter:getLocalGatewayVirtualInterfaceFilter": { + "properties": { + "name": { + "type": "string", + "description": "Name of the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more values for the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getLocalGatewayVirtualInterfaceGroupFilter:getLocalGatewayVirtualInterfaceGroupFilter": { + "properties": { + "name": { + "type": "string", + "description": "Name of the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more values for the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getLocalGatewayVirtualInterfaceGroupsFilter:getLocalGatewayVirtualInterfaceGroupsFilter": { + "properties": { + "name": { + "type": "string", + "description": "Name of the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more values for the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getLocalGatewaysFilter:getLocalGatewaysFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGateways.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA Local Gateway will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getManagedPrefixListEntry:getManagedPrefixListEntry": { + "properties": { + "cidr": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidr", + "description" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getManagedPrefixListFilter:getManagedPrefixListFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the EC2 [DescribeManagedPrefixLists](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeManagedPrefixLists.html) API Reference.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getNatGatewayFilter:getNatGatewayFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNatGateways.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nAn Nat Gateway will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getNetworkAclsFilter:getNetworkAclsFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkAcls.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA VPC will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getNetworkInterfaceAssociation:getNetworkInterfaceAssociation": { + "properties": { + "allocationId": { + "type": "string", + "description": "The allocation ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "associationId": { + "type": "string", + "description": "The association ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "carrierIp": { + "type": "string", + "description": "The carrier IP address associated with the network interface. This attribute is only set when the network interface is in a subnet which is associated with a Wavelength Zone.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customerOwnedIp": { + "type": "string", + "description": "The customer-owned IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipOwnerId": { + "type": "string", + "description": "The ID of the Elastic IP address owner.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "publicDnsName": { + "type": "string", + "description": "The public DNS name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "publicIp": { + "type": "string", + "description": "The address of the Elastic IP address bound to the network interface.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationId", + "associationId", + "carrierIp", + "customerOwnedIp", + "ipOwnerId", + "publicDnsName", + "publicIp" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getNetworkInterfaceAttachment:getNetworkInterfaceAttachment": { + "properties": { + "attachmentId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceIndex": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceOwnerId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "attachmentId", + "deviceIndex", + "instanceId", + "instanceOwnerId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getNetworkInterfaceFilter:getNetworkInterfaceFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getNetworkInterfacesFilter:getNetworkInterfacesFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInterfaces.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getPrefixListFilter:getPrefixListFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribePrefixLists API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePrefixLists.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getRouteTableAssociation:getRouteTableAssociation": { + "properties": { + "gatewayId": { + "type": "string", + "description": "ID of an Internet Gateway or Virtual Private Gateway which is connected to the Route Table (not exported if not passed as a parameter).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "main": { + "type": "boolean", + "description": "Whether the association is due to the main route table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "routeTableAssociationId": { + "type": "string", + "description": "Association ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "routeTableId": { + "type": "string", + "description": "ID of the specific Route Table to retrieve.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "ID of a Subnet which is connected to the Route Table (not exported if not passed as a parameter).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "gatewayId", + "main", + "routeTableAssociationId", + "routeTableId", + "subnetId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getRouteTableFilter:getRouteTableFilter": { + "properties": { + "name": { + "type": "string", + "description": "Name of the field to filter by, as defined by [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field. A Route Table will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getRouteTableRoute:getRouteTableRoute": { + "properties": { + "carrierGatewayId": { + "type": "string", + "description": "ID of the Carrier Gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cidrBlock": { + "type": "string", + "description": "CIDR block of the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "destinationPrefixListId": { + "type": "string", + "description": "The ID of a managed prefix list destination of the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "egressOnlyGatewayId": { + "type": "string", + "description": "ID of the Egress Only Internet Gateway.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gatewayId": { + "type": "string", + "description": "ID of an Internet Gateway or Virtual Private Gateway which is connected to the Route Table (not exported if not passed as a parameter).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceId": { + "type": "string", + "description": "EC2 instance ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6CidrBlock": { + "type": "string", + "description": "IPv6 CIDR block of the route.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "localGatewayId": { + "type": "string", + "description": "Local Gateway ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "natGatewayId": { + "type": "string", + "description": "NAT Gateway ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkInterfaceId": { + "type": "string", + "description": "ID of the elastic network interface (eni) to use.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "transitGatewayId": { + "type": "string", + "description": "EC2 Transit Gateway ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcEndpointId": { + "type": "string", + "description": "VPC Endpoint ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "VPC Peering ID.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "carrierGatewayId", + "cidrBlock", + "destinationPrefixListId", + "egressOnlyGatewayId", + "gatewayId", + "instanceId", + "ipv6CidrBlock", + "localGatewayId", + "natGatewayId", + "networkInterfaceId", + "transitGatewayId", + "vpcEndpointId", + "vpcPeeringConnectionId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getRouteTablesFilter:getRouteTablesFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeRouteTables.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA Route Table will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getSecurityGroupFilter:getSecurityGroupFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA Security Group will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getSecurityGroupsFilter:getSecurityGroupsFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getSpotPriceFilter:getSpotPriceFilter": { + "properties": { + "name": { + "type": "string", + "description": "Name of the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more values for the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getSubnetFilter:getSubnetFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by [the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field. A subnet will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getSubnetIdsFilter:getSubnetIdsFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSubnets.html).\nFor example, if matching against tag `Name`, use:\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nSubnet IDs will be selected if any one of the given values match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getTransitGatewayRouteTablesFilter:getTransitGatewayRouteTablesFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayRouteTables.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA Transit Gateway Route Table will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getVpcCidrBlockAssociation:getVpcCidrBlockAssociation": { + "properties": { + "associationId": { + "type": "string", + "description": "The association ID for the the IPv4 CIDR block.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cidrBlock": { + "type": "string", + "description": "The cidr block of the desired VPC.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "state": { + "type": "string", + "description": "The current state of the desired VPC.\nCan be either `\"pending\"` or `\"available\"`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "associationId", + "cidrBlock", + "state" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getVpcDhcpOptionsFilter:getVpcDhcpOptionsFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values for filtering.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getVpcEndpointDnsEntry:getVpcEndpointDnsEntry": { + "properties": { + "dnsName": { + "type": "string", + "description": "The DNS name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hostedZoneId": { + "type": "string", + "description": "The ID of the private hosted zone.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dnsName", + "hostedZoneId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getVpcEndpointFilter:getVpcEndpointFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpoints.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA VPC Endpoint will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getVpcEndpointServiceFilter:getVpcEndpointServiceFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribeVpcEndpointServices API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcEndpointServices.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getVpcFilter:getVpcFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA VPC will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getVpcPeeringConnectionCidrBlockSet:getVpcPeeringConnectionCidrBlockSet": { + "properties": { + "cidrBlock": { + "type": "string", + "description": "The primary CIDR block of the requester VPC of the specific VPC Peering Connection to retrieve.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidrBlock" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getVpcPeeringConnectionFilter:getVpcPeeringConnectionFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA VPC Peering Connection will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getVpcPeeringConnectionPeerCidrBlockSet:getVpcPeeringConnectionPeerCidrBlockSet": { + "properties": { + "cidrBlock": { + "type": "string", + "description": "The primary CIDR block of the requester VPC of the specific VPC Peering Connection to retrieve.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidrBlock" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ec2/getVpcPeeringConnectionsFilter:getVpcPeeringConnectionsFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcPeeringConnections.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA VPC Peering Connection will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getVpcsFilter:getVpcsFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpcs.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA VPC will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2/getVpnGatewayFilter:getVpnGatewayFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeVpnGateways.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nA VPN Gateway will be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2clientvpn/EndpointAuthenticationOption:EndpointAuthenticationOption": { + "properties": { + "activeDirectoryId": { + "type": "string", + "description": "The ID of the Active Directory to be used for authentication if type is `directory-service-authentication`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rootCertificateChainArn": { + "type": "string", + "description": "The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM). Only necessary when type is set to `certificate-authentication`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "samlProviderArn": { + "type": "string", + "description": "The ARN of the IAM SAML identity provider if type is `federated-authentication`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of client authentication to be used. Specify `certificate-authentication` to use certificate-based authentication, `directory-service-authentication` to use Active Directory authentication, or `federated-authentication` to use Federated Authentication via SAML 2.0.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:ec2clientvpn/EndpointConnectionLogOptions:EndpointConnectionLogOptions": { + "properties": { + "cloudwatchLogGroup": { + "type": "string", + "description": "The name of the CloudWatch Logs log group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchLogStream": { + "type": "string", + "description": "The name of the CloudWatch Logs log stream to which the connection data is published.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether connection logging is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ] + }, + "aws:ec2transitgateway/getDirectConnectGatewayAttachmentFilter:getDirectConnectGatewayAttachmentFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribeTransitGatewayAttachments API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2transitgateway/getPeeringAttachmentFilter:getPeeringAttachmentFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayPeeringAttachments.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given field.\nAn EC2 Transit Gateway Peering Attachment be selected if any one of the given values matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2transitgateway/getRouteTableFilter:getRouteTableFilter": { + "properties": { + "name": { + "type": "string", + "description": "Name of the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more values for the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2transitgateway/getTransitGatewayFilter:getTransitGatewayFilter": { + "properties": { + "name": { + "type": "string", + "description": "Name of the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more values for the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2transitgateway/getVpcAttachmentFilter:getVpcAttachmentFilter": { + "properties": { + "name": { + "type": "string", + "description": "Name of the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more values for the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ec2transitgateway/getVpnAttachmentFilter:getVpnAttachmentFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribeTransitGatewayAttachments API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeTransitGatewayAttachments.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ecr/ReplicationConfigurationReplicationConfiguration:ReplicationConfigurationReplicationConfiguration": { + "properties": { + "rule": { + "$ref": "#/types/aws:ecr/ReplicationConfigurationReplicationConfigurationRule:ReplicationConfigurationReplicationConfigurationRule", + "description": "The replication rules for a replication configuration. See Rule.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "rule" + ] + }, + "aws:ecr/ReplicationConfigurationReplicationConfigurationRule:ReplicationConfigurationReplicationConfigurationRule": { + "properties": { + "destinations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecr/ReplicationConfigurationReplicationConfigurationRuleDestination:ReplicationConfigurationReplicationConfigurationRuleDestination" + }, + "description": "the details of a replication destination. See Destination.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destinations" + ] + }, + "aws:ecr/ReplicationConfigurationReplicationConfigurationRuleDestination:ReplicationConfigurationReplicationConfigurationRuleDestination": { + "properties": { + "region": { + "type": "string", + "description": "A Region to replicate to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "registryId": { + "type": "string", + "description": "The account ID of the destination registry to replicate to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "region", + "registryId" + ] + }, + "aws:ecr/RepositoryEncryptionConfiguration:RepositoryEncryptionConfiguration": { + "properties": { + "encryptionType": { + "type": "string", + "description": "The encryption type to use for the repository. Valid values are `AES256` or `KMS`. Defaults to `AES256`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKey": { + "type": "string", + "description": "The ARN of the KMS key to use when `encryption_type` is `KMS`. If not specified, uses the default AWS managed key for ECR.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "kmsKey" + ] + } + } + }, + "aws:ecr/RepositoryImageScanningConfiguration:RepositoryImageScanningConfiguration": { + "properties": { + "scanOnPush": { + "type": "boolean", + "description": "Indicates whether images are scanned after being pushed to the repository (true) or not scanned (false).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "scanOnPush" + ] + }, + "aws:ecr/getRepositoryEncryptionConfiguration:getRepositoryEncryptionConfiguration": { + "properties": { + "encryptionType": { + "type": "string", + "description": "The encryption type to use for the repository, either `AES256` or `KMS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKey": { + "type": "string", + "description": "If `encryption_type` is `KMS`, the ARN of the KMS key used.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "encryptionType", + "kmsKey" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ecr/getRepositoryImageScanningConfiguration:getRepositoryImageScanningConfiguration": { + "properties": { + "scanOnPush": { + "type": "boolean", + "description": "Indicates whether images are scanned after being pushed to the repository.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "scanOnPush" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ecrpublic/RepositoryCatalogData:RepositoryCatalogData": { + "properties": { + "aboutText": { + "type": "string", + "description": "A detailed description of the contents of the repository. It is publicly visible in the Amazon ECR Public Gallery. The text must be in markdown format.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "architectures": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The system architecture that the images in the repository are compatible with. On the Amazon ECR Public Gallery, the following supported architectures will appear as badges on the repository and are used as search filters: `ARM`, `ARM 64`, `x86`, `x86-64`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "A short description of the contents of the repository. This text appears in both the image details and also when searching for repositories on the Amazon ECR Public Gallery.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logoImageBlob": { + "type": "string", + "description": "The base64-encoded repository logo payload. (Only visible for verified accounts) Note that drift detection is disabled for this attribute.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "operatingSystems": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The operating systems that the images in the repository are compatible with. On the Amazon ECR Public Gallery, the following supported operating systems will appear as badges on the repository and are used as search filters: `Linux`, `Windows`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "usageText": { + "type": "string", + "description": "Detailed information on how to use the contents of the repository. It is publicly visible in the Amazon ECR Public Gallery. The usage text provides context, support information, and additional usage details for users of the repository. The text must be in markdown format.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "logoImageBlob" + ] + } + } + }, + "aws:ecs/CapacityProviderAutoScalingGroupProvider:CapacityProviderAutoScalingGroupProvider": { + "properties": { + "autoScalingGroupArn": { + "type": "string", + "description": "- ARN of the associated auto scaling group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "managedScaling": { + "$ref": "#/types/aws:ecs/CapacityProviderAutoScalingGroupProviderManagedScaling:CapacityProviderAutoScalingGroupProviderManagedScaling", + "description": "- Configuration block defining the parameters of the auto scaling. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "managedTerminationProtection": { + "type": "string", + "description": "- Enables or disables container-aware termination of instances in the auto scaling group when scale-in happens. Valid values are `ENABLED` and `DISABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "autoScalingGroupArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "autoScalingGroupArn", + "managedScaling", + "managedTerminationProtection" + ] + } + } + }, + "aws:ecs/CapacityProviderAutoScalingGroupProviderManagedScaling:CapacityProviderAutoScalingGroupProviderManagedScaling": { + "properties": { + "instanceWarmupPeriod": { + "type": "integer", + "description": "Period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of 300 seconds is used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maximumScalingStepSize": { + "type": "integer", + "description": "Maximum step adjustment size. A number between 1 and 10,000.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minimumScalingStepSize": { + "type": "integer", + "description": "Minimum step adjustment size. A number between 1 and 10,000.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "Whether auto scaling is managed by ECS. Valid values are `ENABLED` and `DISABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetCapacity": { + "type": "integer", + "description": "Target utilization for the capacity provider. A number between 1 and 100.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "instanceWarmupPeriod", + "maximumScalingStepSize", + "minimumScalingStepSize", + "status", + "targetCapacity" + ] + } + } + }, + "aws:ecs/ClusterConfiguration:ClusterConfiguration": { + "properties": { + "executeCommandConfiguration": { + "$ref": "#/types/aws:ecs/ClusterConfigurationExecuteCommandConfiguration:ClusterConfigurationExecuteCommandConfiguration", + "description": "The details of the execute command configuration. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ecs/ClusterConfigurationExecuteCommandConfiguration:ClusterConfigurationExecuteCommandConfiguration": { + "properties": { + "kmsKeyId": { + "type": "string", + "description": "The AWS Key Management Service key ID to encrypt the data between the local client and the container.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logConfiguration": { + "$ref": "#/types/aws:ecs/ClusterConfigurationExecuteCommandConfigurationLogConfiguration:ClusterConfigurationExecuteCommandConfigurationLogConfiguration", + "description": "The log configuration for the results of the execute command actions Required when `logging` is `OVERRIDE`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logging": { + "type": "string", + "description": "The log setting to use for redirecting logs for your execute command results. Valid values are `NONE`, `DEFAULT`, and `OVERRIDE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ecs/ClusterConfigurationExecuteCommandConfigurationLogConfiguration:ClusterConfigurationExecuteCommandConfigurationLogConfiguration": { + "properties": { + "cloudWatchEncryptionEnabled": { + "type": "boolean", + "description": "Whether or not to enable encryption on the CloudWatch logs. If not specified, encryption will be disabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudWatchLogGroupName": { + "type": "string", + "description": "The name of the CloudWatch log group to send logs to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BucketEncryptionEnabled": { + "type": "boolean", + "description": "Whether or not to enable encryption on the logs sent to S3. If not specified, encryption will be disabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BucketName": { + "type": "string", + "description": "The name of the S3 bucket to send logs to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3KeyPrefix": { + "type": "string", + "description": "An optional folder in the S3 bucket to place logs in.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ecs/ClusterDefaultCapacityProviderStrategy:ClusterDefaultCapacityProviderStrategy": { + "properties": { + "base": { + "type": "integer", + "description": "The number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "capacityProvider": { + "type": "string", + "description": "The short name of the capacity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "The relative percentage of the total number of launched tasks that should use the specified capacity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "capacityProvider" + ] + }, + "aws:ecs/ClusterSetting:ClusterSetting": { + "properties": { + "name": { + "type": "string", + "description": "Name of the setting to manage. Valid values: `containerInsights`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value to assign to the setting. Value values are `enabled` and `disabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:ecs/ServiceCapacityProviderStrategy:ServiceCapacityProviderStrategy": { + "properties": { + "base": { + "type": "integer", + "description": "Number of tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a base defined.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "capacityProvider": { + "type": "string", + "description": "Short name of the capacity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "Relative percentage of the total number of launched tasks that should use the specified capacity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "capacityProvider" + ] + }, + "aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker": { + "properties": { + "enable": { + "type": "boolean", + "description": "Whether to enable the deployment circuit breaker logic for the service.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rollback": { + "type": "boolean", + "description": "Whether to enable Amazon ECS to roll back the service if a service deployment fails. If rollback is enabled, when a service deployment fails, the service is rolled back to the last deployment that completed successfully.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enable", + "rollback" + ] + }, + "aws:ecs/ServiceDeploymentController:ServiceDeploymentController": { + "properties": { + "type": { + "type": "string", + "description": "Type of deployment controller. Valid values: `CODE_DEPLOY`, `ECS`, `EXTERNAL`. Default: `ECS`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer": { + "properties": { + "containerName": { + "type": "string", + "description": "Name of the container to associate with the load balancer (as it appears in a container definition).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "containerPort": { + "type": "integer", + "description": "Port on the container to associate with the load balancer.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "elbName": { + "type": "string", + "description": "Name of the ELB (Classic) to associate with the service.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "description": "ARN of the Load Balancer target group to associate with the service.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "containerName", + "containerPort" + ] + }, + "aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration": { + "properties": { + "assignPublicIp": { + "type": "boolean", + "description": "Assign a public IP address to the ENI (Fargate launch type only). Valid values are `true` or `false`. Default `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Security groups associated with the task or service. If you do not specify a security group, the default security group for the VPC is used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Subnets associated with the task or service.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "subnets" + ] + }, + "aws:ecs/ServiceOrderedPlacementStrategy:ServiceOrderedPlacementStrategy": { + "properties": { + "field": { + "type": "string", + "description": "For the `spread` placement strategy, valid values are `instanceId` (or `host`,\nwhich has the same effect), or any platform or custom attribute that is applied to a container instance.\nFor the `binpack` type, valid values are `memory` and `cpu`. For the `random` type, this attribute is not\nneeded. For more information, see [Placement Strategy](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PlacementStrategy.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of placement strategy. Must be one of: `binpack`, `random`, or `spread`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint": { + "properties": { + "expression": { + "type": "string", + "description": "Cluster Query Language expression to apply to the constraint. Does not need to be specified for the `distinctInstance` type. For more information, see [Cluster Query Language in the Amazon EC2 Container Service Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of constraint. The only valid values at this time are `memberOf` and `distinctInstance`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries": { + "properties": { + "containerName": { + "type": "string", + "description": "Container name value, already specified in the task definition, to be used for your service discovery service.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "containerPort": { + "type": "integer", + "description": "Port value, already specified in the task definition, to be used for your service discovery service.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "integer", + "description": "Port value used if your Service Discovery service specified an SRV record.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "registryArn": { + "type": "string", + "description": "ARN of the Service Registry. The currently supported service registry is Amazon Route 53 Auto Naming Service(`aws.servicediscovery.Service`). For more information, see [Service](https://docs.aws.amazon.com/Route53/latest/APIReference/API_autonaming_Service.html)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "registryArn" + ] + }, + "aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage": { + "properties": { + "sizeInGib": { + "type": "integer", + "description": "The total amount, in GiB, of ephemeral storage to set for the task. The minimum supported value is `21` GiB and the maximum supported value is `200` GiB.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "sizeInGib" + ] + }, + "aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator": { + "properties": { + "deviceName": { + "type": "string", + "description": "Elastic Inference accelerator device name. The deviceName must also be referenced in a container definition as a ResourceRequirement.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceType": { + "type": "string", + "description": "Elastic Inference accelerator type to use.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName", + "deviceType" + ] + }, + "aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint": { + "properties": { + "expression": { + "type": "string", + "description": "Cluster Query Language expression to apply to the constraint. For more information, see [Cluster Query Language in the Amazon EC2 Container Service Developer Guide](http://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-query-language.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Proxy type. The default value is `APPMESH`. The only supported value is `APPMESH`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration": { + "properties": { + "containerName": { + "type": "string", + "description": "Name of the container that will serve as the App Mesh proxy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "properties": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Set of network configuration parameters to provide the Container Network Interface (CNI) plugin, specified a key-value mapping.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Proxy type. The default value is `APPMESH`. The only supported value is `APPMESH`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "containerName" + ] + }, + "aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume": { + "properties": { + "dockerVolumeConfiguration": { + "$ref": "#/types/aws:ecs/TaskDefinitionVolumeDockerVolumeConfiguration:TaskDefinitionVolumeDockerVolumeConfiguration", + "description": "Configuration block to configure a docker volume. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "efsVolumeConfiguration": { + "$ref": "#/types/aws:ecs/TaskDefinitionVolumeEfsVolumeConfiguration:TaskDefinitionVolumeEfsVolumeConfiguration", + "description": "Configuration block for an EFS volume. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fsxWindowsFileServerVolumeConfiguration": { + "$ref": "#/types/aws:ecs/TaskDefinitionVolumeFsxWindowsFileServerVolumeConfiguration:TaskDefinitionVolumeFsxWindowsFileServerVolumeConfiguration", + "description": "Configuration block for an FSX Windows File Server volume. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hostPath": { + "type": "string", + "description": "Path on the host container instance that is presented to the container. If not set, ECS will create a nonpersistent data volume that starts empty and is deleted after the task has finished.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the volume. This name is referenced in the `sourceVolume`\nparameter of container definition in the `mountPoints` section.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:ecs/TaskDefinitionVolumeDockerVolumeConfiguration:TaskDefinitionVolumeDockerVolumeConfiguration": { + "properties": { + "autoprovision": { + "type": "boolean", + "description": "If this value is `true`, the Docker volume is created if it does not already exist. *Note*: This field is only used if the scope is `shared`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "driver": { + "type": "string", + "description": "Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "driverOpts": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of Docker driver specific options.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of custom metadata to add to your Docker volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "Scope for the Docker volume, which determines its lifecycle, either `task` or `shared`. Docker volumes that are scoped to a `task` are automatically provisioned when the task starts and destroyed when the task stops. Docker volumes that are scoped as `shared` persist after the task stops.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "scope" + ] + } + } + }, + "aws:ecs/TaskDefinitionVolumeEfsVolumeConfiguration:TaskDefinitionVolumeEfsVolumeConfiguration": { + "properties": { + "authorizationConfig": { + "$ref": "#/types/aws:ecs/TaskDefinitionVolumeEfsVolumeConfigurationAuthorizationConfig:TaskDefinitionVolumeEfsVolumeConfigurationAuthorizationConfig", + "description": "Configuration block for authorization for the Amazon FSx for Windows File Server file system detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fileSystemId": { + "type": "string", + "description": "The Amazon FSx for Windows File Server file system ID to use.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rootDirectory": { + "type": "string", + "description": "The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "transitEncryption": { + "type": "string", + "description": "Whether or not to enable encryption for Amazon EFS data in transit between the Amazon ECS host and the Amazon EFS server. Transit encryption must be enabled if Amazon EFS IAM authorization is used. Valid values: `ENABLED`, `DISABLED`. If this parameter is omitted, the default value of `DISABLED` is used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "transitEncryptionPort": { + "type": "integer", + "description": "Port to use for transit encryption. If you do not specify a transit encryption port, it will use the port selection strategy that the Amazon EFS mount helper uses.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fileSystemId" + ] + }, + "aws:ecs/TaskDefinitionVolumeEfsVolumeConfigurationAuthorizationConfig:TaskDefinitionVolumeEfsVolumeConfigurationAuthorizationConfig": { + "properties": { + "accessPointId": { + "type": "string", + "description": "Access point ID to use. If an access point is specified, the root directory value will be relative to the directory set for the access point. If specified, transit encryption must be enabled in the EFSVolumeConfiguration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iam": { + "type": "string", + "description": "Whether or not to use the Amazon ECS task IAM role defined in a task definition when mounting the Amazon EFS file system. If enabled, transit encryption must be enabled in the EFSVolumeConfiguration. Valid values: `ENABLED`, `DISABLED`. If this parameter is omitted, the default value of `DISABLED` is used.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ecs/TaskDefinitionVolumeFsxWindowsFileServerVolumeConfiguration:TaskDefinitionVolumeFsxWindowsFileServerVolumeConfiguration": { + "properties": { + "authorizationConfig": { + "$ref": "#/types/aws:ecs/TaskDefinitionVolumeFsxWindowsFileServerVolumeConfigurationAuthorizationConfig:TaskDefinitionVolumeFsxWindowsFileServerVolumeConfigurationAuthorizationConfig", + "description": "Configuration block for authorization for the Amazon FSx for Windows File Server file system detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fileSystemId": { + "type": "string", + "description": "The Amazon FSx for Windows File Server file system ID to use.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rootDirectory": { + "type": "string", + "description": "The directory within the Amazon FSx for Windows File Server file system to mount as the root directory inside the host.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationConfig", + "fileSystemId", + "rootDirectory" + ] + }, + "aws:ecs/TaskDefinitionVolumeFsxWindowsFileServerVolumeConfigurationAuthorizationConfig:TaskDefinitionVolumeFsxWindowsFileServerVolumeConfigurationAuthorizationConfig": { + "properties": { + "credentialsParameter": { + "type": "string", + "description": "The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an AWS Secrets Manager secret or AWS Systems Manager Parameter Store parameter. The ARNs refer to the stored credentials.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "domain": { + "type": "string", + "description": "A fully qualified domain name hosted by an AWS Directory Service Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "credentialsParameter", + "domain" + ] + }, + "aws:ecs/getClusterSetting:getClusterSetting": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:efs/AccessPointPosixUser:AccessPointPosixUser": { + "properties": { + "gid": { + "type": "integer", + "description": "POSIX group ID used for all file system operations using this access point.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "secondaryGids": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "Secondary POSIX group IDs used for all file system operations using this access point.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uid": { + "type": "integer", + "description": "POSIX user ID used for all file system operations using this access point.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "gid", + "uid" + ] + }, + "aws:efs/AccessPointRootDirectory:AccessPointRootDirectory": { + "properties": { + "creationInfo": { + "$ref": "#/types/aws:efs/AccessPointRootDirectoryCreationInfo:AccessPointRootDirectoryCreationInfo", + "description": "POSIX IDs and permissions to apply to the access point's Root Directory. See Creation Info below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Path on the EFS file system to expose as the root directory to NFS clients using the access point to access the EFS file system. A path can have up to four subdirectories. If the specified path does not exist, you are required to provide `creation_info`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "creationInfo", + "path" + ] + } + } + }, + "aws:efs/AccessPointRootDirectoryCreationInfo:AccessPointRootDirectoryCreationInfo": { + "properties": { + "ownerGid": { + "type": "integer", + "description": "POSIX group ID to apply to the `root_directory`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ownerUid": { + "type": "integer", + "description": "POSIX user ID to apply to the `root_directory`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "permissions": { + "type": "string", + "description": "POSIX permissions to apply to the RootDirectory, in the format of an octal number representing the file's mode bits.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "ownerGid", + "ownerUid", + "permissions" + ] + }, + "aws:efs/BackupPolicyBackupPolicy:BackupPolicyBackupPolicy": { + "properties": { + "status": { + "type": "string", + "description": "A status of the backup policy. Valid values: `ENABLED`, `DISABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "status" + ] + }, + "aws:efs/FileSystemLifecyclePolicy:FileSystemLifecyclePolicy": { + "properties": { + "transitionToIa": { + "type": "string", + "description": "Indicates how long it takes to transition files to the IA storage class. Valid values: `AFTER_7_DAYS`, `AFTER_14_DAYS`, `AFTER_30_DAYS`, `AFTER_60_DAYS`, or `AFTER_90_DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "transitionToIa" + ] + }, + "aws:efs/FileSystemSizeInByte:FileSystemSizeInByte": { + "properties": { + "value": { + "type": "integer", + "description": "The latest known metered size (in bytes) of data stored in the file system.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "valueInIa": { + "type": "integer", + "description": "The latest known metered size (in bytes) of data stored in the Infrequent Access storage class.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "valueInStandard": { + "type": "integer", + "description": "The latest known metered size (in bytes) of data stored in the Standard storage class.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "value", + "valueInIa", + "valueInStandard" + ] + } + } + }, + "aws:efs/getAccessPointPosixUser:getAccessPointPosixUser": { + "properties": { + "gid": { + "type": "integer", + "description": "Group ID\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "secondaryGids": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "Secondary group IDs\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uid": { + "type": "integer", + "description": "User Id\n* `root_directory`- Single element list containing information on the directory on the Amazon EFS file system that the access point provides access to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "gid", + "secondaryGids", + "uid" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:efs/getAccessPointRootDirectory:getAccessPointRootDirectory": { + "properties": { + "creationInfos": { + "type": "array", + "items": { + "$ref": "#/types/aws:efs/getAccessPointRootDirectoryCreationInfo:getAccessPointRootDirectoryCreationInfo" + }, + "description": "Single element list containing information on the creation permissions of the directory\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Path exposed as the root directory\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "creationInfos", + "path" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:efs/getAccessPointRootDirectoryCreationInfo:getAccessPointRootDirectoryCreationInfo": { + "properties": { + "ownerGid": { + "type": "integer", + "description": "POSIX owner group ID\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ownerUid": { + "type": "integer", + "description": "POSIX owner user ID\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "permissions": { + "type": "string", + "description": "POSIX permissions mode\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "ownerGid", + "ownerUid", + "permissions" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:efs/getFileSystemLifecyclePolicy:getFileSystemLifecyclePolicy": { + "properties": { + "transitionToIa": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "transitionToIa" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:eks/ClusterCertificateAuthority:ClusterCertificateAuthority": { + "properties": { + "data": { + "type": "string", + "description": "Base64 encoded certificate data required to communicate with your cluster. Add this to the `certificate-authority-data` section of the `kubeconfig` file for your cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "data" + ] + } + } + }, + "aws:eks/ClusterEncryptionConfig:ClusterEncryptionConfig": { + "properties": { + "provider": { + "$ref": "#/types/aws:eks/ClusterEncryptionConfigProvider:ClusterEncryptionConfigProvider", + "description": "Configuration block with provider for encryption. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of strings with resources to be encrypted. Valid values: `secrets`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "provider", + "resources" + ] + }, + "aws:eks/ClusterEncryptionConfigProvider:ClusterEncryptionConfigProvider": { + "properties": { + "keyArn": { + "type": "string", + "description": "ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see [Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "keyArn" + ] + }, + "aws:eks/ClusterIdentity:ClusterIdentity": { + "properties": { + "oidcs": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/ClusterIdentityOidc:ClusterIdentityOidc" + }, + "description": "Nested block containing [OpenID Connect](https://openid.net/connect/) identity provider information for the cluster. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "oidcs" + ] + } + } + }, + "aws:eks/ClusterIdentityOidc:ClusterIdentityOidc": { + "properties": { + "issuer": { + "type": "string", + "description": "Issuer URL for the OpenID Connect identity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "issuer" + ] + } + } + }, + "aws:eks/ClusterKubernetesNetworkConfig:ClusterKubernetesNetworkConfig": { + "properties": { + "serviceIpv4Cidr": { + "type": "string", + "description": "The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "serviceIpv4Cidr" + ] + } + } + }, + "aws:eks/ClusterVpcConfig:ClusterVpcConfig": { + "properties": { + "clusterSecurityGroupId": { + "type": "string", + "description": "Cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "endpointPrivateAccess": { + "type": "boolean", + "description": "Whether the Amazon EKS private API server endpoint is enabled. Default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "endpointPublicAccess": { + "type": "boolean", + "description": "Whether the Amazon EKS public API server endpoint is enabled. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "publicAccessCidrs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with `0.0.0.0/0`. This provider will only perform drift detection of its value when present in a configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "ID of the VPC associated with your cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "subnetIds" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "clusterSecurityGroupId", + "publicAccessCidrs", + "subnetIds", + "vpcId" + ] + } + } + }, + "aws:eks/FargateProfileSelector:FargateProfileSelector": { + "properties": { + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of Kubernetes labels for selection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "description": "Kubernetes namespace for selection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "namespace" + ] + }, + "aws:eks/IdentityProviderConfigOidc:IdentityProviderConfigOidc": { + "properties": { + "clientId": { + "type": "string", + "description": "Client ID for the OpenID Connect identity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupsClaim": { + "type": "string", + "description": "The JWT claim that the provider will use to return groups.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupsPrefix": { + "type": "string", + "description": "A prefix that is prepended to group claims e.g. `oidc:`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "identityProviderConfigName": { + "type": "string", + "description": "The name of the identity provider config.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuerUrl": { + "type": "string", + "description": "Issuer URL for the OpenID Connect identity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "requiredClaims": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The key value pairs that describe required claims in the identity token.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "usernameClaim": { + "type": "string", + "description": "The JWT claim that the provider will use as the username.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "usernamePrefix": { + "type": "string", + "description": "A prefix that is prepended to username claims.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "clientId", + "identityProviderConfigName", + "issuerUrl" + ] + }, + "aws:eks/NodeGroupLaunchTemplate:NodeGroupLaunchTemplate": { + "properties": { + "id": { + "type": "string", + "description": "Identifier of the EC2 Launch Template. Conflicts with `name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the EC2 Launch Template. Conflicts with `id`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "EC2 Launch Template version number. While the API accepts values like `$Default` and `$Latest`, the API will convert the value to the associated version number (e.g. `1`) on read and This provider will show a difference on next plan. Using the `default_version` or `latest_version` attribute of the `aws.ec2.LaunchTemplate` resource or data source is recommended for this argument.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "version" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "name", + "version" + ] + } + } + }, + "aws:eks/NodeGroupRemoteAccess:NodeGroupRemoteAccess": { + "properties": { + "ec2SshKey": { + "type": "string", + "description": "EC2 Key Pair name that provides access for SSH communication with the worker nodes in the EKS Node Group. If you specify this configuration, but do not specify `source_security_group_ids` when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. If you specify `ec2_ssh_key`, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:eks/NodeGroupResource:NodeGroupResource": { + "properties": { + "autoscalingGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/NodeGroupResourceAutoscalingGroup:NodeGroupResourceAutoscalingGroup" + }, + "description": "List of objects containing information about AutoScaling Groups.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "remoteAccessSecurityGroupId": { + "type": "string", + "description": "Identifier of the remote access EC2 Security Group.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "autoscalingGroups", + "remoteAccessSecurityGroupId" + ] + } + } + }, + "aws:eks/NodeGroupResourceAutoscalingGroup:NodeGroupResourceAutoscalingGroup": { + "properties": { + "name": { + "type": "string", + "description": "Name of the EC2 Launch Template. Conflicts with `id`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "name" + ] + } + } + }, + "aws:eks/NodeGroupScalingConfig:NodeGroupScalingConfig": { + "properties": { + "desiredSize": { + "type": "integer", + "description": "Desired number of worker nodes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxSize": { + "type": "integer", + "description": "Maximum number of worker nodes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minSize": { + "type": "integer", + "description": "Minimum number of worker nodes.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "desiredSize", + "maxSize", + "minSize" + ] + }, + "aws:eks/NodeGroupTaint:NodeGroupTaint": { + "properties": { + "effect": { + "type": "string", + "description": "The effect of the taint. Valid values: `NO_SCHEDULE`, `NO_EXECUTE`, `PREFER_NO_SCHEDULE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The key of the taint. Maximum length of 63.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the taint. Maximum length of 63.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "effect", + "key" + ] + }, + "aws:eks/getClusterCertificateAuthority:getClusterCertificateAuthority": { + "properties": { + "data": { + "type": "string", + "description": "The base64 encoded certificate data required to communicate with your cluster. Add this to the `certificate-authority-data` section of the `kubeconfig` file for your cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "data" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:eks/getClusterIdentity:getClusterIdentity": { + "properties": { + "oidcs": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/getClusterIdentityOidc:getClusterIdentityOidc" + }, + "description": "Nested attribute containing [OpenID Connect](https://openid.net/connect/) identity provider information for the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "oidcs" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:eks/getClusterIdentityOidc:getClusterIdentityOidc": { + "properties": { + "issuer": { + "type": "string", + "description": "Issuer URL for the OpenID Connect identity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "issuer" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:eks/getClusterKubernetesNetworkConfig:getClusterKubernetesNetworkConfig": { + "properties": { + "serviceIpv4Cidr": { + "type": "string", + "description": "The CIDR block to assign Kubernetes service IP addresses from.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "serviceIpv4Cidr" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:eks/getClusterVpcConfig:getClusterVpcConfig": { + "properties": { + "clusterSecurityGroupId": { + "type": "string", + "description": "The cluster security group that was created by Amazon EKS for the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "endpointPrivateAccess": { + "type": "boolean", + "description": "Indicates whether or not the Amazon EKS private API server endpoint is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "endpointPublicAccess": { + "type": "boolean", + "description": "Indicates whether or not the Amazon EKS public API server endpoint is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "publicAccessCidrs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group IDs\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of subnet IDs\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "The VPC associated with your cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "clusterSecurityGroupId", + "endpointPrivateAccess", + "endpointPublicAccess", + "publicAccessCidrs", + "securityGroupIds", + "subnetIds", + "vpcId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticache/ClusterCacheNode:ClusterCacheNode": { + "properties": { + "address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "availabilityZone": { + "type": "string", + "description": "Availability Zone for the cache cluster. If you want to create cache nodes in multi-az, use `preferred_availability_zones` instead. Default: System chosen Availability Zone. Changing this value will re-create the resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "integer", + "description": "The port number on which each of the cache nodes will accept connections. For Memcached the default is 11211, and for Redis the default port is 6379. Cannot be provided with `replication_group_id`. Changing this value will re-create the resource.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "address", + "availabilityZone", + "id", + "port" + ] + } + } + }, + "aws:elasticache/ParameterGroupParameter:ParameterGroupParameter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the ElastiCache parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the ElastiCache parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:elasticache/ReplicationGroupClusterMode:ReplicationGroupClusterMode": { + "properties": { + "numNodeGroups": { + "type": "integer", + "description": "Number of node groups (shards) for this Redis replication group. Changing this number will trigger an online resizing operation before other settings modifications. Required unless `global_replication_group_id` is set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "replicasPerNodeGroup": { + "type": "integer", + "description": "Number of replica nodes in each node group. Valid values are 0 to 5. Changing this number will trigger an online resizing operation before other settings modifications.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "replicasPerNodeGroup" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "numNodeGroups", + "replicasPerNodeGroup" + ] + } + } + }, + "aws:elasticache/getClusterCacheNode:getClusterCacheNode": { + "properties": { + "address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone for the cache cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "integer", + "description": "The port number on which each of the cache nodes will\naccept connections.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "address", + "availabilityZone", + "id", + "port" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticbeanstalk/ApplicationAppversionLifecycle:ApplicationAppversionLifecycle": { + "properties": { + "deleteSourceFromS3": { + "type": "boolean", + "description": "Set to `true` to delete a version's source bundle from S3 when the application version is deleted.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxAgeInDays": { + "type": "integer", + "description": "The number of days to retain an application version ('max_age_in_days' and 'max_count' cannot be enabled simultaneously.).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxCount": { + "type": "integer", + "description": "The maximum number of application versions to retain ('max_age_in_days' and 'max_count' cannot be enabled simultaneously.).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceRole": { + "type": "string", + "description": "The ARN of an IAM service role under which the application version is deleted. Elastic Beanstalk must have permission to assume this role.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "serviceRole" + ] + }, + "aws:elasticbeanstalk/ConfigurationTemplateSetting:ConfigurationTemplateSetting": { + "properties": { + "name": { + "type": "string", + "description": "A unique name for this Template.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "resource": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "namespace", + "value" + ] + }, + "aws:elasticbeanstalk/EnvironmentAllSetting:EnvironmentAllSetting": { + "properties": { + "name": { + "type": "string", + "description": "A unique name for this Environment. This name is used\nin the application URL\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "resource": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "namespace", + "value" + ] + }, + "aws:elasticbeanstalk/EnvironmentSetting:EnvironmentSetting": { + "properties": { + "name": { + "type": "string", + "description": "A unique name for this Environment. This name is used\nin the application URL\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespace": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "resource": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "namespace", + "value" + ] + }, + "aws:elasticbeanstalk/getApplicationAppversionLifecycle:getApplicationAppversionLifecycle": { + "properties": { + "deleteSourceFromS3": { + "type": "boolean", + "description": "Specifies whether delete a version's source bundle from S3 when the application version is deleted.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxAgeInDays": { + "type": "integer", + "description": "The number of days to retain an application version.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxCount": { + "type": "integer", + "description": "The maximum number of application versions to retain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceRole": { + "type": "string", + "description": "The ARN of an IAM service role under which the application version is deleted. Elastic Beanstalk must have permission to assume this role.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deleteSourceFromS3", + "maxAgeInDays", + "maxCount", + "serviceRole" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancing/LoadBalancerAccessLogs:LoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "description": "The S3 bucket name to store the logs in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucketPrefix": { + "type": "string", + "description": "The S3 bucket prefix. Logs are stored in the root if not configured.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `access_logs`. Default is `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "description": "The publishing interval in minutes. Default: 60 minutes.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "aws:elasticloadbalancing/LoadBalancerHealthCheck:LoadBalancerHealthCheck": { + "properties": { + "healthyThreshold": { + "type": "integer", + "description": "The number of checks before the instance is declared healthy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "description": "The interval between checks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "target": { + "type": "string", + "description": "The target of the check. Valid pattern is \"${PROTOCOL}:${PORT}${PATH}\", where PROTOCOL\nvalues are:\n* `HTTP`, `HTTPS` - PORT and PATH are required\n* `TCP`, `SSL` - PORT is required, PATH is not supported\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "description": "The length of time before the check times out.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "description": "The number of checks before the instance is declared unhealthy.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "healthyThreshold", + "interval", + "target", + "timeout", + "unhealthyThreshold" + ] + }, + "aws:elasticloadbalancing/LoadBalancerListener:LoadBalancerListener": { + "properties": { + "instancePort": { + "type": "integer", + "description": "The port on the instance to route to\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceProtocol": { + "type": "string", + "description": "The protocol to use to the instance. Valid\nvalues are `HTTP`, `HTTPS`, `TCP`, or `SSL`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lbPort": { + "type": "integer", + "description": "The port to listen on for the load balancer\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lbProtocol": { + "type": "string", + "description": "The protocol to listen on. Valid values are `HTTP`,\n`HTTPS`, `TCP`, or `SSL`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sslCertificateId": { + "type": "string", + "description": "The ARN of an SSL certificate you have\nuploaded to AWS IAM. **Note ECDSA-specific restrictions below. Only valid when `lb_protocol` is either HTTPS or SSL**\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instancePort", + "instanceProtocol", + "lbPort", + "lbProtocol" + ] + }, + "aws:elasticloadbalancing/LoadBalancerPolicyPolicyAttribute:LoadBalancerPolicyPolicyAttribute": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elasticloadbalancing/SslNegotiationPolicyAttribute:SslNegotiationPolicyAttribute": { + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the attribute\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:elasticloadbalancing/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucketPrefix": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "bucketPrefix", + "enabled", + "interval" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancing/getLoadBalancerHealthCheck:getLoadBalancerHealthCheck": { + "properties": { + "healthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "target": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "healthyThreshold", + "interval", + "target", + "timeout", + "unhealthyThreshold" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancing/getLoadBalancerListener:getLoadBalancerListener": { + "properties": { + "instancePort": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceProtocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "lbPort": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "lbProtocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sslCertificateId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instancePort", + "instanceProtocol", + "lbPort", + "lbProtocol", + "sslCertificateId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/ListenerDefaultAction:ListenerDefaultAction": { + "properties": { + "authenticateCognito": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerDefaultActionAuthenticateCognito:ListenerDefaultActionAuthenticateCognito", + "description": "Configuration block for using Amazon Cognito to authenticate users. Specify only when `type` is `authenticate-cognito`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidc": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerDefaultActionAuthenticateOidc:ListenerDefaultActionAuthenticateOidc", + "description": "Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `type` is `authenticate-oidc`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponse": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerDefaultActionFixedResponse:ListenerDefaultActionFixedResponse", + "description": "Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forward": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerDefaultActionForward:ListenerDefaultActionForward", + "description": "Configuration block for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `target_group_arn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `target_group_arn`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "description": "Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between `1` and `50000`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirect": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerDefaultActionRedirect:ListenerDefaultActionRedirect", + "description": "Configuration block for creating a redirect action. Required if `type` is `redirect`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "description": "ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "order", + "type" + ] + } + } + }, + "aws:elasticloadbalancingv2/ListenerDefaultActionAuthenticateCognito:ListenerDefaultActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "Set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "Name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "Maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "description": "ARN of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "description": "ID of the Cognito user pool client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "description": "Domain prefix or fully-qualified domain name of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ] + } + } + }, + "aws:elasticloadbalancingv2/ListenerDefaultActionAuthenticateOidc:ListenerDefaultActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "description": "Authorization endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "OAuth 2.0 client identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "description": "OAuth 2.0 client secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "OIDC issuer identifier of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "Set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "Name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "Maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "description": "Token endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "description": "User info endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "tokenEndpoint", + "userInfoEndpoint" + ] + } + } + }, + "aws:elasticloadbalancingv2/ListenerDefaultActionFixedResponse:ListenerDefaultActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "description": "Content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "description": "Message body.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "contentType", + "statusCode" + ] + } + } + }, + "aws:elasticloadbalancingv2/ListenerDefaultActionForward:ListenerDefaultActionForward": { + "properties": { + "stickiness": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerDefaultActionForwardStickiness:ListenerDefaultActionForwardStickiness", + "description": "Configuration block for target group stickiness for the rule. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerDefaultActionForwardTargetGroup:ListenerDefaultActionForwardTargetGroup" + }, + "description": "Set of 1-5 target group blocks. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetGroups" + ] + }, + "aws:elasticloadbalancingv2/ListenerDefaultActionForwardStickiness:ListenerDefaultActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "description": "Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Whether target group stickiness is enabled. Default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration" + ] + }, + "aws:elasticloadbalancingv2/ListenerDefaultActionForwardTargetGroup:ListenerDefaultActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "Weight. The range is 0 to 999.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:elasticloadbalancingv2/ListenerDefaultActionRedirect:ListenerDefaultActionRedirect": { + "properties": { + "host": { + "type": "string", + "description": "Hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Absolute path, starting with the leading \"/\". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "description": "Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading \"?\". Defaults to `#{query}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statusCode" + ] + }, + "aws:elasticloadbalancingv2/ListenerRuleAction:ListenerRuleAction": { + "properties": { + "authenticateCognito": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleActionAuthenticateCognito:ListenerRuleActionAuthenticateCognito", + "description": "Information for creating an authenticate action using Cognito. Required if `type` is `authenticate-cognito`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidc": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleActionAuthenticateOidc:ListenerRuleActionAuthenticateOidc", + "description": "Information for creating an authenticate action using OIDC. Required if `type` is `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponse": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleActionFixedResponse:ListenerRuleActionFixedResponse", + "description": "Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forward": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleActionForward:ListenerRuleActionForward", + "description": "Information for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `target_group_arn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `target_group_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirect": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleActionRedirect:ListenerRuleActionRedirect", + "description": "Information for creating a redirect action. Required if `type` is `redirect`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "order", + "type" + ] + } + } + }, + "aws:elasticloadbalancingv2/ListenerRuleActionAuthenticateCognito:ListenerRuleActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "The set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "The name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "The maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "description": "The ARN of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "description": "The ID of the Cognito user pool client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "description": "The domain prefix or fully-qualified domain name of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "onUnauthenticatedRequest", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ] + } + } + }, + "aws:elasticloadbalancingv2/ListenerRuleActionAuthenticateOidc:ListenerRuleActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "description": "The authorization endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "The OAuth 2.0 client identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "description": "The OAuth 2.0 client secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "The OIDC issuer identifier of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "The set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "The name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "The maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "description": "The token endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "description": "The user info endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "tokenEndpoint", + "userInfoEndpoint" + ] + } + } + }, + "aws:elasticloadbalancingv2/ListenerRuleActionFixedResponse:ListenerRuleActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "description": "The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "description": "The message body.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "contentType", + "statusCode" + ] + } + } + }, + "aws:elasticloadbalancingv2/ListenerRuleActionForward:ListenerRuleActionForward": { + "properties": { + "stickiness": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleActionForwardStickiness:ListenerRuleActionForwardStickiness", + "description": "The target group stickiness for the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleActionForwardTargetGroup:ListenerRuleActionForwardTargetGroup" + }, + "description": "One or more target groups block.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetGroups" + ] + }, + "aws:elasticloadbalancingv2/ListenerRuleActionForwardStickiness:ListenerRuleActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "description": "The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether target group stickiness is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration" + ] + }, + "aws:elasticloadbalancingv2/ListenerRuleActionForwardTargetGroup:ListenerRuleActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "The weight. The range is 0 to 999.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:elasticloadbalancingv2/ListenerRuleActionRedirect:ListenerRuleActionRedirect": { + "properties": { + "host": { + "type": "string", + "description": "The hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The absolute path, starting with the leading \"/\". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "The port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "description": "The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading \"?\". Defaults to `#{query}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statusCode" + ] + }, + "aws:elasticloadbalancingv2/ListenerRuleCondition:ListenerRuleCondition": { + "properties": { + "hostHeader": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleConditionHostHeader:ListenerRuleConditionHostHeader", + "description": "Contains a single `values` item which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpHeader": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleConditionHttpHeader:ListenerRuleConditionHttpHeader", + "description": "HTTP headers to match. HTTP Header block fields documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpRequestMethod": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleConditionHttpRequestMethod:ListenerRuleConditionHttpRequestMethod", + "description": "Contains a single `values` item which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (\\_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pathPattern": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleConditionPathPattern:ListenerRuleConditionPathPattern", + "description": "Contains a single `values` item which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a `query_string` condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStrings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleConditionQueryString:ListenerRuleConditionQueryString" + }, + "description": "Query strings to match. Query String block fields documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceIp": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleConditionSourceIp:ListenerRuleConditionSourceIp", + "description": "Contains a single `values` item which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in the `X-Forwarded-For` header, use `http_header` condition instead.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elasticloadbalancingv2/ListenerRuleConditionHostHeader:ListenerRuleConditionHostHeader": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:elasticloadbalancingv2/ListenerRuleConditionHttpHeader:ListenerRuleConditionHttpHeader": { + "properties": { + "httpHeaderName": { + "type": "string", + "description": "Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a `host-header` condition instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "httpHeaderName", + "values" + ] + }, + "aws:elasticloadbalancingv2/ListenerRuleConditionHttpRequestMethod:ListenerRuleConditionHttpRequestMethod": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:elasticloadbalancingv2/ListenerRuleConditionPathPattern:ListenerRuleConditionPathPattern": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:elasticloadbalancingv2/ListenerRuleConditionQueryString:ListenerRuleConditionQueryString": { + "properties": { + "key": { + "type": "string", + "description": "Query string key pattern to match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Query string value pattern to match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "aws:elasticloadbalancingv2/ListenerRuleConditionSourceIp:ListenerRuleConditionSourceIp": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:elasticloadbalancingv2/LoadBalancerAccessLogs:LoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "description": "The S3 bucket name to store the logs in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `access_logs`. Defaults to `false`, even when `bucket` is specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The S3 bucket prefix. Logs are stored in the root if not configured.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "aws:elasticloadbalancingv2/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping": { + "properties": { + "allocationId": { + "type": "string", + "description": "The allocation ID of the Elastic IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6Address": { + "type": "string", + "description": "An ipv6 address within the subnet to assign to the internet-facing load balancer.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outpostId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateIpv4Address": { + "type": "string", + "description": "A private ipv4 address within the subnet to assign to the internal-facing load balancer.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "The id of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "subnetId" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "outpostId", + "subnetId" + ] + } + } + }, + "aws:elasticloadbalancingv2/TargetGroupHealthCheck:TargetGroupHealthCheck": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `stickiness`. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "healthyThreshold": { + "type": "integer", + "description": "Number of consecutive health checks successes required before considering an unhealthy target healthy. Defaults to 3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "description": "Approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds. For `lambda` target groups, it needs to be greater as the `timeout` of the underlying `lambda`. Default 30 seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "matcher": { + "type": "string", + "description": "Response codes to use when checking for a healthy responses from a target. You can specify multiple values (for example, \"200,202\" for HTTP(s) or \"0,12\" for GRPC) or a range of values (for example, \"200-299\" or \"0-99\"). Required for HTTP/HTTPS/GRPC ALB. Only applies to Application Load Balancers (i.e., HTTP/HTTPS/GRPC) not Network Load Balancers (i.e., TCP).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "description": "Amount of time, in seconds, during which no response means a failed health check. For Application Load Balancers, the range is 2 to 120 seconds, and the default is 5 seconds for the `instance` target type and 30 seconds for the `lambda` target type. For Network Load Balancers, you cannot set a custom value, and the default is 10 seconds for TCP and HTTPS health checks and 6 seconds for HTTP health checks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "description": "Number of consecutive health check failures required before considering the target unhealthy. For Network Load Balancers, this value must be the same as the `healthy_threshold`. Defaults to 3.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "matcher", + "path", + "timeout" + ] + } + } + }, + "aws:elasticloadbalancingv2/TargetGroupStickiness:TargetGroupStickiness": { + "properties": { + "cookieDuration": { + "type": "integer", + "description": "Only used when the type is `lb_cookie`. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookieName": { + "type": "string", + "description": "Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is `app_cookie`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `stickiness`. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of sticky sessions. The only current possible values are `lb_cookie`, `app_cookie` for ALBs, and `source_ip` for NLBs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:elasticloadbalancingv2/getListenerDefaultAction:getListenerDefaultAction": { + "properties": { + "authenticateCognitos": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/getListenerDefaultActionAuthenticateCognito:getListenerDefaultActionAuthenticateCognito" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidcs": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/getListenerDefaultActionAuthenticateOidc:getListenerDefaultActionAuthenticateOidc" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponses": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/getListenerDefaultActionFixedResponse:getListenerDefaultActionFixedResponse" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "forwards": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/getListenerDefaultActionForward:getListenerDefaultActionForward" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirects": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/getListenerDefaultActionRedirect:getListenerDefaultActionRedirect" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticateCognitos", + "authenticateOidcs", + "fixedResponses", + "forwards", + "order", + "redirects", + "targetGroupArn", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getListenerDefaultActionAuthenticateCognito:getListenerDefaultActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticationRequestExtraParams", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getListenerDefaultActionAuthenticateOidc:getListenerDefaultActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticationRequestExtraParams", + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getListenerDefaultActionFixedResponse:getListenerDefaultActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType", + "messageBody", + "statusCode" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getListenerDefaultActionForward:getListenerDefaultActionForward": { + "properties": { + "stickinesses": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/getListenerDefaultActionForwardStickiness:getListenerDefaultActionForwardStickiness" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/getListenerDefaultActionForwardTargetGroup:getListenerDefaultActionForwardTargetGroup" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "stickinesses", + "targetGroups" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getListenerDefaultActionForwardStickiness:getListenerDefaultActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration", + "enabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getListenerDefaultActionForwardTargetGroup:getListenerDefaultActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the listener. Required if `load_balancer_arn` and `port` is not set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "weight" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getListenerDefaultActionRedirect:getListenerDefaultActionRedirect": { + "properties": { + "host": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port of the listener. Required if `arn` is not set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "host", + "path", + "port", + "protocol", + "query", + "statusCode" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "enabled", + "prefix" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getLoadBalancerSubnetMapping:getLoadBalancerSubnetMapping": { + "properties": { + "allocationId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6Address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "outpostId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateIpv4Address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationId", + "ipv6Address", + "outpostId", + "privateIpv4Address", + "subnetId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getTargetGroupHealthCheck:getTargetGroupHealthCheck": { + "properties": { + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "healthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "matcher": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled", + "healthyThreshold", + "interval", + "matcher", + "path", + "port", + "protocol", + "timeout", + "unhealthyThreshold" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticloadbalancingv2/getTargetGroupStickiness:getTargetGroupStickiness": { + "properties": { + "cookieDuration": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookieDuration", + "cookieName", + "enabled", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticsearch/DomainAdvancedSecurityOptions:DomainAdvancedSecurityOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable node-to-node encryption. If the `node_to_node_encryption` block is not provided then this defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "internalUserDatabaseEnabled": { + "type": "boolean", + "description": "Whether the internal user database is enabled. If not set, defaults to `false` by the AWS API.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "masterUserOptions": { + "$ref": "#/types/aws:elasticsearch/DomainAdvancedSecurityOptionsMasterUserOptions:DomainAdvancedSecurityOptionsMasterUserOptions", + "description": "Configuration block for the main user. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ] + }, + "aws:elasticsearch/DomainAdvancedSecurityOptionsMasterUserOptions:DomainAdvancedSecurityOptionsMasterUserOptions": { + "properties": { + "masterUserArn": { + "type": "string", + "description": "ARN for the main user. Only specify if `internal_user_database_enabled` is not set or set to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "masterUserName": { + "type": "string", + "description": "Main user's username, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "masterUserPassword": { + "type": "string", + "description": "Main user's password, which is stored in the Amazon Elasticsearch Service domain's internal database. Only specify if `internal_user_database_enabled` is set to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elasticsearch/DomainClusterConfig:DomainClusterConfig": { + "properties": { + "dedicatedMasterCount": { + "type": "integer", + "description": "Number of dedicated main nodes in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dedicatedMasterEnabled": { + "type": "boolean", + "description": "Whether dedicated main nodes are enabled for the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dedicatedMasterType": { + "type": "string", + "description": "Instance type of the dedicated main nodes in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceCount": { + "type": "integer", + "description": "Number of instances in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "Instance type of data nodes in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "warmCount": { + "type": "integer", + "description": "Number of warm nodes in the cluster. Valid values are between `2` and `150`. `warm_count` can be only and must be set when `warm_enabled` is set to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "warmEnabled": { + "type": "boolean", + "description": "Whether to enable warm storage.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "warmType": { + "type": "string", + "description": "Instance type for the Elasticsearch cluster's warm nodes. Valid values are `ultrawarm1.medium.elasticsearch`, `ultrawarm1.large.elasticsearch` and `ultrawarm1.xlarge.elasticsearch`. `warm_type` can be only and must be set when `warm_enabled` is set to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "zoneAwarenessConfig": { + "$ref": "#/types/aws:elasticsearch/DomainClusterConfigZoneAwarenessConfig:DomainClusterConfigZoneAwarenessConfig", + "description": "Configuration block containing zone awareness settings. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "zoneAwarenessEnabled": { + "type": "boolean", + "description": "Whether zone awareness is enabled, set to `true` for multi-az deployment. To enable awareness with three Availability Zones, the `availability_zone_count` within the `zone_awareness_config` must be set to `3`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elasticsearch/DomainClusterConfigZoneAwarenessConfig:DomainClusterConfigZoneAwarenessConfig": { + "properties": { + "availabilityZoneCount": { + "type": "integer", + "description": "Number of Availability Zones for the domain to use with `zone_awareness_enabled`. Defaults to `2`. Valid values: `2` or `3`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elasticsearch/DomainCognitoOptions:DomainCognitoOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable node-to-node encryption. If the `node_to_node_encryption` block is not provided then this defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "identityPoolId": { + "type": "string", + "description": "ID of the Cognito Identity Pool to use.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "ARN of the IAM role that has the AmazonESCognitoAccess policy attached.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolId": { + "type": "string", + "description": "ID of the Cognito User Pool to use.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "identityPoolId", + "roleArn", + "userPoolId" + ] + }, + "aws:elasticsearch/DomainDomainEndpointOptions:DomainDomainEndpointOptions": { + "properties": { + "customEndpoint": { + "type": "string", + "description": "Fully qualified domain for your custom endpoint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customEndpointCertificateArn": { + "type": "string", + "description": "ACM certificate ARN for your custom endpoint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customEndpointEnabled": { + "type": "boolean", + "description": "Whether to enable custom endpoint for the Elasticsearch domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enforceHttps": { + "type": "boolean", + "description": "Whether or not to require HTTPS. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tlsSecurityPolicy": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "tlsSecurityPolicy" + ] + } + } + }, + "aws:elasticsearch/DomainEbsOptions:DomainEbsOptions": { + "properties": { + "ebsEnabled": { + "type": "boolean", + "description": "Whether EBS volumes are attached to data nodes in the domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "Baseline input/output (I/O) performance of EBS volumes attached to data nodes. Applicable only for the Provisioned IOPS EBS volume type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "Size of EBS volumes attached to data nodes (in GiB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "Type of EBS volumes attached to data nodes.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "ebsEnabled" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "ebsEnabled", + "volumeType" + ] + } + } + }, + "aws:elasticsearch/DomainEncryptAtRest:DomainEncryptAtRest": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable node-to-node encryption. If the `node_to_node_encryption` block is not provided then this defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "KMS key id to encrypt the Elasticsearch domain with. If not specified then it defaults to using the `aws/es` service KMS key.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "enabled", + "kmsKeyId" + ] + } + } + }, + "aws:elasticsearch/DomainLogPublishingOption:DomainLogPublishingOption": { + "properties": { + "cloudwatchLogGroupArn": { + "type": "string", + "description": "ARN of the Cloudwatch log group to which log needs to be published.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Whether to enable node-to-node encryption. If the `node_to_node_encryption` block is not provided then this defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logType": { + "type": "string", + "description": "Type of Elasticsearch log. Valid values: `INDEX_SLOW_LOGS`, `SEARCH_SLOW_LOGS`, `ES_APPLICATION_LOGS`, `AUDIT_LOGS`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cloudwatchLogGroupArn", + "logType" + ] + }, + "aws:elasticsearch/DomainNodeToNodeEncryption:DomainNodeToNodeEncryption": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable node-to-node encryption. If the `node_to_node_encryption` block is not provided then this defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ] + }, + "aws:elasticsearch/DomainSamlOptionsSamlOptions:DomainSamlOptionsSamlOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether SAML authentication is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "idp": { + "$ref": "#/types/aws:elasticsearch/DomainSamlOptionsSamlOptionsIdp:DomainSamlOptionsSamlOptionsIdp", + "description": "Information from your identity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "masterBackendRole": { + "type": "string", + "description": "This backend role from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "masterUserName": { + "type": "string", + "description": "This username from the SAML IdP receives full permissions to the cluster, equivalent to a new master user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rolesKey": { + "type": "string", + "description": "Element of the SAML assertion to use for backend roles. Default is roles.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeoutMinutes": { + "type": "integer", + "description": "Duration of a session in minutes after a user logs in. Default is 60. Maximum value is 1,440.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subjectKey": { + "type": "string", + "description": "Element of the SAML assertion to use for username. Default is NameID.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elasticsearch/DomainSamlOptionsSamlOptionsIdp:DomainSamlOptionsSamlOptionsIdp": { + "properties": { + "entityId": { + "type": "string", + "description": "The unique Entity ID of the application in SAML Identity Provider.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metadataContent": { + "type": "string", + "description": "The Metadata of the SAML application in xml format.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "entityId", + "metadataContent" + ] + }, + "aws:elasticsearch/DomainSnapshotOptions:DomainSnapshotOptions": { + "properties": { + "automatedSnapshotStartHour": { + "type": "integer", + "description": "Hour during which the service takes an automated daily snapshot of the indices in the domain.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "automatedSnapshotStartHour" + ] + }, + "aws:elasticsearch/DomainVpcOptions:DomainVpcOptions": { + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC Security Group IDs to be applied to the Elasticsearch domain endpoints. If omitted, the default Security Group for the VPC will be used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC Subnet IDs for the Elasticsearch domain endpoints to be created in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "availabilityZones", + "vpcId" + ] + } + } + }, + "aws:elasticsearch/getDomainAdvancedSecurityOption:getDomainAdvancedSecurityOption": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether node to node encryption is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "internalUserDatabaseEnabled": { + "type": "boolean", + "description": "Whether the internal user database is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled", + "internalUserDatabaseEnabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticsearch/getDomainClusterConfig:getDomainClusterConfig": { + "properties": { + "dedicatedMasterCount": { + "type": "integer", + "description": "Number of dedicated master nodes in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dedicatedMasterEnabled": { + "type": "boolean", + "description": "Indicates whether dedicated master nodes are enabled for the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dedicatedMasterType": { + "type": "string", + "description": "Instance type of the dedicated master nodes in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceCount": { + "type": "integer", + "description": "Number of instances in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "Instance type of data nodes in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "warmCount": { + "type": "integer", + "description": "The number of warm nodes in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "warmEnabled": { + "type": "boolean", + "description": "Indicates warm storage is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "warmType": { + "type": "string", + "description": "The instance type for the Elasticsearch cluster's warm nodes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "zoneAwarenessConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/getDomainClusterConfigZoneAwarenessConfig:getDomainClusterConfigZoneAwarenessConfig" + }, + "description": "Configuration block containing zone awareness settings.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "zoneAwarenessEnabled": { + "type": "boolean", + "description": "Indicates whether zone awareness is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dedicatedMasterCount", + "dedicatedMasterEnabled", + "dedicatedMasterType", + "instanceCount", + "instanceType", + "warmCount", + "warmType", + "zoneAwarenessConfigs", + "zoneAwarenessEnabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticsearch/getDomainClusterConfigZoneAwarenessConfig:getDomainClusterConfigZoneAwarenessConfig": { + "properties": { + "availabilityZoneCount": { + "type": "integer", + "description": "Number of availability zones used.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "availabilityZoneCount" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticsearch/getDomainCognitoOption:getDomainCognitoOption": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether node to node encryption is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "identityPoolId": { + "type": "string", + "description": "The Cognito Identity pool used by the domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM Role with the AmazonESCognitoAccess policy attached.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolId": { + "type": "string", + "description": "The Cognito User pool used by the domain.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled", + "identityPoolId", + "roleArn", + "userPoolId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticsearch/getDomainEbsOption:getDomainEbsOption": { + "properties": { + "ebsEnabled": { + "type": "boolean", + "description": "Whether EBS volumes are attached to data nodes in the domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "The baseline input/output (I/O) performance of EBS volumes attached to data nodes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "The size of EBS volumes attached to data nodes (in GB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "The type of EBS volumes attached to data nodes.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "ebsEnabled", + "iops", + "volumeSize", + "volumeType" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticsearch/getDomainEncryptionAtRest:getDomainEncryptionAtRest": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether node to node encryption is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "The KMS key id used to encrypt data at rest.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled", + "kmsKeyId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticsearch/getDomainLogPublishingOption:getDomainLogPublishingOption": { + "properties": { + "cloudwatchLogGroupArn": { + "type": "string", + "description": "The CloudWatch Log Group where the logs are published.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Whether node to node encryption is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logType": { + "type": "string", + "description": "The type of Elasticsearch log being published.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cloudwatchLogGroupArn", + "enabled", + "logType" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticsearch/getDomainNodeToNodeEncryption:getDomainNodeToNodeEncryption": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether node to node encryption is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticsearch/getDomainSnapshotOption:getDomainSnapshotOption": { + "properties": { + "automatedSnapshotStartHour": { + "type": "integer", + "description": "Hour during which the service takes an automated daily snapshot of the indices in the domain.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "automatedSnapshotStartHour" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elasticsearch/getDomainVpcOption:getDomainVpcOption": { + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The availability zones used by the domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The security groups used by the domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The subnets used by the domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "The VPC used by the domain.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "availabilityZones", + "securityGroupIds", + "subnetIds", + "vpcId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elastictranscoder/PipelineContentConfig:PipelineContentConfig": { + "properties": { + "bucket": { + "type": "string", + "description": "The Amazon S3 bucket in which you want Elastic Transcoder to save transcoded files and playlists.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "storageClass": { + "type": "string", + "description": "The Amazon S3 storage class, `Standard` or `ReducedRedundancy`, that you want Elastic Transcoder to assign to the files and playlists that it stores in your Amazon S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "bucket" + ] + } + } + }, + "aws:elastictranscoder/PipelineContentConfigPermission:PipelineContentConfigPermission": { + "properties": { + "accesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The permission that you want to give to the AWS user that you specified in `content_config_permissions.grantee`. Valid values are `Read`, `ReadAcp`, `WriteAcp` or `FullControl`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "grantee": { + "type": "string", + "description": "The AWS user or group that you want to have access to transcoded files and playlists.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "granteeType": { + "type": "string", + "description": "Specify the type of value that appears in the `content_config_permissions.grantee` object. Valid values are `Canonical`, `Email` or `Group`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elastictranscoder/PipelineNotifications:PipelineNotifications": { + "properties": { + "completed": { + "type": "string", + "description": "The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder has finished processing a job in this pipeline.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "error": { + "type": "string", + "description": "The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder encounters an error condition while processing a job in this pipeline.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "progressing": { + "type": "string", + "description": "The topic ARN for the Amazon Simple Notification Service (Amazon SNS) topic that you want to notify when Elastic Transcoder has started to process a job in this pipeline.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "warning": { + "type": "string", + "description": "The topic ARN for the Amazon SNS topic that you want to notify when Elastic Transcoder encounters a warning condition while processing a job in this pipeline.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elastictranscoder/PipelineThumbnailConfig:PipelineThumbnailConfig": { + "properties": { + "bucket": { + "type": "string", + "description": "The Amazon S3 bucket in which you want Elastic Transcoder to save thumbnail files.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "storageClass": { + "type": "string", + "description": "The Amazon S3 storage class, Standard or ReducedRedundancy, that you want Elastic Transcoder to assign to the thumbnails that it stores in your Amazon S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "bucket" + ] + } + } + }, + "aws:elastictranscoder/PipelineThumbnailConfigPermission:PipelineThumbnailConfigPermission": { + "properties": { + "accesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The permission that you want to give to the AWS user that you specified in `thumbnail_config_permissions.grantee`. Valid values are `Read`, `ReadAcp`, `WriteAcp` or `FullControl`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "grantee": { + "type": "string", + "description": "The AWS user or group that you want to have access to thumbnail files.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "granteeType": { + "type": "string", + "description": "Specify the type of value that appears in the `thumbnail_config_permissions.grantee` object. Valid values are `Canonical`, `Email` or `Group`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elastictranscoder/PresetAudio:PresetAudio": { + "properties": { + "audioPackingMode": { + "type": "string", + "description": "The method of organizing audio channels and tracks. Use Audio:Channels to specify the number of channels in your output, and Audio:AudioPackingMode to specify the number of tracks and their relation to the channels. If you do not specify an Audio:AudioPackingMode, Elastic Transcoder uses SingleTrack.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bitRate": { + "type": "string", + "description": "The bit rate of the audio stream in the output file, in kilobits/second. Enter an integer between 64 and 320, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "channels": { + "type": "string", + "description": "The number of audio channels in the output file\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "codec": { + "type": "string", + "description": "The audio codec for the output file. Valid values are `AAC`, `flac`, `mp2`, `mp3`, `pcm`, and `vorbis`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sampleRate": { + "type": "string", + "description": "The sample rate of the audio stream in the output file, in hertz. Valid values are: `auto`, `22050`, `32000`, `44100`, `48000`, `96000`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elastictranscoder/PresetAudioCodecOptions:PresetAudioCodecOptions": { + "properties": { + "bitDepth": { + "type": "string", + "description": "The bit depth of a sample is how many bits of information are included in the audio samples. Valid values are `16` and `24`. (FLAC/PCM Only)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bitOrder": { + "type": "string", + "description": "The order the bits of a PCM sample are stored in. The supported value is LittleEndian. (PCM Only)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "profile": { + "type": "string", + "description": "If you specified AAC for Audio:Codec, choose the AAC profile for the output file.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "signed": { + "type": "string", + "description": "Whether audio samples are represented with negative and positive numbers (signed) or only positive numbers (unsigned). The supported value is Signed. (PCM Only)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elastictranscoder/PresetThumbnails:PresetThumbnails": { + "properties": { + "aspectRatio": { + "type": "string", + "description": "The aspect ratio of thumbnails. The following values are valid: auto, 1:1, 4:3, 3:2, 16:9\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "format": { + "type": "string", + "description": "The format of thumbnails, if any. Valid formats are jpg and png.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "string", + "description": "The approximate number of seconds between thumbnails. The value must be an integer. The actual interval can vary by several seconds from one thumbnail to the next.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxHeight": { + "type": "string", + "description": "The maximum height of thumbnails, in pixels. If you specify auto, Elastic Transcoder uses 1080 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 32 and 3072, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxWidth": { + "type": "string", + "description": "The maximum width of thumbnails, in pixels. If you specify auto, Elastic Transcoder uses 1920 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 32 and 4096, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "paddingPolicy": { + "type": "string", + "description": "When you set PaddingPolicy to Pad, Elastic Transcoder might add black bars to the top and bottom and/or left and right sides of thumbnails to make the total size of the thumbnails match the values that you specified for thumbnail MaxWidth and MaxHeight settings.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resolution": { + "type": "string", + "description": "The width and height of thumbnail files in pixels, in the format WidthxHeight, where both values are even integers. The values cannot exceed the width and height that you specified in the Video:Resolution object. (To better control resolution and aspect ratio of thumbnails, we recommend that you use the thumbnail values `max_width`, `max_height`, `sizing_policy`, and `padding_policy` instead of `resolution` and `aspect_ratio`. The two groups of settings are mutually exclusive. Do not use them together)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizingPolicy": { + "type": "string", + "description": "A value that controls scaling of thumbnails. Valid values are: `Fit`, `Fill`, `Stretch`, `Keep`, `ShrinkToFit`, and `ShrinkToFill`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elastictranscoder/PresetVideo:PresetVideo": { + "properties": { + "aspectRatio": { + "type": "string", + "description": "The display aspect ratio of the video in the output file. Valid values are: `auto`, `1:1`, `4:3`, `3:2`, `16:9`. (Note; to better control resolution and aspect ratio of output videos, we recommend that you use the values `max_width`, `max_height`, `sizing_policy`, `padding_policy`, and `display_aspect_ratio` instead of `resolution` and `aspect_ratio`.)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bitRate": { + "type": "string", + "description": "The bit rate of the video stream in the output file, in kilobits/second. You can configure variable bit rate or constant bit rate encoding.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "codec": { + "type": "string", + "description": "The video codec for the output file. Valid values are `gif`, `H.264`, `mpeg2`, `vp8`, and `vp9`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "displayAspectRatio": { + "type": "string", + "description": "The value that Elastic Transcoder adds to the metadata in the output file. If you set DisplayAspectRatio to auto, Elastic Transcoder chooses an aspect ratio that ensures square pixels. If you specify another option, Elastic Transcoder sets that value in the output file.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedGop": { + "type": "string", + "description": "Whether to use a fixed value for Video:FixedGOP. Not applicable for containers of type gif. Valid values are true and false. Also known as, Fixed Number of Frames Between Keyframes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "frameRate": { + "type": "string", + "description": "The frames per second for the video stream in the output file. The following values are valid: `auto`, `10`, `15`, `23.97`, `24`, `25`, `29.97`, `30`, `50`, `60`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "keyframesMaxDist": { + "type": "string", + "description": "The maximum number of frames between key frames. Not applicable for containers of type gif.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxFrameRate": { + "type": "string", + "description": "If you specify auto for FrameRate, Elastic Transcoder uses the frame rate of the input video for the frame rate of the output video, up to the maximum frame rate. If you do not specify a MaxFrameRate, Elastic Transcoder will use a default of 30.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxHeight": { + "type": "string", + "description": "The maximum height of the output video in pixels. If you specify auto, Elastic Transcoder uses 1080 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 96 and 3072, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxWidth": { + "type": "string", + "description": "The maximum width of the output video in pixels. If you specify auto, Elastic Transcoder uses 1920 (Full HD) as the default value. If you specify a numeric value, enter an even integer between 128 and 4096, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "paddingPolicy": { + "type": "string", + "description": "When you set PaddingPolicy to Pad, Elastic Transcoder might add black bars to the top and bottom and/or left and right sides of the output video to make the total size of the output video match the values that you specified for `max_width` and `max_height`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resolution": { + "type": "string", + "description": "The width and height of the video in the output file, in pixels. Valid values are `auto` and `widthxheight`. (see note for `aspect_ratio`)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizingPolicy": { + "type": "string", + "description": "A value that controls scaling of the output video. Valid values are: `Fit`, `Fill`, `Stretch`, `Keep`, `ShrinkToFit`, `ShrinkToFill`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "maxFrameRate" + ] + } + } + }, + "aws:elastictranscoder/PresetVideoWatermark:PresetVideoWatermark": { + "properties": { + "horizontalAlign": { + "type": "string", + "description": "The horizontal position of the watermark unless you specify a nonzero value for `horzontal_offset`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "horizontalOffset": { + "type": "string", + "description": "The amount by which you want the horizontal position of the watermark to be offset from the position specified by `horizontal_align`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "A unique identifier for the settings for one watermark. The value of Id can be up to 40 characters long. You can specify settings for up to four watermarks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxHeight": { + "type": "string", + "description": "The maximum height of the watermark.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxWidth": { + "type": "string", + "description": "The maximum width of the watermark.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "opacity": { + "type": "string", + "description": "A percentage that indicates how much you want a watermark to obscure the video in the location where it appears.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizingPolicy": { + "type": "string", + "description": "A value that controls scaling of the watermark. Valid values are: `Fit`, `Stretch`, `ShrinkToFit`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "target": { + "type": "string", + "description": "A value that determines how Elastic Transcoder interprets values that you specified for `video_watermarks.horizontal_offset`, `video_watermarks.vertical_offset`, `video_watermarks.max_width`, and `video_watermarks.max_height`. Valid values are `Content` and `Frame`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "verticalAlign": { + "type": "string", + "description": "The vertical position of the watermark unless you specify a nonzero value for `vertical_align`. Valid values are `Top`, `Bottom`, `Center`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "verticalOffset": { + "type": "string", + "description": "The amount by which you want the vertical position of the watermark to be offset from the position specified by `vertical_align`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elb/LoadBalancerAccessLogs:LoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "description": "The S3 bucket name to store the logs in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucketPrefix": { + "type": "string", + "description": "The S3 bucket prefix. Logs are stored in the root if not configured.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `access_logs`. Default is `true`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "description": "The publishing interval in minutes. Default: 60 minutes.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "aws:elb/LoadBalancerHealthCheck:LoadBalancerHealthCheck": { + "properties": { + "healthyThreshold": { + "type": "integer", + "description": "The number of checks before the instance is declared healthy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "description": "The interval between checks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "target": { + "type": "string", + "description": "The target of the check. Valid pattern is \"${PROTOCOL}:${PORT}${PATH}\", where PROTOCOL\nvalues are:\n* `HTTP`, `HTTPS` - PORT and PATH are required\n* `TCP`, `SSL` - PORT is required, PATH is not supported\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "description": "The length of time before the check times out.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "description": "The number of checks before the instance is declared unhealthy.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "healthyThreshold", + "interval", + "target", + "timeout", + "unhealthyThreshold" + ] + }, + "aws:elb/LoadBalancerListener:LoadBalancerListener": { + "properties": { + "instancePort": { + "type": "integer", + "description": "The port on the instance to route to\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceProtocol": { + "type": "string", + "description": "The protocol to use to the instance. Valid\nvalues are `HTTP`, `HTTPS`, `TCP`, or `SSL`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lbPort": { + "type": "integer", + "description": "The port to listen on for the load balancer\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lbProtocol": { + "type": "string", + "description": "The protocol to listen on. Valid values are `HTTP`,\n`HTTPS`, `TCP`, or `SSL`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sslCertificateId": { + "type": "string", + "description": "The ARN of an SSL certificate you have\nuploaded to AWS IAM. **Note ECDSA-specific restrictions below. Only valid when `lb_protocol` is either HTTPS or SSL**\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instancePort", + "instanceProtocol", + "lbPort", + "lbProtocol" + ] + }, + "aws:elb/LoadBalancerPolicyPolicyAttribute:LoadBalancerPolicyPolicyAttribute": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:elb/SslNegotiationPolicyAttribute:SslNegotiationPolicyAttribute": { + "properties": { + "name": { + "type": "string", + "description": "The name of the attribute\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the attribute\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:elb/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucketPrefix": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "bucketPrefix", + "enabled", + "interval" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elb/getLoadBalancerHealthCheck:getLoadBalancerHealthCheck": { + "properties": { + "healthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "target": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "healthyThreshold", + "interval", + "target", + "timeout", + "unhealthyThreshold" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:elb/getLoadBalancerListener:getLoadBalancerListener": { + "properties": { + "instancePort": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceProtocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "lbPort": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "lbProtocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sslCertificateId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instancePort", + "instanceProtocol", + "lbPort", + "lbProtocol", + "sslCertificateId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:emr/ClusterBootstrapAction:ClusterBootstrapAction": { + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of command line arguments passed to the JAR file's main function when executed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Location of the script to run during a bootstrap action. Can be either a location in Amazon S3 or on a local file system\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "path" + ] + }, + "aws:emr/ClusterCoreInstanceFleet:ClusterCoreInstanceFleet": { + "properties": { + "id": { + "type": "string", + "description": "The ID of the EMR Cluster\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceTypeConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceFleetInstanceTypeConfig:ClusterCoreInstanceFleetInstanceTypeConfig" + }, + "description": "Configuration block for instance fleet\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchSpecifications": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceFleetLaunchSpecifications:ClusterCoreInstanceFleetLaunchSpecifications", + "description": "Configuration block for launch specification\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "provisionedOnDemandCapacity": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "provisionedSpotCapacity": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetOnDemandCapacity": { + "type": "integer", + "description": "The target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetSpotCapacity": { + "type": "integer", + "description": "The target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "provisionedOnDemandCapacity", + "provisionedSpotCapacity" + ] + } + } + }, + "aws:emr/ClusterCoreInstanceFleetInstanceTypeConfig:ClusterCoreInstanceFleetInstanceTypeConfig": { + "properties": { + "bidPrice": { + "type": "string", + "description": "The bid price for each EC2 Spot instance type as defined by `instance_type`. Expressed in USD. If neither `bid_price` nor `bid_price_as_percentage_of_on_demand_price` is provided, `bid_price_as_percentage_of_on_demand_price` defaults to 100%.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bidPriceAsPercentageOfOnDemandPrice": { + "type": "number", + "description": "The bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by `instance_type`. Expressed as a number (for example, 20 specifies 20%). If neither `bid_price` nor `bid_price_as_percentage_of_on_demand_price` is provided, `bid_price_as_percentage_of_on_demand_price` defaults to 100%.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "configurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceFleetInstanceTypeConfigConfiguration:ClusterCoreInstanceFleetInstanceTypeConfigConfiguration" + }, + "description": "A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebsConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceFleetInstanceTypeConfigEbsConfig:ClusterCoreInstanceFleetInstanceTypeConfigEbsConfig" + }, + "description": "Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "An EC2 instance type, such as m4.xlarge.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weightedCapacity": { + "type": "integer", + "description": "The number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in `aws.emr.InstanceFleet`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instanceType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "ebsConfigs", + "instanceType" + ] + } + } + }, + "aws:emr/ClusterCoreInstanceFleetInstanceTypeConfigConfiguration:ClusterCoreInstanceFleetInstanceTypeConfigConfiguration": { + "properties": { + "classification": { + "type": "string", + "description": "The classification within a configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "properties": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "A map of properties specified within a configuration classification\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:emr/ClusterCoreInstanceFleetInstanceTypeConfigEbsConfig:ClusterCoreInstanceFleetInstanceTypeConfigEbsConfig": { + "properties": { + "iops": { + "type": "integer", + "description": "The number of I/O operations per second (IOPS) that the volume supports\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The volume size, in gibibytes (GiB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The volume type. Valid options are `gp2`, `io1`, `standard` and `st1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumesPerInstance": { + "type": "integer", + "description": "The number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "size", + "type" + ] + }, + "aws:emr/ClusterCoreInstanceFleetLaunchSpecifications:ClusterCoreInstanceFleetLaunchSpecifications": { + "properties": { + "onDemandSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceFleetLaunchSpecificationsOnDemandSpecification:ClusterCoreInstanceFleetLaunchSpecificationsOnDemandSpecification" + }, + "description": "Configuration block for on demand instances launch specifications\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecification:ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecification" + }, + "description": "Configuration block for spot instances launch specifications\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:emr/ClusterCoreInstanceFleetLaunchSpecificationsOnDemandSpecification:ClusterCoreInstanceFleetLaunchSpecificationsOnDemandSpecification": { + "properties": { + "allocationStrategy": { + "type": "string", + "description": "Specifies the strategy to use in launching Spot instance fleets. Currently, the only option is `capacity-optimized` (the default), which launches instances from Spot instance pools with optimal capacity for the number of instances that are launching.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationStrategy" + ] + }, + "aws:emr/ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecification:ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecification": { + "properties": { + "allocationStrategy": { + "type": "string", + "description": "Specifies the strategy to use in launching Spot instance fleets. Currently, the only option is `capacity-optimized` (the default), which launches instances from Spot instance pools with optimal capacity for the number of instances that are launching.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "blockDurationMinutes": { + "type": "integer", + "description": "The defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutAction": { + "type": "string", + "description": "The action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are `TERMINATE_CLUSTER` and `SWITCH_TO_ON_DEMAND`. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutDurationMinutes": { + "type": "integer", + "description": "The spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationStrategy", + "timeoutAction", + "timeoutDurationMinutes" + ] + }, + "aws:emr/ClusterCoreInstanceGroup:ClusterCoreInstanceGroup": { + "properties": { + "autoscalingPolicy": { + "type": "string", + "description": "String containing the [EMR Auto Scaling Policy](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-automatic-scaling.html) JSON.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bidPrice": { + "type": "string", + "description": "The bid price for each EC2 Spot instance type as defined by `instance_type`. Expressed in USD. If neither `bid_price` nor `bid_price_as_percentage_of_on_demand_price` is provided, `bid_price_as_percentage_of_on_demand_price` defaults to 100%.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebsConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceGroupEbsConfig:ClusterCoreInstanceGroupEbsConfig" + }, + "description": "Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "The ID of the EMR Cluster\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceCount": { + "type": "integer", + "description": "Target number of instances for the instance group. Must be 1 or 3. Defaults to 1. Launching with multiple master nodes is only supported in EMR version 5.23.0+, and requires this resource's `core_instance_group` to be configured. Public (Internet accessible) instances must be created in VPC subnets that have `map public IP on launch` enabled. Termination protection is automatically enabled when launched with multiple master nodes and this provider must have the `termination_protection = false` configuration applied before destroying this resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "An EC2 instance type, such as m4.xlarge.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instanceType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "ebsConfigs", + "id", + "instanceType" + ] + } + } + }, + "aws:emr/ClusterCoreInstanceGroupEbsConfig:ClusterCoreInstanceGroupEbsConfig": { + "properties": { + "iops": { + "type": "integer", + "description": "The number of I/O operations per second (IOPS) that the volume supports\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The volume size, in gibibytes (GiB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The volume type. Valid options are `gp2`, `io1`, `standard` and `st1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumesPerInstance": { + "type": "integer", + "description": "The number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "size", + "type" + ] + }, + "aws:emr/ClusterEc2Attributes:ClusterEc2Attributes": { + "properties": { + "additionalMasterSecurityGroups": { + "type": "string", + "description": "String containing a comma separated list of additional Amazon EC2 security group IDs for the master node\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "additionalSlaveSecurityGroups": { + "type": "string", + "description": "String containing a comma separated list of additional Amazon EC2 security group IDs for the slave nodes as a comma separated string\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "emrManagedMasterSecurityGroup": { + "type": "string", + "description": "Identifier of the Amazon EC2 EMR-Managed security group for the master node\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "emrManagedSlaveSecurityGroup": { + "type": "string", + "description": "Identifier of the Amazon EC2 EMR-Managed security group for the slave nodes\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceProfile": { + "type": "string", + "description": "Instance Profile for EC2 instances of the cluster assume this role\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "keyName": { + "type": "string", + "description": "Amazon EC2 key pair that can be used to ssh to the master node as the user called `hadoop`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceAccessSecurityGroup": { + "type": "string", + "description": "Identifier of the Amazon EC2 service-access security group - required when the cluster runs on a private subnet\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "VPC subnet id where you want the job flow to launch. Cannot specify the `cc1.4xlarge` instance type for nodes of a job flow launched in a Amazon VPC\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC subnet id-s where you want the job flow to launch. Amazon EMR identifies the best Availability Zone to launch instances according to your fleet specifications\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instanceProfile" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "emrManagedMasterSecurityGroup", + "emrManagedSlaveSecurityGroup", + "instanceProfile", + "serviceAccessSecurityGroup", + "subnetId", + "subnetIds" + ] + } + } + }, + "aws:emr/ClusterKerberosAttributes:ClusterKerberosAttributes": { + "properties": { + "adDomainJoinPassword": { + "type": "string", + "description": "The Active Directory password for `ad_domain_join_user`. This provider cannot perform drift detection of this configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "adDomainJoinUser": { + "type": "string", + "description": "Required only when establishing a cross-realm trust with an Active Directory domain. A user with sufficient privileges to join resources to the domain. This provider cannot perform drift detection of this configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "crossRealmTrustPrincipalPassword": { + "type": "string", + "description": "Required only when establishing a cross-realm trust with a KDC in a different realm. The cross-realm principal password, which must be identical across realms. This provider cannot perform drift detection of this configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kdcAdminPassword": { + "type": "string", + "description": "The password used within the cluster for the kadmin service on the cluster-dedicated KDC, which maintains Kerberos principals, password policies, and keytabs for the cluster. This provider cannot perform drift detection of this configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "realm": { + "type": "string", + "description": "The name of the Kerberos realm to which all nodes in a cluster belong. For example, `EC2.INTERNAL`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "kdcAdminPassword", + "realm" + ] + }, + "aws:emr/ClusterMasterInstanceFleet:ClusterMasterInstanceFleet": { + "properties": { + "id": { + "type": "string", + "description": "The ID of the EMR Cluster\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceTypeConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceFleetInstanceTypeConfig:ClusterMasterInstanceFleetInstanceTypeConfig" + }, + "description": "Configuration block for instance fleet\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchSpecifications": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceFleetLaunchSpecifications:ClusterMasterInstanceFleetLaunchSpecifications", + "description": "Configuration block for launch specification\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "provisionedOnDemandCapacity": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "provisionedSpotCapacity": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetOnDemandCapacity": { + "type": "integer", + "description": "The target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetSpotCapacity": { + "type": "integer", + "description": "The target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "provisionedOnDemandCapacity", + "provisionedSpotCapacity" + ] + } + } + }, + "aws:emr/ClusterMasterInstanceFleetInstanceTypeConfig:ClusterMasterInstanceFleetInstanceTypeConfig": { + "properties": { + "bidPrice": { + "type": "string", + "description": "The bid price for each EC2 Spot instance type as defined by `instance_type`. Expressed in USD. If neither `bid_price` nor `bid_price_as_percentage_of_on_demand_price` is provided, `bid_price_as_percentage_of_on_demand_price` defaults to 100%.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bidPriceAsPercentageOfOnDemandPrice": { + "type": "number", + "description": "The bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by `instance_type`. Expressed as a number (for example, 20 specifies 20%). If neither `bid_price` nor `bid_price_as_percentage_of_on_demand_price` is provided, `bid_price_as_percentage_of_on_demand_price` defaults to 100%.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "configurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceFleetInstanceTypeConfigConfiguration:ClusterMasterInstanceFleetInstanceTypeConfigConfiguration" + }, + "description": "A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebsConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceFleetInstanceTypeConfigEbsConfig:ClusterMasterInstanceFleetInstanceTypeConfigEbsConfig" + }, + "description": "Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "An EC2 instance type, such as m4.xlarge.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weightedCapacity": { + "type": "integer", + "description": "The number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in `aws.emr.InstanceFleet`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instanceType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "ebsConfigs", + "instanceType" + ] + } + } + }, + "aws:emr/ClusterMasterInstanceFleetInstanceTypeConfigConfiguration:ClusterMasterInstanceFleetInstanceTypeConfigConfiguration": { + "properties": { + "classification": { + "type": "string", + "description": "The classification within a configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "properties": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "A map of properties specified within a configuration classification\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:emr/ClusterMasterInstanceFleetInstanceTypeConfigEbsConfig:ClusterMasterInstanceFleetInstanceTypeConfigEbsConfig": { + "properties": { + "iops": { + "type": "integer", + "description": "The number of I/O operations per second (IOPS) that the volume supports\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The volume size, in gibibytes (GiB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The volume type. Valid options are `gp2`, `io1`, `standard` and `st1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumesPerInstance": { + "type": "integer", + "description": "The number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "size", + "type" + ] + }, + "aws:emr/ClusterMasterInstanceFleetLaunchSpecifications:ClusterMasterInstanceFleetLaunchSpecifications": { + "properties": { + "onDemandSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceFleetLaunchSpecificationsOnDemandSpecification:ClusterMasterInstanceFleetLaunchSpecificationsOnDemandSpecification" + }, + "description": "Configuration block for on demand instances launch specifications\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceFleetLaunchSpecificationsSpotSpecification:ClusterMasterInstanceFleetLaunchSpecificationsSpotSpecification" + }, + "description": "Configuration block for spot instances launch specifications\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:emr/ClusterMasterInstanceFleetLaunchSpecificationsOnDemandSpecification:ClusterMasterInstanceFleetLaunchSpecificationsOnDemandSpecification": { + "properties": { + "allocationStrategy": { + "type": "string", + "description": "Specifies the strategy to use in launching Spot instance fleets. Currently, the only option is `capacity-optimized` (the default), which launches instances from Spot instance pools with optimal capacity for the number of instances that are launching.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationStrategy" + ] + }, + "aws:emr/ClusterMasterInstanceFleetLaunchSpecificationsSpotSpecification:ClusterMasterInstanceFleetLaunchSpecificationsSpotSpecification": { + "properties": { + "allocationStrategy": { + "type": "string", + "description": "Specifies the strategy to use in launching Spot instance fleets. Currently, the only option is `capacity-optimized` (the default), which launches instances from Spot instance pools with optimal capacity for the number of instances that are launching.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "blockDurationMinutes": { + "type": "integer", + "description": "The defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutAction": { + "type": "string", + "description": "The action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are `TERMINATE_CLUSTER` and `SWITCH_TO_ON_DEMAND`. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutDurationMinutes": { + "type": "integer", + "description": "The spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationStrategy", + "timeoutAction", + "timeoutDurationMinutes" + ] + }, + "aws:emr/ClusterMasterInstanceGroup:ClusterMasterInstanceGroup": { + "properties": { + "bidPrice": { + "type": "string", + "description": "The bid price for each EC2 Spot instance type as defined by `instance_type`. Expressed in USD. If neither `bid_price` nor `bid_price_as_percentage_of_on_demand_price` is provided, `bid_price_as_percentage_of_on_demand_price` defaults to 100%.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebsConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceGroupEbsConfig:ClusterMasterInstanceGroupEbsConfig" + }, + "description": "Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "The ID of the EMR Cluster\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceCount": { + "type": "integer", + "description": "Target number of instances for the instance group. Must be 1 or 3. Defaults to 1. Launching with multiple master nodes is only supported in EMR version 5.23.0+, and requires this resource's `core_instance_group` to be configured. Public (Internet accessible) instances must be created in VPC subnets that have `map public IP on launch` enabled. Termination protection is automatically enabled when launched with multiple master nodes and this provider must have the `termination_protection = false` configuration applied before destroying this resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "An EC2 instance type, such as m4.xlarge.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instanceType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "ebsConfigs", + "id", + "instanceType" + ] + } + } + }, + "aws:emr/ClusterMasterInstanceGroupEbsConfig:ClusterMasterInstanceGroupEbsConfig": { + "properties": { + "iops": { + "type": "integer", + "description": "The number of I/O operations per second (IOPS) that the volume supports\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The volume size, in gibibytes (GiB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The volume type. Valid options are `gp2`, `io1`, `standard` and `st1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumesPerInstance": { + "type": "integer", + "description": "The number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "size", + "type" + ] + }, + "aws:emr/ClusterStep:ClusterStep": { + "properties": { + "actionOnFailure": { + "type": "string", + "description": "The action to take if the step fails. Valid values: `TERMINATE_JOB_FLOW`, `TERMINATE_CLUSTER`, `CANCEL_AND_WAIT`, and `CONTINUE`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hadoopJarStep": { + "$ref": "#/types/aws:emr/ClusterStepHadoopJarStep:ClusterStepHadoopJarStep", + "description": "The JAR file used for the step. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "actionOnFailure", + "hadoopJarStep", + "name" + ] + }, + "aws:emr/ClusterStepHadoopJarStep:ClusterStepHadoopJarStep": { + "properties": { + "args": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of command line arguments passed to the JAR file's main function when executed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jar": { + "type": "string", + "description": "Path to a JAR file run during the step.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mainClass": { + "type": "string", + "description": "Name of the main class in the specified Java file. If not specified, the JAR file should specify a Main-Class in its manifest file.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "properties": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of properties specified within a configuration classification\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "jar" + ] + }, + "aws:emr/InstanceFleetInstanceTypeConfig:InstanceFleetInstanceTypeConfig": { + "properties": { + "bidPrice": { + "type": "string", + "description": "The bid price for each EC2 Spot instance type as defined by `instance_type`. Expressed in USD. If neither `bid_price` nor `bid_price_as_percentage_of_on_demand_price` is provided, `bid_price_as_percentage_of_on_demand_price` defaults to 100%.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bidPriceAsPercentageOfOnDemandPrice": { + "type": "number", + "description": "The bid price, as a percentage of On-Demand price, for each EC2 Spot instance as defined by `instance_type`. Expressed as a number (for example, 20 specifies 20%). If neither `bid_price` nor `bid_price_as_percentage_of_on_demand_price` is provided, `bid_price_as_percentage_of_on_demand_price` defaults to 100%.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "configurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/InstanceFleetInstanceTypeConfigConfiguration:InstanceFleetInstanceTypeConfigConfiguration" + }, + "description": "A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebsConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/InstanceFleetInstanceTypeConfigEbsConfig:InstanceFleetInstanceTypeConfigEbsConfig" + }, + "description": "Configuration block(s) for EBS volumes attached to each instance in the instance group. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "An EC2 instance type, such as m4.xlarge.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weightedCapacity": { + "type": "integer", + "description": "The number of units that a provisioned instance of this type provides toward fulfilling the target capacities defined in `aws.emr.InstanceFleet`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "instanceType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "ebsConfigs", + "instanceType" + ] + } + } + }, + "aws:emr/InstanceFleetInstanceTypeConfigConfiguration:InstanceFleetInstanceTypeConfigConfiguration": { + "properties": { + "classification": { + "type": "string", + "description": "The classification within a configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "properties": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "A map of properties specified within a configuration classification\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:emr/InstanceFleetInstanceTypeConfigEbsConfig:InstanceFleetInstanceTypeConfigEbsConfig": { + "properties": { + "iops": { + "type": "integer", + "description": "The number of I/O operations per second (IOPS) that the volume supports\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The volume size, in gibibytes (GiB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The volume type. Valid options are `gp2`, `io1`, `standard` and `st1`. See [EBS Volume Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumesPerInstance": { + "type": "integer", + "description": "The number of EBS volumes with this configuration to attach to each EC2 instance in the instance group (default is 1)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "size", + "type" + ] + }, + "aws:emr/InstanceFleetLaunchSpecifications:InstanceFleetLaunchSpecifications": { + "properties": { + "onDemandSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/InstanceFleetLaunchSpecificationsOnDemandSpecification:InstanceFleetLaunchSpecificationsOnDemandSpecification" + }, + "description": "Configuration block for on demand instances launch specifications\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "spotSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/InstanceFleetLaunchSpecificationsSpotSpecification:InstanceFleetLaunchSpecificationsSpotSpecification" + }, + "description": "Configuration block for spot instances launch specifications\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:emr/InstanceFleetLaunchSpecificationsOnDemandSpecification:InstanceFleetLaunchSpecificationsOnDemandSpecification": { + "properties": { + "allocationStrategy": { + "type": "string", + "description": "Specifies the strategy to use in launching Spot instance fleets. Currently, the only option is `capacity-optimized` (the default), which launches instances from Spot instance pools with optimal capacity for the number of instances that are launching.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationStrategy" + ] + }, + "aws:emr/InstanceFleetLaunchSpecificationsSpotSpecification:InstanceFleetLaunchSpecificationsSpotSpecification": { + "properties": { + "allocationStrategy": { + "type": "string", + "description": "Specifies the strategy to use in launching Spot instance fleets. Currently, the only option is `capacity-optimized` (the default), which launches instances from Spot instance pools with optimal capacity for the number of instances that are launching.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "blockDurationMinutes": { + "type": "integer", + "description": "The defined duration for Spot instances (also known as Spot blocks) in minutes. When specified, the Spot instance does not terminate before the defined duration expires, and defined duration pricing for Spot instances applies. Valid values are 60, 120, 180, 240, 300, or 360. The duration period starts as soon as a Spot instance receives its instance ID. At the end of the duration, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutAction": { + "type": "string", + "description": "The action to take when TargetSpotCapacity has not been fulfilled when the TimeoutDurationMinutes has expired; that is, when all Spot instances could not be provisioned within the Spot provisioning timeout. Valid values are `TERMINATE_CLUSTER` and `SWITCH_TO_ON_DEMAND`. SWITCH_TO_ON_DEMAND specifies that if no Spot instances are available, On-Demand Instances should be provisioned to fulfill any remaining Spot capacity.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutDurationMinutes": { + "type": "integer", + "description": "The spot provisioning timeout period in minutes. If Spot instances are not provisioned within this time period, the TimeOutAction is taken. Minimum value is 5 and maximum value is 1440. The timeout applies only during initial provisioning, when the cluster is first created.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationStrategy", + "timeoutAction", + "timeoutDurationMinutes" + ] + }, + "aws:emr/InstanceGroupEbsConfig:InstanceGroupEbsConfig": { + "properties": { + "iops": { + "type": "integer", + "description": "The number of I/O operations per second (IOPS) that the volume supports.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The volume size, in gibibytes (GiB). This can be a number from 1 - 1024. If the volume type is EBS-optimized, the minimum value is 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The volume type. Valid options are 'gp2', 'io1' and 'standard'.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumesPerInstance": { + "type": "integer", + "description": "The number of EBS Volumes to attach per instance.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "size", + "type" + ] + }, + "aws:emr/ManagedScalingPolicyComputeLimit:ManagedScalingPolicyComputeLimit": { + "properties": { + "maximumCapacityUnits": { + "type": "integer", + "description": "The upper boundary of EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. Managed scaling activities are not allowed beyond this boundary. The limit only applies to the core and task nodes. The master node cannot be scaled after initial configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maximumCoreCapacityUnits": { + "type": "integer", + "description": "The upper boundary of EC2 units for core node type in a cluster. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. The core units are not allowed to scale beyond this boundary. The parameter is used to split capacity allocation between core and task nodes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maximumOndemandCapacityUnits": { + "type": "integer", + "description": "The upper boundary of On-Demand EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. The On-Demand units are not allowed to scale beyond this boundary. The parameter is used to split capacity allocation between On-Demand and Spot instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minimumCapacityUnits": { + "type": "integer", + "description": "The lower boundary of EC2 units. It is measured through VCPU cores or instances for instance groups and measured through units for instance fleets. Managed scaling activities are not allowed beyond this boundary. The limit only applies to the core and task nodes. The master node cannot be scaled after initial configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unitType": { + "type": "string", + "description": "The unit type used for specifying a managed scaling policy. Valid Values: `InstanceFleetUnits` | `Instances` | `VCPU`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maximumCapacityUnits", + "minimumCapacityUnits", + "unitType" + ] + }, + "aws:fms/PolicyExcludeMap:PolicyExcludeMap": { + "properties": { + "accounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orgunits": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:fms/PolicyIncludeMap:PolicyIncludeMap": { + "properties": { + "accounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of AWS Organization member Accounts that you want to include for this AWS FMS Policy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orgunits": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:fms/PolicySecurityServicePolicyData:PolicySecurityServicePolicyData": { + "properties": { + "managedServiceData": { + "type": "string", + "description": "Details about the service that are specific to the service type, in JSON format. For service type `SHIELD_ADVANCED`, this is an empty string. Examples depending on `type` can be found in the [AWS Firewall Manager SecurityServicePolicyData API Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The service that the policy is using to protect the resources. For the current list of supported types, please refer to the [AWS Firewall Manager SecurityServicePolicyData API Type Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_SecurityServicePolicyData.html#fms-Type-SecurityServicePolicyData-Type).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:fsx/WindowsFileSystemAuditLogConfiguration:WindowsFileSystemAuditLogConfiguration": { + "properties": { + "auditLogDestination": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the destination of the audit logs. The destination can be any Amazon CloudWatch Logs log group ARN or Amazon Kinesis Data Firehose delivery stream ARN. Can be specified when `file_access_audit_log_level` and `file_share_access_audit_log_level` are not set to `DISABLED`. The name of the Amazon CloudWatch Logs log group must begin with the `/aws/fsx` prefix. The name of the Amazon Kinesis Data Firehouse delivery stream must begin with the `aws-fsx` prefix. If you do not provide a destination in `audit_log_destionation`, Amazon FSx will create and use a log stream in the CloudWatch Logs /aws/fsx/windows log group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fileAccessAuditLogLevel": { + "type": "string", + "description": "Sets which attempt type is logged by Amazon FSx for file and folder accesses. Valid values are `SUCCESS_ONLY`, `FAILURE_ONLY`, `SUCCESS_AND_FAILURE`, and `DISABLED`. Default value is `DISABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fileShareAccessAuditLogLevel": { + "type": "string", + "description": "Sets which attempt type is logged by Amazon FSx for file share accesses. Valid values are `SUCCESS_ONLY`, `FAILURE_ONLY`, `SUCCESS_AND_FAILURE`, and `DISABLED`. Default value is `DISABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "auditLogDestination" + ] + } + } + }, + "aws:fsx/WindowsFileSystemSelfManagedActiveDirectory:WindowsFileSystemSelfManagedActiveDirectory": { + "properties": { + "dnsIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of up to two IP addresses of DNS servers or domain controllers in the self-managed AD directory. The IP addresses need to be either in the same VPC CIDR range as the file system or in the private IP version 4 (IPv4) address ranges as specified in [RFC 1918](https://tools.ietf.org/html/rfc1918).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "domainName": { + "type": "string", + "description": "The fully qualified domain name of the self-managed AD directory. For example, `corp.example.com`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fileSystemAdministratorsGroup": { + "type": "string", + "description": "The name of the domain group whose members are granted administrative privileges for the file system. Administrative privileges include taking ownership of files and folders, and setting audit controls (audit ACLs) on files and folders. The group that you specify must already exist in your domain. Defaults to `Domain Admins`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "organizationalUnitDistinguishedName": { + "type": "string", + "description": "The fully qualified distinguished name of the organizational unit within your self-managed AD directory that the Windows File Server instance will join. For example, `OU=FSx,DC=yourdomain,DC=corp,DC=com`. Only accepts OU as the direct parent of the file system. If none is provided, the FSx file system is created in the default location of your self-managed AD directory. To learn more, see [RFC 2253](https://tools.ietf.org/html/rfc2253).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "password": { + "type": "string", + "description": "The password for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "username": { + "type": "string", + "description": "The user name for the service account on your self-managed AD domain that Amazon FSx will use to join to your AD domain.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dnsIps", + "domainName", + "password", + "username" + ] + }, + "aws:gamelift/AliasRoutingStrategy:AliasRoutingStrategy": { + "properties": { + "fleetId": { + "type": "string", + "description": "ID of the Gamelift Fleet to point the alias to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "message": { + "type": "string", + "description": "Message text to be used with the `TERMINAL` routing strategy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of routing strategy. e.g. `SIMPLE` or `TERMINAL`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:gamelift/BuildStorageLocation:BuildStorageLocation": { + "properties": { + "bucket": { + "type": "string", + "description": "Name of your S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "Name of the zip file containing your build files.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "ARN of the access role that allows Amazon GameLift to access your S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "key", + "roleArn" + ] + }, + "aws:gamelift/FleetEc2InboundPermission:FleetEc2InboundPermission": { + "properties": { + "fromPort": { + "type": "integer", + "description": "Starting value for a range of allowed port numbers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipRange": { + "type": "string", + "description": "Range of allowed IP addresses expressed in CIDR notation. e.g. `000.000.000.000/[subnet mask]` or `0.0.0.0/[subnet mask]`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Network communication protocol used by the fleet. e.g. `TCP` or `UDP`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "Ending value for a range of allowed port numbers. Port numbers are end-inclusive. This value must be higher than `from_port`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fromPort", + "ipRange", + "protocol", + "toPort" + ] + }, + "aws:gamelift/FleetResourceCreationLimitPolicy:FleetResourceCreationLimitPolicy": { + "properties": { + "newGameSessionsPerCreator": { + "type": "integer", + "description": "Maximum number of game sessions that an individual can create during the policy period.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "policyPeriodInMinutes": { + "type": "integer", + "description": "Time span used in evaluating the resource creation limit policy.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:gamelift/FleetRuntimeConfiguration:FleetRuntimeConfiguration": { + "properties": { + "gameSessionActivationTimeoutSeconds": { + "type": "integer", + "description": "Maximum amount of time (in seconds) that a game session can remain in status `ACTIVATING`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxConcurrentGameSessionActivations": { + "type": "integer", + "description": "Maximum number of game sessions with status `ACTIVATING` to allow on an instance simultaneously.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serverProcesses": { + "type": "array", + "items": { + "$ref": "#/types/aws:gamelift/FleetRuntimeConfigurationServerProcess:FleetRuntimeConfigurationServerProcess" + }, + "description": "Collection of server process configurations that describe which server processes to run on each instance in a fleet. See below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:gamelift/FleetRuntimeConfigurationServerProcess:FleetRuntimeConfigurationServerProcess": { + "properties": { + "concurrentExecutions": { + "type": "integer", + "description": "Number of server processes using this configuration to run concurrently on an instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchPath": { + "type": "string", + "description": "Location of the server executable in a game build. All game builds are installed on instances at the root : for Windows instances `C:\\game`, and for Linux instances `/local/game`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameters": { + "type": "string", + "description": "Optional list of parameters to pass to the server executable on launch.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "concurrentExecutions", + "launchPath" + ] + }, + "aws:gamelift/GameSessionQueuePlayerLatencyPolicy:GameSessionQueuePlayerLatencyPolicy": { + "properties": { + "maximumIndividualPlayerLatencyMilliseconds": { + "type": "integer", + "description": "Maximum latency value that is allowed for any player.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "policyDurationSeconds": { + "type": "integer", + "description": "Length of time that the policy is enforced while placing a new game session. Absence of value for this attribute means that the policy is enforced until the queue times out.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maximumIndividualPlayerLatencyMilliseconds" + ] + }, + "aws:glacier/VaultNotification:VaultNotification": { + "properties": { + "events": { + "type": "array", + "items": { + "type": "string" + }, + "description": "You can configure a vault to publish a notification for `ArchiveRetrievalCompleted` and `InventoryRetrievalCompleted` events.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snsTopic": { + "type": "string", + "description": "The SNS Topic ARN.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "events", + "snsTopic" + ] + }, + "aws:globalaccelerator/AcceleratorAttributes:AcceleratorAttributes": { + "properties": { + "flowLogsEnabled": { + "type": "boolean", + "description": "Indicates whether flow logs are enabled. Defaults to `false`. Valid values: `true`, `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "flowLogsS3Bucket": { + "type": "string", + "description": "The name of the Amazon S3 bucket for the flow logs. Required if `flow_logs_enabled` is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "flowLogsS3Prefix": { + "type": "string", + "description": "The prefix for the location in the Amazon S3 bucket for the flow logs. Required if `flow_logs_enabled` is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:globalaccelerator/AcceleratorIpSet:AcceleratorIpSet": { + "properties": { + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IP addresses in the IP address set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipFamily": { + "type": "string", + "description": "The type of IP addresses included in this IP set.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "ipAddresses", + "ipFamily" + ] + } + } + }, + "aws:globalaccelerator/EndpointGroupEndpointConfiguration:EndpointGroupEndpointConfiguration": { + "properties": { + "clientIpPreservationEnabled": { + "type": "boolean", + "description": "Indicates whether client IP address preservation is enabled for an Application Load Balancer endpoint. See the [AWS documentation](https://docs.aws.amazon.com/global-accelerator/latest/dg/preserve-client-ip-address.html) for more details. The default value is `false`.\n**Note:** When client IP address preservation is enabled, the Global Accelerator service creates an EC2 Security Group in the VPC named `GlobalAccelerator` that must be deleted (potentially outside of the provider) before the VPC will successfully delete. If this EC2 Security Group is not deleted, the provider will retry the VPC deletion for a few minutes before reporting a `DependencyViolation` error. This cannot be resolved by re-running the provider.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "endpointId": { + "type": "string", + "description": "An ID for the endpoint. If the endpoint is a Network Load Balancer or Application Load Balancer, this is the Amazon Resource Name (ARN) of the resource. If the endpoint is an Elastic IP address, this is the Elastic IP address allocation ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "The weight associated with the endpoint. When you add weights to endpoints, you configure AWS Global Accelerator to route traffic based on proportions that you specify.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "clientIpPreservationEnabled" + ] + } + } + }, + "aws:globalaccelerator/EndpointGroupPortOverride:EndpointGroupPortOverride": { + "properties": { + "endpointPort": { + "type": "integer", + "description": "The endpoint port that you want a listener port to be mapped to. This is the port on the endpoint, such as the Application Load Balancer or Amazon EC2 instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "listenerPort": { + "type": "integer", + "description": "The listener port that you want to map to a specific endpoint port. This is the port that user traffic arrives to the Global Accelerator on.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "endpointPort", + "listenerPort" + ] + }, + "aws:globalaccelerator/ListenerPortRange:ListenerPortRange": { + "properties": { + "fromPort": { + "type": "integer", + "description": "The first port in the range of ports, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "The last port in the range of ports, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:globalaccelerator/getAcceleratorAttribute:getAcceleratorAttribute": { + "properties": { + "flowLogsEnabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "flowLogsS3Bucket": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "flowLogsS3Prefix": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "flowLogsEnabled", + "flowLogsS3Bucket", + "flowLogsS3Prefix" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:globalaccelerator/getAcceleratorIpSet:getAcceleratorIpSet": { + "properties": { + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "ipFamily": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "ipAddresses", + "ipFamily" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:glue/CatalogDatabaseTargetDatabase:CatalogDatabaseTargetDatabase": { + "properties": { + "catalogId": { + "type": "string", + "description": "ID of the Data Catalog in which the database resides.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "databaseName": { + "type": "string", + "description": "Name of the catalog database.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "catalogId", + "databaseName" + ] + }, + "aws:glue/CatalogTablePartitionIndex:CatalogTablePartitionIndex": { + "properties": { + "indexName": { + "type": "string", + "description": "Name of the partition index.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "indexStatus": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "keys": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Keys for the partition index.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "indexName", + "keys" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "indexName", + "indexStatus", + "keys" + ] + } + } + }, + "aws:glue/CatalogTablePartitionKey:CatalogTablePartitionKey": { + "properties": { + "comment": { + "type": "string", + "description": "Free-form text comment.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the target table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Datatype of data in the Column.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:glue/CatalogTableStorageDescriptor:CatalogTableStorageDescriptor": { + "properties": { + "bucketColumns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of reducer grouping columns, clustering columns, and bucketing columns in the table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "columns": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CatalogTableStorageDescriptorColumn:CatalogTableStorageDescriptorColumn" + }, + "description": "Configuration block for columns in the table. See `columns` below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compressed": { + "type": "boolean", + "description": "Whether the data in the table is compressed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "inputFormat": { + "type": "string", + "description": "Input format: SequenceFileInputFormat (binary), or TextInputFormat, or a custom format.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "location": { + "type": "string", + "description": "Physical location of the table. By default this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfBuckets": { + "type": "integer", + "description": "Must be specified if the table contains any dimension columns.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outputFormat": { + "type": "string", + "description": "Output format: SequenceFileOutputFormat (binary), or IgnoreKeyTextOutputFormat, or a custom format.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of initialization parameters for the SerDe, in key-value form.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schemaReference": { + "$ref": "#/types/aws:glue/CatalogTableStorageDescriptorSchemaReference:CatalogTableStorageDescriptorSchemaReference", + "description": "Object that references a schema stored in the AWS Glue Schema Registry. When creating a table, you can pass an empty list of columns for the schema, and instead use a schema reference. See Schema Reference below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serDeInfo": { + "$ref": "#/types/aws:glue/CatalogTableStorageDescriptorSerDeInfo:CatalogTableStorageDescriptorSerDeInfo", + "description": "Configuration block for serialization and deserialization (\"SerDe\") information. See `ser_de_info` below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "skewedInfo": { + "$ref": "#/types/aws:glue/CatalogTableStorageDescriptorSkewedInfo:CatalogTableStorageDescriptorSkewedInfo", + "description": "Configuration block with information about values that appear very frequently in a column (skewed values). See `skewed_info` below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sortColumns": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CatalogTableStorageDescriptorSortColumn:CatalogTableStorageDescriptorSortColumn" + }, + "description": "Configuration block for the sort order of each bucket in the table. See `sort_columns` below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "storedAsSubDirectories": { + "type": "boolean", + "description": "Whether the table data is stored in subdirectories.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "columns" + ] + } + } + }, + "aws:glue/CatalogTableStorageDescriptorColumn:CatalogTableStorageDescriptorColumn": { + "properties": { + "comment": { + "type": "string", + "description": "Free-form text comment.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the target table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of initialization parameters for the SerDe, in key-value form.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Datatype of data in the Column.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:glue/CatalogTableStorageDescriptorSchemaReference:CatalogTableStorageDescriptorSchemaReference": { + "properties": { + "schemaId": { + "$ref": "#/types/aws:glue/CatalogTableStorageDescriptorSchemaReferenceSchemaId:CatalogTableStorageDescriptorSchemaReferenceSchemaId", + "description": "Configuration block that contains schema identity fields. Either this or the `schema_version_id` has to be provided. See `schema_id` below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schemaVersionId": { + "type": "string", + "description": "Unique ID assigned to a version of the schema. Either this or the `schema_id` has to be provided.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schemaVersionNumber": { + "type": "integer", + "description": "Version number of the schema.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "schemaVersionNumber" + ] + }, + "aws:glue/CatalogTableStorageDescriptorSchemaReferenceSchemaId:CatalogTableStorageDescriptorSchemaReferenceSchemaId": { + "properties": { + "registryName": { + "type": "string", + "description": "Name of the schema registry that contains the schema. Must be provided when `schema_name` is specified and conflicts with `schema_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schemaArn": { + "type": "string", + "description": "ARN of the schema. One of `schema_arn` or `schema_name` has to be provided.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schemaName": { + "type": "string", + "description": "Name of the schema. One of `schema_arn` or `schema_name` has to be provided.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/CatalogTableStorageDescriptorSerDeInfo:CatalogTableStorageDescriptorSerDeInfo": { + "properties": { + "name": { + "type": "string", + "description": "Name of the target table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of initialization parameters for the SerDe, in key-value form.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serializationLibrary": { + "type": "string", + "description": "Usually the class that implements the SerDe. An example is `org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/CatalogTableStorageDescriptorSkewedInfo:CatalogTableStorageDescriptorSkewedInfo": { + "properties": { + "skewedColumnNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of names of columns that contain skewed values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "skewedColumnValueLocationMaps": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "List of values that appear so frequently as to be considered skewed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "skewedColumnValues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Map of skewed values to the columns that contain them.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/CatalogTableStorageDescriptorSortColumn:CatalogTableStorageDescriptorSortColumn": { + "properties": { + "column": { + "type": "string", + "description": "Name of the column.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sortOrder": { + "type": "integer", + "description": "Whether the column is sorted in ascending (`1`) or descending order (`0`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "column", + "sortOrder" + ] + }, + "aws:glue/CatalogTableTargetTable:CatalogTableTargetTable": { + "properties": { + "catalogId": { + "type": "string", + "description": "ID of the Data Catalog in which the table resides.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "databaseName": { + "type": "string", + "description": "Name of the catalog database that contains the target table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the target table.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "catalogId", + "databaseName", + "name" + ] + }, + "aws:glue/ClassifierCsvClassifier:ClassifierCsvClassifier": { + "properties": { + "allowSingleColumn": { + "type": "boolean", + "description": "Enables the processing of files that contain only one column.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "containsHeader": { + "type": "string", + "description": "Indicates whether the CSV file contains a header. This can be one of \"ABSENT\", \"PRESENT\", or \"UNKNOWN\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "delimiter": { + "type": "string", + "description": "The delimiter used in the Csv to separate columns.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "disableValueTrimming": { + "type": "boolean", + "description": "Specifies whether to trim column values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of strings representing column names.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "quoteSymbol": { + "type": "string", + "description": "A custom symbol to denote what combines content into a single column value. It must be different from the column delimiter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/ClassifierGrokClassifier:ClassifierGrokClassifier": { + "properties": { + "classification": { + "type": "string", + "description": "An identifier of the data format that the classifier matches.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "customPatterns": { + "type": "string", + "description": "Custom grok patterns used by this classifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "grokPattern": { + "type": "string", + "description": "The grok pattern used by this classifier.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "classification", + "grokPattern" + ] + }, + "aws:glue/ClassifierJsonClassifier:ClassifierJsonClassifier": { + "properties": { + "jsonPath": { + "type": "string", + "description": "A `JsonPath` string defining the JSON data for the classifier to classify. AWS Glue supports a subset of `JsonPath`, as described in [Writing JsonPath Custom Classifiers](https://docs.aws.amazon.com/glue/latest/dg/custom-classifier.html#custom-classifier-json).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "jsonPath" + ] + }, + "aws:glue/ClassifierXmlClassifier:ClassifierXmlClassifier": { + "properties": { + "classification": { + "type": "string", + "description": "An identifier of the data format that the classifier matches.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rowTag": { + "type": "string", + "description": "The XML tag designating the element that contains each record in an XML document being parsed. Note that this cannot identify a self-closing element (closed by `/>`). An empty row element that contains only attributes can be parsed as long as it ends with a closing tag (for example, `` is okay, but `` is not).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "classification", + "rowTag" + ] + }, + "aws:glue/ConnectionPhysicalConnectionRequirements:ConnectionPhysicalConnectionRequirements": { + "properties": { + "availabilityZone": { + "type": "string", + "description": "The availability zone of the connection. This field is redundant and implied by `subnet_id`, but is currently an api requirement.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupIdLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The security group ID list used by the connection.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "The subnet ID used by the connection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/CrawlerCatalogTarget:CrawlerCatalogTarget": { + "properties": { + "databaseName": { + "type": "string", + "description": "The name of the Glue database to be synchronized.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of catalog tables to be synchronized.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "databaseName", + "tables" + ] + }, + "aws:glue/CrawlerDynamodbTarget:CrawlerDynamodbTarget": { + "properties": { + "path": { + "type": "string", + "description": "The path of the Amazon DocumentDB or MongoDB target (database/collection).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scanAll": { + "type": "boolean", + "description": "Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table. Default value is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scanRate": { + "type": "number", + "description": "The percentage of the configured read capacity units to use by the AWS Glue crawler. The valid values are null or a value between 0.1 to 1.5.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "aws:glue/CrawlerJdbcTarget:CrawlerJdbcTarget": { + "properties": { + "connectionName": { + "type": "string", + "description": "The name of the connection to use to connect to the Amazon DocumentDB or MongoDB target.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "exclusions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of glob patterns used to exclude from the crawl.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The path of the Amazon DocumentDB or MongoDB target (database/collection).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "connectionName", + "path" + ] + }, + "aws:glue/CrawlerLineageConfiguration:CrawlerLineageConfiguration": { + "properties": { + "crawlerLineageSettings": { + "type": "string", + "description": "Specifies whether data lineage is enabled for the crawler. Valid values are: `ENABLE` and `DISABLE`. Default value is `Disable`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/CrawlerMongodbTarget:CrawlerMongodbTarget": { + "properties": { + "connectionName": { + "type": "string", + "description": "The name of the connection to use to connect to the Amazon DocumentDB or MongoDB target.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The path of the Amazon DocumentDB or MongoDB target (database/collection).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scanAll": { + "type": "boolean", + "description": "Indicates whether to scan all the records, or to sample rows from the table. Scanning all the records can take a long time when the table is not a high throughput table. Default value is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "connectionName", + "path" + ] + }, + "aws:glue/CrawlerRecrawlPolicy:CrawlerRecrawlPolicy": { + "properties": { + "recrawlBehavior": { + "type": "string", + "description": "Specifies whether to crawl the entire dataset again or to crawl only folders that were added since the last crawler run. Valid Values are: `CRAWL_EVERYTHING` and `CRAWL_NEW_FOLDERS_ONLY`. Default value is `CRAWL_EVERYTHING`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/CrawlerS3Target:CrawlerS3Target": { + "properties": { + "connectionName": { + "type": "string", + "description": "The name of the connection to use to connect to the Amazon DocumentDB or MongoDB target.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "exclusions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of glob patterns used to exclude from the crawl.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The path of the Amazon DocumentDB or MongoDB target (database/collection).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sampleSize": { + "type": "integer", + "description": "Sets the number of files in each leaf folder to be crawled when crawling sample files in a dataset. If not set, all the files are crawled. A valid value is an integer between 1 and 249.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "path" + ] + }, + "aws:glue/CrawlerSchemaChangePolicy:CrawlerSchemaChangePolicy": { + "properties": { + "deleteBehavior": { + "type": "string", + "description": "The deletion behavior when the crawler finds a deleted object. Valid values: `LOG`, `DELETE_FROM_DATABASE`, or `DEPRECATE_IN_DATABASE`. Defaults to `DEPRECATE_IN_DATABASE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "updateBehavior": { + "type": "string", + "description": "The update behavior when the crawler finds a changed schema. Valid values: `LOG` or `UPDATE_IN_DATABASE`. Defaults to `UPDATE_IN_DATABASE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/DataCatalogEncryptionSettingsDataCatalogEncryptionSettings:DataCatalogEncryptionSettingsDataCatalogEncryptionSettings": { + "properties": { + "connectionPasswordEncryption": { + "$ref": "#/types/aws:glue/DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsConnectionPasswordEncryption:DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsConnectionPasswordEncryption", + "description": "When connection password protection is enabled, the Data Catalog uses a customer-provided key to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog encryption or only password encryption. see Connection Password Encryption.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encryptionAtRest": { + "$ref": "#/types/aws:glue/DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsEncryptionAtRest:DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsEncryptionAtRest", + "description": "Specifies the encryption-at-rest configuration for the Data Catalog. see Encryption At Rest.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "connectionPasswordEncryption", + "encryptionAtRest" + ] + }, + "aws:glue/DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsConnectionPasswordEncryption:DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsConnectionPasswordEncryption": { + "properties": { + "awsKmsKeyId": { + "type": "string", + "description": "A KMS key ARN that is used to encrypt the connection password. If connection password protection is enabled, the caller of CreateConnection and UpdateConnection needs at least `kms:Encrypt` permission on the specified AWS KMS key, to encrypt passwords before storing them in the Data Catalog.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "returnConnectionPasswordEncrypted": { + "type": "boolean", + "description": "When set to `true`, passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently of the catalog encryption.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "returnConnectionPasswordEncrypted" + ] + }, + "aws:glue/DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsEncryptionAtRest:DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsEncryptionAtRest": { + "properties": { + "catalogEncryptionMode": { + "type": "string", + "description": "The encryption-at-rest mode for encrypting Data Catalog data. Valid values are `DISABLED` and `SSE-KMS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sseAwsKmsKeyId": { + "type": "string", + "description": "The ARN of the AWS KMS key to use for encryption at rest.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "catalogEncryptionMode" + ] + }, + "aws:glue/JobCommand:JobCommand": { + "properties": { + "name": { + "type": "string", + "description": "The name of the job command. Defaults to `glueetl`. Use `pythonshell` for Python Shell Job Type, `max_capacity` needs to be set if `pythonshell` is chosen.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pythonVersion": { + "type": "string", + "description": "The Python version being used to execute a Python shell job. Allowed values are 2 or 3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scriptLocation": { + "type": "string", + "description": "Specifies the S3 path to a script that executes a job.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "scriptLocation" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "pythonVersion", + "scriptLocation" + ] + } + } + }, + "aws:glue/JobExecutionProperty:JobExecutionProperty": { + "properties": { + "maxConcurrentRuns": { + "type": "integer", + "description": "The maximum number of concurrent runs allowed for a job. The default is 1.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/JobNotificationProperty:JobNotificationProperty": { + "properties": { + "notifyDelayAfter": { + "type": "integer", + "description": "After a job run starts, the number of minutes to wait before sending a job run delay notification.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/MLTransformInputRecordTable:MLTransformInputRecordTable": { + "properties": { + "catalogId": { + "type": "string", + "description": "A unique identifier for the AWS Glue Data Catalog.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "connectionName": { + "type": "string", + "description": "The name of the connection to the AWS Glue Data Catalog.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "databaseName": { + "type": "string", + "description": "A database name in the AWS Glue Data Catalog.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tableName": { + "type": "string", + "description": "A table name in the AWS Glue Data Catalog.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "databaseName", + "tableName" + ] + }, + "aws:glue/MLTransformParameters:MLTransformParameters": { + "properties": { + "findMatchesParameters": { + "$ref": "#/types/aws:glue/MLTransformParametersFindMatchesParameters:MLTransformParametersFindMatchesParameters", + "description": "The parameters for the find matches algorithm. see Find Matches Parameters.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "transformType": { + "type": "string", + "description": "The type of machine learning transform. For information about the types of machine learning transforms, see [Creating Machine Learning Transforms](http://docs.aws.amazon.com/glue/latest/dg/add-job-machine-learning-transform.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "findMatchesParameters", + "transformType" + ] + }, + "aws:glue/MLTransformParametersFindMatchesParameters:MLTransformParametersFindMatchesParameters": { + "properties": { + "accuracyCostTradeOff": { + "type": "number", + "description": "The value that is selected when tuning your transform for a balance between accuracy and cost.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enforceProvidedLabels": { + "type": "boolean", + "description": "The value to switch on or off to force the output to match the provided labels from users.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "precisionRecallTradeOff": { + "type": "number", + "description": "The value selected when tuning your transform for a balance between precision and recall.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "primaryKeyColumnName": { + "type": "string", + "description": "The name of a column that uniquely identifies rows in the source table.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/MLTransformSchema:MLTransformSchema": { + "properties": { + "dataType": { + "type": "string", + "description": "The type of data in the column.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name you assign to this ML Transform. It must be unique in your account.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "dataType", + "name" + ] + } + } + }, + "aws:glue/PartitionStorageDescriptor:PartitionStorageDescriptor": { + "properties": { + "bucketColumns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of reducer grouping columns, clustering columns, and bucketing columns in the table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "columns": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/PartitionStorageDescriptorColumn:PartitionStorageDescriptorColumn" + }, + "description": "A list of the Columns in the table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compressed": { + "type": "boolean", + "description": "True if the data in the table is compressed, or False if not.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "inputFormat": { + "type": "string", + "description": "The input format: SequenceFileInputFormat (binary), or TextInputFormat, or a custom format.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "location": { + "type": "string", + "description": "The physical location of the table. By default this takes the form of the warehouse location, followed by the database location in the warehouse, followed by the table name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfBuckets": { + "type": "integer", + "description": "Must be specified if the table contains any dimension columns.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outputFormat": { + "type": "string", + "description": "The output format: SequenceFileOutputFormat (binary), or IgnoreKeyTextOutputFormat, or a custom format.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of initialization parameters for the SerDe, in key-value form.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serDeInfo": { + "$ref": "#/types/aws:glue/PartitionStorageDescriptorSerDeInfo:PartitionStorageDescriptorSerDeInfo", + "description": "Serialization/deserialization (SerDe) information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "skewedInfo": { + "$ref": "#/types/aws:glue/PartitionStorageDescriptorSkewedInfo:PartitionStorageDescriptorSkewedInfo", + "description": "Information about values that appear very frequently in a column (skewed values).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sortColumns": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/PartitionStorageDescriptorSortColumn:PartitionStorageDescriptorSortColumn" + }, + "description": "A list of Order objects specifying the sort order of each bucket in the table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "storedAsSubDirectories": { + "type": "boolean", + "description": "True if the table data is stored in subdirectories, or False if not.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/PartitionStorageDescriptorColumn:PartitionStorageDescriptorColumn": { + "properties": { + "comment": { + "type": "string", + "description": "Free-form text comment.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the SerDe.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The datatype of data in the Column.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:glue/PartitionStorageDescriptorSerDeInfo:PartitionStorageDescriptorSerDeInfo": { + "properties": { + "name": { + "type": "string", + "description": "Name of the SerDe.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of initialization parameters for the SerDe, in key-value form.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serializationLibrary": { + "type": "string", + "description": "Usually the class that implements the SerDe. An example is: org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/PartitionStorageDescriptorSkewedInfo:PartitionStorageDescriptorSkewedInfo": { + "properties": { + "skewedColumnNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of names of columns that contain skewed values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "skewedColumnValueLocationMaps": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of values that appear so frequently as to be considered skewed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "skewedColumnValues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A map of skewed values to the columns that contain them.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/PartitionStorageDescriptorSortColumn:PartitionStorageDescriptorSortColumn": { + "properties": { + "column": { + "type": "string", + "description": "The name of the column.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sortOrder": { + "type": "integer", + "description": "Indicates that the column is sorted in ascending order (== 1), or in descending order (==0).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "column", + "sortOrder" + ] + }, + "aws:glue/SecurityConfigurationEncryptionConfiguration:SecurityConfigurationEncryptionConfiguration": { + "properties": { + "cloudwatchEncryption": { + "$ref": "#/types/aws:glue/SecurityConfigurationEncryptionConfigurationCloudwatchEncryption:SecurityConfigurationEncryptionConfigurationCloudwatchEncryption", + "language": { + "python": { + "mapCase": false + } + } + }, + "jobBookmarksEncryption": { + "$ref": "#/types/aws:glue/SecurityConfigurationEncryptionConfigurationJobBookmarksEncryption:SecurityConfigurationEncryptionConfigurationJobBookmarksEncryption", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3Encryption": { + "$ref": "#/types/aws:glue/SecurityConfigurationEncryptionConfigurationS3Encryption:SecurityConfigurationEncryptionConfigurationS3Encryption", + "description": "A `s3_encryption ` block as described below, which contains encryption configuration for S3 data.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cloudwatchEncryption", + "jobBookmarksEncryption", + "s3Encryption" + ] + }, + "aws:glue/SecurityConfigurationEncryptionConfigurationCloudwatchEncryption:SecurityConfigurationEncryptionConfigurationCloudwatchEncryption": { + "properties": { + "cloudwatchEncryptionMode": { + "type": "string", + "description": "Encryption mode to use for CloudWatch data. Valid values: `DISABLED`, `SSE-KMS`. Default value: `DISABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/SecurityConfigurationEncryptionConfigurationJobBookmarksEncryption:SecurityConfigurationEncryptionConfigurationJobBookmarksEncryption": { + "properties": { + "jobBookmarksEncryptionMode": { + "type": "string", + "description": "Encryption mode to use for job bookmarks data. Valid values: `CSE-KMS`, `DISABLED`. Default value: `DISABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/SecurityConfigurationEncryptionConfigurationS3Encryption:SecurityConfigurationEncryptionConfigurationS3Encryption": { + "properties": { + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the KMS key to be used to encrypt the data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3EncryptionMode": { + "type": "string", + "description": "Encryption mode to use for S3 data. Valid values: `DISABLED`, `SSE-KMS`, `SSE-S3`. Default value: `DISABLED`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/TriggerAction:TriggerAction": { + "properties": { + "arguments": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Arguments to be passed to the job. You can specify arguments here that your own job-execution script consumes, as well as arguments that AWS Glue itself consumes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "crawlerName": { + "type": "string", + "description": "The name of the crawler to watch. If this is specified, `crawl_state` must also be specified. Conflicts with `job_name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jobName": { + "type": "string", + "description": "The name of the job to watch. If this is specified, `state` must also be specified. Conflicts with `crawler_name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notificationProperty": { + "$ref": "#/types/aws:glue/TriggerActionNotificationProperty:TriggerActionNotificationProperty", + "description": "Specifies configuration properties of a job run notification. See Notification Property details below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityConfiguration": { + "type": "string", + "description": "The name of the Security Configuration structure to be used with this action.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "description": "The job run timeout in minutes. It overrides the timeout value of the job.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/TriggerActionNotificationProperty:TriggerActionNotificationProperty": { + "properties": { + "notifyDelayAfter": { + "type": "integer", + "description": "After a job run starts, the number of minutes to wait before sending a job run delay notification.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/TriggerPredicate:TriggerPredicate": { + "properties": { + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/TriggerPredicateCondition:TriggerPredicateCondition" + }, + "description": "A list of the conditions that determine when the trigger will fire. See Conditions.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logical": { + "type": "string", + "description": "How to handle multiple conditions. Defaults to `AND`. Valid values are `AND` or `ANY`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "conditions" + ] + }, + "aws:glue/TriggerPredicateCondition:TriggerPredicateCondition": { + "properties": { + "crawlState": { + "type": "string", + "description": "The condition crawl state. Currently, the values supported are `RUNNING`, `SUCCEEDED`, `CANCELLED`, and `FAILED`. If this is specified, `crawler_name` must also be specified. Conflicts with `state`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "crawlerName": { + "type": "string", + "description": "The name of the crawler to watch. If this is specified, `crawl_state` must also be specified. Conflicts with `job_name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jobName": { + "type": "string", + "description": "The name of the job to watch. If this is specified, `state` must also be specified. Conflicts with `crawler_name`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logicalOperator": { + "type": "string", + "description": "A logical operator. Defaults to `EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "state": { + "type": "string", + "description": "The condition job state. Currently, the values supported are `SUCCEEDED`, `STOPPED`, `TIMEOUT` and `FAILED`. If this is specified, `job_name` must also be specified. Conflicts with `crawler_state`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:glue/UserDefinedFunctionResourceUri:UserDefinedFunctionResourceUri": { + "properties": { + "resourceType": { + "type": "string", + "description": "The type of the resource. can be one of `JAR`, `FILE`, and `ARCHIVE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uri": { + "type": "string", + "description": "The URI for accessing the resource.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceType", + "uri" + ] + }, + "aws:glue/getConnectionPhysicalConnectionRequirement:getConnectionPhysicalConnectionRequirement": { + "properties": { + "availabilityZone": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupIdLists": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "availabilityZone", + "securityGroupIdLists", + "subnetId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:glue/getDataCatalogEncryptionSettingsDataCatalogEncryptionSetting:getDataCatalogEncryptionSettingsDataCatalogEncryptionSetting": { + "properties": { + "connectionPasswordEncryptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/getDataCatalogEncryptionSettingsDataCatalogEncryptionSettingConnectionPasswordEncryption:getDataCatalogEncryptionSettingsDataCatalogEncryptionSettingConnectionPasswordEncryption" + }, + "description": "When connection password protection is enabled, the Data Catalog uses a customer-provided key to encrypt the password as part of CreateConnection or UpdateConnection and store it in the ENCRYPTED_PASSWORD field in the connection properties. You can enable catalog encryption or only password encryption. see Connection Password Encryption.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encryptionAtRests": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/getDataCatalogEncryptionSettingsDataCatalogEncryptionSettingEncryptionAtRest:getDataCatalogEncryptionSettingsDataCatalogEncryptionSettingEncryptionAtRest" + }, + "description": "Specifies the encryption-at-rest configuration for the Data Catalog. see Encryption At Rest.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "connectionPasswordEncryptions", + "encryptionAtRests" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:glue/getDataCatalogEncryptionSettingsDataCatalogEncryptionSettingConnectionPasswordEncryption:getDataCatalogEncryptionSettingsDataCatalogEncryptionSettingConnectionPasswordEncryption": { + "properties": { + "awsKmsKeyId": { + "type": "string", + "description": "A KMS key ARN that is used to encrypt the connection password.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "returnConnectionPasswordEncrypted": { + "type": "boolean", + "description": "When set to `true`, passwords remain encrypted in the responses of GetConnection and GetConnections. This encryption takes effect independently of the catalog encryption.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "awsKmsKeyId", + "returnConnectionPasswordEncrypted" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:glue/getDataCatalogEncryptionSettingsDataCatalogEncryptionSettingEncryptionAtRest:getDataCatalogEncryptionSettingsDataCatalogEncryptionSettingEncryptionAtRest": { + "properties": { + "catalogEncryptionMode": { + "type": "string", + "description": "The encryption-at-rest mode for encrypting Data Catalog data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sseAwsKmsKeyId": { + "type": "string", + "description": "The ARN of the AWS KMS key to use for encryption at rest.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "catalogEncryptionMode", + "sseAwsKmsKeyId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:glue/getScriptDagEdge:getScriptDagEdge": { + "properties": { + "source": { + "type": "string", + "description": "The ID of the node at which the edge starts.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "target": { + "type": "string", + "description": "The ID of the node at which the edge ends.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetParameter": { + "type": "string", + "description": "The target of the edge.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "source", + "target" + ] + }, + "aws:glue/getScriptDagNode:getScriptDagNode": { + "properties": { + "args": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/getScriptDagNodeArg:getScriptDagNodeArg" + }, + "description": "Nested configuration an argument or property of a node. Defined below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "A node identifier that is unique within the node's graph.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lineNumber": { + "type": "integer", + "description": "The line number of the node.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "nodeType": { + "type": "string", + "description": "The type of node this is.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "args", + "id", + "nodeType" + ] + }, + "aws:glue/getScriptDagNodeArg:getScriptDagNodeArg": { + "properties": { + "name": { + "type": "string", + "description": "The name of the argument or property.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "param": { + "type": "boolean", + "description": "Boolean if the value is used as a parameter. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the argument or property.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:guardduty/DetectorDatasources:DetectorDatasources": { + "properties": { + "s3Logs": { + "$ref": "#/types/aws:guardduty/DetectorDatasourcesS3Logs:DetectorDatasourcesS3Logs", + "description": "Describes whether S3 data event logs are enabled as a data source. See S3 Logs below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "s3Logs" + ] + } + } + }, + "aws:guardduty/DetectorDatasourcesS3Logs:DetectorDatasourcesS3Logs": { + "properties": { + "enable": { + "type": "boolean", + "description": "If true, enables [S3 Protection](https://docs.aws.amazon.com/guardduty/latest/ug/s3_detection.html). Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enable" + ] + }, + "aws:guardduty/FilterFindingCriteria:FilterFindingCriteria": { + "properties": { + "criterions": { + "type": "array", + "items": { + "$ref": "#/types/aws:guardduty/FilterFindingCriteriaCriterion:FilterFindingCriteriaCriterion" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "criterions" + ] + }, + "aws:guardduty/FilterFindingCriteriaCriterion:FilterFindingCriteriaCriterion": { + "properties": { + "equals": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of string values to be evaluated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "field": { + "type": "string", + "description": "The name of the field to be evaluated. The full list of field names can be found in [AWS documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_filter-findings.html#filter_criteria).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "greaterThan": { + "type": "string", + "description": "A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "greaterThanOrEqual": { + "type": "string", + "description": "A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lessThan": { + "type": "string", + "description": "A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lessThanOrEqual": { + "type": "string", + "description": "A value to be evaluated. Accepts either an integer or a date in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notEquals": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of string values to be evaluated.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "field" + ] + }, + "aws:guardduty/OrganizationConfigurationDatasources:OrganizationConfigurationDatasources": { + "properties": { + "s3Logs": { + "$ref": "#/types/aws:guardduty/OrganizationConfigurationDatasourcesS3Logs:OrganizationConfigurationDatasourcesS3Logs", + "description": "Configuration for the builds to store logs to S3.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "s3Logs" + ] + } + } + }, + "aws:guardduty/OrganizationConfigurationDatasourcesS3Logs:OrganizationConfigurationDatasourcesS3Logs": { + "properties": { + "autoEnable": { + "type": "boolean", + "description": "When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "autoEnable" + ] + }, + "aws:iam/ManagedPolicy:ManagedPolicy": { + "type": "string", + "enum": [ + { + "name": "AWSAccountActivityAccess", + "value": "arn:aws:iam::aws:policy/AWSAccountActivityAccess" + }, + { + "name": "AWSAccountUsageReportAccess", + "value": "arn:aws:iam::aws:policy/AWSAccountUsageReportAccess" + }, + { + "name": "AWSAgentlessDiscoveryService", + "value": "arn:aws:iam::aws:policy/AWSAgentlessDiscoveryService" + }, + { + "name": "AWSApplicationDiscoveryAgentAccess", + "value": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryAgentAccess" + }, + { + "name": "AWSApplicationDiscoveryServiceFullAccess", + "value": "arn:aws:iam::aws:policy/AWSApplicationDiscoveryServiceFullAccess" + }, + { + "name": "AWSBatchFullAccess", + "value": "arn:aws:iam::aws:policy/AWSBatchFullAccess" + }, + { + "name": "AWSBatchServiceRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole" + }, + { + "name": "AWSCertificateManagerFullAccess", + "value": "arn:aws:iam::aws:policy/AWSCertificateManagerFullAccess" + }, + { + "name": "AWSCertificateManagerReadOnly", + "value": "arn:aws:iam::aws:policy/AWSCertificateManagerReadOnly" + }, + { + "name": "AWSCloudFormationReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSCloudFormationReadOnlyAccess" + }, + { + "name": "AWSCloudHSMFullAccess", + "value": "arn:aws:iam::aws:policy/AWSCloudHSMFullAccess" + }, + { + "name": "AWSCloudHSMReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSCloudHSMReadOnlyAccess" + }, + { + "name": "AWSCloudHSMRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSCloudHSMRole" + }, + { + "name": "AWSCloudTrailFullAccess", + "value": "arn:aws:iam::aws:policy/AWSCloudTrailFullAccess" + }, + { + "name": "AWSCloudTrailReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSCloudTrailReadOnlyAccess" + }, + { + "name": "AWSCodeBuildAdminAccess", + "value": "arn:aws:iam::aws:policy/AWSCodeBuildAdminAccess" + }, + { + "name": "AWSCodeBuildDeveloperAccess", + "value": "arn:aws:iam::aws:policy/AWSCodeBuildDeveloperAccess" + }, + { + "name": "AWSCodeBuildReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSCodeBuildReadOnlyAccess" + }, + { + "name": "AWSCodeCommitFullAccess", + "value": "arn:aws:iam::aws:policy/AWSCodeCommitFullAccess" + }, + { + "name": "AWSCodeCommitPowerUser", + "value": "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser" + }, + { + "name": "AWSCodeCommitReadOnly", + "value": "arn:aws:iam::aws:policy/AWSCodeCommitReadOnly" + }, + { + "name": "AWSCodeDeployDeployerAccess", + "value": "arn:aws:iam::aws:policy/AWSCodeDeployDeployerAccess" + }, + { + "name": "AWSCodeDeployFullAccess", + "value": "arn:aws:iam::aws:policy/AWSCodeDeployFullAccess" + }, + { + "name": "AWSCodeDeployReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSCodeDeployReadOnlyAccess" + }, + { + "name": "AWSCodeDeployRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole" + }, + { + "name": "AWSCodeDeployRoleForECS", + "value": "arn:aws:iam::aws:policy/AWSCodeDeployRoleForECS" + }, + { + "name": "AWSCodePipelineApproverAccess", + "value": "arn:aws:iam::aws:policy/AWSCodePipelineApproverAccess" + }, + { + "name": "AWSCodePipelineCustomActionAccess", + "value": "arn:aws:iam::aws:policy/AWSCodePipelineCustomActionAccess" + }, + { + "name": "AWSCodePipelineFullAccess", + "value": "arn:aws:iam::aws:policy/AWSCodePipelineFullAccess" + }, + { + "name": "AWSCodePipelineReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSCodePipelineReadOnlyAccess" + }, + { + "name": "AWSCodeStarFullAccess", + "value": "arn:aws:iam::aws:policy/AWSCodeStarFullAccess" + }, + { + "name": "AWSCodeStarServiceRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSCodeStarServiceRole" + }, + { + "name": "AWSConfigRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSConfigRole" + }, + { + "name": "AWSConfigRulesExecutionRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSConfigRulesExecutionRole" + }, + { + "name": "AWSConfigUserAccess", + "value": "arn:aws:iam::aws:policy/AWSConfigUserAccess" + }, + { + "name": "AWSConnector", + "value": "arn:aws:iam::aws:policy/AWSConnector" + }, + { + "name": "AWSDataPipelineRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSDataPipelineRole" + }, + { + "name": "AWSDataPipeline_FullAccess", + "value": "arn:aws:iam::aws:policy/AWSDataPipeline_FullAccess" + }, + { + "name": "AWSDataPipeline_PowerUser", + "value": "arn:aws:iam::aws:policy/AWSDataPipeline_PowerUser" + }, + { + "name": "AWSDeviceFarmFullAccess", + "value": "arn:aws:iam::aws:policy/AWSDeviceFarmFullAccess" + }, + { + "name": "AWSDirectConnectFullAccess", + "value": "arn:aws:iam::aws:policy/AWSDirectConnectFullAccess" + }, + { + "name": "AWSDirectConnectReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSDirectConnectReadOnlyAccess" + }, + { + "name": "AWSDirectoryServiceFullAccess", + "value": "arn:aws:iam::aws:policy/AWSDirectoryServiceFullAccess" + }, + { + "name": "AWSDirectoryServiceReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSDirectoryServiceReadOnlyAccess" + }, + { + "name": "AWSElasticBeanstalkCustomPlatformforEC2Role", + "value": "arn:aws:iam::aws:policy/AWSElasticBeanstalkCustomPlatformforEC2Role" + }, + { + "name": "AWSElasticBeanstalkEnhancedHealth", + "value": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkEnhancedHealth" + }, + { + "name": "AWSElasticBeanstalkFullAccess", + "value": "arn:aws:iam::aws:policy/AWSElasticBeanstalkFullAccess" + }, + { + "name": "AWSElasticBeanstalkMulticontainerDocker", + "value": "arn:aws:iam::aws:policy/AWSElasticBeanstalkMulticontainerDocker" + }, + { + "name": "AWSElasticBeanstalkReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSElasticBeanstalkReadOnlyAccess" + }, + { + "name": "AWSElasticBeanstalkService", + "value": "arn:aws:iam::aws:policy/service-role/AWSElasticBeanstalkService" + }, + { + "name": "AWSElasticBeanstalkWebTier", + "value": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWebTier" + }, + { + "name": "AWSElasticBeanstakWorkerTier", + "value": "arn:aws:iam::aws:policy/AWSElasticBeanstalkWorkerTier" + }, + { + "name": "AWSGreengrassFullccess", + "value": "arn:aws:iam::aws:policy/AWSGreengrassFullAccess" + }, + { + "name": "AWSGreengrassResourceAccessRolePolicy", + "value": "arn:aws:iam::aws:policy/service-role/AWSGreengrassResourceAccessRolePolicy" + }, + { + "name": "AWSHealthFullAccess", + "value": "arn:aws:iam::aws:policy/AWSHealthFullAccess" + }, + { + "name": "AWSImportExportFullAccess", + "value": "arn:aws:iam::aws:policy/AWSImportExportFullAccess" + }, + { + "name": "AWSImportExportReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSImportExportReadOnlyAccess" + }, + { + "name": "AWSIoTConfigAccess", + "value": "arn:aws:iam::aws:policy/AWSIoTConfigAccess" + }, + { + "name": "AWSIoTConfigReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSIoTConfigReadOnlyAccess" + }, + { + "name": "AWSIoTDataAccess", + "value": "arn:aws:iam::aws:policy/AWSIoTDataAccess" + }, + { + "name": "AWSIoTFullAccess", + "value": "arn:aws:iam::aws:policy/AWSIoTFullAccess" + }, + { + "name": "AWSIoTLogging", + "value": "arn:aws:iam::aws:policy/service-role/AWSIoTLogging" + }, + { + "name": "AWSIoTRuleActions", + "value": "arn:aws:iam::aws:policy/service-role/AWSIoTRuleActions" + }, + { + "name": "AWSKeyManagementServicePowerUser", + "value": "arn:aws:iam::aws:policy/AWSKeyManagementServicePowerUser" + }, + { + "name": "AWSLambdaBasicExecutionRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + }, + { + "name": "AWSLambdaDynamoDBExecutionRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSLambdaDynamoDBExecutionRole" + }, + { + "name": "AWSLambdaENIManagementAccess", + "value": "arn:aws:iam::aws:policy/service-role/AWSLambdaENIManagementAccess" + }, + { + "name": "AWSLambdaExecute", + "value": "arn:aws:iam::aws:policy/AWSLambdaExecute" + }, + { + "name": "AWSLambdaFullAccess", + "value": "arn:aws:iam::aws:policy/AWSLambdaFullAccess", + "deprecationMessage": "This has been deprecated in favour of `LambdaFullAccess`" + }, + { + "name": "LambdaFullAccess", + "value": "arn:aws:iam::aws:policy/AWSLambda_FullAccess" + }, + { + "name": "AWSLambdaInvocationDynamoDB", + "value": "arn:aws:iam::aws:policy/AWSLambdaInvocation-DynamoDB" + }, + { + "name": "AWSLambdaKinesisExecutionRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSLambdaKinesisExecutionRole" + }, + { + "name": "AWSLambdaReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSLambdaReadOnlyAccess", + "deprecationMessage": "This has been deprecated in favour of `LambdaReadOnlyAccess`" + }, + { + "name": "LambdaReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSLambda_ReadOnlyAccess" + }, + { + "name": "AWSLambdaRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSLambdaRole" + }, + { + "name": "AWSLambdaVPCAccessExecutionRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole" + }, + { + "name": "AWSMarketplaceFullAccess", + "value": "arn:aws:iam::aws:policy/AWSMarketplaceFullAccess" + }, + { + "name": "AWSMarketplaceGetEntitlements", + "value": "arn:aws:iam::aws:policy/AWSMarketplaceGetEntitlements" + }, + { + "name": "AWSMarketplaceManageSubscriptions", + "value": "arn:aws:iam::aws:policy/AWSMarketplaceManageSubscriptions" + }, + { + "name": "AWSMarketplaceMeteringFullAccess", + "value": "arn:aws:iam::aws:policy/AWSMarketplaceMeteringFullAccess" + }, + { + "name": "AWSMarketplaceReadonly", + "value": "arn:aws:iam::aws:policy/AWSMarketplaceRead-only" + }, + { + "name": "AWSMobileHub_FullAccess", + "value": "arn:aws:iam::aws:policy/AWSMobileHub_FullAccess" + }, + { + "name": "AWSMobileHub_ReadOnly", + "value": "arn:aws:iam::aws:policy/AWSMobileHub_ReadOnly" + }, + { + "name": "AWSMobileHub_ServiceUseOnly", + "value": "arn:aws:iam::aws:policy/service-role/AWSMobileHub_ServiceUseOnly" + }, + { + "name": "AWSOpsWorksCMInstanceProfileRole", + "value": "arn:aws:iam::aws:policy/AWSOpsWorksCMInstanceProfileRole" + }, + { + "name": "AWSOpsWorksCMServiceRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSOpsWorksCMServiceRole" + }, + { + "name": "AWSOpsWorksCloudWatchLogs", + "value": "arn:aws:iam::aws:policy/AWSOpsWorksCloudWatchLogs" + }, + { + "name": "AWSOpsWorksFullAccess", + "value": "arn:aws:iam::aws:policy/AWSOpsWorksFullAccess" + }, + { + "name": "AWSOpsWorksInstanceRegistration", + "value": "arn:aws:iam::aws:policy/AWSOpsWorksInstanceRegistration" + }, + { + "name": "AWSOpsWorksRegisterCLI", + "value": "arn:aws:iam::aws:policy/AWSOpsWorksRegisterCLI" + }, + { + "name": "AWSOpsWorksRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole" + }, + { + "name": "AWSQuickSightDescribeRD", + "value": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRDS" + }, + { + "name": "AWSQuickSightDescribeRedshift", + "value": "arn:aws:iam::aws:policy/service-role/AWSQuickSightDescribeRedshift" + }, + { + "name": "AWSQuickSightListIAM", + "value": "arn:aws:iam::aws:policy/service-role/AWSQuickSightListIAM" + }, + { + "name": "AWSQuicksightAthenaAccess", + "value": "arn:aws:iam::aws:policy/service-role/AWSQuicksightAthenaAccess" + }, + { + "name": "AWSStepFunctionsConsoleFullAccess", + "value": "arn:aws:iam::aws:policy/AWSStepFunctionsConsoleFullAccess" + }, + { + "name": "AWSStepFunctionsFullAccess", + "value": "arn:aws:iam::aws:policy/AWSStepFunctionsFullAccess" + }, + { + "name": "AWSStepFunctionsReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSStepFunctionsReadOnlyAccess" + }, + { + "name": "AWSStorageGatewayFullAccess", + "value": "arn:aws:iam::aws:policy/AWSStorageGatewayFullAccess" + }, + { + "name": "AWSStorageGatewayReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSStorageGatewayReadOnlyAccess" + }, + { + "name": "AWSSupportAccess", + "value": "arn:aws:iam::aws:policy/AWSSupportAccess" + }, + { + "name": "AWSWAFFullAccess", + "value": "arn:aws:iam::aws:policy/AWSWAFFullAccess" + }, + { + "name": "AWSWAFReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSWAFReadOnlyAccess" + }, + { + "name": "AWSXrayFullAccess", + "value": "arn:aws:iam::aws:policy/AWSXrayFullAccess" + }, + { + "name": "AWSXrayReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSXrayReadOnlyAccess" + }, + { + "name": "AWSXrayWriteOnlyAccess", + "value": "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess" + }, + { + "name": "AWSXRayDaemonWriteAccess", + "value": "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess" + }, + { + "name": "AdministratorAccess", + "value": "arn:aws:iam::aws:policy/AdministratorAccess" + }, + { + "name": "AmazonAPIGatewayAdministrator", + "value": "arn:aws:iam::aws:policy/AmazonAPIGatewayAdministrator" + }, + { + "name": "AmazonAPIGatewayInvokeFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonAPIGatewayInvokeFullAccess" + }, + { + "name": "AmazonAPIGatewayPushToCloudWatchLogs", + "value": "arn:aws:iam::aws:policy/service-role/AmazonAPIGatewayPushToCloudWatchLogs" + }, + { + "name": "AmazonAppStreamFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonAppStreamFullAccess" + }, + { + "name": "AmazonAppStreamReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonAppStreamReadOnlyAccess" + }, + { + "name": "AmazonAppStreamServiceAccess", + "value": "arn:aws:iam::aws:policy/service-role/AmazonAppStreamServiceAccess" + }, + { + "name": "AmazonAthenaFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonAthenaFullAccess" + }, + { + "name": "AmazonCloudDirectoryFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonCloudDirectoryFullAccess" + }, + { + "name": "AmazonCloudDirectoryReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonCloudDirectoryReadOnlyAccess" + }, + { + "name": "AmazonCognitoDeveloperAuthenticatedIdentities", + "value": "arn:aws:iam::aws:policy/AmazonCognitoDeveloperAuthenticatedIdentities" + }, + { + "name": "AmazonCognitoPowerUser", + "value": "arn:aws:iam::aws:policy/AmazonCognitoPowerUser" + }, + { + "name": "AmazonCognitoReadOnly", + "value": "arn:aws:iam::aws:policy/AmazonCognitoReadOnly" + }, + { + "name": "AmazonDMSCloudWatchLogsRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole" + }, + { + "name": "AmazonDMSRedshiftS3Role", + "value": "arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role" + }, + { + "name": "AmazonDMSVPCManagementRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole" + }, + { + "name": "AmazonDRSVPCManagement", + "value": "arn:aws:iam::aws:policy/AmazonDRSVPCManagement" + }, + { + "name": "AmazonDynamoDBFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess" + }, + { + "name": "AmazonDynamoDBFullAccesswithDataPipeline", + "value": "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccesswithDataPipeline" + }, + { + "name": "AmazonDynamoDBReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess" + }, + { + "name": "AmazonEC2ContainerRegistryFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryFullAccess" + }, + { + "name": "AmazonEC2ContainerRegistryPowerUser", + "value": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPowerUser" + }, + { + "name": "AmazonEC2ContainerRegistryReadOnly", + "value": "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly" + }, + { + "name": "AmazonEC2ContainerServiceAutoscaleRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceAutoscaleRole" + }, + { + "name": "AmazonEC2ContainerServiceFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonEC2ContainerServiceFullAccess" + }, + { + "name": "AmazonEC2ContainerServiceRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceRole" + }, + { + "name": "AmazonEC2ContainerServiceforEC2Role", + "value": "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role" + }, + { + "name": "EC2InstanceProfileForImageBuilder", + "value": "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilder" + }, + { + "name": "AmazonEC2FullAccess", + "value": "arn:aws:iam::aws:policy/AmazonEC2FullAccess" + }, + { + "name": "AmazonEC2ReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonEC2ReadOnlyAccess" + }, + { + "name": "AmazonEC2ReportsAccess", + "value": "arn:aws:iam::aws:policy/AmazonEC2ReportsAccess" + }, + { + "name": "AmazonEC2RoleforAWSCodeDeploy", + "value": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforAWSCodeDeploy" + }, + { + "name": "AmazonEC2RoleforDataPipelineRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforDataPipelineRole" + }, + { + "name": "AmazonEC2RoleforSSM", + "value": "arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM" + }, + { + "name": "AmazonEC2SpotFleetAutoscaleRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetAutoscaleRole" + }, + { + "name": "AmazonEC2SpotFleetRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetRole" + }, + { + "name": "AmazonEC2SpotFleetTaggingRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole" + }, + { + "name": "AmazonECSFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonECS_FullAccess" + }, + { + "name": "AmazonECSServiceRolePolicy", + "value": "arn:aws:iam::aws:policy/aws-service-role/AmazonECSServiceRolePolicy" + }, + { + "name": "AmazonECSTaskExecutionRolePolicy", + "value": "arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy" + }, + { + "name": "AmazonESFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonESFullAccess" + }, + { + "name": "AmazonESReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonESReadOnlyAccess" + }, + { + "name": "AmazonElastiCacheFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonElastiCacheFullAccess" + }, + { + "name": "AmazonElastiCacheReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonElastiCacheReadOnlyAccess" + }, + { + "name": "AmazonElasticFileSystemFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonElasticFileSystemFullAccess" + }, + { + "name": "AmazonElasticFileSystemReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonElasticFileSystemReadOnlyAccess" + }, + { + "name": "AmazonElasticMapReduceFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonElasticMapReduceFullAccess" + }, + { + "name": "AmazonElasticMapReduceReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonElasticMapReduceReadOnlyAccess" + }, + { + "name": "AmazonElasticMapReduceRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceRole" + }, + { + "name": "AmazonElasticMapReduceforAutoScalingRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforAutoScalingRole" + }, + { + "name": "AmazonElasticMapReduceforEC2Role", + "value": "arn:aws:iam::aws:policy/service-role/AmazonElasticMapReduceforEC2Role" + }, + { + "name": "AmazonElasticTranscoderFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonElasticTranscoderFullAccess" + }, + { + "name": "AmazonElasticTranscoderJobsSubmitter", + "value": "arn:aws:iam::aws:policy/AmazonElasticTranscoderJobsSubmitter" + }, + { + "name": "AmazonElasticTranscoderReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonElasticTranscoderReadOnlyAccess" + }, + { + "name": "AmazonElasticTranscoderRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonElasticTranscoderRole" + }, + { + "name": "AmazonGlacierFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonGlacierFullAccess" + }, + { + "name": "AmazonGlacierReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonGlacierReadOnlyAccess" + }, + { + "name": "AmazonInspectorFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonInspectorFullAccess" + }, + { + "name": "AmazonInspectorReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonInspectorReadOnlyAccess" + }, + { + "name": "AmazonKinesisAnalyticsFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsFullAccess" + }, + { + "name": "AmazonKinesisAnalyticsReadOnly", + "value": "arn:aws:iam::aws:policy/AmazonKinesisAnalyticsReadOnly" + }, + { + "name": "AmazonKinesisFirehoseFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseFullAccess" + }, + { + "name": "AmazonKinesisFirehoseReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonKinesisFirehoseReadOnlyAccess" + }, + { + "name": "AmazonKinesisFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonKinesisFullAccess" + }, + { + "name": "AmazonKinesisReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonKinesisReadOnlyAccess" + }, + { + "name": "AmazonLexFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonLexFullAccess" + }, + { + "name": "AmazonLexReadOnly", + "value": "arn:aws:iam::aws:policy/AmazonLexReadOnly" + }, + { + "name": "AmazonLexRunBotsOnly", + "value": "arn:aws:iam::aws:policy/AmazonLexRunBotsOnly" + }, + { + "name": "AmazonMachineLearningBatchPredictionsAccess", + "value": "arn:aws:iam::aws:policy/AmazonMachineLearningBatchPredictionsAccess" + }, + { + "name": "AmazonMachineLearningCreateOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonMachineLearningCreateOnlyAccess" + }, + { + "name": "AmazonMachineLearningFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonMachineLearningFullAccess" + }, + { + "name": "AmazonMachineLearningManageRealTimeEndpointOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonMachineLearningManageRealTimeEndpointOnlyAccess" + }, + { + "name": "AmazonMachineLearningReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonMachineLearningReadOnlyAccess" + }, + { + "name": "AmazonMachineLearningRealTimePredictionOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonMachineLearningRealTimePredictionOnlyAccess" + }, + { + "name": "AmazonMachineLearningRoleforRedshiftDataSource", + "value": "arn:aws:iam::aws:policy/service-role/AmazonMachineLearningRoleforRedshiftDataSource" + }, + { + "name": "AmazonMechanicalTurkFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonMechanicalTurkFullAccess" + }, + { + "name": "AmazonMechanicalTurkReadOnly", + "value": "arn:aws:iam::aws:policy/AmazonMechanicalTurkReadOnly" + }, + { + "name": "AmazonMobileAnalyticsFinancialReportAccess", + "value": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFinancialReportAccess" + }, + { + "name": "AmazonMobileAnalyticsFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsFullAccess" + }, + { + "name": "AmazonMobileAnalyticsNonfinancialReportAccess", + "value": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsNon-financialReportAccess" + }, + { + "name": "AmazonMobileAnalyticsWriteOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonMobileAnalyticsWriteOnlyAccess" + }, + { + "name": "AmazonPollyFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonPollyFullAccess" + }, + { + "name": "AmazonPollyReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonPollyReadOnlyAccess" + }, + { + "name": "AmazonRDSDirectoryServiceAccess", + "value": "arn:aws:iam::aws:policy/service-role/AmazonRDSDirectoryServiceAccess" + }, + { + "name": "AmazonRDSEnhancedMonitoringRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonRDSEnhancedMonitoringRole" + }, + { + "name": "AmazonRDSDataFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonRDSDataFullAccess" + }, + { + "name": "AmazonRDSFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonRDSFullAccess" + }, + { + "name": "AmazonRDSReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonRDSReadOnlyAccess" + }, + { + "name": "AmazonRedshiftFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonRedshiftFullAccess" + }, + { + "name": "AmazonRedshiftReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonRedshiftReadOnlyAccess" + }, + { + "name": "AmazonRekognitionFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonRekognitionFullAccess" + }, + { + "name": "AmazonRekognitionReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonRekognitionReadOnlyAccess" + }, + { + "name": "AmazonRoute53DomainsFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonRoute53DomainsFullAccess" + }, + { + "name": "AmazonRoute53DomainsReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonRoute53DomainsReadOnlyAccess" + }, + { + "name": "AmazonRoute53FullAccess", + "value": "arn:aws:iam::aws:policy/AmazonRoute53FullAccess" + }, + { + "name": "AmazonRoute53ReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonRoute53ReadOnlyAccess" + }, + { + "name": "AmazonS3FullAccess", + "value": "arn:aws:iam::aws:policy/AmazonS3FullAccess" + }, + { + "name": "AmazonS3ReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess" + }, + { + "name": "AmazonSESFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonSESFullAccess" + }, + { + "name": "AmazonSESReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonSESReadOnlyAccess" + }, + { + "name": "AmazonSNSFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonSNSFullAccess" + }, + { + "name": "AmazonSNSReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonSNSReadOnlyAccess" + }, + { + "name": "AmazonSNSRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonSNSRole" + }, + { + "name": "AmazonSQSFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonSQSFullAccess" + }, + { + "name": "AmazonSQSReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonSQSReadOnlyAccess" + }, + { + "name": "AWSLambdaSQSQueueExecutionRole", + "value": "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole" + }, + { + "name": "AmazonSSMAutomationApproverAccess", + "value": "arn:aws:iam::aws:policy/AmazonSSMAutomationApproverAccess" + }, + { + "name": "AmazonSSMAutomationRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonSSMAutomationRole" + }, + { + "name": "AmazonSSMDirectoryServiceAccess", + "value": "arn:aws:iam::aws:policy/AmazonSSMDirectoryServiceAccess" + }, + { + "name": "AmazonSSMFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonSSMFullAccess" + }, + { + "name": "AmazonSSMMaintenanceWindowRole", + "value": "arn:aws:iam::aws:policy/service-role/AmazonSSMMaintenanceWindowRole" + }, + { + "name": "AmazonSSMPatchAssociation", + "value": "arn:aws:iam::aws:policy/AmazonSSMPatchAssociation" + }, + { + "name": "AmazonSSMReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess" + }, + { + "name": "AmazonSSMManagedInstanceCore", + "value": "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" + }, + { + "name": "AmazonVPCFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonVPCFullAccess" + }, + { + "name": "AmazonVPCReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonVPCReadOnlyAccess" + }, + { + "name": "AmazonWorkMailFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonWorkMailFullAccess" + }, + { + "name": "AmazonWorkMailReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonWorkMailReadOnlyAccess" + }, + { + "name": "AmazonWorkSpacesAdmin", + "value": "arn:aws:iam::aws:policy/AmazonWorkSpacesAdmin" + }, + { + "name": "AmazonWorkSpacesApplicationManagerAdminAccess", + "value": "arn:aws:iam::aws:policy/AmazonWorkSpacesApplicationManagerAdminAccess" + }, + { + "name": "AmazonZocaloFullAccess", + "value": "arn:aws:iam::aws:policy/AmazonZocaloFullAccess" + }, + { + "name": "AmazonZocaloReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AmazonZocaloReadOnlyAccess" + }, + { + "name": "ApplicationAutoScalingForAmazonAppStreamAccess", + "value": "arn:aws:iam::aws:policy/service-role/ApplicationAutoScalingForAmazonAppStreamAccess" + }, + { + "name": "AutoScalingConsoleFullAccess", + "value": "arn:aws:iam::aws:policy/AutoScalingConsoleFullAccess" + }, + { + "name": "AutoScalingConsoleReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AutoScalingConsoleReadOnlyAccess" + }, + { + "name": "AutoScalingFullAccess", + "value": "arn:aws:iam::aws:policy/AutoScalingFullAccess" + }, + { + "name": "AutoScalingNotificationAccessRole", + "value": "arn:aws:iam::aws:policy/service-role/AutoScalingNotificationAccessRole" + }, + { + "name": "AutoScalingReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/AutoScalingReadOnlyAccess" + }, + { + "name": "Billing", + "value": "arn:aws:iam::aws:policy/job-function/Billing" + }, + { + "name": "CloudFrontFullAccess", + "value": "arn:aws:iam::aws:policy/CloudFrontFullAccess" + }, + { + "name": "CloudFrontReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/CloudFrontReadOnlyAccess" + }, + { + "name": "CloudSearchFullAccess", + "value": "arn:aws:iam::aws:policy/CloudSearchFullAccess" + }, + { + "name": "CloudSearchReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/CloudSearchReadOnlyAccess" + }, + { + "name": "CloudWatchActionsEC2Access", + "value": "arn:aws:iam::aws:policy/CloudWatchActionsEC2Access" + }, + { + "name": "CloudWatchEventsBuiltInTargetExecutionAccess", + "value": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsBuiltInTargetExecutionAccess" + }, + { + "name": "CloudWatchEventsFullAccess", + "value": "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess" + }, + { + "name": "CloudWatchEventsInvocationAccess", + "value": "arn:aws:iam::aws:policy/service-role/CloudWatchEventsInvocationAccess" + }, + { + "name": "CloudWatchEventsReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/CloudWatchEventsReadOnlyAccess" + }, + { + "name": "CloudWatchFullAccess", + "value": "arn:aws:iam::aws:policy/CloudWatchFullAccess" + }, + { + "name": "CloudWatchLogsFullAccess", + "value": "arn:aws:iam::aws:policy/CloudWatchLogsFullAccess" + }, + { + "name": "CloudWatchLogsReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/CloudWatchLogsReadOnlyAccess" + }, + { + "name": "CloudWatchReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess" + }, + { + "name": "DataScientist", + "value": "arn:aws:iam::aws:policy/job-function/DataScientist" + }, + { + "name": "DatabaseAdministrator", + "value": "arn:aws:iam::aws:policy/job-function/DatabaseAdministrator" + }, + { + "name": "IAMFullAccess", + "value": "arn:aws:iam::aws:policy/IAMFullAccess" + }, + { + "name": "IAMReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/IAMReadOnlyAccess" + }, + { + "name": "IAMSelfManageServiceSpecificCredentials", + "value": "arn:aws:iam::aws:policy/IAMSelfManageServiceSpecificCredentials" + }, + { + "name": "IAMUserChangePassword", + "value": "arn:aws:iam::aws:policy/IAMUserChangePassword" + }, + { + "name": "IAMUserSSHKeys", + "value": "arn:aws:iam::aws:policy/IAMUserSSHKeys" + }, + { + "name": "NetworkAdministrator", + "value": "arn:aws:iam::aws:policy/job-function/NetworkAdministrator" + }, + { + "name": "PowerUserAccess", + "value": "arn:aws:iam::aws:policy/PowerUserAccess" + }, + { + "name": "RDSCloudHsmAuthorizationRole", + "value": "arn:aws:iam::aws:policy/service-role/RDSCloudHsmAuthorizationRole" + }, + { + "name": "ReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/ReadOnlyAccess" + }, + { + "name": "ResourceGroupsandTagEditorFullAccess", + "value": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorFullAccess" + }, + { + "name": "ResourceGroupsandTagEditorReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/ResourceGroupsandTagEditorReadOnlyAccess" + }, + { + "name": "SecurityAudit", + "value": "arn:aws:iam::aws:policy/SecurityAudit" + }, + { + "name": "ServerMigrationConnector", + "value": "arn:aws:iam::aws:policy/ServerMigrationConnector" + }, + { + "name": "ServerMigrationServiceRole", + "value": "arn:aws:iam::aws:policy/service-role/ServerMigrationServiceRole" + }, + { + "name": "ServiceCatalogAdminFullAccess", + "value": "arn:aws:iam::aws:policy/ServiceCatalogAdminFullAccess" + }, + { + "name": "ServiceCatalogAdminReadOnlyAccess", + "value": "arn:aws:iam::aws:policy/ServiceCatalogAdminReadOnlyAccess" + }, + { + "name": "ServiceCatalogEndUserAccess", + "value": "arn:aws:iam::aws:policy/ServiceCatalogEndUserAccess" + }, + { + "name": "ServiceCatalogEndUserFullAccess", + "value": "arn:aws:iam::aws:policy/ServiceCatalogEndUserFullAccess" + }, + { + "name": "SimpleWorkflowFullAccess", + "value": "arn:aws:iam::aws:policy/SimpleWorkflowFullAccess" + }, + { + "name": "SupportUser", + "value": "arn:aws:iam::aws:policy/job-function/SupportUser" + }, + { + "name": "SystemAdministrator", + "value": "arn:aws:iam::aws:policy/job-function/SystemAdministrator" + }, + { + "name": "VMImportExportRoleForAWSConnector", + "value": "arn:aws:iam::aws:policy/service-role/VMImportExportRoleForAWSConnector" + }, + { + "name": "ViewOnlyAccess", + "value": "arn:aws:iam::aws:policy/job-function/ViewOnlyAccess" + } + ] + }, + "aws:iam/RoleInlinePolicy:RoleInlinePolicy": { + "properties": { + "name": { + "type": "string", + "description": "Name of the role policy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "policy": { + "type": "string", + "description": "Policy document as a JSON formatted string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:iam/getGroupUser:getGroupUser": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the iam user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The path to the iam user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userId": { + "type": "string", + "description": "The stable and unique string identifying the iam user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userName": { + "type": "string", + "description": "The name of the iam user.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "path", + "userId", + "userName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:iam/getPolicyDocumentStatement:getPolicyDocumentStatement": { + "properties": { + "actions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of actions that this statement either allows or denies. For example, `[\"ec2:RunInstances\", \"s3:*\"]`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:iam/getPolicyDocumentStatementCondition:getPolicyDocumentStatementCondition" + }, + "description": "Configuration block for a condition. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "effect": { + "type": "string", + "description": "Whether this statement allows or denies the given actions. Valid values are `Allow` and `Deny`. Defaults to `Allow`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of actions that this statement does *not* apply to. Use to apply a policy statement to all actions *except* those listed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notPrincipals": { + "type": "array", + "items": { + "$ref": "#/types/aws:iam/getPolicyDocumentStatementNotPrincipal:getPolicyDocumentStatementNotPrincipal" + }, + "description": "Like `principals` except these are principals that the statement does *not* apply to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notResources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of resource ARNs that this statement does *not* apply to. Use to apply a policy statement to all resources *except* those listed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "principals": { + "type": "array", + "items": { + "$ref": "#/types/aws:iam/getPolicyDocumentStatementPrincipal:getPolicyDocumentStatementPrincipal" + }, + "description": "Configuration block for principals. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of resource ARNs that this statement applies to. This is required by AWS if used for an IAM policy.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sid": { + "type": "string", + "description": "Sid (statement ID) is an identifier for a policy statement.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:iam/getPolicyDocumentStatementCondition:getPolicyDocumentStatementCondition": { + "properties": { + "test": { + "type": "string", + "description": "Name of the [IAM condition operator](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition_operators.html) to evaluate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Values to evaluate the condition against. If multiple values are provided, the condition matches if at least one of them applies. That is, AWS evaluates multiple values as though using an \"OR\" boolean operation.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "variable": { + "type": "string", + "description": "Name of a [Context Variable](http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html#AvailableKeys) to apply the condition to. Context variables may either be standard AWS variables starting with `aws:` or service-specific variables prefixed with the service name.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "test", + "values", + "variable" + ] + }, + "aws:iam/getPolicyDocumentStatementNotPrincipal:getPolicyDocumentStatementNotPrincipal": { + "properties": { + "identifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of identifiers for principals. When `type` is `AWS`, these are IAM principal ARNs, e.g. `arn:aws:iam::12345678901:role/yak-role`. When `type` is `Service`, these are AWS Service roles, e.g. `lambda.amazonaws.com`. When `type` is `Federated`, these are web identity users or SAML provider ARNs, e.g. `accounts.google.com` or `arn:aws:iam::12345678901:saml-provider/yak-saml-provider`. When `type` is `CanonicalUser`, these are [canonical user IDs](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId), e.g. `79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of principal. Valid values include `AWS`, `Service`, `Federated`, `CanonicalUser` and `*`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "identifiers", + "type" + ] + }, + "aws:iam/getPolicyDocumentStatementPrincipal:getPolicyDocumentStatementPrincipal": { + "properties": { + "identifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of identifiers for principals. When `type` is `AWS`, these are IAM principal ARNs, e.g. `arn:aws:iam::12345678901:role/yak-role`. When `type` is `Service`, these are AWS Service roles, e.g. `lambda.amazonaws.com`. When `type` is `Federated`, these are web identity users or SAML provider ARNs, e.g. `accounts.google.com` or `arn:aws:iam::12345678901:saml-provider/yak-saml-provider`. When `type` is `CanonicalUser`, these are [canonical user IDs](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html#FindingCanonicalId), e.g. `79a59df900b949e55d96a1e698fbacedfd6e09d98eacf8f8d5218e7cd47ef2be`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of principal. Valid values include `AWS`, `Service`, `Federated`, `CanonicalUser` and `*`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "identifiers", + "type" + ] + }, + "aws:identitystore/getGroupFilter:getGroupFilter": { + "properties": { + "attributePath": { + "type": "string", + "description": "The attribute path that is used to specify which attribute name to search. Currently, `DisplayName` is the only valid attribute path.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "attributeValue": { + "type": "string", + "description": "The value for an attribute.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "attributePath", + "attributeValue" + ] + }, + "aws:identitystore/getUserFilter:getUserFilter": { + "properties": { + "attributePath": { + "type": "string", + "description": "The attribute path that is used to specify which attribute name to search. Currently, `UserName` is the only valid attribute path.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "attributeValue": { + "type": "string", + "description": "The value for an attribute.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "attributePath", + "attributeValue" + ] + }, + "aws:imagebuilder/DistributionConfigurationDistribution:DistributionConfigurationDistribution": { + "properties": { + "amiDistributionConfiguration": { + "$ref": "#/types/aws:imagebuilder/DistributionConfigurationDistributionAmiDistributionConfiguration:DistributionConfigurationDistributionAmiDistributionConfiguration", + "description": "Configuration block with Amazon Machine Image (AMI) distribution settings. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "licenseConfigurationArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Amazon Resource Names (ARNs) of License Manager License Configurations.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "AWS Region for the distribution.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "region" + ] + }, + "aws:imagebuilder/DistributionConfigurationDistributionAmiDistributionConfiguration:DistributionConfigurationDistributionAmiDistributionConfiguration": { + "properties": { + "amiTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags to apply to the distributed AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description to apply to the distributed AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Key Management Service (KMS) Key to encrypt the distributed AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchPermission": { + "$ref": "#/types/aws:imagebuilder/DistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermission:DistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermission", + "description": "Configuration block of EC2 launch permissions to apply to the distributed AMI. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name to apply to the distributed AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetAccountIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of AWS Account identifiers to distribute the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:imagebuilder/DistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermission:DistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermission": { + "properties": { + "userGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 launch permission user groups to assign. Use `all` to distribute a public AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of AWS Account identifiers to assign.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:imagebuilder/ImageImageTestsConfiguration:ImageImageTestsConfiguration": { + "properties": { + "imageTestsEnabled": { + "type": "boolean", + "description": "Whether image tests are enabled. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutMinutes": { + "type": "integer", + "description": "Number of minutes before image tests time out. Valid values are between `60` and `1440`. Defaults to `720`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:imagebuilder/ImageOutputResource:ImageOutputResource": { + "properties": { + "amis": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/ImageOutputResourceAmi:ImageOutputResourceAmi" + }, + "description": "Set of objects with each Amazon Machine Image (AMI) created.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "amis" + ] + } + } + }, + "aws:imagebuilder/ImageOutputResourceAmi:ImageOutputResourceAmi": { + "properties": { + "accountId": { + "type": "string", + "description": "Account identifier of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "image": { + "type": "string", + "description": "Identifier of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "Region of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "accountId", + "description", + "image", + "name", + "region" + ] + } + } + }, + "aws:imagebuilder/ImagePipelineImageTestsConfiguration:ImagePipelineImageTestsConfiguration": { + "properties": { + "imageTestsEnabled": { + "type": "boolean", + "description": "Whether image tests are enabled. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutMinutes": { + "type": "integer", + "description": "Number of minutes before image tests time out. Valid values are between `60` and `1440`. Defaults to `720`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:imagebuilder/ImagePipelineSchedule:ImagePipelineSchedule": { + "properties": { + "pipelineExecutionStartCondition": { + "type": "string", + "description": "Condition when the pipeline should trigger a new image build. Valid values are `EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE` and `EXPRESSION_MATCH_ONLY`. Defaults to `EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scheduleExpression": { + "type": "string", + "description": "Cron expression of how often the pipeline start condition is evaluated. For example, `cron(0 0 * * ? *)` is evaluated every day at midnight UTC. Configurations using the five field syntax that was previously accepted by the API, such as `cron(0 0 * * *)`, must be updated to the six field syntax. For more information, see the [Image Builder User Guide](https://docs.aws.amazon.com/imagebuilder/latest/userguide/cron-expressions.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "scheduleExpression" + ] + }, + "aws:imagebuilder/ImageRecipeBlockDeviceMapping:ImageRecipeBlockDeviceMapping": { + "properties": { + "deviceName": { + "type": "string", + "description": "Name of the device. For example, `/dev/sda` or `/dev/xvdb`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebs": { + "$ref": "#/types/aws:imagebuilder/ImageRecipeBlockDeviceMappingEbs:ImageRecipeBlockDeviceMappingEbs", + "description": "Configuration block with Elastic Block Storage (EBS) block device mapping settings. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "boolean", + "description": "Set to `true` to remove a mapping from the parent image.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "Virtual device name. For example, `ephemeral0`. Instance store volumes are numbered starting from 0.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:imagebuilder/ImageRecipeBlockDeviceMappingEbs:ImageRecipeBlockDeviceMappingEbs": { + "properties": { + "deleteOnTermination": { + "type": "string", + "description": "Whether to delete the volume on termination. Defaults to unset, which is the value inherited from the parent image.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "string", + "description": "Whether to encrypt the volume. Defaults to unset, which is the value inherited from the parent image.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "Number of Input/Output (I/O) operations per second to provision for an `io1` or `io2` volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Key Management Service (KMS) Key for encryption.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "description": "Identifier of the EC2 Volume Snapshot.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "Size of the volume, in GiB.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "Type of the volume. For example, `gp2` or `io2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:imagebuilder/ImageRecipeComponent:ImageRecipeComponent": { + "properties": { + "componentArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Component to associate.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "componentArn" + ] + }, + "aws:imagebuilder/InfrastructureConfigurationLogging:InfrastructureConfigurationLogging": { + "properties": { + "s3Logs": { + "$ref": "#/types/aws:imagebuilder/InfrastructureConfigurationLoggingS3Logs:InfrastructureConfigurationLoggingS3Logs", + "description": "Configuration block with S3 logging settings. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3Logs" + ] + }, + "aws:imagebuilder/InfrastructureConfigurationLoggingS3Logs:InfrastructureConfigurationLoggingS3Logs": { + "properties": { + "s3BucketName": { + "type": "string", + "description": "Name of the S3 Bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3KeyPrefix": { + "type": "string", + "description": "Prefix to use for S3 logs. Defaults to `/`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3BucketName" + ] + }, + "aws:imagebuilder/getDistributionConfigurationDistribution:getDistributionConfigurationDistribution": { + "properties": { + "amiDistributionConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getDistributionConfigurationDistributionAmiDistributionConfiguration:getDistributionConfigurationDistributionAmiDistributionConfiguration" + }, + "description": "Nested list of AMI distribution configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "licenseConfigurationArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Amazon Resource Names (ARNs) of License Manager License Configurations.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "AWS Region of distribution.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "amiDistributionConfigurations", + "licenseConfigurationArns", + "region" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getDistributionConfigurationDistributionAmiDistributionConfiguration:getDistributionConfigurationDistributionAmiDistributionConfiguration": { + "properties": { + "amiTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags to apply to distributed AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description to apply to distributed AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Key Management Service (KMS) Key to encrypt AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "launchPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getDistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermission:getDistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermission" + }, + "description": "Nested list of EC2 launch permissions.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the distribution configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetAccountIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of target AWS Account identifiers.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "amiTags", + "description", + "kmsKeyId", + "launchPermissions", + "name", + "targetAccountIds" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getDistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermission:getDistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermission": { + "properties": { + "userGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 launch permission user groups.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of AWS Account identifiers.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "userGroups", + "userIds" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getImageImageTestsConfiguration:getImageImageTestsConfiguration": { + "properties": { + "imageTestsEnabled": { + "type": "boolean", + "description": "Whether image tests are enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutMinutes": { + "type": "integer", + "description": "Number of minutes before image tests time out.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "imageTestsEnabled", + "timeoutMinutes" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getImageOutputResource:getImageOutputResource": { + "properties": { + "amis": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getImageOutputResourceAmi:getImageOutputResourceAmi" + }, + "description": "Set of objects with each Amazon Machine Image (AMI) created.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "amis" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getImageOutputResourceAmi:getImageOutputResourceAmi": { + "properties": { + "accountId": { + "type": "string", + "description": "Account identifier of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "image": { + "type": "string", + "description": "Identifier of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "Region of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "accountId", + "description", + "image", + "name", + "region" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getImagePipelineImageTestsConfiguration:getImagePipelineImageTestsConfiguration": { + "properties": { + "imageTestsEnabled": { + "type": "boolean", + "description": "Whether image tests are enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutMinutes": { + "type": "integer", + "description": "Number of minutes before image tests time out.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "imageTestsEnabled", + "timeoutMinutes" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getImagePipelineSchedule:getImagePipelineSchedule": { + "properties": { + "pipelineExecutionStartCondition": { + "type": "string", + "description": "Condition when the pipeline should trigger a new image build.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scheduleExpression": { + "type": "string", + "description": "Cron expression of how often the pipeline start condition is evaluated.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "pipelineExecutionStartCondition", + "scheduleExpression" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getImageRecipeBlockDeviceMapping:getImageRecipeBlockDeviceMapping": { + "properties": { + "deviceName": { + "type": "string", + "description": "Name of the device. For example, `/dev/sda` or `/dev/xvdb`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebs": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getImageRecipeBlockDeviceMappingEb:getImageRecipeBlockDeviceMappingEb" + }, + "description": "Single list of object with Elastic Block Storage (EBS) block device mapping settings.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "string", + "description": "Whether to remove a mapping from the parent image.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "Virtual device name. For example, `ephemeral0`. Instance store volumes are numbered starting from 0.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName", + "ebs", + "noDevice", + "virtualName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getImageRecipeBlockDeviceMappingEb:getImageRecipeBlockDeviceMappingEb": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "description": "Whether to delete the volume on termination. Defaults to unset, which is the value inherited from the parent image.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encrypted": { + "type": "boolean", + "description": "Whether to encrypt the volume. Defaults to unset, which is the value inherited from the parent image.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "Number of Input/Output (I/O) operations per second to provision for an `io1` or `io2` volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Key Management Service (KMS) Key for encryption.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "description": "Identifier of the EC2 Volume Snapshot.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "description": "Size of the volume, in GiB.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "description": "Type of the volume. For example, `gp2` or `io2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deleteOnTermination", + "encrypted", + "iops", + "kmsKeyId", + "snapshotId", + "volumeSize", + "volumeType" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getImageRecipeComponent:getImageRecipeComponent": { + "properties": { + "componentArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Component.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "componentArn" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getInfrastructureConfigurationLogging:getInfrastructureConfigurationLogging": { + "properties": { + "s3Logs": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getInfrastructureConfigurationLoggingS3Log:getInfrastructureConfigurationLoggingS3Log" + }, + "description": "Nested list of S3 logs settings.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3Logs" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:imagebuilder/getInfrastructureConfigurationLoggingS3Log:getInfrastructureConfigurationLoggingS3Log": { + "properties": { + "s3BucketName": { + "type": "string", + "description": "Name of the S3 Bucket for logging.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3KeyPrefix": { + "type": "string", + "description": "Key prefix for S3 Bucket logging.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3BucketName", + "s3KeyPrefix" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:index/ProviderAssumeRole:ProviderAssumeRole": { + "properties": { + "durationSeconds": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "externalId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "policy": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "policyArns": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "transitiveTagKeys": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:index/ProviderDefaultTags:ProviderDefaultTags": { + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:index/ProviderEndpoint:ProviderEndpoint": { + "properties": { + "accessanalyzer": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "acm": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "acmpca": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "amplify": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "apigateway": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "appconfig": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "applicationautoscaling": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "applicationinsights": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "appmesh": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "apprunner": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "appstream": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "appsync": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "athena": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "auditmanager": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "autoscaling": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "autoscalingplans": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "backup": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "batch": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "budgets": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "chime": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloud9": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudformation": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudfront": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudhsm": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudsearch": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudtrail": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatch": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchevents": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchlogs": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "codeartifact": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "codebuild": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "codecommit": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "codedeploy": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "codepipeline": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "codestarconnections": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cognitoidentity": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cognitoidp": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "configservice": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "connect": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "cur": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "dataexchange": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "datapipeline": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "datasync": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "dax": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "detective": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "devicefarm": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "directconnect": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "dlm": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "dms": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "docdb": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ds": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "dynamodb": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ec2": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ecr": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ecrpublic": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ecs": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "efs": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "eks": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "elasticache": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "elasticbeanstalk": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "elastictranscoder": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "elb": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "emr": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "emrcontainers": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "es": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "firehose": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "fms": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "forecast": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "fsx": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "gamelift": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "glacier": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "globalaccelerator": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "glue": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "greengrass": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "guardduty": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "iam": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "identitystore": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "imagebuilder": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "inspector": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "iot": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "iotanalytics": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "iotevents": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "kafka": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesis": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisanalytics": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisanalyticsv2": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisvideo": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "kms": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "lakeformation": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambda": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "lexmodels": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "licensemanager": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "lightsail": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "location": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "macie": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "macie2": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "managedblockchain": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "marketplacecatalog": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "mediaconnect": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "mediaconvert": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "medialive": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "mediapackage": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "mediastore": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "mediastoredata": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "mq": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "mwaa": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "neptune": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkfirewall": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkmanager": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "opsworks": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "organizations": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "outposts": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "personalize": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "pinpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "pricing": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "qldb": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "quicksight": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ram": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "rds": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "redshift": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourcegroups": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourcegroupstaggingapi": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "route53": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "route53domains": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "route53recoverycontrolconfig": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "route53recoveryreadiness": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "route53resolver": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3control": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3outposts": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sagemaker": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "schemas": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sdb": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "secretsmanager": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityhub": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "serverlessrepo": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "servicecatalog": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "servicediscovery": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "servicequotas": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ses": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "shield": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "signer": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sns": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqs": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ssm": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ssoadmin": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "stepfunctions": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "storagegateway": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sts": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "swf": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "synthetics": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "timestreamwrite": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "transfer": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "waf": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "wafregional": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "wafv2": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "worklink": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "workmail": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "workspaces": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "xray": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:index/ProviderIgnoreTags:ProviderIgnoreTags": { + "properties": { + "keyPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "keys": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:index/Region:Region": { + "description": "A Region represents any valid Amazon region that may be targeted with deployments.", + "type": "string", + "enum": [ + { + "name": "AFSouth1", + "value": "af-south-1" + }, + { + "name": "APEast1", + "value": "ap-east-1" + }, + { + "name": "APNortheast1", + "value": "ap-northeast-1" + }, + { + "name": "APNortheast2", + "value": "ap-northeast-2" + }, + { + "name": "APSouth1", + "value": "ap-south-1" + }, + { + "name": "APSoutheast2", + "value": "ap-southeast-2" + }, + { + "name": "APSoutheast1", + "value": "ap-southeast-1" + }, + { + "name": "CACentral", + "value": "ca-central-1" + }, + { + "name": "CNNorth1", + "value": "cn-north-1" + }, + { + "name": "CNNorthwest1", + "value": "cn-northwest-1" + }, + { + "name": "EUCentral1", + "value": "eu-central-1" + }, + { + "name": "EUNorth1", + "value": "eu-north-1" + }, + { + "name": "EUWest1", + "value": "eu-west-1" + }, + { + "name": "EUWest2", + "value": "eu-west-2" + }, + { + "name": "EUWest3", + "value": "eu-west-3" + }, + { + "name": "EUSouth1", + "value": "eu-south-1" + }, + { + "name": "MESouth1", + "value": "me-south-1" + }, + { + "name": "SAEast1", + "value": "sa-east-1" + }, + { + "name": "USGovEast1", + "value": "us-gov-east-1" + }, + { + "name": "USGovWest1", + "value": "us-gov-west-1" + }, + { + "name": "USEast1", + "value": "us-east-1" + }, + { + "name": "USEast2", + "value": "us-east-2" + }, + { + "name": "USWest1", + "value": "us-west-1" + }, + { + "name": "USWest2", + "value": "us-west-2" + } + ] + }, + "aws:index/getAmiBlockDeviceMapping:getAmiBlockDeviceMapping": { + "properties": { + "deviceName": { + "type": "string", + "description": "The physical name of the device.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebs": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map containing EBS information, if the device is EBS based. Unlike most object attributes, these are accessed directly (e.g. `ebs.volume_size` or `ebs[\"volume_size\"]`) rather than accessed through the first element of a list (e.g. `ebs[0].volume_size`).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noDevice": { + "type": "string", + "description": "Suppresses the specified device included in the block device mapping of the AMI.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "description": "The virtual device name (for instance stores).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName", + "ebs", + "noDevice", + "virtualName" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:index/getAmiFilter:getAmiFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the AMI that was provided during image creation.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:index/getAmiIdsFilter:getAmiIdsFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:index/getAmiProductCode:getAmiProductCode": { + "properties": { + "productCodeId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "productCodeType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "productCodeId", + "productCodeType" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:index/getAutoscalingGroupsFilter:getAutoscalingGroupsFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter. The valid values are: `auto-scaling-group`, `key`, `value`, and `propagate-at-launch`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The value of the filter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:index/getAvailabilityZoneFilter:getAvailabilityZoneFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:index/getAvailabilityZonesFilter:getAvailabilityZonesFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:index/getElasticIpFilter:getElasticIpFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:index/getPrefixListFilter:getPrefixListFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribePrefixLists API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePrefixLists.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:index/getRegionsFilter:getRegionsFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [describe-regions AWS CLI Reference][1].\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of values that are accepted for the given filter field. Results will be selected if any given value matches.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:iot/ThingTypeProperties:ThingTypeProperties": { + "properties": { + "description": { + "type": "string", + "description": "The description of the thing type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchableAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of searchable thing attribute names.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "searchableAttributes" + ] + } + } + }, + "aws:iot/TopicRuleCloudwatchAlarm:TopicRuleCloudwatchAlarm": { + "properties": { + "alarmName": { + "type": "string", + "description": "The CloudWatch alarm name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that allows access to the CloudWatch alarm.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stateReason": { + "type": "string", + "description": "The reason for the alarm change.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stateValue": { + "type": "string", + "description": "The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "alarmName", + "roleArn", + "stateReason", + "stateValue" + ] + }, + "aws:iot/TopicRuleCloudwatchMetric:TopicRuleCloudwatchMetric": { + "properties": { + "metricName": { + "type": "string", + "description": "The CloudWatch metric name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricNamespace": { + "type": "string", + "description": "The CloudWatch metric namespace name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricTimestamp": { + "type": "string", + "description": "An optional Unix timestamp (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#about_timestamp).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricUnit": { + "type": "string", + "description": "The metric unit (supported units can be found here: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Unit)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricValue": { + "type": "string", + "description": "The CloudWatch metric value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that allows access to the CloudWatch metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "metricName", + "metricNamespace", + "metricUnit", + "metricValue", + "roleArn" + ] + }, + "aws:iot/TopicRuleDynamodb:TopicRuleDynamodb": { + "properties": { + "hashKeyField": { + "type": "string", + "description": "The hash key name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hashKeyType": { + "type": "string", + "description": "The hash key type. Valid values are \"STRING\" or \"NUMBER\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hashKeyValue": { + "type": "string", + "description": "The hash key value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "operation": { + "type": "string", + "description": "The operation. Valid values are \"INSERT\", \"UPDATE\", or \"DELETE\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "payloadField": { + "type": "string", + "description": "The action payload.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rangeKeyField": { + "type": "string", + "description": "The range key name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rangeKeyType": { + "type": "string", + "description": "The range key type. Valid values are \"STRING\" or \"NUMBER\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rangeKeyValue": { + "type": "string", + "description": "The range key value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access to the DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tableName": { + "type": "string", + "description": "The name of the DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "hashKeyField", + "hashKeyValue", + "roleArn", + "tableName" + ] + }, + "aws:iot/TopicRuleDynamodbv2:TopicRuleDynamodbv2": { + "properties": { + "putItem": { + "$ref": "#/types/aws:iot/TopicRuleDynamodbv2PutItem:TopicRuleDynamodbv2PutItem", + "description": "Configuration block with DynamoDB Table to which the message will be written. Nested arguments below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that allows access to the CloudWatch alarm.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn" + ] + }, + "aws:iot/TopicRuleDynamodbv2PutItem:TopicRuleDynamodbv2PutItem": { + "properties": { + "tableName": { + "type": "string", + "description": "The name of the DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "tableName" + ] + }, + "aws:iot/TopicRuleElasticsearch:TopicRuleElasticsearch": { + "properties": { + "endpoint": { + "type": "string", + "description": "The endpoint of your Elasticsearch domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "The unique identifier for the document you are storing.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "index": { + "type": "string", + "description": "The Elasticsearch index where you want to store your data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that has access to Elasticsearch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of document you are storing.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "endpoint", + "id", + "index", + "roleArn", + "type" + ] + }, + "aws:iot/TopicRuleErrorAction:TopicRuleErrorAction": { + "properties": { + "cloudwatchAlarm": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionCloudwatchAlarm:TopicRuleErrorActionCloudwatchAlarm", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchMetric": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionCloudwatchMetric:TopicRuleErrorActionCloudwatchMetric", + "language": { + "python": { + "mapCase": false + } + } + }, + "dynamodb": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionDynamodb:TopicRuleErrorActionDynamodb", + "language": { + "python": { + "mapCase": false + } + } + }, + "dynamodbv2": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionDynamodbv2:TopicRuleErrorActionDynamodbv2", + "language": { + "python": { + "mapCase": false + } + } + }, + "elasticsearch": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionElasticsearch:TopicRuleErrorActionElasticsearch", + "language": { + "python": { + "mapCase": false + } + } + }, + "firehose": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionFirehose:TopicRuleErrorActionFirehose", + "language": { + "python": { + "mapCase": false + } + } + }, + "iotAnalytics": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionIotAnalytics:TopicRuleErrorActionIotAnalytics", + "language": { + "python": { + "mapCase": false + } + } + }, + "iotEvents": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionIotEvents:TopicRuleErrorActionIotEvents", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesis": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionKinesis:TopicRuleErrorActionKinesis", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambda": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionLambda:TopicRuleErrorActionLambda", + "language": { + "python": { + "mapCase": false + } + } + }, + "republish": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionRepublish:TopicRuleErrorActionRepublish", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionS3:TopicRuleErrorActionS3", + "language": { + "python": { + "mapCase": false + } + } + }, + "sns": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionSns:TopicRuleErrorActionSns", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqs": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionSqs:TopicRuleErrorActionSqs", + "language": { + "python": { + "mapCase": false + } + } + }, + "stepFunctions": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionStepFunctions:TopicRuleErrorActionStepFunctions", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:iot/TopicRuleErrorActionCloudwatchAlarm:TopicRuleErrorActionCloudwatchAlarm": { + "properties": { + "alarmName": { + "type": "string", + "description": "The CloudWatch alarm name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that allows access to the CloudWatch alarm.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stateReason": { + "type": "string", + "description": "The reason for the alarm change.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stateValue": { + "type": "string", + "description": "The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "alarmName", + "roleArn", + "stateReason", + "stateValue" + ] + }, + "aws:iot/TopicRuleErrorActionCloudwatchMetric:TopicRuleErrorActionCloudwatchMetric": { + "properties": { + "metricName": { + "type": "string", + "description": "The CloudWatch metric name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricNamespace": { + "type": "string", + "description": "The CloudWatch metric namespace name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricTimestamp": { + "type": "string", + "description": "An optional Unix timestamp (http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#about_timestamp).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricUnit": { + "type": "string", + "description": "The metric unit (supported units can be found here: http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/cloudwatch_concepts.html#Unit)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricValue": { + "type": "string", + "description": "The CloudWatch metric value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that allows access to the CloudWatch metric.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "metricName", + "metricNamespace", + "metricUnit", + "metricValue", + "roleArn" + ] + }, + "aws:iot/TopicRuleErrorActionDynamodb:TopicRuleErrorActionDynamodb": { + "properties": { + "hashKeyField": { + "type": "string", + "description": "The hash key name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hashKeyType": { + "type": "string", + "description": "The hash key type. Valid values are \"STRING\" or \"NUMBER\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hashKeyValue": { + "type": "string", + "description": "The hash key value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "operation": { + "type": "string", + "description": "The operation. Valid values are \"INSERT\", \"UPDATE\", or \"DELETE\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "payloadField": { + "type": "string", + "description": "The action payload.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rangeKeyField": { + "type": "string", + "description": "The range key name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rangeKeyType": { + "type": "string", + "description": "The range key type. Valid values are \"STRING\" or \"NUMBER\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rangeKeyValue": { + "type": "string", + "description": "The range key value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access to the DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tableName": { + "type": "string", + "description": "The name of the DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "hashKeyField", + "hashKeyValue", + "roleArn", + "tableName" + ] + }, + "aws:iot/TopicRuleErrorActionDynamodbv2:TopicRuleErrorActionDynamodbv2": { + "properties": { + "putItem": { + "$ref": "#/types/aws:iot/TopicRuleErrorActionDynamodbv2PutItem:TopicRuleErrorActionDynamodbv2PutItem", + "description": "Configuration block with DynamoDB Table to which the message will be written. Nested arguments below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that allows access to the CloudWatch alarm.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn" + ] + }, + "aws:iot/TopicRuleErrorActionDynamodbv2PutItem:TopicRuleErrorActionDynamodbv2PutItem": { + "properties": { + "tableName": { + "type": "string", + "description": "The name of the DynamoDB table.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "tableName" + ] + }, + "aws:iot/TopicRuleErrorActionElasticsearch:TopicRuleErrorActionElasticsearch": { + "properties": { + "endpoint": { + "type": "string", + "description": "The endpoint of your Elasticsearch domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "The unique identifier for the document you are storing.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "index": { + "type": "string", + "description": "The Elasticsearch index where you want to store your data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that has access to Elasticsearch.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of document you are storing.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "endpoint", + "id", + "index", + "roleArn", + "type" + ] + }, + "aws:iot/TopicRuleErrorActionFirehose:TopicRuleErrorActionFirehose": { + "properties": { + "deliveryStreamName": { + "type": "string", + "description": "The delivery stream name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that grants access to the Amazon Kinesis Firehose stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "separator": { + "type": "string", + "description": "A character separator that is used to separate records written to the Firehose stream. Valid values are: '\\n' (newline), '\\t' (tab), '\\r\\n' (Windows newline), ',' (comma).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deliveryStreamName", + "roleArn" + ] + }, + "aws:iot/TopicRuleErrorActionIotAnalytics:TopicRuleErrorActionIotAnalytics": { + "properties": { + "channelName": { + "type": "string", + "description": "Name of AWS IOT Analytics channel.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "channelName", + "roleArn" + ] + }, + "aws:iot/TopicRuleErrorActionIotEvents:TopicRuleErrorActionIotEvents": { + "properties": { + "inputName": { + "type": "string", + "description": "The name of the AWS IoT Events input.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageId": { + "type": "string", + "description": "Use this to ensure that only one input (message) with a given messageId is processed by an AWS IoT Events detector.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "inputName", + "roleArn" + ] + }, + "aws:iot/TopicRuleErrorActionKinesis:TopicRuleErrorActionKinesis": { + "properties": { + "partitionKey": { + "type": "string", + "description": "The partition key.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access to the Amazon Kinesis stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "streamName": { + "type": "string", + "description": "The name of the Amazon Kinesis stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "streamName" + ] + }, + "aws:iot/TopicRuleErrorActionLambda:TopicRuleErrorActionLambda": { + "properties": { + "functionArn": { + "type": "string", + "description": "The ARN of the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "functionArn" + ] + }, + "aws:iot/TopicRuleErrorActionRepublish:TopicRuleErrorActionRepublish": { + "properties": { + "qos": { + "type": "integer", + "description": "The Quality of Service (QoS) level to use when republishing messages. Valid values are 0 or 1. The default value is 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "topic": { + "type": "string", + "description": "The name of the MQTT topic the message should be republished to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "topic" + ] + }, + "aws:iot/TopicRuleErrorActionS3:TopicRuleErrorActionS3": { + "properties": { + "bucketName": { + "type": "string", + "description": "The Amazon S3 bucket name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The object key.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that allows access to the CloudWatch alarm.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketName", + "key", + "roleArn" + ] + }, + "aws:iot/TopicRuleErrorActionSns:TopicRuleErrorActionSns": { + "properties": { + "messageFormat": { + "type": "string", + "description": "The message format of the message to publish. Accepted values are \"JSON\" and \"RAW\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetArn": { + "type": "string", + "description": "The ARN of the SNS topic.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "targetArn" + ] + }, + "aws:iot/TopicRuleErrorActionSqs:TopicRuleErrorActionSqs": { + "properties": { + "queueUrl": { + "type": "string", + "description": "The URL of the Amazon SQS queue.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "useBase64": { + "type": "boolean", + "description": "Specifies whether to use Base64 encoding.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "queueUrl", + "roleArn", + "useBase64" + ] + }, + "aws:iot/TopicRuleErrorActionStepFunctions:TopicRuleErrorActionStepFunctions": { + "properties": { + "executionNamePrefix": { + "type": "string", + "description": "The prefix used to generate, along with a UUID, the unique state machine execution name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access to start execution of the state machine.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stateMachineName": { + "type": "string", + "description": "The name of the Step Functions state machine whose execution will be started.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "stateMachineName" + ] + }, + "aws:iot/TopicRuleFirehose:TopicRuleFirehose": { + "properties": { + "deliveryStreamName": { + "type": "string", + "description": "The delivery stream name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that grants access to the Amazon Kinesis Firehose stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "separator": { + "type": "string", + "description": "A character separator that is used to separate records written to the Firehose stream. Valid values are: '\\n' (newline), '\\t' (tab), '\\r\\n' (Windows newline), ',' (comma).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deliveryStreamName", + "roleArn" + ] + }, + "aws:iot/TopicRuleIotAnalytic:TopicRuleIotAnalytic": { + "properties": { + "channelName": { + "type": "string", + "description": "Name of AWS IOT Analytics channel.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "channelName", + "roleArn" + ] + }, + "aws:iot/TopicRuleIotEvent:TopicRuleIotEvent": { + "properties": { + "inputName": { + "type": "string", + "description": "The name of the AWS IoT Events input.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageId": { + "type": "string", + "description": "Use this to ensure that only one input (message) with a given messageId is processed by an AWS IoT Events detector.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "inputName", + "roleArn" + ] + }, + "aws:iot/TopicRuleKinesis:TopicRuleKinesis": { + "properties": { + "partitionKey": { + "type": "string", + "description": "The partition key.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access to the Amazon Kinesis stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "streamName": { + "type": "string", + "description": "The name of the Amazon Kinesis stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "streamName" + ] + }, + "aws:iot/TopicRuleLambda:TopicRuleLambda": { + "properties": { + "functionArn": { + "type": "string", + "description": "The ARN of the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "functionArn" + ] + }, + "aws:iot/TopicRuleRepublish:TopicRuleRepublish": { + "properties": { + "qos": { + "type": "integer", + "description": "The Quality of Service (QoS) level to use when republishing messages. Valid values are 0 or 1. The default value is 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "topic": { + "type": "string", + "description": "The name of the MQTT topic the message should be republished to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "topic" + ] + }, + "aws:iot/TopicRuleS3:TopicRuleS3": { + "properties": { + "bucketName": { + "type": "string", + "description": "The Amazon S3 bucket name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The object key.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The IAM role ARN that allows access to the CloudWatch alarm.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketName", + "key", + "roleArn" + ] + }, + "aws:iot/TopicRuleSns:TopicRuleSns": { + "properties": { + "messageFormat": { + "type": "string", + "description": "The message format of the message to publish. Accepted values are \"JSON\" and \"RAW\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetArn": { + "type": "string", + "description": "The ARN of the SNS topic.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "targetArn" + ] + }, + "aws:iot/TopicRuleSqs:TopicRuleSqs": { + "properties": { + "queueUrl": { + "type": "string", + "description": "The URL of the Amazon SQS queue.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "useBase64": { + "type": "boolean", + "description": "Specifies whether to use Base64 encoding.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "queueUrl", + "roleArn", + "useBase64" + ] + }, + "aws:iot/TopicRuleStepFunction:TopicRuleStepFunction": { + "properties": { + "executionNamePrefix": { + "type": "string", + "description": "The prefix used to generate, along with a UUID, the unique state machine execution name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that grants access to start execution of the state machine.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stateMachineName": { + "type": "string", + "description": "The name of the Step Functions state machine whose execution will be started.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "stateMachineName" + ] + }, + "aws:kinesis/AnalyticsApplicationCloudwatchLoggingOptions:AnalyticsApplicationCloudwatchLoggingOptions": { + "properties": { + "id": { + "type": "string", + "description": "The ARN of the Kinesis Analytics Application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logStreamArn": { + "type": "string", + "description": "The ARN of the CloudWatch Log Stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM Role used to send application messages.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "logStreamArn", + "roleArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "logStreamArn", + "roleArn" + ] + } + } + }, + "aws:kinesis/AnalyticsApplicationInputs:AnalyticsApplicationInputs": { + "properties": { + "id": { + "type": "string", + "description": "The ARN of the Kinesis Analytics Application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisFirehose": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsKinesisFirehose:AnalyticsApplicationInputsKinesisFirehose", + "description": "The Kinesis Firehose configuration for the streaming source. Conflicts with `kinesis_stream`.\nSee Kinesis Firehose below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisStream": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsKinesisStream:AnalyticsApplicationInputsKinesisStream", + "description": "The Kinesis Stream configuration for the streaming source. Conflicts with `kinesis_firehose`.\nSee Kinesis Stream below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namePrefix": { + "type": "string", + "description": "The Name Prefix to use when creating an in-application stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parallelism": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsParallelism:AnalyticsApplicationInputsParallelism", + "description": "The number of Parallel in-application streams to create.\nSee Parallelism below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processingConfiguration": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsProcessingConfiguration:AnalyticsApplicationInputsProcessingConfiguration", + "description": "The Processing Configuration to transform records as they are received from the stream.\nSee Processing Configuration below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schema": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsSchema:AnalyticsApplicationInputsSchema", + "description": "The Schema format of the data in the streaming source. See Source Schema below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "startingPositionConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsStartingPositionConfiguration:AnalyticsApplicationInputsStartingPositionConfiguration" + }, + "description": "The point at which the application starts processing records from the streaming source.\nSee Starting Position Configuration below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "streamNames": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "namePrefix", + "schema" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "namePrefix", + "parallelism", + "schema", + "startingPositionConfigurations", + "streamNames" + ] + } + } + }, + "aws:kinesis/AnalyticsApplicationInputsKinesisFirehose:AnalyticsApplicationInputsKinesisFirehose": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the Kinesis Firehose delivery stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM Role used to access the stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn", + "roleArn" + ] + }, + "aws:kinesis/AnalyticsApplicationInputsKinesisStream:AnalyticsApplicationInputsKinesisStream": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the Kinesis Stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM Role used to access the stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn", + "roleArn" + ] + }, + "aws:kinesis/AnalyticsApplicationInputsParallelism:AnalyticsApplicationInputsParallelism": { + "properties": { + "count": { + "type": "integer", + "description": "The Count of streams.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "count" + ] + } + } + }, + "aws:kinesis/AnalyticsApplicationInputsProcessingConfiguration:AnalyticsApplicationInputsProcessingConfiguration": { + "properties": { + "lambda": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsProcessingConfigurationLambda:AnalyticsApplicationInputsProcessingConfigurationLambda", + "description": "The Lambda function configuration. See Lambda below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "lambda" + ] + }, + "aws:kinesis/AnalyticsApplicationInputsProcessingConfigurationLambda:AnalyticsApplicationInputsProcessingConfigurationLambda": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM Role used to access the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn", + "roleArn" + ] + }, + "aws:kinesis/AnalyticsApplicationInputsSchema:AnalyticsApplicationInputsSchema": { + "properties": { + "recordColumns": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsSchemaRecordColumn:AnalyticsApplicationInputsSchemaRecordColumn" + }, + "description": "The Record Column mapping for the streaming source data element.\nSee Record Columns below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordEncoding": { + "type": "string", + "description": "The Encoding of the record in the streaming source.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordFormat": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsSchemaRecordFormat:AnalyticsApplicationInputsSchemaRecordFormat", + "description": "The Record Format and mapping information to schematize a record.\nSee Record Format below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordColumns", + "recordFormat" + ] + }, + "aws:kinesis/AnalyticsApplicationInputsSchemaRecordColumn:AnalyticsApplicationInputsSchemaRecordColumn": { + "properties": { + "mapping": { + "type": "string", + "description": "The Mapping reference to the data element.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the column.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqlType": { + "type": "string", + "description": "The SQL Type of the column.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "sqlType" + ] + }, + "aws:kinesis/AnalyticsApplicationInputsSchemaRecordFormat:AnalyticsApplicationInputsSchemaRecordFormat": { + "properties": { + "mappingParameters": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsSchemaRecordFormatMappingParameters:AnalyticsApplicationInputsSchemaRecordFormatMappingParameters", + "description": "The Mapping Information for the record format.\nSee Mapping Parameters below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordFormatType": { + "type": "string", + "description": "The type of Record Format. Can be `CSV` or `JSON`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "recordFormatType" + ] + } + } + }, + "aws:kinesis/AnalyticsApplicationInputsSchemaRecordFormatMappingParameters:AnalyticsApplicationInputsSchemaRecordFormatMappingParameters": { + "properties": { + "csv": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsSchemaRecordFormatMappingParametersCsv:AnalyticsApplicationInputsSchemaRecordFormatMappingParametersCsv", + "description": "Mapping information when the record format uses delimiters.\nSee CSV Mapping Parameters below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "json": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputsSchemaRecordFormatMappingParametersJson:AnalyticsApplicationInputsSchemaRecordFormatMappingParametersJson", + "description": "Mapping information when JSON is the record format on the streaming source.\nSee JSON Mapping Parameters below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/AnalyticsApplicationInputsSchemaRecordFormatMappingParametersCsv:AnalyticsApplicationInputsSchemaRecordFormatMappingParametersCsv": { + "properties": { + "recordColumnDelimiter": { + "type": "string", + "description": "The Column Delimiter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordRowDelimiter": { + "type": "string", + "description": "The Row Delimiter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordColumnDelimiter", + "recordRowDelimiter" + ] + }, + "aws:kinesis/AnalyticsApplicationInputsSchemaRecordFormatMappingParametersJson:AnalyticsApplicationInputsSchemaRecordFormatMappingParametersJson": { + "properties": { + "recordRowPath": { + "type": "string", + "description": "Path to the top-level parent that contains the records.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordRowPath" + ] + }, + "aws:kinesis/AnalyticsApplicationInputsStartingPositionConfiguration:AnalyticsApplicationInputsStartingPositionConfiguration": { + "properties": { + "startingPosition": { + "type": "string", + "description": "The starting position on the stream. Valid values: `LAST_STOPPED_POINT`, `NOW`, `TRIM_HORIZON`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "startingPosition" + ] + } + } + }, + "aws:kinesis/AnalyticsApplicationOutput:AnalyticsApplicationOutput": { + "properties": { + "id": { + "type": "string", + "description": "The ARN of the Kinesis Analytics Application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisFirehose": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationOutputKinesisFirehose:AnalyticsApplicationOutputKinesisFirehose", + "description": "The Kinesis Firehose configuration for the destination stream. Conflicts with `kinesis_stream`.\nSee Kinesis Firehose below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisStream": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationOutputKinesisStream:AnalyticsApplicationOutputKinesisStream", + "description": "The Kinesis Stream configuration for the destination stream. Conflicts with `kinesis_firehose`.\nSee Kinesis Stream below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambda": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationOutputLambda:AnalyticsApplicationOutputLambda", + "description": "The Lambda function destination. See Lambda below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The Name of the in-application stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schema": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationOutputSchema:AnalyticsApplicationOutputSchema", + "description": "The Schema format of the data written to the destination. See Destination Schema below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "schema" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "name", + "schema" + ] + } + } + }, + "aws:kinesis/AnalyticsApplicationOutputKinesisFirehose:AnalyticsApplicationOutputKinesisFirehose": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the Kinesis Firehose delivery stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM Role used to access the stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn", + "roleArn" + ] + }, + "aws:kinesis/AnalyticsApplicationOutputKinesisStream:AnalyticsApplicationOutputKinesisStream": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the Kinesis Stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM Role used to access the stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn", + "roleArn" + ] + }, + "aws:kinesis/AnalyticsApplicationOutputLambda:AnalyticsApplicationOutputLambda": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM Role used to access the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn", + "roleArn" + ] + }, + "aws:kinesis/AnalyticsApplicationOutputSchema:AnalyticsApplicationOutputSchema": { + "properties": { + "recordFormatType": { + "type": "string", + "description": "The Format Type of the records on the output stream. Can be `CSV` or `JSON`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordFormatType" + ] + }, + "aws:kinesis/AnalyticsApplicationReferenceDataSources:AnalyticsApplicationReferenceDataSources": { + "properties": { + "id": { + "type": "string", + "description": "The ARN of the Kinesis Analytics Application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationReferenceDataSourcesS3:AnalyticsApplicationReferenceDataSourcesS3", + "description": "The S3 configuration for the reference data source. See S3 Reference below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schema": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchema:AnalyticsApplicationReferenceDataSourcesSchema", + "description": "The Schema format of the data in the streaming source. See Source Schema below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tableName": { + "type": "string", + "description": "The in-application Table Name.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3", + "schema", + "tableName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "s3", + "schema", + "tableName" + ] + } + } + }, + "aws:kinesis/AnalyticsApplicationReferenceDataSourcesS3:AnalyticsApplicationReferenceDataSourcesS3": { + "properties": { + "bucketArn": { + "type": "string", + "description": "The S3 Bucket ARN.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fileKey": { + "type": "string", + "description": "The File Key name containing reference data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM Role used to send application messages.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketArn", + "fileKey", + "roleArn" + ] + }, + "aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchema:AnalyticsApplicationReferenceDataSourcesSchema": { + "properties": { + "recordColumns": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchemaRecordColumn:AnalyticsApplicationReferenceDataSourcesSchemaRecordColumn" + }, + "description": "The Record Column mapping for the streaming source data element.\nSee Record Columns below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordEncoding": { + "type": "string", + "description": "The Encoding of the record in the streaming source.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordFormat": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchemaRecordFormat:AnalyticsApplicationReferenceDataSourcesSchemaRecordFormat", + "description": "The Record Format and mapping information to schematize a record.\nSee Record Format below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordColumns", + "recordFormat" + ] + }, + "aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchemaRecordColumn:AnalyticsApplicationReferenceDataSourcesSchemaRecordColumn": { + "properties": { + "mapping": { + "type": "string", + "description": "The Mapping reference to the data element.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the column.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqlType": { + "type": "string", + "description": "The SQL Type of the column.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "sqlType" + ] + }, + "aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchemaRecordFormat:AnalyticsApplicationReferenceDataSourcesSchemaRecordFormat": { + "properties": { + "mappingParameters": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParameters:AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParameters", + "description": "The Mapping Information for the record format.\nSee Mapping Parameters below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordFormatType": { + "type": "string", + "description": "The type of Record Format. Can be `CSV` or `JSON`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "recordFormatType" + ] + } + } + }, + "aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParameters:AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParameters": { + "properties": { + "csv": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersCsv:AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersCsv", + "description": "Mapping information when the record format uses delimiters.\nSee CSV Mapping Parameters below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "json": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersJson:AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersJson", + "description": "Mapping information when JSON is the record format on the streaming source.\nSee JSON Mapping Parameters below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersCsv:AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersCsv": { + "properties": { + "recordColumnDelimiter": { + "type": "string", + "description": "The Column Delimiter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordRowDelimiter": { + "type": "string", + "description": "The Row Delimiter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordColumnDelimiter", + "recordRowDelimiter" + ] + }, + "aws:kinesis/AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersJson:AnalyticsApplicationReferenceDataSourcesSchemaRecordFormatMappingParametersJson": { + "properties": { + "recordRowPath": { + "type": "string", + "description": "Path to the top-level parent that contains the records.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordRowPath" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamElasticsearchConfiguration:FirehoseDeliveryStreamElasticsearchConfiguration": { + "properties": { + "bufferingInterval": { + "type": "integer", + "description": "Buffer incoming data for the specified period of time, in seconds between 60 to 900, before delivering it to the destination. The default value is 300s.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferingSize": { + "type": "integer", + "description": "Buffer incoming data to the specified size, in MBs between 1 to 100, before delivering it to the destination. The default value is 5MB.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamElasticsearchConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamElasticsearchConfigurationCloudwatchLoggingOptions", + "description": "The CloudWatch Logging Options for the delivery stream. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clusterEndpoint": { + "type": "string", + "description": "The endpoint to use when communicating with the cluster. Conflicts with `domain_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "domainArn": { + "type": "string", + "description": "The ARN of the Amazon ES domain. The IAM role must have permission for `DescribeElasticsearchDomain`, `DescribeElasticsearchDomains`, and `DescribeElasticsearchDomainConfig` after assuming `RoleARN`. The pattern needs to be `arn:.*`. Conflicts with `cluster_endpoint`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "indexName": { + "type": "string", + "description": "The Elasticsearch index name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "indexRotationPeriod": { + "type": "string", + "description": "The Elasticsearch index rotation period. Index rotation appends a timestamp to the IndexName to facilitate expiration of old data. Valid values are `NoRotation`, `OneHour`, `OneDay`, `OneWeek`, and `OneMonth`. The default value is `OneDay`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processingConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfiguration:FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfiguration", + "description": "The data processing configuration. More details are given below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "retryDuration": { + "type": "integer", + "description": "After an initial failure to deliver to Amazon Elasticsearch, the total amount of time, in seconds between 0 to 7200, during which Firehose re-attempts delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 300s. There will be no retry if the value is 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role to be assumed by Firehose for calling the Amazon ES Configuration API and for indexing documents. The pattern needs to be `arn:.*`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BackupMode": { + "type": "string", + "description": "Defines how documents should be delivered to Amazon S3. Valid values are `FailedDocumentsOnly` and `AllDocuments`. Default value is `FailedDocumentsOnly`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "typeName": { + "type": "string", + "description": "The Elasticsearch type name with maximum length of 100 characters.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcConfig": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamElasticsearchConfigurationVpcConfig:FirehoseDeliveryStreamElasticsearchConfigurationVpcConfig", + "description": "The VPC configuration for the delivery stream to connect to Elastic Search associated with the VPC. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "indexName", + "roleArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudwatchLoggingOptions", + "indexName", + "roleArn" + ] + } + } + }, + "aws:kinesis/FirehoseDeliveryStreamElasticsearchConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamElasticsearchConfigurationCloudwatchLoggingOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables the logging. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logGroupName": { + "type": "string", + "description": "The CloudWatch group name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logStreamName": { + "type": "string", + "description": "The CloudWatch log stream name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfiguration:FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfiguration": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables data processing.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processors": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessor:FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessor" + }, + "description": "Array of data processors. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessor:FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessor": { + "properties": { + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameter:FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameter" + }, + "description": "Array of processor parameters. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of processor. Valid Values: `Lambda`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameter:FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameter": { + "properties": { + "parameterName": { + "type": "string", + "description": "Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameterValue": { + "type": "string", + "description": "Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "parameterName", + "parameterValue" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamElasticsearchConfigurationVpcConfig:FirehoseDeliveryStreamElasticsearchConfigurationVpcConfig": { + "properties": { + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role to be assumed by Firehose for calling the Amazon EC2 configuration API and for creating network interfaces. Make sure role has necessary [IAM permissions](https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-es-vpc)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with Kinesis Firehose.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to associate with Kinesis Firehose.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "securityGroupIds", + "subnetIds" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "roleArn", + "securityGroupIds", + "subnetIds", + "vpcId" + ] + } + } + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3Configuration:FirehoseDeliveryStreamExtendedS3Configuration": { + "properties": { + "bucketArn": { + "type": "string", + "description": "The ARN of the S3 bucket\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferInterval": { + "type": "integer", + "description": "Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferSize": { + "type": "integer", + "description": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.\nWe recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamExtendedS3ConfigurationCloudwatchLoggingOptions", + "description": "The CloudWatch Logging Options for the delivery stream. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compressionFormat": { + "type": "string", + "description": "The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dataFormatConversionConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfiguration", + "description": "Nested argument for the serializer, deserializer, and schema for converting data from the JSON format to the Parquet or ORC format before writing it to Amazon S3. More details given below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "errorOutputPrefix": { + "type": "string", + "description": "Prefix added to failed records before writing them to S3. This prefix appears immediately following the bucket name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will\nbe used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The \"YYYY/MM/DD/HH\" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processingConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfiguration", + "description": "The data processing configuration. More details are given below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The role that Kinesis Data Firehose can use to access AWS Glue. This role must be in the same account you use for Kinesis Data Firehose. Cross-account roles aren't allowed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BackupConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfiguration", + "description": "The configuration for backup in Amazon S3. Required if `s3_backup_mode` is `Enabled`. Supports the same fields as `s3_configuration` object.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BackupMode": { + "type": "string", + "description": "The Amazon S3 backup mode. Valid values are `Disabled` and `Enabled`. Default value is `Disabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketArn", + "roleArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "bucketArn", + "cloudwatchLoggingOptions", + "roleArn" + ] + } + } + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamExtendedS3ConfigurationCloudwatchLoggingOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables the logging. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logGroupName": { + "type": "string", + "description": "The CloudWatch group name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logStreamName": { + "type": "string", + "description": "The CloudWatch log stream name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfiguration": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Defaults to `true`. Set it to `false` if you want to disable format conversion while preserving the configuration details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "inputFormatConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfiguration", + "description": "Nested argument that specifies the deserializer that you want Kinesis Data Firehose to use to convert the format of your data from JSON. More details below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outputFormatConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfiguration", + "description": "Nested argument that specifies the serializer that you want Kinesis Data Firehose to use to convert the format of your data to the Parquet or ORC format. More details below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schemaConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationSchemaConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationSchemaConfiguration", + "description": "Nested argument that specifies the AWS Glue Data Catalog table that contains the column information. More details below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "inputFormatConfiguration", + "outputFormatConfiguration", + "schemaConfiguration" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfiguration": { + "properties": { + "deserializer": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializer:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializer", + "description": "Nested argument that specifies which deserializer to use. You can choose either the Apache Hive JSON SerDe or the OpenX JSON SerDe. More details below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deserializer" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializer:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializer": { + "properties": { + "hiveJsonSerDe": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerHiveJsonSerDe:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerHiveJsonSerDe", + "description": "Nested argument that specifies the native Hive / HCatalog JsonSerDe. More details below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "openXJsonSerDe": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerOpenXJsonSerDe:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerOpenXJsonSerDe", + "description": "Nested argument that specifies the OpenX SerDe. More details below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerHiveJsonSerDe:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerHiveJsonSerDe": { + "properties": { + "timestampFormats": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of how you want Kinesis Data Firehose to parse the date and time stamps that may be present in your input data JSON. To specify these format strings, follow the pattern syntax of JodaTime's DateTimeFormat format strings. For more information, see [Class DateTimeFormat](https://www.joda.org/joda-time/apidocs/org/joda/time/format/DateTimeFormat.html). You can also use the special value millis to parse time stamps in epoch milliseconds. If you don't specify a format, Kinesis Data Firehose uses java.sql.Timestamp::valueOf by default.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerOpenXJsonSerDe:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationInputFormatConfigurationDeserializerOpenXJsonSerDe": { + "properties": { + "caseInsensitive": { + "type": "boolean", + "description": "When set to true, which is the default, Kinesis Data Firehose converts JSON keys to lowercase before deserializing them.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "columnToJsonKeyMappings": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of column names to JSON keys that aren't identical to the column names. This is useful when the JSON contains keys that are Hive keywords. For example, timestamp is a Hive keyword. If you have a JSON key named timestamp, set this parameter to `{ ts = \"timestamp\" }` to map this key to a column named ts.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "convertDotsInJsonKeysToUnderscores": { + "type": "boolean", + "description": "When set to `true`, specifies that the names of the keys include dots and that you want Kinesis Data Firehose to replace them with underscores. This is useful because Apache Hive does not allow dots in column names. For example, if the JSON contains a key whose name is \"a.b\", you can define the column name to be \"a_b\" when using this option. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfiguration": { + "properties": { + "serializer": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializer:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializer", + "description": "Nested argument that specifies which serializer to use. You can choose either the ORC SerDe or the Parquet SerDe. More details below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "serializer" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializer:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializer": { + "properties": { + "orcSerDe": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerOrcSerDe:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerOrcSerDe", + "description": "Nested argument that specifies converting data to the ORC format before storing it in Amazon S3. For more information, see [Apache ORC](https://orc.apache.org/docs/). More details below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parquetSerDe": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerParquetSerDe:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerParquetSerDe", + "description": "Nested argument that specifies converting data to the Parquet format before storing it in Amazon S3. For more information, see [Apache Parquet](https://parquet.apache.org/documentation/latest/). More details below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerOrcSerDe:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerOrcSerDe": { + "properties": { + "blockSizeBytes": { + "type": "integer", + "description": "The Hadoop Distributed File System (HDFS) block size. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is 256 MiB and the minimum is 64 MiB. Kinesis Data Firehose uses this value for padding calculations.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bloomFilterColumns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of column names for which you want Kinesis Data Firehose to create bloom filters.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bloomFilterFalsePositiveProbability": { + "type": "number", + "description": "The Bloom filter false positive probability (FPP). The lower the FPP, the bigger the Bloom filter. The default value is `0.05`, the minimum is `0`, and the maximum is `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compression": { + "type": "string", + "description": "The compression code to use over data blocks. The possible values are `UNCOMPRESSED`, `SNAPPY`, and `GZIP`, with the default being `SNAPPY`. Use `SNAPPY` for higher decompression speed. Use `GZIP` if the compression ratio is more important than speed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dictionaryKeyThreshold": { + "type": "number", + "description": "A float that represents the fraction of the total number of non-null rows. To turn off dictionary encoding, set this fraction to a number that is less than the number of distinct keys in a dictionary. To always use dictionary encoding, set this threshold to `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enablePadding": { + "type": "boolean", + "description": "Set this to `true` to indicate that you want stripes to be padded to the HDFS block boundaries. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "formatVersion": { + "type": "string", + "description": "The version of the file to write. The possible values are `V0_11` and `V0_12`. The default is `V0_12`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "paddingTolerance": { + "type": "number", + "description": "A float between 0 and 1 that defines the tolerance for block padding as a decimal fraction of stripe size. The default value is `0.05`, which means 5 percent of stripe size. For the default values of 64 MiB ORC stripes and 256 MiB HDFS blocks, the default block padding tolerance of 5 percent reserves a maximum of 3.2 MiB for padding within the 256 MiB block. In such a case, if the available size within the block is more than 3.2 MiB, a new, smaller stripe is inserted to fit within that space. This ensures that no stripe crosses block boundaries and causes remote reads within a node-local task. Kinesis Data Firehose ignores this parameter when `enable_padding` is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rowIndexStride": { + "type": "integer", + "description": "The number of rows between index entries. The default is `10000` and the minimum is `1000`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stripeSizeBytes": { + "type": "integer", + "description": "The number of bytes in each stripe. The default is 64 MiB and the minimum is 8 MiB.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerParquetSerDe:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationOutputFormatConfigurationSerializerParquetSerDe": { + "properties": { + "blockSizeBytes": { + "type": "integer", + "description": "The Hadoop Distributed File System (HDFS) block size. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is 256 MiB and the minimum is 64 MiB. Kinesis Data Firehose uses this value for padding calculations.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compression": { + "type": "string", + "description": "The compression code to use over data blocks. The possible values are `UNCOMPRESSED`, `SNAPPY`, and `GZIP`, with the default being `SNAPPY`. Use `SNAPPY` for higher decompression speed. Use `GZIP` if the compression ratio is more important than speed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableDictionaryCompression": { + "type": "boolean", + "description": "Indicates whether to enable dictionary compression.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxPaddingBytes": { + "type": "integer", + "description": "The maximum amount of padding to apply. This is useful if you intend to copy the data from Amazon S3 to HDFS before querying. The default is `0`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pageSizeBytes": { + "type": "integer", + "description": "The Parquet page size. Column chunks are divided into pages. A page is conceptually an indivisible unit (in terms of compression and encoding). The minimum value is 64 KiB and the default is 1 MiB.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "writerVersion": { + "type": "string", + "description": "Indicates the version of row format to output. The possible values are `V1` and `V2`. The default is `V1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationSchemaConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationDataFormatConversionConfigurationSchemaConfiguration": { + "properties": { + "catalogId": { + "type": "string", + "description": "The ID of the AWS Glue Data Catalog. If you don't supply this, the AWS account ID is used by default.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "databaseName": { + "type": "string", + "description": "Specifies the name of the AWS Glue database that contains the schema for the output data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "If you don't specify an AWS Region, the default is the current region.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The role that Kinesis Data Firehose can use to access AWS Glue. This role must be in the same account you use for Kinesis Data Firehose. Cross-account roles aren't allowed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tableName": { + "type": "string", + "description": "Specifies the AWS Glue table that contains the column information that constitutes your data schema.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "versionId": { + "type": "string", + "description": "Specifies the table version for the output data schema. Defaults to `LATEST`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "databaseName", + "roleArn", + "tableName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "catalogId", + "databaseName", + "region", + "roleArn", + "tableName" + ] + } + } + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfiguration": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables data processing.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processors": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessor:FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessor" + }, + "description": "Array of data processors. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessor:FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessor": { + "properties": { + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameter:FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameter" + }, + "description": "Array of processor parameters. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of processor. Valid Values: `Lambda`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameter:FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameter": { + "properties": { + "parameterName": { + "type": "string", + "description": "Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameterValue": { + "type": "string", + "description": "Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "parameterName", + "parameterValue" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfiguration:FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfiguration": { + "properties": { + "bucketArn": { + "type": "string", + "description": "The ARN of the S3 bucket\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferInterval": { + "type": "integer", + "description": "Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferSize": { + "type": "integer", + "description": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.\nWe recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfigurationCloudwatchLoggingOptions", + "description": "The CloudWatch Logging Options for the delivery stream. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compressionFormat": { + "type": "string", + "description": "The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will\nbe used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The \"YYYY/MM/DD/HH\" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The role that Kinesis Data Firehose can use to access AWS Glue. This role must be in the same account you use for Kinesis Data Firehose. Cross-account roles aren't allowed.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketArn", + "roleArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "bucketArn", + "cloudwatchLoggingOptions", + "roleArn" + ] + } + } + }, + "aws:kinesis/FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamExtendedS3ConfigurationS3BackupConfigurationCloudwatchLoggingOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables the logging. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logGroupName": { + "type": "string", + "description": "The CloudWatch group name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logStreamName": { + "type": "string", + "description": "The CloudWatch log stream name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfiguration:FirehoseDeliveryStreamHttpEndpointConfiguration": { + "properties": { + "accessKey": { + "type": "string", + "description": "The access key required for Kinesis Firehose to authenticate with the HTTP endpoint selected as the destination.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferingInterval": { + "type": "integer", + "description": "Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300 (5 minutes).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferingSize": { + "type": "integer", + "description": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamHttpEndpointConfigurationCloudwatchLoggingOptions", + "description": "The CloudWatch Logging Options for the delivery stream. More details are given below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The HTTP endpoint name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processingConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfiguration:FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfiguration", + "description": "The data processing configuration. More details are given below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "requestConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfiguration:FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfiguration", + "description": "The request configuration. More details are given below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "retryDuration": { + "type": "integer", + "description": "Total amount of seconds Firehose spends on retries. This duration starts after the initial attempt fails, It does not include the time periods during which Firehose waits for acknowledgment from the specified destination after each attempt. Valid values between `0` and `7200`. Default is `300`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "Kinesis Data Firehose uses this IAM role for all the permissions that the delivery stream needs. The pattern needs to be `arn:.*`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BackupMode": { + "type": "string", + "description": "Defines how documents should be delivered to Amazon S3. Valid values are `FailedDataOnly` and `AllData`. Default value is `FailedDataOnly`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "url": { + "type": "string", + "description": "The HTTP endpoint URL to which Kinesis Firehose sends your data.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "url" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudwatchLoggingOptions", + "requestConfiguration", + "url" + ] + } + } + }, + "aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamHttpEndpointConfigurationCloudwatchLoggingOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables the logging. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logGroupName": { + "type": "string", + "description": "The CloudWatch group name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logStreamName": { + "type": "string", + "description": "The CloudWatch log stream name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfiguration:FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfiguration": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables data processing.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processors": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessor:FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessor" + }, + "description": "Array of data processors. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessor:FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessor": { + "properties": { + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessorParameter:FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessorParameter" + }, + "description": "Array of processor parameters. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of processor. Valid Values: `Lambda`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessorParameter:FirehoseDeliveryStreamHttpEndpointConfigurationProcessingConfigurationProcessorParameter": { + "properties": { + "parameterName": { + "type": "string", + "description": "Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameterValue": { + "type": "string", + "description": "Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "parameterName", + "parameterValue" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfiguration:FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfiguration": { + "properties": { + "commonAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttribute:FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttribute" + }, + "description": "Describes the metadata sent to the HTTP endpoint destination. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "contentEncoding": { + "type": "string", + "description": "Kinesis Data Firehose uses the content encoding to compress the body of a request before sending the request to the destination. Valid values are `NONE` and `GZIP`. Default value is `NONE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttribute:FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttribute": { + "properties": { + "name": { + "type": "string", + "description": "The name of the HTTP endpoint common attribute.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the HTTP endpoint common attribute.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamKinesisSourceConfiguration:FirehoseDeliveryStreamKinesisSourceConfiguration": { + "properties": { + "kinesisStreamArn": { + "type": "string", + "description": "The kinesis stream used as the source of the firehose delivery stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The ARN of the role that provides access to the source Kinesis stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "kinesisStreamArn", + "roleArn" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamRedshiftConfiguration:FirehoseDeliveryStreamRedshiftConfiguration": { + "properties": { + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamRedshiftConfigurationCloudwatchLoggingOptions", + "description": "The CloudWatch Logging Options for the delivery stream. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clusterJdbcurl": { + "type": "string", + "description": "The jdbcurl of the redshift cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "copyOptions": { + "type": "string", + "description": "Copy options for copying the data from the s3 intermediate bucket into redshift, for example to change the default delimiter. For valid values, see the [AWS documentation](http://docs.aws.amazon.com/firehose/latest/APIReference/API_CopyCommand.html)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dataTableColumns": { + "type": "string", + "description": "The data table columns that will be targeted by the copy command.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dataTableName": { + "type": "string", + "description": "The name of the table in the redshift cluster that the s3 bucket will copy to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "password": { + "type": "string", + "description": "The password for the username above.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processingConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationProcessingConfiguration:FirehoseDeliveryStreamRedshiftConfigurationProcessingConfiguration", + "description": "The data processing configuration. More details are given below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "retryDuration": { + "type": "integer", + "description": "The length of time during which Firehose retries delivery after a failure, starting from the initial request and including the first attempt. The default value is 3600 seconds (60 minutes). Firehose does not retry if the value of DurationInSeconds is 0 (zero) or if the first delivery attempt takes longer than the current value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The arn of the role the stream assumes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BackupConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfiguration:FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfiguration", + "description": "The configuration for backup in Amazon S3. Required if `s3_backup_mode` is `Enabled`. Supports the same fields as `s3_configuration` object.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BackupMode": { + "type": "string", + "description": "The Amazon S3 backup mode. Valid values are `Disabled` and `Enabled`. Default value is `Disabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "username": { + "type": "string", + "description": "The username that the firehose delivery stream will assume. It is strongly recommended that the username and password provided is used exclusively for Amazon Kinesis Firehose purposes, and that the permissions for the account are restricted for Amazon Redshift INSERT permissions.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "clusterJdbcurl", + "dataTableName", + "password", + "roleArn", + "username" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudwatchLoggingOptions", + "clusterJdbcurl", + "dataTableName", + "password", + "roleArn", + "username" + ] + } + } + }, + "aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamRedshiftConfigurationCloudwatchLoggingOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables the logging. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logGroupName": { + "type": "string", + "description": "The CloudWatch group name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logStreamName": { + "type": "string", + "description": "The CloudWatch log stream name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationProcessingConfiguration:FirehoseDeliveryStreamRedshiftConfigurationProcessingConfiguration": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables data processing.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processors": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessor:FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessor" + }, + "description": "Array of data processors. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessor:FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessor": { + "properties": { + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessorParameter:FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessorParameter" + }, + "description": "Array of processor parameters. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of processor. Valid Values: `Lambda`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessorParameter:FirehoseDeliveryStreamRedshiftConfigurationProcessingConfigurationProcessorParameter": { + "properties": { + "parameterName": { + "type": "string", + "description": "Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameterValue": { + "type": "string", + "description": "Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "parameterName", + "parameterValue" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfiguration:FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfiguration": { + "properties": { + "bucketArn": { + "type": "string", + "description": "The ARN of the S3 bucket\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferInterval": { + "type": "integer", + "description": "Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferSize": { + "type": "integer", + "description": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.\nWe recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationCloudwatchLoggingOptions", + "description": "The CloudWatch Logging Options for the delivery stream. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compressionFormat": { + "type": "string", + "description": "The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will\nbe used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The \"YYYY/MM/DD/HH\" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The role that Kinesis Data Firehose can use to access AWS Glue. This role must be in the same account you use for Kinesis Data Firehose. Cross-account roles aren't allowed.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketArn", + "roleArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "bucketArn", + "cloudwatchLoggingOptions", + "roleArn" + ] + } + } + }, + "aws:kinesis/FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationCloudwatchLoggingOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables the logging. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logGroupName": { + "type": "string", + "description": "The CloudWatch group name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logStreamName": { + "type": "string", + "description": "The CloudWatch log stream name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamS3Configuration:FirehoseDeliveryStreamS3Configuration": { + "properties": { + "bucketArn": { + "type": "string", + "description": "The ARN of the S3 bucket\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferInterval": { + "type": "integer", + "description": "Buffer incoming data for the specified period of time, in seconds, before delivering it to the destination. The default value is 300.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bufferSize": { + "type": "integer", + "description": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.\nWe recommend setting SizeInMBs to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec set SizeInMBs to be 10 MB or higher.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamS3ConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamS3ConfigurationCloudwatchLoggingOptions", + "description": "The CloudWatch Logging Options for the delivery stream. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "compressionFormat": { + "type": "string", + "description": "The compression format. If no value is specified, the default is `UNCOMPRESSED`. Other supported values are `GZIP`, `ZIP`, `Snappy`, & `HADOOP_SNAPPY`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "Specifies the KMS key ARN the stream will use to encrypt data. If not set, no encryption will\nbe used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The \"YYYY/MM/DD/HH\" time format prefix is automatically used for delivered S3 files. You can specify an extra prefix to be added in front of the time format prefix. Note that if the prefix ends with a slash, it appears as a folder in the S3 bucket\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleArn": { + "type": "string", + "description": "The role that Kinesis Data Firehose can use to access AWS Glue. This role must be in the same account you use for Kinesis Data Firehose. Cross-account roles aren't allowed.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketArn", + "roleArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "bucketArn", + "cloudwatchLoggingOptions", + "roleArn" + ] + } + } + }, + "aws:kinesis/FirehoseDeliveryStreamS3ConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamS3ConfigurationCloudwatchLoggingOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables the logging. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logGroupName": { + "type": "string", + "description": "The CloudWatch group name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logStreamName": { + "type": "string", + "description": "The CloudWatch log stream name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamServerSideEncryption:FirehoseDeliveryStreamServerSideEncryption": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable encryption at rest. Default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "keyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the encryption key. Required when `key_type` is `CUSTOMER_MANAGED_CMK`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "keyType": { + "type": "string", + "description": "Type of encryption key. Default is `AWS_OWNED_CMK`. Valid values are `AWS_OWNED_CMK` and `CUSTOMER_MANAGED_CMK`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamSplunkConfiguration:FirehoseDeliveryStreamSplunkConfiguration": { + "properties": { + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamSplunkConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamSplunkConfigurationCloudwatchLoggingOptions", + "description": "The CloudWatch Logging Options for the delivery stream. More details are given below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hecAcknowledgmentTimeout": { + "type": "integer", + "description": "The amount of time, in seconds between 180 and 600, that Kinesis Firehose waits to receive an acknowledgment from Splunk after it sends it data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hecEndpoint": { + "type": "string", + "description": "The HTTP Event Collector (HEC) endpoint to which Kinesis Firehose sends your data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hecEndpointType": { + "type": "string", + "description": "The HEC endpoint type. Valid values are `Raw` or `Event`. The default value is `Raw`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "hecToken": { + "type": "string", + "description": "The GUID that you obtain from your Splunk cluster when you create a new HEC endpoint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processingConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamSplunkConfigurationProcessingConfiguration:FirehoseDeliveryStreamSplunkConfigurationProcessingConfiguration", + "description": "The data processing configuration. More details are given below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "retryDuration": { + "type": "integer", + "description": "After an initial failure to deliver to Splunk, the total amount of time, in seconds between 0 to 7200, during which Firehose re-attempts delivery (including the first attempt). After this time has elapsed, the failed documents are written to Amazon S3. The default value is 300s. There will be no retry if the value is 0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3BackupMode": { + "type": "string", + "description": "Defines how documents should be delivered to Amazon S3. Valid values are `FailedEventsOnly` and `AllEvents`. Default value is `FailedEventsOnly`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "hecEndpoint", + "hecToken" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudwatchLoggingOptions", + "hecEndpoint", + "hecToken" + ] + } + } + }, + "aws:kinesis/FirehoseDeliveryStreamSplunkConfigurationCloudwatchLoggingOptions:FirehoseDeliveryStreamSplunkConfigurationCloudwatchLoggingOptions": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables the logging. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logGroupName": { + "type": "string", + "description": "The CloudWatch group name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logStreamName": { + "type": "string", + "description": "The CloudWatch log stream name for logging. This value is required if `enabled` is true.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamSplunkConfigurationProcessingConfiguration:FirehoseDeliveryStreamSplunkConfigurationProcessingConfiguration": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enables or disables data processing.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processors": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessor:FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessor" + }, + "description": "Array of data processors. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesis/FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessor:FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessor": { + "properties": { + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessorParameter:FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessorParameter" + }, + "description": "Array of processor parameters. More details are given below\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of processor. Valid Values: `Lambda`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:kinesis/FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessorParameter:FirehoseDeliveryStreamSplunkConfigurationProcessingConfigurationProcessorParameter": { + "properties": { + "parameterName": { + "type": "string", + "description": "Parameter name. Valid Values: `LambdaArn`, `NumberOfRetries`, `RoleArn`, `BufferSizeInMBs`, `BufferIntervalInSeconds`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameterValue": { + "type": "string", + "description": "Parameter value. Must be between 1 and 512 length (inclusive). When providing a Lambda ARN, you should specify the resource version as well.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "parameterName", + "parameterValue" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfiguration:ApplicationApplicationConfiguration": { + "properties": { + "applicationCodeConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationApplicationCodeConfiguration:ApplicationApplicationConfigurationApplicationCodeConfiguration", + "description": "The code location and type parameters for the application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "applicationSnapshotConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationApplicationSnapshotConfiguration:ApplicationApplicationConfigurationApplicationSnapshotConfiguration", + "description": "Describes whether snapshots are enabled for a Flink-based application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "environmentProperties": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationEnvironmentProperties:ApplicationApplicationConfigurationEnvironmentProperties", + "description": "Describes execution properties for a Flink-based application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "flinkApplicationConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationFlinkApplicationConfiguration:ApplicationApplicationConfigurationFlinkApplicationConfiguration", + "description": "The configuration of a Flink-based application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "runConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationRunConfiguration:ApplicationApplicationConfigurationRunConfiguration", + "description": "Describes the starting properties for a Flink-based application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqlApplicationConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfiguration:ApplicationApplicationConfigurationSqlApplicationConfiguration", + "description": "The configuration of a SQL-based application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationVpcConfiguration:ApplicationApplicationConfigurationVpcConfiguration", + "description": "The VPC configuration of a Flink-based application.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "applicationCodeConfiguration" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "applicationCodeConfiguration", + "applicationSnapshotConfiguration", + "flinkApplicationConfiguration", + "runConfiguration" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationApplicationCodeConfiguration:ApplicationApplicationConfigurationApplicationCodeConfiguration": { + "properties": { + "codeContent": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContent:ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContent", + "description": "The location and type of the application code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "codeContentType": { + "type": "string", + "description": "Specifies whether the code content is in text or zip format. Valid values: `PLAINTEXT`, `ZIPFILE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "codeContentType" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContent:ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContent": { + "properties": { + "s3ContentLocation": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocation:ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocation", + "description": "Information about the Amazon S3 bucket containing the application code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textContent": { + "type": "string", + "description": "The text-format code for the application.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocation:ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocation": { + "properties": { + "bucketArn": { + "type": "string", + "description": "The ARN for the S3 bucket containing the application code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fileKey": { + "type": "string", + "description": "The file key for the object containing the application code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "objectVersion": { + "type": "string", + "description": "The version of the object containing the application code.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketArn", + "fileKey" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationApplicationSnapshotConfiguration:ApplicationApplicationConfigurationApplicationSnapshotConfiguration": { + "properties": { + "snapshotsEnabled": { + "type": "boolean", + "description": "Describes whether snapshots are enabled for a Flink-based Kinesis Data Analytics application.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "snapshotsEnabled" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationEnvironmentProperties:ApplicationApplicationConfigurationEnvironmentProperties": { + "properties": { + "propertyGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroup:ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroup" + }, + "description": "Describes the execution property groups.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "propertyGroups" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroup:ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroup": { + "properties": { + "propertyGroupId": { + "type": "string", + "description": "The key of the application execution property key-value map.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "propertyMap": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Application execution property key-value map.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "propertyGroupId", + "propertyMap" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationFlinkApplicationConfiguration:ApplicationApplicationConfigurationFlinkApplicationConfiguration": { + "properties": { + "checkpointConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationFlinkApplicationConfigurationCheckpointConfiguration:ApplicationApplicationConfigurationFlinkApplicationConfigurationCheckpointConfiguration", + "description": "Describes an application's checkpointing configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "monitoringConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationFlinkApplicationConfigurationMonitoringConfiguration:ApplicationApplicationConfigurationFlinkApplicationConfigurationMonitoringConfiguration", + "description": "Describes configuration parameters for CloudWatch logging for an application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parallelismConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationFlinkApplicationConfigurationParallelismConfiguration:ApplicationApplicationConfigurationFlinkApplicationConfigurationParallelismConfiguration", + "description": "Describes parameters for how an application executes multiple tasks simultaneously.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "checkpointConfiguration", + "monitoringConfiguration", + "parallelismConfiguration" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationFlinkApplicationConfigurationCheckpointConfiguration:ApplicationApplicationConfigurationFlinkApplicationConfigurationCheckpointConfiguration": { + "properties": { + "checkpointInterval": { + "type": "integer", + "description": "Describes the interval in milliseconds between checkpoint operations.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "checkpointingEnabled": { + "type": "boolean", + "description": "Describes whether checkpointing is enabled for a Flink-based Kinesis Data Analytics application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "configurationType": { + "type": "string", + "description": "Describes whether the application uses Kinesis Data Analytics' default checkpointing behavior. Valid values: `CUSTOM`, `DEFAULT`. Set this attribute to `CUSTOM` in order for any specified `checkpointing_enabled`, `checkpoint_interval`, or `min_pause_between_checkpoints` attribute values to be effective. If this attribute is set to `DEFAULT`, the application will always use the following values:\n* `checkpointing_enabled = true`\n* `checkpoint_interval = 60000`\n* `min_pause_between_checkpoints = 5000`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minPauseBetweenCheckpoints": { + "type": "integer", + "description": "Describes the minimum time in milliseconds after a checkpoint operation completes that a new checkpoint operation can start.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "configurationType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "checkpointInterval", + "checkpointingEnabled", + "configurationType", + "minPauseBetweenCheckpoints" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationFlinkApplicationConfigurationMonitoringConfiguration:ApplicationApplicationConfigurationFlinkApplicationConfigurationMonitoringConfiguration": { + "properties": { + "configurationType": { + "type": "string", + "description": "Describes whether to use the default CloudWatch logging configuration for an application. Valid values: `CUSTOM`, `DEFAULT`. Set this attribute to `CUSTOM` in order for any specified `log_level` or `metrics_level` attribute values to be effective.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logLevel": { + "type": "string", + "description": "Describes the verbosity of the CloudWatch Logs for an application. Valid values: `DEBUG`, `ERROR`, `INFO`, `WARN`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricsLevel": { + "type": "string", + "description": "Describes the granularity of the CloudWatch Logs for an application. Valid values: `APPLICATION`, `OPERATOR`, `PARALLELISM`, `TASK`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "configurationType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "configurationType", + "logLevel", + "metricsLevel" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationFlinkApplicationConfigurationParallelismConfiguration:ApplicationApplicationConfigurationFlinkApplicationConfigurationParallelismConfiguration": { + "properties": { + "autoScalingEnabled": { + "type": "boolean", + "description": "Describes whether the Kinesis Data Analytics service can increase the parallelism of the application in response to increased throughput.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "configurationType": { + "type": "string", + "description": "Describes whether the application uses the default parallelism for the Kinesis Data Analytics service. Valid values: `CUSTOM`, `DEFAULT`. Set this attribute to `CUSTOM` in order for any specified `auto_scaling_enabled`, `parallelism`, or `parallelism_per_kpu` attribute values to be effective.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parallelism": { + "type": "integer", + "description": "Describes the initial number of parallel tasks that a Flink-based Kinesis Data Analytics application can perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parallelismPerKpu": { + "type": "integer", + "description": "Describes the number of parallel tasks that a Flink-based Kinesis Data Analytics application can perform per Kinesis Processing Unit (KPU) used by the application.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "configurationType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "autoScalingEnabled", + "configurationType", + "parallelism", + "parallelismPerKpu" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationRunConfiguration:ApplicationApplicationConfigurationRunConfiguration": { + "properties": { + "applicationRestoreConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationRunConfigurationApplicationRestoreConfiguration:ApplicationApplicationConfigurationRunConfigurationApplicationRestoreConfiguration", + "description": "The restore behavior of a restarting application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "flinkRunConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationRunConfigurationFlinkRunConfiguration:ApplicationApplicationConfigurationRunConfigurationFlinkRunConfiguration", + "description": "The starting parameters for a Flink-based Kinesis Data Analytics application.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "applicationRestoreConfiguration", + "flinkRunConfiguration" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationRunConfigurationApplicationRestoreConfiguration:ApplicationApplicationConfigurationRunConfigurationApplicationRestoreConfiguration": { + "properties": { + "applicationRestoreType": { + "type": "string", + "description": "Specifies how the application should be restored. Valid values: `RESTORE_FROM_CUSTOM_SNAPSHOT`, `RESTORE_FROM_LATEST_SNAPSHOT`, `SKIP_RESTORE_FROM_SNAPSHOT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotName": { + "type": "string", + "description": "The identifier of an existing snapshot of application state to use to restart an application. The application uses this value if `RESTORE_FROM_CUSTOM_SNAPSHOT` is specified for `application_restore_type`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "applicationRestoreType" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationRunConfigurationFlinkRunConfiguration:ApplicationApplicationConfigurationRunConfigurationFlinkRunConfiguration": { + "properties": { + "allowNonRestoredState": { + "type": "boolean", + "description": "When restoring from a snapshot, specifies whether the runtime is allowed to skip a state that cannot be mapped to the new program. Default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "allowNonRestoredState" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfiguration:ApplicationApplicationConfigurationSqlApplicationConfiguration": { + "properties": { + "input": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInput:ApplicationApplicationConfigurationSqlApplicationConfigurationInput", + "description": "The input stream used by the application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outputs": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationOutput:ApplicationApplicationConfigurationSqlApplicationConfigurationOutput" + }, + "description": "The destination streams used by the application.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "referenceDataSource": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSource:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSource", + "description": "The reference data source used by the application.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInput:ApplicationApplicationConfigurationSqlApplicationConfigurationInput": { + "properties": { + "inAppStreamNames": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "inputId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "inputParallelism": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputParallelism:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputParallelism", + "description": "Describes the number of in-application streams to create.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "inputProcessingConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfiguration:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfiguration", + "description": "The input processing configuration for the input.\nAn input processor transforms records as they are received from the stream, before the application's SQL code executes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "inputSchema": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchema:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchema", + "description": "Describes the format of the data in the streaming source, and how each data element maps to corresponding columns in the in-application stream that is being created.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "inputStartingPositionConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputStartingPositionConfiguration:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputStartingPositionConfiguration" + }, + "description": "The point at which the application starts processing records from the streaming source.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisFirehoseInput": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisFirehoseInput:ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisFirehoseInput", + "description": "If the streaming source is a Kinesis Data Firehose delivery stream, identifies the delivery stream's ARN.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisStreamsInput": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisStreamsInput:ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisStreamsInput", + "description": "If the streaming source is a Kinesis data stream, identifies the stream's Amazon Resource Name (ARN).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namePrefix": { + "type": "string", + "description": "The name prefix to use when creating an in-application stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "inputSchema", + "namePrefix" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "inAppStreamNames", + "inputId", + "inputParallelism", + "inputSchema", + "inputStartingPositionConfigurations", + "namePrefix" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputParallelism:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputParallelism": { + "properties": { + "count": { + "type": "integer", + "description": "The number of in-application streams to create.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "count" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfiguration:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfiguration": { + "properties": { + "inputLambdaProcessor": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfigurationInputLambdaProcessor:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfigurationInputLambdaProcessor", + "description": "Describes the Lambda function that is used to preprocess the records in the stream before being processed by your application code.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "inputLambdaProcessor" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfigurationInputLambdaProcessor:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputProcessingConfigurationInputLambdaProcessor": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the Lambda function that operates on records in the stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchema:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchema": { + "properties": { + "recordColumns": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumn:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumn" + }, + "description": "Describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordEncoding": { + "type": "string", + "description": "Specifies the encoding of the records in the streaming source. For example, `UTF-8`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordFormat": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormat:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormat", + "description": "Specifies the format of the records on the streaming source.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordColumns", + "recordFormat" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumn:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumn": { + "properties": { + "mapping": { + "type": "string", + "description": "A reference to the data element in the streaming input or the reference data source.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the column that is created in the in-application input stream or reference table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqlType": { + "type": "string", + "description": "The type of column created in the in-application input stream or reference table.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "sqlType" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormat:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormat": { + "properties": { + "mappingParameters": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParameters", + "description": "Provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordFormatType": { + "type": "string", + "description": "The type of record format. Valid values: `CSV`, `JSON`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mappingParameters", + "recordFormatType" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParameters": { + "properties": { + "csvMappingParameters": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersCsvMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersCsvMappingParameters", + "description": "Provides additional mapping information when the record format uses delimiters (for example, CSV).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jsonMappingParameters": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersJsonMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersJsonMappingParameters", + "description": "Provides additional mapping information when JSON is the record format on the streaming source.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersCsvMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersCsvMappingParameters": { + "properties": { + "recordColumnDelimiter": { + "type": "string", + "description": "The column delimiter. For example, in a CSV format, a comma (`,`) is the typical column delimiter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordRowDelimiter": { + "type": "string", + "description": "The row delimiter. For example, in a CSV format, `\\n` is the typical row delimiter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordColumnDelimiter", + "recordRowDelimiter" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersJsonMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersJsonMappingParameters": { + "properties": { + "recordRowPath": { + "type": "string", + "description": "The path to the top-level parent that contains the records.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordRowPath" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputStartingPositionConfiguration:ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputStartingPositionConfiguration": { + "properties": { + "inputStartingPosition": { + "type": "string", + "description": "The starting position on the stream. Valid values: `LAST_STOPPED_POINT`, `NOW`, `TRIM_HORIZON`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "inputStartingPosition" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisFirehoseInput:ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisFirehoseInput": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the delivery stream.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisStreamsInput:ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisStreamsInput": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the input Kinesis data stream to read.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationOutput:ApplicationApplicationConfigurationSqlApplicationConfigurationOutput": { + "properties": { + "destinationSchema": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchema:ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchema", + "description": "Describes the data format when records are written to the destination.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisFirehoseOutput": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisFirehoseOutput:ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisFirehoseOutput", + "description": "Identifies a Kinesis Data Firehose delivery stream as the destination.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kinesisStreamsOutput": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisStreamsOutput:ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisStreamsOutput", + "description": "Identifies a Kinesis data stream as the destination.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambdaOutput": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationOutputLambdaOutput:ApplicationApplicationConfigurationSqlApplicationConfigurationOutputLambdaOutput", + "description": "Identifies a Lambda function as the destination.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the in-application stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outputId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destinationSchema", + "name" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "destinationSchema", + "name", + "outputId" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchema:ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchema": { + "properties": { + "recordFormatType": { + "type": "string", + "description": "Specifies the format of the records on the output stream. Valid values: `CSV`, `JSON`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordFormatType" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisFirehoseOutput:ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisFirehoseOutput": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the destination delivery stream to write to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisStreamsOutput:ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisStreamsOutput": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the destination Kinesis data stream to write to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationOutputLambdaOutput:ApplicationApplicationConfigurationSqlApplicationConfigurationOutputLambdaOutput": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The ARN of the destination Lambda function to write to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSource:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSource": { + "properties": { + "referenceId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "referenceSchema": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchema:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchema", + "description": "Describes the format of the data in the streaming source, and how each data element maps to corresponding columns created in the in-application stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3ReferenceDataSource": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceS3ReferenceDataSource:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceS3ReferenceDataSource", + "description": "Identifies the S3 bucket and object that contains the reference data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tableName": { + "type": "string", + "description": "The name of the in-application table to create.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "referenceSchema", + "s3ReferenceDataSource", + "tableName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "referenceId", + "referenceSchema", + "s3ReferenceDataSource", + "tableName" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchema:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchema": { + "properties": { + "recordColumns": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordColumn:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordColumn" + }, + "description": "Describes the mapping of each data element in the streaming source to the corresponding column in the in-application stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordEncoding": { + "type": "string", + "description": "Specifies the encoding of the records in the streaming source. For example, `UTF-8`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordFormat": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormat:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormat", + "description": "Specifies the format of the records on the streaming source.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordColumns", + "recordFormat" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordColumn:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordColumn": { + "properties": { + "mapping": { + "type": "string", + "description": "A reference to the data element in the streaming input or the reference data source.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the column that is created in the in-application input stream or reference table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqlType": { + "type": "string", + "description": "The type of column created in the in-application input stream or reference table.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "sqlType" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormat:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormat": { + "properties": { + "mappingParameters": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParameters", + "description": "Provides additional mapping information specific to the record format (such as JSON, CSV, or record fields delimited by some delimiter) on the streaming source.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordFormatType": { + "type": "string", + "description": "The type of record format. Valid values: `CSV`, `JSON`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mappingParameters", + "recordFormatType" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParameters": { + "properties": { + "csvMappingParameters": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersCsvMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersCsvMappingParameters", + "description": "Provides additional mapping information when the record format uses delimiters (for example, CSV).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jsonMappingParameters": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersJsonMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersJsonMappingParameters", + "description": "Provides additional mapping information when JSON is the record format on the streaming source.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersCsvMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersCsvMappingParameters": { + "properties": { + "recordColumnDelimiter": { + "type": "string", + "description": "The column delimiter. For example, in a CSV format, a comma (`,`) is the typical column delimiter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordRowDelimiter": { + "type": "string", + "description": "The row delimiter. For example, in a CSV format, `\\n` is the typical row delimiter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordColumnDelimiter", + "recordRowDelimiter" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersJsonMappingParameters:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersJsonMappingParameters": { + "properties": { + "recordRowPath": { + "type": "string", + "description": "The path to the top-level parent that contains the records.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "recordRowPath" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceS3ReferenceDataSource:ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceS3ReferenceDataSource": { + "properties": { + "bucketArn": { + "type": "string", + "description": "The ARN for the S3 bucket containing the application code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fileKey": { + "type": "string", + "description": "The file key for the object containing the application code.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketArn", + "fileKey" + ] + }, + "aws:kinesisanalyticsv2/ApplicationApplicationConfigurationVpcConfiguration:ApplicationApplicationConfigurationVpcConfiguration": { + "properties": { + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Security Group IDs used by the VPC configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Subnet IDs used by the VPC configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcConfigurationId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "securityGroupIds", + "subnetIds" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "securityGroupIds", + "subnetIds", + "vpcConfigurationId", + "vpcId" + ] + } + } + }, + "aws:kinesisanalyticsv2/ApplicationCloudwatchLoggingOptions:ApplicationCloudwatchLoggingOptions": { + "properties": { + "cloudwatchLoggingOptionId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "logStreamArn": { + "type": "string", + "description": "The ARN of the CloudWatch log stream to receive application messages.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "logStreamArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudwatchLoggingOptionId", + "logStreamArn" + ] + } + } + }, + "aws:kms/GrantConstraint:GrantConstraint": { + "properties": { + "encryptionContextEquals": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryption_context_subset`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encryptionContextSubset": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryption_context_equals`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:kms/getSecretSecret:getSecretSecret": { + "properties": { + "context": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "grantTokens": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "payload": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "payload" + ] + }, + "aws:kms/getSecretsSecret:getSecretsSecret": { + "properties": { + "context": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An optional mapping that makes up the Encryption Context for the secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "grantTokens": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An optional list of Grant Tokens for the secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name to export this secret under in the attributes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "payload": { + "type": "string", + "description": "Base64 encoded payload, as returned from a KMS encrypt operation.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "payload" + ] + }, + "aws:lakeformation/DataLakeSettingsCreateDatabaseDefaultPermission:DataLakeSettingsCreateDatabaseDefaultPermission": { + "properties": { + "permissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of permissions that are granted to the principal. Valid values may include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, and `DESCRIBE`. For more details, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "principal": { + "type": "string", + "description": "Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set `principal` to `IAM_ALLOWED_PRINCIPALS` and `permissions` to `[\"ALL\"]`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "permissions", + "principal" + ] + } + } + }, + "aws:lakeformation/DataLakeSettingsCreateTableDefaultPermission:DataLakeSettingsCreateTableDefaultPermission": { + "properties": { + "permissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of permissions that are granted to the principal. Valid values may include `ALL`, `SELECT`, `ALTER`, `DROP`, `DELETE`, `INSERT`, and `DESCRIBE`. For more details, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "principal": { + "type": "string", + "description": "Principal who is granted permissions. To enforce metadata and underlying data access control only by IAM on new databases and tables set `principal` to `IAM_ALLOWED_PRINCIPALS` and `permissions` to `[\"ALL\"]`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "permissions", + "principal" + ] + } + } + }, + "aws:lakeformation/PermissionsDataLocation:PermissionsDataLocation": { + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) that uniquely identifies the data location resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "arn", + "catalogId" + ] + } + } + }, + "aws:lakeformation/PermissionsDatabase:PermissionsDatabase": { + "properties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the table resource.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "catalogId", + "name" + ] + } + } + }, + "aws:lakeformation/PermissionsTable:PermissionsTable": { + "properties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "databaseName": { + "type": "string", + "description": "Name of the database for the table with columns resource. Unique to the Data Catalog.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the table resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "wildcard": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "databaseName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "catalogId", + "databaseName", + "name" + ] + } + } + }, + "aws:lakeformation/PermissionsTableWithColumns:PermissionsTableWithColumns": { + "properties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "columnNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of column names for the table.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "databaseName": { + "type": "string", + "description": "Name of the database for the table with columns resource. Unique to the Data Catalog.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "excludedColumnNames": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the table resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "wildcard": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "databaseName", + "name" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "catalogId", + "databaseName", + "name" + ] + } + } + }, + "aws:lakeformation/getDataLakeSettingsCreateDatabaseDefaultPermission:getDataLakeSettingsCreateDatabaseDefaultPermission": { + "properties": { + "permissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of permissions granted to the principal.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "principal": { + "type": "string", + "description": "Principal who is granted permissions.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "permissions", + "principal" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lakeformation/getDataLakeSettingsCreateTableDefaultPermission:getDataLakeSettingsCreateTableDefaultPermission": { + "properties": { + "permissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of permissions granted to the principal.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "principal": { + "type": "string", + "description": "Principal who is granted permissions.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "permissions", + "principal" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lakeformation/getPermissionsDataLocation:getPermissionsDataLocation": { + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) that uniquely identifies the data location resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "catalogId" + ], + "language": { + "nodejs": { + "requiredInputs": [ + "arn" + ] + } + } + }, + "aws:lakeformation/getPermissionsDatabase:getPermissionsDatabase": { + "properties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the table resource.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "catalogId", + "name" + ], + "language": { + "nodejs": { + "requiredInputs": [ + "name" + ] + } + } + }, + "aws:lakeformation/getPermissionsTable:getPermissionsTable": { + "properties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "databaseName": { + "type": "string", + "description": "Name of the database for the table with columns resource. Unique to the Data Catalog.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the table resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "wildcard": { + "type": "boolean", + "description": "Whether to use a wildcard representing every table under a database. At least one of `name` or `wildcard` is required. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "catalogId", + "databaseName", + "name" + ], + "language": { + "nodejs": { + "requiredInputs": [ + "databaseName" + ] + } + } + }, + "aws:lakeformation/getPermissionsTableWithColumns:getPermissionsTableWithColumns": { + "properties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "columnNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of column names for the table. At least one of `column_names` or `excluded_column_names` is required.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "databaseName": { + "type": "string", + "description": "Name of the database for the table with columns resource. Unique to the Data Catalog.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "excludedColumnNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of column names for the table to exclude. At least one of `column_names` or `excluded_column_names` is required.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the table resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "wildcard": { + "type": "boolean", + "description": "Whether to use a wildcard representing every table under a database. At least one of `name` or `wildcard` is required. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "catalogId", + "databaseName", + "name" + ], + "language": { + "nodejs": { + "requiredInputs": [ + "databaseName", + "name" + ] + } + } + }, + "aws:lambda/AliasRoutingConfig:AliasRoutingConfig": { + "properties": { + "additionalVersionWeights": { + "type": "object", + "additionalProperties": { + "type": "number" + }, + "description": "A map that defines the proportion of events that should be sent to different versions of a lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:lambda/CodeSigningConfigAllowedPublishers:CodeSigningConfigAllowedPublishers": { + "properties": { + "signingProfileVersionArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "signingProfileVersionArns" + ] + }, + "aws:lambda/CodeSigningConfigPolicies:CodeSigningConfigPolicies": { + "properties": { + "untrustedArtifactOnDeployment": { + "type": "string", + "description": "Code signing configuration policy for deployment validation failure. If you set the policy to Enforce, Lambda blocks the deployment request if code-signing validation checks fail. If you set the policy to Warn, Lambda allows the deployment and creates a CloudWatch log. Valid values: `Warn`, `Enforce`. Default value: `Warn`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "untrustedArtifactOnDeployment" + ] + }, + "aws:lambda/EventSourceMappingDestinationConfig:EventSourceMappingDestinationConfig": { + "properties": { + "onFailure": { + "$ref": "#/types/aws:lambda/EventSourceMappingDestinationConfigOnFailure:EventSourceMappingDestinationConfigOnFailure", + "description": "The destination configuration for failed invocations. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:lambda/EventSourceMappingDestinationConfigOnFailure:EventSourceMappingDestinationConfigOnFailure": { + "properties": { + "destinationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the destination resource.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destinationArn" + ] + }, + "aws:lambda/EventSourceMappingSelfManagedEventSource:EventSourceMappingSelfManagedEventSource": { + "properties": { + "endpoints": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of endpoints for the self managed source. For Kafka self-managed sources, the key should be `KAFKA_BOOTSTRAP_SERVERS` and the value should be a string with a comma separated list of broker endpoints.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "endpoints" + ] + }, + "aws:lambda/EventSourceMappingSourceAccessConfiguration:EventSourceMappingSourceAccessConfiguration": { + "properties": { + "type": { + "type": "string", + "description": "The type of this configuration. For Self Managed Kafka you will need to supply blocks for type `VPC_SUBNET` and `VPC_SECURITY_GROUP`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uri": { + "type": "string", + "description": "The URI for this configuration. For type `VPC_SUBNET` the value should be `subnet:subnet_id` where `subnet_id` is the value you would find in an aws.ec2.Subnet resource's id attribute. For type `VPC_SECURITY_GROUP` the value should be `security_group:security_group_id` where `security_group_id` is the value you would find in an aws.ec2.SecurityGroup resource's id attribute.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "uri" + ] + }, + "aws:lambda/FunctionDeadLetterConfig:FunctionDeadLetterConfig": { + "properties": { + "targetArn": { + "type": "string", + "description": "ARN of an SNS topic or SQS queue to notify when an invocation fails. If this option is used, the function's IAM role must be granted suitable access to write to the target object, which means allowing either the `sns:Publish` or `sqs:SendMessage` action on this ARN, depending on which service is targeted.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetArn" + ] + }, + "aws:lambda/FunctionEnvironment:FunctionEnvironment": { + "properties": { + "variables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of environment variables that are accessible from the function code during execution.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:lambda/FunctionEventInvokeConfigDestinationConfig:FunctionEventInvokeConfigDestinationConfig": { + "properties": { + "onFailure": { + "$ref": "#/types/aws:lambda/FunctionEventInvokeConfigDestinationConfigOnFailure:FunctionEventInvokeConfigDestinationConfigOnFailure", + "description": "Configuration block with destination configuration for failed asynchronous invocations. See below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onSuccess": { + "$ref": "#/types/aws:lambda/FunctionEventInvokeConfigDestinationConfigOnSuccess:FunctionEventInvokeConfigDestinationConfigOnSuccess", + "description": "Configuration block with destination configuration for successful asynchronous invocations. See below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:lambda/FunctionEventInvokeConfigDestinationConfigOnFailure:FunctionEventInvokeConfigDestinationConfigOnFailure": { + "properties": { + "destination": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the destination resource. See the [Lambda Developer Guide](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) for acceptable resource types and associated IAM permissions.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destination" + ] + }, + "aws:lambda/FunctionEventInvokeConfigDestinationConfigOnSuccess:FunctionEventInvokeConfigDestinationConfigOnSuccess": { + "properties": { + "destination": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the destination resource. See the [Lambda Developer Guide](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) for acceptable resource types and associated IAM permissions.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destination" + ] + }, + "aws:lambda/FunctionFileSystemConfig:FunctionFileSystemConfig": { + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "localMountPath": { + "type": "string", + "description": "Path where the function can access the file system, starting with /mnt/.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "localMountPath" + ] + }, + "aws:lambda/FunctionImageConfig:FunctionImageConfig": { + "properties": { + "commands": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Parameters that you want to pass in with `entry_point`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "entryPoints": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Entry point to your application, which is typically the location of the runtime executable.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "workingDirectory": { + "type": "string", + "description": "Working directory.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:lambda/FunctionTracingConfig:FunctionTracingConfig": { + "properties": { + "mode": { + "type": "string", + "description": "Whether to to sample and trace a subset of incoming requests with AWS X-Ray. Valid values are `PassThrough` and `Active`. If `PassThrough`, Lambda will only trace the request from an upstream service if it contains a tracing header with \"sampled=1\". If `Active`, Lambda will respect any tracing header it receives from an upstream service. If no tracing header is received, Lambda will call X-Ray for a tracing decision.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mode" + ] + }, + "aws:lambda/FunctionVpcConfig:FunctionVpcConfig": { + "properties": { + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group IDs associated with the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of subnet IDs associated with the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "securityGroupIds", + "subnetIds" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "securityGroupIds", + "subnetIds", + "vpcId" + ] + } + } + }, + "aws:lambda/Runtime:Runtime": { + "description": "See https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html", + "type": "string", + "enum": [ + { + "name": "DotnetCore2d1", + "value": "dotnetcore2.1" + }, + { + "name": "DotnetCore3d1", + "value": "dotnetcore3.1" + }, + { + "name": "Go1dx", + "value": "go1.x" + }, + { + "name": "Java8", + "value": "java8" + }, + { + "name": "Java8AL2", + "value": "java8.al2" + }, + { + "name": "Java11", + "value": "java11" + }, + { + "name": "Ruby2d5", + "value": "ruby2.5" + }, + { + "name": "Ruby2d7", + "value": "ruby2.7" + }, + { + "name": "NodeJS10dX", + "value": "nodejs10.x" + }, + { + "name": "NodeJS12dX", + "value": "nodejs12.x" + }, + { + "name": "NodeJS14dX", + "value": "nodejs14.x" + }, + { + "name": "Python2d7", + "value": "python2.7" + }, + { + "name": "Python3d6", + "value": "python3.6" + }, + { + "name": "Python3d7", + "value": "python3.7" + }, + { + "name": "Python3d8", + "value": "python3.8" + }, + { + "name": "Custom", + "value": "provided" + }, + { + "name": "CustomAL2", + "value": "provided.al2" + } + ] + }, + "aws:lambda/getCodeSigningConfigAllowedPublisher:getCodeSigningConfigAllowedPublisher": { + "properties": { + "signingProfileVersionArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Resource Name (ARN) for each of the signing profiles. A signing profile defines a trusted user who can sign a code package.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "signingProfileVersionArns" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lambda/getCodeSigningConfigPolicy:getCodeSigningConfigPolicy": { + "properties": { + "untrustedArtifactOnDeployment": { + "type": "string", + "description": "Code signing configuration policy for deployment validation failure.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "untrustedArtifactOnDeployment" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lambda/getFunctionDeadLetterConfig:getFunctionDeadLetterConfig": { + "properties": { + "targetArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetArn" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lambda/getFunctionEnvironment:getFunctionEnvironment": { + "properties": { + "variables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "variables" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lambda/getFunctionFileSystemConfig:getFunctionFileSystemConfig": { + "properties": { + "arn": { + "type": "string", + "description": "Unqualified (no `:QUALIFIER` or `:VERSION` suffix) Amazon Resource Name (ARN) identifying your Lambda Function. See also `qualified_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "localMountPath": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "localMountPath" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lambda/getFunctionTracingConfig:getFunctionTracingConfig": { + "properties": { + "mode": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mode" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lambda/getFunctionVpcConfig:getFunctionVpcConfig": { + "properties": { + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "securityGroupIds", + "subnetIds", + "vpcId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/ListenerDefaultAction:ListenerDefaultAction": { + "properties": { + "authenticateCognito": { + "$ref": "#/types/aws:lb/ListenerDefaultActionAuthenticateCognito:ListenerDefaultActionAuthenticateCognito", + "description": "Configuration block for using Amazon Cognito to authenticate users. Specify only when `type` is `authenticate-cognito`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidc": { + "$ref": "#/types/aws:lb/ListenerDefaultActionAuthenticateOidc:ListenerDefaultActionAuthenticateOidc", + "description": "Configuration block for an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `type` is `authenticate-oidc`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponse": { + "$ref": "#/types/aws:lb/ListenerDefaultActionFixedResponse:ListenerDefaultActionFixedResponse", + "description": "Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forward": { + "$ref": "#/types/aws:lb/ListenerDefaultActionForward:ListenerDefaultActionForward", + "description": "Configuration block for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `target_group_arn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `target_group_arn`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "description": "Order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first. Valid values are between `1` and `50000`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirect": { + "$ref": "#/types/aws:lb/ListenerDefaultActionRedirect:ListenerDefaultActionRedirect", + "description": "Configuration block for creating a redirect action. Required if `type` is `redirect`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "description": "ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "order", + "type" + ] + } + } + }, + "aws:lb/ListenerDefaultActionAuthenticateCognito:ListenerDefaultActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "Set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "Name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "Maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "description": "ARN of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "description": "ID of the Cognito user pool client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "description": "Domain prefix or fully-qualified domain name of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ] + } + } + }, + "aws:lb/ListenerDefaultActionAuthenticateOidc:ListenerDefaultActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "description": "Authorization endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "OAuth 2.0 client identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "description": "OAuth 2.0 client secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "OIDC issuer identifier of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "Behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "Set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "Name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "Maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "description": "Token endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "description": "User info endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "tokenEndpoint", + "userInfoEndpoint" + ] + } + } + }, + "aws:lb/ListenerDefaultActionFixedResponse:ListenerDefaultActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "description": "Content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "description": "Message body.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "contentType", + "statusCode" + ] + } + } + }, + "aws:lb/ListenerDefaultActionForward:ListenerDefaultActionForward": { + "properties": { + "stickiness": { + "$ref": "#/types/aws:lb/ListenerDefaultActionForwardStickiness:ListenerDefaultActionForwardStickiness", + "description": "Configuration block for target group stickiness for the rule. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerDefaultActionForwardTargetGroup:ListenerDefaultActionForwardTargetGroup" + }, + "description": "Set of 1-5 target group blocks. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetGroups" + ] + }, + "aws:lb/ListenerDefaultActionForwardStickiness:ListenerDefaultActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "description": "Time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Whether target group stickiness is enabled. Default is `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration" + ] + }, + "aws:lb/ListenerDefaultActionForwardTargetGroup:ListenerDefaultActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "Weight. The range is 0 to 999.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:lb/ListenerDefaultActionRedirect:ListenerDefaultActionRedirect": { + "properties": { + "host": { + "type": "string", + "description": "Hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Absolute path, starting with the leading \"/\". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "description": "Query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading \"?\". Defaults to `#{query}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statusCode" + ] + }, + "aws:lb/ListenerRuleAction:ListenerRuleAction": { + "properties": { + "authenticateCognito": { + "$ref": "#/types/aws:lb/ListenerRuleActionAuthenticateCognito:ListenerRuleActionAuthenticateCognito", + "description": "Information for creating an authenticate action using Cognito. Required if `type` is `authenticate-cognito`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidc": { + "$ref": "#/types/aws:lb/ListenerRuleActionAuthenticateOidc:ListenerRuleActionAuthenticateOidc", + "description": "Information for creating an authenticate action using OIDC. Required if `type` is `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponse": { + "$ref": "#/types/aws:lb/ListenerRuleActionFixedResponse:ListenerRuleActionFixedResponse", + "description": "Information for creating an action that returns a custom HTTP response. Required if `type` is `fixed-response`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forward": { + "$ref": "#/types/aws:lb/ListenerRuleActionForward:ListenerRuleActionForward", + "description": "Information for creating an action that distributes requests among one or more target groups. Specify only if `type` is `forward`. If you specify both `forward` block and `target_group_arn` attribute, you can specify only one target group using `forward` and it must be the same target group specified in `target_group_arn`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirect": { + "$ref": "#/types/aws:lb/ListenerRuleActionRedirect:ListenerRuleActionRedirect", + "description": "Information for creating a redirect action. Required if `type` is `redirect`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the Target Group to which to route traffic. Specify only if `type` is `forward` and you want to route to a single target group. To route to one or more target groups, use a `forward` block instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of routing action. Valid values are `forward`, `redirect`, `fixed-response`, `authenticate-cognito` and `authenticate-oidc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "order", + "type" + ] + } + } + }, + "aws:lb/ListenerRuleActionAuthenticateCognito:ListenerRuleActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "The set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "The name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "The maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "description": "The ARN of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "description": "The ID of the Cognito user pool client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "description": "The domain prefix or fully-qualified domain name of the Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "onUnauthenticatedRequest", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ] + } + } + }, + "aws:lb/ListenerRuleActionAuthenticateOidc:ListenerRuleActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The query parameters to include in the redirect request to the authorization endpoint. Max: 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "description": "The authorization endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "The OAuth 2.0 client identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "description": "The OAuth 2.0 client secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "The OIDC issuer identifier of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "description": "The behavior if the user is not authenticated. Valid values: `deny`, `allow` and `authenticate`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "The set of user claims to be requested from the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "description": "The name of the cookie used to maintain session information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "description": "The maximum duration of the authentication session, in seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "description": "The token endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "description": "The user info endpoint of the IdP.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "tokenEndpoint", + "userInfoEndpoint" + ] + } + } + }, + "aws:lb/ListenerRuleActionFixedResponse:ListenerRuleActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "description": "The content type. Valid values are `text/plain`, `text/css`, `text/html`, `application/javascript` and `application/json`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "description": "The message body.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The HTTP response code. Valid values are `2XX`, `4XX`, or `5XX`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "contentType", + "statusCode" + ] + } + } + }, + "aws:lb/ListenerRuleActionForward:ListenerRuleActionForward": { + "properties": { + "stickiness": { + "$ref": "#/types/aws:lb/ListenerRuleActionForwardStickiness:ListenerRuleActionForwardStickiness", + "description": "The target group stickiness for the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerRuleActionForwardTargetGroup:ListenerRuleActionForwardTargetGroup" + }, + "description": "One or more target groups block.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetGroups" + ] + }, + "aws:lb/ListenerRuleActionForwardStickiness:ListenerRuleActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "description": "The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether target group stickiness is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration" + ] + }, + "aws:lb/ListenerRuleActionForwardTargetGroup:ListenerRuleActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "description": "The weight. The range is 0 to 999.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:lb/ListenerRuleActionRedirect:ListenerRuleActionRedirect": { + "properties": { + "host": { + "type": "string", + "description": "The hostname. This component is not percent-encoded. The hostname can contain `#{host}`. Defaults to `#{host}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "The absolute path, starting with the leading \"/\". This component is not percent-encoded. The path can contain #{host}, #{path}, and #{port}. Defaults to `/#{path}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "The port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "description": "The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading \"?\". Defaults to `#{query}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The HTTP redirect code. The redirect is either permanent (`HTTP_301`) or temporary (`HTTP_302`).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statusCode" + ] + }, + "aws:lb/ListenerRuleCondition:ListenerRuleCondition": { + "properties": { + "hostHeader": { + "$ref": "#/types/aws:lb/ListenerRuleConditionHostHeader:ListenerRuleConditionHostHeader", + "description": "Contains a single `values` item which is a list of host header patterns to match. The maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpHeader": { + "$ref": "#/types/aws:lb/ListenerRuleConditionHttpHeader:ListenerRuleConditionHttpHeader", + "description": "HTTP headers to match. HTTP Header block fields documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "httpRequestMethod": { + "$ref": "#/types/aws:lb/ListenerRuleConditionHttpRequestMethod:ListenerRuleConditionHttpRequestMethod", + "description": "Contains a single `values` item which is a list of HTTP request methods or verbs to match. Maximum size is 40 characters. Only allowed characters are A-Z, hyphen (-) and underscore (\\_). Comparison is case sensitive. Wildcards are not supported. Only one needs to match for the condition to be satisfied. AWS recommends that GET and HEAD requests are routed in the same way because the response to a HEAD request may be cached.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pathPattern": { + "$ref": "#/types/aws:lb/ListenerRuleConditionPathPattern:ListenerRuleConditionPathPattern", + "description": "Contains a single `values` item which is a list of path patterns to match against the request URL. Maximum size of each pattern is 128 characters. Comparison is case sensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). Only one pattern needs to match for the condition to be satisfied. Path pattern is compared only to the path of the URL, not to its query string. To compare against the query string, use a `query_string` condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryStrings": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerRuleConditionQueryString:ListenerRuleConditionQueryString" + }, + "description": "Query strings to match. Query String block fields documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceIp": { + "$ref": "#/types/aws:lb/ListenerRuleConditionSourceIp:ListenerRuleConditionSourceIp", + "description": "Contains a single `values` item which is a list of source IP CIDR notations to match. You can use both IPv4 and IPv6 addresses. Wildcards are not supported. Condition is satisfied if the source IP address of the request matches one of the CIDR blocks. Condition is not satisfied by the addresses in the `X-Forwarded-For` header, use `http_header` condition instead.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:lb/ListenerRuleConditionHostHeader:ListenerRuleConditionHostHeader": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:lb/ListenerRuleConditionHttpHeader:ListenerRuleConditionHttpHeader": { + "properties": { + "httpHeaderName": { + "type": "string", + "description": "Name of HTTP header to search. The maximum size is 40 characters. Comparison is case insensitive. Only RFC7240 characters are supported. Wildcards are not supported. You cannot use HTTP header condition to specify the host header, use a `host-header` condition instead.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "httpHeaderName", + "values" + ] + }, + "aws:lb/ListenerRuleConditionHttpRequestMethod:ListenerRuleConditionHttpRequestMethod": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:lb/ListenerRuleConditionPathPattern:ListenerRuleConditionPathPattern": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:lb/ListenerRuleConditionQueryString:ListenerRuleConditionQueryString": { + "properties": { + "key": { + "type": "string", + "description": "Query string key pattern to match.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Query string value pattern to match.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "aws:lb/ListenerRuleConditionSourceIp:ListenerRuleConditionSourceIp": { + "properties": { + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of header value patterns to match. Maximum size of each pattern is 128 characters. Comparison is case insensitive. Wildcard characters supported: * (matches 0 or more characters) and ? (matches exactly 1 character). If the same header appears multiple times in the request they will be searched in order until a match is found. Only one pattern needs to match for the condition to be satisfied. To require that all of the strings are a match, create one condition block per string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "values" + ] + }, + "aws:lb/LoadBalancerAccessLogs:LoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "description": "The S3 bucket name to store the logs in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `access_logs`. Defaults to `false`, even when `bucket` is specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The S3 bucket prefix. Logs are stored in the root if not configured.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "aws:lb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping": { + "properties": { + "allocationId": { + "type": "string", + "description": "The allocation ID of the Elastic IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6Address": { + "type": "string", + "description": "An ipv6 address within the subnet to assign to the internet-facing load balancer.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outpostId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateIpv4Address": { + "type": "string", + "description": "A private ipv4 address within the subnet to assign to the internal-facing load balancer.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "The id of the subnet of which to attach to the load balancer. You can specify only one subnet per Availability Zone.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "subnetId" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "outpostId", + "subnetId" + ] + } + } + }, + "aws:lb/TargetGroupHealthCheck:TargetGroupHealthCheck": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `stickiness`. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "healthyThreshold": { + "type": "integer", + "description": "Number of consecutive health checks successes required before considering an unhealthy target healthy. Defaults to 3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "description": "Approximate amount of time, in seconds, between health checks of an individual target. Minimum value 5 seconds, Maximum value 300 seconds. For `lambda` target groups, it needs to be greater as the `timeout` of the underlying `lambda`. Default 30 seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "matcher": { + "type": "string", + "description": "Response codes to use when checking for a healthy responses from a target. You can specify multiple values (for example, \"200,202\" for HTTP(s) or \"0,12\" for GRPC) or a range of values (for example, \"200-299\" or \"0-99\"). Required for HTTP/HTTPS/GRPC ALB. Only applies to Application Load Balancers (i.e., HTTP/HTTPS/GRPC) not Network Load Balancers (i.e., TCP).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "description": "Destination for the health check request. Required for HTTP/HTTPS ALB and HTTP NLB. Only applies to HTTP/HTTPS.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "description": "Amount of time, in seconds, during which no response means a failed health check. For Application Load Balancers, the range is 2 to 120 seconds, and the default is 5 seconds for the `instance` target type and 30 seconds for the `lambda` target type. For Network Load Balancers, you cannot set a custom value, and the default is 10 seconds for TCP and HTTPS health checks and 6 seconds for HTTP health checks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "description": "Number of consecutive health check failures required before considering the target unhealthy. For Network Load Balancers, this value must be the same as the `healthy_threshold`. Defaults to 3.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "matcher", + "path", + "timeout" + ] + } + } + }, + "aws:lb/TargetGroupStickiness:TargetGroupStickiness": { + "properties": { + "cookieDuration": { + "type": "integer", + "description": "Only used when the type is `lb_cookie`. The time period, in seconds, during which requests from a client should be routed to the same target. After this time period expires, the load balancer-generated cookie is considered stale. The range is 1 second to 1 week (604800 seconds). The default value is 1 day (86400 seconds).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookieName": { + "type": "string", + "description": "Name of the application based cookie. AWSALB, AWSALBAPP, and AWSALBTG prefixes are reserved and cannot be used. Only needed when type is `app_cookie`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Boolean to enable / disable `stickiness`. Default is `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of sticky sessions. The only current possible values are `lb_cookie`, `app_cookie` for ALBs, and `source_ip` for NLBs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:lb/getListenerDefaultAction:getListenerDefaultAction": { + "properties": { + "authenticateCognitos": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/getListenerDefaultActionAuthenticateCognito:getListenerDefaultActionAuthenticateCognito" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "authenticateOidcs": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/getListenerDefaultActionAuthenticateOidc:getListenerDefaultActionAuthenticateOidc" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "fixedResponses": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/getListenerDefaultActionFixedResponse:getListenerDefaultActionFixedResponse" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "forwards": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/getListenerDefaultActionForward:getListenerDefaultActionForward" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "order": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirects": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/getListenerDefaultActionRedirect:getListenerDefaultActionRedirect" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroupArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticateCognitos", + "authenticateOidcs", + "fixedResponses", + "forwards", + "order", + "redirects", + "targetGroupArn", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getListenerDefaultActionAuthenticateCognito:getListenerDefaultActionAuthenticateCognito": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolClientId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPoolDomain": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticationRequestExtraParams", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "userPoolArn", + "userPoolClientId", + "userPoolDomain" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getListenerDefaultActionAuthenticateOidc:getListenerDefaultActionAuthenticateOidc": { + "properties": { + "authenticationRequestExtraParams": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "authorizationEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "onUnauthenticatedRequest": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionCookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionTimeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authenticationRequestExtraParams", + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "onUnauthenticatedRequest", + "scope", + "sessionCookieName", + "sessionTimeout", + "tokenEndpoint", + "userInfoEndpoint" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getListenerDefaultActionFixedResponse:getListenerDefaultActionFixedResponse": { + "properties": { + "contentType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "messageBody": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "contentType", + "messageBody", + "statusCode" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getListenerDefaultActionForward:getListenerDefaultActionForward": { + "properties": { + "stickinesses": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/getListenerDefaultActionForwardStickiness:getListenerDefaultActionForwardStickiness" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "targetGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/getListenerDefaultActionForwardTargetGroup:getListenerDefaultActionForwardTargetGroup" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "stickinesses", + "targetGroups" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getListenerDefaultActionForwardStickiness:getListenerDefaultActionForwardStickiness": { + "properties": { + "duration": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "duration", + "enabled" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getListenerDefaultActionForwardTargetGroup:getListenerDefaultActionForwardTargetGroup": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the listener. Required if `load_balancer_arn` and `port` is not set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weight": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "weight" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getListenerDefaultActionRedirect:getListenerDefaultActionRedirect": { + "properties": { + "host": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "description": "Port of the listener. Required if `arn` is not set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "query": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "host", + "path", + "port", + "protocol", + "query", + "statusCode" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs": { + "properties": { + "bucket": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "enabled", + "prefix" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getLoadBalancerSubnetMapping:getLoadBalancerSubnetMapping": { + "properties": { + "allocationId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipv6Address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "outpostId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateIpv4Address": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allocationId", + "ipv6Address", + "outpostId", + "privateIpv4Address", + "subnetId" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getTargetGroupHealthCheck:getTargetGroupHealthCheck": { + "properties": { + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "healthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "interval": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "matcher": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "path": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeout": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "unhealthyThreshold": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled", + "healthyThreshold", + "interval", + "matcher", + "path", + "port", + "protocol", + "timeout", + "unhealthyThreshold" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lb/getTargetGroupStickiness:getTargetGroupStickiness": { + "properties": { + "cookieDuration": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "cookieName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cookieDuration", + "cookieName", + "enabled", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lex/BotAbortStatement:BotAbortStatement": { + "properties": { + "messages": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/BotAbortStatementMessage:BotAbortStatementMessage" + }, + "description": "A set of messages, each of which provides a message string and its type. You\ncan specify the message string in plain text or in Speech Synthesis Markup Language (SSML). Attributes\nare documented under message.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseCard": { + "type": "string", + "description": "The response card. Amazon Lex will substitute session attributes and\nslot values into the response card. For more information, see\n[Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "messages" + ] + }, + "aws:lex/BotAbortStatementMessage:BotAbortStatementMessage": { + "properties": { + "content": { + "type": "string", + "description": "The text of the message.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "contentType": { + "type": "string", + "description": "The content type of the message string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupNumber": { + "type": "integer", + "description": "Identifies the message group that the message belongs to. When a group\nis assigned to a message, Amazon Lex returns one message from each group in the response.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "content", + "contentType" + ] + }, + "aws:lex/BotAliasConversationLogs:BotAliasConversationLogs": { + "properties": { + "iamRoleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role used to write your logs to CloudWatch Logs or an S3 bucket. Must be between 20 and 2048 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/BotAliasConversationLogsLogSetting:BotAliasConversationLogsLogSetting" + }, + "description": "The settings for your conversation logs. You can log text, audio, or both. Attributes are documented under log_settings.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "iamRoleArn" + ] + }, + "aws:lex/BotAliasConversationLogsLogSetting:BotAliasConversationLogsLogSetting": { + "properties": { + "destination": { + "type": "string", + "description": "The destination where logs are delivered. Options are `CLOUDWATCH_LOGS` or `S3`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the key used to encrypt audio logs in an S3 bucket. This can only be specified when `destination` is set to `S3`. Must be between 20 and 2048 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logType": { + "type": "string", + "description": "The type of logging that is enabled. Options are `AUDIO` or `TEXT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the CloudWatch Logs log group or S3 bucket where the logs are delivered. Must be less than or equal to 2048 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourcePrefix": { + "type": "string", + "description": "The prefix of the S3 object key for `AUDIO` logs or the log stream name for `TEXT` logs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destination", + "logType", + "resourceArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "destination", + "logType", + "resourceArn", + "resourcePrefix" + ] + } + } + }, + "aws:lex/BotClarificationPrompt:BotClarificationPrompt": { + "properties": { + "maxAttempts": { + "type": "integer", + "description": "The number of times to prompt the user for information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messages": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/BotClarificationPromptMessage:BotClarificationPromptMessage" + }, + "description": "A set of messages, each of which provides a message string and its type. You\ncan specify the message string in plain text or in Speech Synthesis Markup Language (SSML). Attributes\nare documented under message.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseCard": { + "type": "string", + "description": "The response card. Amazon Lex will substitute session attributes and\nslot values into the response card. For more information, see\n[Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxAttempts", + "messages" + ] + }, + "aws:lex/BotClarificationPromptMessage:BotClarificationPromptMessage": { + "properties": { + "content": { + "type": "string", + "description": "The text of the message.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "contentType": { + "type": "string", + "description": "The content type of the message string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupNumber": { + "type": "integer", + "description": "Identifies the message group that the message belongs to. When a group\nis assigned to a message, Amazon Lex returns one message from each group in the response.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "content", + "contentType" + ] + }, + "aws:lex/BotIntent:BotIntent": { + "properties": { + "intentName": { + "type": "string", + "description": "The name of the intent. Must be less than or equal to 100 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "intentVersion": { + "type": "string", + "description": "The version of the intent. Must be less than or equal to 64 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "intentName", + "intentVersion" + ] + }, + "aws:lex/IntentConclusionStatement:IntentConclusionStatement": { + "properties": { + "messages": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/IntentConclusionStatementMessage:IntentConclusionStatementMessage" + }, + "description": "A set of messages, each of which provides a message string and its type.\nYou can specify the message string in plain text or in Speech Synthesis Markup Language (SSML).\nAttributes are documented under message. Must contain between 1 and 15 messages.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseCard": { + "type": "string", + "description": "The response card. Amazon Lex will substitute session attributes and\nslot values into the response card. For more information, see\n[Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "messages" + ] + }, + "aws:lex/IntentConclusionStatementMessage:IntentConclusionStatementMessage": { + "properties": { + "content": { + "type": "string", + "description": "The text of the message. Must be less than or equal to 1000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "contentType": { + "type": "string", + "description": "The content type of the message string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupNumber": { + "type": "integer", + "description": "Identifies the message group that the message belongs to. When a group\nis assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "content", + "contentType" + ] + }, + "aws:lex/IntentConfirmationPrompt:IntentConfirmationPrompt": { + "properties": { + "maxAttempts": { + "type": "integer", + "description": "The number of times to prompt the user for information. Must be a number between 1 and 5 (inclusive).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messages": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/IntentConfirmationPromptMessage:IntentConfirmationPromptMessage" + }, + "description": "A set of messages, each of which provides a message string and its type.\nYou can specify the message string in plain text or in Speech Synthesis Markup Language (SSML).\nAttributes are documented under message. Must contain between 1 and 15 messages.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseCard": { + "type": "string", + "description": "The response card. Amazon Lex will substitute session attributes and\nslot values into the response card. For more information, see\n[Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxAttempts", + "messages" + ] + }, + "aws:lex/IntentConfirmationPromptMessage:IntentConfirmationPromptMessage": { + "properties": { + "content": { + "type": "string", + "description": "The text of the message. Must be less than or equal to 1000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "contentType": { + "type": "string", + "description": "The content type of the message string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupNumber": { + "type": "integer", + "description": "Identifies the message group that the message belongs to. When a group\nis assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "content", + "contentType" + ] + }, + "aws:lex/IntentDialogCodeHook:IntentDialogCodeHook": { + "properties": { + "messageVersion": { + "type": "string", + "description": "The version of the request-response that you want Amazon Lex to use\nto invoke your Lambda function. For more information, see\n[Using Lambda Functions](https://docs.aws.amazon.com/lex/latest/dg/using-lambda.html). Must be less than or equal to 5 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uri": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "messageVersion", + "uri" + ] + }, + "aws:lex/IntentFollowUpPrompt:IntentFollowUpPrompt": { + "properties": { + "prompt": { + "$ref": "#/types/aws:lex/IntentFollowUpPromptPrompt:IntentFollowUpPromptPrompt", + "description": "Prompts for information from the user. Attributes are documented under prompt.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rejectionStatement": { + "$ref": "#/types/aws:lex/IntentFollowUpPromptRejectionStatement:IntentFollowUpPromptRejectionStatement", + "description": "If the user answers \"no\" to the question defined in the prompt field,\nAmazon Lex responds with this statement to acknowledge that the intent was canceled. Attributes are\ndocumented below under statement.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "prompt", + "rejectionStatement" + ] + }, + "aws:lex/IntentFollowUpPromptPrompt:IntentFollowUpPromptPrompt": { + "properties": { + "maxAttempts": { + "type": "integer", + "description": "The number of times to prompt the user for information. Must be a number between 1 and 5 (inclusive).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messages": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/IntentFollowUpPromptPromptMessage:IntentFollowUpPromptPromptMessage" + }, + "description": "A set of messages, each of which provides a message string and its type.\nYou can specify the message string in plain text or in Speech Synthesis Markup Language (SSML).\nAttributes are documented under message. Must contain between 1 and 15 messages.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseCard": { + "type": "string", + "description": "The response card. Amazon Lex will substitute session attributes and\nslot values into the response card. For more information, see\n[Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxAttempts", + "messages" + ] + }, + "aws:lex/IntentFollowUpPromptPromptMessage:IntentFollowUpPromptPromptMessage": { + "properties": { + "content": { + "type": "string", + "description": "The text of the message. Must be less than or equal to 1000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "contentType": { + "type": "string", + "description": "The content type of the message string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupNumber": { + "type": "integer", + "description": "Identifies the message group that the message belongs to. When a group\nis assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "content", + "contentType" + ] + }, + "aws:lex/IntentFollowUpPromptRejectionStatement:IntentFollowUpPromptRejectionStatement": { + "properties": { + "messages": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/IntentFollowUpPromptRejectionStatementMessage:IntentFollowUpPromptRejectionStatementMessage" + }, + "description": "A set of messages, each of which provides a message string and its type.\nYou can specify the message string in plain text or in Speech Synthesis Markup Language (SSML).\nAttributes are documented under message. Must contain between 1 and 15 messages.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseCard": { + "type": "string", + "description": "The response card. Amazon Lex will substitute session attributes and\nslot values into the response card. For more information, see\n[Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "messages" + ] + }, + "aws:lex/IntentFollowUpPromptRejectionStatementMessage:IntentFollowUpPromptRejectionStatementMessage": { + "properties": { + "content": { + "type": "string", + "description": "The text of the message. Must be less than or equal to 1000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "contentType": { + "type": "string", + "description": "The content type of the message string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupNumber": { + "type": "integer", + "description": "Identifies the message group that the message belongs to. When a group\nis assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "content", + "contentType" + ] + }, + "aws:lex/IntentFulfillmentActivity:IntentFulfillmentActivity": { + "properties": { + "codeHook": { + "$ref": "#/types/aws:lex/IntentFulfillmentActivityCodeHook:IntentFulfillmentActivityCodeHook", + "description": "A description of the Lambda function that is run to fulfill the intent.\nRequired if type is CodeHook. Attributes are documented under code_hook.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "How the intent should be fulfilled, either by running a Lambda function or by\nreturning the slot data to the client application.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:lex/IntentFulfillmentActivityCodeHook:IntentFulfillmentActivityCodeHook": { + "properties": { + "messageVersion": { + "type": "string", + "description": "The version of the request-response that you want Amazon Lex to use\nto invoke your Lambda function. For more information, see\n[Using Lambda Functions](https://docs.aws.amazon.com/lex/latest/dg/using-lambda.html). Must be less than or equal to 5 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uri": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Lambda function.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "messageVersion", + "uri" + ] + }, + "aws:lex/IntentRejectionStatement:IntentRejectionStatement": { + "properties": { + "messages": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/IntentRejectionStatementMessage:IntentRejectionStatementMessage" + }, + "description": "A set of messages, each of which provides a message string and its type.\nYou can specify the message string in plain text or in Speech Synthesis Markup Language (SSML).\nAttributes are documented under message. Must contain between 1 and 15 messages.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseCard": { + "type": "string", + "description": "The response card. Amazon Lex will substitute session attributes and\nslot values into the response card. For more information, see\n[Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "messages" + ] + }, + "aws:lex/IntentRejectionStatementMessage:IntentRejectionStatementMessage": { + "properties": { + "content": { + "type": "string", + "description": "The text of the message. Must be less than or equal to 1000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "contentType": { + "type": "string", + "description": "The content type of the message string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupNumber": { + "type": "integer", + "description": "Identifies the message group that the message belongs to. When a group\nis assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "content", + "contentType" + ] + }, + "aws:lex/IntentSlot:IntentSlot": { + "properties": { + "description": { + "type": "string", + "description": "A description of the bot. Must be less than or equal to 200 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the intent slot that you want to create. The name is case sensitive. Must be less than or equal to 100 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "integer", + "description": "Directs Lex the order in which to elicit this slot value from the user.\nFor example, if the intent has two slots with priorities 1 and 2, AWS Lex first elicits a value for\nthe slot with priority 1. If multiple slots share the same priority, the order in which Lex elicits\nvalues is arbitrary. Must be between 1 and 100.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseCard": { + "type": "string", + "description": "The response card. Amazon Lex will substitute session attributes and\nslot values into the response card. For more information, see\n[Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sampleUtterances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If you know a specific pattern with which users might respond to\nan Amazon Lex request for a slot value, you can provide those utterances to improve accuracy. This\nis optional. In most cases, Amazon Lex is capable of understanding user utterances. Must have between 1 and 10 items in the list, and each item must be less than or equal to 200 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "slotConstraint": { + "type": "string", + "description": "Specifies whether the slot is required or optional.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "slotType": { + "type": "string", + "description": "The type of the slot, either a custom slot type that you defined or one of\nthe built-in slot types. Must be less than or equal to 100 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "slotTypeVersion": { + "type": "string", + "description": "The version of the slot type. Must be less than or equal to 64 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "valueElicitationPrompt": { + "$ref": "#/types/aws:lex/IntentSlotValueElicitationPrompt:IntentSlotValueElicitationPrompt", + "description": "The prompt that Amazon Lex uses to elicit the slot value\nfrom the user. Attributes are documented under prompt.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "slotConstraint", + "slotType" + ] + }, + "aws:lex/IntentSlotValueElicitationPrompt:IntentSlotValueElicitationPrompt": { + "properties": { + "maxAttempts": { + "type": "integer", + "description": "The number of times to prompt the user for information. Must be a number between 1 and 5 (inclusive).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messages": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/IntentSlotValueElicitationPromptMessage:IntentSlotValueElicitationPromptMessage" + }, + "description": "A set of messages, each of which provides a message string and its type.\nYou can specify the message string in plain text or in Speech Synthesis Markup Language (SSML).\nAttributes are documented under message. Must contain between 1 and 15 messages.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseCard": { + "type": "string", + "description": "The response card. Amazon Lex will substitute session attributes and\nslot values into the response card. For more information, see\n[Example: Using a Response Card](https://docs.aws.amazon.com/lex/latest/dg/ex-resp-card.html). Must be less than or equal to 50000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "maxAttempts", + "messages" + ] + }, + "aws:lex/IntentSlotValueElicitationPromptMessage:IntentSlotValueElicitationPromptMessage": { + "properties": { + "content": { + "type": "string", + "description": "The text of the message. Must be less than or equal to 1000 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "contentType": { + "type": "string", + "description": "The content type of the message string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupNumber": { + "type": "integer", + "description": "Identifies the message group that the message belongs to. When a group\nis assigned to a message, Amazon Lex returns one message from each group in the response. Must be a number between 1 and 5 (inclusive).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "content", + "contentType" + ] + }, + "aws:lex/SlotTypeEnumerationValue:SlotTypeEnumerationValue": { + "properties": { + "synonyms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Additional values related to the slot type value. Each item must be less than or equal to 140 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the slot type. Must be less than or equal to 140 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "aws:lex/getSlotTypeEnumerationValue:getSlotTypeEnumerationValue": { + "properties": { + "synonyms": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "synonyms", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:lightsail/InstancePublicPortsPortInfo:InstancePublicPortsPortInfo": { + "properties": { + "cidrs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of CIDR blocks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fromPort": { + "type": "integer", + "description": "First port in a range of open ports on an instance.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "IP protocol name. Valid values are `tcp`, `all`, `udp`, and `icmp`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "Last port in a range of open ports on an instance.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fromPort", + "protocol", + "toPort" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "cidrs", + "fromPort", + "protocol", + "toPort" + ] + } + } + }, + "aws:macie/FindingsFilterFindingCriteria:FindingsFilterFindingCriteria": { + "properties": { + "criterions": { + "type": "array", + "items": { + "$ref": "#/types/aws:macie/FindingsFilterFindingCriteriaCriterion:FindingsFilterFindingCriteriaCriterion" + }, + "description": "A condition that specifies the property, operator, and one or more values to use to filter the results. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:macie/FindingsFilterFindingCriteriaCriterion:FindingsFilterFindingCriteriaCriterion": { + "properties": { + "eqExactMatches": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The value for the property exclusively matches (equals an exact match for) all the specified values. If you specify multiple values, Amazon Macie uses AND logic to join the values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "eqs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The value for the property matches (equals) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "field": { + "type": "string", + "description": "The name of the field to be evaluated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gt": { + "type": "string", + "description": "The value for the property is greater than the specified value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gte": { + "type": "string", + "description": "The value for the property is greater than or equal to the specified value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lt": { + "type": "string", + "description": "The value for the property is less than the specified value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lte": { + "type": "string", + "description": "The value for the property is less than or equal to the specified value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "neqs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The value for the property doesn't match (doesn't equal) the specified value. If you specify multiple values, Amazon Macie uses OR logic to join the values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "field" + ] + }, + "aws:macie/S3BucketAssociationClassificationType:S3BucketAssociationClassificationType": { + "properties": { + "continuous": { + "type": "string", + "description": "A string value indicating that Macie perform a one-time classification of all of the existing objects in the bucket.\nThe only valid value is the default value, `FULL`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "oneTime": { + "type": "string", + "description": "A string value indicating whether or not Macie performs a one-time classification of all of the existing objects in the bucket.\nValid values are `NONE` and `FULL`. Defaults to `NONE` indicating that Macie only classifies objects that are added after the association was created.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:macie2/ClassificationJobS3JobDefinition:ClassificationJobS3JobDefinition": { + "properties": { + "bucketDefinitions": { + "type": "array", + "items": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionBucketDefinition:ClassificationJobS3JobDefinitionBucketDefinition" + }, + "description": "An array of objects, one for each AWS account that owns buckets to analyze. Each object specifies the account ID for an account and one or more buckets to analyze for the account. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scoping": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScoping:ClassificationJobS3JobDefinitionScoping", + "description": "The property- and tag-based conditions that determine which objects to include or exclude from the analysis. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "scoping" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionBucketDefinition:ClassificationJobS3JobDefinitionBucketDefinition": { + "properties": { + "accountId": { + "type": "string", + "description": "The unique identifier for the AWS account that owns the buckets.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "buckets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array that lists the names of the buckets.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "accountId", + "buckets" + ] + }, + "aws:macie2/ClassificationJobS3JobDefinitionScoping:ClassificationJobS3JobDefinitionScoping": { + "properties": { + "excludes": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScopingExcludes:ClassificationJobS3JobDefinitionScopingExcludes", + "description": "The property- or tag-based conditions that determine which objects to exclude from the analysis. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "includes": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScopingIncludes:ClassificationJobS3JobDefinitionScopingIncludes", + "description": "The property- or tag-based conditions that determine which objects to include in the analysis. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "excludes", + "includes" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionScopingExcludes:ClassificationJobS3JobDefinitionScopingExcludes": { + "properties": { + "ands": { + "type": "array", + "items": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScopingExcludesAnd:ClassificationJobS3JobDefinitionScopingExcludesAnd" + }, + "description": "An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "ands" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionScopingExcludesAnd:ClassificationJobS3JobDefinitionScopingExcludesAnd": { + "properties": { + "simpleScopeTerm": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScopingExcludesAndSimpleScopeTerm:ClassificationJobS3JobDefinitionScopingExcludesAndSimpleScopeTerm", + "description": "A property-based condition that defines a property, operator, and one or more values for including or excluding an object from the job. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tagScopeTerm": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTerm:ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTerm", + "description": "A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an object from the job. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "simpleScopeTerm", + "tagScopeTerm" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionScopingExcludesAndSimpleScopeTerm:ClassificationJobS3JobDefinitionScopingExcludesAndSimpleScopeTerm": { + "properties": { + "comparator": { + "type": "string", + "description": "The operator to use in a condition. Valid values are: `EQ`, `GT`, `GTE`, `LT`, `LTE`, `NE`, `CONTAINS`, `STARTS_WITH`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The object property to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array that lists the values to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "comparator", + "key", + "values" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTerm:ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTerm": { + "properties": { + "comparator": { + "type": "string", + "description": "The operator to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The tag key to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tagValues": { + "type": "array", + "items": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTermTagValue:ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTermTagValue" + }, + "description": "The tag keys or tag key and value pairs to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "target": { + "type": "string", + "description": "The type of object to apply the condition to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "comparator", + "key", + "tagValues", + "target" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTermTagValue:ClassificationJobS3JobDefinitionScopingExcludesAndTagScopeTermTagValue": { + "properties": { + "key": { + "type": "string", + "description": "The object property to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "key", + "value" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionScopingIncludes:ClassificationJobS3JobDefinitionScopingIncludes": { + "properties": { + "ands": { + "type": "array", + "items": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScopingIncludesAnd:ClassificationJobS3JobDefinitionScopingIncludesAnd" + }, + "description": "An array of conditions, one for each condition that determines which objects to include or exclude from the job. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "ands" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionScopingIncludesAnd:ClassificationJobS3JobDefinitionScopingIncludesAnd": { + "properties": { + "simpleScopeTerm": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScopingIncludesAndSimpleScopeTerm:ClassificationJobS3JobDefinitionScopingIncludesAndSimpleScopeTerm", + "description": "A property-based condition that defines a property, operator, and one or more values for including or excluding an object from the job. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tagScopeTerm": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTerm:ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTerm", + "description": "A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding an object from the job. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "simpleScopeTerm", + "tagScopeTerm" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionScopingIncludesAndSimpleScopeTerm:ClassificationJobS3JobDefinitionScopingIncludesAndSimpleScopeTerm": { + "properties": { + "comparator": { + "type": "string", + "description": "The operator to use in a condition. Valid values are: `EQ`, `GT`, `GTE`, `LT`, `LTE`, `NE`, `CONTAINS`, `STARTS_WITH`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The object property to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array that lists the values to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "comparator", + "key", + "values" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTerm:ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTerm": { + "properties": { + "comparator": { + "type": "string", + "description": "The operator to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The tag key to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tagValues": { + "type": "array", + "items": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTermTagValue:ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTermTagValue" + }, + "description": "The tag keys or tag key and value pairs to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "target": { + "type": "string", + "description": "The type of object to apply the condition to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "comparator", + "key", + "target" + ] + } + } + }, + "aws:macie2/ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTermTagValue:ClassificationJobS3JobDefinitionScopingIncludesAndTagScopeTermTagValue": { + "properties": { + "key": { + "type": "string", + "description": "The object property to use in the condition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "key", + "value" + ] + } + } + }, + "aws:macie2/ClassificationJobScheduleFrequency:ClassificationJobScheduleFrequency": { + "properties": { + "dailySchedule": { + "type": "boolean", + "description": "Specifies a daily recurrence pattern for running the job.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "monthlySchedule": { + "type": "integer", + "description": "Specifies a monthly recurrence pattern for running the job.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "weeklySchedule": { + "type": "string", + "description": "Specifies a weekly recurrence pattern for running the job.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "monthlySchedule", + "weeklySchedule" + ] + } + } + }, + "aws:macie2/ClassificationJobUserPausedDetail:ClassificationJobUserPausedDetail": { + "properties": { + "jobExpiresAt": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "jobImminentExpirationHealthEventArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "jobPausedAt": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "jobExpiresAt", + "jobImminentExpirationHealthEventArn", + "jobPausedAt" + ] + } + } + }, + "aws:mediaconvert/QueueReservationPlanSettings:QueueReservationPlanSettings": { + "properties": { + "commitment": { + "type": "string", + "description": "The length of the term of your reserved queue pricing plan commitment. Valid value is `ONE_YEAR`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "renewalType": { + "type": "string", + "description": "Specifies whether the term of your reserved queue pricing plan. Valid values are `AUTO_RENEW` or `EXPIRE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "reservedSlots": { + "type": "integer", + "description": "Specifies the number of reserved transcode slots (RTS) for queue.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "commitment", + "renewalType", + "reservedSlots" + ] + }, + "aws:mediapackage/ChannelHlsIngest:ChannelHlsIngest": { + "properties": { + "ingestEndpoints": { + "type": "array", + "items": { + "$ref": "#/types/aws:mediapackage/ChannelHlsIngestIngestEndpoint:ChannelHlsIngestIngestEndpoint" + }, + "description": "A list of the ingest endpoints\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "ingestEndpoints" + ] + } + } + }, + "aws:mediapackage/ChannelHlsIngestIngestEndpoint:ChannelHlsIngestIngestEndpoint": { + "properties": { + "password": { + "type": "string", + "description": "The password\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "url": { + "type": "string", + "description": "The URL\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "username": { + "type": "string", + "description": "The username\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "password", + "url", + "username" + ] + } + } + }, + "aws:mq/BrokerConfiguration:BrokerConfiguration": { + "properties": { + "id": { + "type": "string", + "description": "The Configuration ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "revision": { + "type": "integer", + "description": "Revision of the Configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "id", + "revision" + ] + } + } + }, + "aws:mq/BrokerEncryptionOptions:BrokerEncryptionOptions": { + "properties": { + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Key Management Service (KMS) Customer Master Key (CMK) to use for encryption at rest. Requires setting `use_aws_owned_key` to `false`. To perform drift detection when AWS-managed CMKs or customer-managed CMKs are in use, this value must be configured.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "useAwsOwnedKey": { + "type": "boolean", + "description": "Whether to enable an AWS-owned KMS CMK that is not in your account. Defaults to `true`. Setting to `false` without configuring `kms_key_id` will create an AWS-managed CMK aliased to `aws/mq` in your account.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "kmsKeyId" + ] + } + } + }, + "aws:mq/BrokerInstance:BrokerInstance": { + "properties": { + "consoleUrl": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "endpoints": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "ipAddress": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "consoleUrl", + "endpoints", + "ipAddress" + ] + } + } + }, + "aws:mq/BrokerLdapServerMetadata:BrokerLdapServerMetadata": { + "properties": { + "hosts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of a fully qualified domain name of the LDAP server and an optional failover server.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleBase": { + "type": "string", + "description": "Fully qualified name of the directory to search for a user’s groups.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleName": { + "type": "string", + "description": "Specifies the LDAP attribute that identifies the group name attribute in the object returned from the group membership query.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleSearchMatching": { + "type": "string", + "description": "Search criteria for groups.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleSearchSubtree": { + "type": "boolean", + "description": "Whether the directory search scope is the entire sub-tree.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceAccountPassword": { + "type": "string", + "description": "Service account password.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceAccountUsername": { + "type": "string", + "description": "Service account username.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userBase": { + "type": "string", + "description": "Fully qualified name of the directory where you want to search for users.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userRoleName": { + "type": "string", + "description": "Specifies the name of the LDAP attribute for the user group membership.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userSearchMatching": { + "type": "string", + "description": "Search criteria for users.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userSearchSubtree": { + "type": "boolean", + "description": "Whether the directory search scope is the entire sub-tree.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:mq/BrokerLogs:BrokerLogs": { + "properties": { + "audit": { + "type": "boolean", + "description": "Enables audit logging. Auditing is only possible for `engine_type` of `ActiveMQ`. User management action made using JMX or the ActiveMQ Web Console is logged. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "general": { + "type": "boolean", + "description": "Enables general logging via CloudWatch. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:mq/BrokerMaintenanceWindowStartTime:BrokerMaintenanceWindowStartTime": { + "properties": { + "dayOfWeek": { + "type": "string", + "description": "Day of the week, e.g. `MONDAY`, `TUESDAY`, or `WEDNESDAY`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeOfDay": { + "type": "string", + "description": "Time, in 24-hour format, e.g. `02:00`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeZone": { + "type": "string", + "description": "Time zone in either the Country/City format or the UTC offset format, e.g. `CET`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dayOfWeek", + "timeOfDay", + "timeZone" + ] + }, + "aws:mq/BrokerUser:BrokerUser": { + "properties": { + "consoleAccess": { + "type": "boolean", + "description": "Whether to enable access to the [ActiveMQ Web Console](http://activemq.apache.org/web-console.html) for the user. Applies to `engine_type` of `ActiveMQ` only.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of groups (20 maximum) to which the ActiveMQ user belongs. Applies to `engine_type` of `ActiveMQ` only.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "password": { + "type": "string", + "description": "Password of the user. It must be 12 to 250 characters long, at least 4 unique characters, and must not contain commas.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "username": { + "type": "string", + "description": "Username of the user.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "password", + "username" + ] + }, + "aws:mq/getBrokerConfiguration:getBrokerConfiguration": { + "properties": { + "id": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "revision": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "id", + "revision" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:mq/getBrokerEncryptionOption:getBrokerEncryptionOption": { + "properties": { + "kmsKeyId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "useAwsOwnedKey": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "kmsKeyId", + "useAwsOwnedKey" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:mq/getBrokerInstance:getBrokerInstance": { + "properties": { + "consoleUrl": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "endpoints": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "ipAddress": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "consoleUrl", + "endpoints", + "ipAddress" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:mq/getBrokerLdapServerMetadata:getBrokerLdapServerMetadata": { + "properties": { + "hosts": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "roleBase": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleSearchMatching": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "roleSearchSubtree": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceAccountPassword": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceAccountUsername": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userBase": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userRoleName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userSearchMatching": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "userSearchSubtree": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "hosts", + "roleBase", + "roleName", + "roleSearchMatching", + "roleSearchSubtree", + "serviceAccountPassword", + "serviceAccountUsername", + "userBase", + "userRoleName", + "userSearchMatching", + "userSearchSubtree" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:mq/getBrokerLogs:getBrokerLogs": { + "properties": { + "audit": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "general": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "audit", + "general" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:mq/getBrokerMaintenanceWindowStartTime:getBrokerMaintenanceWindowStartTime": { + "properties": { + "dayOfWeek": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeOfDay": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeZone": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dayOfWeek", + "timeOfDay", + "timeZone" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:mq/getBrokerUser:getBrokerUser": { + "properties": { + "consoleAccess": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "groups": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "username": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "consoleAccess", + "groups", + "username" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:msk/ClusterBrokerNodeGroupInfo:ClusterBrokerNodeGroupInfo": { + "properties": { + "azDistribution": { + "type": "string", + "description": "The distribution of broker nodes across availability zones ([documentation](https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#clusters-model-brokerazdistribution)). Currently the only valid value is `DEFAULT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSubnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnets to connect to in client VPC ([documentation](https://docs.aws.amazon.com/msk/1.0/apireference/clusters.html#clusters-prop-brokernodegroupinfo-clientsubnets)).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ebsVolumeSize": { + "type": "integer", + "description": "The size in GiB of the EBS volume for the data drive on each broker node.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "Specify the instance type to use for the kafka brokers. e.g. kafka.m5.large. ([Pricing info](https://aws.amazon.com/msk/pricing/))\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the security groups to associate with the elastic network interfaces to control who can communicate with the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "clientSubnets", + "ebsVolumeSize", + "instanceType", + "securityGroups" + ] + }, + "aws:msk/ClusterClientAuthentication:ClusterClientAuthentication": { + "properties": { + "sasl": { + "$ref": "#/types/aws:msk/ClusterClientAuthenticationSasl:ClusterClientAuthenticationSasl", + "description": "Configuration block for specifying SASL client authentication. See below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tls": { + "$ref": "#/types/aws:msk/ClusterClientAuthenticationTls:ClusterClientAuthenticationTls", + "description": "Configuration block for specifying TLS client authentication. See below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:msk/ClusterClientAuthenticationSasl:ClusterClientAuthenticationSasl": { + "properties": { + "iam": { + "type": "boolean", + "description": "Enables IAM client authentication. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scram": { + "type": "boolean", + "description": "Enables SCRAM client authentication via AWS Secrets Manager. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:msk/ClusterClientAuthenticationTls:ClusterClientAuthenticationTls": { + "properties": { + "certificateAuthorityArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of ACM Certificate Authority Amazon Resource Names (ARNs).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:msk/ClusterConfigurationInfo:ClusterConfigurationInfo": { + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the MSK Configuration to use in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "revision": { + "type": "integer", + "description": "Revision of the MSK Configuration to use in the cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "revision" + ] + }, + "aws:msk/ClusterEncryptionInfo:ClusterEncryptionInfo": { + "properties": { + "encryptionAtRestKmsKeyArn": { + "type": "string", + "description": "You may specify a KMS key short ID or ARN (it will always output an ARN) to use for encrypting your data at rest. If no key is specified, an AWS managed KMS ('aws/msk' managed service) key will be used for encrypting the data at rest.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encryptionInTransit": { + "$ref": "#/types/aws:msk/ClusterEncryptionInfoEncryptionInTransit:ClusterEncryptionInfoEncryptionInTransit", + "description": "Configuration block to specify encryption in transit. See below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "encryptionAtRestKmsKeyArn" + ] + } + } + }, + "aws:msk/ClusterEncryptionInfoEncryptionInTransit:ClusterEncryptionInfoEncryptionInTransit": { + "properties": { + "clientBroker": { + "type": "string", + "description": "Encryption setting for data in transit between clients and brokers. Valid values: `TLS`, `TLS_PLAINTEXT`, and `PLAINTEXT`. Default value is `TLS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "inCluster": { + "type": "boolean", + "description": "Whether data communication among broker nodes is encrypted. Default value: `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:msk/ClusterLoggingInfo:ClusterLoggingInfo": { + "properties": { + "brokerLogs": { + "$ref": "#/types/aws:msk/ClusterLoggingInfoBrokerLogs:ClusterLoggingInfoBrokerLogs", + "description": "Configuration block for Broker Logs settings for logging info. See below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "brokerLogs" + ] + }, + "aws:msk/ClusterLoggingInfoBrokerLogs:ClusterLoggingInfoBrokerLogs": { + "properties": { + "cloudwatchLogs": { + "$ref": "#/types/aws:msk/ClusterLoggingInfoBrokerLogsCloudwatchLogs:ClusterLoggingInfoBrokerLogsCloudwatchLogs", + "language": { + "python": { + "mapCase": false + } + } + }, + "firehose": { + "$ref": "#/types/aws:msk/ClusterLoggingInfoBrokerLogsFirehose:ClusterLoggingInfoBrokerLogsFirehose", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3": { + "$ref": "#/types/aws:msk/ClusterLoggingInfoBrokerLogsS3:ClusterLoggingInfoBrokerLogsS3", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:msk/ClusterLoggingInfoBrokerLogsCloudwatchLogs:ClusterLoggingInfoBrokerLogsCloudwatchLogs": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Indicates whether you want to enable or disable streaming broker logs to Cloudwatch Logs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logGroup": { + "type": "string", + "description": "Name of the Cloudwatch Log Group to deliver logs to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ] + }, + "aws:msk/ClusterLoggingInfoBrokerLogsFirehose:ClusterLoggingInfoBrokerLogsFirehose": { + "properties": { + "deliveryStream": { + "type": "string", + "description": "Name of the Kinesis Data Firehose delivery stream to deliver logs to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether you want to enable or disable streaming broker logs to Cloudwatch Logs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ] + }, + "aws:msk/ClusterLoggingInfoBrokerLogsS3:ClusterLoggingInfoBrokerLogsS3": { + "properties": { + "bucket": { + "type": "string", + "description": "Name of the S3 bucket to deliver logs to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether you want to enable or disable streaming broker logs to Cloudwatch Logs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "Prefix to append to the folder name.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ] + }, + "aws:msk/ClusterOpenMonitoring:ClusterOpenMonitoring": { + "properties": { + "prometheus": { + "$ref": "#/types/aws:msk/ClusterOpenMonitoringPrometheus:ClusterOpenMonitoringPrometheus", + "description": "Configuration block for Prometheus settings for open monitoring. See below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "prometheus" + ] + }, + "aws:msk/ClusterOpenMonitoringPrometheus:ClusterOpenMonitoringPrometheus": { + "properties": { + "jmxExporter": { + "$ref": "#/types/aws:msk/ClusterOpenMonitoringPrometheusJmxExporter:ClusterOpenMonitoringPrometheusJmxExporter", + "description": "Configuration block for JMX Exporter. See below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "nodeExporter": { + "$ref": "#/types/aws:msk/ClusterOpenMonitoringPrometheusNodeExporter:ClusterOpenMonitoringPrometheusNodeExporter", + "description": "Configuration block for Node Exporter. See below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:msk/ClusterOpenMonitoringPrometheusJmxExporter:ClusterOpenMonitoringPrometheusJmxExporter": { + "properties": { + "enabledInBroker": { + "type": "boolean", + "description": "Indicates whether you want to enable or disable the JMX Exporter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabledInBroker" + ] + }, + "aws:msk/ClusterOpenMonitoringPrometheusNodeExporter:ClusterOpenMonitoringPrometheusNodeExporter": { + "properties": { + "enabledInBroker": { + "type": "boolean", + "description": "Indicates whether you want to enable or disable the JMX Exporter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabledInBroker" + ] + }, + "aws:mwaa/EnvironmentLastUpdated:EnvironmentLastUpdated": { + "properties": { + "createdAt": { + "type": "string", + "description": "The Created At date of the MWAA Environment\n* `logging_configuration[0].[0].cloud_watch_log_group_arn` - Provides the ARN for the CloudWatch group where the logs will be published\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "errors": { + "type": "array", + "items": { + "$ref": "#/types/aws:mwaa/EnvironmentLastUpdatedError:EnvironmentLastUpdatedError" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The status of the Amazon MWAA Environment\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "createdAt", + "errors", + "status" + ] + } + } + }, + "aws:mwaa/EnvironmentLastUpdatedError:EnvironmentLastUpdatedError": { + "properties": { + "errorCode": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "errorMessage": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "errorCode", + "errorMessage" + ] + } + } + }, + "aws:mwaa/EnvironmentLoggingConfiguration:EnvironmentLoggingConfiguration": { + "properties": { + "dagProcessingLogs": { + "$ref": "#/types/aws:mwaa/EnvironmentLoggingConfigurationDagProcessingLogs:EnvironmentLoggingConfigurationDagProcessingLogs", + "description": "(Optional) Log configuration options for processing DAGs. See Module logging configuration for more information. Disabled by default.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "schedulerLogs": { + "$ref": "#/types/aws:mwaa/EnvironmentLoggingConfigurationSchedulerLogs:EnvironmentLoggingConfigurationSchedulerLogs", + "description": "Log configuration options for the schedulers. See Module logging configuration for more information. Disabled by default.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "taskLogs": { + "$ref": "#/types/aws:mwaa/EnvironmentLoggingConfigurationTaskLogs:EnvironmentLoggingConfigurationTaskLogs", + "description": "Log configuration options for DAG tasks. See Module logging configuration for more information. Enabled by default with `INFO` log level.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "webserverLogs": { + "$ref": "#/types/aws:mwaa/EnvironmentLoggingConfigurationWebserverLogs:EnvironmentLoggingConfigurationWebserverLogs", + "description": "Log configuration options for the webservers. See Module logging configuration for more information. Disabled by default.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "workerLogs": { + "$ref": "#/types/aws:mwaa/EnvironmentLoggingConfigurationWorkerLogs:EnvironmentLoggingConfigurationWorkerLogs", + "description": "Log configuration options for the workers. See Module logging configuration for more information. Disabled by default.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "dagProcessingLogs", + "schedulerLogs", + "taskLogs", + "webserverLogs", + "workerLogs" + ] + } + } + }, + "aws:mwaa/EnvironmentLoggingConfigurationDagProcessingLogs:EnvironmentLoggingConfigurationDagProcessingLogs": { + "properties": { + "cloudWatchLogGroupArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enabling or disabling the collection of logs\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logLevel": { + "type": "string", + "description": "Logging level. Valid values: `CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`. Will be `INFO` by default.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudWatchLogGroupArn", + "enabled", + "logLevel" + ] + } + } + }, + "aws:mwaa/EnvironmentLoggingConfigurationSchedulerLogs:EnvironmentLoggingConfigurationSchedulerLogs": { + "properties": { + "cloudWatchLogGroupArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enabling or disabling the collection of logs\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logLevel": { + "type": "string", + "description": "Logging level. Valid values: `CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`. Will be `INFO` by default.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudWatchLogGroupArn", + "enabled", + "logLevel" + ] + } + } + }, + "aws:mwaa/EnvironmentLoggingConfigurationTaskLogs:EnvironmentLoggingConfigurationTaskLogs": { + "properties": { + "cloudWatchLogGroupArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enabling or disabling the collection of logs\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logLevel": { + "type": "string", + "description": "Logging level. Valid values: `CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`. Will be `INFO` by default.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudWatchLogGroupArn", + "enabled", + "logLevel" + ] + } + } + }, + "aws:mwaa/EnvironmentLoggingConfigurationWebserverLogs:EnvironmentLoggingConfigurationWebserverLogs": { + "properties": { + "cloudWatchLogGroupArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enabling or disabling the collection of logs\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logLevel": { + "type": "string", + "description": "Logging level. Valid values: `CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`. Will be `INFO` by default.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudWatchLogGroupArn", + "enabled", + "logLevel" + ] + } + } + }, + "aws:mwaa/EnvironmentLoggingConfigurationWorkerLogs:EnvironmentLoggingConfigurationWorkerLogs": { + "properties": { + "cloudWatchLogGroupArn": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Enabling or disabling the collection of logs\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logLevel": { + "type": "string", + "description": "Logging level. Valid values: `CRITICAL`, `ERROR`, `WARNING`, `INFO`, `DEBUG`. Will be `INFO` by default.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudWatchLogGroupArn", + "enabled", + "logLevel" + ] + } + } + }, + "aws:mwaa/EnvironmentNetworkConfiguration:EnvironmentNetworkConfiguration": { + "properties": { + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Security groups IDs for the environment. At least one of the security group needs to allow MWAA resources to talk to each other, otherwise MWAA cannot be provisioned.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The private subnet IDs in which the environment should be created. MWAA requires two subnets.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "securityGroupIds", + "subnetIds" + ] + }, + "aws:neptune/ClusterParameterGroupParameter:ClusterParameterGroupParameter": { + "properties": { + "applyMethod": { + "type": "string", + "description": "Valid values are `immediate` and `pending-reboot`. Defaults to `pending-reboot`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the neptune parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the neptune parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:neptune/ParameterGroupParameter:ParameterGroupParameter": { + "properties": { + "applyMethod": { + "type": "string", + "description": "The apply method of the Neptune parameter. Valid values are `immediate` and `pending-reboot`. Defaults to `pending-reboot`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the Neptune parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the Neptune parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:networkfirewall/FirewallFirewallStatus:FirewallFirewallStatus": { + "properties": { + "syncStates": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallFirewallStatusSyncState:FirewallFirewallStatusSyncState" + }, + "description": "Set of subnets configured for use by the firewall.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "syncStates" + ] + } + } + }, + "aws:networkfirewall/FirewallFirewallStatusSyncState:FirewallFirewallStatusSyncState": { + "properties": { + "attachments": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallFirewallStatusSyncStateAttachment:FirewallFirewallStatusSyncStateAttachment" + }, + "description": "Nested list describing the attachment status of the firewall's association with a single VPC subnet.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the subnet is configured.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "attachments", + "availabilityZone" + ] + } + } + }, + "aws:networkfirewall/FirewallFirewallStatusSyncStateAttachment:FirewallFirewallStatusSyncStateAttachment": { + "properties": { + "endpointId": { + "type": "string", + "description": "The identifier of the firewall endpoint that AWS Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "The unique identifier for the subnet.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "endpointId", + "subnetId" + ] + } + } + }, + "aws:networkfirewall/FirewallPolicyFirewallPolicy:FirewallPolicyFirewallPolicy": { + "properties": { + "statefulRuleGroupReferences": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallPolicyFirewallPolicyStatefulRuleGroupReference:FirewallPolicyFirewallPolicyStatefulRuleGroupReference" + }, + "description": "Set of configuration blocks containing references to the stateful rule groups that are used in the policy. See Stateful Rule Group Reference below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statelessCustomActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallPolicyFirewallPolicyStatelessCustomAction:FirewallPolicyFirewallPolicyStatelessCustomAction" + }, + "description": "Set of configuration blocks describing the custom action definitions that are available for use in the firewall policy's `stateless_default_actions`. See Stateless Custom Action below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statelessDefaultActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of actions to take on a packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`.\nIn addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statelessFragmentDefaultActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of actions to take on a fragmented packet if it does not match any of the stateless rules in the policy. You must specify one of the standard actions including: `aws:drop`, `aws:pass`, or `aws:forward_to_sfe`.\nIn addition, you can specify custom actions that are compatible with your standard action choice. If you want non-matching packets to be forwarded for stateful inspection, specify `aws:forward_to_sfe`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statelessRuleGroupReferences": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallPolicyFirewallPolicyStatelessRuleGroupReference:FirewallPolicyFirewallPolicyStatelessRuleGroupReference" + }, + "description": "Set of configuration blocks containing references to the stateless rule groups that are used in the policy. See Stateless Rule Group Reference below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statelessDefaultActions", + "statelessFragmentDefaultActions" + ] + }, + "aws:networkfirewall/FirewallPolicyFirewallPolicyStatefulRuleGroupReference:FirewallPolicyFirewallPolicyStatefulRuleGroupReference": { + "properties": { + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the stateful rule group.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "resourceArn" + ] + }, + "aws:networkfirewall/FirewallPolicyFirewallPolicyStatelessCustomAction:FirewallPolicyFirewallPolicyStatelessCustomAction": { + "properties": { + "actionDefinition": { + "$ref": "#/types/aws:networkfirewall/FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition:FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition", + "description": "A configuration block describing the custom action associated with the `action_name`. See Action Definition below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "actionName": { + "type": "string", + "description": "A friendly name of the custom action.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "actionDefinition", + "actionName" + ] + }, + "aws:networkfirewall/FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition:FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinition": { + "properties": { + "publishMetricAction": { + "$ref": "#/types/aws:networkfirewall/FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction:FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction", + "description": "A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "publishMetricAction" + ] + }, + "aws:networkfirewall/FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction:FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricAction": { + "properties": { + "dimensions": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension:FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension" + }, + "description": "Set of configuration blocks describing dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dimensions" + ] + }, + "aws:networkfirewall/FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension:FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionDimension": { + "properties": { + "value": { + "type": "string", + "description": "The string value to use in the custom metric dimension.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "aws:networkfirewall/FirewallPolicyFirewallPolicyStatelessRuleGroupReference:FirewallPolicyFirewallPolicyStatelessRuleGroupReference": { + "properties": { + "priority": { + "type": "integer", + "description": "An integer setting that indicates the order in which to run the stateless rule groups in a single policy. AWS Network Firewall applies each stateless rule group to a packet starting with the group that has the lowest priority setting.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the stateless rule group.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "resourceArn" + ] + }, + "aws:networkfirewall/FirewallSubnetMapping:FirewallSubnetMapping": { + "properties": { + "subnetId": { + "type": "string", + "description": "The unique identifier for the subnet.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "subnetId" + ] + }, + "aws:networkfirewall/LoggingConfigurationLoggingConfiguration:LoggingConfigurationLoggingConfiguration": { + "properties": { + "logDestinationConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/LoggingConfigurationLoggingConfigurationLogDestinationConfig:LoggingConfigurationLoggingConfigurationLogDestinationConfig" + }, + "description": "Set of configuration blocks describing the logging details for a firewall. See Log Destination Config below for details. At most, only two blocks can be specified; one for `FLOW` logs and one for `ALERT` logs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "logDestinationConfigs" + ] + }, + "aws:networkfirewall/LoggingConfigurationLoggingConfigurationLogDestinationConfig:LoggingConfigurationLoggingConfigurationLogDestinationConfig": { + "properties": { + "logDestination": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map describing the logging destination for the chosen `log_destination_type`.\n* For an Amazon S3 bucket, specify the key `bucketName` with the name of the bucket and optionally specify the key `prefix` with a path.\n* For a CloudWatch log group, specify the key `logGroup` with the name of the CloudWatch log group.\n* For a Kinesis Data Firehose delivery stream, specify the key `deliveryStream` with the name of the delivery stream.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logDestinationType": { + "type": "string", + "description": "The location to send logs to. Valid values: `S3`, `CloudWatchLogs`, `KinesisDataFirehose`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logType": { + "type": "string", + "description": "The type of log to send. Valid values: `ALERT` or `FLOW`. Alert logs report traffic that matches a `StatefulRule` with an action setting that sends a log message. Flow logs are standard network traffic flow logs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "logDestination", + "logDestinationType", + "logType" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroup:RuleGroupRuleGroup": { + "properties": { + "ruleVariables": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRuleVariables:RuleGroupRuleGroupRuleVariables", + "description": "A configuration block that defines additional settings available to use in the rules defined in the rule group. Can only be specified for **stateful** rule groups. See Rule Variables below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rulesSource": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSource:RuleGroupRuleGroupRulesSource", + "description": "A configuration block that defines the stateful or stateless rules for the rule group. See Rules Source below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "rulesSource" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRuleVariables:RuleGroupRuleGroupRuleVariables": { + "properties": { + "ipSets": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRuleVariablesIpSet:RuleGroupRuleGroupRuleVariablesIpSet" + }, + "description": "Set of configuration blocks that define IP address information. See IP Sets below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "portSets": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRuleVariablesPortSet:RuleGroupRuleGroupRuleVariablesPortSet" + }, + "description": "Set of configuration blocks that define port range information. See Port Sets below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:networkfirewall/RuleGroupRuleGroupRuleVariablesIpSet:RuleGroupRuleGroupRuleVariablesIpSet": { + "properties": { + "ipSet": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRuleVariablesIpSetIpSet:RuleGroupRuleGroupRuleVariablesIpSetIpSet", + "description": "A configuration block that defines a set of IP addresses. See IP Set below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "A unique alphanumeric string to identify the `ip_set`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "ipSet", + "key" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRuleVariablesIpSetIpSet:RuleGroupRuleGroupRuleVariablesIpSetIpSet": { + "properties": { + "definitions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of IP addresses and address ranges, in CIDR notation.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "definitions" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRuleVariablesPortSet:RuleGroupRuleGroupRuleVariablesPortSet": { + "properties": { + "key": { + "type": "string", + "description": "An unique alphanumeric string to identify the `port_set`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "portSet": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRuleVariablesPortSetPortSet:RuleGroupRuleGroupRuleVariablesPortSetPortSet", + "description": "A configuration block that defines a set of port ranges. See Port Set below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "portSet" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRuleVariablesPortSetPortSet:RuleGroupRuleGroupRuleVariablesPortSetPortSet": { + "properties": { + "definitions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of port ranges.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "definitions" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSource:RuleGroupRuleGroupRulesSource": { + "properties": { + "rulesSourceList": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceRulesSourceList:RuleGroupRuleGroupRulesSourceRulesSourceList", + "description": "A configuration block containing **stateful** inspection criteria for a domain list rule group. See Rules Source List below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rulesString": { + "type": "string", + "description": "The fully qualified name of a file in an S3 bucket that contains Suricata compatible intrusion preventions system (IPS) rules or the Suricata rules as a string. These rules contain **stateful** inspection criteria and the action to take for traffic that matches the criteria.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statefulRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatefulRule:RuleGroupRuleGroupRulesSourceStatefulRule" + }, + "description": "Set of configuration blocks containing **stateful** inspection criteria for 5-tuple rules to be used together in a rule group. See Stateful Rule below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statelessRulesAndCustomActions": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActions:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActions", + "description": "A configuration block containing **stateless** inspection criteria for a stateless rule group. See Stateless Rules and Custom Actions below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceRulesSourceList:RuleGroupRuleGroupRulesSourceRulesSourceList": { + "properties": { + "generatedRulesType": { + "type": "string", + "description": "String value to specify whether domains in the target list are allowed or denied access. Valid values: `ALLOWLIST`, `DENYLIST`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of types of domain specifications that are provided in the `targets` argument. Valid values: `HTTP_HOST`, `TLS_SNI`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of domains that you want to inspect for in your traffic flows.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "generatedRulesType", + "targetTypes", + "targets" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatefulRule:RuleGroupRuleGroupRulesSourceStatefulRule": { + "properties": { + "action": { + "type": "string", + "description": "Action to take with packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, AWS Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow. Valid values: `ALERT`, `DROP` or `PASS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "header": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatefulRuleHeader:RuleGroupRuleGroupRulesSourceStatefulRuleHeader", + "description": "A configuration block containing the stateful 5-tuple inspection criteria for the rule, used to inspect traffic flows. See Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatefulRuleRuleOption:RuleGroupRuleGroupRulesSourceStatefulRuleRuleOption" + }, + "description": "Set of configuration blocks containing additional settings for a stateful rule. See Rule Option below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "header", + "ruleOptions" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatefulRuleHeader:RuleGroupRuleGroupRulesSourceStatefulRuleHeader": { + "properties": { + "destination": { + "type": "string", + "description": "The destination IP address or address range to inspect for, in CIDR notation. To match with any address, specify `ANY`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "destinationPort": { + "type": "string", + "description": "The destination port to inspect for. To match with any address, specify `ANY`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "direction": { + "type": "string", + "description": "The direction of traffic flow to inspect. Valid values: `ANY` or `FORWARD`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocol": { + "type": "string", + "description": "The protocol to inspect. Valid values: `IP`, `TCP`, `UDP`, `ICMP`, `HTTP`, `FTP`, `TLS`, `SMB`, `DNS`, `DCERPC`, `SSH`, `SMTP`, `IMAP`, `MSN`, `KRB5`, `IKEV2`, `TFTP`, `NTP`, `DHCP`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "source": { + "type": "string", + "description": "The source IP address or address range for, in CIDR notation. To match with any address, specify `ANY`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourcePort": { + "type": "string", + "description": "The source port to inspect for. To match with any address, specify `ANY`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destination", + "destinationPort", + "direction", + "protocol", + "source", + "sourcePort" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatefulRuleRuleOption:RuleGroupRuleGroupRulesSourceStatefulRuleRuleOption": { + "properties": { + "keyword": { + "type": "string", + "description": "Keyword defined by open source detection systems like Snort or Suricata for stateful rule inspection.\nSee [Snort General Rule Options](http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node31.html) or [Suricata Rule Options](https://suricata.readthedocs.io/en/suricata-5.0.1/rules/intro.html#rule-options) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "settings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of strings for additional settings to use in stateful rule inspection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "keyword" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActions:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActions": { + "properties": { + "customActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomAction:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomAction" + }, + "description": "Set of configuration blocks containing custom action definitions that are available for use by the set of `stateless rule`. See Custom Action below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statelessRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRule:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRule" + }, + "description": "Set of configuration blocks containing the stateless rules for use in the stateless rule group. See Stateless Rule below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statelessRules" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomAction:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomAction": { + "properties": { + "actionDefinition": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinition:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinition", + "description": "A configuration block describing the custom action associated with the `action_name`. See Action Definition below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "actionName": { + "type": "string", + "description": "A friendly name of the custom action.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "actionDefinition", + "actionName" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinition:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinition": { + "properties": { + "publishMetricAction": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricAction:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricAction", + "description": "A configuration block describing the stateless inspection criteria that publishes the specified metrics to Amazon CloudWatch for the matching packet. You can pair this custom action with any of the standard stateless rule actions. See Publish Metric Action below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "publishMetricAction" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricAction:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricAction": { + "properties": { + "dimensions": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionDimension:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionDimension" + }, + "description": "Set of configuration blocks containing the dimension settings to use for Amazon CloudWatch custom metrics. See Dimension below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dimensions" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionDimension:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsCustomActionActionDefinitionPublishMetricActionDimension": { + "properties": { + "value": { + "type": "string", + "description": "The value to use in the custom metric dimension.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRule:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRule": { + "properties": { + "priority": { + "type": "integer", + "description": "A setting that indicates the order in which to run this rule relative to all of the rules that are defined for a stateless rule group. AWS Network Firewall evaluates the rules in a rule group starting with the lowest priority setting.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleDefinition": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinition:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinition", + "description": "A configuration block defining the stateless 5-tuple packet inspection criteria and the action to take on a packet that matches the criteria. See Rule Definition below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "ruleDefinition" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinition:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinition": { + "properties": { + "actions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of actions to take on a packet that matches one of the stateless rule definition's `match_attributes`. For every rule you must specify 1 standard action, and you can add custom actions. Standard actions include: `aws:pass`, `aws:drop`, `aws:forward_to_sfe`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "matchAttributes": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributes:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributes", + "description": "A configuration block containing criteria for AWS Network Firewall to use to inspect an individual packet in stateless rule inspection. See Match Attributes below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "actions", + "matchAttributes" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributes:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributes": { + "properties": { + "destinationPorts": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationPort:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationPort" + }, + "description": "Set of configuration blocks describing the destination ports to inspect for. If not specified, this matches with any destination port. See Destination Port below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "destinations": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestination:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestination" + }, + "description": "Set of configuration blocks describing the destination IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. See Destination below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "protocols": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "Set of protocols to inspect for, specified using the protocol's assigned internet protocol number (IANA). If not specified, this matches with any protocol.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourcePorts": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourcePort:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourcePort" + }, + "description": "Set of configuration blocks describing the source ports to inspect for. If not specified, this matches with any source port. See Source Port below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sources": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSource:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSource" + }, + "description": "Set of configuration blocks describing the source IP address and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. See Source below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tcpFlags": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesTcpFlag:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesTcpFlag" + }, + "description": "Set of configuration blocks containing the TCP flags and masks to inspect for. If not specified, this matches with any settings.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestination:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestination": { + "properties": { + "addressDefinition": { + "type": "string", + "description": "An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "addressDefinition" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationPort:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesDestinationPort": { + "properties": { + "fromPort": { + "type": "integer", + "description": "The lower limit of the port range. This must be less than or equal to the `to_port`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "The upper limit of the port range. This must be greater than or equal to the `from_port`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fromPort" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSource:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSource": { + "properties": { + "addressDefinition": { + "type": "string", + "description": "An IP address or a block of IP addresses in CIDR notation. AWS Network Firewall supports all address ranges for IPv4.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "addressDefinition" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourcePort:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesSourcePort": { + "properties": { + "fromPort": { + "type": "integer", + "description": "The lower limit of the port range. This must be less than or equal to the `to_port`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "toPort": { + "type": "integer", + "description": "The upper limit of the port range. This must be greater than or equal to the `from_port`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fromPort" + ] + }, + "aws:networkfirewall/RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesTcpFlag:RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsStatelessRuleRuleDefinitionMatchAttributesTcpFlag": { + "properties": { + "flags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of flags to look for in a packet. This setting can only specify values that are also specified in `masks`.\nValid values: `FIN`, `SYN`, `RST`, `PSH`, `ACK`, `URG`, `ECE`, `CWR`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "masks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of flags to consider in the inspection. To inspect all flags, leave this empty.\nValid values: `FIN`, `SYN`, `RST`, `PSH`, `ACK`, `URG`, `ECE`, `CWR`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "flags" + ] + }, + "aws:opsworks/ApplicationAppSource:ApplicationAppSource": { + "properties": { + "password": { + "type": "string", + "description": "Password to use when authenticating to the source. This provider cannot perform drift detection of this configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "revision": { + "type": "string", + "description": "For sources that are version-aware, the revision to use.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sshKey": { + "type": "string", + "description": "SSH key to use when authenticating to the source. This provider cannot perform drift detection of this configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of source to use. For example, \"archive\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "url": { + "type": "string", + "description": "The URL where the app resource can be found.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "username": { + "type": "string", + "description": "Username to use when authenticating to the source.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:opsworks/ApplicationEnvironment:ApplicationEnvironment": { + "properties": { + "key": { + "type": "string", + "description": "Variable name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "secure": { + "type": "boolean", + "description": "Set visibility of the variable value to `true` or `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Variable value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "value" + ] + }, + "aws:opsworks/ApplicationSslConfiguration:ApplicationSslConfiguration": { + "properties": { + "certificate": { + "type": "string", + "description": "The contents of the certificate's domain.crt file.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "chain": { + "type": "string", + "description": "Can be used to specify an intermediate certificate authority key or client authentication.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "privateKey": { + "type": "string", + "description": "The private key; the contents of the certificate's domain.key file.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "certificate", + "privateKey" + ] + }, + "aws:opsworks/CustomLayerEbsVolume:CustomLayerEbsVolume": { + "properties": { + "encrypted": { + "type": "boolean", + "description": "Encrypt the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "For PIOPS volumes, the IOPS per disk.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The path to mount the EBS volume on the layer's instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfDisks": { + "type": "integer", + "description": "The number of disks to use for the EBS volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "raidLevel": { + "type": "string", + "description": "The RAID level to use for the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mountPoint", + "numberOfDisks", + "size" + ] + }, + "aws:opsworks/GangliaLayerEbsVolume:GangliaLayerEbsVolume": { + "properties": { + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "For PIOPS volumes, the IOPS per disk.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The path to mount the EBS volume on the layer's instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfDisks": { + "type": "integer", + "description": "The number of disks to use for the EBS volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "raidLevel": { + "type": "string", + "description": "The RAID level to use for the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mountPoint", + "numberOfDisks", + "size" + ] + }, + "aws:opsworks/HaproxyLayerEbsVolume:HaproxyLayerEbsVolume": { + "properties": { + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "For PIOPS volumes, the IOPS per disk.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The path to mount the EBS volume on the layer's instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfDisks": { + "type": "integer", + "description": "The number of disks to use for the EBS volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "raidLevel": { + "type": "string", + "description": "The RAID level to use for the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mountPoint", + "numberOfDisks", + "size" + ] + }, + "aws:opsworks/InstanceEbsBlockDevice:InstanceEbsBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "snapshotId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "deviceName", + "iops", + "snapshotId", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:opsworks/InstanceEphemeralBlockDevice:InstanceEphemeralBlockDevice": { + "properties": { + "deviceName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "virtualName": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceName", + "virtualName" + ] + }, + "aws:opsworks/InstanceRootBlockDevice:InstanceRootBlockDevice": { + "properties": { + "deleteOnTermination": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeSize": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + }, + "volumeType": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "iops", + "volumeSize", + "volumeType" + ] + } + } + }, + "aws:opsworks/JavaAppLayerEbsVolume:JavaAppLayerEbsVolume": { + "properties": { + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "For PIOPS volumes, the IOPS per disk.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The path to mount the EBS volume on the layer's instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfDisks": { + "type": "integer", + "description": "The number of disks to use for the EBS volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "raidLevel": { + "type": "string", + "description": "The RAID level to use for the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mountPoint", + "numberOfDisks", + "size" + ] + }, + "aws:opsworks/MemcachedLayerEbsVolume:MemcachedLayerEbsVolume": { + "properties": { + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "For PIOPS volumes, the IOPS per disk.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The path to mount the EBS volume on the layer's instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfDisks": { + "type": "integer", + "description": "The number of disks to use for the EBS volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "raidLevel": { + "type": "string", + "description": "The RAID level to use for the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mountPoint", + "numberOfDisks", + "size" + ] + }, + "aws:opsworks/MysqlLayerEbsVolume:MysqlLayerEbsVolume": { + "properties": { + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "For PIOPS volumes, the IOPS per disk.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The path to mount the EBS volume on the layer's instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfDisks": { + "type": "integer", + "description": "The number of disks to use for the EBS volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "raidLevel": { + "type": "string", + "description": "The RAID level to use for the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mountPoint", + "numberOfDisks", + "size" + ] + }, + "aws:opsworks/NodejsAppLayerEbsVolume:NodejsAppLayerEbsVolume": { + "properties": { + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "For PIOPS volumes, the IOPS per disk.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The path to mount the EBS volume on the layer's instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfDisks": { + "type": "integer", + "description": "The number of disks to use for the EBS volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "raidLevel": { + "type": "string", + "description": "The RAID level to use for the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mountPoint", + "numberOfDisks", + "size" + ] + }, + "aws:opsworks/PhpAppLayerEbsVolume:PhpAppLayerEbsVolume": { + "properties": { + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "For PIOPS volumes, the IOPS per disk.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The path to mount the EBS volume on the layer's instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfDisks": { + "type": "integer", + "description": "The number of disks to use for the EBS volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "raidLevel": { + "type": "string", + "description": "The RAID level to use for the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mountPoint", + "numberOfDisks", + "size" + ] + }, + "aws:opsworks/RailsAppLayerEbsVolume:RailsAppLayerEbsVolume": { + "properties": { + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "For PIOPS volumes, the IOPS per disk.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The path to mount the EBS volume on the layer's instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfDisks": { + "type": "integer", + "description": "The number of disks to use for the EBS volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "raidLevel": { + "type": "string", + "description": "The RAID level to use for the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mountPoint", + "numberOfDisks", + "size" + ] + }, + "aws:opsworks/StackCustomCookbooksSource:StackCustomCookbooksSource": { + "properties": { + "password": { + "type": "string", + "description": "Password to use when authenticating to the source. The provider cannot perform drift detection of this configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "revision": { + "type": "string", + "description": "For sources that are version-aware, the revision to use.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sshKey": { + "type": "string", + "description": "SSH key to use when authenticating to the source. The provider cannot perform drift detection of this configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of source to use. For example, \"archive\".\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "url": { + "type": "string", + "description": "The URL where the cookbooks resource can be found.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "username": { + "type": "string", + "description": "Username to use when authenticating to the source.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "url" + ] + }, + "aws:opsworks/StaticWebLayerEbsVolume:StaticWebLayerEbsVolume": { + "properties": { + "encrypted": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "iops": { + "type": "integer", + "description": "For PIOPS volumes, the IOPS per disk.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPoint": { + "type": "string", + "description": "The path to mount the EBS volume on the layer's instances.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "numberOfDisks": { + "type": "integer", + "description": "The number of disks to use for the EBS volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "raidLevel": { + "type": "string", + "description": "The RAID level to use for the volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size of the volume in gigabytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of volume to create. This may be `standard` (the default), `io1` or `gp2`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mountPoint", + "numberOfDisks", + "size" + ] + }, + "aws:organizations/OrganizationAccount:OrganizationAccount": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "email": { + "type": "string", + "description": "Email of the account\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Identifier of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the policy type\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The status of the policy type as it relates to the associated root\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "arn", + "email", + "id", + "name", + "status" + ] + } + } + }, + "aws:organizations/OrganizationNonMasterAccount:OrganizationNonMasterAccount": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "email": { + "type": "string", + "description": "Email of the account\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Identifier of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the policy type\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The status of the policy type as it relates to the associated root\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "arn", + "email", + "id", + "name", + "status" + ] + } + } + }, + "aws:organizations/OrganizationRoot:OrganizationRoot": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Identifier of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the policy type\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "policyTypes": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/OrganizationRootPolicyType:OrganizationRootPolicyType" + }, + "description": "List of policy types enabled for this root. All elements have these attributes:\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "arn", + "id", + "name", + "policyTypes" + ] + } + } + }, + "aws:organizations/OrganizationRootPolicyType:OrganizationRootPolicyType": { + "properties": { + "status": { + "type": "string", + "description": "The status of the policy type as it relates to the associated root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "status", + "type" + ] + } + } + }, + "aws:organizations/OrganizationalUnitAccount:OrganizationalUnitAccount": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the organizational unit\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "email": { + "type": "string", + "description": "Email of the account\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Identifier of the organization unit\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name for the organizational unit\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "arn", + "email", + "id", + "name" + ] + } + } + }, + "aws:organizations/getDelegatedAdministratorsDelegatedAdministrator:getDelegatedAdministratorsDelegatedAdministrator": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the delegated administrator's account.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "delegationEnabledDate": { + "type": "string", + "description": "The date when the account was made a delegated administrator.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "email": { + "type": "string", + "description": "The email address that is associated with the delegated administrator's AWS account.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "The unique identifier (ID) of the delegated administrator's account.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "joinedMethod": { + "type": "string", + "description": "The method by which the delegated administrator's account joined the organization.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "joinedTimestamp": { + "type": "string", + "description": "The date when the delegated administrator's account became a part of the organization.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The friendly name of the delegated administrator's account.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The status of the delegated administrator's account in the organization.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "delegationEnabledDate", + "email", + "id", + "joinedMethod", + "joinedTimestamp", + "name", + "status" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:organizations/getDelegatedServicesDelegatedService:getDelegatedServicesDelegatedService": { + "properties": { + "delegationEnabledDate": { + "type": "string", + "description": "The date that the account became a delegated administrator for this service.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "servicePrincipal": { + "type": "string", + "description": "The name of an AWS service that can request an operation for the specified service.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "delegationEnabledDate", + "servicePrincipal" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:organizations/getOrganizationAccount:getOrganizationAccount": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "email": { + "type": "string", + "description": "Email of the account\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Identifier of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the policy type\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The status of the policy type as it relates to the associated root\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "email", + "id", + "name", + "status" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:organizations/getOrganizationNonMasterAccount:getOrganizationNonMasterAccount": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "email": { + "type": "string", + "description": "Email of the account\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Identifier of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the policy type\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The status of the policy type as it relates to the associated root\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "email", + "id", + "name", + "status" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:organizations/getOrganizationRoot:getOrganizationRoot": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Identifier of the root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the policy type\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "policyTypes": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/getOrganizationRootPolicyType:getOrganizationRootPolicyType" + }, + "description": "List of policy types enabled for this root. All elements have these attributes:\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "id", + "name", + "policyTypes" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:organizations/getOrganizationRootPolicyType:getOrganizationRootPolicyType": { + "properties": { + "status": { + "type": "string", + "description": "The status of the policy type as it relates to the associated root\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "status", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:organizations/getOrganizationalUnitsChildren:getOrganizationalUnitsChildren": { + "properties": { + "arn": { + "type": "string", + "description": "ARN of the organizational unit\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Parent identifier of the organizational units.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the organizational unit\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "id", + "name" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:pinpoint/AppCampaignHook:AppCampaignHook": { + "properties": { + "lambdaFunctionName": { + "type": "string", + "description": "Lambda function name or ARN to be called for delivery. Conflicts with `web_url`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mode": { + "type": "string", + "description": "What mode Lambda should be invoked in. Valid values for this parameter are `DELIVERY`, `FILTER`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "webUrl": { + "type": "string", + "description": "Web URL to call for hook. If the URL has authentication specified it will be added as authentication to the request. Conflicts with `lambda_function_name`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:pinpoint/AppLimits:AppLimits": { + "properties": { + "daily": { + "type": "integer", + "description": "The maximum number of messages that the campaign can send daily.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maximumDuration": { + "type": "integer", + "description": "The length of time (in seconds) that the campaign can run before it ends and message deliveries stop. This duration begins at the scheduled start time for the campaign. The minimum value is 60.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "messagesPerSecond": { + "type": "integer", + "description": "The number of messages that the campaign can send per second. The minimum value is 50, and the maximum is 20000.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "total": { + "type": "integer", + "description": "The maximum total number of messages that the campaign can send.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:pinpoint/AppQuietTime:AppQuietTime": { + "properties": { + "end": { + "type": "string", + "description": "The default end time for quiet time in ISO 8601 format. Required if `start` is set\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "The default start time for quiet time in ISO 8601 format. Required if `end` is set\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:pricing/getProductFilter:getProductFilter": { + "properties": { + "field": { + "type": "string", + "description": "The product attribute name that you want to filter on.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The product attribute value that you want to filter on.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "field", + "value" + ] + }, + "aws:ram/getResourceShareFilter:getResourceShareFilter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the tag key to filter on.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The value of the tag key.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:rds/ClusterParameterGroupParameter:ClusterParameterGroupParameter": { + "properties": { + "applyMethod": { + "type": "string", + "description": "\"immediate\" (default), or \"pending-reboot\". Some\nengines can't apply some parameters without a reboot, and you will need to\nspecify \"pending-reboot\" here.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the DB parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the DB parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:rds/ClusterRestoreToPointInTime:ClusterRestoreToPointInTime": { + "properties": { + "restoreToTime": { + "type": "string", + "description": "Date and time in UTC format to restore the database cluster to. Conflicts with `use_latest_restorable_time`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "restoreType": { + "type": "string", + "description": "Type of restore to be performed.\nValid options are `full-copy` (default) and `copy-on-write`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceClusterIdentifier": { + "type": "string", + "description": "The identifier of the source database cluster from which to restore.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "useLatestRestorableTime": { + "type": "boolean", + "description": "Set to true to restore the database cluster to the latest restorable backup time. Defaults to false. Conflicts with `restore_to_time`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "sourceClusterIdentifier" + ] + }, + "aws:rds/ClusterS3Import:ClusterS3Import": { + "properties": { + "bucketName": { + "type": "string", + "description": "The bucket name where your backup is stored\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucketPrefix": { + "type": "string", + "description": "Can be blank, but is the path to your backup\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ingestionRole": { + "type": "string", + "description": "Role applied to load the data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceEngine": { + "type": "string", + "description": "Source engine for the backup\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceEngineVersion": { + "type": "string", + "description": "Version of the source engine used to make the backup\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketName", + "ingestionRole", + "sourceEngine", + "sourceEngineVersion" + ] + }, + "aws:rds/ClusterScalingConfiguration:ClusterScalingConfiguration": { + "properties": { + "autoPause": { + "type": "boolean", + "description": "Whether to enable automatic pause. A DB cluster can be paused only when it's idle (it has no connections). If a DB cluster is paused for more than seven days, the DB cluster might be backed up with a snapshot. In this case, the DB cluster is restored when there is a request to connect to it. Defaults to `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxCapacity": { + "type": "integer", + "description": "The maximum capacity for an Aurora DB cluster in `serverless` DB engine mode. The maximum capacity must be greater than or equal to the minimum capacity. Valid Aurora MySQL capacity values are `1`, `2`, `4`, `8`, `16`, `32`, `64`, `128`, `256`. Valid Aurora PostgreSQL capacity values are (`2`, `4`, `8`, `16`, `32`, `64`, `192`, and `384`). Defaults to `16`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "minCapacity": { + "type": "integer", + "description": "The minimum capacity for an Aurora DB cluster in `serverless` DB engine mode. The minimum capacity must be lesser than or equal to the maximum capacity. Valid Aurora MySQL capacity values are `1`, `2`, `4`, `8`, `16`, `32`, `64`, `128`, `256`. Valid Aurora PostgreSQL capacity values are (`2`, `4`, `8`, `16`, `32`, `64`, `192`, and `384`). Defaults to `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "secondsUntilAutoPause": { + "type": "integer", + "description": "The time, in seconds, before an Aurora DB cluster in serverless mode is paused. Valid values are `300` through `86400`. Defaults to `300`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutAction": { + "type": "string", + "description": "The action to take when the timeout is reached. Valid values: `ForceApplyCapacityChange`, `RollbackCapacityChange`. Defaults to `RollbackCapacityChange`. See [documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.how-it-works.html#aurora-serverless.how-it-works.timeout-action).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:rds/EngineMode:EngineMode": { + "type": "string", + "enum": [ + { + "name": "Provisioned", + "value": "provisioned" + }, + { + "name": "Serverless", + "value": "serverless" + }, + { + "name": "ParallelQuery", + "value": "parallelquery" + }, + { + "name": "Global", + "value": "global" + } + ] + }, + "aws:rds/EngineType:EngineType": { + "type": "string", + "enum": [ + { + "name": "Aurora", + "value": "aurora" + }, + { + "name": "AuroraMysql", + "value": "aurora-mysql" + }, + { + "name": "AuroraPostgresql", + "value": "aurora-postgresql" + } + ] + }, + "aws:rds/GlobalClusterGlobalClusterMember:GlobalClusterGlobalClusterMember": { + "properties": { + "dbClusterArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of member DB Cluster\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "isWriter": { + "type": "boolean", + "description": "Whether the member is the primary DB Cluster\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "dbClusterArn", + "isWriter" + ] + } + } + }, + "aws:rds/InstanceRestoreToPointInTime:InstanceRestoreToPointInTime": { + "properties": { + "restoreTime": { + "type": "string", + "description": "The date and time to restore from. Value must be a time in Universal Coordinated Time (UTC) format and must be before the latest restorable time for the DB instance. Cannot be specified with `use_latest_restorable_time`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceDbInstanceIdentifier": { + "type": "string", + "description": "The identifier of the source DB instance from which to restore. Must match the identifier of an existing DB instance. Required if `source_dbi_resource_id` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceDbiResourceId": { + "type": "string", + "description": "The resource ID of the source DB instance from which to restore. Required if `source_db_instance_identifier` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "useLatestRestorableTime": { + "type": "boolean", + "description": "A boolean value that indicates whether the DB instance is restored from the latest backup time. Defaults to `false`. Cannot be specified with `restore_time`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:rds/InstanceS3Import:InstanceS3Import": { + "properties": { + "bucketName": { + "type": "string", + "description": "The bucket name where your backup is stored\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucketPrefix": { + "type": "string", + "description": "Can be blank, but is the path to your backup\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ingestionRole": { + "type": "string", + "description": "Role applied to load the data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceEngine": { + "type": "string", + "description": "Source engine for the backup\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceEngineVersion": { + "type": "string", + "description": "Version of the source engine used to make the backup\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketName", + "ingestionRole", + "sourceEngine", + "sourceEngineVersion" + ] + }, + "aws:rds/InstanceType:InstanceType": { + "type": "string", + "enum": [ + { + "name": "T3_Micro", + "value": "db.t3.micro" + }, + { + "name": "T3_Small", + "value": "db.t3.small" + }, + { + "name": "T3_Medium", + "value": "db.t3.medium" + }, + { + "name": "T3_Large", + "value": "db.t3.large" + }, + { + "name": "T3_XLarge", + "value": "db.t3.xlarge" + }, + { + "name": "T3_2XLarge", + "value": "db.t3.2xlarge" + }, + { + "name": "T2_Micro", + "value": "db.t2.micro" + }, + { + "name": "T2_Small", + "value": "db.t2.small" + }, + { + "name": "T2_Medium", + "value": "db.t2.medium" + }, + { + "name": "T2_Large", + "value": "db.t2.large" + }, + { + "name": "T2_XLarge", + "value": "db.t2.xlarge" + }, + { + "name": "T2_2XLarge", + "value": "db.t2.2xlarge" + }, + { + "name": "M1_Small", + "value": "db.m1.small" + }, + { + "name": "M1_Medium", + "value": "db.m1.medium" + }, + { + "name": "M1_Large", + "value": "db.m1.large" + }, + { + "name": "M1_XLarge", + "value": "db.m1.xlarge" + }, + { + "name": "M2_XLarge", + "value": "db.m2.xlarge" + }, + { + "name": "M2_2XLarge", + "value": "db.m2.2xlarge" + }, + { + "name": "M2_4XLarge", + "value": "db.m2.4xlarge" + }, + { + "name": "M3_Medium", + "value": "db.m3.medium" + }, + { + "name": "M3_Large", + "value": "db.m3.large" + }, + { + "name": "M3_XLarge", + "value": "db.m3.xlarge" + }, + { + "name": "M3_2XLarge", + "value": "db.m3.2xlarge" + }, + { + "name": "M4_Large", + "value": "db.m4.large" + }, + { + "name": "M4_XLarge", + "value": "db.m4.xlarge" + }, + { + "name": "M4_2XLarge", + "value": "db.m4.2xlarge" + }, + { + "name": "M4_4XLarge", + "value": "db.m4.4xlarge" + }, + { + "name": "M4_10XLarge", + "value": "db.m4.10xlarge" + }, + { + "name": "M4_16XLarge", + "value": "db.m4.10xlarge" + }, + { + "name": "M5_Large", + "value": "db.m5.large" + }, + { + "name": "M5_XLarge", + "value": "db.m5.xlarge" + }, + { + "name": "M5_2XLarge", + "value": "db.m5.2xlarge" + }, + { + "name": "M5_4XLarge", + "value": "db.m5.4xlarge" + }, + { + "name": "M5_12XLarge", + "value": "db.m5.12xlarge" + }, + { + "name": "M5_24XLarge", + "value": "db.m5.24xlarge" + }, + { + "name": "R3_Large", + "value": "db.r3.large" + }, + { + "name": "R3_XLarge", + "value": "db.r3.xlarge" + }, + { + "name": "R3_2XLarge", + "value": "db.r3.2xlarge" + }, + { + "name": "R3_4XLarge", + "value": "db.r3.4xlarge" + }, + { + "name": "R3_8XLarge", + "value": "db.r3.8xlarge" + }, + { + "name": "R4_Large", + "value": "db.r4.large" + }, + { + "name": "R4_XLarge", + "value": "db.r4.xlarge" + }, + { + "name": "R4_2XLarge", + "value": "db.r4.2xlarge" + }, + { + "name": "R4_4XLarge", + "value": "db.r4.4xlarge" + }, + { + "name": "R4_8XLarge", + "value": "db.r4.8xlarge" + }, + { + "name": "R4_16XLarge", + "value": "db.r4.16xlarge" + }, + { + "name": "R5_Large", + "value": "db.r5.large" + }, + { + "name": "R5_XLarge", + "value": "db.r5.xlarge" + }, + { + "name": "R5_2XLarge", + "value": "db.r5.2xlarge" + }, + { + "name": "R5_4XLarge", + "value": "db.r5.4xlarge" + }, + { + "name": "R5_12XLarge", + "value": "db.r5.12xlarge" + }, + { + "name": "R5_24XLarge", + "value": "db.r5.24xlarge" + }, + { + "name": "X1_16XLarge", + "value": "db.x1.16xlarge" + }, + { + "name": "X1_32XLarge", + "value": "db.x1.32xlarge" + }, + { + "name": "X1E_XLarge", + "value": "db.x1e.xlarge" + }, + { + "name": "X1E_2XLarge", + "value": "db.x1e.2xlarge" + }, + { + "name": "X1E_4XLarge", + "value": "db.x1e.4xlarge" + }, + { + "name": "X1E_8XLarge", + "value": "db.x1e.8xlarge" + }, + { + "name": "X1E_32XLarge", + "value": "db.x1e.32xlarge" + } + ] + }, + "aws:rds/OptionGroupOption:OptionGroupOption": { + "properties": { + "dbSecurityGroupMemberships": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of DB Security Groups for which the option is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "optionName": { + "type": "string", + "description": "The Name of the Option (e.g. MEMCACHED).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "optionSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/OptionGroupOptionOptionSetting:OptionGroupOptionOptionSetting" + }, + "description": "A list of option settings to apply.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "integer", + "description": "The Port number when connecting to the Option (e.g. 11211).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "The version of the option (e.g. 13.1.0.0).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcSecurityGroupMemberships": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC Security Groups for which the option is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "optionName" + ] + }, + "aws:rds/OptionGroupOptionOptionSetting:OptionGroupOptionOptionSetting": { + "properties": { + "name": { + "type": "string", + "description": "The Name of the setting.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The Value of the setting.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:rds/ParameterGroupParameter:ParameterGroupParameter": { + "properties": { + "applyMethod": { + "type": "string", + "description": "\"immediate\" (default), or \"pending-reboot\". Some\nengines can't apply some parameters without a reboot, and you will need to\nspecify \"pending-reboot\" here.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the DB parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the DB parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:rds/ProxyAuth:ProxyAuth": { + "properties": { + "authScheme": { + "type": "string", + "description": "The type of authentication that the proxy uses for connections from the proxy to the underlying database. One of `SECRETS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "A user-specified description about the authentication used by a proxy to log in as a specific database user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "iamAuth": { + "type": "string", + "description": "Whether to require or disallow AWS Identity and Access Management (IAM) authentication for connections to the proxy. One of `DISABLED`, `REQUIRED`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "secretArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) representing the secret that the proxy uses to authenticate to the RDS DB instance or Aurora DB cluster. These secrets are stored within Amazon Secrets Manager.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:rds/ProxyDefaultTargetGroupConnectionPoolConfig:ProxyDefaultTargetGroupConnectionPoolConfig": { + "properties": { + "connectionBorrowTimeout": { + "type": "integer", + "description": "The number of seconds for a proxy to wait for a connection to become available in the connection pool. Only applies when the proxy has opened its maximum number of connections and all connections are busy with client sessions.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "initQuery": { + "type": "string", + "description": "One or more SQL statements for the proxy to run when opening each new database connection. Typically used with `SET` statements to make sure that each connection has identical settings such as time zone and character set. This setting is empty by default. For multiple statements, use semicolons as the separator. You can also include multiple variables in a single `SET` statement, such as `SET x=1, y=2`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxConnectionsPercent": { + "type": "integer", + "description": "The maximum size of the connection pool for each target in a target group. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxIdleConnectionsPercent": { + "type": "integer", + "description": "Controls how actively the proxy closes idle database connections in the connection pool. A high value enables the proxy to leave a high percentage of idle connections open. A low value causes the proxy to close idle client connections and return the underlying database connections to the connection pool. For Aurora MySQL, it is expressed as a percentage of the max_connections setting for the RDS DB instance or Aurora DB cluster used by the target group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sessionPinningFilters": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Each item in the list represents a class of SQL operations that normally cause all later statements in a session using a proxy to be pinned to the same underlying database connection. Including an item in the list exempts that class of SQL operations from the pinning behavior. Currently, the only allowed value is `EXCLUDE_VARIABLE_SETS`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:rds/SecurityGroupIngress:SecurityGroupIngress": { + "properties": { + "cidr": { + "type": "string", + "description": "The CIDR block to accept\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupId": { + "type": "string", + "description": "The ID of the security group to authorize\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupName": { + "type": "string", + "description": "The name of the security group to authorize\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupOwnerId": { + "type": "string", + "description": "The owner Id of the security group provided\nby `security_group_name`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "securityGroupId", + "securityGroupName", + "securityGroupOwnerId" + ] + } + } + }, + "aws:rds/StorageType:StorageType": { + "type": "string", + "enum": [ + { + "name": "Standard", + "value": "standard" + }, + { + "name": "GP2", + "value": "gp2" + }, + { + "name": "IO1", + "value": "io1" + } + ] + }, + "aws:redshift/ClusterLogging:ClusterLogging": { + "properties": { + "bucketName": { + "type": "string", + "description": "The name of an existing S3 bucket where the log files are to be stored. Must be in the same region as the cluster and the cluster must have read bucket and put object permissions.\nFor more information on the permissions required for the bucket, please read the AWS [documentation](http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enable": { + "type": "boolean", + "description": "Enables logging information such as queries and connection attempts, for the specified Amazon Redshift cluster.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3KeyPrefix": { + "type": "string", + "description": "The prefix applied to the log file names.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enable" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "bucketName", + "enable", + "s3KeyPrefix" + ] + } + } + }, + "aws:redshift/ClusterSnapshotCopy:ClusterSnapshotCopy": { + "properties": { + "destinationRegion": { + "type": "string", + "description": "The destination region that you want to copy snapshots to.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "grantName": { + "type": "string", + "description": "The name of the snapshot copy grant to use when snapshots of an AWS KMS-encrypted cluster are copied to the destination region.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "retentionPeriod": { + "type": "integer", + "description": "The number of days to retain automated snapshots in the destination region after they are copied from the source region. Defaults to `7`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destinationRegion" + ] + }, + "aws:redshift/ParameterGroupParameter:ParameterGroupParameter": { + "properties": { + "name": { + "type": "string", + "description": "The name of the Redshift parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the Redshift parameter.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:redshift/SecurityGroupIngress:SecurityGroupIngress": { + "properties": { + "cidr": { + "type": "string", + "description": "The CIDR block to accept\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupName": { + "type": "string", + "description": "The name of the security group to authorize\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupOwnerId": { + "type": "string", + "description": "The owner Id of the security group provided\nby `security_group_name`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "securityGroupName", + "securityGroupOwnerId" + ] + } + } + }, + "aws:resourcegroups/GroupResourceQuery:GroupResourceQuery": { + "properties": { + "query": { + "type": "string", + "description": "The resource query as a JSON string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of the resource query. Defaults to `TAG_FILTERS_1_0`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "query" + ] + }, + "aws:resourcegroupstaggingapi/getResourcesResourceTagMappingList:getResourcesResourceTagMappingList": { + "properties": { + "complianceDetails": { + "type": "array", + "items": { + "$ref": "#/types/aws:resourcegroupstaggingapi/getResourcesResourceTagMappingListComplianceDetail:getResourcesResourceTagMappingListComplianceDetail" + }, + "description": "List of objects with information that shows whether a resource is compliant with the effective tag policy, including details on any noncompliant tag keys.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceArn": { + "type": "string", + "description": "ARN of the resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "complianceDetails", + "resourceArn", + "tags" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:resourcegroupstaggingapi/getResourcesResourceTagMappingListComplianceDetail:getResourcesResourceTagMappingListComplianceDetail": { + "properties": { + "complianceStatus": { + "type": "boolean", + "description": "Whether the resource is compliant.\n* `keys_with_noncompliant_values ` - Set of tag keys with non-compliant tag values.\n* `non_compliant_keys ` - Set of non-compliant tag keys.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "keysWithNoncompliantValues": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "nonCompliantKeys": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "complianceStatus", + "keysWithNoncompliantValues", + "nonCompliantKeys" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:resourcegroupstaggingapi/getResourcesTagFilter:getResourcesTagFilter": { + "properties": { + "key": { + "type": "string", + "description": "One part of a key-value pair that makes up a tag.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The optional part of a key-value pair that make up a tag.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key" + ] + }, + "aws:route53/RecordAlias:RecordAlias": { + "properties": { + "evaluateTargetHealth": { + "type": "boolean", + "description": "Set to `true` if you want Route 53 to determine whether to respond to DNS queries using this resource record set by checking the health of the resource record set. Some resources have special requirements, see [related part of documentation](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html#rrsets-values-alias-evaluate-target-health).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "DNS domain name for a CloudFront distribution, S3 bucket, ELB, or another resource record set in this hosted zone.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "zoneId": { + "type": "string", + "description": "Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone. See `resource_elb.zone_id` for example.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "evaluateTargetHealth", + "name", + "zoneId" + ] + }, + "aws:route53/RecordFailoverRoutingPolicy:RecordFailoverRoutingPolicy": { + "properties": { + "type": { + "type": "string", + "description": "`PRIMARY` or `SECONDARY`. A `PRIMARY` record will be served if its healthcheck is passing, otherwise the `SECONDARY` will be served. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html#dns-failover-failover-rrsets\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:route53/RecordGeolocationRoutingPolicy:RecordGeolocationRoutingPolicy": { + "properties": { + "continent": { + "type": "string", + "description": "A two-letter continent code. See http://docs.aws.amazon.com/Route53/latest/APIReference/API_GetGeoLocation.html for code details. Either `continent` or `country` must be specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "country": { + "type": "string", + "description": "A two-character country code or `*` to indicate a default resource record set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subdivision": { + "type": "string", + "description": "A subdivision code for a country.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:route53/RecordLatencyRoutingPolicy:RecordLatencyRoutingPolicy": { + "properties": { + "region": { + "type": "string", + "description": "An AWS region from which to measure latency. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-latency\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "region" + ] + }, + "aws:route53/RecordType:RecordType": { + "type": "string", + "enum": [ + { + "value": "A" + }, + { + "value": "AAAA" + }, + { + "value": "CNAME" + }, + { + "value": "CAA" + }, + { + "value": "MX" + }, + { + "value": "NAPTR" + }, + { + "value": "NS" + }, + { + "value": "PTR" + }, + { + "value": "SOA" + }, + { + "value": "SPF" + }, + { + "value": "SRV" + }, + { + "value": "TXT" + } + ] + }, + "aws:route53/RecordWeightedRoutingPolicy:RecordWeightedRoutingPolicy": { + "properties": { + "weight": { + "type": "integer", + "description": "A numeric value indicating the relative weight of the record. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html#routing-policy-weighted.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "weight" + ] + }, + "aws:route53/ResolverEndpointIpAddress:ResolverEndpointIpAddress": { + "properties": { + "ip": { + "type": "string", + "description": "The IP address in the subnet that you want to use for DNS queries.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet that contains the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "subnetId" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "ip", + "ipId", + "subnetId" + ] + } + } + }, + "aws:route53/ResolverRuleTargetIp:ResolverRuleTargetIp": { + "properties": { + "ip": { + "type": "string", + "description": "One IP address that you want to forward DNS queries to. You can specify only IPv4 addresses.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "port": { + "type": "integer", + "description": "The port at `ip` that you want to forward DNS queries to. Default value is `53`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "ip" + ] + }, + "aws:route53/ZoneVpc:ZoneVpc": { + "properties": { + "vpcId": { + "type": "string", + "description": "ID of the VPC to associate.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcRegion": { + "type": "string", + "description": "Region of the VPC to associate. Defaults to AWS provider region.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "vpcId" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "vpcId", + "vpcRegion" + ] + } + } + }, + "aws:route53/getResolverEndpointFilter:getResolverEndpointFilter": { + "properties": { + "name": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:s3/AccessPointPublicAccessBlockConfiguration:AccessPointPublicAccessBlockConfiguration": { + "properties": { + "blockPublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to `true`. Enabling this setting does not affect existing policies or ACLs. When set to `true` causes the following behavior:\n* PUT Bucket acl and PUT Object acl calls fail if the specified ACL is public.\n* PUT Object calls fail if the request includes a public ACL.\n* PUT Bucket calls fail if the request includes a public ACL.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "blockPublicPolicy": { + "type": "boolean", + "description": "Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to `true`. Enabling this setting does not affect existing bucket policies. When set to `true` causes Amazon S3 to:\n* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ignorePublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to `true`. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to `true` causes Amazon S3 to:\n* Ignore all public ACLs on buckets in this account and any objects that they contain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "restrictPublicBuckets": { + "type": "boolean", + "description": "Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to `true`. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to `true`:\n* Only the bucket owner and AWS Services can access buckets with public policies.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/AccessPointVpcConfiguration:AccessPointVpcConfiguration": { + "properties": { + "vpcId": { + "type": "string", + "description": "This access point will only allow connections from the specified VPC ID.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "vpcId" + ] + }, + "aws:s3/AnalyticsConfigurationFilter:AnalyticsConfigurationFilter": { + "properties": { + "prefix": { + "type": "string", + "description": "Object prefix for filtering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Set of object tags for filtering.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/AnalyticsConfigurationStorageClassAnalysis:AnalyticsConfigurationStorageClassAnalysis": { + "properties": { + "dataExport": { + "$ref": "#/types/aws:s3/AnalyticsConfigurationStorageClassAnalysisDataExport:AnalyticsConfigurationStorageClassAnalysisDataExport", + "description": "Data export configuration (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dataExport" + ] + }, + "aws:s3/AnalyticsConfigurationStorageClassAnalysisDataExport:AnalyticsConfigurationStorageClassAnalysisDataExport": { + "properties": { + "destination": { + "$ref": "#/types/aws:s3/AnalyticsConfigurationStorageClassAnalysisDataExportDestination:AnalyticsConfigurationStorageClassAnalysisDataExportDestination", + "description": "Specifies the destination for the exported analytics data (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outputSchemaVersion": { + "type": "string", + "description": "The schema version of exported analytics data. Allowed values: `V_1`. Default value: `V_1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destination" + ] + }, + "aws:s3/AnalyticsConfigurationStorageClassAnalysisDataExportDestination:AnalyticsConfigurationStorageClassAnalysisDataExportDestination": { + "properties": { + "s3BucketDestination": { + "$ref": "#/types/aws:s3/AnalyticsConfigurationStorageClassAnalysisDataExportDestinationS3BucketDestination:AnalyticsConfigurationStorageClassAnalysisDataExportDestinationS3BucketDestination", + "description": "Analytics data export currently only supports an S3 bucket destination (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3BucketDestination" + ] + }, + "aws:s3/AnalyticsConfigurationStorageClassAnalysisDataExportDestinationS3BucketDestination:AnalyticsConfigurationStorageClassAnalysisDataExportDestinationS3BucketDestination": { + "properties": { + "bucketAccountId": { + "type": "string", + "description": "The account ID that owns the destination bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucketArn": { + "type": "string", + "description": "The ARN of the destination bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "format": { + "type": "string", + "description": "The output format of exported analytics data. Allowed values: `CSV`. Default value: `CSV`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "Object prefix for filtering.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketArn" + ] + }, + "aws:s3/BucketCorsRule:BucketCorsRule": { + "properties": { + "allowedHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies which headers are allowed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowedMethods": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies which methods are allowed. Can be `GET`, `PUT`, `POST`, `DELETE` or `HEAD`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "allowedOrigins": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies which origins are allowed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "exposeHeaders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies expose header in the response.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxAgeSeconds": { + "type": "integer", + "description": "Specifies time in seconds that browser can cache the response for a preflight request.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "allowedMethods", + "allowedOrigins" + ] + }, + "aws:s3/BucketGrant:BucketGrant": { + "properties": { + "id": { + "type": "string", + "description": "Canonical user id to grant for. Used only when `type` is `CanonicalUser`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "permissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of permissions to apply for grantee. Valid values are `READ`, `WRITE`, `READ_ACP`, `WRITE_ACP`, `FULL_CONTROL`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "- Type of grantee to apply for. Valid values are `CanonicalUser` and `Group`. `AmazonCustomerByEmail` is not supported.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uri": { + "type": "string", + "description": "Uri address to grant for. Used only when `type` is `Group`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "permissions", + "type" + ] + }, + "aws:s3/BucketLifecycleRule:BucketLifecycleRule": { + "properties": { + "abortIncompleteMultipartUploadDays": { + "type": "integer", + "description": "Specifies the number of days after initiating a multipart upload when the multipart upload must be completed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enabled": { + "type": "boolean", + "description": "Specifies lifecycle rule status.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "expiration": { + "$ref": "#/types/aws:s3/BucketLifecycleRuleExpiration:BucketLifecycleRuleExpiration", + "description": "Specifies a period in the object's expire (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Unique identifier for the rule. Must be less than or equal to 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noncurrentVersionExpiration": { + "$ref": "#/types/aws:s3/BucketLifecycleRuleNoncurrentVersionExpiration:BucketLifecycleRuleNoncurrentVersionExpiration", + "description": "Specifies when noncurrent object versions expire (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noncurrentVersionTransitions": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketLifecycleRuleNoncurrentVersionTransition:BucketLifecycleRuleNoncurrentVersionTransition" + }, + "description": "Specifies when noncurrent object versions transitions (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "Object key prefix identifying one or more objects to which the rule applies.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Specifies object tags key and value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "transitions": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketLifecycleRuleTransition:BucketLifecycleRuleTransition" + }, + "description": "Specifies a period in the object's transitions (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "enabled", + "id" + ] + } + } + }, + "aws:s3/BucketLifecycleRuleExpiration:BucketLifecycleRuleExpiration": { + "properties": { + "date": { + "type": "string", + "description": "Specifies the date after which you want the corresponding action to take effect.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "days": { + "type": "integer", + "description": "Specifies the number of days after object creation when the specific rule action takes effect.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "expiredObjectDeleteMarker": { + "type": "boolean", + "description": "On a versioned bucket (versioning-enabled or versioning-suspended bucket), you can add this element in the lifecycle configuration to direct Amazon S3 to delete expired object delete markers. This cannot be specified with Days or Date in a Lifecycle Expiration Policy.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/BucketLifecycleRuleNoncurrentVersionExpiration:BucketLifecycleRuleNoncurrentVersionExpiration": { + "properties": { + "days": { + "type": "integer", + "description": "Specifies the number of days noncurrent object versions expire.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/BucketLifecycleRuleNoncurrentVersionTransition:BucketLifecycleRuleNoncurrentVersionTransition": { + "properties": { + "days": { + "type": "integer", + "description": "Specifies the number of days noncurrent object versions transition.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "storageClass": { + "type": "string", + "description": "Specifies the Amazon S3 storage class to which you want the noncurrent object versions to transition. Can be `ONEZONE_IA`, `STANDARD_IA`, `INTELLIGENT_TIERING`, `GLACIER`, or `DEEP_ARCHIVE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "storageClass" + ] + }, + "aws:s3/BucketLifecycleRuleTransition:BucketLifecycleRuleTransition": { + "properties": { + "date": { + "type": "string", + "description": "Specifies the date after which you want the corresponding action to take effect.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "days": { + "type": "integer", + "description": "Specifies the number of days after object creation when the specific rule action takes effect.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "storageClass": { + "type": "string", + "description": "Specifies the Amazon S3 storage class to which you want the object to transition. Can be `ONEZONE_IA`, `STANDARD_IA`, `INTELLIGENT_TIERING`, `GLACIER`, or `DEEP_ARCHIVE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "storageClass" + ] + }, + "aws:s3/BucketLogging:BucketLogging": { + "properties": { + "targetBucket": { + "type": "string", + "description": "The name of the bucket that will receive the log objects.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetPrefix": { + "type": "string", + "description": "To specify a key prefix for log objects.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "targetBucket" + ] + }, + "aws:s3/BucketMetricFilter:BucketMetricFilter": { + "properties": { + "prefix": { + "type": "string", + "description": "Object prefix for filtering (singular).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Object tags for filtering (up to 10).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/BucketNotificationLambdaFunction:BucketNotificationLambdaFunction": { + "properties": { + "events": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies [event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "filterPrefix": { + "type": "string", + "description": "Specifies object key name prefix.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "filterSuffix": { + "type": "string", + "description": "Specifies object key name suffix.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Specifies unique identifier for each of the notification configurations.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambdaFunctionArn": { + "type": "string", + "description": "Specifies Amazon Lambda function ARN.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "events" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "events", + "id" + ] + } + } + }, + "aws:s3/BucketNotificationQueue:BucketNotificationQueue": { + "properties": { + "events": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies [event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "filterPrefix": { + "type": "string", + "description": "Specifies object key name prefix.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "filterSuffix": { + "type": "string", + "description": "Specifies object key name suffix.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Specifies unique identifier for each of the notification configurations.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queueArn": { + "type": "string", + "description": "Specifies Amazon SQS queue ARN.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "events", + "queueArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "events", + "id", + "queueArn" + ] + } + } + }, + "aws:s3/BucketNotificationTopic:BucketNotificationTopic": { + "properties": { + "events": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies [event](http://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html#notification-how-to-event-types-and-destinations) for which to send notifications.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "filterPrefix": { + "type": "string", + "description": "Specifies object key name prefix.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "filterSuffix": { + "type": "string", + "description": "Specifies object key name suffix.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Specifies unique identifier for each of the notification configurations.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "topicArn": { + "type": "string", + "description": "Specifies Amazon SNS topic ARN.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "events", + "topicArn" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "events", + "id", + "topicArn" + ] + } + } + }, + "aws:s3/BucketObjectLockConfiguration:BucketObjectLockConfiguration": { + "properties": { + "objectLockEnabled": { + "type": "string", + "description": "Indicates whether this bucket has an Object Lock configuration enabled. Valid value is `Enabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rule": { + "$ref": "#/types/aws:s3/BucketObjectLockConfigurationRule:BucketObjectLockConfigurationRule", + "description": "The Object Lock rule in place for this bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "objectLockEnabled" + ] + }, + "aws:s3/BucketObjectLockConfigurationRule:BucketObjectLockConfigurationRule": { + "properties": { + "defaultRetention": { + "$ref": "#/types/aws:s3/BucketObjectLockConfigurationRuleDefaultRetention:BucketObjectLockConfigurationRuleDefaultRetention", + "description": "The default retention period that you want to apply to new objects placed in this bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "defaultRetention" + ] + }, + "aws:s3/BucketObjectLockConfigurationRuleDefaultRetention:BucketObjectLockConfigurationRuleDefaultRetention": { + "properties": { + "days": { + "type": "integer", + "description": "The number of days that you want to specify for the default retention period.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mode": { + "type": "string", + "description": "The default Object Lock retention mode you want to apply to new objects placed in this bucket. Valid values are `GOVERNANCE` and `COMPLIANCE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "years": { + "type": "integer", + "description": "The number of years that you want to specify for the default retention period.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mode" + ] + }, + "aws:s3/BucketOwnershipControlsRule:BucketOwnershipControlsRule": { + "properties": { + "objectOwnership": { + "type": "string", + "description": "Object ownership. Valid values: `BucketOwnerPreferred` or `ObjectWriter`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "objectOwnership" + ] + }, + "aws:s3/BucketReplicationConfiguration:BucketReplicationConfiguration": { + "properties": { + "role": { + "type": "string", + "description": "The ARN of the IAM role for Amazon S3 to assume when replicating the objects.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketReplicationConfigurationRule:BucketReplicationConfigurationRule" + }, + "description": "Specifies the rules managing the replication (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "role", + "rules" + ] + }, + "aws:s3/BucketReplicationConfigurationRule:BucketReplicationConfigurationRule": { + "properties": { + "deleteMarkerReplicationStatus": { + "type": "string", + "description": "Whether delete markers are replicated. The only valid value is `Enabled`. To disable, omit this argument. This argument is only valid with V2 replication configurations (i.e., when `filter` is used).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "destination": { + "$ref": "#/types/aws:s3/BucketReplicationConfigurationRuleDestination:BucketReplicationConfigurationRuleDestination", + "description": "Specifies the destination for the rule (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "filter": { + "$ref": "#/types/aws:s3/BucketReplicationConfigurationRuleFilter:BucketReplicationConfigurationRuleFilter", + "description": "Filter that identifies subset of objects to which the replication rule applies (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Unique identifier for the rule. Must be less than or equal to 255 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "Object keyname prefix identifying one or more objects to which the rule applies. Must be less than or equal to 1024 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "integer", + "description": "The priority associated with the rule. Priority should only be set if `filter` is configured. If not provided, defaults to `0`. Priority must be unique between multiple rules.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceSelectionCriteria": { + "$ref": "#/types/aws:s3/BucketReplicationConfigurationRuleSourceSelectionCriteria:BucketReplicationConfigurationRuleSourceSelectionCriteria", + "description": "Specifies special object selection criteria (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "The status of the rule. Either `Enabled` or `Disabled`. The rule is ignored if status is not Enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "destination", + "status" + ] + }, + "aws:s3/BucketReplicationConfigurationRuleDestination:BucketReplicationConfigurationRuleDestination": { + "properties": { + "accessControlTranslation": { + "$ref": "#/types/aws:s3/BucketReplicationConfigurationRuleDestinationAccessControlTranslation:BucketReplicationConfigurationRuleDestinationAccessControlTranslation", + "description": "Specifies the overrides to use for object owners on replication. Must be used in conjunction with `account_id` owner override configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "accountId": { + "type": "string", + "description": "The Account ID to use for overriding the object owner on replication. Must be used in conjunction with `access_control_translation` override configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucket": { + "type": "string", + "description": "The ARN of the S3 bucket where you want Amazon S3 to store replicas of the object identified by the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "replicaKmsKeyId": { + "type": "string", + "description": "Destination KMS encryption key ARN for SSE-KMS replication. Must be used in conjunction with\n`sse_kms_encrypted_objects` source selection criteria.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "storageClass": { + "type": "string", + "description": "The class of storage used to store the object. Can be `STANDARD`, `REDUCED_REDUNDANCY`, `STANDARD_IA`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `GLACIER`, or `DEEP_ARCHIVE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "aws:s3/BucketReplicationConfigurationRuleDestinationAccessControlTranslation:BucketReplicationConfigurationRuleDestinationAccessControlTranslation": { + "properties": { + "owner": { + "type": "string", + "description": "The override value for the owner on replicated objects. Currently only `Destination` is supported.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "owner" + ] + }, + "aws:s3/BucketReplicationConfigurationRuleFilter:BucketReplicationConfigurationRuleFilter": { + "properties": { + "prefix": { + "type": "string", + "description": "Object keyname prefix that identifies subset of objects to which the rule applies. Must be less than or equal to 1024 characters in length.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags that identifies subset of objects to which the rule applies.\nThe rule applies only to objects having all the tags in its tagset.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/BucketReplicationConfigurationRuleSourceSelectionCriteria:BucketReplicationConfigurationRuleSourceSelectionCriteria": { + "properties": { + "sseKmsEncryptedObjects": { + "$ref": "#/types/aws:s3/BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects:BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects", + "description": "Match SSE-KMS encrypted objects (documented below). If specified, `replica_kms_key_id`\nin `destination` must be specified as well.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects:BucketReplicationConfigurationRuleSourceSelectionCriteriaSseKmsEncryptedObjects": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Boolean which indicates if this criteria is enabled.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "enabled" + ] + }, + "aws:s3/BucketServerSideEncryptionConfiguration:BucketServerSideEncryptionConfiguration": { + "properties": { + "rule": { + "$ref": "#/types/aws:s3/BucketServerSideEncryptionConfigurationRule:BucketServerSideEncryptionConfigurationRule", + "description": "A single object for server-side encryption by default configuration. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "rule" + ] + }, + "aws:s3/BucketServerSideEncryptionConfigurationRule:BucketServerSideEncryptionConfigurationRule": { + "properties": { + "applyServerSideEncryptionByDefault": { + "$ref": "#/types/aws:s3/BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault:BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault", + "description": "A single object for setting server-side encryption by default. (documented below)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucketKeyEnabled": { + "type": "boolean", + "description": "Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "applyServerSideEncryptionByDefault" + ] + }, + "aws:s3/BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault:BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefault": { + "properties": { + "kmsMasterKeyId": { + "type": "string", + "description": "The AWS KMS master key ID used for the SSE-KMS encryption. This can only be used when you set the value of `sse_algorithm` as `aws:kms`. The default `aws/s3` AWS KMS master key is used if this element is absent while the `sse_algorithm` is `aws:kms`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sseAlgorithm": { + "type": "string", + "description": "The server-side encryption algorithm to use. Valid values are `AES256` and `aws:kms`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "sseAlgorithm" + ] + }, + "aws:s3/BucketVersioning:BucketVersioning": { + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable versioning. Once you version-enable a bucket, it can never return to an unversioned state. You can, however, suspend versioning on that bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mfaDelete": { + "type": "boolean", + "description": "Enable MFA delete for either `Change the versioning state of your bucket` or `Permanently delete an object version`. Default is `false`. This cannot be used to toggle this setting but is available to allow managed buckets to reflect the state in AWS\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/BucketWebsite:BucketWebsite": { + "properties": { + "errorDocument": { + "type": "string", + "description": "An absolute path to the document to return in case of a 4XX error.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "indexDocument": { + "type": "string", + "description": "Amazon S3 returns this index document when requests are made to the root domain or any of the subfolders.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "redirectAllRequestsTo": { + "type": "string", + "description": "A hostname to redirect all website requests for this bucket to. Hostname can optionally be prefixed with a protocol (`http://` or `https://`) to use when redirecting requests. The default is the protocol that is used in the original request.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "routingRules": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "array", + "items": { + "type": "string", + "$ref": "#/types/aws:s3/routingRules:RoutingRule" + } + } + ], + "description": "A json array containing [routing rules](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-websiteconfiguration-routingrules.html)\ndescribing redirect behavior and when redirects are applied.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/CannedAcl:CannedAcl": { + "description": "See https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl", + "type": "string", + "enum": [ + { + "name": "Private", + "value": "private" + }, + { + "name": "PublicRead", + "value": "public-read" + }, + { + "name": "PublicReadWrite", + "value": "public-read-write" + }, + { + "name": "AwsExecRead", + "value": "aws-exec-read" + }, + { + "name": "AuthenticatedRead", + "value": "authenticated-read" + }, + { + "name": "BucketOwnerRead", + "value": "bucket-owner-read" + }, + { + "name": "BucketOwnerFullControl", + "value": "bucket-owner-full-control" + }, + { + "name": "LogDeliveryWrite", + "value": "log-delivery-write" + } + ] + }, + "aws:s3/InventoryDestination:InventoryDestination": { + "properties": { + "bucket": { + "$ref": "#/types/aws:s3/InventoryDestinationBucket:InventoryDestinationBucket", + "description": "The S3 bucket configuration where inventory results are published (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "aws:s3/InventoryDestinationBucket:InventoryDestinationBucket": { + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the account that owns the destination bucket. Recommended to be set to prevent problems if the destination bucket ownership changes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "bucketArn": { + "type": "string", + "description": "The Amazon S3 bucket ARN of the destination.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "encryption": { + "$ref": "#/types/aws:s3/InventoryDestinationBucketEncryption:InventoryDestinationBucketEncryption", + "description": "Contains the type of server-side encryption to use to encrypt the inventory (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "format": { + "type": "string", + "description": "Specifies the output format of the inventory results. Can be `CSV`, [`ORC`](https://orc.apache.org/) or [`Parquet`](https://parquet.apache.org/).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "The prefix that is prepended to all inventory results.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketArn", + "format" + ] + }, + "aws:s3/InventoryDestinationBucketEncryption:InventoryDestinationBucketEncryption": { + "properties": { + "sseKms": { + "$ref": "#/types/aws:s3/InventoryDestinationBucketEncryptionSseKms:InventoryDestinationBucketEncryptionSseKms", + "description": "Specifies to use server-side encryption with AWS KMS-managed keys to encrypt the inventory file (documented below).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sseS3": { + "$ref": "#/types/aws:s3/InventoryDestinationBucketEncryptionSseS3:InventoryDestinationBucketEncryptionSseS3", + "description": "Specifies to use server-side encryption with Amazon S3-managed keys (SSE-S3) to encrypt the inventory file.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/InventoryDestinationBucketEncryptionSseKms:InventoryDestinationBucketEncryptionSseKms": { + "properties": { + "keyId": { + "type": "string", + "description": "The ARN of the KMS customer master key (CMK) used to encrypt the inventory file.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "keyId" + ] + }, + "aws:s3/InventoryDestinationBucketEncryptionSseS3:InventoryDestinationBucketEncryptionSseS3": { + "type": "object" + }, + "aws:s3/InventoryFilter:InventoryFilter": { + "properties": { + "prefix": { + "type": "string", + "description": "The prefix that an object must have to be included in the inventory results.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3/InventorySchedule:InventorySchedule": { + "properties": { + "frequency": { + "type": "string", + "description": "Specifies how frequently inventory results are produced. Valid values: `Daily`, `Weekly`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "frequency" + ] + }, + "aws:s3/ObjectCopyGrant:ObjectCopyGrant": { + "properties": { + "email": { + "type": "string", + "description": "Email address of the grantee. Used only when `type` is `AmazonCustomerByEmail`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "The canonical user ID of the grantee. Used only when `type` is `CanonicalUser`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "permissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of permissions to grant to grantee. Valid values are `READ`, `READ_ACP`, `WRITE_ACP`, `FULL_CONTROL`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "- Type of grantee. Valid values are `CanonicalUser`, `Group`, and `AmazonCustomerByEmail`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uri": { + "type": "string", + "description": "URI of the grantee group. Used only when `type` is `Group`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "permissions", + "type" + ] + }, + "aws:s3control/BucketLifecycleConfigurationRule:BucketLifecycleConfigurationRule": { + "properties": { + "abortIncompleteMultipartUpload": { + "$ref": "#/types/aws:s3control/BucketLifecycleConfigurationRuleAbortIncompleteMultipartUpload:BucketLifecycleConfigurationRuleAbortIncompleteMultipartUpload", + "description": "Configuration block containing settings for abort incomplete multipart upload.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "expiration": { + "$ref": "#/types/aws:s3control/BucketLifecycleConfigurationRuleExpiration:BucketLifecycleConfigurationRuleExpiration", + "description": "Configuration block containing settings for expiration of objects.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "filter": { + "$ref": "#/types/aws:s3control/BucketLifecycleConfigurationRuleFilter:BucketLifecycleConfigurationRuleFilter", + "description": "Configuration block containing settings for filtering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "id": { + "type": "string", + "description": "Unique identifier for the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "Status of the rule. Valid values: `Enabled` and `Disabled`. Defaults to `Enabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "id" + ] + }, + "aws:s3control/BucketLifecycleConfigurationRuleAbortIncompleteMultipartUpload:BucketLifecycleConfigurationRuleAbortIncompleteMultipartUpload": { + "properties": { + "daysAfterInitiation": { + "type": "integer", + "description": "Number of days after which Amazon S3 aborts an incomplete multipart upload.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "daysAfterInitiation" + ] + }, + "aws:s3control/BucketLifecycleConfigurationRuleExpiration:BucketLifecycleConfigurationRuleExpiration": { + "properties": { + "date": { + "type": "string", + "description": "Date the object is to be deleted. Should be in `YYYY-MM-DD` date format, e.g. `2020-09-30`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "days": { + "type": "integer", + "description": "Number of days before the object is to be deleted.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "expiredObjectDeleteMarker": { + "type": "boolean", + "description": "Enable to remove a delete marker with no noncurrent versions. Cannot be specified with `date` or `days`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3control/BucketLifecycleConfigurationRuleFilter:BucketLifecycleConfigurationRuleFilter": { + "properties": { + "prefix": { + "type": "string", + "description": "Object prefix for rule filtering.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of object tags for rule filtering.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:s3outposts/EndpointNetworkInterface:EndpointNetworkInterface": { + "properties": { + "networkInterfaceId": { + "type": "string", + "description": "Identifier of the Elastic Network Interface (ENI).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "networkInterfaceId" + ] + } + } + }, + "aws:sagemaker/AppImageConfigKernelGatewayImageConfig:AppImageConfigKernelGatewayImageConfig": { + "properties": { + "fileSystemConfig": { + "$ref": "#/types/aws:sagemaker/AppImageConfigKernelGatewayImageConfigFileSystemConfig:AppImageConfigKernelGatewayImageConfigFileSystemConfig", + "description": "The URL where the Git repository is located. See File System Config details below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kernelSpec": { + "$ref": "#/types/aws:sagemaker/AppImageConfigKernelGatewayImageConfigKernelSpec:AppImageConfigKernelGatewayImageConfigKernelSpec", + "description": "The default branch for the Git repository. See Kernel Spec details below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "kernelSpec" + ] + }, + "aws:sagemaker/AppImageConfigKernelGatewayImageConfigFileSystemConfig:AppImageConfigKernelGatewayImageConfigFileSystemConfig": { + "properties": { + "defaultGid": { + "type": "integer", + "description": "The default POSIX group ID (GID). If not specified, defaults to `100`. Valid values are `0` and `100`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "defaultUid": { + "type": "integer", + "description": "The default POSIX user ID (UID). If not specified, defaults to `1000`. Valid values are `0` and `1000`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mountPath": { + "type": "string", + "description": "The path within the image to mount the user's EFS home directory. The directory should be empty. If not specified, defaults to `/home/sagemaker-user`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/AppImageConfigKernelGatewayImageConfigKernelSpec:AppImageConfigKernelGatewayImageConfigKernelSpec": { + "properties": { + "displayName": { + "type": "string", + "description": "The display name of the kernel.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the kernel.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:sagemaker/AppResourceSpec:AppResourceSpec": { + "properties": { + "instanceType": { + "type": "string", + "description": "The instance type that the image version runs on. For valid values see [Sagemaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sagemakerImageArn": { + "type": "string", + "description": "The ARN of the SageMaker image that the image version belongs to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "sagemakerImageArn" + ] + } + } + }, + "aws:sagemaker/CodeRepositoryGitConfig:CodeRepositoryGitConfig": { + "properties": { + "branch": { + "type": "string", + "description": "The default branch for the Git repository.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "repositoryUrl": { + "type": "string", + "description": "The URL where the Git repository is located.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "secretArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS Secrets Manager secret that contains the credentials used to access the git repository. The secret must have a staging label of AWSCURRENT and must be in the following format: `{\"username\": UserName, \"password\": Password}`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "repositoryUrl" + ] + }, + "aws:sagemaker/DomainDefaultUserSettings:DomainDefaultUserSettings": { + "properties": { + "executionRole": { + "type": "string", + "description": "The execution role ARN for the user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jupyterServerAppSettings": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettingsJupyterServerAppSettings:DomainDefaultUserSettingsJupyterServerAppSettings", + "description": "The Jupyter server's app settings. See Jupyter Server App Settings below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kernelGatewayAppSettings": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettingsKernelGatewayAppSettings:DomainDefaultUserSettingsKernelGatewayAppSettings", + "description": "The kernel gateway app settings. See Kernel Gateway App Settings below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The security groups.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sharingSettings": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettingsSharingSettings:DomainDefaultUserSettingsSharingSettings", + "description": "The sharing settings. See Sharing Settings below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tensorBoardAppSettings": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettingsTensorBoardAppSettings:DomainDefaultUserSettingsTensorBoardAppSettings", + "description": "The TensorBoard app settings. See TensorBoard App Settings below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "executionRole" + ] + }, + "aws:sagemaker/DomainDefaultUserSettingsJupyterServerAppSettings:DomainDefaultUserSettingsJupyterServerAppSettings": { + "properties": { + "defaultResourceSpec": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettingsJupyterServerAppSettingsDefaultResourceSpec:DomainDefaultUserSettingsJupyterServerAppSettingsDefaultResourceSpec", + "description": "The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/DomainDefaultUserSettingsJupyterServerAppSettingsDefaultResourceSpec:DomainDefaultUserSettingsJupyterServerAppSettingsDefaultResourceSpec": { + "properties": { + "instanceType": { + "type": "string", + "description": "The instance type that the image version runs on.. For valid values see [Sagemaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sagemakerImageArn": { + "type": "string", + "description": "The ARN of the SageMaker image that the image version belongs to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/DomainDefaultUserSettingsKernelGatewayAppSettings:DomainDefaultUserSettingsKernelGatewayAppSettings": { + "properties": { + "customImages": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImage:DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImage" + }, + "description": "A list of custom SageMaker images that are configured to run as a KernelGateway app. see Custom Image below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "defaultResourceSpec": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettingsKernelGatewayAppSettingsDefaultResourceSpec:DomainDefaultUserSettingsKernelGatewayAppSettingsDefaultResourceSpec", + "description": "The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImage:DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImage": { + "properties": { + "appImageConfigName": { + "type": "string", + "description": "The name of the App Image Config.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imageName": { + "type": "string", + "description": "The name of the Custom Image.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imageVersionNumber": { + "type": "integer", + "description": "The version number of the Custom Image.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "appImageConfigName", + "imageName" + ] + }, + "aws:sagemaker/DomainDefaultUserSettingsKernelGatewayAppSettingsDefaultResourceSpec:DomainDefaultUserSettingsKernelGatewayAppSettingsDefaultResourceSpec": { + "properties": { + "instanceType": { + "type": "string", + "description": "The instance type that the image version runs on.. For valid values see [Sagemaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sagemakerImageArn": { + "type": "string", + "description": "The ARN of the SageMaker image that the image version belongs to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/DomainDefaultUserSettingsSharingSettings:DomainDefaultUserSettingsSharingSettings": { + "properties": { + "notebookOutputOption": { + "type": "string", + "description": "Whether to include the notebook cell output when sharing the notebook. The default is `Disabled`. Valid values are `Allowed` and `Disabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3KmsKeyId": { + "type": "string", + "description": "When `notebook_output_option` is Allowed, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3OutputPath": { + "type": "string", + "description": "When `notebook_output_option` is Allowed, the Amazon S3 bucket used to save the notebook cell output.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/DomainDefaultUserSettingsTensorBoardAppSettings:DomainDefaultUserSettingsTensorBoardAppSettings": { + "properties": { + "defaultResourceSpec": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettingsTensorBoardAppSettingsDefaultResourceSpec:DomainDefaultUserSettingsTensorBoardAppSettingsDefaultResourceSpec", + "description": "The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/DomainDefaultUserSettingsTensorBoardAppSettingsDefaultResourceSpec:DomainDefaultUserSettingsTensorBoardAppSettingsDefaultResourceSpec": { + "properties": { + "instanceType": { + "type": "string", + "description": "The instance type that the image version runs on.. For valid values see [Sagemaker Instance Types](https://docs.aws.amazon.com/sagemaker/latest/dg/notebooks-available-instance-types.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sagemakerImageArn": { + "type": "string", + "description": "The ARN of the SageMaker image that the image version belongs to.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/DomainRetentionPolicy:DomainRetentionPolicy": { + "properties": { + "homeEfsFileSystem": { + "type": "string", + "description": "The retention policy for data stored on an Amazon Elastic File System (EFS) volume. Default value is `Retain`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/EndpointConfigurationDataCaptureConfig:EndpointConfigurationDataCaptureConfig": { + "properties": { + "captureContentTypeHeader": { + "$ref": "#/types/aws:sagemaker/EndpointConfigurationDataCaptureConfigCaptureContentTypeHeader:EndpointConfigurationDataCaptureConfigCaptureContentTypeHeader", + "description": "The content type headers to capture. Fields are documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "captureOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/EndpointConfigurationDataCaptureConfigCaptureOption:EndpointConfigurationDataCaptureConfigCaptureOption" + }, + "description": "Specifies what data to capture. Fields are documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "destinationS3Uri": { + "type": "string", + "description": "The URL for S3 location where the captured data is stored.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableCapture": { + "type": "boolean", + "description": "Flag to enable data capture. Defaults to `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "initialSamplingPercentage": { + "type": "integer", + "description": "Portion of data to capture. Should be between 0 and 100.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of a AWS Key Management Service key that Amazon SageMaker uses to encrypt the captured data on Amazon S3.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "captureOptions", + "destinationS3Uri", + "initialSamplingPercentage" + ] + }, + "aws:sagemaker/EndpointConfigurationDataCaptureConfigCaptureContentTypeHeader:EndpointConfigurationDataCaptureConfigCaptureContentTypeHeader": { + "properties": { + "csvContentTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The CSV content type headers to capture.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jsonContentTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The JSON content type headers to capture.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/EndpointConfigurationDataCaptureConfigCaptureOption:EndpointConfigurationDataCaptureConfigCaptureOption": { + "properties": { + "captureMode": { + "type": "string", + "description": "Specifies the data to be captured. Should be one of `Input` or `Output`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "captureMode" + ] + }, + "aws:sagemaker/EndpointConfigurationProductionVariant:EndpointConfigurationProductionVariant": { + "properties": { + "acceleratorType": { + "type": "string", + "description": "The size of the Elastic Inference (EI) instance to use for the production variant.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "initialInstanceCount": { + "type": "integer", + "description": "Initial number of instances used for auto-scaling.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "initialVariantWeight": { + "type": "number", + "description": "Determines initial traffic distribution among all of the models that you specify in the endpoint configuration. If unspecified, it defaults to 1.0.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "instanceType": { + "type": "string", + "description": "The type of instance to start.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "modelName": { + "type": "string", + "description": "The name of the model to use.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "variantName": { + "type": "string", + "description": "The name of the variant. If omitted, this provider will assign a random, unique name.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "initialInstanceCount", + "instanceType", + "modelName" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "initialInstanceCount", + "instanceType", + "modelName", + "variantName" + ] + } + } + }, + "aws:sagemaker/FeatureGroupFeatureDefinition:FeatureGroupFeatureDefinition": { + "properties": { + "featureName": { + "type": "string", + "description": "The name of a feature. `feature_name` cannot be any of the following: `is_deleted`, `write_time`, `api_invocation_time`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "featureType": { + "type": "string", + "description": "The value type of a feature. Valid values are `Integral`, `Fractional`, or `String`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/FeatureGroupOfflineStoreConfig:FeatureGroupOfflineStoreConfig": { + "properties": { + "dataCatalogConfig": { + "$ref": "#/types/aws:sagemaker/FeatureGroupOfflineStoreConfigDataCatalogConfig:FeatureGroupOfflineStoreConfigDataCatalogConfig", + "description": "The meta data of the Glue table that is autogenerated when an OfflineStore is created. See Data Catalog Config Below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "disableGlueTableCreation": { + "type": "boolean", + "description": "Set to `true` to turn Online Store On.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3StorageConfig": { + "$ref": "#/types/aws:sagemaker/FeatureGroupOfflineStoreConfigS3StorageConfig:FeatureGroupOfflineStoreConfigS3StorageConfig", + "description": "The Amazon Simple Storage (Amazon S3) location of OfflineStore. See S3 Storage Config Below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3StorageConfig" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "dataCatalogConfig", + "s3StorageConfig" + ] + } + } + }, + "aws:sagemaker/FeatureGroupOfflineStoreConfigDataCatalogConfig:FeatureGroupOfflineStoreConfigDataCatalogConfig": { + "properties": { + "catalog": { + "type": "string", + "description": "The name of the Glue table catalog.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "database": { + "type": "string", + "description": "The name of the Glue table database.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tableName": { + "type": "string", + "description": "The name of the Glue table.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "catalog", + "database", + "tableName" + ] + } + } + }, + "aws:sagemaker/FeatureGroupOfflineStoreConfigS3StorageConfig:FeatureGroupOfflineStoreConfigS3StorageConfig": { + "properties": { + "kmsKeyId": { + "type": "string", + "description": "The ID of the AWS Key Management Service (AWS KMS) key that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3Uri": { + "type": "string", + "description": "The S3 URI, or location in Amazon S3, of OfflineStore.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3Uri" + ] + }, + "aws:sagemaker/FeatureGroupOnlineStoreConfig:FeatureGroupOnlineStoreConfig": { + "properties": { + "enableOnlineStore": { + "type": "boolean", + "description": "Set to `true` to disable the automatic creation of an AWS Glue table when configuring an OfflineStore.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityConfig": { + "$ref": "#/types/aws:sagemaker/FeatureGroupOnlineStoreConfigSecurityConfig:FeatureGroupOnlineStoreConfigSecurityConfig", + "description": "Security config for at-rest encryption of your OnlineStore. See Security Config Below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/FeatureGroupOnlineStoreConfigSecurityConfig:FeatureGroupOnlineStoreConfigSecurityConfig": { + "properties": { + "kmsKeyId": { + "type": "string", + "description": "The ID of the AWS Key Management Service (AWS KMS) key that SageMaker Feature Store uses to encrypt the Amazon S3 objects at rest using Amazon S3 server-side encryption.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/ModelContainer:ModelContainer": { + "properties": { + "containerHostname": { + "type": "string", + "description": "The DNS host name for the container.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "environment": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Environment variables for the Docker container.\nA list of key value pairs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "image": { + "type": "string", + "description": "The registry path where the inference code image is stored in Amazon ECR.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imageConfig": { + "$ref": "#/types/aws:sagemaker/ModelContainerImageConfig:ModelContainerImageConfig", + "description": "Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For more information see [Using a Private Docker Registry for Real-Time Inference Containers](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-containers-inference-private.html). see Image Config.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mode": { + "type": "string", + "description": "The container hosts value `SingleModel/MultiModel`. The default value is `SingleModel`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "modelDataUrl": { + "type": "string", + "description": "The URL for the S3 location where model artifacts are stored.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "image" + ] + }, + "aws:sagemaker/ModelContainerImageConfig:ModelContainerImageConfig": { + "properties": { + "repositoryAccessMode": { + "type": "string", + "description": "Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). Allowed values are: `Platform` and `Vpc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "repositoryAccessMode" + ] + }, + "aws:sagemaker/ModelInferenceExecutionConfig:ModelInferenceExecutionConfig": { + "properties": { + "mode": { + "type": "string", + "description": "The container hosts value `SingleModel/MultiModel`. The default value is `SingleModel`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "mode" + ] + }, + "aws:sagemaker/ModelPrimaryContainer:ModelPrimaryContainer": { + "properties": { + "containerHostname": { + "type": "string", + "description": "The DNS host name for the container.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "environment": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Environment variables for the Docker container.\nA list of key value pairs.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "image": { + "type": "string", + "description": "The registry path where the inference code image is stored in Amazon ECR.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imageConfig": { + "$ref": "#/types/aws:sagemaker/ModelPrimaryContainerImageConfig:ModelPrimaryContainerImageConfig", + "description": "Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For more information see [Using a Private Docker Registry for Real-Time Inference Containers](https://docs.aws.amazon.com/sagemaker/latest/dg/your-algorithms-containers-inference-private.html). see Image Config.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "mode": { + "type": "string", + "description": "The container hosts value `SingleModel/MultiModel`. The default value is `SingleModel`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "modelDataUrl": { + "type": "string", + "description": "The URL for the S3 location where model artifacts are stored.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "image" + ] + }, + "aws:sagemaker/ModelPrimaryContainerImageConfig:ModelPrimaryContainerImageConfig": { + "properties": { + "repositoryAccessMode": { + "type": "string", + "description": "Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). Allowed values are: `Platform` and `Vpc`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "repositoryAccessMode" + ] + }, + "aws:sagemaker/ModelVpcConfig:ModelVpcConfig": { + "properties": { + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "securityGroupIds", + "subnets" + ] + }, + "aws:sagemaker/UserProfileUserSettings:UserProfileUserSettings": { + "properties": { + "executionRole": { + "type": "string", + "description": "The execution role ARN for the user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jupyterServerAppSettings": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettingsJupyterServerAppSettings:UserProfileUserSettingsJupyterServerAppSettings", + "description": "The Jupyter server's app settings. See Jupyter Server App Settings below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kernelGatewayAppSettings": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettingsKernelGatewayAppSettings:UserProfileUserSettingsKernelGatewayAppSettings", + "description": "The kernel gateway app settings. See Kernel Gateway App Settings below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The security groups.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sharingSettings": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettingsSharingSettings:UserProfileUserSettingsSharingSettings", + "description": "The sharing settings. See Sharing Settings below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tensorBoardAppSettings": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettingsTensorBoardAppSettings:UserProfileUserSettingsTensorBoardAppSettings", + "description": "The TensorBoard app settings. See TensorBoard App Settings below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "executionRole" + ] + }, + "aws:sagemaker/UserProfileUserSettingsJupyterServerAppSettings:UserProfileUserSettingsJupyterServerAppSettings": { + "properties": { + "defaultResourceSpec": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettingsJupyterServerAppSettingsDefaultResourceSpec:UserProfileUserSettingsJupyterServerAppSettingsDefaultResourceSpec", + "description": "The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "defaultResourceSpec" + ] + }, + "aws:sagemaker/UserProfileUserSettingsJupyterServerAppSettingsDefaultResourceSpec:UserProfileUserSettingsJupyterServerAppSettingsDefaultResourceSpec": { + "properties": { + "instanceType": { + "type": "string", + "description": "The instance type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sagemakerImageArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SageMaker image created on the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/UserProfileUserSettingsKernelGatewayAppSettings:UserProfileUserSettingsKernelGatewayAppSettings": { + "properties": { + "customImages": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettingsKernelGatewayAppSettingsCustomImage:UserProfileUserSettingsKernelGatewayAppSettingsCustomImage" + }, + "description": "A list of custom SageMaker images that are configured to run as a KernelGateway app. see Custom Image below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "defaultResourceSpec": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettingsKernelGatewayAppSettingsDefaultResourceSpec:UserProfileUserSettingsKernelGatewayAppSettingsDefaultResourceSpec", + "description": "The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "defaultResourceSpec" + ] + }, + "aws:sagemaker/UserProfileUserSettingsKernelGatewayAppSettingsCustomImage:UserProfileUserSettingsKernelGatewayAppSettingsCustomImage": { + "properties": { + "appImageConfigName": { + "type": "string", + "description": "The name of the App Image Config.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imageName": { + "type": "string", + "description": "The name of the Custom Image.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "imageVersionNumber": { + "type": "integer", + "description": "The version number of the Custom Image.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "appImageConfigName", + "imageName" + ] + }, + "aws:sagemaker/UserProfileUserSettingsKernelGatewayAppSettingsDefaultResourceSpec:UserProfileUserSettingsKernelGatewayAppSettingsDefaultResourceSpec": { + "properties": { + "instanceType": { + "type": "string", + "description": "The instance type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sagemakerImageArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SageMaker image created on the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/UserProfileUserSettingsSharingSettings:UserProfileUserSettingsSharingSettings": { + "properties": { + "notebookOutputOption": { + "type": "string", + "description": "Whether to include the notebook cell output when sharing the notebook. The default is `Disabled`. Valid values are `Allowed` and `Disabled`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3KmsKeyId": { + "type": "string", + "description": "When `notebook_output_option` is Allowed, the AWS Key Management Service (KMS) encryption key ID used to encrypt the notebook cell output in the Amazon S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3OutputPath": { + "type": "string", + "description": "When `notebook_output_option` is Allowed, the Amazon S3 bucket used to save the notebook cell output.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/UserProfileUserSettingsTensorBoardAppSettings:UserProfileUserSettingsTensorBoardAppSettings": { + "properties": { + "defaultResourceSpec": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettingsTensorBoardAppSettingsDefaultResourceSpec:UserProfileUserSettingsTensorBoardAppSettingsDefaultResourceSpec", + "description": "The default instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance. see Default Resource Spec below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "defaultResourceSpec" + ] + }, + "aws:sagemaker/UserProfileUserSettingsTensorBoardAppSettingsDefaultResourceSpec:UserProfileUserSettingsTensorBoardAppSettingsDefaultResourceSpec": { + "properties": { + "instanceType": { + "type": "string", + "description": "The instance type.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sagemakerImageArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SageMaker image created on the instance.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/WorkforceCognitoConfig:WorkforceCognitoConfig": { + "properties": { + "clientId": { + "type": "string", + "description": "The OIDC IdP client ID used to configure your private workforce.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPool": { + "type": "string", + "description": "The id for your Amazon Cognito user pool.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "clientId", + "userPool" + ] + }, + "aws:sagemaker/WorkforceOidcConfig:WorkforceOidcConfig": { + "properties": { + "authorizationEndpoint": { + "type": "string", + "description": "The OIDC IdP authorization endpoint used to configure your private workforce.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientId": { + "type": "string", + "description": "The OIDC IdP client ID used to configure your private workforce.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "clientSecret": { + "type": "string", + "description": "The OIDC IdP client secret used to configure your private workforce.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "issuer": { + "type": "string", + "description": "The OIDC IdP issuer used to configure your private workforce.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "jwksUri": { + "type": "string", + "description": "The OIDC IdP JSON Web Key Set (Jwks) URI used to configure your private workforce.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logoutEndpoint": { + "type": "string", + "description": "The OIDC IdP logout endpoint used to configure your private workforce.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tokenEndpoint": { + "type": "string", + "description": "The OIDC IdP token endpoint used to configure your private workforce.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userInfoEndpoint": { + "type": "string", + "description": "The OIDC IdP user information endpoint used to configure your private workforce.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "authorizationEndpoint", + "clientId", + "clientSecret", + "issuer", + "jwksUri", + "logoutEndpoint", + "tokenEndpoint", + "userInfoEndpoint" + ] + }, + "aws:sagemaker/WorkforceSourceIpConfig:WorkforceSourceIpConfig": { + "properties": { + "cidrs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of up to 10 CIDR values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidrs" + ] + }, + "aws:sagemaker/WorkteamMemberDefinition:WorkteamMemberDefinition": { + "properties": { + "cognitoMemberDefinition": { + "$ref": "#/types/aws:sagemaker/WorkteamMemberDefinitionCognitoMemberDefinition:WorkteamMemberDefinitionCognitoMemberDefinition", + "description": "The Amazon Cognito user group that is part of the work team. See Cognito Member Definition details below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "oidcMemberDefinition": { + "$ref": "#/types/aws:sagemaker/WorkteamMemberDefinitionOidcMemberDefinition:WorkteamMemberDefinitionOidcMemberDefinition", + "description": "A list user groups that exist in your OIDC Identity Provider (IdP). One to ten groups can be used to create a single private work team. See Cognito Member Definition details below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sagemaker/WorkteamMemberDefinitionCognitoMemberDefinition:WorkteamMemberDefinitionCognitoMemberDefinition": { + "properties": { + "clientId": { + "type": "string", + "description": "An identifier for an application client. You must create the app client ID using Amazon Cognito.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userGroup": { + "type": "string", + "description": "An identifier for a user group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userPool": { + "type": "string", + "description": "An identifier for a user pool. The user pool must be in the same region as the service that you are calling.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "clientId", + "userGroup", + "userPool" + ] + }, + "aws:sagemaker/WorkteamMemberDefinitionOidcMemberDefinition:WorkteamMemberDefinitionOidcMemberDefinition": { + "properties": { + "groups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of comma separated strings that identifies user groups in your OIDC IdP. Each user group is made up of a group of private workers.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "groups" + ] + }, + "aws:sagemaker/WorkteamNotificationConfiguration:WorkteamNotificationConfiguration": { + "properties": { + "notificationTopicArn": { + "type": "string", + "description": "The ARN for the SNS topic to which notifications should be published.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:secretsmanager/SecretReplica:SecretReplica": { + "properties": { + "kmsKeyId": { + "type": "string", + "description": "ARN, Key ID, or Alias.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lastAccessedDate": { + "type": "string", + "description": "Date that you last accessed the secret in the Region.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "Region for replicating the secret.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "status": { + "type": "string", + "description": "Status can be `InProgress`, `Failed`, or `InSync`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusMessage": { + "type": "string", + "description": "Message such as `Replication succeeded` or `Secret with this name already exists in this region`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "region" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "kmsKeyId", + "lastAccessedDate", + "region", + "status", + "statusMessage" + ] + } + } + }, + "aws:secretsmanager/SecretRotationRotationRules:SecretRotationRotationRules": { + "properties": { + "automaticallyAfterDays": { + "type": "integer", + "description": "Specifies the number of days between automatic scheduled rotations of the secret.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "automaticallyAfterDays" + ] + }, + "aws:secretsmanager/SecretRotationRules:SecretRotationRules": { + "properties": { + "automaticallyAfterDays": { + "type": "integer", + "description": "Specifies the number of days between automatic scheduled rotations of the secret.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "automaticallyAfterDays" + ] + }, + "aws:secretsmanager/getSecretRotationRotationRule:getSecretRotationRotationRule": { + "properties": { + "automaticallyAfterDays": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "automaticallyAfterDays" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:secretsmanager/getSecretRotationRule:getSecretRotationRule": { + "properties": { + "automaticallyAfterDays": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "automaticallyAfterDays" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:securityhub/InsightFilters:InsightFilters": { + "properties": { + "awsAccountIds": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersAwsAccountId:InsightFiltersAwsAccountId" + }, + "description": "AWS account ID that a finding is generated in. See String_Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "companyNames": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersCompanyName:InsightFiltersCompanyName" + }, + "description": "The name of the findings provider (company) that owns the solution (product) that generates findings. See String_Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "complianceStatuses": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersComplianceStatus:InsightFiltersComplianceStatus" + }, + "description": "Exclusive to findings that are generated as the result of a check run against a specific rule in a supported standard, such as CIS AWS Foundations. Contains security standard-related finding details. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "confidences": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersConfidence:InsightFiltersConfidence" + }, + "description": "A finding's confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "createdAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersCreatedAt:InsightFiltersCreatedAt" + }, + "description": "An ISO8601-formatted timestamp that indicates when the security-findings provider captured the potential security issue that a finding captured. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "criticalities": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersCriticality:InsightFiltersCriticality" + }, + "description": "The level of importance assigned to the resources associated with the finding. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "descriptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersDescription:InsightFiltersDescription" + }, + "description": "A finding's description. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "findingProviderFieldsConfidences": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersFindingProviderFieldsConfidence:InsightFiltersFindingProviderFieldsConfidence" + }, + "description": "The finding provider value for the finding confidence. Confidence is defined as the likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. Confidence is scored on a 0-100 basis using a ratio scale, where 0 means zero percent confidence and 100 means 100 percent confidence. See Number Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "findingProviderFieldsCriticalities": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersFindingProviderFieldsCriticality:InsightFiltersFindingProviderFieldsCriticality" + }, + "description": "The finding provider value for the level of importance assigned to the resources associated with the findings. A score of 0 means that the underlying resources have no criticality, and a score of 100 is reserved for the most critical resources. See Number Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "findingProviderFieldsRelatedFindingsIds": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersFindingProviderFieldsRelatedFindingsId:InsightFiltersFindingProviderFieldsRelatedFindingsId" + }, + "description": "The finding identifier of a related finding that is identified by the finding provider. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "findingProviderFieldsRelatedFindingsProductArns": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersFindingProviderFieldsRelatedFindingsProductArn:InsightFiltersFindingProviderFieldsRelatedFindingsProductArn" + }, + "description": "The ARN of the solution that generated a related finding that is identified by the finding provider. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "findingProviderFieldsSeverityLabels": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersFindingProviderFieldsSeverityLabel:InsightFiltersFindingProviderFieldsSeverityLabel" + }, + "description": "The finding provider value for the severity label. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "findingProviderFieldsSeverityOriginals": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersFindingProviderFieldsSeverityOriginal:InsightFiltersFindingProviderFieldsSeverityOriginal" + }, + "description": "The finding provider's original value for the severity. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "findingProviderFieldsTypes": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersFindingProviderFieldsType:InsightFiltersFindingProviderFieldsType" + }, + "description": "One or more finding types that the finding provider assigned to the finding. Uses the format of `namespace/category/classifier` that classify a finding. Valid namespace values include: `Software and Configuration Checks`, `TTPs`, `Effects`, `Unusual Behaviors`, and `Sensitive Data Identifications`. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "firstObservedAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersFirstObservedAt:InsightFiltersFirstObservedAt" + }, + "description": "An ISO8601-formatted timestamp that indicates when the security-findings provider first observed the potential security issue that a finding captured. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "generatorIds": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersGeneratorId:InsightFiltersGeneratorId" + }, + "description": "The identifier for the solution-specific component (a discrete unit of logic) that generated a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ids": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersId:InsightFiltersId" + }, + "description": "The security findings provider-specific identifier for a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "keywords": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersKeyword:InsightFiltersKeyword" + }, + "description": "A keyword for a finding. See Keyword Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lastObservedAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersLastObservedAt:InsightFiltersLastObservedAt" + }, + "description": "An ISO8601-formatted timestamp that indicates when the security-findings provider most recently observed the potential security issue that a finding captured. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "malwareNames": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersMalwareName:InsightFiltersMalwareName" + }, + "description": "The name of the malware that was observed. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "malwarePaths": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersMalwarePath:InsightFiltersMalwarePath" + }, + "description": "The filesystem path of the malware that was observed. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "malwareStates": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersMalwareState:InsightFiltersMalwareState" + }, + "description": "The state of the malware that was observed. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "malwareTypes": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersMalwareType:InsightFiltersMalwareType" + }, + "description": "The type of the malware that was observed. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkDestinationDomains": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkDestinationDomain:InsightFiltersNetworkDestinationDomain" + }, + "description": "The destination domain of network-related information about a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkDestinationIpv4s": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkDestinationIpv4:InsightFiltersNetworkDestinationIpv4" + }, + "description": "The destination IPv4 address of network-related information about a finding. See Ip Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkDestinationIpv6s": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkDestinationIpv6:InsightFiltersNetworkDestinationIpv6" + }, + "description": "The destination IPv6 address of network-related information about a finding. See Ip Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkDestinationPorts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkDestinationPort:InsightFiltersNetworkDestinationPort" + }, + "description": "The destination port of network-related information about a finding. See Number Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkDirections": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkDirection:InsightFiltersNetworkDirection" + }, + "description": "Indicates the direction of network traffic associated with a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkProtocols": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkProtocol:InsightFiltersNetworkProtocol" + }, + "description": "The protocol of network-related information about a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkSourceDomains": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkSourceDomain:InsightFiltersNetworkSourceDomain" + }, + "description": "The source domain of network-related information about a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkSourceIpv4s": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkSourceIpv4:InsightFiltersNetworkSourceIpv4" + }, + "description": "The source IPv4 address of network-related information about a finding. See Ip Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkSourceIpv6s": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkSourceIpv6:InsightFiltersNetworkSourceIpv6" + }, + "description": "The source IPv6 address of network-related information about a finding. See Ip Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkSourceMacs": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkSourceMac:InsightFiltersNetworkSourceMac" + }, + "description": "The source media access control (MAC) address of network-related information about a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "networkSourcePorts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNetworkSourcePort:InsightFiltersNetworkSourcePort" + }, + "description": "The source port of network-related information about a finding. See Number Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noteTexts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNoteText:InsightFiltersNoteText" + }, + "description": "The text of a note. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noteUpdatedAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNoteUpdatedAt:InsightFiltersNoteUpdatedAt" + }, + "description": "The timestamp of when the note was updated. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "noteUpdatedBies": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersNoteUpdatedBy:InsightFiltersNoteUpdatedBy" + }, + "description": "The principal that created a note. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processLaunchedAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersProcessLaunchedAt:InsightFiltersProcessLaunchedAt" + }, + "description": "The date/time that the process was launched. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processNames": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersProcessName:InsightFiltersProcessName" + }, + "description": "The name of the process. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processParentPids": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersProcessParentPid:InsightFiltersProcessParentPid" + }, + "description": "The parent process ID. See Number Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processPaths": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersProcessPath:InsightFiltersProcessPath" + }, + "description": "The path to the process executable. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processPids": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersProcessPid:InsightFiltersProcessPid" + }, + "description": "The process ID. See Number Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "processTerminatedAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersProcessTerminatedAt:InsightFiltersProcessTerminatedAt" + }, + "description": "The date/time that the process was terminated. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "productArns": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersProductArn:InsightFiltersProductArn" + }, + "description": "The ARN generated by Security Hub that uniquely identifies a third-party company (security findings provider) after this provider's product (solution that generates findings) is registered with Security Hub. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "productFields": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersProductField:InsightFiltersProductField" + }, + "description": "A data type where security-findings providers can include additional solution-specific details that aren't part of the defined `AwsSecurityFinding` format. See Map Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "productNames": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersProductName:InsightFiltersProductName" + }, + "description": "The name of the solution (product) that generates findings. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recommendationTexts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersRecommendationText:InsightFiltersRecommendationText" + }, + "description": "The recommendation of what to do about the issue described in a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "recordStates": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersRecordState:InsightFiltersRecordState" + }, + "description": "The updated record state for the finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "relatedFindingsIds": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersRelatedFindingsId:InsightFiltersRelatedFindingsId" + }, + "description": "The solution-generated identifier for a related finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "relatedFindingsProductArns": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersRelatedFindingsProductArn:InsightFiltersRelatedFindingsProductArn" + }, + "description": "The ARN of the solution that generated a related finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsEc2InstanceIamInstanceProfileArns": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsEc2InstanceIamInstanceProfileArn:InsightFiltersResourceAwsEc2InstanceIamInstanceProfileArn" + }, + "description": "The IAM profile ARN of the instance. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsEc2InstanceImageIds": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsEc2InstanceImageId:InsightFiltersResourceAwsEc2InstanceImageId" + }, + "description": "The Amazon Machine Image (AMI) ID of the instance. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsEc2InstanceIpv4Addresses": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsEc2InstanceIpv4Address:InsightFiltersResourceAwsEc2InstanceIpv4Address" + }, + "description": "The IPv4 addresses associated with the instance. See Ip Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsEc2InstanceIpv6Addresses": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsEc2InstanceIpv6Address:InsightFiltersResourceAwsEc2InstanceIpv6Address" + }, + "description": "The IPv6 addresses associated with the instance. See Ip Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsEc2InstanceKeyNames": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsEc2InstanceKeyName:InsightFiltersResourceAwsEc2InstanceKeyName" + }, + "description": "The key name associated with the instance. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsEc2InstanceLaunchedAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsEc2InstanceLaunchedAt:InsightFiltersResourceAwsEc2InstanceLaunchedAt" + }, + "description": "The date and time the instance was launched. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsEc2InstanceSubnetIds": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsEc2InstanceSubnetId:InsightFiltersResourceAwsEc2InstanceSubnetId" + }, + "description": "The identifier of the subnet that the instance was launched in. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsEc2InstanceTypes": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsEc2InstanceType:InsightFiltersResourceAwsEc2InstanceType" + }, + "description": "The instance type of the instance. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsEc2InstanceVpcIds": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsEc2InstanceVpcId:InsightFiltersResourceAwsEc2InstanceVpcId" + }, + "description": "The identifier of the VPC that the instance was launched in. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsIamAccessKeyCreatedAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsIamAccessKeyCreatedAt:InsightFiltersResourceAwsIamAccessKeyCreatedAt" + }, + "description": "The creation date/time of the IAM access key related to a finding. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsIamAccessKeyStatuses": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsIamAccessKeyStatus:InsightFiltersResourceAwsIamAccessKeyStatus" + }, + "description": "The status of the IAM access key related to a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsIamAccessKeyUserNames": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsIamAccessKeyUserName:InsightFiltersResourceAwsIamAccessKeyUserName" + }, + "description": "The user associated with the IAM access key related to a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsS3BucketOwnerIds": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsS3BucketOwnerId:InsightFiltersResourceAwsS3BucketOwnerId" + }, + "description": "The canonical user ID of the owner of the S3 bucket. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceAwsS3BucketOwnerNames": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsS3BucketOwnerName:InsightFiltersResourceAwsS3BucketOwnerName" + }, + "description": "The display name of the owner of the S3 bucket. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceContainerImageIds": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceContainerImageId:InsightFiltersResourceContainerImageId" + }, + "description": "The identifier of the image related to a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceContainerImageNames": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceContainerImageName:InsightFiltersResourceContainerImageName" + }, + "description": "The name of the image related to a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceContainerLaunchedAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceContainerLaunchedAt:InsightFiltersResourceContainerLaunchedAt" + }, + "description": "The date/time that the container was started. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceContainerNames": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceContainerName:InsightFiltersResourceContainerName" + }, + "description": "The name of the container related to a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceDetailsOthers": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceDetailsOther:InsightFiltersResourceDetailsOther" + }, + "description": "The details of a resource that doesn't have a specific subfield for the resource type defined. See Map Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceIds": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceId:InsightFiltersResourceId" + }, + "description": "The canonical identifier for the given resource type. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourcePartitions": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourcePartition:InsightFiltersResourcePartition" + }, + "description": "The canonical AWS partition name that the Region is assigned to. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceRegions": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceRegion:InsightFiltersResourceRegion" + }, + "description": "The canonical AWS external Region name where this resource is located. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceTags": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceTag:InsightFiltersResourceTag" + }, + "description": "A list of AWS tags associated with a resource at the time the finding was processed. See Map Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourceTypes": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceType:InsightFiltersResourceType" + }, + "description": "Specifies the type of the resource that details are provided for. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "severityLabels": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersSeverityLabel:InsightFiltersSeverityLabel" + }, + "description": "The label of a finding's severity. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sourceUrls": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersSourceUrl:InsightFiltersSourceUrl" + }, + "description": "A URL that links to a page about the current finding in the security-findings provider's solution. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "threatIntelIndicatorCategories": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersThreatIntelIndicatorCategory:InsightFiltersThreatIntelIndicatorCategory" + }, + "description": "The category of a threat intelligence indicator. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "threatIntelIndicatorLastObservedAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersThreatIntelIndicatorLastObservedAt:InsightFiltersThreatIntelIndicatorLastObservedAt" + }, + "description": "The date/time of the last observation of a threat intelligence indicator. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "threatIntelIndicatorSourceUrls": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersThreatIntelIndicatorSourceUrl:InsightFiltersThreatIntelIndicatorSourceUrl" + }, + "description": "The URL for more details from the source of the threat intelligence. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "threatIntelIndicatorSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersThreatIntelIndicatorSource:InsightFiltersThreatIntelIndicatorSource" + }, + "description": "The source of the threat intelligence. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "threatIntelIndicatorTypes": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersThreatIntelIndicatorType:InsightFiltersThreatIntelIndicatorType" + }, + "description": "The type of a threat intelligence indicator. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "threatIntelIndicatorValues": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersThreatIntelIndicatorValue:InsightFiltersThreatIntelIndicatorValue" + }, + "description": "The value of a threat intelligence indicator. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "titles": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersTitle:InsightFiltersTitle" + }, + "description": "A finding's title. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "types": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersType:InsightFiltersType" + }, + "description": "A finding type in the format of `namespace/category/classifier` that classifies a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "updatedAts": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersUpdatedAt:InsightFiltersUpdatedAt" + }, + "description": "An ISO8601-formatted timestamp that indicates when the security-findings provider last updated the finding record. See Date Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userDefinedValues": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersUserDefinedValue:InsightFiltersUserDefinedValue" + }, + "description": "A list of name/value string pairs associated with the finding. These are custom, user-defined fields added to a finding. See Map Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "verificationStates": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersVerificationState:InsightFiltersVerificationState" + }, + "description": "The veracity of a finding. See String Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "workflowStatuses": { + "type": "array", + "items": { + "$ref": "#/types/aws:securityhub/InsightFiltersWorkflowStatus:InsightFiltersWorkflowStatus" + }, + "description": "The status of the investigation into a finding. See Workflow Status Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersAwsAccountId:InsightFiltersAwsAccountId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersCompanyName:InsightFiltersCompanyName": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersComplianceStatus:InsightFiltersComplianceStatus": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersConfidence:InsightFiltersConfidence": { + "properties": { + "eq": { + "type": "string", + "description": "The equal-to condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gte": { + "type": "string", + "description": "The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lte": { + "type": "string", + "description": "The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersCreatedAt:InsightFiltersCreatedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersCreatedAtDateRange:InsightFiltersCreatedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersCreatedAtDateRange:InsightFiltersCreatedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersCriticality:InsightFiltersCriticality": { + "properties": { + "eq": { + "type": "string", + "description": "The equal-to condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gte": { + "type": "string", + "description": "The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lte": { + "type": "string", + "description": "The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersDescription:InsightFiltersDescription": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersFindingProviderFieldsConfidence:InsightFiltersFindingProviderFieldsConfidence": { + "properties": { + "eq": { + "type": "string", + "description": "The equal-to condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gte": { + "type": "string", + "description": "The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lte": { + "type": "string", + "description": "The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersFindingProviderFieldsCriticality:InsightFiltersFindingProviderFieldsCriticality": { + "properties": { + "eq": { + "type": "string", + "description": "The equal-to condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gte": { + "type": "string", + "description": "The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lte": { + "type": "string", + "description": "The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersFindingProviderFieldsRelatedFindingsId:InsightFiltersFindingProviderFieldsRelatedFindingsId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersFindingProviderFieldsRelatedFindingsProductArn:InsightFiltersFindingProviderFieldsRelatedFindingsProductArn": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersFindingProviderFieldsSeverityLabel:InsightFiltersFindingProviderFieldsSeverityLabel": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersFindingProviderFieldsSeverityOriginal:InsightFiltersFindingProviderFieldsSeverityOriginal": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersFindingProviderFieldsType:InsightFiltersFindingProviderFieldsType": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersFirstObservedAt:InsightFiltersFirstObservedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersFirstObservedAtDateRange:InsightFiltersFirstObservedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersFirstObservedAtDateRange:InsightFiltersFirstObservedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersGeneratorId:InsightFiltersGeneratorId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersId:InsightFiltersId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersKeyword:InsightFiltersKeyword": { + "properties": { + "value": { + "type": "string", + "description": "A value for the keyword.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "value" + ] + }, + "aws:securityhub/InsightFiltersLastObservedAt:InsightFiltersLastObservedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersLastObservedAtDateRange:InsightFiltersLastObservedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersLastObservedAtDateRange:InsightFiltersLastObservedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersMalwareName:InsightFiltersMalwareName": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersMalwarePath:InsightFiltersMalwarePath": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersMalwareState:InsightFiltersMalwareState": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersMalwareType:InsightFiltersMalwareType": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersNetworkDestinationDomain:InsightFiltersNetworkDestinationDomain": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersNetworkDestinationIpv4:InsightFiltersNetworkDestinationIpv4": { + "properties": { + "cidr": { + "type": "string", + "description": "A finding's CIDR value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidr" + ] + }, + "aws:securityhub/InsightFiltersNetworkDestinationIpv6:InsightFiltersNetworkDestinationIpv6": { + "properties": { + "cidr": { + "type": "string", + "description": "A finding's CIDR value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidr" + ] + }, + "aws:securityhub/InsightFiltersNetworkDestinationPort:InsightFiltersNetworkDestinationPort": { + "properties": { + "eq": { + "type": "string", + "description": "The equal-to condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gte": { + "type": "string", + "description": "The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lte": { + "type": "string", + "description": "The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersNetworkDirection:InsightFiltersNetworkDirection": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersNetworkProtocol:InsightFiltersNetworkProtocol": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersNetworkSourceDomain:InsightFiltersNetworkSourceDomain": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersNetworkSourceIpv4:InsightFiltersNetworkSourceIpv4": { + "properties": { + "cidr": { + "type": "string", + "description": "A finding's CIDR value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidr" + ] + }, + "aws:securityhub/InsightFiltersNetworkSourceIpv6:InsightFiltersNetworkSourceIpv6": { + "properties": { + "cidr": { + "type": "string", + "description": "A finding's CIDR value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidr" + ] + }, + "aws:securityhub/InsightFiltersNetworkSourceMac:InsightFiltersNetworkSourceMac": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersNetworkSourcePort:InsightFiltersNetworkSourcePort": { + "properties": { + "eq": { + "type": "string", + "description": "The equal-to condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gte": { + "type": "string", + "description": "The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lte": { + "type": "string", + "description": "The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersNoteText:InsightFiltersNoteText": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersNoteUpdatedAt:InsightFiltersNoteUpdatedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersNoteUpdatedAtDateRange:InsightFiltersNoteUpdatedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersNoteUpdatedAtDateRange:InsightFiltersNoteUpdatedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersNoteUpdatedBy:InsightFiltersNoteUpdatedBy": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersProcessLaunchedAt:InsightFiltersProcessLaunchedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersProcessLaunchedAtDateRange:InsightFiltersProcessLaunchedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersProcessLaunchedAtDateRange:InsightFiltersProcessLaunchedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersProcessName:InsightFiltersProcessName": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersProcessParentPid:InsightFiltersProcessParentPid": { + "properties": { + "eq": { + "type": "string", + "description": "The equal-to condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gte": { + "type": "string", + "description": "The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lte": { + "type": "string", + "description": "The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersProcessPath:InsightFiltersProcessPath": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersProcessPid:InsightFiltersProcessPid": { + "properties": { + "eq": { + "type": "string", + "description": "The equal-to condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "gte": { + "type": "string", + "description": "The greater-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lte": { + "type": "string", + "description": "The less-than-equal condition to be applied to a single field when querying for findings, provided as a String.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersProcessTerminatedAt:InsightFiltersProcessTerminatedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersProcessTerminatedAtDateRange:InsightFiltersProcessTerminatedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersProcessTerminatedAtDateRange:InsightFiltersProcessTerminatedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersProductArn:InsightFiltersProductArn": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersProductField:InsightFiltersProductField": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The key of the map filter. For example, for `ResourceTags`, `Key` identifies the name of the tag. For `UserDefinedFields`, `Key` is the name of the field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "key", + "value" + ] + }, + "aws:securityhub/InsightFiltersProductName:InsightFiltersProductName": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersRecommendationText:InsightFiltersRecommendationText": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersRecordState:InsightFiltersRecordState": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersRelatedFindingsId:InsightFiltersRelatedFindingsId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersRelatedFindingsProductArn:InsightFiltersRelatedFindingsProductArn": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsEc2InstanceIamInstanceProfileArn:InsightFiltersResourceAwsEc2InstanceIamInstanceProfileArn": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsEc2InstanceImageId:InsightFiltersResourceAwsEc2InstanceImageId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsEc2InstanceIpv4Address:InsightFiltersResourceAwsEc2InstanceIpv4Address": { + "properties": { + "cidr": { + "type": "string", + "description": "A finding's CIDR value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidr" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsEc2InstanceIpv6Address:InsightFiltersResourceAwsEc2InstanceIpv6Address": { + "properties": { + "cidr": { + "type": "string", + "description": "A finding's CIDR value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cidr" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsEc2InstanceKeyName:InsightFiltersResourceAwsEc2InstanceKeyName": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsEc2InstanceLaunchedAt:InsightFiltersResourceAwsEc2InstanceLaunchedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsEc2InstanceLaunchedAtDateRange:InsightFiltersResourceAwsEc2InstanceLaunchedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersResourceAwsEc2InstanceLaunchedAtDateRange:InsightFiltersResourceAwsEc2InstanceLaunchedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsEc2InstanceSubnetId:InsightFiltersResourceAwsEc2InstanceSubnetId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsEc2InstanceType:InsightFiltersResourceAwsEc2InstanceType": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsEc2InstanceVpcId:InsightFiltersResourceAwsEc2InstanceVpcId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsIamAccessKeyCreatedAt:InsightFiltersResourceAwsIamAccessKeyCreatedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceAwsIamAccessKeyCreatedAtDateRange:InsightFiltersResourceAwsIamAccessKeyCreatedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersResourceAwsIamAccessKeyCreatedAtDateRange:InsightFiltersResourceAwsIamAccessKeyCreatedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsIamAccessKeyStatus:InsightFiltersResourceAwsIamAccessKeyStatus": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsIamAccessKeyUserName:InsightFiltersResourceAwsIamAccessKeyUserName": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsS3BucketOwnerId:InsightFiltersResourceAwsS3BucketOwnerId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceAwsS3BucketOwnerName:InsightFiltersResourceAwsS3BucketOwnerName": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceContainerImageId:InsightFiltersResourceContainerImageId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceContainerImageName:InsightFiltersResourceContainerImageName": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceContainerLaunchedAt:InsightFiltersResourceContainerLaunchedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersResourceContainerLaunchedAtDateRange:InsightFiltersResourceContainerLaunchedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersResourceContainerLaunchedAtDateRange:InsightFiltersResourceContainerLaunchedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceContainerName:InsightFiltersResourceContainerName": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceDetailsOther:InsightFiltersResourceDetailsOther": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The key of the map filter. For example, for `ResourceTags`, `Key` identifies the name of the tag. For `UserDefinedFields`, `Key` is the name of the field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "key", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceId:InsightFiltersResourceId": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourcePartition:InsightFiltersResourcePartition": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceRegion:InsightFiltersResourceRegion": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceTag:InsightFiltersResourceTag": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The key of the map filter. For example, for `ResourceTags`, `Key` identifies the name of the tag. For `UserDefinedFields`, `Key` is the name of the field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "key", + "value" + ] + }, + "aws:securityhub/InsightFiltersResourceType:InsightFiltersResourceType": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersSeverityLabel:InsightFiltersSeverityLabel": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersSourceUrl:InsightFiltersSourceUrl": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersThreatIntelIndicatorCategory:InsightFiltersThreatIntelIndicatorCategory": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersThreatIntelIndicatorLastObservedAt:InsightFiltersThreatIntelIndicatorLastObservedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersThreatIntelIndicatorLastObservedAtDateRange:InsightFiltersThreatIntelIndicatorLastObservedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersThreatIntelIndicatorLastObservedAtDateRange:InsightFiltersThreatIntelIndicatorLastObservedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersThreatIntelIndicatorSource:InsightFiltersThreatIntelIndicatorSource": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersThreatIntelIndicatorSourceUrl:InsightFiltersThreatIntelIndicatorSourceUrl": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersThreatIntelIndicatorType:InsightFiltersThreatIntelIndicatorType": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersThreatIntelIndicatorValue:InsightFiltersThreatIntelIndicatorValue": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersTitle:InsightFiltersTitle": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersType:InsightFiltersType": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersUpdatedAt:InsightFiltersUpdatedAt": { + "properties": { + "dateRange": { + "$ref": "#/types/aws:securityhub/InsightFiltersUpdatedAtDateRange:InsightFiltersUpdatedAtDateRange", + "description": "A configuration block of the date range for the date filter. See date_range below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "end": { + "type": "string", + "description": "An end date for the date filter. Required with `start` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "start": { + "type": "string", + "description": "A start date for the date filter. Required with `end` if `date_range` is not specified.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:securityhub/InsightFiltersUpdatedAtDateRange:InsightFiltersUpdatedAtDateRange": { + "properties": { + "unit": { + "type": "string", + "description": "A date range unit for the date filter. Valid values: `DAYS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "unit", + "value" + ] + }, + "aws:securityhub/InsightFiltersUserDefinedValue:InsightFiltersUserDefinedValue": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "The key of the map filter. For example, for `ResourceTags`, `Key` identifies the name of the tag. For `UserDefinedFields`, `Key` is the name of the field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "key", + "value" + ] + }, + "aws:securityhub/InsightFiltersVerificationState:InsightFiltersVerificationState": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:securityhub/InsightFiltersWorkflowStatus:InsightFiltersWorkflowStatus": { + "properties": { + "comparison": { + "type": "string", + "description": "The condition to apply to a string value when querying for findings. Valid values include: `EQUALS` and `NOT_EQUALS`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "A date range value for the date filter, provided as an Integer.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparison", + "value" + ] + }, + "aws:servicecatalog/ProductProvisioningArtifactParameters:ProductProvisioningArtifactParameters": { + "properties": { + "description": { + "type": "string", + "description": "Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "disableTemplateValidation": { + "type": "boolean", + "description": "Whether AWS Service Catalog stops validating the specified provisioning artifact template even if it is invalid.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the provisioning artifact (for example, `v1`, `v2beta`). No spaces are allowed.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "templatePhysicalId": { + "type": "string", + "description": "Template source as the physical ID of the resource that contains the template. Currently only supports CloudFormation stack ARN. Specify the physical ID as `arn:[partition]:cloudformation:[region]:[account ID]:stack/[stack name]/[resource ID]`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "templateUrl": { + "type": "string", + "description": "Template source as URL of the CloudFormation template in Amazon S3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of provisioning artifact. Valid values: `CLOUD_FORMATION_TEMPLATE`, `MARKETPLACE_AMI`, `MARKETPLACE_CAR` (Marketplace Clusters and AWS Resources).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:servicecatalog/ProvisionedProductProvisioningParameter:ProvisionedProductProvisioningParameter": { + "properties": { + "key": { + "type": "string", + "description": "Parameter key.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "usePreviousValue": { + "type": "boolean", + "description": "Whether to ignore `value` and keep the previous parameter value. Ignored when initially provisioning a product.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "Parameter value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key" + ] + }, + "aws:servicecatalog/ProvisionedProductStackSetProvisioningPreferences:ProvisionedProductStackSetProvisioningPreferences": { + "properties": { + "accounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more AWS accounts that will have access to the provisioned product. The AWS accounts specified should be within the list of accounts in the STACKSET constraint. To get the list of accounts in the STACKSET constraint, use the `aws_servicecatalog_provisioning_parameters` data source. If no values are specified, the default value is all accounts from the STACKSET constraint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "failureToleranceCount": { + "type": "integer", + "description": "Number of accounts, per region, for which this operation can fail before AWS Service Catalog stops the operation in that region. If the operation is stopped in a region, AWS Service Catalog doesn't attempt the operation in any subsequent regions. You must specify either `failure_tolerance_count` or `failure_tolerance_percentage`, but not both. The default value is 0 if no value is specified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "failureTolerancePercentage": { + "type": "integer", + "description": "Percentage of accounts, per region, for which this stack operation can fail before AWS Service Catalog stops the operation in that region. If the operation is stopped in a region, AWS Service Catalog doesn't attempt the operation in any subsequent regions. When calculating the number of accounts based on the specified percentage, AWS Service Catalog rounds down to the next whole number. You must specify either `failure_tolerance_count` or `failure_tolerance_percentage`, but not both.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxConcurrencyCount": { + "type": "integer", + "description": "Maximum number of accounts in which to perform this operation at one time. This is dependent on the value of `failure_tolerance_count`. `max_concurrency_count` is at most one more than the `failure_tolerance_count`. Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling. You must specify either `max_concurrency_count` or `max_concurrency_percentage`, but not both.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "maxConcurrencyPercentage": { + "type": "integer", + "description": "Maximum percentage of accounts in which to perform this operation at one time. When calculating the number of accounts based on the specified percentage, AWS Service Catalog rounds down to the next whole number. This is true except in cases where rounding down would result is zero. In this case, AWS Service Catalog sets the number as 1 instead. Note that this setting lets you specify the maximum for operations. For large deployments, under certain circumstances the actual number of accounts acted upon concurrently may be lower due to service throttling. You must specify either `max_concurrency_count` or `max_concurrency_percentage`, but not both.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more AWS Regions where the provisioned product will be available. The specified regions should be within the list of regions from the STACKSET constraint. To get the list of regions in the STACKSET constraint, use the `aws_servicecatalog_provisioning_parameters` data source. If no values are specified, the default value is all regions from the STACKSET constraint.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:servicecatalog/ServiceActionDefinition:ServiceActionDefinition": { + "properties": { + "assumeRole": { + "type": "string", + "description": "ARN of the role that performs the self-service actions on your behalf. For example, `arn:aws:iam::12345678910:role/ActionRole`. To reuse the provisioned product launch role, set to `LAUNCH_ROLE`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the SSM document. For example, `AWS-RestartEC2Instance`. If you are using a shared SSM document, you must provide the ARN instead of the name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameters": { + "type": "string", + "description": "List of parameters in JSON format. For example: `[{\\\"Name\\\":\\\"InstanceId\\\",\\\"Type\\\":\\\"TARGET\\\"}]` or `[{\\\"Name\\\":\\\"InstanceId\\\",\\\"Type\\\":\\\"TEXT_VALUE\\\"}]`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Service action definition type. Valid value is `SSM_AUTOMATION`. Default is `SSM_AUTOMATION`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "SSM document version. For example, `1`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "version" + ] + }, + "aws:servicecatalog/getLaunchPathsSummary:getLaunchPathsSummary": { + "properties": { + "constraintSummaries": { + "type": "array", + "items": { + "$ref": "#/types/aws:servicecatalog/getLaunchPathsSummaryConstraintSummary:getLaunchPathsSummaryConstraintSummary" + }, + "description": "Block for constraints on the portfolio-product relationship. See details below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "Name of the portfolio to which the path was assigned.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "pathId": { + "type": "string", + "description": "Identifier of the product path.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags associated with this product path.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "constraintSummaries", + "name", + "pathId", + "tags" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:servicecatalog/getLaunchPathsSummaryConstraintSummary:getLaunchPathsSummaryConstraintSummary": { + "properties": { + "description": { + "type": "string", + "description": "Description of the constraint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of constraint. Valid values are `LAUNCH`, `NOTIFICATION`, `STACKSET`, and `TEMPLATE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "description", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:servicecatalog/getPortfolioConstraintsDetail:getPortfolioConstraintsDetail": { + "properties": { + "constraintId": { + "type": "string", + "description": "Identifier of the constraint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "Description of the constraint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "owner": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "productId": { + "type": "string", + "description": "Product identifier.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Type of constraint. Valid values are `LAUNCH`, `NOTIFICATION`, `STACKSET`, and `TEMPLATE`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "constraintId", + "description", + "owner", + "portfolioId", + "productId", + "type" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:servicediscovery/ServiceDnsConfig:ServiceDnsConfig": { + "properties": { + "dnsRecords": { + "type": "array", + "items": { + "$ref": "#/types/aws:servicediscovery/ServiceDnsConfigDnsRecord:ServiceDnsConfigDnsRecord" + }, + "description": "An array that contains one DnsRecord object for each resource record set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "namespaceId": { + "type": "string", + "description": "The ID of the namespace to use for DNS configuration.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "routingPolicy": { + "type": "string", + "description": "The routing policy that you want to apply to all records that Route 53 creates when you register an instance and specify the service. Valid Values: MULTIVALUE, WEIGHTED\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dnsRecords", + "namespaceId" + ] + }, + "aws:servicediscovery/ServiceDnsConfigDnsRecord:ServiceDnsConfigDnsRecord": { + "properties": { + "ttl": { + "type": "integer", + "description": "The amount of time, in seconds, that you want DNS resolvers to cache the settings for this resource record set.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of health check that you want to create, which indicates how Route 53 determines whether an endpoint is healthy. Valid Values: HTTP, HTTPS, TCP\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "ttl", + "type" + ] + }, + "aws:servicediscovery/ServiceHealthCheckConfig:ServiceHealthCheckConfig": { + "properties": { + "failureThreshold": { + "type": "integer", + "description": "The number of 30-second intervals that you want service discovery to wait before it changes the health status of a service instance. Maximum value of 10.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "resourcePath": { + "type": "string", + "description": "The path that you want Route 53 to request when performing health checks. Route 53 automatically adds the DNS name for the service. If you don't specify a value, the default value is /.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of health check that you want to create, which indicates how Route 53 determines whether an endpoint is healthy. Valid Values: HTTP, HTTPS, TCP\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:servicediscovery/ServiceHealthCheckCustomConfig:ServiceHealthCheckCustomConfig": { + "properties": { + "failureThreshold": { + "type": "integer", + "description": "The number of 30-second intervals that you want service discovery to wait before it changes the health status of a service instance. Maximum value of 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ses/ConfgurationSetDeliveryOptions:ConfgurationSetDeliveryOptions": { + "properties": { + "tlsPolicy": { + "type": "string", + "description": "Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). If the value is `Require`, messages are only delivered if a TLS connection can be established. If the value is `Optional`, messages can be delivered in plain text if a TLS connection can't be established. Valid values: `Require` or `Optional`. Defaults to `Optional`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ses/ConfigurationSetDeliveryOptions:ConfigurationSetDeliveryOptions": { + "properties": { + "tlsPolicy": { + "type": "string", + "description": "Specifies whether messages that use the configuration set are required to use Transport Layer Security (TLS). If the value is `Require`, messages are only delivered if a TLS connection can be established. If the value is `Optional`, messages can be delivered in plain text if a TLS connection can't be established. Valid values: `Require` or `Optional`. Defaults to `Optional`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ses/EventDestinationCloudwatchDestination:EventDestinationCloudwatchDestination": { + "properties": { + "defaultValue": { + "type": "string", + "description": "The default value for the event\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "dimensionName": { + "type": "string", + "description": "The name for the dimension\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "valueSource": { + "type": "string", + "description": "The source for the value. May be any of `\"messageTag\"`, `\"emailHeader\"` or `\"linkTag\"`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "defaultValue", + "dimensionName", + "valueSource" + ] + }, + "aws:ses/EventDestinationKinesisDestination:EventDestinationKinesisDestination": { + "properties": { + "roleArn": { + "type": "string", + "description": "The ARN of the role that has permissions to access the Kinesis Stream\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "streamArn": { + "type": "string", + "description": "The ARN of the Kinesis Stream\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "roleArn", + "streamArn" + ] + }, + "aws:ses/EventDestinationSnsDestination:EventDestinationSnsDestination": { + "properties": { + "topicArn": { + "type": "string", + "description": "The ARN of the SNS topic\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "topicArn" + ] + }, + "aws:ses/ReceiptRuleAddHeaderAction:ReceiptRuleAddHeaderAction": { + "properties": { + "headerName": { + "type": "string", + "description": "The name of the header to add\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerValue": { + "type": "string", + "description": "The value of the header to add\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "integer", + "description": "The position of the action in the receipt rule\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "headerName", + "headerValue", + "position" + ] + }, + "aws:ses/ReceiptRuleBounceAction:ReceiptRuleBounceAction": { + "properties": { + "message": { + "type": "string", + "description": "The message to send\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "integer", + "description": "The position of the action in the receipt rule\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sender": { + "type": "string", + "description": "The email address of the sender\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "smtpReplyCode": { + "type": "string", + "description": "The RFC 5321 SMTP reply code\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statusCode": { + "type": "string", + "description": "The RFC 3463 SMTP enhanced status code\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "topicArn": { + "type": "string", + "description": "The ARN of an SNS topic to notify\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "message", + "position", + "sender", + "smtpReplyCode" + ] + }, + "aws:ses/ReceiptRuleLambdaAction:ReceiptRuleLambdaAction": { + "properties": { + "functionArn": { + "type": "string", + "description": "The ARN of the Lambda function to invoke\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "invocationType": { + "type": "string", + "description": "`Event` or `RequestResponse`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "integer", + "description": "The position of the action in the receipt rule\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "topicArn": { + "type": "string", + "description": "The ARN of an SNS topic to notify\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "functionArn", + "position" + ] + }, + "aws:ses/ReceiptRuleS3Action:ReceiptRuleS3Action": { + "properties": { + "bucketName": { + "type": "string", + "description": "The name of the S3 bucket\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN of the KMS key\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "objectKeyPrefix": { + "type": "string", + "description": "The key prefix of the S3 bucket\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "integer", + "description": "The position of the action in the receipt rule\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "topicArn": { + "type": "string", + "description": "The ARN of an SNS topic to notify\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketName", + "position" + ] + }, + "aws:ses/ReceiptRuleSnsAction:ReceiptRuleSnsAction": { + "properties": { + "encoding": { + "type": "string", + "description": "The encoding to use for the email within the Amazon SNS notification. Default value is `UTF-8`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "integer", + "description": "The position of the action in the receipt rule\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "topicArn": { + "type": "string", + "description": "The ARN of an SNS topic to notify\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "position", + "topicArn" + ] + }, + "aws:ses/ReceiptRuleStopAction:ReceiptRuleStopAction": { + "properties": { + "position": { + "type": "integer", + "description": "The position of the action in the receipt rule\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scope": { + "type": "string", + "description": "The scope to apply\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "topicArn": { + "type": "string", + "description": "The ARN of an SNS topic to notify\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "position", + "scope" + ] + }, + "aws:ses/ReceiptRuleWorkmailAction:ReceiptRuleWorkmailAction": { + "properties": { + "organizationArn": { + "type": "string", + "description": "The ARN of the WorkMail organization\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "integer", + "description": "The position of the action in the receipt rule\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "topicArn": { + "type": "string", + "description": "The ARN of an SNS topic to notify\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "organizationArn", + "position" + ] + }, + "aws:sfn/StateMachineLoggingConfiguration:StateMachineLoggingConfiguration": { + "properties": { + "includeExecutionData": { + "type": "boolean", + "description": "Determines whether execution data is included in your log. When set to `false`, data is excluded.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "level": { + "type": "string", + "description": "Defines which category of execution history events are logged. Valid values: `ALL`, `ERROR`, `FATAL`, `OFF`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "logDestination": { + "type": "string", + "description": "Amazon Resource Name (ARN) of a CloudWatch log group. Make sure the State Machine has the correct IAM policies for logging. The ARN must end with `:*`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:sfn/StateMachineTracingConfiguration:StateMachineTracingConfiguration": { + "properties": { + "enabled": { + "type": "boolean", + "description": "When set to `true`, AWS X-Ray tracing is enabled. Make sure the State Machine has the correct IAM policies for logging. See the [AWS Step Functions Developer Guide](https://docs.aws.amazon.com/step-functions/latest/dg/xray-iam.html) for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:signer/SigningJobDestination:SigningJobDestination": { + "properties": { + "s3": { + "$ref": "#/types/aws:signer/SigningJobDestinationS3:SigningJobDestinationS3", + "description": "A configuration block describing the S3 Destination object: See S3 Destination below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3" + ] + }, + "aws:signer/SigningJobDestinationS3:SigningJobDestinationS3": { + "properties": { + "bucket": { + "type": "string", + "description": "Name of the S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "An Amazon S3 object key prefix that you can use to limit signed objects keys to begin with the specified prefix.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "aws:signer/SigningJobRevocationRecord:SigningJobRevocationRecord": { + "properties": { + "reason": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "revokedAt": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "revokedBy": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "reason", + "revokedAt", + "revokedBy" + ] + } + } + }, + "aws:signer/SigningJobSignedObject:SigningJobSignedObject": { + "properties": { + "s3s": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/SigningJobSignedObjectS3:SigningJobSignedObjectS3" + }, + "description": "A configuration block describing the S3 Destination object: See S3 Destination below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "s3s" + ] + } + } + }, + "aws:signer/SigningJobSignedObjectS3:SigningJobSignedObjectS3": { + "properties": { + "bucket": { + "type": "string", + "description": "Name of the S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "Key name of the bucket object that contains your unsigned code.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "bucket", + "key" + ] + } + } + }, + "aws:signer/SigningJobSource:SigningJobSource": { + "properties": { + "s3": { + "$ref": "#/types/aws:signer/SigningJobSourceS3:SigningJobSourceS3", + "description": "A configuration block describing the S3 Destination object: See S3 Destination below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3" + ] + }, + "aws:signer/SigningJobSourceS3:SigningJobSourceS3": { + "properties": { + "bucket": { + "type": "string", + "description": "Name of the S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "description": "Key name of the bucket object that contains your unsigned code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "description": "Version of your source image in your version enabled S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "key", + "version" + ] + }, + "aws:signer/SigningProfileRevocationRecord:SigningProfileRevocationRecord": { + "properties": { + "revocationEffectiveFrom": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "revokedAt": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "revokedBy": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "revocationEffectiveFrom", + "revokedAt", + "revokedBy" + ] + } + } + }, + "aws:signer/SigningProfileSignatureValidityPeriod:SigningProfileSignatureValidityPeriod": { + "properties": { + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "value" + ] + }, + "aws:signer/getSigningJobRevocationRecord:getSigningJobRevocationRecord": { + "properties": { + "reason": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "revokedAt": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "revokedBy": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "reason", + "revokedAt", + "revokedBy" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:signer/getSigningJobSignedObject:getSigningJobSignedObject": { + "properties": { + "s3s": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/getSigningJobSignedObjectS3:getSigningJobSignedObjectS3" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3s" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:signer/getSigningJobSignedObjectS3:getSigningJobSignedObjectS3": { + "properties": { + "bucket": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "key" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:signer/getSigningJobSource:getSigningJobSource": { + "properties": { + "s3s": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/getSigningJobSourceS3:getSigningJobSourceS3" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3s" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:signer/getSigningJobSourceS3:getSigningJobSourceS3": { + "properties": { + "bucket": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "key": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "version": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucket", + "key", + "version" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:signer/getSigningProfileRevocationRecord:getSigningProfileRevocationRecord": { + "properties": { + "revocationEffectiveFrom": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "revokedAt": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "revokedBy": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "revocationEffectiveFrom", + "revokedAt", + "revokedBy" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:signer/getSigningProfileSignatureValidityPeriod:getSigningProfileSignatureValidityPeriod": { + "properties": { + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "integer", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "value" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:ssm/AssociationOutputLocation:AssociationOutputLocation": { + "properties": { + "s3BucketName": { + "type": "string", + "description": "The S3 bucket name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "s3KeyPrefix": { + "type": "string", + "description": "The S3 bucket prefix. Results stored in the root if not configured.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "s3BucketName" + ] + }, + "aws:ssm/AssociationTarget:AssociationTarget": { + "properties": { + "key": { + "type": "string", + "description": "Either `InstanceIds` or `tag:Tag Name` to specify an EC2 tag.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of instance IDs or tag values. AWS currently limits this list size to one value.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "values" + ] + }, + "aws:ssm/DocumentAttachmentsSource:DocumentAttachmentsSource": { + "properties": { + "key": { + "type": "string", + "description": "The key describing the location of an attachment to a document. Valid key types include: `SourceUrl` and `S3FileUrl`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the document attachment file\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The value describing the location of an attachment to a document\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "values" + ] + }, + "aws:ssm/DocumentParameter:DocumentParameter": { + "properties": { + "defaultValue": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "description": { + "type": "string", + "description": "The description of the document.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the document.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ssm/MaintenanceWindowTargetTarget:MaintenanceWindowTargetTarget": { + "properties": { + "key": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "values" + ] + }, + "aws:ssm/MaintenanceWindowTaskTarget:MaintenanceWindowTaskTarget": { + "properties": { + "key": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The array of strings.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "values" + ] + }, + "aws:ssm/MaintenanceWindowTaskTaskInvocationParameters:MaintenanceWindowTaskTaskInvocationParameters": { + "properties": { + "automationParameters": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParametersAutomationParameters:MaintenanceWindowTaskTaskInvocationParametersAutomationParameters", + "description": "The parameters for an AUTOMATION task type. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lambdaParameters": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParametersLambdaParameters:MaintenanceWindowTaskTaskInvocationParametersLambdaParameters", + "description": "The parameters for a LAMBDA task type. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "runCommandParameters": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParametersRunCommandParameters:MaintenanceWindowTaskTaskInvocationParametersRunCommandParameters", + "description": "The parameters for a RUN_COMMAND task type. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "stepFunctionsParameters": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParametersStepFunctionsParameters:MaintenanceWindowTaskTaskInvocationParametersStepFunctionsParameters", + "description": "The parameters for a STEP_FUNCTIONS task type. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ssm/MaintenanceWindowTaskTaskInvocationParametersAutomationParameters:MaintenanceWindowTaskTaskInvocationParametersAutomationParameters": { + "properties": { + "documentVersion": { + "type": "string", + "description": "The version of an Automation document to use during task execution.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParametersAutomationParametersParameter:MaintenanceWindowTaskTaskInvocationParametersAutomationParametersParameter" + }, + "description": "The parameters for the RUN_COMMAND task execution. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ssm/MaintenanceWindowTaskTaskInvocationParametersAutomationParametersParameter:MaintenanceWindowTaskTaskInvocationParametersAutomationParametersParameter": { + "properties": { + "name": { + "type": "string", + "description": "The parameter name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The array of strings.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ssm/MaintenanceWindowTaskTaskInvocationParametersLambdaParameters:MaintenanceWindowTaskTaskInvocationParametersLambdaParameters": { + "properties": { + "clientContext": { + "type": "string", + "description": "Pass client-specific information to the Lambda function that you are invoking.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "payload": { + "type": "string", + "description": "JSON to provide to your Lambda function as input.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "qualifier": { + "type": "string", + "description": "Specify a Lambda function version or alias name.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ssm/MaintenanceWindowTaskTaskInvocationParametersRunCommandParameters:MaintenanceWindowTaskTaskInvocationParametersRunCommandParameters": { + "properties": { + "cloudwatchConfig": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersCloudwatchConfig:MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersCloudwatchConfig", + "description": "Configuration options for sending command output to CloudWatch Logs. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "comment": { + "type": "string", + "description": "Information about the command(s) to execute.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "documentHash": { + "type": "string", + "description": "The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "documentHashType": { + "type": "string", + "description": "SHA-256 or SHA-1. SHA-1 hashes have been deprecated. Valid values: `Sha256` and `Sha1`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "documentVersion": { + "type": "string", + "description": "The version of an Automation document to use during task execution.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notificationConfig": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersNotificationConfig:MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersNotificationConfig", + "description": "Configurations for sending notifications about command status changes on a per-instance basis. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outputS3Bucket": { + "type": "string", + "description": "The name of the Amazon S3 bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "outputS3KeyPrefix": { + "type": "string", + "description": "The Amazon S3 bucket subfolder.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersParameter:MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersParameter" + }, + "description": "The parameters for the RUN_COMMAND task execution. Documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "serviceRoleArn": { + "type": "string", + "description": "The IAM service role to assume during task execution.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutSeconds": { + "type": "integer", + "description": "If this time is reached and the command has not already started executing, it doesn't run.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ssm/MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersCloudwatchConfig:MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersCloudwatchConfig": { + "properties": { + "cloudwatchLogGroupName": { + "type": "string", + "description": "The name of the CloudWatch log group where you want to send command output. If you don't specify a group name, Systems Manager automatically creates a log group for you. The log group uses the following naming format: aws/ssm/SystemsManagerDocumentName.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "cloudwatchOutputEnabled": { + "type": "boolean", + "description": "Enables Systems Manager to send command output to CloudWatch Logs.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "cloudwatchLogGroupName" + ] + } + } + }, + "aws:ssm/MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersNotificationConfig:MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersNotificationConfig": { + "properties": { + "notificationArn": { + "type": "string", + "description": "An Amazon Resource Name (ARN) for a Simple Notification Service (SNS) topic. Run Command pushes notifications about command status changes to this topic.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notificationEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The different events for which you can receive notifications. Valid values: `All`, `InProgress`, `Success`, `TimedOut`, `Cancelled`, and `Failed`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notificationType": { + "type": "string", + "description": "When specified with `Command`, receive notification when the status of a command changes. When specified with `Invocation`, for commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. Valid values: `Command` and `Invocation`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ssm/MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersParameter:MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersParameter": { + "properties": { + "name": { + "type": "string", + "description": "The parameter name.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The array of strings.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "values" + ] + }, + "aws:ssm/MaintenanceWindowTaskTaskInvocationParametersStepFunctionsParameters:MaintenanceWindowTaskTaskInvocationParametersStepFunctionsParameters": { + "properties": { + "input": { + "type": "string", + "description": "The inputs for the STEP_FUNCTION task.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the STEP_FUNCTION task.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:ssm/ParameterType:ParameterType": { + "type": "string", + "enum": [ + { + "value": "String" + }, + { + "value": "StringList" + }, + { + "value": "SecureString" + } + ] + }, + "aws:ssm/PatchBaselineApprovalRule:PatchBaselineApprovalRule": { + "properties": { + "approveAfterDays": { + "type": "integer", + "description": "The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100. Conflicts with `approve_until_date`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "approveUntilDate": { + "type": "string", + "description": "The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Date is formatted as `YYYY-MM-DD`. Conflicts with `approve_after_days`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "complianceLevel": { + "type": "string", + "description": "Defines the compliance level for patches approved by this rule. Valid compliance levels include the following: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `INFORMATIONAL`, `UNSPECIFIED`. The default value is `UNSPECIFIED`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableNonSecurity": { + "type": "boolean", + "description": "Boolean enabling the application of non-security updates. The default value is 'false'. Valid for Linux instances only.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "patchFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/PatchBaselineApprovalRulePatchFilter:PatchBaselineApprovalRulePatchFilter" + }, + "description": "The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid Keys are `PATCH_SET | PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID`. Valid combinations of these Keys and the `operating_system` value can be found in the [SSM DescribePatchProperties API Reference](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribePatchProperties.html). Valid Values are exact values for the patch property given as the key, or a wildcard `*`, which matches all values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "patchFilters" + ] + }, + "aws:ssm/PatchBaselineApprovalRulePatchFilter:PatchBaselineApprovalRulePatchFilter": { + "properties": { + "key": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "values" + ] + }, + "aws:ssm/PatchBaselineGlobalFilter:PatchBaselineGlobalFilter": { + "properties": { + "key": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "values": { + "type": "array", + "items": { + "type": "string" + }, + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "key", + "values" + ] + }, + "aws:ssm/PatchBaselineSource:PatchBaselineSource": { + "properties": { + "configuration": { + "type": "string", + "description": "The value of the yum repo configuration. For information about other options available for your yum repository configuration, see the [`dnf.conf` documentation](https://man7.org/linux/man-pages/man5/dnf.conf.5.html)\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name specified to identify the patch source.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "products": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The specific operating system versions a patch repository applies to, such as `\"Ubuntu16.04\"`, `\"AmazonLinux2016.09\"`, `\"RedhatEnterpriseLinux7.2\"` or `\"Suse12.7\"`. For lists of supported product values, see [PatchFilter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PatchFilter.html).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "configuration", + "name", + "products" + ] + }, + "aws:ssm/ResourceDataSyncS3Destination:ResourceDataSyncS3Destination": { + "properties": { + "bucketName": { + "type": "string", + "description": "Name of S3 bucket where the aggregated data is stored.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "kmsKeyArn": { + "type": "string", + "description": "ARN of an encryption key for a destination in Amazon S3.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "prefix": { + "type": "string", + "description": "Prefix for the bucket.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "region": { + "type": "string", + "description": "Region with the bucket targeted by the Resource Data Sync.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "syncFormat": { + "type": "string", + "description": "A supported sync format. Only JsonSerDe is currently supported. Defaults to JsonSerDe.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "bucketName", + "region" + ] + }, + "aws:storagegateway/FileSystemAssociationCacheAttributes:FileSystemAssociationCacheAttributes": { + "properties": { + "cacheStaleTimeoutInSeconds": { + "type": "integer", + "description": "Refreshes a file share's cache by using Time To Live (TTL).\nTTL is the length of time since the last refresh after which access to the directory would cause the file gateway\nto first refresh that directory's contents from the Amazon S3 bucket. Valid Values: `0` or `300` to `2592000` seconds (5 minutes to 30 days). Defaults to `0`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:storagegateway/GatewayGatewayNetworkInterface:GatewayGatewayNetworkInterface": { + "properties": { + "ipv4Address": { + "type": "string", + "description": "The Internet Protocol version 4 (IPv4) address of the interface.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "ipv4Address" + ] + } + } + }, + "aws:storagegateway/GatewaySmbActiveDirectorySettings:GatewaySmbActiveDirectorySettings": { + "properties": { + "activeDirectoryStatus": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "domainControllers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv4 addresses, NetBIOS names, or host names of your domain server.\nIf you need to specify the port number include it after the colon (“:”). For example, `mydc.mydomain.com:389`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "domainName": { + "type": "string", + "description": "The name of the domain that you want the gateway to join.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "organizationalUnit": { + "type": "string", + "description": "The organizational unit (OU) is a container in an Active Directory that can hold users, groups,\ncomputers, and other OUs and this parameter specifies the OU that the gateway will join within the AD domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "password": { + "type": "string", + "description": "The password of the user who has permission to add the gateway to the Active Directory domain.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutInSeconds": { + "type": "integer", + "description": "Specifies the time in seconds, in which the JoinDomain operation must complete. The default is `20` seconds.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "username": { + "type": "string", + "description": "The user name of user who has permission to add the gateway to the Active Directory domain.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "domainName", + "password", + "username" + ], + "language": { + "nodejs": { + "requiredOutputs": [ + "activeDirectoryStatus", + "domainName", + "password", + "username" + ] + } + } + }, + "aws:storagegateway/NfsFileShareCacheAttributes:NfsFileShareCacheAttributes": { + "properties": { + "cacheStaleTimeoutInSeconds": { + "type": "integer", + "description": "Refreshes a file share's cache by using Time To Live (TTL).\nTTL is the length of time since the last refresh after which access to the directory would cause the file gateway\nto first refresh that directory's contents from the Amazon S3 bucket. Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:storagegateway/NfsFileShareNfsFileShareDefaults:NfsFileShareNfsFileShareDefaults": { + "properties": { + "directoryMode": { + "type": "string", + "description": "The Unix directory mode in the string form \"nnnn\". Defaults to `\"0777\"`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fileMode": { + "type": "string", + "description": "The Unix file mode in the string form \"nnnn\". Defaults to `\"0666\"`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "groupId": { + "type": "string", + "description": "The default group ID for the file share (unless the files have another group ID specified). Defaults to `65534` (`nfsnobody`). Valid values: `0` through `4294967294`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ownerId": { + "type": "string", + "description": "The default owner ID for the file share (unless the files have another owner ID specified). Defaults to `65534` (`nfsnobody`). Valid values: `0` through `4294967294`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:storagegateway/SmbFileShareCacheAttributes:SmbFileShareCacheAttributes": { + "properties": { + "cacheStaleTimeoutInSeconds": { + "type": "integer", + "description": "Refreshes a file share's cache by using Time To Live (TTL).\nTTL is the length of time since the last refresh after which access to the directory would cause the file gateway\nto first refresh that directory's contents from the Amazon S3 bucket. Valid Values: 300 to 2,592,000 seconds (5 minutes to 30 days)\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:synthetics/CanaryRunConfig:CanaryRunConfig": { + "properties": { + "activeTracing": { + "type": "boolean", + "description": "Whether this canary is to use active AWS X-Ray tracing when it runs. You can enable active tracing only for canaries that use version syn-nodejs-2.0 or later for their canary runtime.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "memoryInMb": { + "type": "integer", + "description": "Maximum amount of memory available to the canary while it is running, in MB. The value you specify must be a multiple of 64.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "timeoutInSeconds": { + "type": "integer", + "description": "Number of seconds the canary is allowed to run before it must stop. If you omit this field, the frequency of the canary is used, up to a maximum of 840 (14 minutes).\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "memoryInMb" + ] + } + } + }, + "aws:synthetics/CanarySchedule:CanarySchedule": { + "properties": { + "durationInSeconds": { + "type": "integer", + "description": "Duration in seconds, for the canary to continue making regular runs according to the schedule in the Expression value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "expression": { + "type": "string", + "description": "Rate expression that defines how often the canary is to run. The syntax is rate(number unit). unit can be minute, minutes, or hour.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "expression" + ] + }, + "aws:synthetics/CanaryTimeline:CanaryTimeline": { + "properties": { + "created": { + "type": "string", + "description": "Date and time the canary was created.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lastModified": { + "type": "string", + "description": "Date and time the canary was most recently modified.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lastStarted": { + "type": "string", + "description": "Date and time that the canary's most recent run started.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "lastStopped": { + "type": "string", + "description": "Date and time that the canary's most recent run ended.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "created", + "lastModified", + "lastStarted", + "lastStopped" + ] + } + } + }, + "aws:synthetics/CanaryVpcConfig:CanaryVpcConfig": { + "properties": { + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "IDs of the security groups for this canary.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "IDs of the subnets where this canary is to run.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "ID of the VPC where this canary is to run.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "vpcId" + ] + } + } + }, + "aws:timestreamwrite/TableRetentionProperties:TableRetentionProperties": { + "properties": { + "magneticStoreRetentionPeriodInDays": { + "type": "integer", + "description": "The duration for which data must be stored in the magnetic store. Minimum value of 1. Maximum value of 73000.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "memoryStoreRetentionPeriodInHours": { + "type": "integer", + "description": "The duration for which data must be stored in the memory store. Minimum value of 1. Maximum value of 8766.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "magneticStoreRetentionPeriodInDays", + "memoryStoreRetentionPeriodInHours" + ] + }, + "aws:transfer/ServerEndpointDetails:ServerEndpointDetails": { + "properties": { + "addressAllocationIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of address allocation IDs that are required to attach an Elastic IP address to your SFTP server's endpoint. This property can only be used when `endpoint_type` is set to `VPC`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security groups IDs that are available to attach to your server's endpoint. If no security groups are specified, the VPC's default security groups are automatically assigned to your endpoint. This property can only be used when `endpoint_type` is set to `VPC`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs that are required to host your SFTP server endpoint in your VPC. This property can only be used when `endpoint_type` is set to `VPC`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC endpoint. This property can only be used when `endpoint_type` is set to `VPC_ENDPOINT`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "The VPC ID of the virtual private cloud in which the SFTP server's endpoint will be hosted. This property can only be used when `endpoint_type` is set to `VPC`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "securityGroupIds", + "vpcEndpointId" + ] + } + } + }, + "aws:transfer/UserHomeDirectoryMapping:UserHomeDirectoryMapping": { + "properties": { + "entry": { + "type": "string", + "description": "Represents an entry and a target.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "target": { + "type": "string", + "description": "Represents the map target.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "entry", + "target" + ] + }, + "aws:transfer/UserPosixProfile:UserPosixProfile": { + "properties": { + "gid": { + "type": "integer", + "description": "The POSIX group ID used for all EFS operations by this user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "secondaryGids": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "The secondary POSIX group IDs used for all EFS operations by this user.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uid": { + "type": "integer", + "description": "The POSIX user ID used for all EFS operations by this user.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "gid", + "uid" + ] + }, + "aws:waf/ByteMatchSetByteMatchTuple:ByteMatchSetByteMatchTuple": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:waf/ByteMatchSetByteMatchTupleFieldToMatch:ByteMatchSetByteMatchTupleFieldToMatch", + "description": "The part of a web request that you want to search, such as a specified header or a query string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "Within the portion of a web request that you want to search\n(for example, in the query string, if any), specify where you want to search.\ne.g. `CONTAINS`, `CONTAINS_WORD` or `EXACTLY`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-PositionalConstraint)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetString": { + "type": "string", + "description": "The value that you want to search for. e.g. `HEADER`, `METHOD` or `BODY`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TargetString)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformation": { + "type": "string", + "description": "Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.\nIf you specify a transformation, AWS WAF performs the transformation on `target_string` before inspecting a request for a match.\ne.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TextTransformation)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fieldToMatch", + "positionalConstraint", + "textTransformation" + ] + }, + "aws:waf/ByteMatchSetByteMatchTupleFieldToMatch:ByteMatchSetByteMatchTupleFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.\nIf `type` is any other value, omit this field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The part of the web request that you want AWS WAF to search for a specified string.\ne.g. `HEADER`, `METHOD` or `BODY`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:waf/GeoMatchSetGeoMatchConstraint:GeoMatchSetGeoMatchConstraint": { + "properties": { + "type": { + "type": "string", + "description": "The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The country that you want AWS WAF to search for.\nThis is the two-letter country code, e.g. `US`, `CA`, `RU`, `CN`, etc.\nSee [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchConstraint.html) for all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "value" + ] + }, + "aws:waf/IpSetIpSetDescriptor:IpSetIpSetDescriptor": { + "properties": { + "type": { + "type": "string", + "description": "Type of the IP address - `IPV4` or `IPV6`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "An IPv4 or IPv6 address specified via CIDR notation. e.g. `192.0.2.44/32` or `1111:0000:0000:0000:0000:0000:0000:0000/64`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "value" + ] + }, + "aws:waf/RateBasedRulePredicate:RateBasedRulePredicate": { + "properties": { + "dataId": { + "type": "string", + "description": "A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "negated": { + "type": "boolean", + "description": "Set this to `false` if you want to allow, block, or count requests\nbased on the settings in the specified `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`, `XssMatchSet`, or `SizeConstraintSet`.\nFor example, if an IPSet includes the IP address `192.0.2.44`, AWS WAF will allow or block requests based on that IP address.\nIf set to `true`, AWS WAF will allow, block, or count requests based on all IP addresses _except_ `192.0.2.44`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of predicate in a rule. Valid values: `ByteMatch`, `GeoMatch`, `IPMatch`, `RegexMatch`, `SizeConstraint`, `SqlInjectionMatch`, or `XssMatch`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dataId", + "negated", + "type" + ] + }, + "aws:waf/RegexMatchSetRegexMatchTuple:RegexMatchSetRegexMatchTuple": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:waf/RegexMatchSetRegexMatchTupleFieldToMatch:RegexMatchSetRegexMatchTupleFieldToMatch", + "description": "The part of a web request that you want to search, such as a specified header or a query string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetId": { + "type": "string", + "description": "The ID of a `WAF Regex Pattern Set`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformation": { + "type": "string", + "description": "Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.\ne.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TextTransformation)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fieldToMatch", + "regexPatternSetId", + "textTransformation" + ] + }, + "aws:waf/RegexMatchSetRegexMatchTupleFieldToMatch:RegexMatchSetRegexMatchTupleFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.\nIf `type` is any other value, omit this field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The part of the web request that you want AWS WAF to search for a specified string.\ne.g. `HEADER`, `METHOD` or `BODY`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:waf/RuleGroupActivatedRule:RuleGroupActivatedRule": { + "properties": { + "action": { + "$ref": "#/types/aws:waf/RuleGroupActivatedRuleAction:RuleGroupActivatedRuleAction", + "description": "Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "integer", + "description": "Specifies the order in which the rules are evaluated. Rules with a lower value are evaluated before rules with a higher value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleId": { + "type": "string", + "description": "The ID of a `waf_rule`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The rule type, either `REGULAR`, `RATE_BASED`, or `GROUP`. Defaults to `REGULAR`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "priority", + "ruleId" + ] + }, + "aws:waf/RuleGroupActivatedRuleAction:RuleGroupActivatedRuleAction": { + "properties": { + "type": { + "type": "string", + "description": "The rule type, either `REGULAR`, `RATE_BASED`, or `GROUP`. Defaults to `REGULAR`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:waf/RulePredicate:RulePredicate": { + "properties": { + "dataId": { + "type": "string", + "description": "A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "negated": { + "type": "boolean", + "description": "Set this to `false` if you want to allow, block, or count requests\nbased on the settings in the specified `waf_byte_match_set`, `waf_ipset`, `aws.waf.SizeConstraintSet`, `aws.waf.SqlInjectionMatchSet` or `aws.waf.XssMatchSet`.\nFor example, if an IPSet includes the IP address `192.0.2.44`, AWS WAF will allow or block requests based on that IP address.\nIf set to `true`, AWS WAF will allow, block, or count requests based on all IP addresses except `192.0.2.44`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of predicate in a rule. Valid values: `ByteMatch`, `GeoMatch`, `IPMatch`, `RegexMatch`, `SizeConstraint`, `SqlInjectionMatch`, or `XssMatch`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dataId", + "negated", + "type" + ] + }, + "aws:waf/SizeConstraintSetSizeConstraint:SizeConstraintSetSizeConstraint": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The type of comparison you want to perform.\ne.g. `EQ`, `NE`, `LT`, `GT`.\nSee [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_SizeConstraint.html) for all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:waf/SizeConstraintSetSizeConstraintFieldToMatch:SizeConstraintSetSizeConstraintFieldToMatch", + "description": "Specifies where in a web request to look for the size constraint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size in bytes that you want to compare against the size of the specified `field_to_match`.\nValid values are between 0 - 21474836480 bytes (0 - 20 GB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformation": { + "type": "string", + "description": "Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.\nIf you specify a transformation, AWS WAF performs the transformation on `field_to_match` before inspecting a request for a match.\ne.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SizeConstraint.html#WAF-Type-SizeConstraint-TextTransformation)\nfor all supported values.\n**Note:** if you choose `BODY` as `type`, you must choose `NONE` because CloudFront forwards only the first 8192 bytes for inspection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "fieldToMatch", + "size", + "textTransformation" + ] + }, + "aws:waf/SizeConstraintSetSizeConstraintFieldToMatch:SizeConstraintSetSizeConstraintFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.\nIf `type` is any other value, omit this field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The part of the web request that you want AWS WAF to search for a specified string.\ne.g. `HEADER`, `METHOD` or `BODY`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:waf/SqlInjectionMatchSetSqlInjectionMatchTuple:SqlInjectionMatchSetSqlInjectionMatchTuple": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:waf/SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch:SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch", + "description": "Specifies where in a web request to look for snippets of malicious SQL code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformation": { + "type": "string", + "description": "Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.\nIf you specify a transformation, AWS WAF performs the transformation on `field_to_match` before inspecting a request for a match.\ne.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SqlInjectionMatchTuple.html#WAF-Type-SqlInjectionMatchTuple-TextTransformation)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fieldToMatch", + "textTransformation" + ] + }, + "aws:waf/SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch:SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.\nIf `type` is any other value, omit this field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The part of the web request that you want AWS WAF to search for a specified string.\ne.g. `HEADER`, `METHOD` or `BODY`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:waf/WebAclDefaultAction:WebAclDefaultAction": { + "properties": { + "type": { + "type": "string", + "description": "The rule type, either `REGULAR`, as defined by [Rule](http://docs.aws.amazon.com/waf/latest/APIReference/API_Rule.html), `RATE_BASED`, as defined by [RateBasedRule](http://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedRule.html), or `GROUP`, as defined by [RuleGroup](https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html). The default is REGULAR. If you add a RATE_BASED rule, you need to set `type` as `RATE_BASED`. If you add a GROUP rule, you need to set `type` as `GROUP`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:waf/WebAclLoggingConfiguration:WebAclLoggingConfiguration": { + "properties": { + "logDestination": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "redactedFields": { + "$ref": "#/types/aws:waf/WebAclLoggingConfigurationRedactedFields:WebAclLoggingConfigurationRedactedFields", + "description": "Configuration block containing parts of the request that you want redacted from the logs. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "logDestination" + ] + }, + "aws:waf/WebAclLoggingConfigurationRedactedFields:WebAclLoggingConfigurationRedactedFields": { + "properties": { + "fieldToMatches": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/WebAclLoggingConfigurationRedactedFieldsFieldToMatch:WebAclLoggingConfigurationRedactedFieldsFieldToMatch" + }, + "description": "Set of configuration blocks for fields to redact. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fieldToMatches" + ] + }, + "aws:waf/WebAclLoggingConfigurationRedactedFieldsFieldToMatch:WebAclLoggingConfigurationRedactedFieldsFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When the value of `type` is `HEADER`, enter the name of the header that you want the WAF to search, for example, `User-Agent` or `Referer`. If the value of `type` is any other value, omit `data`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The rule type, either `REGULAR`, as defined by [Rule](http://docs.aws.amazon.com/waf/latest/APIReference/API_Rule.html), `RATE_BASED`, as defined by [RateBasedRule](http://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedRule.html), or `GROUP`, as defined by [RuleGroup](https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html). The default is REGULAR. If you add a RATE_BASED rule, you need to set `type` as `RATE_BASED`. If you add a GROUP rule, you need to set `type` as `GROUP`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:waf/WebAclRule:WebAclRule": { + "properties": { + "action": { + "$ref": "#/types/aws:waf/WebAclRuleAction:WebAclRuleAction", + "description": "The action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if `type` is `GROUP`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "overrideAction": { + "$ref": "#/types/aws:waf/WebAclRuleOverrideAction:WebAclRuleOverrideAction", + "description": "Override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if `type` is `GROUP`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "integer", + "description": "Specifies the order in which the rules in a WebACL are evaluated.\nRules with a lower value are evaluated before rules with a higher value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleId": { + "type": "string", + "description": "ID of the associated WAF (Global) rule (e.g. `aws.waf.Rule`). WAF (Regional) rules cannot be used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The rule type, either `REGULAR`, as defined by [Rule](http://docs.aws.amazon.com/waf/latest/APIReference/API_Rule.html), `RATE_BASED`, as defined by [RateBasedRule](http://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedRule.html), or `GROUP`, as defined by [RuleGroup](https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html). The default is REGULAR. If you add a RATE_BASED rule, you need to set `type` as `RATE_BASED`. If you add a GROUP rule, you need to set `type` as `GROUP`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "ruleId" + ] + }, + "aws:waf/WebAclRuleAction:WebAclRuleAction": { + "properties": { + "type": { + "type": "string", + "description": "The rule type, either `REGULAR`, as defined by [Rule](http://docs.aws.amazon.com/waf/latest/APIReference/API_Rule.html), `RATE_BASED`, as defined by [RateBasedRule](http://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedRule.html), or `GROUP`, as defined by [RuleGroup](https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html). The default is REGULAR. If you add a RATE_BASED rule, you need to set `type` as `RATE_BASED`. If you add a GROUP rule, you need to set `type` as `GROUP`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:waf/WebAclRuleOverrideAction:WebAclRuleOverrideAction": { + "properties": { + "type": { + "type": "string", + "description": "The rule type, either `REGULAR`, as defined by [Rule](http://docs.aws.amazon.com/waf/latest/APIReference/API_Rule.html), `RATE_BASED`, as defined by [RateBasedRule](http://docs.aws.amazon.com/waf/latest/APIReference/API_RateBasedRule.html), or `GROUP`, as defined by [RuleGroup](https://docs.aws.amazon.com/waf/latest/APIReference/API_RuleGroup.html). The default is REGULAR. If you add a RATE_BASED rule, you need to set `type` as `RATE_BASED`. If you add a GROUP rule, you need to set `type` as `GROUP`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:waf/XssMatchSetXssMatchTuple:XssMatchSetXssMatchTuple": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:waf/XssMatchSetXssMatchTupleFieldToMatch:XssMatchSetXssMatchTupleFieldToMatch", + "description": "Specifies where in a web request to look for cross-site scripting attacks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformation": { + "type": "string", + "description": "Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.\nIf you specify a transformation, AWS WAF performs the transformation on `target_string` before inspecting a request for a match.\ne.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_XssMatchTuple.html#WAF-Type-XssMatchTuple-TextTransformation)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fieldToMatch", + "textTransformation" + ] + }, + "aws:waf/XssMatchSetXssMatchTupleFieldToMatch:XssMatchSetXssMatchTupleFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.\nIf `type` is any other value, omit this field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The part of the web request that you want AWS WAF to search for a specified string.\ne.g. `HEADER`, `METHOD` or `BODY`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafregional/ByteMatchSetByteMatchTuple:ByteMatchSetByteMatchTuple": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafregional/ByteMatchSetByteMatchTupleFieldToMatch:ByteMatchSetByteMatchTupleFieldToMatch", + "description": "Settings for the ByteMatchTuple. FieldToMatch documented below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "Within the portion of a web request that you want to search.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "targetString": { + "type": "string", + "description": "The value that you want AWS WAF to search for. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformation": { + "type": "string", + "description": "The formatting way for web request.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fieldToMatch", + "positionalConstraint", + "textTransformation" + ] + }, + "aws:wafregional/ByteMatchSetByteMatchTupleFieldToMatch:ByteMatchSetByteMatchTupleFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When the value of Type is HEADER, enter the name of the header that you want AWS WAF to search, for example, User-Agent or Referer. If the value of Type is any other value, omit Data.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The part of the web request that you want AWS WAF to search for a specified string.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafregional/GeoMatchSetGeoMatchConstraint:GeoMatchSetGeoMatchConstraint": { + "properties": { + "type": { + "type": "string", + "description": "The type of geographical area you want AWS WAF to search for. Currently Country is the only valid value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The country that you want AWS WAF to search for.\nThis is the two-letter country code, e.g. `US`, `CA`, `RU`, `CN`, etc.\nSee [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchConstraint.html) for all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "value" + ] + }, + "aws:wafregional/IpSetIpSetDescriptor:IpSetIpSetDescriptor": { + "properties": { + "type": { + "type": "string", + "description": "The string like IPV4 or IPV6.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The CIDR notation.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type", + "value" + ] + }, + "aws:wafregional/RateBasedRulePredicate:RateBasedRulePredicate": { + "properties": { + "dataId": { + "type": "string", + "description": "A unique identifier for a predicate in the rule, such as Byte Match Set ID or IPSet ID.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "negated": { + "type": "boolean", + "description": "Set this to `false` if you want to allow, block, or count requests\nbased on the settings in the specified `ByteMatchSet`, `IPSet`, `SqlInjectionMatchSet`, `XssMatchSet`, or `SizeConstraintSet`.\nFor example, if an IPSet includes the IP address `192.0.2.44`, AWS WAF will allow or block requests based on that IP address.\nIf set to `true`, AWS WAF will allow, block, or count requests based on all IP addresses _except_ `192.0.2.44`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of predicate in a rule. Valid values: `ByteMatch`, `GeoMatch`, `IPMatch`, `RegexMatch`, `SizeConstraint`, `SqlInjectionMatch`, or `XssMatch`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dataId", + "negated", + "type" + ] + }, + "aws:wafregional/RegexMatchSetRegexMatchTuple:RegexMatchSetRegexMatchTuple": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafregional/RegexMatchSetRegexMatchTupleFieldToMatch:RegexMatchSetRegexMatchTupleFieldToMatch", + "description": "The part of a web request that you want to search, such as a specified header or a query string.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetId": { + "type": "string", + "description": "The ID of a `WAF Regex Pattern Set`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformation": { + "type": "string", + "description": "Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.\ne.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchTuple.html#WAF-Type-ByteMatchTuple-TextTransformation)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fieldToMatch", + "regexPatternSetId", + "textTransformation" + ] + }, + "aws:wafregional/RegexMatchSetRegexMatchTupleFieldToMatch:RegexMatchSetRegexMatchTupleFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.\nIf `type` is any other value, omit this field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The part of the web request that you want AWS WAF to search for a specified string.\ne.g. `HEADER`, `METHOD` or `BODY`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafregional/RuleGroupActivatedRule:RuleGroupActivatedRule": { + "properties": { + "action": { + "$ref": "#/types/aws:wafregional/RuleGroupActivatedRuleAction:RuleGroupActivatedRuleAction", + "description": "Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "integer", + "description": "Specifies the order in which the rules are evaluated. Rules with a lower value are evaluated before rules with a higher value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleId": { + "type": "string", + "description": "The ID of a `waf_regional_rule`\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The rule type, either `REGULAR`, `RATE_BASED`, or `GROUP`. Defaults to `REGULAR`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "priority", + "ruleId" + ] + }, + "aws:wafregional/RuleGroupActivatedRuleAction:RuleGroupActivatedRuleAction": { + "properties": { + "type": { + "type": "string", + "description": "The rule type, either `REGULAR`, `RATE_BASED`, or `GROUP`. Defaults to `REGULAR`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafregional/RulePredicate:RulePredicate": { + "properties": { + "dataId": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + }, + "negated": { + "type": "boolean", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "dataId", + "negated", + "type" + ] + }, + "aws:wafregional/SizeConstraintSetSizeConstraint:SizeConstraintSetSizeConstraint": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The type of comparison you want to perform.\ne.g. `EQ`, `NE`, `LT`, `GT`.\nSee [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_SizeConstraint.html) for all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafregional/SizeConstraintSetSizeConstraintFieldToMatch:SizeConstraintSetSizeConstraintFieldToMatch", + "description": "Specifies where in a web request to look for the size constraint.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size in bytes that you want to compare against the size of the specified `field_to_match`.\nValid values are between 0 - 21474836480 bytes (0 - 20 GB).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformation": { + "type": "string", + "description": "Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.\nIf you specify a transformation, AWS WAF performs the transformation on `field_to_match` before inspecting a request for a match.\ne.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_SizeConstraint.html#WAF-Type-SizeConstraint-TextTransformation)\nfor all supported values.\n**Note:** if you choose `BODY` as `type`, you must choose `NONE` because CloudFront forwards only the first 8192 bytes for inspection.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "fieldToMatch", + "size", + "textTransformation" + ] + }, + "aws:wafregional/SizeConstraintSetSizeConstraintFieldToMatch:SizeConstraintSetSizeConstraintFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.\nIf `type` is any other value, omit this field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The part of the web request that you want AWS WAF to search for a specified string.\ne.g. `HEADER`, `METHOD` or `BODY`.\nSee [docs](http://docs.aws.amazon.com/waf/latest/APIReference/API_FieldToMatch.html)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafregional/SqlInjectionMatchSetSqlInjectionMatchTuple:SqlInjectionMatchSetSqlInjectionMatchTuple": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafregional/SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch:SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch", + "description": "Specifies where in a web request to look for snippets of malicious SQL code.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformation": { + "type": "string", + "description": "Text transformations used to eliminate unusual formatting that attackers use in web requests in an effort to bypass AWS WAF.\nIf you specify a transformation, AWS WAF performs the transformation on `field_to_match` before inspecting a request for a match.\ne.g. `CMD_LINE`, `HTML_ENTITY_DECODE` or `NONE`.\nSee [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_SqlInjectionMatchTuple.html#WAF-Type-regional_SqlInjectionMatchTuple-TextTransformation)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fieldToMatch", + "textTransformation" + ] + }, + "aws:wafregional/SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch:SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When `type` is `HEADER`, enter the name of the header that you want to search, e.g. `User-Agent` or `Referer`.\nIf `type` is any other value, omit this field.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The part of the web request that you want AWS WAF to search for a specified string.\ne.g. `HEADER`, `METHOD` or `BODY`.\nSee [docs](https://docs.aws.amazon.com/waf/latest/APIReference/API_regional_FieldToMatch.html)\nfor all supported values.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafregional/WebAclDefaultAction:WebAclDefaultAction": { + "properties": { + "type": { + "type": "string", + "description": "Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. `ALLOW`, `BLOCK` or `COUNT`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafregional/WebAclLoggingConfiguration:WebAclLoggingConfiguration": { + "properties": { + "logDestination": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Kinesis Firehose Delivery Stream\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "redactedFields": { + "$ref": "#/types/aws:wafregional/WebAclLoggingConfigurationRedactedFields:WebAclLoggingConfigurationRedactedFields", + "description": "Configuration block containing parts of the request that you want redacted from the logs. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "logDestination" + ] + }, + "aws:wafregional/WebAclLoggingConfigurationRedactedFields:WebAclLoggingConfigurationRedactedFields": { + "properties": { + "fieldToMatches": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/WebAclLoggingConfigurationRedactedFieldsFieldToMatch:WebAclLoggingConfigurationRedactedFieldsFieldToMatch" + }, + "description": "Set of configuration blocks for fields to redact. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fieldToMatches" + ] + }, + "aws:wafregional/WebAclLoggingConfigurationRedactedFieldsFieldToMatch:WebAclLoggingConfigurationRedactedFieldsFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When the value of `type` is `HEADER`, enter the name of the header that you want the WAF to search, for example, `User-Agent` or `Referer`. If the value of `type` is any other value, omit `data`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. `ALLOW`, `BLOCK` or `COUNT`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafregional/WebAclRule:WebAclRule": { + "properties": { + "action": { + "$ref": "#/types/aws:wafregional/WebAclRuleAction:WebAclRuleAction", + "description": "Configuration block of the action that CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Not used if `type` is `GROUP`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "overrideAction": { + "$ref": "#/types/aws:wafregional/WebAclRuleOverrideAction:WebAclRuleOverrideAction", + "description": "Configuration block of the override the action that a group requests CloudFront or AWS WAF takes when a web request matches the conditions in the rule. Only used if `type` is `GROUP`. Detailed below.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "integer", + "description": "Specifies the order in which the rules in a WebACL are evaluated.\nRules with a lower value are evaluated before rules with a higher value.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleId": { + "type": "string", + "description": "ID of the associated WAF (Regional) rule (e.g. `aws.wafregional.Rule`). WAF (Global) rules cannot be used.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. `ALLOW`, `BLOCK` or `COUNT`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "ruleId" + ] + }, + "aws:wafregional/WebAclRuleAction:WebAclRuleAction": { + "properties": { + "type": { + "type": "string", + "description": "Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. `ALLOW`, `BLOCK` or `COUNT`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafregional/WebAclRuleOverrideAction:WebAclRuleOverrideAction": { + "properties": { + "type": { + "type": "string", + "description": "Specifies how you want AWS WAF Regional to respond to requests that match the settings in a rule. e.g. `ALLOW`, `BLOCK` or `COUNT`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafregional/XssMatchSetXssMatchTuple:XssMatchSetXssMatchTuple": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafregional/XssMatchSetXssMatchTupleFieldToMatch:XssMatchSetXssMatchTupleFieldToMatch", + "description": "Specifies where in a web request to look for cross-site scripting attacks.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformation": { + "type": "string", + "description": "Which text transformation, if any, to perform on the web request before inspecting the request for cross-site scripting attacks.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fieldToMatch", + "textTransformation" + ] + }, + "aws:wafregional/XssMatchSetXssMatchTupleFieldToMatch:XssMatchSetXssMatchTupleFieldToMatch": { + "properties": { + "data": { + "type": "string", + "description": "When the value of `type` is `HEADER`, enter the name of the header that you want the WAF to search, for example, `User-Agent` or `Referer`. If the value of `type` is any other value, omit `data`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The part of the web request that you want AWS WAF to search for a specified string. e.g. `HEADER` or `METHOD`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "type" + ] + }, + "aws:wafv2/RegexPatternSetRegularExpression:RegexPatternSetRegularExpression": { + "properties": { + "regexString": { + "type": "string", + "description": "The string representing the regular expression, see the AWS WAF [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-regex-pattern-set-creating.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "regexString" + ] + }, + "aws:wafv2/RuleGroupRule:RuleGroupRule": { + "properties": { + "action": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleAction:RuleGroupRuleAction", + "description": "The action that AWS WAF should take on a web request when it matches the rule's statement. Settings at the `aws.wafv2.WebAcl` level can override the rule action setting. See Action below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "A friendly name of the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "integer", + "description": "If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the `rules` in order based on the value of `priority`. AWS WAF processes rules with lower priority first.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatement:RuleGroupRuleStatement", + "description": "The AWS WAF processing statement for the rule, for example `byte_match_statement` or `geo_match_statement`. See Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "visibilityConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleVisibilityConfig:RuleGroupRuleVisibilityConfig", + "description": "Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action", + "name", + "priority", + "statement", + "visibilityConfig" + ] + }, + "aws:wafv2/RuleGroupRuleAction:RuleGroupRuleAction": { + "properties": { + "allow": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleActionAllow:RuleGroupRuleActionAllow", + "description": "Instructs AWS WAF to allow the web request. See Allow below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "block": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleActionBlock:RuleGroupRuleActionBlock", + "description": "Instructs AWS WAF to block the web request. See Block below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "count": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleActionCount:RuleGroupRuleActionCount", + "description": "Instructs AWS WAF to count the web request and allow it. See Count below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleActionAllow:RuleGroupRuleActionAllow": { + "properties": { + "customRequestHandling": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleActionAllowCustomRequestHandling:RuleGroupRuleActionAllowCustomRequestHandling", + "description": "Defines custom handling for the web request. See Custom Request Handling below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleActionAllowCustomRequestHandling:RuleGroupRuleActionAllowCustomRequestHandling": { + "properties": { + "insertHeaders": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader:RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader" + }, + "description": "The `insert_header` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "insertHeaders" + ] + }, + "aws:wafv2/RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader:RuleGroupRuleActionAllowCustomRequestHandlingInsertHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the custom header.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:wafv2/RuleGroupRuleActionBlock:RuleGroupRuleActionBlock": { + "properties": { + "customResponse": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleActionBlockCustomResponse:RuleGroupRuleActionBlockCustomResponse", + "description": "Defines a custom response for the web request. See Custom Response below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleActionBlockCustomResponse:RuleGroupRuleActionBlockCustomResponse": { + "properties": { + "responseCode": { + "type": "integer", + "description": "The HTTP status code to return to the client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseHeaders": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleActionBlockCustomResponseResponseHeader:RuleGroupRuleActionBlockCustomResponseResponseHeader" + }, + "description": "The `response_header` blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "responseCode" + ] + }, + "aws:wafv2/RuleGroupRuleActionBlockCustomResponseResponseHeader:RuleGroupRuleActionBlockCustomResponseResponseHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the custom header.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:wafv2/RuleGroupRuleActionCount:RuleGroupRuleActionCount": { + "properties": { + "customRequestHandling": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleActionCountCustomRequestHandling:RuleGroupRuleActionCountCustomRequestHandling", + "description": "Defines custom handling for the web request. See Custom Request Handling below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleActionCountCustomRequestHandling:RuleGroupRuleActionCountCustomRequestHandling": { + "properties": { + "insertHeaders": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleActionCountCustomRequestHandlingInsertHeader:RuleGroupRuleActionCountCustomRequestHandlingInsertHeader" + }, + "description": "The `insert_header` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "insertHeaders" + ] + }, + "aws:wafv2/RuleGroupRuleActionCountCustomRequestHandlingInsertHeader:RuleGroupRuleActionCountCustomRequestHandlingInsertHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the custom header.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:wafv2/RuleGroupRuleStatement:RuleGroupRuleStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatement:RuleGroupRuleStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementByteMatchStatement:RuleGroupRuleStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementGeoMatchStatement:RuleGroupRuleStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementIpSetReferenceStatement:RuleGroupRuleStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatement:RuleGroupRuleStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatement:RuleGroupRuleStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSizeConstraintStatement:RuleGroupRuleStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSqliMatchStatement:RuleGroupRuleStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementXssMatchStatement:RuleGroupRuleStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatement:RuleGroupRuleStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatement:RuleGroupRuleStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatement:RuleGroupRuleStatementAndStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatement:RuleGroupRuleStatementAndStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatement:RuleGroupRuleStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementGeoMatchStatement:RuleGroupRuleStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatement:RuleGroupRuleStatementAndStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatement:RuleGroupRuleStatementAndStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatement:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatement:RuleGroupRuleStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatement:RuleGroupRuleStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatement:RuleGroupRuleStatementAndStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatement:RuleGroupRuleStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementGeoMatchStatement:RuleGroupRuleStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatement:RuleGroupRuleStatementAndStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatement:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatement:RuleGroupRuleStatementAndStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatement:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatement:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatement:RuleGroupRuleStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatement:RuleGroupRuleStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementAndStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementByteMatchStatement:RuleGroupRuleStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementGeoMatchStatement:RuleGroupRuleStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementIpSetReferenceStatement:RuleGroupRuleStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatement:RuleGroupRuleStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatement:RuleGroupRuleStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatement:RuleGroupRuleStatementNotStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatement:RuleGroupRuleStatementNotStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatement:RuleGroupRuleStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementGeoMatchStatement:RuleGroupRuleStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatement:RuleGroupRuleStatementNotStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatement:RuleGroupRuleStatementNotStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatement:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatement:RuleGroupRuleStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatement:RuleGroupRuleStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatement:RuleGroupRuleStatementNotStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatement:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatement:RuleGroupRuleStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementGeoMatchStatement:RuleGroupRuleStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatement:RuleGroupRuleStatementNotStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatement:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatement:RuleGroupRuleStatementNotStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatement:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatement:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatement:RuleGroupRuleStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatement:RuleGroupRuleStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementNotStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatement:RuleGroupRuleStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatement:RuleGroupRuleStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatement:RuleGroupRuleStatementOrStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatement:RuleGroupRuleStatementOrStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatement:RuleGroupRuleStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementGeoMatchStatement:RuleGroupRuleStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatement:RuleGroupRuleStatementOrStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatement:RuleGroupRuleStatementOrStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatement:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatement:RuleGroupRuleStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatement:RuleGroupRuleStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatement:RuleGroupRuleStatementOrStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatement:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatement:RuleGroupRuleStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementGeoMatchStatement:RuleGroupRuleStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatement:RuleGroupRuleStatementOrStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatement:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatement:RuleGroupRuleStatementOrStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:RuleGroupRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatement:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatement:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatement:RuleGroupRuleStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatement:RuleGroupRuleStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatement:RuleGroupRuleStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:RuleGroupRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation:RuleGroupRuleStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementSizeConstraintStatement:RuleGroupRuleStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatch:RuleGroupRuleStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath:RuleGroupRuleStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSizeConstraintStatementTextTransformation:RuleGroupRuleStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementSqliMatchStatement:RuleGroupRuleStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatch:RuleGroupRuleStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody:RuleGroupRuleStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod:RuleGroupRuleStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementSqliMatchStatementTextTransformation:RuleGroupRuleStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleStatementXssMatchStatement:RuleGroupRuleStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatch:RuleGroupRuleStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchAllQueryArguments:RuleGroupRuleStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchBody:RuleGroupRuleStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchMethod:RuleGroupRuleStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchQueryString:RuleGroupRuleStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleHeader:RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument:RuleGroupRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/RuleGroupRuleStatementXssMatchStatementFieldToMatchUriPath:RuleGroupRuleStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/RuleGroupRuleStatementXssMatchStatementTextTransformation:RuleGroupRuleStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/RuleGroupRuleVisibilityConfig:RuleGroupRuleVisibilityConfig": { + "properties": { + "cloudwatchMetricsEnabled": { + "type": "boolean", + "description": "A boolean indicating whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricName": { + "type": "string", + "description": "A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sampledRequestsEnabled": { + "type": "boolean", + "description": "A boolean indicating whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cloudwatchMetricsEnabled", + "metricName", + "sampledRequestsEnabled" + ] + }, + "aws:wafv2/RuleGroupVisibilityConfig:RuleGroupVisibilityConfig": { + "properties": { + "cloudwatchMetricsEnabled": { + "type": "boolean", + "description": "A boolean indicating whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricName": { + "type": "string", + "description": "A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sampledRequestsEnabled": { + "type": "boolean", + "description": "A boolean indicating whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cloudwatchMetricsEnabled", + "metricName", + "sampledRequestsEnabled" + ] + }, + "aws:wafv2/WebAclDefaultAction:WebAclDefaultAction": { + "properties": { + "allow": { + "$ref": "#/types/aws:wafv2/WebAclDefaultActionAllow:WebAclDefaultActionAllow", + "description": "Specifies that AWS WAF should allow requests by default. See Allow below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "block": { + "$ref": "#/types/aws:wafv2/WebAclDefaultActionBlock:WebAclDefaultActionBlock", + "description": "Specifies that AWS WAF should block requests by default. See Block below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclDefaultActionAllow:WebAclDefaultActionAllow": { + "properties": { + "customRequestHandling": { + "$ref": "#/types/aws:wafv2/WebAclDefaultActionAllowCustomRequestHandling:WebAclDefaultActionAllowCustomRequestHandling", + "description": "Defines custom handling for the web request. See Custom Request Handling below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclDefaultActionAllowCustomRequestHandling:WebAclDefaultActionAllowCustomRequestHandling": { + "properties": { + "insertHeaders": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclDefaultActionAllowCustomRequestHandlingInsertHeader:WebAclDefaultActionAllowCustomRequestHandlingInsertHeader" + }, + "description": "The `insert_header` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "insertHeaders" + ] + }, + "aws:wafv2/WebAclDefaultActionAllowCustomRequestHandlingInsertHeader:WebAclDefaultActionAllowCustomRequestHandlingInsertHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the custom header.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:wafv2/WebAclDefaultActionBlock:WebAclDefaultActionBlock": { + "properties": { + "customResponse": { + "$ref": "#/types/aws:wafv2/WebAclDefaultActionBlockCustomResponse:WebAclDefaultActionBlockCustomResponse", + "description": "Defines a custom response for the web request. See Custom Response below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclDefaultActionBlockCustomResponse:WebAclDefaultActionBlockCustomResponse": { + "properties": { + "responseCode": { + "type": "integer", + "description": "The HTTP status code to return to the client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseHeaders": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclDefaultActionBlockCustomResponseResponseHeader:WebAclDefaultActionBlockCustomResponseResponseHeader" + }, + "description": "The `response_header` blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "responseCode" + ] + }, + "aws:wafv2/WebAclDefaultActionBlockCustomResponseResponseHeader:WebAclDefaultActionBlockCustomResponseResponseHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the custom header.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:wafv2/WebAclLoggingConfigurationLoggingFilter:WebAclLoggingConfigurationLoggingFilter": { + "properties": { + "defaultBehavior": { + "type": "string", + "description": "Default handling for logs that don't match any of the specified filtering conditions. Valid values: `KEEP` or `DROP`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationLoggingFilterFilter:WebAclLoggingConfigurationLoggingFilterFilter" + }, + "description": "Filter(s) that you want to apply to the logs. See Filter below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "defaultBehavior", + "filters" + ] + }, + "aws:wafv2/WebAclLoggingConfigurationLoggingFilterFilter:WebAclLoggingConfigurationLoggingFilterFilter": { + "properties": { + "behavior": { + "type": "string", + "description": "How to handle logs that satisfy the filter's conditions and requirement. Valid values: `KEEP` or `DROP`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationLoggingFilterFilterCondition:WebAclLoggingConfigurationLoggingFilterFilterCondition" + }, + "description": "Match condition(s) for the filter. See Condition below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "requirement": { + "type": "string", + "description": "Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. Valid values: `MEETS_ALL` or `MEETS_ANY`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "behavior", + "conditions", + "requirement" + ] + }, + "aws:wafv2/WebAclLoggingConfigurationLoggingFilterFilterCondition:WebAclLoggingConfigurationLoggingFilterFilterCondition": { + "properties": { + "actionCondition": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition:WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition", + "description": "A single action condition. See Action Condition below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "labelNameCondition": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition:WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition", + "description": "A single label name condition. See Label Name Condition below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition:WebAclLoggingConfigurationLoggingFilterFilterConditionActionCondition": { + "properties": { + "action": { + "type": "string", + "description": "The action setting that a log record must contain in order to meet the condition. Valid values: `ALLOW`, `BLOCK`, `COUNT`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "action" + ] + }, + "aws:wafv2/WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition:WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameCondition": { + "properties": { + "labelName": { + "type": "string", + "description": "The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "labelName" + ] + }, + "aws:wafv2/WebAclLoggingConfigurationRedactedField:WebAclLoggingConfigurationRedactedField": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationRedactedFieldAllQueryArguments:WebAclLoggingConfigurationRedactedFieldAllQueryArguments", + "description": "Redact all query arguments.\n", + "deprecationMessage": "Not supported by WAFv2 API", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationRedactedFieldBody:WebAclLoggingConfigurationRedactedFieldBody", + "description": "Redact the request body, which immediately follows the request headers.\n", + "deprecationMessage": "Not supported by WAFv2 API", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationRedactedFieldMethod:WebAclLoggingConfigurationRedactedFieldMethod", + "description": "Redact the HTTP method. Must be specified as an empty configuration block `{}`. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationRedactedFieldQueryString:WebAclLoggingConfigurationRedactedFieldQueryString", + "description": "Redact the query string. Must be specified as an empty configuration block `{}`. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationRedactedFieldSingleHeader:WebAclLoggingConfigurationRedactedFieldSingleHeader", + "description": "Redact a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationRedactedFieldSingleQueryArgument:WebAclLoggingConfigurationRedactedFieldSingleQueryArgument", + "description": "Redact a single query argument. See Single Query Argument below for details.\n", + "deprecationMessage": "Not supported by WAFv2 API", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationRedactedFieldUriPath:WebAclLoggingConfigurationRedactedFieldUriPath", + "description": "Redact the request URI path. Must be specified as an empty configuration block `{}`. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclLoggingConfigurationRedactedFieldAllQueryArguments:WebAclLoggingConfigurationRedactedFieldAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclLoggingConfigurationRedactedFieldBody:WebAclLoggingConfigurationRedactedFieldBody": { + "type": "object" + }, + "aws:wafv2/WebAclLoggingConfigurationRedactedFieldMethod:WebAclLoggingConfigurationRedactedFieldMethod": { + "type": "object" + }, + "aws:wafv2/WebAclLoggingConfigurationRedactedFieldQueryString:WebAclLoggingConfigurationRedactedFieldQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclLoggingConfigurationRedactedFieldSingleHeader:WebAclLoggingConfigurationRedactedFieldSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to redact. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclLoggingConfigurationRedactedFieldSingleQueryArgument:WebAclLoggingConfigurationRedactedFieldSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to redact. This setting must be provided as lower case characters.\n", + "deprecationMessage": "Not supported by WAFv2 API", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclLoggingConfigurationRedactedFieldUriPath:WebAclLoggingConfigurationRedactedFieldUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRule:WebAclRule": { + "properties": { + "action": { + "$ref": "#/types/aws:wafv2/WebAclRuleAction:WebAclRuleAction", + "description": "The action that AWS WAF should take on a web request when it matches the rule's statement. This is used only for rules whose **statements do not reference a rule group**. See Action below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "A friendly name of the rule.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "overrideAction": { + "$ref": "#/types/aws:wafv2/WebAclRuleOverrideAction:WebAclRuleOverrideAction", + "description": "The override action to apply to the rules in a rule group. Used only for rule **statements that reference a rule group**, like `rule_group_reference_statement` and `managed_rule_group_statement`. See Override Action below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "priority": { + "type": "integer", + "description": "If you define more than one Rule in a WebACL, AWS WAF evaluates each request against the `rules` in order based on the value of `priority`. AWS WAF processes rules with lower priority first.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "statement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatement:WebAclRuleStatement", + "description": "The AWS WAF processing statement for the rule, for example `byte_match_statement` or `geo_match_statement`. See Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "visibilityConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleVisibilityConfig:WebAclRuleVisibilityConfig", + "description": "Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "priority", + "statement", + "visibilityConfig" + ] + }, + "aws:wafv2/WebAclRuleAction:WebAclRuleAction": { + "properties": { + "allow": { + "$ref": "#/types/aws:wafv2/WebAclRuleActionAllow:WebAclRuleActionAllow", + "description": "Instructs AWS WAF to allow the web request. See Allow below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "block": { + "$ref": "#/types/aws:wafv2/WebAclRuleActionBlock:WebAclRuleActionBlock", + "description": "Instructs AWS WAF to block the web request. See Block below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "count": { + "$ref": "#/types/aws:wafv2/WebAclRuleActionCount:WebAclRuleActionCount", + "description": "Instructs AWS WAF to count the web request and allow it. See Count below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleActionAllow:WebAclRuleActionAllow": { + "properties": { + "customRequestHandling": { + "$ref": "#/types/aws:wafv2/WebAclRuleActionAllowCustomRequestHandling:WebAclRuleActionAllowCustomRequestHandling", + "description": "Defines custom handling for the web request. See Custom Request Handling below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleActionAllowCustomRequestHandling:WebAclRuleActionAllowCustomRequestHandling": { + "properties": { + "insertHeaders": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleActionAllowCustomRequestHandlingInsertHeader:WebAclRuleActionAllowCustomRequestHandlingInsertHeader" + }, + "description": "The `insert_header` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "insertHeaders" + ] + }, + "aws:wafv2/WebAclRuleActionAllowCustomRequestHandlingInsertHeader:WebAclRuleActionAllowCustomRequestHandlingInsertHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the custom header.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:wafv2/WebAclRuleActionBlock:WebAclRuleActionBlock": { + "properties": { + "customResponse": { + "$ref": "#/types/aws:wafv2/WebAclRuleActionBlockCustomResponse:WebAclRuleActionBlockCustomResponse", + "description": "Defines a custom response for the web request. See Custom Response below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleActionBlockCustomResponse:WebAclRuleActionBlockCustomResponse": { + "properties": { + "responseCode": { + "type": "integer", + "description": "The HTTP status code to return to the client.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "responseHeaders": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleActionBlockCustomResponseResponseHeader:WebAclRuleActionBlockCustomResponseResponseHeader" + }, + "description": "The `response_header` blocks used to define the HTTP response headers added to the response. See Custom HTTP Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "responseCode" + ] + }, + "aws:wafv2/WebAclRuleActionBlockCustomResponseResponseHeader:WebAclRuleActionBlockCustomResponseResponseHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the custom header.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:wafv2/WebAclRuleActionCount:WebAclRuleActionCount": { + "properties": { + "customRequestHandling": { + "$ref": "#/types/aws:wafv2/WebAclRuleActionCountCustomRequestHandling:WebAclRuleActionCountCustomRequestHandling", + "description": "Defines custom handling for the web request. See Custom Request Handling below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleActionCountCustomRequestHandling:WebAclRuleActionCountCustomRequestHandling": { + "properties": { + "insertHeaders": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleActionCountCustomRequestHandlingInsertHeader:WebAclRuleActionCountCustomRequestHandlingInsertHeader" + }, + "description": "The `insert_header` blocks used to define HTTP headers added to the request. See Custom HTTP Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "insertHeaders" + ] + }, + "aws:wafv2/WebAclRuleActionCountCustomRequestHandlingInsertHeader:WebAclRuleActionCountCustomRequestHandlingInsertHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "value": { + "type": "string", + "description": "The value of the custom header.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "value" + ] + }, + "aws:wafv2/WebAclRuleOverrideAction:WebAclRuleOverrideAction": { + "properties": { + "count": { + "$ref": "#/types/aws:wafv2/WebAclRuleOverrideActionCount:WebAclRuleOverrideActionCount", + "description": "Override the rule action setting to count (i.e. only count matches). Configured as an empty block `{}`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "none": { + "$ref": "#/types/aws:wafv2/WebAclRuleOverrideActionNone:WebAclRuleOverrideActionNone", + "description": "Don't override the rule action setting. Configured as an empty block `{}`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleOverrideActionCount:WebAclRuleOverrideActionCount": { + "type": "object" + }, + "aws:wafv2/WebAclRuleOverrideActionNone:WebAclRuleOverrideActionNone": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatement:WebAclRuleStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatement:WebAclRuleStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementByteMatchStatement:WebAclRuleStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementGeoMatchStatement:WebAclRuleStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementIpSetReferenceStatement:WebAclRuleStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "managedRuleGroupStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatement:WebAclRuleStatementManagedRuleGroupStatement", + "description": "A rule statement used to run the rules that are defined in a managed rule group. This statement can not be nested. See Managed Rule Group Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatement:WebAclRuleStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatement:WebAclRuleStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rateBasedStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatement:WebAclRuleStatementRateBasedStatement", + "description": "A rate-based rule tracks the rate of requests for each originating `IP address`, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any `5-minute` time span. This statement can not be nested. See Rate Based Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ruleGroupReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRuleGroupReferenceStatement:WebAclRuleStatementRuleGroupReferenceStatement", + "description": "A rule statement used to run the rules that are defined in an WAFv2 Rule Group. See Rule Group Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSizeConstraintStatement:WebAclRuleStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSqliMatchStatement:WebAclRuleStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementXssMatchStatement:WebAclRuleStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatement:WebAclRuleStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatement:WebAclRuleStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatement:WebAclRuleStatementAndStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatement:WebAclRuleStatementAndStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatement:WebAclRuleStatementAndStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatement:WebAclRuleStatementAndStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementAndStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementAndStatementStatementAndStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementAndStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementAndStatementStatementNotStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatement:WebAclRuleStatementAndStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementAndStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementAndStatementStatementOrStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementByteMatchStatement:WebAclRuleStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatch:WebAclRuleStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementByteMatchStatementTextTransformation:WebAclRuleStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatch:WebAclRuleStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementByteMatchStatementTextTransformation:WebAclRuleStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementGeoMatchStatement:WebAclRuleStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementIpSetReferenceStatement:WebAclRuleStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatement:WebAclRuleStatementManagedRuleGroupStatement": { + "properties": { + "excludedRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementExcludedRule:WebAclRuleStatementManagedRuleGroupStatementExcludedRule" + }, + "description": "The `rules` whose actions are set to `COUNT` by the web ACL, regardless of the action that is set on the rule. See Excluded Rule below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "name": { + "type": "string", + "description": "The name of the managed rule group.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scopeDownStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement", + "description": "Narrows the scope of the statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vendorName": { + "type": "string", + "description": "The name of the managed rule group vendor.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name", + "vendorName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementExcludedRule:WebAclRuleStatementManagedRuleGroupStatementExcludedRule": { + "properties": { + "name": { + "type": "string", + "description": "The name of the rule to exclude. If the rule group is managed by AWS, see the [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html) for a list of names in the appropriate rule group in use.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation:WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatement:WebAclRuleStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatement:WebAclRuleStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatement:WebAclRuleStatementNotStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatement:WebAclRuleStatementNotStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatement:WebAclRuleStatementNotStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatement:WebAclRuleStatementNotStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementNotStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementNotStatementStatementAndStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementNotStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementNotStatementStatementNotStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatement:WebAclRuleStatementNotStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementNotStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementNotStatementStatementOrStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatement:WebAclRuleStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatement:WebAclRuleStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatement:WebAclRuleStatementOrStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatement:WebAclRuleStatementOrStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatement:WebAclRuleStatementOrStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatement:WebAclRuleStatementOrStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementOrStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementOrStatementStatementAndStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementOrStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementOrStatementStatementNotStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatement:WebAclRuleStatementOrStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementOrStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementOrStatementStatementOrStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatement:WebAclRuleStatementRateBasedStatement": { + "properties": { + "aggregateKeyType": { + "type": "string", + "description": "Setting that indicates how to aggregate the request counts. Valid values include: `FORWARDED_IP` or `IP`. Default: `IP`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. If `aggregate_key_type` is set to `FORWARDED_IP`, this block is required. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "limit": { + "type": "integer", + "description": "The limit on requests per 5-minute period for a single originating IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "scopeDownStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatement:WebAclRuleStatementRateBasedStatementScopeDownStatement", + "description": "An optional nested statement that narrows the scope of the rate-based statement to matching web requests. This can be any nestable statement, and you can nest statements at any level below this scope-down statement. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "limit" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatement:WebAclRuleStatementRateBasedStatementScopeDownStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatement": { + "properties": { + "andStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatement", + "description": "A logical rule statement used to combine other rule statements with AND logic. See AND Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "notStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatement", + "description": "A logical rule statement used to negate the results of another rule statement. See NOT Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "orStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatement", + "description": "A logical rule statement used to combine other rule statements with OR logic. See OR Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatement" + }, + "description": "The statements to combine with `AND` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementAndStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatement" + }, + "description": "The statement to negate. You can use any statement that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementNotStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatement": { + "properties": { + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatement" + }, + "description": "The statements to combine with `OR` logic. You can use any statements that can be nested. See Statement above for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "statements" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatement": { + "properties": { + "byteMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatement", + "description": "A rule statement that defines a string match search for AWS WAF to apply to web requests. See Byte Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "geoMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatement", + "description": "A rule statement used to identify web requests based on country of origin. See GEO Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement", + "description": "A rule statement used to detect web requests coming from particular IP addresses or address ranges. See IP Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "regexPatternSetReferenceStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement", + "description": "A rule statement used to search web request components for matches with regular expressions. See Regex Pattern Set Reference Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sizeConstraintStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatement", + "description": "A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). See Size Constraint Statement below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sqliMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatement", + "description": "An SQL injection match condition identifies the part of web requests, such as the URI or the query string, that you want AWS WAF to inspect. See SQL Injection Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "xssMatchStatement": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatement", + "description": "A rule statement that defines a cross-site scripting (XSS) match search for AWS WAF to apply to web requests. See XSS Match Statement below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "positionalConstraint": { + "type": "string", + "description": "The area within the portion of a web request that you want AWS WAF to search for `search_string`. Valid values include the following: `EXACTLY`, `STARTS_WITH`, `ENDS_WITH`, `CONTAINS`, `CONTAINS_WORD`. See the AWS [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_ByteMatchStatement.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "searchString": { + "type": "string", + "description": "A string value that you want AWS WAF to search for. AWS WAF searches only in the part of web requests that you designate for inspection in `field_to_match`. The maximum length of the value is 50 bytes.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "positionalConstraint", + "searchString", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementByteMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatement": { + "properties": { + "countryCodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of two-character country codes, for example, [ \"US\", \"CN\" ], from the alpha-2 country ISO codes of the `ISO 3166` international standard. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_GeoMatchStatement.html) for valid values.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "forwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See Forwarded IP Config below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "countryCodes" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementGeoMatchStatementForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "ipSetForwardedIpConfig": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig", + "description": "The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. See IPSet Forwarded IP Config below for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementIpSetReferenceStatementIpSetForwardedIpConfig": { + "properties": { + "fallbackBehavior": { + "type": "string", + "description": "- The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. Valid values include: `MATCH` or `NO_MATCH`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "headerName": { + "type": "string", + "description": "- The name of the HTTP header to use for the IP address.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "position": { + "type": "string", + "description": "- The position in the header to search for the IP address. Valid values include: `FIRST`, `LAST`, or `ANY`. If `ANY` is specified and the header contains more than 10 IP addresses, AWS WAFv2 inspects the last 10.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "fallbackBehavior", + "headerName", + "position" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementOrStatementStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation:WebAclRuleStatementRateBasedStatementScopeDownStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatement:WebAclRuleStatementRegexPatternSetReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Regex Pattern Set that this statement references.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRegexPatternSetReferenceStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatch:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath:WebAclRuleStatementRegexPatternSetReferenceStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementRegexPatternSetReferenceStatementTextTransformation:WebAclRuleStatementRegexPatternSetReferenceStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementRuleGroupReferenceStatement:WebAclRuleStatementRuleGroupReferenceStatement": { + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the `aws.wafv2.RuleGroup` resource.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "excludedRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementRuleGroupReferenceStatementExcludedRule:WebAclRuleStatementRuleGroupReferenceStatementExcludedRule" + }, + "description": "The `rules` whose actions are set to `COUNT` by the web ACL, regardless of the action that is set on the rule. See Excluded Rule below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "aws:wafv2/WebAclRuleStatementRuleGroupReferenceStatementExcludedRule:WebAclRuleStatementRuleGroupReferenceStatementExcludedRule": { + "properties": { + "name": { + "type": "string", + "description": "The name of the rule to exclude. If the rule group is managed by AWS, see the [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list.html) for a list of names in the appropriate rule group in use.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementSizeConstraintStatement:WebAclRuleStatementSizeConstraintStatement": { + "properties": { + "comparisonOperator": { + "type": "string", + "description": "The operator to use to compare the request part to the size setting. Valid values include: `EQ`, `NE`, `LE`, `LT`, `GE`, or `GT`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementSizeConstraintStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "size": { + "type": "integer", + "description": "The size, in bytes, to compare to the request part, after any transformations. Valid values are integers between 0 and 21474836480, inclusive.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementSizeConstraintStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "comparisonOperator", + "size", + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatch:WebAclRuleStatementSizeConstraintStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementSizeConstraintStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementSizeConstraintStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementSizeConstraintStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementSizeConstraintStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments:WebAclRuleStatementSizeConstraintStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchBody:WebAclRuleStatementSizeConstraintStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchMethod:WebAclRuleStatementSizeConstraintStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchQueryString:WebAclRuleStatementSizeConstraintStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleHeader:WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementSizeConstraintStatementFieldToMatchUriPath:WebAclRuleStatementSizeConstraintStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSizeConstraintStatementTextTransformation:WebAclRuleStatementSizeConstraintStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementSqliMatchStatement:WebAclRuleStatementSqliMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementSqliMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSqliMatchStatementTextTransformation:WebAclRuleStatementSqliMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatch:WebAclRuleStatementSqliMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementSqliMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementSqliMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementSqliMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementSqliMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementSqliMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementSqliMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchBody:WebAclRuleStatementSqliMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchMethod:WebAclRuleStatementSqliMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchQueryString:WebAclRuleStatementSqliMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementSqliMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementSqliMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementSqliMatchStatementFieldToMatchUriPath:WebAclRuleStatementSqliMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementSqliMatchStatementTextTransformation:WebAclRuleStatementSqliMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleStatementXssMatchStatement:WebAclRuleStatementXssMatchStatement": { + "properties": { + "fieldToMatch": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatch:WebAclRuleStatementXssMatchStatementFieldToMatch", + "description": "The part of a web request that you want AWS WAF to inspect. See Field to Match below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "textTransformations": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementXssMatchStatementTextTransformation:WebAclRuleStatementXssMatchStatementTextTransformation" + }, + "description": "Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. See Text Transformation below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "textTransformations" + ] + }, + "aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatch:WebAclRuleStatementXssMatchStatementFieldToMatch": { + "properties": { + "allQueryArguments": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementXssMatchStatementFieldToMatchAllQueryArguments", + "description": "Inspect all query arguments.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "body": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementXssMatchStatementFieldToMatchBody", + "description": "Inspect the request body, which immediately follows the request headers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "method": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementXssMatchStatementFieldToMatchMethod", + "description": "Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "queryString": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementXssMatchStatementFieldToMatchQueryString", + "description": "Inspect the query string. This is the part of a URL that appears after a `?` character, if any.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleHeader": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementXssMatchStatementFieldToMatchSingleHeader", + "description": "Inspect a single header. See Single Header below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "singleQueryArgument": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument", + "description": "Inspect a single query argument. See Single Query Argument below for details.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "uriPath": { + "$ref": "#/types/aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementXssMatchStatementFieldToMatchUriPath", + "description": "Inspect the request URI path. This is the part of a web request that identifies a resource, for example, `/images/daily-ad.jpg`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchAllQueryArguments:WebAclRuleStatementXssMatchStatementFieldToMatchAllQueryArguments": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchBody:WebAclRuleStatementXssMatchStatementFieldToMatchBody": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchMethod:WebAclRuleStatementXssMatchStatementFieldToMatchMethod": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchQueryString:WebAclRuleStatementXssMatchStatementFieldToMatchQueryString": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchSingleHeader:WebAclRuleStatementXssMatchStatementFieldToMatchSingleHeader": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument:WebAclRuleStatementXssMatchStatementFieldToMatchSingleQueryArgument": { + "properties": { + "name": { + "type": "string", + "description": "The name of the query header to inspect. This setting must be provided as lower case characters.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "aws:wafv2/WebAclRuleStatementXssMatchStatementFieldToMatchUriPath:WebAclRuleStatementXssMatchStatementFieldToMatchUriPath": { + "type": "object" + }, + "aws:wafv2/WebAclRuleStatementXssMatchStatementTextTransformation:WebAclRuleStatementXssMatchStatementTextTransformation": { + "properties": { + "priority": { + "type": "integer", + "description": "The relative processing order for multiple transformations that are defined for a rule statement. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The transformation to apply, you can specify the following types: `NONE`, `COMPRESS_WHITE_SPACE`, `HTML_ENTITY_DECODE`, `LOWERCASE`, `CMD_LINE`, `URL_DECODE`. See the [documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_TextTransformation.html) for more details.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "priority", + "type" + ] + }, + "aws:wafv2/WebAclRuleVisibilityConfig:WebAclRuleVisibilityConfig": { + "properties": { + "cloudwatchMetricsEnabled": { + "type": "boolean", + "description": "A boolean indicating whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricName": { + "type": "string", + "description": "A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (\\_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sampledRequestsEnabled": { + "type": "boolean", + "description": "A boolean indicating whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cloudwatchMetricsEnabled", + "metricName", + "sampledRequestsEnabled" + ] + }, + "aws:wafv2/WebAclVisibilityConfig:WebAclVisibilityConfig": { + "properties": { + "cloudwatchMetricsEnabled": { + "type": "boolean", + "description": "A boolean indicating whether the associated resource sends metrics to CloudWatch. For the list of available metrics, see [AWS WAF Metrics](https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "metricName": { + "type": "string", + "description": "A friendly name of the CloudWatch metric. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) hyphen(-) and underscore (\\_), with length from one to 128 characters. It can't contain whitespace or metric names reserved for AWS WAF, for example `All` and `Default_Action`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "sampledRequestsEnabled": { + "type": "boolean", + "description": "A boolean indicating whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "cloudwatchMetricsEnabled", + "metricName", + "sampledRequestsEnabled" + ] + }, + "aws:wafv2/getRegexPatternSetRegularExpression:getRegexPatternSetRegularExpression": { + "properties": { + "regexString": { + "type": "string", + "description": "(Required) The string representing the regular expression, see the AWS WAF [documentation](https://docs.aws.amazon.com/waf/latest/developerguide/waf-regex-pattern-set-creating.html) for more information.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "regexString" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:worklink/FleetIdentityProvider:FleetIdentityProvider": { + "properties": { + "samlMetadata": { + "type": "string", + "description": "The SAML metadata document provided by the customer’s identity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "type": { + "type": "string", + "description": "The type of identity provider.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "samlMetadata", + "type" + ] + }, + "aws:worklink/FleetNetwork:FleetNetwork": { + "properties": { + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs associated with access to the provided subnets.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs used for X-ENI connections from Amazon WorkLink rendering containers.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "vpcId": { + "type": "string", + "description": "The VPC ID with connectivity to associated websites.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "securityGroupIds", + "subnetIds", + "vpcId" + ] + }, + "aws:workspaces/DirectorySelfServicePermissions:DirectorySelfServicePermissions": { + "properties": { + "changeComputeType": { + "type": "boolean", + "description": "Whether WorkSpaces directory users can change the compute type (bundle) for their workspace. Default `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "increaseVolumeSize": { + "type": "boolean", + "description": "Whether WorkSpaces directory users can increase the volume size of the drives on their workspace. Default `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rebuildWorkspace": { + "type": "boolean", + "description": "Whether WorkSpaces directory users can rebuild the operating system of a workspace to its original state. Default `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "restartWorkspace": { + "type": "boolean", + "description": "Whether WorkSpaces directory users can restart their workspace. Default `true`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "switchRunningMode": { + "type": "boolean", + "description": "Whether WorkSpaces directory users can switch the running mode of their workspace. Default `false`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:workspaces/DirectoryWorkspaceAccessProperties:DirectoryWorkspaceAccessProperties": { + "properties": { + "deviceTypeAndroid": { + "type": "string", + "description": "Indicates whether users can use Android devices to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeChromeos": { + "type": "string", + "description": "Indicates whether users can use Chromebooks to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeIos": { + "type": "string", + "description": "Indicates whether users can use iOS devices to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeOsx": { + "type": "string", + "description": "Indicates whether users can use macOS clients to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeWeb": { + "type": "string", + "description": "Indicates whether users can access their WorkSpaces through a web browser.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeWindows": { + "type": "string", + "description": "Indicates whether users can use Windows clients to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeZeroclient": { + "type": "string", + "description": "Indicates whether users can use zero client devices to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:workspaces/DirectoryWorkspaceCreationProperties:DirectoryWorkspaceCreationProperties": { + "properties": { + "customSecurityGroupId": { + "type": "string", + "description": "The identifier of your custom security group. Should relate to the same VPC, where workspaces reside in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "defaultOu": { + "type": "string", + "description": "The default organizational unit (OU) for your WorkSpace directories. Should conform `\"OU=,DC=,...,DC=\"` pattern.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableInternetAccess": { + "type": "boolean", + "description": "Indicates whether internet access is enabled for your WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableMaintenanceMode": { + "type": "boolean", + "description": "Indicates whether maintenance mode is enabled for your WorkSpaces. For more information, see [WorkSpace Maintenance](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspace-maintenance.html)..\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userEnabledAsLocalAdministrator": { + "type": "boolean", + "description": "Indicates whether users are local administrators of their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object" + }, + "aws:workspaces/IpGroupRule:IpGroupRule": { + "properties": { + "description": { + "type": "string", + "description": "The description.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "source": { + "type": "string", + "description": "The IP address range, in CIDR notation, e.g. `10.0.0.0/16`\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "source" + ] + }, + "aws:workspaces/WorkspaceWorkspaceProperties:WorkspaceWorkspaceProperties": { + "properties": { + "computeTypeName": { + "type": "string", + "description": "The compute type. For more information, see [Amazon WorkSpaces Bundles](http://aws.amazon.com/workspaces/details/#Amazon_WorkSpaces_Bundles). Valid values are `VALUE`, `STANDARD`, `PERFORMANCE`, `POWER`, `GRAPHICS`, `POWERPRO` and `GRAPHICSPRO`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rootVolumeSizeGib": { + "type": "integer", + "description": "The size of the root volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "runningMode": { + "type": "string", + "description": "The running mode. For more information, see [Manage the WorkSpace Running Mode](https://docs.aws.amazon.com/workspaces/latest/adminguide/running-mode.html). Valid values are `AUTO_STOP` and `ALWAYS_ON`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "runningModeAutoStopTimeoutInMinutes": { + "type": "integer", + "description": "The time after a user logs off when WorkSpaces are automatically stopped. Configured in 60-minute intervals.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userVolumeSizeGib": { + "type": "integer", + "description": "The size of the user storage.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "language": { + "nodejs": { + "requiredOutputs": [ + "runningModeAutoStopTimeoutInMinutes" + ] + } + } + }, + "aws:workspaces/getBundleComputeType:getBundleComputeType": { + "properties": { + "name": { + "type": "string", + "description": "The name of the bundle. You cannot combine this parameter with `bundle_id`.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "name" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:workspaces/getBundleRootStorage:getBundleRootStorage": { + "properties": { + "capacity": { + "type": "string", + "description": "The size of the user storage.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "capacity" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:workspaces/getBundleUserStorage:getBundleUserStorage": { + "properties": { + "capacity": { + "type": "string", + "description": "The size of the user storage.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "capacity" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:workspaces/getDirectorySelfServicePermission:getDirectorySelfServicePermission": { + "properties": { + "changeComputeType": { + "type": "boolean", + "description": "Whether WorkSpaces directory users can change the compute type (bundle) for their workspace.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "increaseVolumeSize": { + "type": "boolean", + "description": "Whether WorkSpaces directory users can increase the volume size of the drives on their workspace.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rebuildWorkspace": { + "type": "boolean", + "description": "Whether WorkSpaces directory users can rebuild the operating system of a workspace to its original state.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "restartWorkspace": { + "type": "boolean", + "description": "Whether WorkSpaces directory users can restart their workspace.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "switchRunningMode": { + "type": "boolean", + "description": "Whether WorkSpaces directory users can switch the running mode of their workspace.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "changeComputeType", + "increaseVolumeSize", + "rebuildWorkspace", + "restartWorkspace", + "switchRunningMode" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:workspaces/getDirectoryWorkspaceAccessProperty:getDirectoryWorkspaceAccessProperty": { + "properties": { + "deviceTypeAndroid": { + "type": "string", + "description": "(Optional) Indicates whether users can use Android devices to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeChromeos": { + "type": "string", + "description": "(Optional) Indicates whether users can use Chromebooks to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeIos": { + "type": "string", + "description": "(Optional) Indicates whether users can use iOS devices to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeOsx": { + "type": "string", + "description": "(Optional) Indicates whether users can use macOS clients to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeWeb": { + "type": "string", + "description": "(Optional) Indicates whether users can access their WorkSpaces through a web browser.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeWindows": { + "type": "string", + "description": "(Optional) Indicates whether users can use Windows clients to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "deviceTypeZeroclient": { + "type": "string", + "description": "(Optional) Indicates whether users can use zero client devices to access their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "deviceTypeAndroid", + "deviceTypeChromeos", + "deviceTypeIos", + "deviceTypeOsx", + "deviceTypeWeb", + "deviceTypeWindows", + "deviceTypeZeroclient" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:workspaces/getDirectoryWorkspaceCreationProperty:getDirectoryWorkspaceCreationProperty": { + "properties": { + "customSecurityGroupId": { + "type": "string", + "description": "The identifier of your custom security group. Should relate to the same VPC, where workspaces reside in.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "defaultOu": { + "type": "string", + "description": "The default organizational unit (OU) for your WorkSpace directories.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableInternetAccess": { + "type": "boolean", + "description": "Indicates whether internet access is enabled for your WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "enableMaintenanceMode": { + "type": "boolean", + "description": "Indicates whether maintenance mode is enabled for your WorkSpaces. For more information, see [WorkSpace Maintenance](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspace-maintenance.html).\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userEnabledAsLocalAdministrator": { + "type": "boolean", + "description": "Indicates whether users are local administrators of their WorkSpaces.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "customSecurityGroupId", + "defaultOu", + "enableInternetAccess", + "enableMaintenanceMode", + "userEnabledAsLocalAdministrator" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + }, + "aws:workspaces/getWorkspaceWorkspaceProperty:getWorkspaceWorkspaceProperty": { + "properties": { + "computeTypeName": { + "type": "string", + "description": "The compute type. For more information, see [Amazon WorkSpaces Bundles](http://aws.amazon.com/workspaces/details/#Amazon_WorkSpaces_Bundles). Valid values are `VALUE`, `STANDARD`, `PERFORMANCE`, `POWER`, `GRAPHICS`, `POWERPRO` and `GRAPHICSPRO`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "rootVolumeSizeGib": { + "type": "integer", + "description": "The size of the root volume.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "runningMode": { + "type": "string", + "description": "The running mode. For more information, see [Manage the WorkSpace Running Mode](https://docs.aws.amazon.com/workspaces/latest/adminguide/running-mode.html). Valid values are `AUTO_STOP` and `ALWAYS_ON`.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "runningModeAutoStopTimeoutInMinutes": { + "type": "integer", + "description": "The time after a user logs off when WorkSpaces are automatically stopped. Configured in 60-minute intervals.\n", + "language": { + "python": { + "mapCase": false + } + } + }, + "userVolumeSizeGib": { + "type": "integer", + "description": "The size of the user storage.\n", + "language": { + "python": { + "mapCase": false + } + } + } + }, + "type": "object", + "required": [ + "computeTypeName", + "rootVolumeSizeGib", + "runningMode", + "runningModeAutoStopTimeoutInMinutes", + "userVolumeSizeGib" + ], + "language": { + "nodejs": { + "requiredInputs": [] + } + } + } + }, + "provider": { + "description": "The provider type for the aws package. By default, resources use package-wide configuration\nsettings, however an explicit `Provider` instance may be created and passed during resource\nconstruction to achieve fine-grained programmatic control over provider settings. See the\n[documentation](https://www.pulumi.com/docs/reference/programming-model/#providers) for more information.\n", + "properties": { + "accessKey": { + "type": "string", + "description": "The access key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.\n" + }, + "allowedAccountIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "assumeRole": { + "$ref": "#/types/aws:index/ProviderAssumeRole:ProviderAssumeRole" + }, + "defaultTags": { + "$ref": "#/types/aws:index/ProviderDefaultTags:ProviderDefaultTags", + "description": "Configuration block with settings to default resource tags across all resources.\n" + }, + "endpoints": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/ProviderEndpoint:ProviderEndpoint" + } + }, + "forbiddenAccountIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "ignoreTags": { + "$ref": "#/types/aws:index/ProviderIgnoreTags:ProviderIgnoreTags", + "description": "Configuration block with settings to ignore resource tags across all resources.\n" + }, + "insecure": { + "type": "boolean", + "description": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted,default value is `false`\n" + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.\n" + }, + "profile": { + "type": "string", + "description": "The profile for API operations. If not set, the default profile created with `aws configure` will be used.\n" + }, + "region": { + "type": "string", + "$ref": "#/types/aws:index/region:Region", + "description": "The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc.\n" + }, + "s3ForcePathStyle": { + "type": "boolean", + "description": "Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By\ndefault, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY).\nSpecific to the Amazon S3 service.\n" + }, + "secretKey": { + "type": "string", + "description": "The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.\n" + }, + "sharedCredentialsFile": { + "type": "string", + "description": "The path to the shared credentials file. If not set this defaults to ~/.aws/credentials.\n" + }, + "skipCredentialsValidation": { + "type": "boolean", + "description": "Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS\navailable/implemented.\n" + }, + "skipGetEc2Platforms": { + "type": "boolean", + "description": "Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.\n" + }, + "skipMetadataApiCheck": { + "type": "boolean" + }, + "skipRegionValidation": { + "type": "boolean", + "description": "Skip static validation of region name. Used by users of alternative AWS-like APIs or users w/ access to regions that are\nnot public (yet).\n" + }, + "skipRequestingAccountId": { + "type": "boolean", + "description": "Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.\n" + }, + "token": { + "type": "string", + "description": "session token. A session token is only required if you are using temporary security credentials.\n" + } + }, + "inputProperties": { + "accessKey": { + "type": "string", + "description": "The access key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.\n" + }, + "allowedAccountIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "assumeRole": { + "$ref": "#/types/aws:index/ProviderAssumeRole:ProviderAssumeRole" + }, + "defaultTags": { + "$ref": "#/types/aws:index/ProviderDefaultTags:ProviderDefaultTags", + "description": "Configuration block with settings to default resource tags across all resources.\n" + }, + "endpoints": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/ProviderEndpoint:ProviderEndpoint" + } + }, + "forbiddenAccountIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "ignoreTags": { + "$ref": "#/types/aws:index/ProviderIgnoreTags:ProviderIgnoreTags", + "description": "Configuration block with settings to ignore resource tags across all resources.\n" + }, + "insecure": { + "type": "boolean", + "description": "Explicitly allow the provider to perform \"insecure\" SSL requests. If omitted,default value is `false`\n" + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of times an AWS API request is being executed. If the API request still fails, an error is thrown.\n" + }, + "profile": { + "type": "string", + "description": "The profile for API operations. If not set, the default profile created with `aws configure` will be used.\n", + "defaultInfo": { + "environment": [ + "AWS_PROFILE" + ] + } + }, + "region": { + "type": "string", + "$ref": "#/types/aws:index/region:Region", + "description": "The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc.\n", + "defaultInfo": { + "environment": [ + "AWS_REGION", + "AWS_DEFAULT_REGION" + ] + } + }, + "s3ForcePathStyle": { + "type": "boolean", + "description": "Set this to true to force the request to use path-style addressing, i.e., http://s3.amazonaws.com/BUCKET/KEY. By\ndefault, the S3 client will use virtual hosted bucket addressing when possible (http://BUCKET.s3.amazonaws.com/KEY).\nSpecific to the Amazon S3 service.\n" + }, + "secretKey": { + "type": "string", + "description": "The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.\n" + }, + "sharedCredentialsFile": { + "type": "string", + "description": "The path to the shared credentials file. If not set this defaults to ~/.aws/credentials.\n" + }, + "skipCredentialsValidation": { + "type": "boolean", + "description": "Skip the credentials validation via STS API. Used for AWS API implementations that do not have STS\navailable/implemented.\n", + "default": true + }, + "skipGetEc2Platforms": { + "type": "boolean", + "description": "Skip getting the supported EC2 platforms. Used by users that don't have ec2:DescribeAccountAttributes permissions.\n", + "default": true + }, + "skipMetadataApiCheck": { + "type": "boolean", + "default": true + }, + "skipRegionValidation": { + "type": "boolean", + "description": "Skip static validation of region name. Used by users of alternative AWS-like APIs or users w/ access to regions that are\nnot public (yet).\n", + "default": true + }, + "skipRequestingAccountId": { + "type": "boolean", + "description": "Skip requesting the account ID. Used for AWS API implementations that do not have IAM/STS API and/or metadata API.\n" + }, + "token": { + "type": "string", + "description": "session token. A session token is only required if you are using temporary security credentials.\n" + } + } + }, + "resources": { + "aws:accessanalyzer/analyzer:Analyzer": { + "description": "Manages an Access Analyzer Analyzer. More information can be found in the [Access Analyzer User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Account Analyzer\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.accessanalyzer.Analyzer(\"example\", {\n analyzerName: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.accessanalyzer.Analyzer(\"example\", analyzer_name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AccessAnalyzer.Analyzer(\"example\", new Aws.AccessAnalyzer.AnalyzerArgs\n {\n AnalyzerName = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/accessanalyzer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accessanalyzer.NewAnalyzer(ctx, \"example\", &accessanalyzer.AnalyzerArgs{\n\t\t\tAnalyzerName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Organization Analyzer\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleOrganization = new aws.organizations.Organization(\"exampleOrganization\", {awsServiceAccessPrincipals: [\"access-analyzer.amazonaws.com\"]});\nconst exampleAnalyzer = new aws.accessanalyzer.Analyzer(\"exampleAnalyzer\", {\n analyzerName: \"example\",\n type: \"ORGANIZATION\",\n}, {\n dependsOn: [exampleOrganization],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_organization = aws.organizations.Organization(\"exampleOrganization\", aws_service_access_principals=[\"access-analyzer.amazonaws.com\"])\nexample_analyzer = aws.accessanalyzer.Analyzer(\"exampleAnalyzer\",\n analyzer_name=\"example\",\n type=\"ORGANIZATION\",\n opts=pulumi.ResourceOptions(depends_on=[example_organization]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleOrganization = new Aws.Organizations.Organization(\"exampleOrganization\", new Aws.Organizations.OrganizationArgs\n {\n AwsServiceAccessPrincipals = \n {\n \"access-analyzer.amazonaws.com\",\n },\n });\n var exampleAnalyzer = new Aws.AccessAnalyzer.Analyzer(\"exampleAnalyzer\", new Aws.AccessAnalyzer.AnalyzerArgs\n {\n AnalyzerName = \"example\",\n Type = \"ORGANIZATION\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleOrganization,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/accessanalyzer\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleOrganization, err := organizations.NewOrganization(ctx, \"exampleOrganization\", &organizations.OrganizationArgs{\n\t\t\tAwsServiceAccessPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"access-analyzer.amazonaws.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accessanalyzer.NewAnalyzer(ctx, \"exampleAnalyzer\", &accessanalyzer.AnalyzerArgs{\n\t\t\tAnalyzerName: pulumi.String(\"example\"),\n\t\t\tType: pulumi.String(\"ORGANIZATION\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleOrganization,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAccess Analyzer Analyzers can be imported using the `analyzer_name`, e.g.\n\n```sh\n $ pulumi import aws:accessanalyzer/analyzer:Analyzer example example\n```\n\n ", + "properties": { + "analyzerName": { + "type": "string", + "description": "Name of the Analyzer.\n" + }, + "arn": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Type of Analyzer. Valid values are `ACCOUNT` or `ORGANIZATION`. Defaults to `ACCOUNT`.\n" + } + }, + "required": [ + "analyzerName", + "arn", + "tagsAll" + ], + "inputProperties": { + "analyzerName": { + "type": "string", + "description": "Name of the Analyzer.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Type of Analyzer. Valid values are `ACCOUNT` or `ORGANIZATION`. Defaults to `ACCOUNT`.\n" + } + }, + "requiredInputs": [ + "analyzerName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Analyzer resources.\n", + "properties": { + "analyzerName": { + "type": "string", + "description": "Name of the Analyzer.\n" + }, + "arn": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Type of Analyzer. Valid values are `ACCOUNT` or `ORGANIZATION`. Defaults to `ACCOUNT`.\n" + } + }, + "type": "object" + } + }, + "aws:acm/certificate:Certificate": { + "description": "The ACM certificate resource allows requesting and management of certificates\nfrom the Amazon Certificate Manager.\n\nIt deals with requesting certificates and managing their attributes and life-cycle.\nThis resource does not deal with validation of a certificate but can provide inputs\nfor other resources implementing the validation. It does not wait for a certificate to be issued.\nUse a `aws.acm.CertificateValidation` resource for this.\n\nMost commonly, this resource is used together with `aws.route53.Record` and\n`aws.acm.CertificateValidation` to request a DNS validated certificate,\ndeploy the required validation records and wait for validation to complete.\n\nDomain validation through E-Mail is also supported but should be avoided as it requires a manual step outside\nof this provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Create Certificate\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cert = new aws.acm.Certificate(\"cert\", {\n domainName: \"example.com\",\n tags: {\n Environment: \"test\",\n },\n validationMethod: \"DNS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncert = aws.acm.Certificate(\"cert\",\n domain_name=\"example.com\",\n tags={\n \"Environment\": \"test\",\n },\n validation_method=\"DNS\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cert = new Aws.Acm.Certificate(\"cert\", new Aws.Acm.CertificateArgs\n {\n DomainName = \"example.com\",\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n ValidationMethod = \"DNS\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acm.NewCertificate(ctx, \"cert\", &acm.CertificateArgs{\n\t\t\tDomainName: pulumi.String(\"example.com\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tValidationMethod: pulumi.String(\"DNS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Existing Certificate Body Import\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as tls from \"@pulumi/tls\";\n\nconst examplePrivateKey = new tls.PrivateKey(\"examplePrivateKey\", {algorithm: \"RSA\"});\nconst exampleSelfSignedCert = new tls.SelfSignedCert(\"exampleSelfSignedCert\", {\n keyAlgorithm: \"RSA\",\n privateKeyPem: examplePrivateKey.privateKeyPem,\n subjects: [{\n commonName: \"example.com\",\n organization: \"ACME Examples, Inc\",\n }],\n validityPeriodHours: 12,\n allowedUses: [\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ],\n});\nconst cert = new aws.acm.Certificate(\"cert\", {\n privateKey: examplePrivateKey.privateKeyPem,\n certificateBody: exampleSelfSignedCert.certPem,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_tls as tls\n\nexample_private_key = tls.PrivateKey(\"examplePrivateKey\", algorithm=\"RSA\")\nexample_self_signed_cert = tls.SelfSignedCert(\"exampleSelfSignedCert\",\n key_algorithm=\"RSA\",\n private_key_pem=example_private_key.private_key_pem,\n subjects=[tls.SelfSignedCertSubjectArgs(\n common_name=\"example.com\",\n organization=\"ACME Examples, Inc\",\n )],\n validity_period_hours=12,\n allowed_uses=[\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n ])\ncert = aws.acm.Certificate(\"cert\",\n private_key=example_private_key.private_key_pem,\n certificate_body=example_self_signed_cert.cert_pem)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Tls = Pulumi.Tls;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplePrivateKey = new Tls.PrivateKey(\"examplePrivateKey\", new Tls.PrivateKeyArgs\n {\n Algorithm = \"RSA\",\n });\n var exampleSelfSignedCert = new Tls.SelfSignedCert(\"exampleSelfSignedCert\", new Tls.SelfSignedCertArgs\n {\n KeyAlgorithm = \"RSA\",\n PrivateKeyPem = examplePrivateKey.PrivateKeyPem,\n Subjects = \n {\n new Tls.Inputs.SelfSignedCertSubjectArgs\n {\n CommonName = \"example.com\",\n Organization = \"ACME Examples, Inc\",\n },\n },\n ValidityPeriodHours = 12,\n AllowedUses = \n {\n \"key_encipherment\",\n \"digital_signature\",\n \"server_auth\",\n },\n });\n var cert = new Aws.Acm.Certificate(\"cert\", new Aws.Acm.CertificateArgs\n {\n PrivateKey = examplePrivateKey.PrivateKeyPem,\n CertificateBody = exampleSelfSignedCert.CertPem,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acm\"\n\t\"github.com/pulumi/pulumi-tls/sdk/v4/go/tls\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplePrivateKey, err := tls.NewPrivateKey(ctx, \"examplePrivateKey\", &tls.PrivateKeyArgs{\n\t\t\tAlgorithm: pulumi.String(\"RSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSelfSignedCert, err := tls.NewSelfSignedCert(ctx, \"exampleSelfSignedCert\", &tls.SelfSignedCertArgs{\n\t\t\tKeyAlgorithm: pulumi.String(\"RSA\"),\n\t\t\tPrivateKeyPem: examplePrivateKey.PrivateKeyPem,\n\t\t\tSubjects: SelfSignedCertSubjectArray{\n\t\t\t\t&SelfSignedCertSubjectArgs{\n\t\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\t\tOrganization: pulumi.String(\"ACME Examples, Inc\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tValidityPeriodHours: pulumi.Int(12),\n\t\t\tAllowedUses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"key_encipherment\"),\n\t\t\t\tpulumi.String(\"digital_signature\"),\n\t\t\t\tpulumi.String(\"server_auth\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acm.NewCertificate(ctx, \"cert\", &acm.CertificateArgs{\n\t\t\tPrivateKey: examplePrivateKey.PrivateKeyPem,\n\t\t\tCertificateBody: exampleSelfSignedCert.CertPem,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCertificates can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:acm/certificate:Certificate cert arn:aws:acm:eu-central-1:123456789012:certificate/7e7a28d2-163f-4b8f-b9cd-822f96c08d6a\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the certificate\n" + }, + "certificateAuthorityArn": { + "type": "string", + "description": "ARN of an ACM PCA\n" + }, + "certificateBody": { + "type": "string", + "description": "The certificate's PEM-formatted public key\n" + }, + "certificateChain": { + "type": "string", + "description": "The certificate's PEM-formatted chain\n* Creating a private CA issued certificate\n" + }, + "domainName": { + "type": "string", + "description": "A domain name for which the certificate should be issued\n" + }, + "domainValidationOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:acm/CertificateDomainValidationOption:CertificateDomainValidationOption" + }, + "description": "Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if `DNS`-validation was used.\n" + }, + "options": { + "$ref": "#/types/aws:acm/CertificateOptions:CertificateOptions", + "description": "Configuration block used to set certificate options. Detailed below.\n* Importing an existing certificate\n" + }, + "privateKey": { + "type": "string", + "description": "The certificate's PEM-formatted private key\n" + }, + "status": { + "type": "string", + "description": "Status of the certificate.\n" + }, + "subjectAlternativeNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list (`[]`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource..\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "validationEmails": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of addresses that received a validation E-Mail. Only set if `EMAIL`-validation was used.\n" + }, + "validationMethod": { + "type": "string", + "description": "Which method to use for validation. `DNS` or `EMAIL` are valid, `NONE` can be used for certificates that were imported into ACM and then into the provider.\n" + } + }, + "required": [ + "arn", + "domainName", + "domainValidationOptions", + "status", + "subjectAlternativeNames", + "tagsAll", + "validationEmails", + "validationMethod" + ], + "inputProperties": { + "certificateAuthorityArn": { + "type": "string", + "description": "ARN of an ACM PCA\n" + }, + "certificateBody": { + "type": "string", + "description": "The certificate's PEM-formatted public key\n" + }, + "certificateChain": { + "type": "string", + "description": "The certificate's PEM-formatted chain\n* Creating a private CA issued certificate\n" + }, + "domainName": { + "type": "string", + "description": "A domain name for which the certificate should be issued\n" + }, + "options": { + "$ref": "#/types/aws:acm/CertificateOptions:CertificateOptions", + "description": "Configuration block used to set certificate options. Detailed below.\n* Importing an existing certificate\n" + }, + "privateKey": { + "type": "string", + "description": "The certificate's PEM-formatted private key\n" + }, + "subjectAlternativeNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list (`[]`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource..\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "validationMethod": { + "type": "string", + "description": "Which method to use for validation. `DNS` or `EMAIL` are valid, `NONE` can be used for certificates that were imported into ACM and then into the provider.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Certificate resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the certificate\n" + }, + "certificateAuthorityArn": { + "type": "string", + "description": "ARN of an ACM PCA\n" + }, + "certificateBody": { + "type": "string", + "description": "The certificate's PEM-formatted public key\n" + }, + "certificateChain": { + "type": "string", + "description": "The certificate's PEM-formatted chain\n* Creating a private CA issued certificate\n" + }, + "domainName": { + "type": "string", + "description": "A domain name for which the certificate should be issued\n" + }, + "domainValidationOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:acm/CertificateDomainValidationOption:CertificateDomainValidationOption" + }, + "description": "Set of domain validation objects which can be used to complete certificate validation. Can have more than one element, e.g. if SANs are defined. Only set if `DNS`-validation was used.\n" + }, + "options": { + "$ref": "#/types/aws:acm/CertificateOptions:CertificateOptions", + "description": "Configuration block used to set certificate options. Detailed below.\n* Importing an existing certificate\n" + }, + "privateKey": { + "type": "string", + "description": "The certificate's PEM-formatted private key\n" + }, + "status": { + "type": "string", + "description": "Status of the certificate.\n" + }, + "subjectAlternativeNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of domains that should be SANs in the issued certificate. To remove all elements of a previously configured list, set this value equal to an empty list (`[]`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource..\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "validationEmails": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of addresses that received a validation E-Mail. Only set if `EMAIL`-validation was used.\n" + }, + "validationMethod": { + "type": "string", + "description": "Which method to use for validation. `DNS` or `EMAIL` are valid, `NONE` can be used for certificates that were imported into ACM and then into the provider.\n" + } + }, + "type": "object" + } + }, + "aws:acm/certificateValidation:CertificateValidation": { + "description": "This resource represents a successful validation of an ACM certificate in concert\nwith other resources.\n\nMost commonly, this resource is used together with `aws.route53.Record` and\n`aws.acm.Certificate` to request a DNS validated certificate,\ndeploy the required validation records and wait for validation to complete.\n\n> **WARNING:** This resource implements a part of the validation workflow. It does not represent a real-world entity in AWS, therefore changing or deleting this resource on its own has no immediate effect.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Email Validation\n\nIn this situation, the resource is simply a waiter for manual email approval of ACM certificates.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleCertificate = new aws.acm.Certificate(\"exampleCertificate\", {\n domainName: \"example.com\",\n validationMethod: \"EMAIL\",\n});\nconst exampleCertificateValidation = new aws.acm.CertificateValidation(\"exampleCertificateValidation\", {certificateArn: exampleCertificate.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_certificate = aws.acm.Certificate(\"exampleCertificate\",\n domain_name=\"example.com\",\n validation_method=\"EMAIL\")\nexample_certificate_validation = aws.acm.CertificateValidation(\"exampleCertificateValidation\", certificate_arn=example_certificate.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleCertificate = new Aws.Acm.Certificate(\"exampleCertificate\", new Aws.Acm.CertificateArgs\n {\n DomainName = \"example.com\",\n ValidationMethod = \"EMAIL\",\n });\n var exampleCertificateValidation = new Aws.Acm.CertificateValidation(\"exampleCertificateValidation\", new Aws.Acm.CertificateValidationArgs\n {\n CertificateArn = exampleCertificate.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCertificate, err := acm.NewCertificate(ctx, \"exampleCertificate\", &acm.CertificateArgs{\n\t\t\tDomainName: pulumi.String(\"example.com\"),\n\t\t\tValidationMethod: pulumi.String(\"EMAIL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acm.NewCertificateValidation(ctx, \"exampleCertificateValidation\", &acm.CertificateValidationArgs{\n\t\t\tCertificateArn: exampleCertificate.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate that is being validated.\n" + }, + "validationRecordFqdns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation\n" + } + }, + "required": [ + "certificateArn" + ], + "inputProperties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate that is being validated.\n" + }, + "validationRecordFqdns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation\n" + } + }, + "requiredInputs": [ + "certificateArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CertificateValidation resources.\n", + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate that is being validated.\n" + }, + "validationRecordFqdns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of FQDNs that implement the validation. Only valid for DNS validation method ACM certificates. If this is set, the resource can implement additional sanity checks and has an explicit dependency on the resource that is implementing the validation\n" + } + }, + "type": "object" + } + }, + "aws:acmpca/certificate:Certificate": { + "description": "Provides a resource to issue a certificate using AWS Certificate Manager Private Certificate Authority (ACM PCA).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as tls from \"@pulumi/tls\";\n\nconst exampleCertificateAuthority = new aws.acmpca.CertificateAuthority(\"exampleCertificateAuthority\", {\n privateCertificateConfiguration: [{\n keyAlgorithm: \"RSA_4096\",\n signingAlgorithm: \"SHA512WITHRSA\",\n subject: [{\n commonName: \"example.com\",\n }],\n }],\n permanentDeletionTimeInDays: 7,\n});\nconst key = new tls.PrivateKey(\"key\", {algorithm: \"RSA\"});\nconst csr = new tls.CertRequest(\"csr\", {\n keyAlgorithm: \"RSA\",\n privateKeyPem: key.privateKeyPem,\n subjects: [{\n commonName: \"example\",\n }],\n});\nconst exampleCertificate = new aws.acmpca.Certificate(\"exampleCertificate\", {\n certificateAuthorityArn: exampleCertificateAuthority.arn,\n certificateSigningRequest: csr.certRequestPem,\n signingAlgorithm: \"SHA256WITHRSA\",\n validity: {\n type: \"YEARS\",\n value: 1,\n },\n});\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_acmpca_certificate` can not be imported at this time. ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate.\n" + }, + "certificate": { + "type": "string", + "description": "The PEM-encoded certificate value.\n", + "language": { + "csharp": { + "name": "CertificateDetails" + } + } + }, + "certificateAuthorityArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate authority.\n" + }, + "certificateChain": { + "type": "string", + "description": "The PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.\n" + }, + "certificateSigningRequest": { + "type": "string", + "description": "Certificate Signing Request in PEM format.\n" + }, + "signingAlgorithm": { + "type": "string", + "description": "Algorithm to use to sign certificate requests. Valid values: `SHA256WITHRSA`, `SHA256WITHECDSA`, `SHA384WITHRSA`, `SHA384WITHECDSA`, `SHA512WITHRSA`, `SHA512WITHECDSA`\n" + }, + "templateArn": { + "type": "string", + "description": "The template to use when issuing a certificate. See [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html) for more information.\n" + }, + "validity": { + "$ref": "#/types/aws:acmpca/CertificateValidity:CertificateValidity", + "description": "Configures end of the validity period for the certificate. See validity block below.\n" + } + }, + "required": [ + "arn", + "certificate", + "certificateAuthorityArn", + "certificateChain", + "certificateSigningRequest", + "signingAlgorithm", + "validity" + ], + "inputProperties": { + "certificateAuthorityArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate authority.\n" + }, + "certificateSigningRequest": { + "type": "string", + "description": "Certificate Signing Request in PEM format.\n" + }, + "signingAlgorithm": { + "type": "string", + "description": "Algorithm to use to sign certificate requests. Valid values: `SHA256WITHRSA`, `SHA256WITHECDSA`, `SHA384WITHRSA`, `SHA384WITHECDSA`, `SHA512WITHRSA`, `SHA512WITHECDSA`\n" + }, + "templateArn": { + "type": "string", + "description": "The template to use when issuing a certificate. See [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html) for more information.\n" + }, + "validity": { + "$ref": "#/types/aws:acmpca/CertificateValidity:CertificateValidity", + "description": "Configures end of the validity period for the certificate. See validity block below.\n" + } + }, + "requiredInputs": [ + "certificateAuthorityArn", + "certificateSigningRequest", + "signingAlgorithm", + "validity" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Certificate resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate.\n" + }, + "certificate": { + "type": "string", + "description": "The PEM-encoded certificate value.\n", + "language": { + "csharp": { + "name": "CertificateDetails" + } + } + }, + "certificateAuthorityArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate authority.\n" + }, + "certificateChain": { + "type": "string", + "description": "The PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.\n" + }, + "certificateSigningRequest": { + "type": "string", + "description": "Certificate Signing Request in PEM format.\n" + }, + "signingAlgorithm": { + "type": "string", + "description": "Algorithm to use to sign certificate requests. Valid values: `SHA256WITHRSA`, `SHA256WITHECDSA`, `SHA384WITHRSA`, `SHA384WITHECDSA`, `SHA512WITHRSA`, `SHA512WITHECDSA`\n" + }, + "templateArn": { + "type": "string", + "description": "The template to use when issuing a certificate. See [ACM PCA Documentation](https://docs.aws.amazon.com/acm-pca/latest/userguide/UsingTemplates.html) for more information.\n" + }, + "validity": { + "$ref": "#/types/aws:acmpca/CertificateValidity:CertificateValidity", + "description": "Configures end of the validity period for the certificate. See validity block below.\n" + } + }, + "type": "object" + } + }, + "aws:acmpca/certificateAuthority:CertificateAuthority": { + "description": "Provides a resource to manage AWS Certificate Manager Private Certificate Authorities (ACM PCA Certificate Authorities).\n\n> **NOTE:** Creating this resource will leave the certificate authority in a `PENDING_CERTIFICATE` status, which means it cannot yet issue certificates. To complete this setup, you must fully sign the certificate authority CSR available in the `certificate_signing_request` attribute and import the signed certificate using the AWS SDK, CLI or Console. This provider can support another resource to manage that workflow automatically in the future.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.acmpca.CertificateAuthority(\"example\", {\n certificateAuthorityConfiguration: {\n keyAlgorithm: \"RSA_4096\",\n signingAlgorithm: \"SHA512WITHRSA\",\n subject: {\n commonName: \"example.com\",\n },\n },\n permanentDeletionTimeInDays: 7,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.acmpca.CertificateAuthority(\"example\",\n certificate_authority_configuration=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(\n key_algorithm=\"RSA_4096\",\n signing_algorithm=\"SHA512WITHRSA\",\n subject=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(\n common_name=\"example.com\",\n ),\n ),\n permanent_deletion_time_in_days=7)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Acmpca.CertificateAuthority(\"example\", new Aws.Acmpca.CertificateAuthorityArgs\n {\n CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs\n {\n KeyAlgorithm = \"RSA_4096\",\n SigningAlgorithm = \"SHA512WITHRSA\",\n Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs\n {\n CommonName = \"example.com\",\n },\n },\n PermanentDeletionTimeInDays = 7,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acmpca\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acmpca.NewCertificateAuthority(ctx, \"example\", &acmpca.CertificateAuthorityArgs{\n\t\t\tCertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{\n\t\t\t\tKeyAlgorithm: pulumi.String(\"RSA_4096\"),\n\t\t\t\tSigningAlgorithm: pulumi.String(\"SHA512WITHRSA\"),\n\t\t\t\tSubject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{\n\t\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPermanentDeletionTimeInDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Enable Certificate Revocation List\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {});\nconst acmpcaBucketAccess = pulumi.all([exampleBucket.arn, exampleBucket.arn]).apply(([exampleBucketArn, exampleBucketArn1]) => aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"s3:GetBucketAcl\",\n \"s3:GetBucketLocation\",\n \"s3:PutObject\",\n \"s3:PutObjectAcl\",\n ],\n resources: [\n exampleBucketArn,\n `${exampleBucketArn1}/*`,\n ],\n principals: [{\n identifiers: [\"acm-pca.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n}));\nconst exampleBucketPolicy = new aws.s3.BucketPolicy(\"exampleBucketPolicy\", {\n bucket: exampleBucket.id,\n policy: acmpcaBucketAccess.apply(acmpcaBucketAccess => acmpcaBucketAccess.json),\n});\nconst exampleCertificateAuthority = new aws.acmpca.CertificateAuthority(\"exampleCertificateAuthority\", {\n certificateAuthorityConfiguration: {\n keyAlgorithm: \"RSA_4096\",\n signingAlgorithm: \"SHA512WITHRSA\",\n subject: {\n commonName: \"example.com\",\n },\n },\n revocationConfiguration: {\n crlConfiguration: {\n customCname: \"crl.example.com\",\n enabled: true,\n expirationInDays: 7,\n s3BucketName: exampleBucket.id,\n },\n },\n}, {\n dependsOn: [exampleBucketPolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3.Bucket(\"exampleBucket\")\nacmpca_bucket_access = pulumi.Output.all(example_bucket.arn, example_bucket.arn).apply(lambda exampleBucketArn, exampleBucketArn1: aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"s3:GetBucketAcl\",\n \"s3:GetBucketLocation\",\n \"s3:PutObject\",\n \"s3:PutObjectAcl\",\n ],\n resources=[\n example_bucket_arn,\n f\"{example_bucket_arn1}/*\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"acm-pca.amazonaws.com\"],\n type=\"Service\",\n )],\n)]))\nexample_bucket_policy = aws.s3.BucketPolicy(\"exampleBucketPolicy\",\n bucket=example_bucket.id,\n policy=acmpca_bucket_access.json)\nexample_certificate_authority = aws.acmpca.CertificateAuthority(\"exampleCertificateAuthority\",\n certificate_authority_configuration=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(\n key_algorithm=\"RSA_4096\",\n signing_algorithm=\"SHA512WITHRSA\",\n subject=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(\n common_name=\"example.com\",\n ),\n ),\n revocation_configuration=aws.acmpca.CertificateAuthorityRevocationConfigurationArgs(\n crl_configuration=aws.acmpca.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs(\n custom_cname=\"crl.example.com\",\n enabled=True,\n expiration_in_days=7,\n s3_bucket_name=example_bucket.id,\n ),\n ),\n opts=pulumi.ResourceOptions(depends_on=[example_bucket_policy]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n });\n var acmpcaBucketAccess = Output.Tuple(exampleBucket.Arn, exampleBucket.Arn).Apply(values =>\n {\n var exampleBucketArn = values.Item1;\n var exampleBucketArn1 = values.Item2;\n return Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"s3:GetBucketAcl\",\n \"s3:GetBucketLocation\",\n \"s3:PutObject\",\n \"s3:PutObjectAcl\",\n },\n Resources = \n {\n exampleBucketArn,\n $\"{exampleBucketArn1}/*\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Identifiers = \n {\n \"acm-pca.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n });\n });\n var exampleBucketPolicy = new Aws.S3.BucketPolicy(\"exampleBucketPolicy\", new Aws.S3.BucketPolicyArgs\n {\n Bucket = exampleBucket.Id,\n Policy = acmpcaBucketAccess.Apply(acmpcaBucketAccess => acmpcaBucketAccess.Json),\n });\n var exampleCertificateAuthority = new Aws.Acmpca.CertificateAuthority(\"exampleCertificateAuthority\", new Aws.Acmpca.CertificateAuthorityArgs\n {\n CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs\n {\n KeyAlgorithm = \"RSA_4096\",\n SigningAlgorithm = \"SHA512WITHRSA\",\n Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs\n {\n CommonName = \"example.com\",\n },\n },\n RevocationConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationArgs\n {\n CrlConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs\n {\n CustomCname = \"crl.example.com\",\n Enabled = true,\n ExpirationInDays = 7,\n S3BucketName = exampleBucket.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleBucketPolicy,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acmpca\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketPolicy, err := s3.NewBucketPolicy(ctx, \"exampleBucketPolicy\", &s3.BucketPolicyArgs{\n\t\t\tBucket: exampleBucket.ID(),\n\t\t\tPolicy: acmpcaBucketAccess.ApplyT(func(acmpcaBucketAccess iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn acmpcaBucketAccess.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acmpca.NewCertificateAuthority(ctx, \"exampleCertificateAuthority\", &acmpca.CertificateAuthorityArgs{\n\t\t\tCertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{\n\t\t\t\tKeyAlgorithm: pulumi.String(\"RSA_4096\"),\n\t\t\t\tSigningAlgorithm: pulumi.String(\"SHA512WITHRSA\"),\n\t\t\t\tSubject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{\n\t\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRevocationConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationArgs{\n\t\t\t\tCrlConfiguration: &acmpca.CertificateAuthorityRevocationConfigurationCrlConfigurationArgs{\n\t\t\t\t\tCustomCname: pulumi.String(\"crl.example.com\"),\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tExpirationInDays: pulumi.Int(7),\n\t\t\t\t\tS3BucketName: exampleBucket.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleBucketPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_acmpca_certificate_authority` can be imported by using the certificate authority Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:acmpca/certificateAuthority:CertificateAuthority example arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate authority.\n" + }, + "certificate": { + "type": "string", + "description": "Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.\n" + }, + "certificateAuthorityConfiguration": { + "$ref": "#/types/aws:acmpca/CertificateAuthorityCertificateAuthorityConfiguration:CertificateAuthorityCertificateAuthorityConfiguration", + "description": "Nested argument containing algorithms and certificate subject information. Defined below.\n" + }, + "certificateChain": { + "type": "string", + "description": "Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.\n" + }, + "certificateSigningRequest": { + "type": "string", + "description": "The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.\n" + }, + "enabled": { + "type": "boolean", + "description": "Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`.\n" + }, + "notAfter": { + "type": "string", + "description": "Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.\n" + }, + "notBefore": { + "type": "string", + "description": "Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.\n" + }, + "permanentDeletionTimeInDays": { + "type": "integer", + "description": "The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.\n" + }, + "revocationConfiguration": { + "$ref": "#/types/aws:acmpca/CertificateAuthorityRevocationConfiguration:CertificateAuthorityRevocationConfiguration", + "description": "Nested argument containing revocation configuration. Defined below.\n" + }, + "serial": { + "type": "string", + "description": "Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.\n" + }, + "status": { + "type": "string", + "description": "Status of the certificate authority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Specifies a key-value map of user-defined tags that are attached to the certificate authority. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`.\n" + } + }, + "required": [ + "arn", + "certificate", + "certificateAuthorityConfiguration", + "certificateChain", + "certificateSigningRequest", + "notAfter", + "notBefore", + "serial", + "status", + "tagsAll" + ], + "inputProperties": { + "certificateAuthorityConfiguration": { + "$ref": "#/types/aws:acmpca/CertificateAuthorityCertificateAuthorityConfiguration:CertificateAuthorityCertificateAuthorityConfiguration", + "description": "Nested argument containing algorithms and certificate subject information. Defined below.\n" + }, + "enabled": { + "type": "boolean", + "description": "Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`.\n" + }, + "permanentDeletionTimeInDays": { + "type": "integer", + "description": "The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.\n" + }, + "revocationConfiguration": { + "$ref": "#/types/aws:acmpca/CertificateAuthorityRevocationConfiguration:CertificateAuthorityRevocationConfiguration", + "description": "Nested argument containing revocation configuration. Defined below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Specifies a key-value map of user-defined tags that are attached to the certificate authority. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`.\n" + } + }, + "requiredInputs": [ + "certificateAuthorityConfiguration" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CertificateAuthority resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate authority.\n" + }, + "certificate": { + "type": "string", + "description": "Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.\n" + }, + "certificateAuthorityConfiguration": { + "$ref": "#/types/aws:acmpca/CertificateAuthorityCertificateAuthorityConfiguration:CertificateAuthorityCertificateAuthorityConfiguration", + "description": "Nested argument containing algorithms and certificate subject information. Defined below.\n" + }, + "certificateChain": { + "type": "string", + "description": "Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.\n" + }, + "certificateSigningRequest": { + "type": "string", + "description": "The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.\n" + }, + "enabled": { + "type": "boolean", + "description": "Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. Defaults to `false`.\n" + }, + "notAfter": { + "type": "string", + "description": "Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.\n" + }, + "notBefore": { + "type": "string", + "description": "Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.\n" + }, + "permanentDeletionTimeInDays": { + "type": "integer", + "description": "The number of days to make a CA restorable after it has been deleted, must be between 7 to 30 days, with default to 30 days.\n" + }, + "revocationConfiguration": { + "$ref": "#/types/aws:acmpca/CertificateAuthorityRevocationConfiguration:CertificateAuthorityRevocationConfiguration", + "description": "Nested argument containing revocation configuration. Defined below.\n" + }, + "serial": { + "type": "string", + "description": "Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.\n" + }, + "status": { + "type": "string", + "description": "Status of the certificate authority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Specifies a key-value map of user-defined tags that are attached to the certificate authority. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of the certificate authority. Defaults to `SUBORDINATE`. Valid values: `ROOT` and `SUBORDINATE`.\n" + } + }, + "type": "object" + } + }, + "aws:acmpca/certificateAuthorityCertificate:CertificateAuthorityCertificate": { + "description": "Associates a certificate with an AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority). An ACM PCA Certificate Authority is unable to issue certificates until it has a certificate associated with it. A root level ACM PCA Certificate Authority is able to self-sign its own root certificate.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Self-Signed Root Certificate Authority Certificate\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleCertificateAuthority = new aws.acmpca.CertificateAuthority(\"exampleCertificateAuthority\", {\n type: \"ROOT\",\n certificateAuthorityConfiguration: {\n keyAlgorithm: \"RSA_4096\",\n signingAlgorithm: \"SHA512WITHRSA\",\n subject: {\n commonName: \"example.com\",\n },\n },\n});\nconst current = aws.getPartition({});\nconst exampleCertificate = new aws.acmpca.Certificate(\"exampleCertificate\", {\n certificateAuthorityArn: exampleCertificateAuthority.arn,\n certificateSigningRequest: exampleCertificateAuthority.certificateSigningRequest,\n signingAlgorithm: \"SHA512WITHRSA\",\n templateArn: current.then(current => `arn:${current.partition}:acm-pca:::template/RootCACertificate/V1`),\n validity: {\n type: \"YEARS\",\n value: 1,\n },\n});\nconst exampleCertificateAuthorityCertificate = new aws.acmpca.CertificateAuthorityCertificate(\"exampleCertificateAuthorityCertificate\", {\n certificateAuthorityArn: exampleCertificateAuthority.arn,\n certificate: exampleCertificate.certificate,\n certificateChain: exampleCertificate.certificateChain,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_certificate_authority = aws.acmpca.CertificateAuthority(\"exampleCertificateAuthority\",\n type=\"ROOT\",\n certificate_authority_configuration=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(\n key_algorithm=\"RSA_4096\",\n signing_algorithm=\"SHA512WITHRSA\",\n subject=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(\n common_name=\"example.com\",\n ),\n ))\ncurrent = aws.get_partition()\nexample_certificate = aws.acmpca.Certificate(\"exampleCertificate\",\n certificate_authority_arn=example_certificate_authority.arn,\n certificate_signing_request=example_certificate_authority.certificate_signing_request,\n signing_algorithm=\"SHA512WITHRSA\",\n template_arn=f\"arn:{current.partition}:acm-pca:::template/RootCACertificate/V1\",\n validity=aws.acmpca.CertificateValidityArgs(\n type=\"YEARS\",\n value=\"1\",\n ))\nexample_certificate_authority_certificate = aws.acmpca.CertificateAuthorityCertificate(\"exampleCertificateAuthorityCertificate\",\n certificate_authority_arn=example_certificate_authority.arn,\n certificate=example_certificate.certificate,\n certificate_chain=example_certificate.certificate_chain)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleCertificateAuthority = new Aws.Acmpca.CertificateAuthority(\"exampleCertificateAuthority\", new Aws.Acmpca.CertificateAuthorityArgs\n {\n Type = \"ROOT\",\n CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs\n {\n KeyAlgorithm = \"RSA_4096\",\n SigningAlgorithm = \"SHA512WITHRSA\",\n Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs\n {\n CommonName = \"example.com\",\n },\n },\n });\n var current = Output.Create(Aws.GetPartition.InvokeAsync());\n var exampleCertificate = new Aws.Acmpca.Certificate(\"exampleCertificate\", new Aws.Acmpca.CertificateArgs\n {\n CertificateAuthorityArn = exampleCertificateAuthority.Arn,\n CertificateSigningRequest = exampleCertificateAuthority.CertificateSigningRequest,\n SigningAlgorithm = \"SHA512WITHRSA\",\n TemplateArn = current.Apply(current => $\"arn:{current.Partition}:acm-pca:::template/RootCACertificate/V1\"),\n Validity = new Aws.Acmpca.Inputs.CertificateValidityArgs\n {\n Type = \"YEARS\",\n Value = \"1\",\n },\n });\n var exampleCertificateAuthorityCertificate = new Aws.Acmpca.CertificateAuthorityCertificate(\"exampleCertificateAuthorityCertificate\", new Aws.Acmpca.CertificateAuthorityCertificateArgs\n {\n CertificateAuthorityArn = exampleCertificateAuthority.Arn,\n Certificate = exampleCertificate.Certificate,\n CertificateChain = exampleCertificate.CertificateChain,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acmpca\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCertificateAuthority, err := acmpca.NewCertificateAuthority(ctx, \"exampleCertificateAuthority\", &acmpca.CertificateAuthorityArgs{\n\t\t\tType: pulumi.String(\"ROOT\"),\n\t\t\tCertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{\n\t\t\t\tKeyAlgorithm: pulumi.String(\"RSA_4096\"),\n\t\t\t\tSigningAlgorithm: pulumi.String(\"SHA512WITHRSA\"),\n\t\t\t\tSubject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{\n\t\t\t\t\tCommonName: pulumi.String(\"example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleCertificate, err := acmpca.NewCertificate(ctx, \"exampleCertificate\", &acmpca.CertificateArgs{\n\t\t\tCertificateAuthorityArn: exampleCertificateAuthority.Arn,\n\t\t\tCertificateSigningRequest: exampleCertificateAuthority.CertificateSigningRequest,\n\t\t\tSigningAlgorithm: pulumi.String(\"SHA512WITHRSA\"),\n\t\t\tTemplateArn: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"arn:\", current.Partition, \":acm-pca:::template/RootCACertificate/V1\")),\n\t\t\tValidity: &acmpca.CertificateValidityArgs{\n\t\t\t\tType: pulumi.String(\"YEARS\"),\n\t\t\t\tValue: pulumi.String(\"1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acmpca.NewCertificateAuthorityCertificate(ctx, \"exampleCertificateAuthorityCertificate\", &acmpca.CertificateAuthorityCertificateArgs{\n\t\t\tCertificateAuthorityArn: exampleCertificateAuthority.Arn,\n\t\t\tCertificate: exampleCertificate.Certificate,\n\t\t\tCertificateChain: exampleCertificate.CertificateChain,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Certificate for Subordinate Certificate Authority\n\nNote that the certificate for the subordinate certificate authority must be issued by the root certificate authority using a signing request from the subordinate certificate authority.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst subordinateCertificateAuthority = new aws.acmpca.CertificateAuthority(\"subordinateCertificateAuthority\", {\n type: \"SUBORDINATE\",\n certificateAuthorityConfiguration: {\n keyAlgorithm: \"RSA_2048\",\n signingAlgorithm: \"SHA512WITHRSA\",\n subject: {\n commonName: \"sub.example.com\",\n },\n },\n});\nconst rootCertificateAuthority = new aws.acmpca.CertificateAuthority(\"rootCertificateAuthority\", {});\n// ...\nconst current = aws.getPartition({});\nconst subordinateCertificate = new aws.acmpca.Certificate(\"subordinateCertificate\", {\n certificateAuthorityArn: rootCertificateAuthority.arn,\n certificateSigningRequest: subordinateCertificateAuthority.certificateSigningRequest,\n signingAlgorithm: \"SHA512WITHRSA\",\n templateArn: current.then(current => `arn:${current.partition}:acm-pca:::template/SubordinateCACertificate_PathLen0/V1`),\n validity: {\n type: \"YEARS\",\n value: 1,\n },\n});\nconst subordinateCertificateAuthorityCertificate = new aws.acmpca.CertificateAuthorityCertificate(\"subordinateCertificateAuthorityCertificate\", {\n certificateAuthorityArn: subordinateCertificateAuthority.arn,\n certificate: subordinateCertificate.certificate,\n certificateChain: subordinateCertificate.certificateChain,\n});\nconst rootCertificateAuthorityCertificate = new aws.acmpca.CertificateAuthorityCertificate(\"rootCertificateAuthorityCertificate\", {});\n// ...\nconst rootCertificate = new aws.acmpca.Certificate(\"rootCertificate\", {});\n// ...\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsubordinate_certificate_authority = aws.acmpca.CertificateAuthority(\"subordinateCertificateAuthority\",\n type=\"SUBORDINATE\",\n certificate_authority_configuration=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs(\n key_algorithm=\"RSA_2048\",\n signing_algorithm=\"SHA512WITHRSA\",\n subject=aws.acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs(\n common_name=\"sub.example.com\",\n ),\n ))\nroot_certificate_authority = aws.acmpca.CertificateAuthority(\"rootCertificateAuthority\")\n# ...\ncurrent = aws.get_partition()\nsubordinate_certificate = aws.acmpca.Certificate(\"subordinateCertificate\",\n certificate_authority_arn=root_certificate_authority.arn,\n certificate_signing_request=subordinate_certificate_authority.certificate_signing_request,\n signing_algorithm=\"SHA512WITHRSA\",\n template_arn=f\"arn:{current.partition}:acm-pca:::template/SubordinateCACertificate_PathLen0/V1\",\n validity=aws.acmpca.CertificateValidityArgs(\n type=\"YEARS\",\n value=\"1\",\n ))\nsubordinate_certificate_authority_certificate = aws.acmpca.CertificateAuthorityCertificate(\"subordinateCertificateAuthorityCertificate\",\n certificate_authority_arn=subordinate_certificate_authority.arn,\n certificate=subordinate_certificate.certificate,\n certificate_chain=subordinate_certificate.certificate_chain)\nroot_certificate_authority_certificate = aws.acmpca.CertificateAuthorityCertificate(\"rootCertificateAuthorityCertificate\")\n# ...\nroot_certificate = aws.acmpca.Certificate(\"rootCertificate\")\n# ...\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var subordinateCertificateAuthority = new Aws.Acmpca.CertificateAuthority(\"subordinateCertificateAuthority\", new Aws.Acmpca.CertificateAuthorityArgs\n {\n Type = \"SUBORDINATE\",\n CertificateAuthorityConfiguration = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationArgs\n {\n KeyAlgorithm = \"RSA_2048\",\n SigningAlgorithm = \"SHA512WITHRSA\",\n Subject = new Aws.Acmpca.Inputs.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs\n {\n CommonName = \"sub.example.com\",\n },\n },\n });\n var rootCertificateAuthority = new Aws.Acmpca.CertificateAuthority(\"rootCertificateAuthority\", new Aws.Acmpca.CertificateAuthorityArgs\n {\n });\n // ...\n var current = Output.Create(Aws.GetPartition.InvokeAsync());\n var subordinateCertificate = new Aws.Acmpca.Certificate(\"subordinateCertificate\", new Aws.Acmpca.CertificateArgs\n {\n CertificateAuthorityArn = rootCertificateAuthority.Arn,\n CertificateSigningRequest = subordinateCertificateAuthority.CertificateSigningRequest,\n SigningAlgorithm = \"SHA512WITHRSA\",\n TemplateArn = current.Apply(current => $\"arn:{current.Partition}:acm-pca:::template/SubordinateCACertificate_PathLen0/V1\"),\n Validity = new Aws.Acmpca.Inputs.CertificateValidityArgs\n {\n Type = \"YEARS\",\n Value = \"1\",\n },\n });\n var subordinateCertificateAuthorityCertificate = new Aws.Acmpca.CertificateAuthorityCertificate(\"subordinateCertificateAuthorityCertificate\", new Aws.Acmpca.CertificateAuthorityCertificateArgs\n {\n CertificateAuthorityArn = subordinateCertificateAuthority.Arn,\n Certificate = subordinateCertificate.Certificate,\n CertificateChain = subordinateCertificate.CertificateChain,\n });\n var rootCertificateAuthorityCertificate = new Aws.Acmpca.CertificateAuthorityCertificate(\"rootCertificateAuthorityCertificate\", new Aws.Acmpca.CertificateAuthorityCertificateArgs\n {\n });\n // ...\n var rootCertificate = new Aws.Acmpca.Certificate(\"rootCertificate\", new Aws.Acmpca.CertificateArgs\n {\n });\n // ...\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acmpca\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsubordinateCertificateAuthority, err := acmpca.NewCertificateAuthority(ctx, \"subordinateCertificateAuthority\", &acmpca.CertificateAuthorityArgs{\n\t\t\tType: pulumi.String(\"SUBORDINATE\"),\n\t\t\tCertificateAuthorityConfiguration: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationArgs{\n\t\t\t\tKeyAlgorithm: pulumi.String(\"RSA_2048\"),\n\t\t\t\tSigningAlgorithm: pulumi.String(\"SHA512WITHRSA\"),\n\t\t\t\tSubject: &acmpca.CertificateAuthorityCertificateAuthorityConfigurationSubjectArgs{\n\t\t\t\t\tCommonName: pulumi.String(\"sub.example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trootCertificateAuthority, err := acmpca.NewCertificateAuthority(ctx, \"rootCertificateAuthority\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubordinateCertificate, err := acmpca.NewCertificate(ctx, \"subordinateCertificate\", &acmpca.CertificateArgs{\n\t\t\tCertificateAuthorityArn: rootCertificateAuthority.Arn,\n\t\t\tCertificateSigningRequest: subordinateCertificateAuthority.CertificateSigningRequest,\n\t\t\tSigningAlgorithm: pulumi.String(\"SHA512WITHRSA\"),\n\t\t\tTemplateArn: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"arn:\", current.Partition, \":acm-pca:::template/SubordinateCACertificate_PathLen0/V1\")),\n\t\t\tValidity: &acmpca.CertificateValidityArgs{\n\t\t\t\tType: pulumi.String(\"YEARS\"),\n\t\t\t\tValue: pulumi.String(\"1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acmpca.NewCertificateAuthorityCertificate(ctx, \"subordinateCertificateAuthorityCertificate\", &acmpca.CertificateAuthorityCertificateArgs{\n\t\t\tCertificateAuthorityArn: subordinateCertificateAuthority.Arn,\n\t\t\tCertificate: subordinateCertificate.Certificate,\n\t\t\tCertificateChain: subordinateCertificate.CertificateChain,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acmpca.NewCertificateAuthorityCertificate(ctx, \"rootCertificateAuthorityCertificate\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acmpca.NewCertificate(ctx, \"rootCertificate\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "certificate": { + "type": "string", + "description": "The PEM-encoded certificate for the Certificate Authority.\n" + }, + "certificateAuthorityArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Certificate Authority.\n" + }, + "certificateChain": { + "type": "string", + "description": "The PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.\n" + } + }, + "required": [ + "certificate", + "certificateAuthorityArn" + ], + "inputProperties": { + "certificate": { + "type": "string", + "description": "The PEM-encoded certificate for the Certificate Authority.\n" + }, + "certificateAuthorityArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Certificate Authority.\n" + }, + "certificateChain": { + "type": "string", + "description": "The PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.\n" + } + }, + "requiredInputs": [ + "certificate", + "certificateAuthorityArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CertificateAuthorityCertificate resources.\n", + "properties": { + "certificate": { + "type": "string", + "description": "The PEM-encoded certificate for the Certificate Authority.\n" + }, + "certificateAuthorityArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Certificate Authority.\n" + }, + "certificateChain": { + "type": "string", + "description": "The PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA. Required for subordinate Certificate Authorities. Not allowed for root Certificate Authorities.\n" + } + }, + "type": "object" + } + }, + "aws:alb/listener:Listener": { + "description": "Provides a Load Balancer Listener resource.\n\n> **Note:** `aws.alb.Listener` is known as `aws.lb.Listener`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Forward Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"443\",\n protocol: \"HTTPS\",\n sslPolicy: \"ELBSecurityPolicy-2016-08\",\n certificateArn: \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n defaultActions: [{\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=443,\n protocol=\"HTTPS\",\n ssl_policy=\"ELBSecurityPolicy-2016-08\",\n certificate_arn=\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 443,\n Protocol = \"HTTPS\",\n SslPolicy = \"ELBSecurityPolicy-2016-08\",\n CertificateArn = \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\tSslPolicy: pulumi.String(\"ELBSecurityPolicy-2016-08\"),\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nTo a NLB:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEnd = new aws.lb.Listener(\"frontEnd\", {\n loadBalancerArn: aws_lb.front_end.arn,\n port: \"443\",\n protocol: \"TLS\",\n certificateArn: \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n alpnPolicy: \"HTTP2Preferred\",\n defaultActions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.front_end.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end = aws.lb.Listener(\"frontEnd\",\n load_balancer_arn=aws_lb[\"front_end\"][\"arn\"],\n port=443,\n protocol=\"TLS\",\n certificate_arn=\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n alpn_policy=\"HTTP2Preferred\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"front_end\"][\"arn\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEnd = new Aws.LB.Listener(\"frontEnd\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = aws_lb.Front_end.Arn,\n Port = 443,\n Protocol = \"TLS\",\n CertificateArn = \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n AlpnPolicy = \"HTTP2Preferred\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Front_end.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewListener(ctx, \"frontEnd\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: pulumi.Any(aws_lb.Front_end.Arn),\n\t\t\tPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"TLS\"),\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\"),\n\t\t\tAlpnPolicy: pulumi.String(\"HTTP2Preferred\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Front_end.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Redirect Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [{\n type: \"redirect\",\n redirect: {\n port: \"443\",\n protocol: \"HTTPS\",\n statusCode: \"HTTP_301\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"redirect\",\n redirect=aws.lb.ListenerDefaultActionRedirectArgs(\n port=\"443\",\n protocol=\"HTTPS\",\n status_code=\"HTTP_301\",\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"redirect\",\n Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs\n {\n Port = \"443\",\n Protocol = \"HTTPS\",\n StatusCode = \"HTTP_301\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"redirect\"),\n\t\t\t\t\tRedirect: &lb.ListenerDefaultActionRedirectArgs{\n\t\t\t\t\t\tPort: pulumi.String(\"443\"),\n\t\t\t\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"HTTP_301\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Fixed-response Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [{\n type: \"fixed-response\",\n fixedResponse: {\n contentType: \"text/plain\",\n messageBody: \"Fixed response content\",\n statusCode: \"200\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"fixed-response\",\n fixed_response=aws.lb.ListenerDefaultActionFixedResponseArgs(\n content_type=\"text/plain\",\n message_body=\"Fixed response content\",\n status_code=\"200\",\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"fixed-response\",\n FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs\n {\n ContentType = \"text/plain\",\n MessageBody = \"Fixed response content\",\n StatusCode = \"200\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"fixed-response\"),\n\t\t\t\t\tFixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{\n\t\t\t\t\t\tContentType: pulumi.String(\"text/plain\"),\n\t\t\t\t\t\tMessageBody: pulumi.String(\"Fixed response content\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Authenticate-cognito Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n// ...\nconst client = new aws.cognito.UserPoolClient(\"client\", {});\n// ...\nconst domain = new aws.cognito.UserPoolDomain(\"domain\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [\n {\n type: \"authenticate-cognito\",\n authenticateCognito: {\n userPoolArn: pool.arn,\n userPoolClientId: client.id,\n userPoolDomain: domain.domain,\n },\n },\n {\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\npool = aws.cognito.UserPool(\"pool\")\n# ...\nclient = aws.cognito.UserPoolClient(\"client\")\n# ...\ndomain = aws.cognito.UserPoolDomain(\"domain\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[\n aws.lb.ListenerDefaultActionArgs(\n type=\"authenticate-cognito\",\n authenticate_cognito=aws.lb.ListenerDefaultActionAuthenticateCognitoArgs(\n user_pool_arn=pool.arn,\n user_pool_client_id=client.id,\n user_pool_domain=domain.domain,\n ),\n ),\n aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n // ...\n var client = new Aws.Cognito.UserPoolClient(\"client\", new Aws.Cognito.UserPoolClientArgs\n {\n });\n // ...\n var domain = new Aws.Cognito.UserPoolDomain(\"domain\", new Aws.Cognito.UserPoolDomainArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"authenticate-cognito\",\n AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs\n {\n UserPoolArn = pool.Arn,\n UserPoolClientId = client.Id,\n UserPoolDomain = domain.Domain,\n },\n },\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := cognito.NewUserPoolClient(ctx, \"client\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdomain, err := cognito.NewUserPoolDomain(ctx, \"domain\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-cognito\"),\n\t\t\t\t\tAuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{\n\t\t\t\t\t\tUserPoolArn: pool.Arn,\n\t\t\t\t\t\tUserPoolClientId: client.ID(),\n\t\t\t\t\t\tUserPoolDomain: domain.Domain,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Authenticate-OIDC Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [\n {\n type: \"authenticate-oidc\",\n authenticateOidc: {\n authorizationEndpoint: \"https://example.com/authorization_endpoint\",\n clientId: \"client_id\",\n clientSecret: \"client_secret\",\n issuer: \"https://example.com\",\n tokenEndpoint: \"https://example.com/token_endpoint\",\n userInfoEndpoint: \"https://example.com/user_info_endpoint\",\n },\n },\n {\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[\n aws.lb.ListenerDefaultActionArgs(\n type=\"authenticate-oidc\",\n authenticate_oidc=aws.lb.ListenerDefaultActionAuthenticateOidcArgs(\n authorization_endpoint=\"https://example.com/authorization_endpoint\",\n client_id=\"client_id\",\n client_secret=\"client_secret\",\n issuer=\"https://example.com\",\n token_endpoint=\"https://example.com/token_endpoint\",\n user_info_endpoint=\"https://example.com/user_info_endpoint\",\n ),\n ),\n aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"authenticate-oidc\",\n AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs\n {\n AuthorizationEndpoint = \"https://example.com/authorization_endpoint\",\n ClientId = \"client_id\",\n ClientSecret = \"client_secret\",\n Issuer = \"https://example.com\",\n TokenEndpoint = \"https://example.com/token_endpoint\",\n UserInfoEndpoint = \"https://example.com/user_info_endpoint\",\n },\n },\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-oidc\"),\n\t\t\t\t\tAuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{\n\t\t\t\t\t\tAuthorizationEndpoint: pulumi.String(\"https://example.com/authorization_endpoint\"),\n\t\t\t\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"client_secret\"),\n\t\t\t\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\t\t\t\tTokenEndpoint: pulumi.String(\"https://example.com/token_endpoint\"),\n\t\t\t\t\t\tUserInfoEndpoint: pulumi.String(\"https://example.com/user_info_endpoint\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Gateway Load Balancer Listener\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLoadBalancer = new aws.lb.LoadBalancer(\"exampleLoadBalancer\", {\n loadBalancerType: \"gateway\",\n subnetMappings: [{\n subnetId: aws_subnet.example.id,\n }],\n});\nconst exampleTargetGroup = new aws.lb.TargetGroup(\"exampleTargetGroup\", {\n port: 6081,\n protocol: \"GENEVE\",\n vpcId: aws_vpc.example.id,\n healthCheck: {\n port: 80,\n protocol: \"HTTP\",\n },\n});\nconst exampleListener = new aws.lb.Listener(\"exampleListener\", {\n loadBalancerArn: exampleLoadBalancer.id,\n defaultActions: [{\n targetGroupArn: exampleTargetGroup.id,\n type: \"forward\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_load_balancer = aws.lb.LoadBalancer(\"exampleLoadBalancer\",\n load_balancer_type=\"gateway\",\n subnet_mappings=[aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example\"][\"id\"],\n )])\nexample_target_group = aws.lb.TargetGroup(\"exampleTargetGroup\",\n port=6081,\n protocol=\"GENEVE\",\n vpc_id=aws_vpc[\"example\"][\"id\"],\n health_check=aws.lb.TargetGroupHealthCheckArgs(\n port=\"80\",\n protocol=\"HTTP\",\n ))\nexample_listener = aws.lb.Listener(\"exampleListener\",\n load_balancer_arn=example_load_balancer.id,\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n target_group_arn=example_target_group.id,\n type=\"forward\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLoadBalancer = new Aws.LB.LoadBalancer(\"exampleLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"gateway\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example.Id,\n },\n },\n });\n var exampleTargetGroup = new Aws.LB.TargetGroup(\"exampleTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n Port = 6081,\n Protocol = \"GENEVE\",\n VpcId = aws_vpc.Example.Id,\n HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs\n {\n Port = \"80\",\n Protocol = \"HTTP\",\n },\n });\n var exampleListener = new Aws.LB.Listener(\"exampleListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = exampleLoadBalancer.Id,\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n TargetGroupArn = exampleTargetGroup.Id,\n Type = \"forward\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLoadBalancer, err := lb.NewLoadBalancer(ctx, \"exampleLoadBalancer\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"gateway\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTargetGroup, err := lb.NewTargetGroup(ctx, \"exampleTargetGroup\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(6081),\n\t\t\tProtocol: pulumi.String(\"GENEVE\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\tHealthCheck: &lb.TargetGroupHealthCheckArgs{\n\t\t\t\tPort: pulumi.String(\"80\"),\n\t\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"exampleListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: exampleLoadBalancer.ID(),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tTargetGroupArn: exampleTargetGroup.ID(),\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nListeners can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:alb/listener:Listener front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96\n```\n\n ", + "properties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the target group.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "defaultActions", + "loadBalancerArn", + "protocol", + "sslPolicy", + "tagsAll" + ], + "inputProperties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "defaultActions", + "loadBalancerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Listener resources.\n", + "properties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the target group.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:applicationloadbalancing/listener:Listener" + } + ] + }, + "aws:alb/listenerCertificate:ListenerCertificate": { + "description": "Provides a Load Balancer Listener Certificate resource.\n\nThis resource is for additional certificates and does not replace the default certificate on the listener.\n\n> **Note:** `aws.alb.ListenerCertificate` is known as `aws.lb.ListenerCertificate`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleCertificate = new aws.acm.Certificate(\"exampleCertificate\", {});\n// ...\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {});\n// ...\nconst exampleListenerCertificate = new aws.lb.ListenerCertificate(\"exampleListenerCertificate\", {\n listenerArn: frontEndListener.arn,\n certificateArn: exampleCertificate.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_certificate = aws.acm.Certificate(\"exampleCertificate\")\n# ...\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\")\n# ...\nexample_listener_certificate = aws.lb.ListenerCertificate(\"exampleListenerCertificate\",\n listener_arn=front_end_listener.arn,\n certificate_arn=example_certificate.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleCertificate = new Aws.Acm.Certificate(\"exampleCertificate\", new Aws.Acm.CertificateArgs\n {\n });\n // ...\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n });\n // ...\n var exampleListenerCertificate = new Aws.LB.ListenerCertificate(\"exampleListenerCertificate\", new Aws.LB.ListenerCertificateArgs\n {\n ListenerArn = frontEndListener.Arn,\n CertificateArn = exampleCertificate.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCertificate, err := acm.NewCertificate(ctx, \"exampleCertificate\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndListener, err := lb.NewListener(ctx, \"frontEndListener\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerCertificate(ctx, \"exampleListenerCertificate\", &lb.ListenerCertificateArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tCertificateArn: exampleCertificate.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nListener Certificates can be imported using their id, e.g.\n\n```sh\n $ pulumi import aws:alb/listenerCertificate:ListenerCertificate example arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/test/8e4497da625e2d8a/9ab28ade35828f96/67b3d2d36dd7c26b_arn:aws:iam::123456789012:server-certificate/tf-acc-test-6453083910015726063\n```\n\n ", + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "required": [ + "certificateArn", + "listenerArn" + ], + "inputProperties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "requiredInputs": [ + "certificateArn", + "listenerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ListenerCertificate resources.\n", + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:applicationloadbalancing/listenerCertificate:ListenerCertificate" + } + ] + }, + "aws:alb/listenerRule:ListenerRule": { + "description": "Provides a Load Balancer Listener Rule resource.\n\n> **Note:** `aws.alb.ListenerRule` is known as `aws.lb.ListenerRule`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {});\n// Other parameters\nconst static = new aws.lb.ListenerRule(\"static\", {\n listenerArn: frontEndListener.arn,\n priority: 100,\n actions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n }],\n conditions: [\n {\n pathPattern: {\n values: [\"/static/*\"],\n },\n },\n {\n hostHeader: {\n values: [\"example.com\"],\n },\n },\n ],\n});\n// Forward action\nconst hostBasedWeightedRouting = new aws.lb.ListenerRule(\"hostBasedWeightedRouting\", {\n listenerArn: frontEndListener.arn,\n priority: 99,\n actions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n }],\n conditions: [{\n hostHeader: {\n values: [\"my-service.*.mycompany.io\"],\n },\n }],\n});\n// Weighted Forward action\nconst hostBasedRouting = new aws.lb.ListenerRule(\"hostBasedRouting\", {\n listenerArn: frontEndListener.arn,\n priority: 99,\n actions: [{\n type: \"forward\",\n forward: {\n targetGroups: [\n {\n arn: aws_lb_target_group.main.arn,\n weight: 80,\n },\n {\n arn: aws_lb_target_group.canary.arn,\n weight: 20,\n },\n ],\n stickiness: {\n enabled: true,\n duration: 600,\n },\n },\n }],\n conditions: [{\n hostHeader: {\n values: [\"my-service.*.mycompany.io\"],\n },\n }],\n});\n// Redirect action\nconst redirectHttpToHttps = new aws.lb.ListenerRule(\"redirectHttpToHttps\", {\n listenerArn: frontEndListener.arn,\n actions: [{\n type: \"redirect\",\n redirect: {\n port: \"443\",\n protocol: \"HTTPS\",\n statusCode: \"HTTP_301\",\n },\n }],\n conditions: [{\n httpHeader: {\n httpHeaderName: \"X-Forwarded-For\",\n values: [\"192.168.1.*\"],\n },\n }],\n});\n// Fixed-response action\nconst healthCheck = new aws.lb.ListenerRule(\"healthCheck\", {\n listenerArn: frontEndListener.arn,\n actions: [{\n type: \"fixed-response\",\n fixedResponse: {\n contentType: \"text/plain\",\n messageBody: \"HEALTHY\",\n statusCode: \"200\",\n },\n }],\n conditions: [{\n queryStrings: [\n {\n key: \"health\",\n value: \"check\",\n },\n {\n value: \"bar\",\n },\n ],\n }],\n});\n// Authenticate-cognito Action\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n// ...\nconst client = new aws.cognito.UserPoolClient(\"client\", {});\n// ...\nconst domain = new aws.cognito.UserPoolDomain(\"domain\", {});\n// ...\nconst admin = new aws.lb.ListenerRule(\"admin\", {\n listenerArn: frontEndListener.arn,\n actions: [\n {\n type: \"authenticate-cognito\",\n authenticateCognito: {\n userPoolArn: pool.arn,\n userPoolClientId: client.id,\n userPoolDomain: domain.domain,\n },\n },\n {\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n },\n ],\n});\n// Authenticate-oidc Action\nconst oidc = new aws.lb.ListenerRule(\"oidc\", {\n listenerArn: frontEndListener.arn,\n actions: [\n {\n type: \"authenticate-oidc\",\n authenticateOidc: {\n authorizationEndpoint: \"https://example.com/authorization_endpoint\",\n clientId: \"client_id\",\n clientSecret: \"client_secret\",\n issuer: \"https://example.com\",\n tokenEndpoint: \"https://example.com/token_endpoint\",\n userInfoEndpoint: \"https://example.com/user_info_endpoint\",\n },\n },\n {\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\")\n# Other parameters\nstatic = aws.lb.ListenerRule(\"static\",\n listener_arn=front_end_listener.arn,\n priority=100,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n )],\n conditions=[\n aws.lb.ListenerRuleConditionArgs(\n path_pattern=aws.lb.ListenerRuleConditionPathPatternArgs(\n values=[\"/static/*\"],\n ),\n ),\n aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"example.com\"],\n ),\n ),\n ])\n# Forward action\nhost_based_weighted_routing = aws.lb.ListenerRule(\"hostBasedWeightedRouting\",\n listener_arn=front_end_listener.arn,\n priority=99,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"my-service.*.mycompany.io\"],\n ),\n )])\n# Weighted Forward action\nhost_based_routing = aws.lb.ListenerRule(\"hostBasedRouting\",\n listener_arn=front_end_listener.arn,\n priority=99,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n forward=aws.lb.ListenerRuleActionForwardArgs(\n target_groups=[\n aws.lb.ListenerRuleActionForwardTargetGroupArgs(\n arn=aws_lb_target_group[\"main\"][\"arn\"],\n weight=80,\n ),\n aws.lb.ListenerRuleActionForwardTargetGroupArgs(\n arn=aws_lb_target_group[\"canary\"][\"arn\"],\n weight=20,\n ),\n ],\n stickiness=aws.lb.ListenerRuleActionForwardStickinessArgs(\n enabled=True,\n duration=600,\n ),\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"my-service.*.mycompany.io\"],\n ),\n )])\n# Redirect action\nredirect_http_to_https = aws.lb.ListenerRule(\"redirectHttpToHttps\",\n listener_arn=front_end_listener.arn,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"redirect\",\n redirect=aws.lb.ListenerRuleActionRedirectArgs(\n port=\"443\",\n protocol=\"HTTPS\",\n status_code=\"HTTP_301\",\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n http_header=aws.lb.ListenerRuleConditionHttpHeaderArgs(\n http_header_name=\"X-Forwarded-For\",\n values=[\"192.168.1.*\"],\n ),\n )])\n# Fixed-response action\nhealth_check = aws.lb.ListenerRule(\"healthCheck\",\n listener_arn=front_end_listener.arn,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"fixed-response\",\n fixed_response=aws.lb.ListenerRuleActionFixedResponseArgs(\n content_type=\"text/plain\",\n message_body=\"HEALTHY\",\n status_code=\"200\",\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n query_strings=[\n aws.lb.ListenerRuleConditionQueryStringArgs(\n key=\"health\",\n value=\"check\",\n ),\n aws.lb.ListenerRuleConditionQueryStringArgs(\n value=\"bar\",\n ),\n ],\n )])\n# Authenticate-cognito Action\npool = aws.cognito.UserPool(\"pool\")\n# ...\nclient = aws.cognito.UserPoolClient(\"client\")\n# ...\ndomain = aws.cognito.UserPoolDomain(\"domain\")\n# ...\nadmin = aws.lb.ListenerRule(\"admin\",\n listener_arn=front_end_listener.arn,\n actions=[\n aws.lb.ListenerRuleActionArgs(\n type=\"authenticate-cognito\",\n authenticate_cognito=aws.lb.ListenerRuleActionAuthenticateCognitoArgs(\n user_pool_arn=pool.arn,\n user_pool_client_id=client.id,\n user_pool_domain=domain.domain,\n ),\n ),\n aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n ),\n ])\n# Authenticate-oidc Action\noidc = aws.lb.ListenerRule(\"oidc\",\n listener_arn=front_end_listener.arn,\n actions=[\n aws.lb.ListenerRuleActionArgs(\n type=\"authenticate-oidc\",\n authenticate_oidc=aws.lb.ListenerRuleActionAuthenticateOidcArgs(\n authorization_endpoint=\"https://example.com/authorization_endpoint\",\n client_id=\"client_id\",\n client_secret=\"client_secret\",\n issuer=\"https://example.com\",\n token_endpoint=\"https://example.com/token_endpoint\",\n user_info_endpoint=\"https://example.com/user_info_endpoint\",\n ),\n ),\n aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n });\n // Other parameters\n var @static = new Aws.LB.ListenerRule(\"static\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 100,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n PathPattern = new Aws.LB.Inputs.ListenerRuleConditionPathPatternArgs\n {\n Values = \n {\n \"/static/*\",\n },\n },\n },\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"example.com\",\n },\n },\n },\n },\n });\n // Forward action\n var hostBasedWeightedRouting = new Aws.LB.ListenerRule(\"hostBasedWeightedRouting\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 99,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"my-service.*.mycompany.io\",\n },\n },\n },\n },\n });\n // Weighted Forward action\n var hostBasedRouting = new Aws.LB.ListenerRule(\"hostBasedRouting\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 99,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n Forward = new Aws.LB.Inputs.ListenerRuleActionForwardArgs\n {\n TargetGroups = \n {\n new Aws.LB.Inputs.ListenerRuleActionForwardTargetGroupArgs\n {\n Arn = aws_lb_target_group.Main.Arn,\n Weight = 80,\n },\n new Aws.LB.Inputs.ListenerRuleActionForwardTargetGroupArgs\n {\n Arn = aws_lb_target_group.Canary.Arn,\n Weight = 20,\n },\n },\n Stickiness = new Aws.LB.Inputs.ListenerRuleActionForwardStickinessArgs\n {\n Enabled = true,\n Duration = 600,\n },\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"my-service.*.mycompany.io\",\n },\n },\n },\n },\n });\n // Redirect action\n var redirectHttpToHttps = new Aws.LB.ListenerRule(\"redirectHttpToHttps\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"redirect\",\n Redirect = new Aws.LB.Inputs.ListenerRuleActionRedirectArgs\n {\n Port = \"443\",\n Protocol = \"HTTPS\",\n StatusCode = \"HTTP_301\",\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HttpHeader = new Aws.LB.Inputs.ListenerRuleConditionHttpHeaderArgs\n {\n HttpHeaderName = \"X-Forwarded-For\",\n Values = \n {\n \"192.168.1.*\",\n },\n },\n },\n },\n });\n // Fixed-response action\n var healthCheck = new Aws.LB.ListenerRule(\"healthCheck\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"fixed-response\",\n FixedResponse = new Aws.LB.Inputs.ListenerRuleActionFixedResponseArgs\n {\n ContentType = \"text/plain\",\n MessageBody = \"HEALTHY\",\n StatusCode = \"200\",\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n QueryStrings = \n {\n new Aws.LB.Inputs.ListenerRuleConditionQueryStringArgs\n {\n Key = \"health\",\n Value = \"check\",\n },\n new Aws.LB.Inputs.ListenerRuleConditionQueryStringArgs\n {\n Value = \"bar\",\n },\n },\n },\n },\n });\n // Authenticate-cognito Action\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n // ...\n var client = new Aws.Cognito.UserPoolClient(\"client\", new Aws.Cognito.UserPoolClientArgs\n {\n });\n // ...\n var domain = new Aws.Cognito.UserPoolDomain(\"domain\", new Aws.Cognito.UserPoolDomainArgs\n {\n });\n // ...\n var admin = new Aws.LB.ListenerRule(\"admin\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"authenticate-cognito\",\n AuthenticateCognito = new Aws.LB.Inputs.ListenerRuleActionAuthenticateCognitoArgs\n {\n UserPoolArn = pool.Arn,\n UserPoolClientId = client.Id,\n UserPoolDomain = domain.Domain,\n },\n },\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n });\n // Authenticate-oidc Action\n var oidc = new Aws.LB.ListenerRule(\"oidc\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"authenticate-oidc\",\n AuthenticateOidc = new Aws.LB.Inputs.ListenerRuleActionAuthenticateOidcArgs\n {\n AuthorizationEndpoint = \"https://example.com/authorization_endpoint\",\n ClientId = \"client_id\",\n ClientSecret = \"client_secret\",\n Issuer = \"https://example.com\",\n TokenEndpoint = \"https://example.com/token_endpoint\",\n UserInfoEndpoint = \"https://example.com/user_info_endpoint\",\n },\n },\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndListener, err := lb.NewListener(ctx, \"frontEndListener\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"static\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tPathPattern: &lb.ListenerRuleConditionPathPatternArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"/static/*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"hostBasedWeightedRouting\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(99),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"my-service.*.mycompany.io\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"hostBasedRouting\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(99),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tForward: &lb.ListenerRuleActionForwardArgs{\n\t\t\t\t\t\tTargetGroups: lb.ListenerRuleActionForwardTargetGroupArray{\n\t\t\t\t\t\t\t&lb.ListenerRuleActionForwardTargetGroupArgs{\n\t\t\t\t\t\t\t\tArn: pulumi.Any(aws_lb_target_group.Main.Arn),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(80),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t&lb.ListenerRuleActionForwardTargetGroupArgs{\n\t\t\t\t\t\t\t\tArn: pulumi.Any(aws_lb_target_group.Canary.Arn),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(20),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStickiness: &lb.ListenerRuleActionForwardStickinessArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tDuration: pulumi.Int(600),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"my-service.*.mycompany.io\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"redirectHttpToHttps\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"redirect\"),\n\t\t\t\t\tRedirect: &lb.ListenerRuleActionRedirectArgs{\n\t\t\t\t\t\tPort: pulumi.String(\"443\"),\n\t\t\t\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"HTTP_301\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHttpHeader: &lb.ListenerRuleConditionHttpHeaderArgs{\n\t\t\t\t\t\tHttpHeaderName: pulumi.String(\"X-Forwarded-For\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"192.168.1.*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"healthCheck\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"fixed-response\"),\n\t\t\t\t\tFixedResponse: &lb.ListenerRuleActionFixedResponseArgs{\n\t\t\t\t\t\tContentType: pulumi.String(\"text/plain\"),\n\t\t\t\t\t\tMessageBody: pulumi.String(\"HEALTHY\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tQueryStrings: lb.ListenerRuleConditionQueryStringArray{\n\t\t\t\t\t\t&lb.ListenerRuleConditionQueryStringArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"health\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"check\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&lb.ListenerRuleConditionQueryStringArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := cognito.NewUserPoolClient(ctx, \"client\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdomain, err := cognito.NewUserPoolDomain(ctx, \"domain\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"admin\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-cognito\"),\n\t\t\t\t\tAuthenticateCognito: &lb.ListenerRuleActionAuthenticateCognitoArgs{\n\t\t\t\t\t\tUserPoolArn: pool.Arn,\n\t\t\t\t\t\tUserPoolClientId: client.ID(),\n\t\t\t\t\t\tUserPoolDomain: domain.Domain,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"oidc\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-oidc\"),\n\t\t\t\t\tAuthenticateOidc: &lb.ListenerRuleActionAuthenticateOidcArgs{\n\t\t\t\t\t\tAuthorizationEndpoint: pulumi.String(\"https://example.com/authorization_endpoint\"),\n\t\t\t\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"client_secret\"),\n\t\t\t\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\t\t\t\tTokenEndpoint: pulumi.String(\"https://example.com/token_endpoint\"),\n\t\t\t\t\t\tUserInfoEndpoint: pulumi.String(\"https://example.com/user_info_endpoint\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRules can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:alb/listenerRule:ListenerRule front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener-rule/app/test/8e4497da625e2d8a/9ab28ade35828f96/67b3d2d36dd7c26b\n```\n\n ", + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "actions", + "arn", + "conditions", + "listenerArn", + "priority", + "tagsAll" + ], + "inputProperties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "actions", + "conditions", + "listenerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ListenerRule resources.\n", + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:applicationloadbalancing/listenerRule:ListenerRule" + } + ] + }, + "aws:alb/loadBalancer:LoadBalancer": { + "description": "Provides a Load Balancer resource.\n\n> **Note:** `aws.alb.LoadBalancer` is known as `aws.lb.LoadBalancer`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Specifying Elastic IPs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lb.LoadBalancer(\"example\", {\n loadBalancerType: \"network\",\n subnetMappings: [\n {\n subnetId: aws_subnet.example1.id,\n allocationId: aws_eip.example1.id,\n },\n {\n subnetId: aws_subnet.example2.id,\n allocationId: aws_eip.example2.id,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lb.LoadBalancer(\"example\",\n load_balancer_type=\"network\",\n subnet_mappings=[\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example1\"][\"id\"],\n allocation_id=aws_eip[\"example1\"][\"id\"],\n ),\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example2\"][\"id\"],\n allocation_id=aws_eip[\"example2\"][\"id\"],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LB.LoadBalancer(\"example\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"network\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example1.Id,\n AllocationId = aws_eip.Example1.Id,\n },\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example2.Id,\n AllocationId = aws_eip.Example2.Id,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"example\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\t\tAllocationId: pulumi.Any(aws_eip.Example1.Id),\n\t\t\t\t},\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example2.Id),\n\t\t\t\t\tAllocationId: pulumi.Any(aws_eip.Example2.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Specifying private IP addresses for an internal-facing load balancer\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lb.LoadBalancer(\"example\", {\n loadBalancerType: \"network\",\n subnetMappings: [\n {\n subnetId: aws_subnet.example1.id,\n privateIpv4Address: \"10.0.1.15\",\n },\n {\n subnetId: aws_subnet.example2.id,\n privateIpv4Address: \"10.0.2.15\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lb.LoadBalancer(\"example\",\n load_balancer_type=\"network\",\n subnet_mappings=[\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example1\"][\"id\"],\n private_ipv4_address=\"10.0.1.15\",\n ),\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example2\"][\"id\"],\n private_ipv4_address=\"10.0.2.15\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LB.LoadBalancer(\"example\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"network\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example1.Id,\n PrivateIpv4Address = \"10.0.1.15\",\n },\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example2.Id,\n PrivateIpv4Address = \"10.0.2.15\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"example\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\t\tPrivateIpv4Address: pulumi.String(\"10.0.1.15\"),\n\t\t\t\t},\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example2.Id),\n\t\t\t\t\tPrivateIpv4Address: pulumi.String(\"10.0.2.15\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLBs can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:alb/loadBalancer:LoadBalancer bar arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188\n```\n\n ", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:alb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the load balancer (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "The ARN suffix for use with CloudWatch Metrics.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "$ref": "#/types/aws:alb/ipAddressType:IpAddressType", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "$ref": "#/types/aws:alb/loadBalancerType:LoadBalancerType", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).\n* `subnet_mapping.*.outpost_id` - ID of the Outpost containing the load balancer.\n" + } + }, + "required": [ + "arn", + "arnSuffix", + "dnsName", + "internal", + "ipAddressType", + "name", + "securityGroups", + "subnetMappings", + "subnets", + "tagsAll", + "vpcId", + "zoneId" + ], + "inputProperties": { + "accessLogs": { + "$ref": "#/types/aws:alb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "$ref": "#/types/aws:alb/ipAddressType:IpAddressType", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "$ref": "#/types/aws:alb/loadBalancerType:LoadBalancerType", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancer resources.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:alb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the load balancer (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "The ARN suffix for use with CloudWatch Metrics.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "$ref": "#/types/aws:alb/ipAddressType:IpAddressType", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "$ref": "#/types/aws:alb/loadBalancerType:LoadBalancerType", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).\n* `subnet_mapping.*.outpost_id` - ID of the Outpost containing the load balancer.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:applicationloadbalancing/loadBalancer:LoadBalancer" + } + ] + }, + "aws:alb/targetGroup:TargetGroup": { + "description": "Provides a Target Group resource for use with Load Balancer resources.\n\n> **Note:** `aws.alb.TargetGroup` is known as `aws.lb.TargetGroup`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Instance Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst test = new aws.lb.TargetGroup(\"test\", {\n port: 80,\n protocol: \"HTTP\",\n vpcId: main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\ntest = aws.lb.TargetGroup(\"test\",\n port=80,\n protocol=\"HTTP\",\n vpc_id=main.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var test = new Aws.LB.TargetGroup(\"test\", new Aws.LB.TargetGroupArgs\n {\n Port = 80,\n Protocol = \"HTTP\",\n VpcId = main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroup(ctx, \"test\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tVpcId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### IP Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst ip_example = new aws.lb.TargetGroup(\"ip-example\", {\n port: 80,\n protocol: \"HTTP\",\n targetType: \"ip\",\n vpcId: main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\nip_example = aws.lb.TargetGroup(\"ip-example\",\n port=80,\n protocol=\"HTTP\",\n target_type=\"ip\",\n vpc_id=main.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var ip_example = new Aws.LB.TargetGroup(\"ip-example\", new Aws.LB.TargetGroupArgs\n {\n Port = 80,\n Protocol = \"HTTP\",\n TargetType = \"ip\",\n VpcId = main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroup(ctx, \"ip_example\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTargetType: pulumi.String(\"ip\"),\n\t\t\tVpcId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lambda_example = new aws.lb.TargetGroup(\"lambda-example\", {\n targetType: \"lambda\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlambda_example = aws.lb.TargetGroup(\"lambda-example\", target_type=\"lambda\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lambda_example = new Aws.LB.TargetGroup(\"lambda-example\", new Aws.LB.TargetGroupArgs\n {\n TargetType = \"lambda\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewTargetGroup(ctx, \"lambda_example\", &lb.TargetGroupArgs{\n\t\t\tTargetType: pulumi.String(\"lambda\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTarget Groups can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:alb/targetGroup:TargetGroup app_front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:targetgroup/app-front-end/20cfe21448b66314\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Target Group (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "ARN suffix for use with CloudWatch Metrics.\n" + }, + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:alb/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:alb/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "required": [ + "arn", + "arnSuffix", + "healthCheck", + "loadBalancingAlgorithmType", + "name", + "preserveClientIp", + "protocolVersion", + "stickiness", + "tagsAll" + ], + "inputProperties": { + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:alb/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:alb/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering TargetGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Target Group (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "ARN suffix for use with CloudWatch Metrics.\n" + }, + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:alb/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:alb/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:applicationloadbalancing/targetGroup:TargetGroup" + } + ] + }, + "aws:alb/targetGroupAttachment:TargetGroupAttachment": { + "description": "Provides the ability to register instances and containers with an Application Load Balancer (ALB) or Network Load Balancer (NLB) target group. For attaching resources with Elastic Load Balancer (ELB), see the `aws.elb.Attachment` resource.\n\n> **Note:** `aws.alb.TargetGroupAttachment` is known as `aws.lb.TargetGroupAttachment`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTargetGroup = new aws.lb.TargetGroup(\"testTargetGroup\", {});\n// ... other configuration ...\nconst testInstance = new aws.ec2.Instance(\"testInstance\", {});\n// ... other configuration ...\nconst testTargetGroupAttachment = new aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\", {\n targetGroupArn: testTargetGroup.arn,\n targetId: testInstance.id,\n port: 80,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_target_group = aws.lb.TargetGroup(\"testTargetGroup\")\n# ... other configuration ...\ntest_instance = aws.ec2.Instance(\"testInstance\")\n# ... other configuration ...\ntest_target_group_attachment = aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\",\n target_group_arn=test_target_group.arn,\n target_id=test_instance.id,\n port=80)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testTargetGroup = new Aws.LB.TargetGroup(\"testTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ... other configuration ...\n var testInstance = new Aws.Ec2.Instance(\"testInstance\", new Aws.Ec2.InstanceArgs\n {\n });\n // ... other configuration ...\n var testTargetGroupAttachment = new Aws.LB.TargetGroupAttachment(\"testTargetGroupAttachment\", new Aws.LB.TargetGroupAttachmentArgs\n {\n TargetGroupArn = testTargetGroup.Arn,\n TargetId = testInstance.Id,\n Port = 80,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTargetGroup, err := lb.NewTargetGroup(ctx, \"testTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := ec2.NewInstance(ctx, \"testInstance\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroupAttachment(ctx, \"testTargetGroupAttachment\", &lb.TargetGroupAttachmentArgs{\n\t\t\tTargetGroupArn: testTargetGroup.Arn,\n\t\t\tTargetId: testInstance.ID(),\n\t\t\tPort: pulumi.Int(80),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Usage with lambda\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTargetGroup = new aws.lb.TargetGroup(\"testTargetGroup\", {targetType: \"lambda\"});\nconst testFunction = new aws.lambda.Function(\"testFunction\", {});\n// ... other configuration ...\nconst withLb = new aws.lambda.Permission(\"withLb\", {\n action: \"lambda:InvokeFunction\",\n \"function\": testFunction.arn,\n principal: \"elasticloadbalancing.amazonaws.com\",\n sourceArn: testTargetGroup.arn,\n});\nconst testTargetGroupAttachment = new aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\", {\n targetGroupArn: testTargetGroup.arn,\n targetId: testFunction.arn,\n}, {\n dependsOn: [withLb],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_target_group = aws.lb.TargetGroup(\"testTargetGroup\", target_type=\"lambda\")\ntest_function = aws.lambda_.Function(\"testFunction\")\n# ... other configuration ...\nwith_lb = aws.lambda_.Permission(\"withLb\",\n action=\"lambda:InvokeFunction\",\n function=test_function.arn,\n principal=\"elasticloadbalancing.amazonaws.com\",\n source_arn=test_target_group.arn)\ntest_target_group_attachment = aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\",\n target_group_arn=test_target_group.arn,\n target_id=test_function.arn,\n opts=pulumi.ResourceOptions(depends_on=[with_lb]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testTargetGroup = new Aws.LB.TargetGroup(\"testTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n TargetType = \"lambda\",\n });\n var testFunction = new Aws.Lambda.Function(\"testFunction\", new Aws.Lambda.FunctionArgs\n {\n });\n // ... other configuration ...\n var withLb = new Aws.Lambda.Permission(\"withLb\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = testFunction.Arn,\n Principal = \"elasticloadbalancing.amazonaws.com\",\n SourceArn = testTargetGroup.Arn,\n });\n var testTargetGroupAttachment = new Aws.LB.TargetGroupAttachment(\"testTargetGroupAttachment\", new Aws.LB.TargetGroupAttachmentArgs\n {\n TargetGroupArn = testTargetGroup.Arn,\n TargetId = testFunction.Arn,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n withLb,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTargetGroup, err := lb.NewTargetGroup(ctx, \"testTargetGroup\", &lb.TargetGroupArgs{\n\t\t\tTargetType: pulumi.String(\"lambda\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestFunction, err := lambda.NewFunction(ctx, \"testFunction\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twithLb, err := lambda.NewPermission(ctx, \"withLb\", &lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: testFunction.Arn,\n\t\t\tPrincipal: pulumi.String(\"elasticloadbalancing.amazonaws.com\"),\n\t\t\tSourceArn: testTargetGroup.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroupAttachment(ctx, \"testTargetGroupAttachment\", &lb.TargetGroupAttachmentArgs{\n\t\t\tTargetGroupArn: testTargetGroup.Arn,\n\t\t\tTargetId: testFunction.Arn,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twithLb,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nTarget Group Attachments cannot be imported. ", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "required": [ + "targetGroupArn", + "targetId" + ], + "inputProperties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "requiredInputs": [ + "targetGroupArn", + "targetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TargetGroupAttachment resources.\n", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:applicationloadbalancing/targetGroupAttachment:TargetGroupAttachment" + } + ] + }, + "aws:amp/workspace:Workspace": { + "description": "Manages an Amazon Managed Service for Prometheus (AMP) Workspace.\n\n> **NOTE:** This AWS functionality is in Preview and may change before General Availability release. Backwards compatibility is not guaranteed between provider releases.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst demo = new aws.amp.Workspace(\"demo\", {\n alias: \"prometheus-test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndemo = aws.amp.Workspace(\"demo\", alias=\"prometheus-test\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var demo = new Aws.Amp.Workspace(\"demo\", new Aws.Amp.WorkspaceArgs\n {\n Alias = \"prometheus-test\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/amp\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := amp.NewWorkspace(ctx, \"demo\", &.WorkspaceArgs{\n\t\t\tAlias: pulumi.String(\"prometheus-test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAMP Workspaces can be imported using the identifier, e.g.\n\n```sh\n $ pulumi import aws:amp/workspace:Workspace demo ws-C6DCB907-F2D7-4D96-957B-66691F865D8B\n```\n\n ", + "properties": { + "alias": { + "type": "string", + "description": "The alias of the prometheus workspace. See more [in AWS Docs](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-onboard-create-workspace.html).\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the workspace.\n" + }, + "prometheusEndpoint": { + "type": "string", + "description": "Prometheus endpoint available for this workspace.\n" + } + }, + "required": [ + "arn", + "prometheusEndpoint" + ], + "inputProperties": { + "alias": { + "type": "string", + "description": "The alias of the prometheus workspace. See more [in AWS Docs](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-onboard-create-workspace.html).\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Workspace resources.\n", + "properties": { + "alias": { + "type": "string", + "description": "The alias of the prometheus workspace. See more [in AWS Docs](https://docs.aws.amazon.com/prometheus/latest/userguide/AMP-onboard-create-workspace.html).\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the workspace.\n" + }, + "prometheusEndpoint": { + "type": "string", + "description": "Prometheus endpoint available for this workspace.\n" + } + }, + "type": "object" + } + }, + "aws:amplify/app:App": { + "description": "\n\n\n## Import\n\nAmplify App can be imported using Amplify App ID (appId), e.g.\n\n```sh\n $ pulumi import aws:amplify/app:App example d2ypk4k47z8u6\n```\n\n App ID can be obtained from App ARN (e.g. `arn:aws:amplify:us-east-1:12345678:apps/d2ypk4k47z8u6`). ", + "properties": { + "accessToken": { + "type": "string", + "description": "The personal access token for a third-party source control system for an Amplify app. The personal access token is used to create a webhook and a read-only deploy key. The token is not stored.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amplify app.\n" + }, + "autoBranchCreationConfig": { + "$ref": "#/types/aws:amplify/AppAutoBranchCreationConfig:AppAutoBranchCreationConfig", + "description": "The automated branch creation configuration for an Amplify app. An `auto_branch_creation_config` block is documented below.\n" + }, + "autoBranchCreationPatterns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The automated branch creation glob patterns for an Amplify app.\n" + }, + "basicAuthCredentials": { + "type": "string", + "description": "The credentials for basic authorization for an Amplify app.\n" + }, + "buildSpec": { + "type": "string", + "description": "The [build specification](https://docs.aws.amazon.com/amplify/latest/userguide/build-settings.html) (build spec) for an Amplify app.\n" + }, + "customRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:amplify/AppCustomRule:AppCustomRule" + }, + "description": "The custom rewrite and redirect rules for an Amplify app. A `custom_rule` block is documented below.\n" + }, + "defaultDomain": { + "type": "string", + "description": "The default domain for the Amplify app.\n" + }, + "description": { + "type": "string", + "description": "The description for an Amplify app.\n" + }, + "enableAutoBranchCreation": { + "type": "boolean", + "description": "Enables automated branch creation for an Amplify app.\n" + }, + "enableBasicAuth": { + "type": "boolean", + "description": "Enables basic authorization for an Amplify app. This will apply to all branches that are part of this app.\n" + }, + "enableBranchAutoBuild": { + "type": "boolean", + "description": "Enables auto-building of branches for the Amplify App.\n" + }, + "enableBranchAutoDeletion": { + "type": "boolean", + "description": "Automatically disconnects a branch in the Amplify Console when you delete a branch from your Git repository.\n" + }, + "environmentVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The environment variables map for an Amplify app.\n" + }, + "iamServiceRoleArn": { + "type": "string", + "description": "The AWS Identity and Access Management (IAM) service role for an Amplify app.\n" + }, + "name": { + "type": "string", + "description": "The name for an Amplify app.\n" + }, + "oauthToken": { + "type": "string", + "description": "The OAuth token for a third-party source control system for an Amplify app. The OAuth token is used to create a webhook and a read-only deploy key. The OAuth token is not stored.\n" + }, + "platform": { + "type": "string", + "description": "The platform or framework for an Amplify app. Valid values: `WEB`.\n" + }, + "productionBranches": { + "type": "array", + "items": { + "$ref": "#/types/aws:amplify/AppProductionBranch:AppProductionBranch" + }, + "description": "Describes the information about a production branch for an Amplify app. A `production_branch` block is documented below.\n" + }, + "repository": { + "type": "string", + "description": "The repository for an Amplify app.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "autoBranchCreationConfig", + "buildSpec", + "defaultDomain", + "name", + "productionBranches", + "tagsAll" + ], + "inputProperties": { + "accessToken": { + "type": "string", + "description": "The personal access token for a third-party source control system for an Amplify app. The personal access token is used to create a webhook and a read-only deploy key. The token is not stored.\n" + }, + "autoBranchCreationConfig": { + "$ref": "#/types/aws:amplify/AppAutoBranchCreationConfig:AppAutoBranchCreationConfig", + "description": "The automated branch creation configuration for an Amplify app. An `auto_branch_creation_config` block is documented below.\n" + }, + "autoBranchCreationPatterns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The automated branch creation glob patterns for an Amplify app.\n" + }, + "basicAuthCredentials": { + "type": "string", + "description": "The credentials for basic authorization for an Amplify app.\n" + }, + "buildSpec": { + "type": "string", + "description": "The [build specification](https://docs.aws.amazon.com/amplify/latest/userguide/build-settings.html) (build spec) for an Amplify app.\n" + }, + "customRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:amplify/AppCustomRule:AppCustomRule" + }, + "description": "The custom rewrite and redirect rules for an Amplify app. A `custom_rule` block is documented below.\n" + }, + "description": { + "type": "string", + "description": "The description for an Amplify app.\n" + }, + "enableAutoBranchCreation": { + "type": "boolean", + "description": "Enables automated branch creation for an Amplify app.\n" + }, + "enableBasicAuth": { + "type": "boolean", + "description": "Enables basic authorization for an Amplify app. This will apply to all branches that are part of this app.\n" + }, + "enableBranchAutoBuild": { + "type": "boolean", + "description": "Enables auto-building of branches for the Amplify App.\n" + }, + "enableBranchAutoDeletion": { + "type": "boolean", + "description": "Automatically disconnects a branch in the Amplify Console when you delete a branch from your Git repository.\n" + }, + "environmentVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The environment variables map for an Amplify app.\n" + }, + "iamServiceRoleArn": { + "type": "string", + "description": "The AWS Identity and Access Management (IAM) service role for an Amplify app.\n" + }, + "name": { + "type": "string", + "description": "The name for an Amplify app.\n" + }, + "oauthToken": { + "type": "string", + "description": "The OAuth token for a third-party source control system for an Amplify app. The OAuth token is used to create a webhook and a read-only deploy key. The OAuth token is not stored.\n" + }, + "platform": { + "type": "string", + "description": "The platform or framework for an Amplify app. Valid values: `WEB`.\n" + }, + "repository": { + "type": "string", + "description": "The repository for an Amplify app.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering App resources.\n", + "properties": { + "accessToken": { + "type": "string", + "description": "The personal access token for a third-party source control system for an Amplify app. The personal access token is used to create a webhook and a read-only deploy key. The token is not stored.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amplify app.\n" + }, + "autoBranchCreationConfig": { + "$ref": "#/types/aws:amplify/AppAutoBranchCreationConfig:AppAutoBranchCreationConfig", + "description": "The automated branch creation configuration for an Amplify app. An `auto_branch_creation_config` block is documented below.\n" + }, + "autoBranchCreationPatterns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The automated branch creation glob patterns for an Amplify app.\n" + }, + "basicAuthCredentials": { + "type": "string", + "description": "The credentials for basic authorization for an Amplify app.\n" + }, + "buildSpec": { + "type": "string", + "description": "The [build specification](https://docs.aws.amazon.com/amplify/latest/userguide/build-settings.html) (build spec) for an Amplify app.\n" + }, + "customRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:amplify/AppCustomRule:AppCustomRule" + }, + "description": "The custom rewrite and redirect rules for an Amplify app. A `custom_rule` block is documented below.\n" + }, + "defaultDomain": { + "type": "string", + "description": "The default domain for the Amplify app.\n" + }, + "description": { + "type": "string", + "description": "The description for an Amplify app.\n" + }, + "enableAutoBranchCreation": { + "type": "boolean", + "description": "Enables automated branch creation for an Amplify app.\n" + }, + "enableBasicAuth": { + "type": "boolean", + "description": "Enables basic authorization for an Amplify app. This will apply to all branches that are part of this app.\n" + }, + "enableBranchAutoBuild": { + "type": "boolean", + "description": "Enables auto-building of branches for the Amplify App.\n" + }, + "enableBranchAutoDeletion": { + "type": "boolean", + "description": "Automatically disconnects a branch in the Amplify Console when you delete a branch from your Git repository.\n" + }, + "environmentVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The environment variables map for an Amplify app.\n" + }, + "iamServiceRoleArn": { + "type": "string", + "description": "The AWS Identity and Access Management (IAM) service role for an Amplify app.\n" + }, + "name": { + "type": "string", + "description": "The name for an Amplify app.\n" + }, + "oauthToken": { + "type": "string", + "description": "The OAuth token for a third-party source control system for an Amplify app. The OAuth token is used to create a webhook and a read-only deploy key. The OAuth token is not stored.\n" + }, + "platform": { + "type": "string", + "description": "The platform or framework for an Amplify app. Valid values: `WEB`.\n" + }, + "productionBranches": { + "type": "array", + "items": { + "$ref": "#/types/aws:amplify/AppProductionBranch:AppProductionBranch" + }, + "description": "Describes the information about a production branch for an Amplify app. A `production_branch` block is documented below.\n" + }, + "repository": { + "type": "string", + "description": "The repository for an Amplify app.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:amplify/backendEnvironment:BackendEnvironment": { + "description": "Provides an Amplify Backend Environment resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleApp = new aws.amplify.App(\"exampleApp\", {});\nconst exampleBackendEnvironment = new aws.amplify.BackendEnvironment(\"exampleBackendEnvironment\", {\n appId: exampleApp.id,\n environmentName: \"example\",\n deploymentArtifacts: \"app-example-deployment\",\n stackName: \"amplify-app-example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_app = aws.amplify.App(\"exampleApp\")\nexample_backend_environment = aws.amplify.BackendEnvironment(\"exampleBackendEnvironment\",\n app_id=example_app.id,\n environment_name=\"example\",\n deployment_artifacts=\"app-example-deployment\",\n stack_name=\"amplify-app-example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleApp = new Aws.Amplify.App(\"exampleApp\", new Aws.Amplify.AppArgs\n {\n });\n var exampleBackendEnvironment = new Aws.Amplify.BackendEnvironment(\"exampleBackendEnvironment\", new Aws.Amplify.BackendEnvironmentArgs\n {\n AppId = exampleApp.Id,\n EnvironmentName = \"example\",\n DeploymentArtifacts = \"app-example-deployment\",\n StackName = \"amplify-app-example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/amplify\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApp, err := amplify.NewApp(ctx, \"exampleApp\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = amplify.NewBackendEnvironment(ctx, \"exampleBackendEnvironment\", &lify.BackendEnvironmentArgs{\n\t\t\tAppId: exampleApp.ID(),\n\t\t\tEnvironmentName: pulumi.String(\"example\"),\n\t\t\tDeploymentArtifacts: pulumi.String(\"app-example-deployment\"),\n\t\t\tStackName: pulumi.String(\"amplify-app-example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAmplify backend environment can be imported using `app_id` and `environment_name`, e.g.\n\n```sh\n $ pulumi import aws:amplify/backendEnvironment:BackendEnvironment example d2ypk4k47z8u6/example\n```\n\n ", + "properties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.\n" + }, + "deploymentArtifacts": { + "type": "string", + "description": "The name of deployment artifacts.\n" + }, + "environmentName": { + "type": "string", + "description": "The name for the backend environment.\n" + }, + "stackName": { + "type": "string", + "description": "The AWS CloudFormation stack name of a backend environment.\n" + } + }, + "required": [ + "appId", + "arn", + "deploymentArtifacts", + "environmentName", + "stackName" + ], + "inputProperties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "deploymentArtifacts": { + "type": "string", + "description": "The name of deployment artifacts.\n" + }, + "environmentName": { + "type": "string", + "description": "The name for the backend environment.\n" + }, + "stackName": { + "type": "string", + "description": "The AWS CloudFormation stack name of a backend environment.\n" + } + }, + "requiredInputs": [ + "appId", + "environmentName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BackendEnvironment resources.\n", + "properties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.\n" + }, + "deploymentArtifacts": { + "type": "string", + "description": "The name of deployment artifacts.\n" + }, + "environmentName": { + "type": "string", + "description": "The name for the backend environment.\n" + }, + "stackName": { + "type": "string", + "description": "The AWS CloudFormation stack name of a backend environment.\n" + } + }, + "type": "object" + } + }, + "aws:amplify/branch:Branch": { + "description": "Provides an Amplify Branch resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.amplify.App(\"example\", {});\nconst master = new aws.amplify.Branch(\"master\", {\n appId: example.id,\n branchName: \"master\",\n framework: \"React\",\n stage: \"PRODUCTION\",\n environmentVariables: {\n REACT_APP_API_SERVER: \"https://api.example.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.amplify.App(\"example\")\nmaster = aws.amplify.Branch(\"master\",\n app_id=example.id,\n branch_name=\"master\",\n framework=\"React\",\n stage=\"PRODUCTION\",\n environment_variables={\n \"REACT_APP_API_SERVER\": \"https://api.example.com\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Amplify.App(\"example\", new Aws.Amplify.AppArgs\n {\n });\n var master = new Aws.Amplify.Branch(\"master\", new Aws.Amplify.BranchArgs\n {\n AppId = example.Id,\n BranchName = \"master\",\n Framework = \"React\",\n Stage = \"PRODUCTION\",\n EnvironmentVariables = \n {\n { \"REACT_APP_API_SERVER\", \"https://api.example.com\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/amplify\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := amplify.NewApp(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = amplify.NewBranch(ctx, \"master\", &lify.BranchArgs{\n\t\t\tAppId: example.ID(),\n\t\t\tBranchName: pulumi.String(\"master\"),\n\t\t\tFramework: pulumi.String(\"React\"),\n\t\t\tStage: pulumi.String(\"PRODUCTION\"),\n\t\t\tEnvironmentVariables: pulumi.StringMap{\n\t\t\t\t\"REACT_APP_API_SERVER\": pulumi.String(\"https://api.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Basic Authentication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.amplify.App(\"example\", {});\nconst master = new aws.amplify.Branch(\"master\", {\n appId: example.id,\n branchName: \"master\",\n basicAuthConfig: [{\n enableBasicAuth: true,\n username: \"username\",\n password: \"password\",\n }],\n});\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAmplify branch can be imported using `app_id` and `branch_name`, e.g.\n\n```sh\n $ pulumi import aws:amplify/branch:Branch master d2ypk4k47z8u6/master\n```\n\n ", + "properties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the branch.\n" + }, + "associatedResources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of custom resources that are linked to this branch.\n" + }, + "backendEnvironmentArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.\n" + }, + "basicAuthCredentials": { + "type": "string", + "description": "The basic authorization credentials for the branch.\n" + }, + "branchName": { + "type": "string", + "description": "The name for the branch.\n" + }, + "customDomains": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The custom domains for the branch.\n" + }, + "description": { + "type": "string", + "description": "The description for the branch.\n" + }, + "destinationBranch": { + "type": "string", + "description": "The destination branch if the branch is a pull request branch.\n" + }, + "displayName": { + "type": "string", + "description": "The display name for a branch. This is used as the default domain prefix.\n" + }, + "enableAutoBuild": { + "type": "boolean", + "description": "Enables auto building for the branch.\n" + }, + "enableBasicAuth": { + "type": "boolean", + "description": "Enables basic authorization for the branch.\n" + }, + "enableNotification": { + "type": "boolean", + "description": "Enables notifications for the branch.\n" + }, + "enablePerformanceMode": { + "type": "boolean", + "description": "Enables performance mode for the branch.\n" + }, + "enablePullRequestPreview": { + "type": "boolean", + "description": "Enables pull request previews for this branch.\n" + }, + "environmentVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The environment variables for the branch.\n" + }, + "framework": { + "type": "string", + "description": "The framework for the branch.\n" + }, + "pullRequestEnvironmentName": { + "type": "string", + "description": "The Amplify environment name for the pull request.\n" + }, + "sourceBranch": { + "type": "string", + "description": "The source branch if the branch is a pull request branch.\n" + }, + "stage": { + "type": "string", + "description": "Describes the current stage for the branch. Valid values: `PRODUCTION`, `BETA`, `DEVELOPMENT`, `EXPERIMENTAL`, `PULL_REQUEST`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "ttl": { + "type": "string", + "description": "The content Time To Live (TTL) for the website in seconds.\n" + } + }, + "required": [ + "appId", + "arn", + "associatedResources", + "branchName", + "customDomains", + "destinationBranch", + "displayName", + "sourceBranch", + "tagsAll" + ], + "inputProperties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "backendEnvironmentArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.\n" + }, + "basicAuthCredentials": { + "type": "string", + "description": "The basic authorization credentials for the branch.\n" + }, + "branchName": { + "type": "string", + "description": "The name for the branch.\n" + }, + "description": { + "type": "string", + "description": "The description for the branch.\n" + }, + "displayName": { + "type": "string", + "description": "The display name for a branch. This is used as the default domain prefix.\n" + }, + "enableAutoBuild": { + "type": "boolean", + "description": "Enables auto building for the branch.\n" + }, + "enableBasicAuth": { + "type": "boolean", + "description": "Enables basic authorization for the branch.\n" + }, + "enableNotification": { + "type": "boolean", + "description": "Enables notifications for the branch.\n" + }, + "enablePerformanceMode": { + "type": "boolean", + "description": "Enables performance mode for the branch.\n" + }, + "enablePullRequestPreview": { + "type": "boolean", + "description": "Enables pull request previews for this branch.\n" + }, + "environmentVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The environment variables for the branch.\n" + }, + "framework": { + "type": "string", + "description": "The framework for the branch.\n" + }, + "pullRequestEnvironmentName": { + "type": "string", + "description": "The Amplify environment name for the pull request.\n" + }, + "stage": { + "type": "string", + "description": "Describes the current stage for the branch. Valid values: `PRODUCTION`, `BETA`, `DEVELOPMENT`, `EXPERIMENTAL`, `PULL_REQUEST`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "ttl": { + "type": "string", + "description": "The content Time To Live (TTL) for the website in seconds.\n" + } + }, + "requiredInputs": [ + "appId", + "branchName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Branch resources.\n", + "properties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the branch.\n" + }, + "associatedResources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of custom resources that are linked to this branch.\n" + }, + "backendEnvironmentArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.\n" + }, + "basicAuthCredentials": { + "type": "string", + "description": "The basic authorization credentials for the branch.\n" + }, + "branchName": { + "type": "string", + "description": "The name for the branch.\n" + }, + "customDomains": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The custom domains for the branch.\n" + }, + "description": { + "type": "string", + "description": "The description for the branch.\n" + }, + "destinationBranch": { + "type": "string", + "description": "The destination branch if the branch is a pull request branch.\n" + }, + "displayName": { + "type": "string", + "description": "The display name for a branch. This is used as the default domain prefix.\n" + }, + "enableAutoBuild": { + "type": "boolean", + "description": "Enables auto building for the branch.\n" + }, + "enableBasicAuth": { + "type": "boolean", + "description": "Enables basic authorization for the branch.\n" + }, + "enableNotification": { + "type": "boolean", + "description": "Enables notifications for the branch.\n" + }, + "enablePerformanceMode": { + "type": "boolean", + "description": "Enables performance mode for the branch.\n" + }, + "enablePullRequestPreview": { + "type": "boolean", + "description": "Enables pull request previews for this branch.\n" + }, + "environmentVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The environment variables for the branch.\n" + }, + "framework": { + "type": "string", + "description": "The framework for the branch.\n" + }, + "pullRequestEnvironmentName": { + "type": "string", + "description": "The Amplify environment name for the pull request.\n" + }, + "sourceBranch": { + "type": "string", + "description": "The source branch if the branch is a pull request branch.\n" + }, + "stage": { + "type": "string", + "description": "Describes the current stage for the branch. Valid values: `PRODUCTION`, `BETA`, `DEVELOPMENT`, `EXPERIMENTAL`, `PULL_REQUEST`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "ttl": { + "type": "string", + "description": "The content Time To Live (TTL) for the website in seconds.\n" + } + }, + "type": "object" + } + }, + "aws:amplify/domainAssociation:DomainAssociation": { + "description": "Provides an Amplify Domain Association resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleApp = new aws.amplify.App(\"exampleApp\", {customRules: [{\n source: \"https://example.com\",\n status: \"302\",\n target: \"https://www.example.com\",\n}]});\nconst master = new aws.amplify.Branch(\"master\", {\n appId: exampleApp.id,\n branchName: \"master\",\n});\nconst exampleDomainAssociation = new aws.amplify.DomainAssociation(\"exampleDomainAssociation\", {\n appId: exampleApp.id,\n domainName: \"example.com\",\n subDomains: [\n {\n branchName: master.branchName,\n prefix: \"\",\n },\n {\n branchName: master.branchName,\n prefix: \"www\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_app = aws.amplify.App(\"exampleApp\", custom_rules=[aws.amplify.AppCustomRuleArgs(\n source=\"https://example.com\",\n status=\"302\",\n target=\"https://www.example.com\",\n)])\nmaster = aws.amplify.Branch(\"master\",\n app_id=example_app.id,\n branch_name=\"master\")\nexample_domain_association = aws.amplify.DomainAssociation(\"exampleDomainAssociation\",\n app_id=example_app.id,\n domain_name=\"example.com\",\n sub_domains=[\n aws.amplify.DomainAssociationSubDomainArgs(\n branch_name=master.branch_name,\n prefix=\"\",\n ),\n aws.amplify.DomainAssociationSubDomainArgs(\n branch_name=master.branch_name,\n prefix=\"www\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleApp = new Aws.Amplify.App(\"exampleApp\", new Aws.Amplify.AppArgs\n {\n CustomRules = \n {\n new Aws.Amplify.Inputs.AppCustomRuleArgs\n {\n Source = \"https://example.com\",\n Status = \"302\",\n Target = \"https://www.example.com\",\n },\n },\n });\n var master = new Aws.Amplify.Branch(\"master\", new Aws.Amplify.BranchArgs\n {\n AppId = exampleApp.Id,\n BranchName = \"master\",\n });\n var exampleDomainAssociation = new Aws.Amplify.DomainAssociation(\"exampleDomainAssociation\", new Aws.Amplify.DomainAssociationArgs\n {\n AppId = exampleApp.Id,\n DomainName = \"example.com\",\n SubDomains = \n {\n new Aws.Amplify.Inputs.DomainAssociationSubDomainArgs\n {\n BranchName = master.BranchName,\n Prefix = \"\",\n },\n new Aws.Amplify.Inputs.DomainAssociationSubDomainArgs\n {\n BranchName = master.BranchName,\n Prefix = \"www\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/amplify\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApp, err := amplify.NewApp(ctx, \"exampleApp\", &lify.AppArgs{\n\t\t\tCustomRules: amplify.AppCustomRuleArray{\n\t\t\t\t&lify.AppCustomRuleArgs{\n\t\t\t\t\tSource: pulumi.String(\"https://example.com\"),\n\t\t\t\t\tStatus: pulumi.String(\"302\"),\n\t\t\t\t\tTarget: pulumi.String(\"https://www.example.com\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmaster, err := amplify.NewBranch(ctx, \"master\", &lify.BranchArgs{\n\t\t\tAppId: exampleApp.ID(),\n\t\t\tBranchName: pulumi.String(\"master\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = amplify.NewDomainAssociation(ctx, \"exampleDomainAssociation\", &lify.DomainAssociationArgs{\n\t\t\tAppId: exampleApp.ID(),\n\t\t\tDomainName: pulumi.String(\"example.com\"),\n\t\t\tSubDomains: amplify.DomainAssociationSubDomainArray{\n\t\t\t\t&lify.DomainAssociationSubDomainArgs{\n\t\t\t\t\tBranchName: master.BranchName,\n\t\t\t\t\tPrefix: pulumi.String(\"\"),\n\t\t\t\t},\n\t\t\t\t&lify.DomainAssociationSubDomainArgs{\n\t\t\t\t\tBranchName: master.BranchName,\n\t\t\t\t\tPrefix: pulumi.String(\"www\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAmplify domain association can be imported using `app_id` and `domain_name`, e.g.\n\n```sh\n $ pulumi import aws:amplify/domainAssociation:DomainAssociation app d2ypk4k47z8u6/example.com\n```\n\n ", + "properties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the domain association.\n" + }, + "certificateVerificationDnsRecord": { + "type": "string", + "description": "The DNS record for certificate verification.\n" + }, + "domainName": { + "type": "string", + "description": "The domain name for the domain association.\n" + }, + "subDomains": { + "type": "array", + "items": { + "$ref": "#/types/aws:amplify/DomainAssociationSubDomain:DomainAssociationSubDomain" + }, + "description": "The setting for the subdomain. Documented below.\n" + }, + "waitForVerification": { + "type": "boolean", + "description": "If enabled, the resource will wait for the domain association status to change to `PENDING_DEPLOYMENT` or `AVAILABLE`. Setting this to `false` will skip the process. Default: `true`.\n" + } + }, + "required": [ + "appId", + "arn", + "certificateVerificationDnsRecord", + "domainName", + "subDomains" + ], + "inputProperties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "domainName": { + "type": "string", + "description": "The domain name for the domain association.\n" + }, + "subDomains": { + "type": "array", + "items": { + "$ref": "#/types/aws:amplify/DomainAssociationSubDomain:DomainAssociationSubDomain" + }, + "description": "The setting for the subdomain. Documented below.\n" + }, + "waitForVerification": { + "type": "boolean", + "description": "If enabled, the resource will wait for the domain association status to change to `PENDING_DEPLOYMENT` or `AVAILABLE`. Setting this to `false` will skip the process. Default: `true`.\n" + } + }, + "requiredInputs": [ + "appId", + "domainName", + "subDomains" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DomainAssociation resources.\n", + "properties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the domain association.\n" + }, + "certificateVerificationDnsRecord": { + "type": "string", + "description": "The DNS record for certificate verification.\n" + }, + "domainName": { + "type": "string", + "description": "The domain name for the domain association.\n" + }, + "subDomains": { + "type": "array", + "items": { + "$ref": "#/types/aws:amplify/DomainAssociationSubDomain:DomainAssociationSubDomain" + }, + "description": "The setting for the subdomain. Documented below.\n" + }, + "waitForVerification": { + "type": "boolean", + "description": "If enabled, the resource will wait for the domain association status to change to `PENDING_DEPLOYMENT` or `AVAILABLE`. Setting this to `false` will skip the process. Default: `true`.\n" + } + }, + "type": "object" + } + }, + "aws:amplify/webhook:Webhook": { + "description": "Provides an Amplify Webhook resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.amplify.App(\"example\", {});\nconst masterBranch = new aws.amplify.Branch(\"masterBranch\", {\n appId: example.id,\n branchName: \"master\",\n});\nconst masterWebhook = new aws.amplify.Webhook(\"masterWebhook\", {\n appId: example.id,\n branchName: masterBranch.branchName,\n description: \"triggermaster\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.amplify.App(\"example\")\nmaster_branch = aws.amplify.Branch(\"masterBranch\",\n app_id=example.id,\n branch_name=\"master\")\nmaster_webhook = aws.amplify.Webhook(\"masterWebhook\",\n app_id=example.id,\n branch_name=master_branch.branch_name,\n description=\"triggermaster\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Amplify.App(\"example\", new Aws.Amplify.AppArgs\n {\n });\n var masterBranch = new Aws.Amplify.Branch(\"masterBranch\", new Aws.Amplify.BranchArgs\n {\n AppId = example.Id,\n BranchName = \"master\",\n });\n var masterWebhook = new Aws.Amplify.Webhook(\"masterWebhook\", new Aws.Amplify.WebhookArgs\n {\n AppId = example.Id,\n BranchName = masterBranch.BranchName,\n Description = \"triggermaster\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/amplify\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := amplify.NewApp(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmasterBranch, err := amplify.NewBranch(ctx, \"masterBranch\", &lify.BranchArgs{\n\t\t\tAppId: example.ID(),\n\t\t\tBranchName: pulumi.String(\"master\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = amplify.NewWebhook(ctx, \"masterWebhook\", &lify.WebhookArgs{\n\t\t\tAppId: example.ID(),\n\t\t\tBranchName: masterBranch.BranchName,\n\t\t\tDescription: pulumi.String(\"triggermaster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAmplify webhook can be imported using a webhook ID, e.g.\n\n```sh\n $ pulumi import aws:amplify/webhook:Webhook master a26b22a0-748b-4b57-b9a0-ae7e601fe4b1\n```\n\n ", + "properties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the webhook.\n" + }, + "branchName": { + "type": "string", + "description": "The name for a branch that is part of the Amplify app.\n" + }, + "description": { + "type": "string", + "description": "The description for a webhook.\n" + }, + "url": { + "type": "string", + "description": "The URL of the webhook.\n" + } + }, + "required": [ + "appId", + "arn", + "branchName", + "url" + ], + "inputProperties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "branchName": { + "type": "string", + "description": "The name for a branch that is part of the Amplify app.\n" + }, + "description": { + "type": "string", + "description": "The description for a webhook.\n" + } + }, + "requiredInputs": [ + "appId", + "branchName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Webhook resources.\n", + "properties": { + "appId": { + "type": "string", + "description": "The unique ID for an Amplify app.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the webhook.\n" + }, + "branchName": { + "type": "string", + "description": "The name for a branch that is part of the Amplify app.\n" + }, + "description": { + "type": "string", + "description": "The description for a webhook.\n" + }, + "url": { + "type": "string", + "description": "The URL of the webhook.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/account:Account": { + "description": "Provides a settings of an API Gateway Account. Settings is applied region-wide per `provider` block.\n\n> **Note:** As there is no API method for deleting account settings or resetting it to defaults, destroying this resource will keep your account settings intact\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cloudwatchRole = new aws.iam.Role(\"cloudwatchRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"apigateway.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst demo = new aws.apigateway.Account(\"demo\", {cloudwatchRoleArn: cloudwatchRole.arn});\nconst cloudwatchRolePolicy = new aws.iam.RolePolicy(\"cloudwatchRolePolicy\", {\n role: cloudwatchRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:PutLogEvents\",\n \"logs:GetLogEvents\",\n \"logs:FilterLogEvents\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncloudwatch_role = aws.iam.Role(\"cloudwatchRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"apigateway.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\ndemo = aws.apigateway.Account(\"demo\", cloudwatch_role_arn=cloudwatch_role.arn)\ncloudwatch_role_policy = aws.iam.RolePolicy(\"cloudwatchRolePolicy\",\n role=cloudwatch_role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\",\n \"logs:PutLogEvents\",\n \"logs:GetLogEvents\",\n \"logs:FilterLogEvents\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cloudwatchRole = new Aws.Iam.Role(\"cloudwatchRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"apigateway.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var demo = new Aws.ApiGateway.Account(\"demo\", new Aws.ApiGateway.AccountArgs\n {\n CloudwatchRoleArn = cloudwatchRole.Arn,\n });\n var cloudwatchRolePolicy = new Aws.Iam.RolePolicy(\"cloudwatchRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = cloudwatchRole.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"logs:CreateLogGroup\"\",\n \"\"logs:CreateLogStream\"\",\n \"\"logs:DescribeLogGroups\"\",\n \"\"logs:DescribeLogStreams\"\",\n \"\"logs:PutLogEvents\"\",\n \"\"logs:GetLogEvents\"\",\n \"\"logs:FilterLogEvents\"\"\n ],\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcloudwatchRole, err := iam.NewRole(ctx, \"cloudwatchRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"apigateway.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewAccount(ctx, \"demo\", &apigateway.AccountArgs{\n\t\t\tCloudwatchRoleArn: cloudwatchRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"cloudwatchRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: cloudwatchRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"logs:CreateLogGroup\\\",\\n\", \" \\\"logs:CreateLogStream\\\",\\n\", \" \\\"logs:DescribeLogGroups\\\",\\n\", \" \\\"logs:DescribeLogStreams\\\",\\n\", \" \\\"logs:PutLogEvents\\\",\\n\", \" \\\"logs:GetLogEvents\\\",\\n\", \" \\\"logs:FilterLogEvents\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAPI Gateway Accounts can be imported using the word `api-gateway-account`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/account:Account demo api-gateway-account\n```\n\n ", + "properties": { + "cloudwatchRoleArn": { + "type": "string", + "description": "The ARN of an IAM role for CloudWatch (to allow logging & monitoring). See more [in AWS Docs](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-stage-settings.html#how-to-stage-settings-console). Logging & monitoring can be enabled/disabled and otherwise tuned on the API Gateway Stage level.\n" + }, + "throttleSettings": { + "$ref": "#/types/aws:apigateway/AccountThrottleSettings:AccountThrottleSettings", + "description": "Account-Level throttle settings. See exported fields below.\n" + } + }, + "required": [ + "throttleSettings" + ], + "inputProperties": { + "cloudwatchRoleArn": { + "type": "string", + "description": "The ARN of an IAM role for CloudWatch (to allow logging & monitoring). See more [in AWS Docs](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-stage-settings.html#how-to-stage-settings-console). Logging & monitoring can be enabled/disabled and otherwise tuned on the API Gateway Stage level.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Account resources.\n", + "properties": { + "cloudwatchRoleArn": { + "type": "string", + "description": "The ARN of an IAM role for CloudWatch (to allow logging & monitoring). See more [in AWS Docs](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-stage-settings.html#how-to-stage-settings-console). Logging & monitoring can be enabled/disabled and otherwise tuned on the API Gateway Stage level.\n" + }, + "throttleSettings": { + "$ref": "#/types/aws:apigateway/AccountThrottleSettings:AccountThrottleSettings", + "description": "Account-Level throttle settings. See exported fields below.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/apiKey:ApiKey": { + "description": "Provides an API Gateway API Key.\n\n> **NOTE:** Since the API Gateway usage plans feature was launched on August 11, 2016, usage plans are now **required** to associate an API key with an API stage.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoApiKey = new aws.apigateway.ApiKey(\"MyDemoApiKey\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api_key = aws.apigateway.ApiKey(\"myDemoApiKey\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDemoApiKey = new Aws.ApiGateway.ApiKey(\"myDemoApiKey\", new Aws.ApiGateway.ApiKeyArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiKey(ctx, \"myDemoApiKey\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAPI Gateway Keys can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/apiKey:ApiKey my_demo_key 8bklk8bl1k3sB38D9B3l0enyWT8c09B30lkq0blk\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the API key\n" + }, + "description": { + "type": "string", + "description": "The API key description. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the API key can be used by callers. Defaults to `true`.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the API key\n" + }, + "name": { + "type": "string", + "description": "The name of the API key\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "value": { + "type": "string", + "description": "The value of the API key. If not specified, it will be automatically generated by AWS on creation.\n" + } + }, + "required": [ + "arn", + "createdDate", + "description", + "lastUpdatedDate", + "name", + "tagsAll", + "value" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The API key description. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the API key can be used by callers. Defaults to `true`.\n" + }, + "name": { + "type": "string", + "description": "The name of the API key\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "value": { + "type": "string", + "description": "The value of the API key. If not specified, it will be automatically generated by AWS on creation.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ApiKey resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the API key\n" + }, + "description": { + "type": "string", + "description": "The API key description. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the API key can be used by callers. Defaults to `true`.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the API key\n" + }, + "name": { + "type": "string", + "description": "The name of the API key\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "value": { + "type": "string", + "description": "The value of the API key. If not specified, it will be automatically generated by AWS on creation.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/authorizer:Authorizer": { + "description": "Provides an API Gateway Authorizer.\n\n\n## Import\n\nAWS API Gateway Authorizer can be imported using the `REST-API-ID/AUTHORIZER-ID`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/authorizer:Authorizer authorizer 12345abcde/example\n```\n\n ", + "properties": { + "authorizerCredentials": { + "type": "string", + "description": "The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.\n" + }, + "authorizerResultTtlInSeconds": { + "type": "integer", + "description": "The TTL of cached authorizer results in seconds. Defaults to `300`.\n" + }, + "authorizerUri": { + "type": "string", + "description": "The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of `arn:aws:apigateway:{region}:lambda:path/{service_api}`,\ne.g. `arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations`\n" + }, + "identitySource": { + "type": "string", + "description": "The source of the identity in an incoming request. Defaults to `method.request.header.Authorization`. For `REQUEST` type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g. `\"method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName\"`\n" + }, + "identityValidationExpression": { + "type": "string", + "description": "A validation expression for the incoming identity. For `TOKEN` type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.\n" + }, + "name": { + "type": "string", + "description": "The name of the authorizer\n" + }, + "providerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the Amazon Cognito user pool ARNs. Each element is of this format: `arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}`.\n" + }, + "restApi": { + "type": "string", + "description": "The ID of the associated REST API\n" + }, + "type": { + "type": "string", + "description": "The type of the authorizer. Possible values are `TOKEN` for a Lambda function using a single authorization token submitted in a custom header, `REQUEST` for a Lambda function using incoming request parameters, or `COGNITO_USER_POOLS` for using an Amazon Cognito user pool. Defaults to `TOKEN`.\n" + } + }, + "required": [ + "name", + "restApi" + ], + "inputProperties": { + "authorizerCredentials": { + "type": "string", + "description": "The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.\n" + }, + "authorizerResultTtlInSeconds": { + "type": "integer", + "description": "The TTL of cached authorizer results in seconds. Defaults to `300`.\n" + }, + "authorizerUri": { + "type": "string", + "description": "The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of `arn:aws:apigateway:{region}:lambda:path/{service_api}`,\ne.g. `arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations`\n" + }, + "identitySource": { + "type": "string", + "description": "The source of the identity in an incoming request. Defaults to `method.request.header.Authorization`. For `REQUEST` type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g. `\"method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName\"`\n" + }, + "identityValidationExpression": { + "type": "string", + "description": "A validation expression for the incoming identity. For `TOKEN` type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.\n" + }, + "name": { + "type": "string", + "description": "The name of the authorizer\n" + }, + "providerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the Amazon Cognito user pool ARNs. Each element is of this format: `arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}`.\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + }, + "type": { + "type": "string", + "description": "The type of the authorizer. Possible values are `TOKEN` for a Lambda function using a single authorization token submitted in a custom header, `REQUEST` for a Lambda function using incoming request parameters, or `COGNITO_USER_POOLS` for using an Amazon Cognito user pool. Defaults to `TOKEN`.\n" + } + }, + "requiredInputs": [ + "restApi" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Authorizer resources.\n", + "properties": { + "authorizerCredentials": { + "type": "string", + "description": "The credentials required for the authorizer. To specify an IAM Role for API Gateway to assume, use the IAM Role ARN.\n" + }, + "authorizerResultTtlInSeconds": { + "type": "integer", + "description": "The TTL of cached authorizer results in seconds. Defaults to `300`.\n" + }, + "authorizerUri": { + "type": "string", + "description": "The authorizer's Uniform Resource Identifier (URI). This must be a well-formed Lambda function URI in the form of `arn:aws:apigateway:{region}:lambda:path/{service_api}`,\ne.g. `arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:012345678912:function:my-function/invocations`\n" + }, + "identitySource": { + "type": "string", + "description": "The source of the identity in an incoming request. Defaults to `method.request.header.Authorization`. For `REQUEST` type, this may be a comma-separated list of values, including headers, query string parameters and stage variables - e.g. `\"method.request.header.SomeHeaderName,method.request.querystring.SomeQueryStringName,stageVariables.SomeStageVariableName\"`\n" + }, + "identityValidationExpression": { + "type": "string", + "description": "A validation expression for the incoming identity. For `TOKEN` type, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.\n" + }, + "name": { + "type": "string", + "description": "The name of the authorizer\n" + }, + "providerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the Amazon Cognito user pool ARNs. Each element is of this format: `arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}`.\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + }, + "type": { + "type": "string", + "description": "The type of the authorizer. Possible values are `TOKEN` for a Lambda function using a single authorization token submitted in a custom header, `REQUEST` for a Lambda function using incoming request parameters, or `COGNITO_USER_POOLS` for using an Amazon Cognito user pool. Defaults to `TOKEN`.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/basePathMapping:BasePathMapping": { + "description": "Connects a custom domain name registered via `aws.apigateway.DomainName`\nwith a deployed API so that its methods can be called via the\ncustom domain name.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst exampleStage = new aws.apigateway.Stage(\"exampleStage\", {\n deployment: aws_api_gateway_deployment.example.id,\n restApi: aws_api_gateway_rest_api.example.id,\n stageName: \"example\",\n});\nconst exampleDomainName = new aws.apigateway.DomainName(\"exampleDomainName\", {\n domainName: \"example.com\",\n certificateName: \"example-api\",\n certificateBody: fs.readFileSync(`${path.module}/example.com/example.crt`),\n certificateChain: fs.readFileSync(`${path.module}/example.com/ca.crt`),\n certificatePrivateKey: fs.readFileSync(`${path.module}/example.com/example.key`),\n});\nconst exampleBasePathMapping = new aws.apigateway.BasePathMapping(\"exampleBasePathMapping\", {\n restApi: aws_api_gateway_rest_api.example.id,\n stageName: exampleStage.stageName,\n domainName: exampleDomainName.domainName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_stage = aws.apigateway.Stage(\"exampleStage\",\n deployment=aws_api_gateway_deployment[\"example\"][\"id\"],\n rest_api=aws_api_gateway_rest_api[\"example\"][\"id\"],\n stage_name=\"example\")\nexample_domain_name = aws.apigateway.DomainName(\"exampleDomainName\",\n domain_name=\"example.com\",\n certificate_name=\"example-api\",\n certificate_body=(lambda path: open(path).read())(f\"{path['module']}/example.com/example.crt\"),\n certificate_chain=(lambda path: open(path).read())(f\"{path['module']}/example.com/ca.crt\"),\n certificate_private_key=(lambda path: open(path).read())(f\"{path['module']}/example.com/example.key\"))\nexample_base_path_mapping = aws.apigateway.BasePathMapping(\"exampleBasePathMapping\",\n rest_api=aws_api_gateway_rest_api[\"example\"][\"id\"],\n stage_name=example_stage.stage_name,\n domain_name=example_domain_name.domain_name)\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleStage = new Aws.ApiGateway.Stage(\"exampleStage\", new Aws.ApiGateway.StageArgs\n {\n Deployment = aws_api_gateway_deployment.Example.Id,\n RestApi = aws_api_gateway_rest_api.Example.Id,\n StageName = \"example\",\n });\n var exampleDomainName = new Aws.ApiGateway.DomainName(\"exampleDomainName\", new Aws.ApiGateway.DomainNameArgs\n {\n DomainName = \"example.com\",\n CertificateName = \"example-api\",\n CertificateBody = File.ReadAllText($\"{path.Module}/example.com/example.crt\"),\n CertificateChain = File.ReadAllText($\"{path.Module}/example.com/ca.crt\"),\n CertificatePrivateKey = File.ReadAllText($\"{path.Module}/example.com/example.key\"),\n });\n var exampleBasePathMapping = new Aws.ApiGateway.BasePathMapping(\"exampleBasePathMapping\", new Aws.ApiGateway.BasePathMappingArgs\n {\n RestApi = aws_api_gateway_rest_api.Example.Id,\n StageName = exampleStage.StageName,\n DomainName = exampleDomainName.Domain,\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_api_gateway_base_path_mapping` can be imported by using the domain name and base path, e.g. For empty `base_path` (e.g. root path (`/`))\n\n```sh\n $ pulumi import aws:apigateway/basePathMapping:BasePathMapping example example.com/\n```\n\n Otherwise\n\n```sh\n $ pulumi import aws:apigateway/basePathMapping:BasePathMapping example example.com/base-path\n```\n\n ", + "properties": { + "basePath": { + "type": "string", + "description": "Path segment that must be prepended to the path when accessing the API via this mapping. If omitted, the API is exposed at the root of the given domain.\n" + }, + "domainName": { + "type": "string", + "description": "The already-registered domain name to connect the API to.\n" + }, + "restApi": { + "type": "string", + "description": "The id of the API to connect.\n" + }, + "stageName": { + "type": "string", + "description": "The name of a specific deployment stage to expose at the given path. If omitted, callers may select any stage by including its name as a path element after the base path.\n" + } + }, + "required": [ + "restApi", + "domainName" + ], + "inputProperties": { + "basePath": { + "type": "string", + "description": "Path segment that must be prepended to the path when accessing the API via this mapping. If omitted, the API is exposed at the root of the given domain.\n" + }, + "domainName": { + "type": "string", + "description": "The already-registered domain name to connect the API to.\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The id of the API to connect.\n" + }, + "stageName": { + "type": "string", + "description": "The name of a specific deployment stage to expose at the given path. If omitted, callers may select any stage by including its name as a path element after the base path.\n" + } + }, + "requiredInputs": [ + "restApi", + "domainName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BasePathMapping resources.\n", + "properties": { + "basePath": { + "type": "string", + "description": "Path segment that must be prepended to the path when accessing the API via this mapping. If omitted, the API is exposed at the root of the given domain.\n" + }, + "domainName": { + "type": "string", + "description": "The already-registered domain name to connect the API to.\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The id of the API to connect.\n" + }, + "stageName": { + "type": "string", + "description": "The name of a specific deployment stage to expose at the given path. If omitted, callers may select any stage by including its name as a path element after the base path.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/clientCertificate:ClientCertificate": { + "description": "Provides an API Gateway Client Certificate.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst demo = new aws.apigateway.ClientCertificate(\"demo\", {\n description: \"My client certificate\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndemo = aws.apigateway.ClientCertificate(\"demo\", description=\"My client certificate\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var demo = new Aws.ApiGateway.ClientCertificate(\"demo\", new Aws.ApiGateway.ClientCertificateArgs\n {\n Description = \"My client certificate\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewClientCertificate(ctx, \"demo\", &apigateway.ClientCertificateArgs{\n\t\t\tDescription: pulumi.String(\"My client certificate\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAPI Gateway Client Certificates can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:apigateway/clientCertificate:ClientCertificate demo ab1cqe\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "createdDate": { + "type": "string", + "description": "The date when the client certificate was created.\n" + }, + "description": { + "type": "string", + "description": "The description of the client certificate.\n" + }, + "expirationDate": { + "type": "string", + "description": "The date when the client certificate will expire.\n" + }, + "pemEncodedCertificate": { + "type": "string", + "description": "The PEM-encoded public key of the client certificate.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "createdDate", + "expirationDate", + "pemEncodedCertificate", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the client certificate.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ClientCertificate resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "createdDate": { + "type": "string", + "description": "The date when the client certificate was created.\n" + }, + "description": { + "type": "string", + "description": "The description of the client certificate.\n" + }, + "expirationDate": { + "type": "string", + "description": "The date when the client certificate will expire.\n" + }, + "pemEncodedCertificate": { + "type": "string", + "description": "The PEM-encoded public key of the client certificate.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/deployment:Deployment": { + "description": "Manages an API Gateway REST Deployment. A deployment is a snapshot of the REST API configuration. The deployment can then be published to callable endpoints via the `aws.apigateway.Stage` resource and optionally managed further with the `aws.apigateway.BasePathMapping` resource, `aws.apigateway.DomainName` resource, and `aws_api_method_settings` resource. For more information, see the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-deploy-api.html).\n\nTo properly capture all REST API configuration in a deployment, this resource must have dependencies on all prior resources that manage resources/paths, methods, integrations, etc.\n\n* For REST APIs that are configured via OpenAPI specification (`aws.apigateway.RestApi` resource `body` argument), no special dependency setup is needed beyond referencing the `id` attribute of that resource unless additional resources have further customized the REST API.\n* When the REST API configuration involves other resources (`aws.apigateway.Integration` resource), the dependency setup can be done with implicit resource references in the `triggers` argument or explicit resource references using the [resource `dependsOn` custom option](https://www.pulumi.com/docs/intro/concepts/resources/#dependson). The `triggers` argument should be preferred over `depends_on`, since `depends_on` can only capture dependency ordering and will not cause the resource to recreate (redeploy the REST API) with upstream configuration changes.\n\n!> **WARNING:** It is recommended to use the `aws.apigateway.Stage` resource instead of managing an API Gateway Stage via the `stage_name` argument of this resource. When this resource is recreated (REST API redeployment) with the `stage_name` configured, the stage is deleted and recreated. This will cause a temporary service interruption, increase provide plan differences, and can require a second apply to recreate any downstream stage configuration such as associated `aws_api_method_settings` resources.\n\n{{% examples %}}\n## Example Usage\n{{% /examples %}}", + "properties": { + "createdDate": { + "type": "string", + "description": "The creation date of the deployment\n" + }, + "description": { + "type": "string", + "description": "Description of the deployment\n" + }, + "executionArn": { + "type": "string", + "description": "The execution ARN to be used in `lambda_permission` resource's `source_arn`\nwhen allowing API Gateway to invoke a Lambda function,\ne.g. `arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j/prod`\n" + }, + "invokeUrl": { + "type": "string", + "description": "The URL to invoke the API pointing to the stage,\ne.g. `https://z4675bid1j.execute-api.eu-west-2.amazonaws.com/prod`\n" + }, + "restApi": { + "type": "string", + "description": "REST API identifier.\n" + }, + "stageDescription": { + "type": "string", + "description": "Description to set on the stage managed by the `stage_name` argument.\n" + }, + "stageName": { + "type": "string", + "description": "Name of the stage to create with this deployment. If the specified stage already exists, it will be updated to point to the new deployment. It is recommended to use the `aws.apigateway.Stage` resource instead to manage stages.\n" + }, + "triggers": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of arbitrary keys and values that, when changed, will trigger a redeployment.\n" + }, + "variables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map to set on the stage managed by the `stage_name` argument.\n" + } + }, + "required": [ + "createdDate", + "executionArn", + "invokeUrl", + "restApi" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the deployment\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "REST API identifier.\n" + }, + "stageDescription": { + "type": "string", + "description": "Description to set on the stage managed by the `stage_name` argument.\n" + }, + "stageName": { + "type": "string", + "description": "Name of the stage to create with this deployment. If the specified stage already exists, it will be updated to point to the new deployment. It is recommended to use the `aws.apigateway.Stage` resource instead to manage stages.\n" + }, + "triggers": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of arbitrary keys and values that, when changed, will trigger a redeployment.\n" + }, + "variables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map to set on the stage managed by the `stage_name` argument.\n" + } + }, + "requiredInputs": [ + "restApi" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Deployment resources.\n", + "properties": { + "createdDate": { + "type": "string", + "description": "The creation date of the deployment\n" + }, + "description": { + "type": "string", + "description": "Description of the deployment\n" + }, + "executionArn": { + "type": "string", + "description": "The execution ARN to be used in `lambda_permission` resource's `source_arn`\nwhen allowing API Gateway to invoke a Lambda function,\ne.g. `arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j/prod`\n" + }, + "invokeUrl": { + "type": "string", + "description": "The URL to invoke the API pointing to the stage,\ne.g. `https://z4675bid1j.execute-api.eu-west-2.amazonaws.com/prod`\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "REST API identifier.\n" + }, + "stageDescription": { + "type": "string", + "description": "Description to set on the stage managed by the `stage_name` argument.\n" + }, + "stageName": { + "type": "string", + "description": "Name of the stage to create with this deployment. If the specified stage already exists, it will be updated to point to the new deployment. It is recommended to use the `aws.apigateway.Stage` resource instead to manage stages.\n" + }, + "triggers": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of arbitrary keys and values that, when changed, will trigger a redeployment.\n" + }, + "variables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map to set on the stage managed by the `stage_name` argument.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/documentationPart:DocumentationPart": { + "description": "Provides a settings of an API Gateway Documentation Part.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRestApi = new aws.apigateway.RestApi(\"exampleRestApi\", {});\nconst exampleDocumentationPart = new aws.apigateway.DocumentationPart(\"exampleDocumentationPart\", {\n location: {\n type: \"METHOD\",\n method: \"GET\",\n path: \"/example\",\n },\n properties: \"{\\\"description\\\":\\\"Example description\\\"}\",\n restApiId: exampleRestApi.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_rest_api = aws.apigateway.RestApi(\"exampleRestApi\")\nexample_documentation_part = aws.apigateway.DocumentationPart(\"exampleDocumentationPart\",\n location=aws.apigateway.DocumentationPartLocationArgs(\n type=\"METHOD\",\n method=\"GET\",\n path=\"/example\",\n ),\n properties=\"{\\\"description\\\":\\\"Example description\\\"}\",\n rest_api_id=example_rest_api.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRestApi = new Aws.ApiGateway.RestApi(\"exampleRestApi\", new Aws.ApiGateway.RestApiArgs\n {\n });\n var exampleDocumentationPart = new Aws.ApiGateway.DocumentationPart(\"exampleDocumentationPart\", new Aws.ApiGateway.DocumentationPartArgs\n {\n Location = new Aws.ApiGateway.Inputs.DocumentationPartLocationArgs\n {\n Type = \"METHOD\",\n Method = \"GET\",\n Path = \"/example\",\n },\n Properties = \"{\\\"description\\\":\\\"Example description\\\"}\",\n RestApiId = exampleRestApi.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRestApi, err := apigateway.NewRestApi(ctx, \"exampleRestApi\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewDocumentationPart(ctx, \"exampleDocumentationPart\", &apigateway.DocumentationPartArgs{\n\t\t\tLocation: &apigateway.DocumentationPartLocationArgs{\n\t\t\t\tType: pulumi.String(\"METHOD\"),\n\t\t\t\tMethod: pulumi.String(\"GET\"),\n\t\t\t\tPath: pulumi.String(\"/example\"),\n\t\t\t},\n\t\t\tProperties: pulumi.String(\"{\\\"description\\\":\\\"Example description\\\"}\"),\n\t\t\tRestApiId: exampleRestApi.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAPI Gateway documentation_parts can be imported using `REST-API-ID/DOC-PART-ID`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/documentationPart:DocumentationPart example 5i4e1ko720/3oyy3t\n```\n\n ", + "properties": { + "location": { + "$ref": "#/types/aws:apigateway/DocumentationPartLocation:DocumentationPartLocation", + "description": "The location of the targeted API entity of the to-be-created documentation part. See below.\n" + }, + "properties": { + "type": "string", + "description": "A content map of API-specific key-value pairs describing the targeted API entity. The map must be encoded as a JSON string, e.g., \"{ \\\"description\\\": \\\"The API does ...\\\" }\". Only Swagger-compliant key-value pairs can be exported and, hence, published.\n" + }, + "restApiId": { + "type": "string", + "description": "The ID of the associated Rest API\n" + } + }, + "required": [ + "location", + "properties", + "restApiId" + ], + "inputProperties": { + "location": { + "$ref": "#/types/aws:apigateway/DocumentationPartLocation:DocumentationPartLocation", + "description": "The location of the targeted API entity of the to-be-created documentation part. See below.\n" + }, + "properties": { + "type": "string", + "description": "A content map of API-specific key-value pairs describing the targeted API entity. The map must be encoded as a JSON string, e.g., \"{ \\\"description\\\": \\\"The API does ...\\\" }\". Only Swagger-compliant key-value pairs can be exported and, hence, published.\n" + }, + "restApiId": { + "type": "string", + "description": "The ID of the associated Rest API\n" + } + }, + "requiredInputs": [ + "location", + "properties", + "restApiId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DocumentationPart resources.\n", + "properties": { + "location": { + "$ref": "#/types/aws:apigateway/DocumentationPartLocation:DocumentationPartLocation", + "description": "The location of the targeted API entity of the to-be-created documentation part. See below.\n" + }, + "properties": { + "type": "string", + "description": "A content map of API-specific key-value pairs describing the targeted API entity. The map must be encoded as a JSON string, e.g., \"{ \\\"description\\\": \\\"The API does ...\\\" }\". Only Swagger-compliant key-value pairs can be exported and, hence, published.\n" + }, + "restApiId": { + "type": "string", + "description": "The ID of the associated Rest API\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/documentationVersion:DocumentationVersion": { + "description": "Provides a resource to manage an API Gateway Documentation Version.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRestApi = new aws.apigateway.RestApi(\"exampleRestApi\", {});\nconst exampleDocumentationPart = new aws.apigateway.DocumentationPart(\"exampleDocumentationPart\", {\n location: {\n type: \"API\",\n },\n properties: \"{\\\"description\\\":\\\"Example\\\"}\",\n restApiId: exampleRestApi.id,\n});\nconst exampleDocumentationVersion = new aws.apigateway.DocumentationVersion(\"exampleDocumentationVersion\", {\n version: \"example_version\",\n restApiId: exampleRestApi.id,\n description: \"Example description\",\n}, {\n dependsOn: [exampleDocumentationPart],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_rest_api = aws.apigateway.RestApi(\"exampleRestApi\")\nexample_documentation_part = aws.apigateway.DocumentationPart(\"exampleDocumentationPart\",\n location=aws.apigateway.DocumentationPartLocationArgs(\n type=\"API\",\n ),\n properties=\"{\\\"description\\\":\\\"Example\\\"}\",\n rest_api_id=example_rest_api.id)\nexample_documentation_version = aws.apigateway.DocumentationVersion(\"exampleDocumentationVersion\",\n version=\"example_version\",\n rest_api_id=example_rest_api.id,\n description=\"Example description\",\n opts=pulumi.ResourceOptions(depends_on=[example_documentation_part]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRestApi = new Aws.ApiGateway.RestApi(\"exampleRestApi\", new Aws.ApiGateway.RestApiArgs\n {\n });\n var exampleDocumentationPart = new Aws.ApiGateway.DocumentationPart(\"exampleDocumentationPart\", new Aws.ApiGateway.DocumentationPartArgs\n {\n Location = new Aws.ApiGateway.Inputs.DocumentationPartLocationArgs\n {\n Type = \"API\",\n },\n Properties = \"{\\\"description\\\":\\\"Example\\\"}\",\n RestApiId = exampleRestApi.Id,\n });\n var exampleDocumentationVersion = new Aws.ApiGateway.DocumentationVersion(\"exampleDocumentationVersion\", new Aws.ApiGateway.DocumentationVersionArgs\n {\n Version = \"example_version\",\n RestApiId = exampleRestApi.Id,\n Description = \"Example description\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleDocumentationPart,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRestApi, err := apigateway.NewRestApi(ctx, \"exampleRestApi\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDocumentationPart, err := apigateway.NewDocumentationPart(ctx, \"exampleDocumentationPart\", &apigateway.DocumentationPartArgs{\n\t\t\tLocation: &apigateway.DocumentationPartLocationArgs{\n\t\t\t\tType: pulumi.String(\"API\"),\n\t\t\t},\n\t\t\tProperties: pulumi.String(\"{\\\"description\\\":\\\"Example\\\"}\"),\n\t\t\tRestApiId: exampleRestApi.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewDocumentationVersion(ctx, \"exampleDocumentationVersion\", &apigateway.DocumentationVersionArgs{\n\t\t\tVersion: pulumi.String(\"example_version\"),\n\t\t\tRestApiId: exampleRestApi.ID(),\n\t\t\tDescription: pulumi.String(\"Example description\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleDocumentationPart,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAPI Gateway documentation versions can be imported using `REST-API-ID/VERSION`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/documentationVersion:DocumentationVersion example 5i4e1ko720/example-version\n```\n\n ", + "properties": { + "description": { + "type": "string", + "description": "The description of the API documentation version.\n" + }, + "restApiId": { + "type": "string", + "description": "The ID of the associated Rest API\n" + }, + "version": { + "type": "string", + "description": "The version identifier of the API documentation snapshot.\n" + } + }, + "required": [ + "restApiId", + "version" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the API documentation version.\n" + }, + "restApiId": { + "type": "string", + "description": "The ID of the associated Rest API\n" + }, + "version": { + "type": "string", + "description": "The version identifier of the API documentation snapshot.\n" + } + }, + "requiredInputs": [ + "restApiId", + "version" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DocumentationVersion resources.\n", + "properties": { + "description": { + "type": "string", + "description": "The description of the API documentation version.\n" + }, + "restApiId": { + "type": "string", + "description": "The ID of the associated Rest API\n" + }, + "version": { + "type": "string", + "description": "The version identifier of the API documentation snapshot.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/domainName:DomainName": { + "description": "Registers a custom domain name for use with AWS API Gateway. Additional information about this functionality\ncan be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html).\n\nThis resource just establishes ownership of and the TLS settings for\na particular domain name. An API can be attached to a particular path\nunder the registered domain name using\nthe `aws.apigateway.BasePathMapping` resource.\n\nAPI Gateway domains can be defined as either 'edge-optimized' or 'regional'. In an edge-optimized configuration,\nAPI Gateway internally creates and manages a CloudFront distribution to route requests on the given hostname. In\naddition to this resource it's necessary to create a DNS record corresponding to the given domain name which is an alias\n(either Route53 alias or traditional CNAME) to the Cloudfront domain name exported in the `cloudfront_domain_name`\nattribute.\n\nIn a regional configuration, API Gateway does not create a CloudFront distribution to route requests to the API, though\na distribution can be created if needed. In either case, it is necessary to create a DNS record corresponding to the\ngiven domain name which is an alias (either Route53 alias or traditional CNAME) to the regional domain name exported in\nthe `regional_domain_name` attribute.\n\n> **Note:** API Gateway requires the use of AWS Certificate Manager (ACM) certificates instead of Identity and Access Management (IAM) certificates in regions that support ACM. Regions that support ACM can be found in the [Regions and Endpoints Documentation](https://docs.aws.amazon.com/general/latest/gr/rande.html#acm_region). To import an existing private key and certificate into ACM or request an ACM certificate, see the `aws.acm.Certificate` resource.\n\n> **Note:** The `aws.apigateway.DomainName` resource expects dependency on the `aws.acm.CertificateValidation` as\nonly verified certificates can be used. This can be made either explicitly by adding the\n`depends_on = [aws_acm_certificate_validation.cert]` attribute. Or implicitly by referring certificate ARN\nfrom the validation resource where it will be available after the resource creation:\n`regional_certificate_arn = aws_acm_certificate_validation.cert.certificate_arn`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Edge Optimized (ACM Certificate)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDomainName = new aws.apigateway.DomainName(\"exampleDomainName\", {\n certificateArn: aws_acm_certificate_validation.example.certificate_arn,\n domainName: \"api.example.com\",\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"exampleRecord\", {\n name: exampleDomainName.domainName,\n type: \"A\",\n zoneId: aws_route53_zone.example.id,\n aliases: [{\n evaluateTargetHealth: true,\n name: exampleDomainName.cloudfrontDomainName,\n zoneId: exampleDomainName.cloudfrontZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain_name = aws.apigateway.DomainName(\"exampleDomainName\",\n certificate_arn=aws_acm_certificate_validation[\"example\"][\"certificate_arn\"],\n domain_name=\"api.example.com\")\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"exampleRecord\",\n name=example_domain_name.domain_name,\n type=\"A\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=True,\n name=example_domain_name.cloudfront_domain_name,\n zone_id=example_domain_name.cloudfront_zone_id,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleDomainName = new Aws.ApiGateway.DomainName(\"exampleDomainName\", new Aws.ApiGateway.DomainNameArgs\n {\n CertificateArn = aws_acm_certificate_validation.Example.Certificate_arn,\n DomainName = \"api.example.com\",\n });\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"exampleRecord\", new Aws.Route53.RecordArgs\n {\n Name = exampleDomainName.Domain,\n Type = \"A\",\n ZoneId = aws_route53_zone.Example.Id,\n Aliases = \n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = true,\n Name = exampleDomainName.CloudfrontDomainName,\n ZoneId = exampleDomainName.CloudfrontZoneId,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomainName, err := apigateway.NewDomainName(ctx, \"exampleDomainName\", &apigateway.DomainNameArgs{\n\t\t\tCertificateArn: pulumi.Any(aws_acm_certificate_validation.Example.Certificate_arn),\n\t\t\tDomainName: pulumi.String(\"api.example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"exampleRecord\", &route53.RecordArgs{\n\t\t\tName: exampleDomainName.DomainName,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t&route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t\tName: exampleDomainName.CloudfrontDomainName,\n\t\t\t\t\tZoneId: exampleDomainName.CloudfrontZoneId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Edge Optimized (IAM Certificate)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst exampleDomainName = new aws.apigateway.DomainName(\"exampleDomainName\", {\n domainName: \"api.example.com\",\n certificateName: \"example-api\",\n certificateBody: fs.readFileSync(`${path.module}/example.com/example.crt`),\n certificateChain: fs.readFileSync(`${path.module}/example.com/ca.crt`),\n certificatePrivateKey: fs.readFileSync(`${path.module}/example.com/example.key`),\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"exampleRecord\", {\n zoneId: aws_route53_zone.example.id,\n name: exampleDomainName.domainName,\n type: \"A\",\n aliases: [{\n name: exampleDomainName.cloudfrontDomainName,\n zoneId: exampleDomainName.cloudfrontZoneId,\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain_name = aws.apigateway.DomainName(\"exampleDomainName\",\n domain_name=\"api.example.com\",\n certificate_name=\"example-api\",\n certificate_body=(lambda path: open(path).read())(f\"{path['module']}/example.com/example.crt\"),\n certificate_chain=(lambda path: open(path).read())(f\"{path['module']}/example.com/ca.crt\"),\n certificate_private_key=(lambda path: open(path).read())(f\"{path['module']}/example.com/example.key\"))\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"exampleRecord\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n name=example_domain_name.domain_name,\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=example_domain_name.cloudfront_domain_name,\n zone_id=example_domain_name.cloudfront_zone_id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleDomainName = new Aws.ApiGateway.DomainName(\"exampleDomainName\", new Aws.ApiGateway.DomainNameArgs\n {\n DomainName = \"api.example.com\",\n CertificateName = \"example-api\",\n CertificateBody = File.ReadAllText($\"{path.Module}/example.com/example.crt\"),\n CertificateChain = File.ReadAllText($\"{path.Module}/example.com/ca.crt\"),\n CertificatePrivateKey = File.ReadAllText($\"{path.Module}/example.com/example.key\"),\n });\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"exampleRecord\", new Aws.Route53.RecordArgs\n {\n ZoneId = aws_route53_zone.Example.Id,\n Name = exampleDomainName.Domain,\n Type = \"A\",\n Aliases = \n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = exampleDomainName.CloudfrontDomainName,\n ZoneId = exampleDomainName.CloudfrontZoneId,\n EvaluateTargetHealth = true,\n },\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Regional (ACM Certificate)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDomainName = new aws.apigateway.DomainName(\"exampleDomainName\", {\n domainName: \"api.example.com\",\n regionalCertificateArn: aws_acm_certificate_validation.example.certificate_arn,\n endpointConfiguration: {\n types: [\"REGIONAL\"],\n },\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"exampleRecord\", {\n name: exampleDomainName.domainName,\n type: \"A\",\n zoneId: aws_route53_zone.example.id,\n aliases: [{\n evaluateTargetHealth: true,\n name: exampleDomainName.regionalDomainName,\n zoneId: exampleDomainName.regionalZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain_name = aws.apigateway.DomainName(\"exampleDomainName\",\n domain_name=\"api.example.com\",\n regional_certificate_arn=aws_acm_certificate_validation[\"example\"][\"certificate_arn\"],\n endpoint_configuration=aws.apigateway.DomainNameEndpointConfigurationArgs(\n types=[\"REGIONAL\"],\n ))\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"exampleRecord\",\n name=example_domain_name.domain_name,\n type=\"A\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=True,\n name=example_domain_name.regional_domain_name,\n zone_id=example_domain_name.regional_zone_id,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleDomainName = new Aws.ApiGateway.DomainName(\"exampleDomainName\", new Aws.ApiGateway.DomainNameArgs\n {\n DomainName = \"api.example.com\",\n RegionalCertificateArn = aws_acm_certificate_validation.Example.Certificate_arn,\n EndpointConfiguration = new Aws.ApiGateway.Inputs.DomainNameEndpointConfigurationArgs\n {\n Types = \n {\n \"REGIONAL\",\n },\n },\n });\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"exampleRecord\", new Aws.Route53.RecordArgs\n {\n Name = exampleDomainName.Domain,\n Type = \"A\",\n ZoneId = aws_route53_zone.Example.Id,\n Aliases = \n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = true,\n Name = exampleDomainName.RegionalDomainName,\n ZoneId = exampleDomainName.RegionalZoneId,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomainName, err := apigateway.NewDomainName(ctx, \"exampleDomainName\", &apigateway.DomainNameArgs{\n\t\t\tDomainName: pulumi.String(\"api.example.com\"),\n\t\t\tRegionalCertificateArn: pulumi.Any(aws_acm_certificate_validation.Example.Certificate_arn),\n\t\t\tEndpointConfiguration: &apigateway.DomainNameEndpointConfigurationArgs{\n\t\t\t\tTypes: pulumi.String{\n\t\t\t\t\t\"REGIONAL\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"exampleRecord\", &route53.RecordArgs{\n\t\t\tName: exampleDomainName.DomainName,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t&route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t\tName: exampleDomainName.RegionalDomainName,\n\t\t\t\t\tZoneId: exampleDomainName.RegionalZoneId,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Regional (IAM Certificate)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst exampleDomainName = new aws.apigateway.DomainName(\"exampleDomainName\", {\n certificateBody: fs.readFileSync(`${path.module}/example.com/example.crt`),\n certificateChain: fs.readFileSync(`${path.module}/example.com/ca.crt`),\n certificatePrivateKey: fs.readFileSync(`${path.module}/example.com/example.key`),\n domainName: \"api.example.com\",\n regionalCertificateName: \"example-api\",\n endpointConfiguration: {\n types: [\"REGIONAL\"],\n },\n});\n// Example DNS record using Route53.\n// Route53 is not specifically required; any DNS host can be used.\nconst exampleRecord = new aws.route53.Record(\"exampleRecord\", {\n name: exampleDomainName.domainName,\n type: \"A\",\n zoneId: aws_route53_zone.example.id,\n aliases: [{\n evaluateTargetHealth: true,\n name: exampleDomainName.regionalDomainName,\n zoneId: exampleDomainName.regionalZoneId,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain_name = aws.apigateway.DomainName(\"exampleDomainName\",\n certificate_body=(lambda path: open(path).read())(f\"{path['module']}/example.com/example.crt\"),\n certificate_chain=(lambda path: open(path).read())(f\"{path['module']}/example.com/ca.crt\"),\n certificate_private_key=(lambda path: open(path).read())(f\"{path['module']}/example.com/example.key\"),\n domain_name=\"api.example.com\",\n regional_certificate_name=\"example-api\",\n endpoint_configuration=aws.apigateway.DomainNameEndpointConfigurationArgs(\n types=[\"REGIONAL\"],\n ))\n# Example DNS record using Route53.\n# Route53 is not specifically required; any DNS host can be used.\nexample_record = aws.route53.Record(\"exampleRecord\",\n name=example_domain_name.domain_name,\n type=\"A\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=True,\n name=example_domain_name.regional_domain_name,\n zone_id=example_domain_name.regional_zone_id,\n )])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleDomainName = new Aws.ApiGateway.DomainName(\"exampleDomainName\", new Aws.ApiGateway.DomainNameArgs\n {\n CertificateBody = File.ReadAllText($\"{path.Module}/example.com/example.crt\"),\n CertificateChain = File.ReadAllText($\"{path.Module}/example.com/ca.crt\"),\n CertificatePrivateKey = File.ReadAllText($\"{path.Module}/example.com/example.key\"),\n DomainName = \"api.example.com\",\n RegionalCertificateName = \"example-api\",\n EndpointConfiguration = new Aws.ApiGateway.Inputs.DomainNameEndpointConfigurationArgs\n {\n Types = \n {\n \"REGIONAL\",\n },\n },\n });\n // Example DNS record using Route53.\n // Route53 is not specifically required; any DNS host can be used.\n var exampleRecord = new Aws.Route53.Record(\"exampleRecord\", new Aws.Route53.RecordArgs\n {\n Name = exampleDomainName.Domain,\n Type = \"A\",\n ZoneId = aws_route53_zone.Example.Id,\n Aliases = \n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = true,\n Name = exampleDomainName.RegionalDomainName,\n ZoneId = exampleDomainName.RegionalZoneId,\n },\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAPI Gateway domain names can be imported using their `name`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/domainName:DomainName example dev.example.com\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "certificateArn": { + "type": "string", + "description": "The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with `certificate_name`, `certificate_body`, `certificate_chain`, `certificate_private_key`, `regional_certificate_arn`, and `regional_certificate_name`.\n" + }, + "certificateBody": { + "type": "string", + "description": "The certificate issued for the domain name\nbeing registered, in PEM format. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificate_arn`, `regional_certificate_arn`, and\n`regional_certificate_name`.\n" + }, + "certificateChain": { + "type": "string", + "description": "The certificate for the CA that issued the\ncertificate, along with any intermediate CA certificates required to\ncreate an unbroken chain to a certificate trusted by the intended API clients. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificate_arn`,\n`regional_certificate_arn`, and `regional_certificate_name`.\n" + }, + "certificateName": { + "type": "string", + "description": "The unique name to use when registering this\ncertificate as an IAM server certificate. Conflicts with `certificate_arn`, `regional_certificate_arn`, and\n`regional_certificate_name`. Required if `certificate_arn` is not set.\n" + }, + "certificatePrivateKey": { + "type": "string", + "description": "The private key associated with the\ndomain certificate given in `certificate_body`. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificate_arn`, `regional_certificate_arn`, and `regional_certificate_name`.\n" + }, + "certificateUploadDate": { + "type": "string", + "description": "The upload date associated with the domain certificate.\n" + }, + "cloudfrontDomainName": { + "type": "string", + "description": "The hostname created by Cloudfront to represent\nthe distribution that implements this domain name mapping.\n" + }, + "cloudfrontZoneId": { + "type": "string", + "description": "For convenience, the hosted zone ID (`Z2FDTNDATAQYW2`)\nthat can be used to create a Route53 alias record for the distribution.\n" + }, + "domainName": { + "type": "string", + "description": "The fully-qualified domain name to register\n", + "language": { + "csharp": { + "name": "Domain" + } + } + }, + "endpointConfiguration": { + "$ref": "#/types/aws:apigateway/DomainNameEndpointConfiguration:DomainNameEndpointConfiguration", + "description": "Configuration block defining API endpoint information including type. Defined below.\n" + }, + "mutualTlsAuthentication": { + "$ref": "#/types/aws:apigateway/DomainNameMutualTlsAuthentication:DomainNameMutualTlsAuthentication", + "description": "The mutual TLS authentication configuration for the domain name. Defined below.\n" + }, + "regionalCertificateArn": { + "type": "string", + "description": "The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with `certificate_arn`, `certificate_name`, `certificate_body`, `certificate_chain`, and `certificate_private_key`.\n" + }, + "regionalCertificateName": { + "type": "string", + "description": "The user-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with `certificate_arn`, `certificate_name`, `certificate_body`, `certificate_chain`, and\n`certificate_private_key`.\n" + }, + "regionalDomainName": { + "type": "string", + "description": "The hostname for the custom domain's regional endpoint.\n" + }, + "regionalZoneId": { + "type": "string", + "description": "The hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.\n" + }, + "securityPolicy": { + "type": "string", + "description": "The Transport Layer Security (TLS) version + cipher suite for this DomainName. The valid values are `TLS_1_0` and `TLS_1_2`. Must be configured to perform drift detection.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "certificateUploadDate", + "cloudfrontDomainName", + "cloudfrontZoneId", + "domainName", + "endpointConfiguration", + "regionalDomainName", + "regionalZoneId", + "securityPolicy", + "tagsAll" + ], + "inputProperties": { + "certificateArn": { + "type": "string", + "description": "The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with `certificate_name`, `certificate_body`, `certificate_chain`, `certificate_private_key`, `regional_certificate_arn`, and `regional_certificate_name`.\n" + }, + "certificateBody": { + "type": "string", + "description": "The certificate issued for the domain name\nbeing registered, in PEM format. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificate_arn`, `regional_certificate_arn`, and\n`regional_certificate_name`.\n" + }, + "certificateChain": { + "type": "string", + "description": "The certificate for the CA that issued the\ncertificate, along with any intermediate CA certificates required to\ncreate an unbroken chain to a certificate trusted by the intended API clients. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificate_arn`,\n`regional_certificate_arn`, and `regional_certificate_name`.\n" + }, + "certificateName": { + "type": "string", + "description": "The unique name to use when registering this\ncertificate as an IAM server certificate. Conflicts with `certificate_arn`, `regional_certificate_arn`, and\n`regional_certificate_name`. Required if `certificate_arn` is not set.\n" + }, + "certificatePrivateKey": { + "type": "string", + "description": "The private key associated with the\ndomain certificate given in `certificate_body`. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificate_arn`, `regional_certificate_arn`, and `regional_certificate_name`.\n" + }, + "domainName": { + "type": "string", + "description": "The fully-qualified domain name to register\n", + "language": { + "csharp": { + "name": "Domain" + } + } + }, + "endpointConfiguration": { + "$ref": "#/types/aws:apigateway/DomainNameEndpointConfiguration:DomainNameEndpointConfiguration", + "description": "Configuration block defining API endpoint information including type. Defined below.\n" + }, + "mutualTlsAuthentication": { + "$ref": "#/types/aws:apigateway/DomainNameMutualTlsAuthentication:DomainNameMutualTlsAuthentication", + "description": "The mutual TLS authentication configuration for the domain name. Defined below.\n" + }, + "regionalCertificateArn": { + "type": "string", + "description": "The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with `certificate_arn`, `certificate_name`, `certificate_body`, `certificate_chain`, and `certificate_private_key`.\n" + }, + "regionalCertificateName": { + "type": "string", + "description": "The user-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with `certificate_arn`, `certificate_name`, `certificate_body`, `certificate_chain`, and\n`certificate_private_key`.\n" + }, + "securityPolicy": { + "type": "string", + "description": "The Transport Layer Security (TLS) version + cipher suite for this DomainName. The valid values are `TLS_1_0` and `TLS_1_2`. Must be configured to perform drift detection.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "domainName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DomainName resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "certificateArn": { + "type": "string", + "description": "The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when an edge-optimized domain name is desired. Conflicts with `certificate_name`, `certificate_body`, `certificate_chain`, `certificate_private_key`, `regional_certificate_arn`, and `regional_certificate_name`.\n" + }, + "certificateBody": { + "type": "string", + "description": "The certificate issued for the domain name\nbeing registered, in PEM format. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificate_arn`, `regional_certificate_arn`, and\n`regional_certificate_name`.\n" + }, + "certificateChain": { + "type": "string", + "description": "The certificate for the CA that issued the\ncertificate, along with any intermediate CA certificates required to\ncreate an unbroken chain to a certificate trusted by the intended API clients. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificate_arn`,\n`regional_certificate_arn`, and `regional_certificate_name`.\n" + }, + "certificateName": { + "type": "string", + "description": "The unique name to use when registering this\ncertificate as an IAM server certificate. Conflicts with `certificate_arn`, `regional_certificate_arn`, and\n`regional_certificate_name`. Required if `certificate_arn` is not set.\n" + }, + "certificatePrivateKey": { + "type": "string", + "description": "The private key associated with the\ndomain certificate given in `certificate_body`. Only valid for `EDGE` endpoint configuration type. Conflicts with `certificate_arn`, `regional_certificate_arn`, and `regional_certificate_name`.\n" + }, + "certificateUploadDate": { + "type": "string", + "description": "The upload date associated with the domain certificate.\n" + }, + "cloudfrontDomainName": { + "type": "string", + "description": "The hostname created by Cloudfront to represent\nthe distribution that implements this domain name mapping.\n" + }, + "cloudfrontZoneId": { + "type": "string", + "description": "For convenience, the hosted zone ID (`Z2FDTNDATAQYW2`)\nthat can be used to create a Route53 alias record for the distribution.\n" + }, + "domainName": { + "type": "string", + "description": "The fully-qualified domain name to register\n", + "language": { + "csharp": { + "name": "Domain" + } + } + }, + "endpointConfiguration": { + "$ref": "#/types/aws:apigateway/DomainNameEndpointConfiguration:DomainNameEndpointConfiguration", + "description": "Configuration block defining API endpoint information including type. Defined below.\n" + }, + "mutualTlsAuthentication": { + "$ref": "#/types/aws:apigateway/DomainNameMutualTlsAuthentication:DomainNameMutualTlsAuthentication", + "description": "The mutual TLS authentication configuration for the domain name. Defined below.\n" + }, + "regionalCertificateArn": { + "type": "string", + "description": "The ARN for an AWS-managed certificate. AWS Certificate Manager is the only supported source. Used when a regional domain name is desired. Conflicts with `certificate_arn`, `certificate_name`, `certificate_body`, `certificate_chain`, and `certificate_private_key`.\n" + }, + "regionalCertificateName": { + "type": "string", + "description": "The user-friendly name of the certificate that will be used by regional endpoint for this domain name. Conflicts with `certificate_arn`, `certificate_name`, `certificate_body`, `certificate_chain`, and\n`certificate_private_key`.\n" + }, + "regionalDomainName": { + "type": "string", + "description": "The hostname for the custom domain's regional endpoint.\n" + }, + "regionalZoneId": { + "type": "string", + "description": "The hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.\n" + }, + "securityPolicy": { + "type": "string", + "description": "The Transport Layer Security (TLS) version + cipher suite for this DomainName. The valid values are `TLS_1_0` and `TLS_1_2`. Must be configured to perform drift detection.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/integration:Integration": { + "description": "Provides an HTTP Method Integration for an API Gateway Integration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"myDemoAPI\", {description: \"This is my API for demonstration purposes\"});\nconst myDemoResource = new aws.apigateway.Resource(\"myDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"myDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst myDemoIntegration = new aws.apigateway.Integration(\"myDemoIntegration\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n type: \"MOCK\",\n cacheKeyParameters: [\"method.request.path.param\"],\n cacheNamespace: \"foobar\",\n timeoutMilliseconds: 29000,\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n requestTemplates: {\n \"application/xml\": `{\n \"body\" : $input.json('$')\n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"myDemoAPI\", description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"myDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"myDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nmy_demo_integration = aws.apigateway.Integration(\"myDemoIntegration\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n type=\"MOCK\",\n cache_key_parameters=[\"method.request.path.param\"],\n cache_namespace=\"foobar\",\n timeout_milliseconds=29000,\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n },\n request_templates={\n \"application/xml\": \"\"\"{\n \"body\" : $input.json('$')\n}\n\"\"\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"myDemoAPI\", new Aws.ApiGateway.RestApiArgs\n {\n Description = \"This is my API for demonstration purposes\",\n });\n var myDemoResource = new Aws.ApiGateway.Resource(\"myDemoResource\", new Aws.ApiGateway.ResourceArgs\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n var myDemoMethod = new Aws.ApiGateway.Method(\"myDemoMethod\", new Aws.ApiGateway.MethodArgs\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n var myDemoIntegration = new Aws.ApiGateway.Integration(\"myDemoIntegration\", new Aws.ApiGateway.IntegrationArgs\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n Type = \"MOCK\",\n CacheKeyParameters = \n {\n \"method.request.path.param\",\n },\n CacheNamespace = \"foobar\",\n TimeoutMilliseconds = 29000,\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n },\n RequestTemplates = \n {\n { \"application/xml\", @\"{\n \"\"body\"\" : $input.json('$')\n}\n\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"myDemoAPI\", &apigateway.RestApiArgs{\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"myDemoResource\", &apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoMethod, err := apigateway.NewMethod(ctx, \"myDemoMethod\", &apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"myDemoIntegration\", &apigateway.IntegrationArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t\tCacheKeyParameters: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"method.request.path.param\"),\n\t\t\t},\n\t\t\tCacheNamespace: pulumi.String(\"foobar\"),\n\t\t\tTimeoutMilliseconds: pulumi.Int(29000),\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t},\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/xml\": pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"body\\\" : \", \"$\", \"input.json('\", \"$\", \"')\\n\", \"}\\n\")),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## VPC Link\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst name = config.requireObject(\"name\");\nconst subnetId = config.requireObject(\"subnetId\");\nconst testLoadBalancer = new aws.lb.LoadBalancer(\"testLoadBalancer\", {\n internal: true,\n loadBalancerType: \"network\",\n subnets: [subnetId],\n});\nconst testVpcLink = new aws.apigateway.VpcLink(\"testVpcLink\", {targetArn: [testLoadBalancer.arn]});\nconst testRestApi = new aws.apigateway.RestApi(\"testRestApi\", {});\nconst testResource = new aws.apigateway.Resource(\"testResource\", {\n restApi: testRestApi.id,\n parentId: testRestApi.rootResourceId,\n pathPart: \"test\",\n});\nconst testMethod = new aws.apigateway.Method(\"testMethod\", {\n restApi: testRestApi.id,\n resourceId: testResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n requestModels: {\n \"application/json\": \"Error\",\n },\n});\nconst testIntegration = new aws.apigateway.Integration(\"testIntegration\", {\n restApi: testRestApi.id,\n resourceId: testResource.id,\n httpMethod: testMethod.httpMethod,\n requestTemplates: {\n \"application/json\": \"\",\n \"application/xml\": `#set($inputRoot = $input.path('$'))\n{ }`,\n },\n requestParameters: {\n \"integration.request.header.X-Authorization\": \"'static'\",\n \"integration.request.header.X-Foo\": \"'Bar'\",\n },\n type: \"HTTP\",\n uri: \"https://www.google.de\",\n integrationHttpMethod: \"GET\",\n passthroughBehavior: \"WHEN_NO_MATCH\",\n contentHandling: \"CONVERT_TO_TEXT\",\n connectionType: \"VPC_LINK\",\n connectionId: testVpcLink.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nname = config.require_object(\"name\")\nsubnet_id = config.require_object(\"subnetId\")\ntest_load_balancer = aws.lb.LoadBalancer(\"testLoadBalancer\",\n internal=True,\n load_balancer_type=\"network\",\n subnets=[subnet_id])\ntest_vpc_link = aws.apigateway.VpcLink(\"testVpcLink\", target_arn=[test_load_balancer.arn])\ntest_rest_api = aws.apigateway.RestApi(\"testRestApi\")\ntest_resource = aws.apigateway.Resource(\"testResource\",\n rest_api=test_rest_api.id,\n parent_id=test_rest_api.root_resource_id,\n path_part=\"test\")\ntest_method = aws.apigateway.Method(\"testMethod\",\n rest_api=test_rest_api.id,\n resource_id=test_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\",\n request_models={\n \"application/json\": \"Error\",\n })\ntest_integration = aws.apigateway.Integration(\"testIntegration\",\n rest_api=test_rest_api.id,\n resource_id=test_resource.id,\n http_method=test_method.http_method,\n request_templates={\n \"application/json\": \"\",\n \"application/xml\": \"\"\"#set($inputRoot = $input.path('$'))\n{ }\"\"\",\n },\n request_parameters={\n \"integration.request.header.X-Authorization\": \"'static'\",\n \"integration.request.header.X-Foo\": \"'Bar'\",\n },\n type=\"HTTP\",\n uri=\"https://www.google.de\",\n integration_http_method=\"GET\",\n passthrough_behavior=\"WHEN_NO_MATCH\",\n content_handling=\"CONVERT_TO_TEXT\",\n connection_type=\"VPC_LINK\",\n connection_id=test_vpc_link.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var name = config.RequireObject(\"name\");\n var subnetId = config.RequireObject(\"subnetId\");\n var testLoadBalancer = new Aws.LB.LoadBalancer(\"testLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n Internal = true,\n LoadBalancerType = \"network\",\n Subnets = \n {\n subnetId,\n },\n });\n var testVpcLink = new Aws.ApiGateway.VpcLink(\"testVpcLink\", new Aws.ApiGateway.VpcLinkArgs\n {\n TargetArn = \n {\n testLoadBalancer.Arn,\n },\n });\n var testRestApi = new Aws.ApiGateway.RestApi(\"testRestApi\", new Aws.ApiGateway.RestApiArgs\n {\n });\n var testResource = new Aws.ApiGateway.Resource(\"testResource\", new Aws.ApiGateway.ResourceArgs\n {\n RestApi = testRestApi.Id,\n ParentId = testRestApi.RootResourceId,\n PathPart = \"test\",\n });\n var testMethod = new Aws.ApiGateway.Method(\"testMethod\", new Aws.ApiGateway.MethodArgs\n {\n RestApi = testRestApi.Id,\n ResourceId = testResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n RequestModels = \n {\n { \"application/json\", \"Error\" },\n },\n });\n var testIntegration = new Aws.ApiGateway.Integration(\"testIntegration\", new Aws.ApiGateway.IntegrationArgs\n {\n RestApi = testRestApi.Id,\n ResourceId = testResource.Id,\n HttpMethod = testMethod.HttpMethod,\n RequestTemplates = \n {\n { \"application/json\", \"\" },\n { \"application/xml\", @\"#set($inputRoot = $input.path('$'))\n{ }\" },\n },\n RequestParameters = \n {\n { \"integration.request.header.X-Authorization\", \"'static'\" },\n { \"integration.request.header.X-Foo\", \"'Bar'\" },\n },\n Type = \"HTTP\",\n Uri = \"https://www.google.de\",\n IntegrationHttpMethod = \"GET\",\n PassthroughBehavior = \"WHEN_NO_MATCH\",\n ContentHandling = \"CONVERT_TO_TEXT\",\n ConnectionType = \"VPC_LINK\",\n ConnectionId = testVpcLink.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tname := cfg.RequireObject(\"name\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\ttestLoadBalancer, err := lb.NewLoadBalancer(ctx, \"testLoadBalancer\", &lb.LoadBalancerArgs{\n\t\t\tInternal: pulumi.Bool(true),\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\tpulumi.Any(subnetId),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestVpcLink, err := apigateway.NewVpcLink(ctx, \"testVpcLink\", &apigateway.VpcLinkArgs{\n\t\t\tTargetArn: pulumi.String{\n\t\t\t\ttestLoadBalancer.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRestApi, err := apigateway.NewRestApi(ctx, \"testRestApi\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestResource, err := apigateway.NewResource(ctx, \"testResource\", &apigateway.ResourceArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tParentId: testRestApi.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestMethod, err := apigateway.NewMethod(ctx, \"testMethod\", &apigateway.MethodArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tResourceId: testResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t\tRequestModels: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(\"Error\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"testIntegration\", &apigateway.IntegrationArgs{\n\t\t\tRestApi: testRestApi.ID(),\n\t\t\tResourceId: testResource.ID(),\n\t\t\tHttpMethod: testMethod.HttpMethod,\n\t\t\tRequestTemplates: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(\"\"),\n\t\t\t\t\"application/xml\": pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v\", \"#set(\", \"$\", \"inputRoot = \", \"$\", \"input.path('\", \"$\", \"'))\\n{ }\")),\n\t\t\t},\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"integration.request.header.X-Authorization\": pulumi.String(\"'static'\"),\n\t\t\t\t\"integration.request.header.X-Foo\": pulumi.String(\"'Bar'\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t\tUri: pulumi.String(\"https://www.google.de\"),\n\t\t\tIntegrationHttpMethod: pulumi.String(\"GET\"),\n\t\t\tPassthroughBehavior: pulumi.String(\"WHEN_NO_MATCH\"),\n\t\t\tContentHandling: pulumi.String(\"CONVERT_TO_TEXT\"),\n\t\t\tConnectionType: pulumi.String(\"VPC_LINK\"),\n\t\t\tConnectionId: testVpcLink.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\n`aws_api_gateway_integration` can be imported using `REST-API-ID/RESOURCE-ID/HTTP-METHOD`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/integration:Integration example 12345abcde/67890fghij/GET\n```\n\n ", + "properties": { + "cacheKeyParameters": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of cache key parameters for the integration.\n" + }, + "cacheNamespace": { + "type": "string", + "description": "The integration's cache namespace.\n" + }, + "connectionId": { + "type": "string", + "description": "The id of the VpcLink used for the integration. **Required** if `connection_type` is `VPC_LINK`\n" + }, + "connectionType": { + "type": "string", + "description": "The integration input's [connectionType](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/#connectionType). Valid values are `INTERNET` (default for connections through the public routable internet), and `VPC_LINK` (for private connections between API Gateway and a network load balancer in a VPC).\n" + }, + "contentHandling": { + "type": "string", + "description": "Specifies how to handle request payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through.\n" + }, + "credentials": { + "type": "string", + "description": "The credentials required for the integration. For `AWS` integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string `arn:aws:iam::\\*:user/\\*`.\n" + }, + "httpMethod": { + "type": "string", + "description": "The HTTP method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTION`, `ANY`)\nwhen calling the associated resource.\n" + }, + "integrationHttpMethod": { + "type": "string", + "description": "The integration HTTP method\n(`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONs`, `ANY`, `PATCH`) specifying how API Gateway will interact with the back end.\n**Required** if `type` is `AWS`, `AWS_PROXY`, `HTTP` or `HTTP_PROXY`.\nNot all methods are compatible with all `AWS` integrations.\ne.g. Lambda function [can only be invoked](https://github.com/awslabs/aws-apigateway-importer/issues/9#issuecomment-129651005) via `POST`.\n" + }, + "passthroughBehavior": { + "type": "string", + "description": "The integration passthrough behavior (`WHEN_NO_MATCH`, `WHEN_NO_TEMPLATES`, `NEVER`). **Required** if `request_templates` is used.\n" + }, + "requestParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of request query string parameters and headers that should be passed to the backend responder.\nFor example: `request_parameters = { \"integration.request.header.X-Some-Other-Header\" = \"method.request.header.X-Some-Header\" }`\n" + }, + "requestTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of the integration's request templates.\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID.\n" + }, + "restApi": { + "type": "string", + "description": "The ID of the associated REST API.\n" + }, + "timeoutMilliseconds": { + "type": "integer", + "description": "Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds.\n" + }, + "tlsConfig": { + "$ref": "#/types/aws:apigateway/IntegrationTlsConfig:IntegrationTlsConfig", + "description": "Configuration block specifying the TLS configuration for an integration. Defined below.\n" + }, + "type": { + "type": "string", + "description": "The integration input's [type](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/). Valid values are `HTTP` (for HTTP backends), `MOCK` (not calling any real backend), `AWS` (for AWS services), `AWS_PROXY` (for Lambda proxy integration) and `HTTP_PROXY` (for HTTP proxy integration). An `HTTP` or `HTTP_PROXY` integration with a `connection_type` of `VPC_LINK` is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC.\n" + }, + "uri": { + "type": "string", + "description": "The input's URI. **Required** if `type` is `AWS`, `AWS_PROXY`, `HTTP` or `HTTP_PROXY`.\nFor HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form `arn:aws:apigateway:{region}:{subdomain.service|service}:{path|action}/{service_api}`. `region`, `subdomain` and `service` are used to determine the right endpoint.\ne.g. `arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations`. For private integrations, the URI parameter is not used for routing requests to your endpoint, but is used for setting the Host header and for certificate validation.\n" + } + }, + "required": [ + "cacheNamespace", + "httpMethod", + "passthroughBehavior", + "resourceId", + "restApi", + "type" + ], + "inputProperties": { + "cacheKeyParameters": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of cache key parameters for the integration.\n" + }, + "cacheNamespace": { + "type": "string", + "description": "The integration's cache namespace.\n" + }, + "connectionId": { + "type": "string", + "description": "The id of the VpcLink used for the integration. **Required** if `connection_type` is `VPC_LINK`\n" + }, + "connectionType": { + "type": "string", + "description": "The integration input's [connectionType](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/#connectionType). Valid values are `INTERNET` (default for connections through the public routable internet), and `VPC_LINK` (for private connections between API Gateway and a network load balancer in a VPC).\n" + }, + "contentHandling": { + "type": "string", + "description": "Specifies how to handle request payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through.\n" + }, + "credentials": { + "type": "string", + "description": "The credentials required for the integration. For `AWS` integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string `arn:aws:iam::\\*:user/\\*`.\n" + }, + "httpMethod": { + "type": "string", + "description": "The HTTP method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTION`, `ANY`)\nwhen calling the associated resource.\n" + }, + "integrationHttpMethod": { + "type": "string", + "description": "The integration HTTP method\n(`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONs`, `ANY`, `PATCH`) specifying how API Gateway will interact with the back end.\n**Required** if `type` is `AWS`, `AWS_PROXY`, `HTTP` or `HTTP_PROXY`.\nNot all methods are compatible with all `AWS` integrations.\ne.g. Lambda function [can only be invoked](https://github.com/awslabs/aws-apigateway-importer/issues/9#issuecomment-129651005) via `POST`.\n" + }, + "passthroughBehavior": { + "type": "string", + "description": "The integration passthrough behavior (`WHEN_NO_MATCH`, `WHEN_NO_TEMPLATES`, `NEVER`). **Required** if `request_templates` is used.\n" + }, + "requestParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of request query string parameters and headers that should be passed to the backend responder.\nFor example: `request_parameters = { \"integration.request.header.X-Some-Other-Header\" = \"method.request.header.X-Some-Header\" }`\n" + }, + "requestTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of the integration's request templates.\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID.\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API.\n" + }, + "timeoutMilliseconds": { + "type": "integer", + "description": "Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds.\n" + }, + "tlsConfig": { + "$ref": "#/types/aws:apigateway/IntegrationTlsConfig:IntegrationTlsConfig", + "description": "Configuration block specifying the TLS configuration for an integration. Defined below.\n" + }, + "type": { + "type": "string", + "description": "The integration input's [type](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/). Valid values are `HTTP` (for HTTP backends), `MOCK` (not calling any real backend), `AWS` (for AWS services), `AWS_PROXY` (for Lambda proxy integration) and `HTTP_PROXY` (for HTTP proxy integration). An `HTTP` or `HTTP_PROXY` integration with a `connection_type` of `VPC_LINK` is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC.\n" + }, + "uri": { + "type": "string", + "description": "The input's URI. **Required** if `type` is `AWS`, `AWS_PROXY`, `HTTP` or `HTTP_PROXY`.\nFor HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form `arn:aws:apigateway:{region}:{subdomain.service|service}:{path|action}/{service_api}`. `region`, `subdomain` and `service` are used to determine the right endpoint.\ne.g. `arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations`. For private integrations, the URI parameter is not used for routing requests to your endpoint, but is used for setting the Host header and for certificate validation.\n" + } + }, + "requiredInputs": [ + "httpMethod", + "resourceId", + "restApi", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Integration resources.\n", + "properties": { + "cacheKeyParameters": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of cache key parameters for the integration.\n" + }, + "cacheNamespace": { + "type": "string", + "description": "The integration's cache namespace.\n" + }, + "connectionId": { + "type": "string", + "description": "The id of the VpcLink used for the integration. **Required** if `connection_type` is `VPC_LINK`\n" + }, + "connectionType": { + "type": "string", + "description": "The integration input's [connectionType](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/#connectionType). Valid values are `INTERNET` (default for connections through the public routable internet), and `VPC_LINK` (for private connections between API Gateway and a network load balancer in a VPC).\n" + }, + "contentHandling": { + "type": "string", + "description": "Specifies how to handle request payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`. If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the passthroughBehaviors is configured to support payload pass-through.\n" + }, + "credentials": { + "type": "string", + "description": "The credentials required for the integration. For `AWS` integrations, 2 options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's ARN. To require that the caller's identity be passed through from the request, specify the string `arn:aws:iam::\\*:user/\\*`.\n" + }, + "httpMethod": { + "type": "string", + "description": "The HTTP method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTION`, `ANY`)\nwhen calling the associated resource.\n" + }, + "integrationHttpMethod": { + "type": "string", + "description": "The integration HTTP method\n(`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONs`, `ANY`, `PATCH`) specifying how API Gateway will interact with the back end.\n**Required** if `type` is `AWS`, `AWS_PROXY`, `HTTP` or `HTTP_PROXY`.\nNot all methods are compatible with all `AWS` integrations.\ne.g. Lambda function [can only be invoked](https://github.com/awslabs/aws-apigateway-importer/issues/9#issuecomment-129651005) via `POST`.\n" + }, + "passthroughBehavior": { + "type": "string", + "description": "The integration passthrough behavior (`WHEN_NO_MATCH`, `WHEN_NO_TEMPLATES`, `NEVER`). **Required** if `request_templates` is used.\n" + }, + "requestParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of request query string parameters and headers that should be passed to the backend responder.\nFor example: `request_parameters = { \"integration.request.header.X-Some-Other-Header\" = \"method.request.header.X-Some-Header\" }`\n" + }, + "requestTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of the integration's request templates.\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID.\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API.\n" + }, + "timeoutMilliseconds": { + "type": "integer", + "description": "Custom timeout between 50 and 29,000 milliseconds. The default value is 29,000 milliseconds.\n" + }, + "tlsConfig": { + "$ref": "#/types/aws:apigateway/IntegrationTlsConfig:IntegrationTlsConfig", + "description": "Configuration block specifying the TLS configuration for an integration. Defined below.\n" + }, + "type": { + "type": "string", + "description": "The integration input's [type](https://docs.aws.amazon.com/apigateway/api-reference/resource/integration/). Valid values are `HTTP` (for HTTP backends), `MOCK` (not calling any real backend), `AWS` (for AWS services), `AWS_PROXY` (for Lambda proxy integration) and `HTTP_PROXY` (for HTTP proxy integration). An `HTTP` or `HTTP_PROXY` integration with a `connection_type` of `VPC_LINK` is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC.\n" + }, + "uri": { + "type": "string", + "description": "The input's URI. **Required** if `type` is `AWS`, `AWS_PROXY`, `HTTP` or `HTTP_PROXY`.\nFor HTTP integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification . For AWS integrations, the URI should be of the form `arn:aws:apigateway:{region}:{subdomain.service|service}:{path|action}/{service_api}`. `region`, `subdomain` and `service` are used to determine the right endpoint.\ne.g. `arn:aws:apigateway:eu-west-1:lambda:path/2015-03-31/functions/arn:aws:lambda:eu-west-1:012345678901:function:my-func/invocations`. For private integrations, the URI parameter is not used for routing requests to your endpoint, but is used for setting the Host header and for certificate validation.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/integrationResponse:IntegrationResponse": { + "description": "Provides an HTTP Method Integration Response for an API Gateway Resource.\n\n> **Note:** Depends on having `aws.apigateway.Integration` inside your rest api. To ensure this\nyou might need to add an explicit `depends_on` for clean runs.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"myDemoAPI\", {description: \"This is my API for demonstration purposes\"});\nconst myDemoResource = new aws.apigateway.Resource(\"myDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"myDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst myDemoIntegration = new aws.apigateway.Integration(\"myDemoIntegration\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n type: \"MOCK\",\n});\nconst response200 = new aws.apigateway.MethodResponse(\"response200\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n statusCode: \"200\",\n});\nconst myDemoIntegrationResponse = new aws.apigateway.IntegrationResponse(\"myDemoIntegrationResponse\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n statusCode: response200.statusCode,\n responseTemplates: {\n \"application/xml\": `#set($inputRoot = $input.path('$'))\n\n\n $inputRoot.body\n\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"myDemoAPI\", description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"myDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"myDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nmy_demo_integration = aws.apigateway.Integration(\"myDemoIntegration\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n type=\"MOCK\")\nresponse200 = aws.apigateway.MethodResponse(\"response200\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n status_code=\"200\")\nmy_demo_integration_response = aws.apigateway.IntegrationResponse(\"myDemoIntegrationResponse\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n status_code=response200.status_code,\n response_templates={\n \"application/xml\": \"\"\"#set($inputRoot = $input.path('$'))\n\n\n $inputRoot.body\n\n\"\"\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"myDemoAPI\", new Aws.ApiGateway.RestApiArgs\n {\n Description = \"This is my API for demonstration purposes\",\n });\n var myDemoResource = new Aws.ApiGateway.Resource(\"myDemoResource\", new Aws.ApiGateway.ResourceArgs\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n var myDemoMethod = new Aws.ApiGateway.Method(\"myDemoMethod\", new Aws.ApiGateway.MethodArgs\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n var myDemoIntegration = new Aws.ApiGateway.Integration(\"myDemoIntegration\", new Aws.ApiGateway.IntegrationArgs\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n Type = \"MOCK\",\n });\n var response200 = new Aws.ApiGateway.MethodResponse(\"response200\", new Aws.ApiGateway.MethodResponseArgs\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n StatusCode = \"200\",\n });\n var myDemoIntegrationResponse = new Aws.ApiGateway.IntegrationResponse(\"myDemoIntegrationResponse\", new Aws.ApiGateway.IntegrationResponseArgs\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n StatusCode = response200.StatusCode,\n ResponseTemplates = \n {\n { \"application/xml\", @\"#set($inputRoot = $input.path('$'))\n\n\n $inputRoot.body\n\n\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"myDemoAPI\", &apigateway.RestApiArgs{\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"myDemoResource\", &apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoMethod, err := apigateway.NewMethod(ctx, \"myDemoMethod\", &apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"myDemoIntegration\", &apigateway.IntegrationArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tresponse200, err := apigateway.NewMethodResponse(ctx, \"response200\", &apigateway.MethodResponseArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegrationResponse(ctx, \"myDemoIntegrationResponse\", &apigateway.IntegrationResponseArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tStatusCode: response200.StatusCode,\n\t\t\tResponseTemplates: pulumi.StringMap{\n\t\t\t\t\"application/xml\": pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"#set(\", \"$\", \"inputRoot = \", \"$\", \"input.path('\", \"$\", \"'))\\n\", \"\\n\", \"\\n\", \" \", \"$\", \"inputRoot.body\\n\", \"\\n\")),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_api_gateway_integration_response` can be imported using `REST-API-ID/RESOURCE-ID/HTTP-METHOD/STATUS-CODE`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/integrationResponse:IntegrationResponse example 12345abcde/67890fghij/GET/200\n```\n\n ", + "properties": { + "contentHandling": { + "type": "string", + "description": "Specifies how to handle request payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`. If this property is not defined, the response payload will be passed through from the integration response to the method response without modification.\n" + }, + "httpMethod": { + "type": "string", + "description": "The HTTP method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONS`, `ANY`)\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID\n" + }, + "responseParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of response parameters that can be read from the backend response.\nFor example: `response_parameters = { \"method.response.header.X-Some-Header\" = \"integration.response.header.X-Some-Other-Header\" }`\n" + }, + "responseTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map specifying the templates used to transform the integration response body\n" + }, + "restApi": { + "type": "string", + "description": "The ID of the associated REST API\n" + }, + "selectionPattern": { + "type": "string", + "description": "Specifies the regular expression pattern used to choose\nan integration response based on the response from the backend. Omit configuring this to make the integration the default one.\nIf the backend is an `AWS` Lambda function, the AWS Lambda function error header is matched.\nFor all other `HTTP` and `AWS` backends, the HTTP status code is matched.\n" + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code\n" + } + }, + "required": [ + "httpMethod", + "resourceId", + "restApi", + "statusCode" + ], + "inputProperties": { + "contentHandling": { + "type": "string", + "description": "Specifies how to handle request payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`. If this property is not defined, the response payload will be passed through from the integration response to the method response without modification.\n" + }, + "httpMethod": { + "type": "string", + "description": "The HTTP method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONS`, `ANY`)\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID\n" + }, + "responseParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of response parameters that can be read from the backend response.\nFor example: `response_parameters = { \"method.response.header.X-Some-Header\" = \"integration.response.header.X-Some-Other-Header\" }`\n" + }, + "responseTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map specifying the templates used to transform the integration response body\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + }, + "selectionPattern": { + "type": "string", + "description": "Specifies the regular expression pattern used to choose\nan integration response based on the response from the backend. Omit configuring this to make the integration the default one.\nIf the backend is an `AWS` Lambda function, the AWS Lambda function error header is matched.\nFor all other `HTTP` and `AWS` backends, the HTTP status code is matched.\n" + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code\n" + } + }, + "requiredInputs": [ + "httpMethod", + "resourceId", + "restApi", + "statusCode" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IntegrationResponse resources.\n", + "properties": { + "contentHandling": { + "type": "string", + "description": "Specifies how to handle request payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT`. If this property is not defined, the response payload will be passed through from the integration response to the method response without modification.\n" + }, + "httpMethod": { + "type": "string", + "description": "The HTTP method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONS`, `ANY`)\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID\n" + }, + "responseParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of response parameters that can be read from the backend response.\nFor example: `response_parameters = { \"method.response.header.X-Some-Header\" = \"integration.response.header.X-Some-Other-Header\" }`\n" + }, + "responseTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map specifying the templates used to transform the integration response body\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + }, + "selectionPattern": { + "type": "string", + "description": "Specifies the regular expression pattern used to choose\nan integration response based on the response from the backend. Omit configuring this to make the integration the default one.\nIf the backend is an `AWS` Lambda function, the AWS Lambda function error header is matched.\nFor all other `HTTP` and `AWS` backends, the HTTP status code is matched.\n" + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/method:Method": { + "description": "Provides a HTTP Method for an API Gateway Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"myDemoAPI\", {description: \"This is my API for demonstration purposes\"});\nconst myDemoResource = new aws.apigateway.Resource(\"myDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"myDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"myDemoAPI\", description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"myDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"myDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"myDemoAPI\", new Aws.ApiGateway.RestApiArgs\n {\n Description = \"This is my API for demonstration purposes\",\n });\n var myDemoResource = new Aws.ApiGateway.Resource(\"myDemoResource\", new Aws.ApiGateway.ResourceArgs\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n var myDemoMethod = new Aws.ApiGateway.Method(\"myDemoMethod\", new Aws.ApiGateway.MethodArgs\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"myDemoAPI\", &apigateway.RestApiArgs{\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"myDemoResource\", &apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewMethod(ctx, \"myDemoMethod\", &apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Usage with Cognito User Pool Authorizer\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst cognitoUserPoolName = config.requireObject(\"cognitoUserPoolName\");\nconst thisUserPools = aws.cognito.getUserPools({\n name: cognitoUserPoolName,\n});\nconst thisRestApi = new aws.apigateway.RestApi(\"thisRestApi\", {});\nconst thisResource = new aws.apigateway.Resource(\"thisResource\", {\n restApi: thisRestApi.id,\n parentId: thisRestApi.rootResourceId,\n pathPart: \"{proxy+}\",\n});\nconst thisAuthorizer = new aws.apigateway.Authorizer(\"thisAuthorizer\", {\n type: \"COGNITO_USER_POOLS\",\n restApi: thisRestApi.id,\n providerArns: thisUserPools.then(thisUserPools => thisUserPools.arns),\n});\nconst any = new aws.apigateway.Method(\"any\", {\n restApi: thisRestApi.id,\n resourceId: thisResource.id,\n httpMethod: \"ANY\",\n authorization: \"COGNITO_USER_POOLS\",\n authorizerId: thisAuthorizer.id,\n requestParameters: {\n \"method.request.path.proxy\": true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ncognito_user_pool_name = config.require_object(\"cognitoUserPoolName\")\nthis_user_pools = aws.cognito.get_user_pools(name=cognito_user_pool_name)\nthis_rest_api = aws.apigateway.RestApi(\"thisRestApi\")\nthis_resource = aws.apigateway.Resource(\"thisResource\",\n rest_api=this_rest_api.id,\n parent_id=this_rest_api.root_resource_id,\n path_part=\"{proxy+}\")\nthis_authorizer = aws.apigateway.Authorizer(\"thisAuthorizer\",\n type=\"COGNITO_USER_POOLS\",\n rest_api=this_rest_api.id,\n provider_arns=this_user_pools.arns)\nany = aws.apigateway.Method(\"any\",\n rest_api=this_rest_api.id,\n resource_id=this_resource.id,\n http_method=\"ANY\",\n authorization=\"COGNITO_USER_POOLS\",\n authorizer_id=this_authorizer.id,\n request_parameters={\n \"method.request.path.proxy\": True,\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var cognitoUserPoolName = config.RequireObject(\"cognitoUserPoolName\");\n var thisUserPools = Output.Create(Aws.Cognito.GetUserPools.InvokeAsync(new Aws.Cognito.GetUserPoolsArgs\n {\n Name = cognitoUserPoolName,\n }));\n var thisRestApi = new Aws.ApiGateway.RestApi(\"thisRestApi\", new Aws.ApiGateway.RestApiArgs\n {\n });\n var thisResource = new Aws.ApiGateway.Resource(\"thisResource\", new Aws.ApiGateway.ResourceArgs\n {\n RestApi = thisRestApi.Id,\n ParentId = thisRestApi.RootResourceId,\n PathPart = \"{proxy+}\",\n });\n var thisAuthorizer = new Aws.ApiGateway.Authorizer(\"thisAuthorizer\", new Aws.ApiGateway.AuthorizerArgs\n {\n Type = \"COGNITO_USER_POOLS\",\n RestApi = thisRestApi.Id,\n ProviderArns = thisUserPools.Apply(thisUserPools => thisUserPools.Arns),\n });\n var any = new Aws.ApiGateway.Method(\"any\", new Aws.ApiGateway.MethodArgs\n {\n RestApi = thisRestApi.Id,\n ResourceId = thisResource.Id,\n HttpMethod = \"ANY\",\n Authorization = \"COGNITO_USER_POOLS\",\n AuthorizerId = thisAuthorizer.Id,\n RequestParameters = \n {\n { \"method.request.path.proxy\", true },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tcognitoUserPoolName := cfg.RequireObject(\"cognitoUserPoolName\")\n\t\tthisUserPools, err := cognito.GetUserPools(ctx, &cognito.GetUserPoolsArgs{\n\t\t\tName: cognitoUserPoolName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthisRestApi, err := apigateway.NewRestApi(ctx, \"thisRestApi\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthisResource, err := apigateway.NewResource(ctx, \"thisResource\", &apigateway.ResourceArgs{\n\t\t\tRestApi: thisRestApi.ID(),\n\t\t\tParentId: thisRestApi.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"{proxy+}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tthisAuthorizer, err := apigateway.NewAuthorizer(ctx, \"thisAuthorizer\", &apigateway.AuthorizerArgs{\n\t\t\tType: pulumi.String(\"COGNITO_USER_POOLS\"),\n\t\t\tRestApi: thisRestApi.ID(),\n\t\t\tProviderArns: interface{}(thisUserPools.Arns),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewMethod(ctx, \"any\", &apigateway.MethodArgs{\n\t\t\tRestApi: thisRestApi.ID(),\n\t\t\tResourceId: thisResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"ANY\"),\n\t\t\tAuthorization: pulumi.String(\"COGNITO_USER_POOLS\"),\n\t\t\tAuthorizerId: thisAuthorizer.ID(),\n\t\t\tRequestParameters: pulumi.BoolMap{\n\t\t\t\t\"method.request.path.proxy\": pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\n`aws_api_gateway_method` can be imported using `REST-API-ID/RESOURCE-ID/HTTP-METHOD`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/method:Method example 12345abcde/67890fghij/GET\n```\n\n ", + "properties": { + "apiKeyRequired": { + "type": "boolean", + "description": "Specify if the method requires an API key\n" + }, + "authorization": { + "type": "string", + "description": "The type of authorization used for the method (`NONE`, `CUSTOM`, `AWS_IAM`, `COGNITO_USER_POOLS`)\n" + }, + "authorizationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The authorization scopes used when the authorization is `COGNITO_USER_POOLS`\n" + }, + "authorizerId": { + "type": "string", + "description": "The authorizer id to be used when the authorization is `CUSTOM` or `COGNITO_USER_POOLS`\n" + }, + "httpMethod": { + "type": "string", + "description": "The HTTP Method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONS`, `ANY`)\n" + }, + "operationName": { + "type": "string", + "description": "The function name that will be given to the method when generating an SDK through API Gateway. If omitted, API Gateway will generate a function name based on the resource path and HTTP verb.\n" + }, + "requestModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of the API models used for the request's content type\nwhere key is the content type (e.g. `application/json`)\nand value is either `Error`, `Empty` (built-in models) or `aws.apigateway.Model`'s `name`.\n" + }, + "requestParameters": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A map of request parameters (from the path, query string and headers) that should be passed to the integration. The boolean value indicates whether the parameter is required (`true`) or optional (`false`).\nFor example: `request_parameters = {\"method.request.header.X-Some-Header\" = true \"method.request.querystring.some-query-param\" = true}` would define that the header `X-Some-Header` and the query string `some-query-param` must be provided in the request.\n" + }, + "requestValidatorId": { + "type": "string", + "description": "The ID of a `aws.apigateway.RequestValidator`\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID\n" + }, + "restApi": { + "type": "string", + "description": "The ID of the associated REST API\n" + } + }, + "required": [ + "authorization", + "httpMethod", + "resourceId", + "restApi" + ], + "inputProperties": { + "apiKeyRequired": { + "type": "boolean", + "description": "Specify if the method requires an API key\n" + }, + "authorization": { + "type": "string", + "description": "The type of authorization used for the method (`NONE`, `CUSTOM`, `AWS_IAM`, `COGNITO_USER_POOLS`)\n" + }, + "authorizationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The authorization scopes used when the authorization is `COGNITO_USER_POOLS`\n" + }, + "authorizerId": { + "type": "string", + "description": "The authorizer id to be used when the authorization is `CUSTOM` or `COGNITO_USER_POOLS`\n" + }, + "httpMethod": { + "type": "string", + "description": "The HTTP Method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONS`, `ANY`)\n" + }, + "operationName": { + "type": "string", + "description": "The function name that will be given to the method when generating an SDK through API Gateway. If omitted, API Gateway will generate a function name based on the resource path and HTTP verb.\n" + }, + "requestModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of the API models used for the request's content type\nwhere key is the content type (e.g. `application/json`)\nand value is either `Error`, `Empty` (built-in models) or `aws.apigateway.Model`'s `name`.\n" + }, + "requestParameters": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A map of request parameters (from the path, query string and headers) that should be passed to the integration. The boolean value indicates whether the parameter is required (`true`) or optional (`false`).\nFor example: `request_parameters = {\"method.request.header.X-Some-Header\" = true \"method.request.querystring.some-query-param\" = true}` would define that the header `X-Some-Header` and the query string `some-query-param` must be provided in the request.\n" + }, + "requestValidatorId": { + "type": "string", + "description": "The ID of a `aws.apigateway.RequestValidator`\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + } + }, + "requiredInputs": [ + "authorization", + "httpMethod", + "resourceId", + "restApi" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Method resources.\n", + "properties": { + "apiKeyRequired": { + "type": "boolean", + "description": "Specify if the method requires an API key\n" + }, + "authorization": { + "type": "string", + "description": "The type of authorization used for the method (`NONE`, `CUSTOM`, `AWS_IAM`, `COGNITO_USER_POOLS`)\n" + }, + "authorizationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The authorization scopes used when the authorization is `COGNITO_USER_POOLS`\n" + }, + "authorizerId": { + "type": "string", + "description": "The authorizer id to be used when the authorization is `CUSTOM` or `COGNITO_USER_POOLS`\n" + }, + "httpMethod": { + "type": "string", + "description": "The HTTP Method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONS`, `ANY`)\n" + }, + "operationName": { + "type": "string", + "description": "The function name that will be given to the method when generating an SDK through API Gateway. If omitted, API Gateway will generate a function name based on the resource path and HTTP verb.\n" + }, + "requestModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of the API models used for the request's content type\nwhere key is the content type (e.g. `application/json`)\nand value is either `Error`, `Empty` (built-in models) or `aws.apigateway.Model`'s `name`.\n" + }, + "requestParameters": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A map of request parameters (from the path, query string and headers) that should be passed to the integration. The boolean value indicates whether the parameter is required (`true`) or optional (`false`).\nFor example: `request_parameters = {\"method.request.header.X-Some-Header\" = true \"method.request.querystring.some-query-param\" = true}` would define that the header `X-Some-Header` and the query string `some-query-param` must be provided in the request.\n" + }, + "requestValidatorId": { + "type": "string", + "description": "The ID of a `aws.apigateway.RequestValidator`\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/methodResponse:MethodResponse": { + "description": "Provides an HTTP Method Response for an API Gateway Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"myDemoAPI\", {description: \"This is my API for demonstration purposes\"});\nconst myDemoResource = new aws.apigateway.Resource(\"myDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\nconst myDemoMethod = new aws.apigateway.Method(\"myDemoMethod\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: \"GET\",\n authorization: \"NONE\",\n});\nconst myDemoIntegration = new aws.apigateway.Integration(\"myDemoIntegration\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n type: \"MOCK\",\n});\nconst response200 = new aws.apigateway.MethodResponse(\"response200\", {\n restApi: myDemoAPI.id,\n resourceId: myDemoResource.id,\n httpMethod: myDemoMethod.httpMethod,\n statusCode: \"200\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"myDemoAPI\", description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"myDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\nmy_demo_method = aws.apigateway.Method(\"myDemoMethod\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=\"GET\",\n authorization=\"NONE\")\nmy_demo_integration = aws.apigateway.Integration(\"myDemoIntegration\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n type=\"MOCK\")\nresponse200 = aws.apigateway.MethodResponse(\"response200\",\n rest_api=my_demo_api.id,\n resource_id=my_demo_resource.id,\n http_method=my_demo_method.http_method,\n status_code=\"200\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"myDemoAPI\", new Aws.ApiGateway.RestApiArgs\n {\n Description = \"This is my API for demonstration purposes\",\n });\n var myDemoResource = new Aws.ApiGateway.Resource(\"myDemoResource\", new Aws.ApiGateway.ResourceArgs\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n var myDemoMethod = new Aws.ApiGateway.Method(\"myDemoMethod\", new Aws.ApiGateway.MethodArgs\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = \"GET\",\n Authorization = \"NONE\",\n });\n var myDemoIntegration = new Aws.ApiGateway.Integration(\"myDemoIntegration\", new Aws.ApiGateway.IntegrationArgs\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n Type = \"MOCK\",\n });\n var response200 = new Aws.ApiGateway.MethodResponse(\"response200\", new Aws.ApiGateway.MethodResponseArgs\n {\n RestApi = myDemoAPI.Id,\n ResourceId = myDemoResource.Id,\n HttpMethod = myDemoMethod.HttpMethod,\n StatusCode = \"200\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"myDemoAPI\", &apigateway.RestApiArgs{\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoResource, err := apigateway.NewResource(ctx, \"myDemoResource\", &apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyDemoMethod, err := apigateway.NewMethod(ctx, \"myDemoMethod\", &apigateway.MethodArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\tAuthorization: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewIntegration(ctx, \"myDemoIntegration\", &apigateway.IntegrationArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tType: pulumi.String(\"MOCK\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewMethodResponse(ctx, \"response200\", &apigateway.MethodResponseArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tResourceId: myDemoResource.ID(),\n\t\t\tHttpMethod: myDemoMethod.HttpMethod,\n\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_api_gateway_method_response` can be imported using `REST-API-ID/RESOURCE-ID/HTTP-METHOD/STATUS-CODE`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/methodResponse:MethodResponse example 12345abcde/67890fghij/GET/200\n```\n\n ", + "properties": { + "httpMethod": { + "type": "string", + "description": "The HTTP Method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONS`, `ANY`)\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID\n" + }, + "responseModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of the API models used for the response's content type\n" + }, + "responseParameters": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A map of response parameters that can be sent to the caller.\nFor example: `response_parameters = { \"method.response.header.X-Some-Header\" = true }`\nwould define that the header `X-Some-Header` can be provided on the response.\n" + }, + "restApi": { + "type": "string", + "description": "The ID of the associated REST API\n" + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code\n" + } + }, + "required": [ + "httpMethod", + "resourceId", + "restApi", + "statusCode" + ], + "inputProperties": { + "httpMethod": { + "type": "string", + "description": "The HTTP Method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONS`, `ANY`)\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID\n" + }, + "responseModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of the API models used for the response's content type\n" + }, + "responseParameters": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A map of response parameters that can be sent to the caller.\nFor example: `response_parameters = { \"method.response.header.X-Some-Header\" = true }`\nwould define that the header `X-Some-Header` can be provided on the response.\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code\n" + } + }, + "requiredInputs": [ + "httpMethod", + "resourceId", + "restApi", + "statusCode" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MethodResponse resources.\n", + "properties": { + "httpMethod": { + "type": "string", + "description": "The HTTP Method (`GET`, `POST`, `PUT`, `DELETE`, `HEAD`, `OPTIONS`, `ANY`)\n" + }, + "resourceId": { + "type": "string", + "description": "The API resource ID\n" + }, + "responseModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of the API models used for the response's content type\n" + }, + "responseParameters": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A map of response parameters that can be sent to the caller.\nFor example: `response_parameters = { \"method.response.header.X-Some-Header\" = true }`\nwould define that the header `X-Some-Header` can be provided on the response.\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/methodSettings:MethodSettings": { + "description": "Manages API Gateway Stage Method Settings. For example, CloudWatch logging and metrics.\n\n> **NOTE:** It is recommended to use this resource in conjunction with the `aws.apigateway.Stage` resource instead of a stage managed by the `aws.apigateway.Deployment` resource optional `stage_name` argument. Stages managed by the `aws.apigateway.Deployment` resource are recreated on redeployment and this resource will require a second apply to recreate the method settings.\n\n\n## Import\n\n`aws_api_gateway_method_settings` can be imported using `REST-API-ID/STAGE-NAME/METHOD-PATH`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/methodSettings:MethodSettings example 12345abcde/example/test/GET\n```\n\n ", + "properties": { + "methodPath": { + "type": "string", + "description": "Method path defined as `{resource_path}/{http_method}` for an individual method override, or `*/*` for overriding all methods in the stage. Ensure to trim any leading forward slashes in the path (e.g. `trimprefix(aws_api_gateway_resource.example.path, \"/\")`).\n" + }, + "restApi": { + "type": "string", + "description": "The ID of the REST API\n" + }, + "settings": { + "$ref": "#/types/aws:apigateway/MethodSettingsSettings:MethodSettingsSettings", + "description": "The settings block, see below.\n" + }, + "stageName": { + "type": "string", + "description": "The name of the stage\n" + } + }, + "required": [ + "methodPath", + "restApi", + "settings", + "stageName" + ], + "inputProperties": { + "methodPath": { + "type": "string", + "description": "Method path defined as `{resource_path}/{http_method}` for an individual method override, or `*/*` for overriding all methods in the stage. Ensure to trim any leading forward slashes in the path (e.g. `trimprefix(aws_api_gateway_resource.example.path, \"/\")`).\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the REST API\n" + }, + "settings": { + "$ref": "#/types/aws:apigateway/MethodSettingsSettings:MethodSettingsSettings", + "description": "The settings block, see below.\n" + }, + "stageName": { + "type": "string", + "description": "The name of the stage\n" + } + }, + "requiredInputs": [ + "methodPath", + "restApi", + "settings", + "stageName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MethodSettings resources.\n", + "properties": { + "methodPath": { + "type": "string", + "description": "Method path defined as `{resource_path}/{http_method}` for an individual method override, or `*/*` for overriding all methods in the stage. Ensure to trim any leading forward slashes in the path (e.g. `trimprefix(aws_api_gateway_resource.example.path, \"/\")`).\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the REST API\n" + }, + "settings": { + "$ref": "#/types/aws:apigateway/MethodSettingsSettings:MethodSettingsSettings", + "description": "The settings block, see below.\n" + }, + "stageName": { + "type": "string", + "description": "The name of the stage\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/model:Model": { + "description": "Provides a Model for a REST API Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"myDemoAPI\", {description: \"This is my API for demonstration purposes\"});\nconst myDemoModel = new aws.apigateway.Model(\"myDemoModel\", {\n restApi: myDemoAPI.id,\n description: \"a JSON schema\",\n contentType: \"application/json\",\n schema: `{\n \"type\": \"object\"\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"myDemoAPI\", description=\"This is my API for demonstration purposes\")\nmy_demo_model = aws.apigateway.Model(\"myDemoModel\",\n rest_api=my_demo_api.id,\n description=\"a JSON schema\",\n content_type=\"application/json\",\n schema=\"\"\"{\n \"type\": \"object\"\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"myDemoAPI\", new Aws.ApiGateway.RestApiArgs\n {\n Description = \"This is my API for demonstration purposes\",\n });\n var myDemoModel = new Aws.ApiGateway.Model(\"myDemoModel\", new Aws.ApiGateway.ModelArgs\n {\n RestApi = myDemoAPI.Id,\n Description = \"a JSON schema\",\n ContentType = \"application/json\",\n Schema = @\"{\n \"\"type\"\": \"\"object\"\"\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"myDemoAPI\", &apigateway.RestApiArgs{\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewModel(ctx, \"myDemoModel\", &apigateway.ModelArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tDescription: pulumi.String(\"a JSON schema\"),\n\t\t\tContentType: pulumi.String(\"application/json\"),\n\t\t\tSchema: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"{\\n\", \" \\\"type\\\": \\\"object\\\"\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_api_gateway_model` can be imported using `REST-API-ID/NAME`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/model:Model example 12345abcde/example\n```\n\n ", + "properties": { + "contentType": { + "type": "string", + "description": "The content type of the model\n" + }, + "description": { + "type": "string", + "description": "The description of the model\n" + }, + "name": { + "type": "string", + "description": "The name of the model\n" + }, + "restApi": { + "type": "string", + "description": "The ID of the associated REST API\n" + }, + "schema": { + "type": "string", + "description": "The schema of the model in a JSON form\n" + } + }, + "required": [ + "contentType", + "name", + "restApi" + ], + "inputProperties": { + "contentType": { + "type": "string", + "description": "The content type of the model\n" + }, + "description": { + "type": "string", + "description": "The description of the model\n" + }, + "name": { + "type": "string", + "description": "The name of the model\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + }, + "schema": { + "type": "string", + "description": "The schema of the model in a JSON form\n" + } + }, + "requiredInputs": [ + "contentType", + "restApi" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Model resources.\n", + "properties": { + "contentType": { + "type": "string", + "description": "The content type of the model\n" + }, + "description": { + "type": "string", + "description": "The description of the model\n" + }, + "name": { + "type": "string", + "description": "The name of the model\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + }, + "schema": { + "type": "string", + "description": "The schema of the model in a JSON form\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/requestValidator:RequestValidator": { + "description": "Manages an API Gateway Request Validator.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigateway.RequestValidator(\"example\", {\n restApi: aws_api_gateway_rest_api.example.id,\n validateRequestBody: true,\n validateRequestParameters: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigateway.RequestValidator(\"example\",\n rest_api=aws_api_gateway_rest_api[\"example\"][\"id\"],\n validate_request_body=True,\n validate_request_parameters=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGateway.RequestValidator(\"example\", new Aws.ApiGateway.RequestValidatorArgs\n {\n RestApi = aws_api_gateway_rest_api.Example.Id,\n ValidateRequestBody = true,\n ValidateRequestParameters = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewRequestValidator(ctx, \"example\", &apigateway.RequestValidatorArgs{\n\t\t\tRestApi: pulumi.Any(aws_api_gateway_rest_api.Example.Id),\n\t\t\tValidateRequestBody: pulumi.Bool(true),\n\t\t\tValidateRequestParameters: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_api_gateway_request_validator` can be imported using `REST-API-ID/REQUEST-VALIDATOR-ID`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/requestValidator:RequestValidator example 12345abcde/67890fghij\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name of the request validator\n" + }, + "restApi": { + "type": "string", + "description": "The ID of the associated Rest API\n" + }, + "validateRequestBody": { + "type": "boolean", + "description": "Boolean whether to validate request body. Defaults to `false`.\n" + }, + "validateRequestParameters": { + "type": "boolean", + "description": "Boolean whether to validate request parameters. Defaults to `false`.\n" + } + }, + "required": [ + "name", + "restApi" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the request validator\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated Rest API\n" + }, + "validateRequestBody": { + "type": "boolean", + "description": "Boolean whether to validate request body. Defaults to `false`.\n" + }, + "validateRequestParameters": { + "type": "boolean", + "description": "Boolean whether to validate request parameters. Defaults to `false`.\n" + } + }, + "requiredInputs": [ + "restApi" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RequestValidator resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the request validator\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated Rest API\n" + }, + "validateRequestBody": { + "type": "boolean", + "description": "Boolean whether to validate request body. Defaults to `false`.\n" + }, + "validateRequestParameters": { + "type": "boolean", + "description": "Boolean whether to validate request parameters. Defaults to `false`.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/resource:Resource": { + "description": "Provides an API Gateway Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"myDemoAPI\", {description: \"This is my API for demonstration purposes\"});\nconst myDemoResource = new aws.apigateway.Resource(\"myDemoResource\", {\n restApi: myDemoAPI.id,\n parentId: myDemoAPI.rootResourceId,\n pathPart: \"mydemoresource\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"myDemoAPI\", description=\"This is my API for demonstration purposes\")\nmy_demo_resource = aws.apigateway.Resource(\"myDemoResource\",\n rest_api=my_demo_api.id,\n parent_id=my_demo_api.root_resource_id,\n path_part=\"mydemoresource\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"myDemoAPI\", new Aws.ApiGateway.RestApiArgs\n {\n Description = \"This is my API for demonstration purposes\",\n });\n var myDemoResource = new Aws.ApiGateway.Resource(\"myDemoResource\", new Aws.ApiGateway.ResourceArgs\n {\n RestApi = myDemoAPI.Id,\n ParentId = myDemoAPI.RootResourceId,\n PathPart = \"mydemoresource\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"myDemoAPI\", &apigateway.RestApiArgs{\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewResource(ctx, \"myDemoResource\", &apigateway.ResourceArgs{\n\t\t\tRestApi: myDemoAPI.ID(),\n\t\t\tParentId: myDemoAPI.RootResourceId,\n\t\t\tPathPart: pulumi.String(\"mydemoresource\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_api_gateway_resource` can be imported using `REST-API-ID/RESOURCE-ID`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/resource:Resource example 12345abcde/67890fghij\n```\n\n ", + "properties": { + "parentId": { + "type": "string", + "description": "The ID of the parent API resource\n" + }, + "path": { + "type": "string", + "description": "The complete path for this API resource, including all parent paths.\n" + }, + "pathPart": { + "type": "string", + "description": "The last path segment of this API resource.\n" + }, + "restApi": { + "type": "string", + "description": "The ID of the associated REST API\n" + } + }, + "required": [ + "parentId", + "path", + "pathPart", + "restApi" + ], + "inputProperties": { + "parentId": { + "type": "string", + "description": "The ID of the parent API resource\n" + }, + "pathPart": { + "type": "string", + "description": "The last path segment of this API resource.\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + } + }, + "requiredInputs": [ + "parentId", + "pathPart", + "restApi" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Resource resources.\n", + "properties": { + "parentId": { + "type": "string", + "description": "The ID of the parent API resource\n" + }, + "path": { + "type": "string", + "description": "The complete path for this API resource, including all parent paths.\n" + }, + "pathPart": { + "type": "string", + "description": "The last path segment of this API resource.\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/response:Response": { + "description": "Provides an API Gateway Gateway Response for a REST API Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.apigateway.RestApi(\"main\", {});\nconst test = new aws.apigateway.Response(\"test\", {\n restApiId: main.id,\n statusCode: \"401\",\n responseType: \"UNAUTHORIZED\",\n responseTemplates: {\n \"application/json\": `{\"message\":$context.error.messageString}`,\n },\n responseParameters: {\n \"gatewayresponse.header.Authorization\": \"'Basic'\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.apigateway.RestApi(\"main\")\ntest = aws.apigateway.Response(\"test\",\n rest_api_id=main.id,\n status_code=\"401\",\n response_type=\"UNAUTHORIZED\",\n response_templates={\n \"application/json\": \"{\\\"message\\\":$context.error.messageString}\",\n },\n response_parameters={\n \"gatewayresponse.header.Authorization\": \"'Basic'\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.ApiGateway.RestApi(\"main\", new Aws.ApiGateway.RestApiArgs\n {\n });\n var test = new Aws.ApiGateway.Response(\"test\", new Aws.ApiGateway.ResponseArgs\n {\n RestApiId = main.Id,\n StatusCode = \"401\",\n ResponseType = \"UNAUTHORIZED\",\n ResponseTemplates = \n {\n { \"application/json\", \"{\\\"message\\\":$context.error.messageString}\" },\n },\n ResponseParameters = \n {\n { \"gatewayresponse.header.Authorization\", \"'Basic'\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := apigateway.NewRestApi(ctx, \"main\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewResponse(ctx, \"test\", &apigateway.ResponseArgs{\n\t\t\tRestApiId: main.ID(),\n\t\t\tStatusCode: pulumi.String(\"401\"),\n\t\t\tResponseType: pulumi.String(\"UNAUTHORIZED\"),\n\t\t\tResponseTemplates: pulumi.StringMap{\n\t\t\t\t\"application/json\": pulumi.String(fmt.Sprintf(\"%v%v%v\", \"{\\\"message\\\":\", \"$\", \"context.error.messageString}\")),\n\t\t\t},\n\t\t\tResponseParameters: pulumi.StringMap{\n\t\t\t\t\"gatewayresponse.header.Authorization\": pulumi.String(\"'Basic'\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_api_gateway_gateway_response` can be imported using `REST-API-ID/RESPONSE-TYPE`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/response:Response example 12345abcde/UNAUTHORIZED\n```\n\n ", + "properties": { + "responseParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map specifying the parameters (paths, query strings and headers) of the Gateway Response.\n" + }, + "responseTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map specifying the templates used to transform the response body.\n" + }, + "responseType": { + "type": "string", + "description": "The response type of the associated GatewayResponse.\n" + }, + "restApiId": { + "type": "string", + "description": "The string identifier of the associated REST API.\n" + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code of the Gateway Response.\n" + } + }, + "required": [ + "responseType", + "restApiId" + ], + "inputProperties": { + "responseParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map specifying the parameters (paths, query strings and headers) of the Gateway Response.\n" + }, + "responseTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map specifying the templates used to transform the response body.\n" + }, + "responseType": { + "type": "string", + "description": "The response type of the associated GatewayResponse.\n" + }, + "restApiId": { + "type": "string", + "description": "The string identifier of the associated REST API.\n" + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code of the Gateway Response.\n" + } + }, + "requiredInputs": [ + "responseType", + "restApiId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Response resources.\n", + "properties": { + "responseParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map specifying the parameters (paths, query strings and headers) of the Gateway Response.\n" + }, + "responseTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map specifying the templates used to transform the response body.\n" + }, + "responseType": { + "type": "string", + "description": "The response type of the associated GatewayResponse.\n" + }, + "restApiId": { + "type": "string", + "description": "The string identifier of the associated REST API.\n" + }, + "statusCode": { + "type": "string", + "description": "The HTTP status code of the Gateway Response.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/restApi:RestApi": { + "description": "Manages an API Gateway REST API. The REST API can be configured via [importing an OpenAPI specification](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html) in the `body` argument (with other arguments serving as overrides) or via other provider resources to manage the resources (`aws.apigateway.Resource` resource), methods (`aws.apigateway.Method` resource), integrations (`aws.apigateway.Integration` resource), etc. of the REST API. Once the REST API is configured, the `aws.apigateway.Deployment` resource can be used along with the `aws.apigateway.Stage` resource to publish the REST API.\n\n> **Note:** Amazon API Gateway Version 1 resources are used for creating and deploying REST APIs. To create and deploy WebSocket and HTTP APIs, use Amazon API Gateway Version 2.\n\n{{% examples %}}\n## Example Usage\n{{% /examples %}}\n\n## Import\n\n`aws_api_gateway_rest_api` can be imported by using the REST API ID, e.g.\n\n```sh\n $ pulumi import aws:apigateway/restApi:RestApi example 12345abcde\n```\n\n ", + "properties": { + "apiKeySource": { + "type": "string", + "description": "Source of the API key for requests. Valid values are `HEADER` (default) and `AUTHORIZER`. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-api-key-source` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-api-key-source.html). If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "binaryMediaTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of binary media types supported by the REST API. By default, the REST API supports only UTF-8-encoded text payloads. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-binary-media-types` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-binary-media-types.html). If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "body": { + "type": "string", + "description": "OpenAPI specification that defines the set of routes and integrations to create as part of the REST API. This configuration, and any updates to it, will replace all REST API configuration except values overridden in this resource configuration and other resource updates applied after this resource but before any `aws.apigateway.Deployment` creation. More information about REST API OpenAPI support can be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html).\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the REST API\n" + }, + "description": { + "type": "string", + "description": "Description of the REST API. If importing an OpenAPI specification via the `body` argument, this corresponds to the `info.description` field. If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "disableExecuteApiEndpoint": { + "type": "boolean", + "description": "Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint. Defaults to `false`. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-endpoint-configuration` extension `disableExecuteApiEndpoint` property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html). If the argument value is `true` and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "endpointConfiguration": { + "$ref": "#/types/aws:apigateway/RestApiEndpointConfiguration:RestApiEndpointConfiguration", + "description": "Configuration block defining API endpoint configuration including endpoint type. Defined below.\n" + }, + "executionArn": { + "type": "string", + "description": "The execution ARN part to be used in `lambda_permission`'s `source_arn`\nwhen allowing API Gateway to invoke a Lambda function,\ne.g. `arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j`, which can be concatenated with allowed stage, method and resource path.\n" + }, + "minimumCompressionSize": { + "type": "integer", + "description": "Minimum response size to compress for the REST API. Integer between `-1` and `10485760` (10MB). Setting a value greater than `-1` will enable compression, `-1` disables compression (default). If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-minimum-compression-size` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-openapi-minimum-compression-size.html). If the argument value (_except_ `-1`) is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "name": { + "type": "string", + "description": "Name of the REST API. If importing an OpenAPI specification via the `body` argument, this corresponds to the `info.title` field. If the argument value is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of customizations for importing the specification in the `body` argument. For example, to exclude DocumentationParts from an imported API, set `ignore` equal to `documentation`. Additional documentation, including other parameters such as `basepath`, can be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html).\n" + }, + "policy": { + "type": "string", + "description": "JSON formatted policy document that controls access to the API Gateway. This provider will only perform drift detection of its value when present in a configuration. It is recommended to use the `aws.apigateway.RestApiPolicy` resource instead. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-policy` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/openapi-extensions-policy.html). If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "rootResourceId": { + "type": "string", + "description": "The resource ID of the REST API's root\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "apiKeySource", + "arn", + "binaryMediaTypes", + "createdDate", + "description", + "disableExecuteApiEndpoint", + "endpointConfiguration", + "executionArn", + "name", + "policy", + "rootResourceId", + "tagsAll" + ], + "inputProperties": { + "apiKeySource": { + "type": "string", + "description": "Source of the API key for requests. Valid values are `HEADER` (default) and `AUTHORIZER`. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-api-key-source` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-api-key-source.html). If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "binaryMediaTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of binary media types supported by the REST API. By default, the REST API supports only UTF-8-encoded text payloads. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-binary-media-types` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-binary-media-types.html). If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "body": { + "type": "string", + "description": "OpenAPI specification that defines the set of routes and integrations to create as part of the REST API. This configuration, and any updates to it, will replace all REST API configuration except values overridden in this resource configuration and other resource updates applied after this resource but before any `aws.apigateway.Deployment` creation. More information about REST API OpenAPI support can be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html).\n" + }, + "description": { + "type": "string", + "description": "Description of the REST API. If importing an OpenAPI specification via the `body` argument, this corresponds to the `info.description` field. If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "disableExecuteApiEndpoint": { + "type": "boolean", + "description": "Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint. Defaults to `false`. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-endpoint-configuration` extension `disableExecuteApiEndpoint` property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html). If the argument value is `true` and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "endpointConfiguration": { + "$ref": "#/types/aws:apigateway/RestApiEndpointConfiguration:RestApiEndpointConfiguration", + "description": "Configuration block defining API endpoint configuration including endpoint type. Defined below.\n" + }, + "minimumCompressionSize": { + "type": "integer", + "description": "Minimum response size to compress for the REST API. Integer between `-1` and `10485760` (10MB). Setting a value greater than `-1` will enable compression, `-1` disables compression (default). If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-minimum-compression-size` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-openapi-minimum-compression-size.html). If the argument value (_except_ `-1`) is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "name": { + "type": "string", + "description": "Name of the REST API. If importing an OpenAPI specification via the `body` argument, this corresponds to the `info.title` field. If the argument value is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of customizations for importing the specification in the `body` argument. For example, to exclude DocumentationParts from an imported API, set `ignore` equal to `documentation`. Additional documentation, including other parameters such as `basepath`, can be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html).\n" + }, + "policy": { + "type": "string", + "description": "JSON formatted policy document that controls access to the API Gateway. This provider will only perform drift detection of its value when present in a configuration. It is recommended to use the `aws.apigateway.RestApiPolicy` resource instead. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-policy` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/openapi-extensions-policy.html). If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering RestApi resources.\n", + "properties": { + "apiKeySource": { + "type": "string", + "description": "Source of the API key for requests. Valid values are `HEADER` (default) and `AUTHORIZER`. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-api-key-source` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-api-key-source.html). If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "binaryMediaTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of binary media types supported by the REST API. By default, the REST API supports only UTF-8-encoded text payloads. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-binary-media-types` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-binary-media-types.html). If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "body": { + "type": "string", + "description": "OpenAPI specification that defines the set of routes and integrations to create as part of the REST API. This configuration, and any updates to it, will replace all REST API configuration except values overridden in this resource configuration and other resource updates applied after this resource but before any `aws.apigateway.Deployment` creation. More information about REST API OpenAPI support can be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html).\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the REST API\n" + }, + "description": { + "type": "string", + "description": "Description of the REST API. If importing an OpenAPI specification via the `body` argument, this corresponds to the `info.description` field. If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "disableExecuteApiEndpoint": { + "type": "boolean", + "description": "Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint. Defaults to `false`. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-endpoint-configuration` extension `disableExecuteApiEndpoint` property](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions-endpoint-configuration.html). If the argument value is `true` and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "endpointConfiguration": { + "$ref": "#/types/aws:apigateway/RestApiEndpointConfiguration:RestApiEndpointConfiguration", + "description": "Configuration block defining API endpoint configuration including endpoint type. Defined below.\n" + }, + "executionArn": { + "type": "string", + "description": "The execution ARN part to be used in `lambda_permission`'s `source_arn`\nwhen allowing API Gateway to invoke a Lambda function,\ne.g. `arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j`, which can be concatenated with allowed stage, method and resource path.\n" + }, + "minimumCompressionSize": { + "type": "integer", + "description": "Minimum response size to compress for the REST API. Integer between `-1` and `10485760` (10MB). Setting a value greater than `-1` will enable compression, `-1` disables compression (default). If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-minimum-compression-size` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-openapi-minimum-compression-size.html). If the argument value (_except_ `-1`) is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "name": { + "type": "string", + "description": "Name of the REST API. If importing an OpenAPI specification via the `body` argument, this corresponds to the `info.title` field. If the argument value is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of customizations for importing the specification in the `body` argument. For example, to exclude DocumentationParts from an imported API, set `ignore` equal to `documentation`. Additional documentation, including other parameters such as `basepath`, can be found in the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html).\n" + }, + "policy": { + "type": "string", + "description": "JSON formatted policy document that controls access to the API Gateway. This provider will only perform drift detection of its value when present in a configuration. It is recommended to use the `aws.apigateway.RestApiPolicy` resource instead. If importing an OpenAPI specification via the `body` argument, this corresponds to the [`x-amazon-apigateway-policy` extension](https://docs.aws.amazon.com/apigateway/latest/developerguide/openapi-extensions-policy.html). If the argument value is provided and is different than the OpenAPI value, the argument value will override the OpenAPI value.\n" + }, + "rootResourceId": { + "type": "string", + "description": "The resource ID of the REST API's root\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/restApiPolicy:RestApiPolicy": { + "description": "Provides an API Gateway REST API Policy.\n\n> **Note:** Amazon API Gateway Version 1 resources are used for creating and deploying REST APIs. To create and deploy WebSocket and HTTP APIs, use Amazon API Gateway Version 2 resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testRestApi = new aws.apigateway.RestApi(\"testRestApi\", {});\nconst testRestApiPolicy = new aws.apigateway.RestApiPolicy(\"testRestApiPolicy\", {\n restApiId: testRestApi.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Action\": \"execute-api:Invoke\",\n \"Resource\": \"${testRestApi.executionArn}\",\n \"Condition\": {\n \"IpAddress\": {\n \"aws:SourceIp\": \"123.123.123.123/32\"\n }\n }\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_rest_api = aws.apigateway.RestApi(\"testRestApi\")\ntest_rest_api_policy = aws.apigateway.RestApiPolicy(\"testRestApiPolicy\",\n rest_api_id=test_rest_api.id,\n policy=test_rest_api.execution_arn.apply(lambda execution_arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Principal\": {{\n \"AWS\": \"*\"\n }},\n \"Action\": \"execute-api:Invoke\",\n \"Resource\": \"{execution_arn}\",\n \"Condition\": {{\n \"IpAddress\": {{\n \"aws:SourceIp\": \"123.123.123.123/32\"\n }}\n }}\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testRestApi = new Aws.ApiGateway.RestApi(\"testRestApi\", new Aws.ApiGateway.RestApiArgs\n {\n });\n var testRestApiPolicy = new Aws.ApiGateway.RestApiPolicy(\"testRestApiPolicy\", new Aws.ApiGateway.RestApiPolicyArgs\n {\n RestApiId = testRestApi.Id,\n Policy = testRestApi.ExecutionArn.Apply(executionArn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n \"\"AWS\"\": \"\"*\"\"\n }},\n \"\"Action\"\": \"\"execute-api:Invoke\"\",\n \"\"Resource\"\": \"\"{executionArn}\"\",\n \"\"Condition\"\": {{\n \"\"IpAddress\"\": {{\n \"\"aws:SourceIp\"\": \"\"123.123.123.123/32\"\"\n }}\n }}\n }}\n ]\n}}\n\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestRestApi, err := apigateway.NewRestApi(ctx, \"testRestApi\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewRestApiPolicy(ctx, \"testRestApiPolicy\", &apigateway.RestApiPolicyArgs{\n\t\t\tRestApiId: testRestApi.ID(),\n\t\t\tPolicy: testRestApi.ExecutionArn.ApplyT(func(executionArn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": \\\"*\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"execute-api:Invoke\\\",\\n\", \" \\\"Resource\\\": \\\"\", executionArn, \"\\\",\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"IpAddress\\\": {\\n\", \" \\\"aws:SourceIp\\\": \\\"123.123.123.123/32\\\"\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_api_gateway_rest_api_policy` can be imported by using the REST API ID, e.g.\n\n```sh\n $ pulumi import aws:apigateway/restApiPolicy:RestApiPolicy example 12345abcde\n```\n\n ", + "properties": { + "policy": { + "type": "string", + "description": "JSON formatted policy document that controls access to the API Gateway.\n" + }, + "restApiId": { + "type": "string", + "description": "The ID of the REST API.\n" + } + }, + "required": [ + "policy", + "restApiId" + ], + "inputProperties": { + "policy": { + "type": "string", + "description": "JSON formatted policy document that controls access to the API Gateway.\n" + }, + "restApiId": { + "type": "string", + "description": "The ID of the REST API.\n" + } + }, + "requiredInputs": [ + "policy", + "restApiId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RestApiPolicy resources.\n", + "properties": { + "policy": { + "type": "string", + "description": "JSON formatted policy document that controls access to the API Gateway.\n" + }, + "restApiId": { + "type": "string", + "description": "The ID of the REST API.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/stage:Stage": { + "description": "Manages an API Gateway Stage. A stage is a named reference to a deployment, which can be done via the `aws.apigateway.Deployment` resource. Stages can be optionally managed further with the `aws.apigateway.BasePathMapping` resource, `aws.apigateway.DomainName` resource, and `aws_api_method_settings` resource. For more information, see the [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-stages.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Managing the API Logging CloudWatch Log Group\n\nAPI Gateway provides the ability to [enable CloudWatch API logging](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html). To manage the CloudWatch Log Group when this feature is enabled, the `aws.cloudwatch.LogGroup` resource can be used where the name matches the API Gateway naming convention. If the CloudWatch Log Group previously exists, the `aws.cloudwatch.LogGroup` resource can be imported as a one time operation and recreation of the environment can occur without import.\n\n> The below configuration uses [`dependsOn`](https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson) to prevent ordering issues with API Gateway automatically creating the log group first and a variable for naming consistency. Other ordering and naming methodologies may be more appropriate for your environment.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst stageName = config.get(\"stageName\") || \"example\";\nconst exampleRestApi = new aws.apigateway.RestApi(\"exampleRestApi\", {});\n// ... other configuration ...\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {retentionInDays: 7});\n// ... potentially other configuration ...\nconst exampleStage = new aws.apigateway.Stage(\"exampleStage\", {stageName: stageName}, {\n dependsOn: [exampleLogGroup],\n});\n// ... other configuration ...\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nstage_name = config.get(\"stageName\")\nif stage_name is None:\n stage_name = \"example\"\nexample_rest_api = aws.apigateway.RestApi(\"exampleRestApi\")\n# ... other configuration ...\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\", retention_in_days=7)\n# ... potentially other configuration ...\nexample_stage = aws.apigateway.Stage(\"exampleStage\", stage_name=stage_name,\nopts=pulumi.ResourceOptions(depends_on=[example_log_group]))\n# ... other configuration ...\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var stageName = config.Get(\"stageName\") ?? \"example\";\n var exampleRestApi = new Aws.ApiGateway.RestApi(\"exampleRestApi\", new Aws.ApiGateway.RestApiArgs\n {\n });\n // ... other configuration ...\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new Aws.CloudWatch.LogGroupArgs\n {\n RetentionInDays = 7,\n });\n // ... potentially other configuration ...\n var exampleStage = new Aws.ApiGateway.Stage(\"exampleStage\", new Aws.ApiGateway.StageArgs\n {\n StageName = stageName,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleLogGroup,\n },\n });\n // ... other configuration ...\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tstageName := \"example\"\n\t\tif param := cfg.Get(\"stageName\"); param != \"\" {\n\t\t\tstageName = param\n\t\t}\n\t\t_, err := apigateway.NewRestApi(ctx, \"exampleRestApi\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", &cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewStage(ctx, \"exampleStage\", &apigateway.StageArgs{\n\t\t\tStageName: pulumi.String(stageName),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleLogGroup,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_api_gateway_stage` can be imported using `REST-API-ID/STAGE-NAME`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/stage:Stage example 12345abcde/example\n```\n\n ", + "properties": { + "accessLogSettings": { + "$ref": "#/types/aws:apigateway/StageAccessLogSettings:StageAccessLogSettings", + "description": "Enables access logs for the API stage. Detailed below.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "cacheClusterEnabled": { + "type": "boolean", + "description": "Specifies whether a cache cluster is enabled for the stage\n" + }, + "cacheClusterSize": { + "type": "string", + "description": "The size of the cache cluster for the stage, if enabled. Allowed values include `0.5`, `1.6`, `6.1`, `13.5`, `28.4`, `58.2`, `118` and `237`.\n" + }, + "clientCertificateId": { + "type": "string", + "description": "The identifier of a client certificate for the stage.\n" + }, + "deployment": { + "type": "string", + "description": "The ID of the deployment that the stage points to\n" + }, + "description": { + "type": "string", + "description": "The description of the stage\n" + }, + "documentationVersion": { + "type": "string", + "description": "The version of the associated API documentation\n" + }, + "executionArn": { + "type": "string", + "description": "The execution ARN to be used in `lambda_permission`'s `source_arn`\nwhen allowing API Gateway to invoke a Lambda function,\ne.g. `arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j/prod`\n" + }, + "invokeUrl": { + "type": "string", + "description": "The URL to invoke the API pointing to the stage,\ne.g. `https://z4675bid1j.execute-api.eu-west-2.amazonaws.com/prod`\n" + }, + "restApi": { + "type": "string", + "description": "The ID of the associated REST API\n" + }, + "stageName": { + "type": "string", + "description": "The name of the stage\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "variables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map that defines the stage variables\n" + }, + "xrayTracingEnabled": { + "type": "boolean", + "description": "Whether active tracing with X-ray is enabled. Defaults to `false`.\n" + } + }, + "required": [ + "arn", + "deployment", + "executionArn", + "invokeUrl", + "restApi", + "stageName", + "tagsAll" + ], + "inputProperties": { + "accessLogSettings": { + "$ref": "#/types/aws:apigateway/StageAccessLogSettings:StageAccessLogSettings", + "description": "Enables access logs for the API stage. Detailed below.\n" + }, + "cacheClusterEnabled": { + "type": "boolean", + "description": "Specifies whether a cache cluster is enabled for the stage\n" + }, + "cacheClusterSize": { + "type": "string", + "description": "The size of the cache cluster for the stage, if enabled. Allowed values include `0.5`, `1.6`, `6.1`, `13.5`, `28.4`, `58.2`, `118` and `237`.\n" + }, + "clientCertificateId": { + "type": "string", + "description": "The identifier of a client certificate for the stage.\n" + }, + "deployment": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/deployment:Deployment" + } + ], + "description": "The ID of the deployment that the stage points to\n" + }, + "description": { + "type": "string", + "description": "The description of the stage\n" + }, + "documentationVersion": { + "type": "string", + "description": "The version of the associated API documentation\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + }, + "stageName": { + "type": "string", + "description": "The name of the stage\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "variables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map that defines the stage variables\n" + }, + "xrayTracingEnabled": { + "type": "boolean", + "description": "Whether active tracing with X-ray is enabled. Defaults to `false`.\n" + } + }, + "requiredInputs": [ + "deployment", + "restApi", + "stageName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Stage resources.\n", + "properties": { + "accessLogSettings": { + "$ref": "#/types/aws:apigateway/StageAccessLogSettings:StageAccessLogSettings", + "description": "Enables access logs for the API stage. Detailed below.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "cacheClusterEnabled": { + "type": "boolean", + "description": "Specifies whether a cache cluster is enabled for the stage\n" + }, + "cacheClusterSize": { + "type": "string", + "description": "The size of the cache cluster for the stage, if enabled. Allowed values include `0.5`, `1.6`, `6.1`, `13.5`, `28.4`, `58.2`, `118` and `237`.\n" + }, + "clientCertificateId": { + "type": "string", + "description": "The identifier of a client certificate for the stage.\n" + }, + "deployment": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/deployment:Deployment" + } + ], + "description": "The ID of the deployment that the stage points to\n" + }, + "description": { + "type": "string", + "description": "The description of the stage\n" + }, + "documentationVersion": { + "type": "string", + "description": "The version of the associated API documentation\n" + }, + "executionArn": { + "type": "string", + "description": "The execution ARN to be used in `lambda_permission`'s `source_arn`\nwhen allowing API Gateway to invoke a Lambda function,\ne.g. `arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j/prod`\n" + }, + "invokeUrl": { + "type": "string", + "description": "The URL to invoke the API pointing to the stage,\ne.g. `https://z4675bid1j.execute-api.eu-west-2.amazonaws.com/prod`\n" + }, + "restApi": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:apigateway/restApi:RestApi" + } + ], + "description": "The ID of the associated REST API\n" + }, + "stageName": { + "type": "string", + "description": "The name of the stage\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "variables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map that defines the stage variables\n" + }, + "xrayTracingEnabled": { + "type": "boolean", + "description": "Whether active tracing with X-ray is enabled. Defaults to `false`.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/usagePlan:UsagePlan": { + "description": "Provides an API Gateway Usage Plan.\n\n\n## Import\n\nAWS API Gateway Usage Plan can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/usagePlan:UsagePlan myusageplan \n```\n\n ", + "properties": { + "apiStages": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigateway/UsagePlanApiStage:UsagePlanApiStage" + }, + "description": "The associated API stages of the usage plan.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "description": { + "type": "string", + "description": "The description of a usage plan.\n" + }, + "name": { + "type": "string", + "description": "The name of the usage plan.\n" + }, + "productCode": { + "type": "string", + "description": "The AWS Marketplace product identifier to associate with the usage plan as a SaaS product on AWS Marketplace.\n" + }, + "quotaSettings": { + "$ref": "#/types/aws:apigateway/UsagePlanQuotaSettings:UsagePlanQuotaSettings", + "description": "The quota settings of the usage plan.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "throttleSettings": { + "$ref": "#/types/aws:apigateway/UsagePlanThrottleSettings:UsagePlanThrottleSettings", + "description": "The throttling limits of the usage plan.\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "apiStages": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigateway/UsagePlanApiStage:UsagePlanApiStage" + }, + "description": "The associated API stages of the usage plan.\n" + }, + "description": { + "type": "string", + "description": "The description of a usage plan.\n" + }, + "name": { + "type": "string", + "description": "The name of the usage plan.\n" + }, + "productCode": { + "type": "string", + "description": "The AWS Marketplace product identifier to associate with the usage plan as a SaaS product on AWS Marketplace.\n" + }, + "quotaSettings": { + "$ref": "#/types/aws:apigateway/UsagePlanQuotaSettings:UsagePlanQuotaSettings", + "description": "The quota settings of the usage plan.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "throttleSettings": { + "$ref": "#/types/aws:apigateway/UsagePlanThrottleSettings:UsagePlanThrottleSettings", + "description": "The throttling limits of the usage plan.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering UsagePlan resources.\n", + "properties": { + "apiStages": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigateway/UsagePlanApiStage:UsagePlanApiStage" + }, + "description": "The associated API stages of the usage plan.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "description": { + "type": "string", + "description": "The description of a usage plan.\n" + }, + "name": { + "type": "string", + "description": "The name of the usage plan.\n" + }, + "productCode": { + "type": "string", + "description": "The AWS Marketplace product identifier to associate with the usage plan as a SaaS product on AWS Marketplace.\n" + }, + "quotaSettings": { + "$ref": "#/types/aws:apigateway/UsagePlanQuotaSettings:UsagePlanQuotaSettings", + "description": "The quota settings of the usage plan.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "throttleSettings": { + "$ref": "#/types/aws:apigateway/UsagePlanThrottleSettings:UsagePlanThrottleSettings", + "description": "The throttling limits of the usage plan.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/usagePlanKey:UsagePlanKey": { + "description": "Provides an API Gateway Usage Plan Key.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.apigateway.RestApi(\"test\", {});\n// ...\nconst myusageplan = new aws.apigateway.UsagePlan(\"myusageplan\", {apiStages: [{\n apiId: test.id,\n stage: aws_api_gateway_deployment.foo.stage_name,\n}]});\nconst mykey = new aws.apigateway.ApiKey(\"mykey\", {});\nconst main = new aws.apigateway.UsagePlanKey(\"main\", {\n keyId: mykey.id,\n keyType: \"API_KEY\",\n usagePlanId: myusageplan.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.apigateway.RestApi(\"test\")\n# ...\nmyusageplan = aws.apigateway.UsagePlan(\"myusageplan\", api_stages=[aws.apigateway.UsagePlanApiStageArgs(\n api_id=test.id,\n stage=aws_api_gateway_deployment[\"foo\"][\"stage_name\"],\n)])\nmykey = aws.apigateway.ApiKey(\"mykey\")\nmain = aws.apigateway.UsagePlanKey(\"main\",\n key_id=mykey.id,\n key_type=\"API_KEY\",\n usage_plan_id=myusageplan.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.ApiGateway.RestApi(\"test\", new Aws.ApiGateway.RestApiArgs\n {\n });\n // ...\n var myusageplan = new Aws.ApiGateway.UsagePlan(\"myusageplan\", new Aws.ApiGateway.UsagePlanArgs\n {\n ApiStages = \n {\n new Aws.ApiGateway.Inputs.UsagePlanApiStageArgs\n {\n ApiId = test.Id,\n Stage = aws_api_gateway_deployment.Foo.Stage_name,\n },\n },\n });\n var mykey = new Aws.ApiGateway.ApiKey(\"mykey\", new Aws.ApiGateway.ApiKeyArgs\n {\n });\n var main = new Aws.ApiGateway.UsagePlanKey(\"main\", new Aws.ApiGateway.UsagePlanKeyArgs\n {\n KeyId = mykey.Id,\n KeyType = \"API_KEY\",\n UsagePlanId = myusageplan.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := apigateway.NewRestApi(ctx, \"test\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyusageplan, err := apigateway.NewUsagePlan(ctx, \"myusageplan\", &apigateway.UsagePlanArgs{\n\t\t\tApiStages: apigateway.UsagePlanApiStageArray{\n\t\t\t\t&apigateway.UsagePlanApiStageArgs{\n\t\t\t\t\tApiId: test.ID(),\n\t\t\t\t\tStage: pulumi.Any(aws_api_gateway_deployment.Foo.Stage_name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmykey, err := apigateway.NewApiKey(ctx, \"mykey\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewUsagePlanKey(ctx, \"main\", &apigateway.UsagePlanKeyArgs{\n\t\t\tKeyId: mykey.ID(),\n\t\t\tKeyType: pulumi.String(\"API_KEY\"),\n\t\t\tUsagePlanId: myusageplan.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS API Gateway Usage Plan Key can be imported using the `USAGE-PLAN-ID/USAGE-PLAN-KEY-ID`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/usagePlanKey:UsagePlanKey key 12345abcde/zzz\n```\n\n ", + "properties": { + "keyId": { + "type": "string", + "description": "The identifier of the API key resource.\n" + }, + "keyType": { + "type": "string", + "description": "The type of the API key resource. Currently, the valid key type is API_KEY.\n" + }, + "name": { + "type": "string", + "description": "The name of a usage plan key.\n" + }, + "usagePlanId": { + "type": "string", + "description": "The Id of the usage plan resource representing to associate the key to.\n" + }, + "value": { + "type": "string", + "description": "The value of a usage plan key.\n" + } + }, + "required": [ + "keyId", + "keyType", + "name", + "usagePlanId", + "value" + ], + "inputProperties": { + "keyId": { + "type": "string", + "description": "The identifier of the API key resource.\n" + }, + "keyType": { + "type": "string", + "description": "The type of the API key resource. Currently, the valid key type is API_KEY.\n" + }, + "usagePlanId": { + "type": "string", + "description": "The Id of the usage plan resource representing to associate the key to.\n" + } + }, + "requiredInputs": [ + "keyId", + "keyType", + "usagePlanId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UsagePlanKey resources.\n", + "properties": { + "keyId": { + "type": "string", + "description": "The identifier of the API key resource.\n" + }, + "keyType": { + "type": "string", + "description": "The type of the API key resource. Currently, the valid key type is API_KEY.\n" + }, + "name": { + "type": "string", + "description": "The name of a usage plan key.\n" + }, + "usagePlanId": { + "type": "string", + "description": "The Id of the usage plan resource representing to associate the key to.\n" + }, + "value": { + "type": "string", + "description": "The value of a usage plan key.\n" + } + }, + "type": "object" + } + }, + "aws:apigateway/vpcLink:VpcLink": { + "description": "Provides an API Gateway VPC Link.\n\n> **Note:** Amazon API Gateway Version 1 VPC Links enable private integrations that connect REST APIs to private resources in a VPC.\nTo enable private integration for HTTP APIs, use the `Amazon API Gateway Version 2 VPC Link` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLoadBalancer = new aws.lb.LoadBalancer(\"exampleLoadBalancer\", {\n internal: true,\n loadBalancerType: \"network\",\n subnetMappings: [{\n subnetId: \"12345\",\n }],\n});\nconst exampleVpcLink = new aws.apigateway.VpcLink(\"exampleVpcLink\", {\n description: \"example description\",\n targetArn: [exampleLoadBalancer.arn],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_load_balancer = aws.lb.LoadBalancer(\"exampleLoadBalancer\",\n internal=True,\n load_balancer_type=\"network\",\n subnet_mappings=[aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=\"12345\",\n )])\nexample_vpc_link = aws.apigateway.VpcLink(\"exampleVpcLink\",\n description=\"example description\",\n target_arn=[example_load_balancer.arn])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLoadBalancer = new Aws.LB.LoadBalancer(\"exampleLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n Internal = true,\n LoadBalancerType = \"network\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = \"12345\",\n },\n },\n });\n var exampleVpcLink = new Aws.ApiGateway.VpcLink(\"exampleVpcLink\", new Aws.ApiGateway.VpcLinkArgs\n {\n Description = \"example description\",\n TargetArn = \n {\n exampleLoadBalancer.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLoadBalancer, err := lb.NewLoadBalancer(ctx, \"exampleLoadBalancer\", &lb.LoadBalancerArgs{\n\t\t\tInternal: pulumi.Bool(true),\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.String(\"12345\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewVpcLink(ctx, \"exampleVpcLink\", &apigateway.VpcLinkArgs{\n\t\t\tDescription: pulumi.String(\"example description\"),\n\t\t\tTargetArn: pulumi.String{\n\t\t\t\texampleLoadBalancer.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAPI Gateway VPC Link can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:apigateway/vpcLink:VpcLink example \n```\n\n ", + "properties": { + "arn": { + "type": "string" + }, + "description": { + "type": "string", + "description": "The description of the VPC link.\n" + }, + "name": { + "type": "string", + "description": "The name used to label and identify the VPC link.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetArn": { + "type": "string", + "description": "The list of network load balancer arns in the VPC targeted by the VPC link. Currently AWS only supports 1 target.\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll", + "targetArn" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the VPC link.\n" + }, + "name": { + "type": "string", + "description": "The name used to label and identify the VPC link.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetArn": { + "type": "string", + "description": "The list of network load balancer arns in the VPC targeted by the VPC link. Currently AWS only supports 1 target.\n" + } + }, + "requiredInputs": [ + "targetArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcLink resources.\n", + "properties": { + "arn": { + "type": "string" + }, + "description": { + "type": "string", + "description": "The description of the VPC link.\n" + }, + "name": { + "type": "string", + "description": "The name used to label and identify the VPC link.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetArn": { + "type": "string", + "description": "The list of network load balancer arns in the VPC targeted by the VPC link. Currently AWS only supports 1 target.\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/api:Api": { + "description": "Manages an Amazon API Gateway Version 2 API.\n\n> **Note:** Amazon API Gateway Version 2 resources are used for creating and deploying WebSocket and HTTP APIs. To create and deploy REST APIs, use Amazon API Gateway Version 1.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic WebSocket API\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Api(\"example\", {\n protocolType: \"WEBSOCKET\",\n routeSelectionExpression: \"$request.body.action\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Api(\"example\",\n protocol_type=\"WEBSOCKET\",\n route_selection_expression=\"$request.body.action\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.Api(\"example\", new Aws.ApiGatewayV2.ApiArgs\n {\n ProtocolType = \"WEBSOCKET\",\n RouteSelectionExpression = \"$request.body.action\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewApi(ctx, \"example\", &apigatewayv2.ApiArgs{\n\t\t\tProtocolType: pulumi.String(\"WEBSOCKET\"),\n\t\t\tRouteSelectionExpression: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"request.body.action\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Basic HTTP API\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Api(\"example\", {\n protocolType: \"HTTP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Api(\"example\", protocol_type=\"HTTP\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.Api(\"example\", new Aws.ApiGatewayV2.ApiArgs\n {\n ProtocolType = \"HTTP\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewApi(ctx, \"example\", &apigatewayv2.ApiArgs{\n\t\t\tProtocolType: pulumi.String(\"HTTP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_api` can be imported by using the API identifier, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/api:Api example aabbccddee\n```\n\n ", + "properties": { + "apiEndpoint": { + "type": "string", + "description": "The URI of the API, of the form `https://{api-id}.execute-api.{region}.amazonaws.com` for HTTP APIs and `wss://{api-id}.execute-api.{region}.amazonaws.com` for WebSocket APIs.\n" + }, + "apiKeySelectionExpression": { + "type": "string", + "description": "An [API key selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-apikey-selection-expressions).\nValid values: `$context.authorizer.usageIdentifierKey`, `$request.header.x-api-key`. Defaults to `$request.header.x-api-key`.\nApplicable for WebSocket APIs.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the API.\n" + }, + "body": { + "type": "string", + "description": "An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs.\n" + }, + "corsConfiguration": { + "$ref": "#/types/aws:apigatewayv2/ApiCorsConfiguration:ApiCorsConfiguration", + "description": "The cross-origin resource sharing (CORS) [configuration](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html). Applicable for HTTP APIs.\n" + }, + "credentialsArn": { + "type": "string", + "description": "Part of _quick create_. Specifies any credentials required for the integration. Applicable for HTTP APIs.\n" + }, + "description": { + "type": "string", + "description": "The description of the API. Must be less than or equal to 1024 characters in length.\n" + }, + "disableExecuteApiEndpoint": { + "type": "boolean", + "description": "Whether clients can invoke the API by using the default `execute-api` endpoint.\nBy default, clients can invoke the API with the default `{api_id}.execute-api.{region}.amazonaws.com endpoint`.\nTo require that clients use a custom domain name to invoke the API, disable the default endpoint.\n" + }, + "executionArn": { + "type": "string", + "description": "The ARN prefix to be used in an `aws.lambda.Permission`'s `source_arn` attribute\nor in an `aws.iam.Policy` to authorize access to the [`@connections` API](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-how-to-call-websocket-api-connections.html).\nSee the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-control-access-iam.html) for details.\n" + }, + "failOnWarnings": { + "type": "boolean", + "description": "Whether warnings should return an error while API Gateway is creating or updating the resource using an OpenAPI specification. Defaults to `false`. Applicable for HTTP APIs.\n" + }, + "name": { + "type": "string", + "description": "The name of the API. Must be less than or equal to 128 characters in length.\n" + }, + "protocolType": { + "type": "string", + "description": "The API protocol. Valid values: `HTTP`, `WEBSOCKET`.\n" + }, + "routeKey": { + "type": "string", + "description": "Part of _quick create_. Specifies any [route key](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-routes.html). Applicable for HTTP APIs.\n" + }, + "routeSelectionExpression": { + "type": "string", + "description": "The [route selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-route-selection-expressions) for the API.\nDefaults to `$request.method $request.path`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the API. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "target": { + "type": "string", + "description": "Part of _quick create_. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes.\nFor HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN.\nThe type of the integration will be `HTTP_PROXY` or `AWS_PROXY`, respectively. Applicable for HTTP APIs.\n" + }, + "version": { + "type": "string", + "description": "A version identifier for the API. Must be between 1 and 64 characters in length.\n" + } + }, + "required": [ + "apiEndpoint", + "arn", + "executionArn", + "name", + "protocolType", + "tagsAll" + ], + "inputProperties": { + "apiKeySelectionExpression": { + "type": "string", + "description": "An [API key selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-apikey-selection-expressions).\nValid values: `$context.authorizer.usageIdentifierKey`, `$request.header.x-api-key`. Defaults to `$request.header.x-api-key`.\nApplicable for WebSocket APIs.\n" + }, + "body": { + "type": "string", + "description": "An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs.\n" + }, + "corsConfiguration": { + "$ref": "#/types/aws:apigatewayv2/ApiCorsConfiguration:ApiCorsConfiguration", + "description": "The cross-origin resource sharing (CORS) [configuration](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html). Applicable for HTTP APIs.\n" + }, + "credentialsArn": { + "type": "string", + "description": "Part of _quick create_. Specifies any credentials required for the integration. Applicable for HTTP APIs.\n" + }, + "description": { + "type": "string", + "description": "The description of the API. Must be less than or equal to 1024 characters in length.\n" + }, + "disableExecuteApiEndpoint": { + "type": "boolean", + "description": "Whether clients can invoke the API by using the default `execute-api` endpoint.\nBy default, clients can invoke the API with the default `{api_id}.execute-api.{region}.amazonaws.com endpoint`.\nTo require that clients use a custom domain name to invoke the API, disable the default endpoint.\n" + }, + "failOnWarnings": { + "type": "boolean", + "description": "Whether warnings should return an error while API Gateway is creating or updating the resource using an OpenAPI specification. Defaults to `false`. Applicable for HTTP APIs.\n" + }, + "name": { + "type": "string", + "description": "The name of the API. Must be less than or equal to 128 characters in length.\n" + }, + "protocolType": { + "type": "string", + "description": "The API protocol. Valid values: `HTTP`, `WEBSOCKET`.\n" + }, + "routeKey": { + "type": "string", + "description": "Part of _quick create_. Specifies any [route key](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-routes.html). Applicable for HTTP APIs.\n" + }, + "routeSelectionExpression": { + "type": "string", + "description": "The [route selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-route-selection-expressions) for the API.\nDefaults to `$request.method $request.path`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the API. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "target": { + "type": "string", + "description": "Part of _quick create_. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes.\nFor HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN.\nThe type of the integration will be `HTTP_PROXY` or `AWS_PROXY`, respectively. Applicable for HTTP APIs.\n" + }, + "version": { + "type": "string", + "description": "A version identifier for the API. Must be between 1 and 64 characters in length.\n" + } + }, + "requiredInputs": [ + "protocolType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Api resources.\n", + "properties": { + "apiEndpoint": { + "type": "string", + "description": "The URI of the API, of the form `https://{api-id}.execute-api.{region}.amazonaws.com` for HTTP APIs and `wss://{api-id}.execute-api.{region}.amazonaws.com` for WebSocket APIs.\n" + }, + "apiKeySelectionExpression": { + "type": "string", + "description": "An [API key selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-apikey-selection-expressions).\nValid values: `$context.authorizer.usageIdentifierKey`, `$request.header.x-api-key`. Defaults to `$request.header.x-api-key`.\nApplicable for WebSocket APIs.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the API.\n" + }, + "body": { + "type": "string", + "description": "An OpenAPI specification that defines the set of routes and integrations to create as part of the HTTP APIs. Supported only for HTTP APIs.\n" + }, + "corsConfiguration": { + "$ref": "#/types/aws:apigatewayv2/ApiCorsConfiguration:ApiCorsConfiguration", + "description": "The cross-origin resource sharing (CORS) [configuration](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html). Applicable for HTTP APIs.\n" + }, + "credentialsArn": { + "type": "string", + "description": "Part of _quick create_. Specifies any credentials required for the integration. Applicable for HTTP APIs.\n" + }, + "description": { + "type": "string", + "description": "The description of the API. Must be less than or equal to 1024 characters in length.\n" + }, + "disableExecuteApiEndpoint": { + "type": "boolean", + "description": "Whether clients can invoke the API by using the default `execute-api` endpoint.\nBy default, clients can invoke the API with the default `{api_id}.execute-api.{region}.amazonaws.com endpoint`.\nTo require that clients use a custom domain name to invoke the API, disable the default endpoint.\n" + }, + "executionArn": { + "type": "string", + "description": "The ARN prefix to be used in an `aws.lambda.Permission`'s `source_arn` attribute\nor in an `aws.iam.Policy` to authorize access to the [`@connections` API](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-how-to-call-websocket-api-connections.html).\nSee the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-control-access-iam.html) for details.\n" + }, + "failOnWarnings": { + "type": "boolean", + "description": "Whether warnings should return an error while API Gateway is creating or updating the resource using an OpenAPI specification. Defaults to `false`. Applicable for HTTP APIs.\n" + }, + "name": { + "type": "string", + "description": "The name of the API. Must be less than or equal to 128 characters in length.\n" + }, + "protocolType": { + "type": "string", + "description": "The API protocol. Valid values: `HTTP`, `WEBSOCKET`.\n" + }, + "routeKey": { + "type": "string", + "description": "Part of _quick create_. Specifies any [route key](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-routes.html). Applicable for HTTP APIs.\n" + }, + "routeSelectionExpression": { + "type": "string", + "description": "The [route selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-route-selection-expressions) for the API.\nDefaults to `$request.method $request.path`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the API. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "target": { + "type": "string", + "description": "Part of _quick create_. Quick create produces an API with an integration, a default catch-all route, and a default stage which is configured to automatically deploy changes.\nFor HTTP integrations, specify a fully qualified URL. For Lambda integrations, specify a function ARN.\nThe type of the integration will be `HTTP_PROXY` or `AWS_PROXY`, respectively. Applicable for HTTP APIs.\n" + }, + "version": { + "type": "string", + "description": "A version identifier for the API. Must be between 1 and 64 characters in length.\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/apiMapping:ApiMapping": { + "description": "Manages an Amazon API Gateway Version 2 API mapping.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.ApiMapping(\"example\", {\n apiId: aws_apigatewayv2_api.example.id,\n domainName: aws_apigatewayv2_domain_name.example.id,\n stage: aws_apigatewayv2_stage.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.ApiMapping(\"example\",\n api_id=aws_apigatewayv2_api[\"example\"][\"id\"],\n domain_name=aws_apigatewayv2_domain_name[\"example\"][\"id\"],\n stage=aws_apigatewayv2_stage[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.ApiMapping(\"example\", new Aws.ApiGatewayV2.ApiMappingArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n DomainName = aws_apigatewayv2_domain_name.Example.Id,\n Stage = aws_apigatewayv2_stage.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewApiMapping(ctx, \"example\", &apigatewayv2.ApiMappingArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_api.Example.Id),\n\t\t\tDomainName: pulumi.Any(aws_apigatewayv2_domain_name.Example.Id),\n\t\t\tStage: pulumi.Any(aws_apigatewayv2_stage.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_api_mapping` can be imported by using the API mapping identifier and domain name, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/apiMapping:ApiMapping example 1122334/ws-api.example.com\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "apiMappingKey": { + "type": "string", + "description": "The [API mapping key](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-mapping-template-reference.html).\n" + }, + "domainName": { + "type": "string", + "description": "The domain name. Use the `aws.apigatewayv2.DomainName` resource to configure a domain name.\n" + }, + "stage": { + "type": "string", + "description": "The API stage. Use the `aws.apigatewayv2.Stage` resource to configure an API stage.\n" + } + }, + "required": [ + "apiId", + "domainName", + "stage" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "apiMappingKey": { + "type": "string", + "description": "The [API mapping key](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-mapping-template-reference.html).\n" + }, + "domainName": { + "type": "string", + "description": "The domain name. Use the `aws.apigatewayv2.DomainName` resource to configure a domain name.\n" + }, + "stage": { + "type": "string", + "description": "The API stage. Use the `aws.apigatewayv2.Stage` resource to configure an API stage.\n" + } + }, + "requiredInputs": [ + "apiId", + "domainName", + "stage" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ApiMapping resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "apiMappingKey": { + "type": "string", + "description": "The [API mapping key](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-mapping-template-reference.html).\n" + }, + "domainName": { + "type": "string", + "description": "The domain name. Use the `aws.apigatewayv2.DomainName` resource to configure a domain name.\n" + }, + "stage": { + "type": "string", + "description": "The API stage. Use the `aws.apigatewayv2.Stage` resource to configure an API stage.\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/authorizer:Authorizer": { + "description": "Manages an Amazon API Gateway Version 2 authorizer.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic WebSocket API\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Authorizer(\"example\", {\n apiId: aws_apigatewayv2_api.example.id,\n authorizerType: \"REQUEST\",\n authorizerUri: aws_lambda_function.example.invoke_arn,\n identitySources: [\"route.request.header.Auth\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Authorizer(\"example\",\n api_id=aws_apigatewayv2_api[\"example\"][\"id\"],\n authorizer_type=\"REQUEST\",\n authorizer_uri=aws_lambda_function[\"example\"][\"invoke_arn\"],\n identity_sources=[\"route.request.header.Auth\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.Authorizer(\"example\", new Aws.ApiGatewayV2.AuthorizerArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n AuthorizerType = \"REQUEST\",\n AuthorizerUri = aws_lambda_function.Example.Invoke_arn,\n IdentitySources = \n {\n \"route.request.header.Auth\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewAuthorizer(ctx, \"example\", &apigatewayv2.AuthorizerArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_api.Example.Id),\n\t\t\tAuthorizerType: pulumi.String(\"REQUEST\"),\n\t\t\tAuthorizerUri: pulumi.Any(aws_lambda_function.Example.Invoke_arn),\n\t\t\tIdentitySources: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"route.request.header.Auth\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Basic HTTP API\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Authorizer(\"example\", {\n apiId: aws_apigatewayv2_api.example.id,\n authorizerType: \"JWT\",\n identitySources: [`$request.header.Authorization`],\n jwtConfiguration: {\n audiences: [\"example\"],\n issuer: `https://${aws_cognito_user_pool.example.endpoint}`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Authorizer(\"example\",\n api_id=aws_apigatewayv2_api[\"example\"][\"id\"],\n authorizer_type=\"JWT\",\n identity_sources=[\"$request.header.Authorization\"],\n jwt_configuration=aws.apigatewayv2.AuthorizerJwtConfigurationArgs(\n audiences=[\"example\"],\n issuer=f\"https://{aws_cognito_user_pool['example']['endpoint']}\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.Authorizer(\"example\", new Aws.ApiGatewayV2.AuthorizerArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n AuthorizerType = \"JWT\",\n IdentitySources = \n {\n \"$request.header.Authorization\",\n },\n JwtConfiguration = new Aws.ApiGatewayV2.Inputs.AuthorizerJwtConfigurationArgs\n {\n Audiences = \n {\n \"example\",\n },\n Issuer = $\"https://{aws_cognito_user_pool.Example.Endpoint}\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewAuthorizer(ctx, \"example\", &apigatewayv2.AuthorizerArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_api.Example.Id),\n\t\t\tAuthorizerType: pulumi.String(\"JWT\"),\n\t\t\tIdentitySources: pulumi.StringArray{\n\t\t\t\tpulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"request.header.Authorization\")),\n\t\t\t},\n\t\t\tJwtConfiguration: &apigatewayv2.AuthorizerJwtConfigurationArgs{\n\t\t\t\tAudiences: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"example\"),\n\t\t\t\t},\n\t\t\t\tIssuer: pulumi.String(fmt.Sprintf(\"%v%v\", \"https://\", aws_cognito_user_pool.Example.Endpoint)),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_authorizer` can be imported by using the API identifier and authorizer identifier, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/authorizer:Authorizer example aabbccddee/1122334\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "authorizerCredentialsArn": { + "type": "string", + "description": "The required credentials as an IAM role for API Gateway to invoke the authorizer.\nSupported only for `REQUEST` authorizers.\n" + }, + "authorizerPayloadFormatVersion": { + "type": "string", + "description": "The format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers.\nValid values: `1.0`, `2.0`.\n" + }, + "authorizerResultTtlInSeconds": { + "type": "integer", + "description": "The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled.\nIf it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to `300`.\nSupported only for HTTP API Lambda authorizers.\n" + }, + "authorizerType": { + "type": "string", + "description": "The authorizer type. Valid values: `JWT`, `REQUEST`.\nSpecify `REQUEST` for a Lambda function using incoming request parameters.\nFor HTTP APIs, specify `JWT` to use JSON Web Tokens.\n" + }, + "authorizerUri": { + "type": "string", + "description": "The authorizer's Uniform Resource Identifier (URI).\nFor `REQUEST` authorizers this must be a well-formed Lambda function URI, such as the `invoke_arn` attribute of the `aws.lambda.Function` resource.\nSupported only for `REQUEST` authorizers. Must be between 1 and 2048 characters in length.\n" + }, + "enableSimpleResponses": { + "type": "boolean", + "description": "Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy.\nSupported only for HTTP APIs.\n" + }, + "identitySources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identity sources for which authorization is requested.\nFor `REQUEST` authorizers the value is a list of one or more mapping expressions of the specified request parameters.\nFor `JWT` authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.\n" + }, + "jwtConfiguration": { + "$ref": "#/types/aws:apigatewayv2/AuthorizerJwtConfiguration:AuthorizerJwtConfiguration", + "description": "The configuration of a JWT authorizer. Required for the `JWT` authorizer type.\nSupported only for HTTP APIs.\n" + }, + "name": { + "type": "string", + "description": "The name of the authorizer. Must be between 1 and 128 characters in length.\n" + } + }, + "required": [ + "apiId", + "authorizerResultTtlInSeconds", + "authorizerType", + "name" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "authorizerCredentialsArn": { + "type": "string", + "description": "The required credentials as an IAM role for API Gateway to invoke the authorizer.\nSupported only for `REQUEST` authorizers.\n" + }, + "authorizerPayloadFormatVersion": { + "type": "string", + "description": "The format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers.\nValid values: `1.0`, `2.0`.\n" + }, + "authorizerResultTtlInSeconds": { + "type": "integer", + "description": "The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled.\nIf it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to `300`.\nSupported only for HTTP API Lambda authorizers.\n" + }, + "authorizerType": { + "type": "string", + "description": "The authorizer type. Valid values: `JWT`, `REQUEST`.\nSpecify `REQUEST` for a Lambda function using incoming request parameters.\nFor HTTP APIs, specify `JWT` to use JSON Web Tokens.\n" + }, + "authorizerUri": { + "type": "string", + "description": "The authorizer's Uniform Resource Identifier (URI).\nFor `REQUEST` authorizers this must be a well-formed Lambda function URI, such as the `invoke_arn` attribute of the `aws.lambda.Function` resource.\nSupported only for `REQUEST` authorizers. Must be between 1 and 2048 characters in length.\n" + }, + "enableSimpleResponses": { + "type": "boolean", + "description": "Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy.\nSupported only for HTTP APIs.\n" + }, + "identitySources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identity sources for which authorization is requested.\nFor `REQUEST` authorizers the value is a list of one or more mapping expressions of the specified request parameters.\nFor `JWT` authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.\n" + }, + "jwtConfiguration": { + "$ref": "#/types/aws:apigatewayv2/AuthorizerJwtConfiguration:AuthorizerJwtConfiguration", + "description": "The configuration of a JWT authorizer. Required for the `JWT` authorizer type.\nSupported only for HTTP APIs.\n" + }, + "name": { + "type": "string", + "description": "The name of the authorizer. Must be between 1 and 128 characters in length.\n" + } + }, + "requiredInputs": [ + "apiId", + "authorizerType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Authorizer resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "authorizerCredentialsArn": { + "type": "string", + "description": "The required credentials as an IAM role for API Gateway to invoke the authorizer.\nSupported only for `REQUEST` authorizers.\n" + }, + "authorizerPayloadFormatVersion": { + "type": "string", + "description": "The format of the payload sent to an HTTP API Lambda authorizer. Required for HTTP API Lambda authorizers.\nValid values: `1.0`, `2.0`.\n" + }, + "authorizerResultTtlInSeconds": { + "type": "integer", + "description": "The time to live (TTL) for cached authorizer results, in seconds. If it equals 0, authorization caching is disabled.\nIf it is greater than 0, API Gateway caches authorizer responses. The maximum value is 3600, or 1 hour. Defaults to `300`.\nSupported only for HTTP API Lambda authorizers.\n" + }, + "authorizerType": { + "type": "string", + "description": "The authorizer type. Valid values: `JWT`, `REQUEST`.\nSpecify `REQUEST` for a Lambda function using incoming request parameters.\nFor HTTP APIs, specify `JWT` to use JSON Web Tokens.\n" + }, + "authorizerUri": { + "type": "string", + "description": "The authorizer's Uniform Resource Identifier (URI).\nFor `REQUEST` authorizers this must be a well-formed Lambda function URI, such as the `invoke_arn` attribute of the `aws.lambda.Function` resource.\nSupported only for `REQUEST` authorizers. Must be between 1 and 2048 characters in length.\n" + }, + "enableSimpleResponses": { + "type": "boolean", + "description": "Whether a Lambda authorizer returns a response in a simple format. If enabled, the Lambda authorizer can return a boolean value instead of an IAM policy.\nSupported only for HTTP APIs.\n" + }, + "identitySources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identity sources for which authorization is requested.\nFor `REQUEST` authorizers the value is a list of one or more mapping expressions of the specified request parameters.\nFor `JWT` authorizers the single entry specifies where to extract the JSON Web Token (JWT) from inbound requests.\n" + }, + "jwtConfiguration": { + "$ref": "#/types/aws:apigatewayv2/AuthorizerJwtConfiguration:AuthorizerJwtConfiguration", + "description": "The configuration of a JWT authorizer. Required for the `JWT` authorizer type.\nSupported only for HTTP APIs.\n" + }, + "name": { + "type": "string", + "description": "The name of the authorizer. Must be between 1 and 128 characters in length.\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/deployment:Deployment": { + "description": "Manages an Amazon API Gateway Version 2 deployment.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api.html).\n\n> **Note:** Creating a deployment for an API requires at least one `aws.apigatewayv2.Route` resource associated with that API. To avoid race conditions when all resources are being created together, you need to add implicit resource references via the `triggers` argument or explicit resource references using the [resource `dependsOn` meta-argument](https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Deployment(\"example\", {\n apiId: aws_apigatewayv2_route.example.api_id,\n description: \"Example deployment\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Deployment(\"example\",\n api_id=aws_apigatewayv2_route[\"example\"][\"api_id\"],\n description=\"Example deployment\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.Deployment(\"example\", new Aws.ApiGatewayV2.DeploymentArgs\n {\n ApiId = aws_apigatewayv2_route.Example.Api_id,\n Description = \"Example deployment\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewDeployment(ctx, \"example\", &apigatewayv2.DeploymentArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_route.Example.Api_id),\n\t\t\tDescription: pulumi.String(\"Example deployment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_deployment` can be imported by using the API identifier and deployment identifier, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/deployment:Deployment example aabbccddee/1122334\n```\n\n The `triggers` argument cannot be imported. ", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "autoDeployed": { + "type": "boolean", + "description": "Whether the deployment was automatically released.\n" + }, + "description": { + "type": "string", + "description": "The description for the deployment resource. Must be less than or equal to 1024 characters in length.\n" + }, + "triggers": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of arbitrary keys and values that, when changed, will trigger a redeployment.\n" + } + }, + "required": [ + "apiId", + "autoDeployed" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "description": { + "type": "string", + "description": "The description for the deployment resource. Must be less than or equal to 1024 characters in length.\n" + }, + "triggers": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of arbitrary keys and values that, when changed, will trigger a redeployment.\n" + } + }, + "requiredInputs": [ + "apiId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Deployment resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "autoDeployed": { + "type": "boolean", + "description": "Whether the deployment was automatically released.\n" + }, + "description": { + "type": "string", + "description": "The description for the deployment resource. Must be less than or equal to 1024 characters in length.\n" + }, + "triggers": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of arbitrary keys and values that, when changed, will trigger a redeployment.\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/domainName:DomainName": { + "description": "Manages an Amazon API Gateway Version 2 domain name.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html).\n\n> **Note:** This resource establishes ownership of and the TLS settings for\na particular domain name. An API stage can be associated with the domain name using the `aws.apigatewayv2.ApiMapping` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.DomainName(\"example\", {\n domainName: \"ws-api.example.com\",\n domainNameConfiguration: {\n certificateArn: aws_acm_certificate.example.arn,\n endpointType: \"REGIONAL\",\n securityPolicy: \"TLS_1_2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.DomainName(\"example\",\n domain_name=\"ws-api.example.com\",\n domain_name_configuration=aws.apigatewayv2.DomainNameDomainNameConfigurationArgs(\n certificate_arn=aws_acm_certificate[\"example\"][\"arn\"],\n endpoint_type=\"REGIONAL\",\n security_policy=\"TLS_1_2\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.DomainName(\"example\", new Aws.ApiGatewayV2.DomainNameArgs\n {\n DomainName = \"ws-api.example.com\",\n DomainNameConfiguration = new Aws.ApiGatewayV2.Inputs.DomainNameDomainNameConfigurationArgs\n {\n CertificateArn = aws_acm_certificate.Example.Arn,\n EndpointType = \"REGIONAL\",\n SecurityPolicy = \"TLS_1_2\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewDomainName(ctx, \"example\", &apigatewayv2.DomainNameArgs{\n\t\t\tDomainName: pulumi.String(\"ws-api.example.com\"),\n\t\t\tDomainNameConfiguration: &apigatewayv2.DomainNameDomainNameConfigurationArgs{\n\t\t\t\tCertificateArn: pulumi.Any(aws_acm_certificate.Example.Arn),\n\t\t\t\tEndpointType: pulumi.String(\"REGIONAL\"),\n\t\t\t\tSecurityPolicy: pulumi.String(\"TLS_1_2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_domain_name` can be imported by using the domain name, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/domainName:DomainName example ws-api.example.com\n```\n\n ", + "properties": { + "apiMappingSelectionExpression": { + "type": "string", + "description": "The [API mapping selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-mapping-selection-expressions) for the domain name.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the domain name.\n" + }, + "domainName": { + "type": "string", + "description": "The domain name. Must be between 1 and 512 characters in length.\n", + "language": { + "csharp": { + "name": "Domain" + } + } + }, + "domainNameConfiguration": { + "$ref": "#/types/aws:apigatewayv2/DomainNameDomainNameConfiguration:DomainNameDomainNameConfiguration", + "description": "The domain name configuration.\n" + }, + "mutualTlsAuthentication": { + "$ref": "#/types/aws:apigatewayv2/DomainNameMutualTlsAuthentication:DomainNameMutualTlsAuthentication", + "description": "The mutual TLS authentication configuration for the domain name.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the domain name. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "apiMappingSelectionExpression", + "arn", + "domainName", + "domainNameConfiguration", + "tagsAll" + ], + "inputProperties": { + "domainName": { + "type": "string", + "description": "The domain name. Must be between 1 and 512 characters in length.\n", + "language": { + "csharp": { + "name": "Domain" + } + } + }, + "domainNameConfiguration": { + "$ref": "#/types/aws:apigatewayv2/DomainNameDomainNameConfiguration:DomainNameDomainNameConfiguration", + "description": "The domain name configuration.\n" + }, + "mutualTlsAuthentication": { + "$ref": "#/types/aws:apigatewayv2/DomainNameMutualTlsAuthentication:DomainNameMutualTlsAuthentication", + "description": "The mutual TLS authentication configuration for the domain name.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the domain name. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "domainName", + "domainNameConfiguration" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DomainName resources.\n", + "properties": { + "apiMappingSelectionExpression": { + "type": "string", + "description": "The [API mapping selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-mapping-selection-expressions) for the domain name.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the domain name.\n" + }, + "domainName": { + "type": "string", + "description": "The domain name. Must be between 1 and 512 characters in length.\n", + "language": { + "csharp": { + "name": "Domain" + } + } + }, + "domainNameConfiguration": { + "$ref": "#/types/aws:apigatewayv2/DomainNameDomainNameConfiguration:DomainNameDomainNameConfiguration", + "description": "The domain name configuration.\n" + }, + "mutualTlsAuthentication": { + "$ref": "#/types/aws:apigatewayv2/DomainNameMutualTlsAuthentication:DomainNameMutualTlsAuthentication", + "description": "The mutual TLS authentication configuration for the domain name.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the domain name. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/integration:Integration": { + "description": "Manages an Amazon API Gateway Version 2 integration.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Integration(\"example\", {\n apiId: aws_apigatewayv2_api.example.id,\n integrationType: \"MOCK\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Integration(\"example\",\n api_id=aws_apigatewayv2_api[\"example\"][\"id\"],\n integration_type=\"MOCK\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.Integration(\"example\", new Aws.ApiGatewayV2.IntegrationArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n IntegrationType = \"MOCK\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewIntegration(ctx, \"example\", &apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_api.Example.Id),\n\t\t\tIntegrationType: pulumi.String(\"MOCK\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Integration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleFunction = new aws.lambda.Function(\"exampleFunction\", {\n code: new pulumi.asset.FileArchive(\"example.zip\"),\n role: aws_iam_role.example.arn,\n handler: \"index.handler\",\n runtime: \"nodejs12.x\",\n});\nconst exampleIntegration = new aws.apigatewayv2.Integration(\"exampleIntegration\", {\n apiId: aws_apigatewayv2_api.example.id,\n integrationType: \"AWS\",\n connectionType: \"INTERNET\",\n contentHandlingStrategy: \"CONVERT_TO_TEXT\",\n description: \"Lambda example\",\n integrationMethod: \"POST\",\n integrationUri: exampleFunction.invokeArn,\n passthroughBehavior: \"WHEN_NO_MATCH\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_function = aws.lambda_.Function(\"exampleFunction\",\n code=pulumi.FileArchive(\"example.zip\"),\n role=aws_iam_role[\"example\"][\"arn\"],\n handler=\"index.handler\",\n runtime=\"nodejs12.x\")\nexample_integration = aws.apigatewayv2.Integration(\"exampleIntegration\",\n api_id=aws_apigatewayv2_api[\"example\"][\"id\"],\n integration_type=\"AWS\",\n connection_type=\"INTERNET\",\n content_handling_strategy=\"CONVERT_TO_TEXT\",\n description=\"Lambda example\",\n integration_method=\"POST\",\n integration_uri=example_function.invoke_arn,\n passthrough_behavior=\"WHEN_NO_MATCH\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleFunction = new Aws.Lambda.Function(\"exampleFunction\", new Aws.Lambda.FunctionArgs\n {\n Code = new FileArchive(\"example.zip\"),\n Role = aws_iam_role.Example.Arn,\n Handler = \"index.handler\",\n Runtime = \"nodejs12.x\",\n });\n var exampleIntegration = new Aws.ApiGatewayV2.Integration(\"exampleIntegration\", new Aws.ApiGatewayV2.IntegrationArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n IntegrationType = \"AWS\",\n ConnectionType = \"INTERNET\",\n ContentHandlingStrategy = \"CONVERT_TO_TEXT\",\n Description = \"Lambda example\",\n IntegrationMethod = \"POST\",\n IntegrationUri = exampleFunction.InvokeArn,\n PassthroughBehavior = \"WHEN_NO_MATCH\",\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### AWS Service Integration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Integration(\"example\", {\n apiId: aws_apigatewayv2_api.example.id,\n credentialsArn: aws_iam_role.example.arn,\n description: \"SQS example\",\n integrationType: \"AWS_PROXY\",\n integrationSubtype: \"SQS-SendMessage\",\n requestParameters: {\n QueueUrl: `$request.header.queueUrl`,\n MessageBody: `$request.body.message`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Integration(\"example\",\n api_id=aws_apigatewayv2_api[\"example\"][\"id\"],\n credentials_arn=aws_iam_role[\"example\"][\"arn\"],\n description=\"SQS example\",\n integration_type=\"AWS_PROXY\",\n integration_subtype=\"SQS-SendMessage\",\n request_parameters={\n \"QueueUrl\": \"$request.header.queueUrl\",\n \"MessageBody\": \"$request.body.message\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.Integration(\"example\", new Aws.ApiGatewayV2.IntegrationArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n CredentialsArn = aws_iam_role.Example.Arn,\n Description = \"SQS example\",\n IntegrationType = \"AWS_PROXY\",\n IntegrationSubtype = \"SQS-SendMessage\",\n RequestParameters = \n {\n { \"QueueUrl\", \"$request.header.queueUrl\" },\n { \"MessageBody\", \"$request.body.message\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewIntegration(ctx, \"example\", &apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_api.Example.Id),\n\t\t\tCredentialsArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tDescription: pulumi.String(\"SQS example\"),\n\t\t\tIntegrationType: pulumi.String(\"AWS_PROXY\"),\n\t\t\tIntegrationSubtype: pulumi.String(\"SQS-SendMessage\"),\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"QueueUrl\": pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"request.header.queueUrl\")),\n\t\t\t\t\"MessageBody\": pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"request.body.message\")),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Private Integration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Integration(\"example\", {\n apiId: aws_apigatewayv2_api.example.id,\n credentialsArn: aws_iam_role.example.arn,\n description: \"Example with a load balancer\",\n integrationType: \"HTTP_PROXY\",\n integrationUri: aws_lb_listener.example.arn,\n integrationMethod: \"ANY\",\n connectionType: \"VPC_LINK\",\n connectionId: aws_apigatewayv2_vpc_link.example.id,\n tlsConfig: {\n serverNameToVerify: \"example.com\",\n },\n requestParameters: {\n \"append:header.authforintegration\": `$context.authorizer.authorizerResponse`,\n \"overwrite:path\": \"staticValueForIntegration\",\n },\n responseParameters: [\n {\n statusCode: 403,\n mappings: {\n \"append:header.auth\": `$context.authorizer.authorizerResponse`,\n },\n },\n {\n statusCode: 200,\n mappings: {\n \"overwrite:statuscode\": \"204\",\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Integration(\"example\",\n api_id=aws_apigatewayv2_api[\"example\"][\"id\"],\n credentials_arn=aws_iam_role[\"example\"][\"arn\"],\n description=\"Example with a load balancer\",\n integration_type=\"HTTP_PROXY\",\n integration_uri=aws_lb_listener[\"example\"][\"arn\"],\n integration_method=\"ANY\",\n connection_type=\"VPC_LINK\",\n connection_id=aws_apigatewayv2_vpc_link[\"example\"][\"id\"],\n tls_config=aws.apigatewayv2.IntegrationTlsConfigArgs(\n server_name_to_verify=\"example.com\",\n ),\n request_parameters={\n \"append:header.authforintegration\": \"$context.authorizer.authorizerResponse\",\n \"overwrite:path\": \"staticValueForIntegration\",\n },\n response_parameters=[\n aws.apigatewayv2.IntegrationResponseParameterArgs(\n status_code=\"403\",\n mappings={\n \"append:header.auth\": \"$context.authorizer.authorizerResponse\",\n },\n ),\n aws.apigatewayv2.IntegrationResponseParameterArgs(\n status_code=\"200\",\n mappings={\n \"overwrite:statuscode\": \"204\",\n },\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.Integration(\"example\", new Aws.ApiGatewayV2.IntegrationArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n CredentialsArn = aws_iam_role.Example.Arn,\n Description = \"Example with a load balancer\",\n IntegrationType = \"HTTP_PROXY\",\n IntegrationUri = aws_lb_listener.Example.Arn,\n IntegrationMethod = \"ANY\",\n ConnectionType = \"VPC_LINK\",\n ConnectionId = aws_apigatewayv2_vpc_link.Example.Id,\n TlsConfig = new Aws.ApiGatewayV2.Inputs.IntegrationTlsConfigArgs\n {\n ServerNameToVerify = \"example.com\",\n },\n RequestParameters = \n {\n { \"append:header.authforintegration\", \"$context.authorizer.authorizerResponse\" },\n { \"overwrite:path\", \"staticValueForIntegration\" },\n },\n ResponseParameters = \n {\n new Aws.ApiGatewayV2.Inputs.IntegrationResponseParameterArgs\n {\n StatusCode = \"403\",\n Mappings = \n {\n { \"append:header.auth\", \"$context.authorizer.authorizerResponse\" },\n },\n },\n new Aws.ApiGatewayV2.Inputs.IntegrationResponseParameterArgs\n {\n StatusCode = \"200\",\n Mappings = \n {\n { \"overwrite:statuscode\", \"204\" },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewIntegration(ctx, \"example\", &apigatewayv2.IntegrationArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_api.Example.Id),\n\t\t\tCredentialsArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tDescription: pulumi.String(\"Example with a load balancer\"),\n\t\t\tIntegrationType: pulumi.String(\"HTTP_PROXY\"),\n\t\t\tIntegrationUri: pulumi.Any(aws_lb_listener.Example.Arn),\n\t\t\tIntegrationMethod: pulumi.String(\"ANY\"),\n\t\t\tConnectionType: pulumi.String(\"VPC_LINK\"),\n\t\t\tConnectionId: pulumi.Any(aws_apigatewayv2_vpc_link.Example.Id),\n\t\t\tTlsConfig: &apigatewayv2.IntegrationTlsConfigArgs{\n\t\t\t\tServerNameToVerify: pulumi.String(\"example.com\"),\n\t\t\t},\n\t\t\tRequestParameters: pulumi.StringMap{\n\t\t\t\t\"append:header.authforintegration\": pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"context.authorizer.authorizerResponse\")),\n\t\t\t\t\"overwrite:path\": pulumi.String(\"staticValueForIntegration\"),\n\t\t\t},\n\t\t\tResponseParameters: apigatewayv2.IntegrationResponseParameterArray{\n\t\t\t\t&apigatewayv2.IntegrationResponseParameterArgs{\n\t\t\t\t\tStatusCode: pulumi.String(\"403\"),\n\t\t\t\t\tMappings: pulumi.StringMap{\n\t\t\t\t\t\t\"append:header.auth\": pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"context.authorizer.authorizerResponse\")),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&apigatewayv2.IntegrationResponseParameterArgs{\n\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\tMappings: pulumi.StringMap{\n\t\t\t\t\t\t\"overwrite:statuscode\": pulumi.String(\"204\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_integration` can be imported by using the API identifier and integration identifier, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/integration:Integration example aabbccddee/1122334\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the VPC link for a private integration. Supported only for HTTP APIs. Must be between 1 and 1024 characters in length.\n" + }, + "connectionType": { + "type": "string", + "description": "The type of the network connection to the integration endpoint. Valid values: `INTERNET`, `VPC_LINK`. Default is `INTERNET`.\n" + }, + "contentHandlingStrategy": { + "type": "string", + "description": "How to handle response payload content type conversions. Valid values: `CONVERT_TO_BINARY`, `CONVERT_TO_TEXT`. Supported only for WebSocket APIs.\n" + }, + "credentialsArn": { + "type": "string", + "description": "The credentials required for the integration, if any.\n" + }, + "description": { + "type": "string", + "description": "The description of the integration.\n" + }, + "integrationMethod": { + "type": "string", + "description": "The integration's HTTP method. Must be specified if `integration_type` is not `MOCK`.\n" + }, + "integrationResponseSelectionExpression": { + "type": "string", + "description": "The [integration response selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-integration-response-selection-expressions) for the integration.\n" + }, + "integrationSubtype": { + "type": "string", + "description": "Specifies the AWS service action to invoke. Supported only for HTTP APIs when `integration_type` is `AWS_PROXY`. See the [AWS service integration reference](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-aws-services-reference.html) documentation for supported values. Must be between 1 and 128 characters in length.\n" + }, + "integrationType": { + "type": "string", + "description": "The integration type of an integration.\nValid values: `AWS` (supported only for WebSocket APIs), `AWS_PROXY`, `HTTP` (supported only for WebSocket APIs), `HTTP_PROXY`, `MOCK` (supported only for WebSocket APIs). For an HTTP API private integration, use `HTTP_PROXY`.\n" + }, + "integrationUri": { + "type": "string", + "description": "The URI of the Lambda function for a Lambda proxy integration, when `integration_type` is `AWS_PROXY`.\nFor an `HTTP` integration, specify a fully-qualified URL. For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service.\n" + }, + "passthroughBehavior": { + "type": "string", + "description": "The pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the `request_templates` attribute.\nValid values: `WHEN_NO_MATCH`, `WHEN_NO_TEMPLATES`, `NEVER`. Default is `WHEN_NO_MATCH`. Supported only for WebSocket APIs.\n" + }, + "payloadFormatVersion": { + "type": "string", + "description": "The [format of the payload](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-lambda.html#http-api-develop-integrations-lambda.proxy-format) sent to an integration. Valid values: `1.0`, `2.0`. Default is `1.0`.\n" + }, + "requestParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend.\nFor HTTP APIs with a specified `integration_subtype`, a key-value map specifying parameters that are passed to `AWS_PROXY` integrations.\nFor HTTP APIs without a specified `integration_subtype`, a key-value map specifying how to transform HTTP requests before sending them to the backend.\nSee the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) for details.\n" + }, + "requestTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of [Velocity](https://velocity.apache.org/) templates that are applied on the request payload based on the value of the Content-Type header sent by the client. Supported only for WebSocket APIs.\n" + }, + "responseParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigatewayv2/IntegrationResponseParameter:IntegrationResponseParameter" + }, + "description": "Mappings to transform the HTTP response from a backend integration before returning the response to clients. Supported only for HTTP APIs.\n" + }, + "templateSelectionExpression": { + "type": "string", + "description": "The [template selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-template-selection-expressions) for the integration.\n" + }, + "timeoutMilliseconds": { + "type": "integer", + "description": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs.\nThe default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.\nthis provider will only perform drift detection of its value when present in a configuration.\n" + }, + "tlsConfig": { + "$ref": "#/types/aws:apigatewayv2/IntegrationTlsConfig:IntegrationTlsConfig", + "description": "The TLS configuration for a private integration. Supported only for HTTP APIs.\n" + } + }, + "required": [ + "apiId", + "integrationResponseSelectionExpression", + "integrationType", + "timeoutMilliseconds" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the VPC link for a private integration. Supported only for HTTP APIs. Must be between 1 and 1024 characters in length.\n" + }, + "connectionType": { + "type": "string", + "description": "The type of the network connection to the integration endpoint. Valid values: `INTERNET`, `VPC_LINK`. Default is `INTERNET`.\n" + }, + "contentHandlingStrategy": { + "type": "string", + "description": "How to handle response payload content type conversions. Valid values: `CONVERT_TO_BINARY`, `CONVERT_TO_TEXT`. Supported only for WebSocket APIs.\n" + }, + "credentialsArn": { + "type": "string", + "description": "The credentials required for the integration, if any.\n" + }, + "description": { + "type": "string", + "description": "The description of the integration.\n" + }, + "integrationMethod": { + "type": "string", + "description": "The integration's HTTP method. Must be specified if `integration_type` is not `MOCK`.\n" + }, + "integrationSubtype": { + "type": "string", + "description": "Specifies the AWS service action to invoke. Supported only for HTTP APIs when `integration_type` is `AWS_PROXY`. See the [AWS service integration reference](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-aws-services-reference.html) documentation for supported values. Must be between 1 and 128 characters in length.\n" + }, + "integrationType": { + "type": "string", + "description": "The integration type of an integration.\nValid values: `AWS` (supported only for WebSocket APIs), `AWS_PROXY`, `HTTP` (supported only for WebSocket APIs), `HTTP_PROXY`, `MOCK` (supported only for WebSocket APIs). For an HTTP API private integration, use `HTTP_PROXY`.\n" + }, + "integrationUri": { + "type": "string", + "description": "The URI of the Lambda function for a Lambda proxy integration, when `integration_type` is `AWS_PROXY`.\nFor an `HTTP` integration, specify a fully-qualified URL. For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service.\n" + }, + "passthroughBehavior": { + "type": "string", + "description": "The pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the `request_templates` attribute.\nValid values: `WHEN_NO_MATCH`, `WHEN_NO_TEMPLATES`, `NEVER`. Default is `WHEN_NO_MATCH`. Supported only for WebSocket APIs.\n" + }, + "payloadFormatVersion": { + "type": "string", + "description": "The [format of the payload](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-lambda.html#http-api-develop-integrations-lambda.proxy-format) sent to an integration. Valid values: `1.0`, `2.0`. Default is `1.0`.\n" + }, + "requestParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend.\nFor HTTP APIs with a specified `integration_subtype`, a key-value map specifying parameters that are passed to `AWS_PROXY` integrations.\nFor HTTP APIs without a specified `integration_subtype`, a key-value map specifying how to transform HTTP requests before sending them to the backend.\nSee the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) for details.\n" + }, + "requestTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of [Velocity](https://velocity.apache.org/) templates that are applied on the request payload based on the value of the Content-Type header sent by the client. Supported only for WebSocket APIs.\n" + }, + "responseParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigatewayv2/IntegrationResponseParameter:IntegrationResponseParameter" + }, + "description": "Mappings to transform the HTTP response from a backend integration before returning the response to clients. Supported only for HTTP APIs.\n" + }, + "templateSelectionExpression": { + "type": "string", + "description": "The [template selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-template-selection-expressions) for the integration.\n" + }, + "timeoutMilliseconds": { + "type": "integer", + "description": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs.\nThe default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.\nthis provider will only perform drift detection of its value when present in a configuration.\n" + }, + "tlsConfig": { + "$ref": "#/types/aws:apigatewayv2/IntegrationTlsConfig:IntegrationTlsConfig", + "description": "The TLS configuration for a private integration. Supported only for HTTP APIs.\n" + } + }, + "requiredInputs": [ + "apiId", + "integrationType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Integration resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the VPC link for a private integration. Supported only for HTTP APIs. Must be between 1 and 1024 characters in length.\n" + }, + "connectionType": { + "type": "string", + "description": "The type of the network connection to the integration endpoint. Valid values: `INTERNET`, `VPC_LINK`. Default is `INTERNET`.\n" + }, + "contentHandlingStrategy": { + "type": "string", + "description": "How to handle response payload content type conversions. Valid values: `CONVERT_TO_BINARY`, `CONVERT_TO_TEXT`. Supported only for WebSocket APIs.\n" + }, + "credentialsArn": { + "type": "string", + "description": "The credentials required for the integration, if any.\n" + }, + "description": { + "type": "string", + "description": "The description of the integration.\n" + }, + "integrationMethod": { + "type": "string", + "description": "The integration's HTTP method. Must be specified if `integration_type` is not `MOCK`.\n" + }, + "integrationResponseSelectionExpression": { + "type": "string", + "description": "The [integration response selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-integration-response-selection-expressions) for the integration.\n" + }, + "integrationSubtype": { + "type": "string", + "description": "Specifies the AWS service action to invoke. Supported only for HTTP APIs when `integration_type` is `AWS_PROXY`. See the [AWS service integration reference](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-aws-services-reference.html) documentation for supported values. Must be between 1 and 128 characters in length.\n" + }, + "integrationType": { + "type": "string", + "description": "The integration type of an integration.\nValid values: `AWS` (supported only for WebSocket APIs), `AWS_PROXY`, `HTTP` (supported only for WebSocket APIs), `HTTP_PROXY`, `MOCK` (supported only for WebSocket APIs). For an HTTP API private integration, use `HTTP_PROXY`.\n" + }, + "integrationUri": { + "type": "string", + "description": "The URI of the Lambda function for a Lambda proxy integration, when `integration_type` is `AWS_PROXY`.\nFor an `HTTP` integration, specify a fully-qualified URL. For an HTTP API private integration, specify the ARN of an Application Load Balancer listener, Network Load Balancer listener, or AWS Cloud Map service.\n" + }, + "passthroughBehavior": { + "type": "string", + "description": "The pass-through behavior for incoming requests based on the Content-Type header in the request, and the available mapping templates specified as the `request_templates` attribute.\nValid values: `WHEN_NO_MATCH`, `WHEN_NO_TEMPLATES`, `NEVER`. Default is `WHEN_NO_MATCH`. Supported only for WebSocket APIs.\n" + }, + "payloadFormatVersion": { + "type": "string", + "description": "The [format of the payload](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-lambda.html#http-api-develop-integrations-lambda.proxy-format) sent to an integration. Valid values: `1.0`, `2.0`. Default is `1.0`.\n" + }, + "requestParameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "For WebSocket APIs, a key-value map specifying request parameters that are passed from the method request to the backend.\nFor HTTP APIs with a specified `integration_subtype`, a key-value map specifying parameters that are passed to `AWS_PROXY` integrations.\nFor HTTP APIs without a specified `integration_subtype`, a key-value map specifying how to transform HTTP requests before sending them to the backend.\nSee the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-parameter-mapping.html) for details.\n" + }, + "requestTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of [Velocity](https://velocity.apache.org/) templates that are applied on the request payload based on the value of the Content-Type header sent by the client. Supported only for WebSocket APIs.\n" + }, + "responseParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigatewayv2/IntegrationResponseParameter:IntegrationResponseParameter" + }, + "description": "Mappings to transform the HTTP response from a backend integration before returning the response to clients. Supported only for HTTP APIs.\n" + }, + "templateSelectionExpression": { + "type": "string", + "description": "The [template selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-template-selection-expressions) for the integration.\n" + }, + "timeoutMilliseconds": { + "type": "integer", + "description": "Custom timeout between 50 and 29,000 milliseconds for WebSocket APIs and between 50 and 30,000 milliseconds for HTTP APIs.\nThe default timeout is 29 seconds for WebSocket APIs and 30 seconds for HTTP APIs.\nthis provider will only perform drift detection of its value when present in a configuration.\n" + }, + "tlsConfig": { + "$ref": "#/types/aws:apigatewayv2/IntegrationTlsConfig:IntegrationTlsConfig", + "description": "The TLS configuration for a private integration. Supported only for HTTP APIs.\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/integrationResponse:IntegrationResponse": { + "description": "Manages an Amazon API Gateway Version 2 integration response.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.IntegrationResponse(\"example\", {\n apiId: aws_apigatewayv2_api.example.id,\n integrationId: aws_apigatewayv2_integration.example.id,\n integrationResponseKey: \"/200/\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.IntegrationResponse(\"example\",\n api_id=aws_apigatewayv2_api[\"example\"][\"id\"],\n integration_id=aws_apigatewayv2_integration[\"example\"][\"id\"],\n integration_response_key=\"/200/\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.IntegrationResponse(\"example\", new Aws.ApiGatewayV2.IntegrationResponseArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n IntegrationId = aws_apigatewayv2_integration.Example.Id,\n IntegrationResponseKey = \"/200/\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewIntegrationResponse(ctx, \"example\", &apigatewayv2.IntegrationResponseArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_api.Example.Id),\n\t\t\tIntegrationId: pulumi.Any(aws_apigatewayv2_integration.Example.Id),\n\t\t\tIntegrationResponseKey: pulumi.String(\"/200/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_integration_response` can be imported by using the API identifier, integration identifier and integration response identifier, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/integrationResponse:IntegrationResponse example aabbccddee/1122334/998877\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "contentHandlingStrategy": { + "type": "string", + "description": "How to handle response payload content type conversions. Valid values: `CONVERT_TO_BINARY`, `CONVERT_TO_TEXT`.\n" + }, + "integrationId": { + "type": "string", + "description": "The identifier of the `aws.apigatewayv2.Integration`.\n" + }, + "integrationResponseKey": { + "type": "string", + "description": "The integration response key.\n" + }, + "responseTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client.\n" + }, + "templateSelectionExpression": { + "type": "string", + "description": "The [template selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-template-selection-expressions) for the integration response.\n" + } + }, + "required": [ + "apiId", + "integrationId", + "integrationResponseKey" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "contentHandlingStrategy": { + "type": "string", + "description": "How to handle response payload content type conversions. Valid values: `CONVERT_TO_BINARY`, `CONVERT_TO_TEXT`.\n" + }, + "integrationId": { + "type": "string", + "description": "The identifier of the `aws.apigatewayv2.Integration`.\n" + }, + "integrationResponseKey": { + "type": "string", + "description": "The integration response key.\n" + }, + "responseTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client.\n" + }, + "templateSelectionExpression": { + "type": "string", + "description": "The [template selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-template-selection-expressions) for the integration response.\n" + } + }, + "requiredInputs": [ + "apiId", + "integrationId", + "integrationResponseKey" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IntegrationResponse resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "contentHandlingStrategy": { + "type": "string", + "description": "How to handle response payload content type conversions. Valid values: `CONVERT_TO_BINARY`, `CONVERT_TO_TEXT`.\n" + }, + "integrationId": { + "type": "string", + "description": "The identifier of the `aws.apigatewayv2.Integration`.\n" + }, + "integrationResponseKey": { + "type": "string", + "description": "The integration response key.\n" + }, + "responseTemplates": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of Velocity templates that are applied on the request payload based on the value of the Content-Type header sent by the client.\n" + }, + "templateSelectionExpression": { + "type": "string", + "description": "The [template selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-template-selection-expressions) for the integration response.\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/model:Model": { + "description": "Manages an Amazon API Gateway Version 2 [model](https://docs.aws.amazon.com/apigateway/latest/developerguide/models-mappings.html#models-mappings-models).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Model(\"example\", {\n apiId: aws_apigatewayv2_api.example.id,\n contentType: \"application/json\",\n schema: `{\n \"$schema\": \"http://json-schema.org/draft-04/schema#\",\n \"title\": \"ExampleModel\",\n \"type\": \"object\",\n \"properties\": {\n \"id\": { \"type\": \"string\" }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Model(\"example\",\n api_id=aws_apigatewayv2_api[\"example\"][\"id\"],\n content_type=\"application/json\",\n schema=\"\"\"{\n \"$schema\": \"http://json-schema.org/draft-04/schema#\",\n \"title\": \"ExampleModel\",\n \"type\": \"object\",\n \"properties\": {\n \"id\": { \"type\": \"string\" }\n }\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.Model(\"example\", new Aws.ApiGatewayV2.ModelArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n ContentType = \"application/json\",\n Schema = @\"{\n \"\"$schema\"\": \"\"http://json-schema.org/draft-04/schema#\"\",\n \"\"title\"\": \"\"ExampleModel\"\",\n \"\"type\"\": \"\"object\"\",\n \"\"properties\"\": {\n \"\"id\"\": { \"\"type\"\": \"\"string\"\" }\n }\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewModel(ctx, \"example\", &apigatewayv2.ModelArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_api.Example.Id),\n\t\t\tContentType: pulumi.String(\"application/json\"),\n\t\t\tSchema: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"\", \"$\", \"schema\\\": \\\"http://json-schema.org/draft-04/schema#\\\",\\n\", \" \\\"title\\\": \\\"ExampleModel\\\",\\n\", \" \\\"type\\\": \\\"object\\\",\\n\", \" \\\"properties\\\": {\\n\", \" \\\"id\\\": { \\\"type\\\": \\\"string\\\" }\\n\", \" }\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_model` can be imported by using the API identifier and model identifier, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/model:Model example aabbccddee/1122334\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "contentType": { + "type": "string", + "description": "The content-type for the model, for example, `application/json`. Must be between 1 and 256 characters in length.\n" + }, + "description": { + "type": "string", + "description": "The description of the model. Must be between 1 and 128 characters in length.\n" + }, + "name": { + "type": "string", + "description": "The name of the model. Must be alphanumeric. Must be between 1 and 128 characters in length.\n" + }, + "schema": { + "type": "string", + "description": "The schema for the model. This should be a [JSON schema draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) model. Must be less than or equal to 32768 characters in length.\n" + } + }, + "required": [ + "apiId", + "contentType", + "name", + "schema" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "contentType": { + "type": "string", + "description": "The content-type for the model, for example, `application/json`. Must be between 1 and 256 characters in length.\n" + }, + "description": { + "type": "string", + "description": "The description of the model. Must be between 1 and 128 characters in length.\n" + }, + "name": { + "type": "string", + "description": "The name of the model. Must be alphanumeric. Must be between 1 and 128 characters in length.\n" + }, + "schema": { + "type": "string", + "description": "The schema for the model. This should be a [JSON schema draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) model. Must be less than or equal to 32768 characters in length.\n" + } + }, + "requiredInputs": [ + "apiId", + "contentType", + "schema" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Model resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "contentType": { + "type": "string", + "description": "The content-type for the model, for example, `application/json`. Must be between 1 and 256 characters in length.\n" + }, + "description": { + "type": "string", + "description": "The description of the model. Must be between 1 and 128 characters in length.\n" + }, + "name": { + "type": "string", + "description": "The name of the model. Must be alphanumeric. Must be between 1 and 128 characters in length.\n" + }, + "schema": { + "type": "string", + "description": "The schema for the model. This should be a [JSON schema draft 4](https://tools.ietf.org/html/draft-zyp-json-schema-04) model. Must be less than or equal to 32768 characters in length.\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/route:Route": { + "description": "Manages an Amazon API Gateway Version 2 route.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/welcome.html) for [WebSocket](https://docs.aws.amazon.com/apigateway/latest/developerguide/websocket-api-develop-routes.html) and [HTTP](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-routes.html) APIs.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleApi = new aws.apigatewayv2.Api(\"exampleApi\", {\n protocolType: \"WEBSOCKET\",\n routeSelectionExpression: `$request.body.action`,\n});\nconst exampleRoute = new aws.apigatewayv2.Route(\"exampleRoute\", {\n apiId: exampleApi.id,\n routeKey: `$default`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_api = aws.apigatewayv2.Api(\"exampleApi\",\n protocol_type=\"WEBSOCKET\",\n route_selection_expression=\"$request.body.action\")\nexample_route = aws.apigatewayv2.Route(\"exampleRoute\",\n api_id=example_api.id,\n route_key=\"$default\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleApi = new Aws.ApiGatewayV2.Api(\"exampleApi\", new Aws.ApiGatewayV2.ApiArgs\n {\n ProtocolType = \"WEBSOCKET\",\n RouteSelectionExpression = \"$request.body.action\",\n });\n var exampleRoute = new Aws.ApiGatewayV2.Route(\"exampleRoute\", new Aws.ApiGatewayV2.RouteArgs\n {\n ApiId = exampleApi.Id,\n RouteKey = \"$default\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApi, err := apigatewayv2.NewApi(ctx, \"exampleApi\", &apigatewayv2.ApiArgs{\n\t\t\tProtocolType: pulumi.String(\"WEBSOCKET\"),\n\t\t\tRouteSelectionExpression: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"request.body.action\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigatewayv2.NewRoute(ctx, \"exampleRoute\", &apigatewayv2.RouteArgs{\n\t\t\tApiId: exampleApi.ID(),\n\t\t\tRouteKey: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"default\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### HTTP Proxy Integration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleApi = new aws.apigatewayv2.Api(\"exampleApi\", {protocolType: \"HTTP\"});\nconst exampleIntegration = new aws.apigatewayv2.Integration(\"exampleIntegration\", {\n apiId: exampleApi.id,\n integrationType: \"HTTP_PROXY\",\n integrationMethod: \"ANY\",\n integrationUri: \"https://example.com/{proxy}\",\n});\nconst exampleRoute = new aws.apigatewayv2.Route(\"exampleRoute\", {\n apiId: exampleApi.id,\n routeKey: \"ANY /example/{proxy+}\",\n target: pulumi.interpolate`integrations/${exampleIntegration.id}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_api = aws.apigatewayv2.Api(\"exampleApi\", protocol_type=\"HTTP\")\nexample_integration = aws.apigatewayv2.Integration(\"exampleIntegration\",\n api_id=example_api.id,\n integration_type=\"HTTP_PROXY\",\n integration_method=\"ANY\",\n integration_uri=\"https://example.com/{proxy}\")\nexample_route = aws.apigatewayv2.Route(\"exampleRoute\",\n api_id=example_api.id,\n route_key=\"ANY /example/{proxy+}\",\n target=example_integration.id.apply(lambda id: f\"integrations/{id}\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleApi = new Aws.ApiGatewayV2.Api(\"exampleApi\", new Aws.ApiGatewayV2.ApiArgs\n {\n ProtocolType = \"HTTP\",\n });\n var exampleIntegration = new Aws.ApiGatewayV2.Integration(\"exampleIntegration\", new Aws.ApiGatewayV2.IntegrationArgs\n {\n ApiId = exampleApi.Id,\n IntegrationType = \"HTTP_PROXY\",\n IntegrationMethod = \"ANY\",\n IntegrationUri = \"https://example.com/{proxy}\",\n });\n var exampleRoute = new Aws.ApiGatewayV2.Route(\"exampleRoute\", new Aws.ApiGatewayV2.RouteArgs\n {\n ApiId = exampleApi.Id,\n RouteKey = \"ANY /example/{proxy+}\",\n Target = exampleIntegration.Id.Apply(id => $\"integrations/{id}\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApi, err := apigatewayv2.NewApi(ctx, \"exampleApi\", &apigatewayv2.ApiArgs{\n\t\t\tProtocolType: pulumi.String(\"HTTP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleIntegration, err := apigatewayv2.NewIntegration(ctx, \"exampleIntegration\", &apigatewayv2.IntegrationArgs{\n\t\t\tApiId: exampleApi.ID(),\n\t\t\tIntegrationType: pulumi.String(\"HTTP_PROXY\"),\n\t\t\tIntegrationMethod: pulumi.String(\"ANY\"),\n\t\t\tIntegrationUri: pulumi.String(\"https://example.com/{proxy}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigatewayv2.NewRoute(ctx, \"exampleRoute\", &apigatewayv2.RouteArgs{\n\t\t\tApiId: exampleApi.ID(),\n\t\t\tRouteKey: pulumi.String(\"ANY /example/{proxy+}\"),\n\t\t\tTarget: exampleIntegration.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v\", \"integrations/\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_route` can be imported by using the API identifier and route identifier, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/route:Route example aabbccddee/1122334\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "apiKeyRequired": { + "type": "boolean", + "description": "Boolean whether an API key is required for the route. Defaults to `false`. Supported only for WebSocket APIs.\n" + }, + "authorizationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The authorization scopes supported by this route. The scopes are used with a JWT authorizer to authorize the method invocation.\n" + }, + "authorizationType": { + "type": "string", + "description": "The authorization type for the route.\nFor WebSocket APIs, valid values are `NONE` for open access, `AWS_IAM` for using AWS IAM permissions, and `CUSTOM` for using a Lambda authorizer.\nFor HTTP APIs, valid values are `NONE` for open access, `JWT` for using JSON Web Tokens, `AWS_IAM` for using AWS IAM permissions, and `CUSTOM` for using a Lambda authorizer.\nDefaults to `NONE`.\n" + }, + "authorizerId": { + "type": "string", + "description": "The identifier of the `aws.apigatewayv2.Authorizer` resource to be associated with this route.\n" + }, + "modelSelectionExpression": { + "type": "string", + "description": "The [model selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-model-selection-expressions) for the route. Supported only for WebSocket APIs.\n" + }, + "operationName": { + "type": "string", + "description": "The operation name for the route. Must be between 1 and 64 characters in length.\n" + }, + "requestModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The request models for the route. Supported only for WebSocket APIs.\n" + }, + "requestParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigatewayv2/RouteRequestParameter:RouteRequestParameter" + }, + "description": "The request parameters for the route. Supported only for WebSocket APIs.\n" + }, + "routeKey": { + "type": "string", + "description": "The route key for the route. For HTTP APIs, the route key can be either `$default`, or a combination of an HTTP method and resource path, for example, `GET /pets`.\n" + }, + "routeResponseSelectionExpression": { + "type": "string", + "description": "The [route response selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-route-response-selection-expressions) for the route. Supported only for WebSocket APIs.\n" + }, + "target": { + "type": "string", + "description": "The target for the route, of the form `integrations/`*`IntegrationID`*, where *`IntegrationID`* is the identifier of an `aws.apigatewayv2.Integration` resource.\n" + } + }, + "required": [ + "apiId", + "routeKey" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "apiKeyRequired": { + "type": "boolean", + "description": "Boolean whether an API key is required for the route. Defaults to `false`. Supported only for WebSocket APIs.\n" + }, + "authorizationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The authorization scopes supported by this route. The scopes are used with a JWT authorizer to authorize the method invocation.\n" + }, + "authorizationType": { + "type": "string", + "description": "The authorization type for the route.\nFor WebSocket APIs, valid values are `NONE` for open access, `AWS_IAM` for using AWS IAM permissions, and `CUSTOM` for using a Lambda authorizer.\nFor HTTP APIs, valid values are `NONE` for open access, `JWT` for using JSON Web Tokens, `AWS_IAM` for using AWS IAM permissions, and `CUSTOM` for using a Lambda authorizer.\nDefaults to `NONE`.\n" + }, + "authorizerId": { + "type": "string", + "description": "The identifier of the `aws.apigatewayv2.Authorizer` resource to be associated with this route.\n" + }, + "modelSelectionExpression": { + "type": "string", + "description": "The [model selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-model-selection-expressions) for the route. Supported only for WebSocket APIs.\n" + }, + "operationName": { + "type": "string", + "description": "The operation name for the route. Must be between 1 and 64 characters in length.\n" + }, + "requestModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The request models for the route. Supported only for WebSocket APIs.\n" + }, + "requestParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigatewayv2/RouteRequestParameter:RouteRequestParameter" + }, + "description": "The request parameters for the route. Supported only for WebSocket APIs.\n" + }, + "routeKey": { + "type": "string", + "description": "The route key for the route. For HTTP APIs, the route key can be either `$default`, or a combination of an HTTP method and resource path, for example, `GET /pets`.\n" + }, + "routeResponseSelectionExpression": { + "type": "string", + "description": "The [route response selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-route-response-selection-expressions) for the route. Supported only for WebSocket APIs.\n" + }, + "target": { + "type": "string", + "description": "The target for the route, of the form `integrations/`*`IntegrationID`*, where *`IntegrationID`* is the identifier of an `aws.apigatewayv2.Integration` resource.\n" + } + }, + "requiredInputs": [ + "apiId", + "routeKey" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Route resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "apiKeyRequired": { + "type": "boolean", + "description": "Boolean whether an API key is required for the route. Defaults to `false`. Supported only for WebSocket APIs.\n" + }, + "authorizationScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The authorization scopes supported by this route. The scopes are used with a JWT authorizer to authorize the method invocation.\n" + }, + "authorizationType": { + "type": "string", + "description": "The authorization type for the route.\nFor WebSocket APIs, valid values are `NONE` for open access, `AWS_IAM` for using AWS IAM permissions, and `CUSTOM` for using a Lambda authorizer.\nFor HTTP APIs, valid values are `NONE` for open access, `JWT` for using JSON Web Tokens, `AWS_IAM` for using AWS IAM permissions, and `CUSTOM` for using a Lambda authorizer.\nDefaults to `NONE`.\n" + }, + "authorizerId": { + "type": "string", + "description": "The identifier of the `aws.apigatewayv2.Authorizer` resource to be associated with this route.\n" + }, + "modelSelectionExpression": { + "type": "string", + "description": "The [model selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-model-selection-expressions) for the route. Supported only for WebSocket APIs.\n" + }, + "operationName": { + "type": "string", + "description": "The operation name for the route. Must be between 1 and 64 characters in length.\n" + }, + "requestModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The request models for the route. Supported only for WebSocket APIs.\n" + }, + "requestParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigatewayv2/RouteRequestParameter:RouteRequestParameter" + }, + "description": "The request parameters for the route. Supported only for WebSocket APIs.\n" + }, + "routeKey": { + "type": "string", + "description": "The route key for the route. For HTTP APIs, the route key can be either `$default`, or a combination of an HTTP method and resource path, for example, `GET /pets`.\n" + }, + "routeResponseSelectionExpression": { + "type": "string", + "description": "The [route response selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-route-response-selection-expressions) for the route. Supported only for WebSocket APIs.\n" + }, + "target": { + "type": "string", + "description": "The target for the route, of the form `integrations/`*`IntegrationID`*, where *`IntegrationID`* is the identifier of an `aws.apigatewayv2.Integration` resource.\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/routeResponse:RouteResponse": { + "description": "Manages an Amazon API Gateway Version 2 route response.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.RouteResponse(\"example\", {\n apiId: aws_apigatewayv2_api.example.id,\n routeId: aws_apigatewayv2_route.example.id,\n routeResponseKey: `$default`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.RouteResponse(\"example\",\n api_id=aws_apigatewayv2_api[\"example\"][\"id\"],\n route_id=aws_apigatewayv2_route[\"example\"][\"id\"],\n route_response_key=\"$default\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.RouteResponse(\"example\", new Aws.ApiGatewayV2.RouteResponseArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n RouteId = aws_apigatewayv2_route.Example.Id,\n RouteResponseKey = \"$default\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewRouteResponse(ctx, \"example\", &apigatewayv2.RouteResponseArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_api.Example.Id),\n\t\t\tRouteId: pulumi.Any(aws_apigatewayv2_route.Example.Id),\n\t\t\tRouteResponseKey: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"default\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_route_response` can be imported by using the API identifier, route identifier and route response identifier, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/routeResponse:RouteResponse example aabbccddee/1122334/998877\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "modelSelectionExpression": { + "type": "string", + "description": "The [model selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-model-selection-expressions) for the route response.\n" + }, + "responseModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The response models for the route response.\n" + }, + "routeId": { + "type": "string", + "description": "The identifier of the `aws.apigatewayv2.Route`.\n" + }, + "routeResponseKey": { + "type": "string", + "description": "The route response key.\n" + } + }, + "required": [ + "apiId", + "routeId", + "routeResponseKey" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "modelSelectionExpression": { + "type": "string", + "description": "The [model selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-model-selection-expressions) for the route response.\n" + }, + "responseModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The response models for the route response.\n" + }, + "routeId": { + "type": "string", + "description": "The identifier of the `aws.apigatewayv2.Route`.\n" + }, + "routeResponseKey": { + "type": "string", + "description": "The route response key.\n" + } + }, + "requiredInputs": [ + "apiId", + "routeId", + "routeResponseKey" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RouteResponse resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "modelSelectionExpression": { + "type": "string", + "description": "The [model selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-model-selection-expressions) for the route response.\n" + }, + "responseModels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The response models for the route response.\n" + }, + "routeId": { + "type": "string", + "description": "The identifier of the `aws.apigatewayv2.Route`.\n" + }, + "routeResponseKey": { + "type": "string", + "description": "The route response key.\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/stage:Stage": { + "description": "Manages an Amazon API Gateway Version 2 stage.\nMore information can be found in the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.Stage(\"example\", {apiId: aws_apigatewayv2_api.example.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.Stage(\"example\", api_id=aws_apigatewayv2_api[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.Stage(\"example\", new Aws.ApiGatewayV2.StageArgs\n {\n ApiId = aws_apigatewayv2_api.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewStage(ctx, \"example\", &apigatewayv2.StageArgs{\n\t\t\tApiId: pulumi.Any(aws_apigatewayv2_api.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_stage` can be imported by using the API identifier and stage name, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/stage:Stage example aabbccddee/example-stage\n```\n\n ", + "properties": { + "accessLogSettings": { + "$ref": "#/types/aws:apigatewayv2/StageAccessLogSettings:StageAccessLogSettings", + "description": "Settings for logging access in this stage.\nUse the `aws.apigateway.Account` resource to configure [permissions for CloudWatch Logging](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#set-up-access-logging-permissions).\n" + }, + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the stage.\n" + }, + "autoDeploy": { + "type": "boolean", + "description": "Whether updates to an API automatically trigger a new deployment. Defaults to `false`.\n" + }, + "clientCertificateId": { + "type": "string", + "description": "The identifier of a client certificate for the stage. Use the `aws.apigateway.ClientCertificate` resource to configure a client certificate.\nSupported only for WebSocket APIs.\n" + }, + "defaultRouteSettings": { + "$ref": "#/types/aws:apigatewayv2/StageDefaultRouteSettings:StageDefaultRouteSettings", + "description": "The default route settings for the stage.\n" + }, + "deploymentId": { + "type": "string", + "description": "The deployment identifier of the stage. Use the `aws.apigatewayv2.Deployment` resource to configure a deployment.\n" + }, + "description": { + "type": "string", + "description": "The description for the stage. Must be less than or equal to 1024 characters in length.\n" + }, + "executionArn": { + "type": "string", + "description": "The ARN prefix to be used in an `aws.lambda.Permission` `source_arn` attribute.\nFor WebSocket APIs this attribute can additionally be used in an `aws.iam.Policy` to authorize access to the [`@connections` API](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-how-to-call-websocket-api-connections.html).\nSee the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-control-access-iam.html) for details.\n" + }, + "invokeUrl": { + "type": "string", + "description": "The URL to invoke the API pointing to the stage,\ne.g. `wss://z4675bid1j.execute-api.eu-west-2.amazonaws.com/example-stage`, or `https://z4675bid1j.execute-api.eu-west-2.amazonaws.com/`\n" + }, + "name": { + "type": "string", + "description": "The name of the stage. Must be between 1 and 128 characters in length.\n" + }, + "routeSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigatewayv2/StageRouteSetting:StageRouteSetting" + }, + "description": "Route settings for the stage.\n" + }, + "stageVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map that defines the stage variables for the stage.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the stage. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "apiId", + "arn", + "deploymentId", + "executionArn", + "invokeUrl", + "name", + "tagsAll" + ], + "inputProperties": { + "accessLogSettings": { + "$ref": "#/types/aws:apigatewayv2/StageAccessLogSettings:StageAccessLogSettings", + "description": "Settings for logging access in this stage.\nUse the `aws.apigateway.Account` resource to configure [permissions for CloudWatch Logging](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#set-up-access-logging-permissions).\n" + }, + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "autoDeploy": { + "type": "boolean", + "description": "Whether updates to an API automatically trigger a new deployment. Defaults to `false`.\n" + }, + "clientCertificateId": { + "type": "string", + "description": "The identifier of a client certificate for the stage. Use the `aws.apigateway.ClientCertificate` resource to configure a client certificate.\nSupported only for WebSocket APIs.\n" + }, + "defaultRouteSettings": { + "$ref": "#/types/aws:apigatewayv2/StageDefaultRouteSettings:StageDefaultRouteSettings", + "description": "The default route settings for the stage.\n" + }, + "deploymentId": { + "type": "string", + "description": "The deployment identifier of the stage. Use the `aws.apigatewayv2.Deployment` resource to configure a deployment.\n" + }, + "description": { + "type": "string", + "description": "The description for the stage. Must be less than or equal to 1024 characters in length.\n" + }, + "name": { + "type": "string", + "description": "The name of the stage. Must be between 1 and 128 characters in length.\n" + }, + "routeSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigatewayv2/StageRouteSetting:StageRouteSetting" + }, + "description": "Route settings for the stage.\n" + }, + "stageVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map that defines the stage variables for the stage.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the stage. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "apiId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Stage resources.\n", + "properties": { + "accessLogSettings": { + "$ref": "#/types/aws:apigatewayv2/StageAccessLogSettings:StageAccessLogSettings", + "description": "Settings for logging access in this stage.\nUse the `aws.apigateway.Account` resource to configure [permissions for CloudWatch Logging](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html#set-up-access-logging-permissions).\n" + }, + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the stage.\n" + }, + "autoDeploy": { + "type": "boolean", + "description": "Whether updates to an API automatically trigger a new deployment. Defaults to `false`.\n" + }, + "clientCertificateId": { + "type": "string", + "description": "The identifier of a client certificate for the stage. Use the `aws.apigateway.ClientCertificate` resource to configure a client certificate.\nSupported only for WebSocket APIs.\n" + }, + "defaultRouteSettings": { + "$ref": "#/types/aws:apigatewayv2/StageDefaultRouteSettings:StageDefaultRouteSettings", + "description": "The default route settings for the stage.\n" + }, + "deploymentId": { + "type": "string", + "description": "The deployment identifier of the stage. Use the `aws.apigatewayv2.Deployment` resource to configure a deployment.\n" + }, + "description": { + "type": "string", + "description": "The description for the stage. Must be less than or equal to 1024 characters in length.\n" + }, + "executionArn": { + "type": "string", + "description": "The ARN prefix to be used in an `aws.lambda.Permission` `source_arn` attribute.\nFor WebSocket APIs this attribute can additionally be used in an `aws.iam.Policy` to authorize access to the [`@connections` API](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-how-to-call-websocket-api-connections.html).\nSee the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-control-access-iam.html) for details.\n" + }, + "invokeUrl": { + "type": "string", + "description": "The URL to invoke the API pointing to the stage,\ne.g. `wss://z4675bid1j.execute-api.eu-west-2.amazonaws.com/example-stage`, or `https://z4675bid1j.execute-api.eu-west-2.amazonaws.com/`\n" + }, + "name": { + "type": "string", + "description": "The name of the stage. Must be between 1 and 128 characters in length.\n" + }, + "routeSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigatewayv2/StageRouteSetting:StageRouteSetting" + }, + "description": "Route settings for the stage.\n" + }, + "stageVariables": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map that defines the stage variables for the stage.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the stage. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:apigatewayv2/vpcLink:VpcLink": { + "description": "Manages an Amazon API Gateway Version 2 VPC Link.\n\n> **Note:** Amazon API Gateway Version 2 VPC Links enable private integrations that connect HTTP APIs to private resources in a VPC.\nTo enable private integration for REST APIs, use the `Amazon API Gateway Version 1 VPC Link` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apigatewayv2.VpcLink(\"example\", {\n securityGroupIds: [data.aws_security_group.example.id],\n subnetIds: data.aws_subnet_ids.example.ids,\n tags: {\n Usage: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.VpcLink(\"example\",\n security_group_ids=[data[\"aws_security_group\"][\"example\"][\"id\"]],\n subnet_ids=data[\"aws_subnet_ids\"][\"example\"][\"ids\"],\n tags={\n \"Usage\": \"example\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ApiGatewayV2.VpcLink(\"example\", new Aws.ApiGatewayV2.VpcLinkArgs\n {\n SecurityGroupIds = \n {\n data.Aws_security_group.Example.Id,\n },\n SubnetIds = data.Aws_subnet_ids.Example.Ids,\n Tags = \n {\n { \"Usage\", \"example\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.NewVpcLink(ctx, \"example\", &apigatewayv2.VpcLinkArgs{\n\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(data.Aws_security_group.Example.Id),\n\t\t\t},\n\t\t\tSubnetIds: pulumi.Any(data.Aws_subnet_ids.Example.Ids),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Usage\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_apigatewayv2_vpc_link` can be imported by using the VPC Link identifier, e.g.\n\n```sh\n $ pulumi import aws:apigatewayv2/vpcLink:VpcLink example aabbccddee\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The VPC Link ARN.\n" + }, + "name": { + "type": "string", + "description": "The name of the VPC Link. Must be between 1 and 128 characters in length.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Security group IDs for the VPC Link.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Subnet IDs for the VPC Link.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the VPC Link. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "securityGroupIds", + "subnetIds", + "tagsAll" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the VPC Link. Must be between 1 and 128 characters in length.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Security group IDs for the VPC Link.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Subnet IDs for the VPC Link.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the VPC Link. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "securityGroupIds", + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcLink resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The VPC Link ARN.\n" + }, + "name": { + "type": "string", + "description": "The name of the VPC Link. Must be between 1 and 128 characters in length.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Security group IDs for the VPC Link.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Subnet IDs for the VPC Link.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the VPC Link. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:appautoscaling/policy:Policy": { + "description": "Provides an Application AutoScaling Policy resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### DynamoDB Table Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dynamodbTableReadTarget = new aws.appautoscaling.Target(\"dynamodbTableReadTarget\", {\n maxCapacity: 100,\n minCapacity: 5,\n resourceId: \"table/tableName\",\n scalableDimension: \"dynamodb:table:ReadCapacityUnits\",\n serviceNamespace: \"dynamodb\",\n});\nconst dynamodbTableReadPolicy = new aws.appautoscaling.Policy(\"dynamodbTableReadPolicy\", {\n policyType: \"TargetTrackingScaling\",\n resourceId: dynamodbTableReadTarget.resourceId,\n scalableDimension: dynamodbTableReadTarget.scalableDimension,\n serviceNamespace: dynamodbTableReadTarget.serviceNamespace,\n targetTrackingScalingPolicyConfiguration: {\n predefinedMetricSpecification: {\n predefinedMetricType: \"DynamoDBReadCapacityUtilization\",\n },\n targetValue: 70,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndynamodb_table_read_target = aws.appautoscaling.Target(\"dynamodbTableReadTarget\",\n max_capacity=100,\n min_capacity=5,\n resource_id=\"table/tableName\",\n scalable_dimension=\"dynamodb:table:ReadCapacityUnits\",\n service_namespace=\"dynamodb\")\ndynamodb_table_read_policy = aws.appautoscaling.Policy(\"dynamodbTableReadPolicy\",\n policy_type=\"TargetTrackingScaling\",\n resource_id=dynamodb_table_read_target.resource_id,\n scalable_dimension=dynamodb_table_read_target.scalable_dimension,\n service_namespace=dynamodb_table_read_target.service_namespace,\n target_tracking_scaling_policy_configuration=aws.appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationArgs(\n predefined_metric_specification=aws.appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecificationArgs(\n predefined_metric_type=\"DynamoDBReadCapacityUtilization\",\n ),\n target_value=70,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dynamodbTableReadTarget = new Aws.AppAutoScaling.Target(\"dynamodbTableReadTarget\", new Aws.AppAutoScaling.TargetArgs\n {\n MaxCapacity = 100,\n MinCapacity = 5,\n ResourceId = \"table/tableName\",\n ScalableDimension = \"dynamodb:table:ReadCapacityUnits\",\n ServiceNamespace = \"dynamodb\",\n });\n var dynamodbTableReadPolicy = new Aws.AppAutoScaling.Policy(\"dynamodbTableReadPolicy\", new Aws.AppAutoScaling.PolicyArgs\n {\n PolicyType = \"TargetTrackingScaling\",\n ResourceId = dynamodbTableReadTarget.ResourceId,\n ScalableDimension = dynamodbTableReadTarget.ScalableDimension,\n ServiceNamespace = dynamodbTableReadTarget.ServiceNamespace,\n TargetTrackingScalingPolicyConfiguration = new Aws.AppAutoScaling.Inputs.PolicyTargetTrackingScalingPolicyConfigurationArgs\n {\n PredefinedMetricSpecification = new Aws.AppAutoScaling.Inputs.PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecificationArgs\n {\n PredefinedMetricType = \"DynamoDBReadCapacityUtilization\",\n },\n TargetValue = 70,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdynamodbTableReadTarget, err := appautoscaling.NewTarget(ctx, \"dynamodbTableReadTarget\", &appautoscaling.TargetArgs{\n\t\t\tMaxCapacity: pulumi.Int(100),\n\t\t\tMinCapacity: pulumi.Int(5),\n\t\t\tResourceId: pulumi.String(\"table/tableName\"),\n\t\t\tScalableDimension: pulumi.String(\"dynamodb:table:ReadCapacityUnits\"),\n\t\t\tServiceNamespace: pulumi.String(\"dynamodb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appautoscaling.NewPolicy(ctx, \"dynamodbTableReadPolicy\", &appautoscaling.PolicyArgs{\n\t\t\tPolicyType: pulumi.String(\"TargetTrackingScaling\"),\n\t\t\tResourceId: dynamodbTableReadTarget.ResourceId,\n\t\t\tScalableDimension: dynamodbTableReadTarget.ScalableDimension,\n\t\t\tServiceNamespace: dynamodbTableReadTarget.ServiceNamespace,\n\t\t\tTargetTrackingScalingPolicyConfiguration: &appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationArgs{\n\t\t\t\tPredefinedMetricSpecification: &appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecificationArgs{\n\t\t\t\t\tPredefinedMetricType: pulumi.String(\"DynamoDBReadCapacityUtilization\"),\n\t\t\t\t},\n\t\t\t\tTargetValue: pulumi.Float64(70),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### ECS Service Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecsTarget = new aws.appautoscaling.Target(\"ecsTarget\", {\n maxCapacity: 4,\n minCapacity: 1,\n resourceId: \"service/clusterName/serviceName\",\n scalableDimension: \"ecs:service:DesiredCount\",\n serviceNamespace: \"ecs\",\n});\nconst ecsPolicy = new aws.appautoscaling.Policy(\"ecsPolicy\", {\n policyType: \"StepScaling\",\n resourceId: ecsTarget.resourceId,\n scalableDimension: ecsTarget.scalableDimension,\n serviceNamespace: ecsTarget.serviceNamespace,\n stepScalingPolicyConfiguration: {\n adjustmentType: \"ChangeInCapacity\",\n cooldown: 60,\n metricAggregationType: \"Maximum\",\n stepAdjustments: [{\n metricIntervalUpperBound: 0,\n scalingAdjustment: -1,\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_target = aws.appautoscaling.Target(\"ecsTarget\",\n max_capacity=4,\n min_capacity=1,\n resource_id=\"service/clusterName/serviceName\",\n scalable_dimension=\"ecs:service:DesiredCount\",\n service_namespace=\"ecs\")\necs_policy = aws.appautoscaling.Policy(\"ecsPolicy\",\n policy_type=\"StepScaling\",\n resource_id=ecs_target.resource_id,\n scalable_dimension=ecs_target.scalable_dimension,\n service_namespace=ecs_target.service_namespace,\n step_scaling_policy_configuration=aws.appautoscaling.PolicyStepScalingPolicyConfigurationArgs(\n adjustment_type=\"ChangeInCapacity\",\n cooldown=60,\n metric_aggregation_type=\"Maximum\",\n step_adjustments=[aws.appautoscaling.PolicyStepScalingPolicyConfigurationStepAdjustmentArgs(\n metric_interval_upper_bound=\"0\",\n scaling_adjustment=-1,\n )],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ecsTarget = new Aws.AppAutoScaling.Target(\"ecsTarget\", new Aws.AppAutoScaling.TargetArgs\n {\n MaxCapacity = 4,\n MinCapacity = 1,\n ResourceId = \"service/clusterName/serviceName\",\n ScalableDimension = \"ecs:service:DesiredCount\",\n ServiceNamespace = \"ecs\",\n });\n var ecsPolicy = new Aws.AppAutoScaling.Policy(\"ecsPolicy\", new Aws.AppAutoScaling.PolicyArgs\n {\n PolicyType = \"StepScaling\",\n ResourceId = ecsTarget.ResourceId,\n ScalableDimension = ecsTarget.ScalableDimension,\n ServiceNamespace = ecsTarget.ServiceNamespace,\n StepScalingPolicyConfiguration = new Aws.AppAutoScaling.Inputs.PolicyStepScalingPolicyConfigurationArgs\n {\n AdjustmentType = \"ChangeInCapacity\",\n Cooldown = 60,\n MetricAggregationType = \"Maximum\",\n StepAdjustments = \n {\n new Aws.AppAutoScaling.Inputs.PolicyStepScalingPolicyConfigurationStepAdjustmentArgs\n {\n MetricIntervalUpperBound = \"0\",\n ScalingAdjustment = -1,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tecsTarget, err := appautoscaling.NewTarget(ctx, \"ecsTarget\", &appautoscaling.TargetArgs{\n\t\t\tMaxCapacity: pulumi.Int(4),\n\t\t\tMinCapacity: pulumi.Int(1),\n\t\t\tResourceId: pulumi.String(\"service/clusterName/serviceName\"),\n\t\t\tScalableDimension: pulumi.String(\"ecs:service:DesiredCount\"),\n\t\t\tServiceNamespace: pulumi.String(\"ecs\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appautoscaling.NewPolicy(ctx, \"ecsPolicy\", &appautoscaling.PolicyArgs{\n\t\t\tPolicyType: pulumi.String(\"StepScaling\"),\n\t\t\tResourceId: ecsTarget.ResourceId,\n\t\t\tScalableDimension: ecsTarget.ScalableDimension,\n\t\t\tServiceNamespace: ecsTarget.ServiceNamespace,\n\t\t\tStepScalingPolicyConfiguration: &appautoscaling.PolicyStepScalingPolicyConfigurationArgs{\n\t\t\t\tAdjustmentType: pulumi.String(\"ChangeInCapacity\"),\n\t\t\t\tCooldown: pulumi.Int(60),\n\t\t\t\tMetricAggregationType: pulumi.String(\"Maximum\"),\n\t\t\t\tStepAdjustments: appautoscaling.PolicyStepScalingPolicyConfigurationStepAdjustmentArray{\n\t\t\t\t\t&appautoscaling.PolicyStepScalingPolicyConfigurationStepAdjustmentArgs{\n\t\t\t\t\t\tMetricIntervalUpperBound: pulumi.String(\"0\"),\n\t\t\t\t\t\tScalingAdjustment: -1,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Preserve desired count when updating an autoscaled ECS Service\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecsService = new aws.ecs.Service(\"ecsService\", {\n cluster: \"clusterName\",\n taskDefinition: \"taskDefinitionFamily:1\",\n desiredCount: 2,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_service = aws.ecs.Service(\"ecsService\",\n cluster=\"clusterName\",\n task_definition=\"taskDefinitionFamily:1\",\n desired_count=2)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ecsService = new Aws.Ecs.Service(\"ecsService\", new Aws.Ecs.ServiceArgs\n {\n Cluster = \"clusterName\",\n TaskDefinition = \"taskDefinitionFamily:1\",\n DesiredCount = 2,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"ecsService\", &ecs.ServiceArgs{\n\t\t\tCluster: pulumi.String(\"clusterName\"),\n\t\t\tTaskDefinition: pulumi.String(\"taskDefinitionFamily:1\"),\n\t\t\tDesiredCount: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Aurora Read Replica Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst replicasTarget = new aws.appautoscaling.Target(\"replicasTarget\", {\n serviceNamespace: \"rds\",\n scalableDimension: \"rds:cluster:ReadReplicaCount\",\n resourceId: `cluster:${aws_rds_cluster.example.id}`,\n minCapacity: 1,\n maxCapacity: 15,\n});\nconst replicasPolicy = new aws.appautoscaling.Policy(\"replicasPolicy\", {\n serviceNamespace: replicasTarget.serviceNamespace,\n scalableDimension: replicasTarget.scalableDimension,\n resourceId: replicasTarget.resourceId,\n policyType: \"TargetTrackingScaling\",\n targetTrackingScalingPolicyConfiguration: {\n predefinedMetricSpecification: {\n predefinedMetricType: \"RDSReaderAverageCPUUtilization\",\n },\n targetValue: 75,\n scaleInCooldown: 300,\n scaleOutCooldown: 300,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nreplicas_target = aws.appautoscaling.Target(\"replicasTarget\",\n service_namespace=\"rds\",\n scalable_dimension=\"rds:cluster:ReadReplicaCount\",\n resource_id=f\"cluster:{aws_rds_cluster['example']['id']}\",\n min_capacity=1,\n max_capacity=15)\nreplicas_policy = aws.appautoscaling.Policy(\"replicasPolicy\",\n service_namespace=replicas_target.service_namespace,\n scalable_dimension=replicas_target.scalable_dimension,\n resource_id=replicas_target.resource_id,\n policy_type=\"TargetTrackingScaling\",\n target_tracking_scaling_policy_configuration=aws.appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationArgs(\n predefined_metric_specification=aws.appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecificationArgs(\n predefined_metric_type=\"RDSReaderAverageCPUUtilization\",\n ),\n target_value=75,\n scale_in_cooldown=300,\n scale_out_cooldown=300,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var replicasTarget = new Aws.AppAutoScaling.Target(\"replicasTarget\", new Aws.AppAutoScaling.TargetArgs\n {\n ServiceNamespace = \"rds\",\n ScalableDimension = \"rds:cluster:ReadReplicaCount\",\n ResourceId = $\"cluster:{aws_rds_cluster.Example.Id}\",\n MinCapacity = 1,\n MaxCapacity = 15,\n });\n var replicasPolicy = new Aws.AppAutoScaling.Policy(\"replicasPolicy\", new Aws.AppAutoScaling.PolicyArgs\n {\n ServiceNamespace = replicasTarget.ServiceNamespace,\n ScalableDimension = replicasTarget.ScalableDimension,\n ResourceId = replicasTarget.ResourceId,\n PolicyType = \"TargetTrackingScaling\",\n TargetTrackingScalingPolicyConfiguration = new Aws.AppAutoScaling.Inputs.PolicyTargetTrackingScalingPolicyConfigurationArgs\n {\n PredefinedMetricSpecification = new Aws.AppAutoScaling.Inputs.PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecificationArgs\n {\n PredefinedMetricType = \"RDSReaderAverageCPUUtilization\",\n },\n TargetValue = 75,\n ScaleInCooldown = 300,\n ScaleOutCooldown = 300,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treplicasTarget, err := appautoscaling.NewTarget(ctx, \"replicasTarget\", &appautoscaling.TargetArgs{\n\t\t\tServiceNamespace: pulumi.String(\"rds\"),\n\t\t\tScalableDimension: pulumi.String(\"rds:cluster:ReadReplicaCount\"),\n\t\t\tResourceId: pulumi.String(fmt.Sprintf(\"%v%v\", \"cluster:\", aws_rds_cluster.Example.Id)),\n\t\t\tMinCapacity: pulumi.Int(1),\n\t\t\tMaxCapacity: pulumi.Int(15),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appautoscaling.NewPolicy(ctx, \"replicasPolicy\", &appautoscaling.PolicyArgs{\n\t\t\tServiceNamespace: replicasTarget.ServiceNamespace,\n\t\t\tScalableDimension: replicasTarget.ScalableDimension,\n\t\t\tResourceId: replicasTarget.ResourceId,\n\t\t\tPolicyType: pulumi.String(\"TargetTrackingScaling\"),\n\t\t\tTargetTrackingScalingPolicyConfiguration: &appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationArgs{\n\t\t\t\tPredefinedMetricSpecification: &appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecificationArgs{\n\t\t\t\t\tPredefinedMetricType: pulumi.String(\"RDSReaderAverageCPUUtilization\"),\n\t\t\t\t},\n\t\t\t\tTargetValue: pulumi.Float64(75),\n\t\t\t\tScaleInCooldown: pulumi.Int(300),\n\t\t\t\tScaleOutCooldown: pulumi.Int(300),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### MSK / Kafka Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mskTarget = new aws.appautoscaling.Target(\"mskTarget\", {\n serviceNamespace: \"kafka\",\n scalableDimension: \"kafka:broker-storage:VolumeSize\",\n resourceId: aws_msk_cluster.example.arn,\n minCapacity: 1,\n maxCapacity: 8,\n});\nconst targets = new aws.appautoscaling.Policy(\"targets\", {\n serviceNamespace: mskTarget.serviceNamespace,\n scalableDimension: mskTarget.scalableDimension,\n resourceId: mskTarget.resourceId,\n policyType: \"TargetTrackingScaling\",\n targetTrackingScalingPolicyConfiguration: {\n predefinedMetricSpecification: {\n predefinedMetricType: \"KafkaBrokerStorageUtilization\",\n },\n targetValue: 55,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmsk_target = aws.appautoscaling.Target(\"mskTarget\",\n service_namespace=\"kafka\",\n scalable_dimension=\"kafka:broker-storage:VolumeSize\",\n resource_id=aws_msk_cluster[\"example\"][\"arn\"],\n min_capacity=1,\n max_capacity=8)\ntargets = aws.appautoscaling.Policy(\"targets\",\n service_namespace=msk_target.service_namespace,\n scalable_dimension=msk_target.scalable_dimension,\n resource_id=msk_target.resource_id,\n policy_type=\"TargetTrackingScaling\",\n target_tracking_scaling_policy_configuration=aws.appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationArgs(\n predefined_metric_specification=aws.appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecificationArgs(\n predefined_metric_type=\"KafkaBrokerStorageUtilization\",\n ),\n target_value=55,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mskTarget = new Aws.AppAutoScaling.Target(\"mskTarget\", new Aws.AppAutoScaling.TargetArgs\n {\n ServiceNamespace = \"kafka\",\n ScalableDimension = \"kafka:broker-storage:VolumeSize\",\n ResourceId = aws_msk_cluster.Example.Arn,\n MinCapacity = 1,\n MaxCapacity = 8,\n });\n var targets = new Aws.AppAutoScaling.Policy(\"targets\", new Aws.AppAutoScaling.PolicyArgs\n {\n ServiceNamespace = mskTarget.ServiceNamespace,\n ScalableDimension = mskTarget.ScalableDimension,\n ResourceId = mskTarget.ResourceId,\n PolicyType = \"TargetTrackingScaling\",\n TargetTrackingScalingPolicyConfiguration = new Aws.AppAutoScaling.Inputs.PolicyTargetTrackingScalingPolicyConfigurationArgs\n {\n PredefinedMetricSpecification = new Aws.AppAutoScaling.Inputs.PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecificationArgs\n {\n PredefinedMetricType = \"KafkaBrokerStorageUtilization\",\n },\n TargetValue = 55,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmskTarget, err := appautoscaling.NewTarget(ctx, \"mskTarget\", &appautoscaling.TargetArgs{\n\t\t\tServiceNamespace: pulumi.String(\"kafka\"),\n\t\t\tScalableDimension: pulumi.String(\"kafka:broker-storage:VolumeSize\"),\n\t\t\tResourceId: pulumi.Any(aws_msk_cluster.Example.Arn),\n\t\t\tMinCapacity: pulumi.Int(1),\n\t\t\tMaxCapacity: pulumi.Int(8),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appautoscaling.NewPolicy(ctx, \"targets\", &appautoscaling.PolicyArgs{\n\t\t\tServiceNamespace: mskTarget.ServiceNamespace,\n\t\t\tScalableDimension: mskTarget.ScalableDimension,\n\t\t\tResourceId: mskTarget.ResourceId,\n\t\t\tPolicyType: pulumi.String(\"TargetTrackingScaling\"),\n\t\t\tTargetTrackingScalingPolicyConfiguration: &appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationArgs{\n\t\t\t\tPredefinedMetricSpecification: &appautoscaling.PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecificationArgs{\n\t\t\t\t\tPredefinedMetricType: pulumi.String(\"KafkaBrokerStorageUtilization\"),\n\t\t\t\t},\n\t\t\t\tTargetValue: pulumi.Float64(55),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApplication AutoScaling Policy can be imported using the `service-namespace` , `resource-id`, `scalable-dimension` and `policy-name` separated by `/`.\n\n```sh\n $ pulumi import aws:appautoscaling/policy:Policy test-policy service-namespace/resource-id/scalable-dimension/policy-name\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to the scaling policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the policy. Must be between 1 and 255 characters in length.\n" + }, + "policyType": { + "type": "string", + "description": "The policy type. Valid values are `StepScaling` and `TargetTrackingScaling`. Defaults to `StepScaling`. Certain services only support only one policy type. For more information see the [Target Tracking Scaling Policies](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) and [Step Scaling Policies](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) documentation.\n" + }, + "resourceId": { + "type": "string", + "description": "The resource type and unique identifier string for the resource associated with the scaling policy. Documentation can be found in the `ResourceId` parameter at: [AWS Application Auto Scaling API Reference](http://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "scalableDimension": { + "type": "string", + "description": "The scalable dimension of the scalable target. Documentation can be found in the `ScalableDimension` parameter at: [AWS Application Auto Scaling API Reference](http://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "serviceNamespace": { + "type": "string", + "description": "The AWS service namespace of the scalable target. Documentation can be found in the `ServiceNamespace` parameter at: [AWS Application Auto Scaling API Reference](http://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "stepScalingPolicyConfiguration": { + "$ref": "#/types/aws:appautoscaling/PolicyStepScalingPolicyConfiguration:PolicyStepScalingPolicyConfiguration", + "description": "Step scaling policy configuration, requires `policy_type = \"StepScaling\"` (default). See supported fields below.\n" + }, + "targetTrackingScalingPolicyConfiguration": { + "$ref": "#/types/aws:appautoscaling/PolicyTargetTrackingScalingPolicyConfiguration:PolicyTargetTrackingScalingPolicyConfiguration", + "description": "A target tracking policy, requires `policy_type = \"TargetTrackingScaling\"`. See supported fields below.\n" + } + }, + "required": [ + "arn", + "name", + "resourceId", + "scalableDimension", + "serviceNamespace" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the policy. Must be between 1 and 255 characters in length.\n" + }, + "policyType": { + "type": "string", + "description": "The policy type. Valid values are `StepScaling` and `TargetTrackingScaling`. Defaults to `StepScaling`. Certain services only support only one policy type. For more information see the [Target Tracking Scaling Policies](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) and [Step Scaling Policies](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) documentation.\n" + }, + "resourceId": { + "type": "string", + "description": "The resource type and unique identifier string for the resource associated with the scaling policy. Documentation can be found in the `ResourceId` parameter at: [AWS Application Auto Scaling API Reference](http://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "scalableDimension": { + "type": "string", + "description": "The scalable dimension of the scalable target. Documentation can be found in the `ScalableDimension` parameter at: [AWS Application Auto Scaling API Reference](http://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "serviceNamespace": { + "type": "string", + "description": "The AWS service namespace of the scalable target. Documentation can be found in the `ServiceNamespace` parameter at: [AWS Application Auto Scaling API Reference](http://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "stepScalingPolicyConfiguration": { + "$ref": "#/types/aws:appautoscaling/PolicyStepScalingPolicyConfiguration:PolicyStepScalingPolicyConfiguration", + "description": "Step scaling policy configuration, requires `policy_type = \"StepScaling\"` (default). See supported fields below.\n" + }, + "targetTrackingScalingPolicyConfiguration": { + "$ref": "#/types/aws:appautoscaling/PolicyTargetTrackingScalingPolicyConfiguration:PolicyTargetTrackingScalingPolicyConfiguration", + "description": "A target tracking policy, requires `policy_type = \"TargetTrackingScaling\"`. See supported fields below.\n" + } + }, + "requiredInputs": [ + "resourceId", + "scalableDimension", + "serviceNamespace" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Policy resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to the scaling policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the policy. Must be between 1 and 255 characters in length.\n" + }, + "policyType": { + "type": "string", + "description": "The policy type. Valid values are `StepScaling` and `TargetTrackingScaling`. Defaults to `StepScaling`. Certain services only support only one policy type. For more information see the [Target Tracking Scaling Policies](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-target-tracking.html) and [Step Scaling Policies](https://docs.aws.amazon.com/autoscaling/application/userguide/application-auto-scaling-step-scaling-policies.html) documentation.\n" + }, + "resourceId": { + "type": "string", + "description": "The resource type and unique identifier string for the resource associated with the scaling policy. Documentation can be found in the `ResourceId` parameter at: [AWS Application Auto Scaling API Reference](http://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "scalableDimension": { + "type": "string", + "description": "The scalable dimension of the scalable target. Documentation can be found in the `ScalableDimension` parameter at: [AWS Application Auto Scaling API Reference](http://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "serviceNamespace": { + "type": "string", + "description": "The AWS service namespace of the scalable target. Documentation can be found in the `ServiceNamespace` parameter at: [AWS Application Auto Scaling API Reference](http://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "stepScalingPolicyConfiguration": { + "$ref": "#/types/aws:appautoscaling/PolicyStepScalingPolicyConfiguration:PolicyStepScalingPolicyConfiguration", + "description": "Step scaling policy configuration, requires `policy_type = \"StepScaling\"` (default). See supported fields below.\n" + }, + "targetTrackingScalingPolicyConfiguration": { + "$ref": "#/types/aws:appautoscaling/PolicyTargetTrackingScalingPolicyConfiguration:PolicyTargetTrackingScalingPolicyConfiguration", + "description": "A target tracking policy, requires `policy_type = \"TargetTrackingScaling\"`. See supported fields below.\n" + } + }, + "type": "object" + } + }, + "aws:appautoscaling/scheduledAction:ScheduledAction": { + "description": "Provides an Application AutoScaling ScheduledAction resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### DynamoDB Table Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dynamodbTarget = new aws.appautoscaling.Target(\"dynamodbTarget\", {\n maxCapacity: 100,\n minCapacity: 5,\n resourceId: \"table/tableName\",\n scalableDimension: \"dynamodb:table:ReadCapacityUnits\",\n serviceNamespace: \"dynamodb\",\n});\nconst dynamodbScheduledAction = new aws.appautoscaling.ScheduledAction(\"dynamodbScheduledAction\", {\n serviceNamespace: dynamodbTarget.serviceNamespace,\n resourceId: dynamodbTarget.resourceId,\n scalableDimension: dynamodbTarget.scalableDimension,\n schedule: \"at(2006-01-02T15:04:05)\",\n scalableTargetAction: {\n minCapacity: 1,\n maxCapacity: 200,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndynamodb_target = aws.appautoscaling.Target(\"dynamodbTarget\",\n max_capacity=100,\n min_capacity=5,\n resource_id=\"table/tableName\",\n scalable_dimension=\"dynamodb:table:ReadCapacityUnits\",\n service_namespace=\"dynamodb\")\ndynamodb_scheduled_action = aws.appautoscaling.ScheduledAction(\"dynamodbScheduledAction\",\n service_namespace=dynamodb_target.service_namespace,\n resource_id=dynamodb_target.resource_id,\n scalable_dimension=dynamodb_target.scalable_dimension,\n schedule=\"at(2006-01-02T15:04:05)\",\n scalable_target_action=aws.appautoscaling.ScheduledActionScalableTargetActionArgs(\n min_capacity=1,\n max_capacity=200,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dynamodbTarget = new Aws.AppAutoScaling.Target(\"dynamodbTarget\", new Aws.AppAutoScaling.TargetArgs\n {\n MaxCapacity = 100,\n MinCapacity = 5,\n ResourceId = \"table/tableName\",\n ScalableDimension = \"dynamodb:table:ReadCapacityUnits\",\n ServiceNamespace = \"dynamodb\",\n });\n var dynamodbScheduledAction = new Aws.AppAutoScaling.ScheduledAction(\"dynamodbScheduledAction\", new Aws.AppAutoScaling.ScheduledActionArgs\n {\n ServiceNamespace = dynamodbTarget.ServiceNamespace,\n ResourceId = dynamodbTarget.ResourceId,\n ScalableDimension = dynamodbTarget.ScalableDimension,\n Schedule = \"at(2006-01-02T15:04:05)\",\n ScalableTargetAction = new Aws.AppAutoScaling.Inputs.ScheduledActionScalableTargetActionArgs\n {\n MinCapacity = 1,\n MaxCapacity = 200,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdynamodbTarget, err := appautoscaling.NewTarget(ctx, \"dynamodbTarget\", &appautoscaling.TargetArgs{\n\t\t\tMaxCapacity: pulumi.Int(100),\n\t\t\tMinCapacity: pulumi.Int(5),\n\t\t\tResourceId: pulumi.String(\"table/tableName\"),\n\t\t\tScalableDimension: pulumi.String(\"dynamodb:table:ReadCapacityUnits\"),\n\t\t\tServiceNamespace: pulumi.String(\"dynamodb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appautoscaling.NewScheduledAction(ctx, \"dynamodbScheduledAction\", &appautoscaling.ScheduledActionArgs{\n\t\t\tServiceNamespace: dynamodbTarget.ServiceNamespace,\n\t\t\tResourceId: dynamodbTarget.ResourceId,\n\t\t\tScalableDimension: dynamodbTarget.ScalableDimension,\n\t\t\tSchedule: pulumi.String(\"at(2006-01-02T15:04:05)\"),\n\t\t\tScalableTargetAction: &appautoscaling.ScheduledActionScalableTargetActionArgs{\n\t\t\t\tMinCapacity: pulumi.Int(1),\n\t\t\t\tMaxCapacity: pulumi.Int(200),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### ECS Service Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecsTarget = new aws.appautoscaling.Target(\"ecsTarget\", {\n maxCapacity: 4,\n minCapacity: 1,\n resourceId: \"service/clusterName/serviceName\",\n scalableDimension: \"ecs:service:DesiredCount\",\n serviceNamespace: \"ecs\",\n});\nconst ecsScheduledAction = new aws.appautoscaling.ScheduledAction(\"ecsScheduledAction\", {\n serviceNamespace: ecsTarget.serviceNamespace,\n resourceId: ecsTarget.resourceId,\n scalableDimension: ecsTarget.scalableDimension,\n schedule: \"at(2006-01-02T15:04:05)\",\n scalableTargetAction: {\n minCapacity: 1,\n maxCapacity: 10,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_target = aws.appautoscaling.Target(\"ecsTarget\",\n max_capacity=4,\n min_capacity=1,\n resource_id=\"service/clusterName/serviceName\",\n scalable_dimension=\"ecs:service:DesiredCount\",\n service_namespace=\"ecs\")\necs_scheduled_action = aws.appautoscaling.ScheduledAction(\"ecsScheduledAction\",\n service_namespace=ecs_target.service_namespace,\n resource_id=ecs_target.resource_id,\n scalable_dimension=ecs_target.scalable_dimension,\n schedule=\"at(2006-01-02T15:04:05)\",\n scalable_target_action=aws.appautoscaling.ScheduledActionScalableTargetActionArgs(\n min_capacity=1,\n max_capacity=10,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ecsTarget = new Aws.AppAutoScaling.Target(\"ecsTarget\", new Aws.AppAutoScaling.TargetArgs\n {\n MaxCapacity = 4,\n MinCapacity = 1,\n ResourceId = \"service/clusterName/serviceName\",\n ScalableDimension = \"ecs:service:DesiredCount\",\n ServiceNamespace = \"ecs\",\n });\n var ecsScheduledAction = new Aws.AppAutoScaling.ScheduledAction(\"ecsScheduledAction\", new Aws.AppAutoScaling.ScheduledActionArgs\n {\n ServiceNamespace = ecsTarget.ServiceNamespace,\n ResourceId = ecsTarget.ResourceId,\n ScalableDimension = ecsTarget.ScalableDimension,\n Schedule = \"at(2006-01-02T15:04:05)\",\n ScalableTargetAction = new Aws.AppAutoScaling.Inputs.ScheduledActionScalableTargetActionArgs\n {\n MinCapacity = 1,\n MaxCapacity = 10,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tecsTarget, err := appautoscaling.NewTarget(ctx, \"ecsTarget\", &appautoscaling.TargetArgs{\n\t\t\tMaxCapacity: pulumi.Int(4),\n\t\t\tMinCapacity: pulumi.Int(1),\n\t\t\tResourceId: pulumi.String(\"service/clusterName/serviceName\"),\n\t\t\tScalableDimension: pulumi.String(\"ecs:service:DesiredCount\"),\n\t\t\tServiceNamespace: pulumi.String(\"ecs\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appautoscaling.NewScheduledAction(ctx, \"ecsScheduledAction\", &appautoscaling.ScheduledActionArgs{\n\t\t\tServiceNamespace: ecsTarget.ServiceNamespace,\n\t\t\tResourceId: ecsTarget.ResourceId,\n\t\t\tScalableDimension: ecsTarget.ScalableDimension,\n\t\t\tSchedule: pulumi.String(\"at(2006-01-02T15:04:05)\"),\n\t\t\tScalableTargetAction: &appautoscaling.ScheduledActionScalableTargetActionArgs{\n\t\t\t\tMinCapacity: pulumi.Int(1),\n\t\t\t\tMaxCapacity: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the scheduled action.\n" + }, + "endTime": { + "type": "string", + "description": "The date and time for the scheduled action to end in RFC 3339 format. The timezone is not affected by the setting of `timezone`.\n" + }, + "name": { + "type": "string", + "description": "The name of the scheduled action.\n" + }, + "resourceId": { + "type": "string", + "description": "The identifier of the resource associated with the scheduled action. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-ResourceId)\n" + }, + "scalableDimension": { + "type": "string", + "description": "The scalable dimension. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-ScalableDimension) Example: ecs:service:DesiredCount\n" + }, + "scalableTargetAction": { + "$ref": "#/types/aws:appautoscaling/ScheduledActionScalableTargetAction:ScheduledActionScalableTargetAction", + "description": "The new minimum and maximum capacity. You can set both values or just one. See below\n" + }, + "schedule": { + "type": "string", + "description": "The schedule for this action. The following formats are supported: At expressions - at(yyyy-mm-ddThh:mm:ss), Rate expressions - rate(valueunit), Cron expressions - cron(fields). Times for at expressions and cron expressions are evaluated using the time zone configured in `timezone`. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-Schedule)\n" + }, + "serviceNamespace": { + "type": "string", + "description": "The namespace of the AWS service. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-ServiceNamespace) Example: ecs\n" + }, + "startTime": { + "type": "string", + "description": "The date and time for the scheduled action to start in RFC 3339 format. The timezone is not affected by the setting of `timezone`.\n" + }, + "timezone": { + "type": "string", + "description": "The time zone used when setting a scheduled action by using an at or cron expression. Does not affect timezone for `start_time` and `end_time`. Valid values are the [canonical names of the IANA time zones supported by Joda-Time](https://www.joda.org/joda-time/timezones.html), such as `Etc/GMT+9` or `Pacific/Tahiti`. Default is `UTC`.\n" + } + }, + "required": [ + "arn", + "name", + "resourceId", + "scalableDimension", + "scalableTargetAction", + "schedule", + "serviceNamespace" + ], + "inputProperties": { + "endTime": { + "type": "string", + "description": "The date and time for the scheduled action to end in RFC 3339 format. The timezone is not affected by the setting of `timezone`.\n" + }, + "name": { + "type": "string", + "description": "The name of the scheduled action.\n" + }, + "resourceId": { + "type": "string", + "description": "The identifier of the resource associated with the scheduled action. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-ResourceId)\n" + }, + "scalableDimension": { + "type": "string", + "description": "The scalable dimension. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-ScalableDimension) Example: ecs:service:DesiredCount\n" + }, + "scalableTargetAction": { + "$ref": "#/types/aws:appautoscaling/ScheduledActionScalableTargetAction:ScheduledActionScalableTargetAction", + "description": "The new minimum and maximum capacity. You can set both values or just one. See below\n" + }, + "schedule": { + "type": "string", + "description": "The schedule for this action. The following formats are supported: At expressions - at(yyyy-mm-ddThh:mm:ss), Rate expressions - rate(valueunit), Cron expressions - cron(fields). Times for at expressions and cron expressions are evaluated using the time zone configured in `timezone`. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-Schedule)\n" + }, + "serviceNamespace": { + "type": "string", + "description": "The namespace of the AWS service. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-ServiceNamespace) Example: ecs\n" + }, + "startTime": { + "type": "string", + "description": "The date and time for the scheduled action to start in RFC 3339 format. The timezone is not affected by the setting of `timezone`.\n" + }, + "timezone": { + "type": "string", + "description": "The time zone used when setting a scheduled action by using an at or cron expression. Does not affect timezone for `start_time` and `end_time`. Valid values are the [canonical names of the IANA time zones supported by Joda-Time](https://www.joda.org/joda-time/timezones.html), such as `Etc/GMT+9` or `Pacific/Tahiti`. Default is `UTC`.\n" + } + }, + "requiredInputs": [ + "resourceId", + "scalableDimension", + "scalableTargetAction", + "schedule", + "serviceNamespace" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ScheduledAction resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the scheduled action.\n" + }, + "endTime": { + "type": "string", + "description": "The date and time for the scheduled action to end in RFC 3339 format. The timezone is not affected by the setting of `timezone`.\n" + }, + "name": { + "type": "string", + "description": "The name of the scheduled action.\n" + }, + "resourceId": { + "type": "string", + "description": "The identifier of the resource associated with the scheduled action. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-ResourceId)\n" + }, + "scalableDimension": { + "type": "string", + "description": "The scalable dimension. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-ScalableDimension) Example: ecs:service:DesiredCount\n" + }, + "scalableTargetAction": { + "$ref": "#/types/aws:appautoscaling/ScheduledActionScalableTargetAction:ScheduledActionScalableTargetAction", + "description": "The new minimum and maximum capacity. You can set both values or just one. See below\n" + }, + "schedule": { + "type": "string", + "description": "The schedule for this action. The following formats are supported: At expressions - at(yyyy-mm-ddThh:mm:ss), Rate expressions - rate(valueunit), Cron expressions - cron(fields). Times for at expressions and cron expressions are evaluated using the time zone configured in `timezone`. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-Schedule)\n" + }, + "serviceNamespace": { + "type": "string", + "description": "The namespace of the AWS service. Documentation can be found in the parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/ApplicationAutoScaling/latest/APIReference/API_PutScheduledAction.html#ApplicationAutoScaling-PutScheduledAction-request-ServiceNamespace) Example: ecs\n" + }, + "startTime": { + "type": "string", + "description": "The date and time for the scheduled action to start in RFC 3339 format. The timezone is not affected by the setting of `timezone`.\n" + }, + "timezone": { + "type": "string", + "description": "The time zone used when setting a scheduled action by using an at or cron expression. Does not affect timezone for `start_time` and `end_time`. Valid values are the [canonical names of the IANA time zones supported by Joda-Time](https://www.joda.org/joda-time/timezones.html), such as `Etc/GMT+9` or `Pacific/Tahiti`. Default is `UTC`.\n" + } + }, + "type": "object" + } + }, + "aws:appautoscaling/target:Target": { + "description": "Provides an Application AutoScaling ScalableTarget resource. To manage policies which get attached to the target, see the `aws.appautoscaling.Policy` resource.\n\n> **NOTE:** The [Application Auto Scaling service automatically attempts to manage IAM Service-Linked Roles](https://docs.aws.amazon.com/autoscaling/application/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-roles) when registering certain service namespaces for the first time. To manually manage this role, see the `aws.iam.ServiceLinkedRole` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### DynamoDB Table Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dynamodbTableReadTarget = new aws.appautoscaling.Target(\"dynamodb_table_read_target\", {\n maxCapacity: 100,\n minCapacity: 5,\n resourceId: pulumi.interpolate`table/${aws_dynamodb_table_example.name}`,\n scalableDimension: \"dynamodb:table:ReadCapacityUnits\",\n serviceNamespace: \"dynamodb\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndynamodb_table_read_target = aws.appautoscaling.Target(\"dynamodbTableReadTarget\",\n max_capacity=100,\n min_capacity=5,\n resource_id=f\"table/{aws_dynamodb_table['example']['name']}\",\n scalable_dimension=\"dynamodb:table:ReadCapacityUnits\",\n service_namespace=\"dynamodb\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dynamodbTableReadTarget = new Aws.AppAutoScaling.Target(\"dynamodbTableReadTarget\", new Aws.AppAutoScaling.TargetArgs\n {\n MaxCapacity = 100,\n MinCapacity = 5,\n ResourceId = $\"table/{aws_dynamodb_table.Example.Name}\",\n ScalableDimension = \"dynamodb:table:ReadCapacityUnits\",\n ServiceNamespace = \"dynamodb\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appautoscaling.NewTarget(ctx, \"dynamodbTableReadTarget\", &appautoscaling.TargetArgs{\n\t\t\tMaxCapacity: pulumi.Int(100),\n\t\t\tMinCapacity: pulumi.Int(5),\n\t\t\tResourceId: pulumi.String(fmt.Sprintf(\"%v%v\", \"table/\", aws_dynamodb_table.Example.Name)),\n\t\t\tScalableDimension: pulumi.String(\"dynamodb:table:ReadCapacityUnits\"),\n\t\t\tServiceNamespace: pulumi.String(\"dynamodb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### DynamoDB Index Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dynamodbIndexReadTarget = new aws.appautoscaling.Target(\"dynamodb_index_read_target\", {\n maxCapacity: 100,\n minCapacity: 5,\n resourceId: pulumi.interpolate`table/${aws_dynamodb_table_example.name}/index/${var_index_name}`,\n scalableDimension: \"dynamodb:index:ReadCapacityUnits\",\n serviceNamespace: \"dynamodb\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndynamodb_index_read_target = aws.appautoscaling.Target(\"dynamodbIndexReadTarget\",\n max_capacity=100,\n min_capacity=5,\n resource_id=f\"table/{aws_dynamodb_table['example']['name']}/index/{var['index_name']}\",\n scalable_dimension=\"dynamodb:index:ReadCapacityUnits\",\n service_namespace=\"dynamodb\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dynamodbIndexReadTarget = new Aws.AppAutoScaling.Target(\"dynamodbIndexReadTarget\", new Aws.AppAutoScaling.TargetArgs\n {\n MaxCapacity = 100,\n MinCapacity = 5,\n ResourceId = $\"table/{aws_dynamodb_table.Example.Name}/index/{@var.Index_name}\",\n ScalableDimension = \"dynamodb:index:ReadCapacityUnits\",\n ServiceNamespace = \"dynamodb\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appautoscaling.NewTarget(ctx, \"dynamodbIndexReadTarget\", &appautoscaling.TargetArgs{\n\t\t\tMaxCapacity: pulumi.Int(100),\n\t\t\tMinCapacity: pulumi.Int(5),\n\t\t\tResourceId: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"table/\", aws_dynamodb_table.Example.Name, \"/index/\", _var.Index_name)),\n\t\t\tScalableDimension: pulumi.String(\"dynamodb:index:ReadCapacityUnits\"),\n\t\t\tServiceNamespace: pulumi.String(\"dynamodb\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### ECS Service Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecsTarget = new aws.appautoscaling.Target(\"ecs_target\", {\n maxCapacity: 4,\n minCapacity: 1,\n resourceId: pulumi.interpolate`service/${aws_ecs_cluster_example.name}/${aws_ecs_service_example.name}`,\n scalableDimension: \"ecs:service:DesiredCount\",\n serviceNamespace: \"ecs\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_target = aws.appautoscaling.Target(\"ecsTarget\",\n max_capacity=4,\n min_capacity=1,\n resource_id=f\"service/{aws_ecs_cluster['example']['name']}/{aws_ecs_service['example']['name']}\",\n scalable_dimension=\"ecs:service:DesiredCount\",\n service_namespace=\"ecs\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ecsTarget = new Aws.AppAutoScaling.Target(\"ecsTarget\", new Aws.AppAutoScaling.TargetArgs\n {\n MaxCapacity = 4,\n MinCapacity = 1,\n ResourceId = $\"service/{aws_ecs_cluster.Example.Name}/{aws_ecs_service.Example.Name}\",\n ScalableDimension = \"ecs:service:DesiredCount\",\n ServiceNamespace = \"ecs\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appautoscaling.NewTarget(ctx, \"ecsTarget\", &appautoscaling.TargetArgs{\n\t\t\tMaxCapacity: pulumi.Int(4),\n\t\t\tMinCapacity: pulumi.Int(1),\n\t\t\tResourceId: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"service/\", aws_ecs_cluster.Example.Name, \"/\", aws_ecs_service.Example.Name)),\n\t\t\tScalableDimension: pulumi.String(\"ecs:service:DesiredCount\"),\n\t\t\tServiceNamespace: pulumi.String(\"ecs\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Aurora Read Replica Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst replicas = new aws.appautoscaling.Target(\"replicas\", {\n maxCapacity: 15,\n minCapacity: 1,\n resourceId: pulumi.interpolate`cluster:${aws_rds_cluster_example.id}`,\n scalableDimension: \"rds:cluster:ReadReplicaCount\",\n serviceNamespace: \"rds\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nreplicas = aws.appautoscaling.Target(\"replicas\",\n max_capacity=15,\n min_capacity=1,\n resource_id=f\"cluster:{aws_rds_cluster['example']['id']}\",\n scalable_dimension=\"rds:cluster:ReadReplicaCount\",\n service_namespace=\"rds\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var replicas = new Aws.AppAutoScaling.Target(\"replicas\", new Aws.AppAutoScaling.TargetArgs\n {\n MaxCapacity = 15,\n MinCapacity = 1,\n ResourceId = $\"cluster:{aws_rds_cluster.Example.Id}\",\n ScalableDimension = \"rds:cluster:ReadReplicaCount\",\n ServiceNamespace = \"rds\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appautoscaling.NewTarget(ctx, \"replicas\", &appautoscaling.TargetArgs{\n\t\t\tMaxCapacity: pulumi.Int(15),\n\t\t\tMinCapacity: pulumi.Int(1),\n\t\t\tResourceId: pulumi.String(fmt.Sprintf(\"%v%v\", \"cluster:\", aws_rds_cluster.Example.Id)),\n\t\t\tScalableDimension: pulumi.String(\"rds:cluster:ReadReplicaCount\"),\n\t\t\tServiceNamespace: pulumi.String(\"rds\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### MSK / Kafka Autoscaling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mskTarget = new aws.appautoscaling.Target(\"msk_target\", {\n maxCapacity: 8,\n minCapacity: 1,\n resourceId: aws_msk_cluster_example.arn,\n scalableDimension: \"kafka:broker-storage:VolumeSize\",\n serviceNamespace: \"kafka\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmsk_target = aws.appautoscaling.Target(\"mskTarget\",\n max_capacity=8,\n min_capacity=1,\n resource_id=aws_msk_cluster[\"example\"][\"arn\"],\n scalable_dimension=\"kafka:broker-storage:VolumeSize\",\n service_namespace=\"kafka\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mskTarget = new Aws.AppAutoScaling.Target(\"mskTarget\", new Aws.AppAutoScaling.TargetArgs\n {\n MaxCapacity = 8,\n MinCapacity = 1,\n ResourceId = aws_msk_cluster.Example.Arn,\n ScalableDimension = \"kafka:broker-storage:VolumeSize\",\n ServiceNamespace = \"kafka\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appautoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appautoscaling.NewTarget(ctx, \"mskTarget\", &appautoscaling.TargetArgs{\n\t\t\tMaxCapacity: pulumi.Int(8),\n\t\t\tMinCapacity: pulumi.Int(1),\n\t\t\tResourceId: pulumi.Any(aws_msk_cluster.Example.Arn),\n\t\t\tScalableDimension: pulumi.String(\"kafka:broker-storage:VolumeSize\"),\n\t\t\tServiceNamespace: pulumi.String(\"kafka\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApplication AutoScaling Target can be imported using the `service-namespace` , `resource-id` and `scalable-dimension` separated by `/`.\n\n```sh\n $ pulumi import aws:appautoscaling/target:Target test-target service-namespace/resource-id/scalable-dimension\n```\n\n ", + "properties": { + "maxCapacity": { + "type": "integer", + "description": "The max capacity of the scalable target.\n" + }, + "minCapacity": { + "type": "integer", + "description": "The min capacity of the scalable target.\n" + }, + "resourceId": { + "type": "string", + "description": "The resource type and unique identifier string for the resource associated with the scaling policy. Documentation can be found in the `ResourceId` parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/application/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that allows Application AutoScaling to modify your scalable target on your behalf. This defaults to an IAM Service-Linked Role for most services and custom IAM Roles are ignored by the API for those namespaces. See the [AWS Application Auto Scaling documentation](https://docs.aws.amazon.com/autoscaling/application/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-roles) for more information about how this service interacts with IAM.\n" + }, + "scalableDimension": { + "type": "string", + "description": "The scalable dimension of the scalable target. Documentation can be found in the `ScalableDimension` parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/application/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "serviceNamespace": { + "type": "string", + "description": "The AWS service namespace of the scalable target. Documentation can be found in the `ServiceNamespace` parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/application/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + } + }, + "required": [ + "maxCapacity", + "minCapacity", + "resourceId", + "roleArn", + "scalableDimension", + "serviceNamespace" + ], + "inputProperties": { + "maxCapacity": { + "type": "integer", + "description": "The max capacity of the scalable target.\n" + }, + "minCapacity": { + "type": "integer", + "description": "The min capacity of the scalable target.\n" + }, + "resourceId": { + "type": "string", + "description": "The resource type and unique identifier string for the resource associated with the scaling policy. Documentation can be found in the `ResourceId` parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/application/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that allows Application AutoScaling to modify your scalable target on your behalf. This defaults to an IAM Service-Linked Role for most services and custom IAM Roles are ignored by the API for those namespaces. See the [AWS Application Auto Scaling documentation](https://docs.aws.amazon.com/autoscaling/application/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-roles) for more information about how this service interacts with IAM.\n" + }, + "scalableDimension": { + "type": "string", + "description": "The scalable dimension of the scalable target. Documentation can be found in the `ScalableDimension` parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/application/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "serviceNamespace": { + "type": "string", + "description": "The AWS service namespace of the scalable target. Documentation can be found in the `ServiceNamespace` parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/application/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + } + }, + "requiredInputs": [ + "maxCapacity", + "minCapacity", + "resourceId", + "scalableDimension", + "serviceNamespace" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Target resources.\n", + "properties": { + "maxCapacity": { + "type": "integer", + "description": "The max capacity of the scalable target.\n" + }, + "minCapacity": { + "type": "integer", + "description": "The min capacity of the scalable target.\n" + }, + "resourceId": { + "type": "string", + "description": "The resource type and unique identifier string for the resource associated with the scaling policy. Documentation can be found in the `ResourceId` parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/application/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that allows Application AutoScaling to modify your scalable target on your behalf. This defaults to an IAM Service-Linked Role for most services and custom IAM Roles are ignored by the API for those namespaces. See the [AWS Application Auto Scaling documentation](https://docs.aws.amazon.com/autoscaling/application/userguide/security_iam_service-with-iam.html#security_iam_service-with-iam-roles) for more information about how this service interacts with IAM.\n" + }, + "scalableDimension": { + "type": "string", + "description": "The scalable dimension of the scalable target. Documentation can be found in the `ScalableDimension` parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/application/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + }, + "serviceNamespace": { + "type": "string", + "description": "The AWS service namespace of the scalable target. Documentation can be found in the `ServiceNamespace` parameter at: [AWS Application Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/application/APIReference/API_RegisterScalableTarget.html#API_RegisterScalableTarget_RequestParameters)\n" + } + }, + "type": "object" + } + }, + "aws:appconfig/application:Application": { + "description": "Provides an AppConfig Application resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appconfig.Application(\"example\", {\n description: \"Example AppConfig Application\",\n tags: {\n Type: \"AppConfig Application\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appconfig.Application(\"example\",\n description=\"Example AppConfig Application\",\n tags={\n \"Type\": \"AppConfig Application\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppConfig.Application(\"example\", new Aws.AppConfig.ApplicationArgs\n {\n Description = \"Example AppConfig Application\",\n Tags = \n {\n { \"Type\", \"AppConfig Application\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appconfig.NewApplication(ctx, \"example\", &appconfig.ApplicationArgs{\n\t\t\tDescription: pulumi.String(\"Example AppConfig Application\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Type\": pulumi.String(\"AppConfig Application\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAppConfig Applications can be imported using their application ID, e.g.\n\n```sh\n $ pulumi import aws:appconfig/application:Application example 71rxuzt\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig Application.\n" + }, + "description": { + "type": "string", + "description": "The description of the application. Can be at most 1024 characters.\n" + }, + "name": { + "type": "string", + "description": "The name for the application. Must be between 1 and 64 characters in length.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the application. Can be at most 1024 characters.\n" + }, + "name": { + "type": "string", + "description": "The name for the application. Must be between 1 and 64 characters in length.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Application resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig Application.\n" + }, + "description": { + "type": "string", + "description": "The description of the application. Can be at most 1024 characters.\n" + }, + "name": { + "type": "string", + "description": "The name for the application. Must be between 1 and 64 characters in length.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "type": "object" + } + }, + "aws:appconfig/configurationProfile:ConfigurationProfile": { + "description": "Provides an AppConfig Configuration Profile resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appconfig.ConfigurationProfile(\"example\", {\n applicationId: aws_appconfig_application.example.id,\n description: \"Example Configuration Profile\",\n locationUri: \"hosted\",\n validators: [{\n content: aws_lambda_function.example.arn,\n type: \"LAMBDA\",\n }],\n tags: {\n Type: \"AppConfig Configuration Profile\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appconfig.ConfigurationProfile(\"example\",\n application_id=aws_appconfig_application[\"example\"][\"id\"],\n description=\"Example Configuration Profile\",\n location_uri=\"hosted\",\n validators=[aws.appconfig.ConfigurationProfileValidatorArgs(\n content=aws_lambda_function[\"example\"][\"arn\"],\n type=\"LAMBDA\",\n )],\n tags={\n \"Type\": \"AppConfig Configuration Profile\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppConfig.ConfigurationProfile(\"example\", new Aws.AppConfig.ConfigurationProfileArgs\n {\n ApplicationId = aws_appconfig_application.Example.Id,\n Description = \"Example Configuration Profile\",\n LocationUri = \"hosted\",\n Validators = \n {\n new Aws.AppConfig.Inputs.ConfigurationProfileValidatorArgs\n {\n Content = aws_lambda_function.Example.Arn,\n Type = \"LAMBDA\",\n },\n },\n Tags = \n {\n { \"Type\", \"AppConfig Configuration Profile\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appconfig.NewConfigurationProfile(ctx, \"example\", &appconfig.ConfigurationProfileArgs{\n\t\t\tApplicationId: pulumi.Any(aws_appconfig_application.Example.Id),\n\t\t\tDescription: pulumi.String(\"Example Configuration Profile\"),\n\t\t\tLocationUri: pulumi.String(\"hosted\"),\n\t\t\tValidators: appconfig.ConfigurationProfileValidatorArray{\n\t\t\t\t&appconfig.ConfigurationProfileValidatorArgs{\n\t\t\t\t\tContent: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\t\t\tType: pulumi.String(\"LAMBDA\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Type\": pulumi.String(\"AppConfig Configuration Profile\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAppConfig Configuration Profiles can be imported by using the configuration profile ID and application ID separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:appconfig/configurationProfile:ConfigurationProfile example 71abcde:11xxxxx\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID. Must be between 4 and 7 characters in length.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig Configuration Profile.\n" + }, + "configurationProfileId": { + "type": "string", + "description": "The configuration profile ID.\n" + }, + "description": { + "type": "string", + "description": "The description of the configuration profile. Can be at most 1024 characters.\n" + }, + "locationUri": { + "type": "string", + "description": "A URI to locate the configuration. You can specify the AWS AppConfig hosted configuration store, Systems Manager (SSM) document, an SSM Parameter Store parameter, or an Amazon S3 object. For the hosted configuration store, specify `hosted`. For an SSM document, specify either the document name in the format `ssm-document://` or the Amazon Resource Name (ARN). For a parameter, specify either the parameter name in the format `ssm-parameter://` or the ARN. For an Amazon S3 object, specify the URI in the following format: `s3:///`.\n" + }, + "name": { + "type": "string", + "description": "The name for the configuration profile. Must be between 1 and 64 characters in length.\n" + }, + "retrievalRoleArn": { + "type": "string", + "description": "The ARN of an IAM role with permission to access the configuration at the specified `location_uri`. A retrieval role ARN is not required for configurations stored in the AWS AppConfig `hosted` configuration store. It is required for all other sources that store your configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "validators": { + "type": "array", + "items": { + "$ref": "#/types/aws:appconfig/ConfigurationProfileValidator:ConfigurationProfileValidator" + }, + "description": "A set of methods for validating the configuration. Maximum of 2. See Validator below for more details.\n" + } + }, + "required": [ + "applicationId", + "arn", + "configurationProfileId", + "locationUri", + "name", + "tagsAll" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID. Must be between 4 and 7 characters in length.\n" + }, + "description": { + "type": "string", + "description": "The description of the configuration profile. Can be at most 1024 characters.\n" + }, + "locationUri": { + "type": "string", + "description": "A URI to locate the configuration. You can specify the AWS AppConfig hosted configuration store, Systems Manager (SSM) document, an SSM Parameter Store parameter, or an Amazon S3 object. For the hosted configuration store, specify `hosted`. For an SSM document, specify either the document name in the format `ssm-document://` or the Amazon Resource Name (ARN). For a parameter, specify either the parameter name in the format `ssm-parameter://` or the ARN. For an Amazon S3 object, specify the URI in the following format: `s3:///`.\n" + }, + "name": { + "type": "string", + "description": "The name for the configuration profile. Must be between 1 and 64 characters in length.\n" + }, + "retrievalRoleArn": { + "type": "string", + "description": "The ARN of an IAM role with permission to access the configuration at the specified `location_uri`. A retrieval role ARN is not required for configurations stored in the AWS AppConfig `hosted` configuration store. It is required for all other sources that store your configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "validators": { + "type": "array", + "items": { + "$ref": "#/types/aws:appconfig/ConfigurationProfileValidator:ConfigurationProfileValidator" + }, + "description": "A set of methods for validating the configuration. Maximum of 2. See Validator below for more details.\n" + } + }, + "requiredInputs": [ + "applicationId", + "locationUri" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ConfigurationProfile resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID. Must be between 4 and 7 characters in length.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig Configuration Profile.\n" + }, + "configurationProfileId": { + "type": "string", + "description": "The configuration profile ID.\n" + }, + "description": { + "type": "string", + "description": "The description of the configuration profile. Can be at most 1024 characters.\n" + }, + "locationUri": { + "type": "string", + "description": "A URI to locate the configuration. You can specify the AWS AppConfig hosted configuration store, Systems Manager (SSM) document, an SSM Parameter Store parameter, or an Amazon S3 object. For the hosted configuration store, specify `hosted`. For an SSM document, specify either the document name in the format `ssm-document://` or the Amazon Resource Name (ARN). For a parameter, specify either the parameter name in the format `ssm-parameter://` or the ARN. For an Amazon S3 object, specify the URI in the following format: `s3:///`.\n" + }, + "name": { + "type": "string", + "description": "The name for the configuration profile. Must be between 1 and 64 characters in length.\n" + }, + "retrievalRoleArn": { + "type": "string", + "description": "The ARN of an IAM role with permission to access the configuration at the specified `location_uri`. A retrieval role ARN is not required for configurations stored in the AWS AppConfig `hosted` configuration store. It is required for all other sources that store your configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "validators": { + "type": "array", + "items": { + "$ref": "#/types/aws:appconfig/ConfigurationProfileValidator:ConfigurationProfileValidator" + }, + "description": "A set of methods for validating the configuration. Maximum of 2. See Validator below for more details.\n" + } + }, + "type": "object" + } + }, + "aws:appconfig/deployment:Deployment": { + "description": "Provides an AppConfig Deployment resource for an `aws.appconfig.Application` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appconfig.Deployment(\"example\", {\n applicationId: aws_appconfig_application.example.id,\n configurationProfileId: aws_appconfig_configuration_profile.example.configuration_profile_id,\n configurationVersion: aws_appconfig_hosted_configuration_version.example.version_number,\n deploymentStrategyId: aws_appconfig_deployment_strategy.example.id,\n description: \"My example deployment\",\n environmentId: aws_appconfig_environment.example.environment_id,\n tags: {\n Type: \"AppConfig Deployment\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appconfig.Deployment(\"example\",\n application_id=aws_appconfig_application[\"example\"][\"id\"],\n configuration_profile_id=aws_appconfig_configuration_profile[\"example\"][\"configuration_profile_id\"],\n configuration_version=aws_appconfig_hosted_configuration_version[\"example\"][\"version_number\"],\n deployment_strategy_id=aws_appconfig_deployment_strategy[\"example\"][\"id\"],\n description=\"My example deployment\",\n environment_id=aws_appconfig_environment[\"example\"][\"environment_id\"],\n tags={\n \"Type\": \"AppConfig Deployment\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppConfig.Deployment(\"example\", new Aws.AppConfig.DeploymentArgs\n {\n ApplicationId = aws_appconfig_application.Example.Id,\n ConfigurationProfileId = aws_appconfig_configuration_profile.Example.Configuration_profile_id,\n ConfigurationVersion = aws_appconfig_hosted_configuration_version.Example.Version_number,\n DeploymentStrategyId = aws_appconfig_deployment_strategy.Example.Id,\n Description = \"My example deployment\",\n EnvironmentId = aws_appconfig_environment.Example.Environment_id,\n Tags = \n {\n { \"Type\", \"AppConfig Deployment\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appconfig.NewDeployment(ctx, \"example\", &appconfig.DeploymentArgs{\n\t\t\tApplicationId: pulumi.Any(aws_appconfig_application.Example.Id),\n\t\t\tConfigurationProfileId: pulumi.Any(aws_appconfig_configuration_profile.Example.Configuration_profile_id),\n\t\t\tConfigurationVersion: pulumi.Any(aws_appconfig_hosted_configuration_version.Example.Version_number),\n\t\t\tDeploymentStrategyId: pulumi.Any(aws_appconfig_deployment_strategy.Example.Id),\n\t\t\tDescription: pulumi.String(\"My example deployment\"),\n\t\t\tEnvironmentId: pulumi.Any(aws_appconfig_environment.Example.Environment_id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Type\": pulumi.String(\"AppConfig Deployment\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAppConfig Deployments can be imported by using the application ID, environment ID, and deployment number separated by a slash (`/`), e.g.\n\n```sh\n $ pulumi import aws:appconfig/deployment:Deployment example 71abcde/11xxxxx/1\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID. Must be between 4 and 7 characters in length.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig Deployment.\n" + }, + "configurationProfileId": { + "type": "string", + "description": "The configuration profile ID. Must be between 4 and 7 characters in length.\n" + }, + "configurationVersion": { + "type": "string", + "description": "The configuration version to deploy. Can be at most 1024 characters.\n" + }, + "deploymentNumber": { + "type": "integer", + "description": "The deployment number.\n" + }, + "deploymentStrategyId": { + "type": "string", + "description": "The deployment strategy ID or name of a predefined deployment strategy. See [Predefined Deployment Strategies](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-deployment-strategy.html#appconfig-creating-deployment-strategy-predefined) for more details.\n" + }, + "description": { + "type": "string", + "description": "The description of the deployment. Can be at most 1024 characters.\n" + }, + "environmentId": { + "type": "string", + "description": "The environment ID. Must be between 4 and 7 characters in length.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "required": [ + "applicationId", + "arn", + "configurationProfileId", + "configurationVersion", + "deploymentNumber", + "deploymentStrategyId", + "environmentId", + "tagsAll" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID. Must be between 4 and 7 characters in length.\n" + }, + "configurationProfileId": { + "type": "string", + "description": "The configuration profile ID. Must be between 4 and 7 characters in length.\n" + }, + "configurationVersion": { + "type": "string", + "description": "The configuration version to deploy. Can be at most 1024 characters.\n" + }, + "deploymentStrategyId": { + "type": "string", + "description": "The deployment strategy ID or name of a predefined deployment strategy. See [Predefined Deployment Strategies](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-deployment-strategy.html#appconfig-creating-deployment-strategy-predefined) for more details.\n" + }, + "description": { + "type": "string", + "description": "The description of the deployment. Can be at most 1024 characters.\n" + }, + "environmentId": { + "type": "string", + "description": "The environment ID. Must be between 4 and 7 characters in length.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "requiredInputs": [ + "applicationId", + "configurationProfileId", + "configurationVersion", + "deploymentStrategyId", + "environmentId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Deployment resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID. Must be between 4 and 7 characters in length.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig Deployment.\n" + }, + "configurationProfileId": { + "type": "string", + "description": "The configuration profile ID. Must be between 4 and 7 characters in length.\n" + }, + "configurationVersion": { + "type": "string", + "description": "The configuration version to deploy. Can be at most 1024 characters.\n" + }, + "deploymentNumber": { + "type": "integer", + "description": "The deployment number.\n" + }, + "deploymentStrategyId": { + "type": "string", + "description": "The deployment strategy ID or name of a predefined deployment strategy. See [Predefined Deployment Strategies](https://docs.aws.amazon.com/appconfig/latest/userguide/appconfig-creating-deployment-strategy.html#appconfig-creating-deployment-strategy-predefined) for more details.\n" + }, + "description": { + "type": "string", + "description": "The description of the deployment. Can be at most 1024 characters.\n" + }, + "environmentId": { + "type": "string", + "description": "The environment ID. Must be between 4 and 7 characters in length.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "type": "object" + } + }, + "aws:appconfig/deploymentStrategy:DeploymentStrategy": { + "description": "Provides an AppConfig Deployment Strategy resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appconfig.DeploymentStrategy(\"example\", {\n deploymentDurationInMinutes: 3,\n description: \"Example Deployment Strategy\",\n finalBakeTimeInMinutes: 4,\n growthFactor: 10,\n growthType: \"LINEAR\",\n replicateTo: \"NONE\",\n tags: {\n Type: \"AppConfig Deployment Strategy\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appconfig.DeploymentStrategy(\"example\",\n deployment_duration_in_minutes=3,\n description=\"Example Deployment Strategy\",\n final_bake_time_in_minutes=4,\n growth_factor=10,\n growth_type=\"LINEAR\",\n replicate_to=\"NONE\",\n tags={\n \"Type\": \"AppConfig Deployment Strategy\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppConfig.DeploymentStrategy(\"example\", new Aws.AppConfig.DeploymentStrategyArgs\n {\n DeploymentDurationInMinutes = 3,\n Description = \"Example Deployment Strategy\",\n FinalBakeTimeInMinutes = 4,\n GrowthFactor = 10,\n GrowthType = \"LINEAR\",\n ReplicateTo = \"NONE\",\n Tags = \n {\n { \"Type\", \"AppConfig Deployment Strategy\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appconfig.NewDeploymentStrategy(ctx, \"example\", &appconfig.DeploymentStrategyArgs{\n\t\t\tDeploymentDurationInMinutes: pulumi.Int(3),\n\t\t\tDescription: pulumi.String(\"Example Deployment Strategy\"),\n\t\t\tFinalBakeTimeInMinutes: pulumi.Int(4),\n\t\t\tGrowthFactor: pulumi.Float64(10),\n\t\t\tGrowthType: pulumi.String(\"LINEAR\"),\n\t\t\tReplicateTo: pulumi.String(\"NONE\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Type\": pulumi.String(\"AppConfig Deployment Strategy\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAppConfig Deployment Strategies can be imported by using their deployment strategy ID, e.g.\n\n```sh\n $ pulumi import aws:appconfig/deploymentStrategy:DeploymentStrategy example 11xxxxx\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy.\n" + }, + "deploymentDurationInMinutes": { + "type": "integer", + "description": "Total amount of time for a deployment to last. Minimum value of 0, maximum value of 1440.\n" + }, + "description": { + "type": "string", + "description": "A description of the deployment strategy. Can be at most 1024 characters.\n" + }, + "finalBakeTimeInMinutes": { + "type": "integer", + "description": "The amount of time AWS AppConfig monitors for alarms before considering the deployment to be complete and no longer eligible for automatic roll back. Minimum value of 0, maximum value of 1440.\n" + }, + "growthFactor": { + "type": "number", + "description": "The percentage of targets to receive a deployed configuration during each interval. Minimum value of 1.0, maximum value of 100.0.\n" + }, + "growthType": { + "type": "string", + "description": "The algorithm used to define how percentage grows over time. Valid value: `LINEAR` and `EXPONENTIAL`. Defaults to `LINEAR`.\n" + }, + "name": { + "type": "string", + "description": "A name for the deployment strategy. Must be between 1 and 64 characters in length.\n" + }, + "replicateTo": { + "type": "string", + "description": "Where to save the deployment strategy. Valid values: `NONE` and `SSM_DOCUMENT`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "required": [ + "arn", + "deploymentDurationInMinutes", + "growthFactor", + "name", + "replicateTo", + "tagsAll" + ], + "inputProperties": { + "deploymentDurationInMinutes": { + "type": "integer", + "description": "Total amount of time for a deployment to last. Minimum value of 0, maximum value of 1440.\n" + }, + "description": { + "type": "string", + "description": "A description of the deployment strategy. Can be at most 1024 characters.\n" + }, + "finalBakeTimeInMinutes": { + "type": "integer", + "description": "The amount of time AWS AppConfig monitors for alarms before considering the deployment to be complete and no longer eligible for automatic roll back. Minimum value of 0, maximum value of 1440.\n" + }, + "growthFactor": { + "type": "number", + "description": "The percentage of targets to receive a deployed configuration during each interval. Minimum value of 1.0, maximum value of 100.0.\n" + }, + "growthType": { + "type": "string", + "description": "The algorithm used to define how percentage grows over time. Valid value: `LINEAR` and `EXPONENTIAL`. Defaults to `LINEAR`.\n" + }, + "name": { + "type": "string", + "description": "A name for the deployment strategy. Must be between 1 and 64 characters in length.\n" + }, + "replicateTo": { + "type": "string", + "description": "Where to save the deployment strategy. Valid values: `NONE` and `SSM_DOCUMENT`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "requiredInputs": [ + "deploymentDurationInMinutes", + "growthFactor", + "replicateTo" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DeploymentStrategy resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig Deployment Strategy.\n" + }, + "deploymentDurationInMinutes": { + "type": "integer", + "description": "Total amount of time for a deployment to last. Minimum value of 0, maximum value of 1440.\n" + }, + "description": { + "type": "string", + "description": "A description of the deployment strategy. Can be at most 1024 characters.\n" + }, + "finalBakeTimeInMinutes": { + "type": "integer", + "description": "The amount of time AWS AppConfig monitors for alarms before considering the deployment to be complete and no longer eligible for automatic roll back. Minimum value of 0, maximum value of 1440.\n" + }, + "growthFactor": { + "type": "number", + "description": "The percentage of targets to receive a deployed configuration during each interval. Minimum value of 1.0, maximum value of 100.0.\n" + }, + "growthType": { + "type": "string", + "description": "The algorithm used to define how percentage grows over time. Valid value: `LINEAR` and `EXPONENTIAL`. Defaults to `LINEAR`.\n" + }, + "name": { + "type": "string", + "description": "A name for the deployment strategy. Must be between 1 and 64 characters in length.\n" + }, + "replicateTo": { + "type": "string", + "description": "Where to save the deployment strategy. Valid values: `NONE` and `SSM_DOCUMENT`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "type": "object" + } + }, + "aws:appconfig/environment:Environment": { + "description": "Provides an AppConfig Environment resource for an `aws.appconfig.Application` resource. One or more environments can be defined for an application.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleApplication = new aws.appconfig.Application(\"exampleApplication\", {\n description: \"Example AppConfig Application\",\n tags: {\n Type: \"AppConfig Application\",\n },\n});\nconst exampleEnvironment = new aws.appconfig.Environment(\"exampleEnvironment\", {\n description: \"Example AppConfig Environment\",\n applicationId: exampleApplication.id,\n monitors: [{\n alarmArn: aws_cloudwatch_metric_alarm.example.arn,\n alarmRoleArn: aws_iam_role.example.arn,\n }],\n tags: {\n Type: \"AppConfig Environment\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_application = aws.appconfig.Application(\"exampleApplication\",\n description=\"Example AppConfig Application\",\n tags={\n \"Type\": \"AppConfig Application\",\n })\nexample_environment = aws.appconfig.Environment(\"exampleEnvironment\",\n description=\"Example AppConfig Environment\",\n application_id=example_application.id,\n monitors=[aws.appconfig.EnvironmentMonitorArgs(\n alarm_arn=aws_cloudwatch_metric_alarm[\"example\"][\"arn\"],\n alarm_role_arn=aws_iam_role[\"example\"][\"arn\"],\n )],\n tags={\n \"Type\": \"AppConfig Environment\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleApplication = new Aws.AppConfig.Application(\"exampleApplication\", new Aws.AppConfig.ApplicationArgs\n {\n Description = \"Example AppConfig Application\",\n Tags = \n {\n { \"Type\", \"AppConfig Application\" },\n },\n });\n var exampleEnvironment = new Aws.AppConfig.Environment(\"exampleEnvironment\", new Aws.AppConfig.EnvironmentArgs\n {\n Description = \"Example AppConfig Environment\",\n ApplicationId = exampleApplication.Id,\n Monitors = \n {\n new Aws.AppConfig.Inputs.EnvironmentMonitorArgs\n {\n AlarmArn = aws_cloudwatch_metric_alarm.Example.Arn,\n AlarmRoleArn = aws_iam_role.Example.Arn,\n },\n },\n Tags = \n {\n { \"Type\", \"AppConfig Environment\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApplication, err := appconfig.NewApplication(ctx, \"exampleApplication\", &appconfig.ApplicationArgs{\n\t\t\tDescription: pulumi.String(\"Example AppConfig Application\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Type\": pulumi.String(\"AppConfig Application\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appconfig.NewEnvironment(ctx, \"exampleEnvironment\", &appconfig.EnvironmentArgs{\n\t\t\tDescription: pulumi.String(\"Example AppConfig Environment\"),\n\t\t\tApplicationId: exampleApplication.ID(),\n\t\t\tMonitors: appconfig.EnvironmentMonitorArray{\n\t\t\t\t&appconfig.EnvironmentMonitorArgs{\n\t\t\t\t\tAlarmArn: pulumi.Any(aws_cloudwatch_metric_alarm.Example.Arn),\n\t\t\t\t\tAlarmRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Type\": pulumi.String(\"AppConfig Environment\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAppConfig Environments can be imported by using the environment ID and application ID separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:appconfig/environment:Environment example 71abcde:11xxxxx\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The AppConfig application ID. Must be between 4 and 7 characters in length.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig Environment.\n" + }, + "description": { + "type": "string", + "description": "The description of the environment. Can be at most 1024 characters.\n" + }, + "environmentId": { + "type": "string", + "description": "The AppConfig environment ID.\n" + }, + "monitors": { + "type": "array", + "items": { + "$ref": "#/types/aws:appconfig/EnvironmentMonitor:EnvironmentMonitor" + }, + "description": "Set of Amazon CloudWatch alarms to monitor during the deployment process. Maximum of 5. See Monitor below for more details.\n" + }, + "name": { + "type": "string", + "description": "The name for the environment. Must be between 1 and 64 characters in length.\n" + }, + "state": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "required": [ + "applicationId", + "arn", + "environmentId", + "name", + "state", + "tagsAll" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The AppConfig application ID. Must be between 4 and 7 characters in length.\n" + }, + "description": { + "type": "string", + "description": "The description of the environment. Can be at most 1024 characters.\n" + }, + "monitors": { + "type": "array", + "items": { + "$ref": "#/types/aws:appconfig/EnvironmentMonitor:EnvironmentMonitor" + }, + "description": "Set of Amazon CloudWatch alarms to monitor during the deployment process. Maximum of 5. See Monitor below for more details.\n" + }, + "name": { + "type": "string", + "description": "The name for the environment. Must be between 1 and 64 characters in length.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "requiredInputs": [ + "applicationId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Environment resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The AppConfig application ID. Must be between 4 and 7 characters in length.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig Environment.\n" + }, + "description": { + "type": "string", + "description": "The description of the environment. Can be at most 1024 characters.\n" + }, + "environmentId": { + "type": "string", + "description": "The AppConfig environment ID.\n" + }, + "monitors": { + "type": "array", + "items": { + "$ref": "#/types/aws:appconfig/EnvironmentMonitor:EnvironmentMonitor" + }, + "description": "Set of Amazon CloudWatch alarms to monitor during the deployment process. Maximum of 5. See Monitor below for more details.\n" + }, + "name": { + "type": "string", + "description": "The name for the environment. Must be between 1 and 64 characters in length.\n" + }, + "state": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + } + }, + "type": "object" + } + }, + "aws:appconfig/hostedConfigurationVersion:HostedConfigurationVersion": { + "description": "Provides an AppConfig Hosted Configuration Version resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appconfig.HostedConfigurationVersion(\"example\", {\n applicationId: aws_appconfig_application.example.id,\n configurationProfileId: aws_appconfig_configuration_profile.example.configuration_profile_id,\n description: \"Example Hosted Configuration Version\",\n contentType: \"application/json\",\n content: JSON.stringify({\n foo: \"bar\",\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.appconfig.HostedConfigurationVersion(\"example\",\n application_id=aws_appconfig_application[\"example\"][\"id\"],\n configuration_profile_id=aws_appconfig_configuration_profile[\"example\"][\"configuration_profile_id\"],\n description=\"Example Hosted Configuration Version\",\n content_type=\"application/json\",\n content=json.dumps({\n \"foo\": \"bar\",\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppConfig.HostedConfigurationVersion(\"example\", new Aws.AppConfig.HostedConfigurationVersionArgs\n {\n ApplicationId = aws_appconfig_application.Example.Id,\n ConfigurationProfileId = aws_appconfig_configuration_profile.Example.Configuration_profile_id,\n Description = \"Example Hosted Configuration Version\",\n ContentType = \"application/json\",\n Content = JsonSerializer.Serialize(new Dictionary\n {\n { \"foo\", \"bar\" },\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appconfig\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"foo\": \"bar\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := appconfig.NewHostedConfigurationVersion(ctx, \"example\", &appconfig.HostedConfigurationVersionArgs{\n\t\t\tApplicationId: pulumi.Any(aws_appconfig_application.Example.Id),\n\t\t\tConfigurationProfileId: pulumi.Any(aws_appconfig_configuration_profile.Example.Configuration_profile_id),\n\t\t\tDescription: pulumi.String(\"Example Hosted Configuration Version\"),\n\t\t\tContentType: pulumi.String(\"application/json\"),\n\t\t\tContent: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAppConfig Hosted Configuration Versions can be imported by using the application ID, configuration profile ID, and version number separated by a slash (`/`), e.g.\n\n```sh\n $ pulumi import aws:appconfig/hostedConfigurationVersion:HostedConfigurationVersion example 71abcde/11xxxxx/2\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig hosted configuration version.\n" + }, + "configurationProfileId": { + "type": "string", + "description": "The configuration profile ID.\n" + }, + "content": { + "type": "string", + "description": "The content of the configuration or the configuration data.\n" + }, + "contentType": { + "type": "string", + "description": "A standard MIME type describing the format of the configuration content. For more information, see [Content-Type](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17).\n" + }, + "description": { + "type": "string", + "description": "A description of the configuration.\n" + }, + "versionNumber": { + "type": "integer", + "description": "The version number of the hosted configuration.\n" + } + }, + "required": [ + "applicationId", + "arn", + "configurationProfileId", + "content", + "contentType", + "versionNumber" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "configurationProfileId": { + "type": "string", + "description": "The configuration profile ID.\n" + }, + "content": { + "type": "string", + "description": "The content of the configuration or the configuration data.\n" + }, + "contentType": { + "type": "string", + "description": "A standard MIME type describing the format of the configuration content. For more information, see [Content-Type](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17).\n" + }, + "description": { + "type": "string", + "description": "A description of the configuration.\n" + } + }, + "requiredInputs": [ + "applicationId", + "configurationProfileId", + "content", + "contentType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering HostedConfigurationVersion resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AppConfig hosted configuration version.\n" + }, + "configurationProfileId": { + "type": "string", + "description": "The configuration profile ID.\n" + }, + "content": { + "type": "string", + "description": "The content of the configuration or the configuration data.\n" + }, + "contentType": { + "type": "string", + "description": "A standard MIME type describing the format of the configuration content. For more information, see [Content-Type](https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17).\n" + }, + "description": { + "type": "string", + "description": "A description of the configuration.\n" + }, + "versionNumber": { + "type": "integer", + "description": "The version number of the hosted configuration.\n" + } + }, + "type": "object" + } + }, + "aws:applicationloadbalancing/listener:Listener": { + "description": "Provides a Load Balancer Listener resource.\n\n> **Note:** `aws.alb.Listener` is known as `aws.lb.Listener`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Forward Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"443\",\n protocol: \"HTTPS\",\n sslPolicy: \"ELBSecurityPolicy-2016-08\",\n certificateArn: \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n defaultActions: [{\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=443,\n protocol=\"HTTPS\",\n ssl_policy=\"ELBSecurityPolicy-2016-08\",\n certificate_arn=\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 443,\n Protocol = \"HTTPS\",\n SslPolicy = \"ELBSecurityPolicy-2016-08\",\n CertificateArn = \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\tSslPolicy: pulumi.String(\"ELBSecurityPolicy-2016-08\"),\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nTo a NLB:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEnd = new aws.lb.Listener(\"frontEnd\", {\n loadBalancerArn: aws_lb.front_end.arn,\n port: \"443\",\n protocol: \"TLS\",\n certificateArn: \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n alpnPolicy: \"HTTP2Preferred\",\n defaultActions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.front_end.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end = aws.lb.Listener(\"frontEnd\",\n load_balancer_arn=aws_lb[\"front_end\"][\"arn\"],\n port=443,\n protocol=\"TLS\",\n certificate_arn=\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n alpn_policy=\"HTTP2Preferred\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"front_end\"][\"arn\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEnd = new Aws.LB.Listener(\"frontEnd\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = aws_lb.Front_end.Arn,\n Port = 443,\n Protocol = \"TLS\",\n CertificateArn = \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n AlpnPolicy = \"HTTP2Preferred\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Front_end.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewListener(ctx, \"frontEnd\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: pulumi.Any(aws_lb.Front_end.Arn),\n\t\t\tPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"TLS\"),\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\"),\n\t\t\tAlpnPolicy: pulumi.String(\"HTTP2Preferred\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Front_end.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Redirect Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [{\n type: \"redirect\",\n redirect: {\n port: \"443\",\n protocol: \"HTTPS\",\n statusCode: \"HTTP_301\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"redirect\",\n redirect=aws.lb.ListenerDefaultActionRedirectArgs(\n port=\"443\",\n protocol=\"HTTPS\",\n status_code=\"HTTP_301\",\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"redirect\",\n Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs\n {\n Port = \"443\",\n Protocol = \"HTTPS\",\n StatusCode = \"HTTP_301\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"redirect\"),\n\t\t\t\t\tRedirect: &lb.ListenerDefaultActionRedirectArgs{\n\t\t\t\t\t\tPort: pulumi.String(\"443\"),\n\t\t\t\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"HTTP_301\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Fixed-response Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [{\n type: \"fixed-response\",\n fixedResponse: {\n contentType: \"text/plain\",\n messageBody: \"Fixed response content\",\n statusCode: \"200\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"fixed-response\",\n fixed_response=aws.lb.ListenerDefaultActionFixedResponseArgs(\n content_type=\"text/plain\",\n message_body=\"Fixed response content\",\n status_code=\"200\",\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"fixed-response\",\n FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs\n {\n ContentType = \"text/plain\",\n MessageBody = \"Fixed response content\",\n StatusCode = \"200\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"fixed-response\"),\n\t\t\t\t\tFixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{\n\t\t\t\t\t\tContentType: pulumi.String(\"text/plain\"),\n\t\t\t\t\t\tMessageBody: pulumi.String(\"Fixed response content\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Authenticate-cognito Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n// ...\nconst client = new aws.cognito.UserPoolClient(\"client\", {});\n// ...\nconst domain = new aws.cognito.UserPoolDomain(\"domain\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [\n {\n type: \"authenticate-cognito\",\n authenticateCognito: {\n userPoolArn: pool.arn,\n userPoolClientId: client.id,\n userPoolDomain: domain.domain,\n },\n },\n {\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\npool = aws.cognito.UserPool(\"pool\")\n# ...\nclient = aws.cognito.UserPoolClient(\"client\")\n# ...\ndomain = aws.cognito.UserPoolDomain(\"domain\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[\n aws.lb.ListenerDefaultActionArgs(\n type=\"authenticate-cognito\",\n authenticate_cognito=aws.lb.ListenerDefaultActionAuthenticateCognitoArgs(\n user_pool_arn=pool.arn,\n user_pool_client_id=client.id,\n user_pool_domain=domain.domain,\n ),\n ),\n aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n // ...\n var client = new Aws.Cognito.UserPoolClient(\"client\", new Aws.Cognito.UserPoolClientArgs\n {\n });\n // ...\n var domain = new Aws.Cognito.UserPoolDomain(\"domain\", new Aws.Cognito.UserPoolDomainArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"authenticate-cognito\",\n AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs\n {\n UserPoolArn = pool.Arn,\n UserPoolClientId = client.Id,\n UserPoolDomain = domain.Domain,\n },\n },\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := cognito.NewUserPoolClient(ctx, \"client\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdomain, err := cognito.NewUserPoolDomain(ctx, \"domain\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-cognito\"),\n\t\t\t\t\tAuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{\n\t\t\t\t\t\tUserPoolArn: pool.Arn,\n\t\t\t\t\t\tUserPoolClientId: client.ID(),\n\t\t\t\t\t\tUserPoolDomain: domain.Domain,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Authenticate-OIDC Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [\n {\n type: \"authenticate-oidc\",\n authenticateOidc: {\n authorizationEndpoint: \"https://example.com/authorization_endpoint\",\n clientId: \"client_id\",\n clientSecret: \"client_secret\",\n issuer: \"https://example.com\",\n tokenEndpoint: \"https://example.com/token_endpoint\",\n userInfoEndpoint: \"https://example.com/user_info_endpoint\",\n },\n },\n {\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[\n aws.lb.ListenerDefaultActionArgs(\n type=\"authenticate-oidc\",\n authenticate_oidc=aws.lb.ListenerDefaultActionAuthenticateOidcArgs(\n authorization_endpoint=\"https://example.com/authorization_endpoint\",\n client_id=\"client_id\",\n client_secret=\"client_secret\",\n issuer=\"https://example.com\",\n token_endpoint=\"https://example.com/token_endpoint\",\n user_info_endpoint=\"https://example.com/user_info_endpoint\",\n ),\n ),\n aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"authenticate-oidc\",\n AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs\n {\n AuthorizationEndpoint = \"https://example.com/authorization_endpoint\",\n ClientId = \"client_id\",\n ClientSecret = \"client_secret\",\n Issuer = \"https://example.com\",\n TokenEndpoint = \"https://example.com/token_endpoint\",\n UserInfoEndpoint = \"https://example.com/user_info_endpoint\",\n },\n },\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-oidc\"),\n\t\t\t\t\tAuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{\n\t\t\t\t\t\tAuthorizationEndpoint: pulumi.String(\"https://example.com/authorization_endpoint\"),\n\t\t\t\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"client_secret\"),\n\t\t\t\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\t\t\t\tTokenEndpoint: pulumi.String(\"https://example.com/token_endpoint\"),\n\t\t\t\t\t\tUserInfoEndpoint: pulumi.String(\"https://example.com/user_info_endpoint\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Gateway Load Balancer Listener\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLoadBalancer = new aws.lb.LoadBalancer(\"exampleLoadBalancer\", {\n loadBalancerType: \"gateway\",\n subnetMappings: [{\n subnetId: aws_subnet.example.id,\n }],\n});\nconst exampleTargetGroup = new aws.lb.TargetGroup(\"exampleTargetGroup\", {\n port: 6081,\n protocol: \"GENEVE\",\n vpcId: aws_vpc.example.id,\n healthCheck: {\n port: 80,\n protocol: \"HTTP\",\n },\n});\nconst exampleListener = new aws.lb.Listener(\"exampleListener\", {\n loadBalancerArn: exampleLoadBalancer.id,\n defaultActions: [{\n targetGroupArn: exampleTargetGroup.id,\n type: \"forward\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_load_balancer = aws.lb.LoadBalancer(\"exampleLoadBalancer\",\n load_balancer_type=\"gateway\",\n subnet_mappings=[aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example\"][\"id\"],\n )])\nexample_target_group = aws.lb.TargetGroup(\"exampleTargetGroup\",\n port=6081,\n protocol=\"GENEVE\",\n vpc_id=aws_vpc[\"example\"][\"id\"],\n health_check=aws.lb.TargetGroupHealthCheckArgs(\n port=\"80\",\n protocol=\"HTTP\",\n ))\nexample_listener = aws.lb.Listener(\"exampleListener\",\n load_balancer_arn=example_load_balancer.id,\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n target_group_arn=example_target_group.id,\n type=\"forward\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLoadBalancer = new Aws.LB.LoadBalancer(\"exampleLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"gateway\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example.Id,\n },\n },\n });\n var exampleTargetGroup = new Aws.LB.TargetGroup(\"exampleTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n Port = 6081,\n Protocol = \"GENEVE\",\n VpcId = aws_vpc.Example.Id,\n HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs\n {\n Port = \"80\",\n Protocol = \"HTTP\",\n },\n });\n var exampleListener = new Aws.LB.Listener(\"exampleListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = exampleLoadBalancer.Id,\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n TargetGroupArn = exampleTargetGroup.Id,\n Type = \"forward\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLoadBalancer, err := lb.NewLoadBalancer(ctx, \"exampleLoadBalancer\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"gateway\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTargetGroup, err := lb.NewTargetGroup(ctx, \"exampleTargetGroup\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(6081),\n\t\t\tProtocol: pulumi.String(\"GENEVE\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\tHealthCheck: &lb.TargetGroupHealthCheckArgs{\n\t\t\t\tPort: pulumi.String(\"80\"),\n\t\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"exampleListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: exampleLoadBalancer.ID(),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tTargetGroupArn: exampleTargetGroup.ID(),\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nListeners can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:applicationloadbalancing/listener:Listener front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96\n```\n\n ", + "properties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the target group.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "defaultActions", + "loadBalancerArn", + "protocol", + "sslPolicy", + "tagsAll" + ], + "inputProperties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "defaultActions", + "loadBalancerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Listener resources.\n", + "properties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the target group.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.applicationloadbalancing.Listener has been deprecated in favor of aws.alb.Listener" + }, + "aws:applicationloadbalancing/listenerCertificate:ListenerCertificate": { + "description": "Provides a Load Balancer Listener Certificate resource.\n\nThis resource is for additional certificates and does not replace the default certificate on the listener.\n\n> **Note:** `aws.alb.ListenerCertificate` is known as `aws.lb.ListenerCertificate`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleCertificate = new aws.acm.Certificate(\"exampleCertificate\", {});\n// ...\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {});\n// ...\nconst exampleListenerCertificate = new aws.lb.ListenerCertificate(\"exampleListenerCertificate\", {\n listenerArn: frontEndListener.arn,\n certificateArn: exampleCertificate.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_certificate = aws.acm.Certificate(\"exampleCertificate\")\n# ...\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\")\n# ...\nexample_listener_certificate = aws.lb.ListenerCertificate(\"exampleListenerCertificate\",\n listener_arn=front_end_listener.arn,\n certificate_arn=example_certificate.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleCertificate = new Aws.Acm.Certificate(\"exampleCertificate\", new Aws.Acm.CertificateArgs\n {\n });\n // ...\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n });\n // ...\n var exampleListenerCertificate = new Aws.LB.ListenerCertificate(\"exampleListenerCertificate\", new Aws.LB.ListenerCertificateArgs\n {\n ListenerArn = frontEndListener.Arn,\n CertificateArn = exampleCertificate.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCertificate, err := acm.NewCertificate(ctx, \"exampleCertificate\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndListener, err := lb.NewListener(ctx, \"frontEndListener\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerCertificate(ctx, \"exampleListenerCertificate\", &lb.ListenerCertificateArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tCertificateArn: exampleCertificate.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nListener Certificates can be imported using their id, e.g.\n\n```sh\n $ pulumi import aws:applicationloadbalancing/listenerCertificate:ListenerCertificate example arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/test/8e4497da625e2d8a/9ab28ade35828f96/67b3d2d36dd7c26b_arn:aws:iam::123456789012:server-certificate/tf-acc-test-6453083910015726063\n```\n\n ", + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "required": [ + "certificateArn", + "listenerArn" + ], + "inputProperties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "requiredInputs": [ + "certificateArn", + "listenerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ListenerCertificate resources.\n", + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.applicationloadbalancing.ListenerCertificate has been deprecated in favor of aws.alb.ListenerCertificate" + }, + "aws:applicationloadbalancing/listenerRule:ListenerRule": { + "description": "Provides a Load Balancer Listener Rule resource.\n\n> **Note:** `aws.alb.ListenerRule` is known as `aws.lb.ListenerRule`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {});\n// Other parameters\nconst static = new aws.lb.ListenerRule(\"static\", {\n listenerArn: frontEndListener.arn,\n priority: 100,\n actions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n }],\n conditions: [\n {\n pathPattern: {\n values: [\"/static/*\"],\n },\n },\n {\n hostHeader: {\n values: [\"example.com\"],\n },\n },\n ],\n});\n// Forward action\nconst hostBasedWeightedRouting = new aws.lb.ListenerRule(\"hostBasedWeightedRouting\", {\n listenerArn: frontEndListener.arn,\n priority: 99,\n actions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n }],\n conditions: [{\n hostHeader: {\n values: [\"my-service.*.mycompany.io\"],\n },\n }],\n});\n// Weighted Forward action\nconst hostBasedRouting = new aws.lb.ListenerRule(\"hostBasedRouting\", {\n listenerArn: frontEndListener.arn,\n priority: 99,\n actions: [{\n type: \"forward\",\n forward: {\n targetGroups: [\n {\n arn: aws_lb_target_group.main.arn,\n weight: 80,\n },\n {\n arn: aws_lb_target_group.canary.arn,\n weight: 20,\n },\n ],\n stickiness: {\n enabled: true,\n duration: 600,\n },\n },\n }],\n conditions: [{\n hostHeader: {\n values: [\"my-service.*.mycompany.io\"],\n },\n }],\n});\n// Redirect action\nconst redirectHttpToHttps = new aws.lb.ListenerRule(\"redirectHttpToHttps\", {\n listenerArn: frontEndListener.arn,\n actions: [{\n type: \"redirect\",\n redirect: {\n port: \"443\",\n protocol: \"HTTPS\",\n statusCode: \"HTTP_301\",\n },\n }],\n conditions: [{\n httpHeader: {\n httpHeaderName: \"X-Forwarded-For\",\n values: [\"192.168.1.*\"],\n },\n }],\n});\n// Fixed-response action\nconst healthCheck = new aws.lb.ListenerRule(\"healthCheck\", {\n listenerArn: frontEndListener.arn,\n actions: [{\n type: \"fixed-response\",\n fixedResponse: {\n contentType: \"text/plain\",\n messageBody: \"HEALTHY\",\n statusCode: \"200\",\n },\n }],\n conditions: [{\n queryStrings: [\n {\n key: \"health\",\n value: \"check\",\n },\n {\n value: \"bar\",\n },\n ],\n }],\n});\n// Authenticate-cognito Action\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n// ...\nconst client = new aws.cognito.UserPoolClient(\"client\", {});\n// ...\nconst domain = new aws.cognito.UserPoolDomain(\"domain\", {});\n// ...\nconst admin = new aws.lb.ListenerRule(\"admin\", {\n listenerArn: frontEndListener.arn,\n actions: [\n {\n type: \"authenticate-cognito\",\n authenticateCognito: {\n userPoolArn: pool.arn,\n userPoolClientId: client.id,\n userPoolDomain: domain.domain,\n },\n },\n {\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n },\n ],\n});\n// Authenticate-oidc Action\nconst oidc = new aws.lb.ListenerRule(\"oidc\", {\n listenerArn: frontEndListener.arn,\n actions: [\n {\n type: \"authenticate-oidc\",\n authenticateOidc: {\n authorizationEndpoint: \"https://example.com/authorization_endpoint\",\n clientId: \"client_id\",\n clientSecret: \"client_secret\",\n issuer: \"https://example.com\",\n tokenEndpoint: \"https://example.com/token_endpoint\",\n userInfoEndpoint: \"https://example.com/user_info_endpoint\",\n },\n },\n {\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\")\n# Other parameters\nstatic = aws.lb.ListenerRule(\"static\",\n listener_arn=front_end_listener.arn,\n priority=100,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n )],\n conditions=[\n aws.lb.ListenerRuleConditionArgs(\n path_pattern=aws.lb.ListenerRuleConditionPathPatternArgs(\n values=[\"/static/*\"],\n ),\n ),\n aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"example.com\"],\n ),\n ),\n ])\n# Forward action\nhost_based_weighted_routing = aws.lb.ListenerRule(\"hostBasedWeightedRouting\",\n listener_arn=front_end_listener.arn,\n priority=99,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"my-service.*.mycompany.io\"],\n ),\n )])\n# Weighted Forward action\nhost_based_routing = aws.lb.ListenerRule(\"hostBasedRouting\",\n listener_arn=front_end_listener.arn,\n priority=99,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n forward=aws.lb.ListenerRuleActionForwardArgs(\n target_groups=[\n aws.lb.ListenerRuleActionForwardTargetGroupArgs(\n arn=aws_lb_target_group[\"main\"][\"arn\"],\n weight=80,\n ),\n aws.lb.ListenerRuleActionForwardTargetGroupArgs(\n arn=aws_lb_target_group[\"canary\"][\"arn\"],\n weight=20,\n ),\n ],\n stickiness=aws.lb.ListenerRuleActionForwardStickinessArgs(\n enabled=True,\n duration=600,\n ),\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"my-service.*.mycompany.io\"],\n ),\n )])\n# Redirect action\nredirect_http_to_https = aws.lb.ListenerRule(\"redirectHttpToHttps\",\n listener_arn=front_end_listener.arn,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"redirect\",\n redirect=aws.lb.ListenerRuleActionRedirectArgs(\n port=\"443\",\n protocol=\"HTTPS\",\n status_code=\"HTTP_301\",\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n http_header=aws.lb.ListenerRuleConditionHttpHeaderArgs(\n http_header_name=\"X-Forwarded-For\",\n values=[\"192.168.1.*\"],\n ),\n )])\n# Fixed-response action\nhealth_check = aws.lb.ListenerRule(\"healthCheck\",\n listener_arn=front_end_listener.arn,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"fixed-response\",\n fixed_response=aws.lb.ListenerRuleActionFixedResponseArgs(\n content_type=\"text/plain\",\n message_body=\"HEALTHY\",\n status_code=\"200\",\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n query_strings=[\n aws.lb.ListenerRuleConditionQueryStringArgs(\n key=\"health\",\n value=\"check\",\n ),\n aws.lb.ListenerRuleConditionQueryStringArgs(\n value=\"bar\",\n ),\n ],\n )])\n# Authenticate-cognito Action\npool = aws.cognito.UserPool(\"pool\")\n# ...\nclient = aws.cognito.UserPoolClient(\"client\")\n# ...\ndomain = aws.cognito.UserPoolDomain(\"domain\")\n# ...\nadmin = aws.lb.ListenerRule(\"admin\",\n listener_arn=front_end_listener.arn,\n actions=[\n aws.lb.ListenerRuleActionArgs(\n type=\"authenticate-cognito\",\n authenticate_cognito=aws.lb.ListenerRuleActionAuthenticateCognitoArgs(\n user_pool_arn=pool.arn,\n user_pool_client_id=client.id,\n user_pool_domain=domain.domain,\n ),\n ),\n aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n ),\n ])\n# Authenticate-oidc Action\noidc = aws.lb.ListenerRule(\"oidc\",\n listener_arn=front_end_listener.arn,\n actions=[\n aws.lb.ListenerRuleActionArgs(\n type=\"authenticate-oidc\",\n authenticate_oidc=aws.lb.ListenerRuleActionAuthenticateOidcArgs(\n authorization_endpoint=\"https://example.com/authorization_endpoint\",\n client_id=\"client_id\",\n client_secret=\"client_secret\",\n issuer=\"https://example.com\",\n token_endpoint=\"https://example.com/token_endpoint\",\n user_info_endpoint=\"https://example.com/user_info_endpoint\",\n ),\n ),\n aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n });\n // Other parameters\n var @static = new Aws.LB.ListenerRule(\"static\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 100,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n PathPattern = new Aws.LB.Inputs.ListenerRuleConditionPathPatternArgs\n {\n Values = \n {\n \"/static/*\",\n },\n },\n },\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"example.com\",\n },\n },\n },\n },\n });\n // Forward action\n var hostBasedWeightedRouting = new Aws.LB.ListenerRule(\"hostBasedWeightedRouting\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 99,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"my-service.*.mycompany.io\",\n },\n },\n },\n },\n });\n // Weighted Forward action\n var hostBasedRouting = new Aws.LB.ListenerRule(\"hostBasedRouting\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 99,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n Forward = new Aws.LB.Inputs.ListenerRuleActionForwardArgs\n {\n TargetGroups = \n {\n new Aws.LB.Inputs.ListenerRuleActionForwardTargetGroupArgs\n {\n Arn = aws_lb_target_group.Main.Arn,\n Weight = 80,\n },\n new Aws.LB.Inputs.ListenerRuleActionForwardTargetGroupArgs\n {\n Arn = aws_lb_target_group.Canary.Arn,\n Weight = 20,\n },\n },\n Stickiness = new Aws.LB.Inputs.ListenerRuleActionForwardStickinessArgs\n {\n Enabled = true,\n Duration = 600,\n },\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"my-service.*.mycompany.io\",\n },\n },\n },\n },\n });\n // Redirect action\n var redirectHttpToHttps = new Aws.LB.ListenerRule(\"redirectHttpToHttps\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"redirect\",\n Redirect = new Aws.LB.Inputs.ListenerRuleActionRedirectArgs\n {\n Port = \"443\",\n Protocol = \"HTTPS\",\n StatusCode = \"HTTP_301\",\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HttpHeader = new Aws.LB.Inputs.ListenerRuleConditionHttpHeaderArgs\n {\n HttpHeaderName = \"X-Forwarded-For\",\n Values = \n {\n \"192.168.1.*\",\n },\n },\n },\n },\n });\n // Fixed-response action\n var healthCheck = new Aws.LB.ListenerRule(\"healthCheck\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"fixed-response\",\n FixedResponse = new Aws.LB.Inputs.ListenerRuleActionFixedResponseArgs\n {\n ContentType = \"text/plain\",\n MessageBody = \"HEALTHY\",\n StatusCode = \"200\",\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n QueryStrings = \n {\n new Aws.LB.Inputs.ListenerRuleConditionQueryStringArgs\n {\n Key = \"health\",\n Value = \"check\",\n },\n new Aws.LB.Inputs.ListenerRuleConditionQueryStringArgs\n {\n Value = \"bar\",\n },\n },\n },\n },\n });\n // Authenticate-cognito Action\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n // ...\n var client = new Aws.Cognito.UserPoolClient(\"client\", new Aws.Cognito.UserPoolClientArgs\n {\n });\n // ...\n var domain = new Aws.Cognito.UserPoolDomain(\"domain\", new Aws.Cognito.UserPoolDomainArgs\n {\n });\n // ...\n var admin = new Aws.LB.ListenerRule(\"admin\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"authenticate-cognito\",\n AuthenticateCognito = new Aws.LB.Inputs.ListenerRuleActionAuthenticateCognitoArgs\n {\n UserPoolArn = pool.Arn,\n UserPoolClientId = client.Id,\n UserPoolDomain = domain.Domain,\n },\n },\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n });\n // Authenticate-oidc Action\n var oidc = new Aws.LB.ListenerRule(\"oidc\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"authenticate-oidc\",\n AuthenticateOidc = new Aws.LB.Inputs.ListenerRuleActionAuthenticateOidcArgs\n {\n AuthorizationEndpoint = \"https://example.com/authorization_endpoint\",\n ClientId = \"client_id\",\n ClientSecret = \"client_secret\",\n Issuer = \"https://example.com\",\n TokenEndpoint = \"https://example.com/token_endpoint\",\n UserInfoEndpoint = \"https://example.com/user_info_endpoint\",\n },\n },\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndListener, err := lb.NewListener(ctx, \"frontEndListener\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"static\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tPathPattern: &lb.ListenerRuleConditionPathPatternArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"/static/*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"hostBasedWeightedRouting\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(99),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"my-service.*.mycompany.io\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"hostBasedRouting\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(99),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tForward: &lb.ListenerRuleActionForwardArgs{\n\t\t\t\t\t\tTargetGroups: lb.ListenerRuleActionForwardTargetGroupArray{\n\t\t\t\t\t\t\t&lb.ListenerRuleActionForwardTargetGroupArgs{\n\t\t\t\t\t\t\t\tArn: pulumi.Any(aws_lb_target_group.Main.Arn),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(80),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t&lb.ListenerRuleActionForwardTargetGroupArgs{\n\t\t\t\t\t\t\t\tArn: pulumi.Any(aws_lb_target_group.Canary.Arn),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(20),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStickiness: &lb.ListenerRuleActionForwardStickinessArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tDuration: pulumi.Int(600),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"my-service.*.mycompany.io\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"redirectHttpToHttps\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"redirect\"),\n\t\t\t\t\tRedirect: &lb.ListenerRuleActionRedirectArgs{\n\t\t\t\t\t\tPort: pulumi.String(\"443\"),\n\t\t\t\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"HTTP_301\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHttpHeader: &lb.ListenerRuleConditionHttpHeaderArgs{\n\t\t\t\t\t\tHttpHeaderName: pulumi.String(\"X-Forwarded-For\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"192.168.1.*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"healthCheck\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"fixed-response\"),\n\t\t\t\t\tFixedResponse: &lb.ListenerRuleActionFixedResponseArgs{\n\t\t\t\t\t\tContentType: pulumi.String(\"text/plain\"),\n\t\t\t\t\t\tMessageBody: pulumi.String(\"HEALTHY\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tQueryStrings: lb.ListenerRuleConditionQueryStringArray{\n\t\t\t\t\t\t&lb.ListenerRuleConditionQueryStringArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"health\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"check\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&lb.ListenerRuleConditionQueryStringArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := cognito.NewUserPoolClient(ctx, \"client\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdomain, err := cognito.NewUserPoolDomain(ctx, \"domain\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"admin\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-cognito\"),\n\t\t\t\t\tAuthenticateCognito: &lb.ListenerRuleActionAuthenticateCognitoArgs{\n\t\t\t\t\t\tUserPoolArn: pool.Arn,\n\t\t\t\t\t\tUserPoolClientId: client.ID(),\n\t\t\t\t\t\tUserPoolDomain: domain.Domain,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"oidc\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-oidc\"),\n\t\t\t\t\tAuthenticateOidc: &lb.ListenerRuleActionAuthenticateOidcArgs{\n\t\t\t\t\t\tAuthorizationEndpoint: pulumi.String(\"https://example.com/authorization_endpoint\"),\n\t\t\t\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"client_secret\"),\n\t\t\t\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\t\t\t\tTokenEndpoint: pulumi.String(\"https://example.com/token_endpoint\"),\n\t\t\t\t\t\tUserInfoEndpoint: pulumi.String(\"https://example.com/user_info_endpoint\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRules can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:applicationloadbalancing/listenerRule:ListenerRule front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener-rule/app/test/8e4497da625e2d8a/9ab28ade35828f96/67b3d2d36dd7c26b\n```\n\n ", + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "actions", + "arn", + "conditions", + "listenerArn", + "priority", + "tagsAll" + ], + "inputProperties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "actions", + "conditions", + "listenerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ListenerRule resources.\n", + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.applicationloadbalancing.ListenerRule has been deprecated in favor of aws.alb.ListenerRule" + }, + "aws:applicationloadbalancing/loadBalancer:LoadBalancer": { + "description": "Provides a Load Balancer resource.\n\n> **Note:** `aws.alb.LoadBalancer` is known as `aws.lb.LoadBalancer`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Specifying Elastic IPs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lb.LoadBalancer(\"example\", {\n loadBalancerType: \"network\",\n subnetMappings: [\n {\n subnetId: aws_subnet.example1.id,\n allocationId: aws_eip.example1.id,\n },\n {\n subnetId: aws_subnet.example2.id,\n allocationId: aws_eip.example2.id,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lb.LoadBalancer(\"example\",\n load_balancer_type=\"network\",\n subnet_mappings=[\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example1\"][\"id\"],\n allocation_id=aws_eip[\"example1\"][\"id\"],\n ),\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example2\"][\"id\"],\n allocation_id=aws_eip[\"example2\"][\"id\"],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LB.LoadBalancer(\"example\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"network\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example1.Id,\n AllocationId = aws_eip.Example1.Id,\n },\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example2.Id,\n AllocationId = aws_eip.Example2.Id,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"example\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\t\tAllocationId: pulumi.Any(aws_eip.Example1.Id),\n\t\t\t\t},\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example2.Id),\n\t\t\t\t\tAllocationId: pulumi.Any(aws_eip.Example2.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Specifying private IP addresses for an internal-facing load balancer\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lb.LoadBalancer(\"example\", {\n loadBalancerType: \"network\",\n subnetMappings: [\n {\n subnetId: aws_subnet.example1.id,\n privateIpv4Address: \"10.0.1.15\",\n },\n {\n subnetId: aws_subnet.example2.id,\n privateIpv4Address: \"10.0.2.15\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lb.LoadBalancer(\"example\",\n load_balancer_type=\"network\",\n subnet_mappings=[\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example1\"][\"id\"],\n private_ipv4_address=\"10.0.1.15\",\n ),\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example2\"][\"id\"],\n private_ipv4_address=\"10.0.2.15\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LB.LoadBalancer(\"example\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"network\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example1.Id,\n PrivateIpv4Address = \"10.0.1.15\",\n },\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example2.Id,\n PrivateIpv4Address = \"10.0.2.15\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"example\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\t\tPrivateIpv4Address: pulumi.String(\"10.0.1.15\"),\n\t\t\t\t},\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example2.Id),\n\t\t\t\t\tPrivateIpv4Address: pulumi.String(\"10.0.2.15\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLBs can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:applicationloadbalancing/loadBalancer:LoadBalancer bar arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188\n```\n\n ", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:applicationloadbalancing/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the load balancer (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "The ARN suffix for use with CloudWatch Metrics.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "$ref": "#/types/aws:alb/ipAddressType:IpAddressType", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "$ref": "#/types/aws:alb/loadBalancerType:LoadBalancerType", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).\n* `subnet_mapping.*.outpost_id` - ID of the Outpost containing the load balancer.\n" + } + }, + "required": [ + "arn", + "arnSuffix", + "dnsName", + "internal", + "ipAddressType", + "name", + "securityGroups", + "subnetMappings", + "subnets", + "tagsAll", + "vpcId", + "zoneId" + ], + "inputProperties": { + "accessLogs": { + "$ref": "#/types/aws:applicationloadbalancing/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "$ref": "#/types/aws:alb/ipAddressType:IpAddressType", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "$ref": "#/types/aws:alb/loadBalancerType:LoadBalancerType", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancer resources.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:applicationloadbalancing/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the load balancer (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "The ARN suffix for use with CloudWatch Metrics.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "$ref": "#/types/aws:alb/ipAddressType:IpAddressType", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "$ref": "#/types/aws:alb/loadBalancerType:LoadBalancerType", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).\n* `subnet_mapping.*.outpost_id` - ID of the Outpost containing the load balancer.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.applicationloadbalancing.LoadBalancer has been deprecated in favor of aws.alb.LoadBalancer" + }, + "aws:applicationloadbalancing/targetGroup:TargetGroup": { + "description": "Provides a Target Group resource for use with Load Balancer resources.\n\n> **Note:** `aws.alb.TargetGroup` is known as `aws.lb.TargetGroup`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Instance Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst test = new aws.lb.TargetGroup(\"test\", {\n port: 80,\n protocol: \"HTTP\",\n vpcId: main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\ntest = aws.lb.TargetGroup(\"test\",\n port=80,\n protocol=\"HTTP\",\n vpc_id=main.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var test = new Aws.LB.TargetGroup(\"test\", new Aws.LB.TargetGroupArgs\n {\n Port = 80,\n Protocol = \"HTTP\",\n VpcId = main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroup(ctx, \"test\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tVpcId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### IP Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst ip_example = new aws.lb.TargetGroup(\"ip-example\", {\n port: 80,\n protocol: \"HTTP\",\n targetType: \"ip\",\n vpcId: main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\nip_example = aws.lb.TargetGroup(\"ip-example\",\n port=80,\n protocol=\"HTTP\",\n target_type=\"ip\",\n vpc_id=main.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var ip_example = new Aws.LB.TargetGroup(\"ip-example\", new Aws.LB.TargetGroupArgs\n {\n Port = 80,\n Protocol = \"HTTP\",\n TargetType = \"ip\",\n VpcId = main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroup(ctx, \"ip_example\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTargetType: pulumi.String(\"ip\"),\n\t\t\tVpcId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lambda_example = new aws.lb.TargetGroup(\"lambda-example\", {\n targetType: \"lambda\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlambda_example = aws.lb.TargetGroup(\"lambda-example\", target_type=\"lambda\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lambda_example = new Aws.LB.TargetGroup(\"lambda-example\", new Aws.LB.TargetGroupArgs\n {\n TargetType = \"lambda\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewTargetGroup(ctx, \"lambda_example\", &lb.TargetGroupArgs{\n\t\t\tTargetType: pulumi.String(\"lambda\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTarget Groups can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:applicationloadbalancing/targetGroup:TargetGroup app_front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:targetgroup/app-front-end/20cfe21448b66314\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Target Group (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "ARN suffix for use with CloudWatch Metrics.\n" + }, + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:applicationloadbalancing/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:applicationloadbalancing/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "required": [ + "arn", + "arnSuffix", + "healthCheck", + "loadBalancingAlgorithmType", + "name", + "preserveClientIp", + "protocolVersion", + "stickiness", + "tagsAll" + ], + "inputProperties": { + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:applicationloadbalancing/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:applicationloadbalancing/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering TargetGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Target Group (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "ARN suffix for use with CloudWatch Metrics.\n" + }, + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:applicationloadbalancing/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:applicationloadbalancing/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.applicationloadbalancing.TargetGroup has been deprecated in favor of aws.alb.TargetGroup" + }, + "aws:applicationloadbalancing/targetGroupAttachment:TargetGroupAttachment": { + "description": "Provides the ability to register instances and containers with an Application Load Balancer (ALB) or Network Load Balancer (NLB) target group. For attaching resources with Elastic Load Balancer (ELB), see the `aws.elb.Attachment` resource.\n\n> **Note:** `aws.alb.TargetGroupAttachment` is known as `aws.lb.TargetGroupAttachment`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTargetGroup = new aws.lb.TargetGroup(\"testTargetGroup\", {});\n// ... other configuration ...\nconst testInstance = new aws.ec2.Instance(\"testInstance\", {});\n// ... other configuration ...\nconst testTargetGroupAttachment = new aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\", {\n targetGroupArn: testTargetGroup.arn,\n targetId: testInstance.id,\n port: 80,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_target_group = aws.lb.TargetGroup(\"testTargetGroup\")\n# ... other configuration ...\ntest_instance = aws.ec2.Instance(\"testInstance\")\n# ... other configuration ...\ntest_target_group_attachment = aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\",\n target_group_arn=test_target_group.arn,\n target_id=test_instance.id,\n port=80)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testTargetGroup = new Aws.LB.TargetGroup(\"testTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ... other configuration ...\n var testInstance = new Aws.Ec2.Instance(\"testInstance\", new Aws.Ec2.InstanceArgs\n {\n });\n // ... other configuration ...\n var testTargetGroupAttachment = new Aws.LB.TargetGroupAttachment(\"testTargetGroupAttachment\", new Aws.LB.TargetGroupAttachmentArgs\n {\n TargetGroupArn = testTargetGroup.Arn,\n TargetId = testInstance.Id,\n Port = 80,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTargetGroup, err := lb.NewTargetGroup(ctx, \"testTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := ec2.NewInstance(ctx, \"testInstance\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroupAttachment(ctx, \"testTargetGroupAttachment\", &lb.TargetGroupAttachmentArgs{\n\t\t\tTargetGroupArn: testTargetGroup.Arn,\n\t\t\tTargetId: testInstance.ID(),\n\t\t\tPort: pulumi.Int(80),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Usage with lambda\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTargetGroup = new aws.lb.TargetGroup(\"testTargetGroup\", {targetType: \"lambda\"});\nconst testFunction = new aws.lambda.Function(\"testFunction\", {});\n// ... other configuration ...\nconst withLb = new aws.lambda.Permission(\"withLb\", {\n action: \"lambda:InvokeFunction\",\n \"function\": testFunction.arn,\n principal: \"elasticloadbalancing.amazonaws.com\",\n sourceArn: testTargetGroup.arn,\n});\nconst testTargetGroupAttachment = new aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\", {\n targetGroupArn: testTargetGroup.arn,\n targetId: testFunction.arn,\n}, {\n dependsOn: [withLb],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_target_group = aws.lb.TargetGroup(\"testTargetGroup\", target_type=\"lambda\")\ntest_function = aws.lambda_.Function(\"testFunction\")\n# ... other configuration ...\nwith_lb = aws.lambda_.Permission(\"withLb\",\n action=\"lambda:InvokeFunction\",\n function=test_function.arn,\n principal=\"elasticloadbalancing.amazonaws.com\",\n source_arn=test_target_group.arn)\ntest_target_group_attachment = aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\",\n target_group_arn=test_target_group.arn,\n target_id=test_function.arn,\n opts=pulumi.ResourceOptions(depends_on=[with_lb]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testTargetGroup = new Aws.LB.TargetGroup(\"testTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n TargetType = \"lambda\",\n });\n var testFunction = new Aws.Lambda.Function(\"testFunction\", new Aws.Lambda.FunctionArgs\n {\n });\n // ... other configuration ...\n var withLb = new Aws.Lambda.Permission(\"withLb\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = testFunction.Arn,\n Principal = \"elasticloadbalancing.amazonaws.com\",\n SourceArn = testTargetGroup.Arn,\n });\n var testTargetGroupAttachment = new Aws.LB.TargetGroupAttachment(\"testTargetGroupAttachment\", new Aws.LB.TargetGroupAttachmentArgs\n {\n TargetGroupArn = testTargetGroup.Arn,\n TargetId = testFunction.Arn,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n withLb,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTargetGroup, err := lb.NewTargetGroup(ctx, \"testTargetGroup\", &lb.TargetGroupArgs{\n\t\t\tTargetType: pulumi.String(\"lambda\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestFunction, err := lambda.NewFunction(ctx, \"testFunction\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twithLb, err := lambda.NewPermission(ctx, \"withLb\", &lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: testFunction.Arn,\n\t\t\tPrincipal: pulumi.String(\"elasticloadbalancing.amazonaws.com\"),\n\t\t\tSourceArn: testTargetGroup.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroupAttachment(ctx, \"testTargetGroupAttachment\", &lb.TargetGroupAttachmentArgs{\n\t\t\tTargetGroupArn: testTargetGroup.Arn,\n\t\t\tTargetId: testFunction.Arn,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twithLb,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nTarget Group Attachments cannot be imported. ", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "required": [ + "targetGroupArn", + "targetId" + ], + "inputProperties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "requiredInputs": [ + "targetGroupArn", + "targetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TargetGroupAttachment resources.\n", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.applicationloadbalancing.TargetGroupAttachment has been deprecated in favor of aws.alb.TargetGroupAttachment" + }, + "aws:appmesh/gatewayRoute:GatewayRoute": { + "description": "Provides an AWS App Mesh gateway route resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appmesh.GatewayRoute(\"example\", {\n meshName: \"example-service-mesh\",\n virtualGatewayName: aws_appmesh_virtual_gateway.example.name,\n spec: {\n httpRoute: {\n action: {\n target: {\n virtualService: {\n virtualServiceName: aws_appmesh_virtual_service.example.name,\n },\n },\n },\n match: {\n prefix: \"/\",\n },\n },\n },\n tags: {\n Environment: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appmesh.GatewayRoute(\"example\",\n mesh_name=\"example-service-mesh\",\n virtual_gateway_name=aws_appmesh_virtual_gateway[\"example\"][\"name\"],\n spec=aws.appmesh.GatewayRouteSpecArgs(\n http_route=aws.appmesh.GatewayRouteSpecHttpRouteArgs(\n action=aws.appmesh.GatewayRouteSpecHttpRouteActionArgs(\n target=aws.appmesh.GatewayRouteSpecHttpRouteActionTargetArgs(\n virtual_service=aws.appmesh.GatewayRouteSpecHttpRouteActionTargetVirtualServiceArgs(\n virtual_service_name=aws_appmesh_virtual_service[\"example\"][\"name\"],\n ),\n ),\n ),\n match=aws.appmesh.GatewayRouteSpecHttpRouteMatchArgs(\n prefix=\"/\",\n ),\n ),\n ),\n tags={\n \"Environment\": \"test\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppMesh.GatewayRoute(\"example\", new Aws.AppMesh.GatewayRouteArgs\n {\n MeshName = \"example-service-mesh\",\n VirtualGatewayName = aws_appmesh_virtual_gateway.Example.Name,\n Spec = new Aws.AppMesh.Inputs.GatewayRouteSpecArgs\n {\n HttpRoute = new Aws.AppMesh.Inputs.GatewayRouteSpecHttpRouteArgs\n {\n Action = new Aws.AppMesh.Inputs.GatewayRouteSpecHttpRouteActionArgs\n {\n Target = new Aws.AppMesh.Inputs.GatewayRouteSpecHttpRouteActionTargetArgs\n {\n VirtualService = new Aws.AppMesh.Inputs.GatewayRouteSpecHttpRouteActionTargetVirtualServiceArgs\n {\n VirtualServiceName = aws_appmesh_virtual_service.Example.Name,\n },\n },\n },\n Match = new Aws.AppMesh.Inputs.GatewayRouteSpecHttpRouteMatchArgs\n {\n Prefix = \"/\",\n },\n },\n },\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewGatewayRoute(ctx, \"example\", &appmesh.GatewayRouteArgs{\n\t\t\tMeshName: pulumi.String(\"example-service-mesh\"),\n\t\t\tVirtualGatewayName: pulumi.Any(aws_appmesh_virtual_gateway.Example.Name),\n\t\t\tSpec: &appmesh.GatewayRouteSpecArgs{\n\t\t\t\tHttpRoute: &appmesh.GatewayRouteSpecHttpRouteArgs{\n\t\t\t\t\tAction: &appmesh.GatewayRouteSpecHttpRouteActionArgs{\n\t\t\t\t\t\tTarget: &appmesh.GatewayRouteSpecHttpRouteActionTargetArgs{\n\t\t\t\t\t\t\tVirtualService: &appmesh.GatewayRouteSpecHttpRouteActionTargetVirtualServiceArgs{\n\t\t\t\t\t\t\t\tVirtualServiceName: pulumi.Any(aws_appmesh_virtual_service.Example.Name),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMatch: &appmesh.GatewayRouteSpecHttpRouteMatchArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"/\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Mesh gateway routes can be imported using `mesh_name` and `virtual_gateway_name` together with the gateway route's `name`, e.g.\n\n```sh\n $ pulumi import aws:appmesh/gatewayRoute:GatewayRoute example mesh/gw1/example-gateway-route\n```\n\n [1]/docs/providers/aws/index.html ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the gateway route.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the gateway route.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the gateway route.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the gateway route. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the gateway route. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpec:GatewayRouteSpec", + "description": "The gateway route specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualGatewayName": { + "type": "string", + "description": "The name of the virtual gateway to associate the gateway route with. Must be between 1 and 255 characters in length.\n" + } + }, + "required": [ + "arn", + "createdDate", + "lastUpdatedDate", + "meshName", + "meshOwner", + "name", + "resourceOwner", + "spec", + "tagsAll", + "virtualGatewayName" + ], + "inputProperties": { + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the gateway route. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the gateway route. Must be between 1 and 255 characters in length.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpec:GatewayRouteSpec", + "description": "The gateway route specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualGatewayName": { + "type": "string", + "description": "The name of the virtual gateway to associate the gateway route with. Must be between 1 and 255 characters in length.\n" + } + }, + "requiredInputs": [ + "meshName", + "spec", + "virtualGatewayName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GatewayRoute resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the gateway route.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the gateway route.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the gateway route.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the gateway route. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the gateway route. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/GatewayRouteSpec:GatewayRouteSpec", + "description": "The gateway route specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualGatewayName": { + "type": "string", + "description": "The name of the virtual gateway to associate the gateway route with. Must be between 1 and 255 characters in length.\n" + } + }, + "type": "object" + } + }, + "aws:appmesh/mesh:Mesh": { + "description": "Provides an AWS App Mesh service mesh resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst simple = new aws.appmesh.Mesh(\"simple\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsimple = aws.appmesh.Mesh(\"simple\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var simple = new Aws.AppMesh.Mesh(\"simple\", new Aws.AppMesh.MeshArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewMesh(ctx, \"simple\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Egress Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst simple = new aws.appmesh.Mesh(\"simple\", {\n spec: {\n egressFilter: {\n type: \"ALLOW_ALL\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsimple = aws.appmesh.Mesh(\"simple\", spec=aws.appmesh.MeshSpecArgs(\n egress_filter=aws.appmesh.MeshSpecEgressFilterArgs(\n type=\"ALLOW_ALL\",\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var simple = new Aws.AppMesh.Mesh(\"simple\", new Aws.AppMesh.MeshArgs\n {\n Spec = new Aws.AppMesh.Inputs.MeshSpecArgs\n {\n EgressFilter = new Aws.AppMesh.Inputs.MeshSpecEgressFilterArgs\n {\n Type = \"ALLOW_ALL\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewMesh(ctx, \"simple\", &appmesh.MeshArgs{\n\t\t\tSpec: &appmesh.MeshSpecArgs{\n\t\t\t\tEgressFilter: &appmesh.MeshSpecEgressFilterArgs{\n\t\t\t\t\tType: pulumi.String(\"ALLOW_ALL\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Mesh service meshes can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:appmesh/mesh:Mesh simple simpleapp\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the service mesh.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the service mesh.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the service mesh.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the service mesh. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/MeshSpec:MeshSpec", + "description": "The service mesh specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "createdDate", + "lastUpdatedDate", + "meshOwner", + "name", + "resourceOwner", + "tagsAll" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name to use for the service mesh. Must be between 1 and 255 characters in length.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/MeshSpec:MeshSpec", + "description": "The service mesh specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Mesh resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the service mesh.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the service mesh.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the service mesh.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the service mesh. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/MeshSpec:MeshSpec", + "description": "The service mesh specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:appmesh/route:Route": { + "description": "Provides an AWS App Mesh route resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### HTTP Routing\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst serviceb = new aws.appmesh.Route(\"serviceb\", {\n meshName: aws_appmesh_mesh.simple.id,\n virtualRouterName: aws_appmesh_virtual_router.serviceb.name,\n spec: {\n httpRoute: {\n match: {\n prefix: \"/\",\n },\n action: {\n weightedTargets: [\n {\n virtualNode: aws_appmesh_virtual_node.serviceb1.name,\n weight: 90,\n },\n {\n virtualNode: aws_appmesh_virtual_node.serviceb2.name,\n weight: 10,\n },\n ],\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nserviceb = aws.appmesh.Route(\"serviceb\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n virtual_router_name=aws_appmesh_virtual_router[\"serviceb\"][\"name\"],\n spec=aws.appmesh.RouteSpecArgs(\n http_route=aws.appmesh.RouteSpecHttpRouteArgs(\n match=aws.appmesh.RouteSpecHttpRouteMatchArgs(\n prefix=\"/\",\n ),\n action=aws.appmesh.RouteSpecHttpRouteActionArgs(\n weighted_targets=[\n aws.appmesh.RouteSpecHttpRouteActionWeightedTargetArgs(\n virtual_node=aws_appmesh_virtual_node[\"serviceb1\"][\"name\"],\n weight=90,\n ),\n aws.appmesh.RouteSpecHttpRouteActionWeightedTargetArgs(\n virtual_node=aws_appmesh_virtual_node[\"serviceb2\"][\"name\"],\n weight=10,\n ),\n ],\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var serviceb = new Aws.AppMesh.Route(\"serviceb\", new Aws.AppMesh.RouteArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n VirtualRouterName = aws_appmesh_virtual_router.Serviceb.Name,\n Spec = new Aws.AppMesh.Inputs.RouteSpecArgs\n {\n HttpRoute = new Aws.AppMesh.Inputs.RouteSpecHttpRouteArgs\n {\n Match = new Aws.AppMesh.Inputs.RouteSpecHttpRouteMatchArgs\n {\n Prefix = \"/\",\n },\n Action = new Aws.AppMesh.Inputs.RouteSpecHttpRouteActionArgs\n {\n WeightedTargets = \n {\n new Aws.AppMesh.Inputs.RouteSpecHttpRouteActionWeightedTargetArgs\n {\n VirtualNode = aws_appmesh_virtual_node.Serviceb1.Name,\n Weight = 90,\n },\n new Aws.AppMesh.Inputs.RouteSpecHttpRouteActionWeightedTargetArgs\n {\n VirtualNode = aws_appmesh_virtual_node.Serviceb2.Name,\n Weight = 10,\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewRoute(ctx, \"serviceb\", &appmesh.RouteArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tVirtualRouterName: pulumi.Any(aws_appmesh_virtual_router.Serviceb.Name),\n\t\t\tSpec: &appmesh.RouteSpecArgs{\n\t\t\t\tHttpRoute: &appmesh.RouteSpecHttpRouteArgs{\n\t\t\t\t\tMatch: &appmesh.RouteSpecHttpRouteMatchArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"/\"),\n\t\t\t\t\t},\n\t\t\t\t\tAction: &appmesh.RouteSpecHttpRouteActionArgs{\n\t\t\t\t\t\tWeightedTargets: appmesh.RouteSpecHttpRouteActionWeightedTargetArray{\n\t\t\t\t\t\t\t&appmesh.RouteSpecHttpRouteActionWeightedTargetArgs{\n\t\t\t\t\t\t\t\tVirtualNode: pulumi.Any(aws_appmesh_virtual_node.Serviceb1.Name),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(90),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t&appmesh.RouteSpecHttpRouteActionWeightedTargetArgs{\n\t\t\t\t\t\t\t\tVirtualNode: pulumi.Any(aws_appmesh_virtual_node.Serviceb2.Name),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(10),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### HTTP Header Routing\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst serviceb = new aws.appmesh.Route(\"serviceb\", {\n meshName: aws_appmesh_mesh.simple.id,\n virtualRouterName: aws_appmesh_virtual_router.serviceb.name,\n spec: {\n httpRoute: {\n match: {\n method: \"POST\",\n prefix: \"/\",\n scheme: \"https\",\n headers: [{\n name: \"clientRequestId\",\n match: {\n prefix: \"123\",\n },\n }],\n },\n action: {\n weightedTargets: [{\n virtualNode: aws_appmesh_virtual_node.serviceb.name,\n weight: 100,\n }],\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nserviceb = aws.appmesh.Route(\"serviceb\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n virtual_router_name=aws_appmesh_virtual_router[\"serviceb\"][\"name\"],\n spec=aws.appmesh.RouteSpecArgs(\n http_route=aws.appmesh.RouteSpecHttpRouteArgs(\n match=aws.appmesh.RouteSpecHttpRouteMatchArgs(\n method=\"POST\",\n prefix=\"/\",\n scheme=\"https\",\n headers=[aws.appmesh.RouteSpecHttpRouteMatchHeaderArgs(\n name=\"clientRequestId\",\n match=aws.appmesh.RouteSpecHttpRouteMatchHeaderMatchArgs(\n prefix=\"123\",\n ),\n )],\n ),\n action=aws.appmesh.RouteSpecHttpRouteActionArgs(\n weighted_targets=[aws.appmesh.RouteSpecHttpRouteActionWeightedTargetArgs(\n virtual_node=aws_appmesh_virtual_node[\"serviceb\"][\"name\"],\n weight=100,\n )],\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var serviceb = new Aws.AppMesh.Route(\"serviceb\", new Aws.AppMesh.RouteArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n VirtualRouterName = aws_appmesh_virtual_router.Serviceb.Name,\n Spec = new Aws.AppMesh.Inputs.RouteSpecArgs\n {\n HttpRoute = new Aws.AppMesh.Inputs.RouteSpecHttpRouteArgs\n {\n Match = new Aws.AppMesh.Inputs.RouteSpecHttpRouteMatchArgs\n {\n Method = \"POST\",\n Prefix = \"/\",\n Scheme = \"https\",\n Headers = \n {\n new Aws.AppMesh.Inputs.RouteSpecHttpRouteMatchHeaderArgs\n {\n Name = \"clientRequestId\",\n Match = new Aws.AppMesh.Inputs.RouteSpecHttpRouteMatchHeaderMatchArgs\n {\n Prefix = \"123\",\n },\n },\n },\n },\n Action = new Aws.AppMesh.Inputs.RouteSpecHttpRouteActionArgs\n {\n WeightedTargets = \n {\n new Aws.AppMesh.Inputs.RouteSpecHttpRouteActionWeightedTargetArgs\n {\n VirtualNode = aws_appmesh_virtual_node.Serviceb.Name,\n Weight = 100,\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewRoute(ctx, \"serviceb\", &appmesh.RouteArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tVirtualRouterName: pulumi.Any(aws_appmesh_virtual_router.Serviceb.Name),\n\t\t\tSpec: &appmesh.RouteSpecArgs{\n\t\t\t\tHttpRoute: &appmesh.RouteSpecHttpRouteArgs{\n\t\t\t\t\tMatch: &appmesh.RouteSpecHttpRouteMatchArgs{\n\t\t\t\t\t\tMethod: pulumi.String(\"POST\"),\n\t\t\t\t\t\tPrefix: pulumi.String(\"/\"),\n\t\t\t\t\t\tScheme: pulumi.String(\"https\"),\n\t\t\t\t\t\tHeaders: appmesh.RouteSpecHttpRouteMatchHeaderArray{\n\t\t\t\t\t\t\t&appmesh.RouteSpecHttpRouteMatchHeaderArgs{\n\t\t\t\t\t\t\t\tName: pulumi.String(\"clientRequestId\"),\n\t\t\t\t\t\t\t\tMatch: &appmesh.RouteSpecHttpRouteMatchHeaderMatchArgs{\n\t\t\t\t\t\t\t\t\tPrefix: pulumi.String(\"123\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAction: &appmesh.RouteSpecHttpRouteActionArgs{\n\t\t\t\t\t\tWeightedTargets: appmesh.RouteSpecHttpRouteActionWeightedTargetArray{\n\t\t\t\t\t\t\t&appmesh.RouteSpecHttpRouteActionWeightedTargetArgs{\n\t\t\t\t\t\t\t\tVirtualNode: pulumi.Any(aws_appmesh_virtual_node.Serviceb.Name),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(100),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Retry Policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst serviceb = new aws.appmesh.Route(\"serviceb\", {\n meshName: aws_appmesh_mesh.simple.id,\n virtualRouterName: aws_appmesh_virtual_router.serviceb.name,\n spec: {\n httpRoute: {\n match: {\n prefix: \"/\",\n },\n retryPolicy: {\n httpRetryEvents: [\"server-error\"],\n maxRetries: 1,\n perRetryTimeout: {\n unit: \"s\",\n value: 15,\n },\n },\n action: {\n weightedTargets: [{\n virtualNode: aws_appmesh_virtual_node.serviceb.name,\n weight: 100,\n }],\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nserviceb = aws.appmesh.Route(\"serviceb\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n virtual_router_name=aws_appmesh_virtual_router[\"serviceb\"][\"name\"],\n spec=aws.appmesh.RouteSpecArgs(\n http_route=aws.appmesh.RouteSpecHttpRouteArgs(\n match=aws.appmesh.RouteSpecHttpRouteMatchArgs(\n prefix=\"/\",\n ),\n retry_policy=aws.appmesh.RouteSpecHttpRouteRetryPolicyArgs(\n http_retry_events=[\"server-error\"],\n max_retries=1,\n per_retry_timeout=aws.appmesh.RouteSpecHttpRouteRetryPolicyPerRetryTimeoutArgs(\n unit=\"s\",\n value=15,\n ),\n ),\n action=aws.appmesh.RouteSpecHttpRouteActionArgs(\n weighted_targets=[aws.appmesh.RouteSpecHttpRouteActionWeightedTargetArgs(\n virtual_node=aws_appmesh_virtual_node[\"serviceb\"][\"name\"],\n weight=100,\n )],\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var serviceb = new Aws.AppMesh.Route(\"serviceb\", new Aws.AppMesh.RouteArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n VirtualRouterName = aws_appmesh_virtual_router.Serviceb.Name,\n Spec = new Aws.AppMesh.Inputs.RouteSpecArgs\n {\n HttpRoute = new Aws.AppMesh.Inputs.RouteSpecHttpRouteArgs\n {\n Match = new Aws.AppMesh.Inputs.RouteSpecHttpRouteMatchArgs\n {\n Prefix = \"/\",\n },\n RetryPolicy = new Aws.AppMesh.Inputs.RouteSpecHttpRouteRetryPolicyArgs\n {\n HttpRetryEvents = \n {\n \"server-error\",\n },\n MaxRetries = 1,\n PerRetryTimeout = new Aws.AppMesh.Inputs.RouteSpecHttpRouteRetryPolicyPerRetryTimeoutArgs\n {\n Unit = \"s\",\n Value = 15,\n },\n },\n Action = new Aws.AppMesh.Inputs.RouteSpecHttpRouteActionArgs\n {\n WeightedTargets = \n {\n new Aws.AppMesh.Inputs.RouteSpecHttpRouteActionWeightedTargetArgs\n {\n VirtualNode = aws_appmesh_virtual_node.Serviceb.Name,\n Weight = 100,\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewRoute(ctx, \"serviceb\", &appmesh.RouteArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tVirtualRouterName: pulumi.Any(aws_appmesh_virtual_router.Serviceb.Name),\n\t\t\tSpec: &appmesh.RouteSpecArgs{\n\t\t\t\tHttpRoute: &appmesh.RouteSpecHttpRouteArgs{\n\t\t\t\t\tMatch: &appmesh.RouteSpecHttpRouteMatchArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"/\"),\n\t\t\t\t\t},\n\t\t\t\t\tRetryPolicy: &appmesh.RouteSpecHttpRouteRetryPolicyArgs{\n\t\t\t\t\t\tHttpRetryEvents: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"server-error\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMaxRetries: pulumi.Int(1),\n\t\t\t\t\t\tPerRetryTimeout: &appmesh.RouteSpecHttpRouteRetryPolicyPerRetryTimeoutArgs{\n\t\t\t\t\t\t\tUnit: pulumi.String(\"s\"),\n\t\t\t\t\t\t\tValue: pulumi.Int(15),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAction: &appmesh.RouteSpecHttpRouteActionArgs{\n\t\t\t\t\t\tWeightedTargets: appmesh.RouteSpecHttpRouteActionWeightedTargetArray{\n\t\t\t\t\t\t\t&appmesh.RouteSpecHttpRouteActionWeightedTargetArgs{\n\t\t\t\t\t\t\t\tVirtualNode: pulumi.Any(aws_appmesh_virtual_node.Serviceb.Name),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(100),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### TCP Routing\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst serviceb = new aws.appmesh.Route(\"serviceb\", {\n meshName: aws_appmesh_mesh.simple.id,\n virtualRouterName: aws_appmesh_virtual_router.serviceb.name,\n spec: {\n tcpRoute: {\n action: {\n weightedTargets: [{\n virtualNode: aws_appmesh_virtual_node.serviceb1.name,\n weight: 100,\n }],\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nserviceb = aws.appmesh.Route(\"serviceb\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n virtual_router_name=aws_appmesh_virtual_router[\"serviceb\"][\"name\"],\n spec=aws.appmesh.RouteSpecArgs(\n tcp_route=aws.appmesh.RouteSpecTcpRouteArgs(\n action=aws.appmesh.RouteSpecTcpRouteActionArgs(\n weighted_targets=[aws.appmesh.RouteSpecTcpRouteActionWeightedTargetArgs(\n virtual_node=aws_appmesh_virtual_node[\"serviceb1\"][\"name\"],\n weight=100,\n )],\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var serviceb = new Aws.AppMesh.Route(\"serviceb\", new Aws.AppMesh.RouteArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n VirtualRouterName = aws_appmesh_virtual_router.Serviceb.Name,\n Spec = new Aws.AppMesh.Inputs.RouteSpecArgs\n {\n TcpRoute = new Aws.AppMesh.Inputs.RouteSpecTcpRouteArgs\n {\n Action = new Aws.AppMesh.Inputs.RouteSpecTcpRouteActionArgs\n {\n WeightedTargets = \n {\n new Aws.AppMesh.Inputs.RouteSpecTcpRouteActionWeightedTargetArgs\n {\n VirtualNode = aws_appmesh_virtual_node.Serviceb1.Name,\n Weight = 100,\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewRoute(ctx, \"serviceb\", &appmesh.RouteArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tVirtualRouterName: pulumi.Any(aws_appmesh_virtual_router.Serviceb.Name),\n\t\t\tSpec: &appmesh.RouteSpecArgs{\n\t\t\t\tTcpRoute: &appmesh.RouteSpecTcpRouteArgs{\n\t\t\t\t\tAction: &appmesh.RouteSpecTcpRouteActionArgs{\n\t\t\t\t\t\tWeightedTargets: appmesh.RouteSpecTcpRouteActionWeightedTargetArray{\n\t\t\t\t\t\t\t&appmesh.RouteSpecTcpRouteActionWeightedTargetArgs{\n\t\t\t\t\t\t\t\tVirtualNode: pulumi.Any(aws_appmesh_virtual_node.Serviceb1.Name),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(100),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Mesh virtual routes can be imported using `mesh_name` and `virtual_router_name` together with the route's `name`, e.g.\n\n```sh\n $ pulumi import aws:appmesh/route:Route serviceb simpleapp/serviceB/serviceB-route\n```\n\n [1]/docs/providers/aws/index.html ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the route.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the route.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the route.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the route. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the route. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/RouteSpec:RouteSpec", + "description": "The route specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualRouterName": { + "type": "string", + "description": "The name of the virtual router in which to create the route. Must be between 1 and 255 characters in length.\n" + } + }, + "required": [ + "arn", + "createdDate", + "lastUpdatedDate", + "meshName", + "meshOwner", + "name", + "resourceOwner", + "spec", + "tagsAll", + "virtualRouterName" + ], + "inputProperties": { + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the route. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the route. Must be between 1 and 255 characters in length.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/RouteSpec:RouteSpec", + "description": "The route specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualRouterName": { + "type": "string", + "description": "The name of the virtual router in which to create the route. Must be between 1 and 255 characters in length.\n" + } + }, + "requiredInputs": [ + "meshName", + "spec", + "virtualRouterName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Route resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the route.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the route.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the route.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the route. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the route. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/RouteSpec:RouteSpec", + "description": "The route specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualRouterName": { + "type": "string", + "description": "The name of the virtual router in which to create the route. Must be between 1 and 255 characters in length.\n" + } + }, + "type": "object" + } + }, + "aws:appmesh/virtualGateway:VirtualGateway": { + "description": "Provides an AWS App Mesh virtual gateway resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appmesh.VirtualGateway(\"example\", {\n meshName: \"example-service-mesh\",\n spec: {\n listener: {\n portMapping: {\n port: 8080,\n protocol: \"http\",\n },\n },\n },\n tags: {\n Environment: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appmesh.VirtualGateway(\"example\",\n mesh_name=\"example-service-mesh\",\n spec=aws.appmesh.VirtualGatewaySpecArgs(\n listener=aws.appmesh.VirtualGatewaySpecListenerArgs(\n port_mapping=aws.appmesh.VirtualGatewaySpecListenerPortMappingArgs(\n port=8080,\n protocol=\"http\",\n ),\n ),\n ),\n tags={\n \"Environment\": \"test\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppMesh.VirtualGateway(\"example\", new Aws.AppMesh.VirtualGatewayArgs\n {\n MeshName = \"example-service-mesh\",\n Spec = new Aws.AppMesh.Inputs.VirtualGatewaySpecArgs\n {\n Listener = new Aws.AppMesh.Inputs.VirtualGatewaySpecListenerArgs\n {\n PortMapping = new Aws.AppMesh.Inputs.VirtualGatewaySpecListenerPortMappingArgs\n {\n Port = 8080,\n Protocol = \"http\",\n },\n },\n },\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewVirtualGateway(ctx, \"example\", &appmesh.VirtualGatewayArgs{\n\t\t\tMeshName: pulumi.String(\"example-service-mesh\"),\n\t\t\tSpec: &appmesh.VirtualGatewaySpecArgs{\n\t\t\t\tListener: &appmesh.VirtualGatewaySpecListenerArgs{\n\t\t\t\t\tPortMapping: &appmesh.VirtualGatewaySpecListenerPortMappingArgs{\n\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\tProtocol: pulumi.String(\"http\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Access Logs and TLS\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appmesh.VirtualGateway(\"example\", {\n meshName: \"example-service-mesh\",\n spec: {\n listener: {\n portMapping: {\n port: 8080,\n protocol: \"http\",\n },\n tls: {\n certificate: {\n acm: {\n certificateArn: aws_acm_certificate.example.arn,\n },\n },\n mode: \"STRICT\",\n },\n },\n logging: {\n accessLog: {\n file: {\n path: \"/var/log/access.log\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appmesh.VirtualGateway(\"example\",\n mesh_name=\"example-service-mesh\",\n spec=aws.appmesh.VirtualGatewaySpecArgs(\n listener=aws.appmesh.VirtualGatewaySpecListenerArgs(\n port_mapping=aws.appmesh.VirtualGatewaySpecListenerPortMappingArgs(\n port=8080,\n protocol=\"http\",\n ),\n tls=aws.appmesh.VirtualGatewaySpecListenerTlsArgs(\n certificate=aws.appmesh.VirtualGatewaySpecListenerTlsCertificateArgs(\n acm=aws.appmesh.VirtualGatewaySpecListenerTlsCertificateAcmArgs(\n certificate_arn=aws_acm_certificate[\"example\"][\"arn\"],\n ),\n ),\n mode=\"STRICT\",\n ),\n ),\n logging=aws.appmesh.VirtualGatewaySpecLoggingArgs(\n access_log=aws.appmesh.VirtualGatewaySpecLoggingAccessLogArgs(\n file=aws.appmesh.VirtualGatewaySpecLoggingAccessLogFileArgs(\n path=\"/var/log/access.log\",\n ),\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppMesh.VirtualGateway(\"example\", new Aws.AppMesh.VirtualGatewayArgs\n {\n MeshName = \"example-service-mesh\",\n Spec = new Aws.AppMesh.Inputs.VirtualGatewaySpecArgs\n {\n Listener = new Aws.AppMesh.Inputs.VirtualGatewaySpecListenerArgs\n {\n PortMapping = new Aws.AppMesh.Inputs.VirtualGatewaySpecListenerPortMappingArgs\n {\n Port = 8080,\n Protocol = \"http\",\n },\n Tls = new Aws.AppMesh.Inputs.VirtualGatewaySpecListenerTlsArgs\n {\n Certificate = new Aws.AppMesh.Inputs.VirtualGatewaySpecListenerTlsCertificateArgs\n {\n Acm = new Aws.AppMesh.Inputs.VirtualGatewaySpecListenerTlsCertificateAcmArgs\n {\n CertificateArn = aws_acm_certificate.Example.Arn,\n },\n },\n Mode = \"STRICT\",\n },\n },\n Logging = new Aws.AppMesh.Inputs.VirtualGatewaySpecLoggingArgs\n {\n AccessLog = new Aws.AppMesh.Inputs.VirtualGatewaySpecLoggingAccessLogArgs\n {\n File = new Aws.AppMesh.Inputs.VirtualGatewaySpecLoggingAccessLogFileArgs\n {\n Path = \"/var/log/access.log\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewVirtualGateway(ctx, \"example\", &appmesh.VirtualGatewayArgs{\n\t\t\tMeshName: pulumi.String(\"example-service-mesh\"),\n\t\t\tSpec: &appmesh.VirtualGatewaySpecArgs{\n\t\t\t\tListener: &appmesh.VirtualGatewaySpecListenerArgs{\n\t\t\t\t\tPortMapping: &appmesh.VirtualGatewaySpecListenerPortMappingArgs{\n\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\tProtocol: pulumi.String(\"http\"),\n\t\t\t\t\t},\n\t\t\t\t\tTls: &appmesh.VirtualGatewaySpecListenerTlsArgs{\n\t\t\t\t\t\tCertificate: &appmesh.VirtualGatewaySpecListenerTlsCertificateArgs{\n\t\t\t\t\t\t\tAcm: &appmesh.VirtualGatewaySpecListenerTlsCertificateAcmArgs{\n\t\t\t\t\t\t\t\tCertificateArn: pulumi.Any(aws_acm_certificate.Example.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMode: pulumi.String(\"STRICT\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tLogging: &appmesh.VirtualGatewaySpecLoggingArgs{\n\t\t\t\t\tAccessLog: &appmesh.VirtualGatewaySpecLoggingAccessLogArgs{\n\t\t\t\t\t\tFile: &appmesh.VirtualGatewaySpecLoggingAccessLogFileArgs{\n\t\t\t\t\t\t\tPath: pulumi.String(\"/var/log/access.log\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Mesh virtual gateway can be imported using `mesh_name` together with the virtual gateway's `name`, e.g.\n\n```sh\n $ pulumi import aws:appmesh/virtualGateway:VirtualGateway example mesh/gw1\n```\n\n [1]/docs/providers/aws/index.html ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual gateway.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the virtual gateway.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the virtual gateway.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual gateway. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual gateway. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpec:VirtualGatewaySpec", + "description": "The virtual gateway specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "createdDate", + "lastUpdatedDate", + "meshName", + "meshOwner", + "name", + "resourceOwner", + "spec", + "tagsAll" + ], + "inputProperties": { + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual gateway. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual gateway. Must be between 1 and 255 characters in length.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpec:VirtualGatewaySpec", + "description": "The virtual gateway specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "meshName", + "spec" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VirtualGateway resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual gateway.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the virtual gateway.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the virtual gateway.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual gateway. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual gateway. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualGatewaySpec:VirtualGatewaySpec", + "description": "The virtual gateway specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:appmesh/virtualNode:VirtualNode": { + "description": "Provides an AWS App Mesh virtual node resource.\n\n## Breaking Changes\n\nBecause of backward incompatible API changes (read [here](https://github.com/awslabs/aws-app-mesh-examples/issues/92)), `aws.appmesh.VirtualNode` resource definitions created with provider versions earlier than v2.3.0 will need to be modified:\n\n* Rename the `service_name` attribute of the `dns` object to `hostname`.\n\n* Replace the `backends` attribute of the `spec` object with one or more `backend` configuration blocks,\nsetting `virtual_service_name` to the name of the service.\n\nThe state associated with existing resources will automatically be migrated.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst serviceb1 = new aws.appmesh.VirtualNode(\"serviceb1\", {\n meshName: aws_appmesh_mesh.simple.id,\n spec: {\n backends: [{\n virtualService: {\n virtualServiceName: \"servicea.simpleapp.local\",\n },\n }],\n listener: {\n portMapping: {\n port: 8080,\n protocol: \"http\",\n },\n },\n serviceDiscovery: {\n dns: {\n hostname: \"serviceb.simpleapp.local\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nserviceb1 = aws.appmesh.VirtualNode(\"serviceb1\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n spec=aws.appmesh.VirtualNodeSpecArgs(\n backends=[aws.appmesh.VirtualNodeSpecBackendArgs(\n virtual_service=aws.appmesh.VirtualNodeSpecBackendVirtualServiceArgs(\n virtual_service_name=\"servicea.simpleapp.local\",\n ),\n )],\n listener=aws.appmesh.VirtualNodeSpecListenerArgs(\n port_mapping=aws.appmesh.VirtualNodeSpecListenerPortMappingArgs(\n port=8080,\n protocol=\"http\",\n ),\n ),\n service_discovery=aws.appmesh.VirtualNodeSpecServiceDiscoveryArgs(\n dns=aws.appmesh.VirtualNodeSpecServiceDiscoveryDnsArgs(\n hostname=\"serviceb.simpleapp.local\",\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var serviceb1 = new Aws.AppMesh.VirtualNode(\"serviceb1\", new Aws.AppMesh.VirtualNodeArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n Spec = new Aws.AppMesh.Inputs.VirtualNodeSpecArgs\n {\n Backends = \n {\n new Aws.AppMesh.Inputs.VirtualNodeSpecBackendArgs\n {\n VirtualService = new Aws.AppMesh.Inputs.VirtualNodeSpecBackendVirtualServiceArgs\n {\n VirtualServiceName = \"servicea.simpleapp.local\",\n },\n },\n },\n Listener = new Aws.AppMesh.Inputs.VirtualNodeSpecListenerArgs\n {\n PortMapping = new Aws.AppMesh.Inputs.VirtualNodeSpecListenerPortMappingArgs\n {\n Port = 8080,\n Protocol = \"http\",\n },\n },\n ServiceDiscovery = new Aws.AppMesh.Inputs.VirtualNodeSpecServiceDiscoveryArgs\n {\n Dns = new Aws.AppMesh.Inputs.VirtualNodeSpecServiceDiscoveryDnsArgs\n {\n Hostname = \"serviceb.simpleapp.local\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewVirtualNode(ctx, \"serviceb1\", &appmesh.VirtualNodeArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tSpec: &appmesh.VirtualNodeSpecArgs{\n\t\t\t\tBackends: appmesh.VirtualNodeSpecBackendArray{\n\t\t\t\t\t&appmesh.VirtualNodeSpecBackendArgs{\n\t\t\t\t\t\tVirtualService: &appmesh.VirtualNodeSpecBackendVirtualServiceArgs{\n\t\t\t\t\t\t\tVirtualServiceName: pulumi.String(\"servicea.simpleapp.local\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tListener: &appmesh.VirtualNodeSpecListenerArgs{\n\t\t\t\t\tPortMapping: &appmesh.VirtualNodeSpecListenerPortMappingArgs{\n\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\tProtocol: pulumi.String(\"http\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tServiceDiscovery: &appmesh.VirtualNodeSpecServiceDiscoveryArgs{\n\t\t\t\t\tDns: &appmesh.VirtualNodeSpecServiceDiscoveryDnsArgs{\n\t\t\t\t\t\tHostname: pulumi.String(\"serviceb.simpleapp.local\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### AWS Cloud Map Service Discovery\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicediscovery.HttpNamespace(\"example\", {});\nconst serviceb1 = new aws.appmesh.VirtualNode(\"serviceb1\", {\n meshName: aws_appmesh_mesh.simple.id,\n spec: {\n backends: [{\n virtualService: {\n virtualServiceName: \"servicea.simpleapp.local\",\n },\n }],\n listener: {\n portMapping: {\n port: 8080,\n protocol: \"http\",\n },\n },\n serviceDiscovery: {\n awsCloudMap: {\n attributes: {\n stack: \"blue\",\n },\n serviceName: \"serviceb1\",\n namespaceName: example.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicediscovery.HttpNamespace(\"example\")\nserviceb1 = aws.appmesh.VirtualNode(\"serviceb1\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n spec=aws.appmesh.VirtualNodeSpecArgs(\n backends=[aws.appmesh.VirtualNodeSpecBackendArgs(\n virtual_service=aws.appmesh.VirtualNodeSpecBackendVirtualServiceArgs(\n virtual_service_name=\"servicea.simpleapp.local\",\n ),\n )],\n listener=aws.appmesh.VirtualNodeSpecListenerArgs(\n port_mapping=aws.appmesh.VirtualNodeSpecListenerPortMappingArgs(\n port=8080,\n protocol=\"http\",\n ),\n ),\n service_discovery=aws.appmesh.VirtualNodeSpecServiceDiscoveryArgs(\n aws_cloud_map=aws.appmesh.VirtualNodeSpecServiceDiscoveryAwsCloudMapArgs(\n attributes={\n \"stack\": \"blue\",\n },\n service_name=\"serviceb1\",\n namespace_name=example.name,\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceDiscovery.HttpNamespace(\"example\", new Aws.ServiceDiscovery.HttpNamespaceArgs\n {\n });\n var serviceb1 = new Aws.AppMesh.VirtualNode(\"serviceb1\", new Aws.AppMesh.VirtualNodeArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n Spec = new Aws.AppMesh.Inputs.VirtualNodeSpecArgs\n {\n Backends = \n {\n new Aws.AppMesh.Inputs.VirtualNodeSpecBackendArgs\n {\n VirtualService = new Aws.AppMesh.Inputs.VirtualNodeSpecBackendVirtualServiceArgs\n {\n VirtualServiceName = \"servicea.simpleapp.local\",\n },\n },\n },\n Listener = new Aws.AppMesh.Inputs.VirtualNodeSpecListenerArgs\n {\n PortMapping = new Aws.AppMesh.Inputs.VirtualNodeSpecListenerPortMappingArgs\n {\n Port = 8080,\n Protocol = \"http\",\n },\n },\n ServiceDiscovery = new Aws.AppMesh.Inputs.VirtualNodeSpecServiceDiscoveryArgs\n {\n AwsCloudMap = new Aws.AppMesh.Inputs.VirtualNodeSpecServiceDiscoveryAwsCloudMapArgs\n {\n Attributes = \n {\n { \"stack\", \"blue\" },\n },\n ServiceName = \"serviceb1\",\n NamespaceName = example.Name,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicediscovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := servicediscovery.NewHttpNamespace(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appmesh.NewVirtualNode(ctx, \"serviceb1\", &appmesh.VirtualNodeArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tSpec: &appmesh.VirtualNodeSpecArgs{\n\t\t\t\tBackends: appmesh.VirtualNodeSpecBackendArray{\n\t\t\t\t\t&appmesh.VirtualNodeSpecBackendArgs{\n\t\t\t\t\t\tVirtualService: &appmesh.VirtualNodeSpecBackendVirtualServiceArgs{\n\t\t\t\t\t\t\tVirtualServiceName: pulumi.String(\"servicea.simpleapp.local\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tListener: &appmesh.VirtualNodeSpecListenerArgs{\n\t\t\t\t\tPortMapping: &appmesh.VirtualNodeSpecListenerPortMappingArgs{\n\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\tProtocol: pulumi.String(\"http\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tServiceDiscovery: &appmesh.VirtualNodeSpecServiceDiscoveryArgs{\n\t\t\t\t\tAwsCloudMap: &appmesh.VirtualNodeSpecServiceDiscoveryAwsCloudMapArgs{\n\t\t\t\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\t\t\t\"stack\": pulumi.String(\"blue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tServiceName: pulumi.String(\"serviceb1\"),\n\t\t\t\t\t\tNamespaceName: example.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Listener Health Check\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst serviceb1 = new aws.appmesh.VirtualNode(\"serviceb1\", {\n meshName: aws_appmesh_mesh.simple.id,\n spec: {\n backends: [{\n virtualService: {\n virtualServiceName: \"servicea.simpleapp.local\",\n },\n }],\n listener: {\n portMapping: {\n port: 8080,\n protocol: \"http\",\n },\n healthCheck: {\n protocol: \"http\",\n path: \"/ping\",\n healthyThreshold: 2,\n unhealthyThreshold: 2,\n timeoutMillis: 2000,\n intervalMillis: 5000,\n },\n },\n serviceDiscovery: {\n dns: {\n hostname: \"serviceb.simpleapp.local\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nserviceb1 = aws.appmesh.VirtualNode(\"serviceb1\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n spec=aws.appmesh.VirtualNodeSpecArgs(\n backends=[aws.appmesh.VirtualNodeSpecBackendArgs(\n virtual_service=aws.appmesh.VirtualNodeSpecBackendVirtualServiceArgs(\n virtual_service_name=\"servicea.simpleapp.local\",\n ),\n )],\n listener=aws.appmesh.VirtualNodeSpecListenerArgs(\n port_mapping=aws.appmesh.VirtualNodeSpecListenerPortMappingArgs(\n port=8080,\n protocol=\"http\",\n ),\n health_check=aws.appmesh.VirtualNodeSpecListenerHealthCheckArgs(\n protocol=\"http\",\n path=\"/ping\",\n healthy_threshold=2,\n unhealthy_threshold=2,\n timeout_millis=2000,\n interval_millis=5000,\n ),\n ),\n service_discovery=aws.appmesh.VirtualNodeSpecServiceDiscoveryArgs(\n dns=aws.appmesh.VirtualNodeSpecServiceDiscoveryDnsArgs(\n hostname=\"serviceb.simpleapp.local\",\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var serviceb1 = new Aws.AppMesh.VirtualNode(\"serviceb1\", new Aws.AppMesh.VirtualNodeArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n Spec = new Aws.AppMesh.Inputs.VirtualNodeSpecArgs\n {\n Backends = \n {\n new Aws.AppMesh.Inputs.VirtualNodeSpecBackendArgs\n {\n VirtualService = new Aws.AppMesh.Inputs.VirtualNodeSpecBackendVirtualServiceArgs\n {\n VirtualServiceName = \"servicea.simpleapp.local\",\n },\n },\n },\n Listener = new Aws.AppMesh.Inputs.VirtualNodeSpecListenerArgs\n {\n PortMapping = new Aws.AppMesh.Inputs.VirtualNodeSpecListenerPortMappingArgs\n {\n Port = 8080,\n Protocol = \"http\",\n },\n HealthCheck = new Aws.AppMesh.Inputs.VirtualNodeSpecListenerHealthCheckArgs\n {\n Protocol = \"http\",\n Path = \"/ping\",\n HealthyThreshold = 2,\n UnhealthyThreshold = 2,\n TimeoutMillis = 2000,\n IntervalMillis = 5000,\n },\n },\n ServiceDiscovery = new Aws.AppMesh.Inputs.VirtualNodeSpecServiceDiscoveryArgs\n {\n Dns = new Aws.AppMesh.Inputs.VirtualNodeSpecServiceDiscoveryDnsArgs\n {\n Hostname = \"serviceb.simpleapp.local\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewVirtualNode(ctx, \"serviceb1\", &appmesh.VirtualNodeArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tSpec: &appmesh.VirtualNodeSpecArgs{\n\t\t\t\tBackends: appmesh.VirtualNodeSpecBackendArray{\n\t\t\t\t\t&appmesh.VirtualNodeSpecBackendArgs{\n\t\t\t\t\t\tVirtualService: &appmesh.VirtualNodeSpecBackendVirtualServiceArgs{\n\t\t\t\t\t\t\tVirtualServiceName: pulumi.String(\"servicea.simpleapp.local\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tListener: &appmesh.VirtualNodeSpecListenerArgs{\n\t\t\t\t\tPortMapping: &appmesh.VirtualNodeSpecListenerPortMappingArgs{\n\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\tProtocol: pulumi.String(\"http\"),\n\t\t\t\t\t},\n\t\t\t\t\tHealthCheck: &appmesh.VirtualNodeSpecListenerHealthCheckArgs{\n\t\t\t\t\t\tProtocol: pulumi.String(\"http\"),\n\t\t\t\t\t\tPath: pulumi.String(\"/ping\"),\n\t\t\t\t\t\tHealthyThreshold: pulumi.Int(2),\n\t\t\t\t\t\tUnhealthyThreshold: pulumi.Int(2),\n\t\t\t\t\t\tTimeoutMillis: pulumi.Int(2000),\n\t\t\t\t\t\tIntervalMillis: pulumi.Int(5000),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tServiceDiscovery: &appmesh.VirtualNodeSpecServiceDiscoveryArgs{\n\t\t\t\t\tDns: &appmesh.VirtualNodeSpecServiceDiscoveryDnsArgs{\n\t\t\t\t\t\tHostname: pulumi.String(\"serviceb.simpleapp.local\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Logging\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst serviceb1 = new aws.appmesh.VirtualNode(\"serviceb1\", {\n meshName: aws_appmesh_mesh.simple.id,\n spec: {\n backends: [{\n virtualService: {\n virtualServiceName: \"servicea.simpleapp.local\",\n },\n }],\n listener: {\n portMapping: {\n port: 8080,\n protocol: \"http\",\n },\n },\n serviceDiscovery: {\n dns: {\n hostname: \"serviceb.simpleapp.local\",\n },\n },\n logging: {\n accessLog: {\n file: {\n path: \"/dev/stdout\",\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nserviceb1 = aws.appmesh.VirtualNode(\"serviceb1\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n spec=aws.appmesh.VirtualNodeSpecArgs(\n backends=[aws.appmesh.VirtualNodeSpecBackendArgs(\n virtual_service=aws.appmesh.VirtualNodeSpecBackendVirtualServiceArgs(\n virtual_service_name=\"servicea.simpleapp.local\",\n ),\n )],\n listener=aws.appmesh.VirtualNodeSpecListenerArgs(\n port_mapping=aws.appmesh.VirtualNodeSpecListenerPortMappingArgs(\n port=8080,\n protocol=\"http\",\n ),\n ),\n service_discovery=aws.appmesh.VirtualNodeSpecServiceDiscoveryArgs(\n dns=aws.appmesh.VirtualNodeSpecServiceDiscoveryDnsArgs(\n hostname=\"serviceb.simpleapp.local\",\n ),\n ),\n logging=aws.appmesh.VirtualNodeSpecLoggingArgs(\n access_log=aws.appmesh.VirtualNodeSpecLoggingAccessLogArgs(\n file=aws.appmesh.VirtualNodeSpecLoggingAccessLogFileArgs(\n path=\"/dev/stdout\",\n ),\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var serviceb1 = new Aws.AppMesh.VirtualNode(\"serviceb1\", new Aws.AppMesh.VirtualNodeArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n Spec = new Aws.AppMesh.Inputs.VirtualNodeSpecArgs\n {\n Backends = \n {\n new Aws.AppMesh.Inputs.VirtualNodeSpecBackendArgs\n {\n VirtualService = new Aws.AppMesh.Inputs.VirtualNodeSpecBackendVirtualServiceArgs\n {\n VirtualServiceName = \"servicea.simpleapp.local\",\n },\n },\n },\n Listener = new Aws.AppMesh.Inputs.VirtualNodeSpecListenerArgs\n {\n PortMapping = new Aws.AppMesh.Inputs.VirtualNodeSpecListenerPortMappingArgs\n {\n Port = 8080,\n Protocol = \"http\",\n },\n },\n ServiceDiscovery = new Aws.AppMesh.Inputs.VirtualNodeSpecServiceDiscoveryArgs\n {\n Dns = new Aws.AppMesh.Inputs.VirtualNodeSpecServiceDiscoveryDnsArgs\n {\n Hostname = \"serviceb.simpleapp.local\",\n },\n },\n Logging = new Aws.AppMesh.Inputs.VirtualNodeSpecLoggingArgs\n {\n AccessLog = new Aws.AppMesh.Inputs.VirtualNodeSpecLoggingAccessLogArgs\n {\n File = new Aws.AppMesh.Inputs.VirtualNodeSpecLoggingAccessLogFileArgs\n {\n Path = \"/dev/stdout\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewVirtualNode(ctx, \"serviceb1\", &appmesh.VirtualNodeArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tSpec: &appmesh.VirtualNodeSpecArgs{\n\t\t\t\tBackends: appmesh.VirtualNodeSpecBackendArray{\n\t\t\t\t\t&appmesh.VirtualNodeSpecBackendArgs{\n\t\t\t\t\t\tVirtualService: &appmesh.VirtualNodeSpecBackendVirtualServiceArgs{\n\t\t\t\t\t\t\tVirtualServiceName: pulumi.String(\"servicea.simpleapp.local\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tListener: &appmesh.VirtualNodeSpecListenerArgs{\n\t\t\t\t\tPortMapping: &appmesh.VirtualNodeSpecListenerPortMappingArgs{\n\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\tProtocol: pulumi.String(\"http\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tServiceDiscovery: &appmesh.VirtualNodeSpecServiceDiscoveryArgs{\n\t\t\t\t\tDns: &appmesh.VirtualNodeSpecServiceDiscoveryDnsArgs{\n\t\t\t\t\t\tHostname: pulumi.String(\"serviceb.simpleapp.local\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tLogging: &appmesh.VirtualNodeSpecLoggingArgs{\n\t\t\t\t\tAccessLog: &appmesh.VirtualNodeSpecLoggingAccessLogArgs{\n\t\t\t\t\t\tFile: &appmesh.VirtualNodeSpecLoggingAccessLogFileArgs{\n\t\t\t\t\t\t\tPath: pulumi.String(\"/dev/stdout\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Mesh virtual nodes can be imported using `mesh_name` together with the virtual node's `name`, e.g.\n\n```sh\n $ pulumi import aws:appmesh/virtualNode:VirtualNode serviceb1 simpleapp/serviceBv1\n```\n\n [1]/docs/providers/aws/index.html ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual node.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the virtual node.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the virtual node.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual node. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual node. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpec:VirtualNodeSpec", + "description": "The virtual node specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "createdDate", + "lastUpdatedDate", + "meshName", + "meshOwner", + "name", + "resourceOwner", + "spec", + "tagsAll" + ], + "inputProperties": { + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual node. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual node. Must be between 1 and 255 characters in length.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpec:VirtualNodeSpec", + "description": "The virtual node specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "meshName", + "spec" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VirtualNode resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual node.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the virtual node.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the virtual node.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual node. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual node. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualNodeSpec:VirtualNodeSpec", + "description": "The virtual node specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:appmesh/virtualRouter:VirtualRouter": { + "description": "Provides an AWS App Mesh virtual router resource.\n\n## Breaking Changes\n\nBecause of backward incompatible API changes (read [here](https://github.com/awslabs/aws-app-mesh-examples/issues/92) and [here](https://github.com/awslabs/aws-app-mesh-examples/issues/94)), `aws.appmesh.VirtualRouter` resource definitions created with provider versions earlier than v2.3.0 will need to be modified:\n\n* Remove service `service_names` from the `spec` argument.\nAWS has created a `aws.appmesh.VirtualService` resource for each of service names.\nThese resource can be imported using `import`.\n\n* Add a `listener` configuration block to the `spec` argument.\n\nThe state associated with existing resources will automatically be migrated.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst serviceb = new aws.appmesh.VirtualRouter(\"serviceb\", {\n meshName: aws_appmesh_mesh.simple.id,\n spec: {\n listener: {\n portMapping: {\n port: 8080,\n protocol: \"http\",\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nserviceb = aws.appmesh.VirtualRouter(\"serviceb\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n spec=aws.appmesh.VirtualRouterSpecArgs(\n listener=aws.appmesh.VirtualRouterSpecListenerArgs(\n port_mapping=aws.appmesh.VirtualRouterSpecListenerPortMappingArgs(\n port=8080,\n protocol=\"http\",\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var serviceb = new Aws.AppMesh.VirtualRouter(\"serviceb\", new Aws.AppMesh.VirtualRouterArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n Spec = new Aws.AppMesh.Inputs.VirtualRouterSpecArgs\n {\n Listener = new Aws.AppMesh.Inputs.VirtualRouterSpecListenerArgs\n {\n PortMapping = new Aws.AppMesh.Inputs.VirtualRouterSpecListenerPortMappingArgs\n {\n Port = 8080,\n Protocol = \"http\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewVirtualRouter(ctx, \"serviceb\", &appmesh.VirtualRouterArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tSpec: &appmesh.VirtualRouterSpecArgs{\n\t\t\t\tListener: &appmesh.VirtualRouterSpecListenerArgs{\n\t\t\t\t\tPortMapping: &appmesh.VirtualRouterSpecListenerPortMappingArgs{\n\t\t\t\t\t\tPort: pulumi.Int(8080),\n\t\t\t\t\t\tProtocol: pulumi.String(\"http\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Mesh virtual routers can be imported using `mesh_name` together with the virtual router's `name`, e.g.\n\n```sh\n $ pulumi import aws:appmesh/virtualRouter:VirtualRouter serviceb simpleapp/serviceB\n```\n\n [1]/docs/providers/aws/index.html ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual router.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the virtual router.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the virtual router.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual router. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual router. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualRouterSpec:VirtualRouterSpec", + "description": "The virtual router specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "createdDate", + "lastUpdatedDate", + "meshName", + "meshOwner", + "name", + "resourceOwner", + "spec", + "tagsAll" + ], + "inputProperties": { + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual router. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual router. Must be between 1 and 255 characters in length.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualRouterSpec:VirtualRouterSpec", + "description": "The virtual router specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "meshName", + "spec" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VirtualRouter resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual router.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the virtual router.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the virtual router.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual router. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual router. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualRouterSpec:VirtualRouterSpec", + "description": "The virtual router specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:appmesh/virtualService:VirtualService": { + "description": "Provides an AWS App Mesh virtual service resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Virtual Node Provider\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst servicea = new aws.appmesh.VirtualService(\"servicea\", {\n meshName: aws_appmesh_mesh.simple.id,\n spec: {\n provider: {\n virtualNode: {\n virtualNodeName: aws_appmesh_virtual_node.serviceb1.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nservicea = aws.appmesh.VirtualService(\"servicea\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n spec=aws.appmesh.VirtualServiceSpecArgs(\n provider=aws.appmesh.VirtualServiceSpecProviderArgs(\n virtual_node=aws.appmesh.VirtualServiceSpecProviderVirtualNodeArgs(\n virtual_node_name=aws_appmesh_virtual_node[\"serviceb1\"][\"name\"],\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var servicea = new Aws.AppMesh.VirtualService(\"servicea\", new Aws.AppMesh.VirtualServiceArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n Spec = new Aws.AppMesh.Inputs.VirtualServiceSpecArgs\n {\n Provider = new Aws.AppMesh.Inputs.VirtualServiceSpecProviderArgs\n {\n VirtualNode = new Aws.AppMesh.Inputs.VirtualServiceSpecProviderVirtualNodeArgs\n {\n VirtualNodeName = aws_appmesh_virtual_node.Serviceb1.Name,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewVirtualService(ctx, \"servicea\", &appmesh.VirtualServiceArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tSpec: &appmesh.VirtualServiceSpecArgs{\n\t\t\t\tProvider: &appmesh.VirtualServiceSpecProviderArgs{\n\t\t\t\t\tVirtualNode: &appmesh.VirtualServiceSpecProviderVirtualNodeArgs{\n\t\t\t\t\t\tVirtualNodeName: pulumi.Any(aws_appmesh_virtual_node.Serviceb1.Name),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Virtual Router Provider\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst servicea = new aws.appmesh.VirtualService(\"servicea\", {\n meshName: aws_appmesh_mesh.simple.id,\n spec: {\n provider: {\n virtualRouter: {\n virtualRouterName: aws_appmesh_virtual_router.serviceb.name,\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nservicea = aws.appmesh.VirtualService(\"servicea\",\n mesh_name=aws_appmesh_mesh[\"simple\"][\"id\"],\n spec=aws.appmesh.VirtualServiceSpecArgs(\n provider=aws.appmesh.VirtualServiceSpecProviderArgs(\n virtual_router=aws.appmesh.VirtualServiceSpecProviderVirtualRouterArgs(\n virtual_router_name=aws_appmesh_virtual_router[\"serviceb\"][\"name\"],\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var servicea = new Aws.AppMesh.VirtualService(\"servicea\", new Aws.AppMesh.VirtualServiceArgs\n {\n MeshName = aws_appmesh_mesh.Simple.Id,\n Spec = new Aws.AppMesh.Inputs.VirtualServiceSpecArgs\n {\n Provider = new Aws.AppMesh.Inputs.VirtualServiceSpecProviderArgs\n {\n VirtualRouter = new Aws.AppMesh.Inputs.VirtualServiceSpecProviderVirtualRouterArgs\n {\n VirtualRouterName = aws_appmesh_virtual_router.Serviceb.Name,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.NewVirtualService(ctx, \"servicea\", &appmesh.VirtualServiceArgs{\n\t\t\tMeshName: pulumi.Any(aws_appmesh_mesh.Simple.Id),\n\t\t\tSpec: &appmesh.VirtualServiceSpecArgs{\n\t\t\t\tProvider: &appmesh.VirtualServiceSpecProviderArgs{\n\t\t\t\t\tVirtualRouter: &appmesh.VirtualServiceSpecProviderVirtualRouterArgs{\n\t\t\t\t\t\tVirtualRouterName: pulumi.Any(aws_appmesh_virtual_router.Serviceb.Name),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Mesh virtual services can be imported using `mesh_name` together with the virtual service's `name`, e.g.\n\n```sh\n $ pulumi import aws:appmesh/virtualService:VirtualService servicea simpleapp/servicea.simpleapp.local\n```\n\n [1]/docs/providers/aws/index.html ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual service.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the virtual service.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the virtual service.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual service. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual service. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualServiceSpec:VirtualServiceSpec", + "description": "The virtual service specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "createdDate", + "lastUpdatedDate", + "meshName", + "meshOwner", + "name", + "resourceOwner", + "spec", + "tagsAll" + ], + "inputProperties": { + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual service. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual service. Must be between 1 and 255 characters in length.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualServiceSpec:VirtualServiceSpec", + "description": "The virtual service specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "meshName", + "spec" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VirtualService resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual service.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the virtual service.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the virtual service.\n" + }, + "meshName": { + "type": "string", + "description": "The name of the service mesh in which to create the virtual service. Must be between 1 and 255 characters in length.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner. Defaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "name": { + "type": "string", + "description": "The name to use for the virtual service. Must be between 1 and 255 characters in length.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "spec": { + "$ref": "#/types/aws:appmesh/VirtualServiceSpec:VirtualServiceSpec", + "description": "The virtual service specification to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:apprunner/autoScalingConfigurationVersion:AutoScalingConfigurationVersion": { + "description": "Manages an App Runner AutoScaling Configuration Version.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apprunner.AutoScalingConfigurationVersion(\"example\", {\n autoScalingConfigurationName: \"example\",\n maxConcurrency: 50,\n maxSize: 10,\n minSize: 2,\n tags: {\n Name: \"example-apprunner-autoscaling\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apprunner.AutoScalingConfigurationVersion(\"example\",\n auto_scaling_configuration_name=\"example\",\n max_concurrency=50,\n max_size=10,\n min_size=2,\n tags={\n \"Name\": \"example-apprunner-autoscaling\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppRunner.AutoScalingConfigurationVersion(\"example\", new Aws.AppRunner.AutoScalingConfigurationVersionArgs\n {\n AutoScalingConfigurationName = \"example\",\n MaxConcurrency = 50,\n MaxSize = 10,\n MinSize = 2,\n Tags = \n {\n { \"Name\", \"example-apprunner-autoscaling\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apprunner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apprunner.NewAutoScalingConfigurationVersion(ctx, \"example\", &apprunner.AutoScalingConfigurationVersionArgs{\n\t\t\tAutoScalingConfigurationName: pulumi.String(\"example\"),\n\t\t\tMaxConcurrency: pulumi.Int(50),\n\t\t\tMaxSize: pulumi.Int(10),\n\t\t\tMinSize: pulumi.Int(2),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example-apprunner-autoscaling\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Runner AutoScaling Configuration Versions can be imported by using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:apprunner/autoScalingConfigurationVersion:AutoScalingConfigurationVersion example \"arn:aws:apprunner:us-east-1:1234567890:autoscalingconfiguration/example/1/69bdfe0115224b0db49398b7beb68e0f\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of this auto scaling configuration version.\n" + }, + "autoScalingConfigurationName": { + "type": "string", + "description": "Name of the auto scaling configuration.\n" + }, + "autoScalingConfigurationRevision": { + "type": "integer", + "description": "The revision of this auto scaling configuration.\n" + }, + "latest": { + "type": "boolean", + "description": "Whether the auto scaling configuration has the highest `auto_scaling_configuration_revision` among all configurations that share the same `auto_scaling_configuration_name`.\n" + }, + "maxConcurrency": { + "type": "integer", + "description": "The maximal number of concurrent requests that you want an instance to process. When the number of concurrent requests goes over this limit, App Runner scales up your service.\n" + }, + "maxSize": { + "type": "integer", + "description": "The maximal number of instances that App Runner provisions for your service.\n" + }, + "minSize": { + "type": "integer", + "description": "The minimal number of instances that App Runner provisions for your service.\n" + }, + "status": { + "type": "string", + "description": "The current state of the auto scaling configuration. An INACTIVE configuration revision has been deleted and can't be used. It is permanently removed some time after deletion.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "autoScalingConfigurationName", + "autoScalingConfigurationRevision", + "latest", + "status", + "tagsAll" + ], + "inputProperties": { + "autoScalingConfigurationName": { + "type": "string", + "description": "Name of the auto scaling configuration.\n" + }, + "maxConcurrency": { + "type": "integer", + "description": "The maximal number of concurrent requests that you want an instance to process. When the number of concurrent requests goes over this limit, App Runner scales up your service.\n" + }, + "maxSize": { + "type": "integer", + "description": "The maximal number of instances that App Runner provisions for your service.\n" + }, + "minSize": { + "type": "integer", + "description": "The minimal number of instances that App Runner provisions for your service.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "autoScalingConfigurationName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AutoScalingConfigurationVersion resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of this auto scaling configuration version.\n" + }, + "autoScalingConfigurationName": { + "type": "string", + "description": "Name of the auto scaling configuration.\n" + }, + "autoScalingConfigurationRevision": { + "type": "integer", + "description": "The revision of this auto scaling configuration.\n" + }, + "latest": { + "type": "boolean", + "description": "Whether the auto scaling configuration has the highest `auto_scaling_configuration_revision` among all configurations that share the same `auto_scaling_configuration_name`.\n" + }, + "maxConcurrency": { + "type": "integer", + "description": "The maximal number of concurrent requests that you want an instance to process. When the number of concurrent requests goes over this limit, App Runner scales up your service.\n" + }, + "maxSize": { + "type": "integer", + "description": "The maximal number of instances that App Runner provisions for your service.\n" + }, + "minSize": { + "type": "integer", + "description": "The minimal number of instances that App Runner provisions for your service.\n" + }, + "status": { + "type": "string", + "description": "The current state of the auto scaling configuration. An INACTIVE configuration revision has been deleted and can't be used. It is permanently removed some time after deletion.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:apprunner/connection:Connection": { + "description": "Manages an App Runner Connection.\n\n> **NOTE:** After creation, you must complete the authentication handshake using the App Runner console.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apprunner.Connection(\"example\", {\n connectionName: \"example\",\n providerType: \"GITHUB\",\n tags: {\n Name: \"example-apprunner-connection\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apprunner.Connection(\"example\",\n connection_name=\"example\",\n provider_type=\"GITHUB\",\n tags={\n \"Name\": \"example-apprunner-connection\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppRunner.Connection(\"example\", new Aws.AppRunner.ConnectionArgs\n {\n ConnectionName = \"example\",\n ProviderType = \"GITHUB\",\n Tags = \n {\n { \"Name\", \"example-apprunner-connection\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apprunner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apprunner.NewConnection(ctx, \"example\", &apprunner.ConnectionArgs{\n\t\t\tConnectionName: pulumi.String(\"example\"),\n\t\t\tProviderType: pulumi.String(\"GITHUB\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example-apprunner-connection\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Runner Connections can be imported by using the `connection_name`, e.g.\n\n```sh\n $ pulumi import aws:apprunner/connection:Connection example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the connection.\n" + }, + "connectionName": { + "type": "string", + "description": "Name of the connection.\n" + }, + "providerType": { + "type": "string", + "description": "The source repository provider. Valid values: `GITHUB`.\n" + }, + "status": { + "type": "string", + "description": "The current state of the App Runner connection. When the state is `AVAILABLE`, you can use the connection to create an `aws.apprunner.Service` resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "connectionName", + "providerType", + "status", + "tagsAll" + ], + "inputProperties": { + "connectionName": { + "type": "string", + "description": "Name of the connection.\n" + }, + "providerType": { + "type": "string", + "description": "The source repository provider. Valid values: `GITHUB`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "connectionName", + "providerType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Connection resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the connection.\n" + }, + "connectionName": { + "type": "string", + "description": "Name of the connection.\n" + }, + "providerType": { + "type": "string", + "description": "The source repository provider. Valid values: `GITHUB`.\n" + }, + "status": { + "type": "string", + "description": "The current state of the App Runner connection. When the state is `AVAILABLE`, you can use the connection to create an `aws.apprunner.Service` resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:apprunner/customDomainAssociation:CustomDomainAssociation": { + "description": "Manages an App Runner Custom Domain association.\n\n> **NOTE:** After creation, you must use the information in the `certification_validation_records` attribute to add CNAME records to your Domain Name System (DNS). For each mapped domain name, add a mapping to the target App Runner subdomain (found in the `dns_target` attribute) and one or more certificate validation records. App Runner then performs DNS validation to verify that you own or control the domain name you associated. App Runner tracks domain validity in a certificate stored in AWS Certificate Manager (ACM).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apprunner.CustomDomainAssociation(\"example\", {\n domainName: \"example.com\",\n serviceArn: aws_apprunner_service.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apprunner.CustomDomainAssociation(\"example\",\n domain_name=\"example.com\",\n service_arn=aws_apprunner_service[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppRunner.CustomDomainAssociation(\"example\", new Aws.AppRunner.CustomDomainAssociationArgs\n {\n DomainName = \"example.com\",\n ServiceArn = aws_apprunner_service.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apprunner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apprunner.NewCustomDomainAssociation(ctx, \"example\", &apprunner.CustomDomainAssociationArgs{\n\t\t\tDomainName: pulumi.String(\"example.com\"),\n\t\t\tServiceArn: pulumi.Any(aws_apprunner_service.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Runner Custom Domain Associations can be imported by using the `domain_name` and `service_arn` separated by a comma (`,`), e.g.\n\n```sh\n $ pulumi import aws:apprunner/customDomainAssociation:CustomDomainAssociation example example.com,arn:aws:apprunner:us-east-1:123456789012:service/example-\n```\n\n app/8fe1e10304f84fd2b0df550fe98a71fa ", + "properties": { + "certificateValidationRecords": { + "type": "array", + "items": { + "$ref": "#/types/aws:apprunner/CustomDomainAssociationCertificateValidationRecord:CustomDomainAssociationCertificateValidationRecord" + }, + "description": "A set of certificate CNAME records used for this domain name. See Certificate Validation Records below for more details.\n" + }, + "dnsTarget": { + "type": "string", + "description": "The App Runner subdomain of the App Runner service. The custom domain name is mapped to this target name. Attribute only available if resource created (not imported) with this provider.\n" + }, + "domainName": { + "type": "string", + "description": "The custom domain endpoint to association. Specify a base domain e.g. `example.com` or a subdomain e.g. `subdomain.example.com`.\n" + }, + "enableWwwSubdomain": { + "type": "boolean", + "description": "Whether to associate the subdomain with the App Runner service in addition to the base domain. Defaults to `true`.\n" + }, + "serviceArn": { + "type": "string", + "description": "The ARN of the App Runner service.\n" + }, + "status": { + "type": "string", + "description": "The current state of the certificate CNAME record validation. It should change to `SUCCESS` after App Runner completes validation with your DNS.\n" + } + }, + "required": [ + "certificateValidationRecords", + "dnsTarget", + "domainName", + "serviceArn", + "status" + ], + "inputProperties": { + "domainName": { + "type": "string", + "description": "The custom domain endpoint to association. Specify a base domain e.g. `example.com` or a subdomain e.g. `subdomain.example.com`.\n" + }, + "enableWwwSubdomain": { + "type": "boolean", + "description": "Whether to associate the subdomain with the App Runner service in addition to the base domain. Defaults to `true`.\n" + }, + "serviceArn": { + "type": "string", + "description": "The ARN of the App Runner service.\n" + } + }, + "requiredInputs": [ + "domainName", + "serviceArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CustomDomainAssociation resources.\n", + "properties": { + "certificateValidationRecords": { + "type": "array", + "items": { + "$ref": "#/types/aws:apprunner/CustomDomainAssociationCertificateValidationRecord:CustomDomainAssociationCertificateValidationRecord" + }, + "description": "A set of certificate CNAME records used for this domain name. See Certificate Validation Records below for more details.\n" + }, + "dnsTarget": { + "type": "string", + "description": "The App Runner subdomain of the App Runner service. The custom domain name is mapped to this target name. Attribute only available if resource created (not imported) with this provider.\n" + }, + "domainName": { + "type": "string", + "description": "The custom domain endpoint to association. Specify a base domain e.g. `example.com` or a subdomain e.g. `subdomain.example.com`.\n" + }, + "enableWwwSubdomain": { + "type": "boolean", + "description": "Whether to associate the subdomain with the App Runner service in addition to the base domain. Defaults to `true`.\n" + }, + "serviceArn": { + "type": "string", + "description": "The ARN of the App Runner service.\n" + }, + "status": { + "type": "string", + "description": "The current state of the certificate CNAME record validation. It should change to `SUCCESS` after App Runner completes validation with your DNS.\n" + } + }, + "type": "object" + } + }, + "aws:apprunner/service:Service": { + "description": "Manages an App Runner Service.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Service with a Code Repository Source\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apprunner.Service(\"example\", {\n serviceName: \"example\",\n sourceConfiguration: {\n authenticationConfiguration: {\n connectionArn: aws_apprunner_connection.example.arn,\n },\n codeRepository: {\n codeConfiguration: {\n codeConfigurationValues: {\n buildCommand: \"python setup.py develop\",\n port: \"8000\",\n runtime: \"python3\",\n startCommand: \"python runapp.py\",\n },\n configurationSource: \"API\",\n },\n repositoryUrl: \"https://github.com/example/my-example-python-app\",\n sourceCodeVersion: {\n type: \"BRANCH\",\n value: \"main\",\n },\n },\n },\n tags: {\n Name: \"example-apprunner-service\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apprunner.Service(\"example\",\n service_name=\"example\",\n source_configuration=aws.apprunner.ServiceSourceConfigurationArgs(\n authentication_configuration=aws.apprunner.ServiceSourceConfigurationAuthenticationConfigurationArgs(\n connection_arn=aws_apprunner_connection[\"example\"][\"arn\"],\n ),\n code_repository=aws.apprunner.ServiceSourceConfigurationCodeRepositoryArgs(\n code_configuration=aws.apprunner.ServiceSourceConfigurationCodeRepositoryCodeConfigurationArgs(\n code_configuration_values=aws.apprunner.ServiceSourceConfigurationCodeRepositoryCodeConfigurationCodeConfigurationValuesArgs(\n build_command=\"python setup.py develop\",\n port=\"8000\",\n runtime=\"python3\",\n start_command=\"python runapp.py\",\n ),\n configuration_source=\"API\",\n ),\n repository_url=\"https://github.com/example/my-example-python-app\",\n source_code_version=aws.apprunner.ServiceSourceConfigurationCodeRepositorySourceCodeVersionArgs(\n type=\"BRANCH\",\n value=\"main\",\n ),\n ),\n ),\n tags={\n \"Name\": \"example-apprunner-service\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppRunner.Service(\"example\", new Aws.AppRunner.ServiceArgs\n {\n ServiceName = \"example\",\n SourceConfiguration = new Aws.AppRunner.Inputs.ServiceSourceConfigurationArgs\n {\n AuthenticationConfiguration = new Aws.AppRunner.Inputs.ServiceSourceConfigurationAuthenticationConfigurationArgs\n {\n ConnectionArn = aws_apprunner_connection.Example.Arn,\n },\n CodeRepository = new Aws.AppRunner.Inputs.ServiceSourceConfigurationCodeRepositoryArgs\n {\n CodeConfiguration = new Aws.AppRunner.Inputs.ServiceSourceConfigurationCodeRepositoryCodeConfigurationArgs\n {\n CodeConfigurationValues = new Aws.AppRunner.Inputs.ServiceSourceConfigurationCodeRepositoryCodeConfigurationCodeConfigurationValuesArgs\n {\n BuildCommand = \"python setup.py develop\",\n Port = \"8000\",\n Runtime = \"python3\",\n StartCommand = \"python runapp.py\",\n },\n ConfigurationSource = \"API\",\n },\n RepositoryUrl = \"https://github.com/example/my-example-python-app\",\n SourceCodeVersion = new Aws.AppRunner.Inputs.ServiceSourceConfigurationCodeRepositorySourceCodeVersionArgs\n {\n Type = \"BRANCH\",\n Value = \"main\",\n },\n },\n },\n Tags = \n {\n { \"Name\", \"example-apprunner-service\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apprunner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apprunner.NewService(ctx, \"example\", &apprunner.ServiceArgs{\n\t\t\tServiceName: pulumi.String(\"example\"),\n\t\t\tSourceConfiguration: &apprunner.ServiceSourceConfigurationArgs{\n\t\t\t\tAuthenticationConfiguration: &apprunner.ServiceSourceConfigurationAuthenticationConfigurationArgs{\n\t\t\t\t\tConnectionArn: pulumi.Any(aws_apprunner_connection.Example.Arn),\n\t\t\t\t},\n\t\t\t\tCodeRepository: &apprunner.ServiceSourceConfigurationCodeRepositoryArgs{\n\t\t\t\t\tCodeConfiguration: &apprunner.ServiceSourceConfigurationCodeRepositoryCodeConfigurationArgs{\n\t\t\t\t\t\tCodeConfigurationValues: &apprunner.ServiceSourceConfigurationCodeRepositoryCodeConfigurationCodeConfigurationValuesArgs{\n\t\t\t\t\t\t\tBuildCommand: pulumi.String(\"python setup.py develop\"),\n\t\t\t\t\t\t\tPort: pulumi.String(\"8000\"),\n\t\t\t\t\t\t\tRuntime: pulumi.String(\"python3\"),\n\t\t\t\t\t\t\tStartCommand: pulumi.String(\"python runapp.py\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tConfigurationSource: pulumi.String(\"API\"),\n\t\t\t\t\t},\n\t\t\t\t\tRepositoryUrl: pulumi.String(\"https://github.com/example/my-example-python-app\"),\n\t\t\t\t\tSourceCodeVersion: &apprunner.ServiceSourceConfigurationCodeRepositorySourceCodeVersionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BRANCH\"),\n\t\t\t\t\t\tValue: pulumi.String(\"main\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example-apprunner-service\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Service with an Image Repository Source\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.apprunner.Service(\"example\", {\n serviceName: \"example\",\n sourceConfiguration: {\n imageRepository: {\n imageConfiguration: {\n port: \"8000\",\n },\n imageIdentifier: \"public.ecr.aws/jg/hello:latest\",\n imageRepositoryType: \"ECR_PUBLIC\",\n },\n },\n tags: {\n Name: \"example-apprunner-service\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apprunner.Service(\"example\",\n service_name=\"example\",\n source_configuration=aws.apprunner.ServiceSourceConfigurationArgs(\n image_repository=aws.apprunner.ServiceSourceConfigurationImageRepositoryArgs(\n image_configuration=aws.apprunner.ServiceSourceConfigurationImageRepositoryImageConfigurationArgs(\n port=\"8000\",\n ),\n image_identifier=\"public.ecr.aws/jg/hello:latest\",\n image_repository_type=\"ECR_PUBLIC\",\n ),\n ),\n tags={\n \"Name\": \"example-apprunner-service\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppRunner.Service(\"example\", new Aws.AppRunner.ServiceArgs\n {\n ServiceName = \"example\",\n SourceConfiguration = new Aws.AppRunner.Inputs.ServiceSourceConfigurationArgs\n {\n ImageRepository = new Aws.AppRunner.Inputs.ServiceSourceConfigurationImageRepositoryArgs\n {\n ImageConfiguration = new Aws.AppRunner.Inputs.ServiceSourceConfigurationImageRepositoryImageConfigurationArgs\n {\n Port = \"8000\",\n },\n ImageIdentifier = \"public.ecr.aws/jg/hello:latest\",\n ImageRepositoryType = \"ECR_PUBLIC\",\n },\n },\n Tags = \n {\n { \"Name\", \"example-apprunner-service\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apprunner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apprunner.NewService(ctx, \"example\", &apprunner.ServiceArgs{\n\t\t\tServiceName: pulumi.String(\"example\"),\n\t\t\tSourceConfiguration: &apprunner.ServiceSourceConfigurationArgs{\n\t\t\t\tImageRepository: &apprunner.ServiceSourceConfigurationImageRepositoryArgs{\n\t\t\t\t\tImageConfiguration: &apprunner.ServiceSourceConfigurationImageRepositoryImageConfigurationArgs{\n\t\t\t\t\t\tPort: pulumi.String(\"8000\"),\n\t\t\t\t\t},\n\t\t\t\t\tImageIdentifier: pulumi.String(\"public.ecr.aws/jg/hello:latest\"),\n\t\t\t\t\tImageRepositoryType: pulumi.String(\"ECR_PUBLIC\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example-apprunner-service\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApp Runner Services can be imported by using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:apprunner/service:Service example arn:aws:apprunner:us-east-1:1234567890:service/example/0a03292a89764e5882c41d8f991c82fe\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the App Runner service.\n" + }, + "autoScalingConfigurationArn": { + "type": "string", + "description": "ARN of an App Runner automatic scaling configuration resource that you want to associate with your service. If not provided, App Runner associates the latest revision of a default auto scaling configuration.\n" + }, + "encryptionConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceEncryptionConfiguration:ServiceEncryptionConfiguration", + "description": "An optional custom encryption key that App Runner uses to encrypt the copy of your source repository that it maintains and your service logs. By default, App Runner uses an AWS managed CMK. See Encryption Configuration below for more details.\n" + }, + "healthCheckConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceHealthCheckConfiguration:ServiceHealthCheckConfiguration", + "description": "Settings of the health check that AWS App Runner performs to monitor the health of your service. See Health Check Configuration below for more details.\n" + }, + "instanceConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceInstanceConfiguration:ServiceInstanceConfiguration", + "description": "The runtime configuration of instances (scaling units) of the App Runner service. See Instance Configuration below for more details.\n" + }, + "serviceId": { + "type": "string", + "description": "An alphanumeric ID that App Runner generated for this service. Unique within the AWS Region.\n" + }, + "serviceName": { + "type": "string", + "description": "Name of the service.\n" + }, + "serviceUrl": { + "type": "string", + "description": "A subdomain URL that App Runner generated for this service. You can use this URL to access your service web application.\n" + }, + "sourceConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceSourceConfiguration:ServiceSourceConfiguration", + "description": "The source to deploy to the App Runner service. Can be a code or an image repository. See Source Configuration below for more details.\n" + }, + "status": { + "type": "string", + "description": "The current state of the App Runner service.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "autoScalingConfigurationArn", + "healthCheckConfiguration", + "instanceConfiguration", + "serviceId", + "serviceName", + "serviceUrl", + "sourceConfiguration", + "status", + "tagsAll" + ], + "inputProperties": { + "autoScalingConfigurationArn": { + "type": "string", + "description": "ARN of an App Runner automatic scaling configuration resource that you want to associate with your service. If not provided, App Runner associates the latest revision of a default auto scaling configuration.\n" + }, + "encryptionConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceEncryptionConfiguration:ServiceEncryptionConfiguration", + "description": "An optional custom encryption key that App Runner uses to encrypt the copy of your source repository that it maintains and your service logs. By default, App Runner uses an AWS managed CMK. See Encryption Configuration below for more details.\n" + }, + "healthCheckConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceHealthCheckConfiguration:ServiceHealthCheckConfiguration", + "description": "Settings of the health check that AWS App Runner performs to monitor the health of your service. See Health Check Configuration below for more details.\n" + }, + "instanceConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceInstanceConfiguration:ServiceInstanceConfiguration", + "description": "The runtime configuration of instances (scaling units) of the App Runner service. See Instance Configuration below for more details.\n" + }, + "serviceName": { + "type": "string", + "description": "Name of the service.\n" + }, + "sourceConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceSourceConfiguration:ServiceSourceConfiguration", + "description": "The source to deploy to the App Runner service. Can be a code or an image repository. See Source Configuration below for more details.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "serviceName", + "sourceConfiguration" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Service resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the App Runner service.\n" + }, + "autoScalingConfigurationArn": { + "type": "string", + "description": "ARN of an App Runner automatic scaling configuration resource that you want to associate with your service. If not provided, App Runner associates the latest revision of a default auto scaling configuration.\n" + }, + "encryptionConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceEncryptionConfiguration:ServiceEncryptionConfiguration", + "description": "An optional custom encryption key that App Runner uses to encrypt the copy of your source repository that it maintains and your service logs. By default, App Runner uses an AWS managed CMK. See Encryption Configuration below for more details.\n" + }, + "healthCheckConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceHealthCheckConfiguration:ServiceHealthCheckConfiguration", + "description": "Settings of the health check that AWS App Runner performs to monitor the health of your service. See Health Check Configuration below for more details.\n" + }, + "instanceConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceInstanceConfiguration:ServiceInstanceConfiguration", + "description": "The runtime configuration of instances (scaling units) of the App Runner service. See Instance Configuration below for more details.\n" + }, + "serviceId": { + "type": "string", + "description": "An alphanumeric ID that App Runner generated for this service. Unique within the AWS Region.\n" + }, + "serviceName": { + "type": "string", + "description": "Name of the service.\n" + }, + "serviceUrl": { + "type": "string", + "description": "A subdomain URL that App Runner generated for this service. You can use this URL to access your service web application.\n" + }, + "sourceConfiguration": { + "$ref": "#/types/aws:apprunner/ServiceSourceConfiguration:ServiceSourceConfiguration", + "description": "The source to deploy to the App Runner service. Can be a code or an image repository. See Source Configuration below for more details.\n" + }, + "status": { + "type": "string", + "description": "The current state of the App Runner service.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:appsync/apiKey:ApiKey": { + "description": "Provides an AppSync API Key.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGraphQLApi = new aws.appsync.GraphQLApi(\"exampleGraphQLApi\", {authenticationType: \"API_KEY\"});\nconst exampleApiKey = new aws.appsync.ApiKey(\"exampleApiKey\", {\n apiId: exampleGraphQLApi.id,\n expires: \"2018-05-03T04:00:00Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_graph_ql_api = aws.appsync.GraphQLApi(\"exampleGraphQLApi\", authentication_type=\"API_KEY\")\nexample_api_key = aws.appsync.ApiKey(\"exampleApiKey\",\n api_id=example_graph_ql_api.id,\n expires=\"2018-05-03T04:00:00Z\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleGraphQLApi = new Aws.AppSync.GraphQLApi(\"exampleGraphQLApi\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"API_KEY\",\n });\n var exampleApiKey = new Aws.AppSync.ApiKey(\"exampleApiKey\", new Aws.AppSync.ApiKeyArgs\n {\n ApiId = exampleGraphQLApi.Id,\n Expires = \"2018-05-03T04:00:00Z\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleGraphQLApi, err := appsync.NewGraphQLApi(ctx, \"exampleGraphQLApi\", &appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewApiKey(ctx, \"exampleApiKey\", &appsync.ApiKeyArgs{\n\t\t\tApiId: exampleGraphQLApi.ID(),\n\t\t\tExpires: pulumi.String(\"2018-05-03T04:00:00Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_appsync_api_key` can be imported using the AppSync API ID and key separated by `:`, e.g.\n\n```sh\n $ pulumi import aws:appsync/apiKey:ApiKey example xxxxx:yyyyy\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The ID of the associated AppSync API\n" + }, + "description": { + "type": "string", + "description": "The API key description. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "expires": { + "type": "string", + "description": "RFC3339 string representation of the expiry date. Rounded down to nearest hour. By default, it is 7 days from the date of creation.\n" + }, + "key": { + "type": "string", + "description": "The API key\n" + } + }, + "required": [ + "apiId", + "description", + "key" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The ID of the associated AppSync API\n" + }, + "description": { + "type": "string", + "description": "The API key description. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "expires": { + "type": "string", + "description": "RFC3339 string representation of the expiry date. Rounded down to nearest hour. By default, it is 7 days from the date of creation.\n" + } + }, + "requiredInputs": [ + "apiId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ApiKey resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The ID of the associated AppSync API\n" + }, + "description": { + "type": "string", + "description": "The API key description. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "expires": { + "type": "string", + "description": "RFC3339 string representation of the expiry date. Rounded down to nearest hour. By default, it is 7 days from the date of creation.\n" + }, + "key": { + "type": "string", + "description": "The API key\n" + } + }, + "type": "object" + } + }, + "aws:appsync/dataSource:DataSource": { + "description": "Provides an AppSync DataSource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleTable = new aws.dynamodb.Table(\"exampleTable\", {\n readCapacity: 1,\n writeCapacity: 1,\n hashKey: \"UserId\",\n attributes: [{\n name: \"UserId\",\n type: \"S\",\n }],\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"appsync.amazonaws.com\"\n },\n \"Effect\": \"Allow\"\n }\n ]\n}\n`});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"exampleRolePolicy\", {\n role: exampleRole.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"dynamodb:*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${exampleTable.arn}\"\n ]\n }\n ]\n}\n`,\n});\nconst exampleGraphQLApi = new aws.appsync.GraphQLApi(\"exampleGraphQLApi\", {authenticationType: \"API_KEY\"});\nconst exampleDataSource = new aws.appsync.DataSource(\"exampleDataSource\", {\n apiId: exampleGraphQLApi.id,\n name: \"tf_appsync_example\",\n serviceRoleArn: exampleRole.arn,\n type: \"AMAZON_DYNAMODB\",\n dynamodbConfig: {\n tableName: exampleTable.name,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_table = aws.dynamodb.Table(\"exampleTable\",\n read_capacity=1,\n write_capacity=1,\n hash_key=\"UserId\",\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"UserId\",\n type=\"S\",\n )])\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"appsync.amazonaws.com\"\n },\n \"Effect\": \"Allow\"\n }\n ]\n}\n\"\"\")\nexample_role_policy = aws.iam.RolePolicy(\"exampleRolePolicy\",\n role=example_role.id,\n policy=example_table.arn.apply(lambda arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": [\n \"dynamodb:*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"{arn}\"\n ]\n }}\n ]\n}}\n\"\"\"))\nexample_graph_ql_api = aws.appsync.GraphQLApi(\"exampleGraphQLApi\", authentication_type=\"API_KEY\")\nexample_data_source = aws.appsync.DataSource(\"exampleDataSource\",\n api_id=example_graph_ql_api.id,\n name=\"tf_appsync_example\",\n service_role_arn=example_role.arn,\n type=\"AMAZON_DYNAMODB\",\n dynamodb_config=aws.appsync.DataSourceDynamodbConfigArgs(\n table_name=example_table.name,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleTable = new Aws.DynamoDB.Table(\"exampleTable\", new Aws.DynamoDB.TableArgs\n {\n ReadCapacity = 1,\n WriteCapacity = 1,\n HashKey = \"UserId\",\n Attributes = \n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"UserId\",\n Type = \"S\",\n },\n },\n });\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"appsync.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\"\n }\n ]\n}\n\",\n });\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"exampleRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = exampleRole.Id,\n Policy = exampleTable.Arn.Apply(arn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": [\n \"\"dynamodb:*\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"{arn}\"\"\n ]\n }}\n ]\n}}\n\"),\n });\n var exampleGraphQLApi = new Aws.AppSync.GraphQLApi(\"exampleGraphQLApi\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"API_KEY\",\n });\n var exampleDataSource = new Aws.AppSync.DataSource(\"exampleDataSource\", new Aws.AppSync.DataSourceArgs\n {\n ApiId = exampleGraphQLApi.Id,\n Name = \"tf_appsync_example\",\n ServiceRoleArn = exampleRole.Arn,\n Type = \"AMAZON_DYNAMODB\",\n DynamodbConfig = new Aws.AppSync.Inputs.DataSourceDynamodbConfigArgs\n {\n TableName = exampleTable.Name,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleTable, err := dynamodb.NewTable(ctx, \"exampleTable\", &dynamodb.TableArgs{\n\t\t\tReadCapacity: pulumi.Int(1),\n\t\t\tWriteCapacity: pulumi.Int(1),\n\t\t\tHashKey: pulumi.String(\"UserId\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t&dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"UserId\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"appsync.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"exampleRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: exampleTable.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"dynamodb:*\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"\", arn, \"\\\"\\n\", \" ]\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleGraphQLApi, err := appsync.NewGraphQLApi(ctx, \"exampleGraphQLApi\", &appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewDataSource(ctx, \"exampleDataSource\", &appsync.DataSourceArgs{\n\t\t\tApiId: exampleGraphQLApi.ID(),\n\t\t\tName: pulumi.String(\"tf_appsync_example\"),\n\t\t\tServiceRoleArn: exampleRole.Arn,\n\t\t\tType: pulumi.String(\"AMAZON_DYNAMODB\"),\n\t\t\tDynamodbConfig: &appsync.DataSourceDynamodbConfigArgs{\n\t\t\t\tTableName: exampleTable.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_appsync_datasource` can be imported with their `api_id`, a hyphen, and `name`, e.g.\n\n```sh\n $ pulumi import aws:appsync/dataSource:DataSource example abcdef123456-example\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The API ID for the GraphQL API for the DataSource.\n" + }, + "arn": { + "type": "string", + "description": "The ARN\n" + }, + "description": { + "type": "string", + "description": "A description of the DataSource.\n" + }, + "dynamodbConfig": { + "$ref": "#/types/aws:appsync/DataSourceDynamodbConfig:DataSourceDynamodbConfig", + "description": "DynamoDB settings. See below\n" + }, + "elasticsearchConfig": { + "$ref": "#/types/aws:appsync/DataSourceElasticsearchConfig:DataSourceElasticsearchConfig", + "description": "Amazon Elasticsearch settings. See below\n" + }, + "httpConfig": { + "$ref": "#/types/aws:appsync/DataSourceHttpConfig:DataSourceHttpConfig", + "description": "HTTP settings. See below\n" + }, + "lambdaConfig": { + "$ref": "#/types/aws:appsync/DataSourceLambdaConfig:DataSourceLambdaConfig", + "description": "AWS Lambda settings. See below\n" + }, + "name": { + "type": "string", + "description": "A user-supplied name for the DataSource.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The IAM service role ARN for the data source.\n" + }, + "type": { + "type": "string", + "description": "The type of the DataSource. Valid values: `AWS_LAMBDA`, `AMAZON_DYNAMODB`, `AMAZON_ELASTICSEARCH`, `HTTP`, `NONE`.\n" + } + }, + "required": [ + "apiId", + "arn", + "name", + "type" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The API ID for the GraphQL API for the DataSource.\n" + }, + "description": { + "type": "string", + "description": "A description of the DataSource.\n" + }, + "dynamodbConfig": { + "$ref": "#/types/aws:appsync/DataSourceDynamodbConfig:DataSourceDynamodbConfig", + "description": "DynamoDB settings. See below\n" + }, + "elasticsearchConfig": { + "$ref": "#/types/aws:appsync/DataSourceElasticsearchConfig:DataSourceElasticsearchConfig", + "description": "Amazon Elasticsearch settings. See below\n" + }, + "httpConfig": { + "$ref": "#/types/aws:appsync/DataSourceHttpConfig:DataSourceHttpConfig", + "description": "HTTP settings. See below\n" + }, + "lambdaConfig": { + "$ref": "#/types/aws:appsync/DataSourceLambdaConfig:DataSourceLambdaConfig", + "description": "AWS Lambda settings. See below\n" + }, + "name": { + "type": "string", + "description": "A user-supplied name for the DataSource.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The IAM service role ARN for the data source.\n" + }, + "type": { + "type": "string", + "description": "The type of the DataSource. Valid values: `AWS_LAMBDA`, `AMAZON_DYNAMODB`, `AMAZON_ELASTICSEARCH`, `HTTP`, `NONE`.\n" + } + }, + "requiredInputs": [ + "apiId", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DataSource resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API ID for the GraphQL API for the DataSource.\n" + }, + "arn": { + "type": "string", + "description": "The ARN\n" + }, + "description": { + "type": "string", + "description": "A description of the DataSource.\n" + }, + "dynamodbConfig": { + "$ref": "#/types/aws:appsync/DataSourceDynamodbConfig:DataSourceDynamodbConfig", + "description": "DynamoDB settings. See below\n" + }, + "elasticsearchConfig": { + "$ref": "#/types/aws:appsync/DataSourceElasticsearchConfig:DataSourceElasticsearchConfig", + "description": "Amazon Elasticsearch settings. See below\n" + }, + "httpConfig": { + "$ref": "#/types/aws:appsync/DataSourceHttpConfig:DataSourceHttpConfig", + "description": "HTTP settings. See below\n" + }, + "lambdaConfig": { + "$ref": "#/types/aws:appsync/DataSourceLambdaConfig:DataSourceLambdaConfig", + "description": "AWS Lambda settings. See below\n" + }, + "name": { + "type": "string", + "description": "A user-supplied name for the DataSource.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The IAM service role ARN for the data source.\n" + }, + "type": { + "type": "string", + "description": "The type of the DataSource. Valid values: `AWS_LAMBDA`, `AMAZON_DYNAMODB`, `AMAZON_ELASTICSEARCH`, `HTTP`, `NONE`.\n" + } + }, + "type": "object" + } + }, + "aws:appsync/function:Function": { + "description": "Provides an AppSync Function.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGraphQLApi = new aws.appsync.GraphQLApi(\"exampleGraphQLApi\", {\n authenticationType: \"API_KEY\",\n schema: `type Mutation {\n putPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n id: ID!\n title: String!\n}\n\ntype Query {\n singlePost(id: ID!): Post\n}\n\nschema {\n query: Query\n mutation: Mutation\n}\n`,\n});\nconst exampleDataSource = new aws.appsync.DataSource(\"exampleDataSource\", {\n apiId: exampleGraphQLApi.id,\n name: \"example\",\n type: \"HTTP\",\n httpConfig: {\n endpoint: \"http://example.com\",\n },\n});\nconst exampleFunction = new aws.appsync.Function(\"exampleFunction\", {\n apiId: exampleGraphQLApi.id,\n dataSource: exampleDataSource.name,\n name: \"example\",\n requestMappingTemplate: `{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n`,\n responseMappingTemplate: `#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_graph_ql_api = aws.appsync.GraphQLApi(\"exampleGraphQLApi\",\n authentication_type=\"API_KEY\",\n schema=\"\"\"type Mutation {\n putPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n id: ID!\n title: String!\n}\n\ntype Query {\n singlePost(id: ID!): Post\n}\n\nschema {\n query: Query\n mutation: Mutation\n}\n\"\"\")\nexample_data_source = aws.appsync.DataSource(\"exampleDataSource\",\n api_id=example_graph_ql_api.id,\n name=\"example\",\n type=\"HTTP\",\n http_config=aws.appsync.DataSourceHttpConfigArgs(\n endpoint=\"http://example.com\",\n ))\nexample_function = aws.appsync.Function(\"exampleFunction\",\n api_id=example_graph_ql_api.id,\n data_source=example_data_source.name,\n name=\"example\",\n request_mapping_template=\"\"\"{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n\"\"\",\n response_mapping_template=\"\"\"#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleGraphQLApi = new Aws.AppSync.GraphQLApi(\"exampleGraphQLApi\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"API_KEY\",\n Schema = @\"type Mutation {\n putPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n id: ID!\n title: String!\n}\n\ntype Query {\n singlePost(id: ID!): Post\n}\n\nschema {\n query: Query\n mutation: Mutation\n}\n\",\n });\n var exampleDataSource = new Aws.AppSync.DataSource(\"exampleDataSource\", new Aws.AppSync.DataSourceArgs\n {\n ApiId = exampleGraphQLApi.Id,\n Name = \"example\",\n Type = \"HTTP\",\n HttpConfig = new Aws.AppSync.Inputs.DataSourceHttpConfigArgs\n {\n Endpoint = \"http://example.com\",\n },\n });\n var exampleFunction = new Aws.AppSync.Function(\"exampleFunction\", new Aws.AppSync.FunctionArgs\n {\n ApiId = exampleGraphQLApi.Id,\n DataSource = exampleDataSource.Name,\n Name = \"example\",\n RequestMappingTemplate = @\"{\n \"\"version\"\": \"\"2018-05-29\"\",\n \"\"method\"\": \"\"GET\"\",\n \"\"resourcePath\"\": \"\"/\"\",\n \"\"params\"\":{\n \"\"headers\"\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n\",\n ResponseMappingTemplate = @\"#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleGraphQLApi, err := appsync.NewGraphQLApi(ctx, \"exampleGraphQLApi\", &appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t\tSchema: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"type Mutation {\\n\", \" putPost(id: ID!, title: String!): Post\\n\", \"}\\n\", \"\\n\", \"type Post {\\n\", \" id: ID!\\n\", \" title: String!\\n\", \"}\\n\", \"\\n\", \"type Query {\\n\", \" singlePost(id: ID!): Post\\n\", \"}\\n\", \"\\n\", \"schema {\\n\", \" query: Query\\n\", \" mutation: Mutation\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDataSource, err := appsync.NewDataSource(ctx, \"exampleDataSource\", &appsync.DataSourceArgs{\n\t\t\tApiId: exampleGraphQLApi.ID(),\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t\tHttpConfig: &appsync.DataSourceHttpConfigArgs{\n\t\t\t\tEndpoint: pulumi.String(\"http://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewFunction(ctx, \"exampleFunction\", &appsync.FunctionArgs{\n\t\t\tApiId: exampleGraphQLApi.ID(),\n\t\t\tDataSource: exampleDataSource.Name,\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tRequestMappingTemplate: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"version\\\": \\\"2018-05-29\\\",\\n\", \" \\\"method\\\": \\\"GET\\\",\\n\", \" \\\"resourcePath\\\": \\\"/\\\",\\n\", \" \\\"params\\\":{\\n\", \" \\\"headers\\\": \", \"$\", \"utils.http.copyheaders(\", \"$\", \"ctx.request.headers)\\n\", \" }\\n\", \"}\\n\")),\n\t\t\tResponseMappingTemplate: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"#if(\", \"$\", \"ctx.result.statusCode == 200)\\n\", \" \", \"$\", \"ctx.result.body\\n\", \"#else\\n\", \" \", \"$\", \"utils.appendError(\", \"$\", \"ctx.result.body, \", \"$\", \"ctx.result.statusCode)\\n\", \"#end\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_appsync_function` can be imported using the AppSync API ID and Function ID separated by `-`, e.g.\n\n```sh\n $ pulumi import aws:appsync/function:Function example xxxxx-yyyyy\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The ID of the associated AppSync API.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the Function object.\n" + }, + "dataSource": { + "type": "string", + "description": "The Function DataSource name.\n" + }, + "description": { + "type": "string", + "description": "The Function description.\n" + }, + "functionId": { + "type": "string", + "description": "A unique ID representing the Function object.\n" + }, + "functionVersion": { + "type": "string", + "description": "The version of the request mapping template. Currently the supported value is `2018-05-29`.\n" + }, + "name": { + "type": "string", + "description": "The Function name. The function name does not have to be unique.\n" + }, + "requestMappingTemplate": { + "type": "string", + "description": "The Function request mapping template. Functions support only the 2018-05-29 version of the request mapping template.\n" + }, + "responseMappingTemplate": { + "type": "string", + "description": "The Function response mapping template.\n" + } + }, + "required": [ + "apiId", + "arn", + "dataSource", + "functionId", + "name", + "requestMappingTemplate", + "responseMappingTemplate" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The ID of the associated AppSync API.\n" + }, + "dataSource": { + "type": "string", + "description": "The Function DataSource name.\n" + }, + "description": { + "type": "string", + "description": "The Function description.\n" + }, + "functionVersion": { + "type": "string", + "description": "The version of the request mapping template. Currently the supported value is `2018-05-29`.\n" + }, + "name": { + "type": "string", + "description": "The Function name. The function name does not have to be unique.\n" + }, + "requestMappingTemplate": { + "type": "string", + "description": "The Function request mapping template. Functions support only the 2018-05-29 version of the request mapping template.\n" + }, + "responseMappingTemplate": { + "type": "string", + "description": "The Function response mapping template.\n" + } + }, + "requiredInputs": [ + "apiId", + "dataSource", + "requestMappingTemplate", + "responseMappingTemplate" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Function resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The ID of the associated AppSync API.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the Function object.\n" + }, + "dataSource": { + "type": "string", + "description": "The Function DataSource name.\n" + }, + "description": { + "type": "string", + "description": "The Function description.\n" + }, + "functionId": { + "type": "string", + "description": "A unique ID representing the Function object.\n" + }, + "functionVersion": { + "type": "string", + "description": "The version of the request mapping template. Currently the supported value is `2018-05-29`.\n" + }, + "name": { + "type": "string", + "description": "The Function name. The function name does not have to be unique.\n" + }, + "requestMappingTemplate": { + "type": "string", + "description": "The Function request mapping template. Functions support only the 2018-05-29 version of the request mapping template.\n" + }, + "responseMappingTemplate": { + "type": "string", + "description": "The Function response mapping template.\n" + } + }, + "type": "object" + } + }, + "aws:appsync/graphQLApi:GraphQLApi": { + "description": "Provides an AppSync GraphQL API.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### API Key Authentication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appsync.GraphQLApi(\"example\", {\n authenticationType: \"API_KEY\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appsync.GraphQLApi(\"example\", authentication_type=\"API_KEY\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppSync.GraphQLApi(\"example\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"API_KEY\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appsync.NewGraphQLApi(ctx, \"example\", &appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### AWS Cognito User Pool Authentication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appsync.GraphQLApi(\"example\", {\n authenticationType: \"AMAZON_COGNITO_USER_POOLS\",\n userPoolConfig: {\n awsRegion: data.aws_region.current.name,\n defaultAction: \"DENY\",\n userPoolId: aws_cognito_user_pool.example.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appsync.GraphQLApi(\"example\",\n authentication_type=\"AMAZON_COGNITO_USER_POOLS\",\n user_pool_config=aws.appsync.GraphQLApiUserPoolConfigArgs(\n aws_region=data[\"aws_region\"][\"current\"][\"name\"],\n default_action=\"DENY\",\n user_pool_id=aws_cognito_user_pool[\"example\"][\"id\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppSync.GraphQLApi(\"example\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"AMAZON_COGNITO_USER_POOLS\",\n UserPoolConfig = new Aws.AppSync.Inputs.GraphQLApiUserPoolConfigArgs\n {\n AwsRegion = data.Aws_region.Current.Name,\n DefaultAction = \"DENY\",\n UserPoolId = aws_cognito_user_pool.Example.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appsync.NewGraphQLApi(ctx, \"example\", &appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"AMAZON_COGNITO_USER_POOLS\"),\n\t\t\tUserPoolConfig: &appsync.GraphQLApiUserPoolConfigArgs{\n\t\t\t\tAwsRegion: pulumi.Any(data.Aws_region.Current.Name),\n\t\t\t\tDefaultAction: pulumi.String(\"DENY\"),\n\t\t\t\tUserPoolId: pulumi.Any(aws_cognito_user_pool.Example.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### AWS IAM Authentication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appsync.GraphQLApi(\"example\", {\n authenticationType: \"AWS_IAM\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appsync.GraphQLApi(\"example\", authentication_type=\"AWS_IAM\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppSync.GraphQLApi(\"example\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"AWS_IAM\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appsync.NewGraphQLApi(ctx, \"example\", &appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"AWS_IAM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### With Schema\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appsync.GraphQLApi(\"example\", {\n authenticationType: \"AWS_IAM\",\n schema: `schema {\n\tquery: Query\n}\ntype Query {\n test: Int\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appsync.GraphQLApi(\"example\",\n authentication_type=\"AWS_IAM\",\n schema=\"\"\"schema {\n\tquery: Query\n}\ntype Query {\n test: Int\n}\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppSync.GraphQLApi(\"example\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"AWS_IAM\",\n Schema = @\"schema {\n\tquery: Query\n}\ntype Query {\n test: Int\n}\n\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appsync.NewGraphQLApi(ctx, \"example\", &appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"AWS_IAM\"),\n\t\t\tSchema: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v\", \"schema {\\n\", \"\tquery: Query\\n\", \"}\\n\", \"type Query {\\n\", \" test: Int\\n\", \"}\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### OpenID Connect Authentication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appsync.GraphQLApi(\"example\", {\n authenticationType: \"OPENID_CONNECT\",\n openidConnectConfig: {\n issuer: \"https://example.com\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appsync.GraphQLApi(\"example\",\n authentication_type=\"OPENID_CONNECT\",\n openid_connect_config=aws.appsync.GraphQLApiOpenidConnectConfigArgs(\n issuer=\"https://example.com\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppSync.GraphQLApi(\"example\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"OPENID_CONNECT\",\n OpenidConnectConfig = new Aws.AppSync.Inputs.GraphQLApiOpenidConnectConfigArgs\n {\n Issuer = \"https://example.com\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appsync.NewGraphQLApi(ctx, \"example\", &appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"OPENID_CONNECT\"),\n\t\t\tOpenidConnectConfig: &appsync.GraphQLApiOpenidConnectConfigArgs{\n\t\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### With Multiple Authentication Providers\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.appsync.GraphQLApi(\"example\", {\n additionalAuthenticationProviders: [{\n authenticationType: \"AWS_IAM\",\n }],\n authenticationType: \"API_KEY\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.appsync.GraphQLApi(\"example\",\n additional_authentication_providers=[aws.appsync.GraphQLApiAdditionalAuthenticationProviderArgs(\n authentication_type=\"AWS_IAM\",\n )],\n authentication_type=\"API_KEY\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.AppSync.GraphQLApi(\"example\", new Aws.AppSync.GraphQLApiArgs\n {\n AdditionalAuthenticationProviders = \n {\n new Aws.AppSync.Inputs.GraphQLApiAdditionalAuthenticationProviderArgs\n {\n AuthenticationType = \"AWS_IAM\",\n },\n },\n AuthenticationType = \"API_KEY\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appsync.NewGraphQLApi(ctx, \"example\", &appsync.GraphQLApiArgs{\n\t\t\tAdditionalAuthenticationProviders: appsync.GraphQLApiAdditionalAuthenticationProviderArray{\n\t\t\t\t&appsync.GraphQLApiAdditionalAuthenticationProviderArgs{\n\t\t\t\t\tAuthenticationType: pulumi.String(\"AWS_IAM\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Enabling Logging\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"appsync.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs\",\n role: exampleRole.name,\n});\n// ... other configuration ...\nconst exampleGraphQLApi = new aws.appsync.GraphQLApi(\"exampleGraphQLApi\", {logConfig: {\n cloudwatchLogsRoleArn: exampleRole.arn,\n fieldLogLevel: \"ERROR\",\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"appsync.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs\",\n role=example_role.name)\n# ... other configuration ...\nexample_graph_ql_api = aws.appsync.GraphQLApi(\"exampleGraphQLApi\", log_config=aws.appsync.GraphQLApiLogConfigArgs(\n cloudwatch_logs_role_arn=example_role.arn,\n field_log_level=\"ERROR\",\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"appsync.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs\",\n Role = exampleRole.Name,\n });\n // ... other configuration ...\n var exampleGraphQLApi = new Aws.AppSync.GraphQLApi(\"exampleGraphQLApi\", new Aws.AppSync.GraphQLApiArgs\n {\n LogConfig = new Aws.AppSync.Inputs.GraphQLApiLogConfigArgs\n {\n CloudwatchLogsRoleArn = exampleRole.Arn,\n FieldLogLevel = \"ERROR\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"appsync.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"exampleRolePolicyAttachment\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSAppSyncPushToCloudWatchLogs\"),\n\t\t\tRole: exampleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewGraphQLApi(ctx, \"exampleGraphQLApi\", &appsync.GraphQLApiArgs{\n\t\t\tLogConfig: &appsync.GraphQLApiLogConfigArgs{\n\t\t\t\tCloudwatchLogsRoleArn: exampleRole.Arn,\n\t\t\t\tFieldLogLevel: pulumi.String(\"ERROR\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Associate Web ACL (v2)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGraphQLApi = new aws.appsync.GraphQLApi(\"exampleGraphQLApi\", {authenticationType: \"API_KEY\"});\nconst exampleWebAcl = new aws.wafv2.WebAcl(\"exampleWebAcl\", {\n description: \"Example of a managed rule.\",\n scope: \"REGIONAL\",\n defaultAction: {\n allow: {},\n },\n rules: [{\n name: \"rule-1\",\n priority: 1,\n overrideAction: {\n block: [{}],\n },\n statement: {\n managedRuleGroupStatement: {\n name: \"AWSManagedRulesCommonRuleSet\",\n vendorName: \"AWS\",\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\nconst exampleWebAclAssociation = new aws.wafv2.WebAclAssociation(\"exampleWebAclAssociation\", {\n resourceArn: exampleGraphQLApi.arn,\n webAclArn: exampleWebAcl.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_graph_ql_api = aws.appsync.GraphQLApi(\"exampleGraphQLApi\", authentication_type=\"API_KEY\")\nexample_web_acl = aws.wafv2.WebAcl(\"exampleWebAcl\",\n description=\"Example of a managed rule.\",\n scope=\"REGIONAL\",\n default_action=aws.wafv2.WebAclDefaultActionArgs(\n allow=aws.wafv2.WebAclDefaultActionAllowArgs(),\n ),\n rules=[aws.wafv2.WebAclRuleArgs(\n name=\"rule-1\",\n priority=1,\n override_action=aws.wafv2.WebAclRuleOverrideActionArgs(\n block=[{}],\n ),\n statement=aws.wafv2.WebAclRuleStatementArgs(\n managed_rule_group_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs(\n name=\"AWSManagedRulesCommonRuleSet\",\n vendor_name=\"AWS\",\n ),\n ),\n visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\nexample_web_acl_association = aws.wafv2.WebAclAssociation(\"exampleWebAclAssociation\",\n resource_arn=example_graph_ql_api.arn,\n web_acl_arn=example_web_acl.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleGraphQLApi = new Aws.AppSync.GraphQLApi(\"exampleGraphQLApi\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"API_KEY\",\n });\n var exampleWebAcl = new Aws.WafV2.WebAcl(\"exampleWebAcl\", new Aws.WafV2.WebAclArgs\n {\n Description = \"Example of a managed rule.\",\n Scope = \"REGIONAL\",\n DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs\n {\n Allow = ,\n },\n Rules = \n {\n new Aws.WafV2.Inputs.WebAclRuleArgs\n {\n Name = \"rule-1\",\n Priority = 1,\n OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs\n {\n Block = \n {\n ,\n },\n },\n Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs\n {\n ManagedRuleGroupStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementArgs\n {\n Name = \"AWSManagedRulesCommonRuleSet\",\n VendorName = \"AWS\",\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n var exampleWebAclAssociation = new Aws.WafV2.WebAclAssociation(\"exampleWebAclAssociation\", new Aws.WafV2.WebAclAssociationArgs\n {\n ResourceArn = exampleGraphQLApi.Arn,\n WebAclArn = exampleWebAcl.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleGraphQLApi, err := appsync.NewGraphQLApi(ctx, \"exampleGraphQLApi\", &appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleWebAcl, err := wafv2.NewWebAcl(ctx, \"exampleWebAcl\", &wafv2.WebAclArgs{\n\t\t\tDescription: pulumi.String(\"Example of a managed rule.\"),\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tDefaultAction: &wafv2.WebAclDefaultActionArgs{\n\t\t\t\tAllow: nil,\n\t\t\t},\n\t\t\tRules: wafv2.WebAclRuleArray{\n\t\t\t\t&wafv2.WebAclRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tOverrideAction: &wafv2.WebAclRuleOverrideActionArgs{\n\t\t\t\t\t\tBlock: []map[string]interface{}{\n\t\t\t\t\t\t\tnil,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tStatement: &wafv2.WebAclRuleStatementArgs{\n\t\t\t\t\t\tManagedRuleGroupStatement: &wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"AWSManagedRulesCommonRuleSet\"),\n\t\t\t\t\t\t\tVendorName: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tVisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafv2.NewWebAclAssociation(ctx, \"exampleWebAclAssociation\", &wafv2.WebAclAssociationArgs{\n\t\t\tResourceArn: exampleGraphQLApi.Arn,\n\t\t\tWebAclArn: exampleWebAcl.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAppSync GraphQL API can be imported using the GraphQL API ID, e.g.\n\n```sh\n $ pulumi import aws:appsync/graphQLApi:GraphQLApi example 0123456789\n```\n\n ", + "properties": { + "additionalAuthenticationProviders": { + "type": "array", + "items": { + "$ref": "#/types/aws:appsync/GraphQLApiAdditionalAuthenticationProvider:GraphQLApiAdditionalAuthenticationProvider" + }, + "description": "One or more additional authentication providers for the GraphqlApi. Defined below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN\n" + }, + "authenticationType": { + "type": "string", + "description": "The authentication type. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`\n" + }, + "logConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiLogConfig:GraphQLApiLogConfig", + "description": "Nested argument containing logging configuration. Defined below.\n" + }, + "name": { + "type": "string", + "description": "A user-supplied name for the GraphqlApi.\n" + }, + "openidConnectConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiOpenidConnectConfig:GraphQLApiOpenidConnectConfig", + "description": "Nested argument containing OpenID Connect configuration. Defined below.\n" + }, + "schema": { + "type": "string", + "description": "The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uris": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of URIs associated with the API. e.g. `uris[\"GRAPHQL\"] = https://ID.appsync-api.REGION.amazonaws.com/graphql`\n" + }, + "userPoolConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiUserPoolConfig:GraphQLApiUserPoolConfig", + "description": "The Amazon Cognito User Pool configuration. Defined below.\n" + }, + "xrayEnabled": { + "type": "boolean", + "description": "Whether tracing with X-ray is enabled. Defaults to false.\n" + } + }, + "required": [ + "arn", + "authenticationType", + "name", + "tagsAll", + "uris" + ], + "inputProperties": { + "additionalAuthenticationProviders": { + "type": "array", + "items": { + "$ref": "#/types/aws:appsync/GraphQLApiAdditionalAuthenticationProvider:GraphQLApiAdditionalAuthenticationProvider" + }, + "description": "One or more additional authentication providers for the GraphqlApi. Defined below.\n" + }, + "authenticationType": { + "type": "string", + "description": "The authentication type. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`\n" + }, + "logConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiLogConfig:GraphQLApiLogConfig", + "description": "Nested argument containing logging configuration. Defined below.\n" + }, + "name": { + "type": "string", + "description": "A user-supplied name for the GraphqlApi.\n" + }, + "openidConnectConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiOpenidConnectConfig:GraphQLApiOpenidConnectConfig", + "description": "Nested argument containing OpenID Connect configuration. Defined below.\n" + }, + "schema": { + "type": "string", + "description": "The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userPoolConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiUserPoolConfig:GraphQLApiUserPoolConfig", + "description": "The Amazon Cognito User Pool configuration. Defined below.\n" + }, + "xrayEnabled": { + "type": "boolean", + "description": "Whether tracing with X-ray is enabled. Defaults to false.\n" + } + }, + "requiredInputs": [ + "authenticationType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GraphQLApi resources.\n", + "properties": { + "additionalAuthenticationProviders": { + "type": "array", + "items": { + "$ref": "#/types/aws:appsync/GraphQLApiAdditionalAuthenticationProvider:GraphQLApiAdditionalAuthenticationProvider" + }, + "description": "One or more additional authentication providers for the GraphqlApi. Defined below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN\n" + }, + "authenticationType": { + "type": "string", + "description": "The authentication type. Valid values: `API_KEY`, `AWS_IAM`, `AMAZON_COGNITO_USER_POOLS`, `OPENID_CONNECT`\n" + }, + "logConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiLogConfig:GraphQLApiLogConfig", + "description": "Nested argument containing logging configuration. Defined below.\n" + }, + "name": { + "type": "string", + "description": "A user-supplied name for the GraphqlApi.\n" + }, + "openidConnectConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiOpenidConnectConfig:GraphQLApiOpenidConnectConfig", + "description": "Nested argument containing OpenID Connect configuration. Defined below.\n" + }, + "schema": { + "type": "string", + "description": "The schema definition, in GraphQL schema language format. This provider cannot perform drift detection of this configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uris": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of URIs associated with the API. e.g. `uris[\"GRAPHQL\"] = https://ID.appsync-api.REGION.amazonaws.com/graphql`\n" + }, + "userPoolConfig": { + "$ref": "#/types/aws:appsync/GraphQLApiUserPoolConfig:GraphQLApiUserPoolConfig", + "description": "The Amazon Cognito User Pool configuration. Defined below.\n" + }, + "xrayEnabled": { + "type": "boolean", + "description": "Whether tracing with X-ray is enabled. Defaults to false.\n" + } + }, + "type": "object" + } + }, + "aws:appsync/resolver:Resolver": { + "description": "Provides an AppSync Resolver.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testGraphQLApi = new aws.appsync.GraphQLApi(\"testGraphQLApi\", {\n authenticationType: \"API_KEY\",\n schema: `type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n`,\n});\nconst testDataSource = new aws.appsync.DataSource(\"testDataSource\", {\n apiId: testGraphQLApi.id,\n name: \"tf_example\",\n type: \"HTTP\",\n httpConfig: {\n endpoint: \"http://example.com\",\n },\n});\n// UNIT type resolver (default)\nconst testResolver = new aws.appsync.Resolver(\"testResolver\", {\n apiId: testGraphQLApi.id,\n field: \"singlePost\",\n type: \"Query\",\n dataSource: testDataSource.name,\n requestTemplate: `{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n`,\n responseTemplate: `#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n`,\n cachingConfig: {\n cachingKeys: [\n `$context.identity.sub`,\n `$context.arguments.id`,\n ],\n ttl: 60,\n },\n});\n// PIPELINE type resolver\nconst mutationPipelineTest = new aws.appsync.Resolver(\"mutationPipelineTest\", {\n type: \"Mutation\",\n apiId: testGraphQLApi.id,\n field: \"pipelineTest\",\n requestTemplate: \"{}\",\n responseTemplate: `$util.toJson($ctx.result)`,\n kind: \"PIPELINE\",\n pipelineConfig: {\n functions: [\n aws_appsync_function.test1.function_id,\n aws_appsync_function.test2.function_id,\n aws_appsync_function.test3.function_id,\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_graph_ql_api = aws.appsync.GraphQLApi(\"testGraphQLApi\",\n authentication_type=\"API_KEY\",\n schema=\"\"\"type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n\"\"\")\ntest_data_source = aws.appsync.DataSource(\"testDataSource\",\n api_id=test_graph_ql_api.id,\n name=\"tf_example\",\n type=\"HTTP\",\n http_config=aws.appsync.DataSourceHttpConfigArgs(\n endpoint=\"http://example.com\",\n ))\n# UNIT type resolver (default)\ntest_resolver = aws.appsync.Resolver(\"testResolver\",\n api_id=test_graph_ql_api.id,\n field=\"singlePost\",\n type=\"Query\",\n data_source=test_data_source.name,\n request_template=\"\"\"{\n \"version\": \"2018-05-29\",\n \"method\": \"GET\",\n \"resourcePath\": \"/\",\n \"params\":{\n \"headers\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n\"\"\",\n response_template=\"\"\"#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n\"\"\",\n caching_config=aws.appsync.ResolverCachingConfigArgs(\n caching_keys=[\n \"$context.identity.sub\",\n \"$context.arguments.id\",\n ],\n ttl=60,\n ))\n# PIPELINE type resolver\nmutation_pipeline_test = aws.appsync.Resolver(\"mutationPipelineTest\",\n type=\"Mutation\",\n api_id=test_graph_ql_api.id,\n field=\"pipelineTest\",\n request_template=\"{}\",\n response_template=\"$util.toJson($ctx.result)\",\n kind=\"PIPELINE\",\n pipeline_config=aws.appsync.ResolverPipelineConfigArgs(\n functions=[\n aws_appsync_function[\"test1\"][\"function_id\"],\n aws_appsync_function[\"test2\"][\"function_id\"],\n aws_appsync_function[\"test3\"][\"function_id\"],\n ],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testGraphQLApi = new Aws.AppSync.GraphQLApi(\"testGraphQLApi\", new Aws.AppSync.GraphQLApiArgs\n {\n AuthenticationType = \"API_KEY\",\n Schema = @\"type Mutation {\n\tputPost(id: ID!, title: String!): Post\n}\n\ntype Post {\n\tid: ID!\n\ttitle: String!\n}\n\ntype Query {\n\tsinglePost(id: ID!): Post\n}\n\nschema {\n\tquery: Query\n\tmutation: Mutation\n}\n\",\n });\n var testDataSource = new Aws.AppSync.DataSource(\"testDataSource\", new Aws.AppSync.DataSourceArgs\n {\n ApiId = testGraphQLApi.Id,\n Name = \"tf_example\",\n Type = \"HTTP\",\n HttpConfig = new Aws.AppSync.Inputs.DataSourceHttpConfigArgs\n {\n Endpoint = \"http://example.com\",\n },\n });\n // UNIT type resolver (default)\n var testResolver = new Aws.AppSync.Resolver(\"testResolver\", new Aws.AppSync.ResolverArgs\n {\n ApiId = testGraphQLApi.Id,\n Field = \"singlePost\",\n Type = \"Query\",\n DataSource = testDataSource.Name,\n RequestTemplate = @\"{\n \"\"version\"\": \"\"2018-05-29\"\",\n \"\"method\"\": \"\"GET\"\",\n \"\"resourcePath\"\": \"\"/\"\",\n \"\"params\"\":{\n \"\"headers\"\": $utils.http.copyheaders($ctx.request.headers)\n }\n}\n\",\n ResponseTemplate = @\"#if($ctx.result.statusCode == 200)\n $ctx.result.body\n#else\n $utils.appendError($ctx.result.body, $ctx.result.statusCode)\n#end\n\",\n CachingConfig = new Aws.AppSync.Inputs.ResolverCachingConfigArgs\n {\n CachingKeys = \n {\n \"$context.identity.sub\",\n \"$context.arguments.id\",\n },\n Ttl = 60,\n },\n });\n // PIPELINE type resolver\n var mutationPipelineTest = new Aws.AppSync.Resolver(\"mutationPipelineTest\", new Aws.AppSync.ResolverArgs\n {\n Type = \"Mutation\",\n ApiId = testGraphQLApi.Id,\n Field = \"pipelineTest\",\n RequestTemplate = \"{}\",\n ResponseTemplate = \"$util.toJson($ctx.result)\",\n Kind = \"PIPELINE\",\n PipelineConfig = new Aws.AppSync.Inputs.ResolverPipelineConfigArgs\n {\n Functions = \n {\n aws_appsync_function.Test1.Function_id,\n aws_appsync_function.Test2.Function_id,\n aws_appsync_function.Test3.Function_id,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appsync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestGraphQLApi, err := appsync.NewGraphQLApi(ctx, \"testGraphQLApi\", &appsync.GraphQLApiArgs{\n\t\t\tAuthenticationType: pulumi.String(\"API_KEY\"),\n\t\t\tSchema: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"type Mutation {\\n\", \"\tputPost(id: ID!, title: String!): Post\\n\", \"}\\n\", \"\\n\", \"type Post {\\n\", \"\tid: ID!\\n\", \"\ttitle: String!\\n\", \"}\\n\", \"\\n\", \"type Query {\\n\", \"\tsinglePost(id: ID!): Post\\n\", \"}\\n\", \"\\n\", \"schema {\\n\", \"\tquery: Query\\n\", \"\tmutation: Mutation\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestDataSource, err := appsync.NewDataSource(ctx, \"testDataSource\", &appsync.DataSourceArgs{\n\t\t\tApiId: testGraphQLApi.ID(),\n\t\t\tName: pulumi.String(\"tf_example\"),\n\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t\tHttpConfig: &appsync.DataSourceHttpConfigArgs{\n\t\t\t\tEndpoint: pulumi.String(\"http://example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewResolver(ctx, \"testResolver\", &appsync.ResolverArgs{\n\t\t\tApiId: testGraphQLApi.ID(),\n\t\t\tField: pulumi.String(\"singlePost\"),\n\t\t\tType: pulumi.String(\"Query\"),\n\t\t\tDataSource: testDataSource.Name,\n\t\t\tRequestTemplate: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"version\\\": \\\"2018-05-29\\\",\\n\", \" \\\"method\\\": \\\"GET\\\",\\n\", \" \\\"resourcePath\\\": \\\"/\\\",\\n\", \" \\\"params\\\":{\\n\", \" \\\"headers\\\": \", \"$\", \"utils.http.copyheaders(\", \"$\", \"ctx.request.headers)\\n\", \" }\\n\", \"}\\n\")),\n\t\t\tResponseTemplate: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"#if(\", \"$\", \"ctx.result.statusCode == 200)\\n\", \" \", \"$\", \"ctx.result.body\\n\", \"#else\\n\", \" \", \"$\", \"utils.appendError(\", \"$\", \"ctx.result.body, \", \"$\", \"ctx.result.statusCode)\\n\", \"#end\\n\")),\n\t\t\tCachingConfig: &appsync.ResolverCachingConfigArgs{\n\t\t\t\tCachingKeys: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"context.identity.sub\")),\n\t\t\t\t\tpulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"context.arguments.id\")),\n\t\t\t\t},\n\t\t\t\tTtl: pulumi.Int(60),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = appsync.NewResolver(ctx, \"mutationPipelineTest\", &appsync.ResolverArgs{\n\t\t\tType: pulumi.String(\"Mutation\"),\n\t\t\tApiId: testGraphQLApi.ID(),\n\t\t\tField: pulumi.String(\"pipelineTest\"),\n\t\t\tRequestTemplate: pulumi.String(\"{}\"),\n\t\t\tResponseTemplate: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"$\", \"util.toJson(\", \"$\", \"ctx.result)\")),\n\t\t\tKind: pulumi.String(\"PIPELINE\"),\n\t\t\tPipelineConfig: &appsync.ResolverPipelineConfigArgs{\n\t\t\t\tFunctions: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_appsync_function.Test1.Function_id),\n\t\t\t\t\tpulumi.Any(aws_appsync_function.Test2.Function_id),\n\t\t\t\t\tpulumi.Any(aws_appsync_function.Test3.Function_id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_appsync_resolver` can be imported with their `api_id`, a hyphen, `type`, a hypen and `field` e.g.\n\n```sh\n $ pulumi import aws:appsync/resolver:Resolver example abcdef123456-exampleType-exampleField\n```\n\n ", + "properties": { + "apiId": { + "type": "string", + "description": "The API ID for the GraphQL API.\n" + }, + "arn": { + "type": "string", + "description": "The ARN\n" + }, + "cachingConfig": { + "$ref": "#/types/aws:appsync/ResolverCachingConfig:ResolverCachingConfig", + "description": "The CachingConfig.\n" + }, + "dataSource": { + "type": "string", + "description": "The DataSource name.\n" + }, + "field": { + "type": "string", + "description": "The field name from the schema defined in the GraphQL API.\n" + }, + "kind": { + "type": "string", + "description": "The resolver type. Valid values are `UNIT` and `PIPELINE`.\n" + }, + "pipelineConfig": { + "$ref": "#/types/aws:appsync/ResolverPipelineConfig:ResolverPipelineConfig", + "description": "The PipelineConfig.\n" + }, + "requestTemplate": { + "type": "string", + "description": "The request mapping template for UNIT resolver or 'before mapping template' for PIPELINE resolver. Required for non-Lambda resolvers.\n" + }, + "responseTemplate": { + "type": "string", + "description": "The response mapping template for UNIT resolver or 'after mapping template' for PIPELINE resolver. Required for non-Lambda resolvers.\n" + }, + "type": { + "type": "string", + "description": "The type name from the schema defined in the GraphQL API.\n" + } + }, + "required": [ + "apiId", + "arn", + "field", + "type" + ], + "inputProperties": { + "apiId": { + "type": "string", + "description": "The API ID for the GraphQL API.\n" + }, + "cachingConfig": { + "$ref": "#/types/aws:appsync/ResolverCachingConfig:ResolverCachingConfig", + "description": "The CachingConfig.\n" + }, + "dataSource": { + "type": "string", + "description": "The DataSource name.\n" + }, + "field": { + "type": "string", + "description": "The field name from the schema defined in the GraphQL API.\n" + }, + "kind": { + "type": "string", + "description": "The resolver type. Valid values are `UNIT` and `PIPELINE`.\n" + }, + "pipelineConfig": { + "$ref": "#/types/aws:appsync/ResolverPipelineConfig:ResolverPipelineConfig", + "description": "The PipelineConfig.\n" + }, + "requestTemplate": { + "type": "string", + "description": "The request mapping template for UNIT resolver or 'before mapping template' for PIPELINE resolver. Required for non-Lambda resolvers.\n" + }, + "responseTemplate": { + "type": "string", + "description": "The response mapping template for UNIT resolver or 'after mapping template' for PIPELINE resolver. Required for non-Lambda resolvers.\n" + }, + "type": { + "type": "string", + "description": "The type name from the schema defined in the GraphQL API.\n" + } + }, + "requiredInputs": [ + "apiId", + "field", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Resolver resources.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API ID for the GraphQL API.\n" + }, + "arn": { + "type": "string", + "description": "The ARN\n" + }, + "cachingConfig": { + "$ref": "#/types/aws:appsync/ResolverCachingConfig:ResolverCachingConfig", + "description": "The CachingConfig.\n" + }, + "dataSource": { + "type": "string", + "description": "The DataSource name.\n" + }, + "field": { + "type": "string", + "description": "The field name from the schema defined in the GraphQL API.\n" + }, + "kind": { + "type": "string", + "description": "The resolver type. Valid values are `UNIT` and `PIPELINE`.\n" + }, + "pipelineConfig": { + "$ref": "#/types/aws:appsync/ResolverPipelineConfig:ResolverPipelineConfig", + "description": "The PipelineConfig.\n" + }, + "requestTemplate": { + "type": "string", + "description": "The request mapping template for UNIT resolver or 'before mapping template' for PIPELINE resolver. Required for non-Lambda resolvers.\n" + }, + "responseTemplate": { + "type": "string", + "description": "The response mapping template for UNIT resolver or 'after mapping template' for PIPELINE resolver. Required for non-Lambda resolvers.\n" + }, + "type": { + "type": "string", + "description": "The type name from the schema defined in the GraphQL API.\n" + } + }, + "type": "object" + } + }, + "aws:athena/database:Database": { + "description": "Provides an Athena database.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst hogeBucket = new aws.s3.Bucket(\"hogeBucket\", {});\nconst hogeDatabase = new aws.athena.Database(\"hogeDatabase\", {\n name: \"database_name\",\n bucket: hogeBucket.bucket,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nhoge_bucket = aws.s3.Bucket(\"hogeBucket\")\nhoge_database = aws.athena.Database(\"hogeDatabase\",\n name=\"database_name\",\n bucket=hoge_bucket.bucket)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var hogeBucket = new Aws.S3.Bucket(\"hogeBucket\", new Aws.S3.BucketArgs\n {\n });\n var hogeDatabase = new Aws.Athena.Database(\"hogeDatabase\", new Aws.Athena.DatabaseArgs\n {\n Name = \"database_name\",\n Bucket = hogeBucket.BucketName,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/athena\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thogeBucket, err := s3.NewBucket(ctx, \"hogeBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = athena.NewDatabase(ctx, \"hogeDatabase\", &athena.DatabaseArgs{\n\t\t\tName: pulumi.String(\"database_name\"),\n\t\t\tBucket: hogeBucket.Bucket,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "bucket": { + "type": "string", + "description": "Name of s3 bucket to save the results of the query execution.\n" + }, + "encryptionConfiguration": { + "$ref": "#/types/aws:athena/DatabaseEncryptionConfiguration:DatabaseEncryptionConfiguration", + "description": "The encryption key block AWS Athena uses to decrypt the data in S3, such as an AWS Key Management Service (AWS KMS) key. An `encryption_configuration` block is documented below.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all tables should be deleted from the database so that the database can be destroyed without error. The tables are *not* recoverable.\n" + }, + "name": { + "type": "string", + "description": "Name of the database to create.\n" + } + }, + "required": [ + "bucket", + "name" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "Name of s3 bucket to save the results of the query execution.\n" + }, + "encryptionConfiguration": { + "$ref": "#/types/aws:athena/DatabaseEncryptionConfiguration:DatabaseEncryptionConfiguration", + "description": "The encryption key block AWS Athena uses to decrypt the data in S3, such as an AWS Key Management Service (AWS KMS) key. An `encryption_configuration` block is documented below.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all tables should be deleted from the database so that the database can be destroyed without error. The tables are *not* recoverable.\n" + }, + "name": { + "type": "string", + "description": "Name of the database to create.\n" + } + }, + "requiredInputs": [ + "bucket" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Database resources.\n", + "properties": { + "bucket": { + "type": "string", + "description": "Name of s3 bucket to save the results of the query execution.\n" + }, + "encryptionConfiguration": { + "$ref": "#/types/aws:athena/DatabaseEncryptionConfiguration:DatabaseEncryptionConfiguration", + "description": "The encryption key block AWS Athena uses to decrypt the data in S3, such as an AWS Key Management Service (AWS KMS) key. An `encryption_configuration` block is documented below.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all tables should be deleted from the database so that the database can be destroyed without error. The tables are *not* recoverable.\n" + }, + "name": { + "type": "string", + "description": "Name of the database to create.\n" + } + }, + "type": "object" + } + }, + "aws:athena/namedQuery:NamedQuery": { + "description": "Provides an Athena Named Query resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst hogeBucket = new aws.s3.Bucket(\"hogeBucket\", {});\nconst testKey = new aws.kms.Key(\"testKey\", {\n deletionWindowInDays: 7,\n description: \"Athena KMS Key\",\n});\nconst testWorkgroup = new aws.athena.Workgroup(\"testWorkgroup\", {configuration: {\n resultConfiguration: {\n encryptionConfiguration: {\n encryptionOption: \"SSE_KMS\",\n kmsKeyArn: testKey.arn,\n },\n },\n}});\nconst hogeDatabase = new aws.athena.Database(\"hogeDatabase\", {\n name: \"users\",\n bucket: hogeBucket.id,\n});\nconst foo = new aws.athena.NamedQuery(\"foo\", {\n workgroup: testWorkgroup.id,\n database: hogeDatabase.name,\n query: pulumi.interpolate`SELECT * FROM ${hogeDatabase.name} limit 10;`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nhoge_bucket = aws.s3.Bucket(\"hogeBucket\")\ntest_key = aws.kms.Key(\"testKey\",\n deletion_window_in_days=7,\n description=\"Athena KMS Key\")\ntest_workgroup = aws.athena.Workgroup(\"testWorkgroup\", configuration=aws.athena.WorkgroupConfigurationArgs(\n result_configuration=aws.athena.WorkgroupConfigurationResultConfigurationArgs(\n encryption_configuration=aws.athena.WorkgroupConfigurationResultConfigurationEncryptionConfigurationArgs(\n encryption_option=\"SSE_KMS\",\n kms_key_arn=test_key.arn,\n ),\n ),\n))\nhoge_database = aws.athena.Database(\"hogeDatabase\",\n name=\"users\",\n bucket=hoge_bucket.id)\nfoo = aws.athena.NamedQuery(\"foo\",\n workgroup=test_workgroup.id,\n database=hoge_database.name,\n query=hoge_database.name.apply(lambda name: f\"SELECT * FROM {name} limit 10;\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var hogeBucket = new Aws.S3.Bucket(\"hogeBucket\", new Aws.S3.BucketArgs\n {\n });\n var testKey = new Aws.Kms.Key(\"testKey\", new Aws.Kms.KeyArgs\n {\n DeletionWindowInDays = 7,\n Description = \"Athena KMS Key\",\n });\n var testWorkgroup = new Aws.Athena.Workgroup(\"testWorkgroup\", new Aws.Athena.WorkgroupArgs\n {\n Configuration = new Aws.Athena.Inputs.WorkgroupConfigurationArgs\n {\n ResultConfiguration = new Aws.Athena.Inputs.WorkgroupConfigurationResultConfigurationArgs\n {\n EncryptionConfiguration = new Aws.Athena.Inputs.WorkgroupConfigurationResultConfigurationEncryptionConfigurationArgs\n {\n EncryptionOption = \"SSE_KMS\",\n KmsKeyArn = testKey.Arn,\n },\n },\n },\n });\n var hogeDatabase = new Aws.Athena.Database(\"hogeDatabase\", new Aws.Athena.DatabaseArgs\n {\n Name = \"users\",\n Bucket = hogeBucket.Id,\n });\n var foo = new Aws.Athena.NamedQuery(\"foo\", new Aws.Athena.NamedQueryArgs\n {\n Workgroup = testWorkgroup.Id,\n Database = hogeDatabase.Name,\n Query = hogeDatabase.Name.Apply(name => $\"SELECT * FROM {name} limit 10;\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/athena\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thogeBucket, err := s3.NewBucket(ctx, \"hogeBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestKey, err := kms.NewKey(ctx, \"testKey\", &kms.KeyArgs{\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tDescription: pulumi.String(\"Athena KMS Key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestWorkgroup, err := athena.NewWorkgroup(ctx, \"testWorkgroup\", &athena.WorkgroupArgs{\n\t\t\tConfiguration: &athena.WorkgroupConfigurationArgs{\n\t\t\t\tResultConfiguration: &athena.WorkgroupConfigurationResultConfigurationArgs{\n\t\t\t\t\tEncryptionConfiguration: &athena.WorkgroupConfigurationResultConfigurationEncryptionConfigurationArgs{\n\t\t\t\t\t\tEncryptionOption: pulumi.String(\"SSE_KMS\"),\n\t\t\t\t\t\tKmsKeyArn: testKey.Arn,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\thogeDatabase, err := athena.NewDatabase(ctx, \"hogeDatabase\", &athena.DatabaseArgs{\n\t\t\tName: pulumi.String(\"users\"),\n\t\t\tBucket: hogeBucket.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = athena.NewNamedQuery(ctx, \"foo\", &athena.NamedQueryArgs{\n\t\t\tWorkgroup: testWorkgroup.ID(),\n\t\t\tDatabase: hogeDatabase.Name,\n\t\t\tQuery: hogeDatabase.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v\", \"SELECT * FROM \", name, \" limit 10;\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAthena Named Query can be imported using the query ID, e.g.\n\n```sh\n $ pulumi import aws:athena/namedQuery:NamedQuery example 0123456789\n```\n\n ", + "properties": { + "database": { + "type": "string", + "description": "The database to which the query belongs.\n" + }, + "description": { + "type": "string", + "description": "A brief explanation of the query. Maximum length of 1024.\n" + }, + "name": { + "type": "string", + "description": "The plain language name for the query. Maximum length of 128.\n" + }, + "query": { + "type": "string", + "description": "The text of the query itself. In other words, all query statements. Maximum length of 262144.\n" + }, + "workgroup": { + "type": "string", + "description": "The workgroup to which the query belongs. Defaults to `primary`\n" + } + }, + "required": [ + "database", + "name", + "query" + ], + "inputProperties": { + "database": { + "type": "string", + "description": "The database to which the query belongs.\n" + }, + "description": { + "type": "string", + "description": "A brief explanation of the query. Maximum length of 1024.\n" + }, + "name": { + "type": "string", + "description": "The plain language name for the query. Maximum length of 128.\n" + }, + "query": { + "type": "string", + "description": "The text of the query itself. In other words, all query statements. Maximum length of 262144.\n" + }, + "workgroup": { + "type": "string", + "description": "The workgroup to which the query belongs. Defaults to `primary`\n" + } + }, + "requiredInputs": [ + "database", + "query" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NamedQuery resources.\n", + "properties": { + "database": { + "type": "string", + "description": "The database to which the query belongs.\n" + }, + "description": { + "type": "string", + "description": "A brief explanation of the query. Maximum length of 1024.\n" + }, + "name": { + "type": "string", + "description": "The plain language name for the query. Maximum length of 128.\n" + }, + "query": { + "type": "string", + "description": "The text of the query itself. In other words, all query statements. Maximum length of 262144.\n" + }, + "workgroup": { + "type": "string", + "description": "The workgroup to which the query belongs. Defaults to `primary`\n" + } + }, + "type": "object" + } + }, + "aws:athena/workgroup:Workgroup": { + "description": "Provides an Athena Workgroup.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.athena.Workgroup(\"example\", {configuration: {\n enforceWorkgroupConfiguration: true,\n publishCloudwatchMetricsEnabled: true,\n resultConfiguration: {\n outputLocation: `s3://${aws_s3_bucket.example.bucket}/output/`,\n encryptionConfiguration: {\n encryptionOption: \"SSE_KMS\",\n kmsKeyArn: aws_kms_key.example.arn,\n },\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.athena.Workgroup(\"example\", configuration=aws.athena.WorkgroupConfigurationArgs(\n enforce_workgroup_configuration=True,\n publish_cloudwatch_metrics_enabled=True,\n result_configuration=aws.athena.WorkgroupConfigurationResultConfigurationArgs(\n output_location=f\"s3://{aws_s3_bucket['example']['bucket']}/output/\",\n encryption_configuration=aws.athena.WorkgroupConfigurationResultConfigurationEncryptionConfigurationArgs(\n encryption_option=\"SSE_KMS\",\n kms_key_arn=aws_kms_key[\"example\"][\"arn\"],\n ),\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Athena.Workgroup(\"example\", new Aws.Athena.WorkgroupArgs\n {\n Configuration = new Aws.Athena.Inputs.WorkgroupConfigurationArgs\n {\n EnforceWorkgroupConfiguration = true,\n PublishCloudwatchMetricsEnabled = true,\n ResultConfiguration = new Aws.Athena.Inputs.WorkgroupConfigurationResultConfigurationArgs\n {\n OutputLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/output/\",\n EncryptionConfiguration = new Aws.Athena.Inputs.WorkgroupConfigurationResultConfigurationEncryptionConfigurationArgs\n {\n EncryptionOption = \"SSE_KMS\",\n KmsKeyArn = aws_kms_key.Example.Arn,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/athena\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := athena.NewWorkgroup(ctx, \"example\", &athena.WorkgroupArgs{\n\t\t\tConfiguration: &athena.WorkgroupConfigurationArgs{\n\t\t\t\tEnforceWorkgroupConfiguration: pulumi.Bool(true),\n\t\t\t\tPublishCloudwatchMetricsEnabled: pulumi.Bool(true),\n\t\t\t\tResultConfiguration: &athena.WorkgroupConfigurationResultConfigurationArgs{\n\t\t\t\t\tOutputLocation: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"s3://\", aws_s3_bucket.Example.Bucket, \"/output/\")),\n\t\t\t\t\tEncryptionConfiguration: &athena.WorkgroupConfigurationResultConfigurationEncryptionConfigurationArgs{\n\t\t\t\t\t\tEncryptionOption: pulumi.String(\"SSE_KMS\"),\n\t\t\t\t\t\tKmsKeyArn: pulumi.Any(aws_kms_key.Example.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAthena Workgroups can be imported using their name, e.g.\n\n```sh\n $ pulumi import aws:athena/workgroup:Workgroup example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the workgroup\n" + }, + "configuration": { + "$ref": "#/types/aws:athena/WorkgroupConfiguration:WorkgroupConfiguration", + "description": "Configuration block with various settings for the workgroup. Documented below.\n" + }, + "description": { + "type": "string", + "description": "Description of the workgroup.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "The option to delete the workgroup and its contents even if the workgroup contains any named queries.\n" + }, + "name": { + "type": "string", + "description": "Name of the workgroup.\n" + }, + "state": { + "type": "string", + "description": "State of the workgroup. Valid values are `DISABLED` or `ENABLED`. Defaults to `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the workgroup. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "configuration": { + "$ref": "#/types/aws:athena/WorkgroupConfiguration:WorkgroupConfiguration", + "description": "Configuration block with various settings for the workgroup. Documented below.\n" + }, + "description": { + "type": "string", + "description": "Description of the workgroup.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "The option to delete the workgroup and its contents even if the workgroup contains any named queries.\n" + }, + "name": { + "type": "string", + "description": "Name of the workgroup.\n" + }, + "state": { + "type": "string", + "description": "State of the workgroup. Valid values are `DISABLED` or `ENABLED`. Defaults to `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the workgroup. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Workgroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the workgroup\n" + }, + "configuration": { + "$ref": "#/types/aws:athena/WorkgroupConfiguration:WorkgroupConfiguration", + "description": "Configuration block with various settings for the workgroup. Documented below.\n" + }, + "description": { + "type": "string", + "description": "Description of the workgroup.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "The option to delete the workgroup and its contents even if the workgroup contains any named queries.\n" + }, + "name": { + "type": "string", + "description": "Name of the workgroup.\n" + }, + "state": { + "type": "string", + "description": "State of the workgroup. Valid values are `DISABLED` or `ENABLED`. Defaults to `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the workgroup. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:autoscaling/attachment:Attachment": { + "description": "Provides an Auto Scaling Attachment resource.\n\n> **NOTE on Auto Scaling Groups and ASG Attachments:** This provider currently provides\nboth a standalone `aws.autoscaling.Attachment` resource\n(describing an ASG attached to an ELB or ALB), and an `aws.autoscaling.Group`\nwith `load_balancers` and `target_group_arns` defined in-line. These two methods are not\nmutually-exclusive. If `aws.autoscaling.Attachment` resources are used, either alone or with inline\n`load_balancers` or `target_group_arns`, the `aws.autoscaling.Group` resource must be configured\nto [ignore changes](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to the `load_balancers` and `target_group_arns` arguments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer attachment\nconst asgAttachmentBar = new aws.autoscaling.Attachment(\"asgAttachmentBar\", {\n autoscalingGroupName: aws_autoscaling_group.asg.id,\n elb: aws_elb.bar.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer attachment\nasg_attachment_bar = aws.autoscaling.Attachment(\"asgAttachmentBar\",\n autoscaling_group_name=aws_autoscaling_group[\"asg\"][\"id\"],\n elb=aws_elb[\"bar\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new load balancer attachment\n var asgAttachmentBar = new Aws.AutoScaling.Attachment(\"asgAttachmentBar\", new Aws.AutoScaling.AttachmentArgs\n {\n AutoscalingGroupName = aws_autoscaling_group.Asg.Id,\n Elb = aws_elb.Bar.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := autoscaling.NewAttachment(ctx, \"asgAttachmentBar\", &autoscaling.AttachmentArgs{\n\t\t\tAutoscalingGroupName: pulumi.Any(aws_autoscaling_group.Asg.Id),\n\t\t\tElb: pulumi.Any(aws_elb.Bar.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new ALB Target Group attachment\nconst asgAttachmentBar = new aws.autoscaling.Attachment(\"asgAttachmentBar\", {\n autoscalingGroupName: aws_autoscaling_group.asg.id,\n albTargetGroupArn: aws_lb_target_group.test.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new ALB Target Group attachment\nasg_attachment_bar = aws.autoscaling.Attachment(\"asgAttachmentBar\",\n autoscaling_group_name=aws_autoscaling_group[\"asg\"][\"id\"],\n alb_target_group_arn=aws_lb_target_group[\"test\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new ALB Target Group attachment\n var asgAttachmentBar = new Aws.AutoScaling.Attachment(\"asgAttachmentBar\", new Aws.AutoScaling.AttachmentArgs\n {\n AutoscalingGroupName = aws_autoscaling_group.Asg.Id,\n AlbTargetGroupArn = aws_lb_target_group.Test.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := autoscaling.NewAttachment(ctx, \"asgAttachmentBar\", &autoscaling.AttachmentArgs{\n\t\t\tAutoscalingGroupName: pulumi.Any(aws_autoscaling_group.Asg.Id),\n\t\t\tAlbTargetGroupArn: pulumi.Any(aws_lb_target_group.Test.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## With An AutoScaling Group Resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst asg = new aws.autoscaling.Group(\"asg\", {});\nconst asgAttachmentBar = new aws.autoscaling.Attachment(\"asgAttachmentBar\", {\n autoscalingGroupName: asg.id,\n elb: aws_elb.test.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nasg = aws.autoscaling.Group(\"asg\")\nasg_attachment_bar = aws.autoscaling.Attachment(\"asgAttachmentBar\",\n autoscaling_group_name=asg.id,\n elb=aws_elb[\"test\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configuration ...\n var asg = new Aws.AutoScaling.Group(\"asg\", new Aws.AutoScaling.GroupArgs\n {\n });\n var asgAttachmentBar = new Aws.AutoScaling.Attachment(\"asgAttachmentBar\", new Aws.AutoScaling.AttachmentArgs\n {\n AutoscalingGroupName = asg.Id,\n Elb = aws_elb.Test.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tasg, err := autoscaling.NewGroup(ctx, \"asg\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewAttachment(ctx, \"asgAttachmentBar\", &autoscaling.AttachmentArgs{\n\t\t\tAutoscalingGroupName: asg.ID(),\n\t\t\tElb: pulumi.Any(aws_elb.Test.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n", + "properties": { + "albTargetGroupArn": { + "type": "string", + "description": "The ARN of an ALB Target Group.\n" + }, + "autoscalingGroupName": { + "type": "string", + "description": "Name of ASG to associate with the ELB.\n" + }, + "elb": { + "type": "string", + "description": "The name of the ELB.\n" + } + }, + "required": [ + "autoscalingGroupName" + ], + "inputProperties": { + "albTargetGroupArn": { + "type": "string", + "description": "The ARN of an ALB Target Group.\n" + }, + "autoscalingGroupName": { + "type": "string", + "description": "Name of ASG to associate with the ELB.\n" + }, + "elb": { + "type": "string", + "description": "The name of the ELB.\n" + } + }, + "requiredInputs": [ + "autoscalingGroupName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Attachment resources.\n", + "properties": { + "albTargetGroupArn": { + "type": "string", + "description": "The ARN of an ALB Target Group.\n" + }, + "autoscalingGroupName": { + "type": "string", + "description": "Name of ASG to associate with the ELB.\n" + }, + "elb": { + "type": "string", + "description": "The name of the ELB.\n" + } + }, + "type": "object" + } + }, + "aws:autoscaling/group:Group": { + "description": "Provides an Auto Scaling Group resource.\n\n> **Note:** You must specify either `launch_configuration`, `launch_template`, or `mixed_instances_policy`.\n\n> **NOTE on Auto Scaling Groups and ASG Attachments:** This provider currently provides\nboth a standalone `aws.autoscaling.Attachment` resource\n(describing an ASG attached to an ELB or ALB), and an `aws.autoscaling.Group`\nwith `load_balancers` and `target_group_arns` defined in-line. These two methods are not\nmutually-exclusive. If `aws.autoscaling.Attachment` resources are used, either alone or with inline\n`load_balancers` or `target_group_arns`, the `aws.autoscaling.Group` resource must be configured\nto ignore changes to the `load_balancers` and `target_group_arns` arguments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### With Latest Version Of Launch Template\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foobar = new aws.ec2.LaunchTemplate(\"foobar\", {\n namePrefix: \"foobar\",\n imageId: \"ami-1a2b3c\",\n instanceType: \"t2.micro\",\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n launchTemplate: {\n id: foobar.id,\n version: `$Latest`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoobar = aws.ec2.LaunchTemplate(\"foobar\",\n name_prefix=\"foobar\",\n image_id=\"ami-1a2b3c\",\n instance_type=\"t2.micro\")\nbar = aws.autoscaling.Group(\"bar\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n launch_template=aws.autoscaling.GroupLaunchTemplateArgs(\n id=foobar.id,\n version=\"$Latest\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foobar = new Aws.Ec2.LaunchTemplate(\"foobar\", new Aws.Ec2.LaunchTemplateArgs\n {\n NamePrefix = \"foobar\",\n ImageId = \"ami-1a2b3c\",\n InstanceType = \"t2.micro\",\n });\n var bar = new Aws.AutoScaling.Group(\"bar\", new Aws.AutoScaling.GroupArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupLaunchTemplateArgs\n {\n Id = foobar.Id,\n Version = \"$Latest\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoobar, err := ec2.NewLaunchTemplate(ctx, \"foobar\", &ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"foobar\"),\n\t\t\tImageId: pulumi.String(\"ami-1a2b3c\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", &autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tLaunchTemplate: &autoscaling.GroupLaunchTemplateArgs{\n\t\t\t\tId: foobar.ID(),\n\t\t\t\tVersion: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"Latest\")),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Mixed Instances Policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLaunchTemplate = new aws.ec2.LaunchTemplate(\"exampleLaunchTemplate\", {\n namePrefix: \"example\",\n imageId: data.aws_ami.example.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"exampleGroup\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n mixedInstancesPolicy: {\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: exampleLaunchTemplate.id,\n },\n overrides: [\n {\n instanceType: \"c4.large\",\n weightedCapacity: \"3\",\n },\n {\n instanceType: \"c3.large\",\n weightedCapacity: \"2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_launch_template = aws.ec2.LaunchTemplate(\"exampleLaunchTemplate\",\n name_prefix=\"example\",\n image_id=data[\"aws_ami\"][\"example\"][\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"exampleGroup\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example_launch_template.id,\n ),\n overrides=[\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c4.large\",\n weighted_capacity=\"3\",\n ),\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c3.large\",\n weighted_capacity=\"2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"exampleLaunchTemplate\", new Aws.Ec2.LaunchTemplateArgs\n {\n NamePrefix = \"example\",\n ImageId = data.Aws_ami.Example.Id,\n InstanceType = \"c5.large\",\n });\n var exampleGroup = new Aws.AutoScaling.Group(\"exampleGroup\", new Aws.AutoScaling.GroupArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = exampleLaunchTemplate.Id,\n },\n Overrides = \n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c4.large\",\n WeightedCapacity = \"3\",\n },\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c3.large\",\n WeightedCapacity = \"2\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"exampleLaunchTemplate\", &ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(data.Aws_ami.Example.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"exampleGroup\", &autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMixedInstancesPolicy: &autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tLaunchTemplate: &autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: &autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: exampleLaunchTemplate.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t&autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c3.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Mixed Instances Policy with Spot Instances and Capacity Rebalance\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLaunchTemplate = new aws.ec2.LaunchTemplate(\"exampleLaunchTemplate\", {\n namePrefix: \"example\",\n imageId: data.aws_ami.example.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"exampleGroup\", {\n capacityRebalance: true,\n desiredCapacity: 12,\n maxSize: 15,\n minSize: 12,\n vpcZoneIdentifiers: [\n aws_subnet.example1.id,\n aws_subnet.example2.id,\n ],\n mixedInstancesPolicy: {\n instancesDistribution: {\n onDemandBaseCapacity: 0,\n onDemandPercentageAboveBaseCapacity: 25,\n spotAllocationStrategy: \"capacity-optimized\",\n },\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: exampleLaunchTemplate.id,\n },\n overrides: [\n {\n instanceType: \"c4.large\",\n weightedCapacity: \"3\",\n },\n {\n instanceType: \"c3.large\",\n weightedCapacity: \"2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_launch_template = aws.ec2.LaunchTemplate(\"exampleLaunchTemplate\",\n name_prefix=\"example\",\n image_id=data[\"aws_ami\"][\"example\"][\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"exampleGroup\",\n capacity_rebalance=True,\n desired_capacity=12,\n max_size=15,\n min_size=12,\n vpc_zone_identifiers=[\n aws_subnet[\"example1\"][\"id\"],\n aws_subnet[\"example2\"][\"id\"],\n ],\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n instances_distribution=aws.autoscaling.GroupMixedInstancesPolicyInstancesDistributionArgs(\n on_demand_base_capacity=0,\n on_demand_percentage_above_base_capacity=25,\n spot_allocation_strategy=\"capacity-optimized\",\n ),\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example_launch_template.id,\n ),\n overrides=[\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c4.large\",\n weighted_capacity=\"3\",\n ),\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c3.large\",\n weighted_capacity=\"2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"exampleLaunchTemplate\", new Aws.Ec2.LaunchTemplateArgs\n {\n NamePrefix = \"example\",\n ImageId = data.Aws_ami.Example.Id,\n InstanceType = \"c5.large\",\n });\n var exampleGroup = new Aws.AutoScaling.Group(\"exampleGroup\", new Aws.AutoScaling.GroupArgs\n {\n CapacityRebalance = true,\n DesiredCapacity = 12,\n MaxSize = 15,\n MinSize = 12,\n VpcZoneIdentifiers = \n {\n aws_subnet.Example1.Id,\n aws_subnet.Example2.Id,\n },\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n InstancesDistribution = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyInstancesDistributionArgs\n {\n OnDemandBaseCapacity = 0,\n OnDemandPercentageAboveBaseCapacity = 25,\n SpotAllocationStrategy = \"capacity-optimized\",\n },\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = exampleLaunchTemplate.Id,\n },\n Overrides = \n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c4.large\",\n WeightedCapacity = \"3\",\n },\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c3.large\",\n WeightedCapacity = \"2\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"exampleLaunchTemplate\", &ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(data.Aws_ami.Example.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"exampleGroup\", &autoscaling.GroupArgs{\n\t\t\tCapacityRebalance: pulumi.Bool(true),\n\t\t\tDesiredCapacity: pulumi.Int(12),\n\t\t\tMaxSize: pulumi.Int(15),\n\t\t\tMinSize: pulumi.Int(12),\n\t\t\tVpcZoneIdentifiers: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\tpulumi.Any(aws_subnet.Example2.Id),\n\t\t\t},\n\t\t\tMixedInstancesPolicy: &autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tInstancesDistribution: &autoscaling.GroupMixedInstancesPolicyInstancesDistributionArgs{\n\t\t\t\t\tOnDemandBaseCapacity: pulumi.Int(0),\n\t\t\t\t\tOnDemandPercentageAboveBaseCapacity: pulumi.Int(25),\n\t\t\t\t\tSpotAllocationStrategy: pulumi.String(\"capacity-optimized\"),\n\t\t\t\t},\n\t\t\t\tLaunchTemplate: &autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: &autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: exampleLaunchTemplate.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t&autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c3.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Mixed Instances Policy with Instance level LaunchTemplateSpecification Overrides\n\nWhen using a diverse instance set, some instance types might require a launch template with configuration values unique to that instance type such as a different AMI (Graviton2), architecture specific user data script, different EBS configuration, or different networking configuration.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLaunchTemplate = new aws.ec2.LaunchTemplate(\"exampleLaunchTemplate\", {\n namePrefix: \"example\",\n imageId: data.aws_ami.example.id,\n instanceType: \"c5.large\",\n});\nconst example2 = new aws.ec2.LaunchTemplate(\"example2\", {\n namePrefix: \"example2\",\n imageId: data.aws_ami.example2.id,\n});\nconst exampleGroup = new aws.autoscaling.Group(\"exampleGroup\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 1,\n minSize: 1,\n mixedInstancesPolicy: {\n launchTemplate: {\n launchTemplateSpecification: {\n launchTemplateId: exampleLaunchTemplate.id,\n },\n overrides: [\n {\n instanceType: \"c4.large\",\n weightedCapacity: \"3\",\n },\n {\n instanceType: \"c6g.large\",\n launchTemplateSpecification: {\n launchTemplateId: example2.id,\n },\n weightedCapacity: \"2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_launch_template = aws.ec2.LaunchTemplate(\"exampleLaunchTemplate\",\n name_prefix=\"example\",\n image_id=data[\"aws_ami\"][\"example\"][\"id\"],\n instance_type=\"c5.large\")\nexample2 = aws.ec2.LaunchTemplate(\"example2\",\n name_prefix=\"example2\",\n image_id=data[\"aws_ami\"][\"example2\"][\"id\"])\nexample_group = aws.autoscaling.Group(\"exampleGroup\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=1,\n min_size=1,\n mixed_instances_policy=aws.autoscaling.GroupMixedInstancesPolicyArgs(\n launch_template=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs(\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs(\n launch_template_id=example_launch_template.id,\n ),\n overrides=[\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c4.large\",\n weighted_capacity=\"3\",\n ),\n aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs(\n instance_type=\"c6g.large\",\n launch_template_specification=aws.autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs(\n launch_template_id=example2.id,\n ),\n weighted_capacity=\"2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"exampleLaunchTemplate\", new Aws.Ec2.LaunchTemplateArgs\n {\n NamePrefix = \"example\",\n ImageId = data.Aws_ami.Example.Id,\n InstanceType = \"c5.large\",\n });\n var example2 = new Aws.Ec2.LaunchTemplate(\"example2\", new Aws.Ec2.LaunchTemplateArgs\n {\n NamePrefix = \"example2\",\n ImageId = data.Aws_ami.Example2.Id,\n });\n var exampleGroup = new Aws.AutoScaling.Group(\"exampleGroup\", new Aws.AutoScaling.GroupArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 1,\n MinSize = 1,\n MixedInstancesPolicy = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyArgs\n {\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateArgs\n {\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = exampleLaunchTemplate.Id,\n },\n Overrides = \n {\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c4.large\",\n WeightedCapacity = \"3\",\n },\n new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs\n {\n InstanceType = \"c6g.large\",\n LaunchTemplateSpecification = new Aws.AutoScaling.Inputs.GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = example2.Id,\n },\n WeightedCapacity = \"2\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"exampleLaunchTemplate\", &ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(data.Aws_ami.Example.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample2, err := ec2.NewLaunchTemplate(ctx, \"example2\", &ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example2\"),\n\t\t\tImageId: pulumi.Any(data.Aws_ami.Example2.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"exampleGroup\", &autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMixedInstancesPolicy: &autoscaling.GroupMixedInstancesPolicyArgs{\n\t\t\t\tLaunchTemplate: &autoscaling.GroupMixedInstancesPolicyLaunchTemplateArgs{\n\t\t\t\t\tLaunchTemplateSpecification: &autoscaling.GroupMixedInstancesPolicyLaunchTemplateLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tLaunchTemplateId: exampleLaunchTemplate.ID(),\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArray{\n\t\t\t\t\t\t&autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideArgs{\n\t\t\t\t\t\t\tInstanceType: pulumi.String(\"c6g.large\"),\n\t\t\t\t\t\t\tLaunchTemplateSpecification: &autoscaling.GroupMixedInstancesPolicyLaunchTemplateOverrideLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\t\t\tLaunchTemplateId: example2.ID(),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tWeightedCapacity: pulumi.String(\"2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Automatically refresh all instances after the group is updated\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAmi = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [{\n name: \"name\",\n values: [\"amzn-ami-hvm-*-x86_64-gp2\"],\n }],\n});\nconst exampleLaunchTemplate = new aws.ec2.LaunchTemplate(\"exampleLaunchTemplate\", {\n imageId: exampleAmi.then(exampleAmi => exampleAmi.id),\n instanceType: \"t3.nano\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"exampleGroup\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 2,\n minSize: 1,\n launchTemplate: {\n id: exampleLaunchTemplate.id,\n version: exampleLaunchTemplate.latestVersion,\n },\n tags: [{\n key: \"Key\",\n value: \"Value\",\n propagateAtLaunch: true,\n }],\n instanceRefresh: {\n strategy: \"Rolling\",\n preferences: {\n minHealthyPercentage: 50,\n },\n triggers: [\"tag\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_ami = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-hvm-*-x86_64-gp2\"],\n )])\nexample_launch_template = aws.ec2.LaunchTemplate(\"exampleLaunchTemplate\",\n image_id=example_ami.id,\n instance_type=\"t3.nano\")\nexample_group = aws.autoscaling.Group(\"exampleGroup\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=2,\n min_size=1,\n launch_template=aws.autoscaling.GroupLaunchTemplateArgs(\n id=example_launch_template.id,\n version=example_launch_template.latest_version,\n ),\n tags=[aws.autoscaling.GroupTagArgs(\n key=\"Key\",\n value=\"Value\",\n propagate_at_launch=True,\n )],\n instance_refresh=aws.autoscaling.GroupInstanceRefreshArgs(\n strategy=\"Rolling\",\n preferences=aws.autoscaling.GroupInstanceRefreshPreferencesArgs(\n min_healthy_percentage=50,\n ),\n triggers=[\"tag\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAmi = Output.Create(Aws.Ec2.GetAmi.InvokeAsync(new Aws.Ec2.GetAmiArgs\n {\n MostRecent = true,\n Owners = \n {\n \"amazon\",\n },\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"amzn-ami-hvm-*-x86_64-gp2\",\n },\n },\n },\n }));\n var exampleLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"exampleLaunchTemplate\", new Aws.Ec2.LaunchTemplateArgs\n {\n ImageId = exampleAmi.Apply(exampleAmi => exampleAmi.Id),\n InstanceType = \"t3.nano\",\n });\n var exampleGroup = new Aws.AutoScaling.Group(\"exampleGroup\", new Aws.AutoScaling.GroupArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 2,\n MinSize = 1,\n LaunchTemplate = new Aws.AutoScaling.Inputs.GroupLaunchTemplateArgs\n {\n Id = exampleLaunchTemplate.Id,\n Version = exampleLaunchTemplate.LatestVersion,\n },\n Tags = \n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"Key\",\n Value = \"Value\",\n PropagateAtLaunch = true,\n },\n },\n InstanceRefresh = new Aws.AutoScaling.Inputs.GroupInstanceRefreshArgs\n {\n Strategy = \"Rolling\",\n Preferences = new Aws.AutoScaling.Inputs.GroupInstanceRefreshPreferencesArgs\n {\n MinHealthyPercentage = 50,\n },\n Triggers = \n {\n \"tag\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\texampleAmi, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{\n\t\t\tMostRecent: &opt0,\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-hvm-*-x86_64-gp2\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"exampleLaunchTemplate\", &ec2.LaunchTemplateArgs{\n\t\t\tImageId: pulumi.String(exampleAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"t3.nano\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"exampleGroup\", &autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(2),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tLaunchTemplate: &autoscaling.GroupLaunchTemplateArgs{\n\t\t\t\tId: exampleLaunchTemplate.ID(),\n\t\t\t\tVersion: exampleLaunchTemplate.LatestVersion,\n\t\t\t},\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t&autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"Key\"),\n\t\t\t\t\tValue: pulumi.String(\"Value\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tInstanceRefresh: &autoscaling.GroupInstanceRefreshArgs{\n\t\t\t\tStrategy: pulumi.String(\"Rolling\"),\n\t\t\t\tPreferences: &autoscaling.GroupInstanceRefreshPreferencesArgs{\n\t\t\t\t\tMinHealthyPercentage: pulumi.Int(50),\n\t\t\t\t},\n\t\t\t\tTriggers: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"tag\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Auto Scaling group with Warm Pool\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLaunchTemplate = new aws.ec2.LaunchTemplate(\"exampleLaunchTemplate\", {\n namePrefix: \"example\",\n imageId: data.aws_ami.example.id,\n instanceType: \"c5.large\",\n});\nconst exampleGroup = new aws.autoscaling.Group(\"exampleGroup\", {\n availabilityZones: [\"us-east-1a\"],\n desiredCapacity: 1,\n maxSize: 5,\n minSize: 1,\n warmPool: {\n poolState: \"Stopped\",\n minSize: 1,\n maxGroupPreparedCapacity: 10,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_launch_template = aws.ec2.LaunchTemplate(\"exampleLaunchTemplate\",\n name_prefix=\"example\",\n image_id=data[\"aws_ami\"][\"example\"][\"id\"],\n instance_type=\"c5.large\")\nexample_group = aws.autoscaling.Group(\"exampleGroup\",\n availability_zones=[\"us-east-1a\"],\n desired_capacity=1,\n max_size=5,\n min_size=1,\n warm_pool=aws.autoscaling.GroupWarmPoolArgs(\n pool_state=\"Stopped\",\n min_size=1,\n max_group_prepared_capacity=10,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"exampleLaunchTemplate\", new Aws.Ec2.LaunchTemplateArgs\n {\n NamePrefix = \"example\",\n ImageId = data.Aws_ami.Example.Id,\n InstanceType = \"c5.large\",\n });\n var exampleGroup = new Aws.AutoScaling.Group(\"exampleGroup\", new Aws.AutoScaling.GroupArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n DesiredCapacity = 1,\n MaxSize = 5,\n MinSize = 1,\n WarmPool = new Aws.AutoScaling.Inputs.GroupWarmPoolArgs\n {\n PoolState = \"Stopped\",\n MinSize = 1,\n MaxGroupPreparedCapacity = 10,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewLaunchTemplate(ctx, \"exampleLaunchTemplate\", &ec2.LaunchTemplateArgs{\n\t\t\tNamePrefix: pulumi.String(\"example\"),\n\t\t\tImageId: pulumi.Any(data.Aws_ami.Example.Id),\n\t\t\tInstanceType: pulumi.String(\"c5.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"exampleGroup\", &autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tDesiredCapacity: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(5),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tWarmPool: &autoscaling.GroupWarmPoolArgs{\n\t\t\t\tPoolState: pulumi.String(\"Stopped\"),\n\t\t\t\tMinSize: pulumi.Int(1),\n\t\t\t\tMaxGroupPreparedCapacity: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Waiting for Capacity\n\nA newly-created ASG is initially empty and begins to scale to `min_size` (or\n`desired_capacity`, if specified) by launching instances using the provided\nLaunch Configuration. These instances take time to launch and boot.\n\nOn ASG Update, changes to these values also take time to result in the target\nnumber of instances providing service.\n\nThis provider provides two mechanisms to help consistently manage ASG scale up\ntime across dependent resources.\n\n#### Waiting for ASG Capacity\n\nThe first is default behavior. This provider waits after ASG creation for\n`min_size` (or `desired_capacity`, if specified) healthy instances to show up\nin the ASG before continuing.\n\nIf `min_size` or `desired_capacity` are changed in a subsequent update,\nthis provider will also wait for the correct number of healthy instances before\ncontinuing.\n\nThis provider considers an instance \"healthy\" when the ASG reports `HealthStatus:\n\"Healthy\"` and `LifecycleState: \"InService\"`. See the [AWS AutoScaling\nDocs](https://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/AutoScalingGroupLifecycle.html)\nfor more information on an ASG's lifecycle.\n\nThis provider will wait for healthy instances for up to\n`wait_for_capacity_timeout`. If ASG creation is taking more than a few minutes,\nit's worth investigating for scaling activity errors, which can be caused by\nproblems with the selected Launch Configuration.\n\nSetting `wait_for_capacity_timeout` to `\"0\"` disables ASG Capacity waiting.\n\n#### Waiting for ELB Capacity\n\nThe second mechanism is optional, and affects ASGs with attached ELBs specified\nvia the `load_balancers` attribute or with ALBs specified with `target_group_arns`.\n\nThe `min_elb_capacity` parameter causes this provider to wait for at least the\nrequested number of instances to show up `\"InService\"` in all attached ELBs\nduring ASG creation. It has no effect on ASG updates.\n\nIf `wait_for_elb_capacity` is set, this provider will wait for exactly that number\nof Instances to be `\"InService\"` in all attached ELBs on both creation and\nupdates.\n\nThese parameters can be used to ensure that service is being provided before\nthis provider moves on. If new instances don't pass the ELB's health checks for any\nreason, the deployment will time out, and the ASG will be marked as\ntainted (i.e. marked to be destroyed in a follow up run).\n\nAs with ASG Capacity, this provider will wait for up to `wait_for_capacity_timeout`\nfor the proper number of instances to be healthy.\n\n#### Troubleshooting Capacity Waiting Timeouts\n\nIf ASG creation takes more than a few minutes, this could indicate one of a\nnumber of configuration problems. See the [AWS Docs on Load Balancer\nTroubleshooting](https://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/elb-troubleshooting.html)\nfor more information.\n\n\n## Import\n\nAuto Scaling Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:autoscaling/group:Group web web-asg\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN for this Auto Scaling Group\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of one or more availability zones for the group. Used for EC2-Classic and default subnets when not specified with `vpc_zone_identifier` argument. Conflicts with `vpc_zone_identifier`.\n" + }, + "capacityRebalance": { + "type": "boolean", + "description": "Indicates whether capacity rebalance is enabled. Otherwise, capacity rebalance is disabled.\n" + }, + "defaultCooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scaling activity completes before another scaling activity can start.\n" + }, + "desiredCapacity": { + "type": "integer", + "description": "The number of Amazon EC2 instances that\nshould be running in the group. (See also Waiting for\nCapacity below.)\n" + }, + "enabledMetrics": { + "type": "array", + "items": { + "type": "string", + "$ref": "#/types/aws:autoscaling/metrics:Metric" + }, + "description": "A list of metrics to collect. The allowed values are `GroupDesiredCapacity`, `GroupInServiceCapacity`, `GroupPendingCapacity`, `GroupMinSize`, `GroupMaxSize`, `GroupInServiceInstances`, `GroupPendingInstances`, `GroupStandbyInstances`, `GroupStandbyCapacity`, `GroupTerminatingCapacity`, `GroupTerminatingInstances`, `GroupTotalCapacity`, `GroupTotalInstances`.\n" + }, + "forceDelete": { + "type": "boolean", + "description": "Allows deleting the Auto Scaling Group without waiting\nfor all instances in the pool to terminate. You can force an Auto Scaling Group to delete\neven if it's in the process of scaling a resource. Normally, this provider\ndrains all the instances before deleting the group. This bypasses that\nbehavior and potentially leaves resources dangling.\n" + }, + "forceDeleteWarmPool": { + "type": "boolean" + }, + "healthCheckGracePeriod": { + "type": "integer", + "description": "Time (in seconds) after instance comes into service before checking health.\n" + }, + "healthCheckType": { + "type": "string", + "description": "\"EC2\" or \"ELB\". Controls how health checking is done.\n" + }, + "initialLifecycleHooks": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/GroupInitialLifecycleHook:GroupInitialLifecycleHook" + }, + "description": "One or more\n[Lifecycle Hooks](http://docs.aws.amazon.com/autoscaling/latest/userguide/lifecycle-hooks.html)\nto attach to the Auto Scaling Group **before** instances are launched. The\nsyntax is exactly the same as the separate\n`aws.autoscaling.LifecycleHook`\nresource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating\na new Auto Scaling Group. For all other use-cases, please use `aws.autoscaling.LifecycleHook` resource.\n" + }, + "instanceRefresh": { + "$ref": "#/types/aws:autoscaling/GroupInstanceRefresh:GroupInstanceRefresh", + "description": "If this block is configured, start an\n[Instance Refresh](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)\nwhen this Auto Scaling Group is updated. Defined below.\n" + }, + "launchConfiguration": { + "type": "string", + "description": "The name of the launch configuration to use.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:autoscaling/GroupLaunchTemplate:GroupLaunchTemplate", + "description": "Nested argument containing launch template settings along with the overrides to specify multiple instance types and weights. Defined below.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of elastic load balancer names to add to the autoscaling\ngroup names. Only valid for classic load balancers. For ALBs, use `target_group_arns` instead.\n" + }, + "maxInstanceLifetime": { + "type": "integer", + "description": "The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 604800 and 31536000 seconds.\n" + }, + "maxSize": { + "type": "integer", + "description": "The maximum size of the Auto Scaling Group.\n" + }, + "metricsGranularity": { + "type": "string", + "description": "The granularity to associate with the metrics to collect. The only valid value is `1Minute`. Default is `1Minute`.\n" + }, + "minElbCapacity": { + "type": "integer", + "description": "Setting this causes the provider to wait for\nthis number of instances from this Auto Scaling Group to show up healthy in the\nELB only on creation. Updates will not wait on ELB instance number changes.\n(See also Waiting for Capacity below.)\n" + }, + "minSize": { + "type": "integer", + "description": "Specifies the minimum number of instances to maintain in the warm pool. This helps you to ensure that there is always a certain number of warmed instances available to handle traffic spikes. Defaults to 0 if not specified.\n" + }, + "mixedInstancesPolicy": { + "$ref": "#/types/aws:autoscaling/GroupMixedInstancesPolicy:GroupMixedInstancesPolicy", + "description": "Configuration block containing settings to define launch targets for Auto Scaling groups. Defined below.\n" + }, + "name": { + "type": "string", + "description": "The name of the Auto Scaling Group. By default generated by this provider. Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "placementGroup": { + "type": "string", + "description": "The name of the placement group into which you'll launch your instances, if any.\n" + }, + "protectFromScaleIn": { + "type": "boolean", + "description": "Allows setting instance protection. The\nAuto Scaling Group will not select instances with this setting for termination\nduring scale in events.\n" + }, + "serviceLinkedRoleArn": { + "type": "string", + "description": "The ARN of the service-linked role that the ASG will use to call other AWS services\n" + }, + "suspendedProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`.\nNote that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly.\n" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/GroupTag:GroupTag" + }, + "description": "Configuration block(s) containing resource tags. Conflicts with `tags_collection`. Documented below.\n" + }, + "tagsCollection": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "description": "Set of maps containing resource tags. Conflicts with `tag`. Documented below.\n" + }, + "targetGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A set of `aws.alb.TargetGroup` ARNs, for use with Application or Network Load Balancing.\n" + }, + "terminationPolicies": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default`.\n" + }, + "vpcZoneIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones`.\n" + }, + "waitForCapacityTimeout": { + "type": "string", + "description": "A maximum\n[duration](https://golang.org/pkg/time/#ParseDuration) that this provider should\nwait for ASG instances to be healthy before timing out. (See also Waiting\nfor Capacity below.) Setting this to \"0\" causes\nthis provider to skip all Capacity Waiting behavior.\n" + }, + "waitForElbCapacity": { + "type": "integer", + "description": "Setting this will cause the provider to wait\nfor exactly this number of healthy instances from this Auto Scaling Group in\nall attached load balancers on both create and update operations. (Takes\nprecedence over `min_elb_capacity` behavior.)\n(See also Waiting for Capacity below.)\n" + }, + "warmPool": { + "$ref": "#/types/aws:autoscaling/GroupWarmPool:GroupWarmPool", + "description": "If this block is configured, add a [Warm Pool](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)\nto the specified Auto Scaling group. Defined below\n" + } + }, + "required": [ + "arn", + "availabilityZones", + "defaultCooldown", + "desiredCapacity", + "healthCheckType", + "maxSize", + "minSize", + "name", + "namePrefix", + "serviceLinkedRoleArn", + "vpcZoneIdentifiers" + ], + "inputProperties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of one or more availability zones for the group. Used for EC2-Classic and default subnets when not specified with `vpc_zone_identifier` argument. Conflicts with `vpc_zone_identifier`.\n" + }, + "capacityRebalance": { + "type": "boolean", + "description": "Indicates whether capacity rebalance is enabled. Otherwise, capacity rebalance is disabled.\n" + }, + "defaultCooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scaling activity completes before another scaling activity can start.\n" + }, + "desiredCapacity": { + "type": "integer", + "description": "The number of Amazon EC2 instances that\nshould be running in the group. (See also Waiting for\nCapacity below.)\n" + }, + "enabledMetrics": { + "type": "array", + "items": { + "type": "string", + "$ref": "#/types/aws:autoscaling/metrics:Metric" + }, + "description": "A list of metrics to collect. The allowed values are `GroupDesiredCapacity`, `GroupInServiceCapacity`, `GroupPendingCapacity`, `GroupMinSize`, `GroupMaxSize`, `GroupInServiceInstances`, `GroupPendingInstances`, `GroupStandbyInstances`, `GroupStandbyCapacity`, `GroupTerminatingCapacity`, `GroupTerminatingInstances`, `GroupTotalCapacity`, `GroupTotalInstances`.\n" + }, + "forceDelete": { + "type": "boolean", + "description": "Allows deleting the Auto Scaling Group without waiting\nfor all instances in the pool to terminate. You can force an Auto Scaling Group to delete\neven if it's in the process of scaling a resource. Normally, this provider\ndrains all the instances before deleting the group. This bypasses that\nbehavior and potentially leaves resources dangling.\n" + }, + "forceDeleteWarmPool": { + "type": "boolean" + }, + "healthCheckGracePeriod": { + "type": "integer", + "description": "Time (in seconds) after instance comes into service before checking health.\n" + }, + "healthCheckType": { + "type": "string", + "description": "\"EC2\" or \"ELB\". Controls how health checking is done.\n" + }, + "initialLifecycleHooks": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/GroupInitialLifecycleHook:GroupInitialLifecycleHook" + }, + "description": "One or more\n[Lifecycle Hooks](http://docs.aws.amazon.com/autoscaling/latest/userguide/lifecycle-hooks.html)\nto attach to the Auto Scaling Group **before** instances are launched. The\nsyntax is exactly the same as the separate\n`aws.autoscaling.LifecycleHook`\nresource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating\na new Auto Scaling Group. For all other use-cases, please use `aws.autoscaling.LifecycleHook` resource.\n" + }, + "instanceRefresh": { + "$ref": "#/types/aws:autoscaling/GroupInstanceRefresh:GroupInstanceRefresh", + "description": "If this block is configured, start an\n[Instance Refresh](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)\nwhen this Auto Scaling Group is updated. Defined below.\n" + }, + "launchConfiguration": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/launchConfiguration:LaunchConfiguration" + } + ], + "description": "The name of the launch configuration to use.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:autoscaling/GroupLaunchTemplate:GroupLaunchTemplate", + "description": "Nested argument containing launch template settings along with the overrides to specify multiple instance types and weights. Defined below.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of elastic load balancer names to add to the autoscaling\ngroup names. Only valid for classic load balancers. For ALBs, use `target_group_arns` instead.\n" + }, + "maxInstanceLifetime": { + "type": "integer", + "description": "The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 604800 and 31536000 seconds.\n" + }, + "maxSize": { + "type": "integer", + "description": "The maximum size of the Auto Scaling Group.\n" + }, + "metricsGranularity": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:autoscaling/MetricsGranularity:MetricsGranularity" + } + ], + "description": "The granularity to associate with the metrics to collect. The only valid value is `1Minute`. Default is `1Minute`.\n" + }, + "minElbCapacity": { + "type": "integer", + "description": "Setting this causes the provider to wait for\nthis number of instances from this Auto Scaling Group to show up healthy in the\nELB only on creation. Updates will not wait on ELB instance number changes.\n(See also Waiting for Capacity below.)\n" + }, + "minSize": { + "type": "integer", + "description": "Specifies the minimum number of instances to maintain in the warm pool. This helps you to ensure that there is always a certain number of warmed instances available to handle traffic spikes. Defaults to 0 if not specified.\n" + }, + "mixedInstancesPolicy": { + "$ref": "#/types/aws:autoscaling/GroupMixedInstancesPolicy:GroupMixedInstancesPolicy", + "description": "Configuration block containing settings to define launch targets for Auto Scaling groups. Defined below.\n" + }, + "name": { + "type": "string", + "description": "The name of the Auto Scaling Group. By default generated by this provider. Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "placementGroup": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/placementGroup:PlacementGroup" + } + ], + "description": "The name of the placement group into which you'll launch your instances, if any.\n" + }, + "protectFromScaleIn": { + "type": "boolean", + "description": "Allows setting instance protection. The\nAuto Scaling Group will not select instances with this setting for termination\nduring scale in events.\n" + }, + "serviceLinkedRoleArn": { + "type": "string", + "description": "The ARN of the service-linked role that the ASG will use to call other AWS services\n" + }, + "suspendedProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`.\nNote that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly.\n" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/GroupTag:GroupTag" + }, + "description": "Configuration block(s) containing resource tags. Conflicts with `tags_collection`. Documented below.\n" + }, + "tagsCollection": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "description": "Set of maps containing resource tags. Conflicts with `tag`. Documented below.\n" + }, + "targetGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A set of `aws.alb.TargetGroup` ARNs, for use with Application or Network Load Balancing.\n" + }, + "terminationPolicies": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default`.\n" + }, + "vpcZoneIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones`.\n" + }, + "waitForCapacityTimeout": { + "type": "string", + "description": "A maximum\n[duration](https://golang.org/pkg/time/#ParseDuration) that this provider should\nwait for ASG instances to be healthy before timing out. (See also Waiting\nfor Capacity below.) Setting this to \"0\" causes\nthis provider to skip all Capacity Waiting behavior.\n" + }, + "waitForElbCapacity": { + "type": "integer", + "description": "Setting this will cause the provider to wait\nfor exactly this number of healthy instances from this Auto Scaling Group in\nall attached load balancers on both create and update operations. (Takes\nprecedence over `min_elb_capacity` behavior.)\n(See also Waiting for Capacity below.)\n" + }, + "warmPool": { + "$ref": "#/types/aws:autoscaling/GroupWarmPool:GroupWarmPool", + "description": "If this block is configured, add a [Warm Pool](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)\nto the specified Auto Scaling group. Defined below\n" + } + }, + "requiredInputs": [ + "maxSize", + "minSize" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Group resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN for this Auto Scaling Group\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of one or more availability zones for the group. Used for EC2-Classic and default subnets when not specified with `vpc_zone_identifier` argument. Conflicts with `vpc_zone_identifier`.\n" + }, + "capacityRebalance": { + "type": "boolean", + "description": "Indicates whether capacity rebalance is enabled. Otherwise, capacity rebalance is disabled.\n" + }, + "defaultCooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scaling activity completes before another scaling activity can start.\n" + }, + "desiredCapacity": { + "type": "integer", + "description": "The number of Amazon EC2 instances that\nshould be running in the group. (See also Waiting for\nCapacity below.)\n" + }, + "enabledMetrics": { + "type": "array", + "items": { + "type": "string", + "$ref": "#/types/aws:autoscaling/metrics:Metric" + }, + "description": "A list of metrics to collect. The allowed values are `GroupDesiredCapacity`, `GroupInServiceCapacity`, `GroupPendingCapacity`, `GroupMinSize`, `GroupMaxSize`, `GroupInServiceInstances`, `GroupPendingInstances`, `GroupStandbyInstances`, `GroupStandbyCapacity`, `GroupTerminatingCapacity`, `GroupTerminatingInstances`, `GroupTotalCapacity`, `GroupTotalInstances`.\n" + }, + "forceDelete": { + "type": "boolean", + "description": "Allows deleting the Auto Scaling Group without waiting\nfor all instances in the pool to terminate. You can force an Auto Scaling Group to delete\neven if it's in the process of scaling a resource. Normally, this provider\ndrains all the instances before deleting the group. This bypasses that\nbehavior and potentially leaves resources dangling.\n" + }, + "forceDeleteWarmPool": { + "type": "boolean" + }, + "healthCheckGracePeriod": { + "type": "integer", + "description": "Time (in seconds) after instance comes into service before checking health.\n" + }, + "healthCheckType": { + "type": "string", + "description": "\"EC2\" or \"ELB\". Controls how health checking is done.\n" + }, + "initialLifecycleHooks": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/GroupInitialLifecycleHook:GroupInitialLifecycleHook" + }, + "description": "One or more\n[Lifecycle Hooks](http://docs.aws.amazon.com/autoscaling/latest/userguide/lifecycle-hooks.html)\nto attach to the Auto Scaling Group **before** instances are launched. The\nsyntax is exactly the same as the separate\n`aws.autoscaling.LifecycleHook`\nresource, without the `autoscaling_group_name` attribute. Please note that this will only work when creating\na new Auto Scaling Group. For all other use-cases, please use `aws.autoscaling.LifecycleHook` resource.\n" + }, + "instanceRefresh": { + "$ref": "#/types/aws:autoscaling/GroupInstanceRefresh:GroupInstanceRefresh", + "description": "If this block is configured, start an\n[Instance Refresh](https://docs.aws.amazon.com/autoscaling/ec2/userguide/asg-instance-refresh.html)\nwhen this Auto Scaling Group is updated. Defined below.\n" + }, + "launchConfiguration": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/launchConfiguration:LaunchConfiguration" + } + ], + "description": "The name of the launch configuration to use.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:autoscaling/GroupLaunchTemplate:GroupLaunchTemplate", + "description": "Nested argument containing launch template settings along with the overrides to specify multiple instance types and weights. Defined below.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of elastic load balancer names to add to the autoscaling\ngroup names. Only valid for classic load balancers. For ALBs, use `target_group_arns` instead.\n" + }, + "maxInstanceLifetime": { + "type": "integer", + "description": "The maximum amount of time, in seconds, that an instance can be in service, values must be either equal to 0 or between 604800 and 31536000 seconds.\n" + }, + "maxSize": { + "type": "integer", + "description": "The maximum size of the Auto Scaling Group.\n" + }, + "metricsGranularity": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:autoscaling/MetricsGranularity:MetricsGranularity" + } + ], + "description": "The granularity to associate with the metrics to collect. The only valid value is `1Minute`. Default is `1Minute`.\n" + }, + "minElbCapacity": { + "type": "integer", + "description": "Setting this causes the provider to wait for\nthis number of instances from this Auto Scaling Group to show up healthy in the\nELB only on creation. Updates will not wait on ELB instance number changes.\n(See also Waiting for Capacity below.)\n" + }, + "minSize": { + "type": "integer", + "description": "Specifies the minimum number of instances to maintain in the warm pool. This helps you to ensure that there is always a certain number of warmed instances available to handle traffic spikes. Defaults to 0 if not specified.\n" + }, + "mixedInstancesPolicy": { + "$ref": "#/types/aws:autoscaling/GroupMixedInstancesPolicy:GroupMixedInstancesPolicy", + "description": "Configuration block containing settings to define launch targets for Auto Scaling groups. Defined below.\n" + }, + "name": { + "type": "string", + "description": "The name of the Auto Scaling Group. By default generated by this provider. Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "placementGroup": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/placementGroup:PlacementGroup" + } + ], + "description": "The name of the placement group into which you'll launch your instances, if any.\n" + }, + "protectFromScaleIn": { + "type": "boolean", + "description": "Allows setting instance protection. The\nAuto Scaling Group will not select instances with this setting for termination\nduring scale in events.\n" + }, + "serviceLinkedRoleArn": { + "type": "string", + "description": "The ARN of the service-linked role that the ASG will use to call other AWS services\n" + }, + "suspendedProcesses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of processes to suspend for the Auto Scaling Group. The allowed values are `Launch`, `Terminate`, `HealthCheck`, `ReplaceUnhealthy`, `AZRebalance`, `AlarmNotification`, `ScheduledActions`, `AddToLoadBalancer`.\nNote that if you suspend either the `Launch` or `Terminate` process types, it can prevent your Auto Scaling Group from functioning properly.\n" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/GroupTag:GroupTag" + }, + "description": "Configuration block(s) containing resource tags. Conflicts with `tags_collection`. Documented below.\n" + }, + "tagsCollection": { + "type": "array", + "items": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "description": "Set of maps containing resource tags. Conflicts with `tag`. Documented below.\n" + }, + "targetGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A set of `aws.alb.TargetGroup` ARNs, for use with Application or Network Load Balancing.\n" + }, + "terminationPolicies": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of policies to decide how the instances in the Auto Scaling Group should be terminated. The allowed values are `OldestInstance`, `NewestInstance`, `OldestLaunchConfiguration`, `ClosestToNextInstanceHour`, `OldestLaunchTemplate`, `AllocationStrategy`, `Default`.\n" + }, + "vpcZoneIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to launch resources in. Subnets automatically determine which availability zones the group will reside. Conflicts with `availability_zones`.\n" + }, + "waitForCapacityTimeout": { + "type": "string", + "description": "A maximum\n[duration](https://golang.org/pkg/time/#ParseDuration) that this provider should\nwait for ASG instances to be healthy before timing out. (See also Waiting\nfor Capacity below.) Setting this to \"0\" causes\nthis provider to skip all Capacity Waiting behavior.\n" + }, + "waitForElbCapacity": { + "type": "integer", + "description": "Setting this will cause the provider to wait\nfor exactly this number of healthy instances from this Auto Scaling Group in\nall attached load balancers on both create and update operations. (Takes\nprecedence over `min_elb_capacity` behavior.)\n(See also Waiting for Capacity below.)\n" + }, + "warmPool": { + "$ref": "#/types/aws:autoscaling/GroupWarmPool:GroupWarmPool", + "description": "If this block is configured, add a [Warm Pool](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-warm-pools.html)\nto the specified Auto Scaling group. Defined below\n" + } + }, + "type": "object" + } + }, + "aws:autoscaling/lifecycleHook:LifecycleHook": { + "description": "Provides an AutoScaling Lifecycle Hook resource.\n\n> **NOTE:** This provider has two types of ways you can add lifecycle hooks - via\nthe `initial_lifecycle_hook` attribute from the\n`aws.autoscaling.Group`\nresource, or via this one. Hooks added via this resource will not be added\nuntil the autoscaling group has been created, and depending on your\n`capacity`\nsettings, after the initial instances have been launched, creating unintended\nbehavior. If you need hooks to run on all instances, add them with\n`initial_lifecycle_hook` in\n`aws.autoscaling.Group`,\nbut take care to not duplicate those hooks with this resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foobarGroup = new aws.autoscaling.Group(\"foobarGroup\", {\n availabilityZones: [\"us-west-2a\"],\n healthCheckType: \"EC2\",\n terminationPolicies: [\"OldestInstance\"],\n tags: [{\n key: \"Foo\",\n value: \"foo-bar\",\n propagateAtLaunch: true,\n }],\n});\nconst foobarLifecycleHook = new aws.autoscaling.LifecycleHook(\"foobarLifecycleHook\", {\n autoscalingGroupName: foobarGroup.name,\n defaultResult: \"CONTINUE\",\n heartbeatTimeout: 2000,\n lifecycleTransition: \"autoscaling:EC2_INSTANCE_LAUNCHING\",\n notificationMetadata: `{\n \"foo\": \"bar\"\n}\n`,\n notificationTargetArn: \"arn:aws:sqs:us-east-1:444455556666:queue1*\",\n roleArn: \"arn:aws:iam::123456789012:role/S3Access\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoobar_group = aws.autoscaling.Group(\"foobarGroup\",\n availability_zones=[\"us-west-2a\"],\n health_check_type=\"EC2\",\n termination_policies=[\"OldestInstance\"],\n tags=[aws.autoscaling.GroupTagArgs(\n key=\"Foo\",\n value=\"foo-bar\",\n propagate_at_launch=True,\n )])\nfoobar_lifecycle_hook = aws.autoscaling.LifecycleHook(\"foobarLifecycleHook\",\n autoscaling_group_name=foobar_group.name,\n default_result=\"CONTINUE\",\n heartbeat_timeout=2000,\n lifecycle_transition=\"autoscaling:EC2_INSTANCE_LAUNCHING\",\n notification_metadata=\"\"\"{\n \"foo\": \"bar\"\n}\n\"\"\",\n notification_target_arn=\"arn:aws:sqs:us-east-1:444455556666:queue1*\",\n role_arn=\"arn:aws:iam::123456789012:role/S3Access\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foobarGroup = new Aws.AutoScaling.Group(\"foobarGroup\", new Aws.AutoScaling.GroupArgs\n {\n AvailabilityZones = \n {\n \"us-west-2a\",\n },\n HealthCheckType = \"EC2\",\n TerminationPolicies = \n {\n \"OldestInstance\",\n },\n Tags = \n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"Foo\",\n Value = \"foo-bar\",\n PropagateAtLaunch = true,\n },\n },\n });\n var foobarLifecycleHook = new Aws.AutoScaling.LifecycleHook(\"foobarLifecycleHook\", new Aws.AutoScaling.LifecycleHookArgs\n {\n AutoscalingGroupName = foobarGroup.Name,\n DefaultResult = \"CONTINUE\",\n HeartbeatTimeout = 2000,\n LifecycleTransition = \"autoscaling:EC2_INSTANCE_LAUNCHING\",\n NotificationMetadata = @\"{\n \"\"foo\"\": \"\"bar\"\"\n}\n\",\n NotificationTargetArn = \"arn:aws:sqs:us-east-1:444455556666:queue1*\",\n RoleArn = \"arn:aws:iam::123456789012:role/S3Access\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoobarGroup, err := autoscaling.NewGroup(ctx, \"foobarGroup\", &autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t},\n\t\t\tHealthCheckType: pulumi.String(\"EC2\"),\n\t\t\tTerminationPolicies: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"OldestInstance\"),\n\t\t\t},\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t&autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"Foo\"),\n\t\t\t\t\tValue: pulumi.String(\"foo-bar\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewLifecycleHook(ctx, \"foobarLifecycleHook\", &autoscaling.LifecycleHookArgs{\n\t\t\tAutoscalingGroupName: foobarGroup.Name,\n\t\t\tDefaultResult: pulumi.String(\"CONTINUE\"),\n\t\t\tHeartbeatTimeout: pulumi.Int(2000),\n\t\t\tLifecycleTransition: pulumi.String(\"autoscaling:EC2_INSTANCE_LAUNCHING\"),\n\t\t\tNotificationMetadata: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"{\\n\", \" \\\"foo\\\": \\\"bar\\\"\\n\", \"}\\n\")),\n\t\t\tNotificationTargetArn: pulumi.String(\"arn:aws:sqs:us-east-1:444455556666:queue1*\"),\n\t\t\tRoleArn: pulumi.String(\"arn:aws:iam::123456789012:role/S3Access\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAutoScaling Lifecycle Hooks can be imported using the role autoscaling_group_name and name separated by `/`.\n\n```sh\n $ pulumi import aws:autoscaling/lifecycleHook:LifecycleHook test-lifecycle-hook asg-name/lifecycle-hook-name\n```\n\n ", + "properties": { + "autoscalingGroupName": { + "type": "string", + "description": "The name of the Auto Scaling group to which you want to assign the lifecycle hook\n" + }, + "defaultResult": { + "type": "string", + "description": "Defines the action the Auto Scaling group should take when the lifecycle hook timeout elapses or if an unexpected failure occurs. The value for this parameter can be either CONTINUE or ABANDON. The default value for this parameter is ABANDON.\n" + }, + "heartbeatTimeout": { + "type": "integer", + "description": "Defines the amount of time, in seconds, that can elapse before the lifecycle hook times out. When the lifecycle hook times out, Auto Scaling performs the action defined in the DefaultResult parameter\n" + }, + "lifecycleTransition": { + "type": "string", + "description": "The instance state to which you want to attach the lifecycle hook. For a list of lifecycle hook types, see [describe-lifecycle-hook-types](https://docs.aws.amazon.com/cli/latest/reference/autoscaling/describe-lifecycle-hook-types.html#examples)\n" + }, + "name": { + "type": "string", + "description": "The name of the lifecycle hook.\n" + }, + "notificationMetadata": { + "type": "string", + "description": "Contains additional information that you want to include any time Auto Scaling sends a message to the notification target.\n" + }, + "notificationTargetArn": { + "type": "string", + "description": "The ARN of the notification target that Auto Scaling will use to notify you when an instance is in the transition state for the lifecycle hook. This ARN target can be either an SQS queue or an SNS topic.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target.\n" + } + }, + "required": [ + "autoscalingGroupName", + "defaultResult", + "lifecycleTransition", + "name" + ], + "inputProperties": { + "autoscalingGroupName": { + "type": "string", + "description": "The name of the Auto Scaling group to which you want to assign the lifecycle hook\n" + }, + "defaultResult": { + "type": "string", + "description": "Defines the action the Auto Scaling group should take when the lifecycle hook timeout elapses or if an unexpected failure occurs. The value for this parameter can be either CONTINUE or ABANDON. The default value for this parameter is ABANDON.\n" + }, + "heartbeatTimeout": { + "type": "integer", + "description": "Defines the amount of time, in seconds, that can elapse before the lifecycle hook times out. When the lifecycle hook times out, Auto Scaling performs the action defined in the DefaultResult parameter\n" + }, + "lifecycleTransition": { + "type": "string", + "description": "The instance state to which you want to attach the lifecycle hook. For a list of lifecycle hook types, see [describe-lifecycle-hook-types](https://docs.aws.amazon.com/cli/latest/reference/autoscaling/describe-lifecycle-hook-types.html#examples)\n" + }, + "name": { + "type": "string", + "description": "The name of the lifecycle hook.\n" + }, + "notificationMetadata": { + "type": "string", + "description": "Contains additional information that you want to include any time Auto Scaling sends a message to the notification target.\n" + }, + "notificationTargetArn": { + "type": "string", + "description": "The ARN of the notification target that Auto Scaling will use to notify you when an instance is in the transition state for the lifecycle hook. This ARN target can be either an SQS queue or an SNS topic.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target.\n" + } + }, + "requiredInputs": [ + "autoscalingGroupName", + "lifecycleTransition" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LifecycleHook resources.\n", + "properties": { + "autoscalingGroupName": { + "type": "string", + "description": "The name of the Auto Scaling group to which you want to assign the lifecycle hook\n" + }, + "defaultResult": { + "type": "string", + "description": "Defines the action the Auto Scaling group should take when the lifecycle hook timeout elapses or if an unexpected failure occurs. The value for this parameter can be either CONTINUE or ABANDON. The default value for this parameter is ABANDON.\n" + }, + "heartbeatTimeout": { + "type": "integer", + "description": "Defines the amount of time, in seconds, that can elapse before the lifecycle hook times out. When the lifecycle hook times out, Auto Scaling performs the action defined in the DefaultResult parameter\n" + }, + "lifecycleTransition": { + "type": "string", + "description": "The instance state to which you want to attach the lifecycle hook. For a list of lifecycle hook types, see [describe-lifecycle-hook-types](https://docs.aws.amazon.com/cli/latest/reference/autoscaling/describe-lifecycle-hook-types.html#examples)\n" + }, + "name": { + "type": "string", + "description": "The name of the lifecycle hook.\n" + }, + "notificationMetadata": { + "type": "string", + "description": "Contains additional information that you want to include any time Auto Scaling sends a message to the notification target.\n" + }, + "notificationTargetArn": { + "type": "string", + "description": "The ARN of the notification target that Auto Scaling will use to notify you when an instance is in the transition state for the lifecycle hook. This ARN target can be either an SQS queue or an SNS topic.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role that allows the Auto Scaling group to publish to the specified notification target.\n" + } + }, + "type": "object" + } + }, + "aws:autoscaling/notification:Notification": { + "description": "Provides an AutoScaling Group with Notification support, via SNS Topics. Each of\nthe `notifications` map to a [Notification Configuration](https://docs.aws.amazon.com/AutoScaling/latest/APIReference/API_DescribeNotificationConfigurations.html) inside Amazon Web\nServices, and are applied to each AutoScaling Group you supply.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sns.Topic(\"example\", {});\n// arn is an exported attribute\nconst bar = new aws.autoscaling.Group(\"bar\", {});\n// ...\nconst foo = new aws.autoscaling.Group(\"foo\", {});\n// ...\nconst exampleNotifications = new aws.autoscaling.Notification(\"exampleNotifications\", {\n groupNames: [\n bar.name,\n foo.name,\n ],\n notifications: [\n \"autoscaling:EC2_INSTANCE_LAUNCH\",\n \"autoscaling:EC2_INSTANCE_TERMINATE\",\n \"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\",\n \"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\",\n ],\n topicArn: example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sns.Topic(\"example\")\n# arn is an exported attribute\nbar = aws.autoscaling.Group(\"bar\")\n# ...\nfoo = aws.autoscaling.Group(\"foo\")\n# ...\nexample_notifications = aws.autoscaling.Notification(\"exampleNotifications\",\n group_names=[\n bar.name,\n foo.name,\n ],\n notifications=[\n \"autoscaling:EC2_INSTANCE_LAUNCH\",\n \"autoscaling:EC2_INSTANCE_TERMINATE\",\n \"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\",\n \"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\",\n ],\n topic_arn=example.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sns.Topic(\"example\", new Aws.Sns.TopicArgs\n {\n });\n // arn is an exported attribute\n var bar = new Aws.AutoScaling.Group(\"bar\", new Aws.AutoScaling.GroupArgs\n {\n });\n // ...\n var foo = new Aws.AutoScaling.Group(\"foo\", new Aws.AutoScaling.GroupArgs\n {\n });\n // ...\n var exampleNotifications = new Aws.AutoScaling.Notification(\"exampleNotifications\", new Aws.AutoScaling.NotificationArgs\n {\n GroupNames = \n {\n bar.Name,\n foo.Name,\n },\n Notifications = \n {\n \"autoscaling:EC2_INSTANCE_LAUNCH\",\n \"autoscaling:EC2_INSTANCE_TERMINATE\",\n \"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\",\n \"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\",\n },\n TopicArn = example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sns.NewTopic(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := autoscaling.NewGroup(ctx, \"bar\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := autoscaling.NewGroup(ctx, \"foo\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewNotification(ctx, \"exampleNotifications\", &autoscaling.NotificationArgs{\n\t\t\tGroupNames: pulumi.StringArray{\n\t\t\t\tbar.Name,\n\t\t\t\tfoo.Name,\n\t\t\t},\n\t\t\tNotifications: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_LAUNCH\"),\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_TERMINATE\"),\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\"),\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\"),\n\t\t\t},\n\t\t\tTopicArn: example.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "groupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of AutoScaling Group Names\n" + }, + "notifications": { + "type": "array", + "items": { + "type": "string", + "$ref": "#/types/aws:autoscaling/notificationType:NotificationType" + }, + "description": "A list of Notification Types that trigger\nnotifications. Acceptable values are documented [in the AWS documentation here](https://docs.aws.amazon.com/AutoScaling/latest/APIReference/API_NotificationConfiguration.html)\n" + }, + "topicArn": { + "type": "string", + "description": "The Topic ARN for notifications to be sent through\n" + } + }, + "required": [ + "groupNames", + "notifications", + "topicArn" + ], + "inputProperties": { + "groupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of AutoScaling Group Names\n" + }, + "notifications": { + "type": "array", + "items": { + "type": "string", + "$ref": "#/types/aws:autoscaling/notificationType:NotificationType" + }, + "description": "A list of Notification Types that trigger\nnotifications. Acceptable values are documented [in the AWS documentation here](https://docs.aws.amazon.com/AutoScaling/latest/APIReference/API_NotificationConfiguration.html)\n" + }, + "topicArn": { + "type": "string", + "description": "The Topic ARN for notifications to be sent through\n" + } + }, + "requiredInputs": [ + "groupNames", + "notifications", + "topicArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Notification resources.\n", + "properties": { + "groupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of AutoScaling Group Names\n" + }, + "notifications": { + "type": "array", + "items": { + "type": "string", + "$ref": "#/types/aws:autoscaling/notificationType:NotificationType" + }, + "description": "A list of Notification Types that trigger\nnotifications. Acceptable values are documented [in the AWS documentation here](https://docs.aws.amazon.com/AutoScaling/latest/APIReference/API_NotificationConfiguration.html)\n" + }, + "topicArn": { + "type": "string", + "description": "The Topic ARN for notifications to be sent through\n" + } + }, + "type": "object" + } + }, + "aws:autoscaling/policy:Policy": { + "description": "Provides an AutoScaling Scaling Policy resource.\n\n> **NOTE:** You may want to omit `desired_capacity` attribute from attached `aws.autoscaling.Group`\nwhen using autoscaling policies. It's good practice to pick either\n[manual](https://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/as-manual-scaling.html)\nor [dynamic](https://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/as-scale-based-on-demand.html)\n(policy-based) scaling.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.autoscaling.Group(\"bar\", {\n availabilityZones: [\"us-east-1a\"],\n maxSize: 5,\n minSize: 2,\n healthCheckGracePeriod: 300,\n healthCheckType: \"ELB\",\n forceDelete: true,\n launchConfiguration: aws_launch_configuration.foo.name,\n});\nconst bat = new aws.autoscaling.Policy(\"bat\", {\n scalingAdjustment: 4,\n adjustmentType: \"ChangeInCapacity\",\n cooldown: 300,\n autoscalingGroupName: bar.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.autoscaling.Group(\"bar\",\n availability_zones=[\"us-east-1a\"],\n max_size=5,\n min_size=2,\n health_check_grace_period=300,\n health_check_type=\"ELB\",\n force_delete=True,\n launch_configuration=aws_launch_configuration[\"foo\"][\"name\"])\nbat = aws.autoscaling.Policy(\"bat\",\n scaling_adjustment=4,\n adjustment_type=\"ChangeInCapacity\",\n cooldown=300,\n autoscaling_group_name=bar.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = new Aws.AutoScaling.Group(\"bar\", new Aws.AutoScaling.GroupArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n MaxSize = 5,\n MinSize = 2,\n HealthCheckGracePeriod = 300,\n HealthCheckType = \"ELB\",\n ForceDelete = true,\n LaunchConfiguration = aws_launch_configuration.Foo.Name,\n });\n var bat = new Aws.AutoScaling.Policy(\"bat\", new Aws.AutoScaling.PolicyArgs\n {\n ScalingAdjustment = 4,\n AdjustmentType = \"ChangeInCapacity\",\n Cooldown = 300,\n AutoscalingGroupName = bar.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := autoscaling.NewGroup(ctx, \"bar\", &autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tMaxSize: pulumi.Int(5),\n\t\t\tMinSize: pulumi.Int(2),\n\t\t\tHealthCheckGracePeriod: pulumi.Int(300),\n\t\t\tHealthCheckType: pulumi.String(\"ELB\"),\n\t\t\tForceDelete: pulumi.Bool(true),\n\t\t\tLaunchConfiguration: pulumi.Any(aws_launch_configuration.Foo.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewPolicy(ctx, \"bat\", &autoscaling.PolicyArgs{\n\t\t\tScalingAdjustment: pulumi.Int(4),\n\t\t\tAdjustmentType: pulumi.String(\"ChangeInCapacity\"),\n\t\t\tCooldown: pulumi.Int(300),\n\t\t\tAutoscalingGroupName: bar.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAutoScaling scaling policy can be imported using the role autoscaling_group_name and name separated by `/`.\n\n```sh\n $ pulumi import aws:autoscaling/policy:Policy test-policy asg-name/policy-name\n```\n\n ", + "properties": { + "adjustmentType": { + "type": "string", + "description": "Specifies whether the adjustment is an absolute number or a percentage of the current capacity. Valid values are `ChangeInCapacity`, `ExactCapacity`, and `PercentChangeInCapacity`.\n" + }, + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to the scaling policy.\n" + }, + "autoscalingGroupName": { + "type": "string", + "description": "The name of the autoscaling group.\n" + }, + "cooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start.\n" + }, + "estimatedInstanceWarmup": { + "type": "integer", + "description": "The estimated time, in seconds, until a newly launched instance will contribute CloudWatch metrics. Without a value, AWS will default to the group's specified cooldown period.\n" + }, + "metricAggregationType": { + "type": "string", + "description": "The aggregation type for the policy's metrics. Valid values are \"Minimum\", \"Maximum\", and \"Average\". Without a value, AWS will treat the aggregation type as \"Average\".\n" + }, + "minAdjustmentMagnitude": { + "type": "integer", + "description": "Minimum value to scale by when `adjustment_type` is set to `PercentChangeInCapacity`.\n" + }, + "name": { + "type": "string", + "description": "The name of the dimension.\n" + }, + "policyType": { + "type": "string", + "description": "The policy type, either \"SimpleScaling\", \"StepScaling\", \"TargetTrackingScaling\", or \"PredictiveScaling\". If this value isn't provided, AWS will default to \"SimpleScaling.\"\n" + }, + "predictiveScalingConfiguration": { + "$ref": "#/types/aws:autoscaling/PolicyPredictiveScalingConfiguration:PolicyPredictiveScalingConfiguration", + "description": "The predictive scaling policy configuration to use with Amazon EC2 Auto Scaling.\n" + }, + "scalingAdjustment": { + "type": "integer", + "description": "The number of members by which to\nscale, when the adjustment bounds are breached. A positive value scales\nup. A negative value scales down.\n" + }, + "stepAdjustments": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/PolicyStepAdjustment:PolicyStepAdjustment" + }, + "description": "A set of adjustments that manage\ngroup scaling. These have the following structure:\n" + }, + "targetTrackingConfiguration": { + "$ref": "#/types/aws:autoscaling/PolicyTargetTrackingConfiguration:PolicyTargetTrackingConfiguration", + "description": "A target tracking policy. These have the following structure:\n" + } + }, + "required": [ + "arn", + "autoscalingGroupName", + "metricAggregationType", + "name" + ], + "inputProperties": { + "adjustmentType": { + "type": "string", + "description": "Specifies whether the adjustment is an absolute number or a percentage of the current capacity. Valid values are `ChangeInCapacity`, `ExactCapacity`, and `PercentChangeInCapacity`.\n" + }, + "autoscalingGroupName": { + "type": "string", + "description": "The name of the autoscaling group.\n" + }, + "cooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start.\n" + }, + "estimatedInstanceWarmup": { + "type": "integer", + "description": "The estimated time, in seconds, until a newly launched instance will contribute CloudWatch metrics. Without a value, AWS will default to the group's specified cooldown period.\n" + }, + "metricAggregationType": { + "type": "string", + "description": "The aggregation type for the policy's metrics. Valid values are \"Minimum\", \"Maximum\", and \"Average\". Without a value, AWS will treat the aggregation type as \"Average\".\n" + }, + "minAdjustmentMagnitude": { + "type": "integer", + "description": "Minimum value to scale by when `adjustment_type` is set to `PercentChangeInCapacity`.\n" + }, + "name": { + "type": "string", + "description": "The name of the dimension.\n" + }, + "policyType": { + "type": "string", + "description": "The policy type, either \"SimpleScaling\", \"StepScaling\", \"TargetTrackingScaling\", or \"PredictiveScaling\". If this value isn't provided, AWS will default to \"SimpleScaling.\"\n" + }, + "predictiveScalingConfiguration": { + "$ref": "#/types/aws:autoscaling/PolicyPredictiveScalingConfiguration:PolicyPredictiveScalingConfiguration", + "description": "The predictive scaling policy configuration to use with Amazon EC2 Auto Scaling.\n" + }, + "scalingAdjustment": { + "type": "integer", + "description": "The number of members by which to\nscale, when the adjustment bounds are breached. A positive value scales\nup. A negative value scales down.\n" + }, + "stepAdjustments": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/PolicyStepAdjustment:PolicyStepAdjustment" + }, + "description": "A set of adjustments that manage\ngroup scaling. These have the following structure:\n" + }, + "targetTrackingConfiguration": { + "$ref": "#/types/aws:autoscaling/PolicyTargetTrackingConfiguration:PolicyTargetTrackingConfiguration", + "description": "A target tracking policy. These have the following structure:\n" + } + }, + "requiredInputs": [ + "autoscalingGroupName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Policy resources.\n", + "properties": { + "adjustmentType": { + "type": "string", + "description": "Specifies whether the adjustment is an absolute number or a percentage of the current capacity. Valid values are `ChangeInCapacity`, `ExactCapacity`, and `PercentChangeInCapacity`.\n" + }, + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to the scaling policy.\n" + }, + "autoscalingGroupName": { + "type": "string", + "description": "The name of the autoscaling group.\n" + }, + "cooldown": { + "type": "integer", + "description": "The amount of time, in seconds, after a scaling activity completes and before the next scaling activity can start.\n" + }, + "estimatedInstanceWarmup": { + "type": "integer", + "description": "The estimated time, in seconds, until a newly launched instance will contribute CloudWatch metrics. Without a value, AWS will default to the group's specified cooldown period.\n" + }, + "metricAggregationType": { + "type": "string", + "description": "The aggregation type for the policy's metrics. Valid values are \"Minimum\", \"Maximum\", and \"Average\". Without a value, AWS will treat the aggregation type as \"Average\".\n" + }, + "minAdjustmentMagnitude": { + "type": "integer", + "description": "Minimum value to scale by when `adjustment_type` is set to `PercentChangeInCapacity`.\n" + }, + "name": { + "type": "string", + "description": "The name of the dimension.\n" + }, + "policyType": { + "type": "string", + "description": "The policy type, either \"SimpleScaling\", \"StepScaling\", \"TargetTrackingScaling\", or \"PredictiveScaling\". If this value isn't provided, AWS will default to \"SimpleScaling.\"\n" + }, + "predictiveScalingConfiguration": { + "$ref": "#/types/aws:autoscaling/PolicyPredictiveScalingConfiguration:PolicyPredictiveScalingConfiguration", + "description": "The predictive scaling policy configuration to use with Amazon EC2 Auto Scaling.\n" + }, + "scalingAdjustment": { + "type": "integer", + "description": "The number of members by which to\nscale, when the adjustment bounds are breached. A positive value scales\nup. A negative value scales down.\n" + }, + "stepAdjustments": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/PolicyStepAdjustment:PolicyStepAdjustment" + }, + "description": "A set of adjustments that manage\ngroup scaling. These have the following structure:\n" + }, + "targetTrackingConfiguration": { + "$ref": "#/types/aws:autoscaling/PolicyTargetTrackingConfiguration:PolicyTargetTrackingConfiguration", + "description": "A target tracking policy. These have the following structure:\n" + } + }, + "type": "object" + } + }, + "aws:autoscaling/schedule:Schedule": { + "description": "Provides an AutoScaling Schedule resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foobarGroup = new aws.autoscaling.Group(\"foobarGroup\", {\n availabilityZones: [\"us-west-2a\"],\n maxSize: 1,\n minSize: 1,\n healthCheckGracePeriod: 300,\n healthCheckType: \"ELB\",\n forceDelete: true,\n terminationPolicies: [\"OldestInstance\"],\n});\nconst foobarSchedule = new aws.autoscaling.Schedule(\"foobarSchedule\", {\n scheduledActionName: \"foobar\",\n minSize: 0,\n maxSize: 1,\n desiredCapacity: 0,\n startTime: \"2016-12-11T18:00:00Z\",\n endTime: \"2016-12-12T06:00:00Z\",\n autoscalingGroupName: foobarGroup.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoobar_group = aws.autoscaling.Group(\"foobarGroup\",\n availability_zones=[\"us-west-2a\"],\n max_size=1,\n min_size=1,\n health_check_grace_period=300,\n health_check_type=\"ELB\",\n force_delete=True,\n termination_policies=[\"OldestInstance\"])\nfoobar_schedule = aws.autoscaling.Schedule(\"foobarSchedule\",\n scheduled_action_name=\"foobar\",\n min_size=0,\n max_size=1,\n desired_capacity=0,\n start_time=\"2016-12-11T18:00:00Z\",\n end_time=\"2016-12-12T06:00:00Z\",\n autoscaling_group_name=foobar_group.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foobarGroup = new Aws.AutoScaling.Group(\"foobarGroup\", new Aws.AutoScaling.GroupArgs\n {\n AvailabilityZones = \n {\n \"us-west-2a\",\n },\n MaxSize = 1,\n MinSize = 1,\n HealthCheckGracePeriod = 300,\n HealthCheckType = \"ELB\",\n ForceDelete = true,\n TerminationPolicies = \n {\n \"OldestInstance\",\n },\n });\n var foobarSchedule = new Aws.AutoScaling.Schedule(\"foobarSchedule\", new Aws.AutoScaling.ScheduleArgs\n {\n ScheduledActionName = \"foobar\",\n MinSize = 0,\n MaxSize = 1,\n DesiredCapacity = 0,\n StartTime = \"2016-12-11T18:00:00Z\",\n EndTime = \"2016-12-12T06:00:00Z\",\n AutoscalingGroupName = foobarGroup.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoobarGroup, err := autoscaling.NewGroup(ctx, \"foobarGroup\", &autoscaling.GroupArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t},\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tHealthCheckGracePeriod: pulumi.Int(300),\n\t\t\tHealthCheckType: pulumi.String(\"ELB\"),\n\t\t\tForceDelete: pulumi.Bool(true),\n\t\t\tTerminationPolicies: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"OldestInstance\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewSchedule(ctx, \"foobarSchedule\", &autoscaling.ScheduleArgs{\n\t\t\tScheduledActionName: pulumi.String(\"foobar\"),\n\t\t\tMinSize: pulumi.Int(0),\n\t\t\tMaxSize: pulumi.Int(1),\n\t\t\tDesiredCapacity: pulumi.Int(0),\n\t\t\tStartTime: pulumi.String(\"2016-12-11T18:00:00Z\"),\n\t\t\tEndTime: pulumi.String(\"2016-12-12T06:00:00Z\"),\n\t\t\tAutoscalingGroupName: foobarGroup.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAutoScaling ScheduledAction can be imported using the `auto-scaling-group-name` and `scheduled-action-name`, e.g.\n\n```sh\n $ pulumi import aws:autoscaling/schedule:Schedule resource-name auto-scaling-group-name/scheduled-action-name\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to the autoscaling schedule.\n" + }, + "autoscalingGroupName": { + "type": "string", + "description": "The name or Amazon Resource Name (ARN) of the Auto Scaling group.\n" + }, + "desiredCapacity": { + "type": "integer", + "description": "The number of EC2 instances that should be running in the group. Default 0. Set to -1 if you don't want to change the desired capacity at the scheduled time.\n" + }, + "endTime": { + "type": "string", + "description": "The time for this action to end, in \"YYYY-MM-DDThh:mm:ssZ\" format in UTC/GMT only (for example, 2014-06-01T00:00:00Z ).\nIf you try to schedule your action in the past, Auto Scaling returns an error message.\n" + }, + "maxSize": { + "type": "integer", + "description": "The maximum size for the Auto Scaling group. Default 0.\nSet to -1 if you don't want to change the maximum size at the scheduled time.\n" + }, + "minSize": { + "type": "integer", + "description": "The minimum size for the Auto Scaling group. Default 0.\nSet to -1 if you don't want to change the minimum size at the scheduled time.\n" + }, + "recurrence": { + "type": "string", + "description": "The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format.\n" + }, + "scheduledActionName": { + "type": "string", + "description": "The name of this scaling action.\n" + }, + "startTime": { + "type": "string", + "description": "The time for this action to start, in \"YYYY-MM-DDThh:mm:ssZ\" format in UTC/GMT only (for example, 2014-06-01T00:00:00Z ).\nIf you try to schedule your action in the past, Auto Scaling returns an error message.\n" + }, + "timeZone": { + "type": "string", + "description": "The timezone for the cron expression. Valid values are the canonical names of the IANA time zones (such as Etc/GMT+9 or Pacific/Tahiti).\n" + } + }, + "required": [ + "arn", + "autoscalingGroupName", + "desiredCapacity", + "endTime", + "maxSize", + "minSize", + "recurrence", + "scheduledActionName", + "startTime", + "timeZone" + ], + "inputProperties": { + "autoscalingGroupName": { + "type": "string", + "description": "The name or Amazon Resource Name (ARN) of the Auto Scaling group.\n" + }, + "desiredCapacity": { + "type": "integer", + "description": "The number of EC2 instances that should be running in the group. Default 0. Set to -1 if you don't want to change the desired capacity at the scheduled time.\n" + }, + "endTime": { + "type": "string", + "description": "The time for this action to end, in \"YYYY-MM-DDThh:mm:ssZ\" format in UTC/GMT only (for example, 2014-06-01T00:00:00Z ).\nIf you try to schedule your action in the past, Auto Scaling returns an error message.\n" + }, + "maxSize": { + "type": "integer", + "description": "The maximum size for the Auto Scaling group. Default 0.\nSet to -1 if you don't want to change the maximum size at the scheduled time.\n" + }, + "minSize": { + "type": "integer", + "description": "The minimum size for the Auto Scaling group. Default 0.\nSet to -1 if you don't want to change the minimum size at the scheduled time.\n" + }, + "recurrence": { + "type": "string", + "description": "The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format.\n" + }, + "scheduledActionName": { + "type": "string", + "description": "The name of this scaling action.\n" + }, + "startTime": { + "type": "string", + "description": "The time for this action to start, in \"YYYY-MM-DDThh:mm:ssZ\" format in UTC/GMT only (for example, 2014-06-01T00:00:00Z ).\nIf you try to schedule your action in the past, Auto Scaling returns an error message.\n" + }, + "timeZone": { + "type": "string", + "description": "The timezone for the cron expression. Valid values are the canonical names of the IANA time zones (such as Etc/GMT+9 or Pacific/Tahiti).\n" + } + }, + "requiredInputs": [ + "autoscalingGroupName", + "scheduledActionName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Schedule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to the autoscaling schedule.\n" + }, + "autoscalingGroupName": { + "type": "string", + "description": "The name or Amazon Resource Name (ARN) of the Auto Scaling group.\n" + }, + "desiredCapacity": { + "type": "integer", + "description": "The number of EC2 instances that should be running in the group. Default 0. Set to -1 if you don't want to change the desired capacity at the scheduled time.\n" + }, + "endTime": { + "type": "string", + "description": "The time for this action to end, in \"YYYY-MM-DDThh:mm:ssZ\" format in UTC/GMT only (for example, 2014-06-01T00:00:00Z ).\nIf you try to schedule your action in the past, Auto Scaling returns an error message.\n" + }, + "maxSize": { + "type": "integer", + "description": "The maximum size for the Auto Scaling group. Default 0.\nSet to -1 if you don't want to change the maximum size at the scheduled time.\n" + }, + "minSize": { + "type": "integer", + "description": "The minimum size for the Auto Scaling group. Default 0.\nSet to -1 if you don't want to change the minimum size at the scheduled time.\n" + }, + "recurrence": { + "type": "string", + "description": "The time when recurring future actions will start. Start time is specified by the user following the Unix cron syntax format.\n" + }, + "scheduledActionName": { + "type": "string", + "description": "The name of this scaling action.\n" + }, + "startTime": { + "type": "string", + "description": "The time for this action to start, in \"YYYY-MM-DDThh:mm:ssZ\" format in UTC/GMT only (for example, 2014-06-01T00:00:00Z ).\nIf you try to schedule your action in the past, Auto Scaling returns an error message.\n" + }, + "timeZone": { + "type": "string", + "description": "The timezone for the cron expression. Valid values are the canonical names of the IANA time zones (such as Etc/GMT+9 or Pacific/Tahiti).\n" + } + }, + "type": "object" + } + }, + "aws:autoscalingplans/scalingPlan:ScalingPlan": { + "description": "Manages an AWS Auto Scaling scaling plan.\nMore information can be found in the [AWS Auto Scaling User Guide](https://docs.aws.amazon.com/autoscaling/plans/userguide/what-is-aws-auto-scaling.html).\n\n> **NOTE:** The AWS Auto Scaling service uses an AWS IAM service-linked role to manage predictive scaling of Amazon EC2 Auto Scaling groups. The service attempts to automatically create this role the first time a scaling plan with predictive scaling enabled is created.\nAn `aws.iam.ServiceLinkedRole` resource can be used to manually manage this role.\nSee the [AWS documentation](https://docs.aws.amazon.com/autoscaling/plans/userguide/aws-auto-scaling-service-linked-roles.html#create-service-linked-role-manual) for more details.\n\n{{% examples %}}\n## Example Usage\n{{% /examples %}}\n\n## Import\n\nAuto Scaling scaling plans can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:autoscalingplans/scalingPlan:ScalingPlan example MyScale1\n```\n\n ", + "properties": { + "applicationSource": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanApplicationSource:ScalingPlanApplicationSource", + "description": "A CloudFormation stack or set of tags. You can create one scaling plan per application source.\n" + }, + "name": { + "type": "string", + "description": "The name of the scaling plan. Names cannot contain vertical bars, colons, or forward slashes.\n" + }, + "scalingInstructions": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanScalingInstruction:ScalingPlanScalingInstruction" + }, + "description": "The scaling instructions. More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_ScalingInstruction.html).\n" + }, + "scalingPlanVersion": { + "type": "integer", + "description": "The version number of the scaling plan. This value is always 1.\n" + } + }, + "required": [ + "applicationSource", + "name", + "scalingInstructions", + "scalingPlanVersion" + ], + "inputProperties": { + "applicationSource": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanApplicationSource:ScalingPlanApplicationSource", + "description": "A CloudFormation stack or set of tags. You can create one scaling plan per application source.\n" + }, + "name": { + "type": "string", + "description": "The name of the scaling plan. Names cannot contain vertical bars, colons, or forward slashes.\n" + }, + "scalingInstructions": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanScalingInstruction:ScalingPlanScalingInstruction" + }, + "description": "The scaling instructions. More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_ScalingInstruction.html).\n" + } + }, + "requiredInputs": [ + "applicationSource", + "scalingInstructions" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ScalingPlan resources.\n", + "properties": { + "applicationSource": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanApplicationSource:ScalingPlanApplicationSource", + "description": "A CloudFormation stack or set of tags. You can create one scaling plan per application source.\n" + }, + "name": { + "type": "string", + "description": "The name of the scaling plan. Names cannot contain vertical bars, colons, or forward slashes.\n" + }, + "scalingInstructions": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscalingplans/ScalingPlanScalingInstruction:ScalingPlanScalingInstruction" + }, + "description": "The scaling instructions. More details can be found in the [AWS Auto Scaling API Reference](https://docs.aws.amazon.com/autoscaling/plans/APIReference/API_ScalingInstruction.html).\n" + }, + "scalingPlanVersion": { + "type": "integer", + "description": "The version number of the scaling plan. This value is always 1.\n" + } + }, + "type": "object" + } + }, + "aws:backup/globalSettings:GlobalSettings": { + "description": "Provides an AWS Backup Global Settings resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.backup.GlobalSettings(\"test\", {\n globalSettings: {\n isCrossAccountBackupEnabled: \"true\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.backup.GlobalSettings(\"test\", global_settings={\n \"isCrossAccountBackupEnabled\": \"true\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Backup.GlobalSettings(\"test\", new Aws.Backup.GlobalSettingsArgs\n {\n GlobalSettings = \n {\n { \"isCrossAccountBackupEnabled\", \"true\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewGlobalSettings(ctx, \"test\", &backup.GlobalSettingsArgs{\n\t\t\tGlobalSettings: pulumi.StringMap{\n\t\t\t\t\"isCrossAccountBackupEnabled\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBackup Global Settings can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:backup/globalSettings:GlobalSettings example 123456789012\n```\n\n ", + "properties": { + "globalSettings": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of resources along with the opt-in preferences for the account.\n", + "language": { + "csharp": { + "name": "GlobalSettingsList" + } + } + } + }, + "required": [ + "globalSettings" + ], + "inputProperties": { + "globalSettings": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of resources along with the opt-in preferences for the account.\n", + "language": { + "csharp": { + "name": "GlobalSettingsList" + } + } + } + }, + "requiredInputs": [ + "globalSettings" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GlobalSettings resources.\n", + "properties": { + "globalSettings": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of resources along with the opt-in preferences for the account.\n", + "language": { + "csharp": { + "name": "GlobalSettingsList" + } + } + } + }, + "type": "object" + } + }, + "aws:backup/plan:Plan": { + "description": "Provides an AWS Backup plan resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Plan(\"example\", {\n rules: [{\n ruleName: \"tf_example_backup_rule\",\n targetVaultName: aws_backup_vault.test.name,\n schedule: \"cron(0 12 * * ? *)\",\n }],\n advancedBackupSettings: [{\n backupOptions: {\n WindowsVSS: \"enabled\",\n },\n resourceType: \"EC2\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Plan(\"example\",\n rules=[aws.backup.PlanRuleArgs(\n rule_name=\"tf_example_backup_rule\",\n target_vault_name=aws_backup_vault[\"test\"][\"name\"],\n schedule=\"cron(0 12 * * ? *)\",\n )],\n advanced_backup_settings=[aws.backup.PlanAdvancedBackupSettingArgs(\n backup_options={\n \"WindowsVSS\": \"enabled\",\n },\n resource_type=\"EC2\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Backup.Plan(\"example\", new Aws.Backup.PlanArgs\n {\n Rules = \n {\n new Aws.Backup.Inputs.PlanRuleArgs\n {\n RuleName = \"tf_example_backup_rule\",\n TargetVaultName = aws_backup_vault.Test.Name,\n Schedule = \"cron(0 12 * * ? *)\",\n },\n },\n AdvancedBackupSettings = \n {\n new Aws.Backup.Inputs.PlanAdvancedBackupSettingArgs\n {\n BackupOptions = \n {\n { \"WindowsVSS\", \"enabled\" },\n },\n ResourceType = \"EC2\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewPlan(ctx, \"example\", &backup.PlanArgs{\n\t\t\tRules: backup.PlanRuleArray{\n\t\t\t\t&backup.PlanRuleArgs{\n\t\t\t\t\tRuleName: pulumi.String(\"tf_example_backup_rule\"),\n\t\t\t\t\tTargetVaultName: pulumi.Any(aws_backup_vault.Test.Name),\n\t\t\t\t\tSchedule: pulumi.String(\"cron(0 12 * * ? *)\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAdvancedBackupSettings: backup.PlanAdvancedBackupSettingArray{\n\t\t\t\t&backup.PlanAdvancedBackupSettingArgs{\n\t\t\t\t\tBackupOptions: pulumi.StringMap{\n\t\t\t\t\t\t\"WindowsVSS\": pulumi.String(\"enabled\"),\n\t\t\t\t\t},\n\t\t\t\t\tResourceType: pulumi.String(\"EC2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBackup Plan can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:backup/plan:Plan test \n```\n\n ", + "properties": { + "advancedBackupSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:backup/PlanAdvancedBackupSetting:PlanAdvancedBackupSetting" + }, + "description": "An object that specifies backup options for each resource type.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the backup plan.\n" + }, + "name": { + "type": "string", + "description": "The display name of a backup plan.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:backup/PlanRule:PlanRule" + }, + "description": "A rule object that specifies a scheduled task that is used to back up a selection of resources.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the plans you create. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan.\n" + } + }, + "required": [ + "arn", + "name", + "rules", + "tagsAll", + "version" + ], + "inputProperties": { + "advancedBackupSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:backup/PlanAdvancedBackupSetting:PlanAdvancedBackupSetting" + }, + "description": "An object that specifies backup options for each resource type.\n" + }, + "name": { + "type": "string", + "description": "The display name of a backup plan.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:backup/PlanRule:PlanRule" + }, + "description": "A rule object that specifies a scheduled task that is used to back up a selection of resources.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the plans you create. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "rules" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Plan resources.\n", + "properties": { + "advancedBackupSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:backup/PlanAdvancedBackupSetting:PlanAdvancedBackupSetting" + }, + "description": "An object that specifies backup options for each resource type.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the backup plan.\n" + }, + "name": { + "type": "string", + "description": "The display name of a backup plan.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:backup/PlanRule:PlanRule" + }, + "description": "A rule object that specifies a scheduled task that is used to back up a selection of resources.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the plans you create. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan.\n" + } + }, + "type": "object" + } + }, + "aws:backup/regionSettings:RegionSettings": { + "description": "Provides an AWS Backup Region Settings resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.backup.RegionSettings(\"test\", {\n resourceTypeOptInPreference: {\n Aurora: true,\n DynamoDB: true,\n EBS: true,\n EC2: true,\n EFS: true,\n FSx: true,\n RDS: true,\n \"Storage Gateway\": true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.backup.RegionSettings(\"test\", resource_type_opt_in_preference={\n \"Aurora\": True,\n \"DynamoDB\": True,\n \"EBS\": True,\n \"EC2\": True,\n \"EFS\": True,\n \"FSx\": True,\n \"RDS\": True,\n \"Storage Gateway\": True,\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Backup.RegionSettings(\"test\", new Aws.Backup.RegionSettingsArgs\n {\n ResourceTypeOptInPreference = \n {\n { \"Aurora\", true },\n { \"DynamoDB\", true },\n { \"EBS\", true },\n { \"EC2\", true },\n { \"EFS\", true },\n { \"FSx\", true },\n { \"RDS\", true },\n { \"Storage Gateway\", true },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewRegionSettings(ctx, \"test\", &backup.RegionSettingsArgs{\n\t\t\tResourceTypeOptInPreference: pulumi.BoolMap{\n\t\t\t\t\"Aurora\": pulumi.Bool(true),\n\t\t\t\t\"DynamoDB\": pulumi.Bool(true),\n\t\t\t\t\"EBS\": pulumi.Bool(true),\n\t\t\t\t\"EC2\": pulumi.Bool(true),\n\t\t\t\t\"EFS\": pulumi.Bool(true),\n\t\t\t\t\"FSx\": pulumi.Bool(true),\n\t\t\t\t\"RDS\": pulumi.Bool(true),\n\t\t\t\t\"Storage Gateway\": pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBackup Region Settings can be imported using the `region`, e.g.\n\n```sh\n $ pulumi import aws:backup/regionSettings:RegionSettings test us-west-2\n```\n\n ", + "properties": { + "resourceTypeOptInPreference": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A map of services along with the opt-in preferences for the Region.\n" + } + }, + "required": [ + "resourceTypeOptInPreference" + ], + "inputProperties": { + "resourceTypeOptInPreference": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A map of services along with the opt-in preferences for the Region.\n" + } + }, + "requiredInputs": [ + "resourceTypeOptInPreference" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RegionSettings resources.\n", + "properties": { + "resourceTypeOptInPreference": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A map of services along with the opt-in preferences for the Region.\n" + } + }, + "type": "object" + } + }, + "aws:backup/selection:Selection": { + "description": "Manages selection conditions for AWS Backup plan resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### IAM Role\n\n> For more information about creating and managing IAM Roles for backups and restores, see the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/iam-service-roles.html).\n\nThe below example creates an IAM role with the default managed IAM Policy for allowing AWS Backup to create backups.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\"sts:AssumeRole\"],\n \"Effect\": \"allow\",\n \"Principal\": {\n \"Service\": [\"backup.amazonaws.com\"]\n }\n }\n ]\n}\n`});\nconst exampleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n role: exampleRole.name,\n});\n// ... other configuration ...\nconst exampleSelection = new aws.backup.Selection(\"exampleSelection\", {iamRoleArn: exampleRole.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\"sts:AssumeRole\"],\n \"Effect\": \"allow\",\n \"Principal\": {\n \"Service\": [\"backup.amazonaws.com\"]\n }\n }\n ]\n}\n\"\"\")\nexample_role_policy_attachment = aws.iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n role=example_role.name)\n# ... other configuration ...\nexample_selection = aws.backup.Selection(\"exampleSelection\", iam_role_arn=example_role.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": [\"\"sts:AssumeRole\"\"],\n \"\"Effect\"\": \"\"allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": [\"\"backup.amazonaws.com\"\"]\n }\n }\n ]\n}\n\",\n });\n var exampleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"exampleRolePolicyAttachment\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\",\n Role = exampleRole.Name,\n });\n // ... other configuration ...\n var exampleSelection = new Aws.Backup.Selection(\"exampleSelection\", new Aws.Backup.SelectionArgs\n {\n IamRoleArn = exampleRole.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\\"sts:AssumeRole\\\"],\\n\", \" \\\"Effect\\\": \\\"allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": [\\\"backup.amazonaws.com\\\"]\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"exampleRolePolicyAttachment\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSBackupServiceRolePolicyForBackup\"),\n\t\t\tRole: exampleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = backup.NewSelection(ctx, \"exampleSelection\", &backup.SelectionArgs{\n\t\t\tIamRoleArn: exampleRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Selecting Backups By Tag\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: aws_iam_role.example.arn,\n planId: aws_backup_plan.example.id,\n selectionTags: [{\n type: \"STRINGEQUALS\",\n key: \"foo\",\n value: \"bar\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=aws_iam_role[\"example\"][\"arn\"],\n plan_id=aws_backup_plan[\"example\"][\"id\"],\n selection_tags=[aws.backup.SelectionSelectionTagArgs(\n type=\"STRINGEQUALS\",\n key=\"foo\",\n value=\"bar\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Backup.Selection(\"example\", new Aws.Backup.SelectionArgs\n {\n IamRoleArn = aws_iam_role.Example.Arn,\n PlanId = aws_backup_plan.Example.Id,\n SelectionTags = \n {\n new Aws.Backup.Inputs.SelectionSelectionTagArgs\n {\n Type = \"STRINGEQUALS\",\n Key = \"foo\",\n Value = \"bar\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", &backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tPlanId: pulumi.Any(aws_backup_plan.Example.Id),\n\t\t\tSelectionTags: backup.SelectionSelectionTagArray{\n\t\t\t\t&backup.SelectionSelectionTagArgs{\n\t\t\t\t\tType: pulumi.String(\"STRINGEQUALS\"),\n\t\t\t\t\tKey: pulumi.String(\"foo\"),\n\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Selecting Backups By Resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Selection(\"example\", {\n iamRoleArn: aws_iam_role.example.arn,\n planId: aws_backup_plan.example.id,\n resources: [\n aws_db_instance.example.arn,\n aws_ebs_volume.example.arn,\n aws_efs_file_system.example.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Selection(\"example\",\n iam_role_arn=aws_iam_role[\"example\"][\"arn\"],\n plan_id=aws_backup_plan[\"example\"][\"id\"],\n resources=[\n aws_db_instance[\"example\"][\"arn\"],\n aws_ebs_volume[\"example\"][\"arn\"],\n aws_efs_file_system[\"example\"][\"arn\"],\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Backup.Selection(\"example\", new Aws.Backup.SelectionArgs\n {\n IamRoleArn = aws_iam_role.Example.Arn,\n PlanId = aws_backup_plan.Example.Id,\n Resources = \n {\n aws_db_instance.Example.Arn,\n aws_ebs_volume.Example.Arn,\n aws_efs_file_system.Example.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewSelection(ctx, \"example\", &backup.SelectionArgs{\n\t\t\tIamRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tPlanId: pulumi.Any(aws_backup_plan.Example.Id),\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_db_instance.Example.Arn),\n\t\t\t\tpulumi.Any(aws_ebs_volume.Example.Arn),\n\t\t\t\tpulumi.Any(aws_efs_file_system.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBackup selection can be imported using the role plan_id and id separated by `|`.\n\n```sh\n $ pulumi import aws:backup/selection:Selection example plan-id|selection-id\n```\n\n ", + "properties": { + "iamRoleArn": { + "type": "string", + "description": "The ARN of the IAM role that AWS Backup uses to authenticate when restoring and backing up the target resource. See the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/access-control.html#managed-policies) for additional information about using AWS managed policies or creating custom policies attached to the IAM role.\n" + }, + "name": { + "type": "string", + "description": "The display name of a resource selection document.\n" + }, + "planId": { + "type": "string", + "description": "The backup plan ID to be associated with the selection of resources.\n" + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan..\n" + }, + "selectionTags": { + "type": "array", + "items": { + "$ref": "#/types/aws:backup/SelectionSelectionTag:SelectionSelectionTag" + }, + "description": "Tag-based conditions used to specify a set of resources to assign to a backup plan.\n" + } + }, + "required": [ + "iamRoleArn", + "name", + "planId" + ], + "inputProperties": { + "iamRoleArn": { + "type": "string", + "description": "The ARN of the IAM role that AWS Backup uses to authenticate when restoring and backing up the target resource. See the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/access-control.html#managed-policies) for additional information about using AWS managed policies or creating custom policies attached to the IAM role.\n" + }, + "name": { + "type": "string", + "description": "The display name of a resource selection document.\n" + }, + "planId": { + "type": "string", + "description": "The backup plan ID to be associated with the selection of resources.\n" + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan..\n" + }, + "selectionTags": { + "type": "array", + "items": { + "$ref": "#/types/aws:backup/SelectionSelectionTag:SelectionSelectionTag" + }, + "description": "Tag-based conditions used to specify a set of resources to assign to a backup plan.\n" + } + }, + "requiredInputs": [ + "iamRoleArn", + "planId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Selection resources.\n", + "properties": { + "iamRoleArn": { + "type": "string", + "description": "The ARN of the IAM role that AWS Backup uses to authenticate when restoring and backing up the target resource. See the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/access-control.html#managed-policies) for additional information about using AWS managed policies or creating custom policies attached to the IAM role.\n" + }, + "name": { + "type": "string", + "description": "The display name of a resource selection document.\n" + }, + "planId": { + "type": "string", + "description": "The backup plan ID to be associated with the selection of resources.\n" + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan..\n" + }, + "selectionTags": { + "type": "array", + "items": { + "$ref": "#/types/aws:backup/SelectionSelectionTag:SelectionSelectionTag" + }, + "description": "Tag-based conditions used to specify a set of resources to assign to a backup plan.\n" + } + }, + "type": "object" + } + }, + "aws:backup/vault:Vault": { + "description": "Provides an AWS Backup vault resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.backup.Vault(\"example\", {kmsKeyArn: aws_kms_key.example.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.Vault(\"example\", kms_key_arn=aws_kms_key[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Backup.Vault(\"example\", new Aws.Backup.VaultArgs\n {\n KmsKeyArn = aws_kms_key.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.NewVault(ctx, \"example\", &backup.VaultArgs{\n\t\t\tKmsKeyArn: pulumi.Any(aws_kms_key.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBackup vault can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:backup/vault:Vault test-vault TestVault\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the vault.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The server-side encryption key that is used to protect your backups.\n" + }, + "name": { + "type": "string", + "description": "Name of the backup vault to create.\n" + }, + "recoveryPoints": { + "type": "integer", + "description": "The number of recovery points that are stored in a backup vault.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the resources that you create. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "kmsKeyArn", + "name", + "recoveryPoints", + "tagsAll" + ], + "inputProperties": { + "kmsKeyArn": { + "type": "string", + "description": "The server-side encryption key that is used to protect your backups.\n" + }, + "name": { + "type": "string", + "description": "Name of the backup vault to create.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the resources that you create. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Vault resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the vault.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The server-side encryption key that is used to protect your backups.\n" + }, + "name": { + "type": "string", + "description": "Name of the backup vault to create.\n" + }, + "recoveryPoints": { + "type": "integer", + "description": "The number of recovery points that are stored in a backup vault.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the resources that you create. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:backup/vaultNotifications:VaultNotifications": { + "description": "Provides an AWS Backup vault notifications resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTopic = new aws.sns.Topic(\"testTopic\", {});\nconst testPolicyDocument = testTopic.arn.apply(arn => aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [{\n actions: [\"SNS:Publish\"],\n effect: \"Allow\",\n principals: [{\n type: \"Service\",\n identifiers: [\"backup.amazonaws.com\"],\n }],\n resources: [arn],\n sid: \"__default_statement_ID\",\n }],\n}));\nconst testTopicPolicy = new aws.sns.TopicPolicy(\"testTopicPolicy\", {\n arn: testTopic.arn,\n policy: testPolicyDocument.apply(testPolicyDocument => testPolicyDocument.json),\n});\nconst testVaultNotifications = new aws.backup.VaultNotifications(\"testVaultNotifications\", {\n backupVaultName: \"example_backup_vault\",\n snsTopicArn: testTopic.arn,\n backupVaultEvents: [\n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_topic = aws.sns.Topic(\"testTopic\")\ntest_policy_document = test_topic.arn.apply(lambda arn: aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"SNS:Publish\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"backup.amazonaws.com\"],\n )],\n resources=[arn],\n sid=\"__default_statement_ID\",\n )]))\ntest_topic_policy = aws.sns.TopicPolicy(\"testTopicPolicy\",\n arn=test_topic.arn,\n policy=test_policy_document.json)\ntest_vault_notifications = aws.backup.VaultNotifications(\"testVaultNotifications\",\n backup_vault_name=\"example_backup_vault\",\n sns_topic_arn=test_topic.arn,\n backup_vault_events=[\n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testTopic = new Aws.Sns.Topic(\"testTopic\", new Aws.Sns.TopicArgs\n {\n });\n var testPolicyDocument = testTopic.Arn.Apply(arn => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n PolicyId = \"__default_policy_ID\",\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"SNS:Publish\",\n },\n Effect = \"Allow\",\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"backup.amazonaws.com\",\n },\n },\n },\n Resources = \n {\n arn,\n },\n Sid = \"__default_statement_ID\",\n },\n },\n }));\n var testTopicPolicy = new Aws.Sns.TopicPolicy(\"testTopicPolicy\", new Aws.Sns.TopicPolicyArgs\n {\n Arn = testTopic.Arn,\n Policy = testPolicyDocument.Apply(testPolicyDocument => testPolicyDocument.Json),\n });\n var testVaultNotifications = new Aws.Backup.VaultNotifications(\"testVaultNotifications\", new Aws.Backup.VaultNotificationsArgs\n {\n BackupVaultName = \"example_backup_vault\",\n SnsTopicArn = testTopic.Arn,\n BackupVaultEvents = \n {\n \"BACKUP_JOB_STARTED\",\n \"RESTORE_JOB_COMPLETED\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTopic, err := sns.NewTopic(ctx, \"testTopic\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicPolicy(ctx, \"testTopicPolicy\", &sns.TopicPolicyArgs{\n\t\t\tArn: testTopic.Arn,\n\t\t\tPolicy: testPolicyDocument.ApplyT(func(testPolicyDocument iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn testPolicyDocument.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = backup.NewVaultNotifications(ctx, \"testVaultNotifications\", &backup.VaultNotificationsArgs{\n\t\t\tBackupVaultName: pulumi.String(\"example_backup_vault\"),\n\t\t\tSnsTopicArn: testTopic.Arn,\n\t\t\tBackupVaultEvents: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"BACKUP_JOB_STARTED\"),\n\t\t\t\tpulumi.String(\"RESTORE_JOB_COMPLETED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBackup vault notifications can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:backup/vaultNotifications:VaultNotifications test TestVault\n```\n\n ", + "properties": { + "backupVaultArn": { + "type": "string", + "description": "The ARN of the vault.\n" + }, + "backupVaultEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of events that indicate the status of jobs to back up resources to the backup vault.\n" + }, + "backupVaultName": { + "type": "string", + "description": "Name of the backup vault to add notifications for.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that specifies the topic for a backup vault’s events\n" + } + }, + "required": [ + "backupVaultArn", + "backupVaultEvents", + "backupVaultName", + "snsTopicArn" + ], + "inputProperties": { + "backupVaultEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of events that indicate the status of jobs to back up resources to the backup vault.\n" + }, + "backupVaultName": { + "type": "string", + "description": "Name of the backup vault to add notifications for.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that specifies the topic for a backup vault’s events\n" + } + }, + "requiredInputs": [ + "backupVaultEvents", + "backupVaultName", + "snsTopicArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VaultNotifications resources.\n", + "properties": { + "backupVaultArn": { + "type": "string", + "description": "The ARN of the vault.\n" + }, + "backupVaultEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of events that indicate the status of jobs to back up resources to the backup vault.\n" + }, + "backupVaultName": { + "type": "string", + "description": "Name of the backup vault to add notifications for.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that specifies the topic for a backup vault’s events\n" + } + }, + "type": "object" + } + }, + "aws:backup/vaultPolicy:VaultPolicy": { + "description": "Provides an AWS Backup vault policy resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleVault = new aws.backup.Vault(\"exampleVault\", {});\nconst exampleVaultPolicy = new aws.backup.VaultPolicy(\"exampleVaultPolicy\", {\n backupVaultName: exampleVault.name,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Id\": \"default\",\n \"Statement\": [\n {\n \"Sid\": \"default\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Action\": [\n\t\t\"backup:DescribeBackupVault\",\n\t\t\"backup:DeleteBackupVault\",\n\t\t\"backup:PutBackupVaultAccessPolicy\",\n\t\t\"backup:DeleteBackupVaultAccessPolicy\",\n\t\t\"backup:GetBackupVaultAccessPolicy\",\n\t\t\"backup:StartBackupJob\",\n\t\t\"backup:GetBackupVaultNotifications\",\n\t\t\"backup:PutBackupVaultNotifications\"\n ],\n \"Resource\": \"${exampleVault.arn}\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_vault = aws.backup.Vault(\"exampleVault\")\nexample_vault_policy = aws.backup.VaultPolicy(\"exampleVaultPolicy\",\n backup_vault_name=example_vault.name,\n policy=example_vault.arn.apply(lambda arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Id\": \"default\",\n \"Statement\": [\n {{\n \"Sid\": \"default\",\n \"Effect\": \"Allow\",\n \"Principal\": {{\n \"AWS\": \"*\"\n }},\n \"Action\": [\n\t\t\"backup:DescribeBackupVault\",\n\t\t\"backup:DeleteBackupVault\",\n\t\t\"backup:PutBackupVaultAccessPolicy\",\n\t\t\"backup:DeleteBackupVaultAccessPolicy\",\n\t\t\"backup:GetBackupVaultAccessPolicy\",\n\t\t\"backup:StartBackupJob\",\n\t\t\"backup:GetBackupVaultNotifications\",\n\t\t\"backup:PutBackupVaultNotifications\"\n ],\n \"Resource\": \"{arn}\"\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleVault = new Aws.Backup.Vault(\"exampleVault\", new Aws.Backup.VaultArgs\n {\n });\n var exampleVaultPolicy = new Aws.Backup.VaultPolicy(\"exampleVaultPolicy\", new Aws.Backup.VaultPolicyArgs\n {\n BackupVaultName = exampleVault.Name,\n Policy = exampleVault.Arn.Apply(arn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Id\"\": \"\"default\"\",\n \"\"Statement\"\": [\n {{\n \"\"Sid\"\": \"\"default\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n \"\"AWS\"\": \"\"*\"\"\n }},\n \"\"Action\"\": [\n\t\t\"\"backup:DescribeBackupVault\"\",\n\t\t\"\"backup:DeleteBackupVault\"\",\n\t\t\"\"backup:PutBackupVaultAccessPolicy\"\",\n\t\t\"\"backup:DeleteBackupVaultAccessPolicy\"\",\n\t\t\"\"backup:GetBackupVaultAccessPolicy\"\",\n\t\t\"\"backup:StartBackupJob\"\",\n\t\t\"\"backup:GetBackupVaultNotifications\"\",\n\t\t\"\"backup:PutBackupVaultNotifications\"\"\n ],\n \"\"Resource\"\": \"\"{arn}\"\"\n }}\n ]\n}}\n\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleVault, err := backup.NewVault(ctx, \"exampleVault\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = backup.NewVaultPolicy(ctx, \"exampleVaultPolicy\", &backup.VaultPolicyArgs{\n\t\t\tBackupVaultName: exampleVault.Name,\n\t\t\tPolicy: exampleVault.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Id\\\": \\\"default\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"default\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": \\\"*\\\"\\n\", \" },\\n\", \" \\\"Action\\\": [\\n\", \"\t\t\\\"backup:DescribeBackupVault\\\",\\n\", \"\t\t\\\"backup:DeleteBackupVault\\\",\\n\", \"\t\t\\\"backup:PutBackupVaultAccessPolicy\\\",\\n\", \"\t\t\\\"backup:DeleteBackupVaultAccessPolicy\\\",\\n\", \"\t\t\\\"backup:GetBackupVaultAccessPolicy\\\",\\n\", \"\t\t\\\"backup:StartBackupJob\\\",\\n\", \"\t\t\\\"backup:GetBackupVaultNotifications\\\",\\n\", \"\t\t\\\"backup:PutBackupVaultNotifications\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"\", arn, \"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBackup vault policy can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:backup/vaultPolicy:VaultPolicy test TestVault\n```\n\n ", + "properties": { + "backupVaultArn": { + "type": "string", + "description": "The ARN of the vault.\n" + }, + "backupVaultName": { + "type": "string", + "description": "Name of the backup vault to add policy for.\n" + }, + "policy": { + "type": "string", + "description": "The backup vault access policy document in JSON format.\n" + } + }, + "required": [ + "backupVaultArn", + "backupVaultName", + "policy" + ], + "inputProperties": { + "backupVaultName": { + "type": "string", + "description": "Name of the backup vault to add policy for.\n" + }, + "policy": { + "type": "string", + "description": "The backup vault access policy document in JSON format.\n" + } + }, + "requiredInputs": [ + "backupVaultName", + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VaultPolicy resources.\n", + "properties": { + "backupVaultArn": { + "type": "string", + "description": "The ARN of the vault.\n" + }, + "backupVaultName": { + "type": "string", + "description": "Name of the backup vault to add policy for.\n" + }, + "policy": { + "type": "string", + "description": "The backup vault access policy document in JSON format.\n" + } + }, + "type": "object" + } + }, + "aws:batch/computeEnvironment:ComputeEnvironment": { + "description": "Creates a AWS Batch compute environment. Compute environments contain the Amazon ECS container instances that are used to run containerized batch jobs.\n\nFor information about AWS Batch, see [What is AWS Batch?](http://docs.aws.amazon.com/batch/latest/userguide/what-is-batch.html) .\nFor information about compute environment, see [Compute Environments](http://docs.aws.amazon.com/batch/latest/userguide/compute_environments.html) .\n\n> **Note:** To prevent a race condition during environment deletion, make sure to set `depends_on` to the related `aws.iam.RolePolicyAttachment`;\notherwise, the policy may be destroyed too soon and the compute environment will then get stuck in the `DELETING` state, see [Troubleshooting AWS Batch](http://docs.aws.amazon.com/batch/latest/userguide/troubleshooting.html) .\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### EC2 Type\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecsInstanceRoleRole = new aws.iam.Role(\"ecsInstanceRoleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n\t{\n\t \"Action\": \"sts:AssumeRole\",\n\t \"Effect\": \"Allow\",\n\t \"Principal\": {\n\t \"Service\": \"ec2.amazonaws.com\"\n\t }\n\t}\n ]\n}\n`});\nconst ecsInstanceRoleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"ecsInstanceRoleRolePolicyAttachment\", {\n role: ecsInstanceRoleRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\",\n});\nconst ecsInstanceRoleInstanceProfile = new aws.iam.InstanceProfile(\"ecsInstanceRoleInstanceProfile\", {role: ecsInstanceRoleRole.name});\nconst awsBatchServiceRoleRole = new aws.iam.Role(\"awsBatchServiceRoleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n\t{\n\t \"Action\": \"sts:AssumeRole\",\n\t \"Effect\": \"Allow\",\n\t \"Principal\": {\n\t\t\"Service\": \"batch.amazonaws.com\"\n\t }\n\t}\n ]\n}\n`});\nconst awsBatchServiceRoleRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"awsBatchServiceRoleRolePolicyAttachment\", {\n role: awsBatchServiceRoleRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\",\n});\nconst sampleVpc = new aws.ec2.Vpc(\"sampleVpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst sampleSecurityGroup = new aws.ec2.SecurityGroup(\"sampleSecurityGroup\", {\n vpcId: sampleVpc.id,\n egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: [\"0.0.0.0/0\"],\n }],\n});\nconst sampleSubnet = new aws.ec2.Subnet(\"sampleSubnet\", {\n vpcId: sampleVpc.id,\n cidrBlock: \"10.1.1.0/24\",\n});\nconst sampleComputeEnvironment = new aws.batch.ComputeEnvironment(\"sampleComputeEnvironment\", {\n computeEnvironmentName: \"sample\",\n computeResources: {\n instanceRole: ecsInstanceRoleInstanceProfile.arn,\n instanceTypes: [\"c4.large\"],\n maxVcpus: 16,\n minVcpus: 0,\n securityGroupIds: [sampleSecurityGroup.id],\n subnets: [sampleSubnet.id],\n type: \"EC2\",\n },\n serviceRole: awsBatchServiceRoleRole.arn,\n type: \"MANAGED\",\n}, {\n dependsOn: [awsBatchServiceRoleRolePolicyAttachment],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_instance_role_role = aws.iam.Role(\"ecsInstanceRoleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n\t{\n\t \"Action\": \"sts:AssumeRole\",\n\t \"Effect\": \"Allow\",\n\t \"Principal\": {\n\t \"Service\": \"ec2.amazonaws.com\"\n\t }\n\t}\n ]\n}\n\"\"\")\necs_instance_role_role_policy_attachment = aws.iam.RolePolicyAttachment(\"ecsInstanceRoleRolePolicyAttachment\",\n role=ecs_instance_role_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\")\necs_instance_role_instance_profile = aws.iam.InstanceProfile(\"ecsInstanceRoleInstanceProfile\", role=ecs_instance_role_role.name)\naws_batch_service_role_role = aws.iam.Role(\"awsBatchServiceRoleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n\t{\n\t \"Action\": \"sts:AssumeRole\",\n\t \"Effect\": \"Allow\",\n\t \"Principal\": {\n\t\t\"Service\": \"batch.amazonaws.com\"\n\t }\n\t}\n ]\n}\n\"\"\")\naws_batch_service_role_role_policy_attachment = aws.iam.RolePolicyAttachment(\"awsBatchServiceRoleRolePolicyAttachment\",\n role=aws_batch_service_role_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\")\nsample_vpc = aws.ec2.Vpc(\"sampleVpc\", cidr_block=\"10.1.0.0/16\")\nsample_security_group = aws.ec2.SecurityGroup(\"sampleSecurityGroup\",\n vpc_id=sample_vpc.id,\n egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n cidr_blocks=[\"0.0.0.0/0\"],\n )])\nsample_subnet = aws.ec2.Subnet(\"sampleSubnet\",\n vpc_id=sample_vpc.id,\n cidr_block=\"10.1.1.0/24\")\nsample_compute_environment = aws.batch.ComputeEnvironment(\"sampleComputeEnvironment\",\n compute_environment_name=\"sample\",\n compute_resources=aws.batch.ComputeEnvironmentComputeResourcesArgs(\n instance_role=ecs_instance_role_instance_profile.arn,\n instance_types=[\"c4.large\"],\n max_vcpus=16,\n min_vcpus=0,\n security_group_ids=[sample_security_group.id],\n subnets=[sample_subnet.id],\n type=\"EC2\",\n ),\n service_role=aws_batch_service_role_role.arn,\n type=\"MANAGED\",\n opts=pulumi.ResourceOptions(depends_on=[aws_batch_service_role_role_policy_attachment]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ecsInstanceRoleRole = new Aws.Iam.Role(\"ecsInstanceRoleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n\t{\n\t \"\"Action\"\": \"\"sts:AssumeRole\"\",\n\t \"\"Effect\"\": \"\"Allow\"\",\n\t \"\"Principal\"\": {\n\t \"\"Service\"\": \"\"ec2.amazonaws.com\"\"\n\t }\n\t}\n ]\n}\n\",\n });\n var ecsInstanceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"ecsInstanceRoleRolePolicyAttachment\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = ecsInstanceRoleRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\",\n });\n var ecsInstanceRoleInstanceProfile = new Aws.Iam.InstanceProfile(\"ecsInstanceRoleInstanceProfile\", new Aws.Iam.InstanceProfileArgs\n {\n Role = ecsInstanceRoleRole.Name,\n });\n var awsBatchServiceRoleRole = new Aws.Iam.Role(\"awsBatchServiceRoleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n\t{\n\t \"\"Action\"\": \"\"sts:AssumeRole\"\",\n\t \"\"Effect\"\": \"\"Allow\"\",\n\t \"\"Principal\"\": {\n\t\t\"\"Service\"\": \"\"batch.amazonaws.com\"\"\n\t }\n\t}\n ]\n}\n\",\n });\n var awsBatchServiceRoleRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"awsBatchServiceRoleRolePolicyAttachment\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = awsBatchServiceRoleRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\",\n });\n var sampleVpc = new Aws.Ec2.Vpc(\"sampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n var sampleSecurityGroup = new Aws.Ec2.SecurityGroup(\"sampleSecurityGroup\", new Aws.Ec2.SecurityGroupArgs\n {\n VpcId = sampleVpc.Id,\n Egress = \n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = \n {\n \"0.0.0.0/0\",\n },\n },\n },\n });\n var sampleSubnet = new Aws.Ec2.Subnet(\"sampleSubnet\", new Aws.Ec2.SubnetArgs\n {\n VpcId = sampleVpc.Id,\n CidrBlock = \"10.1.1.0/24\",\n });\n var sampleComputeEnvironment = new Aws.Batch.ComputeEnvironment(\"sampleComputeEnvironment\", new Aws.Batch.ComputeEnvironmentArgs\n {\n ComputeEnvironmentName = \"sample\",\n ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs\n {\n InstanceRole = ecsInstanceRoleInstanceProfile.Arn,\n InstanceTypes = \n {\n \"c4.large\",\n },\n MaxVcpus = 16,\n MinVcpus = 0,\n SecurityGroupIds = \n {\n sampleSecurityGroup.Id,\n },\n Subnets = \n {\n sampleSubnet.Id,\n },\n Type = \"EC2\",\n },\n ServiceRole = awsBatchServiceRoleRole.Arn,\n Type = \"MANAGED\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n awsBatchServiceRoleRolePolicyAttachment,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/batch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tecsInstanceRoleRole, err := iam.NewRole(ctx, \"ecsInstanceRoleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \"\t{\\n\", \"\t \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \"\t \\\"Effect\\\": \\\"Allow\\\",\\n\", \"\t \\\"Principal\\\": {\\n\", \"\t \\\"Service\\\": \\\"ec2.amazonaws.com\\\"\\n\", \"\t }\\n\", \"\t}\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"ecsInstanceRoleRolePolicyAttachment\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: ecsInstanceRoleRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tecsInstanceRoleInstanceProfile, err := iam.NewInstanceProfile(ctx, \"ecsInstanceRoleInstanceProfile\", &iam.InstanceProfileArgs{\n\t\t\tRole: ecsInstanceRoleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsBatchServiceRoleRole, err := iam.NewRole(ctx, \"awsBatchServiceRoleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \"\t{\\n\", \"\t \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \"\t \\\"Effect\\\": \\\"Allow\\\",\\n\", \"\t \\\"Principal\\\": {\\n\", \"\t\t\\\"Service\\\": \\\"batch.amazonaws.com\\\"\\n\", \"\t }\\n\", \"\t}\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsBatchServiceRoleRolePolicyAttachment, err := iam.NewRolePolicyAttachment(ctx, \"awsBatchServiceRoleRolePolicyAttachment\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: awsBatchServiceRoleRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleVpc, err := ec2.NewVpc(ctx, \"sampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"sampleSecurityGroup\", &ec2.SecurityGroupArgs{\n\t\t\tVpcId: sampleVpc.ID(),\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t&ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsampleSubnet, err := ec2.NewSubnet(ctx, \"sampleSubnet\", &ec2.SubnetArgs{\n\t\t\tVpcId: sampleVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = batch.NewComputeEnvironment(ctx, \"sampleComputeEnvironment\", &batch.ComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: pulumi.String(\"sample\"),\n\t\t\tComputeResources: &batch.ComputeEnvironmentComputeResourcesArgs{\n\t\t\t\tInstanceRole: ecsInstanceRoleInstanceProfile.Arn,\n\t\t\t\tInstanceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"c4.large\"),\n\t\t\t\t},\n\t\t\t\tMaxVcpus: pulumi.Int(16),\n\t\t\t\tMinVcpus: pulumi.Int(0),\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tsampleSecurityGroup.ID(),\n\t\t\t\t},\n\t\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\t\tsampleSubnet.ID(),\n\t\t\t\t},\n\t\t\t\tType: pulumi.String(\"EC2\"),\n\t\t\t},\n\t\t\tServiceRole: awsBatchServiceRoleRole.Arn,\n\t\t\tType: pulumi.String(\"MANAGED\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tawsBatchServiceRoleRolePolicyAttachment,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Fargate Type\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sample = new aws.batch.ComputeEnvironment(\"sample\", {\n computeEnvironmentName: \"sample\",\n computeResources: {\n maxVcpus: 16,\n securityGroupIds: [aws_security_group.sample.id],\n subnets: [aws_subnet.sample.id],\n type: \"FARGATE\",\n },\n serviceRole: aws_iam_role.aws_batch_service_role.arn,\n type: \"MANAGED\",\n}, {\n dependsOn: [aws_iam_role_policy_attachment.aws_batch_service_role],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsample = aws.batch.ComputeEnvironment(\"sample\",\n compute_environment_name=\"sample\",\n compute_resources=aws.batch.ComputeEnvironmentComputeResourcesArgs(\n max_vcpus=16,\n security_group_ids=[aws_security_group[\"sample\"][\"id\"]],\n subnets=[aws_subnet[\"sample\"][\"id\"]],\n type=\"FARGATE\",\n ),\n service_role=aws_iam_role[\"aws_batch_service_role\"][\"arn\"],\n type=\"MANAGED\",\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_role_policy_attachment[\"aws_batch_service_role\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sample = new Aws.Batch.ComputeEnvironment(\"sample\", new Aws.Batch.ComputeEnvironmentArgs\n {\n ComputeEnvironmentName = \"sample\",\n ComputeResources = new Aws.Batch.Inputs.ComputeEnvironmentComputeResourcesArgs\n {\n MaxVcpus = 16,\n SecurityGroupIds = \n {\n aws_security_group.Sample.Id,\n },\n Subnets = \n {\n aws_subnet.Sample.Id,\n },\n Type = \"FARGATE\",\n },\n ServiceRole = aws_iam_role.Aws_batch_service_role.Arn,\n Type = \"MANAGED\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_iam_role_policy_attachment.Aws_batch_service_role,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.NewComputeEnvironment(ctx, \"sample\", &batch.ComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: pulumi.String(\"sample\"),\n\t\t\tComputeResources: &batch.ComputeEnvironmentComputeResourcesArgs{\n\t\t\t\tMaxVcpus: pulumi.Int(16),\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_security_group.Sample.Id),\n\t\t\t\t},\n\t\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_subnet.Sample.Id),\n\t\t\t\t},\n\t\t\t\tType: pulumi.String(\"FARGATE\"),\n\t\t\t},\n\t\t\tServiceRole: pulumi.Any(aws_iam_role.Aws_batch_service_role.Arn),\n\t\t\tType: pulumi.String(\"MANAGED\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_role_policy_attachment.Aws_batch_service_role,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS Batch compute can be imported using the `compute_environment_name`, e.g.\n\n```sh\n $ pulumi import aws:batch/computeEnvironment:ComputeEnvironment sample sample\n```\n\n [1]http://docs.aws.amazon.com/batch/latest/userguide/what-is-batch.html [2]http://docs.aws.amazon.com/batch/latest/userguide/compute_environments.html [3]http://docs.aws.amazon.com/batch/latest/userguide/troubleshooting.html [4]https://docs.aws.amazon.com/batch/latest/userguide/allocation-strategies.html ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the compute environment.\n" + }, + "computeEnvironmentName": { + "type": "string", + "description": "The name for your compute environment. Up to 128 letters (uppercase and lowercase), numbers, and underscores are allowed. If omitted, this provider will assign a random, unique name.\n" + }, + "computeEnvironmentNamePrefix": { + "type": "string", + "description": "Creates a unique compute environment name beginning with the specified prefix. Conflicts with `compute_environment_name`.\n" + }, + "computeResources": { + "$ref": "#/types/aws:batch/ComputeEnvironmentComputeResources:ComputeEnvironmentComputeResources", + "description": "Details of the compute resources managed by the compute environment. This parameter is required for managed compute environments. See details below.\n" + }, + "ecsClusterArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the underlying Amazon ECS cluster used by the compute environment.\n" + }, + "serviceRole": { + "type": "string", + "description": "The full Amazon Resource Name (ARN) of the IAM role that allows AWS Batch to make calls to other AWS services on your behalf.\n" + }, + "state": { + "type": "string", + "description": "The state of the compute environment. If the state is `ENABLED`, then the compute environment accepts jobs from a queue and can scale out automatically based on queues. Valid items are `ENABLED` or `DISABLED`. Defaults to `ENABLED`.\n" + }, + "status": { + "type": "string", + "description": "The current status of the compute environment (for example, CREATING or VALID).\n" + }, + "statusReason": { + "type": "string", + "description": "A short, human-readable string to provide additional details about the current status of the compute environment.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pair tags to be applied to resources that are launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of compute environment. Valid items are `EC2`, `SPOT`, `FARGATE` or `FARGATE_SPOT`.\n" + } + }, + "required": [ + "arn", + "computeEnvironmentName", + "computeEnvironmentNamePrefix", + "ecsClusterArn", + "serviceRole", + "status", + "statusReason", + "tagsAll", + "type" + ], + "inputProperties": { + "computeEnvironmentName": { + "type": "string", + "description": "The name for your compute environment. Up to 128 letters (uppercase and lowercase), numbers, and underscores are allowed. If omitted, this provider will assign a random, unique name.\n" + }, + "computeEnvironmentNamePrefix": { + "type": "string", + "description": "Creates a unique compute environment name beginning with the specified prefix. Conflicts with `compute_environment_name`.\n" + }, + "computeResources": { + "$ref": "#/types/aws:batch/ComputeEnvironmentComputeResources:ComputeEnvironmentComputeResources", + "description": "Details of the compute resources managed by the compute environment. This parameter is required for managed compute environments. See details below.\n" + }, + "serviceRole": { + "type": "string", + "description": "The full Amazon Resource Name (ARN) of the IAM role that allows AWS Batch to make calls to other AWS services on your behalf.\n" + }, + "state": { + "type": "string", + "description": "The state of the compute environment. If the state is `ENABLED`, then the compute environment accepts jobs from a queue and can scale out automatically based on queues. Valid items are `ENABLED` or `DISABLED`. Defaults to `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pair tags to be applied to resources that are launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of compute environment. Valid items are `EC2`, `SPOT`, `FARGATE` or `FARGATE_SPOT`.\n" + } + }, + "requiredInputs": [ + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ComputeEnvironment resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the compute environment.\n" + }, + "computeEnvironmentName": { + "type": "string", + "description": "The name for your compute environment. Up to 128 letters (uppercase and lowercase), numbers, and underscores are allowed. If omitted, this provider will assign a random, unique name.\n" + }, + "computeEnvironmentNamePrefix": { + "type": "string", + "description": "Creates a unique compute environment name beginning with the specified prefix. Conflicts with `compute_environment_name`.\n" + }, + "computeResources": { + "$ref": "#/types/aws:batch/ComputeEnvironmentComputeResources:ComputeEnvironmentComputeResources", + "description": "Details of the compute resources managed by the compute environment. This parameter is required for managed compute environments. See details below.\n" + }, + "ecsClusterArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the underlying Amazon ECS cluster used by the compute environment.\n" + }, + "serviceRole": { + "type": "string", + "description": "The full Amazon Resource Name (ARN) of the IAM role that allows AWS Batch to make calls to other AWS services on your behalf.\n" + }, + "state": { + "type": "string", + "description": "The state of the compute environment. If the state is `ENABLED`, then the compute environment accepts jobs from a queue and can scale out automatically based on queues. Valid items are `ENABLED` or `DISABLED`. Defaults to `ENABLED`.\n" + }, + "status": { + "type": "string", + "description": "The current status of the compute environment (for example, CREATING or VALID).\n" + }, + "statusReason": { + "type": "string", + "description": "A short, human-readable string to provide additional details about the current status of the compute environment.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pair tags to be applied to resources that are launched in the compute environment. This parameter isn't applicable to jobs running on Fargate resources, and shouldn't be specified.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of compute environment. Valid items are `EC2`, `SPOT`, `FARGATE` or `FARGATE_SPOT`.\n" + } + }, + "type": "object" + } + }, + "aws:batch/jobDefinition:JobDefinition": { + "description": "Provides a Batch Job Definition resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.batch.JobDefinition(\"test\", {\n containerProperties: `{\n\t\"command\": [\"ls\", \"-la\"],\n\t\"image\": \"busybox\",\n\t\"memory\": 1024,\n\t\"vcpus\": 1,\n\t\"volumes\": [\n {\n \"host\": {\n \"sourcePath\": \"/tmp\"\n },\n \"name\": \"tmp\"\n }\n ],\n\t\"environment\": [\n\t\t{\"name\": \"VARNAME\", \"value\": \"VARVAL\"}\n\t],\n\t\"mountPoints\": [\n\t\t{\n \"sourceVolume\": \"tmp\",\n \"containerPath\": \"/tmp\",\n \"readOnly\": false\n }\n\t],\n \"ulimits\": [\n {\n \"hardLimit\": 1024,\n \"name\": \"nofile\",\n \"softLimit\": 1024\n }\n ]\n}\n`,\n type: \"container\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.batch.JobDefinition(\"test\",\n container_properties=\"\"\"{\n\t\"command\": [\"ls\", \"-la\"],\n\t\"image\": \"busybox\",\n\t\"memory\": 1024,\n\t\"vcpus\": 1,\n\t\"volumes\": [\n {\n \"host\": {\n \"sourcePath\": \"/tmp\"\n },\n \"name\": \"tmp\"\n }\n ],\n\t\"environment\": [\n\t\t{\"name\": \"VARNAME\", \"value\": \"VARVAL\"}\n\t],\n\t\"mountPoints\": [\n\t\t{\n \"sourceVolume\": \"tmp\",\n \"containerPath\": \"/tmp\",\n \"readOnly\": false\n }\n\t],\n \"ulimits\": [\n {\n \"hardLimit\": 1024,\n \"name\": \"nofile\",\n \"softLimit\": 1024\n }\n ]\n}\n\n\"\"\",\n type=\"container\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Batch.JobDefinition(\"test\", new Aws.Batch.JobDefinitionArgs\n {\n ContainerProperties = @\"{\n\t\"\"command\"\": [\"\"ls\"\", \"\"-la\"\"],\n\t\"\"image\"\": \"\"busybox\"\",\n\t\"\"memory\"\": 1024,\n\t\"\"vcpus\"\": 1,\n\t\"\"volumes\"\": [\n {\n \"\"host\"\": {\n \"\"sourcePath\"\": \"\"/tmp\"\"\n },\n \"\"name\"\": \"\"tmp\"\"\n }\n ],\n\t\"\"environment\"\": [\n\t\t{\"\"name\"\": \"\"VARNAME\"\", \"\"value\"\": \"\"VARVAL\"\"}\n\t],\n\t\"\"mountPoints\"\": [\n\t\t{\n \"\"sourceVolume\"\": \"\"tmp\"\",\n \"\"containerPath\"\": \"\"/tmp\"\",\n \"\"readOnly\"\": false\n }\n\t],\n \"\"ulimits\"\": [\n {\n \"\"hardLimit\"\": 1024,\n \"\"name\"\": \"\"nofile\"\",\n \"\"softLimit\"\": 1024\n }\n ]\n}\n\n\",\n Type = \"container\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.NewJobDefinition(ctx, \"test\", &batch.JobDefinitionArgs{\n\t\t\tContainerProperties: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \"\t\\\"command\\\": [\\\"ls\\\", \\\"-la\\\"],\\n\", \"\t\\\"image\\\": \\\"busybox\\\",\\n\", \"\t\\\"memory\\\": 1024,\\n\", \"\t\\\"vcpus\\\": 1,\\n\", \"\t\\\"volumes\\\": [\\n\", \" {\\n\", \" \\\"host\\\": {\\n\", \" \\\"sourcePath\\\": \\\"/tmp\\\"\\n\", \" },\\n\", \" \\\"name\\\": \\\"tmp\\\"\\n\", \" }\\n\", \" ],\\n\", \"\t\\\"environment\\\": [\\n\", \"\t\t{\\\"name\\\": \\\"VARNAME\\\", \\\"value\\\": \\\"VARVAL\\\"}\\n\", \"\t],\\n\", \"\t\\\"mountPoints\\\": [\\n\", \"\t\t{\\n\", \" \\\"sourceVolume\\\": \\\"tmp\\\",\\n\", \" \\\"containerPath\\\": \\\"/tmp\\\",\\n\", \" \\\"readOnly\\\": false\\n\", \" }\\n\", \"\t],\\n\", \" \\\"ulimits\\\": [\\n\", \" {\\n\", \" \\\"hardLimit\\\": 1024,\\n\", \" \\\"name\\\": \\\"nofile\\\",\\n\", \" \\\"softLimit\\\": 1024\\n\", \" }\\n\", \" ]\\n\", \"}\\n\", \"\\n\")),\n\t\t\tType: pulumi.String(\"container\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Fargate Platform Capability\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"ecs-tasks.amazonaws.com\"],\n }],\n }],\n});\nconst ecsTaskExecutionRole = new aws.iam.Role(\"ecsTaskExecutionRole\", {assumeRolePolicy: assumeRolePolicy.then(assumeRolePolicy => assumeRolePolicy.json)});\nconst ecsTaskExecutionRolePolicy = new aws.iam.RolePolicyAttachment(\"ecsTaskExecutionRolePolicy\", {\n role: ecsTaskExecutionRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\",\n});\nconst test = new aws.batch.JobDefinition(\"test\", {\n type: \"container\",\n platformCapabilities: [\"FARGATE\"],\n containerProperties: pulumi.interpolate`{\n \"command\": [\"echo\", \"test\"],\n \"image\": \"busybox\",\n \"fargatePlatformConfiguration\": {\n \"platformVersion\": \"LATEST\"\n },\n \"resourceRequirements\": [\n {\"type\": \"VCPU\", \"value\": \"0.25\"},\n {\"type\": \"MEMORY\", \"value\": \"512\"}\n ],\n \"executionRoleArn\": \"${ecsTaskExecutionRole.arn}\"\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ecs-tasks.amazonaws.com\"],\n )],\n)])\necs_task_execution_role = aws.iam.Role(\"ecsTaskExecutionRole\", assume_role_policy=assume_role_policy.json)\necs_task_execution_role_policy = aws.iam.RolePolicyAttachment(\"ecsTaskExecutionRolePolicy\",\n role=ecs_task_execution_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\")\ntest = aws.batch.JobDefinition(\"test\",\n type=\"container\",\n platform_capabilities=[\"FARGATE\"],\n container_properties=ecs_task_execution_role.arn.apply(lambda arn: f\"\"\"{{\n \"command\": [\"echo\", \"test\"],\n \"image\": \"busybox\",\n \"fargatePlatformConfiguration\": {{\n \"platformVersion\": \"LATEST\"\n }},\n \"resourceRequirements\": [\n {{\"type\": \"VCPU\", \"value\": \"0.25\"}},\n {{\"type\": \"MEMORY\", \"value\": \"512\"}}\n ],\n \"executionRoleArn\": \"{arn}\"\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var assumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sts:AssumeRole\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"ecs-tasks.amazonaws.com\",\n },\n },\n },\n },\n },\n }));\n var ecsTaskExecutionRole = new Aws.Iam.Role(\"ecsTaskExecutionRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = assumeRolePolicy.Apply(assumeRolePolicy => assumeRolePolicy.Json),\n });\n var ecsTaskExecutionRolePolicy = new Aws.Iam.RolePolicyAttachment(\"ecsTaskExecutionRolePolicy\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = ecsTaskExecutionRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\",\n });\n var test = new Aws.Batch.JobDefinition(\"test\", new Aws.Batch.JobDefinitionArgs\n {\n Type = \"container\",\n PlatformCapabilities = \n {\n \"FARGATE\",\n },\n ContainerProperties = ecsTaskExecutionRole.Arn.Apply(arn => @$\"{{\n \"\"command\"\": [\"\"echo\"\", \"\"test\"\"],\n \"\"image\"\": \"\"busybox\"\",\n \"\"fargatePlatformConfiguration\"\": {{\n \"\"platformVersion\"\": \"\"LATEST\"\"\n }},\n \"\"resourceRequirements\"\": [\n {{\"\"type\"\": \"\"VCPU\"\", \"\"value\"\": \"\"0.25\"\"}},\n {{\"\"type\"\": \"\"MEMORY\"\", \"\"value\"\": \"\"512\"\"}}\n ],\n \"\"executionRoleArn\"\": \"\"{arn}\"\"\n}}\n\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/batch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRolePolicy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ecs-tasks.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tecsTaskExecutionRole, err := iam.NewRole(ctx, \"ecsTaskExecutionRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"ecsTaskExecutionRolePolicy\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: ecsTaskExecutionRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = batch.NewJobDefinition(ctx, \"test\", &batch.JobDefinitionArgs{\n\t\t\tType: pulumi.String(\"container\"),\n\t\t\tPlatformCapabilities: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FARGATE\"),\n\t\t\t},\n\t\t\tContainerProperties: ecsTaskExecutionRole.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"command\\\": [\\\"echo\\\", \\\"test\\\"],\\n\", \" \\\"image\\\": \\\"busybox\\\",\\n\", \" \\\"fargatePlatformConfiguration\\\": {\\n\", \" \\\"platformVersion\\\": \\\"LATEST\\\"\\n\", \" },\\n\", \" \\\"resourceRequirements\\\": [\\n\", \" {\\\"type\\\": \\\"VCPU\\\", \\\"value\\\": \\\"0.25\\\"},\\n\", \" {\\\"type\\\": \\\"MEMORY\\\", \\\"value\\\": \\\"512\\\"}\\n\", \" ],\\n\", \" \\\"executionRoleArn\\\": \\\"\", arn, \"\\\"\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBatch Job Definition can be imported using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:batch/jobDefinition:JobDefinition test arn:aws:batch:us-east-1:123456789012:job-definition/sample\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the job definition.\n" + }, + "containerProperties": { + "type": "string", + "description": "A valid [container properties](http://docs.aws.amazon.com/batch/latest/APIReference/API_RegisterJobDefinition.html)\nprovided as a single valid JSON document. This parameter is required if the `type` parameter is `container`.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the job definition.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Specifies the parameter substitution placeholders to set in the job definition.\n" + }, + "platformCapabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The platform capabilities required by the job definition. If no value is specified, it defaults to `EC2`. To run the job on Fargate resources, specify `FARGATE`.\n" + }, + "propagateTags": { + "type": "boolean", + "description": "Specifies whether to propagate the tags from the job definition to the corresponding Amazon ECS task. Default is `false`.\n" + }, + "retryStrategy": { + "$ref": "#/types/aws:batch/JobDefinitionRetryStrategy:JobDefinitionRetryStrategy", + "description": "Specifies the retry strategy to use for failed jobs that are submitted with this job definition.\nMaximum number of `retry_strategy` is `1`. Defined below.\n" + }, + "revision": { + "type": "integer", + "description": "The revision of the job definition.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timeout": { + "$ref": "#/types/aws:batch/JobDefinitionTimeout:JobDefinitionTimeout", + "description": "Specifies the timeout for jobs so that if a job runs longer, AWS Batch terminates the job. Maximum number of `timeout` is `1`. Defined below.\n" + }, + "type": { + "type": "string", + "description": "The type of job definition. Must be `container`.\n" + } + }, + "required": [ + "arn", + "name", + "revision", + "tagsAll", + "type" + ], + "inputProperties": { + "containerProperties": { + "type": "string", + "description": "A valid [container properties](http://docs.aws.amazon.com/batch/latest/APIReference/API_RegisterJobDefinition.html)\nprovided as a single valid JSON document. This parameter is required if the `type` parameter is `container`.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the job definition.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Specifies the parameter substitution placeholders to set in the job definition.\n" + }, + "platformCapabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The platform capabilities required by the job definition. If no value is specified, it defaults to `EC2`. To run the job on Fargate resources, specify `FARGATE`.\n" + }, + "propagateTags": { + "type": "boolean", + "description": "Specifies whether to propagate the tags from the job definition to the corresponding Amazon ECS task. Default is `false`.\n" + }, + "retryStrategy": { + "$ref": "#/types/aws:batch/JobDefinitionRetryStrategy:JobDefinitionRetryStrategy", + "description": "Specifies the retry strategy to use for failed jobs that are submitted with this job definition.\nMaximum number of `retry_strategy` is `1`. Defined below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timeout": { + "$ref": "#/types/aws:batch/JobDefinitionTimeout:JobDefinitionTimeout", + "description": "Specifies the timeout for jobs so that if a job runs longer, AWS Batch terminates the job. Maximum number of `timeout` is `1`. Defined below.\n" + }, + "type": { + "type": "string", + "description": "The type of job definition. Must be `container`.\n" + } + }, + "requiredInputs": [ + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering JobDefinition resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the job definition.\n" + }, + "containerProperties": { + "type": "string", + "description": "A valid [container properties](http://docs.aws.amazon.com/batch/latest/APIReference/API_RegisterJobDefinition.html)\nprovided as a single valid JSON document. This parameter is required if the `type` parameter is `container`.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the job definition.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Specifies the parameter substitution placeholders to set in the job definition.\n" + }, + "platformCapabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The platform capabilities required by the job definition. If no value is specified, it defaults to `EC2`. To run the job on Fargate resources, specify `FARGATE`.\n" + }, + "propagateTags": { + "type": "boolean", + "description": "Specifies whether to propagate the tags from the job definition to the corresponding Amazon ECS task. Default is `false`.\n" + }, + "retryStrategy": { + "$ref": "#/types/aws:batch/JobDefinitionRetryStrategy:JobDefinitionRetryStrategy", + "description": "Specifies the retry strategy to use for failed jobs that are submitted with this job definition.\nMaximum number of `retry_strategy` is `1`. Defined below.\n" + }, + "revision": { + "type": "integer", + "description": "The revision of the job definition.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timeout": { + "$ref": "#/types/aws:batch/JobDefinitionTimeout:JobDefinitionTimeout", + "description": "Specifies the timeout for jobs so that if a job runs longer, AWS Batch terminates the job. Maximum number of `timeout` is `1`. Defined below.\n" + }, + "type": { + "type": "string", + "description": "The type of job definition. Must be `container`.\n" + } + }, + "type": "object" + } + }, + "aws:batch/jobQueue:JobQueue": { + "description": "Provides a Batch Job Queue resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testQueue = new aws.batch.JobQueue(\"testQueue\", {\n state: \"ENABLED\",\n priority: 1,\n computeEnvironments: [\n aws_batch_compute_environment.test_environment_1.arn,\n aws_batch_compute_environment.test_environment_2.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_queue = aws.batch.JobQueue(\"testQueue\",\n state=\"ENABLED\",\n priority=1,\n compute_environments=[\n aws_batch_compute_environment[\"test_environment_1\"][\"arn\"],\n aws_batch_compute_environment[\"test_environment_2\"][\"arn\"],\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testQueue = new Aws.Batch.JobQueue(\"testQueue\", new Aws.Batch.JobQueueArgs\n {\n State = \"ENABLED\",\n Priority = 1,\n ComputeEnvironments = \n {\n aws_batch_compute_environment.Test_environment_1.Arn,\n aws_batch_compute_environment.Test_environment_2.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.NewJobQueue(ctx, \"testQueue\", &batch.JobQueueArgs{\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tPriority: pulumi.Int(1),\n\t\t\tComputeEnvironments: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_batch_compute_environment.Test_environment_1.Arn),\n\t\t\t\tpulumi.Any(aws_batch_compute_environment.Test_environment_2.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBatch Job Queue can be imported using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:batch/jobQueue:JobQueue test_queue arn:aws:batch:us-east-1:123456789012:job-queue/sample\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the job queue.\n" + }, + "computeEnvironments": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the set of compute environments\nmapped to a job queue and their order. The position of the compute environments\nin the list will dictate the order. You can associate up to 3 compute environments\nwith a job queue.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the job queue.\n" + }, + "priority": { + "type": "integer", + "description": "The priority of the job queue. Job queues with a higher priority\nare evaluated first when associated with the same compute environment.\n" + }, + "state": { + "type": "string", + "description": "The state of the job queue. Must be one of: `ENABLED` or `DISABLED`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "computeEnvironments", + "name", + "priority", + "state", + "tagsAll" + ], + "inputProperties": { + "computeEnvironments": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the set of compute environments\nmapped to a job queue and their order. The position of the compute environments\nin the list will dictate the order. You can associate up to 3 compute environments\nwith a job queue.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the job queue.\n" + }, + "priority": { + "type": "integer", + "description": "The priority of the job queue. Job queues with a higher priority\nare evaluated first when associated with the same compute environment.\n" + }, + "state": { + "type": "string", + "description": "The state of the job queue. Must be one of: `ENABLED` or `DISABLED`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "computeEnvironments", + "priority", + "state" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering JobQueue resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the job queue.\n" + }, + "computeEnvironments": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the set of compute environments\nmapped to a job queue and their order. The position of the compute environments\nin the list will dictate the order. You can associate up to 3 compute environments\nwith a job queue.\n" + }, + "name": { + "type": "string", + "description": "Specifies the name of the job queue.\n" + }, + "priority": { + "type": "integer", + "description": "The priority of the job queue. Job queues with a higher priority\nare evaluated first when associated with the same compute environment.\n" + }, + "state": { + "type": "string", + "description": "The state of the job queue. Must be one of: `ENABLED` or `DISABLED`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:budgets/budget:Budget": { + "description": "Provides a budgets budget resource. Budgets use the cost visualisation provided by Cost Explorer to show you the status of your budgets, to provide forecasts of your estimated costs, and to track your AWS usage, including your free tier usage.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ec2 = new aws.budgets.Budget(\"ec2\", {\n budgetType: \"COST\",\n costFilters: [{\n name: \"Service\",\n values: [\"Amazon Elastic Compute Cloud - Compute\"],\n }],\n limitAmount: \"1200\",\n limitUnit: \"USD\",\n notifications: [{\n comparisonOperator: \"GREATER_THAN\",\n notificationType: \"FORECASTED\",\n subscriberEmailAddresses: [\"test@example.com\"],\n threshold: 100,\n thresholdType: \"PERCENTAGE\",\n }],\n timePeriodEnd: \"2087-06-15_00:00\",\n timePeriodStart: \"2017-07-01_00:00\",\n timeUnit: \"MONTHLY\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nec2 = aws.budgets.Budget(\"ec2\",\n budget_type=\"COST\",\n cost_filters=[{\n \"name\": \"Service\",\n \"values\": [\"Amazon Elastic Compute Cloud - Compute\"],\n }],\n limit_amount=\"1200\",\n limit_unit=\"USD\",\n notifications=[aws.budgets.BudgetNotificationArgs(\n comparison_operator=\"GREATER_THAN\",\n notification_type=\"FORECASTED\",\n subscriber_email_addresses=[\"test@example.com\"],\n threshold=100,\n threshold_type=\"PERCENTAGE\",\n )],\n time_period_end=\"2087-06-15_00:00\",\n time_period_start=\"2017-07-01_00:00\",\n time_unit=\"MONTHLY\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ec2 = new Aws.Budgets.Budget(\"ec2\", new Aws.Budgets.BudgetArgs\n {\n BudgetType = \"COST\",\n CostFilters = \n {\n \n {\n { \"name\", \"Service\" },\n { \"values\", \n {\n \"Amazon Elastic Compute Cloud - Compute\",\n } },\n },\n },\n LimitAmount = \"1200\",\n LimitUnit = \"USD\",\n Notifications = \n {\n new Aws.Budgets.Inputs.BudgetNotificationArgs\n {\n ComparisonOperator = \"GREATER_THAN\",\n NotificationType = \"FORECASTED\",\n SubscriberEmailAddresses = \n {\n \"test@example.com\",\n },\n Threshold = 100,\n ThresholdType = \"PERCENTAGE\",\n },\n },\n TimePeriodEnd = \"2087-06-15_00:00\",\n TimePeriodStart = \"2017-07-01_00:00\",\n TimeUnit = \"MONTHLY\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/budgets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := budgets.NewBudget(ctx, \"ec2\", &budgets.BudgetArgs{\n\t\t\tBudgetType: pulumi.String(\"COST\"),\n\t\t\tCostFilters: pulumi.StringMap{\n\t\t\t\tpulumi.String{\n\t\t\t\t\tName: \"Service\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"Amazon Elastic Compute Cloud - Compute\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLimitAmount: pulumi.String(\"1200\"),\n\t\t\tLimitUnit: pulumi.String(\"USD\"),\n\t\t\tNotifications: budgets.BudgetNotificationArray{\n\t\t\t\t&budgets.BudgetNotificationArgs{\n\t\t\t\t\tComparisonOperator: pulumi.String(\"GREATER_THAN\"),\n\t\t\t\t\tNotificationType: pulumi.String(\"FORECASTED\"),\n\t\t\t\t\tSubscriberEmailAddresses: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"test@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tThreshold: pulumi.Float64(100),\n\t\t\t\t\tThresholdType: pulumi.String(\"PERCENTAGE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTimePeriodEnd: pulumi.String(\"2087-06-15_00:00\"),\n\t\t\tTimePeriodStart: pulumi.String(\"2017-07-01_00:00\"),\n\t\t\tTimeUnit: pulumi.String(\"MONTHLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nCreate a budget for *$100*.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cost = new aws.budgets.Budget(\"cost\", {\n // ...\n budgetType: \"COST\",\n limitAmount: \"100\",\n limitUnit: \"USD\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncost = aws.budgets.Budget(\"cost\",\n budget_type=\"COST\",\n limit_amount=\"100\",\n limit_unit=\"USD\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cost = new Aws.Budgets.Budget(\"cost\", new Aws.Budgets.BudgetArgs\n {\n BudgetType = \"COST\",\n LimitAmount = \"100\",\n LimitUnit = \"USD\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/budgets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := budgets.NewBudget(ctx, \"cost\", &budgets.BudgetArgs{\n\t\t\tBudgetType: pulumi.String(\"COST\"),\n\t\t\tLimitAmount: pulumi.String(\"100\"),\n\t\t\tLimitUnit: pulumi.String(\"USD\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nCreate a budget for s3 with a limit of *3 GB* of storage.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = new aws.budgets.Budget(\"s3\", {\n // ...\n budgetType: \"USAGE\",\n limitAmount: \"3\",\n limitUnit: \"GB\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.budgets.Budget(\"s3\",\n budget_type=\"USAGE\",\n limit_amount=\"3\",\n limit_unit=\"GB\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var s3 = new Aws.Budgets.Budget(\"s3\", new Aws.Budgets.BudgetArgs\n {\n BudgetType = \"USAGE\",\n LimitAmount = \"3\",\n LimitUnit = \"GB\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/budgets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := budgets.NewBudget(ctx, \"s3\", &budgets.BudgetArgs{\n\t\t\tBudgetType: pulumi.String(\"USAGE\"),\n\t\t\tLimitAmount: pulumi.String(\"3\"),\n\t\t\tLimitUnit: pulumi.String(\"GB\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nCreate a Savings Plan Utilization Budget\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst savingsPlanUtilization = new aws.budgets.Budget(\"savings_plan_utilization\", {\n // ...\n budgetType: \"SAVINGS_PLANS_UTILIZATION\",\n costTypes: {\n includeCredit: false,\n includeDiscount: false,\n includeOtherSubscription: false,\n includeRecurring: false,\n includeRefund: false,\n includeSubscription: true,\n includeSupport: false,\n includeTax: false,\n includeUpfront: false,\n useBlended: false,\n },\n limitAmount: \"100.0\",\n limitUnit: \"PERCENTAGE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsavings_plan_utilization = aws.budgets.Budget(\"savingsPlanUtilization\",\n budget_type=\"SAVINGS_PLANS_UTILIZATION\",\n cost_types=aws.budgets.BudgetCostTypesArgs(\n include_credit=False,\n include_discount=False,\n include_other_subscription=False,\n include_recurring=False,\n include_refund=False,\n include_subscription=True,\n include_support=False,\n include_tax=False,\n include_upfront=False,\n use_blended=False,\n ),\n limit_amount=\"100.0\",\n limit_unit=\"PERCENTAGE\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var savingsPlanUtilization = new Aws.Budgets.Budget(\"savingsPlanUtilization\", new Aws.Budgets.BudgetArgs\n {\n BudgetType = \"SAVINGS_PLANS_UTILIZATION\",\n CostTypes = new Aws.Budgets.Inputs.BudgetCostTypesArgs\n {\n IncludeCredit = false,\n IncludeDiscount = false,\n IncludeOtherSubscription = false,\n IncludeRecurring = false,\n IncludeRefund = false,\n IncludeSubscription = true,\n IncludeSupport = false,\n IncludeTax = false,\n IncludeUpfront = false,\n UseBlended = false,\n },\n LimitAmount = \"100.0\",\n LimitUnit = \"PERCENTAGE\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/budgets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := budgets.NewBudget(ctx, \"savingsPlanUtilization\", &budgets.BudgetArgs{\n\t\t\tBudgetType: pulumi.String(\"SAVINGS_PLANS_UTILIZATION\"),\n\t\t\tCostTypes: &budgets.BudgetCostTypesArgs{\n\t\t\t\tIncludeCredit: pulumi.Bool(false),\n\t\t\t\tIncludeDiscount: pulumi.Bool(false),\n\t\t\t\tIncludeOtherSubscription: pulumi.Bool(false),\n\t\t\t\tIncludeRecurring: pulumi.Bool(false),\n\t\t\t\tIncludeRefund: pulumi.Bool(false),\n\t\t\t\tIncludeSubscription: pulumi.Bool(true),\n\t\t\t\tIncludeSupport: pulumi.Bool(false),\n\t\t\t\tIncludeTax: pulumi.Bool(false),\n\t\t\t\tIncludeUpfront: pulumi.Bool(false),\n\t\t\t\tUseBlended: pulumi.Bool(false),\n\t\t\t},\n\t\t\tLimitAmount: pulumi.String(\"100.0\"),\n\t\t\tLimitUnit: pulumi.String(\"PERCENTAGE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nCreate a RI Utilization Budget\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst riUtilization = new aws.budgets.Budget(\"ri_utilization\", {\n // ...\n budgetType: \"RI_UTILIZATION\",\n // RI Utilization plans require a service cost filter to be set\n costFilters: {\n Service: \"Amazon Relational Database Service\",\n },\n //Cost types must be defined for RI budgets because the settings conflict with the defaults\n costTypes: {\n includeCredit: false,\n includeDiscount: false,\n includeOtherSubscription: false,\n includeRecurring: false,\n includeRefund: false,\n includeSubscription: true,\n includeSupport: false,\n includeTax: false,\n includeUpfront: false,\n useBlended: false,\n },\n limitAmount: \"100.0\", // RI utilization must be 100\n limitUnit: \"PERCENTAGE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nri_utilization = aws.budgets.Budget(\"riUtilization\",\n budget_type=\"RI_UTILIZATION\",\n cost_filters={\n \"Service\": \"Amazon Relational Database Service\",\n },\n cost_types=aws.budgets.BudgetCostTypesArgs(\n include_credit=False,\n include_discount=False,\n include_other_subscription=False,\n include_recurring=False,\n include_refund=False,\n include_subscription=True,\n include_support=False,\n include_tax=False,\n include_upfront=False,\n use_blended=False,\n ),\n limit_amount=\"100.0\",\n limit_unit=\"PERCENTAGE\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var riUtilization = new Aws.Budgets.Budget(\"riUtilization\", new Aws.Budgets.BudgetArgs\n {\n BudgetType = \"RI_UTILIZATION\",\n CostFilters = \n {\n { \"Service\", \"Amazon Relational Database Service\" },\n },\n CostTypes = new Aws.Budgets.Inputs.BudgetCostTypesArgs\n {\n IncludeCredit = false,\n IncludeDiscount = false,\n IncludeOtherSubscription = false,\n IncludeRecurring = false,\n IncludeRefund = false,\n IncludeSubscription = true,\n IncludeSupport = false,\n IncludeTax = false,\n IncludeUpfront = false,\n UseBlended = false,\n },\n LimitAmount = \"100.0\",\n LimitUnit = \"PERCENTAGE\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/budgets\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := budgets.NewBudget(ctx, \"riUtilization\", &budgets.BudgetArgs{\n\t\t\tBudgetType: pulumi.String(\"RI_UTILIZATION\"),\n\t\t\tCostFilters: pulumi.StringMap{\n\t\t\t\t\"Service\": pulumi.String(\"Amazon Relational Database Service\"),\n\t\t\t},\n\t\t\tCostTypes: &budgets.BudgetCostTypesArgs{\n\t\t\t\tIncludeCredit: pulumi.Bool(false),\n\t\t\t\tIncludeDiscount: pulumi.Bool(false),\n\t\t\t\tIncludeOtherSubscription: pulumi.Bool(false),\n\t\t\t\tIncludeRecurring: pulumi.Bool(false),\n\t\t\t\tIncludeRefund: pulumi.Bool(false),\n\t\t\t\tIncludeSubscription: pulumi.Bool(true),\n\t\t\t\tIncludeSupport: pulumi.Bool(false),\n\t\t\t\tIncludeTax: pulumi.Bool(false),\n\t\t\t\tIncludeUpfront: pulumi.Bool(false),\n\t\t\t\tUseBlended: pulumi.Bool(false),\n\t\t\t},\n\t\t\tLimitAmount: pulumi.String(\"100.0\"),\n\t\t\tLimitUnit: pulumi.String(\"PERCENTAGE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBudgets can be imported using `AccountID:BudgetName`, e.g.\n\n```sh\n $ pulumi import aws:budgets/budget:Budget myBudget 123456789012:myBudget`\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the target account for budget. Will use current user's account_id by default if omitted.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the budget.\n" + }, + "budgetType": { + "type": "string", + "description": "Whether this budget tracks monetary cost or usage.\n" + }, + "costFilters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of CostFilters key/value pairs to apply to the budget.\n" + }, + "costTypes": { + "$ref": "#/types/aws:budgets/BudgetCostTypes:BudgetCostTypes", + "description": "Object containing CostTypes The types of cost included in a budget, such as tax and subscriptions.\n" + }, + "limitAmount": { + "type": "string", + "description": "The amount of cost or usage being measured for a budget.\n" + }, + "limitUnit": { + "type": "string", + "description": "The unit of measurement used for the budget forecast, actual spend, or budget threshold, such as dollars or GB. See [Spend](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/data-type-spend.html) documentation.\n" + }, + "name": { + "type": "string", + "description": "The name of a budget. Unique within accounts.\n" + }, + "namePrefix": { + "type": "string", + "description": "The prefix of the name of a budget. Unique within accounts.\n" + }, + "notifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:budgets/BudgetNotification:BudgetNotification" + }, + "description": "Object containing Budget Notifications. Can be used multiple times to define more than one budget notification\n" + }, + "timePeriodEnd": { + "type": "string", + "description": "The end of the time period covered by the budget. There are no restrictions on the end date. Format: `2017-01-01_12:00`.\n" + }, + "timePeriodStart": { + "type": "string", + "description": "The start of the time period covered by the budget. If you don't specify a start date, AWS defaults to the start of your chosen time period. The start date must come before the end date. Format: `2017-01-01_12:00`.\n" + }, + "timeUnit": { + "type": "string", + "description": "The length of time until a budget resets the actual and forecasted spend. Valid values: `MONTHLY`, `QUARTERLY`, `ANNUALLY`, and `DAILY`.\n" + } + }, + "required": [ + "accountId", + "arn", + "budgetType", + "costFilters", + "costFilters", + "costTypes", + "limitAmount", + "limitUnit", + "name", + "namePrefix", + "timePeriodStart", + "timeUnit" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "The ID of the target account for budget. Will use current user's account_id by default if omitted.\n" + }, + "budgetType": { + "type": "string", + "description": "Whether this budget tracks monetary cost or usage.\n" + }, + "costFilters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of CostFilters key/value pairs to apply to the budget.\n" + }, + "costTypes": { + "$ref": "#/types/aws:budgets/BudgetCostTypes:BudgetCostTypes", + "description": "Object containing CostTypes The types of cost included in a budget, such as tax and subscriptions.\n" + }, + "limitAmount": { + "type": "string", + "description": "The amount of cost or usage being measured for a budget.\n" + }, + "limitUnit": { + "type": "string", + "description": "The unit of measurement used for the budget forecast, actual spend, or budget threshold, such as dollars or GB. See [Spend](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/data-type-spend.html) documentation.\n" + }, + "name": { + "type": "string", + "description": "The name of a budget. Unique within accounts.\n" + }, + "namePrefix": { + "type": "string", + "description": "The prefix of the name of a budget. Unique within accounts.\n" + }, + "notifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:budgets/BudgetNotification:BudgetNotification" + }, + "description": "Object containing Budget Notifications. Can be used multiple times to define more than one budget notification\n" + }, + "timePeriodEnd": { + "type": "string", + "description": "The end of the time period covered by the budget. There are no restrictions on the end date. Format: `2017-01-01_12:00`.\n" + }, + "timePeriodStart": { + "type": "string", + "description": "The start of the time period covered by the budget. If you don't specify a start date, AWS defaults to the start of your chosen time period. The start date must come before the end date. Format: `2017-01-01_12:00`.\n" + }, + "timeUnit": { + "type": "string", + "description": "The length of time until a budget resets the actual and forecasted spend. Valid values: `MONTHLY`, `QUARTERLY`, `ANNUALLY`, and `DAILY`.\n" + } + }, + "requiredInputs": [ + "budgetType", + "limitAmount", + "limitUnit", + "timeUnit" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Budget resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the target account for budget. Will use current user's account_id by default if omitted.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the budget.\n" + }, + "budgetType": { + "type": "string", + "description": "Whether this budget tracks monetary cost or usage.\n" + }, + "costFilters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of CostFilters key/value pairs to apply to the budget.\n" + }, + "costTypes": { + "$ref": "#/types/aws:budgets/BudgetCostTypes:BudgetCostTypes", + "description": "Object containing CostTypes The types of cost included in a budget, such as tax and subscriptions.\n" + }, + "limitAmount": { + "type": "string", + "description": "The amount of cost or usage being measured for a budget.\n" + }, + "limitUnit": { + "type": "string", + "description": "The unit of measurement used for the budget forecast, actual spend, or budget threshold, such as dollars or GB. See [Spend](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/data-type-spend.html) documentation.\n" + }, + "name": { + "type": "string", + "description": "The name of a budget. Unique within accounts.\n" + }, + "namePrefix": { + "type": "string", + "description": "The prefix of the name of a budget. Unique within accounts.\n" + }, + "notifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:budgets/BudgetNotification:BudgetNotification" + }, + "description": "Object containing Budget Notifications. Can be used multiple times to define more than one budget notification\n" + }, + "timePeriodEnd": { + "type": "string", + "description": "The end of the time period covered by the budget. There are no restrictions on the end date. Format: `2017-01-01_12:00`.\n" + }, + "timePeriodStart": { + "type": "string", + "description": "The start of the time period covered by the budget. If you don't specify a start date, AWS defaults to the start of your chosen time period. The start date must come before the end date. Format: `2017-01-01_12:00`.\n" + }, + "timeUnit": { + "type": "string", + "description": "The length of time until a budget resets the actual and forecasted spend. Valid values: `MONTHLY`, `QUARTERLY`, `ANNUALLY`, and `DAILY`.\n" + } + }, + "type": "object" + } + }, + "aws:budgets/budgetAction:BudgetAction": { + "description": "Provides a budget action resource. Budget actions are cost savings controls that run either automatically on your behalf or by using a workflow approval process.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplePolicy = new aws.iam.Policy(\"examplePolicy\", {\n description: \"My example policy\",\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n});\nconst current = aws.getPartition({});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: current.then(current => `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": [\n \"budgets.${current.dnsSuffix}\"\n ]\n },\n \"Action\": [\n \"sts:AssumeRole\"\n ]\n }\n ]\n}\n`)});\nconst exampleBudget = new aws.budgets.Budget(\"exampleBudget\", {\n budgetType: \"USAGE\",\n limitAmount: \"10.0\",\n limitUnit: \"dollars\",\n timePeriodStart: \"2006-01-02_15:04\",\n timeUnit: \"MONTHLY\",\n});\nconst exampleBudgetAction = new aws.budgets.BudgetAction(\"exampleBudgetAction\", {\n budgetName: exampleBudget.name,\n actionType: \"APPLY_IAM_POLICY\",\n approvalModel: \"AUTOMATIC\",\n notificationType: \"ACTUAL\",\n executionRoleArn: exampleRole.arn,\n actionThreshold: {\n actionThresholdType: \"ABSOLUTE_VALUE\",\n actionThresholdValue: 100,\n },\n definition: {\n iamActionDefinition: {\n policyArn: examplePolicy.arn,\n roles: [exampleRole.name],\n },\n },\n subscribers: [{\n address: \"example@example.example\",\n subscriptionType: \"EMAIL\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_policy = aws.iam.Policy(\"examplePolicy\",\n description=\"My example policy\",\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\")\ncurrent = aws.get_partition()\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Principal\": {{\n \"Service\": [\n \"budgets.{current.dns_suffix}\"\n ]\n }},\n \"Action\": [\n \"sts:AssumeRole\"\n ]\n }}\n ]\n}}\n\"\"\")\nexample_budget = aws.budgets.Budget(\"exampleBudget\",\n budget_type=\"USAGE\",\n limit_amount=\"10.0\",\n limit_unit=\"dollars\",\n time_period_start=\"2006-01-02_15:04\",\n time_unit=\"MONTHLY\")\nexample_budget_action = aws.budgets.BudgetAction(\"exampleBudgetAction\",\n budget_name=example_budget.name,\n action_type=\"APPLY_IAM_POLICY\",\n approval_model=\"AUTOMATIC\",\n notification_type=\"ACTUAL\",\n execution_role_arn=example_role.arn,\n action_threshold=aws.budgets.BudgetActionActionThresholdArgs(\n action_threshold_type=\"ABSOLUTE_VALUE\",\n action_threshold_value=100,\n ),\n definition=aws.budgets.BudgetActionDefinitionArgs(\n iam_action_definition=aws.budgets.BudgetActionDefinitionIamActionDefinitionArgs(\n policy_arn=example_policy.arn,\n roles=[example_role.name],\n ),\n ),\n subscribers=[aws.budgets.BudgetActionSubscriberArgs(\n address=\"example@example.example\",\n subscription_type=\"EMAIL\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplePolicy = new Aws.Iam.Policy(\"examplePolicy\", new Aws.Iam.PolicyArgs\n {\n Description = \"My example policy\",\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": [\n \"\"ec2:Describe*\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n });\n var current = Output.Create(Aws.GetPartition.InvokeAsync());\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = current.Apply(current => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n \"\"Service\"\": [\n \"\"budgets.{current.DnsSuffix}\"\"\n ]\n }},\n \"\"Action\"\": [\n \"\"sts:AssumeRole\"\"\n ]\n }}\n ]\n}}\n\"),\n });\n var exampleBudget = new Aws.Budgets.Budget(\"exampleBudget\", new Aws.Budgets.BudgetArgs\n {\n BudgetType = \"USAGE\",\n LimitAmount = \"10.0\",\n LimitUnit = \"dollars\",\n TimePeriodStart = \"2006-01-02_15:04\",\n TimeUnit = \"MONTHLY\",\n });\n var exampleBudgetAction = new Aws.Budgets.BudgetAction(\"exampleBudgetAction\", new Aws.Budgets.BudgetActionArgs\n {\n BudgetName = exampleBudget.Name,\n ActionType = \"APPLY_IAM_POLICY\",\n ApprovalModel = \"AUTOMATIC\",\n NotificationType = \"ACTUAL\",\n ExecutionRoleArn = exampleRole.Arn,\n ActionThreshold = new Aws.Budgets.Inputs.BudgetActionActionThresholdArgs\n {\n ActionThresholdType = \"ABSOLUTE_VALUE\",\n ActionThresholdValue = 100,\n },\n Definition = new Aws.Budgets.Inputs.BudgetActionDefinitionArgs\n {\n IamActionDefinition = new Aws.Budgets.Inputs.BudgetActionDefinitionIamActionDefinitionArgs\n {\n PolicyArn = examplePolicy.Arn,\n Roles = \n {\n exampleRole.Name,\n },\n },\n },\n Subscribers = \n {\n new Aws.Budgets.Inputs.BudgetActionSubscriberArgs\n {\n Address = \"example@example.example\",\n SubscriptionType = \"EMAIL\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/budgets\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplePolicy, err := iam.NewPolicy(ctx, \"examplePolicy\", &iam.PolicyArgs{\n\t\t\tDescription: pulumi.String(\"My example policy\"),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:Describe*\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": [\\n\", \" \\\"budgets.\", current.DnsSuffix, \"\\\"\\n\", \" ]\\n\", \" },\\n\", \" \\\"Action\\\": [\\n\", \" \\\"sts:AssumeRole\\\"\\n\", \" ]\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBudget, err := budgets.NewBudget(ctx, \"exampleBudget\", &budgets.BudgetArgs{\n\t\t\tBudgetType: pulumi.String(\"USAGE\"),\n\t\t\tLimitAmount: pulumi.String(\"10.0\"),\n\t\t\tLimitUnit: pulumi.String(\"dollars\"),\n\t\t\tTimePeriodStart: pulumi.String(\"2006-01-02_15:04\"),\n\t\t\tTimeUnit: pulumi.String(\"MONTHLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = budgets.NewBudgetAction(ctx, \"exampleBudgetAction\", &budgets.BudgetActionArgs{\n\t\t\tBudgetName: exampleBudget.Name,\n\t\t\tActionType: pulumi.String(\"APPLY_IAM_POLICY\"),\n\t\t\tApprovalModel: pulumi.String(\"AUTOMATIC\"),\n\t\t\tNotificationType: pulumi.String(\"ACTUAL\"),\n\t\t\tExecutionRoleArn: exampleRole.Arn,\n\t\t\tActionThreshold: &budgets.BudgetActionActionThresholdArgs{\n\t\t\t\tActionThresholdType: pulumi.String(\"ABSOLUTE_VALUE\"),\n\t\t\t\tActionThresholdValue: pulumi.Float64(100),\n\t\t\t},\n\t\t\tDefinition: &budgets.BudgetActionDefinitionArgs{\n\t\t\t\tIamActionDefinition: &budgets.BudgetActionDefinitionIamActionDefinitionArgs{\n\t\t\t\t\tPolicyArn: examplePolicy.Arn,\n\t\t\t\t\tRoles: pulumi.StringArray{\n\t\t\t\t\t\texampleRole.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSubscribers: budgets.BudgetActionSubscriberArray{\n\t\t\t\t&budgets.BudgetActionSubscriberArgs{\n\t\t\t\t\tAddress: pulumi.String(\"example@example.example\"),\n\t\t\t\t\tSubscriptionType: pulumi.String(\"EMAIL\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBudgets can be imported using `AccountID:ActionID:BudgetName`, e.g.\n\n```sh\n $ pulumi import aws:budgets/budgetAction:BudgetAction myBudget 123456789012:some-id:myBudget`\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the target account for budget. Will use current user's account_id by default if omitted.\n" + }, + "actionId": { + "type": "string", + "description": "The id of the budget action.\n" + }, + "actionThreshold": { + "$ref": "#/types/aws:budgets/BudgetActionActionThreshold:BudgetActionActionThreshold", + "description": "The trigger threshold of the action. See Action Threshold.\n" + }, + "actionType": { + "type": "string", + "description": "The type of action. This defines the type of tasks that can be carried out by this action. This field also determines the format for definition. Valid values are `APPLY_IAM_POLICY`, `APPLY_SCP_POLICY`, and `RUN_SSM_DOCUMENTS`.\n" + }, + "approvalModel": { + "type": "string", + "description": "This specifies if the action needs manual or automatic approval. Valid values are `AUTOMATIC` and `MANUAL`.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the budget action.\n" + }, + "budgetName": { + "type": "string", + "description": "The name of a budget.\n" + }, + "definition": { + "$ref": "#/types/aws:budgets/BudgetActionDefinition:BudgetActionDefinition", + "description": "Specifies all of the type-specific parameters. See Definition.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "The role passed for action execution and reversion. Roles and actions must be in the same account.\n" + }, + "notificationType": { + "type": "string", + "description": "The type of a notification. Valid values are `ACTUAL` or `FORECASTED`.\n" + }, + "status": { + "type": "string", + "description": "The status of the budget action.\n" + }, + "subscribers": { + "type": "array", + "items": { + "$ref": "#/types/aws:budgets/BudgetActionSubscriber:BudgetActionSubscriber" + }, + "description": "A list of subscribers. See Subscriber.\n" + } + }, + "required": [ + "accountId", + "actionId", + "actionThreshold", + "actionType", + "approvalModel", + "arn", + "budgetName", + "definition", + "executionRoleArn", + "notificationType", + "status", + "subscribers" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "The ID of the target account for budget. Will use current user's account_id by default if omitted.\n" + }, + "actionThreshold": { + "$ref": "#/types/aws:budgets/BudgetActionActionThreshold:BudgetActionActionThreshold", + "description": "The trigger threshold of the action. See Action Threshold.\n" + }, + "actionType": { + "type": "string", + "description": "The type of action. This defines the type of tasks that can be carried out by this action. This field also determines the format for definition. Valid values are `APPLY_IAM_POLICY`, `APPLY_SCP_POLICY`, and `RUN_SSM_DOCUMENTS`.\n" + }, + "approvalModel": { + "type": "string", + "description": "This specifies if the action needs manual or automatic approval. Valid values are `AUTOMATIC` and `MANUAL`.\n" + }, + "budgetName": { + "type": "string", + "description": "The name of a budget.\n" + }, + "definition": { + "$ref": "#/types/aws:budgets/BudgetActionDefinition:BudgetActionDefinition", + "description": "Specifies all of the type-specific parameters. See Definition.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "The role passed for action execution and reversion. Roles and actions must be in the same account.\n" + }, + "notificationType": { + "type": "string", + "description": "The type of a notification. Valid values are `ACTUAL` or `FORECASTED`.\n" + }, + "subscribers": { + "type": "array", + "items": { + "$ref": "#/types/aws:budgets/BudgetActionSubscriber:BudgetActionSubscriber" + }, + "description": "A list of subscribers. See Subscriber.\n" + } + }, + "requiredInputs": [ + "actionThreshold", + "actionType", + "approvalModel", + "budgetName", + "definition", + "executionRoleArn", + "notificationType", + "subscribers" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BudgetAction resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the target account for budget. Will use current user's account_id by default if omitted.\n" + }, + "actionId": { + "type": "string", + "description": "The id of the budget action.\n" + }, + "actionThreshold": { + "$ref": "#/types/aws:budgets/BudgetActionActionThreshold:BudgetActionActionThreshold", + "description": "The trigger threshold of the action. See Action Threshold.\n" + }, + "actionType": { + "type": "string", + "description": "The type of action. This defines the type of tasks that can be carried out by this action. This field also determines the format for definition. Valid values are `APPLY_IAM_POLICY`, `APPLY_SCP_POLICY`, and `RUN_SSM_DOCUMENTS`.\n" + }, + "approvalModel": { + "type": "string", + "description": "This specifies if the action needs manual or automatic approval. Valid values are `AUTOMATIC` and `MANUAL`.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the budget action.\n" + }, + "budgetName": { + "type": "string", + "description": "The name of a budget.\n" + }, + "definition": { + "$ref": "#/types/aws:budgets/BudgetActionDefinition:BudgetActionDefinition", + "description": "Specifies all of the type-specific parameters. See Definition.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "The role passed for action execution and reversion. Roles and actions must be in the same account.\n" + }, + "notificationType": { + "type": "string", + "description": "The type of a notification. Valid values are `ACTUAL` or `FORECASTED`.\n" + }, + "status": { + "type": "string", + "description": "The status of the budget action.\n" + }, + "subscribers": { + "type": "array", + "items": { + "$ref": "#/types/aws:budgets/BudgetActionSubscriber:BudgetActionSubscriber" + }, + "description": "A list of subscribers. See Subscriber.\n" + } + }, + "type": "object" + } + }, + "aws:cfg/aggregateAuthorization:AggregateAuthorization": { + "description": "Manages an AWS Config Aggregate Authorization\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cfg.AggregateAuthorization(\"example\", {\n accountId: \"123456789012\",\n region: \"eu-west-2\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cfg.AggregateAuthorization(\"example\",\n account_id=\"123456789012\",\n region=\"eu-west-2\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Cfg.AggregateAuthorization(\"example\", new Aws.Cfg.AggregateAuthorizationArgs\n {\n AccountId = \"123456789012\",\n Region = \"eu-west-2\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewAggregateAuthorization(ctx, \"example\", &cfg.AggregateAuthorizationArgs{\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t\tRegion: pulumi.String(\"eu-west-2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConfig aggregate authorizations can be imported using `account_id:region`, e.g.\n\n```sh\n $ pulumi import aws:cfg/aggregateAuthorization:AggregateAuthorization example 123456789012:us-east-1\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "Account ID\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the authorization\n" + }, + "region": { + "type": "string", + "description": "Region\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "accountId", + "arn", + "region", + "tagsAll" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "Account ID\n" + }, + "region": { + "type": "string", + "description": "Region\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "accountId", + "region" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AggregateAuthorization resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "Account ID\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the authorization\n" + }, + "region": { + "type": "string", + "description": "Region\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:cfg/configurationAggregator:ConfigurationAggregator": { + "description": "Manages an AWS Config Configuration Aggregator\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Account Based Aggregation\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst account = new aws.cfg.ConfigurationAggregator(\"account\", {\n accountAggregationSource: {\n accountIds: [\"123456789012\"],\n regions: [\"us-west-2\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccount = aws.cfg.ConfigurationAggregator(\"account\", account_aggregation_source=aws.cfg.ConfigurationAggregatorAccountAggregationSourceArgs(\n account_ids=[\"123456789012\"],\n regions=[\"us-west-2\"],\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var account = new Aws.Cfg.ConfigurationAggregator(\"account\", new Aws.Cfg.ConfigurationAggregatorArgs\n {\n AccountAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorAccountAggregationSourceArgs\n {\n AccountIds = \n {\n \"123456789012\",\n },\n Regions = \n {\n \"us-west-2\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewConfigurationAggregator(ctx, \"account\", &cfg.ConfigurationAggregatorArgs{\n\t\t\tAccountAggregationSource: &cfg.ConfigurationAggregatorAccountAggregationSourceArgs{\n\t\t\t\tAccountIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"123456789012\"),\n\t\t\t\t},\n\t\t\t\tRegions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"us-west-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Organization Based Aggregation\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst organizationRole = new aws.iam.Role(\"organizationRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"config.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst organizationRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"organizationRolePolicyAttachment\", {\n role: organizationRole.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\",\n});\nconst organizationConfigurationAggregator = new aws.cfg.ConfigurationAggregator(\"organizationConfigurationAggregator\", {organizationAggregationSource: {\n allRegions: true,\n roleArn: organizationRole.arn,\n}}, {\n dependsOn: [organizationRolePolicyAttachment],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norganization_role = aws.iam.Role(\"organizationRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"config.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\norganization_role_policy_attachment = aws.iam.RolePolicyAttachment(\"organizationRolePolicyAttachment\",\n role=organization_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\")\norganization_configuration_aggregator = aws.cfg.ConfigurationAggregator(\"organizationConfigurationAggregator\", organization_aggregation_source=aws.cfg.ConfigurationAggregatorOrganizationAggregationSourceArgs(\n all_regions=True,\n role_arn=organization_role.arn,\n),\nopts=pulumi.ResourceOptions(depends_on=[organization_role_policy_attachment]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var organizationRole = new Aws.Iam.Role(\"organizationRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"config.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var organizationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"organizationRolePolicyAttachment\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = organizationRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\",\n });\n var organizationConfigurationAggregator = new Aws.Cfg.ConfigurationAggregator(\"organizationConfigurationAggregator\", new Aws.Cfg.ConfigurationAggregatorArgs\n {\n OrganizationAggregationSource = new Aws.Cfg.Inputs.ConfigurationAggregatorOrganizationAggregationSourceArgs\n {\n AllRegions = true,\n RoleArn = organizationRole.Arn,\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n organizationRolePolicyAttachment,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\torganizationRole, err := iam.NewRole(ctx, \"organizationRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"config.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\torganizationRolePolicyAttachment, err := iam.NewRolePolicyAttachment(ctx, \"organizationRolePolicyAttachment\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: organizationRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSConfigRoleForOrganizations\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewConfigurationAggregator(ctx, \"organizationConfigurationAggregator\", &cfg.ConfigurationAggregatorArgs{\n\t\t\tOrganizationAggregationSource: &cfg.ConfigurationAggregatorOrganizationAggregationSourceArgs{\n\t\t\t\tAllRegions: pulumi.Bool(true),\n\t\t\t\tRoleArn: organizationRole.Arn,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\torganizationRolePolicyAttachment,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConfiguration Aggregators can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:cfg/configurationAggregator:ConfigurationAggregator example foo\n```\n\n ", + "properties": { + "accountAggregationSource": { + "$ref": "#/types/aws:cfg/ConfigurationAggregatorAccountAggregationSource:ConfigurationAggregatorAccountAggregationSource", + "description": "The account(s) to aggregate config data from as documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the aggregator\n" + }, + "name": { + "type": "string", + "description": "The name of the configuration aggregator.\n" + }, + "organizationAggregationSource": { + "$ref": "#/types/aws:cfg/ConfigurationAggregatorOrganizationAggregationSource:ConfigurationAggregatorOrganizationAggregationSource", + "description": "The organization to aggregate config data from as documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "accountAggregationSource": { + "$ref": "#/types/aws:cfg/ConfigurationAggregatorAccountAggregationSource:ConfigurationAggregatorAccountAggregationSource", + "description": "The account(s) to aggregate config data from as documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the configuration aggregator.\n" + }, + "organizationAggregationSource": { + "$ref": "#/types/aws:cfg/ConfigurationAggregatorOrganizationAggregationSource:ConfigurationAggregatorOrganizationAggregationSource", + "description": "The organization to aggregate config data from as documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ConfigurationAggregator resources.\n", + "properties": { + "accountAggregationSource": { + "$ref": "#/types/aws:cfg/ConfigurationAggregatorAccountAggregationSource:ConfigurationAggregatorAccountAggregationSource", + "description": "The account(s) to aggregate config data from as documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the aggregator\n" + }, + "name": { + "type": "string", + "description": "The name of the configuration aggregator.\n" + }, + "organizationAggregationSource": { + "$ref": "#/types/aws:cfg/ConfigurationAggregatorOrganizationAggregationSource:ConfigurationAggregatorOrganizationAggregationSource", + "description": "The organization to aggregate config data from as documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:cfg/conformancePack:ConformancePack": { + "description": "Manages a Config Conformance Pack. More information about this collection of Config rules and remediation actions can be found in the\n[Conformance Packs](https://docs.aws.amazon.com/config/latest/developerguide/conformance-packs.html) documentation.\nSample Conformance Pack templates may be found in the\n[AWS Config Rules Repository](https://github.com/awslabs/aws-config-rules/tree/master/aws-config-conformance-packs).\n\n> **NOTE:** The account must have a Configuration Recorder with proper IAM permissions before the Conformance Pack will\nsuccessfully create or update. See also the `aws.cfg.Recorder` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Template Body\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cfg.ConformancePack(\"example\", {\n inputParameters: [{\n parameterName: \"AccessKeysRotatedParameterMaxAccessKeyAge\",\n parameterValue: \"90\",\n }],\n templateBody: `Parameters:\n AccessKeysRotatedParameterMaxAccessKeyAge:\n Type: String\nResources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n`,\n}, {\n dependsOn: [aws_config_configuration_recorder.example],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cfg.ConformancePack(\"example\",\n input_parameters=[aws.cfg.ConformancePackInputParameterArgs(\n parameter_name=\"AccessKeysRotatedParameterMaxAccessKeyAge\",\n parameter_value=\"90\",\n )],\n template_body=\"\"\"Parameters:\n AccessKeysRotatedParameterMaxAccessKeyAge:\n Type: String\nResources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n\"\"\",\n opts=pulumi.ResourceOptions(depends_on=[aws_config_configuration_recorder[\"example\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Cfg.ConformancePack(\"example\", new Aws.Cfg.ConformancePackArgs\n {\n InputParameters = \n {\n new Aws.Cfg.Inputs.ConformancePackInputParameterArgs\n {\n ParameterName = \"AccessKeysRotatedParameterMaxAccessKeyAge\",\n ParameterValue = \"90\",\n },\n },\n TemplateBody = @\"Parameters:\n AccessKeysRotatedParameterMaxAccessKeyAge:\n Type: String\nResources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_config_configuration_recorder.Example,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cfg.NewConformancePack(ctx, \"example\", &cfg.ConformancePackArgs{\n\t\t\tInputParameters: cfg.ConformancePackInputParameterArray{\n\t\t\t\t&cfg.ConformancePackInputParameterArgs{\n\t\t\t\t\tParameterName: pulumi.String(\"AccessKeysRotatedParameterMaxAccessKeyAge\"),\n\t\t\t\t\tParameterValue: pulumi.String(\"90\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTemplateBody: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v\", \"Parameters:\\n\", \" AccessKeysRotatedParameterMaxAccessKeyAge:\\n\", \" Type: String\\n\", \"Resources:\\n\", \" IAMPasswordPolicy:\\n\", \" Properties:\\n\", \" ConfigRuleName: IAMPasswordPolicy\\n\", \" Source:\\n\", \" Owner: AWS\\n\", \" SourceIdentifier: IAM_PASSWORD_POLICY\\n\", \" Type: AWS::Config::ConfigRule\\n\")),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_config_configuration_recorder.Example,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Template S3 URI\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {});\nconst exampleBucketObject = new aws.s3.BucketObject(\"exampleBucketObject\", {\n bucket: exampleBucket.id,\n key: \"example-key\",\n content: `Resources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n`,\n});\nconst exampleConformancePack = new aws.cfg.ConformancePack(\"exampleConformancePack\", {templateS3Uri: pulumi.interpolate`s3://${exampleBucket.bucket}/${exampleBucketObject.key}`}, {\n dependsOn: [aws_config_configuration_recorder.example],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3.Bucket(\"exampleBucket\")\nexample_bucket_object = aws.s3.BucketObject(\"exampleBucketObject\",\n bucket=example_bucket.id,\n key=\"example-key\",\n content=\"\"\"Resources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n\"\"\")\nexample_conformance_pack = aws.cfg.ConformancePack(\"exampleConformancePack\", template_s3_uri=pulumi.Output.all(example_bucket.bucket, example_bucket_object.key).apply(lambda bucket, key: f\"s3://{bucket}/{key}\"),\nopts=pulumi.ResourceOptions(depends_on=[aws_config_configuration_recorder[\"example\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n });\n var exampleBucketObject = new Aws.S3.BucketObject(\"exampleBucketObject\", new Aws.S3.BucketObjectArgs\n {\n Bucket = exampleBucket.Id,\n Key = \"example-key\",\n Content = @\"Resources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n\",\n });\n var exampleConformancePack = new Aws.Cfg.ConformancePack(\"exampleConformancePack\", new Aws.Cfg.ConformancePackArgs\n {\n TemplateS3Uri = Output.Tuple(exampleBucket.BucketName, exampleBucketObject.Key).Apply(values =>\n {\n var bucket = values.Item1;\n var key = values.Item2;\n return $\"s3://{bucket}/{key}\";\n }),\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_config_configuration_recorder.Example,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketObject, err := s3.NewBucketObject(ctx, \"exampleBucketObject\", &s3.BucketObjectArgs{\n\t\t\tBucket: exampleBucket.ID(),\n\t\t\tKey: pulumi.String(\"example-key\"),\n\t\t\tContent: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v\", \"Resources:\\n\", \" IAMPasswordPolicy:\\n\", \" Properties:\\n\", \" ConfigRuleName: IAMPasswordPolicy\\n\", \" Source:\\n\", \" Owner: AWS\\n\", \" SourceIdentifier: IAM_PASSWORD_POLICY\\n\", \" Type: AWS::Config::ConfigRule\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewConformancePack(ctx, \"exampleConformancePack\", &cfg.ConformancePackArgs{\n\t\t\tTemplateS3Uri: pulumi.All(exampleBucket.Bucket, exampleBucketObject.Key).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tbucket := _args[0].(string)\n\t\t\t\tkey := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v\", \"s3://\", bucket, \"/\", key), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_config_configuration_recorder.Example,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConfig Conformance Packs can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:cfg/conformancePack:ConformancePack example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the conformance pack.\n" + }, + "deliveryS3Bucket": { + "type": "string", + "description": "Amazon S3 bucket where AWS Config stores conformance pack templates. Maximum length of 63.\n" + }, + "deliveryS3KeyPrefix": { + "type": "string", + "description": "The prefix for the Amazon S3 bucket. Maximum length of 1024.\n" + }, + "inputParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cfg/ConformancePackInputParameter:ConformancePackInputParameter" + }, + "description": "Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the `template_body` or in the template stored in Amazon S3 if using `template_s3_uri`.\n" + }, + "name": { + "type": "string", + "description": "The name of the conformance pack. Must begin with a letter and contain from 1 to 256 alphanumeric characters and hyphens.\n" + }, + "templateBody": { + "type": "string", + "description": "A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.\n" + }, + "templateS3Uri": { + "type": "string", + "description": "Location of file, e.g. `s3://bucketname/prefix`, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "deliveryS3Bucket": { + "type": "string", + "description": "Amazon S3 bucket where AWS Config stores conformance pack templates. Maximum length of 63.\n" + }, + "deliveryS3KeyPrefix": { + "type": "string", + "description": "The prefix for the Amazon S3 bucket. Maximum length of 1024.\n" + }, + "inputParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cfg/ConformancePackInputParameter:ConformancePackInputParameter" + }, + "description": "Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the `template_body` or in the template stored in Amazon S3 if using `template_s3_uri`.\n" + }, + "name": { + "type": "string", + "description": "The name of the conformance pack. Must begin with a letter and contain from 1 to 256 alphanumeric characters and hyphens.\n" + }, + "templateBody": { + "type": "string", + "description": "A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.\n" + }, + "templateS3Uri": { + "type": "string", + "description": "Location of file, e.g. `s3://bucketname/prefix`, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ConformancePack resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the conformance pack.\n" + }, + "deliveryS3Bucket": { + "type": "string", + "description": "Amazon S3 bucket where AWS Config stores conformance pack templates. Maximum length of 63.\n" + }, + "deliveryS3KeyPrefix": { + "type": "string", + "description": "The prefix for the Amazon S3 bucket. Maximum length of 1024.\n" + }, + "inputParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cfg/ConformancePackInputParameter:ConformancePackInputParameter" + }, + "description": "Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the `template_body` or in the template stored in Amazon S3 if using `template_s3_uri`.\n" + }, + "name": { + "type": "string", + "description": "The name of the conformance pack. Must begin with a letter and contain from 1 to 256 alphanumeric characters and hyphens.\n" + }, + "templateBody": { + "type": "string", + "description": "A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.\n" + }, + "templateS3Uri": { + "type": "string", + "description": "Location of file, e.g. `s3://bucketname/prefix`, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.\n" + } + }, + "type": "object" + } + }, + "aws:cfg/deliveryChannel:DeliveryChannel": { + "description": "Provides an AWS Config Delivery Channel.\n\n> **Note:** Delivery Channel requires a `Configuration Recorder` to be present. Use of `depends_on` (as shown below) is recommended to avoid race conditions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {forceDestroy: true});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"config.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst fooRecorder = new aws.cfg.Recorder(\"fooRecorder\", {roleArn: role.arn});\nconst fooDeliveryChannel = new aws.cfg.DeliveryChannel(\"fooDeliveryChannel\", {s3BucketName: bucket.bucket}, {\n dependsOn: [fooRecorder],\n});\nconst rolePolicy = new aws.iam.RolePolicy(\"rolePolicy\", {\n role: role.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${bucket.arn}\",\n \"${bucket.arn}/*\"\n ]\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\", force_destroy=True)\nrole = aws.iam.Role(\"role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"config.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\nfoo_recorder = aws.cfg.Recorder(\"fooRecorder\", role_arn=role.arn)\nfoo_delivery_channel = aws.cfg.DeliveryChannel(\"fooDeliveryChannel\", s3_bucket_name=bucket.bucket,\nopts=pulumi.ResourceOptions(depends_on=[foo_recorder]))\nrole_policy = aws.iam.RolePolicy(\"rolePolicy\",\n role=role.id,\n policy=pulumi.Output.all(bucket.arn, bucket.arn).apply(lambda bucketArn, bucketArn1: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": [\n \"s3:*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"{bucket_arn}\",\n \"{bucket_arn1}/*\"\n ]\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n ForceDestroy = true,\n });\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"config.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var fooRecorder = new Aws.Cfg.Recorder(\"fooRecorder\", new Aws.Cfg.RecorderArgs\n {\n RoleArn = role.Arn,\n });\n var fooDeliveryChannel = new Aws.Cfg.DeliveryChannel(\"fooDeliveryChannel\", new Aws.Cfg.DeliveryChannelArgs\n {\n S3BucketName = bucket.BucketName,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n fooRecorder,\n },\n });\n var rolePolicy = new Aws.Iam.RolePolicy(\"rolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = role.Id,\n Policy = Output.Tuple(bucket.Arn, bucket.Arn).Apply(values =>\n {\n var bucketArn = values.Item1;\n var bucketArn1 = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": [\n \"\"s3:*\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"{bucketArn}\"\",\n \"\"{bucketArn1}/*\"\"\n ]\n }}\n ]\n}}\n\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"config.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooRecorder, err := cfg.NewRecorder(ctx, \"fooRecorder\", &cfg.RecorderArgs{\n\t\t\tRoleArn: role.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewDeliveryChannel(ctx, \"fooDeliveryChannel\", &cfg.DeliveryChannelArgs{\n\t\t\tS3BucketName: bucket.Bucket,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfooRecorder,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"rolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: role.ID(),\n\t\t\tPolicy: pulumi.All(bucket.Arn, bucket.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tbucketArn := _args[0].(string)\n\t\t\t\tbucketArn1 := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:*\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"\", bucketArn, \"\\\",\\n\", \" \\\"\", bucketArn1, \"/*\\\"\\n\", \" ]\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDelivery Channel can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:cfg/deliveryChannel:DeliveryChannel foo example\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name of the delivery channel. Defaults to `default`. Changing it recreates the resource.\n" + }, + "s3BucketName": { + "type": "string", + "description": "The name of the S3 bucket used to store the configuration history.\n" + }, + "s3KeyPrefix": { + "type": "string", + "description": "The prefix for the specified S3 bucket.\n" + }, + "snapshotDeliveryProperties": { + "$ref": "#/types/aws:cfg/DeliveryChannelSnapshotDeliveryProperties:DeliveryChannelSnapshotDeliveryProperties", + "description": "Options for how AWS Config delivers configuration snapshots. See below\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The ARN of the SNS topic that AWS Config delivers notifications to.\n" + } + }, + "required": [ + "name", + "s3BucketName" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the delivery channel. Defaults to `default`. Changing it recreates the resource.\n" + }, + "s3BucketName": { + "type": "string", + "description": "The name of the S3 bucket used to store the configuration history.\n" + }, + "s3KeyPrefix": { + "type": "string", + "description": "The prefix for the specified S3 bucket.\n" + }, + "snapshotDeliveryProperties": { + "$ref": "#/types/aws:cfg/DeliveryChannelSnapshotDeliveryProperties:DeliveryChannelSnapshotDeliveryProperties", + "description": "Options for how AWS Config delivers configuration snapshots. See below\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The ARN of the SNS topic that AWS Config delivers notifications to.\n" + } + }, + "requiredInputs": [ + "s3BucketName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DeliveryChannel resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the delivery channel. Defaults to `default`. Changing it recreates the resource.\n" + }, + "s3BucketName": { + "type": "string", + "description": "The name of the S3 bucket used to store the configuration history.\n" + }, + "s3KeyPrefix": { + "type": "string", + "description": "The prefix for the specified S3 bucket.\n" + }, + "snapshotDeliveryProperties": { + "$ref": "#/types/aws:cfg/DeliveryChannelSnapshotDeliveryProperties:DeliveryChannelSnapshotDeliveryProperties", + "description": "Options for how AWS Config delivers configuration snapshots. See below\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The ARN of the SNS topic that AWS Config delivers notifications to.\n" + } + }, + "type": "object" + } + }, + "aws:cfg/organizationConformancePack:OrganizationConformancePack": { + "description": "Manages a Config Organization Conformance Pack. More information can be found in the [Managing Conformance Packs Across all Accounts in Your Organization](https://docs.aws.amazon.com/config/latest/developerguide/conformance-pack-organization-apis.html) and [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) documentation. Example conformance pack templates may be found in the [AWS Config Rules Repository](https://github.com/awslabs/aws-config-rules/tree/master/aws-config-conformance-packs).\n\n> **NOTE:** This resource must be created in the Organization master account or a delegated administrator account, and the Organization must have all features enabled. Every Organization account except those configured in the `excluded_accounts` argument must have a Configuration Recorder with proper IAM permissions before the Organization Conformance Pack will successfully create or update. See also the [`aws.cfg.Recorder` resource](https://www.terraform.io/docs/providers/aws/r/config_configuration_recorder.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using Template Body\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleOrganization = new aws.organizations.Organization(\"exampleOrganization\", {\n awsServiceAccessPrincipals: [\"config-multiaccountsetup.amazonaws.com\"],\n featureSet: \"ALL\",\n});\nconst exampleOrganizationConformancePack = new aws.cfg.OrganizationConformancePack(\"exampleOrganizationConformancePack\", {\n inputParameters: [{\n parameterName: \"AccessKeysRotatedParameterMaxAccessKeyAge\",\n parameterValue: \"90\",\n }],\n templateBody: `Parameters:\n AccessKeysRotatedParameterMaxAccessKeyAge:\n Type: String\nResources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n`,\n}, {\n dependsOn: [\n aws_config_configuration_recorder.example,\n exampleOrganization,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_organization = aws.organizations.Organization(\"exampleOrganization\",\n aws_service_access_principals=[\"config-multiaccountsetup.amazonaws.com\"],\n feature_set=\"ALL\")\nexample_organization_conformance_pack = aws.cfg.OrganizationConformancePack(\"exampleOrganizationConformancePack\",\n input_parameters=[aws.cfg.OrganizationConformancePackInputParameterArgs(\n parameter_name=\"AccessKeysRotatedParameterMaxAccessKeyAge\",\n parameter_value=\"90\",\n )],\n template_body=\"\"\"Parameters:\n AccessKeysRotatedParameterMaxAccessKeyAge:\n Type: String\nResources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n\"\"\",\n opts=pulumi.ResourceOptions(depends_on=[\n aws_config_configuration_recorder[\"example\"],\n example_organization,\n ]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleOrganization = new Aws.Organizations.Organization(\"exampleOrganization\", new Aws.Organizations.OrganizationArgs\n {\n AwsServiceAccessPrincipals = \n {\n \"config-multiaccountsetup.amazonaws.com\",\n },\n FeatureSet = \"ALL\",\n });\n var exampleOrganizationConformancePack = new Aws.Cfg.OrganizationConformancePack(\"exampleOrganizationConformancePack\", new Aws.Cfg.OrganizationConformancePackArgs\n {\n InputParameters = \n {\n new Aws.Cfg.Inputs.OrganizationConformancePackInputParameterArgs\n {\n ParameterName = \"AccessKeysRotatedParameterMaxAccessKeyAge\",\n ParameterValue = \"90\",\n },\n },\n TemplateBody = @\"Parameters:\n AccessKeysRotatedParameterMaxAccessKeyAge:\n Type: String\nResources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_config_configuration_recorder.Example,\n exampleOrganization,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleOrganization, err := organizations.NewOrganization(ctx, \"exampleOrganization\", &organizations.OrganizationArgs{\n\t\t\tAwsServiceAccessPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"config-multiaccountsetup.amazonaws.com\"),\n\t\t\t},\n\t\t\tFeatureSet: pulumi.String(\"ALL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewOrganizationConformancePack(ctx, \"exampleOrganizationConformancePack\", &cfg.OrganizationConformancePackArgs{\n\t\t\tInputParameters: cfg.OrganizationConformancePackInputParameterArray{\n\t\t\t\t&cfg.OrganizationConformancePackInputParameterArgs{\n\t\t\t\t\tParameterName: pulumi.String(\"AccessKeysRotatedParameterMaxAccessKeyAge\"),\n\t\t\t\t\tParameterValue: pulumi.String(\"90\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTemplateBody: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v\", \"Parameters:\\n\", \" AccessKeysRotatedParameterMaxAccessKeyAge:\\n\", \" Type: String\\n\", \"Resources:\\n\", \" IAMPasswordPolicy:\\n\", \" Properties:\\n\", \" ConfigRuleName: IAMPasswordPolicy\\n\", \" Source:\\n\", \" Owner: AWS\\n\", \" SourceIdentifier: IAM_PASSWORD_POLICY\\n\", \" Type: AWS::Config::ConfigRule\\n\")),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_config_configuration_recorder.Example,\n\t\t\texampleOrganization,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using Template S3 URI\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleOrganization = new aws.organizations.Organization(\"exampleOrganization\", {\n awsServiceAccessPrincipals: [\"config-multiaccountsetup.amazonaws.com\"],\n featureSet: \"ALL\",\n});\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {});\nconst exampleBucketObject = new aws.s3.BucketObject(\"exampleBucketObject\", {\n bucket: exampleBucket.id,\n key: \"example-key\",\n content: `Resources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n`,\n});\nconst exampleOrganizationConformancePack = new aws.cfg.OrganizationConformancePack(\"exampleOrganizationConformancePack\", {templateS3Uri: pulumi.interpolate`s3://${exampleBucket.bucket}/${exampleBucketObject.key}`}, {\n dependsOn: [\n aws_config_configuration_recorder.example,\n exampleOrganization,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_organization = aws.organizations.Organization(\"exampleOrganization\",\n aws_service_access_principals=[\"config-multiaccountsetup.amazonaws.com\"],\n feature_set=\"ALL\")\nexample_bucket = aws.s3.Bucket(\"exampleBucket\")\nexample_bucket_object = aws.s3.BucketObject(\"exampleBucketObject\",\n bucket=example_bucket.id,\n key=\"example-key\",\n content=\"\"\"Resources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n\"\"\")\nexample_organization_conformance_pack = aws.cfg.OrganizationConformancePack(\"exampleOrganizationConformancePack\", template_s3_uri=pulumi.Output.all(example_bucket.bucket, example_bucket_object.key).apply(lambda bucket, key: f\"s3://{bucket}/{key}\"),\nopts=pulumi.ResourceOptions(depends_on=[\n aws_config_configuration_recorder[\"example\"],\n example_organization,\n ]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleOrganization = new Aws.Organizations.Organization(\"exampleOrganization\", new Aws.Organizations.OrganizationArgs\n {\n AwsServiceAccessPrincipals = \n {\n \"config-multiaccountsetup.amazonaws.com\",\n },\n FeatureSet = \"ALL\",\n });\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n });\n var exampleBucketObject = new Aws.S3.BucketObject(\"exampleBucketObject\", new Aws.S3.BucketObjectArgs\n {\n Bucket = exampleBucket.Id,\n Key = \"example-key\",\n Content = @\"Resources:\n IAMPasswordPolicy:\n Properties:\n ConfigRuleName: IAMPasswordPolicy\n Source:\n Owner: AWS\n SourceIdentifier: IAM_PASSWORD_POLICY\n Type: AWS::Config::ConfigRule\n\",\n });\n var exampleOrganizationConformancePack = new Aws.Cfg.OrganizationConformancePack(\"exampleOrganizationConformancePack\", new Aws.Cfg.OrganizationConformancePackArgs\n {\n TemplateS3Uri = Output.Tuple(exampleBucket.BucketName, exampleBucketObject.Key).Apply(values =>\n {\n var bucket = values.Item1;\n var key = values.Item2;\n return $\"s3://{bucket}/{key}\";\n }),\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_config_configuration_recorder.Example,\n exampleOrganization,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleOrganization, err := organizations.NewOrganization(ctx, \"exampleOrganization\", &organizations.OrganizationArgs{\n\t\t\tAwsServiceAccessPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"config-multiaccountsetup.amazonaws.com\"),\n\t\t\t},\n\t\t\tFeatureSet: pulumi.String(\"ALL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketObject, err := s3.NewBucketObject(ctx, \"exampleBucketObject\", &s3.BucketObjectArgs{\n\t\t\tBucket: exampleBucket.ID(),\n\t\t\tKey: pulumi.String(\"example-key\"),\n\t\t\tContent: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v\", \"Resources:\\n\", \" IAMPasswordPolicy:\\n\", \" Properties:\\n\", \" ConfigRuleName: IAMPasswordPolicy\\n\", \" Source:\\n\", \" Owner: AWS\\n\", \" SourceIdentifier: IAM_PASSWORD_POLICY\\n\", \" Type: AWS::Config::ConfigRule\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewOrganizationConformancePack(ctx, \"exampleOrganizationConformancePack\", &cfg.OrganizationConformancePackArgs{\n\t\t\tTemplateS3Uri: pulumi.All(exampleBucket.Bucket, exampleBucketObject.Key).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tbucket := _args[0].(string)\n\t\t\t\tkey := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v\", \"s3://\", bucket, \"/\", key), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_config_configuration_recorder.Example,\n\t\t\texampleOrganization,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConfig Organization Conformance Packs can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:cfg/organizationConformancePack:OrganizationConformancePack example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the organization conformance pack.\n" + }, + "deliveryS3Bucket": { + "type": "string", + "description": "Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with `awsconfigconforms` prefix. Maximum length of 63.\n" + }, + "deliveryS3KeyPrefix": { + "type": "string", + "description": "The prefix for the Amazon S3 bucket. Maximum length of 1024.\n" + }, + "excludedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.\n" + }, + "inputParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cfg/OrganizationConformancePackInputParameter:OrganizationConformancePackInputParameter" + }, + "description": "Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the `template_body` or in the template stored in Amazon S3 if using `template_s3_uri`.\n" + }, + "name": { + "type": "string", + "description": "The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.\n" + }, + "templateBody": { + "type": "string", + "description": "A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.\n" + }, + "templateS3Uri": { + "type": "string", + "description": "Location of file, e.g. `s3://bucketname/prefix`, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "deliveryS3Bucket": { + "type": "string", + "description": "Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with `awsconfigconforms` prefix. Maximum length of 63.\n" + }, + "deliveryS3KeyPrefix": { + "type": "string", + "description": "The prefix for the Amazon S3 bucket. Maximum length of 1024.\n" + }, + "excludedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.\n" + }, + "inputParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cfg/OrganizationConformancePackInputParameter:OrganizationConformancePackInputParameter" + }, + "description": "Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the `template_body` or in the template stored in Amazon S3 if using `template_s3_uri`.\n" + }, + "name": { + "type": "string", + "description": "The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.\n" + }, + "templateBody": { + "type": "string", + "description": "A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.\n" + }, + "templateS3Uri": { + "type": "string", + "description": "Location of file, e.g. `s3://bucketname/prefix`, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering OrganizationConformancePack resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the organization conformance pack.\n" + }, + "deliveryS3Bucket": { + "type": "string", + "description": "Amazon S3 bucket where AWS Config stores conformance pack templates. Delivery bucket must begin with `awsconfigconforms` prefix. Maximum length of 63.\n" + }, + "deliveryS3KeyPrefix": { + "type": "string", + "description": "The prefix for the Amazon S3 bucket. Maximum length of 1024.\n" + }, + "excludedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of AWS accounts to be excluded from an organization conformance pack while deploying a conformance pack. Maximum of 1000 accounts.\n" + }, + "inputParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cfg/OrganizationConformancePackInputParameter:OrganizationConformancePackInputParameter" + }, + "description": "Set of configuration blocks describing input parameters passed to the conformance pack template. Documented below. When configured, the parameters must also be included in the `template_body` or in the template stored in Amazon S3 if using `template_s3_uri`.\n" + }, + "name": { + "type": "string", + "description": "The name of the organization conformance pack. Must begin with a letter and contain from 1 to 128 alphanumeric characters and hyphens.\n" + }, + "templateBody": { + "type": "string", + "description": "A string containing full conformance pack template body. Maximum length of 51200. Drift detection is not possible with this argument.\n" + }, + "templateS3Uri": { + "type": "string", + "description": "Location of file, e.g. `s3://bucketname/prefix`, containing the template body. The uri must point to the conformance pack template that is located in an Amazon S3 bucket in the same region as the conformance pack. Maximum length of 1024. Drift detection is not possible with this argument.\n" + } + }, + "type": "object" + } + }, + "aws:cfg/organizationCustomRule:OrganizationCustomRule": { + "description": "Manages a Config Organization Custom Rule. More information about these rules can be found in the [Enabling AWS Config Rules Across all Accounts in Your Organization](https://docs.aws.amazon.com/config/latest/developerguide/config-rule-multi-account-deployment.html) and [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) documentation. For working with Organization Managed Rules (those invoking an AWS managed rule), see the `aws_config_organization_managed__rule` resource.\n\n> **NOTE:** This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the `excluded_accounts` argument.\n\n> **NOTE:** The proper Lambda permission to allow the AWS Config service invoke the Lambda Function must be in place before the rule will successfully create or update. See also the `aws.lambda.Permission` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplePermission = new aws.lambda.Permission(\"examplePermission\", {\n action: \"lambda:InvokeFunction\",\n \"function\": aws_lambda_function.example.arn,\n principal: \"config.amazonaws.com\",\n});\nconst exampleOrganization = new aws.organizations.Organization(\"exampleOrganization\", {\n awsServiceAccessPrincipals: [\"config-multiaccountsetup.amazonaws.com\"],\n featureSet: \"ALL\",\n});\nconst exampleOrganizationCustomRule = new aws.cfg.OrganizationCustomRule(\"exampleOrganizationCustomRule\", {\n lambdaFunctionArn: aws_lambda_function.example.arn,\n triggerTypes: [\"ConfigurationItemChangeNotification\"],\n}, {\n dependsOn: [\n examplePermission,\n exampleOrganization,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_permission = aws.lambda_.Permission(\"examplePermission\",\n action=\"lambda:InvokeFunction\",\n function=aws_lambda_function[\"example\"][\"arn\"],\n principal=\"config.amazonaws.com\")\nexample_organization = aws.organizations.Organization(\"exampleOrganization\",\n aws_service_access_principals=[\"config-multiaccountsetup.amazonaws.com\"],\n feature_set=\"ALL\")\nexample_organization_custom_rule = aws.cfg.OrganizationCustomRule(\"exampleOrganizationCustomRule\",\n lambda_function_arn=aws_lambda_function[\"example\"][\"arn\"],\n trigger_types=[\"ConfigurationItemChangeNotification\"],\n opts=pulumi.ResourceOptions(depends_on=[\n example_permission,\n example_organization,\n ]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplePermission = new Aws.Lambda.Permission(\"examplePermission\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = aws_lambda_function.Example.Arn,\n Principal = \"config.amazonaws.com\",\n });\n var exampleOrganization = new Aws.Organizations.Organization(\"exampleOrganization\", new Aws.Organizations.OrganizationArgs\n {\n AwsServiceAccessPrincipals = \n {\n \"config-multiaccountsetup.amazonaws.com\",\n },\n FeatureSet = \"ALL\",\n });\n var exampleOrganizationCustomRule = new Aws.Cfg.OrganizationCustomRule(\"exampleOrganizationCustomRule\", new Aws.Cfg.OrganizationCustomRuleArgs\n {\n LambdaFunctionArn = aws_lambda_function.Example.Arn,\n TriggerTypes = \n {\n \"ConfigurationItemChangeNotification\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n examplePermission,\n exampleOrganization,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplePermission, err := lambda.NewPermission(ctx, \"examplePermission\", &lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tPrincipal: pulumi.String(\"config.amazonaws.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleOrganization, err := organizations.NewOrganization(ctx, \"exampleOrganization\", &organizations.OrganizationArgs{\n\t\t\tAwsServiceAccessPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"config-multiaccountsetup.amazonaws.com\"),\n\t\t\t},\n\t\t\tFeatureSet: pulumi.String(\"ALL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewOrganizationCustomRule(ctx, \"exampleOrganizationCustomRule\", &cfg.OrganizationCustomRuleArgs{\n\t\t\tLambdaFunctionArn: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tTriggerTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ConfigurationItemChangeNotification\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texamplePermission,\n\t\t\texampleOrganization,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConfig Organization Custom Rules can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:cfg/organizationCustomRule:OrganizationCustomRule example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the rule\n" + }, + "description": { + "type": "string", + "description": "Description of the rule\n" + }, + "excludedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS account identifiers to exclude from the rule\n" + }, + "inputParameters": { + "type": "string", + "description": "A string in JSON format that is passed to the AWS Config Rule Lambda Function\n" + }, + "lambdaFunctionArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the rule Lambda Function\n" + }, + "maximumExecutionFrequency": { + "type": "string", + "description": "The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "resourceIdScope": { + "type": "string", + "description": "Identifier of the AWS resource to evaluate\n" + }, + "resourceTypesScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of types of AWS resources to evaluate\n" + }, + "tagKeyScope": { + "type": "string", + "description": "Tag key of AWS resources to evaluate\n" + }, + "tagValueScope": { + "type": "string", + "description": "Tag value of AWS resources to evaluate\n" + }, + "triggerTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`, and `ScheduledNotification`\n" + } + }, + "required": [ + "arn", + "lambdaFunctionArn", + "name", + "triggerTypes" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the rule\n" + }, + "excludedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS account identifiers to exclude from the rule\n" + }, + "inputParameters": { + "type": "string", + "description": "A string in JSON format that is passed to the AWS Config Rule Lambda Function\n" + }, + "lambdaFunctionArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the rule Lambda Function\n" + }, + "maximumExecutionFrequency": { + "type": "string", + "description": "The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "resourceIdScope": { + "type": "string", + "description": "Identifier of the AWS resource to evaluate\n" + }, + "resourceTypesScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of types of AWS resources to evaluate\n" + }, + "tagKeyScope": { + "type": "string", + "description": "Tag key of AWS resources to evaluate\n" + }, + "tagValueScope": { + "type": "string", + "description": "Tag value of AWS resources to evaluate\n" + }, + "triggerTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`, and `ScheduledNotification`\n" + } + }, + "requiredInputs": [ + "lambdaFunctionArn", + "triggerTypes" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OrganizationCustomRule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the rule\n" + }, + "description": { + "type": "string", + "description": "Description of the rule\n" + }, + "excludedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS account identifiers to exclude from the rule\n" + }, + "inputParameters": { + "type": "string", + "description": "A string in JSON format that is passed to the AWS Config Rule Lambda Function\n" + }, + "lambdaFunctionArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the rule Lambda Function\n" + }, + "maximumExecutionFrequency": { + "type": "string", + "description": "The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "resourceIdScope": { + "type": "string", + "description": "Identifier of the AWS resource to evaluate\n" + }, + "resourceTypesScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of types of AWS resources to evaluate\n" + }, + "tagKeyScope": { + "type": "string", + "description": "Tag key of AWS resources to evaluate\n" + }, + "tagValueScope": { + "type": "string", + "description": "Tag value of AWS resources to evaluate\n" + }, + "triggerTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of notification types that trigger AWS Config to run an evaluation for the rule. Valid values: `ConfigurationItemChangeNotification`, `OversizedConfigurationItemChangeNotification`, and `ScheduledNotification`\n" + } + }, + "type": "object" + } + }, + "aws:cfg/organizationManagedRule:OrganizationManagedRule": { + "description": "Manages a Config Organization Managed Rule. More information about these rules can be found in the [Enabling AWS Config Rules Across all Accounts in Your Organization](https://docs.aws.amazon.com/config/latest/developerguide/config-rule-multi-account-deployment.html) and [AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html) documentation. For working with Organization Custom Rules (those invoking a custom Lambda Function), see the `aws.cfg.OrganizationCustomRule` resource.\n\n> **NOTE:** This resource must be created in the Organization master account and rules will include the master account unless its ID is added to the `excluded_accounts` argument.\n\n> **NOTE:** Every Organization account except those configured in the `excluded_accounts` argument must have a Configuration Recorder with proper IAM permissions before the rule will successfully create or update. See also the `aws.cfg.Recorder` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleOrganization = new aws.organizations.Organization(\"exampleOrganization\", {\n awsServiceAccessPrincipals: [\"config-multiaccountsetup.amazonaws.com\"],\n featureSet: \"ALL\",\n});\nconst exampleOrganizationManagedRule = new aws.cfg.OrganizationManagedRule(\"exampleOrganizationManagedRule\", {ruleIdentifier: \"IAM_PASSWORD_POLICY\"}, {\n dependsOn: [exampleOrganization],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_organization = aws.organizations.Organization(\"exampleOrganization\",\n aws_service_access_principals=[\"config-multiaccountsetup.amazonaws.com\"],\n feature_set=\"ALL\")\nexample_organization_managed_rule = aws.cfg.OrganizationManagedRule(\"exampleOrganizationManagedRule\", rule_identifier=\"IAM_PASSWORD_POLICY\",\nopts=pulumi.ResourceOptions(depends_on=[example_organization]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleOrganization = new Aws.Organizations.Organization(\"exampleOrganization\", new Aws.Organizations.OrganizationArgs\n {\n AwsServiceAccessPrincipals = \n {\n \"config-multiaccountsetup.amazonaws.com\",\n },\n FeatureSet = \"ALL\",\n });\n var exampleOrganizationManagedRule = new Aws.Cfg.OrganizationManagedRule(\"exampleOrganizationManagedRule\", new Aws.Cfg.OrganizationManagedRuleArgs\n {\n RuleIdentifier = \"IAM_PASSWORD_POLICY\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleOrganization,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleOrganization, err := organizations.NewOrganization(ctx, \"exampleOrganization\", &organizations.OrganizationArgs{\n\t\t\tAwsServiceAccessPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"config-multiaccountsetup.amazonaws.com\"),\n\t\t\t},\n\t\t\tFeatureSet: pulumi.String(\"ALL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewOrganizationManagedRule(ctx, \"exampleOrganizationManagedRule\", &cfg.OrganizationManagedRuleArgs{\n\t\t\tRuleIdentifier: pulumi.String(\"IAM_PASSWORD_POLICY\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleOrganization,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConfig Organization Managed Rules can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:cfg/organizationManagedRule:OrganizationManagedRule example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the rule\n" + }, + "description": { + "type": "string", + "description": "Description of the rule\n" + }, + "excludedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS account identifiers to exclude from the rule\n" + }, + "inputParameters": { + "type": "string", + "description": "A string in JSON format that is passed to the AWS Config Rule Lambda Function\n" + }, + "maximumExecutionFrequency": { + "type": "string", + "description": "The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "resourceIdScope": { + "type": "string", + "description": "Identifier of the AWS resource to evaluate\n" + }, + "resourceTypesScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of types of AWS resources to evaluate\n" + }, + "ruleIdentifier": { + "type": "string", + "description": "Identifier of an available AWS Config Managed Rule to call. For available values, see the [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) documentation\n" + }, + "tagKeyScope": { + "type": "string", + "description": "Tag key of AWS resources to evaluate\n" + }, + "tagValueScope": { + "type": "string", + "description": "Tag value of AWS resources to evaluate\n" + } + }, + "required": [ + "arn", + "name", + "ruleIdentifier" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the rule\n" + }, + "excludedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS account identifiers to exclude from the rule\n" + }, + "inputParameters": { + "type": "string", + "description": "A string in JSON format that is passed to the AWS Config Rule Lambda Function\n" + }, + "maximumExecutionFrequency": { + "type": "string", + "description": "The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "resourceIdScope": { + "type": "string", + "description": "Identifier of the AWS resource to evaluate\n" + }, + "resourceTypesScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of types of AWS resources to evaluate\n" + }, + "ruleIdentifier": { + "type": "string", + "description": "Identifier of an available AWS Config Managed Rule to call. For available values, see the [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) documentation\n" + }, + "tagKeyScope": { + "type": "string", + "description": "Tag key of AWS resources to evaluate\n" + }, + "tagValueScope": { + "type": "string", + "description": "Tag value of AWS resources to evaluate\n" + } + }, + "requiredInputs": [ + "ruleIdentifier" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OrganizationManagedRule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the rule\n" + }, + "description": { + "type": "string", + "description": "Description of the rule\n" + }, + "excludedAccounts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS account identifiers to exclude from the rule\n" + }, + "inputParameters": { + "type": "string", + "description": "A string in JSON format that is passed to the AWS Config Rule Lambda Function\n" + }, + "maximumExecutionFrequency": { + "type": "string", + "description": "The maximum frequency with which AWS Config runs evaluations for a rule, if the rule is triggered at a periodic frequency. Defaults to `TwentyFour_Hours` for periodic frequency triggered rules. Valid values: `One_Hour`, `Three_Hours`, `Six_Hours`, `Twelve_Hours`, or `TwentyFour_Hours`.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "resourceIdScope": { + "type": "string", + "description": "Identifier of the AWS resource to evaluate\n" + }, + "resourceTypesScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of types of AWS resources to evaluate\n" + }, + "ruleIdentifier": { + "type": "string", + "description": "Identifier of an available AWS Config Managed Rule to call. For available values, see the [List of AWS Config Managed Rules](https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws-config.html) documentation\n" + }, + "tagKeyScope": { + "type": "string", + "description": "Tag key of AWS resources to evaluate\n" + }, + "tagValueScope": { + "type": "string", + "description": "Tag value of AWS resources to evaluate\n" + } + }, + "type": "object" + } + }, + "aws:cfg/recorder:Recorder": { + "description": "Provides an AWS Config Configuration Recorder. Please note that this resource **does not start** the created recorder automatically.\n\n> **Note:** _Starting_ the Configuration Recorder requires a `delivery channel` (while delivery channel creation requires Configuration Recorder). This is why `aws.cfg.RecorderStatus` is a separate resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"config.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst foo = new aws.cfg.Recorder(\"foo\", {roleArn: role.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrole = aws.iam.Role(\"role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"config.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\nfoo = aws.cfg.Recorder(\"foo\", role_arn=role.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"config.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var foo = new Aws.Cfg.Recorder(\"foo\", new Aws.Cfg.RecorderArgs\n {\n RoleArn = role.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"config.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorder(ctx, \"foo\", &cfg.RecorderArgs{\n\t\t\tRoleArn: role.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConfiguration Recorder can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:cfg/recorder:Recorder foo example\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name of the recorder. Defaults to `default`. Changing it recreates the resource.\n" + }, + "recordingGroup": { + "$ref": "#/types/aws:cfg/RecorderRecordingGroup:RecorderRecordingGroup", + "description": "Recording group - see below.\n" + }, + "roleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM role. Used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See [AWS Docs](http://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) for more details.\n" + } + }, + "required": [ + "name", + "recordingGroup", + "roleArn" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the recorder. Defaults to `default`. Changing it recreates the resource.\n" + }, + "recordingGroup": { + "$ref": "#/types/aws:cfg/RecorderRecordingGroup:RecorderRecordingGroup", + "description": "Recording group - see below.\n" + }, + "roleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM role. Used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See [AWS Docs](http://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) for more details.\n" + } + }, + "requiredInputs": [ + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Recorder resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the recorder. Defaults to `default`. Changing it recreates the resource.\n" + }, + "recordingGroup": { + "$ref": "#/types/aws:cfg/RecorderRecordingGroup:RecorderRecordingGroup", + "description": "Recording group - see below.\n" + }, + "roleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM role. Used to make read or write requests to the delivery channel and to describe the AWS resources associated with the account. See [AWS Docs](http://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) for more details.\n" + } + }, + "type": "object" + } + }, + "aws:cfg/recorderStatus:RecorderStatus": { + "description": "Manages status (recording / stopped) of an AWS Config Configuration Recorder.\n\n> **Note:** Starting Configuration Recorder requires a `Delivery Channel` to be present. Use of `depends_on` (as shown below) is recommended to avoid race conditions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst fooDeliveryChannel = new aws.cfg.DeliveryChannel(\"fooDeliveryChannel\", {s3BucketName: bucket.bucket});\nconst fooRecorderStatus = new aws.cfg.RecorderStatus(\"fooRecorderStatus\", {isEnabled: true}, {\n dependsOn: [fooDeliveryChannel],\n});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"config.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst rolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"rolePolicyAttachment\", {\n role: role.name,\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSConfigRole\",\n});\nconst fooRecorder = new aws.cfg.Recorder(\"fooRecorder\", {roleArn: role.arn});\nconst rolePolicy = new aws.iam.RolePolicy(\"rolePolicy\", {\n role: role.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${bucket.arn}\",\n \"${bucket.arn}/*\"\n ]\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\")\nfoo_delivery_channel = aws.cfg.DeliveryChannel(\"fooDeliveryChannel\", s3_bucket_name=bucket.bucket)\nfoo_recorder_status = aws.cfg.RecorderStatus(\"fooRecorderStatus\", is_enabled=True,\nopts=pulumi.ResourceOptions(depends_on=[foo_delivery_channel]))\nrole = aws.iam.Role(\"role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"config.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\nrole_policy_attachment = aws.iam.RolePolicyAttachment(\"rolePolicyAttachment\",\n role=role.name,\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSConfigRole\")\nfoo_recorder = aws.cfg.Recorder(\"fooRecorder\", role_arn=role.arn)\nrole_policy = aws.iam.RolePolicy(\"rolePolicy\",\n role=role.id,\n policy=pulumi.Output.all(bucket.arn, bucket.arn).apply(lambda bucketArn, bucketArn1: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": [\n \"s3:*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"{bucket_arn}\",\n \"{bucket_arn1}/*\"\n ]\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var fooDeliveryChannel = new Aws.Cfg.DeliveryChannel(\"fooDeliveryChannel\", new Aws.Cfg.DeliveryChannelArgs\n {\n S3BucketName = bucket.BucketName,\n });\n var fooRecorderStatus = new Aws.Cfg.RecorderStatus(\"fooRecorderStatus\", new Aws.Cfg.RecorderStatusArgs\n {\n IsEnabled = true,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n fooDeliveryChannel,\n },\n });\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"config.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var rolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"rolePolicyAttachment\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = role.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSConfigRole\",\n });\n var fooRecorder = new Aws.Cfg.Recorder(\"fooRecorder\", new Aws.Cfg.RecorderArgs\n {\n RoleArn = role.Arn,\n });\n var rolePolicy = new Aws.Iam.RolePolicy(\"rolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = role.Id,\n Policy = Output.Tuple(bucket.Arn, bucket.Arn).Apply(values =>\n {\n var bucketArn = values.Item1;\n var bucketArn1 = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": [\n \"\"s3:*\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"{bucketArn}\"\",\n \"\"{bucketArn1}/*\"\"\n ]\n }}\n ]\n}}\n\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooDeliveryChannel, err := cfg.NewDeliveryChannel(ctx, \"fooDeliveryChannel\", &cfg.DeliveryChannelArgs{\n\t\t\tS3BucketName: bucket.Bucket,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorderStatus(ctx, \"fooRecorderStatus\", &cfg.RecorderStatusArgs{\n\t\t\tIsEnabled: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfooDeliveryChannel,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"config.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"rolePolicyAttachment\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: role.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSConfigRole\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRecorder(ctx, \"fooRecorder\", &cfg.RecorderArgs{\n\t\t\tRoleArn: role.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"rolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: role.ID(),\n\t\t\tPolicy: pulumi.All(bucket.Arn, bucket.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tbucketArn := _args[0].(string)\n\t\t\t\tbucketArn1 := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:*\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"\", bucketArn, \"\\\",\\n\", \" \\\"\", bucketArn1, \"/*\\\"\\n\", \" ]\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConfiguration Recorder Status can be imported using the name of the Configuration Recorder, e.g.\n\n```sh\n $ pulumi import aws:cfg/recorderStatus:RecorderStatus foo example\n```\n\n ", + "properties": { + "isEnabled": { + "type": "boolean", + "description": "Whether the configuration recorder should be enabled or disabled.\n" + }, + "name": { + "type": "string", + "description": "The name of the recorder\n" + } + }, + "required": [ + "isEnabled", + "name" + ], + "inputProperties": { + "isEnabled": { + "type": "boolean", + "description": "Whether the configuration recorder should be enabled or disabled.\n" + }, + "name": { + "type": "string", + "description": "The name of the recorder\n" + } + }, + "requiredInputs": [ + "isEnabled" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RecorderStatus resources.\n", + "properties": { + "isEnabled": { + "type": "boolean", + "description": "Whether the configuration recorder should be enabled or disabled.\n" + }, + "name": { + "type": "string", + "description": "The name of the recorder\n" + } + }, + "type": "object" + } + }, + "aws:cfg/remediationConfiguration:RemediationConfiguration": { + "description": "Provides an AWS Config Remediation Configuration.\n\n> **Note:** Config Remediation Configuration requires an existing Config Rule to be present.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nAWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst thisRule = new aws.cfg.Rule(\"thisRule\", {source: {\n owner: \"AWS\",\n sourceIdentifier: \"S3_BUCKET_VERSIONING_ENABLED\",\n}});\nconst thisRemediationConfiguration = new aws.cfg.RemediationConfiguration(\"thisRemediationConfiguration\", {\n configRuleName: thisRule.name,\n resourceType: \"AWS::S3::Bucket\",\n targetType: \"SSM_DOCUMENT\",\n targetId: \"AWS-EnableS3BucketEncryption\",\n targetVersion: \"1\",\n parameters: [\n {\n name: \"AutomationAssumeRole\",\n staticValue: \"arn:aws:iam::875924563244:role/security_config\",\n },\n {\n name: \"BucketName\",\n resourceValue: \"RESOURCE_ID\",\n },\n {\n name: \"SSEAlgorithm\",\n staticValue: \"AES256\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nthis_rule = aws.cfg.Rule(\"thisRule\", source=aws.cfg.RuleSourceArgs(\n owner=\"AWS\",\n source_identifier=\"S3_BUCKET_VERSIONING_ENABLED\",\n))\nthis_remediation_configuration = aws.cfg.RemediationConfiguration(\"thisRemediationConfiguration\",\n config_rule_name=this_rule.name,\n resource_type=\"AWS::S3::Bucket\",\n target_type=\"SSM_DOCUMENT\",\n target_id=\"AWS-EnableS3BucketEncryption\",\n target_version=\"1\",\n parameters=[\n aws.cfg.RemediationConfigurationParameterArgs(\n name=\"AutomationAssumeRole\",\n static_value=\"arn:aws:iam::875924563244:role/security_config\",\n ),\n aws.cfg.RemediationConfigurationParameterArgs(\n name=\"BucketName\",\n resource_value=\"RESOURCE_ID\",\n ),\n aws.cfg.RemediationConfigurationParameterArgs(\n name=\"SSEAlgorithm\",\n static_value=\"AES256\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var thisRule = new Aws.Cfg.Rule(\"thisRule\", new Aws.Cfg.RuleArgs\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"AWS\",\n SourceIdentifier = \"S3_BUCKET_VERSIONING_ENABLED\",\n },\n });\n var thisRemediationConfiguration = new Aws.Cfg.RemediationConfiguration(\"thisRemediationConfiguration\", new Aws.Cfg.RemediationConfigurationArgs\n {\n ConfigRuleName = thisRule.Name,\n ResourceType = \"AWS::S3::Bucket\",\n TargetType = \"SSM_DOCUMENT\",\n TargetId = \"AWS-EnableS3BucketEncryption\",\n TargetVersion = \"1\",\n Parameters = \n {\n new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs\n {\n Name = \"AutomationAssumeRole\",\n StaticValue = \"arn:aws:iam::875924563244:role/security_config\",\n },\n new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs\n {\n Name = \"BucketName\",\n ResourceValue = \"RESOURCE_ID\",\n },\n new Aws.Cfg.Inputs.RemediationConfigurationParameterArgs\n {\n Name = \"SSEAlgorithm\",\n StaticValue = \"AES256\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tthisRule, err := cfg.NewRule(ctx, \"thisRule\", &cfg.RuleArgs{\n\t\t\tSource: &cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\tSourceIdentifier: pulumi.String(\"S3_BUCKET_VERSIONING_ENABLED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRemediationConfiguration(ctx, \"thisRemediationConfiguration\", &cfg.RemediationConfigurationArgs{\n\t\t\tConfigRuleName: thisRule.Name,\n\t\t\tResourceType: pulumi.String(\"AWS::S3::Bucket\"),\n\t\t\tTargetType: pulumi.String(\"SSM_DOCUMENT\"),\n\t\t\tTargetId: pulumi.String(\"AWS-EnableS3BucketEncryption\"),\n\t\t\tTargetVersion: pulumi.String(\"1\"),\n\t\t\tParameters: cfg.RemediationConfigurationParameterArray{\n\t\t\t\t&cfg.RemediationConfigurationParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"AutomationAssumeRole\"),\n\t\t\t\t\tStaticValue: pulumi.String(\"arn:aws:iam::875924563244:role/security_config\"),\n\t\t\t\t},\n\t\t\t\t&cfg.RemediationConfigurationParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"BucketName\"),\n\t\t\t\t\tResourceValue: pulumi.String(\"RESOURCE_ID\"),\n\t\t\t\t},\n\t\t\t\t&cfg.RemediationConfigurationParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"SSEAlgorithm\"),\n\t\t\t\t\tStaticValue: pulumi.String(\"AES256\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRemediation Configurations can be imported using the name config_rule_name, e.g.\n\n```sh\n $ pulumi import aws:cfg/remediationConfiguration:RemediationConfiguration this example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Config Remediation Configuration.\n" + }, + "configRuleName": { + "type": "string", + "description": "The name of the AWS Config rule\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cfg/RemediationConfigurationParameter:RemediationConfigurationParameter" + }, + "description": "Can be specified multiple times for each\nparameter. Each parameter block supports fields documented below.\n" + }, + "resourceType": { + "type": "string", + "description": "The type of a resource\n" + }, + "targetId": { + "type": "string", + "description": "Target ID is the name of the public document\n" + }, + "targetType": { + "type": "string", + "description": "The type of the target. Target executes remediation. For example, SSM document\n" + }, + "targetVersion": { + "type": "string", + "description": "Version of the target. For example, version of the SSM document\n" + } + }, + "required": [ + "arn", + "configRuleName", + "targetId", + "targetType" + ], + "inputProperties": { + "configRuleName": { + "type": "string", + "description": "The name of the AWS Config rule\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cfg/RemediationConfigurationParameter:RemediationConfigurationParameter" + }, + "description": "Can be specified multiple times for each\nparameter. Each parameter block supports fields documented below.\n" + }, + "resourceType": { + "type": "string", + "description": "The type of a resource\n" + }, + "targetId": { + "type": "string", + "description": "Target ID is the name of the public document\n" + }, + "targetType": { + "type": "string", + "description": "The type of the target. Target executes remediation. For example, SSM document\n" + }, + "targetVersion": { + "type": "string", + "description": "Version of the target. For example, version of the SSM document\n" + } + }, + "requiredInputs": [ + "configRuleName", + "targetId", + "targetType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RemediationConfiguration resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Config Remediation Configuration.\n" + }, + "configRuleName": { + "type": "string", + "description": "The name of the AWS Config rule\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cfg/RemediationConfigurationParameter:RemediationConfigurationParameter" + }, + "description": "Can be specified multiple times for each\nparameter. Each parameter block supports fields documented below.\n" + }, + "resourceType": { + "type": "string", + "description": "The type of a resource\n" + }, + "targetId": { + "type": "string", + "description": "Target ID is the name of the public document\n" + }, + "targetType": { + "type": "string", + "description": "The type of the target. Target executes remediation. For example, SSM document\n" + }, + "targetVersion": { + "type": "string", + "description": "Version of the target. For example, version of the SSM document\n" + } + }, + "type": "object" + } + }, + "aws:cfg/rule:Rule": { + "description": "Provides an AWS Config Rule.\n\n> **Note:** Config Rule requires an existing `Configuration Recorder` to be present. Use of `depends_on` is recommended (as shown below) to avoid race conditions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### AWS Managed Rules\n\nAWS managed rules can be used by setting the source owner to `AWS` and the source identifier to the name of the managed rule. More information about AWS managed rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"config.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst foo = new aws.cfg.Recorder(\"foo\", {roleArn: role.arn});\nconst rule = new aws.cfg.Rule(\"rule\", {source: {\n owner: \"AWS\",\n sourceIdentifier: \"S3_BUCKET_VERSIONING_ENABLED\",\n}}, {\n dependsOn: [foo],\n});\nconst rolePolicy = new aws.iam.RolePolicy(\"rolePolicy\", {\n role: role.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n \t{\n \t\t\"Action\": \"config:Put*\",\n \t\t\"Effect\": \"Allow\",\n \t\t\"Resource\": \"*\"\n\n \t}\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrole = aws.iam.Role(\"role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"config.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\nfoo = aws.cfg.Recorder(\"foo\", role_arn=role.arn)\nrule = aws.cfg.Rule(\"rule\", source=aws.cfg.RuleSourceArgs(\n owner=\"AWS\",\n source_identifier=\"S3_BUCKET_VERSIONING_ENABLED\",\n),\nopts=pulumi.ResourceOptions(depends_on=[foo]))\nrole_policy = aws.iam.RolePolicy(\"rolePolicy\",\n role=role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n \t{\n \t\t\"Action\": \"config:Put*\",\n \t\t\"Effect\": \"Allow\",\n \t\t\"Resource\": \"*\"\n\n \t}\n ]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"config.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var foo = new Aws.Cfg.Recorder(\"foo\", new Aws.Cfg.RecorderArgs\n {\n RoleArn = role.Arn,\n });\n var rule = new Aws.Cfg.Rule(\"rule\", new Aws.Cfg.RuleArgs\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"AWS\",\n SourceIdentifier = \"S3_BUCKET_VERSIONING_ENABLED\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n foo,\n },\n });\n var rolePolicy = new Aws.Iam.RolePolicy(\"rolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = role.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n \t{\n \t\t\"\"Action\"\": \"\"config:Put*\"\",\n \t\t\"\"Effect\"\": \"\"Allow\"\",\n \t\t\"\"Resource\"\": \"\"*\"\"\n\n \t}\n ]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"config.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := cfg.NewRecorder(ctx, \"foo\", &cfg.RecorderArgs{\n\t\t\tRoleArn: role.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRule(ctx, \"rule\", &cfg.RuleArgs{\n\t\t\tSource: &cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\tSourceIdentifier: pulumi.String(\"S3_BUCKET_VERSIONING_ENABLED\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfoo,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"rolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: role.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" \t{\\n\", \" \t\t\\\"Action\\\": \\\"config:Put*\\\",\\n\", \" \t\t\\\"Effect\\\": \\\"Allow\\\",\\n\", \" \t\t\\\"Resource\\\": \\\"*\\\"\\n\", \"\\n\", \" \t}\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Custom Rules\n\nCustom rules can be used by setting the source owner to `CUSTOM_LAMBDA` and the source identifier to the Amazon Resource Name (ARN) of the Lambda Function. The AWS Config service must have permissions to invoke the Lambda Function, e.g. via the `aws.lambda.Permission` resource. More information about custom rules can be found in the [AWS Config Developer Guide](https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRecorder = new aws.cfg.Recorder(\"exampleRecorder\", {});\n// ... other configuration ...\nconst exampleFunction = new aws.lambda.Function(\"exampleFunction\", {});\n// ... other configuration ...\nconst examplePermission = new aws.lambda.Permission(\"examplePermission\", {\n action: \"lambda:InvokeFunction\",\n \"function\": exampleFunction.arn,\n principal: \"config.amazonaws.com\",\n});\n// ... other configuration ...\nconst exampleRule = new aws.cfg.Rule(\"exampleRule\", {source: {\n owner: \"CUSTOM_LAMBDA\",\n sourceIdentifier: exampleFunction.arn,\n}}, {\n dependsOn: [\n exampleRecorder,\n examplePermission,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_recorder = aws.cfg.Recorder(\"exampleRecorder\")\n# ... other configuration ...\nexample_function = aws.lambda_.Function(\"exampleFunction\")\n# ... other configuration ...\nexample_permission = aws.lambda_.Permission(\"examplePermission\",\n action=\"lambda:InvokeFunction\",\n function=example_function.arn,\n principal=\"config.amazonaws.com\")\n# ... other configuration ...\nexample_rule = aws.cfg.Rule(\"exampleRule\", source=aws.cfg.RuleSourceArgs(\n owner=\"CUSTOM_LAMBDA\",\n source_identifier=example_function.arn,\n),\nopts=pulumi.ResourceOptions(depends_on=[\n example_recorder,\n example_permission,\n ]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRecorder = new Aws.Cfg.Recorder(\"exampleRecorder\", new Aws.Cfg.RecorderArgs\n {\n });\n // ... other configuration ...\n var exampleFunction = new Aws.Lambda.Function(\"exampleFunction\", new Aws.Lambda.FunctionArgs\n {\n });\n // ... other configuration ...\n var examplePermission = new Aws.Lambda.Permission(\"examplePermission\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = exampleFunction.Arn,\n Principal = \"config.amazonaws.com\",\n });\n // ... other configuration ...\n var exampleRule = new Aws.Cfg.Rule(\"exampleRule\", new Aws.Cfg.RuleArgs\n {\n Source = new Aws.Cfg.Inputs.RuleSourceArgs\n {\n Owner = \"CUSTOM_LAMBDA\",\n SourceIdentifier = exampleFunction.Arn,\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleRecorder,\n examplePermission,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cfg\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRecorder, err := cfg.NewRecorder(ctx, \"exampleRecorder\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleFunction, err := lambda.NewFunction(ctx, \"exampleFunction\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePermission, err := lambda.NewPermission(ctx, \"examplePermission\", &lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: exampleFunction.Arn,\n\t\t\tPrincipal: pulumi.String(\"config.amazonaws.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cfg.NewRule(ctx, \"exampleRule\", &cfg.RuleArgs{\n\t\t\tSource: &cfg.RuleSourceArgs{\n\t\t\t\tOwner: pulumi.String(\"CUSTOM_LAMBDA\"),\n\t\t\t\tSourceIdentifier: exampleFunction.Arn,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleRecorder,\n\t\t\texamplePermission,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConfig Rule can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:cfg/rule:Rule foo example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the config rule\n" + }, + "description": { + "type": "string", + "description": "Description of the rule\n" + }, + "inputParameters": { + "type": "string", + "description": "A string in JSON format that is passed to the AWS Config rule Lambda function.\n" + }, + "maximumExecutionFrequency": { + "type": "string", + "description": "The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires `message_type` to be `ScheduledNotification`.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "ruleId": { + "type": "string", + "description": "The ID of the config rule\n" + }, + "scope": { + "$ref": "#/types/aws:cfg/RuleScope:RuleScope", + "description": "Scope defines which resources can trigger an evaluation for the rule as documented below.\n" + }, + "source": { + "$ref": "#/types/aws:cfg/RuleSource:RuleSource", + "description": "Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "ruleId", + "source", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the rule\n" + }, + "inputParameters": { + "type": "string", + "description": "A string in JSON format that is passed to the AWS Config rule Lambda function.\n" + }, + "maximumExecutionFrequency": { + "type": "string", + "description": "The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires `message_type` to be `ScheduledNotification`.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "scope": { + "$ref": "#/types/aws:cfg/RuleScope:RuleScope", + "description": "Scope defines which resources can trigger an evaluation for the rule as documented below.\n" + }, + "source": { + "$ref": "#/types/aws:cfg/RuleSource:RuleSource", + "description": "Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "source" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Rule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the config rule\n" + }, + "description": { + "type": "string", + "description": "Description of the rule\n" + }, + "inputParameters": { + "type": "string", + "description": "A string in JSON format that is passed to the AWS Config rule Lambda function.\n" + }, + "maximumExecutionFrequency": { + "type": "string", + "description": "The frequency that you want AWS Config to run evaluations for a rule that is triggered periodically. If specified, requires `message_type` to be `ScheduledNotification`.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "ruleId": { + "type": "string", + "description": "The ID of the config rule\n" + }, + "scope": { + "$ref": "#/types/aws:cfg/RuleScope:RuleScope", + "description": "Scope defines which resources can trigger an evaluation for the rule as documented below.\n" + }, + "source": { + "$ref": "#/types/aws:cfg/RuleSource:RuleSource", + "description": "Source specifies the rule owner, the rule identifier, and the notifications that cause the function to evaluate your AWS resources as documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:cloud9/environmentEC2:EnvironmentEC2": { + "description": "Provides a Cloud9 EC2 Development Environment.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloud9.EnvironmentEC2(\"example\", {\n instanceType: \"t2.micro\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloud9.EnvironmentEC2(\"example\", instance_type=\"t2.micro\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Cloud9.EnvironmentEC2(\"example\", new Aws.Cloud9.EnvironmentEC2Args\n {\n InstanceType = \"t2.micro\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloud9\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloud9.NewEnvironmentEC2(ctx, \"example\", &cloud9.EnvironmentEC2Args{\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nGet the URL of the Cloud9 environment after creation:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloud9.EnvironmentEC2(\"example\", {instanceType: \"t2.micro\"});\nconst cloud9Instance = example.id.apply(id => aws.ec2.getInstance({\n filters: [{\n name: \"tag:aws:cloud9:environment\",\n values: [id],\n }],\n}));\nexport const cloud9Url = pulumi.interpolate`https://${_var.region}.console.aws.amazon.com/cloud9/ide/${example.id}`;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloud9.EnvironmentEC2(\"example\", instance_type=\"t2.micro\")\ncloud9_instance = example.id.apply(lambda id: aws.ec2.get_instance(filters=[aws.ec2.GetInstanceFilterArgs(\n name=\"tag:aws:cloud9:environment\",\n values=[id],\n)]))\npulumi.export(\"cloud9Url\", example.id.apply(lambda id: f\"https://{var['region']}.console.aws.amazon.com/cloud9/ide/{id}\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Cloud9.EnvironmentEC2(\"example\", new Aws.Cloud9.EnvironmentEC2Args\n {\n InstanceType = \"t2.micro\",\n });\n var cloud9Instance = example.Id.Apply(id => Aws.Ec2.GetInstance.InvokeAsync(new Aws.Ec2.GetInstanceArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetInstanceFilterArgs\n {\n Name = \"tag:aws:cloud9:environment\",\n Values = \n {\n id,\n },\n },\n },\n }));\n this.Cloud9Url = example.Id.Apply(id => $\"https://{@var.Region}.console.aws.amazon.com/cloud9/ide/{id}\");\n }\n\n [Output(\"cloud9Url\")]\n public Output Cloud9Url { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloud9\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloud9.NewEnvironmentEC2(ctx, \"example\", &cloud9.EnvironmentEC2Args{\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"cloud9Url\", example.ID().ApplyT(func(id string) (string, error) {\n\t\t\treturn fmt.Sprintf(\"%v%v%v%v\", \"https://\", _var.Region, \".console.aws.amazon.com/cloud9/ide/\", id), nil\n\t\t}).(pulumi.StringOutput))\n\t\treturn nil\n\t})\n}\n```\n\nAllocate a static IP to the Cloud9 environment:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloud9.EnvironmentEC2(\"example\", {instanceType: \"t2.micro\"});\nconst cloud9Instance = example.id.apply(id => aws.ec2.getInstance({\n filters: [{\n name: \"tag:aws:cloud9:environment\",\n values: [id],\n }],\n}));\nconst cloud9Eip = new aws.ec2.Eip(\"cloud9Eip\", {\n instance: cloud9Instance.apply(cloud9Instance => cloud9Instance.id),\n vpc: true,\n});\nexport const cloud9PublicIp = cloud9Eip.publicIp;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloud9.EnvironmentEC2(\"example\", instance_type=\"t2.micro\")\ncloud9_instance = example.id.apply(lambda id: aws.ec2.get_instance(filters=[aws.ec2.GetInstanceFilterArgs(\n name=\"tag:aws:cloud9:environment\",\n values=[id],\n)]))\ncloud9_eip = aws.ec2.Eip(\"cloud9Eip\",\n instance=cloud9_instance.id,\n vpc=True)\npulumi.export(\"cloud9PublicIp\", cloud9_eip.public_ip)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Cloud9.EnvironmentEC2(\"example\", new Aws.Cloud9.EnvironmentEC2Args\n {\n InstanceType = \"t2.micro\",\n });\n var cloud9Instance = example.Id.Apply(id => Aws.Ec2.GetInstance.InvokeAsync(new Aws.Ec2.GetInstanceArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetInstanceFilterArgs\n {\n Name = \"tag:aws:cloud9:environment\",\n Values = \n {\n id,\n },\n },\n },\n }));\n var cloud9Eip = new Aws.Ec2.Eip(\"cloud9Eip\", new Aws.Ec2.EipArgs\n {\n Instance = cloud9Instance.Apply(cloud9Instance => cloud9Instance.Id),\n Vpc = true,\n });\n this.Cloud9PublicIp = cloud9Eip.PublicIp;\n }\n\n [Output(\"cloud9PublicIp\")]\n public Output Cloud9PublicIp { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloud9\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cloud9.NewEnvironmentEC2(ctx, \"example\", &cloud9.EnvironmentEC2Args{\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcloud9Eip, err := ec2.NewEip(ctx, \"cloud9Eip\", &ec2.EipArgs{\n\t\t\tInstance: cloud9Instance.ApplyT(func(cloud9Instance ec2.GetInstanceResult) (string, error) {\n\t\t\t\treturn cloud9Instance.Id, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tVpc: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"cloud9PublicIp\", cloud9Eip.PublicIp)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the environment.\n" + }, + "automaticStopTimeMinutes": { + "type": "integer", + "description": "The number of minutes until the running instance is shut down after the environment has last been used.\n" + }, + "description": { + "type": "string", + "description": "The description of the environment.\n" + }, + "instanceType": { + "type": "string", + "description": "The type of instance to connect to the environment, e.g. `t2.micro`.\n" + }, + "name": { + "type": "string", + "description": "The name of the environment.\n" + }, + "ownerArn": { + "type": "string", + "description": "The ARN of the environment owner. This can be ARN of any AWS IAM principal. Defaults to the environment's creator.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet in Amazon VPC that AWS Cloud9 will use to communicate with the Amazon EC2 instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of the environment (e.g. `ssh` or `ec2`)\n" + } + }, + "required": [ + "arn", + "instanceType", + "name", + "ownerArn", + "tagsAll", + "type" + ], + "inputProperties": { + "automaticStopTimeMinutes": { + "type": "integer", + "description": "The number of minutes until the running instance is shut down after the environment has last been used.\n" + }, + "description": { + "type": "string", + "description": "The description of the environment.\n" + }, + "instanceType": { + "type": "string", + "description": "The type of instance to connect to the environment, e.g. `t2.micro`.\n" + }, + "name": { + "type": "string", + "description": "The name of the environment.\n" + }, + "ownerArn": { + "type": "string", + "description": "The ARN of the environment owner. This can be ARN of any AWS IAM principal. Defaults to the environment's creator.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet in Amazon VPC that AWS Cloud9 will use to communicate with the Amazon EC2 instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "instanceType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EnvironmentEC2 resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the environment.\n" + }, + "automaticStopTimeMinutes": { + "type": "integer", + "description": "The number of minutes until the running instance is shut down after the environment has last been used.\n" + }, + "description": { + "type": "string", + "description": "The description of the environment.\n" + }, + "instanceType": { + "type": "string", + "description": "The type of instance to connect to the environment, e.g. `t2.micro`.\n" + }, + "name": { + "type": "string", + "description": "The name of the environment.\n" + }, + "ownerArn": { + "type": "string", + "description": "The ARN of the environment owner. This can be ARN of any AWS IAM principal. Defaults to the environment's creator.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet in Amazon VPC that AWS Cloud9 will use to communicate with the Amazon EC2 instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of the environment (e.g. `ssh` or `ec2`)\n" + } + }, + "type": "object" + } + }, + "aws:cloudformation/cloudFormationType:CloudFormationType": { + "description": "\n\n\n## Import\n\n`aws_cloudformation_type` can be imported with their type version Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:cloudformation/cloudFormationType:CloudFormationType example arn:aws:cloudformation:us-east-1:123456789012:type/resource/ExampleCompany-ExampleService-ExampleType/1\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "(Optional) Amazon Resource Name (ARN) of the CloudFormation Type version. See also `type_arn`.\n" + }, + "defaultVersionId": { + "type": "string", + "description": "Identifier of the CloudFormation Type default version.\n" + }, + "deprecatedStatus": { + "type": "string", + "description": "Deprecation status of the version.\n" + }, + "description": { + "type": "string", + "description": "Description of the version.\n" + }, + "documentationUrl": { + "type": "string", + "description": "URL of the documentation for the CloudFormation Type.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role for CloudFormation to assume when invoking the extension. If your extension calls AWS APIs in any of its handlers, you must create an IAM execution role that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. When CloudFormation needs to invoke the extension handler, CloudFormation assumes this execution role to create a temporary session token, which it then passes to the extension handler, thereby supplying your extension with the appropriate credentials.\n" + }, + "isDefaultVersion": { + "type": "boolean", + "description": "Whether the CloudFormation Type version is the default version.\n" + }, + "loggingConfig": { + "$ref": "#/types/aws:cloudformation/CloudFormationTypeLoggingConfig:CloudFormationTypeLoggingConfig", + "description": "Configuration block containing logging configuration.\n" + }, + "provisioningType": { + "type": "string", + "description": "Provisioning behavior of the CloudFormation Type.\n" + }, + "schema": { + "type": "string", + "description": "JSON document of the CloudFormation Type schema.\n" + }, + "schemaHandlerPackage": { + "type": "string", + "description": "URL to the S3 bucket containing the extension project package that contains the necessary files for the extension you want to register. Must begin with `s3://` or `https://`. For example, `s3://example-bucket/example-object`.\n" + }, + "sourceUrl": { + "type": "string", + "description": "URL of the source code for the CloudFormation Type.\n" + }, + "type": { + "type": "string", + "description": "CloudFormation Registry Type. For example, `RESOURCE` or `MODULE`.\n" + }, + "typeArn": { + "type": "string", + "description": "(Optional) Amazon Resource Name (ARN) of the CloudFormation Type. See also `arn`.\n" + }, + "typeName": { + "type": "string", + "description": "CloudFormation Type name. For example, `ExampleCompany::ExampleService::ExampleResource`.\n" + }, + "versionId": { + "type": "string", + "description": "(Optional) Identifier of the CloudFormation Type version.\n" + }, + "visibility": { + "type": "string", + "description": "Scope of the CloudFormation Type.\n" + } + }, + "required": [ + "arn", + "defaultVersionId", + "deprecatedStatus", + "description", + "documentationUrl", + "isDefaultVersion", + "provisioningType", + "schema", + "schemaHandlerPackage", + "sourceUrl", + "type", + "typeArn", + "typeName", + "versionId", + "visibility" + ], + "inputProperties": { + "executionRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role for CloudFormation to assume when invoking the extension. If your extension calls AWS APIs in any of its handlers, you must create an IAM execution role that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. When CloudFormation needs to invoke the extension handler, CloudFormation assumes this execution role to create a temporary session token, which it then passes to the extension handler, thereby supplying your extension with the appropriate credentials.\n" + }, + "loggingConfig": { + "$ref": "#/types/aws:cloudformation/CloudFormationTypeLoggingConfig:CloudFormationTypeLoggingConfig", + "description": "Configuration block containing logging configuration.\n" + }, + "schemaHandlerPackage": { + "type": "string", + "description": "URL to the S3 bucket containing the extension project package that contains the necessary files for the extension you want to register. Must begin with `s3://` or `https://`. For example, `s3://example-bucket/example-object`.\n" + }, + "type": { + "type": "string", + "description": "CloudFormation Registry Type. For example, `RESOURCE` or `MODULE`.\n" + }, + "typeName": { + "type": "string", + "description": "CloudFormation Type name. For example, `ExampleCompany::ExampleService::ExampleResource`.\n" + } + }, + "requiredInputs": [ + "schemaHandlerPackage", + "typeName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CloudFormationType resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "(Optional) Amazon Resource Name (ARN) of the CloudFormation Type version. See also `type_arn`.\n" + }, + "defaultVersionId": { + "type": "string", + "description": "Identifier of the CloudFormation Type default version.\n" + }, + "deprecatedStatus": { + "type": "string", + "description": "Deprecation status of the version.\n" + }, + "description": { + "type": "string", + "description": "Description of the version.\n" + }, + "documentationUrl": { + "type": "string", + "description": "URL of the documentation for the CloudFormation Type.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role for CloudFormation to assume when invoking the extension. If your extension calls AWS APIs in any of its handlers, you must create an IAM execution role that includes the necessary permissions to call those AWS APIs, and provision that execution role in your account. When CloudFormation needs to invoke the extension handler, CloudFormation assumes this execution role to create a temporary session token, which it then passes to the extension handler, thereby supplying your extension with the appropriate credentials.\n" + }, + "isDefaultVersion": { + "type": "boolean", + "description": "Whether the CloudFormation Type version is the default version.\n" + }, + "loggingConfig": { + "$ref": "#/types/aws:cloudformation/CloudFormationTypeLoggingConfig:CloudFormationTypeLoggingConfig", + "description": "Configuration block containing logging configuration.\n" + }, + "provisioningType": { + "type": "string", + "description": "Provisioning behavior of the CloudFormation Type.\n" + }, + "schema": { + "type": "string", + "description": "JSON document of the CloudFormation Type schema.\n" + }, + "schemaHandlerPackage": { + "type": "string", + "description": "URL to the S3 bucket containing the extension project package that contains the necessary files for the extension you want to register. Must begin with `s3://` or `https://`. For example, `s3://example-bucket/example-object`.\n" + }, + "sourceUrl": { + "type": "string", + "description": "URL of the source code for the CloudFormation Type.\n" + }, + "type": { + "type": "string", + "description": "CloudFormation Registry Type. For example, `RESOURCE` or `MODULE`.\n" + }, + "typeArn": { + "type": "string", + "description": "(Optional) Amazon Resource Name (ARN) of the CloudFormation Type. See also `arn`.\n" + }, + "typeName": { + "type": "string", + "description": "CloudFormation Type name. For example, `ExampleCompany::ExampleService::ExampleResource`.\n" + }, + "versionId": { + "type": "string", + "description": "(Optional) Identifier of the CloudFormation Type version.\n" + }, + "visibility": { + "type": "string", + "description": "Scope of the CloudFormation Type.\n" + } + }, + "type": "object" + } + }, + "aws:cloudformation/stack:Stack": { + "description": "Provides a CloudFormation Stack resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst network = new aws.cloudformation.Stack(\"network\", {\n parameters: {\n VPCCidr: \"10.0.0.0/16\",\n },\n templateBody: `{\n \"Parameters\" : {\n \"VPCCidr\" : {\n \"Type\" : \"String\",\n \"Default\" : \"10.0.0.0/16\",\n \"Description\" : \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\"\n }\n },\n \"Resources\" : {\n \"myVpc\": {\n \"Type\" : \"AWS::EC2::VPC\",\n \"Properties\" : {\n \"CidrBlock\" : { \"Ref\" : \"VPCCidr\" },\n \"Tags\" : [\n {\"Key\": \"Name\", \"Value\": \"Primary_CF_VPC\"}\n ]\n }\n }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nnetwork = aws.cloudformation.Stack(\"network\",\n parameters={\n \"VPCCidr\": \"10.0.0.0/16\",\n },\n template_body=\"\"\"{\n \"Parameters\" : {\n \"VPCCidr\" : {\n \"Type\" : \"String\",\n \"Default\" : \"10.0.0.0/16\",\n \"Description\" : \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\"\n }\n },\n \"Resources\" : {\n \"myVpc\": {\n \"Type\" : \"AWS::EC2::VPC\",\n \"Properties\" : {\n \"CidrBlock\" : { \"Ref\" : \"VPCCidr\" },\n \"Tags\" : [\n {\"Key\": \"Name\", \"Value\": \"Primary_CF_VPC\"}\n ]\n }\n }\n }\n}\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var network = new Aws.CloudFormation.Stack(\"network\", new Aws.CloudFormation.StackArgs\n {\n Parameters = \n {\n { \"VPCCidr\", \"10.0.0.0/16\" },\n },\n TemplateBody = @\"{\n \"\"Parameters\"\" : {\n \"\"VPCCidr\"\" : {\n \"\"Type\"\" : \"\"String\"\",\n \"\"Default\"\" : \"\"10.0.0.0/16\"\",\n \"\"Description\"\" : \"\"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\"\"\n }\n },\n \"\"Resources\"\" : {\n \"\"myVpc\"\": {\n \"\"Type\"\" : \"\"AWS::EC2::VPC\"\",\n \"\"Properties\"\" : {\n \"\"CidrBlock\"\" : { \"\"Ref\"\" : \"\"VPCCidr\"\" },\n \"\"Tags\"\" : [\n {\"\"Key\"\": \"\"Name\"\", \"\"Value\"\": \"\"Primary_CF_VPC\"\"}\n ]\n }\n }\n }\n}\n\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudformation.NewStack(ctx, \"network\", &cloudformation.StackArgs{\n\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\"VPCCidr\": pulumi.String(\"10.0.0.0/16\"),\n\t\t\t},\n\t\t\tTemplateBody: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Parameters\\\" : {\\n\", \" \\\"VPCCidr\\\" : {\\n\", \" \\\"Type\\\" : \\\"String\\\",\\n\", \" \\\"Default\\\" : \\\"10.0.0.0/16\\\",\\n\", \" \\\"Description\\\" : \\\"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\\\"\\n\", \" }\\n\", \" },\\n\", \" \\\"Resources\\\" : {\\n\", \" \\\"myVpc\\\": {\\n\", \" \\\"Type\\\" : \\\"AWS::EC2::VPC\\\",\\n\", \" \\\"Properties\\\" : {\\n\", \" \\\"CidrBlock\\\" : { \\\"Ref\\\" : \\\"VPCCidr\\\" },\\n\", \" \\\"Tags\\\" : [\\n\", \" {\\\"Key\\\": \\\"Name\\\", \\\"Value\\\": \\\"Primary_CF_VPC\\\"}\\n\", \" ]\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \"}\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudformation Stacks can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:cloudformation/stack:Stack stack networking-stack\n```\n\n ", + "properties": { + "capabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities.\nValid values: `CAPABILITY_IAM`, `CAPABILITY_NAMED_IAM`, or `CAPABILITY_AUTO_EXPAND`\n" + }, + "disableRollback": { + "type": "boolean", + "description": "Set to true to disable rollback of the stack if stack creation failed.\nConflicts with `on_failure`.\n" + }, + "iamRoleArn": { + "type": "string", + "description": "The ARN of an IAM role that AWS CloudFormation assumes to create the stack. If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.\n" + }, + "name": { + "type": "string", + "description": "Stack name.\n" + }, + "notificationArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of SNS topic ARNs to publish stack related events.\n" + }, + "onFailure": { + "type": "string", + "description": "Action to be taken if stack creation fails. This must be\none of: `DO_NOTHING`, `ROLLBACK`, or `DELETE`. Conflicts with `disable_rollback`.\n" + }, + "outputs": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of outputs from the stack.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of Parameter structures that specify input parameters for the stack.\n" + }, + "policyBody": { + "type": "string", + "description": "Structure containing the stack policy body.\nConflicts w/ `policy_url`.\n" + }, + "policyUrl": { + "type": "string", + "description": "Location of a file containing the stack policy.\nConflicts w/ `policy_body`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to associate with this stack. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "templateBody": { + "type": "string", + "description": "Structure containing the template body (max size: 51,200 bytes).\n" + }, + "templateUrl": { + "type": "string", + "description": "Location of a file containing the template body (max size: 460,800 bytes).\n" + }, + "timeoutInMinutes": { + "type": "integer", + "description": "The amount of time that can pass before the stack status becomes `CREATE_FAILED`.\n" + } + }, + "required": [ + "name", + "outputs", + "parameters", + "policyBody", + "tagsAll", + "templateBody" + ], + "inputProperties": { + "capabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities.\nValid values: `CAPABILITY_IAM`, `CAPABILITY_NAMED_IAM`, or `CAPABILITY_AUTO_EXPAND`\n" + }, + "disableRollback": { + "type": "boolean", + "description": "Set to true to disable rollback of the stack if stack creation failed.\nConflicts with `on_failure`.\n" + }, + "iamRoleArn": { + "type": "string", + "description": "The ARN of an IAM role that AWS CloudFormation assumes to create the stack. If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.\n" + }, + "name": { + "type": "string", + "description": "Stack name.\n" + }, + "notificationArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of SNS topic ARNs to publish stack related events.\n" + }, + "onFailure": { + "type": "string", + "description": "Action to be taken if stack creation fails. This must be\none of: `DO_NOTHING`, `ROLLBACK`, or `DELETE`. Conflicts with `disable_rollback`.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of Parameter structures that specify input parameters for the stack.\n" + }, + "policyBody": { + "type": "string", + "description": "Structure containing the stack policy body.\nConflicts w/ `policy_url`.\n" + }, + "policyUrl": { + "type": "string", + "description": "Location of a file containing the stack policy.\nConflicts w/ `policy_body`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to associate with this stack. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "templateBody": { + "type": "string", + "description": "Structure containing the template body (max size: 51,200 bytes).\n" + }, + "templateUrl": { + "type": "string", + "description": "Location of a file containing the template body (max size: 460,800 bytes).\n" + }, + "timeoutInMinutes": { + "type": "integer", + "description": "The amount of time that can pass before the stack status becomes `CREATE_FAILED`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Stack resources.\n", + "properties": { + "capabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities.\nValid values: `CAPABILITY_IAM`, `CAPABILITY_NAMED_IAM`, or `CAPABILITY_AUTO_EXPAND`\n" + }, + "disableRollback": { + "type": "boolean", + "description": "Set to true to disable rollback of the stack if stack creation failed.\nConflicts with `on_failure`.\n" + }, + "iamRoleArn": { + "type": "string", + "description": "The ARN of an IAM role that AWS CloudFormation assumes to create the stack. If you don't specify a value, AWS CloudFormation uses the role that was previously associated with the stack. If no role is available, AWS CloudFormation uses a temporary session that is generated from your user credentials.\n" + }, + "name": { + "type": "string", + "description": "Stack name.\n" + }, + "notificationArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of SNS topic ARNs to publish stack related events.\n" + }, + "onFailure": { + "type": "string", + "description": "Action to be taken if stack creation fails. This must be\none of: `DO_NOTHING`, `ROLLBACK`, or `DELETE`. Conflicts with `disable_rollback`.\n" + }, + "outputs": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of outputs from the stack.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of Parameter structures that specify input parameters for the stack.\n" + }, + "policyBody": { + "type": "string", + "description": "Structure containing the stack policy body.\nConflicts w/ `policy_url`.\n" + }, + "policyUrl": { + "type": "string", + "description": "Location of a file containing the stack policy.\nConflicts w/ `policy_body`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to associate with this stack. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "templateBody": { + "type": "string", + "description": "Structure containing the template body (max size: 51,200 bytes).\n" + }, + "templateUrl": { + "type": "string", + "description": "Location of a file containing the template body (max size: 460,800 bytes).\n" + }, + "timeoutInMinutes": { + "type": "integer", + "description": "The amount of time that can pass before the stack status becomes `CREATE_FAILED`.\n" + } + }, + "type": "object" + } + }, + "aws:cloudformation/stackSet:StackSet": { + "description": "Manages a CloudFormation StackSet. StackSets allow CloudFormation templates to be easily deployed across multiple accounts and regions via StackSet Instances (`aws.cloudformation.StackSetInstance` resource). Additional information about StackSets can be found in the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html).\n\n> **NOTE:** All template parameters, including those with a `Default`, must be configured or ignored with the `lifecycle` configuration block `ignore_changes` argument.\n\n> **NOTE:** All `NoEcho` template parameters must be ignored with the `lifecycle` configuration block `ignore_changes` argument.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n principals: [{\n identifiers: [\"cloudformation.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst aWSCloudFormationStackSetAdministrationRole = new aws.iam.Role(\"aWSCloudFormationStackSetAdministrationRole\", {assumeRolePolicy: aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.then(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy => aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.json)});\nconst example = new aws.cloudformation.StackSet(\"example\", {\n administrationRoleArn: aWSCloudFormationStackSetAdministrationRole.arn,\n parameters: {\n VPCCidr: \"10.0.0.0/16\",\n },\n templateBody: `{\n \"Parameters\" : {\n \"VPCCidr\" : {\n \"Type\" : \"String\",\n \"Default\" : \"10.0.0.0/16\",\n \"Description\" : \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\"\n }\n },\n \"Resources\" : {\n \"myVpc\": {\n \"Type\" : \"AWS::EC2::VPC\",\n \"Properties\" : {\n \"CidrBlock\" : { \"Ref\" : \"VPCCidr\" },\n \"Tags\" : [\n {\"Key\": \"Name\", \"Value\": \"Primary_CF_VPC\"}\n ]\n }\n }\n }\n}\n`,\n});\nconst aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument = example.executionRoleName.apply(executionRoleName => aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n effect: \"Allow\",\n resources: [`arn:aws:iam::*:role/${executionRoleName}`],\n }],\n}));\nconst aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new aws.iam.RolePolicy(\"aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy\", {\n policy: aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.apply(aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument => aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.json),\n role: aWSCloudFormationStackSetAdministrationRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\na_ws_cloud_formation_stack_set_administration_role_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"cloudformation.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\na_ws_cloud_formation_stack_set_administration_role = aws.iam.Role(\"aWSCloudFormationStackSetAdministrationRole\", assume_role_policy=a_ws_cloud_formation_stack_set_administration_role_assume_role_policy.json)\nexample = aws.cloudformation.StackSet(\"example\",\n administration_role_arn=a_ws_cloud_formation_stack_set_administration_role.arn,\n parameters={\n \"VPCCidr\": \"10.0.0.0/16\",\n },\n template_body=\"\"\"{\n \"Parameters\" : {\n \"VPCCidr\" : {\n \"Type\" : \"String\",\n \"Default\" : \"10.0.0.0/16\",\n \"Description\" : \"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\"\n }\n },\n \"Resources\" : {\n \"myVpc\": {\n \"Type\" : \"AWS::EC2::VPC\",\n \"Properties\" : {\n \"CidrBlock\" : { \"Ref\" : \"VPCCidr\" },\n \"Tags\" : [\n {\"Key\": \"Name\", \"Value\": \"Primary_CF_VPC\"}\n ]\n }\n }\n }\n}\n\"\"\")\na_ws_cloud_formation_stack_set_administration_role_execution_policy_policy_document = example.execution_role_name.apply(lambda execution_role_name: aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n effect=\"Allow\",\n resources=[f\"arn:aws:iam::*:role/{execution_role_name}\"],\n)]))\na_ws_cloud_formation_stack_set_administration_role_execution_policy_role_policy = aws.iam.RolePolicy(\"aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy\",\n policy=a_ws_cloud_formation_stack_set_administration_role_execution_policy_policy_document.json,\n role=a_ws_cloud_formation_stack_set_administration_role.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Identifiers = \n {\n \"cloudformation.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n }));\n var aWSCloudFormationStackSetAdministrationRole = new Aws.Iam.Role(\"aWSCloudFormationStackSetAdministrationRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Apply(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy => aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json),\n });\n var example = new Aws.CloudFormation.StackSet(\"example\", new Aws.CloudFormation.StackSetArgs\n {\n AdministrationRoleArn = aWSCloudFormationStackSetAdministrationRole.Arn,\n Parameters = \n {\n { \"VPCCidr\", \"10.0.0.0/16\" },\n },\n TemplateBody = @\"{\n \"\"Parameters\"\" : {\n \"\"VPCCidr\"\" : {\n \"\"Type\"\" : \"\"String\"\",\n \"\"Default\"\" : \"\"10.0.0.0/16\"\",\n \"\"Description\"\" : \"\"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\"\"\n }\n },\n \"\"Resources\"\" : {\n \"\"myVpc\"\": {\n \"\"Type\"\" : \"\"AWS::EC2::VPC\"\",\n \"\"Properties\"\" : {\n \"\"CidrBlock\"\" : { \"\"Ref\"\" : \"\"VPCCidr\"\" },\n \"\"Tags\"\" : [\n {\"\"Key\"\": \"\"Name\"\", \"\"Value\"\": \"\"Primary_CF_VPC\"\"}\n ]\n }\n }\n }\n}\n\",\n });\n var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument = example.ExecutionRoleName.Apply(executionRoleName => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sts:AssumeRole\",\n },\n Effect = \"Allow\",\n Resources = \n {\n $\"arn:aws:iam::*:role/{executionRoleName}\",\n },\n },\n },\n }));\n var aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy = new Aws.Iam.RolePolicy(\"aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Policy = aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.Apply(aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument => aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.Json),\n Role = aWSCloudFormationStackSetAdministrationRole.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\taWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tEffect: \"Allow\",\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"cloudformation.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taWSCloudFormationStackSetAdministrationRole, err := iam.NewRole(ctx, \"aWSCloudFormationStackSetAdministrationRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(aWSCloudFormationStackSetAdministrationRoleAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := cloudformation.NewStackSet(ctx, \"example\", &cloudformation.StackSetArgs{\n\t\t\tAdministrationRoleArn: aWSCloudFormationStackSetAdministrationRole.Arn,\n\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\"VPCCidr\": pulumi.String(\"10.0.0.0/16\"),\n\t\t\t},\n\t\t\tTemplateBody: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Parameters\\\" : {\\n\", \" \\\"VPCCidr\\\" : {\\n\", \" \\\"Type\\\" : \\\"String\\\",\\n\", \" \\\"Default\\\" : \\\"10.0.0.0/16\\\",\\n\", \" \\\"Description\\\" : \\\"Enter the CIDR block for the VPC. Default is 10.0.0.0/16.\\\"\\n\", \" }\\n\", \" },\\n\", \" \\\"Resources\\\" : {\\n\", \" \\\"myVpc\\\": {\\n\", \" \\\"Type\\\" : \\\"AWS::EC2::VPC\\\",\\n\", \" \\\"Properties\\\" : {\\n\", \" \\\"CidrBlock\\\" : { \\\"Ref\\\" : \\\"VPCCidr\\\" },\\n\", \" \\\"Tags\\\" : [\\n\", \" {\\\"Key\\\": \\\"Name\\\", \\\"Value\\\": \\\"Primary_CF_VPC\\\"}\\n\", \" ]\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"aWSCloudFormationStackSetAdministrationRoleExecutionPolicyRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tPolicy: aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.ApplyT(func(aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn aWSCloudFormationStackSetAdministrationRoleExecutionPolicyPolicyDocument.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tRole: aWSCloudFormationStackSetAdministrationRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudFormation StackSets can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:cloudformation/stackSet:StackSet example example\n```\n\n ", + "properties": { + "administrationRoleArn": { + "type": "string", + "description": "Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the `SELF_MANAGED` permission model.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the StackSet.\n" + }, + "autoDeployment": { + "$ref": "#/types/aws:cloudformation/StackSetAutoDeployment:StackSetAutoDeployment", + "description": "Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the `SERVICE_MANAGED` permission model.\n" + }, + "capabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities. Valid values: `CAPABILITY_IAM`, `CAPABILITY_NAMED_IAM`, `CAPABILITY_AUTO_EXPAND`.\n" + }, + "description": { + "type": "string", + "description": "Description of the StackSet.\n" + }, + "executionRoleName": { + "type": "string", + "description": "Name of the IAM Role in all target accounts for StackSet operations. Defaults to `AWSCloudFormationStackSetExecutionRole` when using the `SELF_MANAGED` permission model. This should not be defined when using the `SERVICE_MANAGED` permission model.\n" + }, + "name": { + "type": "string", + "description": "Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of input parameters for the StackSet template. All template parameters, including those with a `Default`, must be configured or ignored with `lifecycle` configuration block `ignore_changes` argument. All `NoEcho` template parameters must be ignored with the `lifecycle` configuration block `ignore_changes` argument.\n" + }, + "permissionModel": { + "type": "string", + "description": "Describes how the IAM roles required for your StackSet are created. Valid values: `SELF_MANAGED` (default), `SERVICE_MANAGED`.\n" + }, + "stackSetId": { + "type": "string", + "description": "Unique identifier of the StackSet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "templateBody": { + "type": "string", + "description": "String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with `template_url`.\n" + }, + "templateUrl": { + "type": "string", + "description": "String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with `template_body`.\n" + } + }, + "required": [ + "arn", + "executionRoleName", + "name", + "stackSetId", + "tagsAll", + "templateBody" + ], + "inputProperties": { + "administrationRoleArn": { + "type": "string", + "description": "Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the `SELF_MANAGED` permission model.\n" + }, + "autoDeployment": { + "$ref": "#/types/aws:cloudformation/StackSetAutoDeployment:StackSetAutoDeployment", + "description": "Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the `SERVICE_MANAGED` permission model.\n" + }, + "capabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities. Valid values: `CAPABILITY_IAM`, `CAPABILITY_NAMED_IAM`, `CAPABILITY_AUTO_EXPAND`.\n" + }, + "description": { + "type": "string", + "description": "Description of the StackSet.\n" + }, + "executionRoleName": { + "type": "string", + "description": "Name of the IAM Role in all target accounts for StackSet operations. Defaults to `AWSCloudFormationStackSetExecutionRole` when using the `SELF_MANAGED` permission model. This should not be defined when using the `SERVICE_MANAGED` permission model.\n" + }, + "name": { + "type": "string", + "description": "Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of input parameters for the StackSet template. All template parameters, including those with a `Default`, must be configured or ignored with `lifecycle` configuration block `ignore_changes` argument. All `NoEcho` template parameters must be ignored with the `lifecycle` configuration block `ignore_changes` argument.\n" + }, + "permissionModel": { + "type": "string", + "description": "Describes how the IAM roles required for your StackSet are created. Valid values: `SELF_MANAGED` (default), `SERVICE_MANAGED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "templateBody": { + "type": "string", + "description": "String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with `template_url`.\n" + }, + "templateUrl": { + "type": "string", + "description": "String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with `template_body`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering StackSet resources.\n", + "properties": { + "administrationRoleArn": { + "type": "string", + "description": "Amazon Resource Number (ARN) of the IAM Role in the administrator account. This must be defined when using the `SELF_MANAGED` permission model.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the StackSet.\n" + }, + "autoDeployment": { + "$ref": "#/types/aws:cloudformation/StackSetAutoDeployment:StackSetAutoDeployment", + "description": "Configuration block containing the auto-deployment model for your StackSet. This can only be defined when using the `SERVICE_MANAGED` permission model.\n" + }, + "capabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities. Valid values: `CAPABILITY_IAM`, `CAPABILITY_NAMED_IAM`, `CAPABILITY_AUTO_EXPAND`.\n" + }, + "description": { + "type": "string", + "description": "Description of the StackSet.\n" + }, + "executionRoleName": { + "type": "string", + "description": "Name of the IAM Role in all target accounts for StackSet operations. Defaults to `AWSCloudFormationStackSetExecutionRole` when using the `SELF_MANAGED` permission model. This should not be defined when using the `SERVICE_MANAGED` permission model.\n" + }, + "name": { + "type": "string", + "description": "Name of the StackSet. The name must be unique in the region where you create your StackSet. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphabetic character and cannot be longer than 128 characters.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of input parameters for the StackSet template. All template parameters, including those with a `Default`, must be configured or ignored with `lifecycle` configuration block `ignore_changes` argument. All `NoEcho` template parameters must be ignored with the `lifecycle` configuration block `ignore_changes` argument.\n" + }, + "permissionModel": { + "type": "string", + "description": "Describes how the IAM roles required for your StackSet are created. Valid values: `SELF_MANAGED` (default), `SERVICE_MANAGED`.\n" + }, + "stackSetId": { + "type": "string", + "description": "Unique identifier of the StackSet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags to associate with this StackSet and the Stacks created from it. AWS CloudFormation also propagates these tags to supported resources that are created in the Stacks. A maximum number of 50 tags can be specified. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "templateBody": { + "type": "string", + "description": "String containing the CloudFormation template body. Maximum size: 51,200 bytes. Conflicts with `template_url`.\n" + }, + "templateUrl": { + "type": "string", + "description": "String containing the location of a file containing the CloudFormation template body. The URL must point to a template that is located in an Amazon S3 bucket. Maximum location file size: 460,800 bytes. Conflicts with `template_body`.\n" + } + }, + "type": "object" + } + }, + "aws:cloudformation/stackSetInstance:StackSetInstance": { + "description": "Manages a CloudFormation StackSet Instance. Instances are managed in the account and region of the StackSet after the target account permissions have been configured. Additional information about StackSets can be found in the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html).\n\n> **NOTE:** All target accounts must have an IAM Role created that matches the name of the execution role configured in the StackSet (the `execution_role_name` argument in the `aws.cloudformation.StackSet` resource) in a trust relationship with the administrative account or administration IAM Role. The execution role must have appropriate permissions to manage resources defined in the template along with those required for StackSets to operate. See the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html) for more details.\n\n> **NOTE:** To retain the Stack during resource destroy, ensure `retain_stack` has been set to `true` in the state first. This must be completed _before_ a deployment that would destroy the resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudformation.StackSetInstance(\"example\", {\n accountId: \"123456789012\",\n region: \"us-east-1\",\n stackSetName: aws_cloudformation_stack_set.example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudformation.StackSetInstance(\"example\",\n account_id=\"123456789012\",\n region=\"us-east-1\",\n stack_set_name=aws_cloudformation_stack_set[\"example\"][\"name\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CloudFormation.StackSetInstance(\"example\", new Aws.CloudFormation.StackSetInstanceArgs\n {\n AccountId = \"123456789012\",\n Region = \"us-east-1\",\n StackSetName = aws_cloudformation_stack_set.Example.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudformation.NewStackSetInstance(ctx, \"example\", &cloudformation.StackSetInstanceArgs{\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\tStackSetName: pulumi.Any(aws_cloudformation_stack_set.Example.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudFormation StackSet Instances can be imported using the StackSet name, target AWS account ID, and target AWS region separated by commas (`,`) e.g.\n\n```sh\n $ pulumi import aws:cloudformation/stackSetInstance:StackSetInstance example example,123456789012,us-east-1\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "Target AWS Account ID to create a Stack based on the StackSet. Defaults to current account.\n" + }, + "parameterOverrides": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of input parameters to override from the StackSet for this Instance.\n" + }, + "region": { + "type": "string", + "description": "Target AWS Region to create a Stack based on the StackSet. Defaults to current region.\n" + }, + "retainStack": { + "type": "boolean", + "description": "During resource destroy, remove Instance from StackSet while keeping the Stack and its associated resources. Must be enabled in the state _before_ destroy operation to take effect. You cannot reassociate a retained Stack or add an existing, saved Stack to a new StackSet. Defaults to `false`.\n" + }, + "stackId": { + "type": "string", + "description": "Stack identifier\n" + }, + "stackSetName": { + "type": "string", + "description": "Name of the StackSet.\n" + } + }, + "required": [ + "accountId", + "region", + "stackId", + "stackSetName" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "Target AWS Account ID to create a Stack based on the StackSet. Defaults to current account.\n" + }, + "parameterOverrides": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of input parameters to override from the StackSet for this Instance.\n" + }, + "region": { + "type": "string", + "description": "Target AWS Region to create a Stack based on the StackSet. Defaults to current region.\n" + }, + "retainStack": { + "type": "boolean", + "description": "During resource destroy, remove Instance from StackSet while keeping the Stack and its associated resources. Must be enabled in the state _before_ destroy operation to take effect. You cannot reassociate a retained Stack or add an existing, saved Stack to a new StackSet. Defaults to `false`.\n" + }, + "stackSetName": { + "type": "string", + "description": "Name of the StackSet.\n" + } + }, + "requiredInputs": [ + "stackSetName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering StackSetInstance resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "Target AWS Account ID to create a Stack based on the StackSet. Defaults to current account.\n" + }, + "parameterOverrides": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of input parameters to override from the StackSet for this Instance.\n" + }, + "region": { + "type": "string", + "description": "Target AWS Region to create a Stack based on the StackSet. Defaults to current region.\n" + }, + "retainStack": { + "type": "boolean", + "description": "During resource destroy, remove Instance from StackSet while keeping the Stack and its associated resources. Must be enabled in the state _before_ destroy operation to take effect. You cannot reassociate a retained Stack or add an existing, saved Stack to a new StackSet. Defaults to `false`.\n" + }, + "stackId": { + "type": "string", + "description": "Stack identifier\n" + }, + "stackSetName": { + "type": "string", + "description": "Name of the StackSet.\n" + } + }, + "type": "object" + } + }, + "aws:cloudfront/cachePolicy:CachePolicy": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront cache policy.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.CachePolicy(\"example\", {\n comment: \"test comment\",\n defaultTtl: 50,\n maxTtl: 100,\n minTtl: 1,\n parametersInCacheKeyAndForwardedToOrigin: {\n cookiesConfig: {\n cookieBehavior: \"whitelist\",\n cookies: {\n items: [\"example\"],\n },\n },\n headersConfig: {\n headerBehavior: \"whitelist\",\n headers: {\n items: [\"example\"],\n },\n },\n queryStringsConfig: {\n queryStringBehavior: \"whitelist\",\n queryStrings: {\n items: [\"example\"],\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.CachePolicy(\"example\",\n comment=\"test comment\",\n default_ttl=50,\n max_ttl=100,\n min_ttl=1,\n parameters_in_cache_key_and_forwarded_to_origin=aws.cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginArgs(\n cookies_config=aws.cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigArgs(\n cookie_behavior=\"whitelist\",\n cookies=aws.cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookiesArgs(\n items=[\"example\"],\n ),\n ),\n headers_config=aws.cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigArgs(\n header_behavior=\"whitelist\",\n headers=aws.cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeadersArgs(\n items=[\"example\"],\n ),\n ),\n query_strings_config=aws.cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigArgs(\n query_string_behavior=\"whitelist\",\n query_strings=aws.cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryStringsArgs(\n items=[\"example\"],\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CloudFront.CachePolicy(\"example\", new Aws.CloudFront.CachePolicyArgs\n {\n Comment = \"test comment\",\n DefaultTtl = 50,\n MaxTtl = 100,\n MinTtl = 1,\n ParametersInCacheKeyAndForwardedToOrigin = new Aws.CloudFront.Inputs.CachePolicyParametersInCacheKeyAndForwardedToOriginArgs\n {\n CookiesConfig = new Aws.CloudFront.Inputs.CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigArgs\n {\n CookieBehavior = \"whitelist\",\n Cookies = new Aws.CloudFront.Inputs.CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookiesArgs\n {\n Items = \n {\n \"example\",\n },\n },\n },\n HeadersConfig = new Aws.CloudFront.Inputs.CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigArgs\n {\n HeaderBehavior = \"whitelist\",\n Headers = new Aws.CloudFront.Inputs.CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeadersArgs\n {\n Items = \n {\n \"example\",\n },\n },\n },\n QueryStringsConfig = new Aws.CloudFront.Inputs.CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigArgs\n {\n QueryStringBehavior = \"whitelist\",\n QueryStrings = new Aws.CloudFront.Inputs.CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryStringsArgs\n {\n Items = \n {\n \"example\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewCachePolicy(ctx, \"example\", &cloudfront.CachePolicyArgs{\n\t\t\tComment: pulumi.String(\"test comment\"),\n\t\t\tDefaultTtl: pulumi.Int(50),\n\t\t\tMaxTtl: pulumi.Int(100),\n\t\t\tMinTtl: pulumi.Int(1),\n\t\t\tParametersInCacheKeyAndForwardedToOrigin: &cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginArgs{\n\t\t\t\tCookiesConfig: &cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigArgs{\n\t\t\t\t\tCookieBehavior: pulumi.String(\"whitelist\"),\n\t\t\t\t\tCookies: &cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginCookiesConfigCookiesArgs{\n\t\t\t\t\t\tItems: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"example\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tHeadersConfig: &cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigArgs{\n\t\t\t\t\tHeaderBehavior: pulumi.String(\"whitelist\"),\n\t\t\t\t\tHeaders: &cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginHeadersConfigHeadersArgs{\n\t\t\t\t\t\tItems: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"example\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tQueryStringsConfig: &cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigArgs{\n\t\t\t\t\tQueryStringBehavior: pulumi.String(\"whitelist\"),\n\t\t\t\t\tQueryStrings: &cloudfront.CachePolicyParametersInCacheKeyAndForwardedToOriginQueryStringsConfigQueryStringsArgs{\n\t\t\t\t\t\tItems: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"example\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudfront Cache Policies can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:cloudfront/cachePolicy:CachePolicy policy 658327ea-f89d-4fab-a63d-7e88639e58f6\n```\n\n ", + "properties": { + "comment": { + "type": "string", + "description": "A comment to describe the cache policy.\n" + }, + "defaultTtl": { + "type": "integer", + "description": "The default amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the cache policy.\n" + }, + "maxTtl": { + "type": "integer", + "description": "The maximum amount of time, in seconds, that objects stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "minTtl": { + "type": "integer", + "description": "The minimum amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "name": { + "type": "string", + "description": "A unique name to identify the cache policy.\n" + }, + "parametersInCacheKeyAndForwardedToOrigin": { + "$ref": "#/types/aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOrigin:CachePolicyParametersInCacheKeyAndForwardedToOrigin", + "description": "The HTTP headers, cookies, and URL query strings to include in the cache key. See Parameters In Cache Key And Forwarded To Origin for more information.\n" + } + }, + "required": [ + "etag", + "name" + ], + "inputProperties": { + "comment": { + "type": "string", + "description": "A comment to describe the cache policy.\n" + }, + "defaultTtl": { + "type": "integer", + "description": "The default amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the cache policy.\n" + }, + "maxTtl": { + "type": "integer", + "description": "The maximum amount of time, in seconds, that objects stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "minTtl": { + "type": "integer", + "description": "The minimum amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "name": { + "type": "string", + "description": "A unique name to identify the cache policy.\n" + }, + "parametersInCacheKeyAndForwardedToOrigin": { + "$ref": "#/types/aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOrigin:CachePolicyParametersInCacheKeyAndForwardedToOrigin", + "description": "The HTTP headers, cookies, and URL query strings to include in the cache key. See Parameters In Cache Key And Forwarded To Origin for more information.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering CachePolicy resources.\n", + "properties": { + "comment": { + "type": "string", + "description": "A comment to describe the cache policy.\n" + }, + "defaultTtl": { + "type": "integer", + "description": "The default amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the cache policy.\n" + }, + "maxTtl": { + "type": "integer", + "description": "The maximum amount of time, in seconds, that objects stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "minTtl": { + "type": "integer", + "description": "The minimum amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "name": { + "type": "string", + "description": "A unique name to identify the cache policy.\n" + }, + "parametersInCacheKeyAndForwardedToOrigin": { + "$ref": "#/types/aws:cloudfront/CachePolicyParametersInCacheKeyAndForwardedToOrigin:CachePolicyParametersInCacheKeyAndForwardedToOrigin", + "description": "The HTTP headers, cookies, and URL query strings to include in the cache key. See Parameters In Cache Key And Forwarded To Origin for more information.\n" + } + }, + "type": "object" + } + }, + "aws:cloudfront/distribution:Distribution": { + "description": "Creates an Amazon CloudFront web distribution.\n\nFor information about CloudFront distributions, see the\n[Amazon CloudFront Developer Guide](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html). For specific information about creating\nCloudFront web distributions, see the [POST Distribution](https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_CreateDistribution.html) page in the Amazon\nCloudFront API Reference.\n\n> **NOTE:** CloudFront distributions take about 15 minutes to a deployed state\nafter creation or modification. During this time, deletes to resources will be\nblocked. If you need to delete a distribution that is enabled and you do not\nwant to wait, you need to use the `retain_on_delete` flag.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront distribution with an S3 origin.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {\n acl: \"private\",\n tags: {\n Name: \"My bucket\",\n },\n});\nconst s3OriginId = \"myS3Origin\";\nconst s3Distribution = new aws.cloudfront.Distribution(\"s3Distribution\", {\n origins: [{\n domainName: bucket.bucketRegionalDomainName,\n originId: s3OriginId,\n s3OriginConfig: {\n originAccessIdentity: \"origin-access-identity/cloudfront/ABCDEFG1234567\",\n },\n }],\n enabled: true,\n isIpv6Enabled: true,\n comment: \"Some comment\",\n defaultRootObject: \"index.html\",\n loggingConfig: {\n includeCookies: false,\n bucket: \"mylogs.s3.amazonaws.com\",\n prefix: \"myprefix\",\n },\n aliases: [\n \"mysite.example.com\",\n \"yoursite.example.com\",\n ],\n defaultCacheBehavior: {\n allowedMethods: [\n \"DELETE\",\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n \"PATCH\",\n \"POST\",\n \"PUT\",\n ],\n cachedMethods: [\n \"GET\",\n \"HEAD\",\n ],\n targetOriginId: s3OriginId,\n forwardedValues: {\n queryString: false,\n cookies: {\n forward: \"none\",\n },\n },\n viewerProtocolPolicy: \"allow-all\",\n minTtl: 0,\n defaultTtl: 3600,\n maxTtl: 86400,\n },\n orderedCacheBehaviors: [\n {\n pathPattern: \"/content/immutable/*\",\n allowedMethods: [\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n ],\n cachedMethods: [\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n ],\n targetOriginId: s3OriginId,\n forwardedValues: {\n queryString: false,\n headers: [\"Origin\"],\n cookies: {\n forward: \"none\",\n },\n },\n minTtl: 0,\n defaultTtl: 86400,\n maxTtl: 31536000,\n compress: true,\n viewerProtocolPolicy: \"redirect-to-https\",\n },\n {\n pathPattern: \"/content/*\",\n allowedMethods: [\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n ],\n cachedMethods: [\n \"GET\",\n \"HEAD\",\n ],\n targetOriginId: s3OriginId,\n forwardedValues: {\n queryString: false,\n cookies: {\n forward: \"none\",\n },\n },\n minTtl: 0,\n defaultTtl: 3600,\n maxTtl: 86400,\n compress: true,\n viewerProtocolPolicy: \"redirect-to-https\",\n },\n ],\n priceClass: \"PriceClass_200\",\n restrictions: {\n geoRestriction: {\n restrictionType: \"whitelist\",\n locations: [\n \"US\",\n \"CA\",\n \"GB\",\n \"DE\",\n ],\n },\n },\n tags: {\n Environment: \"production\",\n },\n viewerCertificate: {\n cloudfrontDefaultCertificate: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\",\n acl=\"private\",\n tags={\n \"Name\": \"My bucket\",\n })\ns3_origin_id = \"myS3Origin\"\ns3_distribution = aws.cloudfront.Distribution(\"s3Distribution\",\n origins=[aws.cloudfront.DistributionOriginArgs(\n domain_name=bucket.bucket_regional_domain_name,\n origin_id=s3_origin_id,\n s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(\n origin_access_identity=\"origin-access-identity/cloudfront/ABCDEFG1234567\",\n ),\n )],\n enabled=True,\n is_ipv6_enabled=True,\n comment=\"Some comment\",\n default_root_object=\"index.html\",\n logging_config=aws.cloudfront.DistributionLoggingConfigArgs(\n include_cookies=False,\n bucket=\"mylogs.s3.amazonaws.com\",\n prefix=\"myprefix\",\n ),\n aliases=[\n \"mysite.example.com\",\n \"yoursite.example.com\",\n ],\n default_cache_behavior=aws.cloudfront.DistributionDefaultCacheBehaviorArgs(\n allowed_methods=[\n \"DELETE\",\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n \"PATCH\",\n \"POST\",\n \"PUT\",\n ],\n cached_methods=[\n \"GET\",\n \"HEAD\",\n ],\n target_origin_id=s3_origin_id,\n forwarded_values=aws.cloudfront.DistributionDefaultCacheBehaviorForwardedValuesArgs(\n query_string=False,\n cookies=aws.cloudfront.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs(\n forward=\"none\",\n ),\n ),\n viewer_protocol_policy=\"allow-all\",\n min_ttl=0,\n default_ttl=3600,\n max_ttl=86400,\n ),\n ordered_cache_behaviors=[\n aws.cloudfront.DistributionOrderedCacheBehaviorArgs(\n path_pattern=\"/content/immutable/*\",\n allowed_methods=[\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n ],\n cached_methods=[\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n ],\n target_origin_id=s3_origin_id,\n forwarded_values=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs(\n query_string=False,\n headers=[\"Origin\"],\n cookies=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs(\n forward=\"none\",\n ),\n ),\n min_ttl=0,\n default_ttl=86400,\n max_ttl=31536000,\n compress=True,\n viewer_protocol_policy=\"redirect-to-https\",\n ),\n aws.cloudfront.DistributionOrderedCacheBehaviorArgs(\n path_pattern=\"/content/*\",\n allowed_methods=[\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n ],\n cached_methods=[\n \"GET\",\n \"HEAD\",\n ],\n target_origin_id=s3_origin_id,\n forwarded_values=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs(\n query_string=False,\n cookies=aws.cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs(\n forward=\"none\",\n ),\n ),\n min_ttl=0,\n default_ttl=3600,\n max_ttl=86400,\n compress=True,\n viewer_protocol_policy=\"redirect-to-https\",\n ),\n ],\n price_class=\"PriceClass_200\",\n restrictions=aws.cloudfront.DistributionRestrictionsArgs(\n geo_restriction=aws.cloudfront.DistributionRestrictionsGeoRestrictionArgs(\n restriction_type=\"whitelist\",\n locations=[\n \"US\",\n \"CA\",\n \"GB\",\n \"DE\",\n ],\n ),\n ),\n tags={\n \"Environment\": \"production\",\n },\n viewer_certificate=aws.cloudfront.DistributionViewerCertificateArgs(\n cloudfront_default_certificate=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n Tags = \n {\n { \"Name\", \"My bucket\" },\n },\n });\n var s3OriginId = \"myS3Origin\";\n var s3Distribution = new Aws.CloudFront.Distribution(\"s3Distribution\", new Aws.CloudFront.DistributionArgs\n {\n Origins = \n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n DomainName = bucket.BucketRegionalDomainName,\n OriginId = s3OriginId,\n S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs\n {\n OriginAccessIdentity = \"origin-access-identity/cloudfront/ABCDEFG1234567\",\n },\n },\n },\n Enabled = true,\n IsIpv6Enabled = true,\n Comment = \"Some comment\",\n DefaultRootObject = \"index.html\",\n LoggingConfig = new Aws.CloudFront.Inputs.DistributionLoggingConfigArgs\n {\n IncludeCookies = false,\n Bucket = \"mylogs.s3.amazonaws.com\",\n Prefix = \"myprefix\",\n },\n Aliases = \n {\n \"mysite.example.com\",\n \"yoursite.example.com\",\n },\n DefaultCacheBehavior = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorArgs\n {\n AllowedMethods = \n {\n \"DELETE\",\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n \"PATCH\",\n \"POST\",\n \"PUT\",\n },\n CachedMethods = \n {\n \"GET\",\n \"HEAD\",\n },\n TargetOriginId = s3OriginId,\n ForwardedValues = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorForwardedValuesArgs\n {\n QueryString = false,\n Cookies = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs\n {\n Forward = \"none\",\n },\n },\n ViewerProtocolPolicy = \"allow-all\",\n MinTtl = 0,\n DefaultTtl = 3600,\n MaxTtl = 86400,\n },\n OrderedCacheBehaviors = \n {\n new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorArgs\n {\n PathPattern = \"/content/immutable/*\",\n AllowedMethods = \n {\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n },\n CachedMethods = \n {\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n },\n TargetOriginId = s3OriginId,\n ForwardedValues = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesArgs\n {\n QueryString = false,\n Headers = \n {\n \"Origin\",\n },\n Cookies = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs\n {\n Forward = \"none\",\n },\n },\n MinTtl = 0,\n DefaultTtl = 86400,\n MaxTtl = 31536000,\n Compress = true,\n ViewerProtocolPolicy = \"redirect-to-https\",\n },\n new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorArgs\n {\n PathPattern = \"/content/*\",\n AllowedMethods = \n {\n \"GET\",\n \"HEAD\",\n \"OPTIONS\",\n },\n CachedMethods = \n {\n \"GET\",\n \"HEAD\",\n },\n TargetOriginId = s3OriginId,\n ForwardedValues = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesArgs\n {\n QueryString = false,\n Cookies = new Aws.CloudFront.Inputs.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs\n {\n Forward = \"none\",\n },\n },\n MinTtl = 0,\n DefaultTtl = 3600,\n MaxTtl = 86400,\n Compress = true,\n ViewerProtocolPolicy = \"redirect-to-https\",\n },\n },\n PriceClass = \"PriceClass_200\",\n Restrictions = new Aws.CloudFront.Inputs.DistributionRestrictionsArgs\n {\n GeoRestriction = new Aws.CloudFront.Inputs.DistributionRestrictionsGeoRestrictionArgs\n {\n RestrictionType = \"whitelist\",\n Locations = \n {\n \"US\",\n \"CA\",\n \"GB\",\n \"DE\",\n },\n },\n },\n Tags = \n {\n { \"Environment\", \"production\" },\n },\n ViewerCertificate = new Aws.CloudFront.Inputs.DistributionViewerCertificateArgs\n {\n CloudfrontDefaultCertificate = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"My bucket\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3OriginId := \"myS3Origin\"\n\t\t_, err = cloudfront.NewDistribution(ctx, \"s3Distribution\", &cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t&cloudfront.DistributionOriginArgs{\n\t\t\t\t\tDomainName: bucket.BucketRegionalDomainName,\n\t\t\t\t\tOriginId: pulumi.String(s3OriginId),\n\t\t\t\t\tS3OriginConfig: &cloudfront.DistributionOriginS3OriginConfigArgs{\n\t\t\t\t\t\tOriginAccessIdentity: pulumi.String(\"origin-access-identity/cloudfront/ABCDEFG1234567\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tIsIpv6Enabled: pulumi.Bool(true),\n\t\t\tComment: pulumi.String(\"Some comment\"),\n\t\t\tDefaultRootObject: pulumi.String(\"index.html\"),\n\t\t\tLoggingConfig: &cloudfront.DistributionLoggingConfigArgs{\n\t\t\t\tIncludeCookies: pulumi.Bool(false),\n\t\t\t\tBucket: pulumi.String(\"mylogs.s3.amazonaws.com\"),\n\t\t\t\tPrefix: pulumi.String(\"myprefix\"),\n\t\t\t},\n\t\t\tAliases: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"mysite.example.com\"),\n\t\t\t\tpulumi.String(\"yoursite.example.com\"),\n\t\t\t},\n\t\t\tDefaultCacheBehavior: &cloudfront.DistributionDefaultCacheBehaviorArgs{\n\t\t\t\tAllowedMethods: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"DELETE\"),\n\t\t\t\t\tpulumi.String(\"GET\"),\n\t\t\t\t\tpulumi.String(\"HEAD\"),\n\t\t\t\t\tpulumi.String(\"OPTIONS\"),\n\t\t\t\t\tpulumi.String(\"PATCH\"),\n\t\t\t\t\tpulumi.String(\"POST\"),\n\t\t\t\t\tpulumi.String(\"PUT\"),\n\t\t\t\t},\n\t\t\t\tCachedMethods: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"GET\"),\n\t\t\t\t\tpulumi.String(\"HEAD\"),\n\t\t\t\t},\n\t\t\t\tTargetOriginId: pulumi.String(s3OriginId),\n\t\t\t\tForwardedValues: &cloudfront.DistributionDefaultCacheBehaviorForwardedValuesArgs{\n\t\t\t\t\tQueryString: pulumi.Bool(false),\n\t\t\t\t\tCookies: &cloudfront.DistributionDefaultCacheBehaviorForwardedValuesCookiesArgs{\n\t\t\t\t\t\tForward: pulumi.String(\"none\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tViewerProtocolPolicy: pulumi.String(\"allow-all\"),\n\t\t\t\tMinTtl: pulumi.Int(0),\n\t\t\t\tDefaultTtl: pulumi.Int(3600),\n\t\t\t\tMaxTtl: pulumi.Int(86400),\n\t\t\t},\n\t\t\tOrderedCacheBehaviors: cloudfront.DistributionOrderedCacheBehaviorArray{\n\t\t\t\t&cloudfront.DistributionOrderedCacheBehaviorArgs{\n\t\t\t\t\tPathPattern: pulumi.String(\"/content/immutable/*\"),\n\t\t\t\t\tAllowedMethods: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"GET\"),\n\t\t\t\t\t\tpulumi.String(\"HEAD\"),\n\t\t\t\t\t\tpulumi.String(\"OPTIONS\"),\n\t\t\t\t\t},\n\t\t\t\t\tCachedMethods: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"GET\"),\n\t\t\t\t\t\tpulumi.String(\"HEAD\"),\n\t\t\t\t\t\tpulumi.String(\"OPTIONS\"),\n\t\t\t\t\t},\n\t\t\t\t\tTargetOriginId: pulumi.String(s3OriginId),\n\t\t\t\t\tForwardedValues: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs{\n\t\t\t\t\t\tQueryString: pulumi.Bool(false),\n\t\t\t\t\t\tHeaders: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"Origin\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tCookies: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs{\n\t\t\t\t\t\t\tForward: pulumi.String(\"none\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMinTtl: pulumi.Int(0),\n\t\t\t\t\tDefaultTtl: pulumi.Int(86400),\n\t\t\t\t\tMaxTtl: pulumi.Int(31536000),\n\t\t\t\t\tCompress: pulumi.Bool(true),\n\t\t\t\t\tViewerProtocolPolicy: pulumi.String(\"redirect-to-https\"),\n\t\t\t\t},\n\t\t\t\t&cloudfront.DistributionOrderedCacheBehaviorArgs{\n\t\t\t\t\tPathPattern: pulumi.String(\"/content/*\"),\n\t\t\t\t\tAllowedMethods: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"GET\"),\n\t\t\t\t\t\tpulumi.String(\"HEAD\"),\n\t\t\t\t\t\tpulumi.String(\"OPTIONS\"),\n\t\t\t\t\t},\n\t\t\t\t\tCachedMethods: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"GET\"),\n\t\t\t\t\t\tpulumi.String(\"HEAD\"),\n\t\t\t\t\t},\n\t\t\t\t\tTargetOriginId: pulumi.String(s3OriginId),\n\t\t\t\t\tForwardedValues: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesArgs{\n\t\t\t\t\t\tQueryString: pulumi.Bool(false),\n\t\t\t\t\t\tCookies: &cloudfront.DistributionOrderedCacheBehaviorForwardedValuesCookiesArgs{\n\t\t\t\t\t\t\tForward: pulumi.String(\"none\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMinTtl: pulumi.Int(0),\n\t\t\t\t\tDefaultTtl: pulumi.Int(3600),\n\t\t\t\t\tMaxTtl: pulumi.Int(86400),\n\t\t\t\t\tCompress: pulumi.Bool(true),\n\t\t\t\t\tViewerProtocolPolicy: pulumi.String(\"redirect-to-https\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPriceClass: pulumi.String(\"PriceClass_200\"),\n\t\t\tRestrictions: &cloudfront.DistributionRestrictionsArgs{\n\t\t\t\tGeoRestriction: &cloudfront.DistributionRestrictionsGeoRestrictionArgs{\n\t\t\t\t\tRestrictionType: pulumi.String(\"whitelist\"),\n\t\t\t\t\tLocations: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\tpulumi.String(\"CA\"),\n\t\t\t\t\t\tpulumi.String(\"GB\"),\n\t\t\t\t\t\tpulumi.String(\"DE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"production\"),\n\t\t\t},\n\t\t\tViewerCertificate: &cloudfront.DistributionViewerCertificateArgs{\n\t\t\t\tCloudfrontDefaultCertificate: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nThe following example below creates a Cloudfront distribution with an origin group for failover routing:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3Distribution = new aws.cloudfront.Distribution(\"s3Distribution\", {\n originGroups: [{\n originId: \"groupS3\",\n failoverCriteria: {\n statusCodes: [\n 403,\n 404,\n 500,\n 502,\n ],\n },\n members: [\n {\n originId: \"primaryS3\",\n },\n {\n originId: \"failoverS3\",\n },\n ],\n }],\n origins: [\n {\n domainName: aws_s3_bucket.primary.bucket_regional_domain_name,\n originId: \"primaryS3\",\n s3OriginConfig: {\n originAccessIdentity: aws_cloudfront_origin_access_identity[\"default\"].cloudfront_access_identity_path,\n },\n },\n {\n domainName: aws_s3_bucket.failover.bucket_regional_domain_name,\n originId: \"failoverS3\",\n s3OriginConfig: {\n originAccessIdentity: aws_cloudfront_origin_access_identity[\"default\"].cloudfront_access_identity_path,\n },\n },\n ],\n defaultCacheBehavior: {\n targetOriginId: \"groupS3\",\n },\n});\n// ... other configuration ...\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3_distribution = aws.cloudfront.Distribution(\"s3Distribution\",\n origin_groups=[aws.cloudfront.DistributionOriginGroupArgs(\n origin_id=\"groupS3\",\n failover_criteria=aws.cloudfront.DistributionOriginGroupFailoverCriteriaArgs(\n status_codes=[\n 403,\n 404,\n 500,\n 502,\n ],\n ),\n members=[\n aws.cloudfront.DistributionOriginGroupMemberArgs(\n origin_id=\"primaryS3\",\n ),\n aws.cloudfront.DistributionOriginGroupMemberArgs(\n origin_id=\"failoverS3\",\n ),\n ],\n )],\n origins=[\n aws.cloudfront.DistributionOriginArgs(\n domain_name=aws_s3_bucket[\"primary\"][\"bucket_regional_domain_name\"],\n origin_id=\"primaryS3\",\n s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(\n origin_access_identity=aws_cloudfront_origin_access_identity[\"default\"][\"cloudfront_access_identity_path\"],\n ),\n ),\n aws.cloudfront.DistributionOriginArgs(\n domain_name=aws_s3_bucket[\"failover\"][\"bucket_regional_domain_name\"],\n origin_id=\"failoverS3\",\n s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(\n origin_access_identity=aws_cloudfront_origin_access_identity[\"default\"][\"cloudfront_access_identity_path\"],\n ),\n ),\n ],\n default_cache_behavior=aws.cloudfront.DistributionDefaultCacheBehaviorArgs(\n target_origin_id=\"groupS3\",\n ))\n# ... other configuration ...\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var s3Distribution = new Aws.CloudFront.Distribution(\"s3Distribution\", new Aws.CloudFront.DistributionArgs\n {\n OriginGroups = \n {\n new Aws.CloudFront.Inputs.DistributionOriginGroupArgs\n {\n OriginId = \"groupS3\",\n FailoverCriteria = new Aws.CloudFront.Inputs.DistributionOriginGroupFailoverCriteriaArgs\n {\n StatusCodes = \n {\n 403,\n 404,\n 500,\n 502,\n },\n },\n Members = \n {\n new Aws.CloudFront.Inputs.DistributionOriginGroupMemberArgs\n {\n OriginId = \"primaryS3\",\n },\n new Aws.CloudFront.Inputs.DistributionOriginGroupMemberArgs\n {\n OriginId = \"failoverS3\",\n },\n },\n },\n },\n Origins = \n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n DomainName = aws_s3_bucket.Primary.Bucket_regional_domain_name,\n OriginId = \"primaryS3\",\n S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs\n {\n OriginAccessIdentity = aws_cloudfront_origin_access_identity.Default.Cloudfront_access_identity_path,\n },\n },\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n DomainName = aws_s3_bucket.Failover.Bucket_regional_domain_name,\n OriginId = \"failoverS3\",\n S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs\n {\n OriginAccessIdentity = aws_cloudfront_origin_access_identity.Default.Cloudfront_access_identity_path,\n },\n },\n },\n DefaultCacheBehavior = new Aws.CloudFront.Inputs.DistributionDefaultCacheBehaviorArgs\n {\n TargetOriginId = \"groupS3\",\n },\n });\n // ... other configuration ...\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewDistribution(ctx, \"s3Distribution\", &cloudfront.DistributionArgs{\n\t\t\tOriginGroups: cloudfront.DistributionOriginGroupArray{\n\t\t\t\t&cloudfront.DistributionOriginGroupArgs{\n\t\t\t\t\tOriginId: pulumi.String(\"groupS3\"),\n\t\t\t\t\tFailoverCriteria: &cloudfront.DistributionOriginGroupFailoverCriteriaArgs{\n\t\t\t\t\t\tStatusCodes: pulumi.IntArray{\n\t\t\t\t\t\t\tpulumi.Int(403),\n\t\t\t\t\t\t\tpulumi.Int(404),\n\t\t\t\t\t\t\tpulumi.Int(500),\n\t\t\t\t\t\t\tpulumi.Int(502),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tMembers: cloudfront.DistributionOriginGroupMemberArray{\n\t\t\t\t\t\t&cloudfront.DistributionOriginGroupMemberArgs{\n\t\t\t\t\t\t\tOriginId: pulumi.String(\"primaryS3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&cloudfront.DistributionOriginGroupMemberArgs{\n\t\t\t\t\t\t\tOriginId: pulumi.String(\"failoverS3\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t&cloudfront.DistributionOriginArgs{\n\t\t\t\t\tDomainName: pulumi.Any(aws_s3_bucket.Primary.Bucket_regional_domain_name),\n\t\t\t\t\tOriginId: pulumi.String(\"primaryS3\"),\n\t\t\t\t\tS3OriginConfig: &cloudfront.DistributionOriginS3OriginConfigArgs{\n\t\t\t\t\t\tOriginAccessIdentity: pulumi.Any(aws_cloudfront_origin_access_identity.Default.Cloudfront_access_identity_path),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&cloudfront.DistributionOriginArgs{\n\t\t\t\t\tDomainName: pulumi.Any(aws_s3_bucket.Failover.Bucket_regional_domain_name),\n\t\t\t\t\tOriginId: pulumi.String(\"failoverS3\"),\n\t\t\t\t\tS3OriginConfig: &cloudfront.DistributionOriginS3OriginConfigArgs{\n\t\t\t\t\t\tOriginAccessIdentity: pulumi.Any(aws_cloudfront_origin_access_identity.Default.Cloudfront_access_identity_path),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDefaultCacheBehavior: &cloudfront.DistributionDefaultCacheBehaviorArgs{\n\t\t\t\tTargetOriginId: pulumi.String(\"groupS3\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudfront Distributions can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:cloudfront/distribution:Distribution distribution E74FTE3EXAMPLE\n```\n\n ", + "properties": { + "aliases": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Extra CNAMEs (alternate domain names), if any, for\nthis distribution.\n" + }, + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) for the distribution. For example: `arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5`, where `123456789012` is your AWS account ID.\n" + }, + "callerReference": { + "type": "string", + "description": "Internal value used by CloudFront to allow future\nupdates to the distribution configuration.\n" + }, + "comment": { + "type": "string", + "description": "Any comments you want to include about the\ndistribution.\n" + }, + "customErrorResponses": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionCustomErrorResponse:DistributionCustomErrorResponse" + }, + "description": "One or more custom error response elements (multiples allowed).\n" + }, + "defaultCacheBehavior": { + "$ref": "#/types/aws:cloudfront/DistributionDefaultCacheBehavior:DistributionDefaultCacheBehavior", + "description": "The default cache behavior for this distribution (maximum\none).\n" + }, + "defaultRootObject": { + "type": "string", + "description": "The object that you want CloudFront to\nreturn (for example, index.html) when an end user requests the root URL.\n" + }, + "domainName": { + "type": "string", + "description": "The DNS domain name of either the S3 bucket, or\nweb site of your custom origin.\n" + }, + "enabled": { + "type": "boolean", + "description": "A flag that specifies whether Origin Shield is enabled.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the distribution's information. For example:\n`E2QWRUHAPOMQZL`.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The CloudFront Route 53 zone ID that can be used to\nroute an [Alias Resource Record Set](http://docs.aws.amazon.com/Route53/latest/APIReference/CreateAliasRRSAPI.html) to. This attribute is simply an\nalias for the zone ID `Z2FDTNDATAQYW2`.\n" + }, + "httpVersion": { + "type": "string", + "description": "The maximum HTTP version to support on the\ndistribution. Allowed values are `http1.1` and `http2`. The default is\n`http2`.\n" + }, + "inProgressValidationBatches": { + "type": "integer", + "description": "The number of invalidation batches\ncurrently in progress.\n" + }, + "isIpv6Enabled": { + "type": "boolean", + "description": "Whether the IPv6 is enabled for the distribution.\n" + }, + "lastModifiedTime": { + "type": "string", + "description": "The date and time the distribution was last modified.\n" + }, + "loggingConfig": { + "$ref": "#/types/aws:cloudfront/DistributionLoggingConfig:DistributionLoggingConfig", + "description": "The logging\nconfiguration that controls how logs are written\nto your distribution (maximum one).\n" + }, + "orderedCacheBehaviors": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOrderedCacheBehavior:DistributionOrderedCacheBehavior" + }, + "description": "An ordered list of cache behaviors\nresource for this distribution. List from top to bottom\nin order of precedence. The topmost cache behavior will have precedence 0.\n" + }, + "originGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOriginGroup:DistributionOriginGroup" + }, + "description": "One or more origin_group for this\ndistribution (multiples allowed).\n" + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOrigin:DistributionOrigin" + }, + "description": "One or more origins for this\ndistribution (multiples allowed).\n" + }, + "priceClass": { + "type": "string", + "description": "The price class for this distribution. One of\n`PriceClass_All`, `PriceClass_200`, `PriceClass_100`\n" + }, + "restrictions": { + "$ref": "#/types/aws:cloudfront/DistributionRestrictions:DistributionRestrictions", + "description": "The restriction\nconfiguration for this distribution (maximum one).\n" + }, + "retainOnDelete": { + "type": "boolean", + "description": "Disables the distribution instead of\ndeleting it when destroying the resource. If this is set,\nthe distribution needs to be deleted manually afterwards. Default: `false`.\n" + }, + "status": { + "type": "string", + "description": "The current status of the distribution. `Deployed` if the\ndistribution's information is fully propagated throughout the Amazon\nCloudFront system.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "trustedKeyGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionTrustedKeyGroup:DistributionTrustedKeyGroup" + }, + "description": "A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies.\nSee the [CloudFront User Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) for more information about this feature.\n" + }, + "trustedSigners": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionTrustedSigner:DistributionTrustedSigner" + }, + "description": "List of AWS account IDs (or `self`) that you want to allow to create signed URLs for private content.\nSee the [CloudFront User Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) for more information about this feature.\n" + }, + "viewerCertificate": { + "$ref": "#/types/aws:cloudfront/DistributionViewerCertificate:DistributionViewerCertificate", + "description": "The SSL\nconfiguration for this distribution (maximum\none).\n" + }, + "waitForDeployment": { + "type": "boolean", + "description": "If enabled, the resource will wait for\nthe distribution status to change from `InProgress` to `Deployed`. Setting\nthis to`false` will skip the process. Default: `true`.\n" + }, + "webAclId": { + "type": "string", + "description": "A unique identifier that specifies the AWS WAF web ACL,\nif any, to associate with this distribution.\nTo specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN,\nfor example `aws_wafv2_web_acl.example.arn`. To specify a web\nACL created using AWS WAF Classic, use the ACL ID, for example `aws_waf_web_acl.example.id`.\nThe WAF Web ACL must exist in the WAF Global (CloudFront) region and the\ncredentials configuring this argument must have `waf:GetWebACL` permissions assigned.\n" + } + }, + "required": [ + "arn", + "callerReference", + "defaultCacheBehavior", + "domainName", + "enabled", + "etag", + "hostedZoneId", + "inProgressValidationBatches", + "lastModifiedTime", + "origins", + "restrictions", + "status", + "tagsAll", + "trustedKeyGroups", + "trustedSigners", + "viewerCertificate" + ], + "inputProperties": { + "aliases": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Extra CNAMEs (alternate domain names), if any, for\nthis distribution.\n" + }, + "comment": { + "type": "string", + "description": "Any comments you want to include about the\ndistribution.\n" + }, + "customErrorResponses": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionCustomErrorResponse:DistributionCustomErrorResponse" + }, + "description": "One or more custom error response elements (multiples allowed).\n" + }, + "defaultCacheBehavior": { + "$ref": "#/types/aws:cloudfront/DistributionDefaultCacheBehavior:DistributionDefaultCacheBehavior", + "description": "The default cache behavior for this distribution (maximum\none).\n" + }, + "defaultRootObject": { + "type": "string", + "description": "The object that you want CloudFront to\nreturn (for example, index.html) when an end user requests the root URL.\n" + }, + "enabled": { + "type": "boolean", + "description": "A flag that specifies whether Origin Shield is enabled.\n" + }, + "httpVersion": { + "type": "string", + "description": "The maximum HTTP version to support on the\ndistribution. Allowed values are `http1.1` and `http2`. The default is\n`http2`.\n" + }, + "isIpv6Enabled": { + "type": "boolean", + "description": "Whether the IPv6 is enabled for the distribution.\n" + }, + "loggingConfig": { + "$ref": "#/types/aws:cloudfront/DistributionLoggingConfig:DistributionLoggingConfig", + "description": "The logging\nconfiguration that controls how logs are written\nto your distribution (maximum one).\n" + }, + "orderedCacheBehaviors": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOrderedCacheBehavior:DistributionOrderedCacheBehavior" + }, + "description": "An ordered list of cache behaviors\nresource for this distribution. List from top to bottom\nin order of precedence. The topmost cache behavior will have precedence 0.\n" + }, + "originGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOriginGroup:DistributionOriginGroup" + }, + "description": "One or more origin_group for this\ndistribution (multiples allowed).\n" + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOrigin:DistributionOrigin" + }, + "description": "One or more origins for this\ndistribution (multiples allowed).\n" + }, + "priceClass": { + "type": "string", + "description": "The price class for this distribution. One of\n`PriceClass_All`, `PriceClass_200`, `PriceClass_100`\n" + }, + "restrictions": { + "$ref": "#/types/aws:cloudfront/DistributionRestrictions:DistributionRestrictions", + "description": "The restriction\nconfiguration for this distribution (maximum one).\n" + }, + "retainOnDelete": { + "type": "boolean", + "description": "Disables the distribution instead of\ndeleting it when destroying the resource. If this is set,\nthe distribution needs to be deleted manually afterwards. Default: `false`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "viewerCertificate": { + "$ref": "#/types/aws:cloudfront/DistributionViewerCertificate:DistributionViewerCertificate", + "description": "The SSL\nconfiguration for this distribution (maximum\none).\n" + }, + "waitForDeployment": { + "type": "boolean", + "description": "If enabled, the resource will wait for\nthe distribution status to change from `InProgress` to `Deployed`. Setting\nthis to`false` will skip the process. Default: `true`.\n" + }, + "webAclId": { + "type": "string", + "description": "A unique identifier that specifies the AWS WAF web ACL,\nif any, to associate with this distribution.\nTo specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN,\nfor example `aws_wafv2_web_acl.example.arn`. To specify a web\nACL created using AWS WAF Classic, use the ACL ID, for example `aws_waf_web_acl.example.id`.\nThe WAF Web ACL must exist in the WAF Global (CloudFront) region and the\ncredentials configuring this argument must have `waf:GetWebACL` permissions assigned.\n" + } + }, + "requiredInputs": [ + "defaultCacheBehavior", + "enabled", + "origins", + "restrictions", + "viewerCertificate" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Distribution resources.\n", + "properties": { + "aliases": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Extra CNAMEs (alternate domain names), if any, for\nthis distribution.\n" + }, + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) for the distribution. For example: `arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5`, where `123456789012` is your AWS account ID.\n" + }, + "callerReference": { + "type": "string", + "description": "Internal value used by CloudFront to allow future\nupdates to the distribution configuration.\n" + }, + "comment": { + "type": "string", + "description": "Any comments you want to include about the\ndistribution.\n" + }, + "customErrorResponses": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionCustomErrorResponse:DistributionCustomErrorResponse" + }, + "description": "One or more custom error response elements (multiples allowed).\n" + }, + "defaultCacheBehavior": { + "$ref": "#/types/aws:cloudfront/DistributionDefaultCacheBehavior:DistributionDefaultCacheBehavior", + "description": "The default cache behavior for this distribution (maximum\none).\n" + }, + "defaultRootObject": { + "type": "string", + "description": "The object that you want CloudFront to\nreturn (for example, index.html) when an end user requests the root URL.\n" + }, + "domainName": { + "type": "string", + "description": "The DNS domain name of either the S3 bucket, or\nweb site of your custom origin.\n" + }, + "enabled": { + "type": "boolean", + "description": "A flag that specifies whether Origin Shield is enabled.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the distribution's information. For example:\n`E2QWRUHAPOMQZL`.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The CloudFront Route 53 zone ID that can be used to\nroute an [Alias Resource Record Set](http://docs.aws.amazon.com/Route53/latest/APIReference/CreateAliasRRSAPI.html) to. This attribute is simply an\nalias for the zone ID `Z2FDTNDATAQYW2`.\n" + }, + "httpVersion": { + "type": "string", + "description": "The maximum HTTP version to support on the\ndistribution. Allowed values are `http1.1` and `http2`. The default is\n`http2`.\n" + }, + "inProgressValidationBatches": { + "type": "integer", + "description": "The number of invalidation batches\ncurrently in progress.\n" + }, + "isIpv6Enabled": { + "type": "boolean", + "description": "Whether the IPv6 is enabled for the distribution.\n" + }, + "lastModifiedTime": { + "type": "string", + "description": "The date and time the distribution was last modified.\n" + }, + "loggingConfig": { + "$ref": "#/types/aws:cloudfront/DistributionLoggingConfig:DistributionLoggingConfig", + "description": "The logging\nconfiguration that controls how logs are written\nto your distribution (maximum one).\n" + }, + "orderedCacheBehaviors": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOrderedCacheBehavior:DistributionOrderedCacheBehavior" + }, + "description": "An ordered list of cache behaviors\nresource for this distribution. List from top to bottom\nin order of precedence. The topmost cache behavior will have precedence 0.\n" + }, + "originGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOriginGroup:DistributionOriginGroup" + }, + "description": "One or more origin_group for this\ndistribution (multiples allowed).\n" + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionOrigin:DistributionOrigin" + }, + "description": "One or more origins for this\ndistribution (multiples allowed).\n" + }, + "priceClass": { + "type": "string", + "description": "The price class for this distribution. One of\n`PriceClass_All`, `PriceClass_200`, `PriceClass_100`\n" + }, + "restrictions": { + "$ref": "#/types/aws:cloudfront/DistributionRestrictions:DistributionRestrictions", + "description": "The restriction\nconfiguration for this distribution (maximum one).\n" + }, + "retainOnDelete": { + "type": "boolean", + "description": "Disables the distribution instead of\ndeleting it when destroying the resource. If this is set,\nthe distribution needs to be deleted manually afterwards. Default: `false`.\n" + }, + "status": { + "type": "string", + "description": "The current status of the distribution. `Deployed` if the\ndistribution's information is fully propagated throughout the Amazon\nCloudFront system.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "trustedKeyGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionTrustedKeyGroup:DistributionTrustedKeyGroup" + }, + "description": "A list of key group IDs that CloudFront can use to validate signed URLs or signed cookies.\nSee the [CloudFront User Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) for more information about this feature.\n" + }, + "trustedSigners": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/DistributionTrustedSigner:DistributionTrustedSigner" + }, + "description": "List of AWS account IDs (or `self`) that you want to allow to create signed URLs for private content.\nSee the [CloudFront User Guide](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-trusted-signers.html) for more information about this feature.\n" + }, + "viewerCertificate": { + "$ref": "#/types/aws:cloudfront/DistributionViewerCertificate:DistributionViewerCertificate", + "description": "The SSL\nconfiguration for this distribution (maximum\none).\n" + }, + "waitForDeployment": { + "type": "boolean", + "description": "If enabled, the resource will wait for\nthe distribution status to change from `InProgress` to `Deployed`. Setting\nthis to`false` will skip the process. Default: `true`.\n" + }, + "webAclId": { + "type": "string", + "description": "A unique identifier that specifies the AWS WAF web ACL,\nif any, to associate with this distribution.\nTo specify a web ACL created using the latest version of AWS WAF (WAFv2), use the ACL ARN,\nfor example `aws_wafv2_web_acl.example.arn`. To specify a web\nACL created using AWS WAF Classic, use the ACL ID, for example `aws_waf_web_acl.example.id`.\nThe WAF Web ACL must exist in the WAF Global (CloudFront) region and the\ncredentials configuring this argument must have `waf:GetWebACL` permissions assigned.\n" + } + }, + "type": "object" + } + }, + "aws:cloudfront/function:Function": { + "description": "Provides a CloudFront Function resource. With CloudFront Functions in Amazon CloudFront, you can write lightweight functions in JavaScript for high-scale, latency-sensitive CDN customizations.\n\nSee [CloudFront Functions](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/cloudfront-functions.html)\n\n> **NOTE:** You cannot delete a function if it’s associated with a cache behavior. First, update your distributions to remove the function association from all cache behaviors, then delete the function.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst test = new aws.cloudfront.Function(\"test\", {\n runtime: \"cloudfront-js-1.0\",\n comment: \"my function\",\n publish: true,\n code: fs.readFileSync(`${path.module}/function.js`),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cloudfront.Function(\"test\",\n runtime=\"cloudfront-js-1.0\",\n comment=\"my function\",\n publish=True,\n code=(lambda path: open(path).read())(f\"{path['module']}/function.js\"))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.CloudFront.Function(\"test\", new Aws.CloudFront.FunctionArgs\n {\n Runtime = \"cloudfront-js-1.0\",\n Comment = \"my function\",\n Publish = true,\n Code = File.ReadAllText($\"{path.Module}/function.js\"),\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudFront Functions can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:cloudfront/function:Function test my_test_function\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) identifying your CloudFront Function.\n" + }, + "code": { + "type": "string", + "description": "Source code of the function\n" + }, + "comment": { + "type": "string", + "description": "Comment.\n" + }, + "etag": { + "type": "string", + "description": "ETag hash of the function\n" + }, + "name": { + "type": "string", + "description": "Unique name for your CloudFront Function.\n" + }, + "publish": { + "type": "boolean", + "description": "Whether to publish creation/change as Live CloudFront Function Version. Defaults to `true`.\n" + }, + "runtime": { + "type": "string", + "description": "Identifier of the function's runtime. Currently only `cloudfront-js-1.0` is valid.\n" + }, + "status": { + "type": "string", + "description": "Status of the function. Can be `UNPUBLISHED`, `UNASSOCIATED` or `ASSOCIATED`.\n" + } + }, + "required": [ + "arn", + "code", + "etag", + "name", + "runtime", + "status" + ], + "inputProperties": { + "code": { + "type": "string", + "description": "Source code of the function\n" + }, + "comment": { + "type": "string", + "description": "Comment.\n" + }, + "name": { + "type": "string", + "description": "Unique name for your CloudFront Function.\n" + }, + "publish": { + "type": "boolean", + "description": "Whether to publish creation/change as Live CloudFront Function Version. Defaults to `true`.\n" + }, + "runtime": { + "type": "string", + "description": "Identifier of the function's runtime. Currently only `cloudfront-js-1.0` is valid.\n" + } + }, + "requiredInputs": [ + "code", + "runtime" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Function resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) identifying your CloudFront Function.\n" + }, + "code": { + "type": "string", + "description": "Source code of the function\n" + }, + "comment": { + "type": "string", + "description": "Comment.\n" + }, + "etag": { + "type": "string", + "description": "ETag hash of the function\n" + }, + "name": { + "type": "string", + "description": "Unique name for your CloudFront Function.\n" + }, + "publish": { + "type": "boolean", + "description": "Whether to publish creation/change as Live CloudFront Function Version. Defaults to `true`.\n" + }, + "runtime": { + "type": "string", + "description": "Identifier of the function's runtime. Currently only `cloudfront-js-1.0` is valid.\n" + }, + "status": { + "type": "string", + "description": "Status of the function. Can be `UNPUBLISHED`, `UNASSOCIATED` or `ASSOCIATED`.\n" + } + }, + "type": "object" + } + }, + "aws:cloudfront/keyGroup:KeyGroup": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront key group.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst examplePublicKey = new aws.cloudfront.PublicKey(\"examplePublicKey\", {\n comment: \"example public key\",\n encodedKey: fs.readFileSync(\"public_key.pem\"),\n});\nconst exampleKeyGroup = new aws.cloudfront.KeyGroup(\"exampleKeyGroup\", {\n comment: \"example key group\",\n items: [examplePublicKey.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_public_key = aws.cloudfront.PublicKey(\"examplePublicKey\",\n comment=\"example public key\",\n encoded_key=(lambda path: open(path).read())(\"public_key.pem\"))\nexample_key_group = aws.cloudfront.KeyGroup(\"exampleKeyGroup\",\n comment=\"example key group\",\n items=[example_public_key.id])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplePublicKey = new Aws.CloudFront.PublicKey(\"examplePublicKey\", new Aws.CloudFront.PublicKeyArgs\n {\n Comment = \"example public key\",\n EncodedKey = File.ReadAllText(\"public_key.pem\"),\n });\n var exampleKeyGroup = new Aws.CloudFront.KeyGroup(\"exampleKeyGroup\", new Aws.CloudFront.KeyGroupArgs\n {\n Comment = \"example key group\",\n Items = \n {\n examplePublicKey.Id,\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "comment": { + "type": "string", + "description": "A comment to describe the key group..\n" + }, + "etag": { + "type": "string", + "description": "The identifier for this version of the key group.\n" + }, + "items": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the identifiers of the public keys in the key group.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the key group.\n" + } + }, + "required": [ + "etag", + "items", + "name" + ], + "inputProperties": { + "comment": { + "type": "string", + "description": "A comment to describe the key group..\n" + }, + "items": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the identifiers of the public keys in the key group.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the key group.\n" + } + }, + "requiredInputs": [ + "items" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering KeyGroup resources.\n", + "properties": { + "comment": { + "type": "string", + "description": "A comment to describe the key group..\n" + }, + "etag": { + "type": "string", + "description": "The identifier for this version of the key group.\n" + }, + "items": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the identifiers of the public keys in the key group.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the key group.\n" + } + }, + "type": "object" + } + }, + "aws:cloudfront/monitoringSubscription:MonitoringSubscription": { + "description": "Provides a CloudFront real-time log configuration resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.MonitoringSubscription(\"example\", {\n distributionId: aws_cloudfront_distribution.example.id,\n monitoringSubscription: {\n realtimeMetricsSubscriptionConfig: {\n realtimeMetricsSubscriptionStatus: \"Enabled\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.MonitoringSubscription(\"example\",\n distribution_id=aws_cloudfront_distribution[\"example\"][\"id\"],\n monitoring_subscription=aws.cloudfront.MonitoringSubscriptionMonitoringSubscriptionArgs(\n realtime_metrics_subscription_config=aws.cloudfront.MonitoringSubscriptionMonitoringSubscriptionRealtimeMetricsSubscriptionConfigArgs(\n realtime_metrics_subscription_status=\"Enabled\",\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CloudFront.MonitoringSubscription(\"example\", new Aws.CloudFront.MonitoringSubscriptionArgs\n {\n DistributionId = aws_cloudfront_distribution.Example.Id,\n MonitoringSubscription = new Aws.CloudFront.Inputs.MonitoringSubscriptionMonitoringSubscriptionArgs\n {\n RealtimeMetricsSubscriptionConfig = new Aws.CloudFront.Inputs.MonitoringSubscriptionMonitoringSubscriptionRealtimeMetricsSubscriptionConfigArgs\n {\n RealtimeMetricsSubscriptionStatus = \"Enabled\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewMonitoringSubscription(ctx, \"example\", &cloudfront.MonitoringSubscriptionArgs{\n\t\t\tDistributionId: pulumi.Any(aws_cloudfront_distribution.Example.Id),\n\t\t\tMonitoringSubscription: &cloudfront.MonitoringSubscriptionMonitoringSubscriptionArgs{\n\t\t\t\tRealtimeMetricsSubscriptionConfig: &cloudfront.MonitoringSubscriptionMonitoringSubscriptionRealtimeMetricsSubscriptionConfigArgs{\n\t\t\t\t\tRealtimeMetricsSubscriptionStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudFront monitoring subscription can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:cloudfront/monitoringSubscription:MonitoringSubscription example E3QYSUHO4VYRGB\n```\n\n ", + "properties": { + "distributionId": { + "type": "string", + "description": "The ID of the distribution that you are enabling metrics for.\n" + }, + "monitoringSubscription": { + "$ref": "#/types/aws:cloudfront/MonitoringSubscriptionMonitoringSubscription:MonitoringSubscriptionMonitoringSubscription", + "description": "A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.\n", + "language": { + "csharp": { + "name": "MonitoringSubscriptionDetails" + } + } + } + }, + "required": [ + "distributionId", + "monitoringSubscription" + ], + "inputProperties": { + "distributionId": { + "type": "string", + "description": "The ID of the distribution that you are enabling metrics for.\n" + }, + "monitoringSubscription": { + "$ref": "#/types/aws:cloudfront/MonitoringSubscriptionMonitoringSubscription:MonitoringSubscriptionMonitoringSubscription", + "description": "A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.\n", + "language": { + "csharp": { + "name": "MonitoringSubscriptionDetails" + } + } + } + }, + "requiredInputs": [ + "distributionId", + "monitoringSubscription" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MonitoringSubscription resources.\n", + "properties": { + "distributionId": { + "type": "string", + "description": "The ID of the distribution that you are enabling metrics for.\n" + }, + "monitoringSubscription": { + "$ref": "#/types/aws:cloudfront/MonitoringSubscriptionMonitoringSubscription:MonitoringSubscriptionMonitoringSubscription", + "description": "A monitoring subscription. This structure contains information about whether additional CloudWatch metrics are enabled for a given CloudFront distribution.\n", + "language": { + "csharp": { + "name": "MonitoringSubscriptionDetails" + } + } + } + }, + "type": "object" + } + }, + "aws:cloudfront/originAccessIdentity:OriginAccessIdentity": { + "description": "Creates an Amazon CloudFront origin access identity.\n\nFor information about CloudFront distributions, see the\n[Amazon CloudFront Developer Guide](http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/Introduction.html). For more information on generating\norigin access identities, see\n[Using an Origin Access Identity to Restrict Access to Your Amazon S3 Content][2].\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront origin access identity.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.OriginAccessIdentity(\"example\", {\n comment: \"Some comment\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.OriginAccessIdentity(\"example\", comment=\"Some comment\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CloudFront.OriginAccessIdentity(\"example\", new Aws.CloudFront.OriginAccessIdentityArgs\n {\n Comment = \"Some comment\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewOriginAccessIdentity(ctx, \"example\", &cloudfront.OriginAccessIdentityArgs{\n\t\t\tComment: pulumi.String(\"Some comment\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Using With CloudFront\n\nNormally, when referencing an origin access identity in CloudFront, you need to\nprefix the ID with the `origin-access-identity/cloudfront/` special path.\nThe `cloudfront_access_identity_path` allows this to be circumvented.\nThe below snippet demonstrates use with the `s3_origin_config` structure for the\n`aws.cloudfront.Distribution` resource:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.cloudfront.Distribution(\"example\", {origins: [{\n s3OriginConfig: {\n originAccessIdentity: aws_cloudfront_origin_access_identity.example.cloudfront_access_identity_path,\n },\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.cloudfront.Distribution(\"example\", origins=[aws.cloudfront.DistributionOriginArgs(\n s3_origin_config=aws.cloudfront.DistributionOriginS3OriginConfigArgs(\n origin_access_identity=aws_cloudfront_origin_access_identity[\"example\"][\"cloudfront_access_identity_path\"],\n ),\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configuration ...\n var example = new Aws.CloudFront.Distribution(\"example\", new Aws.CloudFront.DistributionArgs\n {\n Origins = \n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n S3OriginConfig = new Aws.CloudFront.Inputs.DistributionOriginS3OriginConfigArgs\n {\n OriginAccessIdentity = aws_cloudfront_origin_access_identity.Example.Cloudfront_access_identity_path,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewDistribution(ctx, \"example\", &cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t&cloudfront.DistributionOriginArgs{\n\t\t\t\t\tS3OriginConfig: &cloudfront.DistributionOriginS3OriginConfigArgs{\n\t\t\t\t\t\tOriginAccessIdentity: pulumi.Any(aws_cloudfront_origin_access_identity.Example.Cloudfront_access_identity_path),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nCloudfront Origin Access Identities can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:cloudfront/originAccessIdentity:OriginAccessIdentity origin_access E74FTE3AEXAMPLE\n```\n\n ", + "properties": { + "callerReference": { + "type": "string", + "description": "Internal value used by CloudFront to allow future\nupdates to the origin access identity.\n" + }, + "cloudfrontAccessIdentityPath": { + "type": "string", + "description": "A shortcut to the full path for the\norigin access identity to use in CloudFront, see below.\n" + }, + "comment": { + "type": "string", + "description": "An optional comment for the origin access identity.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the origin access identity's information.\nFor example: `E2QWRUHAPOMQZL`.\n" + }, + "iamArn": { + "type": "string", + "description": "A pre-generated ARN for use in S3 bucket policies (see below).\nExample: `arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity\nE2QWRUHAPOMQZL`.\n" + }, + "s3CanonicalUserId": { + "type": "string", + "description": "The Amazon S3 canonical user ID for the origin\naccess identity, which you use when giving the origin access identity read\npermission to an object in Amazon S3.\n" + } + }, + "required": [ + "callerReference", + "cloudfrontAccessIdentityPath", + "etag", + "iamArn", + "s3CanonicalUserId" + ], + "inputProperties": { + "comment": { + "type": "string", + "description": "An optional comment for the origin access identity.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering OriginAccessIdentity resources.\n", + "properties": { + "callerReference": { + "type": "string", + "description": "Internal value used by CloudFront to allow future\nupdates to the origin access identity.\n" + }, + "cloudfrontAccessIdentityPath": { + "type": "string", + "description": "A shortcut to the full path for the\norigin access identity to use in CloudFront, see below.\n" + }, + "comment": { + "type": "string", + "description": "An optional comment for the origin access identity.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the origin access identity's information.\nFor example: `E2QWRUHAPOMQZL`.\n" + }, + "iamArn": { + "type": "string", + "description": "A pre-generated ARN for use in S3 bucket policies (see below).\nExample: `arn:aws:iam::cloudfront:user/CloudFront Origin Access Identity\nE2QWRUHAPOMQZL`.\n" + }, + "s3CanonicalUserId": { + "type": "string", + "description": "The Amazon S3 canonical user ID for the origin\naccess identity, which you use when giving the origin access identity read\npermission to an object in Amazon S3.\n" + } + }, + "type": "object" + } + }, + "aws:cloudfront/originRequestPolicy:OriginRequestPolicy": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront origin request policy.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudfront.OriginRequestPolicy(\"example\", {\n comment: \"example comment\",\n cookiesConfig: {\n cookieBehavior: \"whitelist\",\n cookies: {\n items: [\"example\"],\n },\n },\n headersConfig: {\n headerBehavior: \"whitelist\",\n headers: {\n items: [\"example\"],\n },\n },\n queryStringsConfig: {\n queryStringBehavior: \"whitelist\",\n queryStrings: {\n items: [\"example\"],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.OriginRequestPolicy(\"example\",\n comment=\"example comment\",\n cookies_config=aws.cloudfront.OriginRequestPolicyCookiesConfigArgs(\n cookie_behavior=\"whitelist\",\n cookies=aws.cloudfront.OriginRequestPolicyCookiesConfigCookiesArgs(\n items=[\"example\"],\n ),\n ),\n headers_config=aws.cloudfront.OriginRequestPolicyHeadersConfigArgs(\n header_behavior=\"whitelist\",\n headers=aws.cloudfront.OriginRequestPolicyHeadersConfigHeadersArgs(\n items=[\"example\"],\n ),\n ),\n query_strings_config=aws.cloudfront.OriginRequestPolicyQueryStringsConfigArgs(\n query_string_behavior=\"whitelist\",\n query_strings=aws.cloudfront.OriginRequestPolicyQueryStringsConfigQueryStringsArgs(\n items=[\"example\"],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CloudFront.OriginRequestPolicy(\"example\", new Aws.CloudFront.OriginRequestPolicyArgs\n {\n Comment = \"example comment\",\n CookiesConfig = new Aws.CloudFront.Inputs.OriginRequestPolicyCookiesConfigArgs\n {\n CookieBehavior = \"whitelist\",\n Cookies = new Aws.CloudFront.Inputs.OriginRequestPolicyCookiesConfigCookiesArgs\n {\n Items = \n {\n \"example\",\n },\n },\n },\n HeadersConfig = new Aws.CloudFront.Inputs.OriginRequestPolicyHeadersConfigArgs\n {\n HeaderBehavior = \"whitelist\",\n Headers = new Aws.CloudFront.Inputs.OriginRequestPolicyHeadersConfigHeadersArgs\n {\n Items = \n {\n \"example\",\n },\n },\n },\n QueryStringsConfig = new Aws.CloudFront.Inputs.OriginRequestPolicyQueryStringsConfigArgs\n {\n QueryStringBehavior = \"whitelist\",\n QueryStrings = new Aws.CloudFront.Inputs.OriginRequestPolicyQueryStringsConfigQueryStringsArgs\n {\n Items = \n {\n \"example\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.NewOriginRequestPolicy(ctx, \"example\", &cloudfront.OriginRequestPolicyArgs{\n\t\t\tComment: pulumi.String(\"example comment\"),\n\t\t\tCookiesConfig: &cloudfront.OriginRequestPolicyCookiesConfigArgs{\n\t\t\t\tCookieBehavior: pulumi.String(\"whitelist\"),\n\t\t\t\tCookies: &cloudfront.OriginRequestPolicyCookiesConfigCookiesArgs{\n\t\t\t\t\tItems: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tHeadersConfig: &cloudfront.OriginRequestPolicyHeadersConfigArgs{\n\t\t\t\tHeaderBehavior: pulumi.String(\"whitelist\"),\n\t\t\t\tHeaders: &cloudfront.OriginRequestPolicyHeadersConfigHeadersArgs{\n\t\t\t\t\tItems: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tQueryStringsConfig: &cloudfront.OriginRequestPolicyQueryStringsConfigArgs{\n\t\t\t\tQueryStringBehavior: pulumi.String(\"whitelist\"),\n\t\t\t\tQueryStrings: &cloudfront.OriginRequestPolicyQueryStringsConfigQueryStringsArgs{\n\t\t\t\t\tItems: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "comment": { + "type": "string", + "description": "Comment to describe the origin request policy.\n" + }, + "cookiesConfig": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyCookiesConfig:OriginRequestPolicyCookiesConfig", + "description": "Object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Cookies Config for more information.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the origin request policy.\n" + }, + "headersConfig": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyHeadersConfig:OriginRequestPolicyHeadersConfig", + "description": "Object that determines whether any HTTP headers (and if so, which headers) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Headers Config for more information.\n" + }, + "name": { + "type": "string", + "description": "Unique name to identify the origin request policy.\n" + }, + "queryStringsConfig": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyQueryStringsConfig:OriginRequestPolicyQueryStringsConfig", + "description": "Object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Query Strings Config for more information.\n" + } + }, + "required": [ + "cookiesConfig", + "etag", + "headersConfig", + "name", + "queryStringsConfig" + ], + "inputProperties": { + "comment": { + "type": "string", + "description": "Comment to describe the origin request policy.\n" + }, + "cookiesConfig": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyCookiesConfig:OriginRequestPolicyCookiesConfig", + "description": "Object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Cookies Config for more information.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the origin request policy.\n" + }, + "headersConfig": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyHeadersConfig:OriginRequestPolicyHeadersConfig", + "description": "Object that determines whether any HTTP headers (and if so, which headers) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Headers Config for more information.\n" + }, + "name": { + "type": "string", + "description": "Unique name to identify the origin request policy.\n" + }, + "queryStringsConfig": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyQueryStringsConfig:OriginRequestPolicyQueryStringsConfig", + "description": "Object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Query Strings Config for more information.\n" + } + }, + "requiredInputs": [ + "cookiesConfig", + "headersConfig", + "queryStringsConfig" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OriginRequestPolicy resources.\n", + "properties": { + "comment": { + "type": "string", + "description": "Comment to describe the origin request policy.\n" + }, + "cookiesConfig": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyCookiesConfig:OriginRequestPolicyCookiesConfig", + "description": "Object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Cookies Config for more information.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the origin request policy.\n" + }, + "headersConfig": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyHeadersConfig:OriginRequestPolicyHeadersConfig", + "description": "Object that determines whether any HTTP headers (and if so, which headers) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Headers Config for more information.\n" + }, + "name": { + "type": "string", + "description": "Unique name to identify the origin request policy.\n" + }, + "queryStringsConfig": { + "$ref": "#/types/aws:cloudfront/OriginRequestPolicyQueryStringsConfig:OriginRequestPolicyQueryStringsConfig", + "description": "Object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Query Strings Config for more information.\n" + } + }, + "type": "object" + } + }, + "aws:cloudfront/publicKey:PublicKey": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront public key.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst example = new aws.cloudfront.PublicKey(\"example\", {\n comment: \"test public key\",\n encodedKey: fs.readFileSync(\"public_key.pem\"),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.PublicKey(\"example\",\n comment=\"test public key\",\n encoded_key=(lambda path: open(path).read())(\"public_key.pem\"))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CloudFront.PublicKey(\"example\", new Aws.CloudFront.PublicKeyArgs\n {\n Comment = \"test public key\",\n EncodedKey = File.ReadAllText(\"public_key.pem\"),\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudFront Public Key can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:cloudfront/publicKey:PublicKey example K3D5EWEUDCCXON\n```\n\n ", + "properties": { + "callerReference": { + "type": "string", + "description": "Internal value used by CloudFront to allow future updates to the public key configuration.\n" + }, + "comment": { + "type": "string", + "description": "An optional comment about the public key.\n" + }, + "encodedKey": { + "type": "string", + "description": "The encoded public key that you want to add to CloudFront to use with features like field-level encryption.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the public key. For example: `E2QWRUHAPOMQZL`.\n" + }, + "name": { + "type": "string", + "description": "The name for the public key. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "The name for the public key. Conflicts with `name`.\n" + } + }, + "required": [ + "callerReference", + "encodedKey", + "etag", + "name", + "namePrefix" + ], + "inputProperties": { + "comment": { + "type": "string", + "description": "An optional comment about the public key.\n" + }, + "encodedKey": { + "type": "string", + "description": "The encoded public key that you want to add to CloudFront to use with features like field-level encryption.\n" + }, + "name": { + "type": "string", + "description": "The name for the public key. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "The name for the public key. Conflicts with `name`.\n" + } + }, + "requiredInputs": [ + "encodedKey" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PublicKey resources.\n", + "properties": { + "callerReference": { + "type": "string", + "description": "Internal value used by CloudFront to allow future updates to the public key configuration.\n" + }, + "comment": { + "type": "string", + "description": "An optional comment about the public key.\n" + }, + "encodedKey": { + "type": "string", + "description": "The encoded public key that you want to add to CloudFront to use with features like field-level encryption.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the public key. For example: `E2QWRUHAPOMQZL`.\n" + }, + "name": { + "type": "string", + "description": "The name for the public key. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "The name for the public key. Conflicts with `name`.\n" + } + }, + "type": "object" + } + }, + "aws:cloudfront/realtimeLogConfig:RealtimeLogConfig": { + "description": "Provides a CloudFront real-time log configuration resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"cloudfront.amazonaws.com\"\n },\n \"Effect\": \"Allow\"\n }\n ]\n}\n`});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"exampleRolePolicy\", {\n role: exampleRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\"\n ],\n \"Resource\": \"${aws_kinesis_stream.example.arn}\"\n }\n ]\n}\n`,\n});\nconst exampleRealtimeLogConfig = new aws.cloudfront.RealtimeLogConfig(\"exampleRealtimeLogConfig\", {\n samplingRate: 75,\n fields: [\n \"timestamp\",\n \"c-ip\",\n ],\n endpoint: {\n streamType: \"Kinesis\",\n kinesisStreamConfig: {\n roleArn: exampleRole.arn,\n streamArn: aws_kinesis_stream.example.arn,\n },\n },\n}, {\n dependsOn: [exampleRolePolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"cloudfront.amazonaws.com\"\n },\n \"Effect\": \"Allow\"\n }\n ]\n}\n\"\"\")\nexample_role_policy = aws.iam.RolePolicy(\"exampleRolePolicy\",\n role=example_role.id,\n policy=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"kinesis:DescribeStreamSummary\",\n \"kinesis:DescribeStream\",\n \"kinesis:PutRecord\",\n \"kinesis:PutRecords\"\n ],\n \"Resource\": \"{aws_kinesis_stream[\"example\"][\"arn\"]}\"\n }}\n ]\n}}\n\"\"\")\nexample_realtime_log_config = aws.cloudfront.RealtimeLogConfig(\"exampleRealtimeLogConfig\",\n sampling_rate=75,\n fields=[\n \"timestamp\",\n \"c-ip\",\n ],\n endpoint=aws.cloudfront.RealtimeLogConfigEndpointArgs(\n stream_type=\"Kinesis\",\n kinesis_stream_config=aws.cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs(\n role_arn=example_role.arn,\n stream_arn=aws_kinesis_stream[\"example\"][\"arn\"],\n ),\n ),\n opts=pulumi.ResourceOptions(depends_on=[example_role_policy]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"cloudfront.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\"\n }\n ]\n}\n\",\n });\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"exampleRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = exampleRole.Id,\n Policy = @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"kinesis:DescribeStreamSummary\"\",\n \"\"kinesis:DescribeStream\"\",\n \"\"kinesis:PutRecord\"\",\n \"\"kinesis:PutRecords\"\"\n ],\n \"\"Resource\"\": \"\"{aws_kinesis_stream.Example.Arn}\"\"\n }}\n ]\n}}\n\",\n });\n var exampleRealtimeLogConfig = new Aws.CloudFront.RealtimeLogConfig(\"exampleRealtimeLogConfig\", new Aws.CloudFront.RealtimeLogConfigArgs\n {\n SamplingRate = 75,\n Fields = \n {\n \"timestamp\",\n \"c-ip\",\n },\n Endpoint = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointArgs\n {\n StreamType = \"Kinesis\",\n KinesisStreamConfig = new Aws.CloudFront.Inputs.RealtimeLogConfigEndpointKinesisStreamConfigArgs\n {\n RoleArn = exampleRole.Arn,\n StreamArn = aws_kinesis_stream.Example.Arn,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleRolePolicy,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"cloudfront.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRolePolicy, err := iam.NewRolePolicy(ctx, \"exampleRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"kinesis:DescribeStreamSummary\\\",\\n\", \" \\\"kinesis:DescribeStream\\\",\\n\", \" \\\"kinesis:PutRecord\\\",\\n\", \" \\\"kinesis:PutRecords\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"\", aws_kinesis_stream.Example.Arn, \"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfront.NewRealtimeLogConfig(ctx, \"exampleRealtimeLogConfig\", &cloudfront.RealtimeLogConfigArgs{\n\t\t\tSamplingRate: pulumi.Int(75),\n\t\t\tFields: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"timestamp\"),\n\t\t\t\tpulumi.String(\"c-ip\"),\n\t\t\t},\n\t\t\tEndpoint: &cloudfront.RealtimeLogConfigEndpointArgs{\n\t\t\t\tStreamType: pulumi.String(\"Kinesis\"),\n\t\t\t\tKinesisStreamConfig: &cloudfront.RealtimeLogConfigEndpointKinesisStreamConfigArgs{\n\t\t\t\t\tRoleArn: exampleRole.Arn,\n\t\t\t\t\tStreamArn: pulumi.Any(aws_kinesis_stream.Example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleRolePolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudFront real-time log configurations can be imported using the ARN, e.g.\n\n```sh\n $ pulumi import aws:cloudfront/realtimeLogConfig:RealtimeLogConfig example arn:aws:cloudfront::111122223333:realtime-log-config/ExampleNameForRealtimeLogConfig\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the CloudFront real-time log configuration.\n" + }, + "endpoint": { + "$ref": "#/types/aws:cloudfront/RealtimeLogConfigEndpoint:RealtimeLogConfigEndpoint", + "description": "The Amazon Kinesis data streams where real-time log data is sent.\n" + }, + "fields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The fields that are included in each real-time log record. See the [AWS documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) for supported values.\n" + }, + "name": { + "type": "string", + "description": "The unique name to identify this real-time log configuration.\n" + }, + "samplingRate": { + "type": "integer", + "description": "The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. An integer between `1` and `100`, inclusive.\n" + } + }, + "required": [ + "arn", + "endpoint", + "fields", + "name", + "samplingRate" + ], + "inputProperties": { + "endpoint": { + "$ref": "#/types/aws:cloudfront/RealtimeLogConfigEndpoint:RealtimeLogConfigEndpoint", + "description": "The Amazon Kinesis data streams where real-time log data is sent.\n" + }, + "fields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The fields that are included in each real-time log record. See the [AWS documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) for supported values.\n" + }, + "name": { + "type": "string", + "description": "The unique name to identify this real-time log configuration.\n" + }, + "samplingRate": { + "type": "integer", + "description": "The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. An integer between `1` and `100`, inclusive.\n" + } + }, + "requiredInputs": [ + "endpoint", + "fields", + "samplingRate" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RealtimeLogConfig resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the CloudFront real-time log configuration.\n" + }, + "endpoint": { + "$ref": "#/types/aws:cloudfront/RealtimeLogConfigEndpoint:RealtimeLogConfigEndpoint", + "description": "The Amazon Kinesis data streams where real-time log data is sent.\n" + }, + "fields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The fields that are included in each real-time log record. See the [AWS documentation](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/real-time-logs.html#understand-real-time-log-config-fields) for supported values.\n" + }, + "name": { + "type": "string", + "description": "The unique name to identify this real-time log configuration.\n" + }, + "samplingRate": { + "type": "integer", + "description": "The sampling rate for this real-time log configuration. The sampling rate determines the percentage of viewer requests that are represented in the real-time log data. An integer between `1` and `100`, inclusive.\n" + } + }, + "type": "object" + } + }, + "aws:cloudhsmv2/cluster:Cluster": { + "description": "Creates an Amazon CloudHSM v2 cluster.\n\nFor information about CloudHSM v2, see the\n[AWS CloudHSM User Guide](https://docs.aws.amazon.com/cloudhsm/latest/userguide/introduction.html) and the [Amazon\nCloudHSM API Reference][2].\n\n> **NOTE:** A CloudHSM Cluster can take several minutes to set up.\nPractically no single attribute can be updated, except for `tags`.\nIf you need to delete a cluster, you have to remove its HSM modules first.\nTo initialize cluster, you have to add an HSM instance to the cluster, then sign CSR and upload it.\n", + "properties": { + "clusterCertificates": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudhsmv2/ClusterClusterCertificate:ClusterClusterCertificate" + }, + "description": "The list of cluster certificates.\n* `cluster_certificates.0.cluster_certificate` - The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.\n* `cluster_certificates.0.cluster_csr` - The certificate signing request (CSR). Available only in `UNINITIALIZED` state after an HSM instance is added to the cluster.\n* `cluster_certificates.0.aws_hardware_certificate` - The HSM hardware certificate issued (signed) by AWS CloudHSM.\n* `cluster_certificates.0.hsm_certificate` - The HSM certificate issued (signed) by the HSM hardware.\n* `cluster_certificates.0.manufacturer_hardware_certificate` - The HSM hardware certificate issued (signed) by the hardware manufacturer.\n" + }, + "clusterId": { + "type": "string", + "description": "The id of the CloudHSM cluster.\n" + }, + "clusterState": { + "type": "string", + "description": "The state of the CloudHSM cluster.\n", + "language": { + "csharp": { + "name": "State" + } + } + }, + "hsmType": { + "type": "string", + "description": "The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported.\n" + }, + "securityGroupId": { + "type": "string", + "description": "The ID of the security group associated with the CloudHSM cluster.\n" + }, + "sourceBackupIdentifier": { + "type": "string", + "description": "The id of Cloud HSM v2 cluster backup to be restored.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IDs of subnets in which cluster will operate.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The id of the VPC that the CloudHSM cluster resides in.\n" + } + }, + "required": [ + "clusterCertificates", + "clusterId", + "clusterState", + "hsmType", + "securityGroupId", + "subnetIds", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "hsmType": { + "type": "string", + "description": "The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported.\n" + }, + "sourceBackupIdentifier": { + "type": "string", + "description": "The id of Cloud HSM v2 cluster backup to be restored.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IDs of subnets in which cluster will operate.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "hsmType", + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "clusterCertificates": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudhsmv2/ClusterClusterCertificate:ClusterClusterCertificate" + }, + "description": "The list of cluster certificates.\n* `cluster_certificates.0.cluster_certificate` - The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.\n* `cluster_certificates.0.cluster_csr` - The certificate signing request (CSR). Available only in `UNINITIALIZED` state after an HSM instance is added to the cluster.\n* `cluster_certificates.0.aws_hardware_certificate` - The HSM hardware certificate issued (signed) by AWS CloudHSM.\n* `cluster_certificates.0.hsm_certificate` - The HSM certificate issued (signed) by the HSM hardware.\n* `cluster_certificates.0.manufacturer_hardware_certificate` - The HSM hardware certificate issued (signed) by the hardware manufacturer.\n" + }, + "clusterId": { + "type": "string", + "description": "The id of the CloudHSM cluster.\n" + }, + "clusterState": { + "type": "string", + "description": "The state of the CloudHSM cluster.\n", + "language": { + "csharp": { + "name": "State" + } + } + }, + "hsmType": { + "type": "string", + "description": "The type of HSM module in the cluster. Currently, only `hsm1.medium` is supported.\n" + }, + "securityGroupId": { + "type": "string", + "description": "The ID of the security group associated with the CloudHSM cluster.\n" + }, + "sourceBackupIdentifier": { + "type": "string", + "description": "The id of Cloud HSM v2 cluster backup to be restored.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IDs of subnets in which cluster will operate.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The id of the VPC that the CloudHSM cluster resides in.\n" + } + }, + "type": "object" + } + }, + "aws:cloudhsmv2/hsm:Hsm": { + "description": "Creates an HSM module in Amazon CloudHSM v2 cluster.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates an HSM module in CloudHSM cluster.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cluster = aws.cloudhsmv2.getCluster({\n clusterId: _var.cloudhsm_cluster_id,\n});\nconst cloudhsmV2Hsm = new aws.cloudhsmv2.Hsm(\"cloudhsmV2Hsm\", {\n subnetId: cluster.then(cluster => cluster.subnetIds?[0]),\n clusterId: cluster.then(cluster => cluster.clusterId),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncluster = aws.cloudhsmv2.get_cluster(cluster_id=var[\"cloudhsm_cluster_id\"])\ncloudhsm_v2_hsm = aws.cloudhsmv2.Hsm(\"cloudhsmV2Hsm\",\n subnet_id=cluster.subnet_ids[0],\n cluster_id=cluster.cluster_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cluster = Output.Create(Aws.CloudHsmV2.GetCluster.InvokeAsync(new Aws.CloudHsmV2.GetClusterArgs\n {\n ClusterId = @var.Cloudhsm_cluster_id,\n }));\n var cloudhsmV2Hsm = new Aws.CloudHsmV2.Hsm(\"cloudhsmV2Hsm\", new Aws.CloudHsmV2.HsmArgs\n {\n SubnetId = cluster.Apply(cluster => cluster.SubnetIds?[0]),\n ClusterId = cluster.Apply(cluster => cluster.ClusterId),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudhsmv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcluster, err := cloudhsmv2.LookupCluster(ctx, &cloudhsmv2.LookupClusterArgs{\n\t\t\tClusterId: _var.Cloudhsm_cluster_id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudhsmv2.NewHsm(ctx, \"cloudhsmV2Hsm\", &cloudhsmv2.HsmArgs{\n\t\t\tSubnetId: pulumi.String(cluster.SubnetIds[0]),\n\t\t\tClusterId: pulumi.String(cluster.ClusterId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nHSM modules can be imported using their HSM ID, e.g.\n\n```sh\n $ pulumi import aws:cloudhsmv2/hsm:Hsm bar hsm-quo8dahtaca\n```\n\n ", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The IDs of AZ in which HSM module will be located. Do not use together with subnet_id.\n" + }, + "clusterId": { + "type": "string", + "description": "The ID of Cloud HSM v2 cluster to which HSM will be added.\n" + }, + "hsmEniId": { + "type": "string", + "description": "The id of the ENI interface allocated for HSM module.\n" + }, + "hsmId": { + "type": "string", + "description": "The id of the HSM module.\n" + }, + "hsmState": { + "type": "string", + "description": "The state of the HSM module.\n", + "language": { + "csharp": { + "name": "State" + } + } + }, + "ipAddress": { + "type": "string", + "description": "The IP address of HSM module. Must be within the CIDR of selected subnet.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of subnet in which HSM module will be located.\n" + } + }, + "required": [ + "availabilityZone", + "clusterId", + "hsmEniId", + "hsmId", + "hsmState", + "ipAddress", + "subnetId" + ], + "inputProperties": { + "availabilityZone": { + "type": "string", + "description": "The IDs of AZ in which HSM module will be located. Do not use together with subnet_id.\n" + }, + "clusterId": { + "type": "string", + "description": "The ID of Cloud HSM v2 cluster to which HSM will be added.\n" + }, + "ipAddress": { + "type": "string", + "description": "The IP address of HSM module. Must be within the CIDR of selected subnet.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of subnet in which HSM module will be located.\n" + } + }, + "requiredInputs": [ + "clusterId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Hsm resources.\n", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The IDs of AZ in which HSM module will be located. Do not use together with subnet_id.\n" + }, + "clusterId": { + "type": "string", + "description": "The ID of Cloud HSM v2 cluster to which HSM will be added.\n" + }, + "hsmEniId": { + "type": "string", + "description": "The id of the ENI interface allocated for HSM module.\n" + }, + "hsmId": { + "type": "string", + "description": "The id of the HSM module.\n" + }, + "hsmState": { + "type": "string", + "description": "The state of the HSM module.\n", + "language": { + "csharp": { + "name": "State" + } + } + }, + "ipAddress": { + "type": "string", + "description": "The IP address of HSM module. Must be within the CIDR of selected subnet.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of subnet in which HSM module will be located.\n" + } + }, + "type": "object" + } + }, + "aws:cloudtrail/trail:Trail": { + "description": "Provides a CloudTrail resource.\n\n> **Tip:** For a multi-region trail, this resource must be in the home region of the trail.\n\n> **Tip:** For an organization trail, this resource must be in the master account of the organization.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\nEnable CloudTrail to capture all compatible management events in region.\nFor capturing events from services like IAM, `include_global_service_events` must be enabled.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst bucketPolicy = new aws.s3.BucketPolicy(\"bucketPolicy\", {\n bucket: bucket.id,\n policy: pulumi.all([bucket.id, bucket.id, current]).apply(([bucketId, bucketId1, current]) => ` {\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AWSCloudTrailAclCheck\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"cloudtrail.amazonaws.com\"\n },\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::${bucketId}\"\n },\n {\n \"Sid\": \"AWSCloudTrailWrite\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"cloudtrail.amazonaws.com\"\n },\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::${bucketId1}/prefix/AWSLogs/${current.accountId}/*\",\n \"Condition\": {\n \"StringEquals\": {\n \"s3:x-amz-acl\": \"bucket-owner-full-control\"\n }\n }\n }\n ]\n }\n`),\n});\nconst foobar = new aws.cloudtrail.Trail(\"foobar\", {\n s3BucketName: bucket.id,\n s3KeyPrefix: \"prefix\",\n includeGlobalServiceEvents: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nbucket = aws.s3.Bucket(\"bucket\")\nbucket_policy = aws.s3.BucketPolicy(\"bucketPolicy\",\n bucket=bucket.id,\n policy=pulumi.Output.all(bucket.id, bucket.id).apply(lambda bucketId, bucketId1: f\"\"\" {{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Sid\": \"AWSCloudTrailAclCheck\",\n \"Effect\": \"Allow\",\n \"Principal\": {{\n \"Service\": \"cloudtrail.amazonaws.com\"\n }},\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::{bucket_id}\"\n }},\n {{\n \"Sid\": \"AWSCloudTrailWrite\",\n \"Effect\": \"Allow\",\n \"Principal\": {{\n \"Service\": \"cloudtrail.amazonaws.com\"\n }},\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::{bucket_id1}/prefix/AWSLogs/{current.account_id}/*\",\n \"Condition\": {{\n \"StringEquals\": {{\n \"s3:x-amz-acl\": \"bucket-owner-full-control\"\n }}\n }}\n }}\n ]\n }}\n\"\"\"))\nfoobar = aws.cloudtrail.Trail(\"foobar\",\n s3_bucket_name=bucket.id,\n s3_key_prefix=\"prefix\",\n include_global_service_events=False)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var bucketPolicy = new Aws.S3.BucketPolicy(\"bucketPolicy\", new Aws.S3.BucketPolicyArgs\n {\n Bucket = bucket.Id,\n Policy = Output.Tuple(bucket.Id, bucket.Id, current).Apply(values =>\n {\n var bucketId = values.Item1;\n var bucketId1 = values.Item2;\n var current = values.Item3;\n return @$\" {{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Sid\"\": \"\"AWSCloudTrailAclCheck\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n \"\"Service\"\": \"\"cloudtrail.amazonaws.com\"\"\n }},\n \"\"Action\"\": \"\"s3:GetBucketAcl\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::{bucketId}\"\"\n }},\n {{\n \"\"Sid\"\": \"\"AWSCloudTrailWrite\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n \"\"Service\"\": \"\"cloudtrail.amazonaws.com\"\"\n }},\n \"\"Action\"\": \"\"s3:PutObject\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::{bucketId1}/prefix/AWSLogs/{current.AccountId}/*\"\",\n \"\"Condition\"\": {{\n \"\"StringEquals\"\": {{\n \"\"s3:x-amz-acl\"\": \"\"bucket-owner-full-control\"\"\n }}\n }}\n }}\n ]\n }}\n\";\n }),\n });\n var foobar = new Aws.CloudTrail.Trail(\"foobar\", new Aws.CloudTrail.TrailArgs\n {\n S3BucketName = bucket.Id,\n S3KeyPrefix = \"prefix\",\n IncludeGlobalServiceEvents = false,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPolicy(ctx, \"bucketPolicy\", &s3.BucketPolicyArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tPolicy: pulumi.All(bucket.ID(), bucket.ID()).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tbucketId := _args[0].(string)\n\t\t\t\tbucketId1 := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \" {\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"AWSCloudTrailAclCheck\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"cloudtrail.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"s3:GetBucketAcl\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::\", bucketId, \"\\\"\\n\", \" },\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"AWSCloudTrailWrite\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"cloudtrail.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"s3:PutObject\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::\", bucketId1, \"/prefix/AWSLogs/\", current.AccountId, \"/*\\\",\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"StringEquals\\\": {\\n\", \" \\\"s3:x-amz-acl\\\": \\\"bucket-owner-full-control\\\"\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \" }\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"foobar\", &cloudtrail.TrailArgs{\n\t\t\tS3BucketName: bucket.ID(),\n\t\t\tS3KeyPrefix: pulumi.String(\"prefix\"),\n\t\t\tIncludeGlobalServiceEvents: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n### Data Event Logging\n\nCloudTrail can log [Data Events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) for certain services such as S3 bucket objects and Lambda function invocations. Additional information about data event configuration can be found in the [CloudTrail API DataResource documentation](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DataResource.html).\n{{% example %}}\n### Logging All Lambda Function Invocations\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst example = new aws.cloudtrail.Trail(\"example\", {\n s3BucketName: bucket.id,\n s3KeyPrefix: \"prefix\",\n eventSelectors: [{\n readWriteType: \"All\",\n includeManagementEvents: true,\n dataResources: [{\n type: \"AWS::Lambda::Function\",\n values: [\"arn:aws:lambda\"],\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\")\nexample = aws.cloudtrail.Trail(\"example\",\n s3_bucket_name=bucket.id,\n s3_key_prefix=\"prefix\",\n event_selectors=[aws.cloudtrail.TrailEventSelectorArgs(\n read_write_type=\"All\",\n include_management_events=True,\n data_resources=[aws.cloudtrail.TrailEventSelectorDataResourceArgs(\n type=\"AWS::Lambda::Function\",\n values=[\"arn:aws:lambda\"],\n )],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var example = new Aws.CloudTrail.Trail(\"example\", new Aws.CloudTrail.TrailArgs\n {\n S3BucketName = bucket.Id,\n S3KeyPrefix = \"prefix\",\n EventSelectors = \n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorArgs\n {\n ReadWriteType = \"All\",\n IncludeManagementEvents = true,\n DataResources = \n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorDataResourceArgs\n {\n Type = \"AWS::Lambda::Function\",\n Values = \n {\n \"arn:aws:lambda\",\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", &cloudtrail.TrailArgs{\n\t\t\tS3BucketName: bucket.ID(),\n\t\t\tS3KeyPrefix: pulumi.String(\"prefix\"),\n\t\t\tEventSelectors: cloudtrail.TrailEventSelectorArray{\n\t\t\t\t&cloudtrail.TrailEventSelectorArgs{\n\t\t\t\t\tReadWriteType: pulumi.String(\"All\"),\n\t\t\t\t\tIncludeManagementEvents: pulumi.Bool(true),\n\t\t\t\t\tDataResources: cloudtrail.TrailEventSelectorDataResourceArray{\n\t\t\t\t\t\t&cloudtrail.TrailEventSelectorDataResourceArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AWS::Lambda::Function\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"arn:aws:lambda\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Logging All S3 Bucket Object Events\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst example = new aws.cloudtrail.Trail(\"example\", {\n s3BucketName: bucket.id,\n s3KeyPrefix: \"prefix\",\n eventSelectors: [{\n readWriteType: \"All\",\n includeManagementEvents: true,\n dataResources: [{\n type: \"AWS::S3::Object\",\n values: [\"arn:aws:s3:::\"],\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\")\nexample = aws.cloudtrail.Trail(\"example\",\n s3_bucket_name=bucket.id,\n s3_key_prefix=\"prefix\",\n event_selectors=[aws.cloudtrail.TrailEventSelectorArgs(\n read_write_type=\"All\",\n include_management_events=True,\n data_resources=[aws.cloudtrail.TrailEventSelectorDataResourceArgs(\n type=\"AWS::S3::Object\",\n values=[\"arn:aws:s3:::\"],\n )],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var example = new Aws.CloudTrail.Trail(\"example\", new Aws.CloudTrail.TrailArgs\n {\n S3BucketName = bucket.Id,\n S3KeyPrefix = \"prefix\",\n EventSelectors = \n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorArgs\n {\n ReadWriteType = \"All\",\n IncludeManagementEvents = true,\n DataResources = \n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorDataResourceArgs\n {\n Type = \"AWS::S3::Object\",\n Values = \n {\n \"arn:aws:s3:::\",\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", &cloudtrail.TrailArgs{\n\t\t\tS3BucketName: bucket.ID(),\n\t\t\tS3KeyPrefix: pulumi.String(\"prefix\"),\n\t\t\tEventSelectors: cloudtrail.TrailEventSelectorArray{\n\t\t\t\t&cloudtrail.TrailEventSelectorArgs{\n\t\t\t\t\tReadWriteType: pulumi.String(\"All\"),\n\t\t\t\t\tIncludeManagementEvents: pulumi.Bool(true),\n\t\t\t\t\tDataResources: cloudtrail.TrailEventSelectorDataResourceArray{\n\t\t\t\t\t\t&cloudtrail.TrailEventSelectorDataResourceArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"arn:aws:s3:::\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Logging Individual S3 Bucket Events\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst important-bucket = aws.s3.getBucket({\n bucket: \"important-bucket\",\n});\nconst example = new aws.cloudtrail.Trail(\"example\", {\n s3BucketName: important_bucket.then(important_bucket => important_bucket.id),\n s3KeyPrefix: \"prefix\",\n eventSelectors: [{\n readWriteType: \"All\",\n includeManagementEvents: true,\n dataResources: [{\n type: \"AWS::S3::Object\",\n values: [important_bucket.then(important_bucket => `${important_bucket.arn}/`)],\n }],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nimportant_bucket = aws.s3.get_bucket(bucket=\"important-bucket\")\nexample = aws.cloudtrail.Trail(\"example\",\n s3_bucket_name=important_bucket.id,\n s3_key_prefix=\"prefix\",\n event_selectors=[aws.cloudtrail.TrailEventSelectorArgs(\n read_write_type=\"All\",\n include_management_events=True,\n data_resources=[aws.cloudtrail.TrailEventSelectorDataResourceArgs(\n type=\"AWS::S3::Object\",\n values=[f\"{important_bucket.arn}/\"],\n )],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var important_bucket = Output.Create(Aws.S3.GetBucket.InvokeAsync(new Aws.S3.GetBucketArgs\n {\n Bucket = \"important-bucket\",\n }));\n var example = new Aws.CloudTrail.Trail(\"example\", new Aws.CloudTrail.TrailArgs\n {\n S3BucketName = important_bucket.Apply(important_bucket => important_bucket.Id),\n S3KeyPrefix = \"prefix\",\n EventSelectors = \n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorArgs\n {\n ReadWriteType = \"All\",\n IncludeManagementEvents = true,\n DataResources = \n {\n new Aws.CloudTrail.Inputs.TrailEventSelectorDataResourceArgs\n {\n Type = \"AWS::S3::Object\",\n Values = \n {\n important_bucket.Apply(important_bucket => $\"{important_bucket.Arn}/\"),\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\timportant_bucket, err := s3.LookupBucket(ctx, &s3.LookupBucketArgs{\n\t\t\tBucket: \"important-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"example\", &cloudtrail.TrailArgs{\n\t\t\tS3BucketName: pulumi.String(important_bucket.Id),\n\t\t\tS3KeyPrefix: pulumi.String(\"prefix\"),\n\t\t\tEventSelectors: cloudtrail.TrailEventSelectorArray{\n\t\t\t\t&cloudtrail.TrailEventSelectorArgs{\n\t\t\t\t\tReadWriteType: pulumi.String(\"All\"),\n\t\t\t\t\tIncludeManagementEvents: pulumi.Bool(true),\n\t\t\t\t\tDataResources: cloudtrail.TrailEventSelectorDataResourceArray{\n\t\t\t\t\t\t&cloudtrail.TrailEventSelectorDataResourceArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"AWS::S3::Object\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(fmt.Sprintf(\"%v%v\", important_bucket.Arn, \"/\")),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Sending Events to CloudWatch Logs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getPartition({});\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst testRole = new aws.iam.Role(\"testRole\", {assumeRolePolicy: current.then(current => `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"cloudtrail.${current.dnsSuffix}\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`)});\nconst testRolePolicy = new aws.iam.RolePolicy(\"testRolePolicy\", {\n role: testRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"AWSCloudTrailCreateLogStream\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ],\n \"Resource\": \"${aws_cloudwatch_log_group.test.arn}:*\"\n }\n ]\n}\n`,\n});\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst exampleTrail = new aws.cloudtrail.Trail(\"exampleTrail\", {\n s3BucketName: data.aws_s3_bucket[\"important-bucket\"].id,\n s3KeyPrefix: \"prefix\",\n cloudWatchLogsRoleArn: testRole.arn,\n cloudWatchLogsGroupArn: pulumi.interpolate`${exampleLogGroup.arn}:*`,\n});\n// CloudTrail requires the Log Stream wildcard\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_partition()\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\ntest_role = aws.iam.Role(\"testRole\", assume_role_policy=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {{\n \"Service\": \"cloudtrail.{current.dns_suffix}\"\n }},\n \"Action\": \"sts:AssumeRole\"\n }}\n ]\n}}\n\"\"\")\ntest_role_policy = aws.iam.RolePolicy(\"testRolePolicy\",\n role=test_role.id,\n policy=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Sid\": \"AWSCloudTrailCreateLogStream\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ],\n \"Resource\": \"{aws_cloudwatch_log_group[\"test\"][\"arn\"]}:*\"\n }}\n ]\n}}\n\"\"\")\nbucket = aws.s3.Bucket(\"bucket\")\nexample_trail = aws.cloudtrail.Trail(\"exampleTrail\",\n s3_bucket_name=data[\"aws_s3_bucket\"][\"important-bucket\"][\"id\"],\n s3_key_prefix=\"prefix\",\n cloud_watch_logs_role_arn=test_role.arn,\n cloud_watch_logs_group_arn=example_log_group.arn.apply(lambda arn: f\"{arn}:*\"))\n# CloudTrail requires the Log Stream wildcard\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetPartition.InvokeAsync());\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new Aws.CloudWatch.LogGroupArgs\n {\n });\n var testRole = new Aws.Iam.Role(\"testRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = current.Apply(current => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Sid\"\": \"\"\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n \"\"Service\"\": \"\"cloudtrail.{current.DnsSuffix}\"\"\n }},\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }}\n ]\n}}\n\"),\n });\n var testRolePolicy = new Aws.Iam.RolePolicy(\"testRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = testRole.Id,\n Policy = @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Sid\"\": \"\"AWSCloudTrailCreateLogStream\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"logs:CreateLogStream\"\",\n \"\"logs:PutLogEvents\"\"\n ],\n \"\"Resource\"\": \"\"{aws_cloudwatch_log_group.Test.Arn}:*\"\"\n }}\n ]\n}}\n\",\n });\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var exampleTrail = new Aws.CloudTrail.Trail(\"exampleTrail\", new Aws.CloudTrail.TrailArgs\n {\n S3BucketName = data.Aws_s3_bucket.Important_bucket.Id,\n S3KeyPrefix = \"prefix\",\n CloudWatchLogsRoleArn = testRole.Arn,\n CloudWatchLogsGroupArn = exampleLogGroup.Arn.Apply(arn => $\"{arn}:*\"),\n });\n // CloudTrail requires the Log Stream wildcard\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"testRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"cloudtrail.\", current.DnsSuffix, \"\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"testRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: testRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"AWSCloudTrailCreateLogStream\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"logs:CreateLogStream\\\",\\n\", \" \\\"logs:PutLogEvents\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"\", aws_cloudwatch_log_group.Test.Arn, \":*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"bucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtrail.NewTrail(ctx, \"exampleTrail\", &cloudtrail.TrailArgs{\n\t\t\tS3BucketName: pulumi.Any(data.Aws_s3_bucket.Important - bucket.Id),\n\t\t\tS3KeyPrefix: pulumi.String(\"prefix\"),\n\t\t\tCloudWatchLogsRoleArn: testRole.Arn,\n\t\t\tCloudWatchLogsGroupArn: exampleLogGroup.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v\", arn, \":*\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudtrails can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:cloudtrail/trail:Trail sample my-sample-trail\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the trail.\n" + }, + "cloudWatchLogsGroupArn": { + "type": "string", + "description": "Log group name using an ARN that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard.\n" + }, + "cloudWatchLogsRoleArn": { + "type": "string", + "description": "Role for the CloudWatch Logs endpoint to assume to write to a user’s log group.\n" + }, + "enableLogFileValidation": { + "type": "boolean", + "description": "Whether log file integrity validation is enabled. Defaults to `false`.\n" + }, + "enableLogging": { + "type": "boolean", + "description": "Enables logging for the trail. Defaults to `true`. Setting this to `false` will pause logging.\n" + }, + "eventSelectors": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudtrail/TrailEventSelector:TrailEventSelector" + }, + "description": "Configuration block of an event selector for enabling data event logging. See details below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.\n" + }, + "homeRegion": { + "type": "string", + "description": "Region in which the trail was created.\n" + }, + "includeGlobalServiceEvents": { + "type": "boolean", + "description": "Whether the trail is publishing events from global services such as IAM to the log files. Defaults to `true`.\n" + }, + "insightSelectors": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudtrail/TrailInsightSelector:TrailInsightSelector" + }, + "description": "Configuration block for identifying unusual operational activity. See details below.\n" + }, + "isMultiRegionTrail": { + "type": "boolean", + "description": "Whether the trail is created in the current region or in all regions. Defaults to `false`.\n" + }, + "isOrganizationTrail": { + "type": "boolean", + "description": "Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "KMS key ARN to use to encrypt the logs delivered by CloudTrail.\n" + }, + "name": { + "type": "string", + "description": "Name of the trail.\n" + }, + "s3BucketName": { + "type": "string", + "description": "Name of the S3 bucket designated for publishing log files.\n" + }, + "s3KeyPrefix": { + "type": "string", + "description": "S3 key prefix that follows the name of the bucket you have designated for log file delivery.\n" + }, + "snsTopicName": { + "type": "string", + "description": "Name of the Amazon SNS topic defined for notification of log file delivery.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the trail. If configured with provider defaultTags present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "required": [ + "arn", + "homeRegion", + "name", + "s3BucketName", + "tagsAll" + ], + "inputProperties": { + "cloudWatchLogsGroupArn": { + "type": "string", + "description": "Log group name using an ARN that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard.\n" + }, + "cloudWatchLogsRoleArn": { + "type": "string", + "description": "Role for the CloudWatch Logs endpoint to assume to write to a user’s log group.\n" + }, + "enableLogFileValidation": { + "type": "boolean", + "description": "Whether log file integrity validation is enabled. Defaults to `false`.\n" + }, + "enableLogging": { + "type": "boolean", + "description": "Enables logging for the trail. Defaults to `true`. Setting this to `false` will pause logging.\n" + }, + "eventSelectors": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudtrail/TrailEventSelector:TrailEventSelector" + }, + "description": "Configuration block of an event selector for enabling data event logging. See details below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.\n" + }, + "includeGlobalServiceEvents": { + "type": "boolean", + "description": "Whether the trail is publishing events from global services such as IAM to the log files. Defaults to `true`.\n" + }, + "insightSelectors": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudtrail/TrailInsightSelector:TrailInsightSelector" + }, + "description": "Configuration block for identifying unusual operational activity. See details below.\n" + }, + "isMultiRegionTrail": { + "type": "boolean", + "description": "Whether the trail is created in the current region or in all regions. Defaults to `false`.\n" + }, + "isOrganizationTrail": { + "type": "boolean", + "description": "Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "KMS key ARN to use to encrypt the logs delivered by CloudTrail.\n" + }, + "name": { + "type": "string", + "description": "Name of the trail.\n" + }, + "s3BucketName": { + "type": "string", + "description": "Name of the S3 bucket designated for publishing log files.\n" + }, + "s3KeyPrefix": { + "type": "string", + "description": "S3 key prefix that follows the name of the bucket you have designated for log file delivery.\n" + }, + "snsTopicName": { + "type": "string", + "description": "Name of the Amazon SNS topic defined for notification of log file delivery.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the trail. If configured with provider defaultTags present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "requiredInputs": [ + "s3BucketName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Trail resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the trail.\n" + }, + "cloudWatchLogsGroupArn": { + "type": "string", + "description": "Log group name using an ARN that represents the log group to which CloudTrail logs will be delivered. Note that CloudTrail requires the Log Stream wildcard.\n" + }, + "cloudWatchLogsRoleArn": { + "type": "string", + "description": "Role for the CloudWatch Logs endpoint to assume to write to a user’s log group.\n" + }, + "enableLogFileValidation": { + "type": "boolean", + "description": "Whether log file integrity validation is enabled. Defaults to `false`.\n" + }, + "enableLogging": { + "type": "boolean", + "description": "Enables logging for the trail. Defaults to `true`. Setting this to `false` will pause logging.\n" + }, + "eventSelectors": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudtrail/TrailEventSelector:TrailEventSelector" + }, + "description": "Configuration block of an event selector for enabling data event logging. See details below. Please note the [CloudTrail limits](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/WhatIsCloudTrail-Limits.html) when configuring these.\n" + }, + "homeRegion": { + "type": "string", + "description": "Region in which the trail was created.\n" + }, + "includeGlobalServiceEvents": { + "type": "boolean", + "description": "Whether the trail is publishing events from global services such as IAM to the log files. Defaults to `true`.\n" + }, + "insightSelectors": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudtrail/TrailInsightSelector:TrailInsightSelector" + }, + "description": "Configuration block for identifying unusual operational activity. See details below.\n" + }, + "isMultiRegionTrail": { + "type": "boolean", + "description": "Whether the trail is created in the current region or in all regions. Defaults to `false`.\n" + }, + "isOrganizationTrail": { + "type": "boolean", + "description": "Whether the trail is an AWS Organizations trail. Organization trails log events for the master account and all member accounts. Can only be created in the organization master account. Defaults to `false`.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "KMS key ARN to use to encrypt the logs delivered by CloudTrail.\n" + }, + "name": { + "type": "string", + "description": "Name of the trail.\n" + }, + "s3BucketName": { + "type": "string", + "description": "Name of the S3 bucket designated for publishing log files.\n" + }, + "s3KeyPrefix": { + "type": "string", + "description": "S3 key prefix that follows the name of the bucket you have designated for log file delivery.\n" + }, + "snsTopicName": { + "type": "string", + "description": "Name of the Amazon SNS topic defined for notification of log file delivery.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the trail. If configured with provider defaultTags present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/compositeAlarm:CompositeAlarm": { + "description": "Provides a CloudWatch Composite Alarm resource.\n\n> **NOTE:** An alarm (composite or metric) cannot be destroyed when there are other composite alarms depending on it. This can lead to a cyclical dependency on update, as the provider will unsuccessfully attempt to destroy alarms before updating the rule. Consider using `depends_on`, references to alarm names, and two-stage updates.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudwatch.CompositeAlarm(\"example\", {\n alarmDescription: \"This is a composite alarm!\",\n alarmName: \"example-composite-alarm\",\n alarmActions: aws_sns_topic.example.arn,\n okActions: aws_sns_topic.example.arn,\n alarmRule: `ALARM(${aws_cloudwatch_metric_alarm.alpha.alarm_name}) OR\nALARM(${aws_cloudwatch_metric_alarm.bravo.alarm_name})\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.CompositeAlarm(\"example\",\n alarm_description=\"This is a composite alarm!\",\n alarm_name=\"example-composite-alarm\",\n alarm_actions=aws_sns_topic[\"example\"][\"arn\"],\n ok_actions=aws_sns_topic[\"example\"][\"arn\"],\n alarm_rule=f\"\"\"ALARM({aws_cloudwatch_metric_alarm[\"alpha\"][\"alarm_name\"]}) OR\nALARM({aws_cloudwatch_metric_alarm[\"bravo\"][\"alarm_name\"]})\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CloudWatch.CompositeAlarm(\"example\", new Aws.CloudWatch.CompositeAlarmArgs\n {\n AlarmDescription = \"This is a composite alarm!\",\n AlarmName = \"example-composite-alarm\",\n AlarmActions = aws_sns_topic.Example.Arn,\n OkActions = aws_sns_topic.Example.Arn,\n AlarmRule = @$\"ALARM({aws_cloudwatch_metric_alarm.Alpha.Alarm_name}) OR\nALARM({aws_cloudwatch_metric_alarm.Bravo.Alarm_name})\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewCompositeAlarm(ctx, \"example\", &cloudwatch.CompositeAlarmArgs{\n\t\t\tAlarmDescription: pulumi.String(\"This is a composite alarm!\"),\n\t\t\tAlarmName: pulumi.String(\"example-composite-alarm\"),\n\t\t\tAlarmActions: pulumi.Any(aws_sns_topic.Example.Arn),\n\t\t\tOkActions: pulumi.Any(aws_sns_topic.Example.Arn),\n\t\t\tAlarmRule: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v\", \"ALARM(\", aws_cloudwatch_metric_alarm.Alpha.Alarm_name, \") OR\\n\", \"ALARM(\", aws_cloudwatch_metric_alarm.Bravo.Alarm_name, \")\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nUse the `alarm_name` to import a CloudWatch Composite Alarm. For example\n\n```sh\n $ pulumi import aws:cloudwatch/compositeAlarm:CompositeAlarm test my-alarm\n```\n\n ", + "properties": { + "actionsEnabled": { + "type": "boolean", + "description": "Indicates whether actions should be executed during any changes to the alarm state of the composite alarm. Defaults to `true`.\n" + }, + "alarmActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of actions to execute when this alarm transitions to the `ALARM` state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.\n" + }, + "alarmDescription": { + "type": "string", + "description": "The description for the composite alarm.\n" + }, + "alarmName": { + "type": "string", + "description": "The name for the composite alarm. This name must be unique within the region.\n" + }, + "alarmRule": { + "type": "string", + "description": "An expression that specifies which other alarms are to be evaluated to determine this composite alarm's state. For syntax, see [Creating a Composite Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Create_Composite_Alarm.html). The maximum length is 10240 characters.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the composite alarm.\n" + }, + "insufficientDataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of actions to execute when this alarm transitions to the `INSUFFICIENT_DATA` state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.\n" + }, + "okActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of actions to execute when this alarm transitions to an `OK` state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to associate with the alarm. Up to 50 tags are allowed. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "alarmName", + "alarmRule", + "arn", + "tagsAll" + ], + "inputProperties": { + "actionsEnabled": { + "type": "boolean", + "description": "Indicates whether actions should be executed during any changes to the alarm state of the composite alarm. Defaults to `true`.\n" + }, + "alarmActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of actions to execute when this alarm transitions to the `ALARM` state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.\n" + }, + "alarmDescription": { + "type": "string", + "description": "The description for the composite alarm.\n" + }, + "alarmName": { + "type": "string", + "description": "The name for the composite alarm. This name must be unique within the region.\n" + }, + "alarmRule": { + "type": "string", + "description": "An expression that specifies which other alarms are to be evaluated to determine this composite alarm's state. For syntax, see [Creating a Composite Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Create_Composite_Alarm.html). The maximum length is 10240 characters.\n" + }, + "insufficientDataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of actions to execute when this alarm transitions to the `INSUFFICIENT_DATA` state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.\n" + }, + "okActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of actions to execute when this alarm transitions to an `OK` state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to associate with the alarm. Up to 50 tags are allowed. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "alarmName", + "alarmRule" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CompositeAlarm resources.\n", + "properties": { + "actionsEnabled": { + "type": "boolean", + "description": "Indicates whether actions should be executed during any changes to the alarm state of the composite alarm. Defaults to `true`.\n" + }, + "alarmActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of actions to execute when this alarm transitions to the `ALARM` state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.\n" + }, + "alarmDescription": { + "type": "string", + "description": "The description for the composite alarm.\n" + }, + "alarmName": { + "type": "string", + "description": "The name for the composite alarm. This name must be unique within the region.\n" + }, + "alarmRule": { + "type": "string", + "description": "An expression that specifies which other alarms are to be evaluated to determine this composite alarm's state. For syntax, see [Creating a Composite Alarm](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Create_Composite_Alarm.html). The maximum length is 10240 characters.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the composite alarm.\n" + }, + "insufficientDataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of actions to execute when this alarm transitions to the `INSUFFICIENT_DATA` state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.\n" + }, + "okActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of actions to execute when this alarm transitions to an `OK` state from any other state. Each action is specified as an ARN. Up to 5 actions are allowed.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to associate with the alarm. Up to 50 tags are allowed. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/dashboard:Dashboard": { + "description": "Provides a CloudWatch Dashboard resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.cloudwatch.Dashboard(\"main\", {\n dashboardBody: `{\n \"widgets\": [\n {\n \"type\": \"metric\",\n \"x\": 0,\n \"y\": 0,\n \"width\": 12,\n \"height\": 6,\n \"properties\": {\n \"metrics\": [\n [\n \"AWS/EC2\",\n \"CPUUtilization\",\n \"InstanceId\",\n \"i-012345\"\n ]\n ],\n \"period\": 300,\n \"stat\": \"Average\",\n \"region\": \"us-east-1\",\n \"title\": \"EC2 Instance CPU\"\n }\n },\n {\n \"type\": \"text\",\n \"x\": 0,\n \"y\": 7,\n \"width\": 3,\n \"height\": 3,\n \"properties\": {\n \"markdown\": \"Hello world\"\n }\n }\n ]\n}\n`,\n dashboardName: \"my-dashboard\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.cloudwatch.Dashboard(\"main\",\n dashboard_body=\"\"\"{\n \"widgets\": [\n {\n \"type\": \"metric\",\n \"x\": 0,\n \"y\": 0,\n \"width\": 12,\n \"height\": 6,\n \"properties\": {\n \"metrics\": [\n [\n \"AWS/EC2\",\n \"CPUUtilization\",\n \"InstanceId\",\n \"i-012345\"\n ]\n ],\n \"period\": 300,\n \"stat\": \"Average\",\n \"region\": \"us-east-1\",\n \"title\": \"EC2 Instance CPU\"\n }\n },\n {\n \"type\": \"text\",\n \"x\": 0,\n \"y\": 7,\n \"width\": 3,\n \"height\": 3,\n \"properties\": {\n \"markdown\": \"Hello world\"\n }\n }\n ]\n}\n\n\"\"\",\n dashboard_name=\"my-dashboard\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.CloudWatch.Dashboard(\"main\", new Aws.CloudWatch.DashboardArgs\n {\n DashboardBody = @\"{\n \"\"widgets\"\": [\n {\n \"\"type\"\": \"\"metric\"\",\n \"\"x\"\": 0,\n \"\"y\"\": 0,\n \"\"width\"\": 12,\n \"\"height\"\": 6,\n \"\"properties\"\": {\n \"\"metrics\"\": [\n [\n \"\"AWS/EC2\"\",\n \"\"CPUUtilization\"\",\n \"\"InstanceId\"\",\n \"\"i-012345\"\"\n ]\n ],\n \"\"period\"\": 300,\n \"\"stat\"\": \"\"Average\"\",\n \"\"region\"\": \"\"us-east-1\"\",\n \"\"title\"\": \"\"EC2 Instance CPU\"\"\n }\n },\n {\n \"\"type\"\": \"\"text\"\",\n \"\"x\"\": 0,\n \"\"y\"\": 7,\n \"\"width\"\": 3,\n \"\"height\"\": 3,\n \"\"properties\"\": {\n \"\"markdown\"\": \"\"Hello world\"\"\n }\n }\n ]\n}\n\n\",\n DashboardName = \"my-dashboard\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewDashboard(ctx, \"main\", &cloudwatch.DashboardArgs{\n\t\t\tDashboardBody: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"widgets\\\": [\\n\", \" {\\n\", \" \\\"type\\\": \\\"metric\\\",\\n\", \" \\\"x\\\": 0,\\n\", \" \\\"y\\\": 0,\\n\", \" \\\"width\\\": 12,\\n\", \" \\\"height\\\": 6,\\n\", \" \\\"properties\\\": {\\n\", \" \\\"metrics\\\": [\\n\", \" [\\n\", \" \\\"AWS/EC2\\\",\\n\", \" \\\"CPUUtilization\\\",\\n\", \" \\\"InstanceId\\\",\\n\", \" \\\"i-012345\\\"\\n\", \" ]\\n\", \" ],\\n\", \" \\\"period\\\": 300,\\n\", \" \\\"stat\\\": \\\"Average\\\",\\n\", \" \\\"region\\\": \\\"us-east-1\\\",\\n\", \" \\\"title\\\": \\\"EC2 Instance CPU\\\"\\n\", \" }\\n\", \" },\\n\", \" {\\n\", \" \\\"type\\\": \\\"text\\\",\\n\", \" \\\"x\\\": 0,\\n\", \" \\\"y\\\": 7,\\n\", \" \\\"width\\\": 3,\\n\", \" \\\"height\\\": 3,\\n\", \" \\\"properties\\\": {\\n\", \" \\\"markdown\\\": \\\"Hello world\\\"\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\", \"\\n\")),\n\t\t\tDashboardName: pulumi.String(\"my-dashboard\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudWatch dashboards can be imported using the `dashboard_name`, e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/dashboard:Dashboard sample \n```\n\n ", + "properties": { + "dashboardArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the dashboard.\n" + }, + "dashboardBody": { + "type": "string", + "description": "The detailed information about the dashboard, including what widgets are included and their location on the dashboard. You can read more about the body structure in the [documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Dashboard-Body-Structure.html).\n" + }, + "dashboardName": { + "type": "string", + "description": "The name of the dashboard.\n" + } + }, + "required": [ + "dashboardArn", + "dashboardBody", + "dashboardName" + ], + "inputProperties": { + "dashboardBody": { + "type": "string", + "description": "The detailed information about the dashboard, including what widgets are included and their location on the dashboard. You can read more about the body structure in the [documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Dashboard-Body-Structure.html).\n" + }, + "dashboardName": { + "type": "string", + "description": "The name of the dashboard.\n" + } + }, + "requiredInputs": [ + "dashboardBody", + "dashboardName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Dashboard resources.\n", + "properties": { + "dashboardArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the dashboard.\n" + }, + "dashboardBody": { + "type": "string", + "description": "The detailed information about the dashboard, including what widgets are included and their location on the dashboard. You can read more about the body structure in the [documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/CloudWatch-Dashboard-Body-Structure.html).\n" + }, + "dashboardName": { + "type": "string", + "description": "The name of the dashboard.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/eventApiDestination:EventApiDestination": { + "description": "Provides an EventBridge event API Destination resource.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.cloudwatch.EventApiDestination(\"test\", {\n description: \"An API Destination\",\n invocationEndpoint: \"https://api.destination.com/endpoint\",\n httpMethod: \"POST\",\n invocationRateLimitPerSecond: 20,\n connectionArn: aws_cloudwatch_event_connection.test.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cloudwatch.EventApiDestination(\"test\",\n description=\"An API Destination\",\n invocation_endpoint=\"https://api.destination.com/endpoint\",\n http_method=\"POST\",\n invocation_rate_limit_per_second=20,\n connection_arn=aws_cloudwatch_event_connection[\"test\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.CloudWatch.EventApiDestination(\"test\", new Aws.CloudWatch.EventApiDestinationArgs\n {\n Description = \"An API Destination\",\n InvocationEndpoint = \"https://api.destination.com/endpoint\",\n HttpMethod = \"POST\",\n InvocationRateLimitPerSecond = 20,\n ConnectionArn = aws_cloudwatch_event_connection.Test.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewEventApiDestination(ctx, \"test\", &cloudwatch.EventApiDestinationArgs{\n\t\t\tDescription: pulumi.String(\"An API Destination\"),\n\t\t\tInvocationEndpoint: pulumi.String(\"https://api.destination.com/endpoint\"),\n\t\t\tHttpMethod: pulumi.String(\"POST\"),\n\t\t\tInvocationRateLimitPerSecond: pulumi.Int(20),\n\t\t\tConnectionArn: pulumi.Any(aws_cloudwatch_event_connection.Test.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEventBridge API Destinations can be imported using the `name`, e.g. console\n\n```sh\n $ pulumi import aws:cloudwatch/eventApiDestination:EventApiDestination test api-destination\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the event API Destination.\n" + }, + "connectionArn": { + "type": "string", + "description": "ARN of the EventBridge Connection to use for the API Destination.\n" + }, + "description": { + "type": "string", + "description": "The description of the new API Destination. Maximum of 512 characters.\n" + }, + "httpMethod": { + "type": "string", + "description": "Select the HTTP method used for the invocation endpoint, such as GET, POST, PUT, etc.\n" + }, + "invocationEndpoint": { + "type": "string", + "description": "URL endpoint to invoke as a target. This could be a valid endpoint generated by a partner service. You can include \"*\" as path parameters wildcards to be set from the Target HttpParameters.\n" + }, + "invocationRateLimitPerSecond": { + "type": "integer", + "description": "Enter the maximum number of invocations per second to allow for this destination. Enter a value greater than 0 (default 300).\n" + }, + "name": { + "type": "string", + "description": "The name of the new API Destination. The name must be unique for your account. Maximum of 64 characters consisting of numbers, lower/upper case letters, .,-,_.\n" + } + }, + "required": [ + "arn", + "connectionArn", + "httpMethod", + "invocationEndpoint", + "name" + ], + "inputProperties": { + "connectionArn": { + "type": "string", + "description": "ARN of the EventBridge Connection to use for the API Destination.\n" + }, + "description": { + "type": "string", + "description": "The description of the new API Destination. Maximum of 512 characters.\n" + }, + "httpMethod": { + "type": "string", + "description": "Select the HTTP method used for the invocation endpoint, such as GET, POST, PUT, etc.\n" + }, + "invocationEndpoint": { + "type": "string", + "description": "URL endpoint to invoke as a target. This could be a valid endpoint generated by a partner service. You can include \"*\" as path parameters wildcards to be set from the Target HttpParameters.\n" + }, + "invocationRateLimitPerSecond": { + "type": "integer", + "description": "Enter the maximum number of invocations per second to allow for this destination. Enter a value greater than 0 (default 300).\n" + }, + "name": { + "type": "string", + "description": "The name of the new API Destination. The name must be unique for your account. Maximum of 64 characters consisting of numbers, lower/upper case letters, .,-,_.\n" + } + }, + "requiredInputs": [ + "connectionArn", + "httpMethod", + "invocationEndpoint" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventApiDestination resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the event API Destination.\n" + }, + "connectionArn": { + "type": "string", + "description": "ARN of the EventBridge Connection to use for the API Destination.\n" + }, + "description": { + "type": "string", + "description": "The description of the new API Destination. Maximum of 512 characters.\n" + }, + "httpMethod": { + "type": "string", + "description": "Select the HTTP method used for the invocation endpoint, such as GET, POST, PUT, etc.\n" + }, + "invocationEndpoint": { + "type": "string", + "description": "URL endpoint to invoke as a target. This could be a valid endpoint generated by a partner service. You can include \"*\" as path parameters wildcards to be set from the Target HttpParameters.\n" + }, + "invocationRateLimitPerSecond": { + "type": "integer", + "description": "Enter the maximum number of invocations per second to allow for this destination. Enter a value greater than 0 (default 300).\n" + }, + "name": { + "type": "string", + "description": "The name of the new API Destination. The name must be unique for your account. Maximum of 64 characters consisting of numbers, lower/upper case letters, .,-,_.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/eventArchive:EventArchive": { + "description": "Provides an EventBridge event archive resource.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst orderEventBus = new aws.cloudwatch.EventBus(\"orderEventBus\", {});\nconst orderEventArchive = new aws.cloudwatch.EventArchive(\"orderEventArchive\", {eventSourceArn: orderEventBus.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norder_event_bus = aws.cloudwatch.EventBus(\"orderEventBus\")\norder_event_archive = aws.cloudwatch.EventArchive(\"orderEventArchive\", event_source_arn=order_event_bus.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var orderEventBus = new Aws.CloudWatch.EventBus(\"orderEventBus\", new Aws.CloudWatch.EventBusArgs\n {\n });\n var orderEventArchive = new Aws.CloudWatch.EventArchive(\"orderEventArchive\", new Aws.CloudWatch.EventArchiveArgs\n {\n EventSourceArn = orderEventBus.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\torderEventBus, err := cloudwatch.NewEventBus(ctx, \"orderEventBus\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventArchive(ctx, \"orderEventArchive\", &cloudwatch.EventArchiveArgs{\n\t\t\tEventSourceArn: orderEventBus.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Example all optional arguments\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst orderEventBus = new aws.cloudwatch.EventBus(\"orderEventBus\", {});\nconst orderEventArchive = new aws.cloudwatch.EventArchive(\"orderEventArchive\", {\n description: \"Archived events from order service\",\n eventSourceArn: orderEventBus.arn,\n retentionDays: 7,\n eventPattern: `{\n \"source\": [\"company.team.order\"]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norder_event_bus = aws.cloudwatch.EventBus(\"orderEventBus\")\norder_event_archive = aws.cloudwatch.EventArchive(\"orderEventArchive\",\n description=\"Archived events from order service\",\n event_source_arn=order_event_bus.arn,\n retention_days=7,\n event_pattern=\"\"\"{\n \"source\": [\"company.team.order\"]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var orderEventBus = new Aws.CloudWatch.EventBus(\"orderEventBus\", new Aws.CloudWatch.EventBusArgs\n {\n });\n var orderEventArchive = new Aws.CloudWatch.EventArchive(\"orderEventArchive\", new Aws.CloudWatch.EventArchiveArgs\n {\n Description = \"Archived events from order service\",\n EventSourceArn = orderEventBus.Arn,\n RetentionDays = 7,\n EventPattern = @\"{\n \"\"source\"\": [\"\"company.team.order\"\"]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\torderEventBus, err := cloudwatch.NewEventBus(ctx, \"orderEventBus\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventArchive(ctx, \"orderEventArchive\", &cloudwatch.EventArchiveArgs{\n\t\t\tDescription: pulumi.String(\"Archived events from order service\"),\n\t\t\tEventSourceArn: orderEventBus.Arn,\n\t\t\tRetentionDays: pulumi.Int(7),\n\t\t\tEventPattern: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"{\\n\", \" \\\"source\\\": [\\\"company.team.order\\\"]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nEvent Archive can be imported using their name, for example bash\n\n```sh\n $ pulumi import aws:cloudwatch/eventArchive:EventArchive imported_event_archive order-archive\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the event archive.\n" + }, + "description": { + "type": "string", + "description": "The description of the new event archive.\n" + }, + "eventPattern": { + "type": "string", + "description": "Instructs the new event archive to only capture events matched by this pattern. By default, it attempts to archive every event received in the `event_source_arn`.\n" + }, + "eventSourceArn": { + "type": "string", + "description": "Event bus source ARN from where these events should be archived.\n" + }, + "name": { + "type": "string", + "description": "The name of the new event archive. The archive name cannot exceed 48 characters.\n" + }, + "retentionDays": { + "type": "integer", + "description": "The maximum number of days to retain events in the new event archive. By default, it archives indefinitely.\n" + } + }, + "required": [ + "arn", + "eventSourceArn", + "name" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the new event archive.\n" + }, + "eventPattern": { + "type": "string", + "description": "Instructs the new event archive to only capture events matched by this pattern. By default, it attempts to archive every event received in the `event_source_arn`.\n" + }, + "eventSourceArn": { + "type": "string", + "description": "Event bus source ARN from where these events should be archived.\n" + }, + "name": { + "type": "string", + "description": "The name of the new event archive. The archive name cannot exceed 48 characters.\n" + }, + "retentionDays": { + "type": "integer", + "description": "The maximum number of days to retain events in the new event archive. By default, it archives indefinitely.\n" + } + }, + "requiredInputs": [ + "eventSourceArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventArchive resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the event archive.\n" + }, + "description": { + "type": "string", + "description": "The description of the new event archive.\n" + }, + "eventPattern": { + "type": "string", + "description": "Instructs the new event archive to only capture events matched by this pattern. By default, it attempts to archive every event received in the `event_source_arn`.\n" + }, + "eventSourceArn": { + "type": "string", + "description": "Event bus source ARN from where these events should be archived.\n" + }, + "name": { + "type": "string", + "description": "The name of the new event archive. The archive name cannot exceed 48 characters.\n" + }, + "retentionDays": { + "type": "integer", + "description": "The maximum number of days to retain events in the new event archive. By default, it archives indefinitely.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/eventBus:EventBus": { + "description": "Provides an EventBridge event bus resource.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst messenger = new aws.cloudwatch.EventBus(\"messenger\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmessenger = aws.cloudwatch.EventBus(\"messenger\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var messenger = new Aws.CloudWatch.EventBus(\"messenger\", new Aws.CloudWatch.EventBusArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewEventBus(ctx, \"messenger\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplepartnerEventSource = aws.cloudwatch.getEventSource({\n namePrefix: \"aws.partner/examplepartner.com\",\n});\nconst examplepartnerEventBus = new aws.cloudwatch.EventBus(\"examplepartnerEventBus\", {eventSourceName: examplepartnerEventSource.then(examplepartnerEventSource => examplepartnerEventSource.name)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexamplepartner_event_source = aws.cloudwatch.get_event_source(name_prefix=\"aws.partner/examplepartner.com\")\nexamplepartner_event_bus = aws.cloudwatch.EventBus(\"examplepartnerEventBus\", event_source_name=examplepartner_event_source.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplepartnerEventSource = Output.Create(Aws.CloudWatch.GetEventSource.InvokeAsync(new Aws.CloudWatch.GetEventSourceArgs\n {\n NamePrefix = \"aws.partner/examplepartner.com\",\n }));\n var examplepartnerEventBus = new Aws.CloudWatch.EventBus(\"examplepartnerEventBus\", new Aws.CloudWatch.EventBusArgs\n {\n EventSourceName = examplepartnerEventSource.Apply(examplepartnerEventSource => examplepartnerEventSource.Name),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"aws.partner/examplepartner.com\"\n\t\texamplepartnerEventSource, err := cloudwatch.GetEventSource(ctx, &cloudwatch.GetEventSourceArgs{\n\t\t\tNamePrefix: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventBus(ctx, \"examplepartnerEventBus\", &cloudwatch.EventBusArgs{\n\t\t\tEventSourceName: pulumi.String(examplepartnerEventSource.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEventBridge event buses can be imported using the `name` (which can also be a partner event source name), e.g. console\n\n```sh\n $ pulumi import aws:cloudwatch/eventBus:EventBus messenger chat-messages\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the event bus.\n" + }, + "eventSourceName": { + "type": "string", + "description": "The partner event source that the new event bus will be matched with. Must match `name`.\n" + }, + "name": { + "type": "string", + "description": "The name of the new event bus. The names of custom event buses can't contain the / character. To create a partner event bus, ensure the `name` matches the `event_source_name`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "eventSourceName": { + "type": "string", + "description": "The partner event source that the new event bus will be matched with. Must match `name`.\n" + }, + "name": { + "type": "string", + "description": "The name of the new event bus. The names of custom event buses can't contain the / character. To create a partner event bus, ensure the `name` matches the `event_source_name`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering EventBus resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the event bus.\n" + }, + "eventSourceName": { + "type": "string", + "description": "The partner event source that the new event bus will be matched with. Must match `name`.\n" + }, + "name": { + "type": "string", + "description": "The name of the new event bus. The names of custom event buses can't contain the / character. To create a partner event bus, ensure the `name` matches the `event_source_name`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/eventBusPolicy:EventBusPolicy": { + "description": "Provides a resource to create an EventBridge resource policy to support cross-account events.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n> **Note:** The cloudwatch eventbus policy resource is incompatible with the cloudwatch event permissions resource and will overwrite them.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Account Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"DevAccountAccess\",\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n }],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\", {\n policy: testPolicyDocument.then(testPolicyDocument => testPolicyDocument.json),\n eventBusName: aws_cloudwatch_event_bus.test.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"DevAccountAccess\",\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n)])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\",\n policy=test_policy_document.json,\n event_bus_name=aws_cloudwatch_event_bus[\"test\"][\"name\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"DevAccountAccess\",\n Effect = \"Allow\",\n Actions = \n {\n \"events:PutEvents\",\n },\n Resources = \n {\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n \"123456789012\",\n },\n },\n },\n },\n },\n }));\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"testEventBusPolicy\", new Aws.CloudWatch.EventBusPolicyArgs\n {\n Policy = testPolicyDocument.Apply(testPolicyDocument => testPolicyDocument.Json),\n EventBusName = aws_cloudwatch_event_bus.Test.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"DevAccountAccess\",\n\t\t\t\t\tEffect: \"Allow\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"events:PutEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"123456789012\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventBusPolicy(ctx, \"testEventBusPolicy\", &cloudwatch.EventBusPolicyArgs{\n\t\t\tPolicy: pulumi.String(testPolicyDocument.Json),\n\t\t\tEventBusName: pulumi.Any(aws_cloudwatch_event_bus.Test.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Organization Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OrganizationAccess\",\n effect: \"Allow\",\n actions: [\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources: [\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: aws_organizations_organization.example.id,\n }],\n }],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\", {\n policy: testPolicyDocument.then(testPolicyDocument => testPolicyDocument.json),\n eventBusName: aws_cloudwatch_event_bus.test.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OrganizationAccess\",\n effect=\"Allow\",\n actions=[\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources=[\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=aws_organizations_organization[\"example\"][\"id\"],\n )],\n)])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\",\n policy=test_policy_document.json,\n event_bus_name=aws_cloudwatch_event_bus[\"test\"][\"name\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"OrganizationAccess\",\n Effect = \"Allow\",\n Actions = \n {\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n },\n Resources = \n {\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n \"*\",\n },\n },\n },\n Conditions = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = aws_organizations_organization.Example.Id,\n },\n },\n },\n },\n }));\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"testEventBusPolicy\", new Aws.CloudWatch.EventBusPolicyArgs\n {\n Policy = testPolicyDocument.Apply(testPolicyDocument => testPolicyDocument.Json),\n EventBusName = aws_cloudwatch_event_bus.Test.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"OrganizationAccess\",\n\t\t\t\t\tEffect: \"Allow\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"events:DescribeRule\",\n\t\t\t\t\t\t\"events:ListRules\",\n\t\t\t\t\t\t\"events:ListTargetsByRule\",\n\t\t\t\t\t\t\"events:ListTagsForResource\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:123456789012:rule/*\",\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t\tTest: \"StringEquals\",\n\t\t\t\t\t\t\tVariable: \"aws:PrincipalOrgID\",\n\t\t\t\t\t\t\tValues: aws_organizations_organization.Example.Id,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventBusPolicy(ctx, \"testEventBusPolicy\", &cloudwatch.EventBusPolicyArgs{\n\t\t\tPolicy: pulumi.String(testPolicyDocument.Json),\n\t\t\tEventBusName: pulumi.Any(aws_cloudwatch_event_bus.Test.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Multiple Statements\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testPolicyDocument = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"DevAccountAccess\",\n effect: \"Allow\",\n actions: [\"events:PutEvents\"],\n resources: [\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n },\n {\n sid: \"OrganizationAccess\",\n effect: \"Allow\",\n actions: [\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources: [\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: aws_organizations_organization.example.id,\n }],\n },\n ],\n});\nconst testEventBusPolicy = new aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\", {\n policy: testPolicyDocument.then(testPolicyDocument => testPolicyDocument.json),\n eventBusName: aws_cloudwatch_event_bus.test.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_policy_document = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"DevAccountAccess\",\n effect=\"Allow\",\n actions=[\"events:PutEvents\"],\n resources=[\"arn:aws:events:eu-west-1:123456789012:event-bus/default\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OrganizationAccess\",\n effect=\"Allow\",\n actions=[\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n ],\n resources=[\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n ],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=aws_organizations_organization[\"example\"][\"id\"],\n )],\n ),\n])\ntest_event_bus_policy = aws.cloudwatch.EventBusPolicy(\"testEventBusPolicy\",\n policy=test_policy_document.json,\n event_bus_name=aws_cloudwatch_event_bus[\"test\"][\"name\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"DevAccountAccess\",\n Effect = \"Allow\",\n Actions = \n {\n \"events:PutEvents\",\n },\n Resources = \n {\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n \"123456789012\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"OrganizationAccess\",\n Effect = \"Allow\",\n Actions = \n {\n \"events:DescribeRule\",\n \"events:ListRules\",\n \"events:ListTargetsByRule\",\n \"events:ListTagsForResource\",\n },\n Resources = \n {\n \"arn:aws:events:eu-west-1:123456789012:rule/*\",\n \"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n \"*\",\n },\n },\n },\n Conditions = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = aws_organizations_organization.Example.Id,\n },\n },\n },\n },\n }));\n var testEventBusPolicy = new Aws.CloudWatch.EventBusPolicy(\"testEventBusPolicy\", new Aws.CloudWatch.EventBusPolicyArgs\n {\n Policy = testPolicyDocument.Apply(testPolicyDocument => testPolicyDocument.Json),\n EventBusName = aws_cloudwatch_event_bus.Test.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"DevAccountAccess\",\n\t\t\t\t\tEffect: \"Allow\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"events:PutEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"123456789012\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"OrganizationAccess\",\n\t\t\t\t\tEffect: \"Allow\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"events:DescribeRule\",\n\t\t\t\t\t\t\"events:ListRules\",\n\t\t\t\t\t\t\"events:ListTargetsByRule\",\n\t\t\t\t\t\t\"events:ListTagsForResource\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:123456789012:rule/*\",\n\t\t\t\t\t\t\"arn:aws:events:eu-west-1:123456789012:event-bus/default\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t\tTest: \"StringEquals\",\n\t\t\t\t\t\t\tVariable: \"aws:PrincipalOrgID\",\n\t\t\t\t\t\t\tValues: aws_organizations_organization.Example.Id,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventBusPolicy(ctx, \"testEventBusPolicy\", &cloudwatch.EventBusPolicyArgs{\n\t\t\tPolicy: pulumi.String(testPolicyDocument.Json),\n\t\t\tEventBusName: pulumi.Any(aws_cloudwatch_event_bus.Test.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEventBridge permissions can be imported using the `event_bus_name`, e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/eventBusPolicy:EventBusPolicy DevAccountAccess example-event-bus\n```\n\n ", + "properties": { + "eventBusName": { + "type": "string", + "description": "The event bus to set the permissions on. If you omit this, the permissions are set on the `default` event bus.\n" + }, + "policy": { + "type": "string" + } + }, + "required": [ + "policy" + ], + "inputProperties": { + "eventBusName": { + "type": "string", + "description": "The event bus to set the permissions on. If you omit this, the permissions are set on the `default` event bus.\n" + }, + "policy": { + "type": "string" + } + }, + "requiredInputs": [ + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventBusPolicy resources.\n", + "properties": { + "eventBusName": { + "type": "string", + "description": "The event bus to set the permissions on. If you omit this, the permissions are set on the `default` event bus.\n" + }, + "policy": { + "type": "string" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/eventConnection:EventConnection": { + "description": "Provides an EventBridge connection resource.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.cloudwatch.EventConnection(\"test\", {\n authParameters: {\n apiKey: {\n key: \"x-signature\",\n value: \"1234\",\n },\n },\n authorizationType: \"API_KEY\",\n description: \"A connection description\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cloudwatch.EventConnection(\"test\",\n auth_parameters=aws.cloudwatch.EventConnectionAuthParametersArgs(\n api_key=aws.cloudwatch.EventConnectionAuthParametersApiKeyArgs(\n key=\"x-signature\",\n value=\"1234\",\n ),\n ),\n authorization_type=\"API_KEY\",\n description=\"A connection description\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.CloudWatch.EventConnection(\"test\", new Aws.CloudWatch.EventConnectionArgs\n {\n AuthParameters = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersArgs\n {\n ApiKey = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersApiKeyArgs\n {\n Key = \"x-signature\",\n Value = \"1234\",\n },\n },\n AuthorizationType = \"API_KEY\",\n Description = \"A connection description\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewEventConnection(ctx, \"test\", &cloudwatch.EventConnectionArgs{\n\t\t\tAuthParameters: &cloudwatch.EventConnectionAuthParametersArgs{\n\t\t\t\tApiKey: &cloudwatch.EventConnectionAuthParametersApiKeyArgs{\n\t\t\t\t\tKey: pulumi.String(\"x-signature\"),\n\t\t\t\t\tValue: pulumi.String(\"1234\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuthorizationType: pulumi.String(\"API_KEY\"),\n\t\t\tDescription: pulumi.String(\"A connection description\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### Basic Authorization\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.cloudwatch.EventConnection(\"test\", {\n authParameters: {\n basic: {\n password: \"Pass1234!\",\n username: \"user\",\n },\n },\n authorizationType: \"BASIC\",\n description: \"A connection description\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cloudwatch.EventConnection(\"test\",\n auth_parameters=aws.cloudwatch.EventConnectionAuthParametersArgs(\n basic=aws.cloudwatch.EventConnectionAuthParametersBasicArgs(\n password=\"Pass1234!\",\n username=\"user\",\n ),\n ),\n authorization_type=\"BASIC\",\n description=\"A connection description\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.CloudWatch.EventConnection(\"test\", new Aws.CloudWatch.EventConnectionArgs\n {\n AuthParameters = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersArgs\n {\n Basic = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersBasicArgs\n {\n Password = \"Pass1234!\",\n Username = \"user\",\n },\n },\n AuthorizationType = \"BASIC\",\n Description = \"A connection description\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewEventConnection(ctx, \"test\", &cloudwatch.EventConnectionArgs{\n\t\t\tAuthParameters: &cloudwatch.EventConnectionAuthParametersArgs{\n\t\t\t\tBasic: &cloudwatch.EventConnectionAuthParametersBasicArgs{\n\t\t\t\t\tPassword: pulumi.String(\"Pass1234!\"),\n\t\t\t\t\tUsername: pulumi.String(\"user\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuthorizationType: pulumi.String(\"BASIC\"),\n\t\t\tDescription: pulumi.String(\"A connection description\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### OAuth Authorization\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.cloudwatch.EventConnection(\"test\", {\n authParameters: {\n oauth: {\n authorizationEndpoint: \"https://auth.url.com/endpoint\",\n clientParameters: {\n clientId: \"1234567890\",\n clientSecret: \"Pass1234!\",\n },\n httpMethod: \"GET\",\n oauthHttpParameters: {\n bodies: [{\n isValueSecret: false,\n key: \"body-parameter-key\",\n value: \"body-parameter-value\",\n }],\n headers: [{\n isValueSecret: false,\n key: \"header-parameter-key\",\n value: \"header-parameter-value\",\n }],\n queryStrings: [{\n isValueSecret: false,\n key: \"query-string-parameter-key\",\n value: \"query-string-parameter-value\",\n }],\n },\n },\n },\n authorizationType: \"OAUTH_CLIENT_CREDENTIALS\",\n description: \"A connection description\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cloudwatch.EventConnection(\"test\",\n auth_parameters=aws.cloudwatch.EventConnectionAuthParametersArgs(\n oauth=aws.cloudwatch.EventConnectionAuthParametersOauthArgs(\n authorization_endpoint=\"https://auth.url.com/endpoint\",\n client_parameters=aws.cloudwatch.EventConnectionAuthParametersOauthClientParametersArgs(\n client_id=\"1234567890\",\n client_secret=\"Pass1234!\",\n ),\n http_method=\"GET\",\n oauth_http_parameters=aws.cloudwatch.EventConnectionAuthParametersOauthOauthHttpParametersArgs(\n body=[{\n \"isValueSecret\": False,\n \"key\": \"body-parameter-key\",\n \"value\": \"body-parameter-value\",\n }],\n header=[{\n \"isValueSecret\": False,\n \"key\": \"header-parameter-key\",\n \"value\": \"header-parameter-value\",\n }],\n query_string=[{\n \"isValueSecret\": False,\n \"key\": \"query-string-parameter-key\",\n \"value\": \"query-string-parameter-value\",\n }],\n ),\n ),\n ),\n authorization_type=\"OAUTH_CLIENT_CREDENTIALS\",\n description=\"A connection description\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.CloudWatch.EventConnection(\"test\", new Aws.CloudWatch.EventConnectionArgs\n {\n AuthParameters = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersArgs\n {\n Oauth = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersOauthArgs\n {\n AuthorizationEndpoint = \"https://auth.url.com/endpoint\",\n ClientParameters = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersOauthClientParametersArgs\n {\n ClientId = \"1234567890\",\n ClientSecret = \"Pass1234!\",\n },\n HttpMethod = \"GET\",\n OauthHttpParameters = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersOauthOauthHttpParametersArgs\n {\n Body = \n {\n \n {\n { \"isValueSecret\", false },\n { \"key\", \"body-parameter-key\" },\n { \"value\", \"body-parameter-value\" },\n },\n },\n Header = \n {\n \n {\n { \"isValueSecret\", false },\n { \"key\", \"header-parameter-key\" },\n { \"value\", \"header-parameter-value\" },\n },\n },\n QueryString = \n {\n \n {\n { \"isValueSecret\", false },\n { \"key\", \"query-string-parameter-key\" },\n { \"value\", \"query-string-parameter-value\" },\n },\n },\n },\n },\n },\n AuthorizationType = \"OAUTH_CLIENT_CREDENTIALS\",\n Description = \"A connection description\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewEventConnection(ctx, \"test\", &cloudwatch.EventConnectionArgs{\n\t\t\tAuthParameters: &cloudwatch.EventConnectionAuthParametersArgs{\n\t\t\t\tOauth: &cloudwatch.EventConnectionAuthParametersOauthArgs{\n\t\t\t\t\tAuthorizationEndpoint: pulumi.String(\"https://auth.url.com/endpoint\"),\n\t\t\t\t\tClientParameters: &cloudwatch.EventConnectionAuthParametersOauthClientParametersArgs{\n\t\t\t\t\t\tClientId: pulumi.String(\"1234567890\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"Pass1234!\"),\n\t\t\t\t\t},\n\t\t\t\t\tHttpMethod: pulumi.String(\"GET\"),\n\t\t\t\t\tOauthHttpParameters: &cloudwatch.EventConnectionAuthParametersOauthOauthHttpParametersArgs{\n\t\t\t\t\t\tBody: []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"isValueSecret\": false,\n\t\t\t\t\t\t\t\t\"key\": \"body-parameter-key\",\n\t\t\t\t\t\t\t\t\"value\": \"body-parameter-value\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tHeader: []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"isValueSecret\": false,\n\t\t\t\t\t\t\t\t\"key\": \"header-parameter-key\",\n\t\t\t\t\t\t\t\t\"value\": \"header-parameter-value\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tQueryString: []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"isValueSecret\": false,\n\t\t\t\t\t\t\t\t\"key\": \"query-string-parameter-key\",\n\t\t\t\t\t\t\t\t\"value\": \"query-string-parameter-value\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuthorizationType: pulumi.String(\"OAUTH_CLIENT_CREDENTIALS\"),\n\t\t\tDescription: pulumi.String(\"A connection description\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### Invocation Http Parameters\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.cloudwatch.EventConnection(\"test\", {\n authParameters: {\n basic: {\n password: \"Pass1234!\",\n username: \"user\",\n },\n invocationHttpParameters: {\n bodies: [\n {\n isValueSecret: false,\n key: \"body-parameter-key\",\n value: \"body-parameter-value\",\n },\n {\n isValueSecret: true,\n key: \"body-parameter-key2\",\n value: \"body-parameter-value2\",\n },\n ],\n headers: [{\n isValueSecret: false,\n key: \"header-parameter-key\",\n value: \"header-parameter-value\",\n }],\n queryStrings: [{\n isValueSecret: false,\n key: \"query-string-parameter-key\",\n value: \"query-string-parameter-value\",\n }],\n },\n },\n authorizationType: \"BASIC\",\n description: \"A connection description\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cloudwatch.EventConnection(\"test\",\n auth_parameters=aws.cloudwatch.EventConnectionAuthParametersArgs(\n basic=aws.cloudwatch.EventConnectionAuthParametersBasicArgs(\n password=\"Pass1234!\",\n username=\"user\",\n ),\n invocation_http_parameters=aws.cloudwatch.EventConnectionAuthParametersInvocationHttpParametersArgs(\n body=[\n {\n \"isValueSecret\": False,\n \"key\": \"body-parameter-key\",\n \"value\": \"body-parameter-value\",\n },\n {\n \"isValueSecret\": True,\n \"key\": \"body-parameter-key2\",\n \"value\": \"body-parameter-value2\",\n },\n ],\n header=[{\n \"isValueSecret\": False,\n \"key\": \"header-parameter-key\",\n \"value\": \"header-parameter-value\",\n }],\n query_string=[{\n \"isValueSecret\": False,\n \"key\": \"query-string-parameter-key\",\n \"value\": \"query-string-parameter-value\",\n }],\n ),\n ),\n authorization_type=\"BASIC\",\n description=\"A connection description\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.CloudWatch.EventConnection(\"test\", new Aws.CloudWatch.EventConnectionArgs\n {\n AuthParameters = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersArgs\n {\n Basic = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersBasicArgs\n {\n Password = \"Pass1234!\",\n Username = \"user\",\n },\n InvocationHttpParameters = new Aws.CloudWatch.Inputs.EventConnectionAuthParametersInvocationHttpParametersArgs\n {\n Body = \n {\n \n {\n { \"isValueSecret\", false },\n { \"key\", \"body-parameter-key\" },\n { \"value\", \"body-parameter-value\" },\n },\n \n {\n { \"isValueSecret\", true },\n { \"key\", \"body-parameter-key2\" },\n { \"value\", \"body-parameter-value2\" },\n },\n },\n Header = \n {\n \n {\n { \"isValueSecret\", false },\n { \"key\", \"header-parameter-key\" },\n { \"value\", \"header-parameter-value\" },\n },\n },\n QueryString = \n {\n \n {\n { \"isValueSecret\", false },\n { \"key\", \"query-string-parameter-key\" },\n { \"value\", \"query-string-parameter-value\" },\n },\n },\n },\n },\n AuthorizationType = \"BASIC\",\n Description = \"A connection description\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewEventConnection(ctx, \"test\", &cloudwatch.EventConnectionArgs{\n\t\t\tAuthParameters: &cloudwatch.EventConnectionAuthParametersArgs{\n\t\t\t\tBasic: &cloudwatch.EventConnectionAuthParametersBasicArgs{\n\t\t\t\t\tPassword: pulumi.String(\"Pass1234!\"),\n\t\t\t\t\tUsername: pulumi.String(\"user\"),\n\t\t\t\t},\n\t\t\t\tInvocationHttpParameters: &cloudwatch.EventConnectionAuthParametersInvocationHttpParametersArgs{\n\t\t\t\t\tBody: []interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"isValueSecret\": false,\n\t\t\t\t\t\t\t\"key\": \"body-parameter-key\",\n\t\t\t\t\t\t\t\"value\": \"body-parameter-value\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"isValueSecret\": true,\n\t\t\t\t\t\t\t\"key\": \"body-parameter-key2\",\n\t\t\t\t\t\t\t\"value\": \"body-parameter-value2\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tHeader: []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"isValueSecret\": false,\n\t\t\t\t\t\t\t\"key\": \"header-parameter-key\",\n\t\t\t\t\t\t\t\"value\": \"header-parameter-value\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tQueryString: []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"isValueSecret\": false,\n\t\t\t\t\t\t\t\"key\": \"query-string-parameter-key\",\n\t\t\t\t\t\t\t\"value\": \"query-string-parameter-value\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tAuthorizationType: pulumi.String(\"BASIC\"),\n\t\t\tDescription: pulumi.String(\"A connection description\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEventBridge Connection can be imported using the `name`, e.g. console\n\n```sh\n $ pulumi import aws:cloudwatch/eventConnection:EventConnection test ngrok-connection\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the connection.\n" + }, + "authParameters": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParameters:EventConnectionAuthParameters", + "description": "Parameters used for authorization. A maximum of 1 are allowed. Documented below.\n" + }, + "authorizationType": { + "type": "string", + "description": "Choose the type of authorization to use for the connection. One of `API_KEY`,`BASIC`,`OAUTH_CLIENT_CREDENTIALS`.\n" + }, + "description": { + "type": "string", + "description": "Enter a description for the connection. Maximum of 512 characters.\n" + }, + "name": { + "type": "string", + "description": "The name of the new connection. Maximum of 64 characters consisting of numbers, lower/upper case letters, .,-,_.\n" + }, + "secretArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the secret created from the authorization parameters specified for the connection.\n" + } + }, + "required": [ + "arn", + "authParameters", + "authorizationType", + "name", + "secretArn" + ], + "inputProperties": { + "authParameters": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParameters:EventConnectionAuthParameters", + "description": "Parameters used for authorization. A maximum of 1 are allowed. Documented below.\n" + }, + "authorizationType": { + "type": "string", + "description": "Choose the type of authorization to use for the connection. One of `API_KEY`,`BASIC`,`OAUTH_CLIENT_CREDENTIALS`.\n" + }, + "description": { + "type": "string", + "description": "Enter a description for the connection. Maximum of 512 characters.\n" + }, + "name": { + "type": "string", + "description": "The name of the new connection. Maximum of 64 characters consisting of numbers, lower/upper case letters, .,-,_.\n" + } + }, + "requiredInputs": [ + "authParameters", + "authorizationType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventConnection resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the connection.\n" + }, + "authParameters": { + "$ref": "#/types/aws:cloudwatch/EventConnectionAuthParameters:EventConnectionAuthParameters", + "description": "Parameters used for authorization. A maximum of 1 are allowed. Documented below.\n" + }, + "authorizationType": { + "type": "string", + "description": "Choose the type of authorization to use for the connection. One of `API_KEY`,`BASIC`,`OAUTH_CLIENT_CREDENTIALS`.\n" + }, + "description": { + "type": "string", + "description": "Enter a description for the connection. Maximum of 512 characters.\n" + }, + "name": { + "type": "string", + "description": "The name of the new connection. Maximum of 64 characters consisting of numbers, lower/upper case letters, .,-,_.\n" + }, + "secretArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the secret created from the authorization parameters specified for the connection.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/eventPermission:EventPermission": { + "description": "Provides a resource to create an EventBridge permission to support cross-account events in the current account default event bus.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Account Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst devAccountAccess = new aws.cloudwatch.EventPermission(\"DevAccountAccess\", {\n principal: \"123456789012\",\n statementId: \"DevAccountAccess\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndev_account_access = aws.cloudwatch.EventPermission(\"devAccountAccess\",\n principal=\"123456789012\",\n statement_id=\"DevAccountAccess\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var devAccountAccess = new Aws.CloudWatch.EventPermission(\"devAccountAccess\", new Aws.CloudWatch.EventPermissionArgs\n {\n Principal = \"123456789012\",\n StatementId = \"DevAccountAccess\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewEventPermission(ctx, \"devAccountAccess\", &cloudwatch.EventPermissionArgs{\n\t\t\tPrincipal: pulumi.String(\"123456789012\"),\n\t\t\tStatementId: pulumi.String(\"DevAccountAccess\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Organization Access\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst organizationAccess = new aws.cloudwatch.EventPermission(\"organizationAccess\", {\n principal: \"*\",\n statementId: \"OrganizationAccess\",\n condition: {\n key: \"aws:PrincipalOrgID\",\n type: \"StringEquals\",\n value: aws_organizations_organization.example.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norganization_access = aws.cloudwatch.EventPermission(\"organizationAccess\",\n principal=\"*\",\n statement_id=\"OrganizationAccess\",\n condition=aws.cloudwatch.EventPermissionConditionArgs(\n key=\"aws:PrincipalOrgID\",\n type=\"StringEquals\",\n value=aws_organizations_organization[\"example\"][\"id\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var organizationAccess = new Aws.CloudWatch.EventPermission(\"organizationAccess\", new Aws.CloudWatch.EventPermissionArgs\n {\n Principal = \"*\",\n StatementId = \"OrganizationAccess\",\n Condition = new Aws.CloudWatch.Inputs.EventPermissionConditionArgs\n {\n Key = \"aws:PrincipalOrgID\",\n Type = \"StringEquals\",\n Value = aws_organizations_organization.Example.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewEventPermission(ctx, \"organizationAccess\", &cloudwatch.EventPermissionArgs{\n\t\t\tPrincipal: pulumi.String(\"*\"),\n\t\t\tStatementId: pulumi.String(\"OrganizationAccess\"),\n\t\t\tCondition: &cloudwatch.EventPermissionConditionArgs{\n\t\t\t\tKey: pulumi.String(\"aws:PrincipalOrgID\"),\n\t\t\t\tType: pulumi.String(\"StringEquals\"),\n\t\t\t\tValue: pulumi.Any(aws_organizations_organization.Example.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEventBridge permissions can be imported using the `event_bus_name/statement_id` (if you omit `event_bus_name`, the `default` event bus will be used), e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/eventPermission:EventPermission DevAccountAccess example-event-bus/DevAccountAccess\n```\n\n ", + "properties": { + "action": { + "type": "string", + "description": "The action that you are enabling the other account to perform. Defaults to `events:PutEvents`.\n" + }, + "condition": { + "$ref": "#/types/aws:cloudwatch/EventPermissionCondition:EventPermissionCondition", + "description": "Configuration block to limit the event bus permissions you are granting to only accounts that fulfill the condition. Specified below.\n" + }, + "eventBusName": { + "type": "string", + "description": "The event bus to set the permissions on. If you omit this, the permissions are set on the `default` event bus.\n" + }, + "principal": { + "type": "string", + "description": "The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify `*` to permit any account to put events to your default event bus, optionally limited by `condition`.\n" + }, + "statementId": { + "type": "string", + "description": "An identifier string for the external account that you are granting permissions to.\n" + } + }, + "required": [ + "principal", + "statementId" + ], + "inputProperties": { + "action": { + "type": "string", + "description": "The action that you are enabling the other account to perform. Defaults to `events:PutEvents`.\n" + }, + "condition": { + "$ref": "#/types/aws:cloudwatch/EventPermissionCondition:EventPermissionCondition", + "description": "Configuration block to limit the event bus permissions you are granting to only accounts that fulfill the condition. Specified below.\n" + }, + "eventBusName": { + "type": "string", + "description": "The event bus to set the permissions on. If you omit this, the permissions are set on the `default` event bus.\n" + }, + "principal": { + "type": "string", + "description": "The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify `*` to permit any account to put events to your default event bus, optionally limited by `condition`.\n" + }, + "statementId": { + "type": "string", + "description": "An identifier string for the external account that you are granting permissions to.\n" + } + }, + "requiredInputs": [ + "principal", + "statementId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventPermission resources.\n", + "properties": { + "action": { + "type": "string", + "description": "The action that you are enabling the other account to perform. Defaults to `events:PutEvents`.\n" + }, + "condition": { + "$ref": "#/types/aws:cloudwatch/EventPermissionCondition:EventPermissionCondition", + "description": "Configuration block to limit the event bus permissions you are granting to only accounts that fulfill the condition. Specified below.\n" + }, + "eventBusName": { + "type": "string", + "description": "The event bus to set the permissions on. If you omit this, the permissions are set on the `default` event bus.\n" + }, + "principal": { + "type": "string", + "description": "The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify `*` to permit any account to put events to your default event bus, optionally limited by `condition`.\n" + }, + "statementId": { + "type": "string", + "description": "An identifier string for the external account that you are granting permissions to.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/eventRule:EventRule": { + "description": "Provides an EventBridge Rule resource.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst console = new aws.cloudwatch.EventRule(\"console\", {\n description: \"Capture each AWS Console Sign In\",\n eventPattern: `{\n \"detail-type\": [\n \"AWS Console Sign In via CloudTrail\"\n ]\n}\n`,\n});\nconst awsLogins = new aws.sns.Topic(\"awsLogins\", {});\nconst sns = new aws.cloudwatch.EventTarget(\"sns\", {\n rule: console.name,\n arn: awsLogins.arn,\n});\nconst snsTopicPolicy = awsLogins.arn.apply(arn => aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\"SNS:Publish\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n resources: [arn],\n }],\n}));\nconst _default = new aws.sns.TopicPolicy(\"default\", {\n arn: awsLogins.arn,\n policy: snsTopicPolicy.apply(snsTopicPolicy => snsTopicPolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconsole = aws.cloudwatch.EventRule(\"console\",\n description=\"Capture each AWS Console Sign In\",\n event_pattern=\"\"\"{\n \"detail-type\": [\n \"AWS Console Sign In via CloudTrail\"\n ]\n}\n\"\"\")\naws_logins = aws.sns.Topic(\"awsLogins\")\nsns = aws.cloudwatch.EventTarget(\"sns\",\n rule=console.name,\n arn=aws_logins.arn)\nsns_topic_policy = aws_logins.arn.apply(lambda arn: aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"SNS:Publish\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n resources=[arn],\n)]))\ndefault = aws.sns.TopicPolicy(\"default\",\n arn=aws_logins.arn,\n policy=sns_topic_policy.json)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var console = new Aws.CloudWatch.EventRule(\"console\", new Aws.CloudWatch.EventRuleArgs\n {\n Description = \"Capture each AWS Console Sign In\",\n EventPattern = @\"{\n \"\"detail-type\"\": [\n \"\"AWS Console Sign In via CloudTrail\"\"\n ]\n}\n\",\n });\n var awsLogins = new Aws.Sns.Topic(\"awsLogins\", new Aws.Sns.TopicArgs\n {\n });\n var sns = new Aws.CloudWatch.EventTarget(\"sns\", new Aws.CloudWatch.EventTargetArgs\n {\n Rule = console.Name,\n Arn = awsLogins.Arn,\n });\n var snsTopicPolicy = awsLogins.Arn.Apply(arn => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Effect = \"Allow\",\n Actions = \n {\n \"SNS:Publish\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"events.amazonaws.com\",\n },\n },\n },\n Resources = \n {\n arn,\n },\n },\n },\n }));\n var @default = new Aws.Sns.TopicPolicy(\"default\", new Aws.Sns.TopicPolicyArgs\n {\n Arn = awsLogins.Arn,\n Policy = snsTopicPolicy.Apply(snsTopicPolicy => snsTopicPolicy.Json),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tconsole, err := cloudwatch.NewEventRule(ctx, \"console\", &cloudwatch.EventRuleArgs{\n\t\t\tDescription: pulumi.String(\"Capture each AWS Console Sign In\"),\n\t\t\tEventPattern: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v\", \"{\\n\", \" \\\"detail-type\\\": [\\n\", \" \\\"AWS Console Sign In via CloudTrail\\\"\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsLogins, err := sns.NewTopic(ctx, \"awsLogins\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"sns\", &cloudwatch.EventTargetArgs{\n\t\t\tRule: console.Name,\n\t\t\tArn: awsLogins.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicPolicy(ctx, \"_default\", &sns.TopicPolicyArgs{\n\t\t\tArn: awsLogins.Arn,\n\t\t\tPolicy: snsTopicPolicy.ApplyT(func(snsTopicPolicy iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn snsTopicPolicy.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEventBridge Rules can be imported using the `event_bus_name/rule_name` (if you omit `event_bus_name`, the `default` event bus will be used), e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/eventRule:EventRule console example-event-bus/capture-console-sign-in\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the rule.\n" + }, + "description": { + "type": "string", + "description": "The description of the rule.\n" + }, + "eventBusName": { + "type": "string", + "description": "The event bus to associate with this rule. If you omit this, the `default` event bus is used.\n" + }, + "eventPattern": { + "type": "string", + "description": "The event pattern described a JSON object. At least one of `schedule_expression` or `event_pattern` is required. See full documentation of [Events and Event Patterns in EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) for details.\n" + }, + "isEnabled": { + "type": "boolean", + "description": "Whether the rule should be enabled (defaults to `true`).\n" + }, + "name": { + "type": "string", + "description": "The name of the rule. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) associated with the role that is used for target invocation.\n" + }, + "scheduleExpression": { + "type": "string", + "description": "The scheduling expression. For example, `cron(0 20 * * ? *)` or `rate(5 minutes)`. At least one of `schedule_expression` or `event_pattern` is required. Can only be used on the default event bus. For more information, refer to the AWS documentation [Schedule Expressions for Rules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "namePrefix", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the rule.\n" + }, + "eventBusName": { + "type": "string", + "description": "The event bus to associate with this rule. If you omit this, the `default` event bus is used.\n" + }, + "eventPattern": { + "type": "string", + "description": "The event pattern described a JSON object. At least one of `schedule_expression` or `event_pattern` is required. See full documentation of [Events and Event Patterns in EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) for details.\n" + }, + "isEnabled": { + "type": "boolean", + "description": "Whether the rule should be enabled (defaults to `true`).\n" + }, + "name": { + "type": "string", + "description": "The name of the rule. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) associated with the role that is used for target invocation.\n" + }, + "scheduleExpression": { + "type": "string", + "description": "The scheduling expression. For example, `cron(0 20 * * ? *)` or `rate(5 minutes)`. At least one of `schedule_expression` or `event_pattern` is required. Can only be used on the default event bus. For more information, refer to the AWS documentation [Schedule Expressions for Rules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering EventRule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the rule.\n" + }, + "description": { + "type": "string", + "description": "The description of the rule.\n" + }, + "eventBusName": { + "type": "string", + "description": "The event bus to associate with this rule. If you omit this, the `default` event bus is used.\n" + }, + "eventPattern": { + "type": "string", + "description": "The event pattern described a JSON object. At least one of `schedule_expression` or `event_pattern` is required. See full documentation of [Events and Event Patterns in EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eventbridge-and-event-patterns.html) for details.\n" + }, + "isEnabled": { + "type": "boolean", + "description": "Whether the rule should be enabled (defaults to `true`).\n" + }, + "name": { + "type": "string", + "description": "The name of the rule. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) associated with the role that is used for target invocation.\n" + }, + "scheduleExpression": { + "type": "string", + "description": "The scheduling expression. For example, `cron(0 20 * * ? *)` or `rate(5 minutes)`. At least one of `schedule_expression` or `event_pattern` is required. Can only be used on the default event bus. For more information, refer to the AWS documentation [Schedule Expressions for Rules](https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/ScheduledEvents.html).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/eventTarget:EventTarget": { + "description": "Provides an EventBridge Target resource.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst console = new aws.cloudwatch.EventRule(\"console\", {\n description: \"Capture all EC2 scaling events\",\n eventPattern: `{\n \"source\": [\n \"aws.autoscaling\"\n ],\n \"detail-type\": [\n \"EC2 Instance Launch Successful\",\n \"EC2 Instance Terminate Successful\",\n \"EC2 Instance Launch Unsuccessful\",\n \"EC2 Instance Terminate Unsuccessful\"\n ]\n}\n`,\n});\nconst testStream = new aws.kinesis.Stream(\"testStream\", {shardCount: 1});\nconst yada = new aws.cloudwatch.EventTarget(\"yada\", {\n rule: console.name,\n arn: testStream.arn,\n runCommandTargets: [\n {\n key: \"tag:Name\",\n values: [\"FooBar\"],\n },\n {\n key: \"InstanceIds\",\n values: [\"i-162058cd308bffec2\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconsole = aws.cloudwatch.EventRule(\"console\",\n description=\"Capture all EC2 scaling events\",\n event_pattern=\"\"\"{\n \"source\": [\n \"aws.autoscaling\"\n ],\n \"detail-type\": [\n \"EC2 Instance Launch Successful\",\n \"EC2 Instance Terminate Successful\",\n \"EC2 Instance Launch Unsuccessful\",\n \"EC2 Instance Terminate Unsuccessful\"\n ]\n}\n\"\"\")\ntest_stream = aws.kinesis.Stream(\"testStream\", shard_count=1)\nyada = aws.cloudwatch.EventTarget(\"yada\",\n rule=console.name,\n arn=test_stream.arn,\n run_command_targets=[\n aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"tag:Name\",\n values=[\"FooBar\"],\n ),\n aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"InstanceIds\",\n values=[\"i-162058cd308bffec2\"],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var console = new Aws.CloudWatch.EventRule(\"console\", new Aws.CloudWatch.EventRuleArgs\n {\n Description = \"Capture all EC2 scaling events\",\n EventPattern = @\"{\n \"\"source\"\": [\n \"\"aws.autoscaling\"\"\n ],\n \"\"detail-type\"\": [\n \"\"EC2 Instance Launch Successful\"\",\n \"\"EC2 Instance Terminate Successful\"\",\n \"\"EC2 Instance Launch Unsuccessful\"\",\n \"\"EC2 Instance Terminate Unsuccessful\"\"\n ]\n}\n\",\n });\n var testStream = new Aws.Kinesis.Stream(\"testStream\", new Aws.Kinesis.StreamArgs\n {\n ShardCount = 1,\n });\n var yada = new Aws.CloudWatch.EventTarget(\"yada\", new Aws.CloudWatch.EventTargetArgs\n {\n Rule = console.Name,\n Arn = testStream.Arn,\n RunCommandTargets = \n {\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"tag:Name\",\n Values = \n {\n \"FooBar\",\n },\n },\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"InstanceIds\",\n Values = \n {\n \"i-162058cd308bffec2\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tconsole, err := cloudwatch.NewEventRule(ctx, \"console\", &cloudwatch.EventRuleArgs{\n\t\t\tDescription: pulumi.String(\"Capture all EC2 scaling events\"),\n\t\t\tEventPattern: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"source\\\": [\\n\", \" \\\"aws.autoscaling\\\"\\n\", \" ],\\n\", \" \\\"detail-type\\\": [\\n\", \" \\\"EC2 Instance Launch Successful\\\",\\n\", \" \\\"EC2 Instance Terminate Successful\\\",\\n\", \" \\\"EC2 Instance Launch Unsuccessful\\\",\\n\", \" \\\"EC2 Instance Terminate Unsuccessful\\\"\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStream, err := kinesis.NewStream(ctx, \"testStream\", &kinesis.StreamArgs{\n\t\t\tShardCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"yada\", &cloudwatch.EventTargetArgs{\n\t\t\tRule: console.Name,\n\t\t\tArn: testStream.Arn,\n\t\t\tRunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{\n\t\t\t\t&cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"tag:Name\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"FooBar\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"InstanceIds\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"i-162058cd308bffec2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Example SSM Document Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ssmLifecycleTrust = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"events.amazonaws.com\"],\n }],\n }],\n});\nconst stopInstance = new aws.ssm.Document(\"stopInstance\", {\n documentType: \"Command\",\n content: ` {\n \"schemaVersion\": \"1.2\",\n \"description\": \"Stop an instance\",\n \"parameters\": {\n\n },\n \"runtimeConfig\": {\n \"aws:runShellScript\": {\n \"properties\": [\n {\n \"id\": \"0.aws:runShellScript\",\n \"runCommand\": [\"halt\"]\n }\n ]\n }\n }\n }\n`,\n});\nconst ssmLifecyclePolicyDocument = stopInstance.arn.apply(arn => aws.iam.getPolicyDocument({\n statements: [\n {\n effect: \"Allow\",\n actions: [\"ssm:SendCommand\"],\n resources: [\"arn:aws:ec2:eu-west-1:1234567890:instance/*\"],\n conditions: [{\n test: \"StringEquals\",\n variable: \"ec2:ResourceTag/Terminate\",\n values: [\"*\"],\n }],\n },\n {\n effect: \"Allow\",\n actions: [\"ssm:SendCommand\"],\n resources: [arn],\n },\n ],\n}));\nconst ssmLifecycleRole = new aws.iam.Role(\"ssmLifecycleRole\", {assumeRolePolicy: ssmLifecycleTrust.then(ssmLifecycleTrust => ssmLifecycleTrust.json)});\nconst ssmLifecyclePolicy = new aws.iam.Policy(\"ssmLifecyclePolicy\", {policy: ssmLifecyclePolicyDocument.apply(ssmLifecyclePolicyDocument => ssmLifecyclePolicyDocument.json)});\nconst stopInstancesEventRule = new aws.cloudwatch.EventRule(\"stopInstancesEventRule\", {\n description: \"Stop instances nightly\",\n scheduleExpression: \"cron(0 0 * * ? *)\",\n});\nconst stopInstancesEventTarget = new aws.cloudwatch.EventTarget(\"stopInstancesEventTarget\", {\n arn: stopInstance.arn,\n rule: stopInstancesEventRule.name,\n roleArn: ssmLifecycleRole.arn,\n runCommandTargets: [{\n key: \"tag:Terminate\",\n values: [\"midnight\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nssm_lifecycle_trust = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"events.amazonaws.com\"],\n )],\n)])\nstop_instance = aws.ssm.Document(\"stopInstance\",\n document_type=\"Command\",\n content=\"\"\" {\n \"schemaVersion\": \"1.2\",\n \"description\": \"Stop an instance\",\n \"parameters\": {\n\n },\n \"runtimeConfig\": {\n \"aws:runShellScript\": {\n \"properties\": [\n {\n \"id\": \"0.aws:runShellScript\",\n \"runCommand\": [\"halt\"]\n }\n ]\n }\n }\n }\n\"\"\")\nssm_lifecycle_policy_document = stop_instance.arn.apply(lambda arn: aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ssm:SendCommand\"],\n resources=[\"arn:aws:ec2:eu-west-1:1234567890:instance/*\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"ec2:ResourceTag/Terminate\",\n values=[\"*\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\"ssm:SendCommand\"],\n resources=[arn],\n ),\n]))\nssm_lifecycle_role = aws.iam.Role(\"ssmLifecycleRole\", assume_role_policy=ssm_lifecycle_trust.json)\nssm_lifecycle_policy = aws.iam.Policy(\"ssmLifecyclePolicy\", policy=ssm_lifecycle_policy_document.json)\nstop_instances_event_rule = aws.cloudwatch.EventRule(\"stopInstancesEventRule\",\n description=\"Stop instances nightly\",\n schedule_expression=\"cron(0 0 * * ? *)\")\nstop_instances_event_target = aws.cloudwatch.EventTarget(\"stopInstancesEventTarget\",\n arn=stop_instance.arn,\n rule=stop_instances_event_rule.name,\n role_arn=ssm_lifecycle_role.arn,\n run_command_targets=[aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"tag:Terminate\",\n values=[\"midnight\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ssmLifecycleTrust = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sts:AssumeRole\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"events.amazonaws.com\",\n },\n },\n },\n },\n },\n }));\n var stopInstance = new Aws.Ssm.Document(\"stopInstance\", new Aws.Ssm.DocumentArgs\n {\n DocumentType = \"Command\",\n Content = @\" {\n \"\"schemaVersion\"\": \"\"1.2\"\",\n \"\"description\"\": \"\"Stop an instance\"\",\n \"\"parameters\"\": {\n\n },\n \"\"runtimeConfig\"\": {\n \"\"aws:runShellScript\"\": {\n \"\"properties\"\": [\n {\n \"\"id\"\": \"\"0.aws:runShellScript\"\",\n \"\"runCommand\"\": [\"\"halt\"\"]\n }\n ]\n }\n }\n }\n\",\n });\n var ssmLifecyclePolicyDocument = stopInstance.Arn.Apply(arn => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Effect = \"Allow\",\n Actions = \n {\n \"ssm:SendCommand\",\n },\n Resources = \n {\n \"arn:aws:ec2:eu-west-1:1234567890:instance/*\",\n },\n Conditions = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs\n {\n Test = \"StringEquals\",\n Variable = \"ec2:ResourceTag/Terminate\",\n Values = \n {\n \"*\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Effect = \"Allow\",\n Actions = \n {\n \"ssm:SendCommand\",\n },\n Resources = \n {\n arn,\n },\n },\n },\n }));\n var ssmLifecycleRole = new Aws.Iam.Role(\"ssmLifecycleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = ssmLifecycleTrust.Apply(ssmLifecycleTrust => ssmLifecycleTrust.Json),\n });\n var ssmLifecyclePolicy = new Aws.Iam.Policy(\"ssmLifecyclePolicy\", new Aws.Iam.PolicyArgs\n {\n Policy = ssmLifecyclePolicyDocument.Apply(ssmLifecyclePolicyDocument => ssmLifecyclePolicyDocument.Json),\n });\n var stopInstancesEventRule = new Aws.CloudWatch.EventRule(\"stopInstancesEventRule\", new Aws.CloudWatch.EventRuleArgs\n {\n Description = \"Stop instances nightly\",\n ScheduleExpression = \"cron(0 0 * * ? *)\",\n });\n var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget(\"stopInstancesEventTarget\", new Aws.CloudWatch.EventTargetArgs\n {\n Arn = stopInstance.Arn,\n Rule = stopInstancesEventRule.Name,\n RoleArn = ssmLifecycleRole.Arn,\n RunCommandTargets = \n {\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"tag:Terminate\",\n Values = \n {\n \"midnight\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tssmLifecycleTrust, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"events.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstopInstance, err := ssm.NewDocument(ctx, \"stopInstance\", &ssm.DocumentArgs{\n\t\t\tDocumentType: pulumi.String(\"Command\"),\n\t\t\tContent: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \" {\\n\", \" \\\"schemaVersion\\\": \\\"1.2\\\",\\n\", \" \\\"description\\\": \\\"Stop an instance\\\",\\n\", \" \\\"parameters\\\": {\\n\", \"\\n\", \" },\\n\", \" \\\"runtimeConfig\\\": {\\n\", \" \\\"aws:runShellScript\\\": {\\n\", \" \\\"properties\\\": [\\n\", \" {\\n\", \" \\\"id\\\": \\\"0.aws:runShellScript\\\",\\n\", \" \\\"runCommand\\\": [\\\"halt\\\"]\\n\", \" }\\n\", \" ]\\n\", \" }\\n\", \" }\\n\", \" }\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tssmLifecycleRole, err := iam.NewRole(ctx, \"ssmLifecycleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(ssmLifecycleTrust.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewPolicy(ctx, \"ssmLifecyclePolicy\", &iam.PolicyArgs{\n\t\t\tPolicy: ssmLifecyclePolicyDocument.ApplyT(func(ssmLifecyclePolicyDocument iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn ssmLifecyclePolicyDocument.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tstopInstancesEventRule, err := cloudwatch.NewEventRule(ctx, \"stopInstancesEventRule\", &cloudwatch.EventRuleArgs{\n\t\t\tDescription: pulumi.String(\"Stop instances nightly\"),\n\t\t\tScheduleExpression: pulumi.String(\"cron(0 0 * * ? *)\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"stopInstancesEventTarget\", &cloudwatch.EventTargetArgs{\n\t\t\tArn: stopInstance.Arn,\n\t\t\tRule: stopInstancesEventRule.Name,\n\t\t\tRoleArn: ssmLifecycleRole.Arn,\n\t\t\tRunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{\n\t\t\t\t&cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"tag:Terminate\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"midnight\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Example RunCommand Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst stopInstancesEventRule = new aws.cloudwatch.EventRule(\"stopInstancesEventRule\", {\n description: \"Stop instances nightly\",\n scheduleExpression: \"cron(0 0 * * ? *)\",\n});\nconst stopInstancesEventTarget = new aws.cloudwatch.EventTarget(\"stopInstancesEventTarget\", {\n arn: `arn:aws:ssm:${_var.aws_region}::document/AWS-RunShellScript`,\n input: \"{\\\"commands\\\":[\\\"halt\\\"]}\",\n rule: stopInstancesEventRule.name,\n roleArn: aws_iam_role.ssm_lifecycle.arn,\n runCommandTargets: [{\n key: \"tag:Terminate\",\n values: [\"midnight\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nstop_instances_event_rule = aws.cloudwatch.EventRule(\"stopInstancesEventRule\",\n description=\"Stop instances nightly\",\n schedule_expression=\"cron(0 0 * * ? *)\")\nstop_instances_event_target = aws.cloudwatch.EventTarget(\"stopInstancesEventTarget\",\n arn=f\"arn:aws:ssm:{var['aws_region']}::document/AWS-RunShellScript\",\n input=\"{\\\"commands\\\":[\\\"halt\\\"]}\",\n rule=stop_instances_event_rule.name,\n role_arn=aws_iam_role[\"ssm_lifecycle\"][\"arn\"],\n run_command_targets=[aws.cloudwatch.EventTargetRunCommandTargetArgs(\n key=\"tag:Terminate\",\n values=[\"midnight\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var stopInstancesEventRule = new Aws.CloudWatch.EventRule(\"stopInstancesEventRule\", new Aws.CloudWatch.EventRuleArgs\n {\n Description = \"Stop instances nightly\",\n ScheduleExpression = \"cron(0 0 * * ? *)\",\n });\n var stopInstancesEventTarget = new Aws.CloudWatch.EventTarget(\"stopInstancesEventTarget\", new Aws.CloudWatch.EventTargetArgs\n {\n Arn = $\"arn:aws:ssm:{@var.Aws_region}::document/AWS-RunShellScript\",\n Input = \"{\\\"commands\\\":[\\\"halt\\\"]}\",\n Rule = stopInstancesEventRule.Name,\n RoleArn = aws_iam_role.Ssm_lifecycle.Arn,\n RunCommandTargets = \n {\n new Aws.CloudWatch.Inputs.EventTargetRunCommandTargetArgs\n {\n Key = \"tag:Terminate\",\n Values = \n {\n \"midnight\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tstopInstancesEventRule, err := cloudwatch.NewEventRule(ctx, \"stopInstancesEventRule\", &cloudwatch.EventRuleArgs{\n\t\t\tDescription: pulumi.String(\"Stop instances nightly\"),\n\t\t\tScheduleExpression: pulumi.String(\"cron(0 0 * * ? *)\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"stopInstancesEventTarget\", &cloudwatch.EventTargetArgs{\n\t\t\tArn: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"arn:aws:ssm:\", _var.Aws_region, \"::document/AWS-RunShellScript\")),\n\t\t\tInput: pulumi.String(\"{\\\"commands\\\":[\\\"halt\\\"]}\"),\n\t\t\tRule: stopInstancesEventRule.Name,\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Ssm_lifecycle.Arn),\n\t\t\tRunCommandTargets: cloudwatch.EventTargetRunCommandTargetArray{\n\t\t\t\t&cloudwatch.EventTargetRunCommandTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"tag:Terminate\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"midnight\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Example API Gateway target\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"exampleEventRule\", {});\n// ...\nconst exampleDeployment = new aws.apigateway.Deployment(\"exampleDeployment\", {restApi: aws_api_gateway_rest_api.example.id});\n// ...\nconst exampleStage = new aws.apigateway.Stage(\"exampleStage\", {\n restApi: aws_api_gateway_rest_api.example.id,\n deployment: exampleDeployment.id,\n});\n// ...\nconst exampleEventTarget = new aws.cloudwatch.EventTarget(\"exampleEventTarget\", {\n arn: pulumi.interpolate`${exampleStage.executionArn}/GET`,\n rule: exampleEventRule.id,\n httpTarget: {\n queryStringParameters: {\n Body: `$.detail.body`,\n },\n headerParameters: {\n Env: \"Test\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_rule = aws.cloudwatch.EventRule(\"exampleEventRule\")\n# ...\nexample_deployment = aws.apigateway.Deployment(\"exampleDeployment\", rest_api=aws_api_gateway_rest_api[\"example\"][\"id\"])\n# ...\nexample_stage = aws.apigateway.Stage(\"exampleStage\",\n rest_api=aws_api_gateway_rest_api[\"example\"][\"id\"],\n deployment=example_deployment.id)\n# ...\nexample_event_target = aws.cloudwatch.EventTarget(\"exampleEventTarget\",\n arn=example_stage.execution_arn.apply(lambda execution_arn: f\"{execution_arn}/GET\"),\n rule=example_event_rule.id,\n http_target=aws.cloudwatch.EventTargetHttpTargetArgs(\n query_string_parameters={\n \"Body\": \"$.detail.body\",\n },\n header_parameters={\n \"Env\": \"Test\",\n },\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"exampleEventRule\", new Aws.CloudWatch.EventRuleArgs\n {\n });\n // ...\n var exampleDeployment = new Aws.ApiGateway.Deployment(\"exampleDeployment\", new Aws.ApiGateway.DeploymentArgs\n {\n RestApi = aws_api_gateway_rest_api.Example.Id,\n });\n // ...\n var exampleStage = new Aws.ApiGateway.Stage(\"exampleStage\", new Aws.ApiGateway.StageArgs\n {\n RestApi = aws_api_gateway_rest_api.Example.Id,\n Deployment = exampleDeployment.Id,\n });\n // ...\n var exampleEventTarget = new Aws.CloudWatch.EventTarget(\"exampleEventTarget\", new Aws.CloudWatch.EventTargetArgs\n {\n Arn = exampleStage.ExecutionArn.Apply(executionArn => $\"{executionArn}/GET\"),\n Rule = exampleEventRule.Id,\n HttpTarget = new Aws.CloudWatch.Inputs.EventTargetHttpTargetArgs\n {\n QueryStringParameters = \n {\n { \"Body\", \"$.detail.body\" },\n },\n HeaderParameters = \n {\n { \"Env\", \"Test\" },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"exampleEventRule\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDeployment, err := apigateway.NewDeployment(ctx, \"exampleDeployment\", &apigateway.DeploymentArgs{\n\t\t\tRestApi: pulumi.Any(aws_api_gateway_rest_api.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleStage, err := apigateway.NewStage(ctx, \"exampleStage\", &apigateway.StageArgs{\n\t\t\tRestApi: pulumi.Any(aws_api_gateway_rest_api.Example.Id),\n\t\t\tDeployment: exampleDeployment.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"exampleEventTarget\", &cloudwatch.EventTargetArgs{\n\t\t\tArn: exampleStage.ExecutionArn.ApplyT(func(executionArn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v\", executionArn, \"/GET\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tRule: exampleEventRule.ID(),\n\t\t\tHttpTarget: &cloudwatch.EventTargetHttpTargetArgs{\n\t\t\t\tQueryStringParameters: pulumi.StringMap{\n\t\t\t\t\t\"Body\": pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \".detail.body\")),\n\t\t\t\t},\n\t\t\t\tHeaderParameters: pulumi.StringMap{\n\t\t\t\t\t\"Env\": pulumi.String(\"Test\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Example Input Transformer Usage - JSON Object\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"exampleEventRule\", {});\n// ...\nconst exampleEventTarget = new aws.cloudwatch.EventTarget(\"exampleEventTarget\", {\n arn: aws_lambda_function.example.arn,\n rule: exampleEventRule.id,\n inputTransformer: {\n inputPaths: {\n instance: `$.detail.instance`,\n status: `$.detail.status`,\n },\n inputTemplate: `{\n \"instance_id\": ,\n \"instance_status\": \n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_rule = aws.cloudwatch.EventRule(\"exampleEventRule\")\n# ...\nexample_event_target = aws.cloudwatch.EventTarget(\"exampleEventTarget\",\n arn=aws_lambda_function[\"example\"][\"arn\"],\n rule=example_event_rule.id,\n input_transformer=aws.cloudwatch.EventTargetInputTransformerArgs(\n input_paths={\n \"instance\": \"$.detail.instance\",\n \"status\": \"$.detail.status\",\n },\n input_template=\"\"\"{\n \"instance_id\": ,\n \"instance_status\": \n}\n\"\"\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"exampleEventRule\", new Aws.CloudWatch.EventRuleArgs\n {\n });\n // ...\n var exampleEventTarget = new Aws.CloudWatch.EventTarget(\"exampleEventTarget\", new Aws.CloudWatch.EventTargetArgs\n {\n Arn = aws_lambda_function.Example.Arn,\n Rule = exampleEventRule.Id,\n InputTransformer = new Aws.CloudWatch.Inputs.EventTargetInputTransformerArgs\n {\n InputPaths = \n {\n { \"instance\", \"$.detail.instance\" },\n { \"status\", \"$.detail.status\" },\n },\n InputTemplate = @\"{\n \"\"instance_id\"\": ,\n \"\"instance_status\"\": \n}\n\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"exampleEventRule\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"exampleEventTarget\", &cloudwatch.EventTargetArgs{\n\t\t\tArn: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tRule: exampleEventRule.ID(),\n\t\t\tInputTransformer: &cloudwatch.EventTargetInputTransformerArgs{\n\t\t\t\tInputPaths: pulumi.StringMap{\n\t\t\t\t\t\"instance\": pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \".detail.instance\")),\n\t\t\t\t\t\"status\": pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \".detail.status\")),\n\t\t\t\t},\n\t\t\t\tInputTemplate: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"{\\n\", \" \\\"instance_id\\\": ,\\n\", \" \\\"instance_status\\\": \\n\", \"}\\n\")),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Example Input Transformer Usage - Simple String\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventRule = new aws.cloudwatch.EventRule(\"exampleEventRule\", {});\n// ...\nconst exampleEventTarget = new aws.cloudwatch.EventTarget(\"exampleEventTarget\", {\n arn: aws_lambda_function.example.arn,\n rule: exampleEventRule.id,\n inputTransformer: {\n inputPaths: {\n instance: `$.detail.instance`,\n status: `$.detail.status`,\n },\n inputTemplate: \"\\\" is in state \\\"\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_rule = aws.cloudwatch.EventRule(\"exampleEventRule\")\n# ...\nexample_event_target = aws.cloudwatch.EventTarget(\"exampleEventTarget\",\n arn=aws_lambda_function[\"example\"][\"arn\"],\n rule=example_event_rule.id,\n input_transformer=aws.cloudwatch.EventTargetInputTransformerArgs(\n input_paths={\n \"instance\": \"$.detail.instance\",\n \"status\": \"$.detail.status\",\n },\n input_template=\"\\\" is in state \\\"\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleEventRule = new Aws.CloudWatch.EventRule(\"exampleEventRule\", new Aws.CloudWatch.EventRuleArgs\n {\n });\n // ...\n var exampleEventTarget = new Aws.CloudWatch.EventTarget(\"exampleEventTarget\", new Aws.CloudWatch.EventTargetArgs\n {\n Arn = aws_lambda_function.Example.Arn,\n Rule = exampleEventRule.Id,\n InputTransformer = new Aws.CloudWatch.Inputs.EventTargetInputTransformerArgs\n {\n InputPaths = \n {\n { \"instance\", \"$.detail.instance\" },\n { \"status\", \"$.detail.status\" },\n },\n InputTemplate = \"\\\" is in state \\\"\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEventRule, err := cloudwatch.NewEventRule(ctx, \"exampleEventRule\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewEventTarget(ctx, \"exampleEventTarget\", &cloudwatch.EventTargetArgs{\n\t\t\tArn: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tRule: exampleEventRule.ID(),\n\t\t\tInputTransformer: &cloudwatch.EventTargetInputTransformerArgs{\n\t\t\t\tInputPaths: pulumi.StringMap{\n\t\t\t\t\t\"instance\": pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \".detail.instance\")),\n\t\t\t\t\t\"status\": pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \".detail.status\")),\n\t\t\t\t},\n\t\t\t\tInputTemplate: pulumi.String(\"\\\" is in state \\\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nEventBridge Targets can be imported using `event_bus_name/rule-name/target-id` (if you omit `event_bus_name`, the `default` event bus will be used).\n\n```sh\n $ pulumi import aws:cloudwatch/eventTarget:EventTarget test-event-target rule-name/target-id\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "- ARN of the SQS queue specified as the target for the dead-letter queue.\n" + }, + "batchTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetBatchTarget:EventTargetBatchTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.\n" + }, + "deadLetterConfig": { + "$ref": "#/types/aws:cloudwatch/EventTargetDeadLetterConfig:EventTargetDeadLetterConfig", + "description": "Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.\n" + }, + "ecsTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetEcsTarget:EventTargetEcsTarget", + "description": "Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.\n" + }, + "eventBusName": { + "type": "string", + "description": "The event bus to associate with the rule. If you omit this, the `default` event bus is used.\n" + }, + "httpTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetHttpTarget:EventTargetHttpTarget", + "description": "Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.\n" + }, + "input": { + "type": "string", + "description": "Valid JSON text passed to the target. Conflicts with `input_path` and `input_transformer`.\n" + }, + "inputPath": { + "type": "string", + "description": "The value of the [JSONPath](http://goessner.net/articles/JsonPath/) that is used for extracting part of the matched event when passing it to the target. Conflicts with `input` and `input_transformer`.\n" + }, + "inputTransformer": { + "$ref": "#/types/aws:cloudwatch/EventTargetInputTransformer:EventTargetInputTransformer", + "description": "Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with `input` and `input_path`.\n" + }, + "kinesisTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetKinesisTarget:EventTargetKinesisTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.\n" + }, + "redshiftTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetRedshiftTarget:EventTargetRedshiftTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.\n" + }, + "retryPolicy": { + "$ref": "#/types/aws:cloudwatch/EventTargetRetryPolicy:EventTargetRetryPolicy", + "description": "Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if `ecs_target` is used or target in `arn` is EC2 instance, Kinesis data stream or Step Functions state machine.\n" + }, + "rule": { + "type": "string", + "description": "The name of the rule you want to add targets to.\n" + }, + "runCommandTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/EventTargetRunCommandTarget:EventTargetRunCommandTarget" + }, + "description": "Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.\n" + }, + "sqsTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetSqsTarget:EventTargetSqsTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.\n" + }, + "targetId": { + "type": "string", + "description": "The unique target assignment ID. If missing, will generate a random, unique id.\n" + } + }, + "required": [ + "arn", + "rule", + "targetId" + ], + "inputProperties": { + "arn": { + "type": "string", + "description": "- ARN of the SQS queue specified as the target for the dead-letter queue.\n" + }, + "batchTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetBatchTarget:EventTargetBatchTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.\n" + }, + "deadLetterConfig": { + "$ref": "#/types/aws:cloudwatch/EventTargetDeadLetterConfig:EventTargetDeadLetterConfig", + "description": "Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.\n" + }, + "ecsTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetEcsTarget:EventTargetEcsTarget", + "description": "Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.\n" + }, + "eventBusName": { + "type": "string", + "description": "The event bus to associate with the rule. If you omit this, the `default` event bus is used.\n" + }, + "httpTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetHttpTarget:EventTargetHttpTarget", + "description": "Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.\n" + }, + "input": { + "type": "string", + "description": "Valid JSON text passed to the target. Conflicts with `input_path` and `input_transformer`.\n" + }, + "inputPath": { + "type": "string", + "description": "The value of the [JSONPath](http://goessner.net/articles/JsonPath/) that is used for extracting part of the matched event when passing it to the target. Conflicts with `input` and `input_transformer`.\n" + }, + "inputTransformer": { + "$ref": "#/types/aws:cloudwatch/EventTargetInputTransformer:EventTargetInputTransformer", + "description": "Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with `input` and `input_path`.\n" + }, + "kinesisTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetKinesisTarget:EventTargetKinesisTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.\n" + }, + "redshiftTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetRedshiftTarget:EventTargetRedshiftTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.\n" + }, + "retryPolicy": { + "$ref": "#/types/aws:cloudwatch/EventTargetRetryPolicy:EventTargetRetryPolicy", + "description": "Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if `ecs_target` is used or target in `arn` is EC2 instance, Kinesis data stream or Step Functions state machine.\n" + }, + "rule": { + "type": "string", + "description": "The name of the rule you want to add targets to.\n" + }, + "runCommandTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/EventTargetRunCommandTarget:EventTargetRunCommandTarget" + }, + "description": "Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.\n" + }, + "sqsTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetSqsTarget:EventTargetSqsTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.\n" + }, + "targetId": { + "type": "string", + "description": "The unique target assignment ID. If missing, will generate a random, unique id.\n" + } + }, + "requiredInputs": [ + "arn", + "rule" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventTarget resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "- ARN of the SQS queue specified as the target for the dead-letter queue.\n" + }, + "batchTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetBatchTarget:EventTargetBatchTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon Batch Job. Documented below. A maximum of 1 are allowed.\n" + }, + "deadLetterConfig": { + "$ref": "#/types/aws:cloudwatch/EventTargetDeadLetterConfig:EventTargetDeadLetterConfig", + "description": "Parameters used when you are providing a dead letter config. Documented below. A maximum of 1 are allowed.\n" + }, + "ecsTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetEcsTarget:EventTargetEcsTarget", + "description": "Parameters used when you are using the rule to invoke Amazon ECS Task. Documented below. A maximum of 1 are allowed.\n" + }, + "eventBusName": { + "type": "string", + "description": "The event bus to associate with the rule. If you omit this, the `default` event bus is used.\n" + }, + "httpTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetHttpTarget:EventTargetHttpTarget", + "description": "Parameters used when you are using the rule to invoke an API Gateway REST endpoint. Documented below. A maximum of 1 is allowed.\n" + }, + "input": { + "type": "string", + "description": "Valid JSON text passed to the target. Conflicts with `input_path` and `input_transformer`.\n" + }, + "inputPath": { + "type": "string", + "description": "The value of the [JSONPath](http://goessner.net/articles/JsonPath/) that is used for extracting part of the matched event when passing it to the target. Conflicts with `input` and `input_transformer`.\n" + }, + "inputTransformer": { + "$ref": "#/types/aws:cloudwatch/EventTargetInputTransformer:EventTargetInputTransformer", + "description": "Parameters used when you are providing a custom input to a target based on certain event data. Conflicts with `input` and `input_path`.\n" + }, + "kinesisTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetKinesisTarget:EventTargetKinesisTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon Kinesis Stream. Documented below. A maximum of 1 are allowed.\n" + }, + "redshiftTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetRedshiftTarget:EventTargetRedshiftTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon Redshift Statement. Documented below. A maximum of 1 are allowed.\n" + }, + "retryPolicy": { + "$ref": "#/types/aws:cloudwatch/EventTargetRetryPolicy:EventTargetRetryPolicy", + "description": "Parameters used when you are providing retry policies. Documented below. A maximum of 1 are allowed.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. Required if `ecs_target` is used or target in `arn` is EC2 instance, Kinesis data stream or Step Functions state machine.\n" + }, + "rule": { + "type": "string", + "description": "The name of the rule you want to add targets to.\n" + }, + "runCommandTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/EventTargetRunCommandTarget:EventTargetRunCommandTarget" + }, + "description": "Parameters used when you are using the rule to invoke Amazon EC2 Run Command. Documented below. A maximum of 5 are allowed.\n" + }, + "sqsTarget": { + "$ref": "#/types/aws:cloudwatch/EventTargetSqsTarget:EventTargetSqsTarget", + "description": "Parameters used when you are using the rule to invoke an Amazon SQS Queue. Documented below. A maximum of 1 are allowed.\n" + }, + "targetId": { + "type": "string", + "description": "The unique target assignment ID. If missing, will generate a random, unique id.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/logDestination:LogDestination": { + "description": "Provides a CloudWatch Logs destination resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testDestination = new aws.cloudwatch.LogDestination(\"testDestination\", {\n roleArn: aws_iam_role.iam_for_cloudwatch.arn,\n targetArn: aws_kinesis_stream.kinesis_for_cloudwatch.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_destination = aws.cloudwatch.LogDestination(\"testDestination\",\n role_arn=aws_iam_role[\"iam_for_cloudwatch\"][\"arn\"],\n target_arn=aws_kinesis_stream[\"kinesis_for_cloudwatch\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testDestination = new Aws.CloudWatch.LogDestination(\"testDestination\", new Aws.CloudWatch.LogDestinationArgs\n {\n RoleArn = aws_iam_role.Iam_for_cloudwatch.Arn,\n TargetArn = aws_kinesis_stream.Kinesis_for_cloudwatch.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewLogDestination(ctx, \"testDestination\", &cloudwatch.LogDestinationArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_cloudwatch.Arn),\n\t\t\tTargetArn: pulumi.Any(aws_kinesis_stream.Kinesis_for_cloudwatch.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudWatch Logs destinations can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/logDestination:LogDestination test_destination test_destination\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the log destination.\n" + }, + "name": { + "type": "string", + "description": "A name for the log destination\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of an IAM role that grants Amazon CloudWatch Logs permissions to put data into the target\n" + }, + "targetArn": { + "type": "string", + "description": "The ARN of the target Amazon Kinesis stream resource for the destination\n" + } + }, + "required": [ + "arn", + "name", + "roleArn", + "targetArn" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "A name for the log destination\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of an IAM role that grants Amazon CloudWatch Logs permissions to put data into the target\n" + }, + "targetArn": { + "type": "string", + "description": "The ARN of the target Amazon Kinesis stream resource for the destination\n" + } + }, + "requiredInputs": [ + "roleArn", + "targetArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LogDestination resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the log destination.\n" + }, + "name": { + "type": "string", + "description": "A name for the log destination\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of an IAM role that grants Amazon CloudWatch Logs permissions to put data into the target\n" + }, + "targetArn": { + "type": "string", + "description": "The ARN of the target Amazon Kinesis stream resource for the destination\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/logDestinationPolicy:LogDestinationPolicy": { + "description": "Provides a CloudWatch Logs destination policy resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testDestination = new aws.cloudwatch.LogDestination(\"testDestination\", {\n roleArn: aws_iam_role.iam_for_cloudwatch.arn,\n targetArn: aws_kinesis_stream.kinesis_for_cloudwatch.arn,\n});\nconst testDestinationPolicyPolicyDocument = testDestination.arn.apply(arn => aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"123456789012\"],\n }],\n actions: [\"logs:PutSubscriptionFilter\"],\n resources: [arn],\n }],\n}));\nconst testDestinationPolicyLogDestinationPolicy = new aws.cloudwatch.LogDestinationPolicy(\"testDestinationPolicyLogDestinationPolicy\", {\n destinationName: testDestination.name,\n accessPolicy: testDestinationPolicyPolicyDocument.apply(testDestinationPolicyPolicyDocument => testDestinationPolicyPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_destination = aws.cloudwatch.LogDestination(\"testDestination\",\n role_arn=aws_iam_role[\"iam_for_cloudwatch\"][\"arn\"],\n target_arn=aws_kinesis_stream[\"kinesis_for_cloudwatch\"][\"arn\"])\ntest_destination_policy_policy_document = test_destination.arn.apply(lambda arn: aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"123456789012\"],\n )],\n actions=[\"logs:PutSubscriptionFilter\"],\n resources=[arn],\n)]))\ntest_destination_policy_log_destination_policy = aws.cloudwatch.LogDestinationPolicy(\"testDestinationPolicyLogDestinationPolicy\",\n destination_name=test_destination.name,\n access_policy=test_destination_policy_policy_document.json)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testDestination = new Aws.CloudWatch.LogDestination(\"testDestination\", new Aws.CloudWatch.LogDestinationArgs\n {\n RoleArn = aws_iam_role.Iam_for_cloudwatch.Arn,\n TargetArn = aws_kinesis_stream.Kinesis_for_cloudwatch.Arn,\n });\n var testDestinationPolicyPolicyDocument = testDestination.Arn.Apply(arn => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Effect = \"Allow\",\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n \"123456789012\",\n },\n },\n },\n Actions = \n {\n \"logs:PutSubscriptionFilter\",\n },\n Resources = \n {\n arn,\n },\n },\n },\n }));\n var testDestinationPolicyLogDestinationPolicy = new Aws.CloudWatch.LogDestinationPolicy(\"testDestinationPolicyLogDestinationPolicy\", new Aws.CloudWatch.LogDestinationPolicyArgs\n {\n DestinationName = testDestination.Name,\n AccessPolicy = testDestinationPolicyPolicyDocument.Apply(testDestinationPolicyPolicyDocument => testDestinationPolicyPolicyDocument.Json),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestDestination, err := cloudwatch.NewLogDestination(ctx, \"testDestination\", &cloudwatch.LogDestinationArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_cloudwatch.Arn),\n\t\t\tTargetArn: pulumi.Any(aws_kinesis_stream.Kinesis_for_cloudwatch.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogDestinationPolicy(ctx, \"testDestinationPolicyLogDestinationPolicy\", &cloudwatch.LogDestinationPolicyArgs{\n\t\t\tDestinationName: testDestination.Name,\n\t\t\tAccessPolicy: testDestinationPolicyPolicyDocument.ApplyT(func(testDestinationPolicyPolicyDocument iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn testDestinationPolicyPolicyDocument.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudWatch Logs destination policies can be imported using the `destination_name`, e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/logDestinationPolicy:LogDestinationPolicy test_destination_policy test_destination\n```\n\n ", + "properties": { + "accessPolicy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\n" + }, + "destinationName": { + "type": "string", + "description": "A name for the subscription filter\n" + } + }, + "required": [ + "accessPolicy", + "destinationName" + ], + "inputProperties": { + "accessPolicy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\n" + }, + "destinationName": { + "type": "string", + "description": "A name for the subscription filter\n" + } + }, + "requiredInputs": [ + "accessPolicy", + "destinationName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LogDestinationPolicy resources.\n", + "properties": { + "accessPolicy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\n" + }, + "destinationName": { + "type": "string", + "description": "A name for the subscription filter\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/logGroup:LogGroup": { + "description": "Provides a CloudWatch Log Group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst yada = new aws.cloudwatch.LogGroup(\"yada\", {\n tags: {\n Application: \"serviceA\",\n Environment: \"production\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nyada = aws.cloudwatch.LogGroup(\"yada\", tags={\n \"Application\": \"serviceA\",\n \"Environment\": \"production\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var yada = new Aws.CloudWatch.LogGroup(\"yada\", new Aws.CloudWatch.LogGroupArgs\n {\n Tags = \n {\n { \"Application\", \"serviceA\" },\n { \"Environment\", \"production\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewLogGroup(ctx, \"yada\", &cloudwatch.LogGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Application\": pulumi.String(\"serviceA\"),\n\t\t\t\t\"Environment\": pulumi.String(\"production\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudwatch Log Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/logGroup:LogGroup test_group yada\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the log group. Any `:*` suffix added by the API, denoting all CloudWatch Log Streams under the CloudWatch Log Group, is removed for greater compatibility with other AWS services that do not accept the suffix.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group,\nAWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires\npermissions for the CMK whenever the encrypted data is requested.\n" + }, + "name": { + "type": "string", + "description": "The name of the log group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "retentionInDays": { + "type": "integer", + "description": "Specifies the number of days\nyou want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0.\nIf you select 0, the events in the log group are always retained and never expire.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "kmsKeyId": { + "type": "string", + "description": "The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group,\nAWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires\npermissions for the CMK whenever the encrypted data is requested.\n" + }, + "name": { + "type": "string", + "description": "The name of the log group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "retentionInDays": { + "type": "integer", + "description": "Specifies the number of days\nyou want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0.\nIf you select 0, the events in the log group are always retained and never expire.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering LogGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the log group. Any `:*` suffix added by the API, denoting all CloudWatch Log Streams under the CloudWatch Log Group, is removed for greater compatibility with other AWS services that do not accept the suffix.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN of the KMS Key to use when encrypting log data. Please note, after the AWS KMS CMK is disassociated from the log group,\nAWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires\npermissions for the CMK whenever the encrypted data is requested.\n" + }, + "name": { + "type": "string", + "description": "The name of the log group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "retentionInDays": { + "type": "integer", + "description": "Specifies the number of days\nyou want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, 3653, and 0.\nIf you select 0, the events in the log group are always retained and never expire.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/logMetricFilter:LogMetricFilter": { + "description": "Provides a CloudWatch Log Metric Filter resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dada = new aws.cloudwatch.LogGroup(\"dada\", {});\nconst yada = new aws.cloudwatch.LogMetricFilter(\"yada\", {\n pattern: \"\",\n logGroupName: dada.name,\n metricTransformation: {\n name: \"EventCount\",\n namespace: \"YourNamespace\",\n value: \"1\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndada = aws.cloudwatch.LogGroup(\"dada\")\nyada = aws.cloudwatch.LogMetricFilter(\"yada\",\n pattern=\"\",\n log_group_name=dada.name,\n metric_transformation=aws.cloudwatch.LogMetricFilterMetricTransformationArgs(\n name=\"EventCount\",\n namespace=\"YourNamespace\",\n value=\"1\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dada = new Aws.CloudWatch.LogGroup(\"dada\", new Aws.CloudWatch.LogGroupArgs\n {\n });\n var yada = new Aws.CloudWatch.LogMetricFilter(\"yada\", new Aws.CloudWatch.LogMetricFilterArgs\n {\n Pattern = \"\",\n LogGroupName = dada.Name,\n MetricTransformation = new Aws.CloudWatch.Inputs.LogMetricFilterMetricTransformationArgs\n {\n Name = \"EventCount\",\n Namespace = \"YourNamespace\",\n Value = \"1\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdada, err := cloudwatch.NewLogGroup(ctx, \"dada\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogMetricFilter(ctx, \"yada\", &cloudwatch.LogMetricFilterArgs{\n\t\t\tPattern: pulumi.String(\"\"),\n\t\t\tLogGroupName: dada.Name,\n\t\t\tMetricTransformation: &cloudwatch.LogMetricFilterMetricTransformationArgs{\n\t\t\t\tName: pulumi.String(\"EventCount\"),\n\t\t\t\tNamespace: pulumi.String(\"YourNamespace\"),\n\t\t\t\tValue: pulumi.String(\"1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudWatch Log Metric Filter can be imported using the `log_group_name:name`, e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/logMetricFilter:LogMetricFilter test /aws/lambda/function:test\n```\n\n ", + "properties": { + "logGroupName": { + "type": "string", + "description": "The name of the log group to associate the metric filter with.\n" + }, + "metricTransformation": { + "$ref": "#/types/aws:cloudwatch/LogMetricFilterMetricTransformation:LogMetricFilterMetricTransformation", + "description": "A block defining collection of information needed to define how metric data gets emitted. See below.\n" + }, + "name": { + "type": "string", + "description": "A name for the metric filter.\n" + }, + "pattern": { + "type": "string", + "description": "A valid [CloudWatch Logs filter pattern](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/FilterAndPatternSyntax.html)\nfor extracting metric data out of ingested log events.\n" + } + }, + "required": [ + "logGroupName", + "metricTransformation", + "name", + "pattern" + ], + "inputProperties": { + "logGroupName": { + "type": "string", + "description": "The name of the log group to associate the metric filter with.\n" + }, + "metricTransformation": { + "$ref": "#/types/aws:cloudwatch/LogMetricFilterMetricTransformation:LogMetricFilterMetricTransformation", + "description": "A block defining collection of information needed to define how metric data gets emitted. See below.\n" + }, + "name": { + "type": "string", + "description": "A name for the metric filter.\n" + }, + "pattern": { + "type": "string", + "description": "A valid [CloudWatch Logs filter pattern](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/FilterAndPatternSyntax.html)\nfor extracting metric data out of ingested log events.\n" + } + }, + "requiredInputs": [ + "logGroupName", + "metricTransformation", + "pattern" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LogMetricFilter resources.\n", + "properties": { + "logGroupName": { + "type": "string", + "description": "The name of the log group to associate the metric filter with.\n" + }, + "metricTransformation": { + "$ref": "#/types/aws:cloudwatch/LogMetricFilterMetricTransformation:LogMetricFilterMetricTransformation", + "description": "A block defining collection of information needed to define how metric data gets emitted. See below.\n" + }, + "name": { + "type": "string", + "description": "A name for the metric filter.\n" + }, + "pattern": { + "type": "string", + "description": "A valid [CloudWatch Logs filter pattern](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/FilterAndPatternSyntax.html)\nfor extracting metric data out of ingested log events.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/logResourcePolicy:LogResourcePolicy": { + "description": "Provides a resource to manage a CloudWatch log resource policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Elasticsearch Log Publishing\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst elasticsearch-log-publishing-policyPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n ],\n resources: [\"arn:aws:logs:*\"],\n principals: [{\n identifiers: [\"es.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst elasticsearch_log_publishing_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"elasticsearch-log-publishing-policyLogResourcePolicy\", {\n policyDocument: elasticsearch_log_publishing_policyPolicyDocument.then(elasticsearch_log_publishing_policyPolicyDocument => elasticsearch_log_publishing_policyPolicyDocument.json),\n policyName: \"elasticsearch-log-publishing-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nelasticsearch_log_publishing_policy_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n ],\n resources=[\"arn:aws:logs:*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"es.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nelasticsearch_log_publishing_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"elasticsearch-log-publishing-policyLogResourcePolicy\",\n policy_document=elasticsearch_log_publishing_policy_policy_document.json,\n policy_name=\"elasticsearch-log-publishing-policy\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var elasticsearch_log_publishing_policyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n },\n Resources = \n {\n \"arn:aws:logs:*\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Identifiers = \n {\n \"es.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n }));\n var elasticsearch_log_publishing_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"elasticsearch-log-publishing-policyLogResourcePolicy\", new Aws.CloudWatch.LogResourcePolicyArgs\n {\n PolicyDocument = elasticsearch_log_publishing_policyPolicyDocument.Apply(elasticsearch_log_publishing_policyPolicyDocument => elasticsearch_log_publishing_policyPolicyDocument.Json),\n PolicyName = \"elasticsearch-log-publishing-policy\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\telasticsearch_log_publishing_policyPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t\t\"logs:PutLogEventsBatch\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"es.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"elasticsearch_log_publishing_policyLogResourcePolicy\", &cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(elasticsearch_log_publishing_policyPolicyDocument.Json),\n\t\t\tPolicyName: pulumi.String(\"elasticsearch-log-publishing-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Route53 Query Logging\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst route53-query-logging-policyPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", {\n policyDocument: route53_query_logging_policyPolicyDocument.then(route53_query_logging_policyPolicyDocument => route53_query_logging_policyPolicyDocument.json),\n policyName: \"route53-query-logging-policy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nroute53_query_logging_policy_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"route53.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\",\n policy_document=route53_query_logging_policy_policy_document.json,\n policy_name=\"route53-query-logging-policy\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var route53_query_logging_policyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = \n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Identifiers = \n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n }));\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", new Aws.CloudWatch.LogResourcePolicyArgs\n {\n PolicyDocument = route53_query_logging_policyPolicyDocument.Apply(route53_query_logging_policyPolicyDocument => route53_query_logging_policyPolicyDocument.Json),\n PolicyName = \"route53-query-logging-policy\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\troute53_query_logging_policyPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53_query_logging_policyLogResourcePolicy\", &cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(route53_query_logging_policyPolicyDocument.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudWatch log resource policies can be imported using the policy name, e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/logResourcePolicy:LogResourcePolicy MyPolicy MyPolicy\n```\n\n ", + "properties": { + "policyDocument": { + "type": "string", + "description": "Details of the resource policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. Maximum length of 5120 characters.\n" + }, + "policyName": { + "type": "string", + "description": "Name of the resource policy.\n" + } + }, + "required": [ + "policyDocument", + "policyName" + ], + "inputProperties": { + "policyDocument": { + "type": "string", + "description": "Details of the resource policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. Maximum length of 5120 characters.\n" + }, + "policyName": { + "type": "string", + "description": "Name of the resource policy.\n" + } + }, + "requiredInputs": [ + "policyDocument", + "policyName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LogResourcePolicy resources.\n", + "properties": { + "policyDocument": { + "type": "string", + "description": "Details of the resource policy, including the identity of the principal that is enabled to put logs to this account. This is formatted as a JSON string. Maximum length of 5120 characters.\n" + }, + "policyName": { + "type": "string", + "description": "Name of the resource policy.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/logStream:LogStream": { + "description": "Provides a CloudWatch Log Stream resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst yada = new aws.cloudwatch.LogGroup(\"yada\", {});\nconst foo = new aws.cloudwatch.LogStream(\"foo\", {logGroupName: yada.name});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nyada = aws.cloudwatch.LogGroup(\"yada\")\nfoo = aws.cloudwatch.LogStream(\"foo\", log_group_name=yada.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var yada = new Aws.CloudWatch.LogGroup(\"yada\", new Aws.CloudWatch.LogGroupArgs\n {\n });\n var foo = new Aws.CloudWatch.LogStream(\"foo\", new Aws.CloudWatch.LogStreamArgs\n {\n LogGroupName = yada.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tyada, err := cloudwatch.NewLogGroup(ctx, \"yada\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogStream(ctx, \"foo\", &cloudwatch.LogStreamArgs{\n\t\t\tLogGroupName: yada.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudwatch Log Stream can be imported using the stream's `log_group_name` and `name`, e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/logStream:LogStream foo Yada:SampleLogStream1234\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the log stream.\n" + }, + "logGroupName": { + "type": "string", + "description": "The name of the log group under which the log stream is to be created.\n" + }, + "name": { + "type": "string", + "description": "The name of the log stream. Must not be longer than 512 characters and must not contain `:`\n" + } + }, + "required": [ + "arn", + "logGroupName", + "name" + ], + "inputProperties": { + "logGroupName": { + "type": "string", + "description": "The name of the log group under which the log stream is to be created.\n" + }, + "name": { + "type": "string", + "description": "The name of the log stream. Must not be longer than 512 characters and must not contain `:`\n" + } + }, + "requiredInputs": [ + "logGroupName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LogStream resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the log stream.\n" + }, + "logGroupName": { + "type": "string", + "description": "The name of the log group under which the log stream is to be created.\n" + }, + "name": { + "type": "string", + "description": "The name of the log stream. Must not be longer than 512 characters and must not contain `:`\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/logSubscriptionFilter:LogSubscriptionFilter": { + "description": "Provides a CloudWatch Logs subscription filter resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testLambdafunctionLogfilter = new aws.cloudwatch.LogSubscriptionFilter(\"testLambdafunctionLogfilter\", {\n roleArn: aws_iam_role.iam_for_lambda.arn,\n logGroup: \"/aws/lambda/example_lambda_name\",\n filterPattern: \"logtype test\",\n destinationArn: aws_kinesis_stream.test_logstream.arn,\n distribution: \"Random\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_lambdafunction_logfilter = aws.cloudwatch.LogSubscriptionFilter(\"testLambdafunctionLogfilter\",\n role_arn=aws_iam_role[\"iam_for_lambda\"][\"arn\"],\n log_group=\"/aws/lambda/example_lambda_name\",\n filter_pattern=\"logtype test\",\n destination_arn=aws_kinesis_stream[\"test_logstream\"][\"arn\"],\n distribution=\"Random\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testLambdafunctionLogfilter = new Aws.CloudWatch.LogSubscriptionFilter(\"testLambdafunctionLogfilter\", new Aws.CloudWatch.LogSubscriptionFilterArgs\n {\n RoleArn = aws_iam_role.Iam_for_lambda.Arn,\n LogGroup = \"/aws/lambda/example_lambda_name\",\n FilterPattern = \"logtype test\",\n DestinationArn = aws_kinesis_stream.Test_logstream.Arn,\n Distribution = \"Random\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewLogSubscriptionFilter(ctx, \"testLambdafunctionLogfilter\", &cloudwatch.LogSubscriptionFilterArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_lambda.Arn),\n\t\t\tLogGroup: pulumi.Any(\"/aws/lambda/example_lambda_name\"),\n\t\t\tFilterPattern: pulumi.String(\"logtype test\"),\n\t\t\tDestinationArn: pulumi.Any(aws_kinesis_stream.Test_logstream.Arn),\n\t\t\tDistribution: pulumi.String(\"Random\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudWatch Logs subscription filter can be imported using the log group name and subscription filter name separated by `|`.\n\n```sh\n $ pulumi import aws:cloudwatch/logSubscriptionFilter:LogSubscriptionFilter test_lambdafunction_logfilter /aws/lambda/example_lambda_name|test_lambdafunction_logfilter\n```\n\n ", + "properties": { + "destinationArn": { + "type": "string", + "description": "The ARN of the destination to deliver matching log events to. Kinesis stream or Lambda function ARN.\n" + }, + "distribution": { + "type": "string", + "description": "The method used to distribute log data to the destination. By default log data is grouped by log stream, but the grouping can be set to random for a more even distribution. This property is only applicable when the destination is an Amazon Kinesis stream. Valid values are \"Random\" and \"ByLogStream\".\n" + }, + "filterPattern": { + "type": "string", + "description": "A valid CloudWatch Logs filter pattern for subscribing to a filtered stream of log events.\n" + }, + "logGroup": { + "type": "string", + "description": "The name of the log group to associate the subscription filter with\n" + }, + "name": { + "type": "string", + "description": "A name for the subscription filter\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of an IAM role that grants Amazon CloudWatch Logs permissions to deliver ingested log events to the destination. If you use Lambda as a destination, you should skip this argument and use `aws.lambda.Permission` resource for granting access from CloudWatch logs to the destination Lambda function.\n" + } + }, + "required": [ + "destinationArn", + "filterPattern", + "logGroup", + "name", + "roleArn" + ], + "inputProperties": { + "destinationArn": { + "type": "string", + "description": "The ARN of the destination to deliver matching log events to. Kinesis stream or Lambda function ARN.\n" + }, + "distribution": { + "type": "string", + "description": "The method used to distribute log data to the destination. By default log data is grouped by log stream, but the grouping can be set to random for a more even distribution. This property is only applicable when the destination is an Amazon Kinesis stream. Valid values are \"Random\" and \"ByLogStream\".\n" + }, + "filterPattern": { + "type": "string", + "description": "A valid CloudWatch Logs filter pattern for subscribing to a filtered stream of log events.\n" + }, + "logGroup": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:cloudwatch/logGroup:LogGroup" + } + ], + "description": "The name of the log group to associate the subscription filter with\n" + }, + "name": { + "type": "string", + "description": "A name for the subscription filter\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of an IAM role that grants Amazon CloudWatch Logs permissions to deliver ingested log events to the destination. If you use Lambda as a destination, you should skip this argument and use `aws.lambda.Permission` resource for granting access from CloudWatch logs to the destination Lambda function.\n" + } + }, + "requiredInputs": [ + "destinationArn", + "filterPattern", + "logGroup" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LogSubscriptionFilter resources.\n", + "properties": { + "destinationArn": { + "type": "string", + "description": "The ARN of the destination to deliver matching log events to. Kinesis stream or Lambda function ARN.\n" + }, + "distribution": { + "type": "string", + "description": "The method used to distribute log data to the destination. By default log data is grouped by log stream, but the grouping can be set to random for a more even distribution. This property is only applicable when the destination is an Amazon Kinesis stream. Valid values are \"Random\" and \"ByLogStream\".\n" + }, + "filterPattern": { + "type": "string", + "description": "A valid CloudWatch Logs filter pattern for subscribing to a filtered stream of log events.\n" + }, + "logGroup": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:cloudwatch/logGroup:LogGroup" + } + ], + "description": "The name of the log group to associate the subscription filter with\n" + }, + "name": { + "type": "string", + "description": "A name for the subscription filter\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of an IAM role that grants Amazon CloudWatch Logs permissions to deliver ingested log events to the destination. If you use Lambda as a destination, you should skip this argument and use `aws.lambda.Permission` resource for granting access from CloudWatch logs to the destination Lambda function.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/metricAlarm:MetricAlarm": { + "description": "Provides a CloudWatch Metric Alarm resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foobar = new aws.cloudwatch.MetricAlarm(\"foobar\", {\n alarmDescription: \"This metric monitors ec2 cpu utilization\",\n comparisonOperator: \"GreaterThanOrEqualToThreshold\",\n evaluationPeriods: 2,\n insufficientDataActions: [],\n metricName: \"CPUUtilization\",\n namespace: \"AWS/EC2\",\n period: 120,\n statistic: \"Average\",\n threshold: 80,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoobar = aws.cloudwatch.MetricAlarm(\"foobar\",\n alarm_description=\"This metric monitors ec2 cpu utilization\",\n comparison_operator=\"GreaterThanOrEqualToThreshold\",\n evaluation_periods=2,\n insufficient_data_actions=[],\n metric_name=\"CPUUtilization\",\n namespace=\"AWS/EC2\",\n period=120,\n statistic=\"Average\",\n threshold=80)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foobar = new Aws.CloudWatch.MetricAlarm(\"foobar\", new Aws.CloudWatch.MetricAlarmArgs\n {\n AlarmDescription = \"This metric monitors ec2 cpu utilization\",\n ComparisonOperator = \"GreaterThanOrEqualToThreshold\",\n EvaluationPeriods = 2,\n InsufficientDataActions = {},\n MetricName = \"CPUUtilization\",\n Namespace = \"AWS/EC2\",\n Period = 120,\n Statistic = \"Average\",\n Threshold = 80,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewMetricAlarm(ctx, \"foobar\", &cloudwatch.MetricAlarmArgs{\n\t\t\tAlarmDescription: pulumi.String(\"This metric monitors ec2 cpu utilization\"),\n\t\t\tComparisonOperator: pulumi.String(\"GreaterThanOrEqualToThreshold\"),\n\t\t\tEvaluationPeriods: pulumi.Int(2),\n\t\t\tInsufficientDataActions: pulumi.AnyArray{},\n\t\t\tMetricName: pulumi.String(\"CPUUtilization\"),\n\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\tPeriod: pulumi.Int(120),\n\t\t\tStatistic: pulumi.String(\"Average\"),\n\t\t\tThreshold: pulumi.Float64(80),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Example in Conjunction with Scaling Policies\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst batPolicy = new aws.autoscaling.Policy(\"batPolicy\", {\n scalingAdjustment: 4,\n adjustmentType: \"ChangeInCapacity\",\n cooldown: 300,\n autoscalingGroupName: aws_autoscaling_group.bar.name,\n});\nconst batMetricAlarm = new aws.cloudwatch.MetricAlarm(\"batMetricAlarm\", {\n comparisonOperator: \"GreaterThanOrEqualToThreshold\",\n evaluationPeriods: \"2\",\n metricName: \"CPUUtilization\",\n namespace: \"AWS/EC2\",\n period: \"120\",\n statistic: \"Average\",\n threshold: \"80\",\n dimensions: {\n AutoScalingGroupName: aws_autoscaling_group.bar.name,\n },\n alarmDescription: \"This metric monitors ec2 cpu utilization\",\n alarmActions: [batPolicy.arn],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbat_policy = aws.autoscaling.Policy(\"batPolicy\",\n scaling_adjustment=4,\n adjustment_type=\"ChangeInCapacity\",\n cooldown=300,\n autoscaling_group_name=aws_autoscaling_group[\"bar\"][\"name\"])\nbat_metric_alarm = aws.cloudwatch.MetricAlarm(\"batMetricAlarm\",\n comparison_operator=\"GreaterThanOrEqualToThreshold\",\n evaluation_periods=2,\n metric_name=\"CPUUtilization\",\n namespace=\"AWS/EC2\",\n period=120,\n statistic=\"Average\",\n threshold=80,\n dimensions={\n \"AutoScalingGroupName\": aws_autoscaling_group[\"bar\"][\"name\"],\n },\n alarm_description=\"This metric monitors ec2 cpu utilization\",\n alarm_actions=[bat_policy.arn])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var batPolicy = new Aws.AutoScaling.Policy(\"batPolicy\", new Aws.AutoScaling.PolicyArgs\n {\n ScalingAdjustment = 4,\n AdjustmentType = \"ChangeInCapacity\",\n Cooldown = 300,\n AutoscalingGroupName = aws_autoscaling_group.Bar.Name,\n });\n var batMetricAlarm = new Aws.CloudWatch.MetricAlarm(\"batMetricAlarm\", new Aws.CloudWatch.MetricAlarmArgs\n {\n ComparisonOperator = \"GreaterThanOrEqualToThreshold\",\n EvaluationPeriods = 2,\n MetricName = \"CPUUtilization\",\n Namespace = \"AWS/EC2\",\n Period = 120,\n Statistic = \"Average\",\n Threshold = 80,\n Dimensions = \n {\n { \"AutoScalingGroupName\", aws_autoscaling_group.Bar.Name },\n },\n AlarmDescription = \"This metric monitors ec2 cpu utilization\",\n AlarmActions = \n {\n batPolicy.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbatPolicy, err := autoscaling.NewPolicy(ctx, \"batPolicy\", &autoscaling.PolicyArgs{\n\t\t\tScalingAdjustment: pulumi.Int(4),\n\t\t\tAdjustmentType: pulumi.String(\"ChangeInCapacity\"),\n\t\t\tCooldown: pulumi.Int(300),\n\t\t\tAutoscalingGroupName: pulumi.Any(aws_autoscaling_group.Bar.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewMetricAlarm(ctx, \"batMetricAlarm\", &cloudwatch.MetricAlarmArgs{\n\t\t\tComparisonOperator: pulumi.String(\"GreaterThanOrEqualToThreshold\"),\n\t\t\tEvaluationPeriods: pulumi.Int(2),\n\t\t\tMetricName: pulumi.String(\"CPUUtilization\"),\n\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\tPeriod: pulumi.Int(120),\n\t\t\tStatistic: pulumi.String(\"Average\"),\n\t\t\tThreshold: pulumi.Float64(80),\n\t\t\tDimensions: pulumi.StringMap{\n\t\t\t\t\"AutoScalingGroupName\": pulumi.Any(aws_autoscaling_group.Bar.Name),\n\t\t\t},\n\t\t\tAlarmDescription: pulumi.String(\"This metric monitors ec2 cpu utilization\"),\n\t\t\tAlarmActions: pulumi.AnyArray{\n\t\t\t\tbatPolicy.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Example with an Expression\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foobar = new aws.cloudwatch.MetricAlarm(\"foobar\", {\n alarmDescription: \"Request error rate has exceeded 10%\",\n comparisonOperator: \"GreaterThanOrEqualToThreshold\",\n evaluationPeriods: 2,\n insufficientDataActions: [],\n metricQueries: [\n {\n expression: \"m2/m1*100\",\n id: \"e1\",\n label: \"Error Rate\",\n returnData: true,\n },\n {\n id: \"m1\",\n metric: {\n dimensions: {\n LoadBalancer: \"app/web\",\n },\n metricName: \"RequestCount\",\n namespace: \"AWS/ApplicationELB\",\n period: 120,\n stat: \"Sum\",\n unit: \"Count\",\n },\n },\n {\n id: \"m2\",\n metric: {\n dimensions: {\n LoadBalancer: \"app/web\",\n },\n metricName: \"HTTPCode_ELB_5XX_Count\",\n namespace: \"AWS/ApplicationELB\",\n period: 120,\n stat: \"Sum\",\n unit: \"Count\",\n },\n },\n ],\n threshold: 10,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoobar = aws.cloudwatch.MetricAlarm(\"foobar\",\n alarm_description=\"Request error rate has exceeded 10%\",\n comparison_operator=\"GreaterThanOrEqualToThreshold\",\n evaluation_periods=2,\n insufficient_data_actions=[],\n metric_queries=[\n aws.cloudwatch.MetricAlarmMetricQueryArgs(\n expression=\"m2/m1*100\",\n id=\"e1\",\n label=\"Error Rate\",\n return_data=True,\n ),\n aws.cloudwatch.MetricAlarmMetricQueryArgs(\n id=\"m1\",\n metric=aws.cloudwatch.MetricAlarmMetricQueryMetricArgs(\n dimensions={\n \"LoadBalancer\": \"app/web\",\n },\n metric_name=\"RequestCount\",\n namespace=\"AWS/ApplicationELB\",\n period=120,\n stat=\"Sum\",\n unit=\"Count\",\n ),\n ),\n aws.cloudwatch.MetricAlarmMetricQueryArgs(\n id=\"m2\",\n metric=aws.cloudwatch.MetricAlarmMetricQueryMetricArgs(\n dimensions={\n \"LoadBalancer\": \"app/web\",\n },\n metric_name=\"HTTPCode_ELB_5XX_Count\",\n namespace=\"AWS/ApplicationELB\",\n period=120,\n stat=\"Sum\",\n unit=\"Count\",\n ),\n ),\n ],\n threshold=10)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foobar = new Aws.CloudWatch.MetricAlarm(\"foobar\", new Aws.CloudWatch.MetricAlarmArgs\n {\n AlarmDescription = \"Request error rate has exceeded 10%\",\n ComparisonOperator = \"GreaterThanOrEqualToThreshold\",\n EvaluationPeriods = 2,\n InsufficientDataActions = {},\n MetricQueries = \n {\n new Aws.CloudWatch.Inputs.MetricAlarmMetricQueryArgs\n {\n Expression = \"m2/m1*100\",\n Id = \"e1\",\n Label = \"Error Rate\",\n ReturnData = true,\n },\n new Aws.CloudWatch.Inputs.MetricAlarmMetricQueryArgs\n {\n Id = \"m1\",\n Metric = new Aws.CloudWatch.Inputs.MetricAlarmMetricQueryMetricArgs\n {\n Dimensions = \n {\n { \"LoadBalancer\", \"app/web\" },\n },\n MetricName = \"RequestCount\",\n Namespace = \"AWS/ApplicationELB\",\n Period = 120,\n Stat = \"Sum\",\n Unit = \"Count\",\n },\n },\n new Aws.CloudWatch.Inputs.MetricAlarmMetricQueryArgs\n {\n Id = \"m2\",\n Metric = new Aws.CloudWatch.Inputs.MetricAlarmMetricQueryMetricArgs\n {\n Dimensions = \n {\n { \"LoadBalancer\", \"app/web\" },\n },\n MetricName = \"HTTPCode_ELB_5XX_Count\",\n Namespace = \"AWS/ApplicationELB\",\n Period = 120,\n Stat = \"Sum\",\n Unit = \"Count\",\n },\n },\n },\n Threshold = 10,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewMetricAlarm(ctx, \"foobar\", &cloudwatch.MetricAlarmArgs{\n\t\t\tAlarmDescription: pulumi.String(fmt.Sprintf(\"%v%v\", \"Request error rate has exceeded 10\", \"%\")),\n\t\t\tComparisonOperator: pulumi.String(\"GreaterThanOrEqualToThreshold\"),\n\t\t\tEvaluationPeriods: pulumi.Int(2),\n\t\t\tInsufficientDataActions: pulumi.AnyArray{},\n\t\t\tMetricQueries: cloudwatch.MetricAlarmMetricQueryArray{\n\t\t\t\t&cloudwatch.MetricAlarmMetricQueryArgs{\n\t\t\t\t\tExpression: pulumi.String(\"m2/m1*100\"),\n\t\t\t\t\tId: pulumi.String(\"e1\"),\n\t\t\t\t\tLabel: pulumi.String(\"Error Rate\"),\n\t\t\t\t\tReturnData: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t&cloudwatch.MetricAlarmMetricQueryArgs{\n\t\t\t\t\tId: pulumi.String(\"m1\"),\n\t\t\t\t\tMetric: &cloudwatch.MetricAlarmMetricQueryMetricArgs{\n\t\t\t\t\t\tDimensions: pulumi.StringMap{\n\t\t\t\t\t\t\t\"LoadBalancer\": pulumi.String(\"app/web\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMetricName: pulumi.String(\"RequestCount\"),\n\t\t\t\t\t\tNamespace: pulumi.String(\"AWS/ApplicationELB\"),\n\t\t\t\t\t\tPeriod: pulumi.Int(120),\n\t\t\t\t\t\tStat: pulumi.String(\"Sum\"),\n\t\t\t\t\t\tUnit: pulumi.String(\"Count\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&cloudwatch.MetricAlarmMetricQueryArgs{\n\t\t\t\t\tId: pulumi.String(\"m2\"),\n\t\t\t\t\tMetric: &cloudwatch.MetricAlarmMetricQueryMetricArgs{\n\t\t\t\t\t\tDimensions: pulumi.StringMap{\n\t\t\t\t\t\t\t\"LoadBalancer\": pulumi.String(\"app/web\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMetricName: pulumi.String(\"HTTPCode_ELB_5XX_Count\"),\n\t\t\t\t\t\tNamespace: pulumi.String(\"AWS/ApplicationELB\"),\n\t\t\t\t\t\tPeriod: pulumi.Int(120),\n\t\t\t\t\t\tStat: pulumi.String(\"Sum\"),\n\t\t\t\t\t\tUnit: pulumi.String(\"Count\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tThreshold: pulumi.Float64(10),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst xxAnomalyDetection = new aws.cloudwatch.MetricAlarm(\"xx_anomaly_detection\", {\n alarmDescription: \"This metric monitors ec2 cpu utilization\",\n comparisonOperator: \"GreaterThanUpperThreshold\",\n evaluationPeriods: 2,\n insufficientDataActions: [],\n metricQueries: [\n {\n expression: \"ANOMALY_DETECTION_BAND(m1)\",\n id: \"e1\",\n label: \"CPUUtilization (Expected)\",\n returnData: true,\n },\n {\n id: \"m1\",\n metric: {\n dimensions: {\n InstanceId: \"i-abc123\",\n },\n metricName: \"CPUUtilization\",\n namespace: \"AWS/EC2\",\n period: 120,\n stat: \"Average\",\n unit: \"Count\",\n },\n returnData: true,\n },\n ],\n thresholdMetricId: \"e1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nxx_anomaly_detection = aws.cloudwatch.MetricAlarm(\"xxAnomalyDetection\",\n alarm_description=\"This metric monitors ec2 cpu utilization\",\n comparison_operator=\"GreaterThanUpperThreshold\",\n evaluation_periods=2,\n insufficient_data_actions=[],\n metric_queries=[\n aws.cloudwatch.MetricAlarmMetricQueryArgs(\n expression=\"ANOMALY_DETECTION_BAND(m1)\",\n id=\"e1\",\n label=\"CPUUtilization (Expected)\",\n return_data=True,\n ),\n aws.cloudwatch.MetricAlarmMetricQueryArgs(\n id=\"m1\",\n metric=aws.cloudwatch.MetricAlarmMetricQueryMetricArgs(\n dimensions={\n \"InstanceId\": \"i-abc123\",\n },\n metric_name=\"CPUUtilization\",\n namespace=\"AWS/EC2\",\n period=120,\n stat=\"Average\",\n unit=\"Count\",\n ),\n return_data=True,\n ),\n ],\n threshold_metric_id=\"e1\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var xxAnomalyDetection = new Aws.CloudWatch.MetricAlarm(\"xxAnomalyDetection\", new Aws.CloudWatch.MetricAlarmArgs\n {\n AlarmDescription = \"This metric monitors ec2 cpu utilization\",\n ComparisonOperator = \"GreaterThanUpperThreshold\",\n EvaluationPeriods = 2,\n InsufficientDataActions = {},\n MetricQueries = \n {\n new Aws.CloudWatch.Inputs.MetricAlarmMetricQueryArgs\n {\n Expression = \"ANOMALY_DETECTION_BAND(m1)\",\n Id = \"e1\",\n Label = \"CPUUtilization (Expected)\",\n ReturnData = true,\n },\n new Aws.CloudWatch.Inputs.MetricAlarmMetricQueryArgs\n {\n Id = \"m1\",\n Metric = new Aws.CloudWatch.Inputs.MetricAlarmMetricQueryMetricArgs\n {\n Dimensions = \n {\n { \"InstanceId\", \"i-abc123\" },\n },\n MetricName = \"CPUUtilization\",\n Namespace = \"AWS/EC2\",\n Period = 120,\n Stat = \"Average\",\n Unit = \"Count\",\n },\n ReturnData = true,\n },\n },\n ThresholdMetricId = \"e1\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewMetricAlarm(ctx, \"xxAnomalyDetection\", &cloudwatch.MetricAlarmArgs{\n\t\t\tAlarmDescription: pulumi.String(\"This metric monitors ec2 cpu utilization\"),\n\t\t\tComparisonOperator: pulumi.String(\"GreaterThanUpperThreshold\"),\n\t\t\tEvaluationPeriods: pulumi.Int(2),\n\t\t\tInsufficientDataActions: pulumi.AnyArray{},\n\t\t\tMetricQueries: cloudwatch.MetricAlarmMetricQueryArray{\n\t\t\t\t&cloudwatch.MetricAlarmMetricQueryArgs{\n\t\t\t\t\tExpression: pulumi.String(\"ANOMALY_DETECTION_BAND(m1)\"),\n\t\t\t\t\tId: pulumi.String(\"e1\"),\n\t\t\t\t\tLabel: pulumi.String(\"CPUUtilization (Expected)\"),\n\t\t\t\t\tReturnData: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\t&cloudwatch.MetricAlarmMetricQueryArgs{\n\t\t\t\t\tId: pulumi.String(\"m1\"),\n\t\t\t\t\tMetric: &cloudwatch.MetricAlarmMetricQueryMetricArgs{\n\t\t\t\t\t\tDimensions: pulumi.StringMap{\n\t\t\t\t\t\t\t\"InstanceId\": pulumi.String(\"i-abc123\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tMetricName: pulumi.String(\"CPUUtilization\"),\n\t\t\t\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\t\t\t\tPeriod: pulumi.Int(120),\n\t\t\t\t\t\tStat: pulumi.String(\"Average\"),\n\t\t\t\t\t\tUnit: pulumi.String(\"Count\"),\n\t\t\t\t\t},\n\t\t\t\t\tReturnData: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tThresholdMetricId: pulumi.String(\"e1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Example of monitoring Healthy Hosts on NLB using Target Group and NLB\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst nlbHealthyhosts = new aws.cloudwatch.MetricAlarm(\"nlbHealthyhosts\", {\n comparisonOperator: \"LessThanThreshold\",\n evaluationPeriods: \"1\",\n metricName: \"HealthyHostCount\",\n namespace: \"AWS/NetworkELB\",\n period: \"60\",\n statistic: \"Average\",\n threshold: _var.logstash_servers_count,\n alarmDescription: \"Number of healthy nodes in Target Group\",\n actionsEnabled: \"true\",\n alarmActions: [aws_sns_topic.sns.arn],\n okActions: [aws_sns_topic.sns.arn],\n dimensions: {\n TargetGroup: aws_lb_target_group[\"lb-tg\"].arn_suffix,\n LoadBalancer: aws_lb.lb.arn_suffix,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nnlb_healthyhosts = aws.cloudwatch.MetricAlarm(\"nlbHealthyhosts\",\n comparison_operator=\"LessThanThreshold\",\n evaluation_periods=1,\n metric_name=\"HealthyHostCount\",\n namespace=\"AWS/NetworkELB\",\n period=60,\n statistic=\"Average\",\n threshold=var[\"logstash_servers_count\"],\n alarm_description=\"Number of healthy nodes in Target Group\",\n actions_enabled=True,\n alarm_actions=[aws_sns_topic[\"sns\"][\"arn\"]],\n ok_actions=[aws_sns_topic[\"sns\"][\"arn\"]],\n dimensions={\n \"TargetGroup\": aws_lb_target_group[\"lb-tg\"][\"arn_suffix\"],\n \"LoadBalancer\": aws_lb[\"lb\"][\"arn_suffix\"],\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var nlbHealthyhosts = new Aws.CloudWatch.MetricAlarm(\"nlbHealthyhosts\", new Aws.CloudWatch.MetricAlarmArgs\n {\n ComparisonOperator = \"LessThanThreshold\",\n EvaluationPeriods = 1,\n MetricName = \"HealthyHostCount\",\n Namespace = \"AWS/NetworkELB\",\n Period = 60,\n Statistic = \"Average\",\n Threshold = @var.Logstash_servers_count,\n AlarmDescription = \"Number of healthy nodes in Target Group\",\n ActionsEnabled = true,\n AlarmActions = \n {\n aws_sns_topic.Sns.Arn,\n },\n OkActions = \n {\n aws_sns_topic.Sns.Arn,\n },\n Dimensions = \n {\n { \"TargetGroup\", aws_lb_target_group.Lb_tg.Arn_suffix },\n { \"LoadBalancer\", aws_lb.Lb.Arn_suffix },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewMetricAlarm(ctx, \"nlbHealthyhosts\", &cloudwatch.MetricAlarmArgs{\n\t\t\tComparisonOperator: pulumi.String(\"LessThanThreshold\"),\n\t\t\tEvaluationPeriods: pulumi.Int(1),\n\t\t\tMetricName: pulumi.String(\"HealthyHostCount\"),\n\t\t\tNamespace: pulumi.String(\"AWS/NetworkELB\"),\n\t\t\tPeriod: pulumi.Int(60),\n\t\t\tStatistic: pulumi.String(\"Average\"),\n\t\t\tThreshold: pulumi.Any(_var.Logstash_servers_count),\n\t\t\tAlarmDescription: pulumi.String(\"Number of healthy nodes in Target Group\"),\n\t\t\tActionsEnabled: pulumi.Bool(true),\n\t\t\tAlarmActions: pulumi.AnyArray{\n\t\t\t\tpulumi.Any(aws_sns_topic.Sns.Arn),\n\t\t\t},\n\t\t\tOkActions: pulumi.AnyArray{\n\t\t\t\tpulumi.Any(aws_sns_topic.Sns.Arn),\n\t\t\t},\n\t\t\tDimensions: pulumi.StringMap{\n\t\t\t\t\"TargetGroup\": pulumi.Any(aws_lb_target_group.Lb - tg.Arn_suffix),\n\t\t\t\t\"LoadBalancer\": pulumi.Any(aws_lb.Lb.Arn_suffix),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n> **NOTE:** You cannot create a metric alarm consisting of both `statistic` and `extended_statistic` parameters.\nYou must choose one or the other\n\n\n## Import\n\nCloudWatch Metric Alarm can be imported using the `alarm_name`, e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/metricAlarm:MetricAlarm test alarm-12345\n```\n\n ", + "properties": { + "actionsEnabled": { + "type": "boolean", + "description": "Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to `true`.\n" + }, + "alarmActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN).\n" + }, + "alarmDescription": { + "type": "string", + "description": "The description for the alarm.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the CloudWatch Metric Alarm.\n" + }, + "comparisonOperator": { + "type": "string", + "description": "The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: `GreaterThanOrEqualToThreshold`, `GreaterThanThreshold`, `LessThanThreshold`, `LessThanOrEqualToThreshold`. Additionally, the values `LessThanLowerOrGreaterThanUpperThreshold`, `LessThanLowerThreshold`, and `GreaterThanUpperThreshold` are used only for alarms based on anomaly detection models.\n" + }, + "datapointsToAlarm": { + "type": "integer", + "description": "The number of datapoints that must be breaching to trigger the alarm.\n" + }, + "dimensions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The dimensions for this metric. For the list of available dimensions see the AWS documentation [here](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n" + }, + "evaluateLowSampleCountPercentiles": { + "type": "string", + "description": "Used only for alarms\nbased on percentiles. If you specify `ignore`, the alarm state will not\nchange during periods with too few data points to be statistically significant.\nIf you specify `evaluate` or omit this parameter, the alarm will always be\nevaluated and possibly change state no matter how many data points are available.\nThe following values are supported: `ignore`, and `evaluate`.\n" + }, + "evaluationPeriods": { + "type": "integer", + "description": "The number of periods over which data is compared to the specified threshold.\n" + }, + "extendedStatistic": { + "type": "string", + "description": "The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100.\n" + }, + "insufficientDataActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN).\n" + }, + "metricName": { + "type": "string", + "description": "The name for this metric.\nSee docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n" + }, + "metricQueries": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/MetricAlarmMetricQuery:MetricAlarmMetricQuery" + }, + "description": "Enables you to create an alarm based on a metric math expression. You may specify at most 20.\n" + }, + "name": { + "type": "string", + "description": "The descriptive name for the alarm. This name must be unique within the user's AWS account\n" + }, + "namespace": { + "type": "string", + "description": "The namespace for this metric. See docs for the [list of namespaces](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html).\nSee docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n" + }, + "okActions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN).\n" + }, + "period": { + "type": "integer", + "description": "The period in seconds over which the specified `stat` is applied.\n" + }, + "statistic": { + "type": "string", + "description": "The statistic to apply to the alarm's associated metric.\nEither of the following is supported: `SampleCount`, `Average`, `Sum`, `Minimum`, `Maximum`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "threshold": { + "type": "number", + "description": "The value against which the specified statistic is compared. This parameter is required for alarms based on static thresholds, but should not be used for alarms based on anomaly detection models.\n" + }, + "thresholdMetricId": { + "type": "string", + "description": "If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY_DETECTION_BAND function.\n" + }, + "treatMissingData": { + "type": "string", + "description": "Sets how this alarm is to handle missing data points. The following values are supported: `missing`, `ignore`, `breaching` and `notBreaching`. Defaults to `missing`.\n" + }, + "unit": { + "type": "string", + "description": "The unit for this metric.\n" + } + }, + "required": [ + "name", + "arn", + "comparisonOperator", + "evaluateLowSampleCountPercentiles", + "evaluationPeriods", + "tagsAll" + ], + "inputProperties": { + "actionsEnabled": { + "type": "boolean", + "description": "Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to `true`.\n" + }, + "alarmActions": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:sns/topic:Topic" + } + ] + }, + "description": "The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN).\n" + }, + "alarmDescription": { + "type": "string", + "description": "The description for the alarm.\n" + }, + "comparisonOperator": { + "type": "string", + "description": "The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: `GreaterThanOrEqualToThreshold`, `GreaterThanThreshold`, `LessThanThreshold`, `LessThanOrEqualToThreshold`. Additionally, the values `LessThanLowerOrGreaterThanUpperThreshold`, `LessThanLowerThreshold`, and `GreaterThanUpperThreshold` are used only for alarms based on anomaly detection models.\n" + }, + "datapointsToAlarm": { + "type": "integer", + "description": "The number of datapoints that must be breaching to trigger the alarm.\n" + }, + "dimensions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The dimensions for this metric. For the list of available dimensions see the AWS documentation [here](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n" + }, + "evaluateLowSampleCountPercentiles": { + "type": "string", + "description": "Used only for alarms\nbased on percentiles. If you specify `ignore`, the alarm state will not\nchange during periods with too few data points to be statistically significant.\nIf you specify `evaluate` or omit this parameter, the alarm will always be\nevaluated and possibly change state no matter how many data points are available.\nThe following values are supported: `ignore`, and `evaluate`.\n" + }, + "evaluationPeriods": { + "type": "integer", + "description": "The number of periods over which data is compared to the specified threshold.\n" + }, + "extendedStatistic": { + "type": "string", + "description": "The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100.\n" + }, + "insufficientDataActions": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:sns/topic:Topic" + } + ] + }, + "description": "The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN).\n" + }, + "metricName": { + "type": "string", + "description": "The name for this metric.\nSee docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n" + }, + "metricQueries": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/MetricAlarmMetricQuery:MetricAlarmMetricQuery" + }, + "description": "Enables you to create an alarm based on a metric math expression. You may specify at most 20.\n" + }, + "name": { + "type": "string", + "description": "The descriptive name for the alarm. This name must be unique within the user's AWS account\n" + }, + "namespace": { + "type": "string", + "description": "The namespace for this metric. See docs for the [list of namespaces](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html).\nSee docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n" + }, + "okActions": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:sns/topic:Topic" + } + ] + }, + "description": "The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN).\n" + }, + "period": { + "type": "integer", + "description": "The period in seconds over which the specified `stat` is applied.\n" + }, + "statistic": { + "type": "string", + "description": "The statistic to apply to the alarm's associated metric.\nEither of the following is supported: `SampleCount`, `Average`, `Sum`, `Minimum`, `Maximum`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "threshold": { + "type": "number", + "description": "The value against which the specified statistic is compared. This parameter is required for alarms based on static thresholds, but should not be used for alarms based on anomaly detection models.\n" + }, + "thresholdMetricId": { + "type": "string", + "description": "If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY_DETECTION_BAND function.\n" + }, + "treatMissingData": { + "type": "string", + "description": "Sets how this alarm is to handle missing data points. The following values are supported: `missing`, `ignore`, `breaching` and `notBreaching`. Defaults to `missing`.\n" + }, + "unit": { + "type": "string", + "description": "The unit for this metric.\n" + } + }, + "requiredInputs": [ + "comparisonOperator", + "evaluationPeriods" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MetricAlarm resources.\n", + "properties": { + "actionsEnabled": { + "type": "boolean", + "description": "Indicates whether or not actions should be executed during any changes to the alarm's state. Defaults to `true`.\n" + }, + "alarmActions": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:sns/topic:Topic" + } + ] + }, + "description": "The list of actions to execute when this alarm transitions into an ALARM state from any other state. Each action is specified as an Amazon Resource Name (ARN).\n" + }, + "alarmDescription": { + "type": "string", + "description": "The description for the alarm.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the CloudWatch Metric Alarm.\n" + }, + "comparisonOperator": { + "type": "string", + "description": "The arithmetic operation to use when comparing the specified Statistic and Threshold. The specified Statistic value is used as the first operand. Either of the following is supported: `GreaterThanOrEqualToThreshold`, `GreaterThanThreshold`, `LessThanThreshold`, `LessThanOrEqualToThreshold`. Additionally, the values `LessThanLowerOrGreaterThanUpperThreshold`, `LessThanLowerThreshold`, and `GreaterThanUpperThreshold` are used only for alarms based on anomaly detection models.\n" + }, + "datapointsToAlarm": { + "type": "integer", + "description": "The number of datapoints that must be breaching to trigger the alarm.\n" + }, + "dimensions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The dimensions for this metric. For the list of available dimensions see the AWS documentation [here](http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n" + }, + "evaluateLowSampleCountPercentiles": { + "type": "string", + "description": "Used only for alarms\nbased on percentiles. If you specify `ignore`, the alarm state will not\nchange during periods with too few data points to be statistically significant.\nIf you specify `evaluate` or omit this parameter, the alarm will always be\nevaluated and possibly change state no matter how many data points are available.\nThe following values are supported: `ignore`, and `evaluate`.\n" + }, + "evaluationPeriods": { + "type": "integer", + "description": "The number of periods over which data is compared to the specified threshold.\n" + }, + "extendedStatistic": { + "type": "string", + "description": "The percentile statistic for the metric associated with the alarm. Specify a value between p0.0 and p100.\n" + }, + "insufficientDataActions": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:sns/topic:Topic" + } + ] + }, + "description": "The list of actions to execute when this alarm transitions into an INSUFFICIENT_DATA state from any other state. Each action is specified as an Amazon Resource Name (ARN).\n" + }, + "metricName": { + "type": "string", + "description": "The name for this metric.\nSee docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n" + }, + "metricQueries": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/MetricAlarmMetricQuery:MetricAlarmMetricQuery" + }, + "description": "Enables you to create an alarm based on a metric math expression. You may specify at most 20.\n" + }, + "name": { + "type": "string", + "description": "The descriptive name for the alarm. This name must be unique within the user's AWS account\n" + }, + "namespace": { + "type": "string", + "description": "The namespace for this metric. See docs for the [list of namespaces](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/aws-namespaces.html).\nSee docs for [supported metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/CW_Support_For_AWS.html).\n" + }, + "okActions": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:sns/topic:Topic" + } + ] + }, + "description": "The list of actions to execute when this alarm transitions into an OK state from any other state. Each action is specified as an Amazon Resource Name (ARN).\n" + }, + "period": { + "type": "integer", + "description": "The period in seconds over which the specified `stat` is applied.\n" + }, + "statistic": { + "type": "string", + "description": "The statistic to apply to the alarm's associated metric.\nEither of the following is supported: `SampleCount`, `Average`, `Sum`, `Minimum`, `Maximum`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "threshold": { + "type": "number", + "description": "The value against which the specified statistic is compared. This parameter is required for alarms based on static thresholds, but should not be used for alarms based on anomaly detection models.\n" + }, + "thresholdMetricId": { + "type": "string", + "description": "If this is an alarm based on an anomaly detection model, make this value match the ID of the ANOMALY_DETECTION_BAND function.\n" + }, + "treatMissingData": { + "type": "string", + "description": "Sets how this alarm is to handle missing data points. The following values are supported: `missing`, `ignore`, `breaching` and `notBreaching`. Defaults to `missing`.\n" + }, + "unit": { + "type": "string", + "description": "The unit for this metric.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/metricStream:MetricStream": { + "description": "Provides a CloudWatch Metric Stream resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nconst metricStreamToFirehoseRole = new aws.iam.Role(\"metricStreamToFirehoseRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"streams.metrics.cloudwatch.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst bucket = new aws.s3.Bucket(\"bucket\", {acl: \"private\"});\nconst firehoseToS3Role = new aws.iam.Role(\"firehoseToS3Role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"firehose.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst s3Stream = new aws.kinesis.FirehoseDeliveryStream(\"s3Stream\", {\n destination: \"s3\",\n s3Configuration: {\n roleArn: firehoseToS3Role.arn,\n bucketArn: bucket.arn,\n },\n});\nconst main = new aws.cloudwatch.MetricStream(\"main\", {\n roleArn: metricStreamToFirehoseRole.arn,\n firehoseArn: s3Stream.arn,\n outputFormat: \"json\",\n includeFilters: [\n {\n namespace: \"AWS/EC2\",\n },\n {\n namespace: \"AWS/EBS\",\n },\n ],\n});\n// https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nconst metricStreamToFirehoseRolePolicy = new aws.iam.RolePolicy(\"metricStreamToFirehoseRolePolicy\", {\n role: metricStreamToFirehoseRole.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"firehose:PutRecord\",\n \"firehose:PutRecordBatch\"\n ],\n \"Resource\": \"${s3Stream.arn}\"\n }\n ]\n}\n`,\n});\nconst firehoseToS3RolePolicy = new aws.iam.RolePolicy(\"firehoseToS3RolePolicy\", {\n role: firehoseToS3Role.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:AbortMultipartUpload\",\n \"s3:GetBucketLocation\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"${bucket.arn}\",\n \"${bucket.arn}/*\"\n ]\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nmetric_stream_to_firehose_role = aws.iam.Role(\"metricStreamToFirehoseRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"streams.metrics.cloudwatch.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\nbucket = aws.s3.Bucket(\"bucket\", acl=\"private\")\nfirehose_to_s3_role = aws.iam.Role(\"firehoseToS3Role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"firehose.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ns3_stream = aws.kinesis.FirehoseDeliveryStream(\"s3Stream\",\n destination=\"s3\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamS3ConfigurationArgs(\n role_arn=firehose_to_s3_role.arn,\n bucket_arn=bucket.arn,\n ))\nmain = aws.cloudwatch.MetricStream(\"main\",\n role_arn=metric_stream_to_firehose_role.arn,\n firehose_arn=s3_stream.arn,\n output_format=\"json\",\n include_filters=[\n aws.cloudwatch.MetricStreamIncludeFilterArgs(\n namespace=\"AWS/EC2\",\n ),\n aws.cloudwatch.MetricStreamIncludeFilterArgs(\n namespace=\"AWS/EBS\",\n ),\n ])\n# https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\nmetric_stream_to_firehose_role_policy = aws.iam.RolePolicy(\"metricStreamToFirehoseRolePolicy\",\n role=metric_stream_to_firehose_role.id,\n policy=s3_stream.arn.apply(lambda arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"firehose:PutRecord\",\n \"firehose:PutRecordBatch\"\n ],\n \"Resource\": \"{arn}\"\n }}\n ]\n}}\n\"\"\"))\nfirehose_to_s3_role_policy = aws.iam.RolePolicy(\"firehoseToS3RolePolicy\",\n role=firehose_to_s3_role.id,\n policy=pulumi.Output.all(bucket.arn, bucket.arn).apply(lambda bucketArn, bucketArn1: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:AbortMultipartUpload\",\n \"s3:GetBucketLocation\",\n \"s3:GetObject\",\n \"s3:ListBucket\",\n \"s3:ListBucketMultipartUploads\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"{bucket_arn}\",\n \"{bucket_arn1}/*\"\n ]\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n var metricStreamToFirehoseRole = new Aws.Iam.Role(\"metricStreamToFirehoseRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"streams.metrics.cloudwatch.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var firehoseToS3Role = new Aws.Iam.Role(\"firehoseToS3Role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"firehose.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var s3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"s3Stream\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"s3\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs\n {\n RoleArn = firehoseToS3Role.Arn,\n BucketArn = bucket.Arn,\n },\n });\n var main = new Aws.CloudWatch.MetricStream(\"main\", new Aws.CloudWatch.MetricStreamArgs\n {\n RoleArn = metricStreamToFirehoseRole.Arn,\n FirehoseArn = s3Stream.Arn,\n OutputFormat = \"json\",\n IncludeFilters = \n {\n new Aws.CloudWatch.Inputs.MetricStreamIncludeFilterArgs\n {\n Namespace = \"AWS/EC2\",\n },\n new Aws.CloudWatch.Inputs.MetricStreamIncludeFilterArgs\n {\n Namespace = \"AWS/EBS\",\n },\n },\n });\n // https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html\n var metricStreamToFirehoseRolePolicy = new Aws.Iam.RolePolicy(\"metricStreamToFirehoseRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = metricStreamToFirehoseRole.Id,\n Policy = s3Stream.Arn.Apply(arn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"firehose:PutRecord\"\",\n \"\"firehose:PutRecordBatch\"\"\n ],\n \"\"Resource\"\": \"\"{arn}\"\"\n }}\n ]\n}}\n\"),\n });\n var firehoseToS3RolePolicy = new Aws.Iam.RolePolicy(\"firehoseToS3RolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = firehoseToS3Role.Id,\n Policy = Output.Tuple(bucket.Arn, bucket.Arn).Apply(values =>\n {\n var bucketArn = values.Item1;\n var bucketArn1 = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"s3:AbortMultipartUpload\"\",\n \"\"s3:GetBucketLocation\"\",\n \"\"s3:GetObject\"\",\n \"\"s3:ListBucket\"\",\n \"\"s3:ListBucketMultipartUploads\"\",\n \"\"s3:PutObject\"\"\n ],\n \"\"Resource\"\": [\n \"\"{bucketArn}\"\",\n \"\"{bucketArn1}/*\"\"\n ]\n }}\n ]\n}}\n\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmetricStreamToFirehoseRole, err := iam.NewRole(ctx, \"metricStreamToFirehoseRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"streams.metrics.cloudwatch.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseToS3Role, err := iam.NewRole(ctx, \"firehoseToS3Role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"firehose.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3Stream, err := kinesis.NewFirehoseDeliveryStream(ctx, \"s3Stream\", &kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tDestination: pulumi.String(\"s3\"),\n\t\t\tS3Configuration: &kinesis.FirehoseDeliveryStreamS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseToS3Role.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewMetricStream(ctx, \"main\", &cloudwatch.MetricStreamArgs{\n\t\t\tRoleArn: metricStreamToFirehoseRole.Arn,\n\t\t\tFirehoseArn: s3Stream.Arn,\n\t\t\tOutputFormat: pulumi.String(\"json\"),\n\t\t\tIncludeFilters: cloudwatch.MetricStreamIncludeFilterArray{\n\t\t\t\t&cloudwatch.MetricStreamIncludeFilterArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\t\t},\n\t\t\t\t&cloudwatch.MetricStreamIncludeFilterArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"AWS/EBS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"metricStreamToFirehoseRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: metricStreamToFirehoseRole.ID(),\n\t\t\tPolicy: s3Stream.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"firehose:PutRecord\\\",\\n\", \" \\\"firehose:PutRecordBatch\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"\", arn, \"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehoseToS3RolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: firehoseToS3Role.ID(),\n\t\t\tPolicy: pulumi.All(bucket.Arn, bucket.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tbucketArn := _args[0].(string)\n\t\t\t\tbucketArn1 := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:AbortMultipartUpload\\\",\\n\", \" \\\"s3:GetBucketLocation\\\",\\n\", \" \\\"s3:GetObject\\\",\\n\", \" \\\"s3:ListBucket\\\",\\n\", \" \\\"s3:ListBucketMultipartUploads\\\",\\n\", \" \\\"s3:PutObject\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"\", bucketArn, \"\\\",\\n\", \" \\\"\", bucketArn1, \"/*\\\"\\n\", \" ]\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudWatch metric streams can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:cloudwatch/metricStream:MetricStream sample \n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the metric stream.\n" + }, + "creationDate": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the metric stream was created.\n" + }, + "excludeFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/MetricStreamExcludeFilter:MetricStreamExcludeFilter" + }, + "description": "List of exclusive metric filters. If you specify this parameter, the stream sends metrics from all metric namespaces except for the namespaces that you specify here. Conflicts with `include_filter`.\n" + }, + "firehoseArn": { + "type": "string", + "description": "ARN of the Amazon Kinesis Firehose delivery stream to use for this metric stream.\n" + }, + "includeFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/MetricStreamIncludeFilter:MetricStreamIncludeFilter" + }, + "description": "List of inclusive metric filters. If you specify this parameter, the stream sends only the metrics from the metric namespaces that you specify here. Conflicts with `exclude_filter`.\n" + }, + "lastUpdateDate": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the metric stream was last updated.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "outputFormat": { + "type": "string", + "description": "Output format for the stream. Possible values are `json` and `opentelemetry0.7`. For more information about output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html).\n" + }, + "roleArn": { + "type": "string", + "description": "ARN of the IAM role that this metric stream will use to access Amazon Kinesis Firehose resources. For more information about role permissions, see [Trust between CloudWatch and Kinesis Data Firehose](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html).\n" + }, + "state": { + "type": "string", + "description": "State of the metric stream. Possible values are `running` and `stopped`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "creationDate", + "firehoseArn", + "lastUpdateDate", + "name", + "namePrefix", + "outputFormat", + "roleArn", + "state", + "tagsAll" + ], + "inputProperties": { + "excludeFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/MetricStreamExcludeFilter:MetricStreamExcludeFilter" + }, + "description": "List of exclusive metric filters. If you specify this parameter, the stream sends metrics from all metric namespaces except for the namespaces that you specify here. Conflicts with `include_filter`.\n" + }, + "firehoseArn": { + "type": "string", + "description": "ARN of the Amazon Kinesis Firehose delivery stream to use for this metric stream.\n" + }, + "includeFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/MetricStreamIncludeFilter:MetricStreamIncludeFilter" + }, + "description": "List of inclusive metric filters. If you specify this parameter, the stream sends only the metrics from the metric namespaces that you specify here. Conflicts with `exclude_filter`.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "outputFormat": { + "type": "string", + "description": "Output format for the stream. Possible values are `json` and `opentelemetry0.7`. For more information about output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html).\n" + }, + "roleArn": { + "type": "string", + "description": "ARN of the IAM role that this metric stream will use to access Amazon Kinesis Firehose resources. For more information about role permissions, see [Trust between CloudWatch and Kinesis Data Firehose](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "firehoseArn", + "outputFormat", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MetricStream resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the metric stream.\n" + }, + "creationDate": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the metric stream was created.\n" + }, + "excludeFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/MetricStreamExcludeFilter:MetricStreamExcludeFilter" + }, + "description": "List of exclusive metric filters. If you specify this parameter, the stream sends metrics from all metric namespaces except for the namespaces that you specify here. Conflicts with `include_filter`.\n" + }, + "firehoseArn": { + "type": "string", + "description": "ARN of the Amazon Kinesis Firehose delivery stream to use for this metric stream.\n" + }, + "includeFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudwatch/MetricStreamIncludeFilter:MetricStreamIncludeFilter" + }, + "description": "List of inclusive metric filters. If you specify this parameter, the stream sends only the metrics from the metric namespaces that you specify here. Conflicts with `exclude_filter`.\n" + }, + "lastUpdateDate": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the metric stream was last updated.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "outputFormat": { + "type": "string", + "description": "Output format for the stream. Possible values are `json` and `opentelemetry0.7`. For more information about output formats, see [Metric streams output formats](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-formats.html).\n" + }, + "roleArn": { + "type": "string", + "description": "ARN of the IAM role that this metric stream will use to access Amazon Kinesis Firehose resources. For more information about role permissions, see [Trust between CloudWatch and Kinesis Data Firehose](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch-metric-streams-trustpolicy.html).\n" + }, + "state": { + "type": "string", + "description": "State of the metric stream. Possible values are `running` and `stopped`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:cloudwatch/queryDefinition:QueryDefinition": { + "description": "Provides a CloudWatch Logs query definition resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cloudwatch.QueryDefinition(\"example\", {\n logGroupNames: [\n \"/aws/logGroup1\",\n \"/aws/logGroup2\",\n ],\n queryString: `fields @timestamp, @message\n| sort @timestamp desc\n| limit 25\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.QueryDefinition(\"example\",\n log_group_names=[\n \"/aws/logGroup1\",\n \"/aws/logGroup2\",\n ],\n query_string=\"\"\"fields @timestamp, @message\n| sort @timestamp desc\n| limit 25\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CloudWatch.QueryDefinition(\"example\", new Aws.CloudWatch.QueryDefinitionArgs\n {\n LogGroupNames = \n {\n \"/aws/logGroup1\",\n \"/aws/logGroup2\",\n },\n QueryString = @\"fields @timestamp, @message\n| sort @timestamp desc\n| limit 25\n\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.NewQueryDefinition(ctx, \"example\", &cloudwatch.QueryDefinitionArgs{\n\t\t\tLogGroupNames: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"/aws/logGroup1\"),\n\t\t\t\tpulumi.String(\"/aws/logGroup2\"),\n\t\t\t},\n\t\t\tQueryString: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"fields @timestamp, @message\\n\", \"| sort @timestamp desc\\n\", \"| limit 25\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCloudWatch query definitions can be imported using the query definition ARN. The ARN can be found on the \"Edit Query\" page for the query in the AWS Console.\n\n```sh\n $ pulumi import aws:cloudwatch/queryDefinition:QueryDefinition example arn:aws:logs:us-west-2:123456789012:query-definition:269951d7-6f75-496d-9d7b-6b7a5486bdbd\n```\n\n ", + "properties": { + "logGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specific log groups to use with the query.\n" + }, + "name": { + "type": "string", + "description": "The name of the query.\n" + }, + "queryDefinitionId": { + "type": "string", + "description": "The query definition ID.\n" + }, + "queryString": { + "type": "string", + "description": "The query to save. You can read more about CloudWatch Logs Query Syntax in the [documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html).\n" + } + }, + "required": [ + "name", + "queryDefinitionId", + "queryString" + ], + "inputProperties": { + "logGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specific log groups to use with the query.\n" + }, + "name": { + "type": "string", + "description": "The name of the query.\n" + }, + "queryString": { + "type": "string", + "description": "The query to save. You can read more about CloudWatch Logs Query Syntax in the [documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html).\n" + } + }, + "requiredInputs": [ + "queryString" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering QueryDefinition resources.\n", + "properties": { + "logGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specific log groups to use with the query.\n" + }, + "name": { + "type": "string", + "description": "The name of the query.\n" + }, + "queryDefinitionId": { + "type": "string", + "description": "The query definition ID.\n" + }, + "queryString": { + "type": "string", + "description": "The query to save. You can read more about CloudWatch Logs Query Syntax in the [documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/CWL_QuerySyntax.html).\n" + } + }, + "type": "object" + } + }, + "aws:codeartifact/domain:Domain": { + "description": "Provides a CodeArtifact Domain Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codeartifact.Domain(\"example\", {\n domain: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codeartifact.Domain(\"example\", domain=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CodeArtifact.Domain(\"example\", new Aws.CodeArtifact.DomainArgs\n {\n Domain = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codeartifact\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codeartifact.NewDomain(ctx, \"example\", &codeartifact.DomainArgs{\n\t\t\tDomain: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeArtifact Domain can be imported using the CodeArtifact Domain arn, e.g.\n\n```sh\n $ pulumi import aws:codeartifact/domain:Domain example arn:aws:codeartifact:us-west-2:012345678912:domain/tf-acc-test-8593714120730241305\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of Domain.\n" + }, + "assetSizeBytes": { + "type": "integer", + "description": "The total size of all assets in the domain.\n" + }, + "createdTime": { + "type": "string", + "description": "A timestamp that represents the date and time the domain was created in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "domain": { + "type": "string", + "description": "The name of the domain to create. All domain names in an AWS Region that are in the same AWS account must be unique. The domain name is used as the prefix in DNS hostnames. Do not use sensitive information in a domain name because it is publicly discoverable.\n", + "language": { + "csharp": { + "name": "DomainName" + } + } + }, + "encryptionKey": { + "type": "string", + "description": "The encryption key for the domain. This is used to encrypt content stored in a domain. The KMS Key Amazon Resource Name (ARN). The default aws/codeartifact AWS KMS master key is used if this element is absent.\n" + }, + "owner": { + "type": "string", + "description": "The AWS account ID that owns the domain.\n" + }, + "repositoryCount": { + "type": "integer", + "description": "The number of repositories in the domain.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "assetSizeBytes", + "createdTime", + "domain", + "encryptionKey", + "owner", + "repositoryCount", + "tagsAll" + ], + "inputProperties": { + "domain": { + "type": "string", + "description": "The name of the domain to create. All domain names in an AWS Region that are in the same AWS account must be unique. The domain name is used as the prefix in DNS hostnames. Do not use sensitive information in a domain name because it is publicly discoverable.\n", + "language": { + "csharp": { + "name": "DomainName" + } + } + }, + "encryptionKey": { + "type": "string", + "description": "The encryption key for the domain. This is used to encrypt content stored in a domain. The KMS Key Amazon Resource Name (ARN). The default aws/codeartifact AWS KMS master key is used if this element is absent.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "domain" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Domain resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of Domain.\n" + }, + "assetSizeBytes": { + "type": "integer", + "description": "The total size of all assets in the domain.\n" + }, + "createdTime": { + "type": "string", + "description": "A timestamp that represents the date and time the domain was created in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "domain": { + "type": "string", + "description": "The name of the domain to create. All domain names in an AWS Region that are in the same AWS account must be unique. The domain name is used as the prefix in DNS hostnames. Do not use sensitive information in a domain name because it is publicly discoverable.\n", + "language": { + "csharp": { + "name": "DomainName" + } + } + }, + "encryptionKey": { + "type": "string", + "description": "The encryption key for the domain. This is used to encrypt content stored in a domain. The KMS Key Amazon Resource Name (ARN). The default aws/codeartifact AWS KMS master key is used if this element is absent.\n" + }, + "owner": { + "type": "string", + "description": "The AWS account ID that owns the domain.\n" + }, + "repositoryCount": { + "type": "integer", + "description": "The number of repositories in the domain.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:codeartifact/domainPermissions:DomainPermissions": { + "description": "Provides a CodeArtifact Domains Permissions Policy Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {description: \"domain key\"});\nconst exampleDomain = new aws.codeartifact.Domain(\"exampleDomain\", {\n domain: \"example.com\",\n encryptionKey: exampleKey.arn,\n});\nconst test = new aws.codeartifact.DomainPermissions(\"test\", {\n domain: exampleDomain.domain,\n policyDocument: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"codeartifact:CreateRepository\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Resource\": \"${exampleDomain.arn}\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_key = aws.kms.Key(\"exampleKey\", description=\"domain key\")\nexample_domain = aws.codeartifact.Domain(\"exampleDomain\",\n domain=\"example.com\",\n encryption_key=example_key.arn)\ntest = aws.codeartifact.DomainPermissions(\"test\",\n domain=example_domain.domain,\n policy_document=example_domain.arn.apply(lambda arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": \"codeartifact:CreateRepository\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Resource\": \"{arn}\"\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new Aws.Kms.KeyArgs\n {\n Description = \"domain key\",\n });\n var exampleDomain = new Aws.CodeArtifact.Domain(\"exampleDomain\", new Aws.CodeArtifact.DomainArgs\n {\n Domain = \"example.com\",\n EncryptionKey = exampleKey.Arn,\n });\n var test = new Aws.CodeArtifact.DomainPermissions(\"test\", new Aws.CodeArtifact.DomainPermissionsArgs\n {\n Domain = exampleDomain.DomainName,\n PolicyDocument = exampleDomain.Arn.Apply(arn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": \"\"codeartifact:CreateRepository\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Resource\"\": \"\"{arn}\"\"\n }}\n ]\n}}\n\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codeartifact\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"domain key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDomain, err := codeartifact.NewDomain(ctx, \"exampleDomain\", &codeartifact.DomainArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t\tEncryptionKey: exampleKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codeartifact.NewDomainPermissions(ctx, \"test\", &codeartifact.DomainPermissionsArgs{\n\t\t\tDomain: exampleDomain.Domain,\n\t\t\tPolicyDocument: exampleDomain.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"codeartifact:CreateRepository\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": \\\"*\\\",\\n\", \" \\\"Resource\\\": \\\"\", arn, \"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeArtifact Domain Permissions Policies can be imported using the CodeArtifact Domain ARN, e.g.\n\n```sh\n $ pulumi import aws:codeartifact/domainPermissions:DomainPermissions example arn:aws:codeartifact:us-west-2:012345678912:domain/tf-acc-test-1928056699409417367\n```\n\n ", + "properties": { + "domain": { + "type": "string", + "description": "The name of the domain on which to set the resource policy.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "policyDocument": { + "type": "string", + "description": "A JSON policy string to be set as the access control resource policy on the provided domain.\n" + }, + "policyRevision": { + "type": "string", + "description": "The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.\n" + }, + "resourceArn": { + "type": "string", + "description": "The ARN of the resource associated with the resource policy.\n" + } + }, + "required": [ + "domain", + "domainOwner", + "policyDocument", + "policyRevision", + "resourceArn" + ], + "inputProperties": { + "domain": { + "type": "string", + "description": "The name of the domain on which to set the resource policy.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "policyDocument": { + "type": "string", + "description": "A JSON policy string to be set as the access control resource policy on the provided domain.\n" + }, + "policyRevision": { + "type": "string", + "description": "The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.\n" + } + }, + "requiredInputs": [ + "domain", + "policyDocument" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DomainPermissions resources.\n", + "properties": { + "domain": { + "type": "string", + "description": "The name of the domain on which to set the resource policy.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "policyDocument": { + "type": "string", + "description": "A JSON policy string to be set as the access control resource policy on the provided domain.\n" + }, + "policyRevision": { + "type": "string", + "description": "The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.\n" + }, + "resourceArn": { + "type": "string", + "description": "The ARN of the resource associated with the resource policy.\n" + } + }, + "type": "object" + } + }, + "aws:codeartifact/repository:Repository": { + "description": "Provides a CodeArtifact Repository Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {description: \"domain key\"});\nconst exampleDomain = new aws.codeartifact.Domain(\"exampleDomain\", {\n domain: \"example\",\n encryptionKey: exampleKey.arn,\n});\nconst test = new aws.codeartifact.Repository(\"test\", {\n repository: \"example\",\n domain: exampleDomain.domain,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_key = aws.kms.Key(\"exampleKey\", description=\"domain key\")\nexample_domain = aws.codeartifact.Domain(\"exampleDomain\",\n domain=\"example\",\n encryption_key=example_key.arn)\ntest = aws.codeartifact.Repository(\"test\",\n repository=\"example\",\n domain=example_domain.domain)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new Aws.Kms.KeyArgs\n {\n Description = \"domain key\",\n });\n var exampleDomain = new Aws.CodeArtifact.Domain(\"exampleDomain\", new Aws.CodeArtifact.DomainArgs\n {\n Domain = \"example\",\n EncryptionKey = exampleKey.Arn,\n });\n var test = new Aws.CodeArtifact.Repository(\"test\", new Aws.CodeArtifact.RepositoryArgs\n {\n Repository = \"example\",\n Domain = exampleDomain.DomainName,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codeartifact\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"domain key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDomain, err := codeartifact.NewDomain(ctx, \"exampleDomain\", &codeartifact.DomainArgs{\n\t\t\tDomain: pulumi.String(\"example\"),\n\t\t\tEncryptionKey: exampleKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codeartifact.NewRepository(ctx, \"test\", &codeartifact.RepositoryArgs{\n\t\t\tRepository: pulumi.String(\"example\"),\n\t\t\tDomain: exampleDomain.Domain,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### With Upstream Repository\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst upstream = new aws.codeartifact.Repository(\"upstream\", {\n repository: \"upstream\",\n domain: aws_codeartifact_domain.test.domain,\n});\nconst test = new aws.codeartifact.Repository(\"test\", {\n repository: \"example\",\n domain: aws_codeartifact_domain.example.domain,\n upstreams: [{\n repositoryName: upstream.repository,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nupstream = aws.codeartifact.Repository(\"upstream\",\n repository=\"upstream\",\n domain=aws_codeartifact_domain[\"test\"][\"domain\"])\ntest = aws.codeartifact.Repository(\"test\",\n repository=\"example\",\n domain=aws_codeartifact_domain[\"example\"][\"domain\"],\n upstreams=[aws.codeartifact.RepositoryUpstreamArgs(\n repository_name=upstream.repository,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var upstream = new Aws.CodeArtifact.Repository(\"upstream\", new Aws.CodeArtifact.RepositoryArgs\n {\n Repository = \"upstream\",\n Domain = aws_codeartifact_domain.Test.Domain,\n });\n var test = new Aws.CodeArtifact.Repository(\"test\", new Aws.CodeArtifact.RepositoryArgs\n {\n Repository = \"example\",\n Domain = aws_codeartifact_domain.Example.Domain,\n Upstreams = \n {\n new Aws.CodeArtifact.Inputs.RepositoryUpstreamArgs\n {\n RepositoryName = upstream.RepositoryName,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codeartifact\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tupstream, err := codeartifact.NewRepository(ctx, \"upstream\", &codeartifact.RepositoryArgs{\n\t\t\tRepository: pulumi.String(\"upstream\"),\n\t\t\tDomain: pulumi.Any(aws_codeartifact_domain.Test.Domain),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codeartifact.NewRepository(ctx, \"test\", &codeartifact.RepositoryArgs{\n\t\t\tRepository: pulumi.String(\"example\"),\n\t\t\tDomain: pulumi.Any(aws_codeartifact_domain.Example.Domain),\n\t\t\tUpstreams: codeartifact.RepositoryUpstreamArray{\n\t\t\t\t&codeartifact.RepositoryUpstreamArgs{\n\t\t\t\t\tRepositoryName: upstream.Repository,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### With External Connection\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst upstream = new aws.codeartifact.Repository(\"upstream\", {\n repository: \"upstream\",\n domain: aws_codeartifact_domain.test.domain,\n});\nconst test = new aws.codeartifact.Repository(\"test\", {\n repository: \"example\",\n domain: aws_codeartifact_domain.example.domain,\n externalConnections: {\n externalConnectionName: \"public:npmjs\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nupstream = aws.codeartifact.Repository(\"upstream\",\n repository=\"upstream\",\n domain=aws_codeartifact_domain[\"test\"][\"domain\"])\ntest = aws.codeartifact.Repository(\"test\",\n repository=\"example\",\n domain=aws_codeartifact_domain[\"example\"][\"domain\"],\n external_connections=aws.codeartifact.RepositoryExternalConnectionsArgs(\n external_connection_name=\"public:npmjs\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var upstream = new Aws.CodeArtifact.Repository(\"upstream\", new Aws.CodeArtifact.RepositoryArgs\n {\n Repository = \"upstream\",\n Domain = aws_codeartifact_domain.Test.Domain,\n });\n var test = new Aws.CodeArtifact.Repository(\"test\", new Aws.CodeArtifact.RepositoryArgs\n {\n Repository = \"example\",\n Domain = aws_codeartifact_domain.Example.Domain,\n ExternalConnections = new Aws.CodeArtifact.Inputs.RepositoryExternalConnectionsArgs\n {\n ExternalConnectionName = \"public:npmjs\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codeartifact\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codeartifact.NewRepository(ctx, \"upstream\", &codeartifact.RepositoryArgs{\n\t\t\tRepository: pulumi.String(\"upstream\"),\n\t\t\tDomain: pulumi.Any(aws_codeartifact_domain.Test.Domain),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codeartifact.NewRepository(ctx, \"test\", &codeartifact.RepositoryArgs{\n\t\t\tRepository: pulumi.String(\"example\"),\n\t\t\tDomain: pulumi.Any(aws_codeartifact_domain.Example.Domain),\n\t\t\tExternalConnections: &codeartifact.RepositoryExternalConnectionsArgs{\n\t\t\t\tExternalConnectionName: pulumi.String(\"public:npmjs\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeArtifact Repository can be imported using the CodeArtifact Repository ARN, e.g.\n\n```sh\n $ pulumi import aws:codeartifact/repository:Repository example arn:aws:codeartifact:us-west-2:012345678912:repository/tf-acc-test-6968272603913957763/tf-acc-test-6968272603913957763\n```\n\n ", + "properties": { + "administratorAccount": { + "type": "string", + "description": "The account number of the AWS account that manages the repository.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the repository.\n" + }, + "description": { + "type": "string", + "description": "The description of the repository.\n" + }, + "domain": { + "type": "string", + "description": "The domain that contains the created repository.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "externalConnections": { + "$ref": "#/types/aws:codeartifact/RepositoryExternalConnections:RepositoryExternalConnections", + "description": "An array of external connections associated with the repository. Only one external connection can be set per repository. see External Connections.\n" + }, + "repository": { + "type": "string", + "description": "The name of the repository to create.\n", + "language": { + "csharp": { + "name": "RepositoryName" + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "upstreams": { + "type": "array", + "items": { + "$ref": "#/types/aws:codeartifact/RepositoryUpstream:RepositoryUpstream" + }, + "description": "A list of upstream repositories to associate with the repository. The order of the upstream repositories in the list determines their priority order when AWS CodeArtifact looks for a requested package version. see Upstream\n" + } + }, + "required": [ + "administratorAccount", + "arn", + "domain", + "domainOwner", + "repository", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the repository.\n" + }, + "domain": { + "type": "string", + "description": "The domain that contains the created repository.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "externalConnections": { + "$ref": "#/types/aws:codeartifact/RepositoryExternalConnections:RepositoryExternalConnections", + "description": "An array of external connections associated with the repository. Only one external connection can be set per repository. see External Connections.\n" + }, + "repository": { + "type": "string", + "description": "The name of the repository to create.\n", + "language": { + "csharp": { + "name": "RepositoryName" + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "upstreams": { + "type": "array", + "items": { + "$ref": "#/types/aws:codeartifact/RepositoryUpstream:RepositoryUpstream" + }, + "description": "A list of upstream repositories to associate with the repository. The order of the upstream repositories in the list determines their priority order when AWS CodeArtifact looks for a requested package version. see Upstream\n" + } + }, + "requiredInputs": [ + "domain", + "repository" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Repository resources.\n", + "properties": { + "administratorAccount": { + "type": "string", + "description": "The account number of the AWS account that manages the repository.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the repository.\n" + }, + "description": { + "type": "string", + "description": "The description of the repository.\n" + }, + "domain": { + "type": "string", + "description": "The domain that contains the created repository.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "externalConnections": { + "$ref": "#/types/aws:codeartifact/RepositoryExternalConnections:RepositoryExternalConnections", + "description": "An array of external connections associated with the repository. Only one external connection can be set per repository. see External Connections.\n" + }, + "repository": { + "type": "string", + "description": "The name of the repository to create.\n", + "language": { + "csharp": { + "name": "RepositoryName" + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "upstreams": { + "type": "array", + "items": { + "$ref": "#/types/aws:codeartifact/RepositoryUpstream:RepositoryUpstream" + }, + "description": "A list of upstream repositories to associate with the repository. The order of the upstream repositories in the list determines their priority order when AWS CodeArtifact looks for a requested package version. see Upstream\n" + } + }, + "type": "object" + } + }, + "aws:codeartifact/repositoryPermissionsPolicy:RepositoryPermissionsPolicy": { + "description": "Provides a CodeArtifact Repostory Permissions Policy Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {description: \"domain key\"});\nconst exampleDomain = new aws.codeartifact.Domain(\"exampleDomain\", {\n domain: \"example.com\",\n encryptionKey: exampleKey.arn,\n});\nconst exampleRepository = new aws.codeartifact.Repository(\"exampleRepository\", {\n repository: \"example\",\n domain: exampleDomain.domain,\n});\nconst exampleRepositoryPermissionsPolicy = new aws.codeartifact.RepositoryPermissionsPolicy(\"exampleRepositoryPermissionsPolicy\", {\n repository: exampleRepository.repository,\n domain: exampleDomain.domain,\n policyDocument: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"codeartifact:CreateRepository\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Resource\": \"${exampleDomain.arn}\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_key = aws.kms.Key(\"exampleKey\", description=\"domain key\")\nexample_domain = aws.codeartifact.Domain(\"exampleDomain\",\n domain=\"example.com\",\n encryption_key=example_key.arn)\nexample_repository = aws.codeartifact.Repository(\"exampleRepository\",\n repository=\"example\",\n domain=example_domain.domain)\nexample_repository_permissions_policy = aws.codeartifact.RepositoryPermissionsPolicy(\"exampleRepositoryPermissionsPolicy\",\n repository=example_repository.repository,\n domain=example_domain.domain,\n policy_document=example_domain.arn.apply(lambda arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": \"codeartifact:CreateRepository\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Resource\": \"{arn}\"\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new Aws.Kms.KeyArgs\n {\n Description = \"domain key\",\n });\n var exampleDomain = new Aws.CodeArtifact.Domain(\"exampleDomain\", new Aws.CodeArtifact.DomainArgs\n {\n Domain = \"example.com\",\n EncryptionKey = exampleKey.Arn,\n });\n var exampleRepository = new Aws.CodeArtifact.Repository(\"exampleRepository\", new Aws.CodeArtifact.RepositoryArgs\n {\n Repository = \"example\",\n Domain = exampleDomain.DomainName,\n });\n var exampleRepositoryPermissionsPolicy = new Aws.CodeArtifact.RepositoryPermissionsPolicy(\"exampleRepositoryPermissionsPolicy\", new Aws.CodeArtifact.RepositoryPermissionsPolicyArgs\n {\n Repository = exampleRepository.RepositoryName,\n Domain = exampleDomain.DomainName,\n PolicyDocument = exampleDomain.Arn.Apply(arn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": \"\"codeartifact:CreateRepository\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Resource\"\": \"\"{arn}\"\"\n }}\n ]\n}}\n\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codeartifact\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"domain key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleDomain, err := codeartifact.NewDomain(ctx, \"exampleDomain\", &codeartifact.DomainArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t\tEncryptionKey: exampleKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRepository, err := codeartifact.NewRepository(ctx, \"exampleRepository\", &codeartifact.RepositoryArgs{\n\t\t\tRepository: pulumi.String(\"example\"),\n\t\t\tDomain: exampleDomain.Domain,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codeartifact.NewRepositoryPermissionsPolicy(ctx, \"exampleRepositoryPermissionsPolicy\", &codeartifact.RepositoryPermissionsPolicyArgs{\n\t\t\tRepository: exampleRepository.Repository,\n\t\t\tDomain: exampleDomain.Domain,\n\t\t\tPolicyDocument: exampleDomain.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"codeartifact:CreateRepository\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": \\\"*\\\",\\n\", \" \\\"Resource\\\": \\\"\", arn, \"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeArtifact Repository Permissions Policies can be imported using the CodeArtifact Repository ARN, e.g.\n\n```sh\n $ pulumi import aws:codeartifact/repositoryPermissionsPolicy:RepositoryPermissionsPolicy example arn:aws:codeartifact:us-west-2:012345678912:repository/tf-acc-test-6968272603913957763/tf-acc-test-6968272603913957763\n```\n\n ", + "properties": { + "domain": { + "type": "string", + "description": "The name of the domain on which to set the resource policy.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "policyDocument": { + "type": "string", + "description": "A JSON policy string to be set as the access control resource policy on the provided domain.\n" + }, + "policyRevision": { + "type": "string", + "description": "The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.\n" + }, + "repository": { + "type": "string", + "description": "The name of the repository to set the resource policy on.\n" + }, + "resourceArn": { + "type": "string", + "description": "The ARN of the resource associated with the resource policy.\n" + } + }, + "required": [ + "domain", + "domainOwner", + "policyDocument", + "policyRevision", + "repository", + "resourceArn" + ], + "inputProperties": { + "domain": { + "type": "string", + "description": "The name of the domain on which to set the resource policy.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "policyDocument": { + "type": "string", + "description": "A JSON policy string to be set as the access control resource policy on the provided domain.\n" + }, + "policyRevision": { + "type": "string", + "description": "The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.\n" + }, + "repository": { + "type": "string", + "description": "The name of the repository to set the resource policy on.\n" + } + }, + "requiredInputs": [ + "domain", + "policyDocument", + "repository" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RepositoryPermissionsPolicy resources.\n", + "properties": { + "domain": { + "type": "string", + "description": "The name of the domain on which to set the resource policy.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "policyDocument": { + "type": "string", + "description": "A JSON policy string to be set as the access control resource policy on the provided domain.\n" + }, + "policyRevision": { + "type": "string", + "description": "The current revision of the resource policy to be set. This revision is used for optimistic locking, which prevents others from overwriting your changes to the domain's resource policy.\n" + }, + "repository": { + "type": "string", + "description": "The name of the repository to set the resource policy on.\n" + }, + "resourceArn": { + "type": "string", + "description": "The ARN of the resource associated with the resource policy.\n" + } + }, + "type": "object" + } + }, + "aws:codebuild/project:Project": { + "description": "Provides a CodeBuild Project resource. See also the `aws.codebuild.Webhook` resource, which manages the webhook to the source (e.g. the \"rebuild every time a code change is pushed\" option in the CodeBuild web console).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {acl: \"private\"});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"codebuild.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"exampleRolePolicy\", {\n role: exampleRole.name,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateNetworkInterfacePermission\"\n ],\n \"Resource\": [\n \"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"\n ],\n \"Condition\": {\n \"StringEquals\": {\n \"ec2:Subnet\": [\n \"${aws_subnet.example1.arn}\",\n \"${aws_subnet.example2.arn}\"\n ],\n \"ec2:AuthorizedService\": \"codebuild.amazonaws.com\"\n }\n }\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:*\"\n ],\n \"Resource\": [\n \"${exampleBucket.arn}\",\n \"${exampleBucket.arn}/*\"\n ]\n }\n ]\n}\n`,\n});\nconst exampleProject = new aws.codebuild.Project(\"exampleProject\", {\n description: \"test_codebuild_project\",\n buildTimeout: \"5\",\n serviceRole: exampleRole.arn,\n artifacts: {\n type: \"NO_ARTIFACTS\",\n },\n cache: {\n type: \"S3\",\n location: exampleBucket.bucket,\n },\n environment: {\n computeType: \"BUILD_GENERAL1_SMALL\",\n image: \"aws/codebuild/standard:1.0\",\n type: \"LINUX_CONTAINER\",\n imagePullCredentialsType: \"CODEBUILD\",\n environmentVariables: [\n {\n name: \"SOME_KEY1\",\n value: \"SOME_VALUE1\",\n },\n {\n name: \"SOME_KEY2\",\n value: \"SOME_VALUE2\",\n type: \"PARAMETER_STORE\",\n },\n ],\n },\n logsConfig: {\n cloudwatchLogs: {\n groupName: \"log-group\",\n streamName: \"log-stream\",\n },\n s3Logs: {\n status: \"ENABLED\",\n location: pulumi.interpolate`${exampleBucket.id}/build-log`,\n },\n },\n source: {\n type: \"GITHUB\",\n location: \"https://github.com/mitchellh/packer.git\",\n gitCloneDepth: 1,\n gitSubmodulesConfig: {\n fetchSubmodules: true,\n },\n },\n sourceVersion: \"master\",\n vpcConfig: {\n vpcId: aws_vpc.example.id,\n subnets: [\n aws_subnet.example1.id,\n aws_subnet.example2.id,\n ],\n securityGroupIds: [\n aws_security_group.example1.id,\n aws_security_group.example2.id,\n ],\n },\n tags: {\n Environment: \"Test\",\n },\n});\nconst project_with_cache = new aws.codebuild.Project(\"project-with-cache\", {\n description: \"test_codebuild_project_cache\",\n buildTimeout: \"5\",\n queuedTimeout: \"5\",\n serviceRole: exampleRole.arn,\n artifacts: {\n type: \"NO_ARTIFACTS\",\n },\n cache: {\n type: \"LOCAL\",\n modes: [\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n ],\n },\n environment: {\n computeType: \"BUILD_GENERAL1_SMALL\",\n image: \"aws/codebuild/standard:1.0\",\n type: \"LINUX_CONTAINER\",\n imagePullCredentialsType: \"CODEBUILD\",\n environmentVariables: [{\n name: \"SOME_KEY1\",\n value: \"SOME_VALUE1\",\n }],\n },\n source: {\n type: \"GITHUB\",\n location: \"https://github.com/mitchellh/packer.git\",\n gitCloneDepth: 1,\n },\n tags: {\n Environment: \"Test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3.Bucket(\"exampleBucket\", acl=\"private\")\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"codebuild.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\nexample_role_policy = aws.iam.RolePolicy(\"exampleRolePolicy\",\n role=example_role.name,\n policy=pulumi.Output.all(example_bucket.arn, example_bucket.arn).apply(lambda exampleBucketArn, exampleBucketArn1: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ],\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ]\n }},\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateNetworkInterface\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeVpcs\"\n ],\n \"Resource\": \"*\"\n }},\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateNetworkInterfacePermission\"\n ],\n \"Resource\": [\n \"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"\n ],\n \"Condition\": {{\n \"StringEquals\": {{\n \"ec2:Subnet\": [\n \"{aws_subnet[\"example1\"][\"arn\"]}\",\n \"{aws_subnet[\"example2\"][\"arn\"]}\"\n ],\n \"ec2:AuthorizedService\": \"codebuild.amazonaws.com\"\n }}\n }}\n }},\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"s3:*\"\n ],\n \"Resource\": [\n \"{example_bucket_arn}\",\n \"{example_bucket_arn1}/*\"\n ]\n }}\n ]\n}}\n\"\"\"))\nexample_project = aws.codebuild.Project(\"exampleProject\",\n description=\"test_codebuild_project\",\n build_timeout=5,\n service_role=example_role.arn,\n artifacts=aws.codebuild.ProjectArtifactsArgs(\n type=\"NO_ARTIFACTS\",\n ),\n cache=aws.codebuild.ProjectCacheArgs(\n type=\"S3\",\n location=example_bucket.bucket,\n ),\n environment=aws.codebuild.ProjectEnvironmentArgs(\n compute_type=\"BUILD_GENERAL1_SMALL\",\n image=\"aws/codebuild/standard:1.0\",\n type=\"LINUX_CONTAINER\",\n image_pull_credentials_type=\"CODEBUILD\",\n environment_variables=[\n aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY1\",\n value=\"SOME_VALUE1\",\n ),\n aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY2\",\n value=\"SOME_VALUE2\",\n type=\"PARAMETER_STORE\",\n ),\n ],\n ),\n logs_config=aws.codebuild.ProjectLogsConfigArgs(\n cloudwatch_logs=aws.codebuild.ProjectLogsConfigCloudwatchLogsArgs(\n group_name=\"log-group\",\n stream_name=\"log-stream\",\n ),\n s3_logs=aws.codebuild.ProjectLogsConfigS3LogsArgs(\n status=\"ENABLED\",\n location=example_bucket.id.apply(lambda id: f\"{id}/build-log\"),\n ),\n ),\n source=aws.codebuild.ProjectSourceArgs(\n type=\"GITHUB\",\n location=\"https://github.com/mitchellh/packer.git\",\n git_clone_depth=1,\n git_submodules_config=aws.codebuild.ProjectSourceGitSubmodulesConfigArgs(\n fetch_submodules=True,\n ),\n ),\n source_version=\"master\",\n vpc_config=aws.codebuild.ProjectVpcConfigArgs(\n vpc_id=aws_vpc[\"example\"][\"id\"],\n subnets=[\n aws_subnet[\"example1\"][\"id\"],\n aws_subnet[\"example2\"][\"id\"],\n ],\n security_group_ids=[\n aws_security_group[\"example1\"][\"id\"],\n aws_security_group[\"example2\"][\"id\"],\n ],\n ),\n tags={\n \"Environment\": \"Test\",\n })\nproject_with_cache = aws.codebuild.Project(\"project-with-cache\",\n description=\"test_codebuild_project_cache\",\n build_timeout=5,\n queued_timeout=5,\n service_role=example_role.arn,\n artifacts=aws.codebuild.ProjectArtifactsArgs(\n type=\"NO_ARTIFACTS\",\n ),\n cache=aws.codebuild.ProjectCacheArgs(\n type=\"LOCAL\",\n modes=[\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n ],\n ),\n environment=aws.codebuild.ProjectEnvironmentArgs(\n compute_type=\"BUILD_GENERAL1_SMALL\",\n image=\"aws/codebuild/standard:1.0\",\n type=\"LINUX_CONTAINER\",\n image_pull_credentials_type=\"CODEBUILD\",\n environment_variables=[aws.codebuild.ProjectEnvironmentEnvironmentVariableArgs(\n name=\"SOME_KEY1\",\n value=\"SOME_VALUE1\",\n )],\n ),\n source=aws.codebuild.ProjectSourceArgs(\n type=\"GITHUB\",\n location=\"https://github.com/mitchellh/packer.git\",\n git_clone_depth=1,\n ),\n tags={\n \"Environment\": \"Test\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"codebuild.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"exampleRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = exampleRole.Name,\n Policy = Output.Tuple(exampleBucket.Arn, exampleBucket.Arn).Apply(values =>\n {\n var exampleBucketArn = values.Item1;\n var exampleBucketArn1 = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"*\"\"\n ],\n \"\"Action\"\": [\n \"\"logs:CreateLogGroup\"\",\n \"\"logs:CreateLogStream\"\",\n \"\"logs:PutLogEvents\"\"\n ]\n }},\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:CreateNetworkInterface\"\",\n \"\"ec2:DescribeDhcpOptions\"\",\n \"\"ec2:DescribeNetworkInterfaces\"\",\n \"\"ec2:DeleteNetworkInterface\"\",\n \"\"ec2:DescribeSubnets\"\",\n \"\"ec2:DescribeSecurityGroups\"\",\n \"\"ec2:DescribeVpcs\"\"\n ],\n \"\"Resource\"\": \"\"*\"\"\n }},\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:CreateNetworkInterfacePermission\"\"\n ],\n \"\"Resource\"\": [\n \"\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\"\"\n ],\n \"\"Condition\"\": {{\n \"\"StringEquals\"\": {{\n \"\"ec2:Subnet\"\": [\n \"\"{aws_subnet.Example1.Arn}\"\",\n \"\"{aws_subnet.Example2.Arn}\"\"\n ],\n \"\"ec2:AuthorizedService\"\": \"\"codebuild.amazonaws.com\"\"\n }}\n }}\n }},\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"s3:*\"\"\n ],\n \"\"Resource\"\": [\n \"\"{exampleBucketArn}\"\",\n \"\"{exampleBucketArn1}/*\"\"\n ]\n }}\n ]\n}}\n\";\n }),\n });\n var exampleProject = new Aws.CodeBuild.Project(\"exampleProject\", new Aws.CodeBuild.ProjectArgs\n {\n Description = \"test_codebuild_project\",\n BuildTimeout = 5,\n ServiceRole = exampleRole.Arn,\n Artifacts = new Aws.CodeBuild.Inputs.ProjectArtifactsArgs\n {\n Type = \"NO_ARTIFACTS\",\n },\n Cache = new Aws.CodeBuild.Inputs.ProjectCacheArgs\n {\n Type = \"S3\",\n Location = exampleBucket.BucketName,\n },\n Environment = new Aws.CodeBuild.Inputs.ProjectEnvironmentArgs\n {\n ComputeType = \"BUILD_GENERAL1_SMALL\",\n Image = \"aws/codebuild/standard:1.0\",\n Type = \"LINUX_CONTAINER\",\n ImagePullCredentialsType = \"CODEBUILD\",\n EnvironmentVariables = \n {\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY1\",\n Value = \"SOME_VALUE1\",\n },\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY2\",\n Value = \"SOME_VALUE2\",\n Type = \"PARAMETER_STORE\",\n },\n },\n },\n LogsConfig = new Aws.CodeBuild.Inputs.ProjectLogsConfigArgs\n {\n CloudwatchLogs = new Aws.CodeBuild.Inputs.ProjectLogsConfigCloudwatchLogsArgs\n {\n GroupName = \"log-group\",\n StreamName = \"log-stream\",\n },\n S3Logs = new Aws.CodeBuild.Inputs.ProjectLogsConfigS3LogsArgs\n {\n Status = \"ENABLED\",\n Location = exampleBucket.Id.Apply(id => $\"{id}/build-log\"),\n },\n },\n Source = new Aws.CodeBuild.Inputs.ProjectSourceArgs\n {\n Type = \"GITHUB\",\n Location = \"https://github.com/mitchellh/packer.git\",\n GitCloneDepth = 1,\n GitSubmodulesConfig = new Aws.CodeBuild.Inputs.ProjectSourceGitSubmodulesConfigArgs\n {\n FetchSubmodules = true,\n },\n },\n SourceVersion = \"master\",\n VpcConfig = new Aws.CodeBuild.Inputs.ProjectVpcConfigArgs\n {\n VpcId = aws_vpc.Example.Id,\n Subnets = \n {\n aws_subnet.Example1.Id,\n aws_subnet.Example2.Id,\n },\n SecurityGroupIds = \n {\n aws_security_group.Example1.Id,\n aws_security_group.Example2.Id,\n },\n },\n Tags = \n {\n { \"Environment\", \"Test\" },\n },\n });\n var project_with_cache = new Aws.CodeBuild.Project(\"project-with-cache\", new Aws.CodeBuild.ProjectArgs\n {\n Description = \"test_codebuild_project_cache\",\n BuildTimeout = 5,\n QueuedTimeout = 5,\n ServiceRole = exampleRole.Arn,\n Artifacts = new Aws.CodeBuild.Inputs.ProjectArtifactsArgs\n {\n Type = \"NO_ARTIFACTS\",\n },\n Cache = new Aws.CodeBuild.Inputs.ProjectCacheArgs\n {\n Type = \"LOCAL\",\n Modes = \n {\n \"LOCAL_DOCKER_LAYER_CACHE\",\n \"LOCAL_SOURCE_CACHE\",\n },\n },\n Environment = new Aws.CodeBuild.Inputs.ProjectEnvironmentArgs\n {\n ComputeType = \"BUILD_GENERAL1_SMALL\",\n Image = \"aws/codebuild/standard:1.0\",\n Type = \"LINUX_CONTAINER\",\n ImagePullCredentialsType = \"CODEBUILD\",\n EnvironmentVariables = \n {\n new Aws.CodeBuild.Inputs.ProjectEnvironmentEnvironmentVariableArgs\n {\n Name = \"SOME_KEY1\",\n Value = \"SOME_VALUE1\",\n },\n },\n },\n Source = new Aws.CodeBuild.Inputs.ProjectSourceArgs\n {\n Type = \"GITHUB\",\n Location = \"https://github.com/mitchellh/packer.git\",\n GitCloneDepth = 1,\n },\n Tags = \n {\n { \"Environment\", \"Test\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"codebuild.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"exampleRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: exampleRole.Name,\n\t\t\tPolicy: pulumi.All(exampleBucket.Arn, exampleBucket.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\texampleBucketArn := _args[0].(string)\n\t\t\t\texampleBucketArn1 := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"*\\\"\\n\", \" ],\\n\", \" \\\"Action\\\": [\\n\", \" \\\"logs:CreateLogGroup\\\",\\n\", \" \\\"logs:CreateLogStream\\\",\\n\", \" \\\"logs:PutLogEvents\\\"\\n\", \" ]\\n\", \" },\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:CreateNetworkInterface\\\",\\n\", \" \\\"ec2:DescribeDhcpOptions\\\",\\n\", \" \\\"ec2:DescribeNetworkInterfaces\\\",\\n\", \" \\\"ec2:DeleteNetworkInterface\\\",\\n\", \" \\\"ec2:DescribeSubnets\\\",\\n\", \" \\\"ec2:DescribeSecurityGroups\\\",\\n\", \" \\\"ec2:DescribeVpcs\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" },\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:CreateNetworkInterfacePermission\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"arn:aws:ec2:us-east-1:123456789012:network-interface/*\\\"\\n\", \" ],\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"StringEquals\\\": {\\n\", \" \\\"ec2:Subnet\\\": [\\n\", \" \\\"\", aws_subnet.Example1.Arn, \"\\\",\\n\", \" \\\"\", aws_subnet.Example2.Arn, \"\\\"\\n\", \" ],\\n\", \" \\\"ec2:AuthorizedService\\\": \\\"codebuild.amazonaws.com\\\"\\n\", \" }\\n\", \" }\\n\", \" },\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:*\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"\", exampleBucketArn, \"\\\",\\n\", \" \\\"\", exampleBucketArn1, \"/*\\\"\\n\", \" ]\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codebuild.NewProject(ctx, \"exampleProject\", &codebuild.ProjectArgs{\n\t\t\tDescription: pulumi.String(\"test_codebuild_project\"),\n\t\t\tBuildTimeout: pulumi.Int(5),\n\t\t\tServiceRole: exampleRole.Arn,\n\t\t\tArtifacts: &codebuild.ProjectArtifactsArgs{\n\t\t\t\tType: pulumi.String(\"NO_ARTIFACTS\"),\n\t\t\t},\n\t\t\tCache: &codebuild.ProjectCacheArgs{\n\t\t\t\tType: pulumi.String(\"S3\"),\n\t\t\t\tLocation: exampleBucket.Bucket,\n\t\t\t},\n\t\t\tEnvironment: &codebuild.ProjectEnvironmentArgs{\n\t\t\t\tComputeType: pulumi.String(\"BUILD_GENERAL1_SMALL\"),\n\t\t\t\tImage: pulumi.String(\"aws/codebuild/standard:1.0\"),\n\t\t\t\tType: pulumi.String(\"LINUX_CONTAINER\"),\n\t\t\t\tImagePullCredentialsType: pulumi.String(\"CODEBUILD\"),\n\t\t\t\tEnvironmentVariables: codebuild.ProjectEnvironmentEnvironmentVariableArray{\n\t\t\t\t\t&codebuild.ProjectEnvironmentEnvironmentVariableArgs{\n\t\t\t\t\t\tName: pulumi.String(\"SOME_KEY1\"),\n\t\t\t\t\t\tValue: pulumi.String(\"SOME_VALUE1\"),\n\t\t\t\t\t},\n\t\t\t\t\t&codebuild.ProjectEnvironmentEnvironmentVariableArgs{\n\t\t\t\t\t\tName: pulumi.String(\"SOME_KEY2\"),\n\t\t\t\t\t\tValue: pulumi.String(\"SOME_VALUE2\"),\n\t\t\t\t\t\tType: pulumi.String(\"PARAMETER_STORE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLogsConfig: &codebuild.ProjectLogsConfigArgs{\n\t\t\t\tCloudwatchLogs: &codebuild.ProjectLogsConfigCloudwatchLogsArgs{\n\t\t\t\t\tGroupName: pulumi.String(\"log-group\"),\n\t\t\t\t\tStreamName: pulumi.String(\"log-stream\"),\n\t\t\t\t},\n\t\t\t\tS3Logs: &codebuild.ProjectLogsConfigS3LogsArgs{\n\t\t\t\t\tStatus: pulumi.String(\"ENABLED\"),\n\t\t\t\t\tLocation: exampleBucket.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\t\t\treturn fmt.Sprintf(\"%v%v\", id, \"/build-log\"), nil\n\t\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSource: &codebuild.ProjectSourceArgs{\n\t\t\t\tType: pulumi.String(\"GITHUB\"),\n\t\t\t\tLocation: pulumi.String(\"https://github.com/mitchellh/packer.git\"),\n\t\t\t\tGitCloneDepth: pulumi.Int(1),\n\t\t\t\tGitSubmodulesConfig: &codebuild.ProjectSourceGitSubmodulesConfigArgs{\n\t\t\t\t\tFetchSubmodules: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSourceVersion: pulumi.String(\"master\"),\n\t\t\tVpcConfig: &codebuild.ProjectVpcConfigArgs{\n\t\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\t\tpulumi.Any(aws_subnet.Example2.Id),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_security_group.Example1.Id),\n\t\t\t\t\tpulumi.Any(aws_security_group.Example2.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"Test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codebuild.NewProject(ctx, \"project_with_cache\", &codebuild.ProjectArgs{\n\t\t\tDescription: pulumi.String(\"test_codebuild_project_cache\"),\n\t\t\tBuildTimeout: pulumi.Int(5),\n\t\t\tQueuedTimeout: pulumi.Int(5),\n\t\t\tServiceRole: exampleRole.Arn,\n\t\t\tArtifacts: &codebuild.ProjectArtifactsArgs{\n\t\t\t\tType: pulumi.String(\"NO_ARTIFACTS\"),\n\t\t\t},\n\t\t\tCache: &codebuild.ProjectCacheArgs{\n\t\t\t\tType: pulumi.String(\"LOCAL\"),\n\t\t\t\tModes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"LOCAL_DOCKER_LAYER_CACHE\"),\n\t\t\t\t\tpulumi.String(\"LOCAL_SOURCE_CACHE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnvironment: &codebuild.ProjectEnvironmentArgs{\n\t\t\t\tComputeType: pulumi.String(\"BUILD_GENERAL1_SMALL\"),\n\t\t\t\tImage: pulumi.String(\"aws/codebuild/standard:1.0\"),\n\t\t\t\tType: pulumi.String(\"LINUX_CONTAINER\"),\n\t\t\t\tImagePullCredentialsType: pulumi.String(\"CODEBUILD\"),\n\t\t\t\tEnvironmentVariables: codebuild.ProjectEnvironmentEnvironmentVariableArray{\n\t\t\t\t\t&codebuild.ProjectEnvironmentEnvironmentVariableArgs{\n\t\t\t\t\t\tName: pulumi.String(\"SOME_KEY1\"),\n\t\t\t\t\t\tValue: pulumi.String(\"SOME_VALUE1\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSource: &codebuild.ProjectSourceArgs{\n\t\t\t\tType: pulumi.String(\"GITHUB\"),\n\t\t\t\tLocation: pulumi.String(\"https://github.com/mitchellh/packer.git\"),\n\t\t\t\tGitCloneDepth: pulumi.Int(1),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"Test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeBuild Project can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:codebuild/project:Project name project-name\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the CodeBuild project.\n" + }, + "artifacts": { + "$ref": "#/types/aws:codebuild/ProjectArtifacts:ProjectArtifacts", + "description": "Configuration block. Detailed below.\n" + }, + "badgeEnabled": { + "type": "boolean", + "description": "Generates a publicly-accessible URL for the projects build badge. Available as `badge_url` attribute when enabled.\n" + }, + "badgeUrl": { + "type": "string", + "description": "URL of the build badge when `badge_enabled` is enabled.\n" + }, + "buildBatchConfig": { + "$ref": "#/types/aws:codebuild/ProjectBuildBatchConfig:ProjectBuildBatchConfig", + "description": "Defines the batch build options for the project.\n" + }, + "buildTimeout": { + "type": "integer", + "description": "Number of minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.\n" + }, + "cache": { + "$ref": "#/types/aws:codebuild/ProjectCache:ProjectCache", + "description": "Configuration block. Detailed below.\n" + }, + "concurrentBuildLimit": { + "type": "integer", + "description": "Specify a maximum number of concurrent builds for the project. The value specified must be greater than 0 and less than the account concurrent running builds limit.\n" + }, + "description": { + "type": "string", + "description": "Short description of the project.\n" + }, + "encryptionKey": { + "type": "string", + "description": "AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project's build output artifacts.\n" + }, + "environment": { + "$ref": "#/types/aws:codebuild/ProjectEnvironment:ProjectEnvironment", + "description": "Configuration block. Detailed below.\n" + }, + "fileSystemLocations": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/ProjectFileSystemLocation:ProjectFileSystemLocation" + }, + "description": "A set of file system locations to to mount inside the build. File system locations are documented below.\n" + }, + "logsConfig": { + "$ref": "#/types/aws:codebuild/ProjectLogsConfig:ProjectLogsConfig", + "description": "Configuration block. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the project. If `type` is set to `S3`, this is the name of the output artifact object\n" + }, + "queuedTimeout": { + "type": "integer", + "description": "Number of minutes, from 5 to 480 (8 hours), a build is allowed to be queued before it times out. The default is 8 hours.\n" + }, + "secondaryArtifacts": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/ProjectSecondaryArtifact:ProjectSecondaryArtifact" + }, + "description": "Configuration block. Detailed below.\n" + }, + "secondarySources": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/ProjectSecondarySource:ProjectSecondarySource" + }, + "description": "Configuration block. Detailed below.\n" + }, + "serviceRole": { + "type": "string", + "description": "Specifies the service role ARN for the batch build project.\n" + }, + "source": { + "$ref": "#/types/aws:codebuild/ProjectSource:ProjectSource", + "description": "Configuration block. Detailed below.\n" + }, + "sourceVersion": { + "type": "string", + "description": "Version of the build input to be built for this project. If not specified, the latest version is used.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:codebuild/ProjectVpcConfig:ProjectVpcConfig", + "description": "Configuration block. Detailed below.\n" + } + }, + "required": [ + "arn", + "artifacts", + "badgeUrl", + "description", + "encryptionKey", + "environment", + "name", + "serviceRole", + "source", + "tagsAll" + ], + "inputProperties": { + "artifacts": { + "$ref": "#/types/aws:codebuild/ProjectArtifacts:ProjectArtifacts", + "description": "Configuration block. Detailed below.\n" + }, + "badgeEnabled": { + "type": "boolean", + "description": "Generates a publicly-accessible URL for the projects build badge. Available as `badge_url` attribute when enabled.\n" + }, + "buildBatchConfig": { + "$ref": "#/types/aws:codebuild/ProjectBuildBatchConfig:ProjectBuildBatchConfig", + "description": "Defines the batch build options for the project.\n" + }, + "buildTimeout": { + "type": "integer", + "description": "Number of minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.\n" + }, + "cache": { + "$ref": "#/types/aws:codebuild/ProjectCache:ProjectCache", + "description": "Configuration block. Detailed below.\n" + }, + "concurrentBuildLimit": { + "type": "integer", + "description": "Specify a maximum number of concurrent builds for the project. The value specified must be greater than 0 and less than the account concurrent running builds limit.\n" + }, + "description": { + "type": "string", + "description": "Short description of the project.\n" + }, + "encryptionKey": { + "type": "string", + "description": "AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project's build output artifacts.\n" + }, + "environment": { + "$ref": "#/types/aws:codebuild/ProjectEnvironment:ProjectEnvironment", + "description": "Configuration block. Detailed below.\n" + }, + "fileSystemLocations": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/ProjectFileSystemLocation:ProjectFileSystemLocation" + }, + "description": "A set of file system locations to to mount inside the build. File system locations are documented below.\n" + }, + "logsConfig": { + "$ref": "#/types/aws:codebuild/ProjectLogsConfig:ProjectLogsConfig", + "description": "Configuration block. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the project. If `type` is set to `S3`, this is the name of the output artifact object\n" + }, + "queuedTimeout": { + "type": "integer", + "description": "Number of minutes, from 5 to 480 (8 hours), a build is allowed to be queued before it times out. The default is 8 hours.\n" + }, + "secondaryArtifacts": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/ProjectSecondaryArtifact:ProjectSecondaryArtifact" + }, + "description": "Configuration block. Detailed below.\n" + }, + "secondarySources": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/ProjectSecondarySource:ProjectSecondarySource" + }, + "description": "Configuration block. Detailed below.\n" + }, + "serviceRole": { + "type": "string", + "description": "Specifies the service role ARN for the batch build project.\n" + }, + "source": { + "$ref": "#/types/aws:codebuild/ProjectSource:ProjectSource", + "description": "Configuration block. Detailed below.\n" + }, + "sourceVersion": { + "type": "string", + "description": "Version of the build input to be built for this project. If not specified, the latest version is used.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:codebuild/ProjectVpcConfig:ProjectVpcConfig", + "description": "Configuration block. Detailed below.\n" + } + }, + "requiredInputs": [ + "artifacts", + "environment", + "serviceRole", + "source" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Project resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the CodeBuild project.\n" + }, + "artifacts": { + "$ref": "#/types/aws:codebuild/ProjectArtifacts:ProjectArtifacts", + "description": "Configuration block. Detailed below.\n" + }, + "badgeEnabled": { + "type": "boolean", + "description": "Generates a publicly-accessible URL for the projects build badge. Available as `badge_url` attribute when enabled.\n" + }, + "badgeUrl": { + "type": "string", + "description": "URL of the build badge when `badge_enabled` is enabled.\n" + }, + "buildBatchConfig": { + "$ref": "#/types/aws:codebuild/ProjectBuildBatchConfig:ProjectBuildBatchConfig", + "description": "Defines the batch build options for the project.\n" + }, + "buildTimeout": { + "type": "integer", + "description": "Number of minutes, from 5 to 480 (8 hours), for AWS CodeBuild to wait until timing out any related build that does not get marked as completed. The default is 60 minutes.\n" + }, + "cache": { + "$ref": "#/types/aws:codebuild/ProjectCache:ProjectCache", + "description": "Configuration block. Detailed below.\n" + }, + "concurrentBuildLimit": { + "type": "integer", + "description": "Specify a maximum number of concurrent builds for the project. The value specified must be greater than 0 and less than the account concurrent running builds limit.\n" + }, + "description": { + "type": "string", + "description": "Short description of the project.\n" + }, + "encryptionKey": { + "type": "string", + "description": "AWS Key Management Service (AWS KMS) customer master key (CMK) to be used for encrypting the build project's build output artifacts.\n" + }, + "environment": { + "$ref": "#/types/aws:codebuild/ProjectEnvironment:ProjectEnvironment", + "description": "Configuration block. Detailed below.\n" + }, + "fileSystemLocations": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/ProjectFileSystemLocation:ProjectFileSystemLocation" + }, + "description": "A set of file system locations to to mount inside the build. File system locations are documented below.\n" + }, + "logsConfig": { + "$ref": "#/types/aws:codebuild/ProjectLogsConfig:ProjectLogsConfig", + "description": "Configuration block. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the project. If `type` is set to `S3`, this is the name of the output artifact object\n" + }, + "queuedTimeout": { + "type": "integer", + "description": "Number of minutes, from 5 to 480 (8 hours), a build is allowed to be queued before it times out. The default is 8 hours.\n" + }, + "secondaryArtifacts": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/ProjectSecondaryArtifact:ProjectSecondaryArtifact" + }, + "description": "Configuration block. Detailed below.\n" + }, + "secondarySources": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/ProjectSecondarySource:ProjectSecondarySource" + }, + "description": "Configuration block. Detailed below.\n" + }, + "serviceRole": { + "type": "string", + "description": "Specifies the service role ARN for the batch build project.\n" + }, + "source": { + "$ref": "#/types/aws:codebuild/ProjectSource:ProjectSource", + "description": "Configuration block. Detailed below.\n" + }, + "sourceVersion": { + "type": "string", + "description": "Version of the build input to be built for this project. If not specified, the latest version is used.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:codebuild/ProjectVpcConfig:ProjectVpcConfig", + "description": "Configuration block. Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:codebuild/reportGroup:ReportGroup": { + "description": "Provides a CodeBuild Report Groups Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {\n description: \"my test kms key\",\n deletionWindowInDays: 7,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Id\": \"kms-tf-1\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n});\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {});\nconst exampleReportGroup = new aws.codebuild.ReportGroup(\"exampleReportGroup\", {\n type: \"TEST\",\n exportConfig: {\n type: \"S3\",\n s3Destination: {\n bucket: exampleBucket.id,\n encryptionDisabled: false,\n encryptionKey: exampleKey.arn,\n packaging: \"NONE\",\n path: \"/some\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_key = aws.kms.Key(\"exampleKey\",\n description=\"my test kms key\",\n deletion_window_in_days=7,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Id\": \"kms-tf-1\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\")\nexample_bucket = aws.s3.Bucket(\"exampleBucket\")\nexample_report_group = aws.codebuild.ReportGroup(\"exampleReportGroup\",\n type=\"TEST\",\n export_config=aws.codebuild.ReportGroupExportConfigArgs(\n type=\"S3\",\n s3_destination=aws.codebuild.ReportGroupExportConfigS3DestinationArgs(\n bucket=example_bucket.id,\n encryption_disabled=False,\n encryption_key=example_key.arn,\n packaging=\"NONE\",\n path=\"/some\",\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new Aws.Kms.KeyArgs\n {\n Description = \"my test kms key\",\n DeletionWindowInDays = 7,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Id\"\": \"\"kms-tf-1\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"Enable IAM User Permissions\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"AWS\"\": \"\"*\"\"\n },\n \"\"Action\"\": \"\"kms:*\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n });\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n });\n var exampleReportGroup = new Aws.CodeBuild.ReportGroup(\"exampleReportGroup\", new Aws.CodeBuild.ReportGroupArgs\n {\n Type = \"TEST\",\n ExportConfig = new Aws.CodeBuild.Inputs.ReportGroupExportConfigArgs\n {\n Type = \"S3\",\n S3Destination = new Aws.CodeBuild.Inputs.ReportGroupExportConfigS3DestinationArgs\n {\n Bucket = exampleBucket.Id,\n EncryptionDisabled = false,\n EncryptionKey = exampleKey.Arn,\n Packaging = \"NONE\",\n Path = \"/some\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"my test kms key\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tPolicy: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Id\\\": \\\"kms-tf-1\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"Enable IAM User Permissions\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": \\\"*\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"kms:*\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codebuild.NewReportGroup(ctx, \"exampleReportGroup\", &codebuild.ReportGroupArgs{\n\t\t\tType: pulumi.String(\"TEST\"),\n\t\t\tExportConfig: &codebuild.ReportGroupExportConfigArgs{\n\t\t\t\tType: pulumi.String(\"S3\"),\n\t\t\t\tS3Destination: &codebuild.ReportGroupExportConfigS3DestinationArgs{\n\t\t\t\t\tBucket: exampleBucket.ID(),\n\t\t\t\t\tEncryptionDisabled: pulumi.Bool(false),\n\t\t\t\t\tEncryptionKey: exampleKey.Arn,\n\t\t\t\t\tPackaging: pulumi.String(\"NONE\"),\n\t\t\t\t\tPath: pulumi.String(\"/some\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeBuild Report Group can be imported using the CodeBuild Report Group arn, e.g.\n\n```sh\n $ pulumi import aws:codebuild/reportGroup:ReportGroup example arn:aws:codebuild:us-west-2:123456789:report-group/report-group-name\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of Report Group.\n" + }, + "created": { + "type": "string", + "description": "The date and time this Report Group was created.\n" + }, + "deleteReports": { + "type": "boolean", + "description": "If `true`, deletes any reports that belong to a report group before deleting the report group. If `false`, you must delete any reports in the report group before deleting it. Default value is `false`.\n" + }, + "exportConfig": { + "$ref": "#/types/aws:codebuild/ReportGroupExportConfig:ReportGroupExportConfig", + "description": "Information about the destination where the raw data of this Report Group is exported. see Export Config documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of a Report Group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The export configuration type. Valid values are `S3` and `NO_EXPORT`.\n" + } + }, + "required": [ + "arn", + "created", + "exportConfig", + "name", + "tagsAll", + "type" + ], + "inputProperties": { + "deleteReports": { + "type": "boolean", + "description": "If `true`, deletes any reports that belong to a report group before deleting the report group. If `false`, you must delete any reports in the report group before deleting it. Default value is `false`.\n" + }, + "exportConfig": { + "$ref": "#/types/aws:codebuild/ReportGroupExportConfig:ReportGroupExportConfig", + "description": "Information about the destination where the raw data of this Report Group is exported. see Export Config documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of a Report Group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The export configuration type. Valid values are `S3` and `NO_EXPORT`.\n" + } + }, + "requiredInputs": [ + "exportConfig", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ReportGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of Report Group.\n" + }, + "created": { + "type": "string", + "description": "The date and time this Report Group was created.\n" + }, + "deleteReports": { + "type": "boolean", + "description": "If `true`, deletes any reports that belong to a report group before deleting the report group. If `false`, you must delete any reports in the report group before deleting it. Default value is `false`.\n" + }, + "exportConfig": { + "$ref": "#/types/aws:codebuild/ReportGroupExportConfig:ReportGroupExportConfig", + "description": "Information about the destination where the raw data of this Report Group is exported. see Export Config documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of a Report Group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The export configuration type. Valid values are `S3` and `NO_EXPORT`.\n" + } + }, + "type": "object" + } + }, + "aws:codebuild/sourceCredential:SourceCredential": { + "description": "Provides a CodeBuild Source Credentials Resource.\n\n> **NOTE:**\n[Codebuild only allows a single credential per given server type in a given region](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_codebuild.GitHubSourceCredentials.html). Therefore, when you define `aws.codebuild.SourceCredential`, `aws.codebuild.Project` resource defined in the same module will use it.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codebuild.SourceCredential(\"example\", {\n authType: \"PERSONAL_ACCESS_TOKEN\",\n serverType: \"GITHUB\",\n token: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codebuild.SourceCredential(\"example\",\n auth_type=\"PERSONAL_ACCESS_TOKEN\",\n server_type=\"GITHUB\",\n token=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CodeBuild.SourceCredential(\"example\", new Aws.CodeBuild.SourceCredentialArgs\n {\n AuthType = \"PERSONAL_ACCESS_TOKEN\",\n ServerType = \"GITHUB\",\n Token = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codebuild.NewSourceCredential(ctx, \"example\", &codebuild.SourceCredentialArgs{\n\t\t\tAuthType: pulumi.String(\"PERSONAL_ACCESS_TOKEN\"),\n\t\t\tServerType: pulumi.String(\"GITHUB\"),\n\t\t\tToken: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Bitbucket Server Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codebuild.SourceCredential(\"example\", {\n authType: \"BASIC_AUTH\",\n serverType: \"BITBUCKET\",\n token: \"example\",\n userName: \"test-user\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codebuild.SourceCredential(\"example\",\n auth_type=\"BASIC_AUTH\",\n server_type=\"BITBUCKET\",\n token=\"example\",\n user_name=\"test-user\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CodeBuild.SourceCredential(\"example\", new Aws.CodeBuild.SourceCredentialArgs\n {\n AuthType = \"BASIC_AUTH\",\n ServerType = \"BITBUCKET\",\n Token = \"example\",\n UserName = \"test-user\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codebuild.NewSourceCredential(ctx, \"example\", &codebuild.SourceCredentialArgs{\n\t\t\tAuthType: pulumi.String(\"BASIC_AUTH\"),\n\t\t\tServerType: pulumi.String(\"BITBUCKET\"),\n\t\t\tToken: pulumi.String(\"example\"),\n\t\t\tUserName: pulumi.String(\"test-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeBuild Source Credential can be imported using the CodeBuild Source Credential arn, e.g.\n\n```sh\n $ pulumi import aws:codebuild/sourceCredential:SourceCredential example arn:aws:codebuild:us-west-2:123456789:token:github\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of Source Credential.\n" + }, + "authType": { + "type": "string", + "description": "The type of authentication used to connect to a GitHub, GitHub Enterprise, or Bitbucket repository. An OAUTH connection is not supported by the API.\n" + }, + "serverType": { + "type": "string", + "description": "The source provider used for this project.\n" + }, + "token": { + "type": "string", + "description": "For `GitHub` or `GitHub Enterprise`, this is the personal access token. For `Bitbucket`, this is the app password.\n" + }, + "userName": { + "type": "string", + "description": "The Bitbucket username when the authType is `BASIC_AUTH`. This parameter is not valid for other types of source providers or connections.\n" + } + }, + "required": [ + "arn", + "authType", + "serverType", + "token" + ], + "inputProperties": { + "authType": { + "type": "string", + "description": "The type of authentication used to connect to a GitHub, GitHub Enterprise, or Bitbucket repository. An OAUTH connection is not supported by the API.\n" + }, + "serverType": { + "type": "string", + "description": "The source provider used for this project.\n" + }, + "token": { + "type": "string", + "description": "For `GitHub` or `GitHub Enterprise`, this is the personal access token. For `Bitbucket`, this is the app password.\n" + }, + "userName": { + "type": "string", + "description": "The Bitbucket username when the authType is `BASIC_AUTH`. This parameter is not valid for other types of source providers or connections.\n" + } + }, + "requiredInputs": [ + "authType", + "serverType", + "token" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SourceCredential resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of Source Credential.\n" + }, + "authType": { + "type": "string", + "description": "The type of authentication used to connect to a GitHub, GitHub Enterprise, or Bitbucket repository. An OAUTH connection is not supported by the API.\n" + }, + "serverType": { + "type": "string", + "description": "The source provider used for this project.\n" + }, + "token": { + "type": "string", + "description": "For `GitHub` or `GitHub Enterprise`, this is the personal access token. For `Bitbucket`, this is the app password.\n" + }, + "userName": { + "type": "string", + "description": "The Bitbucket username when the authType is `BASIC_AUTH`. This parameter is not valid for other types of source providers or connections.\n" + } + }, + "type": "object" + } + }, + "aws:codebuild/webhook:Webhook": { + "description": "Manages a CodeBuild webhook, which is an endpoint accepted by the CodeBuild service to trigger builds from source code repositories. Depending on the source type of the CodeBuild project, the CodeBuild service may also automatically create and delete the actual repository webhook as well.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Bitbucket and GitHub\n\nWhen working with [Bitbucket](https://bitbucket.org) and [GitHub](https://github.com) source CodeBuild webhooks, the CodeBuild service will automatically create (on `aws.codebuild.Webhook` resource creation) and delete (on `aws.codebuild.Webhook` resource deletion) the Bitbucket/GitHub repository webhook using its granted OAuth permissions. This behavior cannot be controlled by this provider.\n\n> **Note:** The AWS account that this provider uses to create this resource *must* have authorized CodeBuild to access Bitbucket/GitHub's OAuth API in each applicable region. This is a manual step that must be done *before* creating webhooks with this resource. If OAuth is not configured, AWS will return an error similar to `ResourceNotFoundException: Could not find access token for server type github`. More information can be found in the CodeBuild User Guide for [Bitbucket](https://docs.aws.amazon.com/codebuild/latest/userguide/sample-bitbucket-pull-request.html) and [GitHub](https://docs.aws.amazon.com/codebuild/latest/userguide/sample-github-pull-request.html).\n\n> **Note:** Further managing the automatically created Bitbucket/GitHub webhook with the `bitbucket_hook`/`github_repository_webhook` resource is only possible with importing that resource after creation of the `aws.codebuild.Webhook` resource. The CodeBuild API does not ever provide the `secret` attribute for the `aws.codebuild.Webhook` resource in this scenario.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codebuild.Webhook(\"example\", {\n projectName: aws_codebuild_project.example.name,\n filterGroups: [{\n filters: [\n {\n type: \"EVENT\",\n pattern: \"PUSH\",\n },\n {\n type: \"HEAD_REF\",\n pattern: \"master\",\n },\n ],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codebuild.Webhook(\"example\",\n project_name=aws_codebuild_project[\"example\"][\"name\"],\n filter_groups=[aws.codebuild.WebhookFilterGroupArgs(\n filters=[\n aws.codebuild.WebhookFilterGroupFilterArgs(\n type=\"EVENT\",\n pattern=\"PUSH\",\n ),\n aws.codebuild.WebhookFilterGroupFilterArgs(\n type=\"HEAD_REF\",\n pattern=\"master\",\n ),\n ],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CodeBuild.Webhook(\"example\", new Aws.CodeBuild.WebhookArgs\n {\n ProjectName = aws_codebuild_project.Example.Name,\n FilterGroups = \n {\n new Aws.CodeBuild.Inputs.WebhookFilterGroupArgs\n {\n Filters = \n {\n new Aws.CodeBuild.Inputs.WebhookFilterGroupFilterArgs\n {\n Type = \"EVENT\",\n Pattern = \"PUSH\",\n },\n new Aws.CodeBuild.Inputs.WebhookFilterGroupFilterArgs\n {\n Type = \"HEAD_REF\",\n Pattern = \"master\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codebuild.NewWebhook(ctx, \"example\", &codebuild.WebhookArgs{\n\t\t\tProjectName: pulumi.Any(aws_codebuild_project.Example.Name),\n\t\t\tFilterGroups: codebuild.WebhookFilterGroupArray{\n\t\t\t\t&codebuild.WebhookFilterGroupArgs{\n\t\t\t\t\tFilters: codebuild.WebhookFilterGroupFilterArray{\n\t\t\t\t\t\t&codebuild.WebhookFilterGroupFilterArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"EVENT\"),\n\t\t\t\t\t\t\tPattern: pulumi.String(\"PUSH\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&codebuild.WebhookFilterGroupFilterArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"HEAD_REF\"),\n\t\t\t\t\t\t\tPattern: pulumi.String(\"master\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### GitHub Enterprise\n\nWhen working with [GitHub Enterprise](https://enterprise.github.com/) source CodeBuild webhooks, the GHE repository webhook must be separately managed (e.g. manually or with the `github_repository_webhook` resource).\n\nMore information creating webhooks with GitHub Enterprise can be found in the [CodeBuild User Guide](https://docs.aws.amazon.com/codebuild/latest/userguide/sample-github-enterprise.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as github from \"@pulumi/github\";\n\nconst exampleWebhook = new aws.codebuild.Webhook(\"exampleWebhook\", {projectName: aws_codebuild_project.example.name});\nconst exampleRepositoryWebhook = new github.RepositoryWebhook(\"exampleRepositoryWebhook\", {\n active: true,\n events: [\"push\"],\n repository: github_repository.example.name,\n configuration: {\n url: exampleWebhook.payloadUrl,\n secret: exampleWebhook.secret,\n contentType: \"json\",\n insecureSsl: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_github as github\n\nexample_webhook = aws.codebuild.Webhook(\"exampleWebhook\", project_name=aws_codebuild_project[\"example\"][\"name\"])\nexample_repository_webhook = github.RepositoryWebhook(\"exampleRepositoryWebhook\",\n active=True,\n events=[\"push\"],\n repository=github_repository[\"example\"][\"name\"],\n configuration=github.RepositoryWebhookConfigurationArgs(\n url=example_webhook.payload_url,\n secret=example_webhook.secret,\n content_type=\"json\",\n insecure_ssl=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Github = Pulumi.Github;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleWebhook = new Aws.CodeBuild.Webhook(\"exampleWebhook\", new Aws.CodeBuild.WebhookArgs\n {\n ProjectName = aws_codebuild_project.Example.Name,\n });\n var exampleRepositoryWebhook = new Github.RepositoryWebhook(\"exampleRepositoryWebhook\", new Github.RepositoryWebhookArgs\n {\n Active = true,\n Events = \n {\n \"push\",\n },\n Repository = github_repository.Example.Name,\n Configuration = new Github.Inputs.RepositoryWebhookConfigurationArgs\n {\n Url = exampleWebhook.PayloadUrl,\n Secret = exampleWebhook.Secret,\n ContentType = \"json\",\n InsecureSsl = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codebuild\"\n\t\"github.com/pulumi/pulumi-github/sdk/v4/go/github\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleWebhook, err := codebuild.NewWebhook(ctx, \"exampleWebhook\", &codebuild.WebhookArgs{\n\t\t\tProjectName: pulumi.Any(aws_codebuild_project.Example.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = github.NewRepositoryWebhook(ctx, \"exampleRepositoryWebhook\", &github.RepositoryWebhookArgs{\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tEvents: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"push\"),\n\t\t\t},\n\t\t\tRepository: pulumi.Any(github_repository.Example.Name),\n\t\t\tConfiguration: &RepositoryWebhookConfigurationArgs{\n\t\t\t\tUrl: exampleWebhook.PayloadUrl,\n\t\t\t\tSecret: exampleWebhook.Secret,\n\t\t\t\tContentType: pulumi.String(\"json\"),\n\t\t\t\tInsecureSsl: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeBuild Webhooks can be imported using the CodeBuild Project name, e.g.\n\n```sh\n $ pulumi import aws:codebuild/webhook:Webhook example MyProjectName\n```\n\n ", + "properties": { + "branchFilter": { + "type": "string", + "description": "A regular expression used to determine which branches get built. Default is all branches are built. It is recommended to use `filter_group` over `branch_filter`.\n" + }, + "filterGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/WebhookFilterGroup:WebhookFilterGroup" + }, + "description": "Information about the webhook's trigger. Filter group blocks are documented below.\n" + }, + "payloadUrl": { + "type": "string", + "description": "The CodeBuild endpoint where webhook events are sent.\n" + }, + "projectName": { + "type": "string", + "description": "The name of the build project.\n" + }, + "secret": { + "type": "string", + "description": "The secret token of the associated repository. Not returned by the CodeBuild API for all source types.\n" + }, + "url": { + "type": "string", + "description": "The URL to the webhook.\n" + } + }, + "required": [ + "payloadUrl", + "projectName", + "secret", + "url" + ], + "inputProperties": { + "branchFilter": { + "type": "string", + "description": "A regular expression used to determine which branches get built. Default is all branches are built. It is recommended to use `filter_group` over `branch_filter`.\n" + }, + "filterGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/WebhookFilterGroup:WebhookFilterGroup" + }, + "description": "Information about the webhook's trigger. Filter group blocks are documented below.\n" + }, + "projectName": { + "type": "string", + "description": "The name of the build project.\n" + } + }, + "requiredInputs": [ + "projectName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Webhook resources.\n", + "properties": { + "branchFilter": { + "type": "string", + "description": "A regular expression used to determine which branches get built. Default is all branches are built. It is recommended to use `filter_group` over `branch_filter`.\n" + }, + "filterGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws:codebuild/WebhookFilterGroup:WebhookFilterGroup" + }, + "description": "Information about the webhook's trigger. Filter group blocks are documented below.\n" + }, + "payloadUrl": { + "type": "string", + "description": "The CodeBuild endpoint where webhook events are sent.\n" + }, + "projectName": { + "type": "string", + "description": "The name of the build project.\n" + }, + "secret": { + "type": "string", + "description": "The secret token of the associated repository. Not returned by the CodeBuild API for all source types.\n" + }, + "url": { + "type": "string", + "description": "The URL to the webhook.\n" + } + }, + "type": "object" + } + }, + "aws:codecommit/repository:Repository": { + "description": "Provides a CodeCommit Repository Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.codecommit.Repository(\"test\", {\n description: \"This is the Sample App Repository\",\n repositoryName: \"MyTestRepository\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.codecommit.Repository(\"test\",\n description=\"This is the Sample App Repository\",\n repository_name=\"MyTestRepository\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.CodeCommit.Repository(\"test\", new Aws.CodeCommit.RepositoryArgs\n {\n Description = \"This is the Sample App Repository\",\n RepositoryName = \"MyTestRepository\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codecommit\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codecommit.NewRepository(ctx, \"test\", &codecommit.RepositoryArgs{\n\t\t\tDescription: pulumi.String(\"This is the Sample App Repository\"),\n\t\t\tRepositoryName: pulumi.String(\"MyTestRepository\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodecommit repository can be imported using repository name, e.g.\n\n```sh\n $ pulumi import aws:codecommit/repository:Repository imported ExistingRepo\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the repository\n" + }, + "cloneUrlHttp": { + "type": "string", + "description": "The URL to use for cloning the repository over HTTPS.\n" + }, + "cloneUrlSsh": { + "type": "string", + "description": "The URL to use for cloning the repository over SSH.\n" + }, + "defaultBranch": { + "type": "string", + "description": "The default branch of the repository. The branch specified here needs to exist.\n" + }, + "description": { + "type": "string", + "description": "The description of the repository. This needs to be less than 1000 characters\n" + }, + "repositoryId": { + "type": "string", + "description": "The ID of the repository\n" + }, + "repositoryName": { + "type": "string", + "description": "The name for the repository. This needs to be less than 100 characters.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "cloneUrlHttp", + "cloneUrlSsh", + "repositoryId", + "repositoryName", + "tagsAll" + ], + "inputProperties": { + "defaultBranch": { + "type": "string", + "description": "The default branch of the repository. The branch specified here needs to exist.\n" + }, + "description": { + "type": "string", + "description": "The description of the repository. This needs to be less than 1000 characters\n" + }, + "repositoryName": { + "type": "string", + "description": "The name for the repository. This needs to be less than 100 characters.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "repositoryName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Repository resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the repository\n" + }, + "cloneUrlHttp": { + "type": "string", + "description": "The URL to use for cloning the repository over HTTPS.\n" + }, + "cloneUrlSsh": { + "type": "string", + "description": "The URL to use for cloning the repository over SSH.\n" + }, + "defaultBranch": { + "type": "string", + "description": "The default branch of the repository. The branch specified here needs to exist.\n" + }, + "description": { + "type": "string", + "description": "The description of the repository. This needs to be less than 1000 characters\n" + }, + "repositoryId": { + "type": "string", + "description": "The ID of the repository\n" + }, + "repositoryName": { + "type": "string", + "description": "The name for the repository. This needs to be less than 100 characters.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:codecommit/trigger:Trigger": { + "description": "Provides a CodeCommit Trigger Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testRepository = new aws.codecommit.Repository(\"testRepository\", {repositoryName: \"test\"});\nconst testTrigger = new aws.codecommit.Trigger(\"testTrigger\", {\n repositoryName: testRepository.repositoryName,\n triggers: [{\n name: \"all\",\n events: [\"all\"],\n destinationArn: aws_sns_topic.test.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_repository = aws.codecommit.Repository(\"testRepository\", repository_name=\"test\")\ntest_trigger = aws.codecommit.Trigger(\"testTrigger\",\n repository_name=test_repository.repository_name,\n triggers=[aws.codecommit.TriggerTriggerArgs(\n name=\"all\",\n events=[\"all\"],\n destination_arn=aws_sns_topic[\"test\"][\"arn\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testRepository = new Aws.CodeCommit.Repository(\"testRepository\", new Aws.CodeCommit.RepositoryArgs\n {\n RepositoryName = \"test\",\n });\n var testTrigger = new Aws.CodeCommit.Trigger(\"testTrigger\", new Aws.CodeCommit.TriggerArgs\n {\n RepositoryName = testRepository.RepositoryName,\n Triggers = \n {\n new Aws.CodeCommit.Inputs.TriggerTriggerArgs\n {\n Name = \"all\",\n Events = \n {\n \"all\",\n },\n DestinationArn = aws_sns_topic.Test.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codecommit\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestRepository, err := codecommit.NewRepository(ctx, \"testRepository\", &codecommit.RepositoryArgs{\n\t\t\tRepositoryName: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codecommit.NewTrigger(ctx, \"testTrigger\", &codecommit.TriggerArgs{\n\t\t\tRepositoryName: testRepository.RepositoryName,\n\t\t\tTriggers: codecommit.TriggerTriggerArray{\n\t\t\t\t&codecommit.TriggerTriggerArgs{\n\t\t\t\t\tName: pulumi.String(\"all\"),\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"all\"),\n\t\t\t\t\t},\n\t\t\t\t\tDestinationArn: pulumi.Any(aws_sns_topic.Test.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "configurationId": { + "type": "string", + "description": "System-generated unique identifier.\n" + }, + "repositoryName": { + "type": "string", + "description": "The name for the repository. This needs to be less than 100 characters.\n" + }, + "triggers": { + "type": "array", + "items": { + "$ref": "#/types/aws:codecommit/TriggerTrigger:TriggerTrigger" + } + } + }, + "required": [ + "configurationId", + "repositoryName", + "triggers" + ], + "inputProperties": { + "repositoryName": { + "type": "string", + "description": "The name for the repository. This needs to be less than 100 characters.\n" + }, + "triggers": { + "type": "array", + "items": { + "$ref": "#/types/aws:codecommit/TriggerTrigger:TriggerTrigger" + } + } + }, + "requiredInputs": [ + "repositoryName", + "triggers" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Trigger resources.\n", + "properties": { + "configurationId": { + "type": "string", + "description": "System-generated unique identifier.\n" + }, + "repositoryName": { + "type": "string", + "description": "The name for the repository. This needs to be less than 100 characters.\n" + }, + "triggers": { + "type": "array", + "items": { + "$ref": "#/types/aws:codecommit/TriggerTrigger:TriggerTrigger" + } + } + }, + "type": "object" + } + }, + "aws:codedeploy/application:Application": { + "description": "Provides a CodeDeploy application to be used as a basis for deployments\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### ECS Application\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codedeploy.Application(\"example\", {\n computePlatform: \"ECS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codedeploy.Application(\"example\", compute_platform=\"ECS\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CodeDeploy.Application(\"example\", new Aws.CodeDeploy.ApplicationArgs\n {\n ComputePlatform = \"ECS\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codedeploy.NewApplication(ctx, \"example\", &codedeploy.ApplicationArgs{\n\t\t\tComputePlatform: pulumi.String(\"ECS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Application\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codedeploy.Application(\"example\", {\n computePlatform: \"Lambda\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codedeploy.Application(\"example\", compute_platform=\"Lambda\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CodeDeploy.Application(\"example\", new Aws.CodeDeploy.ApplicationArgs\n {\n ComputePlatform = \"Lambda\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codedeploy.NewApplication(ctx, \"example\", &codedeploy.ApplicationArgs{\n\t\t\tComputePlatform: pulumi.String(\"Lambda\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Server Application\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codedeploy.Application(\"example\", {\n computePlatform: \"Server\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codedeploy.Application(\"example\", compute_platform=\"Server\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CodeDeploy.Application(\"example\", new Aws.CodeDeploy.ApplicationArgs\n {\n ComputePlatform = \"Server\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codedeploy.NewApplication(ctx, \"example\", &codedeploy.ApplicationArgs{\n\t\t\tComputePlatform: pulumi.String(\"Server\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeDeploy Applications can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:codedeploy/application:Application example my-application\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the CodeDeploy application.\n" + }, + "computePlatform": { + "type": "string", + "description": "The compute platform can either be `ECS`, `Lambda`, or `Server`. Default is `Server`.\n" + }, + "githubAccountName": { + "type": "string", + "description": "The name for a connection to a GitHub account.\n" + }, + "linkedToGithub": { + "type": "boolean", + "description": "Whether the user has authenticated with GitHub for the specified application.\n" + }, + "name": { + "type": "string", + "description": "The name of the application.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "applicationId", + "arn", + "githubAccountName", + "linkedToGithub", + "name", + "tagsAll" + ], + "inputProperties": { + "computePlatform": { + "type": "string", + "description": "The compute platform can either be `ECS`, `Lambda`, or `Server`. Default is `Server`.\n" + }, + "name": { + "type": "string", + "description": "The name of the application.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Application resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the CodeDeploy application.\n" + }, + "computePlatform": { + "type": "string", + "description": "The compute platform can either be `ECS`, `Lambda`, or `Server`. Default is `Server`.\n" + }, + "githubAccountName": { + "type": "string", + "description": "The name for a connection to a GitHub account.\n" + }, + "linkedToGithub": { + "type": "boolean", + "description": "Whether the user has authenticated with GitHub for the specified application.\n" + }, + "name": { + "type": "string", + "description": "The name of the application.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:codedeploy/deploymentConfig:DeploymentConfig": { + "description": "Provides a CodeDeploy deployment config for an application\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Server Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooDeploymentConfig = new aws.codedeploy.DeploymentConfig(\"fooDeploymentConfig\", {\n deploymentConfigName: \"test-deployment-config\",\n minimumHealthyHosts: {\n type: \"HOST_COUNT\",\n value: 2,\n },\n});\nconst fooDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"fooDeploymentGroup\", {\n appName: aws_codedeploy_app.foo_app.name,\n deploymentGroupName: \"bar\",\n serviceRoleArn: aws_iam_role.foo_role.arn,\n deploymentConfigName: fooDeploymentConfig.id,\n ec2TagFilters: [{\n key: \"filterkey\",\n type: \"KEY_AND_VALUE\",\n value: \"filtervalue\",\n }],\n triggerConfigurations: [{\n triggerEvents: [\"DeploymentFailure\"],\n triggerName: \"foo-trigger\",\n triggerTargetArn: \"foo-topic-arn\",\n }],\n autoRollbackConfiguration: {\n enabled: true,\n events: [\"DEPLOYMENT_FAILURE\"],\n },\n alarmConfiguration: {\n alarms: [\"my-alarm-name\"],\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_deployment_config = aws.codedeploy.DeploymentConfig(\"fooDeploymentConfig\",\n deployment_config_name=\"test-deployment-config\",\n minimum_healthy_hosts=aws.codedeploy.DeploymentConfigMinimumHealthyHostsArgs(\n type=\"HOST_COUNT\",\n value=2,\n ))\nfoo_deployment_group = aws.codedeploy.DeploymentGroup(\"fooDeploymentGroup\",\n app_name=aws_codedeploy_app[\"foo_app\"][\"name\"],\n deployment_group_name=\"bar\",\n service_role_arn=aws_iam_role[\"foo_role\"][\"arn\"],\n deployment_config_name=foo_deployment_config.id,\n ec2_tag_filters=[aws.codedeploy.DeploymentGroupEc2TagFilterArgs(\n key=\"filterkey\",\n type=\"KEY_AND_VALUE\",\n value=\"filtervalue\",\n )],\n trigger_configurations=[aws.codedeploy.DeploymentGroupTriggerConfigurationArgs(\n trigger_events=[\"DeploymentFailure\"],\n trigger_name=\"foo-trigger\",\n trigger_target_arn=\"foo-topic-arn\",\n )],\n auto_rollback_configuration=aws.codedeploy.DeploymentGroupAutoRollbackConfigurationArgs(\n enabled=True,\n events=[\"DEPLOYMENT_FAILURE\"],\n ),\n alarm_configuration=aws.codedeploy.DeploymentGroupAlarmConfigurationArgs(\n alarms=[\"my-alarm-name\"],\n enabled=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooDeploymentConfig = new Aws.CodeDeploy.DeploymentConfig(\"fooDeploymentConfig\", new Aws.CodeDeploy.DeploymentConfigArgs\n {\n DeploymentConfigName = \"test-deployment-config\",\n MinimumHealthyHosts = new Aws.CodeDeploy.Inputs.DeploymentConfigMinimumHealthyHostsArgs\n {\n Type = \"HOST_COUNT\",\n Value = 2,\n },\n });\n var fooDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"fooDeploymentGroup\", new Aws.CodeDeploy.DeploymentGroupArgs\n {\n AppName = aws_codedeploy_app.Foo_app.Name,\n DeploymentGroupName = \"bar\",\n ServiceRoleArn = aws_iam_role.Foo_role.Arn,\n DeploymentConfigName = fooDeploymentConfig.Id,\n Ec2TagFilters = \n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagFilterArgs\n {\n Key = \"filterkey\",\n Type = \"KEY_AND_VALUE\",\n Value = \"filtervalue\",\n },\n },\n TriggerConfigurations = \n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupTriggerConfigurationArgs\n {\n TriggerEvents = \n {\n \"DeploymentFailure\",\n },\n TriggerName = \"foo-trigger\",\n TriggerTargetArn = \"foo-topic-arn\",\n },\n },\n AutoRollbackConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAutoRollbackConfigurationArgs\n {\n Enabled = true,\n Events = \n {\n \"DEPLOYMENT_FAILURE\",\n },\n },\n AlarmConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAlarmConfigurationArgs\n {\n Alarms = \n {\n \"my-alarm-name\",\n },\n Enabled = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooDeploymentConfig, err := codedeploy.NewDeploymentConfig(ctx, \"fooDeploymentConfig\", &codedeploy.DeploymentConfigArgs{\n\t\t\tDeploymentConfigName: pulumi.String(\"test-deployment-config\"),\n\t\t\tMinimumHealthyHosts: &codedeploy.DeploymentConfigMinimumHealthyHostsArgs{\n\t\t\t\tType: pulumi.String(\"HOST_COUNT\"),\n\t\t\t\tValue: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"fooDeploymentGroup\", &codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: pulumi.Any(aws_codedeploy_app.Foo_app.Name),\n\t\t\tDeploymentGroupName: pulumi.String(\"bar\"),\n\t\t\tServiceRoleArn: pulumi.Any(aws_iam_role.Foo_role.Arn),\n\t\t\tDeploymentConfigName: fooDeploymentConfig.ID(),\n\t\t\tEc2TagFilters: codedeploy.DeploymentGroupEc2TagFilterArray{\n\t\t\t\t&codedeploy.DeploymentGroupEc2TagFilterArgs{\n\t\t\t\t\tKey: pulumi.String(\"filterkey\"),\n\t\t\t\t\tType: pulumi.String(\"KEY_AND_VALUE\"),\n\t\t\t\t\tValue: pulumi.String(\"filtervalue\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTriggerConfigurations: codedeploy.DeploymentGroupTriggerConfigurationArray{\n\t\t\t\t&codedeploy.DeploymentGroupTriggerConfigurationArgs{\n\t\t\t\t\tTriggerEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"DeploymentFailure\"),\n\t\t\t\t\t},\n\t\t\t\t\tTriggerName: pulumi.String(\"foo-trigger\"),\n\t\t\t\t\tTriggerTargetArn: pulumi.String(\"foo-topic-arn\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAutoRollbackConfiguration: &codedeploy.DeploymentGroupAutoRollbackConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"DEPLOYMENT_FAILURE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAlarmConfiguration: &codedeploy.DeploymentGroupAlarmConfigurationArgs{\n\t\t\t\tAlarms: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"my-alarm-name\"),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooDeploymentConfig = new aws.codedeploy.DeploymentConfig(\"fooDeploymentConfig\", {\n deploymentConfigName: \"test-deployment-config\",\n computePlatform: \"Lambda\",\n trafficRoutingConfig: {\n type: \"TimeBasedLinear\",\n timeBasedLinear: {\n interval: 10,\n percentage: 10,\n },\n },\n});\nconst fooDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"fooDeploymentGroup\", {\n appName: aws_codedeploy_app.foo_app.name,\n deploymentGroupName: \"bar\",\n serviceRoleArn: aws_iam_role.foo_role.arn,\n deploymentConfigName: fooDeploymentConfig.id,\n autoRollbackConfiguration: {\n enabled: true,\n events: [\"DEPLOYMENT_STOP_ON_ALARM\"],\n },\n alarmConfiguration: {\n alarms: [\"my-alarm-name\"],\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_deployment_config = aws.codedeploy.DeploymentConfig(\"fooDeploymentConfig\",\n deployment_config_name=\"test-deployment-config\",\n compute_platform=\"Lambda\",\n traffic_routing_config=aws.codedeploy.DeploymentConfigTrafficRoutingConfigArgs(\n type=\"TimeBasedLinear\",\n time_based_linear=aws.codedeploy.DeploymentConfigTrafficRoutingConfigTimeBasedLinearArgs(\n interval=10,\n percentage=10,\n ),\n ))\nfoo_deployment_group = aws.codedeploy.DeploymentGroup(\"fooDeploymentGroup\",\n app_name=aws_codedeploy_app[\"foo_app\"][\"name\"],\n deployment_group_name=\"bar\",\n service_role_arn=aws_iam_role[\"foo_role\"][\"arn\"],\n deployment_config_name=foo_deployment_config.id,\n auto_rollback_configuration=aws.codedeploy.DeploymentGroupAutoRollbackConfigurationArgs(\n enabled=True,\n events=[\"DEPLOYMENT_STOP_ON_ALARM\"],\n ),\n alarm_configuration=aws.codedeploy.DeploymentGroupAlarmConfigurationArgs(\n alarms=[\"my-alarm-name\"],\n enabled=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooDeploymentConfig = new Aws.CodeDeploy.DeploymentConfig(\"fooDeploymentConfig\", new Aws.CodeDeploy.DeploymentConfigArgs\n {\n DeploymentConfigName = \"test-deployment-config\",\n ComputePlatform = \"Lambda\",\n TrafficRoutingConfig = new Aws.CodeDeploy.Inputs.DeploymentConfigTrafficRoutingConfigArgs\n {\n Type = \"TimeBasedLinear\",\n TimeBasedLinear = new Aws.CodeDeploy.Inputs.DeploymentConfigTrafficRoutingConfigTimeBasedLinearArgs\n {\n Interval = 10,\n Percentage = 10,\n },\n },\n });\n var fooDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"fooDeploymentGroup\", new Aws.CodeDeploy.DeploymentGroupArgs\n {\n AppName = aws_codedeploy_app.Foo_app.Name,\n DeploymentGroupName = \"bar\",\n ServiceRoleArn = aws_iam_role.Foo_role.Arn,\n DeploymentConfigName = fooDeploymentConfig.Id,\n AutoRollbackConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAutoRollbackConfigurationArgs\n {\n Enabled = true,\n Events = \n {\n \"DEPLOYMENT_STOP_ON_ALARM\",\n },\n },\n AlarmConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAlarmConfigurationArgs\n {\n Alarms = \n {\n \"my-alarm-name\",\n },\n Enabled = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooDeploymentConfig, err := codedeploy.NewDeploymentConfig(ctx, \"fooDeploymentConfig\", &codedeploy.DeploymentConfigArgs{\n\t\t\tDeploymentConfigName: pulumi.String(\"test-deployment-config\"),\n\t\t\tComputePlatform: pulumi.String(\"Lambda\"),\n\t\t\tTrafficRoutingConfig: &codedeploy.DeploymentConfigTrafficRoutingConfigArgs{\n\t\t\t\tType: pulumi.String(\"TimeBasedLinear\"),\n\t\t\t\tTimeBasedLinear: &codedeploy.DeploymentConfigTrafficRoutingConfigTimeBasedLinearArgs{\n\t\t\t\t\tInterval: pulumi.Int(10),\n\t\t\t\t\tPercentage: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"fooDeploymentGroup\", &codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: pulumi.Any(aws_codedeploy_app.Foo_app.Name),\n\t\t\tDeploymentGroupName: pulumi.String(\"bar\"),\n\t\t\tServiceRoleArn: pulumi.Any(aws_iam_role.Foo_role.Arn),\n\t\t\tDeploymentConfigName: fooDeploymentConfig.ID(),\n\t\t\tAutoRollbackConfiguration: &codedeploy.DeploymentGroupAutoRollbackConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"DEPLOYMENT_STOP_ON_ALARM\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAlarmConfiguration: &codedeploy.DeploymentGroupAlarmConfigurationArgs{\n\t\t\t\tAlarms: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"my-alarm-name\"),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeDeploy Deployment Configurations can be imported using the `deployment_config_name`, e.g.\n\n```sh\n $ pulumi import aws:codedeploy/deploymentConfig:DeploymentConfig example my-deployment-config\n```\n\n ", + "properties": { + "computePlatform": { + "type": "string", + "description": "The compute platform can be `Server`, `Lambda`, or `ECS`. Default is `Server`.\n" + }, + "deploymentConfigId": { + "type": "string", + "description": "The AWS Assigned deployment config id\n" + }, + "deploymentConfigName": { + "type": "string", + "description": "The name of the deployment config.\n" + }, + "minimumHealthyHosts": { + "$ref": "#/types/aws:codedeploy/DeploymentConfigMinimumHealthyHosts:DeploymentConfigMinimumHealthyHosts", + "description": "A minimum_healthy_hosts block. Required for `Server` compute platform. Minimum Healthy Hosts are documented below.\n" + }, + "trafficRoutingConfig": { + "$ref": "#/types/aws:codedeploy/DeploymentConfigTrafficRoutingConfig:DeploymentConfigTrafficRoutingConfig", + "description": "A traffic_routing_config block. Traffic Routing Config is documented below.\n" + } + }, + "required": [ + "deploymentConfigId", + "deploymentConfigName" + ], + "inputProperties": { + "computePlatform": { + "type": "string", + "description": "The compute platform can be `Server`, `Lambda`, or `ECS`. Default is `Server`.\n" + }, + "deploymentConfigName": { + "type": "string", + "description": "The name of the deployment config.\n" + }, + "minimumHealthyHosts": { + "$ref": "#/types/aws:codedeploy/DeploymentConfigMinimumHealthyHosts:DeploymentConfigMinimumHealthyHosts", + "description": "A minimum_healthy_hosts block. Required for `Server` compute platform. Minimum Healthy Hosts are documented below.\n" + }, + "trafficRoutingConfig": { + "$ref": "#/types/aws:codedeploy/DeploymentConfigTrafficRoutingConfig:DeploymentConfigTrafficRoutingConfig", + "description": "A traffic_routing_config block. Traffic Routing Config is documented below.\n" + } + }, + "requiredInputs": [ + "deploymentConfigName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DeploymentConfig resources.\n", + "properties": { + "computePlatform": { + "type": "string", + "description": "The compute platform can be `Server`, `Lambda`, or `ECS`. Default is `Server`.\n" + }, + "deploymentConfigId": { + "type": "string", + "description": "The AWS Assigned deployment config id\n" + }, + "deploymentConfigName": { + "type": "string", + "description": "The name of the deployment config.\n" + }, + "minimumHealthyHosts": { + "$ref": "#/types/aws:codedeploy/DeploymentConfigMinimumHealthyHosts:DeploymentConfigMinimumHealthyHosts", + "description": "A minimum_healthy_hosts block. Required for `Server` compute platform. Minimum Healthy Hosts are documented below.\n" + }, + "trafficRoutingConfig": { + "$ref": "#/types/aws:codedeploy/DeploymentConfigTrafficRoutingConfig:DeploymentConfigTrafficRoutingConfig", + "description": "A traffic_routing_config block. Traffic Routing Config is documented below.\n" + } + }, + "type": "object" + } + }, + "aws:codedeploy/deploymentGroup:DeploymentGroup": { + "description": "Provides a CodeDeploy Deployment Group for a CodeDeploy Application\n\n> **NOTE on blue/green deployments:** When using `green_fleet_provisioning_option` with the `COPY_AUTO_SCALING_GROUP` action, CodeDeploy will create a new ASG with a different name. This ASG is _not_ managed by this provider and will conflict with existing configuration and state. You may want to use a different approach to managing deployments that involve multiple ASG, such as `DISCOVER_EXISTING` with separate blue and green ASG.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"codedeploy.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst aWSCodeDeployRole = new aws.iam.RolePolicyAttachment(\"aWSCodeDeployRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\",\n role: exampleRole.name,\n});\nconst exampleApplication = new aws.codedeploy.Application(\"exampleApplication\", {});\nconst exampleTopic = new aws.sns.Topic(\"exampleTopic\", {});\nconst exampleDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"exampleDeploymentGroup\", {\n appName: exampleApplication.name,\n deploymentGroupName: \"example-group\",\n serviceRoleArn: exampleRole.arn,\n ec2TagSets: [{\n ec2TagFilters: [\n {\n key: \"filterkey1\",\n type: \"KEY_AND_VALUE\",\n value: \"filtervalue\",\n },\n {\n key: \"filterkey2\",\n type: \"KEY_AND_VALUE\",\n value: \"filtervalue\",\n },\n ],\n }],\n triggerConfigurations: [{\n triggerEvents: [\"DeploymentFailure\"],\n triggerName: \"example-trigger\",\n triggerTargetArn: exampleTopic.arn,\n }],\n autoRollbackConfiguration: {\n enabled: true,\n events: [\"DEPLOYMENT_FAILURE\"],\n },\n alarmConfiguration: {\n alarms: [\"my-alarm-name\"],\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"codedeploy.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\na_ws_code_deploy_role = aws.iam.RolePolicyAttachment(\"aWSCodeDeployRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\",\n role=example_role.name)\nexample_application = aws.codedeploy.Application(\"exampleApplication\")\nexample_topic = aws.sns.Topic(\"exampleTopic\")\nexample_deployment_group = aws.codedeploy.DeploymentGroup(\"exampleDeploymentGroup\",\n app_name=example_application.name,\n deployment_group_name=\"example-group\",\n service_role_arn=example_role.arn,\n ec2_tag_sets=[aws.codedeploy.DeploymentGroupEc2TagSetArgs(\n ec2_tag_filters=[\n aws.codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs(\n key=\"filterkey1\",\n type=\"KEY_AND_VALUE\",\n value=\"filtervalue\",\n ),\n aws.codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs(\n key=\"filterkey2\",\n type=\"KEY_AND_VALUE\",\n value=\"filtervalue\",\n ),\n ],\n )],\n trigger_configurations=[aws.codedeploy.DeploymentGroupTriggerConfigurationArgs(\n trigger_events=[\"DeploymentFailure\"],\n trigger_name=\"example-trigger\",\n trigger_target_arn=example_topic.arn,\n )],\n auto_rollback_configuration=aws.codedeploy.DeploymentGroupAutoRollbackConfigurationArgs(\n enabled=True,\n events=[\"DEPLOYMENT_FAILURE\"],\n ),\n alarm_configuration=aws.codedeploy.DeploymentGroupAlarmConfigurationArgs(\n alarms=[\"my-alarm-name\"],\n enabled=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"codedeploy.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var aWSCodeDeployRole = new Aws.Iam.RolePolicyAttachment(\"aWSCodeDeployRole\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\",\n Role = exampleRole.Name,\n });\n var exampleApplication = new Aws.CodeDeploy.Application(\"exampleApplication\", new Aws.CodeDeploy.ApplicationArgs\n {\n });\n var exampleTopic = new Aws.Sns.Topic(\"exampleTopic\", new Aws.Sns.TopicArgs\n {\n });\n var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"exampleDeploymentGroup\", new Aws.CodeDeploy.DeploymentGroupArgs\n {\n AppName = exampleApplication.Name,\n DeploymentGroupName = \"example-group\",\n ServiceRoleArn = exampleRole.Arn,\n Ec2TagSets = \n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetArgs\n {\n Ec2TagFilters = \n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetEc2TagFilterArgs\n {\n Key = \"filterkey1\",\n Type = \"KEY_AND_VALUE\",\n Value = \"filtervalue\",\n },\n new Aws.CodeDeploy.Inputs.DeploymentGroupEc2TagSetEc2TagFilterArgs\n {\n Key = \"filterkey2\",\n Type = \"KEY_AND_VALUE\",\n Value = \"filtervalue\",\n },\n },\n },\n },\n TriggerConfigurations = \n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupTriggerConfigurationArgs\n {\n TriggerEvents = \n {\n \"DeploymentFailure\",\n },\n TriggerName = \"example-trigger\",\n TriggerTargetArn = exampleTopic.Arn,\n },\n },\n AutoRollbackConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAutoRollbackConfigurationArgs\n {\n Enabled = true,\n Events = \n {\n \"DEPLOYMENT_FAILURE\",\n },\n },\n AlarmConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAlarmConfigurationArgs\n {\n Alarms = \n {\n \"my-alarm-name\",\n },\n Enabled = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"codedeploy.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"aWSCodeDeployRole\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSCodeDeployRole\"),\n\t\t\tRole: exampleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleApplication, err := codedeploy.NewApplication(ctx, \"exampleApplication\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTopic, err := sns.NewTopic(ctx, \"exampleTopic\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"exampleDeploymentGroup\", &codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: exampleApplication.Name,\n\t\t\tDeploymentGroupName: pulumi.String(\"example-group\"),\n\t\t\tServiceRoleArn: exampleRole.Arn,\n\t\t\tEc2TagSets: codedeploy.DeploymentGroupEc2TagSetArray{\n\t\t\t\t&codedeploy.DeploymentGroupEc2TagSetArgs{\n\t\t\t\t\tEc2TagFilters: codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArray{\n\t\t\t\t\t\t&codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"filterkey1\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"KEY_AND_VALUE\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"filtervalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&codedeploy.DeploymentGroupEc2TagSetEc2TagFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"filterkey2\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"KEY_AND_VALUE\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"filtervalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTriggerConfigurations: codedeploy.DeploymentGroupTriggerConfigurationArray{\n\t\t\t\t&codedeploy.DeploymentGroupTriggerConfigurationArgs{\n\t\t\t\t\tTriggerEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"DeploymentFailure\"),\n\t\t\t\t\t},\n\t\t\t\t\tTriggerName: pulumi.String(\"example-trigger\"),\n\t\t\t\t\tTriggerTargetArn: exampleTopic.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t\tAutoRollbackConfiguration: &codedeploy.DeploymentGroupAutoRollbackConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"DEPLOYMENT_FAILURE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAlarmConfiguration: &codedeploy.DeploymentGroupAlarmConfigurationArgs{\n\t\t\t\tAlarms: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"my-alarm-name\"),\n\t\t\t\t},\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Blue Green Deployments with ECS\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleApplication = new aws.codedeploy.Application(\"exampleApplication\", {computePlatform: \"ECS\"});\nconst exampleDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"exampleDeploymentGroup\", {\n appName: exampleApplication.name,\n deploymentConfigName: \"CodeDeployDefault.ECSAllAtOnce\",\n deploymentGroupName: \"example\",\n serviceRoleArn: aws_iam_role.example.arn,\n autoRollbackConfiguration: {\n enabled: true,\n events: [\"DEPLOYMENT_FAILURE\"],\n },\n blueGreenDeploymentConfig: {\n deploymentReadyOption: {\n actionOnTimeout: \"CONTINUE_DEPLOYMENT\",\n },\n terminateBlueInstancesOnDeploymentSuccess: {\n action: \"TERMINATE\",\n terminationWaitTimeInMinutes: 5,\n },\n },\n deploymentStyle: {\n deploymentOption: \"WITH_TRAFFIC_CONTROL\",\n deploymentType: \"BLUE_GREEN\",\n },\n ecsService: {\n clusterName: aws_ecs_cluster.example.name,\n serviceName: aws_ecs_service.example.name,\n },\n loadBalancerInfo: {\n targetGroupPairInfo: {\n prodTrafficRoute: {\n listenerArns: [aws_lb_listener.example.arn],\n },\n targetGroups: [\n {\n name: aws_lb_target_group.blue.name,\n },\n {\n name: aws_lb_target_group.green.name,\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_application = aws.codedeploy.Application(\"exampleApplication\", compute_platform=\"ECS\")\nexample_deployment_group = aws.codedeploy.DeploymentGroup(\"exampleDeploymentGroup\",\n app_name=example_application.name,\n deployment_config_name=\"CodeDeployDefault.ECSAllAtOnce\",\n deployment_group_name=\"example\",\n service_role_arn=aws_iam_role[\"example\"][\"arn\"],\n auto_rollback_configuration=aws.codedeploy.DeploymentGroupAutoRollbackConfigurationArgs(\n enabled=True,\n events=[\"DEPLOYMENT_FAILURE\"],\n ),\n blue_green_deployment_config=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs(\n deployment_ready_option=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs(\n action_on_timeout=\"CONTINUE_DEPLOYMENT\",\n ),\n terminate_blue_instances_on_deployment_success=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs(\n action=\"TERMINATE\",\n termination_wait_time_in_minutes=5,\n ),\n ),\n deployment_style=aws.codedeploy.DeploymentGroupDeploymentStyleArgs(\n deployment_option=\"WITH_TRAFFIC_CONTROL\",\n deployment_type=\"BLUE_GREEN\",\n ),\n ecs_service=aws.codedeploy.DeploymentGroupEcsServiceArgs(\n cluster_name=aws_ecs_cluster[\"example\"][\"name\"],\n service_name=aws_ecs_service[\"example\"][\"name\"],\n ),\n load_balancer_info=aws.codedeploy.DeploymentGroupLoadBalancerInfoArgs(\n target_group_pair_info=aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs(\n prod_traffic_route=aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs(\n listener_arns=[aws_lb_listener[\"example\"][\"arn\"]],\n ),\n target_groups=[\n aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs(\n name=aws_lb_target_group[\"blue\"][\"name\"],\n ),\n aws.codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs(\n name=aws_lb_target_group[\"green\"][\"name\"],\n ),\n ],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleApplication = new Aws.CodeDeploy.Application(\"exampleApplication\", new Aws.CodeDeploy.ApplicationArgs\n {\n ComputePlatform = \"ECS\",\n });\n var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"exampleDeploymentGroup\", new Aws.CodeDeploy.DeploymentGroupArgs\n {\n AppName = exampleApplication.Name,\n DeploymentConfigName = \"CodeDeployDefault.ECSAllAtOnce\",\n DeploymentGroupName = \"example\",\n ServiceRoleArn = aws_iam_role.Example.Arn,\n AutoRollbackConfiguration = new Aws.CodeDeploy.Inputs.DeploymentGroupAutoRollbackConfigurationArgs\n {\n Enabled = true,\n Events = \n {\n \"DEPLOYMENT_FAILURE\",\n },\n },\n BlueGreenDeploymentConfig = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigArgs\n {\n DeploymentReadyOption = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs\n {\n ActionOnTimeout = \"CONTINUE_DEPLOYMENT\",\n },\n TerminateBlueInstancesOnDeploymentSuccess = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs\n {\n Action = \"TERMINATE\",\n TerminationWaitTimeInMinutes = 5,\n },\n },\n DeploymentStyle = new Aws.CodeDeploy.Inputs.DeploymentGroupDeploymentStyleArgs\n {\n DeploymentOption = \"WITH_TRAFFIC_CONTROL\",\n DeploymentType = \"BLUE_GREEN\",\n },\n EcsService = new Aws.CodeDeploy.Inputs.DeploymentGroupEcsServiceArgs\n {\n ClusterName = aws_ecs_cluster.Example.Name,\n ServiceName = aws_ecs_service.Example.Name,\n },\n LoadBalancerInfo = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoArgs\n {\n TargetGroupPairInfo = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs\n {\n ProdTrafficRoute = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs\n {\n ListenerArns = \n {\n aws_lb_listener.Example.Arn,\n },\n },\n TargetGroups = \n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs\n {\n Name = aws_lb_target_group.Blue.Name,\n },\n new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs\n {\n Name = aws_lb_target_group.Green.Name,\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApplication, err := codedeploy.NewApplication(ctx, \"exampleApplication\", &codedeploy.ApplicationArgs{\n\t\t\tComputePlatform: pulumi.String(\"ECS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"exampleDeploymentGroup\", &codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: exampleApplication.Name,\n\t\t\tDeploymentConfigName: pulumi.String(\"CodeDeployDefault.ECSAllAtOnce\"),\n\t\t\tDeploymentGroupName: pulumi.String(\"example\"),\n\t\t\tServiceRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tAutoRollbackConfiguration: &codedeploy.DeploymentGroupAutoRollbackConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"DEPLOYMENT_FAILURE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBlueGreenDeploymentConfig: &codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs{\n\t\t\t\tDeploymentReadyOption: &codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs{\n\t\t\t\t\tActionOnTimeout: pulumi.String(\"CONTINUE_DEPLOYMENT\"),\n\t\t\t\t},\n\t\t\t\tTerminateBlueInstancesOnDeploymentSuccess: &codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs{\n\t\t\t\t\tAction: pulumi.String(\"TERMINATE\"),\n\t\t\t\t\tTerminationWaitTimeInMinutes: pulumi.Int(5),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDeploymentStyle: &codedeploy.DeploymentGroupDeploymentStyleArgs{\n\t\t\t\tDeploymentOption: pulumi.String(\"WITH_TRAFFIC_CONTROL\"),\n\t\t\t\tDeploymentType: pulumi.String(\"BLUE_GREEN\"),\n\t\t\t},\n\t\t\tEcsService: &codedeploy.DeploymentGroupEcsServiceArgs{\n\t\t\t\tClusterName: pulumi.Any(aws_ecs_cluster.Example.Name),\n\t\t\t\tServiceName: pulumi.Any(aws_ecs_service.Example.Name),\n\t\t\t},\n\t\t\tLoadBalancerInfo: &codedeploy.DeploymentGroupLoadBalancerInfoArgs{\n\t\t\t\tTargetGroupPairInfo: &codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoArgs{\n\t\t\t\t\tProdTrafficRoute: &codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoProdTrafficRouteArgs{\n\t\t\t\t\t\tListenerArns: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.Any(aws_lb_listener.Example.Arn),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTargetGroups: codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArray{\n\t\t\t\t\t\t&codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs{\n\t\t\t\t\t\t\tName: pulumi.Any(aws_lb_target_group.Blue.Name),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&codedeploy.DeploymentGroupLoadBalancerInfoTargetGroupPairInfoTargetGroupArgs{\n\t\t\t\t\t\t\tName: pulumi.Any(aws_lb_target_group.Green.Name),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Blue Green Deployments with Servers and Classic ELB\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleApplication = new aws.codedeploy.Application(\"exampleApplication\", {});\nconst exampleDeploymentGroup = new aws.codedeploy.DeploymentGroup(\"exampleDeploymentGroup\", {\n appName: exampleApplication.name,\n deploymentGroupName: \"example-group\",\n serviceRoleArn: aws_iam_role.example.arn,\n deploymentStyle: {\n deploymentOption: \"WITH_TRAFFIC_CONTROL\",\n deploymentType: \"BLUE_GREEN\",\n },\n loadBalancerInfo: {\n elbInfos: [{\n name: aws_elb.example.name,\n }],\n },\n blueGreenDeploymentConfig: {\n deploymentReadyOption: {\n actionOnTimeout: \"STOP_DEPLOYMENT\",\n waitTimeInMinutes: 60,\n },\n greenFleetProvisioningOption: {\n action: \"DISCOVER_EXISTING\",\n },\n terminateBlueInstancesOnDeploymentSuccess: {\n action: \"KEEP_ALIVE\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_application = aws.codedeploy.Application(\"exampleApplication\")\nexample_deployment_group = aws.codedeploy.DeploymentGroup(\"exampleDeploymentGroup\",\n app_name=example_application.name,\n deployment_group_name=\"example-group\",\n service_role_arn=aws_iam_role[\"example\"][\"arn\"],\n deployment_style=aws.codedeploy.DeploymentGroupDeploymentStyleArgs(\n deployment_option=\"WITH_TRAFFIC_CONTROL\",\n deployment_type=\"BLUE_GREEN\",\n ),\n load_balancer_info=aws.codedeploy.DeploymentGroupLoadBalancerInfoArgs(\n elb_infos=[aws.codedeploy.DeploymentGroupLoadBalancerInfoElbInfoArgs(\n name=aws_elb[\"example\"][\"name\"],\n )],\n ),\n blue_green_deployment_config=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs(\n deployment_ready_option=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs(\n action_on_timeout=\"STOP_DEPLOYMENT\",\n wait_time_in_minutes=60,\n ),\n green_fleet_provisioning_option=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs(\n action=\"DISCOVER_EXISTING\",\n ),\n terminate_blue_instances_on_deployment_success=aws.codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs(\n action=\"KEEP_ALIVE\",\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleApplication = new Aws.CodeDeploy.Application(\"exampleApplication\", new Aws.CodeDeploy.ApplicationArgs\n {\n });\n var exampleDeploymentGroup = new Aws.CodeDeploy.DeploymentGroup(\"exampleDeploymentGroup\", new Aws.CodeDeploy.DeploymentGroupArgs\n {\n AppName = exampleApplication.Name,\n DeploymentGroupName = \"example-group\",\n ServiceRoleArn = aws_iam_role.Example.Arn,\n DeploymentStyle = new Aws.CodeDeploy.Inputs.DeploymentGroupDeploymentStyleArgs\n {\n DeploymentOption = \"WITH_TRAFFIC_CONTROL\",\n DeploymentType = \"BLUE_GREEN\",\n },\n LoadBalancerInfo = new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoArgs\n {\n ElbInfos = \n {\n new Aws.CodeDeploy.Inputs.DeploymentGroupLoadBalancerInfoElbInfoArgs\n {\n Name = aws_elb.Example.Name,\n },\n },\n },\n BlueGreenDeploymentConfig = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigArgs\n {\n DeploymentReadyOption = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs\n {\n ActionOnTimeout = \"STOP_DEPLOYMENT\",\n WaitTimeInMinutes = 60,\n },\n GreenFleetProvisioningOption = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs\n {\n Action = \"DISCOVER_EXISTING\",\n },\n TerminateBlueInstancesOnDeploymentSuccess = new Aws.CodeDeploy.Inputs.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs\n {\n Action = \"KEEP_ALIVE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codedeploy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApplication, err := codedeploy.NewApplication(ctx, \"exampleApplication\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codedeploy.NewDeploymentGroup(ctx, \"exampleDeploymentGroup\", &codedeploy.DeploymentGroupArgs{\n\t\t\tAppName: exampleApplication.Name,\n\t\t\tDeploymentGroupName: pulumi.String(\"example-group\"),\n\t\t\tServiceRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tDeploymentStyle: &codedeploy.DeploymentGroupDeploymentStyleArgs{\n\t\t\t\tDeploymentOption: pulumi.String(\"WITH_TRAFFIC_CONTROL\"),\n\t\t\t\tDeploymentType: pulumi.String(\"BLUE_GREEN\"),\n\t\t\t},\n\t\t\tLoadBalancerInfo: &codedeploy.DeploymentGroupLoadBalancerInfoArgs{\n\t\t\t\tElbInfos: codedeploy.DeploymentGroupLoadBalancerInfoElbInfoArray{\n\t\t\t\t\t&codedeploy.DeploymentGroupLoadBalancerInfoElbInfoArgs{\n\t\t\t\t\t\tName: pulumi.Any(aws_elb.Example.Name),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tBlueGreenDeploymentConfig: &codedeploy.DeploymentGroupBlueGreenDeploymentConfigArgs{\n\t\t\t\tDeploymentReadyOption: &codedeploy.DeploymentGroupBlueGreenDeploymentConfigDeploymentReadyOptionArgs{\n\t\t\t\t\tActionOnTimeout: pulumi.String(\"STOP_DEPLOYMENT\"),\n\t\t\t\t\tWaitTimeInMinutes: pulumi.Int(60),\n\t\t\t\t},\n\t\t\t\tGreenFleetProvisioningOption: &codedeploy.DeploymentGroupBlueGreenDeploymentConfigGreenFleetProvisioningOptionArgs{\n\t\t\t\t\tAction: pulumi.String(\"DISCOVER_EXISTING\"),\n\t\t\t\t},\n\t\t\t\tTerminateBlueInstancesOnDeploymentSuccess: &codedeploy.DeploymentGroupBlueGreenDeploymentConfigTerminateBlueInstancesOnDeploymentSuccessArgs{\n\t\t\t\t\tAction: pulumi.String(\"KEEP_ALIVE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeDeploy Deployment Groups can be imported by their `app_name`, a colon, and `deployment_group_name`, e.g.\n\n```sh\n $ pulumi import aws:codedeploy/deploymentGroup:DeploymentGroup example my-application:my-deployment-group\n```\n\n [1]http://docs.aws.amazon.com/codedeploy/latest/userguide/monitoring-sns-event-notifications-create-trigger.html ", + "properties": { + "alarmConfiguration": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupAlarmConfiguration:DeploymentGroupAlarmConfiguration", + "description": "Configuration block of alarms associated with the deployment group (documented below).\n" + }, + "appName": { + "type": "string", + "description": "The name of the application.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the CodeDeploy deployment group.\n" + }, + "autoRollbackConfiguration": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupAutoRollbackConfiguration:DeploymentGroupAutoRollbackConfiguration", + "description": "Configuration block of the automatic rollback configuration associated with the deployment group (documented below).\n" + }, + "autoscalingGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Autoscaling groups associated with the deployment group.\n" + }, + "blueGreenDeploymentConfig": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupBlueGreenDeploymentConfig:DeploymentGroupBlueGreenDeploymentConfig", + "description": "Configuration block of the blue/green deployment options for a deployment group (documented below).\n" + }, + "computePlatform": { + "type": "string", + "description": "The destination platform type for the deployment.\n" + }, + "deploymentConfigName": { + "type": "string", + "description": "The name of the group's deployment config. The default is \"CodeDeployDefault.OneAtATime\".\n" + }, + "deploymentGroupId": { + "type": "string", + "description": "The ID of the CodeDeploy deployment group.\n" + }, + "deploymentGroupName": { + "type": "string", + "description": "The name of the deployment group.\n" + }, + "deploymentStyle": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupDeploymentStyle:DeploymentGroupDeploymentStyle", + "description": "Configuration block of the type of deployment, either in-place or blue/green, you want to run and whether to route deployment traffic behind a load balancer (documented below).\n" + }, + "ec2TagFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupEc2TagFilter:DeploymentGroupEc2TagFilter" + }, + "description": "Tag filters associated with the deployment group. See the AWS docs for details.\n" + }, + "ec2TagSets": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupEc2TagSet:DeploymentGroupEc2TagSet" + }, + "description": "Configuration block(s) of Tag filters associated with the deployment group, which are also referred to as tag groups (documented below). See the AWS docs for details.\n" + }, + "ecsService": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupEcsService:DeploymentGroupEcsService", + "description": "Configuration block(s) of the ECS services for a deployment group (documented below).\n" + }, + "loadBalancerInfo": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupLoadBalancerInfo:DeploymentGroupLoadBalancerInfo", + "description": "Single configuration block of the load balancer to use in a blue/green deployment (documented below).\n" + }, + "onPremisesInstanceTagFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupOnPremisesInstanceTagFilter:DeploymentGroupOnPremisesInstanceTagFilter" + }, + "description": "On premise tag filters associated with the group. See the AWS docs for details.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The service role ARN that allows deployments.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "triggerConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupTriggerConfiguration:DeploymentGroupTriggerConfiguration" + }, + "description": "Configuration block(s) of the triggers for the deployment group (documented below).\n" + } + }, + "required": [ + "appName", + "arn", + "blueGreenDeploymentConfig", + "computePlatform", + "deploymentGroupId", + "deploymentGroupName", + "serviceRoleArn", + "tagsAll" + ], + "inputProperties": { + "alarmConfiguration": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupAlarmConfiguration:DeploymentGroupAlarmConfiguration", + "description": "Configuration block of alarms associated with the deployment group (documented below).\n" + }, + "appName": { + "type": "string", + "description": "The name of the application.\n" + }, + "autoRollbackConfiguration": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupAutoRollbackConfiguration:DeploymentGroupAutoRollbackConfiguration", + "description": "Configuration block of the automatic rollback configuration associated with the deployment group (documented below).\n" + }, + "autoscalingGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Autoscaling groups associated with the deployment group.\n" + }, + "blueGreenDeploymentConfig": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupBlueGreenDeploymentConfig:DeploymentGroupBlueGreenDeploymentConfig", + "description": "Configuration block of the blue/green deployment options for a deployment group (documented below).\n" + }, + "deploymentConfigName": { + "type": "string", + "description": "The name of the group's deployment config. The default is \"CodeDeployDefault.OneAtATime\".\n" + }, + "deploymentGroupName": { + "type": "string", + "description": "The name of the deployment group.\n" + }, + "deploymentStyle": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupDeploymentStyle:DeploymentGroupDeploymentStyle", + "description": "Configuration block of the type of deployment, either in-place or blue/green, you want to run and whether to route deployment traffic behind a load balancer (documented below).\n" + }, + "ec2TagFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupEc2TagFilter:DeploymentGroupEc2TagFilter" + }, + "description": "Tag filters associated with the deployment group. See the AWS docs for details.\n" + }, + "ec2TagSets": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupEc2TagSet:DeploymentGroupEc2TagSet" + }, + "description": "Configuration block(s) of Tag filters associated with the deployment group, which are also referred to as tag groups (documented below). See the AWS docs for details.\n" + }, + "ecsService": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupEcsService:DeploymentGroupEcsService", + "description": "Configuration block(s) of the ECS services for a deployment group (documented below).\n" + }, + "loadBalancerInfo": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupLoadBalancerInfo:DeploymentGroupLoadBalancerInfo", + "description": "Single configuration block of the load balancer to use in a blue/green deployment (documented below).\n" + }, + "onPremisesInstanceTagFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupOnPremisesInstanceTagFilter:DeploymentGroupOnPremisesInstanceTagFilter" + }, + "description": "On premise tag filters associated with the group. See the AWS docs for details.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The service role ARN that allows deployments.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "triggerConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupTriggerConfiguration:DeploymentGroupTriggerConfiguration" + }, + "description": "Configuration block(s) of the triggers for the deployment group (documented below).\n" + } + }, + "requiredInputs": [ + "appName", + "deploymentGroupName", + "serviceRoleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DeploymentGroup resources.\n", + "properties": { + "alarmConfiguration": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupAlarmConfiguration:DeploymentGroupAlarmConfiguration", + "description": "Configuration block of alarms associated with the deployment group (documented below).\n" + }, + "appName": { + "type": "string", + "description": "The name of the application.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the CodeDeploy deployment group.\n" + }, + "autoRollbackConfiguration": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupAutoRollbackConfiguration:DeploymentGroupAutoRollbackConfiguration", + "description": "Configuration block of the automatic rollback configuration associated with the deployment group (documented below).\n" + }, + "autoscalingGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Autoscaling groups associated with the deployment group.\n" + }, + "blueGreenDeploymentConfig": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupBlueGreenDeploymentConfig:DeploymentGroupBlueGreenDeploymentConfig", + "description": "Configuration block of the blue/green deployment options for a deployment group (documented below).\n" + }, + "computePlatform": { + "type": "string", + "description": "The destination platform type for the deployment.\n" + }, + "deploymentConfigName": { + "type": "string", + "description": "The name of the group's deployment config. The default is \"CodeDeployDefault.OneAtATime\".\n" + }, + "deploymentGroupId": { + "type": "string", + "description": "The ID of the CodeDeploy deployment group.\n" + }, + "deploymentGroupName": { + "type": "string", + "description": "The name of the deployment group.\n" + }, + "deploymentStyle": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupDeploymentStyle:DeploymentGroupDeploymentStyle", + "description": "Configuration block of the type of deployment, either in-place or blue/green, you want to run and whether to route deployment traffic behind a load balancer (documented below).\n" + }, + "ec2TagFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupEc2TagFilter:DeploymentGroupEc2TagFilter" + }, + "description": "Tag filters associated with the deployment group. See the AWS docs for details.\n" + }, + "ec2TagSets": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupEc2TagSet:DeploymentGroupEc2TagSet" + }, + "description": "Configuration block(s) of Tag filters associated with the deployment group, which are also referred to as tag groups (documented below). See the AWS docs for details.\n" + }, + "ecsService": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupEcsService:DeploymentGroupEcsService", + "description": "Configuration block(s) of the ECS services for a deployment group (documented below).\n" + }, + "loadBalancerInfo": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupLoadBalancerInfo:DeploymentGroupLoadBalancerInfo", + "description": "Single configuration block of the load balancer to use in a blue/green deployment (documented below).\n" + }, + "onPremisesInstanceTagFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupOnPremisesInstanceTagFilter:DeploymentGroupOnPremisesInstanceTagFilter" + }, + "description": "On premise tag filters associated with the group. See the AWS docs for details.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The service role ARN that allows deployments.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "triggerConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:codedeploy/DeploymentGroupTriggerConfiguration:DeploymentGroupTriggerConfiguration" + }, + "description": "Configuration block(s) of the triggers for the deployment group (documented below).\n" + } + }, + "type": "object" + } + }, + "aws:codepipeline/pipeline:Pipeline": { + "description": "Provides a CodePipeline.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codestarconnections.Connection(\"example\", {providerType: \"GitHub\"});\nconst codepipelineBucket = new aws.s3.Bucket(\"codepipelineBucket\", {acl: \"private\"});\nconst codepipelineRole = new aws.iam.Role(\"codepipelineRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"codepipeline.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst s3kmskey = aws.kms.getAlias({\n name: \"alias/myKmsKey\",\n});\nconst codepipeline = new aws.codepipeline.Pipeline(\"codepipeline\", {\n roleArn: codepipelineRole.arn,\n artifactStore: {\n location: codepipelineBucket.bucket,\n type: \"S3\",\n encryptionKey: {\n id: s3kmskey.then(s3kmskey => s3kmskey.arn),\n type: \"KMS\",\n },\n },\n stages: [\n {\n name: \"Source\",\n actions: [{\n name: \"Source\",\n category: \"Source\",\n owner: \"AWS\",\n provider: \"CodeStarSourceConnection\",\n version: \"1\",\n outputArtifacts: [\"source_output\"],\n configuration: {\n ConnectionArn: example.arn,\n FullRepositoryId: \"my-organization/example\",\n BranchName: \"main\",\n },\n }],\n },\n {\n name: \"Build\",\n actions: [{\n name: \"Build\",\n category: \"Build\",\n owner: \"AWS\",\n provider: \"CodeBuild\",\n inputArtifacts: [\"source_output\"],\n outputArtifacts: [\"build_output\"],\n version: \"1\",\n configuration: {\n ProjectName: \"test\",\n },\n }],\n },\n {\n name: \"Deploy\",\n actions: [{\n name: \"Deploy\",\n category: \"Deploy\",\n owner: \"AWS\",\n provider: \"CloudFormation\",\n inputArtifacts: [\"build_output\"],\n version: \"1\",\n configuration: {\n ActionMode: \"REPLACE_ON_FAILURE\",\n Capabilities: \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\",\n OutputFileName: \"CreateStackOutput.json\",\n StackName: \"MyStack\",\n TemplatePath: \"build_output::sam-templated.yaml\",\n },\n }],\n },\n ],\n});\nconst codepipelinePolicy = new aws.iam.RolePolicy(\"codepipelinePolicy\", {\n role: codepipelineRole.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"${codepipelineBucket.arn}\",\n \"${codepipelineBucket.arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codestar-connections:UseConnection\"\n ],\n \"Resource\": \"${example.arn}\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\"\n ],\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codestarconnections.Connection(\"example\", provider_type=\"GitHub\")\ncodepipeline_bucket = aws.s3.Bucket(\"codepipelineBucket\", acl=\"private\")\ncodepipeline_role = aws.iam.Role(\"codepipelineRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"codepipeline.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\ns3kmskey = aws.kms.get_alias(name=\"alias/myKmsKey\")\ncodepipeline = aws.codepipeline.Pipeline(\"codepipeline\",\n role_arn=codepipeline_role.arn,\n artifact_store=aws.codepipeline.PipelineArtifactStoreArgs(\n location=codepipeline_bucket.bucket,\n type=\"S3\",\n encryption_key=aws.codepipeline.PipelineArtifactStoreEncryptionKeyArgs(\n id=s3kmskey.arn,\n type=\"KMS\",\n ),\n ),\n stages=[\n aws.codepipeline.PipelineStageArgs(\n name=\"Source\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Source\",\n category=\"Source\",\n owner=\"AWS\",\n provider=\"CodeStarSourceConnection\",\n version=\"1\",\n output_artifacts=[\"source_output\"],\n configuration={\n \"ConnectionArn\": example.arn,\n \"FullRepositoryId\": \"my-organization/example\",\n \"BranchName\": \"main\",\n },\n )],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Build\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Build\",\n category=\"Build\",\n owner=\"AWS\",\n provider=\"CodeBuild\",\n input_artifacts=[\"source_output\"],\n output_artifacts=[\"build_output\"],\n version=\"1\",\n configuration={\n \"ProjectName\": \"test\",\n },\n )],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Deploy\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Deploy\",\n category=\"Deploy\",\n owner=\"AWS\",\n provider=\"CloudFormation\",\n input_artifacts=[\"build_output\"],\n version=\"1\",\n configuration={\n \"ActionMode\": \"REPLACE_ON_FAILURE\",\n \"Capabilities\": \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\",\n \"OutputFileName\": \"CreateStackOutput.json\",\n \"StackName\": \"MyStack\",\n \"TemplatePath\": \"build_output::sam-templated.yaml\",\n },\n )],\n ),\n ])\ncodepipeline_policy = aws.iam.RolePolicy(\"codepipelinePolicy\",\n role=codepipeline_role.id,\n policy=pulumi.Output.all(codepipeline_bucket.arn, codepipeline_bucket.arn, example.arn).apply(lambda codepipelineBucketArn, codepipelineBucketArn1, exampleArn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\":\"Allow\",\n \"Action\": [\n \"s3:GetObject\",\n \"s3:GetObjectVersion\",\n \"s3:GetBucketVersioning\",\n \"s3:PutObjectAcl\",\n \"s3:PutObject\"\n ],\n \"Resource\": [\n \"{codepipeline_bucket_arn}\",\n \"{codepipeline_bucket_arn1}/*\"\n ]\n }},\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codestar-connections:UseConnection\"\n ],\n \"Resource\": \"{example_arn}\"\n }},\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"codebuild:BatchGetBuilds\",\n \"codebuild:StartBuild\"\n ],\n \"Resource\": \"*\"\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CodeStarConnections.Connection(\"example\", new Aws.CodeStarConnections.ConnectionArgs\n {\n ProviderType = \"GitHub\",\n });\n var codepipelineBucket = new Aws.S3.Bucket(\"codepipelineBucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var codepipelineRole = new Aws.Iam.Role(\"codepipelineRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"codepipeline.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var s3kmskey = Output.Create(Aws.Kms.GetAlias.InvokeAsync(new Aws.Kms.GetAliasArgs\n {\n Name = \"alias/myKmsKey\",\n }));\n var codepipeline = new Aws.CodePipeline.Pipeline(\"codepipeline\", new Aws.CodePipeline.PipelineArgs\n {\n RoleArn = codepipelineRole.Arn,\n ArtifactStore = new Aws.CodePipeline.Inputs.PipelineArtifactStoreArgs\n {\n Location = codepipelineBucket.BucketName,\n Type = \"S3\",\n EncryptionKey = new Aws.CodePipeline.Inputs.PipelineArtifactStoreEncryptionKeyArgs\n {\n Id = s3kmskey.Apply(s3kmskey => s3kmskey.Arn),\n Type = \"KMS\",\n },\n },\n Stages = \n {\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Source\",\n Actions = \n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Source\",\n Category = \"Source\",\n Owner = \"AWS\",\n Provider = \"CodeStarSourceConnection\",\n Version = \"1\",\n OutputArtifacts = \n {\n \"source_output\",\n },\n Configuration = \n {\n { \"ConnectionArn\", example.Arn },\n { \"FullRepositoryId\", \"my-organization/example\" },\n { \"BranchName\", \"main\" },\n },\n },\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Build\",\n Actions = \n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Build\",\n Category = \"Build\",\n Owner = \"AWS\",\n Provider = \"CodeBuild\",\n InputArtifacts = \n {\n \"source_output\",\n },\n OutputArtifacts = \n {\n \"build_output\",\n },\n Version = \"1\",\n Configuration = \n {\n { \"ProjectName\", \"test\" },\n },\n },\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Deploy\",\n Actions = \n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Deploy\",\n Category = \"Deploy\",\n Owner = \"AWS\",\n Provider = \"CloudFormation\",\n InputArtifacts = \n {\n \"build_output\",\n },\n Version = \"1\",\n Configuration = \n {\n { \"ActionMode\", \"REPLACE_ON_FAILURE\" },\n { \"Capabilities\", \"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\" },\n { \"OutputFileName\", \"CreateStackOutput.json\" },\n { \"StackName\", \"MyStack\" },\n { \"TemplatePath\", \"build_output::sam-templated.yaml\" },\n },\n },\n },\n },\n },\n });\n var codepipelinePolicy = new Aws.Iam.RolePolicy(\"codepipelinePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = codepipelineRole.Id,\n Policy = Output.Tuple(codepipelineBucket.Arn, codepipelineBucket.Arn, example.Arn).Apply(values =>\n {\n var codepipelineBucketArn = values.Item1;\n var codepipelineBucketArn1 = values.Item2;\n var exampleArn = values.Item3;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\":\"\"Allow\"\",\n \"\"Action\"\": [\n \"\"s3:GetObject\"\",\n \"\"s3:GetObjectVersion\"\",\n \"\"s3:GetBucketVersioning\"\",\n \"\"s3:PutObjectAcl\"\",\n \"\"s3:PutObject\"\"\n ],\n \"\"Resource\"\": [\n \"\"{codepipelineBucketArn}\"\",\n \"\"{codepipelineBucketArn1}/*\"\"\n ]\n }},\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"codestar-connections:UseConnection\"\"\n ],\n \"\"Resource\"\": \"\"{exampleArn}\"\"\n }},\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"codebuild:BatchGetBuilds\"\",\n \"\"codebuild:StartBuild\"\"\n ],\n \"\"Resource\"\": \"\"*\"\"\n }}\n ]\n}}\n\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codepipeline\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codestarconnections\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := codestarconnections.NewConnection(ctx, \"example\", &codestarconnections.ConnectionArgs{\n\t\t\tProviderType: pulumi.String(\"GitHub\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcodepipelineBucket, err := s3.NewBucket(ctx, \"codepipelineBucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcodepipelineRole, err := iam.NewRole(ctx, \"codepipelineRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"codepipeline.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ts3kmskey, err := kms.LookupAlias(ctx, &kms.LookupAliasArgs{\n\t\t\tName: \"alias/myKmsKey\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codepipeline.NewPipeline(ctx, \"codepipeline\", &codepipeline.PipelineArgs{\n\t\t\tRoleArn: codepipelineRole.Arn,\n\t\t\tArtifactStore: &codepipeline.PipelineArtifactStoreArgs{\n\t\t\t\tLocation: codepipelineBucket.Bucket,\n\t\t\t\tType: pulumi.String(\"S3\"),\n\t\t\t\tEncryptionKey: &codepipeline.PipelineArtifactStoreEncryptionKeyArgs{\n\t\t\t\t\tId: pulumi.String(s3kmskey.Arn),\n\t\t\t\t\tType: pulumi.String(\"KMS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tStages: codepipeline.PipelineStageArray{\n\t\t\t\t&codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t&codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CodeStarSourceConnection\"),\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tOutputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"source_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ConnectionArn\": example.Arn,\n\t\t\t\t\t\t\t\t\"FullRepositoryId\": pulumi.String(\"my-organization/example\"),\n\t\t\t\t\t\t\t\t\"BranchName\": pulumi.String(\"main\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t&codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CodeBuild\"),\n\t\t\t\t\t\t\tInputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"source_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tOutputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"build_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ProjectName\": pulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Deploy\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t&codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Deploy\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Deploy\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CloudFormation\"),\n\t\t\t\t\t\t\tInputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"build_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ActionMode\": pulumi.String(\"REPLACE_ON_FAILURE\"),\n\t\t\t\t\t\t\t\t\"Capabilities\": pulumi.String(\"CAPABILITY_AUTO_EXPAND,CAPABILITY_IAM\"),\n\t\t\t\t\t\t\t\t\"OutputFileName\": pulumi.String(\"CreateStackOutput.json\"),\n\t\t\t\t\t\t\t\t\"StackName\": pulumi.String(\"MyStack\"),\n\t\t\t\t\t\t\t\t\"TemplatePath\": pulumi.String(\"build_output::sam-templated.yaml\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"codepipelinePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: codepipelineRole.ID(),\n\t\t\tPolicy: pulumi.All(codepipelineBucket.Arn, codepipelineBucket.Arn, example.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tcodepipelineBucketArn := _args[0].(string)\n\t\t\t\tcodepipelineBucketArn1 := _args[1].(string)\n\t\t\t\texampleArn := _args[2].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\":\\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:GetObject\\\",\\n\", \" \\\"s3:GetObjectVersion\\\",\\n\", \" \\\"s3:GetBucketVersioning\\\",\\n\", \" \\\"s3:PutObjectAcl\\\",\\n\", \" \\\"s3:PutObject\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"\", codepipelineBucketArn, \"\\\",\\n\", \" \\\"\", codepipelineBucketArn1, \"/*\\\"\\n\", \" ]\\n\", \" },\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"codestar-connections:UseConnection\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"\", exampleArn, \"\\\"\\n\", \" },\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"codebuild:BatchGetBuilds\\\",\\n\", \" \\\"codebuild:StartBuild\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodePipelines can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:codepipeline/pipeline:Pipeline foo example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The codepipeline ARN.\n" + }, + "artifactStore": { + "$ref": "#/types/aws:codepipeline/PipelineArtifactStore:PipelineArtifactStore", + "description": "One or more artifact_store blocks. Artifact stores are documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the pipeline.\n" + }, + "roleArn": { + "type": "string", + "description": "A service role Amazon Resource Name (ARN) that grants AWS CodePipeline permission to make calls to AWS services on your behalf.\n" + }, + "stages": { + "type": "array", + "items": { + "$ref": "#/types/aws:codepipeline/PipelineStage:PipelineStage" + }, + "description": "A stage block. Stages are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "artifactStore", + "name", + "roleArn", + "stages", + "tagsAll" + ], + "inputProperties": { + "artifactStore": { + "$ref": "#/types/aws:codepipeline/PipelineArtifactStore:PipelineArtifactStore", + "description": "One or more artifact_store blocks. Artifact stores are documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the pipeline.\n" + }, + "roleArn": { + "type": "string", + "description": "A service role Amazon Resource Name (ARN) that grants AWS CodePipeline permission to make calls to AWS services on your behalf.\n" + }, + "stages": { + "type": "array", + "items": { + "$ref": "#/types/aws:codepipeline/PipelineStage:PipelineStage" + }, + "description": "A stage block. Stages are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "artifactStore", + "roleArn", + "stages" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Pipeline resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The codepipeline ARN.\n" + }, + "artifactStore": { + "$ref": "#/types/aws:codepipeline/PipelineArtifactStore:PipelineArtifactStore", + "description": "One or more artifact_store blocks. Artifact stores are documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the pipeline.\n" + }, + "roleArn": { + "type": "string", + "description": "A service role Amazon Resource Name (ARN) that grants AWS CodePipeline permission to make calls to AWS services on your behalf.\n" + }, + "stages": { + "type": "array", + "items": { + "$ref": "#/types/aws:codepipeline/PipelineStage:PipelineStage" + }, + "description": "A stage block. Stages are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:codepipeline/webhook:Webhook": { + "description": "Provides a CodePipeline Webhook.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as github from \"@pulumi/github\";\n\nconst barPipeline = new aws.codepipeline.Pipeline(\"barPipeline\", {\n roleArn: aws_iam_role.bar.arn,\n artifactStore: {\n location: aws_s3_bucket.bar.bucket,\n type: \"S3\",\n encryptionKey: {\n id: data.aws_kms_alias.s3kmskey.arn,\n type: \"KMS\",\n },\n },\n stages: [\n {\n name: \"Source\",\n actions: [{\n name: \"Source\",\n category: \"Source\",\n owner: \"ThirdParty\",\n provider: \"GitHub\",\n version: \"1\",\n outputArtifacts: [\"test\"],\n configuration: {\n Owner: \"my-organization\",\n Repo: \"test\",\n Branch: \"master\",\n },\n }],\n },\n {\n name: \"Build\",\n actions: [{\n name: \"Build\",\n category: \"Build\",\n owner: \"AWS\",\n provider: \"CodeBuild\",\n inputArtifacts: [\"test\"],\n version: \"1\",\n configuration: {\n ProjectName: \"test\",\n },\n }],\n },\n ],\n});\nconst webhookSecret = \"super-secret\";\nconst barWebhook = new aws.codepipeline.Webhook(\"barWebhook\", {\n authentication: \"GITHUB_HMAC\",\n targetAction: \"Source\",\n targetPipeline: barPipeline.name,\n authenticationConfiguration: {\n secretToken: webhookSecret,\n },\n filters: [{\n jsonPath: `$.ref`,\n matchEquals: \"refs/heads/{Branch}\",\n }],\n});\n// Wire the CodePipeline webhook into a GitHub repository.\nconst barRepositoryWebhook = new github.RepositoryWebhook(\"barRepositoryWebhook\", {\n repository: github_repository.repo.name,\n configuration: {\n url: barWebhook.url,\n contentType: \"json\",\n insecureSsl: true,\n secret: webhookSecret,\n },\n events: [\"push\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_github as github\n\nbar_pipeline = aws.codepipeline.Pipeline(\"barPipeline\",\n role_arn=aws_iam_role[\"bar\"][\"arn\"],\n artifact_store=aws.codepipeline.PipelineArtifactStoreArgs(\n location=aws_s3_bucket[\"bar\"][\"bucket\"],\n type=\"S3\",\n encryption_key=aws.codepipeline.PipelineArtifactStoreEncryptionKeyArgs(\n id=data[\"aws_kms_alias\"][\"s3kmskey\"][\"arn\"],\n type=\"KMS\",\n ),\n ),\n stages=[\n aws.codepipeline.PipelineStageArgs(\n name=\"Source\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Source\",\n category=\"Source\",\n owner=\"ThirdParty\",\n provider=\"GitHub\",\n version=\"1\",\n output_artifacts=[\"test\"],\n configuration={\n \"Owner\": \"my-organization\",\n \"Repo\": \"test\",\n \"Branch\": \"master\",\n },\n )],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Build\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Build\",\n category=\"Build\",\n owner=\"AWS\",\n provider=\"CodeBuild\",\n input_artifacts=[\"test\"],\n version=\"1\",\n configuration={\n \"ProjectName\": \"test\",\n },\n )],\n ),\n ])\nwebhook_secret = \"super-secret\"\nbar_webhook = aws.codepipeline.Webhook(\"barWebhook\",\n authentication=\"GITHUB_HMAC\",\n target_action=\"Source\",\n target_pipeline=bar_pipeline.name,\n authentication_configuration=aws.codepipeline.WebhookAuthenticationConfigurationArgs(\n secret_token=webhook_secret,\n ),\n filters=[aws.codepipeline.WebhookFilterArgs(\n json_path=\"$.ref\",\n match_equals=\"refs/heads/{Branch}\",\n )])\n# Wire the CodePipeline webhook into a GitHub repository.\nbar_repository_webhook = github.RepositoryWebhook(\"barRepositoryWebhook\",\n repository=github_repository[\"repo\"][\"name\"],\n configuration=github.RepositoryWebhookConfigurationArgs(\n url=bar_webhook.url,\n content_type=\"json\",\n insecure_ssl=True,\n secret=webhook_secret,\n ),\n events=[\"push\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Github = Pulumi.Github;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var barPipeline = new Aws.CodePipeline.Pipeline(\"barPipeline\", new Aws.CodePipeline.PipelineArgs\n {\n RoleArn = aws_iam_role.Bar.Arn,\n ArtifactStore = new Aws.CodePipeline.Inputs.PipelineArtifactStoreArgs\n {\n Location = aws_s3_bucket.Bar.Bucket,\n Type = \"S3\",\n EncryptionKey = new Aws.CodePipeline.Inputs.PipelineArtifactStoreEncryptionKeyArgs\n {\n Id = data.Aws_kms_alias.S3kmskey.Arn,\n Type = \"KMS\",\n },\n },\n Stages = \n {\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Source\",\n Actions = \n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Source\",\n Category = \"Source\",\n Owner = \"ThirdParty\",\n Provider = \"GitHub\",\n Version = \"1\",\n OutputArtifacts = \n {\n \"test\",\n },\n Configuration = \n {\n { \"Owner\", \"my-organization\" },\n { \"Repo\", \"test\" },\n { \"Branch\", \"master\" },\n },\n },\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Build\",\n Actions = \n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Build\",\n Category = \"Build\",\n Owner = \"AWS\",\n Provider = \"CodeBuild\",\n InputArtifacts = \n {\n \"test\",\n },\n Version = \"1\",\n Configuration = \n {\n { \"ProjectName\", \"test\" },\n },\n },\n },\n },\n },\n });\n var webhookSecret = \"super-secret\";\n var barWebhook = new Aws.CodePipeline.Webhook(\"barWebhook\", new Aws.CodePipeline.WebhookArgs\n {\n Authentication = \"GITHUB_HMAC\",\n TargetAction = \"Source\",\n TargetPipeline = barPipeline.Name,\n AuthenticationConfiguration = new Aws.CodePipeline.Inputs.WebhookAuthenticationConfigurationArgs\n {\n SecretToken = webhookSecret,\n },\n Filters = \n {\n new Aws.CodePipeline.Inputs.WebhookFilterArgs\n {\n JsonPath = \"$.ref\",\n MatchEquals = \"refs/heads/{Branch}\",\n },\n },\n });\n // Wire the CodePipeline webhook into a GitHub repository.\n var barRepositoryWebhook = new Github.RepositoryWebhook(\"barRepositoryWebhook\", new Github.RepositoryWebhookArgs\n {\n Repository = github_repository.Repo.Name,\n Configuration = new Github.Inputs.RepositoryWebhookConfigurationArgs\n {\n Url = barWebhook.Url,\n ContentType = \"json\",\n InsecureSsl = true,\n Secret = webhookSecret,\n },\n Events = \n {\n \"push\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codepipeline\"\n\t\"github.com/pulumi/pulumi-github/sdk/v4/go/github\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbarPipeline, err := codepipeline.NewPipeline(ctx, \"barPipeline\", &codepipeline.PipelineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Bar.Arn),\n\t\t\tArtifactStore: &codepipeline.PipelineArtifactStoreArgs{\n\t\t\t\tLocation: pulumi.Any(aws_s3_bucket.Bar.Bucket),\n\t\t\t\tType: pulumi.String(\"S3\"),\n\t\t\t\tEncryptionKey: &codepipeline.PipelineArtifactStoreEncryptionKeyArgs{\n\t\t\t\t\tId: pulumi.Any(data.Aws_kms_alias.S3kmskey.Arn),\n\t\t\t\t\tType: pulumi.String(\"KMS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tStages: codepipeline.PipelineStageArray{\n\t\t\t\t&codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t&codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"ThirdParty\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"GitHub\"),\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tOutputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"Owner\": pulumi.String(\"my-organization\"),\n\t\t\t\t\t\t\t\t\"Repo\": pulumi.String(\"test\"),\n\t\t\t\t\t\t\t\t\"Branch\": pulumi.String(\"master\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t&codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Build\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CodeBuild\"),\n\t\t\t\t\t\t\tInputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ProjectName\": pulumi.String(\"test\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twebhookSecret := \"super-secret\"\n\t\tbarWebhook, err := codepipeline.NewWebhook(ctx, \"barWebhook\", &codepipeline.WebhookArgs{\n\t\t\tAuthentication: pulumi.String(\"GITHUB_HMAC\"),\n\t\t\tTargetAction: pulumi.String(\"Source\"),\n\t\t\tTargetPipeline: barPipeline.Name,\n\t\t\tAuthenticationConfiguration: &codepipeline.WebhookAuthenticationConfigurationArgs{\n\t\t\t\tSecretToken: pulumi.String(webhookSecret),\n\t\t\t},\n\t\t\tFilters: codepipeline.WebhookFilterArray{\n\t\t\t\t&codepipeline.WebhookFilterArgs{\n\t\t\t\t\tJsonPath: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \".ref\")),\n\t\t\t\t\tMatchEquals: pulumi.String(\"refs/heads/{Branch}\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = github.NewRepositoryWebhook(ctx, \"barRepositoryWebhook\", &github.RepositoryWebhookArgs{\n\t\t\tRepository: pulumi.Any(github_repository.Repo.Name),\n\t\t\tConfiguration: &RepositoryWebhookConfigurationArgs{\n\t\t\t\tUrl: barWebhook.Url,\n\t\t\t\tContentType: pulumi.String(\"json\"),\n\t\t\t\tInsecureSsl: pulumi.Bool(true),\n\t\t\t\tSecret: pulumi.String(webhookSecret),\n\t\t\t},\n\t\t\tEvents: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"push\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodePipeline Webhooks can be imported by their ARN, e.g.\n\n```sh\n $ pulumi import aws:codepipeline/webhook:Webhook example arn:aws:codepipeline:us-west-2:123456789012:webhook:example\n```\n\n ", + "properties": { + "authentication": { + "type": "string", + "description": "The type of authentication to use. One of `IP`, `GITHUB_HMAC`, or `UNAUTHENTICATED`.\n" + }, + "authenticationConfiguration": { + "$ref": "#/types/aws:codepipeline/WebhookAuthenticationConfiguration:WebhookAuthenticationConfiguration", + "description": "An `auth` block. Required for `IP` and `GITHUB_HMAC`. Auth blocks are documented below.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codepipeline/WebhookFilter:WebhookFilter" + }, + "description": "One or more `filter` blocks. Filter blocks are documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the webhook.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetAction": { + "type": "string", + "description": "The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.\n" + }, + "targetPipeline": { + "type": "string", + "description": "The name of the pipeline.\n" + }, + "url": { + "type": "string", + "description": "The CodePipeline webhook's URL. POST events to this endpoint to trigger the target.\n" + } + }, + "required": [ + "authentication", + "filters", + "name", + "tagsAll", + "targetAction", + "targetPipeline", + "url" + ], + "inputProperties": { + "authentication": { + "type": "string", + "description": "The type of authentication to use. One of `IP`, `GITHUB_HMAC`, or `UNAUTHENTICATED`.\n" + }, + "authenticationConfiguration": { + "$ref": "#/types/aws:codepipeline/WebhookAuthenticationConfiguration:WebhookAuthenticationConfiguration", + "description": "An `auth` block. Required for `IP` and `GITHUB_HMAC`. Auth blocks are documented below.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codepipeline/WebhookFilter:WebhookFilter" + }, + "description": "One or more `filter` blocks. Filter blocks are documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the webhook.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetAction": { + "type": "string", + "description": "The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.\n" + }, + "targetPipeline": { + "type": "string", + "description": "The name of the pipeline.\n" + } + }, + "requiredInputs": [ + "authentication", + "filters", + "targetAction", + "targetPipeline" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Webhook resources.\n", + "properties": { + "authentication": { + "type": "string", + "description": "The type of authentication to use. One of `IP`, `GITHUB_HMAC`, or `UNAUTHENTICATED`.\n" + }, + "authenticationConfiguration": { + "$ref": "#/types/aws:codepipeline/WebhookAuthenticationConfiguration:WebhookAuthenticationConfiguration", + "description": "An `auth` block. Required for `IP` and `GITHUB_HMAC`. Auth blocks are documented below.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:codepipeline/WebhookFilter:WebhookFilter" + }, + "description": "One or more `filter` blocks. Filter blocks are documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the webhook.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetAction": { + "type": "string", + "description": "The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.\n" + }, + "targetPipeline": { + "type": "string", + "description": "The name of the pipeline.\n" + }, + "url": { + "type": "string", + "description": "The CodePipeline webhook's URL. POST events to this endpoint to trigger the target.\n" + } + }, + "type": "object" + } + }, + "aws:codestarconnections/connection:Connection": { + "description": "Provides a CodeStar Connection.\n\n> **NOTE:** The `aws.codestarconnections.Connection` resource is created in the state `PENDING`. Authentication with the connection provider must be completed in the AWS Console.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleConnection = new aws.codestarconnections.Connection(\"exampleConnection\", {providerType: \"Bitbucket\"});\nconst examplePipeline = new aws.codepipeline.Pipeline(\"examplePipeline\", {\n roleArn: aws_iam_role.codepipeline_role.arn,\n artifactStore: {},\n stages: [\n {\n name: \"Source\",\n actions: [{\n name: \"Source\",\n category: \"Source\",\n owner: \"AWS\",\n provider: \"CodeStarSourceConnection\",\n version: \"1\",\n outputArtifacts: [\"source_output\"],\n configuration: {\n ConnectionArn: exampleConnection.arn,\n FullRepositoryId: \"my-organization/test\",\n BranchName: \"main\",\n },\n }],\n },\n {\n name: \"Build\",\n actions: [{}],\n },\n {\n name: \"Deploy\",\n actions: [{}],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_connection = aws.codestarconnections.Connection(\"exampleConnection\", provider_type=\"Bitbucket\")\nexample_pipeline = aws.codepipeline.Pipeline(\"examplePipeline\",\n role_arn=aws_iam_role[\"codepipeline_role\"][\"arn\"],\n artifact_store=aws.codepipeline.PipelineArtifactStoreArgs(),\n stages=[\n aws.codepipeline.PipelineStageArgs(\n name=\"Source\",\n actions=[aws.codepipeline.PipelineStageActionArgs(\n name=\"Source\",\n category=\"Source\",\n owner=\"AWS\",\n provider=\"CodeStarSourceConnection\",\n version=\"1\",\n output_artifacts=[\"source_output\"],\n configuration={\n \"ConnectionArn\": example_connection.arn,\n \"FullRepositoryId\": \"my-organization/test\",\n \"BranchName\": \"main\",\n },\n )],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Build\",\n actions=[aws.codepipeline.PipelineStageActionArgs()],\n ),\n aws.codepipeline.PipelineStageArgs(\n name=\"Deploy\",\n actions=[aws.codepipeline.PipelineStageActionArgs()],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleConnection = new Aws.CodeStarConnections.Connection(\"exampleConnection\", new Aws.CodeStarConnections.ConnectionArgs\n {\n ProviderType = \"Bitbucket\",\n });\n var examplePipeline = new Aws.CodePipeline.Pipeline(\"examplePipeline\", new Aws.CodePipeline.PipelineArgs\n {\n RoleArn = aws_iam_role.Codepipeline_role.Arn,\n ArtifactStore = ,\n Stages = \n {\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Source\",\n Actions = \n {\n new Aws.CodePipeline.Inputs.PipelineStageActionArgs\n {\n Name = \"Source\",\n Category = \"Source\",\n Owner = \"AWS\",\n Provider = \"CodeStarSourceConnection\",\n Version = \"1\",\n OutputArtifacts = \n {\n \"source_output\",\n },\n Configuration = \n {\n { \"ConnectionArn\", exampleConnection.Arn },\n { \"FullRepositoryId\", \"my-organization/test\" },\n { \"BranchName\", \"main\" },\n },\n },\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Build\",\n Actions = \n {\n ,\n },\n },\n new Aws.CodePipeline.Inputs.PipelineStageArgs\n {\n Name = \"Deploy\",\n Actions = \n {\n ,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codepipeline\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codestarconnections\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleConnection, err := codestarconnections.NewConnection(ctx, \"exampleConnection\", &codestarconnections.ConnectionArgs{\n\t\t\tProviderType: pulumi.String(\"Bitbucket\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codepipeline.NewPipeline(ctx, \"examplePipeline\", &codepipeline.PipelineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Codepipeline_role.Arn),\n\t\t\tArtifactStore: nil,\n\t\t\tStages: codepipeline.PipelineStageArray{\n\t\t\t\t&codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\t&codepipeline.PipelineStageActionArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tCategory: pulumi.String(\"Source\"),\n\t\t\t\t\t\t\tOwner: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t\tProvider: pulumi.String(\"CodeStarSourceConnection\"),\n\t\t\t\t\t\t\tVersion: pulumi.String(\"1\"),\n\t\t\t\t\t\t\tOutputArtifacts: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"source_output\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tConfiguration: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"ConnectionArn\": exampleConnection.Arn,\n\t\t\t\t\t\t\t\t\"FullRepositoryId\": pulumi.String(\"my-organization/test\"),\n\t\t\t\t\t\t\t\t\"BranchName\": pulumi.String(\"main\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Build\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\tnil,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&codepipeline.PipelineStageArgs{\n\t\t\t\t\tName: pulumi.String(\"Deploy\"),\n\t\t\t\t\tActions: codepipeline.PipelineStageActionArray{\n\t\t\t\t\t\tnil,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeStar connections can be imported using the ARN, e.g.\n\n```sh\n $ pulumi import aws:codestarconnections/connection:Connection test-connection arn:aws:codestar-connections:us-west-1:0123456789:connection/79d4d357-a2ee-41e4-b350-2fe39ae59448\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The codestar connection ARN.\n" + }, + "connectionStatus": { + "type": "string", + "description": "The codestar connection status. Possible values are `PENDING`, `AVAILABLE` and `ERROR`.\n" + }, + "hostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the host associated with the connection. Conflicts with `provider_type`\n" + }, + "name": { + "type": "string", + "description": "The name of the connection to be created. The name must be unique in the calling AWS account. Changing `name` will create a new resource.\n" + }, + "providerType": { + "type": "string", + "description": "The name of the external provider where your third-party code repository is configured. Valid values are `Bitbucket`, `GitHub` or `GitHubEnterpriseServer`. Changing `provider_type` will create a new resource. Conflicts with `host_arn`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "connectionStatus", + "name", + "providerType", + "tagsAll" + ], + "inputProperties": { + "hostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the host associated with the connection. Conflicts with `provider_type`\n" + }, + "name": { + "type": "string", + "description": "The name of the connection to be created. The name must be unique in the calling AWS account. Changing `name` will create a new resource.\n" + }, + "providerType": { + "type": "string", + "description": "The name of the external provider where your third-party code repository is configured. Valid values are `Bitbucket`, `GitHub` or `GitHubEnterpriseServer`. Changing `provider_type` will create a new resource. Conflicts with `host_arn`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Connection resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The codestar connection ARN.\n" + }, + "connectionStatus": { + "type": "string", + "description": "The codestar connection status. Possible values are `PENDING`, `AVAILABLE` and `ERROR`.\n" + }, + "hostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the host associated with the connection. Conflicts with `provider_type`\n" + }, + "name": { + "type": "string", + "description": "The name of the connection to be created. The name must be unique in the calling AWS account. Changing `name` will create a new resource.\n" + }, + "providerType": { + "type": "string", + "description": "The name of the external provider where your third-party code repository is configured. Valid values are `Bitbucket`, `GitHub` or `GitHubEnterpriseServer`. Changing `provider_type` will create a new resource. Conflicts with `host_arn`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:codestarconnections/host:Host": { + "description": "Provides a CodeStar Host.\n\n> **NOTE:** The `aws.codestarconnections.Host` resource is created in the state `PENDING`. Authentication with the host provider must be completed in the AWS Console. For more information visit [Set up a pending host](https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-host-setup.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.codestarconnections.Host(\"example\", {\n providerEndpoint: \"https://example.com\",\n providerType: \"GitHubEnterpriseServer\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codestarconnections.Host(\"example\",\n provider_endpoint=\"https://example.com\",\n provider_type=\"GitHubEnterpriseServer\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.CodeStarConnections.Host(\"example\", new Aws.CodeStarConnections.HostArgs\n {\n ProviderEndpoint = \"https://example.com\",\n ProviderType = \"GitHubEnterpriseServer\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codestarconnections\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codestarconnections.NewHost(ctx, \"example\", &codestarconnections.HostArgs{\n\t\t\tProviderEndpoint: pulumi.String(\"https://example.com\"),\n\t\t\tProviderType: pulumi.String(\"GitHubEnterpriseServer\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeStar Host can be imported using the ARN, e.g.\n\n```sh\n $ pulumi import aws:codestarconnections/host:Host example-host arn:aws:codestar-connections:us-west-1:0123456789:host/79d4d357-a2ee-41e4-b350-2fe39ae59448\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The CodeStar Host ARN.\n" + }, + "name": { + "type": "string", + "description": "The name of the host to be created. The name must be unique in the calling AWS account.\n" + }, + "providerEndpoint": { + "type": "string", + "description": "The endpoint of the infrastructure to be represented by the host after it is created.\n" + }, + "providerType": { + "type": "string", + "description": "The name of the external provider where your third-party code repository is configured.\n" + }, + "status": { + "type": "string", + "description": "The CodeStar Host status. Possible values are `PENDING`, `AVAILABLE`, `VPC_CONFIG_DELETING`, `VPC_CONFIG_INITIALIZING`, and `VPC_CONFIG_FAILED_INITIALIZATION`.\n" + }, + "vpcConfiguration": { + "$ref": "#/types/aws:codestarconnections/HostVpcConfiguration:HostVpcConfiguration", + "description": "The VPC configuration to be provisioned for the host. A VPC must be configured, and the infrastructure to be represented by the host must already be connected to the VPC.\n" + } + }, + "required": [ + "arn", + "name", + "providerEndpoint", + "providerType", + "status" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the host to be created. The name must be unique in the calling AWS account.\n" + }, + "providerEndpoint": { + "type": "string", + "description": "The endpoint of the infrastructure to be represented by the host after it is created.\n" + }, + "providerType": { + "type": "string", + "description": "The name of the external provider where your third-party code repository is configured.\n" + }, + "vpcConfiguration": { + "$ref": "#/types/aws:codestarconnections/HostVpcConfiguration:HostVpcConfiguration", + "description": "The VPC configuration to be provisioned for the host. A VPC must be configured, and the infrastructure to be represented by the host must already be connected to the VPC.\n" + } + }, + "requiredInputs": [ + "providerEndpoint", + "providerType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Host resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The CodeStar Host ARN.\n" + }, + "name": { + "type": "string", + "description": "The name of the host to be created. The name must be unique in the calling AWS account.\n" + }, + "providerEndpoint": { + "type": "string", + "description": "The endpoint of the infrastructure to be represented by the host after it is created.\n" + }, + "providerType": { + "type": "string", + "description": "The name of the external provider where your third-party code repository is configured.\n" + }, + "status": { + "type": "string", + "description": "The CodeStar Host status. Possible values are `PENDING`, `AVAILABLE`, `VPC_CONFIG_DELETING`, `VPC_CONFIG_INITIALIZING`, and `VPC_CONFIG_FAILED_INITIALIZATION`.\n" + }, + "vpcConfiguration": { + "$ref": "#/types/aws:codestarconnections/HostVpcConfiguration:HostVpcConfiguration", + "description": "The VPC configuration to be provisioned for the host. A VPC must be configured, and the infrastructure to be represented by the host must already be connected to the VPC.\n" + } + }, + "type": "object" + } + }, + "aws:codestarnotifications/notificationRule:NotificationRule": { + "description": "Provides a CodeStar Notifications Rule.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst code = new aws.codecommit.Repository(\"code\", {repositoryName: \"example-code-repo\"});\nconst notif = new aws.sns.Topic(\"notif\", {});\nconst notifAccess = notif.arn.apply(arn => aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sns:Publish\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"codestar-notifications.amazonaws.com\"],\n }],\n resources: [arn],\n }],\n}));\nconst _default = new aws.sns.TopicPolicy(\"default\", {\n arn: notif.arn,\n policy: notifAccess.apply(notifAccess => notifAccess.json),\n});\nconst commits = new aws.codestarnotifications.NotificationRule(\"commits\", {\n detailType: \"BASIC\",\n eventTypeIds: [\"codecommit-repository-comments-on-commits\"],\n resource: code.arn,\n targets: [{\n address: notif.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncode = aws.codecommit.Repository(\"code\", repository_name=\"example-code-repo\")\nnotif = aws.sns.Topic(\"notif\")\nnotif_access = notif.arn.apply(lambda arn: aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sns:Publish\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"codestar-notifications.amazonaws.com\"],\n )],\n resources=[arn],\n)]))\ndefault = aws.sns.TopicPolicy(\"default\",\n arn=notif.arn,\n policy=notif_access.json)\ncommits = aws.codestarnotifications.NotificationRule(\"commits\",\n detail_type=\"BASIC\",\n event_type_ids=[\"codecommit-repository-comments-on-commits\"],\n resource=code.arn,\n targets=[aws.codestarnotifications.NotificationRuleTargetArgs(\n address=notif.arn,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var code = new Aws.CodeCommit.Repository(\"code\", new Aws.CodeCommit.RepositoryArgs\n {\n RepositoryName = \"example-code-repo\",\n });\n var notif = new Aws.Sns.Topic(\"notif\", new Aws.Sns.TopicArgs\n {\n });\n var notifAccess = notif.Arn.Apply(arn => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sns:Publish\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"codestar-notifications.amazonaws.com\",\n },\n },\n },\n Resources = \n {\n arn,\n },\n },\n },\n }));\n var @default = new Aws.Sns.TopicPolicy(\"default\", new Aws.Sns.TopicPolicyArgs\n {\n Arn = notif.Arn,\n Policy = notifAccess.Apply(notifAccess => notifAccess.Json),\n });\n var commits = new Aws.CodeStarNotifications.NotificationRule(\"commits\", new Aws.CodeStarNotifications.NotificationRuleArgs\n {\n DetailType = \"BASIC\",\n EventTypeIds = \n {\n \"codecommit-repository-comments-on-commits\",\n },\n Resource = code.Arn,\n Targets = \n {\n new Aws.CodeStarNotifications.Inputs.NotificationRuleTargetArgs\n {\n Address = notif.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codecommit\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codestarnotifications\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcode, err := codecommit.NewRepository(ctx, \"code\", &codecommit.RepositoryArgs{\n\t\t\tRepositoryName: pulumi.String(\"example-code-repo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tnotif, err := sns.NewTopic(ctx, \"notif\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicPolicy(ctx, \"_default\", &sns.TopicPolicyArgs{\n\t\t\tArn: notif.Arn,\n\t\t\tPolicy: notifAccess.ApplyT(func(notifAccess iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn notifAccess.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = codestarnotifications.NewNotificationRule(ctx, \"commits\", &codestarnotifications.NotificationRuleArgs{\n\t\t\tDetailType: pulumi.String(\"BASIC\"),\n\t\t\tEventTypeIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"codecommit-repository-comments-on-commits\"),\n\t\t\t},\n\t\t\tResource: code.Arn,\n\t\t\tTargets: codestarnotifications.NotificationRuleTargetArray{\n\t\t\t\t&codestarnotifications.NotificationRuleTargetArgs{\n\t\t\t\t\tAddress: notif.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCodeStar notification rule can be imported using the ARN, e.g.\n\n```sh\n $ pulumi import aws:codestarnotifications/notificationRule:NotificationRule foo arn:aws:codestar-notifications:us-west-1:0123456789:notificationrule/2cdc68a3-8f7c-4893-b6a5-45b362bd4f2b\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The codestar notification rule ARN.\n" + }, + "detailType": { + "type": "string", + "description": "The level of detail to include in the notifications for this resource. Possible values are `BASIC` and `FULL`.\n" + }, + "eventTypeIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event types associated with this notification rule.\nFor list of allowed events see [here](https://docs.aws.amazon.com/codestar-notifications/latest/userguide/concepts.html#concepts-api).\n" + }, + "name": { + "type": "string", + "description": "The name of notification rule.\n" + }, + "resource": { + "type": "string", + "description": "The ARN of the resource to associate with the notification rule.\n" + }, + "status": { + "type": "string", + "description": "The status of the notification rule. Possible values are `ENABLED` and `DISABLED`, default is `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:codestarnotifications/NotificationRuleTarget:NotificationRuleTarget" + }, + "description": "Configuration blocks containing notification target information. Can be specified multiple times. At least one target must be specified on creation.\n" + } + }, + "required": [ + "arn", + "detailType", + "eventTypeIds", + "name", + "resource", + "tagsAll" + ], + "inputProperties": { + "detailType": { + "type": "string", + "description": "The level of detail to include in the notifications for this resource. Possible values are `BASIC` and `FULL`.\n" + }, + "eventTypeIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event types associated with this notification rule.\nFor list of allowed events see [here](https://docs.aws.amazon.com/codestar-notifications/latest/userguide/concepts.html#concepts-api).\n" + }, + "name": { + "type": "string", + "description": "The name of notification rule.\n" + }, + "resource": { + "type": "string", + "description": "The ARN of the resource to associate with the notification rule.\n" + }, + "status": { + "type": "string", + "description": "The status of the notification rule. Possible values are `ENABLED` and `DISABLED`, default is `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:codestarnotifications/NotificationRuleTarget:NotificationRuleTarget" + }, + "description": "Configuration blocks containing notification target information. Can be specified multiple times. At least one target must be specified on creation.\n" + } + }, + "requiredInputs": [ + "detailType", + "eventTypeIds", + "resource" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NotificationRule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The codestar notification rule ARN.\n" + }, + "detailType": { + "type": "string", + "description": "The level of detail to include in the notifications for this resource. Possible values are `BASIC` and `FULL`.\n" + }, + "eventTypeIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event types associated with this notification rule.\nFor list of allowed events see [here](https://docs.aws.amazon.com/codestar-notifications/latest/userguide/concepts.html#concepts-api).\n" + }, + "name": { + "type": "string", + "description": "The name of notification rule.\n" + }, + "resource": { + "type": "string", + "description": "The ARN of the resource to associate with the notification rule.\n" + }, + "status": { + "type": "string", + "description": "The status of the notification rule. Possible values are `ENABLED` and `DISABLED`, default is `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:codestarnotifications/NotificationRuleTarget:NotificationRuleTarget" + }, + "description": "Configuration blocks containing notification target information. Can be specified multiple times. At least one target must be specified on creation.\n" + } + }, + "type": "object" + } + }, + "aws:cognito/identityPool:IdentityPool": { + "description": "Provides an AWS Cognito Identity Pool.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst _default = new aws.iam.SamlProvider(\"default\", {samlMetadataDocument: fs.readFileSync(\"saml-metadata.xml\")});\nconst main = new aws.cognito.IdentityPool(\"main\", {\n identityPoolName: \"identity pool\",\n allowUnauthenticatedIdentities: false,\n allowClassicFlow: false,\n cognitoIdentityProviders: [\n {\n clientId: \"6lhlkkfbfb4q5kpp90urffae\",\n providerName: \"cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ\",\n serverSideTokenCheck: false,\n },\n {\n clientId: \"7kodkvfqfb4qfkp39eurffae\",\n providerName: \"cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu\",\n serverSideTokenCheck: false,\n },\n ],\n supportedLoginProviders: {\n \"graph.facebook.com\": \"7346241598935552\",\n \"accounts.google.com\": \"123456789012.apps.googleusercontent.com\",\n },\n samlProviderArns: [_default.arn],\n openidConnectProviderArns: [\"arn:aws:iam::123456789012:oidc-provider/id.example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.iam.SamlProvider(\"default\", saml_metadata_document=(lambda path: open(path).read())(\"saml-metadata.xml\"))\nmain = aws.cognito.IdentityPool(\"main\",\n identity_pool_name=\"identity pool\",\n allow_unauthenticated_identities=False,\n allow_classic_flow=False,\n cognito_identity_providers=[\n aws.cognito.IdentityPoolCognitoIdentityProviderArgs(\n client_id=\"6lhlkkfbfb4q5kpp90urffae\",\n provider_name=\"cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ\",\n server_side_token_check=False,\n ),\n aws.cognito.IdentityPoolCognitoIdentityProviderArgs(\n client_id=\"7kodkvfqfb4qfkp39eurffae\",\n provider_name=\"cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu\",\n server_side_token_check=False,\n ),\n ],\n supported_login_providers={\n \"graph.facebook.com\": \"7346241598935552\",\n \"accounts.google.com\": \"123456789012.apps.googleusercontent.com\",\n },\n saml_provider_arns=[default.arn],\n openid_connect_provider_arns=[\"arn:aws:iam::123456789012:oidc-provider/id.example.com\"])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Iam.SamlProvider(\"default\", new Aws.Iam.SamlProviderArgs\n {\n SamlMetadataDocument = File.ReadAllText(\"saml-metadata.xml\"),\n });\n var main = new Aws.Cognito.IdentityPool(\"main\", new Aws.Cognito.IdentityPoolArgs\n {\n IdentityPoolName = \"identity pool\",\n AllowUnauthenticatedIdentities = false,\n AllowClassicFlow = false,\n CognitoIdentityProviders = \n {\n new Aws.Cognito.Inputs.IdentityPoolCognitoIdentityProviderArgs\n {\n ClientId = \"6lhlkkfbfb4q5kpp90urffae\",\n ProviderName = \"cognito-idp.us-east-1.amazonaws.com/us-east-1_Tv0493apJ\",\n ServerSideTokenCheck = false,\n },\n new Aws.Cognito.Inputs.IdentityPoolCognitoIdentityProviderArgs\n {\n ClientId = \"7kodkvfqfb4qfkp39eurffae\",\n ProviderName = \"cognito-idp.us-east-1.amazonaws.com/eu-west-1_Zr231apJu\",\n ServerSideTokenCheck = false,\n },\n },\n SupportedLoginProviders = \n {\n { \"graph.facebook.com\", \"7346241598935552\" },\n { \"accounts.google.com\", \"123456789012.apps.googleusercontent.com\" },\n },\n SamlProviderArns = \n {\n @default.Arn,\n },\n OpenidConnectProviderArns = \n {\n \"arn:aws:iam::123456789012:oidc-provider/id.example.com\",\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCognito Identity Pool can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:cognito/identityPool:IdentityPool mypool \n```\n\n ", + "properties": { + "allowClassicFlow": { + "type": "boolean", + "description": "Enables or disables the classic / basic authentication flow. Default is `false`.\n" + }, + "allowUnauthenticatedIdentities": { + "type": "boolean", + "description": "Whether the identity pool supports unauthenticated logins or not.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the identity pool.\n" + }, + "cognitoIdentityProviders": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/IdentityPoolCognitoIdentityProvider:IdentityPoolCognitoIdentityProvider" + }, + "description": "An array of Amazon Cognito Identity user pools and their client IDs.\n" + }, + "developerProviderName": { + "type": "string", + "description": "The \"domain\" by which Cognito will refer to your users. This name acts as a placeholder that allows your\nbackend and the Cognito service to communicate about the developer provider.\n" + }, + "identityPoolName": { + "type": "string", + "description": "The Cognito Identity Pool name.\n" + }, + "openidConnectProviderArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of OpendID Connect provider ARNs.\n" + }, + "samlProviderArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.\n" + }, + "supportedLoginProviders": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-Value pairs mapping provider names to provider app IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the Identity Pool. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "identityPoolName", + "tagsAll" + ], + "inputProperties": { + "allowClassicFlow": { + "type": "boolean", + "description": "Enables or disables the classic / basic authentication flow. Default is `false`.\n" + }, + "allowUnauthenticatedIdentities": { + "type": "boolean", + "description": "Whether the identity pool supports unauthenticated logins or not.\n" + }, + "cognitoIdentityProviders": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/IdentityPoolCognitoIdentityProvider:IdentityPoolCognitoIdentityProvider" + }, + "description": "An array of Amazon Cognito Identity user pools and their client IDs.\n" + }, + "developerProviderName": { + "type": "string", + "description": "The \"domain\" by which Cognito will refer to your users. This name acts as a placeholder that allows your\nbackend and the Cognito service to communicate about the developer provider.\n" + }, + "identityPoolName": { + "type": "string", + "description": "The Cognito Identity Pool name.\n" + }, + "openidConnectProviderArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of OpendID Connect provider ARNs.\n" + }, + "samlProviderArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.\n" + }, + "supportedLoginProviders": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-Value pairs mapping provider names to provider app IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the Identity Pool. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "identityPoolName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IdentityPool resources.\n", + "properties": { + "allowClassicFlow": { + "type": "boolean", + "description": "Enables or disables the classic / basic authentication flow. Default is `false`.\n" + }, + "allowUnauthenticatedIdentities": { + "type": "boolean", + "description": "Whether the identity pool supports unauthenticated logins or not.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the identity pool.\n" + }, + "cognitoIdentityProviders": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/IdentityPoolCognitoIdentityProvider:IdentityPoolCognitoIdentityProvider" + }, + "description": "An array of Amazon Cognito Identity user pools and their client IDs.\n" + }, + "developerProviderName": { + "type": "string", + "description": "The \"domain\" by which Cognito will refer to your users. This name acts as a placeholder that allows your\nbackend and the Cognito service to communicate about the developer provider.\n" + }, + "identityPoolName": { + "type": "string", + "description": "The Cognito Identity Pool name.\n" + }, + "openidConnectProviderArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of OpendID Connect provider ARNs.\n" + }, + "samlProviderArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of Amazon Resource Names (ARNs) of the SAML provider for your identity.\n" + }, + "supportedLoginProviders": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-Value pairs mapping provider names to provider app IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the Identity Pool. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:cognito/identityPoolRoleAttachment:IdentityPoolRoleAttachment": { + "description": "Provides an AWS Cognito Identity Pool Roles Attachment.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainIdentityPool = new aws.cognito.IdentityPool(\"mainIdentityPool\", {\n identityPoolName: \"identity pool\",\n allowUnauthenticatedIdentities: false,\n supportedLoginProviders: {\n \"graph.facebook.com\": \"7346241598935555\",\n },\n});\nconst authenticatedRole = new aws.iam.Role(\"authenticatedRole\", {assumeRolePolicy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Federated\": \"cognito-identity.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Condition\": {\n \"StringEquals\": {\n \"cognito-identity.amazonaws.com:aud\": \"${mainIdentityPool.id}\"\n },\n \"ForAnyValue:StringLike\": {\n \"cognito-identity.amazonaws.com:amr\": \"authenticated\"\n }\n }\n }\n ]\n}\n`});\nconst authenticatedRolePolicy = new aws.iam.RolePolicy(\"authenticatedRolePolicy\", {\n role: authenticatedRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"mobileanalytics:PutEvents\",\n \"cognito-sync:*\",\n \"cognito-identity:*\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n`,\n});\nconst mainIdentityPoolRoleAttachment = new aws.cognito.IdentityPoolRoleAttachment(\"mainIdentityPoolRoleAttachment\", {\n identityPoolId: mainIdentityPool.id,\n roleMappings: [{\n identityProvider: \"graph.facebook.com\",\n ambiguousRoleResolution: \"AuthenticatedRole\",\n type: \"Rules\",\n mappingRules: [{\n claim: \"isAdmin\",\n matchType: \"Equals\",\n roleArn: authenticatedRole.arn,\n value: \"paid\",\n }],\n }],\n roles: {\n authenticated: authenticatedRole.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain_identity_pool = aws.cognito.IdentityPool(\"mainIdentityPool\",\n identity_pool_name=\"identity pool\",\n allow_unauthenticated_identities=False,\n supported_login_providers={\n \"graph.facebook.com\": \"7346241598935555\",\n })\nauthenticated_role = aws.iam.Role(\"authenticatedRole\", assume_role_policy=main_identity_pool.id.apply(lambda id: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Principal\": {{\n \"Federated\": \"cognito-identity.amazonaws.com\"\n }},\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Condition\": {{\n \"StringEquals\": {{\n \"cognito-identity.amazonaws.com:aud\": \"{id}\"\n }},\n \"ForAnyValue:StringLike\": {{\n \"cognito-identity.amazonaws.com:amr\": \"authenticated\"\n }}\n }}\n }}\n ]\n}}\n\"\"\"))\nauthenticated_role_policy = aws.iam.RolePolicy(\"authenticatedRolePolicy\",\n role=authenticated_role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"mobileanalytics:PutEvents\",\n \"cognito-sync:*\",\n \"cognito-identity:*\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n\"\"\")\nmain_identity_pool_role_attachment = aws.cognito.IdentityPoolRoleAttachment(\"mainIdentityPoolRoleAttachment\",\n identity_pool_id=main_identity_pool.id,\n role_mappings=[aws.cognito.IdentityPoolRoleAttachmentRoleMappingArgs(\n identity_provider=\"graph.facebook.com\",\n ambiguous_role_resolution=\"AuthenticatedRole\",\n type=\"Rules\",\n mapping_rules=[aws.cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs(\n claim=\"isAdmin\",\n match_type=\"Equals\",\n role_arn=authenticated_role.arn,\n value=\"paid\",\n )],\n )],\n roles={\n \"authenticated\": authenticated_role.arn,\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mainIdentityPool = new Aws.Cognito.IdentityPool(\"mainIdentityPool\", new Aws.Cognito.IdentityPoolArgs\n {\n IdentityPoolName = \"identity pool\",\n AllowUnauthenticatedIdentities = false,\n SupportedLoginProviders = \n {\n { \"graph.facebook.com\", \"7346241598935555\" },\n },\n });\n var authenticatedRole = new Aws.Iam.Role(\"authenticatedRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = mainIdentityPool.Id.Apply(id => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n \"\"Federated\"\": \"\"cognito-identity.amazonaws.com\"\"\n }},\n \"\"Action\"\": \"\"sts:AssumeRoleWithWebIdentity\"\",\n \"\"Condition\"\": {{\n \"\"StringEquals\"\": {{\n \"\"cognito-identity.amazonaws.com:aud\"\": \"\"{id}\"\"\n }},\n \"\"ForAnyValue:StringLike\"\": {{\n \"\"cognito-identity.amazonaws.com:amr\"\": \"\"authenticated\"\"\n }}\n }}\n }}\n ]\n}}\n\"),\n });\n var authenticatedRolePolicy = new Aws.Iam.RolePolicy(\"authenticatedRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = authenticatedRole.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"mobileanalytics:PutEvents\"\",\n \"\"cognito-sync:*\"\",\n \"\"cognito-identity:*\"\"\n ],\n \"\"Resource\"\": [\n \"\"*\"\"\n ]\n }\n ]\n}\n\",\n });\n var mainIdentityPoolRoleAttachment = new Aws.Cognito.IdentityPoolRoleAttachment(\"mainIdentityPoolRoleAttachment\", new Aws.Cognito.IdentityPoolRoleAttachmentArgs\n {\n IdentityPoolId = mainIdentityPool.Id,\n RoleMappings = \n {\n new Aws.Cognito.Inputs.IdentityPoolRoleAttachmentRoleMappingArgs\n {\n IdentityProvider = \"graph.facebook.com\",\n AmbiguousRoleResolution = \"AuthenticatedRole\",\n Type = \"Rules\",\n MappingRules = \n {\n new Aws.Cognito.Inputs.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs\n {\n Claim = \"isAdmin\",\n MatchType = \"Equals\",\n RoleArn = authenticatedRole.Arn,\n Value = \"paid\",\n },\n },\n },\n },\n Roles = \n {\n { \"authenticated\", authenticatedRole.Arn },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainIdentityPool, err := cognito.NewIdentityPool(ctx, \"mainIdentityPool\", &cognito.IdentityPoolArgs{\n\t\t\tIdentityPoolName: pulumi.String(\"identity pool\"),\n\t\t\tAllowUnauthenticatedIdentities: pulumi.Bool(false),\n\t\t\tSupportedLoginProviders: pulumi.StringMap{\n\t\t\t\t\"graph.facebook.com\": pulumi.String(\"7346241598935555\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tauthenticatedRole, err := iam.NewRole(ctx, \"authenticatedRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: mainIdentityPool.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Federated\\\": \\\"cognito-identity.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRoleWithWebIdentity\\\",\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"StringEquals\\\": {\\n\", \" \\\"cognito-identity.amazonaws.com:aud\\\": \\\"\", id, \"\\\"\\n\", \" },\\n\", \" \\\"ForAnyValue:StringLike\\\": {\\n\", \" \\\"cognito-identity.amazonaws.com:amr\\\": \\\"authenticated\\\"\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"authenticatedRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: authenticatedRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"mobileanalytics:PutEvents\\\",\\n\", \" \\\"cognito-sync:*\\\",\\n\", \" \\\"cognito-identity:*\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"*\\\"\\n\", \" ]\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewIdentityPoolRoleAttachment(ctx, \"mainIdentityPoolRoleAttachment\", &cognito.IdentityPoolRoleAttachmentArgs{\n\t\t\tIdentityPoolId: mainIdentityPool.ID(),\n\t\t\tRoleMappings: cognito.IdentityPoolRoleAttachmentRoleMappingArray{\n\t\t\t\t&cognito.IdentityPoolRoleAttachmentRoleMappingArgs{\n\t\t\t\t\tIdentityProvider: pulumi.String(\"graph.facebook.com\"),\n\t\t\t\t\tAmbiguousRoleResolution: pulumi.String(\"AuthenticatedRole\"),\n\t\t\t\t\tType: pulumi.String(\"Rules\"),\n\t\t\t\t\tMappingRules: cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArray{\n\t\t\t\t\t\t&cognito.IdentityPoolRoleAttachmentRoleMappingMappingRuleArgs{\n\t\t\t\t\t\t\tClaim: pulumi.String(\"isAdmin\"),\n\t\t\t\t\t\t\tMatchType: pulumi.String(\"Equals\"),\n\t\t\t\t\t\t\tRoleArn: authenticatedRole.Arn,\n\t\t\t\t\t\t\tValue: pulumi.String(\"paid\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRoles: pulumi.StringMap{\n\t\t\t\t\"authenticated\": authenticatedRole.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCognito Identity Pool Roles Attachment can be imported using the Identity Pool id, e.g.\n\n```sh\n $ pulumi import aws:cognito/identityPoolRoleAttachment:IdentityPoolRoleAttachment example \n```\n\n ", + "properties": { + "identityPoolId": { + "type": "string", + "description": "An identity pool ID in the format REGION:GUID.\n" + }, + "roleMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/IdentityPoolRoleAttachmentRoleMapping:IdentityPoolRoleAttachmentRoleMapping" + }, + "description": "A List of Role Mapping.\n" + }, + "roles": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of roles associated with this pool. For a given role, the key will be either \"authenticated\" or \"unauthenticated\" and the value will be the Role ARN.\n" + } + }, + "required": [ + "identityPoolId", + "roles" + ], + "inputProperties": { + "identityPoolId": { + "type": "string", + "description": "An identity pool ID in the format REGION:GUID.\n" + }, + "roleMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/IdentityPoolRoleAttachmentRoleMapping:IdentityPoolRoleAttachmentRoleMapping" + }, + "description": "A List of Role Mapping.\n" + }, + "roles": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of roles associated with this pool. For a given role, the key will be either \"authenticated\" or \"unauthenticated\" and the value will be the Role ARN.\n" + } + }, + "requiredInputs": [ + "identityPoolId", + "roles" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IdentityPoolRoleAttachment resources.\n", + "properties": { + "identityPoolId": { + "type": "string", + "description": "An identity pool ID in the format REGION:GUID.\n" + }, + "roleMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/IdentityPoolRoleAttachmentRoleMapping:IdentityPoolRoleAttachmentRoleMapping" + }, + "description": "A List of Role Mapping.\n" + }, + "roles": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of roles associated with this pool. For a given role, the key will be either \"authenticated\" or \"unauthenticated\" and the value will be the Role ARN.\n" + } + }, + "type": "object" + } + }, + "aws:cognito/identityProvider:IdentityProvider": { + "description": "Provides a Cognito User Identity Provider resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cognito.UserPool(\"example\", {autoVerifiedAttributes: [\"email\"]});\nconst exampleProvider = new aws.cognito.IdentityProvider(\"exampleProvider\", {\n userPoolId: example.id,\n providerName: \"Google\",\n providerType: \"Google\",\n providerDetails: {\n authorize_scopes: \"email\",\n client_id: \"your client_id\",\n client_secret: \"your client_secret\",\n },\n attributeMapping: {\n email: \"email\",\n username: \"sub\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cognito.UserPool(\"example\", auto_verified_attributes=[\"email\"])\nexample_provider = aws.cognito.IdentityProvider(\"exampleProvider\",\n user_pool_id=example.id,\n provider_name=\"Google\",\n provider_type=\"Google\",\n provider_details={\n \"authorize_scopes\": \"email\",\n \"client_id\": \"your client_id\",\n \"client_secret\": \"your client_secret\",\n },\n attribute_mapping={\n \"email\": \"email\",\n \"username\": \"sub\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Cognito.UserPool(\"example\", new Aws.Cognito.UserPoolArgs\n {\n AutoVerifiedAttributes = \n {\n \"email\",\n },\n });\n var exampleProvider = new Aws.Cognito.IdentityProvider(\"exampleProvider\", new Aws.Cognito.IdentityProviderArgs\n {\n UserPoolId = example.Id,\n ProviderName = \"Google\",\n ProviderType = \"Google\",\n ProviderDetails = \n {\n { \"authorize_scopes\", \"email\" },\n { \"client_id\", \"your client_id\" },\n { \"client_secret\", \"your client_secret\" },\n },\n AttributeMapping = \n {\n { \"email\", \"email\" },\n { \"username\", \"sub\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cognito.NewUserPool(ctx, \"example\", &cognito.UserPoolArgs{\n\t\t\tAutoVerifiedAttributes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"email\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewIdentityProvider(ctx, \"exampleProvider\", &cognito.IdentityProviderArgs{\n\t\t\tUserPoolId: example.ID(),\n\t\t\tProviderName: pulumi.String(\"Google\"),\n\t\t\tProviderType: pulumi.String(\"Google\"),\n\t\t\tProviderDetails: pulumi.StringMap{\n\t\t\t\t\"authorize_scopes\": pulumi.String(\"email\"),\n\t\t\t\t\"client_id\": pulumi.String(\"your client_id\"),\n\t\t\t\t\"client_secret\": pulumi.String(\"your client_secret\"),\n\t\t\t},\n\t\t\tAttributeMapping: pulumi.StringMap{\n\t\t\t\t\"email\": pulumi.String(\"email\"),\n\t\t\t\t\"username\": pulumi.String(\"sub\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_cognito_identity_provider` resources can be imported using their User Pool ID and Provider Name, e.g.\n\n```sh\n $ pulumi import aws:cognito/identityProvider:IdentityProvider example xxx_yyyyy:example\n```\n\n ", + "properties": { + "attributeMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of attribute mapping of user pool attributes. [AttributeMapping in AWS API documentation](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html#CognitoUserPools-CreateIdentityProvider-request-AttributeMapping)\n" + }, + "idpIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of identity providers.\n" + }, + "providerDetails": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of identity details, such as access token\n" + }, + "providerName": { + "type": "string", + "description": "The provider name\n" + }, + "providerType": { + "type": "string", + "description": "The provider type. [See AWS API for valid values](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html#CognitoUserPools-CreateIdentityProvider-request-ProviderType)\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool id\n" + } + }, + "required": [ + "attributeMapping", + "providerDetails", + "providerName", + "providerType", + "userPoolId" + ], + "inputProperties": { + "attributeMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of attribute mapping of user pool attributes. [AttributeMapping in AWS API documentation](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html#CognitoUserPools-CreateIdentityProvider-request-AttributeMapping)\n" + }, + "idpIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of identity providers.\n" + }, + "providerDetails": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of identity details, such as access token\n" + }, + "providerName": { + "type": "string", + "description": "The provider name\n" + }, + "providerType": { + "type": "string", + "description": "The provider type. [See AWS API for valid values](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html#CognitoUserPools-CreateIdentityProvider-request-ProviderType)\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool id\n" + } + }, + "requiredInputs": [ + "providerDetails", + "providerName", + "providerType", + "userPoolId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IdentityProvider resources.\n", + "properties": { + "attributeMapping": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of attribute mapping of user pool attributes. [AttributeMapping in AWS API documentation](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html#CognitoUserPools-CreateIdentityProvider-request-AttributeMapping)\n" + }, + "idpIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of identity providers.\n" + }, + "providerDetails": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of identity details, such as access token\n" + }, + "providerName": { + "type": "string", + "description": "The provider name\n" + }, + "providerType": { + "type": "string", + "description": "The provider type. [See AWS API for valid values](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateIdentityProvider.html#CognitoUserPools-CreateIdentityProvider-request-ProviderType)\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool id\n" + } + }, + "type": "object" + } + }, + "aws:cognito/resourceServer:ResourceServer": { + "description": "Provides a Cognito Resource Server.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Create a basic resource server\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {});\nconst resource = new aws.cognito.ResourceServer(\"resource\", {\n identifier: \"https://example.com\",\n userPoolId: pool.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\")\nresource = aws.cognito.ResourceServer(\"resource\",\n identifier=\"https://example.com\",\n user_pool_id=pool.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n var resource = new Aws.Cognito.ResourceServer(\"resource\", new Aws.Cognito.ResourceServerArgs\n {\n Identifier = \"https://example.com\",\n UserPoolId = pool.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewResourceServer(ctx, \"resource\", &cognito.ResourceServerArgs{\n\t\t\tIdentifier: pulumi.String(\"https://example.com\"),\n\t\t\tUserPoolId: pool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Create a resource server with sample-scope\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {});\nconst resource = new aws.cognito.ResourceServer(\"resource\", {\n identifier: \"https://example.com\",\n scopes: [{\n scopeName: \"sample-scope\",\n scopeDescription: \"a Sample Scope Description\",\n }],\n userPoolId: pool.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\")\nresource = aws.cognito.ResourceServer(\"resource\",\n identifier=\"https://example.com\",\n scopes=[aws.cognito.ResourceServerScopeArgs(\n scope_name=\"sample-scope\",\n scope_description=\"a Sample Scope Description\",\n )],\n user_pool_id=pool.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n var resource = new Aws.Cognito.ResourceServer(\"resource\", new Aws.Cognito.ResourceServerArgs\n {\n Identifier = \"https://example.com\",\n Scopes = \n {\n new Aws.Cognito.Inputs.ResourceServerScopeArgs\n {\n ScopeName = \"sample-scope\",\n ScopeDescription = \"a Sample Scope Description\",\n },\n },\n UserPoolId = pool.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewResourceServer(ctx, \"resource\", &cognito.ResourceServerArgs{\n\t\t\tIdentifier: pulumi.String(\"https://example.com\"),\n\t\t\tScopes: cognito.ResourceServerScopeArray{\n\t\t\t\t&cognito.ResourceServerScopeArgs{\n\t\t\t\t\tScopeName: pulumi.String(\"sample-scope\"),\n\t\t\t\t\tScopeDescription: pulumi.String(\"a Sample Scope Description\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tUserPoolId: pool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_cognito_resource_server` can be imported using their User Pool ID and Identifier, e.g.\n\n```sh\n $ pulumi import aws:cognito/resourceServer:ResourceServer example xxx_yyyyy|https://example.com\n```\n\n ", + "properties": { + "identifier": { + "type": "string", + "description": "An identifier for the resource server.\n" + }, + "name": { + "type": "string", + "description": "A name for the resource server.\n" + }, + "scopeIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of all scopes configured for this resource server in the format identifier/scope_name.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/ResourceServerScope:ResourceServerScope" + }, + "description": "A list of Authorization Scope.\n" + }, + "userPoolId": { + "type": "string" + } + }, + "required": [ + "identifier", + "name", + "scopeIdentifiers", + "userPoolId" + ], + "inputProperties": { + "identifier": { + "type": "string", + "description": "An identifier for the resource server.\n" + }, + "name": { + "type": "string", + "description": "A name for the resource server.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/ResourceServerScope:ResourceServerScope" + }, + "description": "A list of Authorization Scope.\n" + }, + "userPoolId": { + "type": "string" + } + }, + "requiredInputs": [ + "identifier", + "userPoolId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResourceServer resources.\n", + "properties": { + "identifier": { + "type": "string", + "description": "An identifier for the resource server.\n" + }, + "name": { + "type": "string", + "description": "A name for the resource server.\n" + }, + "scopeIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of all scopes configured for this resource server in the format identifier/scope_name.\n" + }, + "scopes": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/ResourceServerScope:ResourceServerScope" + }, + "description": "A list of Authorization Scope.\n" + }, + "userPoolId": { + "type": "string" + } + }, + "type": "object" + } + }, + "aws:cognito/userGroup:UserGroup": { + "description": "Provides a Cognito User Group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainUserPool = new aws.cognito.UserPool(\"mainUserPool\", {});\nconst groupRole = new aws.iam.Role(\"groupRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Federated\": \"cognito-identity.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Condition\": {\n \"StringEquals\": {\n \"cognito-identity.amazonaws.com:aud\": \"us-east-1:12345678-dead-beef-cafe-123456790ab\"\n },\n \"ForAnyValue:StringLike\": {\n \"cognito-identity.amazonaws.com:amr\": \"authenticated\"\n }\n }\n }\n ]\n}\n`});\nconst mainUserGroup = new aws.cognito.UserGroup(\"mainUserGroup\", {\n userPoolId: mainUserPool.id,\n description: \"Managed by Pulumi\",\n precedence: 42,\n roleArn: groupRole.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain_user_pool = aws.cognito.UserPool(\"mainUserPool\")\ngroup_role = aws.iam.Role(\"groupRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Federated\": \"cognito-identity.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRoleWithWebIdentity\",\n \"Condition\": {\n \"StringEquals\": {\n \"cognito-identity.amazonaws.com:aud\": \"us-east-1:12345678-dead-beef-cafe-123456790ab\"\n },\n \"ForAnyValue:StringLike\": {\n \"cognito-identity.amazonaws.com:amr\": \"authenticated\"\n }\n }\n }\n ]\n}\n\"\"\")\nmain_user_group = aws.cognito.UserGroup(\"mainUserGroup\",\n user_pool_id=main_user_pool.id,\n description=\"Managed by Pulumi\",\n precedence=42,\n role_arn=group_role.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mainUserPool = new Aws.Cognito.UserPool(\"mainUserPool\", new Aws.Cognito.UserPoolArgs\n {\n });\n var groupRole = new Aws.Iam.Role(\"groupRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Federated\"\": \"\"cognito-identity.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRoleWithWebIdentity\"\",\n \"\"Condition\"\": {\n \"\"StringEquals\"\": {\n \"\"cognito-identity.amazonaws.com:aud\"\": \"\"us-east-1:12345678-dead-beef-cafe-123456790ab\"\"\n },\n \"\"ForAnyValue:StringLike\"\": {\n \"\"cognito-identity.amazonaws.com:amr\"\": \"\"authenticated\"\"\n }\n }\n }\n ]\n}\n\",\n });\n var mainUserGroup = new Aws.Cognito.UserGroup(\"mainUserGroup\", new Aws.Cognito.UserGroupArgs\n {\n UserPoolId = mainUserPool.Id,\n Description = \"Managed by Pulumi\",\n Precedence = 42,\n RoleArn = groupRole.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainUserPool, err := cognito.NewUserPool(ctx, \"mainUserPool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupRole, err := iam.NewRole(ctx, \"groupRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Federated\\\": \\\"cognito-identity.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRoleWithWebIdentity\\\",\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"StringEquals\\\": {\\n\", \" \\\"cognito-identity.amazonaws.com:aud\\\": \\\"us-east-1:12345678-dead-beef-cafe-123456790ab\\\"\\n\", \" },\\n\", \" \\\"ForAnyValue:StringLike\\\": {\\n\", \" \\\"cognito-identity.amazonaws.com:amr\\\": \\\"authenticated\\\"\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserGroup(ctx, \"mainUserGroup\", &cognito.UserGroupArgs{\n\t\t\tUserPoolId: mainUserPool.ID(),\n\t\t\tDescription: pulumi.String(\"Managed by Pulumi\"),\n\t\t\tPrecedence: pulumi.Int(42),\n\t\t\tRoleArn: groupRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCognito User Groups can be imported using the `user_pool_id`/`name` attributes concatenated, e.g.\n\n```sh\n $ pulumi import aws:cognito/userGroup:UserGroup group us-east-1_vG78M4goG/user-group\n```\n\n ", + "properties": { + "description": { + "type": "string", + "description": "The description of the user group.\n" + }, + "name": { + "type": "string", + "description": "The name of the user group.\n" + }, + "precedence": { + "type": "integer", + "description": "The precedence of the user group.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role to be associated with the user group.\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID.\n" + } + }, + "required": [ + "name", + "userPoolId" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the user group.\n" + }, + "name": { + "type": "string", + "description": "The name of the user group.\n" + }, + "precedence": { + "type": "integer", + "description": "The precedence of the user group.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role to be associated with the user group.\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID.\n" + } + }, + "requiredInputs": [ + "userPoolId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserGroup resources.\n", + "properties": { + "description": { + "type": "string", + "description": "The description of the user group.\n" + }, + "name": { + "type": "string", + "description": "The name of the user group.\n" + }, + "precedence": { + "type": "integer", + "description": "The precedence of the user group.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role to be associated with the user group.\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID.\n" + } + }, + "type": "object" + } + }, + "aws:cognito/userPool:UserPool": { + "description": "Provides a Cognito User Pool resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Enabling SMS and Software Token Multi-Factor Authentication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.cognito.UserPool(\"example\", {\n mfaConfiguration: \"ON\",\n smsAuthenticationMessage: \"Your code is {####}\",\n smsConfiguration: {\n externalId: \"example\",\n snsCallerArn: aws_iam_role.example.arn,\n },\n softwareTokenMfaConfiguration: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.cognito.UserPool(\"example\",\n mfa_configuration=\"ON\",\n sms_authentication_message=\"Your code is {####}\",\n sms_configuration=aws.cognito.UserPoolSmsConfigurationArgs(\n external_id=\"example\",\n sns_caller_arn=aws_iam_role[\"example\"][\"arn\"],\n ),\n software_token_mfa_configuration=aws.cognito.UserPoolSoftwareTokenMfaConfigurationArgs(\n enabled=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configuration ...\n var example = new Aws.Cognito.UserPool(\"example\", new Aws.Cognito.UserPoolArgs\n {\n MfaConfiguration = \"ON\",\n SmsAuthenticationMessage = \"Your code is {####}\",\n SmsConfiguration = new Aws.Cognito.Inputs.UserPoolSmsConfigurationArgs\n {\n ExternalId = \"example\",\n SnsCallerArn = aws_iam_role.Example.Arn,\n },\n SoftwareTokenMfaConfiguration = new Aws.Cognito.Inputs.UserPoolSoftwareTokenMfaConfigurationArgs\n {\n Enabled = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cognito.NewUserPool(ctx, \"example\", &cognito.UserPoolArgs{\n\t\t\tMfaConfiguration: pulumi.String(\"ON\"),\n\t\t\tSmsAuthenticationMessage: pulumi.String(\"Your code is {####}\"),\n\t\t\tSmsConfiguration: &cognito.UserPoolSmsConfigurationArgs{\n\t\t\t\tExternalId: pulumi.String(\"example\"),\n\t\t\t\tSnsCallerArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t},\n\t\t\tSoftwareTokenMfaConfiguration: &cognito.UserPoolSoftwareTokenMfaConfigurationArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using Account Recovery Setting\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.cognito.UserPool(\"test\", {\n accountRecoverySetting: {\n recoveryMechanisms: [\n {\n name: \"verified_email\",\n priority: 1,\n },\n {\n name: \"verified_phone_number\",\n priority: 2,\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cognito.UserPool(\"test\", account_recovery_setting=aws.cognito.UserPoolAccountRecoverySettingArgs(\n recovery_mechanisms=[\n aws.cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs(\n name=\"verified_email\",\n priority=1,\n ),\n aws.cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs(\n name=\"verified_phone_number\",\n priority=2,\n ),\n ],\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Cognito.UserPool(\"test\", new Aws.Cognito.UserPoolArgs\n {\n AccountRecoverySetting = new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingArgs\n {\n RecoveryMechanisms = \n {\n new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs\n {\n Name = \"verified_email\",\n Priority = 1,\n },\n new Aws.Cognito.Inputs.UserPoolAccountRecoverySettingRecoveryMechanismArgs\n {\n Name = \"verified_phone_number\",\n Priority = 2,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cognito.NewUserPool(ctx, \"test\", &cognito.UserPoolArgs{\n\t\t\tAccountRecoverySetting: &cognito.UserPoolAccountRecoverySettingArgs{\n\t\t\t\tRecoveryMechanisms: cognito.UserPoolAccountRecoverySettingRecoveryMechanismArray{\n\t\t\t\t\t&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{\n\t\t\t\t\t\tName: pulumi.String(\"verified_email\"),\n\t\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t&cognito.UserPoolAccountRecoverySettingRecoveryMechanismArgs{\n\t\t\t\t\t\tName: pulumi.String(\"verified_phone_number\"),\n\t\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCognito User Pools can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:cognito/userPool:UserPool pool \n```\n\n ", + "properties": { + "accountRecoverySetting": { + "$ref": "#/types/aws:cognito/UserPoolAccountRecoverySetting:UserPoolAccountRecoverySetting", + "description": "Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.\n" + }, + "adminCreateUserConfig": { + "$ref": "#/types/aws:cognito/UserPoolAdminCreateUserConfig:UserPoolAdminCreateUserConfig", + "description": "Configuration block for creating a new user profile. Detailed below.\n" + }, + "aliasAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Attributes supported as an alias for this user pool. Valid values: `phone_number`, `email`, or `preferred_username`. Conflicts with `username_attributes`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the user pool.\n" + }, + "autoVerifiedAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Attributes to be auto-verified. Valid values: `email`, `phone_number`.\n" + }, + "creationDate": { + "type": "string", + "description": "Date the user pool was created.\n" + }, + "customDomain": { + "type": "string", + "description": "A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: `auth.example.com`.\n" + }, + "deviceConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolDeviceConfiguration:UserPoolDeviceConfiguration", + "description": "Configuration block for the user pool's device tracking. Detailed below.\n" + }, + "domain": { + "type": "string", + "description": "Holds the domain prefix if the user pool has a domain associated with it.\n" + }, + "emailConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolEmailConfiguration:UserPoolEmailConfiguration", + "description": "Configuration block for configuring email. Detailed below.\n" + }, + "emailVerificationMessage": { + "type": "string", + "description": "String representing the email verification message. Conflicts with `verification_message_template` configuration block `email_message` argument.\n" + }, + "emailVerificationSubject": { + "type": "string", + "description": "String representing the email verification subject. Conflicts with `verification_message_template` configuration block `email_subject` argument.\n" + }, + "endpoint": { + "type": "string", + "description": "Endpoint name of the user pool. Example format: `cognito-idp.REGION.amazonaws.com/xxxx_yyyyy`\n" + }, + "estimatedNumberOfUsers": { + "type": "integer", + "description": "A number estimating the size of the user pool.\n" + }, + "lambdaConfig": { + "$ref": "#/types/aws:cognito/UserPoolLambdaConfig:UserPoolLambdaConfig", + "description": "Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.\n" + }, + "lastModifiedDate": { + "type": "string", + "description": "Date the user pool was last modified.\n" + }, + "mfaConfiguration": { + "type": "string", + "description": "Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of `OFF`. Valid values are `OFF` (MFA Tokens are not required), `ON` (MFA is required for all users to sign in; requires at least one of `sms_configuration` or `software_token_mfa_configuration` to be configured), or `OPTIONAL` (MFA Will be required only for individual users who have MFA Enabled; requires at least one of `sms_configuration` or `software_token_mfa_configuration` to be configured).\n" + }, + "name": { + "type": "string", + "description": "Name of the attribute.\n" + }, + "passwordPolicy": { + "$ref": "#/types/aws:cognito/UserPoolPasswordPolicy:UserPoolPasswordPolicy", + "description": "Configuration blocked for information about the user pool password policy. Detailed below.\n" + }, + "schemas": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/UserPoolSchema:UserPoolSchema" + }, + "description": "Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the [standard attribute set](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#cognito-user-pools-standard-attributes) only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.\n" + }, + "smsAuthenticationMessage": { + "type": "string", + "description": "String representing the SMS authentication message. The Message must contain the `{####}` placeholder, which will be replaced with the code.\n" + }, + "smsConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolSmsConfiguration:UserPoolSmsConfiguration", + "description": "Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection.\n" + }, + "smsVerificationMessage": { + "type": "string", + "description": "String representing the SMS verification message. Conflicts with `verification_message_template` configuration block `sms_message` argument.\n" + }, + "softwareTokenMfaConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolSoftwareTokenMfaConfiguration:UserPoolSoftwareTokenMfaConfiguration", + "description": "Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the User Pool. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userPoolAddOns": { + "$ref": "#/types/aws:cognito/UserPoolUserPoolAddOns:UserPoolUserPoolAddOns", + "description": "Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.\n" + }, + "usernameAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with `alias_attributes`.\n" + }, + "usernameConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolUsernameConfiguration:UserPoolUsernameConfiguration", + "description": "Configuration block for username configuration. Detailed below.\n" + }, + "verificationMessageTemplate": { + "$ref": "#/types/aws:cognito/UserPoolVerificationMessageTemplate:UserPoolVerificationMessageTemplate", + "description": "Configuration block for verification message templates. Detailed below.\n" + } + }, + "required": [ + "adminCreateUserConfig", + "arn", + "creationDate", + "customDomain", + "domain", + "emailVerificationMessage", + "emailVerificationSubject", + "endpoint", + "estimatedNumberOfUsers", + "lambdaConfig", + "lastModifiedDate", + "name", + "passwordPolicy", + "smsConfiguration", + "smsVerificationMessage", + "tagsAll", + "verificationMessageTemplate" + ], + "inputProperties": { + "accountRecoverySetting": { + "$ref": "#/types/aws:cognito/UserPoolAccountRecoverySetting:UserPoolAccountRecoverySetting", + "description": "Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.\n" + }, + "adminCreateUserConfig": { + "$ref": "#/types/aws:cognito/UserPoolAdminCreateUserConfig:UserPoolAdminCreateUserConfig", + "description": "Configuration block for creating a new user profile. Detailed below.\n" + }, + "aliasAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Attributes supported as an alias for this user pool. Valid values: `phone_number`, `email`, or `preferred_username`. Conflicts with `username_attributes`.\n" + }, + "autoVerifiedAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Attributes to be auto-verified. Valid values: `email`, `phone_number`.\n" + }, + "deviceConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolDeviceConfiguration:UserPoolDeviceConfiguration", + "description": "Configuration block for the user pool's device tracking. Detailed below.\n" + }, + "emailConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolEmailConfiguration:UserPoolEmailConfiguration", + "description": "Configuration block for configuring email. Detailed below.\n" + }, + "emailVerificationMessage": { + "type": "string", + "description": "String representing the email verification message. Conflicts with `verification_message_template` configuration block `email_message` argument.\n" + }, + "emailVerificationSubject": { + "type": "string", + "description": "String representing the email verification subject. Conflicts with `verification_message_template` configuration block `email_subject` argument.\n" + }, + "lambdaConfig": { + "$ref": "#/types/aws:cognito/UserPoolLambdaConfig:UserPoolLambdaConfig", + "description": "Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.\n" + }, + "mfaConfiguration": { + "type": "string", + "description": "Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of `OFF`. Valid values are `OFF` (MFA Tokens are not required), `ON` (MFA is required for all users to sign in; requires at least one of `sms_configuration` or `software_token_mfa_configuration` to be configured), or `OPTIONAL` (MFA Will be required only for individual users who have MFA Enabled; requires at least one of `sms_configuration` or `software_token_mfa_configuration` to be configured).\n" + }, + "name": { + "type": "string", + "description": "Name of the attribute.\n" + }, + "passwordPolicy": { + "$ref": "#/types/aws:cognito/UserPoolPasswordPolicy:UserPoolPasswordPolicy", + "description": "Configuration blocked for information about the user pool password policy. Detailed below.\n" + }, + "schemas": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/UserPoolSchema:UserPoolSchema" + }, + "description": "Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the [standard attribute set](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#cognito-user-pools-standard-attributes) only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.\n" + }, + "smsAuthenticationMessage": { + "type": "string", + "description": "String representing the SMS authentication message. The Message must contain the `{####}` placeholder, which will be replaced with the code.\n" + }, + "smsConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolSmsConfiguration:UserPoolSmsConfiguration", + "description": "Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection.\n" + }, + "smsVerificationMessage": { + "type": "string", + "description": "String representing the SMS verification message. Conflicts with `verification_message_template` configuration block `sms_message` argument.\n" + }, + "softwareTokenMfaConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolSoftwareTokenMfaConfiguration:UserPoolSoftwareTokenMfaConfiguration", + "description": "Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the User Pool. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userPoolAddOns": { + "$ref": "#/types/aws:cognito/UserPoolUserPoolAddOns:UserPoolUserPoolAddOns", + "description": "Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.\n" + }, + "usernameAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with `alias_attributes`.\n" + }, + "usernameConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolUsernameConfiguration:UserPoolUsernameConfiguration", + "description": "Configuration block for username configuration. Detailed below.\n" + }, + "verificationMessageTemplate": { + "$ref": "#/types/aws:cognito/UserPoolVerificationMessageTemplate:UserPoolVerificationMessageTemplate", + "description": "Configuration block for verification message templates. Detailed below.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering UserPool resources.\n", + "properties": { + "accountRecoverySetting": { + "$ref": "#/types/aws:cognito/UserPoolAccountRecoverySetting:UserPoolAccountRecoverySetting", + "description": "Configuration block to define which verified available method a user can use to recover their forgotten password. Detailed below.\n" + }, + "adminCreateUserConfig": { + "$ref": "#/types/aws:cognito/UserPoolAdminCreateUserConfig:UserPoolAdminCreateUserConfig", + "description": "Configuration block for creating a new user profile. Detailed below.\n" + }, + "aliasAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Attributes supported as an alias for this user pool. Valid values: `phone_number`, `email`, or `preferred_username`. Conflicts with `username_attributes`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the user pool.\n" + }, + "autoVerifiedAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Attributes to be auto-verified. Valid values: `email`, `phone_number`.\n" + }, + "creationDate": { + "type": "string", + "description": "Date the user pool was created.\n" + }, + "customDomain": { + "type": "string", + "description": "A custom domain name that you provide to Amazon Cognito. This parameter applies only if you use a custom domain to host the sign-up and sign-in pages for your application. For example: `auth.example.com`.\n" + }, + "deviceConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolDeviceConfiguration:UserPoolDeviceConfiguration", + "description": "Configuration block for the user pool's device tracking. Detailed below.\n" + }, + "domain": { + "type": "string", + "description": "Holds the domain prefix if the user pool has a domain associated with it.\n" + }, + "emailConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolEmailConfiguration:UserPoolEmailConfiguration", + "description": "Configuration block for configuring email. Detailed below.\n" + }, + "emailVerificationMessage": { + "type": "string", + "description": "String representing the email verification message. Conflicts with `verification_message_template` configuration block `email_message` argument.\n" + }, + "emailVerificationSubject": { + "type": "string", + "description": "String representing the email verification subject. Conflicts with `verification_message_template` configuration block `email_subject` argument.\n" + }, + "endpoint": { + "type": "string", + "description": "Endpoint name of the user pool. Example format: `cognito-idp.REGION.amazonaws.com/xxxx_yyyyy`\n" + }, + "estimatedNumberOfUsers": { + "type": "integer", + "description": "A number estimating the size of the user pool.\n" + }, + "lambdaConfig": { + "$ref": "#/types/aws:cognito/UserPoolLambdaConfig:UserPoolLambdaConfig", + "description": "Configuration block for the AWS Lambda triggers associated with the user pool. Detailed below.\n" + }, + "lastModifiedDate": { + "type": "string", + "description": "Date the user pool was last modified.\n" + }, + "mfaConfiguration": { + "type": "string", + "description": "Multi-Factor Authentication (MFA) configuration for the User Pool. Defaults of `OFF`. Valid values are `OFF` (MFA Tokens are not required), `ON` (MFA is required for all users to sign in; requires at least one of `sms_configuration` or `software_token_mfa_configuration` to be configured), or `OPTIONAL` (MFA Will be required only for individual users who have MFA Enabled; requires at least one of `sms_configuration` or `software_token_mfa_configuration` to be configured).\n" + }, + "name": { + "type": "string", + "description": "Name of the attribute.\n" + }, + "passwordPolicy": { + "$ref": "#/types/aws:cognito/UserPoolPasswordPolicy:UserPoolPasswordPolicy", + "description": "Configuration blocked for information about the user pool password policy. Detailed below.\n" + }, + "schemas": { + "type": "array", + "items": { + "$ref": "#/types/aws:cognito/UserPoolSchema:UserPoolSchema" + }, + "description": "Configuration block for the schema attributes of a user pool. Detailed below. Schema attributes from the [standard attribute set](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-settings-attributes.html#cognito-user-pools-standard-attributes) only need to be specified if they are different from the default configuration. Attributes can be added, but not modified or removed. Maximum of 50 attributes.\n" + }, + "smsAuthenticationMessage": { + "type": "string", + "description": "String representing the SMS authentication message. The Message must contain the `{####}` placeholder, which will be replaced with the code.\n" + }, + "smsConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolSmsConfiguration:UserPoolSmsConfiguration", + "description": "Configuration block for Short Message Service (SMS) settings. Detailed below. These settings apply to SMS user verification and SMS Multi-Factor Authentication (MFA). Due to Cognito API restrictions, the SMS configuration cannot be removed without recreating the Cognito User Pool. For user data safety, this resource will ignore the removal of this configuration by disabling drift detection.\n" + }, + "smsVerificationMessage": { + "type": "string", + "description": "String representing the SMS verification message. Conflicts with `verification_message_template` configuration block `sms_message` argument.\n" + }, + "softwareTokenMfaConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolSoftwareTokenMfaConfiguration:UserPoolSoftwareTokenMfaConfiguration", + "description": "Configuration block for software token Mult-Factor Authentication (MFA) settings. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the User Pool. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userPoolAddOns": { + "$ref": "#/types/aws:cognito/UserPoolUserPoolAddOns:UserPoolUserPoolAddOns", + "description": "Configuration block for user pool add-ons to enable user pool advanced security mode features. Detailed below.\n" + }, + "usernameAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Whether email addresses or phone numbers can be specified as usernames when a user signs up. Conflicts with `alias_attributes`.\n" + }, + "usernameConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolUsernameConfiguration:UserPoolUsernameConfiguration", + "description": "Configuration block for username configuration. Detailed below.\n" + }, + "verificationMessageTemplate": { + "$ref": "#/types/aws:cognito/UserPoolVerificationMessageTemplate:UserPoolVerificationMessageTemplate", + "description": "Configuration block for verification message templates. Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:cognito/userPoolClient:UserPoolClient": { + "description": "Provides a Cognito User Pool Client resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Create a basic user pool client\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {});\nconst client = new aws.cognito.UserPoolClient(\"client\", {userPoolId: pool.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\")\nclient = aws.cognito.UserPoolClient(\"client\", user_pool_id=pool.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n var client = new Aws.Cognito.UserPoolClient(\"client\", new Aws.Cognito.UserPoolClientArgs\n {\n UserPoolId = pool.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"client\", &cognito.UserPoolClientArgs{\n\t\t\tUserPoolId: pool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Create a user pool client with no SRP authentication\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pool = new aws.cognito.UserPool(\"pool\", {});\nconst client = new aws.cognito.UserPoolClient(\"client\", {\n userPoolId: pool.id,\n generateSecret: true,\n explicitAuthFlows: [\"ADMIN_NO_SRP_AUTH\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npool = aws.cognito.UserPool(\"pool\")\nclient = aws.cognito.UserPoolClient(\"client\",\n user_pool_id=pool.id,\n generate_secret=True,\n explicit_auth_flows=[\"ADMIN_NO_SRP_AUTH\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n var client = new Aws.Cognito.UserPoolClient(\"client\", new Aws.Cognito.UserPoolClientArgs\n {\n UserPoolId = pool.Id,\n GenerateSecret = true,\n ExplicitAuthFlows = \n {\n \"ADMIN_NO_SRP_AUTH\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"client\", &cognito.UserPoolClientArgs{\n\t\t\tUserPoolId: pool.ID(),\n\t\t\tGenerateSecret: pulumi.Bool(true),\n\t\t\tExplicitAuthFlows: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ADMIN_NO_SRP_AUTH\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Create a user pool client with pinpoint analytics\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst testUserPool = new aws.cognito.UserPool(\"testUserPool\", {});\nconst testApp = new aws.pinpoint.App(\"testApp\", {});\nconst testRole = new aws.iam.Role(\"testRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"cognito-idp.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst testRolePolicy = new aws.iam.RolePolicy(\"testRolePolicy\", {\n role: testRole.id,\n policy: pulumi.all([current, testApp.applicationId]).apply(([current, applicationId]) => `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"mobiletargeting:UpdateEndpoint\",\n \"mobiletargeting:PutItems\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:mobiletargeting:*:${current.accountId}:apps/${applicationId}*\"\n }\n ]\n}\n`),\n});\nconst testUserPoolClient = new aws.cognito.UserPoolClient(\"testUserPoolClient\", {\n userPoolId: testUserPool.id,\n analyticsConfiguration: {\n applicationId: testApp.applicationId,\n externalId: \"some_id\",\n roleArn: testRole.arn,\n userDataShared: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ntest_user_pool = aws.cognito.UserPool(\"testUserPool\")\ntest_app = aws.pinpoint.App(\"testApp\")\ntest_role = aws.iam.Role(\"testRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"cognito-idp.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ntest_role_policy = aws.iam.RolePolicy(\"testRolePolicy\",\n role=test_role.id,\n policy=test_app.application_id.apply(lambda application_id: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": [\n \"mobiletargeting:UpdateEndpoint\",\n \"mobiletargeting:PutItems\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:mobiletargeting:*:{current.account_id}:apps/{application_id}*\"\n }}\n ]\n}}\n\"\"\"))\ntest_user_pool_client = aws.cognito.UserPoolClient(\"testUserPoolClient\",\n user_pool_id=test_user_pool.id,\n analytics_configuration=aws.cognito.UserPoolClientAnalyticsConfigurationArgs(\n application_id=test_app.application_id,\n external_id=\"some_id\",\n role_arn=test_role.arn,\n user_data_shared=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var testUserPool = new Aws.Cognito.UserPool(\"testUserPool\", new Aws.Cognito.UserPoolArgs\n {\n });\n var testApp = new Aws.Pinpoint.App(\"testApp\", new Aws.Pinpoint.AppArgs\n {\n });\n var testRole = new Aws.Iam.Role(\"testRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"cognito-idp.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var testRolePolicy = new Aws.Iam.RolePolicy(\"testRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = testRole.Id,\n Policy = Output.Tuple(current, testApp.ApplicationId).Apply(values =>\n {\n var current = values.Item1;\n var applicationId = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": [\n \"\"mobiletargeting:UpdateEndpoint\"\",\n \"\"mobiletargeting:PutItems\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:mobiletargeting:*:{current.AccountId}:apps/{applicationId}*\"\"\n }}\n ]\n}}\n\";\n }),\n });\n var testUserPoolClient = new Aws.Cognito.UserPoolClient(\"testUserPoolClient\", new Aws.Cognito.UserPoolClientArgs\n {\n UserPoolId = testUserPool.Id,\n AnalyticsConfiguration = new Aws.Cognito.Inputs.UserPoolClientAnalyticsConfigurationArgs\n {\n ApplicationId = testApp.ApplicationId,\n ExternalId = \"some_id\",\n RoleArn = testRole.Arn,\n UserDataShared = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestUserPool, err := cognito.NewUserPool(ctx, \"testUserPool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestApp, err := pinpoint.NewApp(ctx, \"testApp\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"testRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"cognito-idp.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"testRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: testRole.ID(),\n\t\t\tPolicy: testApp.ApplicationId.ApplyT(func(applicationId string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"mobiletargeting:UpdateEndpoint\\\",\\n\", \" \\\"mobiletargeting:PutItems\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:mobiletargeting:*:\", current.AccountId, \":apps/\", applicationId, \"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolClient(ctx, \"testUserPoolClient\", &cognito.UserPoolClientArgs{\n\t\t\tUserPoolId: testUserPool.ID(),\n\t\t\tAnalyticsConfiguration: &cognito.UserPoolClientAnalyticsConfigurationArgs{\n\t\t\t\tApplicationId: testApp.ApplicationId,\n\t\t\t\tExternalId: pulumi.String(\"some_id\"),\n\t\t\t\tRoleArn: testRole.Arn,\n\t\t\t\tUserDataShared: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCognito User Pool Clients can be imported using the `id` of the Cognito User Pool, and the `id` of the Cognito User Pool Client, e.g.\n\n```sh\n $ pulumi import aws:cognito/userPoolClient:UserPoolClient client /\n```\n\n ", + "properties": { + "accessTokenValidity": { + "type": "integer", + "description": "Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. This value will be overridden if you have entered a value in `token_validity_units`.\n" + }, + "allowedOauthFlows": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed OAuth flows (code, implicit, client_credentials).\n" + }, + "allowedOauthFlowsUserPoolClient": { + "type": "boolean", + "description": "Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.\n" + }, + "allowedOauthScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).\n" + }, + "analyticsConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolClientAnalyticsConfiguration:UserPoolClientAnalyticsConfiguration", + "description": "Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.\n" + }, + "callbackUrls": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed callback URLs for the identity providers.\n" + }, + "clientSecret": { + "type": "string", + "description": "Client secret of the user pool client.\n" + }, + "defaultRedirectUri": { + "type": "string", + "description": "Default redirect URI. Must be in the list of callback URLs.\n" + }, + "enableTokenRevocation": { + "type": "boolean", + "description": "Enables or disables token revocation.\n" + }, + "explicitAuthFlows": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).\n" + }, + "generateSecret": { + "type": "boolean", + "description": "Should an application secret be generated.\n" + }, + "idTokenValidity": { + "type": "integer", + "description": "Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in `token_validity_units`.\n" + }, + "logoutUrls": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed logout URLs for the identity providers.\n" + }, + "name": { + "type": "string", + "description": "Name of the application client.\n" + }, + "preventUserExistenceErrors": { + "type": "string", + "description": "Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY`, those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool.\n" + }, + "readAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of user pool attributes the application client can read from.\n" + }, + "refreshTokenValidity": { + "type": "integer", + "description": "Time limit in days refresh tokens are valid for.\n" + }, + "supportedIdentityProviders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of provider names for the identity providers that are supported on this client.\n" + }, + "tokenValidityUnits": { + "$ref": "#/types/aws:cognito/UserPoolClientTokenValidityUnits:UserPoolClientTokenValidityUnits", + "description": "Configuration block for units in which the validity times are represented in. Detailed below.\n" + }, + "userPoolId": { + "type": "string", + "description": "User pool the client belongs to.\n" + }, + "writeAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of user pool attributes the application client can write to.\n" + } + }, + "required": [ + "callbackUrls", + "clientSecret", + "enableTokenRevocation", + "logoutUrls", + "name", + "preventUserExistenceErrors", + "userPoolId" + ], + "inputProperties": { + "accessTokenValidity": { + "type": "integer", + "description": "Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. This value will be overridden if you have entered a value in `token_validity_units`.\n" + }, + "allowedOauthFlows": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed OAuth flows (code, implicit, client_credentials).\n" + }, + "allowedOauthFlowsUserPoolClient": { + "type": "boolean", + "description": "Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.\n" + }, + "allowedOauthScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).\n" + }, + "analyticsConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolClientAnalyticsConfiguration:UserPoolClientAnalyticsConfiguration", + "description": "Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.\n" + }, + "callbackUrls": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed callback URLs for the identity providers.\n" + }, + "defaultRedirectUri": { + "type": "string", + "description": "Default redirect URI. Must be in the list of callback URLs.\n" + }, + "enableTokenRevocation": { + "type": "boolean", + "description": "Enables or disables token revocation.\n" + }, + "explicitAuthFlows": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).\n" + }, + "generateSecret": { + "type": "boolean", + "description": "Should an application secret be generated.\n" + }, + "idTokenValidity": { + "type": "integer", + "description": "Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in `token_validity_units`.\n" + }, + "logoutUrls": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed logout URLs for the identity providers.\n" + }, + "name": { + "type": "string", + "description": "Name of the application client.\n" + }, + "preventUserExistenceErrors": { + "type": "string", + "description": "Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY`, those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool.\n" + }, + "readAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of user pool attributes the application client can read from.\n" + }, + "refreshTokenValidity": { + "type": "integer", + "description": "Time limit in days refresh tokens are valid for.\n" + }, + "supportedIdentityProviders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of provider names for the identity providers that are supported on this client.\n" + }, + "tokenValidityUnits": { + "$ref": "#/types/aws:cognito/UserPoolClientTokenValidityUnits:UserPoolClientTokenValidityUnits", + "description": "Configuration block for units in which the validity times are represented in. Detailed below.\n" + }, + "userPoolId": { + "type": "string", + "description": "User pool the client belongs to.\n" + }, + "writeAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of user pool attributes the application client can write to.\n" + } + }, + "requiredInputs": [ + "userPoolId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserPoolClient resources.\n", + "properties": { + "accessTokenValidity": { + "type": "integer", + "description": "Time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. This value will be overridden if you have entered a value in `token_validity_units`.\n" + }, + "allowedOauthFlows": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed OAuth flows (code, implicit, client_credentials).\n" + }, + "allowedOauthFlowsUserPoolClient": { + "type": "boolean", + "description": "Whether the client is allowed to follow the OAuth protocol when interacting with Cognito user pools.\n" + }, + "allowedOauthScopes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed OAuth scopes (phone, email, openid, profile, and aws.cognito.signin.user.admin).\n" + }, + "analyticsConfiguration": { + "$ref": "#/types/aws:cognito/UserPoolClientAnalyticsConfiguration:UserPoolClientAnalyticsConfiguration", + "description": "Configuration block for Amazon Pinpoint analytics for collecting metrics for this user pool. Detailed below.\n" + }, + "callbackUrls": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed callback URLs for the identity providers.\n" + }, + "clientSecret": { + "type": "string", + "description": "Client secret of the user pool client.\n" + }, + "defaultRedirectUri": { + "type": "string", + "description": "Default redirect URI. Must be in the list of callback URLs.\n" + }, + "enableTokenRevocation": { + "type": "boolean", + "description": "Enables or disables token revocation.\n" + }, + "explicitAuthFlows": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of authentication flows (ADMIN_NO_SRP_AUTH, CUSTOM_AUTH_FLOW_ONLY, USER_PASSWORD_AUTH, ALLOW_ADMIN_USER_PASSWORD_AUTH, ALLOW_CUSTOM_AUTH, ALLOW_USER_PASSWORD_AUTH, ALLOW_USER_SRP_AUTH, ALLOW_REFRESH_TOKEN_AUTH).\n" + }, + "generateSecret": { + "type": "boolean", + "description": "Should an application secret be generated.\n" + }, + "idTokenValidity": { + "type": "integer", + "description": "Time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in `token_validity_units`.\n" + }, + "logoutUrls": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of allowed logout URLs for the identity providers.\n" + }, + "name": { + "type": "string", + "description": "Name of the application client.\n" + }, + "preventUserExistenceErrors": { + "type": "string", + "description": "Choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY`, those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool.\n" + }, + "readAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of user pool attributes the application client can read from.\n" + }, + "refreshTokenValidity": { + "type": "integer", + "description": "Time limit in days refresh tokens are valid for.\n" + }, + "supportedIdentityProviders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of provider names for the identity providers that are supported on this client.\n" + }, + "tokenValidityUnits": { + "$ref": "#/types/aws:cognito/UserPoolClientTokenValidityUnits:UserPoolClientTokenValidityUnits", + "description": "Configuration block for units in which the validity times are represented in. Detailed below.\n" + }, + "userPoolId": { + "type": "string", + "description": "User pool the client belongs to.\n" + }, + "writeAttributes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of user pool attributes the application client can write to.\n" + } + }, + "type": "object" + } + }, + "aws:cognito/userPoolDomain:UserPoolDomain": { + "description": "Provides a Cognito User Pool Domain resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Amazon Cognito domain\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.cognito.UserPool(\"example\", {});\nconst main = new aws.cognito.UserPoolDomain(\"main\", {\n domain: \"example-domain\",\n userPoolId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cognito.UserPool(\"example\")\nmain = aws.cognito.UserPoolDomain(\"main\",\n domain=\"example-domain\",\n user_pool_id=example.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Cognito.UserPool(\"example\", new Aws.Cognito.UserPoolArgs\n {\n });\n var main = new Aws.Cognito.UserPoolDomain(\"main\", new Aws.Cognito.UserPoolDomainArgs\n {\n Domain = \"example-domain\",\n UserPoolId = example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := cognito.NewUserPool(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cognito.NewUserPoolDomain(ctx, \"main\", &cognito.UserPoolDomainArgs{\n\t\t\tDomain: pulumi.String(\"example-domain\"),\n\t\t\tUserPoolId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Custom Cognito domain\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleUserPool = new aws.cognito.UserPool(\"exampleUserPool\", {});\nconst main = new aws.cognito.UserPoolDomain(\"main\", {\n domain: \"example-domain.example.com\",\n certificateArn: aws_acm_certificate.cert.arn,\n userPoolId: exampleUserPool.id,\n});\nconst exampleZone = aws.route53.getZone({\n name: \"example.com\",\n});\nconst auth_cognito_A = new aws.route53.Record(\"auth-cognito-A\", {\n name: main.domain,\n type: \"A\",\n zoneId: exampleZone.then(exampleZone => exampleZone.zoneId),\n aliases: [{\n evaluateTargetHealth: false,\n name: main.cloudfrontDistributionArn,\n zoneId: \"Z2FDTNDATAQYW2\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_user_pool = aws.cognito.UserPool(\"exampleUserPool\")\nmain = aws.cognito.UserPoolDomain(\"main\",\n domain=\"example-domain.example.com\",\n certificate_arn=aws_acm_certificate[\"cert\"][\"arn\"],\n user_pool_id=example_user_pool.id)\nexample_zone = aws.route53.get_zone(name=\"example.com\")\nauth_cognito__a = aws.route53.Record(\"auth-cognito-A\",\n name=main.domain,\n type=\"A\",\n zone_id=example_zone.zone_id,\n aliases=[aws.route53.RecordAliasArgs(\n evaluate_target_health=False,\n name=main.cloudfront_distribution_arn,\n zone_id=\"Z2FDTNDATAQYW2\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleUserPool = new Aws.Cognito.UserPool(\"exampleUserPool\", new Aws.Cognito.UserPoolArgs\n {\n });\n var main = new Aws.Cognito.UserPoolDomain(\"main\", new Aws.Cognito.UserPoolDomainArgs\n {\n Domain = \"example-domain.example.com\",\n CertificateArn = aws_acm_certificate.Cert.Arn,\n UserPoolId = exampleUserPool.Id,\n });\n var exampleZone = Output.Create(Aws.Route53.GetZone.InvokeAsync(new Aws.Route53.GetZoneArgs\n {\n Name = \"example.com\",\n }));\n var auth_cognito_A = new Aws.Route53.Record(\"auth-cognito-A\", new Aws.Route53.RecordArgs\n {\n Name = main.Domain,\n Type = \"A\",\n ZoneId = exampleZone.Apply(exampleZone => exampleZone.ZoneId),\n Aliases = \n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n EvaluateTargetHealth = false,\n Name = main.CloudfrontDistributionArn,\n ZoneId = \"Z2FDTNDATAQYW2\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleUserPool, err := cognito.NewUserPool(ctx, \"exampleUserPool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := cognito.NewUserPoolDomain(ctx, \"main\", &cognito.UserPoolDomainArgs{\n\t\t\tDomain: pulumi.String(\"example-domain.example.com\"),\n\t\t\tCertificateArn: pulumi.Any(aws_acm_certificate.Cert.Arn),\n\t\t\tUserPoolId: exampleUserPool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt0 := \"example.com\"\n\t\texampleZone, err := route53.LookupZone(ctx, &route53.LookupZoneArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"auth_cognito_A\", &route53.RecordArgs{\n\t\t\tName: main.Domain,\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tZoneId: pulumi.String(exampleZone.ZoneId),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t&route53.RecordAliasArgs{\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(false),\n\t\t\t\t\tName: main.CloudfrontDistributionArn,\n\t\t\t\t\tZoneId: pulumi.String(\"Z2FDTNDATAQYW2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCognito User Pool Domains can be imported using the `domain`, e.g.\n\n```sh\n $ pulumi import aws:cognito/userPoolDomain:UserPoolDomain main \n```\n\n ", + "properties": { + "awsAccountId": { + "type": "string", + "description": "The AWS account ID for the user pool owner.\n" + }, + "certificateArn": { + "type": "string", + "description": "The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.\n" + }, + "cloudfrontDistributionArn": { + "type": "string", + "description": "The URL of the CloudFront distribution. This is required to generate the ALIAS `aws.route53.Record`\n" + }, + "domain": { + "type": "string", + "description": "The domain string.\n" + }, + "s3Bucket": { + "type": "string", + "description": "The S3 bucket where the static files for this domain are stored.\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID.\n" + }, + "version": { + "type": "string", + "description": "The app version.\n" + } + }, + "required": [ + "awsAccountId", + "cloudfrontDistributionArn", + "domain", + "s3Bucket", + "userPoolId", + "version" + ], + "inputProperties": { + "certificateArn": { + "type": "string", + "description": "The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.\n" + }, + "domain": { + "type": "string", + "description": "The domain string.\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID.\n" + } + }, + "requiredInputs": [ + "domain", + "userPoolId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserPoolDomain resources.\n", + "properties": { + "awsAccountId": { + "type": "string", + "description": "The AWS account ID for the user pool owner.\n" + }, + "certificateArn": { + "type": "string", + "description": "The ARN of an ISSUED ACM certificate in us-east-1 for a custom domain.\n" + }, + "cloudfrontDistributionArn": { + "type": "string", + "description": "The URL of the CloudFront distribution. This is required to generate the ALIAS `aws.route53.Record`\n" + }, + "domain": { + "type": "string", + "description": "The domain string.\n" + }, + "s3Bucket": { + "type": "string", + "description": "The S3 bucket where the static files for this domain are stored.\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID.\n" + }, + "version": { + "type": "string", + "description": "The app version.\n" + } + }, + "type": "object" + } + }, + "aws:cognito/userPoolUICustomization:UserPoolUICustomization": { + "description": "Provides a Cognito User Pool UI Customization resource.\n\n> **Note:** To use this resource, the user pool must have a domain associated with it. For more information, see the Amazon Cognito Developer Guide on [Customizing the Built-in Sign-In and Sign-up Webpages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-app-ui-customization.html).\n\n{{% examples %}}\n## Example Usage\n{{% /examples %}}\n\n## Import\n\nCognito User Pool UI Customizations can be imported using the `user_pool_id` and `client_id` separated by `,`, e.g.\n\n```sh\n $ pulumi import aws:cognito/userPoolUICustomization:UserPoolUICustomization example us-west-2_ZCTarbt5C,12bu4fuk3mlgqa2rtrujgp6egq\n```\n\n ", + "properties": { + "clientId": { + "type": "string", + "description": "The client ID for the client app. Defaults to `ALL`. If `ALL` is specified, the `css` and/or `image_file` settings will be used for every client that has no UI customization set previously.\n" + }, + "creationDate": { + "type": "string", + "description": "The creation date in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) for the UI customization.\n" + }, + "css": { + "type": "string", + "description": "The CSS values in the UI customization, provided as a String. At least one of `css` or `image_file` is required.\n" + }, + "cssVersion": { + "type": "string", + "description": "The CSS version number.\n" + }, + "imageFile": { + "type": "string", + "description": "The uploaded logo image for the UI customization, provided as a base64-encoded String. Drift detection is not possible for this argument. At least one of `css` or `image_file` is required.\n" + }, + "imageUrl": { + "type": "string", + "description": "The logo image URL for the UI customization.\n" + }, + "lastModifiedDate": { + "type": "string", + "description": "The last-modified date in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) for the UI customization.\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID for the user pool.\n" + } + }, + "required": [ + "creationDate", + "cssVersion", + "imageUrl", + "lastModifiedDate", + "userPoolId" + ], + "inputProperties": { + "clientId": { + "type": "string", + "description": "The client ID for the client app. Defaults to `ALL`. If `ALL` is specified, the `css` and/or `image_file` settings will be used for every client that has no UI customization set previously.\n" + }, + "css": { + "type": "string", + "description": "The CSS values in the UI customization, provided as a String. At least one of `css` or `image_file` is required.\n" + }, + "imageFile": { + "type": "string", + "description": "The uploaded logo image for the UI customization, provided as a base64-encoded String. Drift detection is not possible for this argument. At least one of `css` or `image_file` is required.\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID for the user pool.\n" + } + }, + "requiredInputs": [ + "userPoolId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserPoolUICustomization resources.\n", + "properties": { + "clientId": { + "type": "string", + "description": "The client ID for the client app. Defaults to `ALL`. If `ALL` is specified, the `css` and/or `image_file` settings will be used for every client that has no UI customization set previously.\n" + }, + "creationDate": { + "type": "string", + "description": "The creation date in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) for the UI customization.\n" + }, + "css": { + "type": "string", + "description": "The CSS values in the UI customization, provided as a String. At least one of `css` or `image_file` is required.\n" + }, + "cssVersion": { + "type": "string", + "description": "The CSS version number.\n" + }, + "imageFile": { + "type": "string", + "description": "The uploaded logo image for the UI customization, provided as a base64-encoded String. Drift detection is not possible for this argument. At least one of `css` or `image_file` is required.\n" + }, + "imageUrl": { + "type": "string", + "description": "The logo image URL for the UI customization.\n" + }, + "lastModifiedDate": { + "type": "string", + "description": "The last-modified date in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) for the UI customization.\n" + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID for the user pool.\n" + } + }, + "type": "object" + } + }, + "aws:cur/reportDefinition:ReportDefinition": { + "description": "Manages Cost and Usage Report Definitions.\n\n> *NOTE:* The AWS Cost and Usage Report service is only available in `us-east-1` currently.\n\n> *NOTE:* If AWS Organizations is enabled, only the master account can use this resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleCurReportDefinition = new aws.cur.ReportDefinition(\"example_cur_report_definition\", {\n additionalArtifacts: [\n \"REDSHIFT\",\n \"QUICKSIGHT\",\n ],\n additionalSchemaElements: [\"RESOURCES\"],\n compression: \"GZIP\",\n format: \"textORcsv\",\n reportName: \"example-cur-report-definition\",\n s3Bucket: \"example-bucket-name\",\n s3Region: \"us-east-1\",\n timeUnit: \"HOURLY\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_cur_report_definition = aws.cur.ReportDefinition(\"exampleCurReportDefinition\",\n additional_artifacts=[\n \"REDSHIFT\",\n \"QUICKSIGHT\",\n ],\n additional_schema_elements=[\"RESOURCES\"],\n compression=\"GZIP\",\n format=\"textORcsv\",\n report_name=\"example-cur-report-definition\",\n s3_bucket=\"example-bucket-name\",\n s3_region=\"us-east-1\",\n time_unit=\"HOURLY\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleCurReportDefinition = new Aws.Cur.ReportDefinition(\"exampleCurReportDefinition\", new Aws.Cur.ReportDefinitionArgs\n {\n AdditionalArtifacts = \n {\n \"REDSHIFT\",\n \"QUICKSIGHT\",\n },\n AdditionalSchemaElements = \n {\n \"RESOURCES\",\n },\n Compression = \"GZIP\",\n Format = \"textORcsv\",\n ReportName = \"example-cur-report-definition\",\n S3Bucket = \"example-bucket-name\",\n S3Region = \"us-east-1\",\n TimeUnit = \"HOURLY\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cur\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cur.NewReportDefinition(ctx, \"exampleCurReportDefinition\", &cur.ReportDefinitionArgs{\n\t\t\tAdditionalArtifacts: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"REDSHIFT\"),\n\t\t\t\tpulumi.String(\"QUICKSIGHT\"),\n\t\t\t},\n\t\t\tAdditionalSchemaElements: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"RESOURCES\"),\n\t\t\t},\n\t\t\tCompression: pulumi.String(\"GZIP\"),\n\t\t\tFormat: pulumi.String(\"textORcsv\"),\n\t\t\tReportName: pulumi.String(\"example-cur-report-definition\"),\n\t\t\tS3Bucket: pulumi.String(\"example-bucket-name\"),\n\t\t\tS3Region: pulumi.String(\"us-east-1\"),\n\t\t\tTimeUnit: pulumi.String(\"HOURLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nReport Definitions can be imported using the `report_name`, e.g.\n\n```sh\n $ pulumi import aws:cur/reportDefinition:ReportDefinition example_cur_report_definition example-cur-report-definition\n```\n\n ", + "properties": { + "additionalArtifacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of additional artifacts. Valid values are: `REDSHIFT`, `QUICKSIGHT`, `ATHENA`. When ATHENA exists within additional_artifacts, no other artifact type can be declared and report_versioning must be `OVERWRITE_REPORT`.\n" + }, + "additionalSchemaElements": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of schema elements. Valid values are: `RESOURCES`.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the cur report.\n" + }, + "compression": { + "type": "string", + "description": "Compression format for report. Valid values are: `GZIP`, `ZIP`, `Parquet`. If `Parquet` is used, then format must also be `Parquet`.\n" + }, + "format": { + "type": "string", + "description": "Format for report. Valid values are: `textORcsv`, `Parquet`. If `Parquet` is used, then Compression must also be `Parquet`.\n" + }, + "refreshClosedReports": { + "type": "boolean", + "description": "Set to true to update your reports after they have been finalized if AWS detects charges related to previous months.\n" + }, + "reportName": { + "type": "string", + "description": "Unique name for the report. Must start with a number/letter and is case sensitive. Limited to 256 characters.\n" + }, + "reportVersioning": { + "type": "string", + "description": "Overwrite the previous version of each report or to deliver the report in addition to the previous versions. Valid values are: `CREATE_NEW_REPORT` and `OVERWRITE_REPORT`.\n" + }, + "s3Bucket": { + "type": "string", + "description": "Name of the existing S3 bucket to hold generated reports.\n" + }, + "s3Prefix": { + "type": "string", + "description": "Report path prefix. Limited to 256 characters.\n" + }, + "s3Region": { + "type": "string", + "description": "Region of the existing S3 bucket to hold generated reports.\n" + }, + "timeUnit": { + "type": "string", + "description": "The frequency on which report data are measured and displayed. Valid values are: `HOURLY`, `DAILY`.\n" + } + }, + "required": [ + "additionalSchemaElements", + "arn", + "compression", + "format", + "reportName", + "s3Bucket", + "s3Region", + "timeUnit" + ], + "inputProperties": { + "additionalArtifacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of additional artifacts. Valid values are: `REDSHIFT`, `QUICKSIGHT`, `ATHENA`. When ATHENA exists within additional_artifacts, no other artifact type can be declared and report_versioning must be `OVERWRITE_REPORT`.\n" + }, + "additionalSchemaElements": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of schema elements. Valid values are: `RESOURCES`.\n" + }, + "compression": { + "type": "string", + "description": "Compression format for report. Valid values are: `GZIP`, `ZIP`, `Parquet`. If `Parquet` is used, then format must also be `Parquet`.\n" + }, + "format": { + "type": "string", + "description": "Format for report. Valid values are: `textORcsv`, `Parquet`. If `Parquet` is used, then Compression must also be `Parquet`.\n" + }, + "refreshClosedReports": { + "type": "boolean", + "description": "Set to true to update your reports after they have been finalized if AWS detects charges related to previous months.\n" + }, + "reportName": { + "type": "string", + "description": "Unique name for the report. Must start with a number/letter and is case sensitive. Limited to 256 characters.\n" + }, + "reportVersioning": { + "type": "string", + "description": "Overwrite the previous version of each report or to deliver the report in addition to the previous versions. Valid values are: `CREATE_NEW_REPORT` and `OVERWRITE_REPORT`.\n" + }, + "s3Bucket": { + "type": "string", + "description": "Name of the existing S3 bucket to hold generated reports.\n" + }, + "s3Prefix": { + "type": "string", + "description": "Report path prefix. Limited to 256 characters.\n" + }, + "s3Region": { + "type": "string", + "description": "Region of the existing S3 bucket to hold generated reports.\n" + }, + "timeUnit": { + "type": "string", + "description": "The frequency on which report data are measured and displayed. Valid values are: `HOURLY`, `DAILY`.\n" + } + }, + "requiredInputs": [ + "additionalSchemaElements", + "compression", + "format", + "reportName", + "s3Bucket", + "s3Region", + "timeUnit" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ReportDefinition resources.\n", + "properties": { + "additionalArtifacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of additional artifacts. Valid values are: `REDSHIFT`, `QUICKSIGHT`, `ATHENA`. When ATHENA exists within additional_artifacts, no other artifact type can be declared and report_versioning must be `OVERWRITE_REPORT`.\n" + }, + "additionalSchemaElements": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of schema elements. Valid values are: `RESOURCES`.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the cur report.\n" + }, + "compression": { + "type": "string", + "description": "Compression format for report. Valid values are: `GZIP`, `ZIP`, `Parquet`. If `Parquet` is used, then format must also be `Parquet`.\n" + }, + "format": { + "type": "string", + "description": "Format for report. Valid values are: `textORcsv`, `Parquet`. If `Parquet` is used, then Compression must also be `Parquet`.\n" + }, + "refreshClosedReports": { + "type": "boolean", + "description": "Set to true to update your reports after they have been finalized if AWS detects charges related to previous months.\n" + }, + "reportName": { + "type": "string", + "description": "Unique name for the report. Must start with a number/letter and is case sensitive. Limited to 256 characters.\n" + }, + "reportVersioning": { + "type": "string", + "description": "Overwrite the previous version of each report or to deliver the report in addition to the previous versions. Valid values are: `CREATE_NEW_REPORT` and `OVERWRITE_REPORT`.\n" + }, + "s3Bucket": { + "type": "string", + "description": "Name of the existing S3 bucket to hold generated reports.\n" + }, + "s3Prefix": { + "type": "string", + "description": "Report path prefix. Limited to 256 characters.\n" + }, + "s3Region": { + "type": "string", + "description": "Region of the existing S3 bucket to hold generated reports.\n" + }, + "timeUnit": { + "type": "string", + "description": "The frequency on which report data are measured and displayed. Valid values are: `HOURLY`, `DAILY`.\n" + } + }, + "type": "object" + } + }, + "aws:datapipeline/pipeline:Pipeline": { + "description": "Provides a Data Pipeline resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultPipeline = new aws.datapipeline.Pipeline(\"default\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.datapipeline.Pipeline(\"default\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.DataPipeline.Pipeline(\"default\", new Aws.DataPipeline.PipelineArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/datapipeline\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datapipeline.NewPipeline(ctx, \"_default\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_datapipeline_pipeline` can be imported by using the id (Pipeline ID), e.g.\n\n```sh\n $ pulumi import aws:datapipeline/pipeline:Pipeline default df-1234567890\n```\n\n ", + "properties": { + "description": { + "type": "string", + "description": "The description of Pipeline.\n" + }, + "name": { + "type": "string", + "description": "The name of Pipeline.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of Pipeline.\n" + }, + "name": { + "type": "string", + "description": "The name of Pipeline.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Pipeline resources.\n", + "properties": { + "description": { + "type": "string", + "description": "The description of Pipeline.\n" + }, + "name": { + "type": "string", + "description": "The name of Pipeline.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:datasync/agent:Agent": { + "description": "Manages an AWS DataSync Agent deployed on premises.\n\n> **NOTE:** One of `activation_key` or `ip_address` must be provided for resource creation (agent activation). Neither is required for resource import. If using `ip_address`, this provider must be able to make an HTTP (port 80) GET request to the specified IP address from where it is running. The agent will turn off that HTTP server after activation.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.datasync.Agent(\"example\", {\n ipAddress: \"1.2.3.4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.datasync.Agent(\"example\", ip_address=\"1.2.3.4\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DataSync.Agent(\"example\", new Aws.DataSync.AgentArgs\n {\n IpAddress = \"1.2.3.4\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/datasync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datasync.NewAgent(ctx, \"example\", &datasync.AgentArgs{\n\t\t\tIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_datasync_agent` can be imported by using the DataSync Agent Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:datasync/agent:Agent example arn:aws:datasync:us-east-1:123456789012:agent/agent-12345678901234567\n```\n\n ", + "properties": { + "activationKey": { + "type": "string", + "description": "DataSync Agent activation key during resource creation. Conflicts with `ip_address`. If an `ip_address` is provided instead, the provider will retrieve the `activation_key` as part of the resource creation.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Agent.\n" + }, + "ipAddress": { + "type": "string", + "description": "DataSync Agent IP address to retrieve activation key during resource creation. Conflicts with `activation_key`. DataSync Agent must be accessible on port 80 from where the provider is running.\n" + }, + "name": { + "type": "string", + "description": "Name of the DataSync Agent.\n" + }, + "privateLinkEndpoint": { + "type": "string", + "description": "The IP address of the VPC endpoint the agent should connect to when retrieving an activation key during resource creation. Conflicts with `activation_key`.\n" + }, + "securityGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ARNs of the security groups used to protect your data transfer task subnets.\n" + }, + "subnetArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Resource Names (ARNs) of the subnets in which DataSync will create elastic network interfaces for each data transfer task.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Agent. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC (virtual private cloud) endpoint that the agent has access to.\n" + } + }, + "required": [ + "activationKey", + "arn", + "ipAddress", + "name", + "tagsAll" + ], + "inputProperties": { + "activationKey": { + "type": "string", + "description": "DataSync Agent activation key during resource creation. Conflicts with `ip_address`. If an `ip_address` is provided instead, the provider will retrieve the `activation_key` as part of the resource creation.\n" + }, + "ipAddress": { + "type": "string", + "description": "DataSync Agent IP address to retrieve activation key during resource creation. Conflicts with `activation_key`. DataSync Agent must be accessible on port 80 from where the provider is running.\n" + }, + "name": { + "type": "string", + "description": "Name of the DataSync Agent.\n" + }, + "privateLinkEndpoint": { + "type": "string", + "description": "The IP address of the VPC endpoint the agent should connect to when retrieving an activation key during resource creation. Conflicts with `activation_key`.\n" + }, + "securityGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ARNs of the security groups used to protect your data transfer task subnets.\n" + }, + "subnetArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Resource Names (ARNs) of the subnets in which DataSync will create elastic network interfaces for each data transfer task.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Agent. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC (virtual private cloud) endpoint that the agent has access to.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Agent resources.\n", + "properties": { + "activationKey": { + "type": "string", + "description": "DataSync Agent activation key during resource creation. Conflicts with `ip_address`. If an `ip_address` is provided instead, the provider will retrieve the `activation_key` as part of the resource creation.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Agent.\n" + }, + "ipAddress": { + "type": "string", + "description": "DataSync Agent IP address to retrieve activation key during resource creation. Conflicts with `activation_key`. DataSync Agent must be accessible on port 80 from where the provider is running.\n" + }, + "name": { + "type": "string", + "description": "Name of the DataSync Agent.\n" + }, + "privateLinkEndpoint": { + "type": "string", + "description": "The IP address of the VPC endpoint the agent should connect to when retrieving an activation key during resource creation. Conflicts with `activation_key`.\n" + }, + "securityGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ARNs of the security groups used to protect your data transfer task subnets.\n" + }, + "subnetArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Resource Names (ARNs) of the subnets in which DataSync will create elastic network interfaces for each data transfer task.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Agent. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC (virtual private cloud) endpoint that the agent has access to.\n" + } + }, + "type": "object" + } + }, + "aws:datasync/efsLocation:EfsLocation": { + "description": "Manages an AWS DataSync EFS Location.\n\n> **NOTE:** The EFS File System must have a mounted EFS Mount Target before creating this resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.datasync.EfsLocation(\"example\", {\n efsFileSystemArn: aws_efs_mount_target.example.file_system_arn,\n ec2Config: {\n securityGroupArns: [aws_security_group.example.arn],\n subnetArn: aws_subnet.example.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.datasync.EfsLocation(\"example\",\n efs_file_system_arn=aws_efs_mount_target[\"example\"][\"file_system_arn\"],\n ec2_config=aws.datasync.EfsLocationEc2ConfigArgs(\n security_group_arns=[aws_security_group[\"example\"][\"arn\"]],\n subnet_arn=aws_subnet[\"example\"][\"arn\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DataSync.EfsLocation(\"example\", new Aws.DataSync.EfsLocationArgs\n {\n EfsFileSystemArn = aws_efs_mount_target.Example.File_system_arn,\n Ec2Config = new Aws.DataSync.Inputs.EfsLocationEc2ConfigArgs\n {\n SecurityGroupArns = \n {\n aws_security_group.Example.Arn,\n },\n SubnetArn = aws_subnet.Example.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/datasync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datasync.NewEfsLocation(ctx, \"example\", &datasync.EfsLocationArgs{\n\t\t\tEfsFileSystemArn: pulumi.Any(aws_efs_mount_target.Example.File_system_arn),\n\t\t\tEc2Config: &datasync.EfsLocationEc2ConfigArgs{\n\t\t\t\tSecurityGroupArns: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_security_group.Example.Arn),\n\t\t\t\t},\n\t\t\t\tSubnetArn: pulumi.Any(aws_subnet.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_datasync_location_efs` can be imported by using the DataSync Task Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:datasync/efsLocation:EfsLocation example arn:aws:datasync:us-east-1:123456789012:location/loc-12345678901234567\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Location.\n" + }, + "ec2Config": { + "$ref": "#/types/aws:datasync/EfsLocationEc2Config:EfsLocationEc2Config", + "description": "Configuration block containing EC2 configurations for connecting to the EFS File System.\n" + }, + "efsFileSystemArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of EFS File System.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination. Default `/`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string" + } + }, + "required": [ + "arn", + "ec2Config", + "efsFileSystemArn", + "tagsAll", + "uri" + ], + "inputProperties": { + "ec2Config": { + "$ref": "#/types/aws:datasync/EfsLocationEc2Config:EfsLocationEc2Config", + "description": "Configuration block containing EC2 configurations for connecting to the EFS File System.\n" + }, + "efsFileSystemArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of EFS File System.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination. Default `/`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "ec2Config", + "efsFileSystemArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EfsLocation resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Location.\n" + }, + "ec2Config": { + "$ref": "#/types/aws:datasync/EfsLocationEc2Config:EfsLocationEc2Config", + "description": "Configuration block containing EC2 configurations for connecting to the EFS File System.\n" + }, + "efsFileSystemArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of EFS File System.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination. Default `/`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string" + } + }, + "type": "object" + } + }, + "aws:datasync/locationFsxWindows:LocationFsxWindows": { + "description": "Manages an AWS DataSync FSx Windows Location.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.datasync.LocationFsxWindows(\"example\", {\n fsxFilesystemArn: aws_fsx_windows_file_system.example.arn,\n user: \"SomeUser\",\n password: \"SuperSecretPassw0rd\",\n securityGroupArns: [aws_security_group.example.arn],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.datasync.LocationFsxWindows(\"example\",\n fsx_filesystem_arn=aws_fsx_windows_file_system[\"example\"][\"arn\"],\n user=\"SomeUser\",\n password=\"SuperSecretPassw0rd\",\n security_group_arns=[aws_security_group[\"example\"][\"arn\"]])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DataSync.LocationFsxWindows(\"example\", new Aws.DataSync.LocationFsxWindowsArgs\n {\n FsxFilesystemArn = aws_fsx_windows_file_system.Example.Arn,\n User = \"SomeUser\",\n Password = \"SuperSecretPassw0rd\",\n SecurityGroupArns = \n {\n aws_security_group.Example.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/datasync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datasync.NewLocationFsxWindows(ctx, \"example\", &datasync.LocationFsxWindowsArgs{\n\t\t\tFsxFilesystemArn: pulumi.Any(aws_fsx_windows_file_system.Example.Arn),\n\t\t\tUser: pulumi.String(\"SomeUser\"),\n\t\t\tPassword: pulumi.String(\"SuperSecretPassw0rd\"),\n\t\t\tSecurityGroupArns: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_datasync_location_fsx_windows_file_system` can be imported by using the `DataSync-ARN#FSx-Windows-ARN`, e.g.\n\n```sh\n $ pulumi import aws:datasync/locationFsxWindows:LocationFsxWindows example arn:aws:datasync:us-west-2:123456789012:location/loc-12345678901234567#arn:aws:fsx:us-west-2:476956259333:file-system/fs-08e04cd442c1bb94a\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Location.\n" + }, + "creationTime": { + "type": "string", + "description": "The time that the FSx for Windows location was created.\n" + }, + "domain": { + "type": "string", + "description": "The name of the Windows domain that the FSx for Windows server belongs to.\n" + }, + "fsxFilesystemArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the FSx for Windows file system.\n" + }, + "password": { + "type": "string", + "description": "The password of the user who has the permissions to access files and folders in the FSx for Windows file system.\n" + }, + "securityGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Resource Names (ARNs) of the security groups that are to use to configure the FSx for Windows file system.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string", + "description": "The URL of the FSx for Windows location that was described.\n" + }, + "user": { + "type": "string", + "description": "The user who has the permissions to access files and folders in the FSx for Windows file system.\n" + } + }, + "required": [ + "arn", + "creationTime", + "fsxFilesystemArn", + "password", + "securityGroupArns", + "subdirectory", + "tagsAll", + "uri", + "user" + ], + "inputProperties": { + "domain": { + "type": "string", + "description": "The name of the Windows domain that the FSx for Windows server belongs to.\n" + }, + "fsxFilesystemArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the FSx for Windows file system.\n" + }, + "password": { + "type": "string", + "description": "The password of the user who has the permissions to access files and folders in the FSx for Windows file system.\n" + }, + "securityGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Resource Names (ARNs) of the security groups that are to use to configure the FSx for Windows file system.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "user": { + "type": "string", + "description": "The user who has the permissions to access files and folders in the FSx for Windows file system.\n" + } + }, + "requiredInputs": [ + "fsxFilesystemArn", + "password", + "securityGroupArns", + "user" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LocationFsxWindows resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Location.\n" + }, + "creationTime": { + "type": "string", + "description": "The time that the FSx for Windows location was created.\n" + }, + "domain": { + "type": "string", + "description": "The name of the Windows domain that the FSx for Windows server belongs to.\n" + }, + "fsxFilesystemArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the FSx for Windows file system.\n" + }, + "password": { + "type": "string", + "description": "The password of the user who has the permissions to access files and folders in the FSx for Windows file system.\n" + }, + "securityGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Resource Names (ARNs) of the security groups that are to use to configure the FSx for Windows file system.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string", + "description": "The URL of the FSx for Windows location that was described.\n" + }, + "user": { + "type": "string", + "description": "The user who has the permissions to access files and folders in the FSx for Windows file system.\n" + } + }, + "type": "object" + } + }, + "aws:datasync/locationSmb:LocationSmb": { + "description": "Manages a SMB Location within AWS DataSync.\n\n> **NOTE:** The DataSync Agents must be available before creating this resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.datasync.LocationSmb(\"example\", {\n serverHostname: \"smb.example.com\",\n subdirectory: \"/exported/path\",\n user: \"Guest\",\n password: \"ANotGreatPassword\",\n agentArns: [aws_datasync_agent.example.arn],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.datasync.LocationSmb(\"example\",\n server_hostname=\"smb.example.com\",\n subdirectory=\"/exported/path\",\n user=\"Guest\",\n password=\"ANotGreatPassword\",\n agent_arns=[aws_datasync_agent[\"example\"][\"arn\"]])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DataSync.LocationSmb(\"example\", new Aws.DataSync.LocationSmbArgs\n {\n ServerHostname = \"smb.example.com\",\n Subdirectory = \"/exported/path\",\n User = \"Guest\",\n Password = \"ANotGreatPassword\",\n AgentArns = \n {\n aws_datasync_agent.Example.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/datasync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datasync.NewLocationSmb(ctx, \"example\", &datasync.LocationSmbArgs{\n\t\t\tServerHostname: pulumi.String(\"smb.example.com\"),\n\t\t\tSubdirectory: pulumi.String(\"/exported/path\"),\n\t\t\tUser: pulumi.String(\"Guest\"),\n\t\t\tPassword: pulumi.String(\"ANotGreatPassword\"),\n\t\t\tAgentArns: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_datasync_agent.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_datasync_location_smb` can be imported by using the Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:datasync/locationSmb:LocationSmb example arn:aws:datasync:us-east-1:123456789012:location/loc-12345678901234567\n```\n\n ", + "properties": { + "agentArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of DataSync Agent ARNs with which this location will be associated.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Location.\n" + }, + "domain": { + "type": "string", + "description": "The name of the Windows domain the SMB server belongs to.\n" + }, + "mountOptions": { + "$ref": "#/types/aws:datasync/LocationSmbMountOptions:LocationSmbMountOptions", + "description": "Configuration block containing mount options used by DataSync to access the SMB Server. Can be `AUTOMATIC`, `SMB2`, or `SMB3`.\n" + }, + "password": { + "type": "string", + "description": "The password of the user who can mount the share and has file permissions in the SMB.\n" + }, + "serverHostname": { + "type": "string", + "description": "Specifies the IP address or DNS name of the SMB server. The DataSync Agent(s) use this to mount the SMB share.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination. Should be exported by the NFS server.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string" + }, + "user": { + "type": "string", + "description": "The user who can mount the share and has file and folder permissions in the SMB share.\n" + } + }, + "required": [ + "agentArns", + "arn", + "domain", + "password", + "serverHostname", + "subdirectory", + "tagsAll", + "uri", + "user" + ], + "inputProperties": { + "agentArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of DataSync Agent ARNs with which this location will be associated.\n" + }, + "domain": { + "type": "string", + "description": "The name of the Windows domain the SMB server belongs to.\n" + }, + "mountOptions": { + "$ref": "#/types/aws:datasync/LocationSmbMountOptions:LocationSmbMountOptions", + "description": "Configuration block containing mount options used by DataSync to access the SMB Server. Can be `AUTOMATIC`, `SMB2`, or `SMB3`.\n" + }, + "password": { + "type": "string", + "description": "The password of the user who can mount the share and has file permissions in the SMB.\n" + }, + "serverHostname": { + "type": "string", + "description": "Specifies the IP address or DNS name of the SMB server. The DataSync Agent(s) use this to mount the SMB share.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination. Should be exported by the NFS server.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "user": { + "type": "string", + "description": "The user who can mount the share and has file and folder permissions in the SMB share.\n" + } + }, + "requiredInputs": [ + "agentArns", + "password", + "serverHostname", + "subdirectory", + "user" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LocationSmb resources.\n", + "properties": { + "agentArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of DataSync Agent ARNs with which this location will be associated.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Location.\n" + }, + "domain": { + "type": "string", + "description": "The name of the Windows domain the SMB server belongs to.\n" + }, + "mountOptions": { + "$ref": "#/types/aws:datasync/LocationSmbMountOptions:LocationSmbMountOptions", + "description": "Configuration block containing mount options used by DataSync to access the SMB Server. Can be `AUTOMATIC`, `SMB2`, or `SMB3`.\n" + }, + "password": { + "type": "string", + "description": "The password of the user who can mount the share and has file permissions in the SMB.\n" + }, + "serverHostname": { + "type": "string", + "description": "Specifies the IP address or DNS name of the SMB server. The DataSync Agent(s) use this to mount the SMB share.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination. Should be exported by the NFS server.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string" + }, + "user": { + "type": "string", + "description": "The user who can mount the share and has file and folder permissions in the SMB share.\n" + } + }, + "type": "object" + } + }, + "aws:datasync/nfsLocation:NfsLocation": { + "description": "Manages an NFS Location within AWS DataSync.\n\n> **NOTE:** The DataSync Agents must be available before creating this resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.datasync.NfsLocation(\"example\", {\n serverHostname: \"nfs.example.com\",\n subdirectory: \"/exported/path\",\n onPremConfig: {\n agentArns: [aws_datasync_agent.example.arn],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.datasync.NfsLocation(\"example\",\n server_hostname=\"nfs.example.com\",\n subdirectory=\"/exported/path\",\n on_prem_config=aws.datasync.NfsLocationOnPremConfigArgs(\n agent_arns=[aws_datasync_agent[\"example\"][\"arn\"]],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DataSync.NfsLocation(\"example\", new Aws.DataSync.NfsLocationArgs\n {\n ServerHostname = \"nfs.example.com\",\n Subdirectory = \"/exported/path\",\n OnPremConfig = new Aws.DataSync.Inputs.NfsLocationOnPremConfigArgs\n {\n AgentArns = \n {\n aws_datasync_agent.Example.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/datasync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datasync.NewNfsLocation(ctx, \"example\", &datasync.NfsLocationArgs{\n\t\t\tServerHostname: pulumi.String(\"nfs.example.com\"),\n\t\t\tSubdirectory: pulumi.String(\"/exported/path\"),\n\t\t\tOnPremConfig: &datasync.NfsLocationOnPremConfigArgs{\n\t\t\t\tAgentArns: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_datasync_agent.Example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_datasync_location_nfs` can be imported by using the DataSync Task Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:datasync/nfsLocation:NfsLocation example arn:aws:datasync:us-east-1:123456789012:location/loc-12345678901234567\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Location.\n" + }, + "mountOptions": { + "$ref": "#/types/aws:datasync/NfsLocationMountOptions:NfsLocationMountOptions", + "description": "Configuration block containing mount options used by DataSync to access the NFS Server.\n" + }, + "onPremConfig": { + "$ref": "#/types/aws:datasync/NfsLocationOnPremConfig:NfsLocationOnPremConfig", + "description": "Configuration block containing information for connecting to the NFS File System.\n" + }, + "serverHostname": { + "type": "string", + "description": "Specifies the IP address or DNS name of the NFS server. The DataSync Agent(s) use this to mount the NFS server.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination. Should be exported by the NFS server.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string" + } + }, + "required": [ + "arn", + "onPremConfig", + "serverHostname", + "subdirectory", + "tagsAll", + "uri" + ], + "inputProperties": { + "mountOptions": { + "$ref": "#/types/aws:datasync/NfsLocationMountOptions:NfsLocationMountOptions", + "description": "Configuration block containing mount options used by DataSync to access the NFS Server.\n" + }, + "onPremConfig": { + "$ref": "#/types/aws:datasync/NfsLocationOnPremConfig:NfsLocationOnPremConfig", + "description": "Configuration block containing information for connecting to the NFS File System.\n" + }, + "serverHostname": { + "type": "string", + "description": "Specifies the IP address or DNS name of the NFS server. The DataSync Agent(s) use this to mount the NFS server.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination. Should be exported by the NFS server.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "onPremConfig", + "serverHostname", + "subdirectory" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NfsLocation resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Location.\n" + }, + "mountOptions": { + "$ref": "#/types/aws:datasync/NfsLocationMountOptions:NfsLocationMountOptions", + "description": "Configuration block containing mount options used by DataSync to access the NFS Server.\n" + }, + "onPremConfig": { + "$ref": "#/types/aws:datasync/NfsLocationOnPremConfig:NfsLocationOnPremConfig", + "description": "Configuration block containing information for connecting to the NFS File System.\n" + }, + "serverHostname": { + "type": "string", + "description": "Specifies the IP address or DNS name of the NFS server. The DataSync Agent(s) use this to mount the NFS server.\n" + }, + "subdirectory": { + "type": "string", + "description": "Subdirectory to perform actions as source or destination. Should be exported by the NFS server.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string" + } + }, + "type": "object" + } + }, + "aws:datasync/s3Location:S3Location": { + "description": "Manages an S3 Location within AWS DataSync.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.datasync.S3Location(\"example\", {\n s3BucketArn: aws_s3_bucket.example.arn,\n subdirectory: \"/example/prefix\",\n s3Config: {\n bucketAccessRoleArn: aws_iam_role.example.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.datasync.S3Location(\"example\",\n s3_bucket_arn=aws_s3_bucket[\"example\"][\"arn\"],\n subdirectory=\"/example/prefix\",\n s3_config=aws.datasync.S3LocationS3ConfigArgs(\n bucket_access_role_arn=aws_iam_role[\"example\"][\"arn\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DataSync.S3Location(\"example\", new Aws.DataSync.S3LocationArgs\n {\n S3BucketArn = aws_s3_bucket.Example.Arn,\n Subdirectory = \"/example/prefix\",\n S3Config = new Aws.DataSync.Inputs.S3LocationS3ConfigArgs\n {\n BucketAccessRoleArn = aws_iam_role.Example.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/datasync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datasync.NewS3Location(ctx, \"example\", &datasync.S3LocationArgs{\n\t\t\tS3BucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n\t\t\tSubdirectory: pulumi.String(\"/example/prefix\"),\n\t\t\tS3Config: &datasync.S3LocationS3ConfigArgs{\n\t\t\t\tBucketAccessRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_datasync_location_s3` can be imported by using the DataSync Task Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:datasync/s3Location:S3Location example arn:aws:datasync:us-east-1:123456789012:location/loc-12345678901234567\n```\n\n ", + "properties": { + "agentArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of DataSync Agent ARNs with which this location will be associated.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Location.\n" + }, + "s3BucketArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of the S3 Bucket.\n" + }, + "s3Config": { + "$ref": "#/types/aws:datasync/S3LocationS3Config:S3LocationS3Config", + "description": "Configuration block containing information for connecting to S3.\n" + }, + "s3StorageClass": { + "type": "string", + "description": "The Amazon S3 storage class that you want to store your files in when this location is used as a task destination. [Valid values](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes)\n" + }, + "subdirectory": { + "type": "string", + "description": "Prefix to perform actions as source or destination.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string" + } + }, + "required": [ + "arn", + "s3BucketArn", + "s3Config", + "s3StorageClass", + "subdirectory", + "tagsAll", + "uri" + ], + "inputProperties": { + "agentArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of DataSync Agent ARNs with which this location will be associated.\n" + }, + "s3BucketArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of the S3 Bucket.\n" + }, + "s3Config": { + "$ref": "#/types/aws:datasync/S3LocationS3Config:S3LocationS3Config", + "description": "Configuration block containing information for connecting to S3.\n" + }, + "s3StorageClass": { + "type": "string", + "description": "The Amazon S3 storage class that you want to store your files in when this location is used as a task destination. [Valid values](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes)\n" + }, + "subdirectory": { + "type": "string", + "description": "Prefix to perform actions as source or destination.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "s3BucketArn", + "s3Config", + "subdirectory" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering S3Location resources.\n", + "properties": { + "agentArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of DataSync Agent ARNs with which this location will be associated.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Location.\n" + }, + "s3BucketArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of the S3 Bucket.\n" + }, + "s3Config": { + "$ref": "#/types/aws:datasync/S3LocationS3Config:S3LocationS3Config", + "description": "Configuration block containing information for connecting to S3.\n" + }, + "s3StorageClass": { + "type": "string", + "description": "The Amazon S3 storage class that you want to store your files in when this location is used as a task destination. [Valid values](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#using-storage-classes)\n" + }, + "subdirectory": { + "type": "string", + "description": "Prefix to perform actions as source or destination.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Location. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string" + } + }, + "type": "object" + } + }, + "aws:datasync/task:Task": { + "description": "Manages an AWS DataSync Task, which represents a configuration for synchronization. Starting an execution of these DataSync Tasks (actually synchronizing files) is performed outside of this resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### With Scheduling\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.datasync.Task(\"example\", {\n destinationLocationArn: aws_datasync_location_s3.destination.arn,\n sourceLocationArn: aws_datasync_location_nfs.source.arn,\n schedule: {\n scheduleExpression: \"cron(0 12 ? * SUN,WED *)\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.datasync.Task(\"example\",\n destination_location_arn=aws_datasync_location_s3[\"destination\"][\"arn\"],\n source_location_arn=aws_datasync_location_nfs[\"source\"][\"arn\"],\n schedule=aws.datasync.TaskScheduleArgs(\n schedule_expression=\"cron(0 12 ? * SUN,WED *)\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DataSync.Task(\"example\", new Aws.DataSync.TaskArgs\n {\n DestinationLocationArn = aws_datasync_location_s3.Destination.Arn,\n SourceLocationArn = aws_datasync_location_nfs.Source.Arn,\n Schedule = new Aws.DataSync.Inputs.TaskScheduleArgs\n {\n ScheduleExpression = \"cron(0 12 ? * SUN,WED *)\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/datasync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datasync.NewTask(ctx, \"example\", &datasync.TaskArgs{\n\t\t\tDestinationLocationArn: pulumi.Any(aws_datasync_location_s3.Destination.Arn),\n\t\t\tSourceLocationArn: pulumi.Any(aws_datasync_location_nfs.Source.Arn),\n\t\t\tSchedule: &datasync.TaskScheduleArgs{\n\t\t\t\tScheduleExpression: pulumi.String(\"cron(0 12 ? * SUN,WED *)\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### With Filtering\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.datasync.Task(\"example\", {\n destinationLocationArn: aws_datasync_location_s3.destination.arn,\n sourceLocationArn: aws_datasync_location_nfs.source.arn,\n excludes: {\n filterType: \"SIMPLE_PATTERN\",\n value: \"/folder1|/folder2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.datasync.Task(\"example\",\n destination_location_arn=aws_datasync_location_s3[\"destination\"][\"arn\"],\n source_location_arn=aws_datasync_location_nfs[\"source\"][\"arn\"],\n excludes=aws.datasync.TaskExcludesArgs(\n filter_type=\"SIMPLE_PATTERN\",\n value=\"/folder1|/folder2\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DataSync.Task(\"example\", new Aws.DataSync.TaskArgs\n {\n DestinationLocationArn = aws_datasync_location_s3.Destination.Arn,\n SourceLocationArn = aws_datasync_location_nfs.Source.Arn,\n Excludes = new Aws.DataSync.Inputs.TaskExcludesArgs\n {\n FilterType = \"SIMPLE_PATTERN\",\n Value = \"/folder1|/folder2\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/datasync\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datasync.NewTask(ctx, \"example\", &datasync.TaskArgs{\n\t\t\tDestinationLocationArn: pulumi.Any(aws_datasync_location_s3.Destination.Arn),\n\t\t\tSourceLocationArn: pulumi.Any(aws_datasync_location_nfs.Source.Arn),\n\t\t\tExcludes: &datasync.TaskExcludesArgs{\n\t\t\t\tFilterType: pulumi.String(\"SIMPLE_PATTERN\"),\n\t\t\t\tValue: pulumi.String(\"/folder1|/folder2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_datasync_task` can be imported by using the DataSync Task Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:datasync/task:Task example arn:aws:datasync:us-east-1:123456789012:task/task-12345678901234567\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Task.\n" + }, + "cloudwatchLogGroupArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of the CloudWatch Log Group that is used to monitor and log events in the sync task.\n" + }, + "destinationLocationArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of destination DataSync Location.\n" + }, + "excludes": { + "$ref": "#/types/aws:datasync/TaskExcludes:TaskExcludes", + "description": "Filter rules that determines which files to exclude from a task.\n" + }, + "name": { + "type": "string", + "description": "Name of the DataSync Task.\n" + }, + "options": { + "$ref": "#/types/aws:datasync/TaskOptions:TaskOptions", + "description": "Configuration block containing option that controls the default behavior when you start an execution of this DataSync Task. For each individual task execution, you can override these options by specifying an overriding configuration in those executions.\n" + }, + "schedule": { + "$ref": "#/types/aws:datasync/TaskSchedule:TaskSchedule", + "description": "Specifies a schedule used to periodically transfer files from a source to a destination location.\n" + }, + "sourceLocationArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of source DataSync Location.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Task. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "destinationLocationArn", + "name", + "sourceLocationArn", + "tagsAll" + ], + "inputProperties": { + "cloudwatchLogGroupArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of the CloudWatch Log Group that is used to monitor and log events in the sync task.\n" + }, + "destinationLocationArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of destination DataSync Location.\n" + }, + "excludes": { + "$ref": "#/types/aws:datasync/TaskExcludes:TaskExcludes", + "description": "Filter rules that determines which files to exclude from a task.\n" + }, + "name": { + "type": "string", + "description": "Name of the DataSync Task.\n" + }, + "options": { + "$ref": "#/types/aws:datasync/TaskOptions:TaskOptions", + "description": "Configuration block containing option that controls the default behavior when you start an execution of this DataSync Task. For each individual task execution, you can override these options by specifying an overriding configuration in those executions.\n" + }, + "schedule": { + "$ref": "#/types/aws:datasync/TaskSchedule:TaskSchedule", + "description": "Specifies a schedule used to periodically transfer files from a source to a destination location.\n" + }, + "sourceLocationArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of source DataSync Location.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Task. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "destinationLocationArn", + "sourceLocationArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Task resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DataSync Task.\n" + }, + "cloudwatchLogGroupArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of the CloudWatch Log Group that is used to monitor and log events in the sync task.\n" + }, + "destinationLocationArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of destination DataSync Location.\n" + }, + "excludes": { + "$ref": "#/types/aws:datasync/TaskExcludes:TaskExcludes", + "description": "Filter rules that determines which files to exclude from a task.\n" + }, + "name": { + "type": "string", + "description": "Name of the DataSync Task.\n" + }, + "options": { + "$ref": "#/types/aws:datasync/TaskOptions:TaskOptions", + "description": "Configuration block containing option that controls the default behavior when you start an execution of this DataSync Task. For each individual task execution, you can override these options by specifying an overriding configuration in those executions.\n" + }, + "schedule": { + "$ref": "#/types/aws:datasync/TaskSchedule:TaskSchedule", + "description": "Specifies a schedule used to periodically transfer files from a source to a destination location.\n" + }, + "sourceLocationArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of source DataSync Location.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value pairs of resource tags to assign to the DataSync Task. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:dax/cluster:Cluster": { + "description": "Provides a DAX Cluster resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.dax.Cluster(\"bar\", {\n clusterName: \"cluster-example\",\n iamRoleArn: data.aws_iam_role.example.arn,\n nodeType: \"dax.r4.large\",\n replicationFactor: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.dax.Cluster(\"bar\",\n cluster_name=\"cluster-example\",\n iam_role_arn=data[\"aws_iam_role\"][\"example\"][\"arn\"],\n node_type=\"dax.r4.large\",\n replication_factor=1)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = new Aws.Dax.Cluster(\"bar\", new Aws.Dax.ClusterArgs\n {\n ClusterName = \"cluster-example\",\n IamRoleArn = data.Aws_iam_role.Example.Arn,\n NodeType = \"dax.r4.large\",\n ReplicationFactor = 1,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dax\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dax.NewCluster(ctx, \"bar\", &dax.ClusterArgs{\n\t\t\tClusterName: pulumi.String(\"cluster-example\"),\n\t\t\tIamRoleArn: pulumi.Any(data.Aws_iam_role.Example.Arn),\n\t\t\tNodeType: pulumi.String(\"dax.r4.large\"),\n\t\t\tReplicationFactor: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDAX Clusters can be imported using the `cluster_name`, e.g.\n\n```sh\n $ pulumi import aws:dax/cluster:Cluster my_cluster my_cluster\n```\n\n [1]http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.concepts.cluster.html#DAX.concepts.nodes ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the DAX cluster\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Availability Zones in which the\nnodes will be created\n" + }, + "clusterAddress": { + "type": "string", + "description": "The DNS name of the DAX cluster without the port appended\n" + }, + "clusterName": { + "type": "string", + "description": "Group identifier. DAX converts this name to\nlowercase\n" + }, + "configurationEndpoint": { + "type": "string", + "description": "The configuration endpoint for this DAX cluster,\nconsisting of a DNS name and a port number\n" + }, + "description": { + "type": "string", + "description": "Description for the cluster\n" + }, + "iamRoleArn": { + "type": "string", + "description": "A valid Amazon Resource Name (ARN) that identifies\nan IAM role. At runtime, DAX will assume this role and use the role's\npermissions to access DynamoDB on your behalf\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range for when\nmaintenance on the cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi`\n(24H Clock UTC). The minimum maintenance window is a 60 minute period. Example:\n`sun:05:00-sun:09:00`\n" + }, + "nodeType": { + "type": "string", + "description": "The compute and memory capacity of the nodes. See\n[Nodes](http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.concepts.cluster.html#DAX.concepts.nodes) for supported node types\n" + }, + "nodes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dax/ClusterNode:ClusterNode" + }, + "description": "List of node objects including `id`, `address`, `port` and\n`availability_zone`. Referenceable e.g. as\n`${aws_dax_cluster.test.nodes.0.address}`\n" + }, + "notificationTopicArn": { + "type": "string", + "description": "An Amazon Resource Name (ARN) of an\nSNS topic to send DAX notifications to. Example:\n`arn:aws:sns:us-east-1:012345678999:my_sns_topic`\n" + }, + "parameterGroupName": { + "type": "string", + "description": "Name of the parameter group to associate\nwith this DAX cluster\n" + }, + "port": { + "type": "integer", + "description": "The port used by the configuration endpoint\n" + }, + "replicationFactor": { + "type": "integer", + "description": "The number of nodes in the DAX cluster. A\nreplication factor of 1 will create a single-node cluster, without any read\nreplicas\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security groups associated\nwith the cluster\n" + }, + "serverSideEncryption": { + "$ref": "#/types/aws:dax/ClusterServerSideEncryption:ClusterServerSideEncryption", + "description": "Encrypt at rest options\n" + }, + "subnetGroupName": { + "type": "string", + "description": "Name of the subnet group to be used for the\ncluster\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "clusterAddress", + "clusterName", + "configurationEndpoint", + "iamRoleArn", + "maintenanceWindow", + "nodeType", + "nodes", + "parameterGroupName", + "port", + "replicationFactor", + "securityGroupIds", + "subnetGroupName", + "tagsAll" + ], + "inputProperties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Availability Zones in which the\nnodes will be created\n" + }, + "clusterName": { + "type": "string", + "description": "Group identifier. DAX converts this name to\nlowercase\n" + }, + "description": { + "type": "string", + "description": "Description for the cluster\n" + }, + "iamRoleArn": { + "type": "string", + "description": "A valid Amazon Resource Name (ARN) that identifies\nan IAM role. At runtime, DAX will assume this role and use the role's\npermissions to access DynamoDB on your behalf\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range for when\nmaintenance on the cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi`\n(24H Clock UTC). The minimum maintenance window is a 60 minute period. Example:\n`sun:05:00-sun:09:00`\n" + }, + "nodeType": { + "type": "string", + "description": "The compute and memory capacity of the nodes. See\n[Nodes](http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.concepts.cluster.html#DAX.concepts.nodes) for supported node types\n" + }, + "notificationTopicArn": { + "type": "string", + "description": "An Amazon Resource Name (ARN) of an\nSNS topic to send DAX notifications to. Example:\n`arn:aws:sns:us-east-1:012345678999:my_sns_topic`\n" + }, + "parameterGroupName": { + "type": "string", + "description": "Name of the parameter group to associate\nwith this DAX cluster\n" + }, + "replicationFactor": { + "type": "integer", + "description": "The number of nodes in the DAX cluster. A\nreplication factor of 1 will create a single-node cluster, without any read\nreplicas\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security groups associated\nwith the cluster\n" + }, + "serverSideEncryption": { + "$ref": "#/types/aws:dax/ClusterServerSideEncryption:ClusterServerSideEncryption", + "description": "Encrypt at rest options\n" + }, + "subnetGroupName": { + "type": "string", + "description": "Name of the subnet group to be used for the\ncluster\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "clusterName", + "iamRoleArn", + "nodeType", + "replicationFactor" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the DAX cluster\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Availability Zones in which the\nnodes will be created\n" + }, + "clusterAddress": { + "type": "string", + "description": "The DNS name of the DAX cluster without the port appended\n" + }, + "clusterName": { + "type": "string", + "description": "Group identifier. DAX converts this name to\nlowercase\n" + }, + "configurationEndpoint": { + "type": "string", + "description": "The configuration endpoint for this DAX cluster,\nconsisting of a DNS name and a port number\n" + }, + "description": { + "type": "string", + "description": "Description for the cluster\n" + }, + "iamRoleArn": { + "type": "string", + "description": "A valid Amazon Resource Name (ARN) that identifies\nan IAM role. At runtime, DAX will assume this role and use the role's\npermissions to access DynamoDB on your behalf\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range for when\nmaintenance on the cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi`\n(24H Clock UTC). The minimum maintenance window is a 60 minute period. Example:\n`sun:05:00-sun:09:00`\n" + }, + "nodeType": { + "type": "string", + "description": "The compute and memory capacity of the nodes. See\n[Nodes](http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.concepts.cluster.html#DAX.concepts.nodes) for supported node types\n" + }, + "nodes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dax/ClusterNode:ClusterNode" + }, + "description": "List of node objects including `id`, `address`, `port` and\n`availability_zone`. Referenceable e.g. as\n`${aws_dax_cluster.test.nodes.0.address}`\n" + }, + "notificationTopicArn": { + "type": "string", + "description": "An Amazon Resource Name (ARN) of an\nSNS topic to send DAX notifications to. Example:\n`arn:aws:sns:us-east-1:012345678999:my_sns_topic`\n" + }, + "parameterGroupName": { + "type": "string", + "description": "Name of the parameter group to associate\nwith this DAX cluster\n" + }, + "port": { + "type": "integer", + "description": "The port used by the configuration endpoint\n" + }, + "replicationFactor": { + "type": "integer", + "description": "The number of nodes in the DAX cluster. A\nreplication factor of 1 will create a single-node cluster, without any read\nreplicas\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security groups associated\nwith the cluster\n" + }, + "serverSideEncryption": { + "$ref": "#/types/aws:dax/ClusterServerSideEncryption:ClusterServerSideEncryption", + "description": "Encrypt at rest options\n" + }, + "subnetGroupName": { + "type": "string", + "description": "Name of the subnet group to be used for the\ncluster\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:dax/parameterGroup:ParameterGroup": { + "description": "Provides a DAX Parameter Group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.dax.ParameterGroup(\"example\", {\n parameters: [\n {\n name: \"query-ttl-millis\",\n value: \"100000\",\n },\n {\n name: \"record-ttl-millis\",\n value: \"100000\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.dax.ParameterGroup(\"example\", parameters=[\n aws.dax.ParameterGroupParameterArgs(\n name=\"query-ttl-millis\",\n value=\"100000\",\n ),\n aws.dax.ParameterGroupParameterArgs(\n name=\"record-ttl-millis\",\n value=\"100000\",\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Dax.ParameterGroup(\"example\", new Aws.Dax.ParameterGroupArgs\n {\n Parameters = \n {\n new Aws.Dax.Inputs.ParameterGroupParameterArgs\n {\n Name = \"query-ttl-millis\",\n Value = \"100000\",\n },\n new Aws.Dax.Inputs.ParameterGroupParameterArgs\n {\n Name = \"record-ttl-millis\",\n Value = \"100000\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dax\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dax.NewParameterGroup(ctx, \"example\", &dax.ParameterGroupArgs{\n\t\t\tParameters: dax.ParameterGroupParameterArray{\n\t\t\t\t&dax.ParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"query-ttl-millis\"),\n\t\t\t\t\tValue: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t\t&dax.ParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"record-ttl-millis\"),\n\t\t\t\t\tValue: pulumi.String(\"100000\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDAX Parameter Group can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:dax/parameterGroup:ParameterGroup example my_dax_pg\n```\n\n ", + "properties": { + "description": { + "type": "string", + "description": "A description of the parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the parameter group.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:dax/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "The parameters of the parameter group.\n" + } + }, + "required": [ + "name", + "parameters" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the parameter group.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:dax/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "The parameters of the parameter group.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ParameterGroup resources.\n", + "properties": { + "description": { + "type": "string", + "description": "A description of the parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the parameter group.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:dax/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "The parameters of the parameter group.\n" + } + }, + "type": "object" + } + }, + "aws:dax/subnetGroup:SubnetGroup": { + "description": "Provides a DAX Subnet Group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.dax.SubnetGroup(\"example\", {subnetIds: [\n aws_subnet.example1.id,\n aws_subnet.example2.id,\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.dax.SubnetGroup(\"example\", subnet_ids=[\n aws_subnet[\"example1\"][\"id\"],\n aws_subnet[\"example2\"][\"id\"],\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Dax.SubnetGroup(\"example\", new Aws.Dax.SubnetGroupArgs\n {\n SubnetIds = \n {\n aws_subnet.Example1.Id,\n aws_subnet.Example2.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dax\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dax.NewSubnetGroup(ctx, \"example\", &dax.SubnetGroupArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\tpulumi.Any(aws_subnet.Example2.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDAX Subnet Group can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:dax/subnetGroup:SubnetGroup example my_dax_sg\n```\n\n ", + "properties": { + "description": { + "type": "string", + "description": "A description of the subnet group.\n" + }, + "name": { + "type": "string", + "description": "The name of the subnet group.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs for the subnet group.\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID of the subnet group.\n" + } + }, + "required": [ + "name", + "subnetIds", + "vpcId" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the subnet group.\n" + }, + "name": { + "type": "string", + "description": "The name of the subnet group.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs for the subnet group.\n" + } + }, + "requiredInputs": [ + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SubnetGroup resources.\n", + "properties": { + "description": { + "type": "string", + "description": "A description of the subnet group.\n" + }, + "name": { + "type": "string", + "description": "The name of the subnet group.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs for the subnet group.\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID of the subnet group.\n" + } + }, + "type": "object" + } + }, + "aws:devicefarm/project:Project": { + "description": "Provides a resource to manage AWS Device Farm Projects.\n\nFor more information about Device Farm Projects, see the AWS Documentation on\n[Device Farm Projects][aws-get-project].\n\n> **NOTE:** AWS currently has limited regional support for Device Farm (e.g. `us-west-2`). See [AWS Device Farm endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/devicefarm.html) for information on supported regions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst awesomeDevices = new aws.devicefarm.Project(\"awesome_devices\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nawesome_devices = aws.devicefarm.Project(\"awesomeDevices\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var awesomeDevices = new Aws.DeviceFarm.Project(\"awesomeDevices\", new Aws.DeviceFarm.ProjectArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/devicefarm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := devicefarm.NewProject(ctx, \"awesomeDevices\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDeviceFarm Projects can be imported by their arn\n\n```sh\n $ pulumi import aws:devicefarm/project:Project example arn:aws:devicefarm:us-west-2:123456789012:project:4fa784c7-ccb4-4dbf-ba4f-02198320daa1\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of this project\n" + }, + "defaultJobTimeoutMinutes": { + "type": "integer", + "description": "Sets the execution timeout value (in minutes) for a project. All test runs in this project use the specified execution timeout value unless overridden when scheduling a run.\n" + }, + "name": { + "type": "string", + "description": "The name of the project\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "defaultJobTimeoutMinutes": { + "type": "integer", + "description": "Sets the execution timeout value (in minutes) for a project. All test runs in this project use the specified execution timeout value unless overridden when scheduling a run.\n" + }, + "name": { + "type": "string", + "description": "The name of the project\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Project resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of this project\n" + }, + "defaultJobTimeoutMinutes": { + "type": "integer", + "description": "Sets the execution timeout value (in minutes) for a project. All test runs in this project use the specified execution timeout value unless overridden when scheduling a run.\n" + }, + "name": { + "type": "string", + "description": "The name of the project\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/bgpPeer:BgpPeer": { + "description": "Provides a Direct Connect BGP peer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst peer = new aws.directconnect.BgpPeer(\"peer\", {\n virtualInterfaceId: aws_dx_private_virtual_interface.foo.id,\n addressFamily: \"ipv6\",\n bgpAsn: 65351,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npeer = aws.directconnect.BgpPeer(\"peer\",\n virtual_interface_id=aws_dx_private_virtual_interface[\"foo\"][\"id\"],\n address_family=\"ipv6\",\n bgp_asn=65351)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var peer = new Aws.DirectConnect.BgpPeer(\"peer\", new Aws.DirectConnect.BgpPeerArgs\n {\n VirtualInterfaceId = aws_dx_private_virtual_interface.Foo.Id,\n AddressFamily = \"ipv6\",\n BgpAsn = 65351,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.NewBgpPeer(ctx, \"peer\", &directconnect.BgpPeerArgs{\n\t\t\tVirtualInterfaceId: pulumi.Any(aws_dx_private_virtual_interface.Foo.Id),\n\t\t\tAddressFamily: pulumi.String(\"ipv6\"),\n\t\t\tBgpAsn: pulumi.Int(65351),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon.\nRequired for IPv4 BGP peers on public virtual interfaces.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the BGP peer terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "bgpPeerId": { + "type": "string", + "description": "The ID of the BGP peer.\n" + }, + "bgpStatus": { + "type": "string", + "description": "The Up/Down state of the BGP peer.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic.\nRequired for IPv4 BGP peers on public virtual interfaces.\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface on which to create the BGP peer.\n" + } + }, + "required": [ + "addressFamily", + "amazonAddress", + "awsDevice", + "bgpAsn", + "bgpAuthKey", + "bgpPeerId", + "bgpStatus", + "customerAddress", + "virtualInterfaceId" + ], + "inputProperties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon.\nRequired for IPv4 BGP peers on public virtual interfaces.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic.\nRequired for IPv4 BGP peers on public virtual interfaces.\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface on which to create the BGP peer.\n" + } + }, + "requiredInputs": [ + "addressFamily", + "bgpAsn", + "virtualInterfaceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BgpPeer resources.\n", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon.\nRequired for IPv4 BGP peers on public virtual interfaces.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the BGP peer terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "bgpPeerId": { + "type": "string", + "description": "The ID of the BGP peer.\n" + }, + "bgpStatus": { + "type": "string", + "description": "The Up/Down state of the BGP peer.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic.\nRequired for IPv4 BGP peers on public virtual interfaces.\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface on which to create the BGP peer.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/connection:Connection": { + "description": "Provides a Connection of Direct Connect.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst hoge = new aws.directconnect.Connection(\"hoge\", {\n bandwidth: \"1Gbps\",\n location: \"EqDC2\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nhoge = aws.directconnect.Connection(\"hoge\",\n bandwidth=\"1Gbps\",\n location=\"EqDC2\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var hoge = new Aws.DirectConnect.Connection(\"hoge\", new Aws.DirectConnect.ConnectionArgs\n {\n Bandwidth = \"1Gbps\",\n Location = \"EqDC2\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.NewConnection(ctx, \"hoge\", &directconnect.ConnectionArgs{\n\t\t\tBandwidth: pulumi.String(\"1Gbps\"),\n\t\t\tLocation: pulumi.String(\"EqDC2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect connections can be imported using the `connection id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/connection:Connection test_connection dxcon-ffre0ec3\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the connection.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the physical connection terminates.\n" + }, + "bandwidth": { + "type": "string", + "description": "The bandwidth of the connection. Valid values for dedicated connections: 1Gbps, 10Gbps. Valid values for hosted connections: 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 1Gbps, 2Gbps, 5Gbps, 10Gbps and 100Gbps. Case sensitive.\n" + }, + "hasLogicalRedundancy": { + "type": "string", + "description": "Indicates whether the connection supports a secondary BGP peer in the same address family (IPv4/IPv6).\n" + }, + "jumboFrameCapable": { + "type": "boolean", + "description": "Boolean value representing if jumbo frames have been enabled for this connection.\n" + }, + "location": { + "type": "string", + "description": "The AWS Direct Connect location where the connection is located. See [DescribeLocations](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DescribeLocations.html) for the list of AWS Direct Connect locations. Use `locationCode`.\n" + }, + "name": { + "type": "string", + "description": "The name of the connection.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "awsDevice", + "bandwidth", + "hasLogicalRedundancy", + "jumboFrameCapable", + "location", + "name", + "tagsAll" + ], + "inputProperties": { + "bandwidth": { + "type": "string", + "description": "The bandwidth of the connection. Valid values for dedicated connections: 1Gbps, 10Gbps. Valid values for hosted connections: 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 1Gbps, 2Gbps, 5Gbps, 10Gbps and 100Gbps. Case sensitive.\n" + }, + "location": { + "type": "string", + "description": "The AWS Direct Connect location where the connection is located. See [DescribeLocations](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DescribeLocations.html) for the list of AWS Direct Connect locations. Use `locationCode`.\n" + }, + "name": { + "type": "string", + "description": "The name of the connection.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "bandwidth", + "location" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Connection resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the connection.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the physical connection terminates.\n" + }, + "bandwidth": { + "type": "string", + "description": "The bandwidth of the connection. Valid values for dedicated connections: 1Gbps, 10Gbps. Valid values for hosted connections: 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 1Gbps, 2Gbps, 5Gbps, 10Gbps and 100Gbps. Case sensitive.\n" + }, + "hasLogicalRedundancy": { + "type": "string", + "description": "Indicates whether the connection supports a secondary BGP peer in the same address family (IPv4/IPv6).\n" + }, + "jumboFrameCapable": { + "type": "boolean", + "description": "Boolean value representing if jumbo frames have been enabled for this connection.\n" + }, + "location": { + "type": "string", + "description": "The AWS Direct Connect location where the connection is located. See [DescribeLocations](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DescribeLocations.html) for the list of AWS Direct Connect locations. Use `locationCode`.\n" + }, + "name": { + "type": "string", + "description": "The name of the connection.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/connectionAssociation:ConnectionAssociation": { + "description": "Associates a Direct Connect Connection with a LAG.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleConnection = new aws.directconnect.Connection(\"exampleConnection\", {\n bandwidth: \"1Gbps\",\n location: \"EqSe2-EQ\",\n});\nconst exampleLinkAggregationGroup = new aws.directconnect.LinkAggregationGroup(\"exampleLinkAggregationGroup\", {\n connectionsBandwidth: \"1Gbps\",\n location: \"EqSe2-EQ\",\n});\nconst exampleConnectionAssociation = new aws.directconnect.ConnectionAssociation(\"exampleConnectionAssociation\", {\n connectionId: exampleConnection.id,\n lagId: exampleLinkAggregationGroup.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_connection = aws.directconnect.Connection(\"exampleConnection\",\n bandwidth=\"1Gbps\",\n location=\"EqSe2-EQ\")\nexample_link_aggregation_group = aws.directconnect.LinkAggregationGroup(\"exampleLinkAggregationGroup\",\n connections_bandwidth=\"1Gbps\",\n location=\"EqSe2-EQ\")\nexample_connection_association = aws.directconnect.ConnectionAssociation(\"exampleConnectionAssociation\",\n connection_id=example_connection.id,\n lag_id=example_link_aggregation_group.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleConnection = new Aws.DirectConnect.Connection(\"exampleConnection\", new Aws.DirectConnect.ConnectionArgs\n {\n Bandwidth = \"1Gbps\",\n Location = \"EqSe2-EQ\",\n });\n var exampleLinkAggregationGroup = new Aws.DirectConnect.LinkAggregationGroup(\"exampleLinkAggregationGroup\", new Aws.DirectConnect.LinkAggregationGroupArgs\n {\n ConnectionsBandwidth = \"1Gbps\",\n Location = \"EqSe2-EQ\",\n });\n var exampleConnectionAssociation = new Aws.DirectConnect.ConnectionAssociation(\"exampleConnectionAssociation\", new Aws.DirectConnect.ConnectionAssociationArgs\n {\n ConnectionId = exampleConnection.Id,\n LagId = exampleLinkAggregationGroup.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleConnection, err := directconnect.NewConnection(ctx, \"exampleConnection\", &directconnect.ConnectionArgs{\n\t\t\tBandwidth: pulumi.String(\"1Gbps\"),\n\t\t\tLocation: pulumi.String(\"EqSe2-EQ\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLinkAggregationGroup, err := directconnect.NewLinkAggregationGroup(ctx, \"exampleLinkAggregationGroup\", &directconnect.LinkAggregationGroupArgs{\n\t\t\tConnectionsBandwidth: pulumi.String(\"1Gbps\"),\n\t\t\tLocation: pulumi.String(\"EqSe2-EQ\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewConnectionAssociation(ctx, \"exampleConnectionAssociation\", &directconnect.ConnectionAssociationArgs{\n\t\t\tConnectionId: exampleConnection.ID(),\n\t\t\tLagId: exampleLinkAggregationGroup.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "connectionId": { + "type": "string", + "description": "The ID of the connection.\n" + }, + "lagId": { + "type": "string", + "description": "The ID of the LAG with which to associate the connection.\n" + } + }, + "required": [ + "connectionId", + "lagId" + ], + "inputProperties": { + "connectionId": { + "type": "string", + "description": "The ID of the connection.\n" + }, + "lagId": { + "type": "string", + "description": "The ID of the LAG with which to associate the connection.\n" + } + }, + "requiredInputs": [ + "connectionId", + "lagId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ConnectionAssociation resources.\n", + "properties": { + "connectionId": { + "type": "string", + "description": "The ID of the connection.\n" + }, + "lagId": { + "type": "string", + "description": "The ID of the LAG with which to associate the connection.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/gateway:Gateway": { + "description": "Provides a Direct Connect Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.directconnect.Gateway(\"example\", {\n amazonSideAsn: \"64512\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.directconnect.Gateway(\"example\", amazon_side_asn=\"64512\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DirectConnect.Gateway(\"example\", new Aws.DirectConnect.GatewayArgs\n {\n AmazonSideAsn = \"64512\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.NewGateway(ctx, \"example\", &directconnect.GatewayArgs{\n\t\t\tAmazonSideAsn: pulumi.String(\"64512\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect Gateways can be imported using the `gateway id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/gateway:Gateway test abcd1234-dcba-5678-be23-cdef9876ab45\n```\n\n ", + "properties": { + "amazonSideAsn": { + "type": "string", + "description": "The ASN to be configured on the Amazon side of the connection. The ASN must be in the private range of 64,512 to 65,534 or 4,200,000,000 to 4,294,967,294.\n" + }, + "name": { + "type": "string", + "description": "The name of the connection.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "AWS Account ID of the gateway.\n" + } + }, + "required": [ + "amazonSideAsn", + "name", + "ownerAccountId" + ], + "inputProperties": { + "amazonSideAsn": { + "type": "string", + "description": "The ASN to be configured on the Amazon side of the connection. The ASN must be in the private range of 64,512 to 65,534 or 4,200,000,000 to 4,294,967,294.\n" + }, + "name": { + "type": "string", + "description": "The name of the connection.\n" + } + }, + "requiredInputs": [ + "amazonSideAsn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Gateway resources.\n", + "properties": { + "amazonSideAsn": { + "type": "string", + "description": "The ASN to be configured on the Amazon side of the connection. The ASN must be in the private range of 64,512 to 65,534 or 4,200,000,000 to 4,294,967,294.\n" + }, + "name": { + "type": "string", + "description": "The name of the connection.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "AWS Account ID of the gateway.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/gatewayAssociation:GatewayAssociation": { + "description": "Associates a Direct Connect Gateway with a VGW or transit gateway.\n\nTo create a cross-account association, create an `aws.directconnect.GatewayAssociationProposal` resource\nin the AWS account that owns the VGW or transit gateway and then accept the proposal in the AWS account that owns the Direct Connect Gateway\nby creating an `aws.directconnect.GatewayAssociation` resource with the `proposal_id` and `associated_gateway_owner_account_id` attributes set.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### VPN Gateway Association\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGateway = new aws.directconnect.Gateway(\"exampleGateway\", {amazonSideAsn: \"64512\"});\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {cidrBlock: \"10.255.255.0/28\"});\nconst exampleVpnGateway = new aws.ec2.VpnGateway(\"exampleVpnGateway\", {vpcId: exampleVpc.id});\nconst exampleGatewayAssociation = new aws.directconnect.GatewayAssociation(\"exampleGatewayAssociation\", {\n dxGatewayId: exampleGateway.id,\n associatedGatewayId: exampleVpnGateway.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_gateway = aws.directconnect.Gateway(\"exampleGateway\", amazon_side_asn=\"64512\")\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\", cidr_block=\"10.255.255.0/28\")\nexample_vpn_gateway = aws.ec2.VpnGateway(\"exampleVpnGateway\", vpc_id=example_vpc.id)\nexample_gateway_association = aws.directconnect.GatewayAssociation(\"exampleGatewayAssociation\",\n dx_gateway_id=example_gateway.id,\n associated_gateway_id=example_vpn_gateway.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleGateway = new Aws.DirectConnect.Gateway(\"exampleGateway\", new Aws.DirectConnect.GatewayArgs\n {\n AmazonSideAsn = \"64512\",\n });\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.255.255.0/28\",\n });\n var exampleVpnGateway = new Aws.Ec2.VpnGateway(\"exampleVpnGateway\", new Aws.Ec2.VpnGatewayArgs\n {\n VpcId = exampleVpc.Id,\n });\n var exampleGatewayAssociation = new Aws.DirectConnect.GatewayAssociation(\"exampleGatewayAssociation\", new Aws.DirectConnect.GatewayAssociationArgs\n {\n DxGatewayId = exampleGateway.Id,\n AssociatedGatewayId = exampleVpnGateway.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleGateway, err := directconnect.NewGateway(ctx, \"exampleGateway\", &directconnect.GatewayArgs{\n\t\t\tAmazonSideAsn: pulumi.String(\"64512\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.255.255.0/28\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpnGateway, err := ec2.NewVpnGateway(ctx, \"exampleVpnGateway\", &ec2.VpnGatewayArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewGatewayAssociation(ctx, \"exampleGatewayAssociation\", &directconnect.GatewayAssociationArgs{\n\t\t\tDxGatewayId: exampleGateway.ID(),\n\t\t\tAssociatedGatewayId: exampleVpnGateway.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Transit Gateway Association\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGateway = new aws.directconnect.Gateway(\"exampleGateway\", {amazonSideAsn: \"64512\"});\nconst exampleTransitGateway = new aws.ec2transitgateway.TransitGateway(\"exampleTransitGateway\", {});\nconst exampleGatewayAssociation = new aws.directconnect.GatewayAssociation(\"exampleGatewayAssociation\", {\n dxGatewayId: exampleGateway.id,\n associatedGatewayId: exampleTransitGateway.id,\n allowedPrefixes: [\n \"10.255.255.0/30\",\n \"10.255.255.8/30\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_gateway = aws.directconnect.Gateway(\"exampleGateway\", amazon_side_asn=\"64512\")\nexample_transit_gateway = aws.ec2transitgateway.TransitGateway(\"exampleTransitGateway\")\nexample_gateway_association = aws.directconnect.GatewayAssociation(\"exampleGatewayAssociation\",\n dx_gateway_id=example_gateway.id,\n associated_gateway_id=example_transit_gateway.id,\n allowed_prefixes=[\n \"10.255.255.0/30\",\n \"10.255.255.8/30\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleGateway = new Aws.DirectConnect.Gateway(\"exampleGateway\", new Aws.DirectConnect.GatewayArgs\n {\n AmazonSideAsn = \"64512\",\n });\n var exampleTransitGateway = new Aws.Ec2TransitGateway.TransitGateway(\"exampleTransitGateway\", new Aws.Ec2TransitGateway.TransitGatewayArgs\n {\n });\n var exampleGatewayAssociation = new Aws.DirectConnect.GatewayAssociation(\"exampleGatewayAssociation\", new Aws.DirectConnect.GatewayAssociationArgs\n {\n DxGatewayId = exampleGateway.Id,\n AssociatedGatewayId = exampleTransitGateway.Id,\n AllowedPrefixes = \n {\n \"10.255.255.0/30\",\n \"10.255.255.8/30\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleGateway, err := directconnect.NewGateway(ctx, \"exampleGateway\", &directconnect.GatewayArgs{\n\t\t\tAmazonSideAsn: pulumi.String(\"64512\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTransitGateway, err := ec2transitgateway.NewTransitGateway(ctx, \"exampleTransitGateway\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewGatewayAssociation(ctx, \"exampleGatewayAssociation\", &directconnect.GatewayAssociationArgs{\n\t\t\tDxGatewayId: exampleGateway.ID(),\n\t\t\tAssociatedGatewayId: exampleTransitGateway.ID(),\n\t\t\tAllowedPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.255.255.0/30\"),\n\t\t\t\tpulumi.String(\"10.255.255.8/30\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Allowed Prefixes\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGateway = new aws.directconnect.Gateway(\"exampleGateway\", {amazonSideAsn: \"64512\"});\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {cidrBlock: \"10.255.255.0/28\"});\nconst exampleVpnGateway = new aws.ec2.VpnGateway(\"exampleVpnGateway\", {vpcId: exampleVpc.id});\nconst exampleGatewayAssociation = new aws.directconnect.GatewayAssociation(\"exampleGatewayAssociation\", {\n dxGatewayId: exampleGateway.id,\n associatedGatewayId: exampleVpnGateway.id,\n allowedPrefixes: [\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_gateway = aws.directconnect.Gateway(\"exampleGateway\", amazon_side_asn=\"64512\")\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\", cidr_block=\"10.255.255.0/28\")\nexample_vpn_gateway = aws.ec2.VpnGateway(\"exampleVpnGateway\", vpc_id=example_vpc.id)\nexample_gateway_association = aws.directconnect.GatewayAssociation(\"exampleGatewayAssociation\",\n dx_gateway_id=example_gateway.id,\n associated_gateway_id=example_vpn_gateway.id,\n allowed_prefixes=[\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleGateway = new Aws.DirectConnect.Gateway(\"exampleGateway\", new Aws.DirectConnect.GatewayArgs\n {\n AmazonSideAsn = \"64512\",\n });\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.255.255.0/28\",\n });\n var exampleVpnGateway = new Aws.Ec2.VpnGateway(\"exampleVpnGateway\", new Aws.Ec2.VpnGatewayArgs\n {\n VpcId = exampleVpc.Id,\n });\n var exampleGatewayAssociation = new Aws.DirectConnect.GatewayAssociation(\"exampleGatewayAssociation\", new Aws.DirectConnect.GatewayAssociationArgs\n {\n DxGatewayId = exampleGateway.Id,\n AssociatedGatewayId = exampleVpnGateway.Id,\n AllowedPrefixes = \n {\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleGateway, err := directconnect.NewGateway(ctx, \"exampleGateway\", &directconnect.GatewayArgs{\n\t\t\tAmazonSideAsn: pulumi.String(\"64512\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.255.255.0/28\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpnGateway, err := ec2.NewVpnGateway(ctx, \"exampleVpnGateway\", &ec2.VpnGatewayArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewGatewayAssociation(ctx, \"exampleGatewayAssociation\", &directconnect.GatewayAssociationArgs{\n\t\t\tDxGatewayId: exampleGateway.ID(),\n\t\t\tAssociatedGatewayId: exampleVpnGateway.ID(),\n\t\t\tAllowedPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"210.52.109.0/24\"),\n\t\t\t\tpulumi.String(\"175.45.176.0/22\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect gateway associations can be imported using `dx_gateway_id` together with `associated_gateway_id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/gatewayAssociation:GatewayAssociation example 345508c3-7215-4aef-9832-07c125d5bd0f/vgw-98765432\n```\n\n ", + "properties": { + "allowedPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured.\n" + }, + "associatedGatewayId": { + "type": "string", + "description": "The ID of the VGW or transit gateway with which to associate the Direct Connect gateway.\nUsed for single account Direct Connect gateway associations.\n" + }, + "associatedGatewayOwnerAccountId": { + "type": "string", + "description": "The ID of the AWS account that owns the VGW or transit gateway with which to associate the Direct Connect gateway.\nUsed for cross-account Direct Connect gateway associations.\n" + }, + "associatedGatewayType": { + "type": "string", + "description": "The type of the associated gateway, `transitGateway` or `virtualPrivateGateway`.\n" + }, + "dxGatewayAssociationId": { + "type": "string", + "description": "The ID of the Direct Connect gateway association.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway.\n" + }, + "dxGatewayOwnerAccountId": { + "type": "string", + "description": "The ID of the AWS account that owns the Direct Connect gateway.\n" + }, + "proposalId": { + "type": "string", + "description": "The ID of the Direct Connect gateway association proposal.\nUsed for cross-account Direct Connect gateway associations.\n" + }, + "vpnGatewayId": { + "type": "string", + "deprecationMessage": "use 'associated_gateway_id' argument instead" + } + }, + "required": [ + "allowedPrefixes", + "associatedGatewayId", + "associatedGatewayOwnerAccountId", + "associatedGatewayType", + "dxGatewayAssociationId", + "dxGatewayId", + "dxGatewayOwnerAccountId" + ], + "inputProperties": { + "allowedPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured.\n" + }, + "associatedGatewayId": { + "type": "string", + "description": "The ID of the VGW or transit gateway with which to associate the Direct Connect gateway.\nUsed for single account Direct Connect gateway associations.\n" + }, + "associatedGatewayOwnerAccountId": { + "type": "string", + "description": "The ID of the AWS account that owns the VGW or transit gateway with which to associate the Direct Connect gateway.\nUsed for cross-account Direct Connect gateway associations.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway.\n" + }, + "proposalId": { + "type": "string", + "description": "The ID of the Direct Connect gateway association proposal.\nUsed for cross-account Direct Connect gateway associations.\n" + }, + "vpnGatewayId": { + "type": "string", + "deprecationMessage": "use 'associated_gateway_id' argument instead" + } + }, + "requiredInputs": [ + "dxGatewayId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GatewayAssociation resources.\n", + "properties": { + "allowedPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured.\n" + }, + "associatedGatewayId": { + "type": "string", + "description": "The ID of the VGW or transit gateway with which to associate the Direct Connect gateway.\nUsed for single account Direct Connect gateway associations.\n" + }, + "associatedGatewayOwnerAccountId": { + "type": "string", + "description": "The ID of the AWS account that owns the VGW or transit gateway with which to associate the Direct Connect gateway.\nUsed for cross-account Direct Connect gateway associations.\n" + }, + "associatedGatewayType": { + "type": "string", + "description": "The type of the associated gateway, `transitGateway` or `virtualPrivateGateway`.\n" + }, + "dxGatewayAssociationId": { + "type": "string", + "description": "The ID of the Direct Connect gateway association.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway.\n" + }, + "dxGatewayOwnerAccountId": { + "type": "string", + "description": "The ID of the AWS account that owns the Direct Connect gateway.\n" + }, + "proposalId": { + "type": "string", + "description": "The ID of the Direct Connect gateway association proposal.\nUsed for cross-account Direct Connect gateway associations.\n" + }, + "vpnGatewayId": { + "type": "string", + "deprecationMessage": "use 'associated_gateway_id' argument instead" + } + }, + "type": "object" + } + }, + "aws:directconnect/gatewayAssociationProposal:GatewayAssociationProposal": { + "description": "Manages a Direct Connect Gateway Association Proposal, typically for enabling cross-account associations. For single account associations, see the `aws.directconnect.GatewayAssociation` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.directconnect.GatewayAssociationProposal(\"example\", {\n dxGatewayId: aws_dx_gateway.example.id,\n dxGatewayOwnerAccountId: aws_dx_gateway.example.owner_account_id,\n associatedGatewayId: aws_vpn_gateway.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.directconnect.GatewayAssociationProposal(\"example\",\n dx_gateway_id=aws_dx_gateway[\"example\"][\"id\"],\n dx_gateway_owner_account_id=aws_dx_gateway[\"example\"][\"owner_account_id\"],\n associated_gateway_id=aws_vpn_gateway[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DirectConnect.GatewayAssociationProposal(\"example\", new Aws.DirectConnect.GatewayAssociationProposalArgs\n {\n DxGatewayId = aws_dx_gateway.Example.Id,\n DxGatewayOwnerAccountId = aws_dx_gateway.Example.Owner_account_id,\n AssociatedGatewayId = aws_vpn_gateway.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.NewGatewayAssociationProposal(ctx, \"example\", &directconnect.GatewayAssociationProposalArgs{\n\t\t\tDxGatewayId: pulumi.Any(aws_dx_gateway.Example.Id),\n\t\t\tDxGatewayOwnerAccountId: pulumi.Any(aws_dx_gateway.Example.Owner_account_id),\n\t\t\tAssociatedGatewayId: pulumi.Any(aws_vpn_gateway.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect Gateway Association Proposals can be imported using either a proposal ID or proposal ID, Direct Connect Gateway ID and associated gateway ID separated by `/`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/gatewayAssociationProposal:GatewayAssociationProposal example ac90e981-b718-4364-872d-65478c84fafe\n```\n\n or\n\n```sh\n $ pulumi import aws:directconnect/gatewayAssociationProposal:GatewayAssociationProposal example ac90e981-b718-4364-872d-65478c84fafe/abcd1234-dcba-5678-be23-cdef9876ab45/vgw-12345678\n```\n\n The latter case is useful when a previous proposal has been accepted and deleted by AWS. The `aws_dx_gateway_association_proposal` resource will then represent a pseudo-proposal for the same Direct Connect Gateway and associated gateway. If no previous proposal is available, use a tool like [`uuidgen`](http://manpages.ubuntu.com/manpages/bionic/man1/uuidgen.1.html) to generate a new random pseudo-proposal ID. ", + "properties": { + "allowedPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured.\n" + }, + "associatedGatewayId": { + "type": "string", + "description": "The ID of the VGW or transit gateway with which to associate the Direct Connect gateway.\n" + }, + "associatedGatewayOwnerAccountId": { + "type": "string", + "description": "The ID of the AWS account that owns the VGW or transit gateway with which to associate the Direct Connect gateway.\n" + }, + "associatedGatewayType": { + "type": "string", + "description": "The type of the associated gateway, `transitGateway` or `virtualPrivateGateway`.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "Direct Connect Gateway identifier.\n" + }, + "dxGatewayOwnerAccountId": { + "type": "string", + "description": "AWS Account identifier of the Direct Connect Gateway's owner.\n" + } + }, + "required": [ + "allowedPrefixes", + "associatedGatewayId", + "associatedGatewayOwnerAccountId", + "associatedGatewayType", + "dxGatewayId", + "dxGatewayOwnerAccountId" + ], + "inputProperties": { + "allowedPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured.\n" + }, + "associatedGatewayId": { + "type": "string", + "description": "The ID of the VGW or transit gateway with which to associate the Direct Connect gateway.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "Direct Connect Gateway identifier.\n" + }, + "dxGatewayOwnerAccountId": { + "type": "string", + "description": "AWS Account identifier of the Direct Connect Gateway's owner.\n" + } + }, + "requiredInputs": [ + "associatedGatewayId", + "dxGatewayId", + "dxGatewayOwnerAccountId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GatewayAssociationProposal resources.\n", + "properties": { + "allowedPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "VPC prefixes (CIDRs) to advertise to the Direct Connect gateway. Defaults to the CIDR block of the VPC associated with the Virtual Gateway. To enable drift detection, must be configured.\n" + }, + "associatedGatewayId": { + "type": "string", + "description": "The ID of the VGW or transit gateway with which to associate the Direct Connect gateway.\n" + }, + "associatedGatewayOwnerAccountId": { + "type": "string", + "description": "The ID of the AWS account that owns the VGW or transit gateway with which to associate the Direct Connect gateway.\n" + }, + "associatedGatewayType": { + "type": "string", + "description": "The type of the associated gateway, `transitGateway` or `virtualPrivateGateway`.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "Direct Connect Gateway identifier.\n" + }, + "dxGatewayOwnerAccountId": { + "type": "string", + "description": "AWS Account identifier of the Direct Connect Gateway's owner.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/hostedPrivateVirtualInterface:HostedPrivateVirtualInterface": { + "description": "Provides a Direct Connect hosted private virtual interface resource. This resource represents the allocator's side of the hosted virtual interface.\nA hosted virtual interface is a virtual interface that is owned by another AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.directconnect.HostedPrivateVirtualInterface(\"foo\", {\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n connectionId: \"dxcon-zzzzzzzz\",\n vlan: 4094,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.directconnect.HostedPrivateVirtualInterface(\"foo\",\n address_family=\"ipv4\",\n bgp_asn=65352,\n connection_id=\"dxcon-zzzzzzzz\",\n vlan=4094)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.DirectConnect.HostedPrivateVirtualInterface(\"foo\", new Aws.DirectConnect.HostedPrivateVirtualInterfaceArgs\n {\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n ConnectionId = \"dxcon-zzzzzzzz\",\n Vlan = 4094,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.NewHostedPrivateVirtualInterface(ctx, \"foo\", &directconnect.HostedPrivateVirtualInterfaceArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect hosted private virtual interfaces can be imported using the `vif id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/hostedPrivateVirtualInterface:HostedPrivateVirtualInterface test dxvif-33cc44dd\n```\n\n ", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "jumboFrameCapable": { + "type": "boolean", + "description": "Indicates whether jumbo frames (9001 MTU) are supported.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a virtual private interface can be either `1500` or `9001` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "The AWS account that will own the new virtual interface.\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "required": [ + "addressFamily", + "amazonAddress", + "amazonSideAsn", + "arn", + "awsDevice", + "bgpAsn", + "bgpAuthKey", + "connectionId", + "customerAddress", + "jumboFrameCapable", + "name", + "ownerAccountId", + "vlan" + ], + "inputProperties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a virtual private interface can be either `1500` or `9001` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "The AWS account that will own the new virtual interface.\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "requiredInputs": [ + "addressFamily", + "bgpAsn", + "connectionId", + "ownerAccountId", + "vlan" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering HostedPrivateVirtualInterface resources.\n", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "jumboFrameCapable": { + "type": "boolean", + "description": "Indicates whether jumbo frames (9001 MTU) are supported.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a virtual private interface can be either `1500` or `9001` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "The AWS account that will own the new virtual interface.\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/hostedPrivateVirtualInterfaceAccepter:HostedPrivateVirtualInterfaceAccepter": { + "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted private virtual interface.\nThis resource accepts ownership of a private virtual interface created by another AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst accepterCallerIdentity = aws.getCallerIdentity({});\n// Accepter's side of the VIF.\nconst vpnGw = new aws.ec2.VpnGateway(\"vpnGw\", {}, {\n provider: aws.accepter,\n});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedPrivateVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepterCallerIdentity.then(accepterCallerIdentity => accepterCallerIdentity.accountId),\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n}, {\n dependsOn: [vpnGw],\n});\nconst accepterHostedPrivateVirtualInterfaceAccepter = new aws.directconnect.HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\", {\n virtualInterfaceId: creator.id,\n vpnGatewayId: vpnGw.id,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\naccepter = pulumi.providers.Aws(\"accepter\")\n# Accepter's credentials.\naccepter_caller_identity = aws.get_caller_identity()\n# Accepter's side of the VIF.\nvpn_gw = aws.ec2.VpnGateway(\"vpnGw\", opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedPrivateVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter_caller_identity.account_id,\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n opts=pulumi.ResourceOptions(depends_on=[vpn_gw]))\naccepter_hosted_private_virtual_interface_accepter = aws.directconnect.HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\",\n virtual_interface_id=creator.id,\n vpn_gateway_id=vpn_gw.id,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var accepter = new Aws.Provider(\"accepter\", new Aws.ProviderArgs\n {\n });\n // Accepter's credentials.\n var accepterCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n // Accepter's side of the VIF.\n var vpnGw = new Aws.Ec2.VpnGateway(\"vpnGw\", new Aws.Ec2.VpnGatewayArgs\n {\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedPrivateVirtualInterface(\"creator\", new Aws.DirectConnect.HostedPrivateVirtualInterfaceArgs\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepterCallerIdentity.Apply(accepterCallerIdentity => accepterCallerIdentity.AccountId),\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n vpnGw,\n },\n });\n var accepterHostedPrivateVirtualInterfaceAccepter = new Aws.DirectConnect.HostedPrivateVirtualInterfaceAccepter(\"accepterHostedPrivateVirtualInterfaceAccepter\", new Aws.DirectConnect.HostedPrivateVirtualInterfaceAccepterArgs\n {\n VirtualInterfaceId = creator.Id,\n VpnGatewayId = vpnGw.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccepterCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnGw, err := ec2.NewVpnGateway(ctx, \"vpnGw\", nil, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcreator, err := directconnect.NewHostedPrivateVirtualInterface(ctx, \"creator\", &directconnect.HostedPrivateVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: pulumi.String(accepterCallerIdentity.AccountId),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tvpnGw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedPrivateVirtualInterfaceAccepter(ctx, \"accepterHostedPrivateVirtualInterfaceAccepter\", &directconnect.HostedPrivateVirtualInterfaceAccepterArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tVpnGatewayId: vpnGw.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect hosted private virtual interfaces can be imported using the `vif id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/hostedPrivateVirtualInterfaceAccepter:HostedPrivateVirtualInterfaceAccepter test dxvif-33cc44dd\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface to accept.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the virtual private gateway to which to connect the virtual interface.\n" + } + }, + "required": [ + "arn", + "tagsAll", + "virtualInterfaceId" + ], + "inputProperties": { + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface to accept.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the virtual private gateway to which to connect the virtual interface.\n" + } + }, + "requiredInputs": [ + "virtualInterfaceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering HostedPrivateVirtualInterfaceAccepter resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface to accept.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the virtual private gateway to which to connect the virtual interface.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/hostedPublicVirtualInterface:HostedPublicVirtualInterface": { + "description": "Provides a Direct Connect hosted public virtual interface resource. This resource represents the allocator's side of the hosted virtual interface.\nA hosted virtual interface is a virtual interface that is owned by another AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.directconnect.HostedPublicVirtualInterface(\"foo\", {\n addressFamily: \"ipv4\",\n amazonAddress: \"175.45.176.2/30\",\n bgpAsn: 65352,\n connectionId: \"dxcon-zzzzzzzz\",\n customerAddress: \"175.45.176.1/30\",\n routeFilterPrefixes: [\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ],\n vlan: 4094,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.directconnect.HostedPublicVirtualInterface(\"foo\",\n address_family=\"ipv4\",\n amazon_address=\"175.45.176.2/30\",\n bgp_asn=65352,\n connection_id=\"dxcon-zzzzzzzz\",\n customer_address=\"175.45.176.1/30\",\n route_filter_prefixes=[\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ],\n vlan=4094)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.DirectConnect.HostedPublicVirtualInterface(\"foo\", new Aws.DirectConnect.HostedPublicVirtualInterfaceArgs\n {\n AddressFamily = \"ipv4\",\n AmazonAddress = \"175.45.176.2/30\",\n BgpAsn = 65352,\n ConnectionId = \"dxcon-zzzzzzzz\",\n CustomerAddress = \"175.45.176.1/30\",\n RouteFilterPrefixes = \n {\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n },\n Vlan = 4094,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.NewHostedPublicVirtualInterface(ctx, \"foo\", &directconnect.HostedPublicVirtualInterfaceArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tAmazonAddress: pulumi.String(\"175.45.176.2/30\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tCustomerAddress: pulumi.String(\"175.45.176.1/30\"),\n\t\t\tRouteFilterPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"210.52.109.0/24\"),\n\t\t\t\tpulumi.String(\"175.45.176.0/22\"),\n\t\t\t},\n\t\t\tVlan: pulumi.Int(4094),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect hosted public virtual interfaces can be imported using the `vif id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/hostedPublicVirtualInterface:HostedPublicVirtualInterface test dxvif-33cc44dd\n```\n\n ", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "The AWS account that will own the new virtual interface.\n" + }, + "routeFilterPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of routes to be advertised to the AWS network in this region.\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "required": [ + "addressFamily", + "amazonAddress", + "amazonSideAsn", + "arn", + "awsDevice", + "bgpAsn", + "bgpAuthKey", + "connectionId", + "customerAddress", + "name", + "ownerAccountId", + "routeFilterPrefixes", + "vlan" + ], + "inputProperties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "The AWS account that will own the new virtual interface.\n" + }, + "routeFilterPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of routes to be advertised to the AWS network in this region.\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "requiredInputs": [ + "addressFamily", + "bgpAsn", + "connectionId", + "ownerAccountId", + "routeFilterPrefixes", + "vlan" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering HostedPublicVirtualInterface resources.\n", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "The AWS account that will own the new virtual interface.\n" + }, + "routeFilterPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of routes to be advertised to the AWS network in this region.\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/hostedPublicVirtualInterfaceAccepter:HostedPublicVirtualInterfaceAccepter": { + "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted public virtual interface.\nThis resource accepts ownership of a public virtual interface created by another AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst accepterCallerIdentity = aws.getCallerIdentity({});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedPublicVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepterCallerIdentity.then(accepterCallerIdentity => accepterCallerIdentity.accountId),\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n customerAddress: \"175.45.176.1/30\",\n amazonAddress: \"175.45.176.2/30\",\n routeFilterPrefixes: [\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ],\n});\n// Accepter's side of the VIF.\nconst accepterHostedPublicVirtualInterfaceAccepter = new aws.directconnect.HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\", {\n virtualInterfaceId: creator.id,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\naccepter = pulumi.providers.Aws(\"accepter\")\n# Accepter's credentials.\naccepter_caller_identity = aws.get_caller_identity()\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedPublicVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter_caller_identity.account_id,\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n customer_address=\"175.45.176.1/30\",\n amazon_address=\"175.45.176.2/30\",\n route_filter_prefixes=[\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ])\n# Accepter's side of the VIF.\naccepter_hosted_public_virtual_interface_accepter = aws.directconnect.HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\",\n virtual_interface_id=creator.id,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var accepter = new Aws.Provider(\"accepter\", new Aws.ProviderArgs\n {\n });\n // Accepter's credentials.\n var accepterCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedPublicVirtualInterface(\"creator\", new Aws.DirectConnect.HostedPublicVirtualInterfaceArgs\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepterCallerIdentity.Apply(accepterCallerIdentity => accepterCallerIdentity.AccountId),\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n CustomerAddress = \"175.45.176.1/30\",\n AmazonAddress = \"175.45.176.2/30\",\n RouteFilterPrefixes = \n {\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n },\n });\n // Accepter's side of the VIF.\n var accepterHostedPublicVirtualInterfaceAccepter = new Aws.DirectConnect.HostedPublicVirtualInterfaceAccepter(\"accepterHostedPublicVirtualInterfaceAccepter\", new Aws.DirectConnect.HostedPublicVirtualInterfaceAccepterArgs\n {\n VirtualInterfaceId = creator.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccepterCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcreator, err := directconnect.NewHostedPublicVirtualInterface(ctx, \"creator\", &directconnect.HostedPublicVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: pulumi.String(accepterCallerIdentity.AccountId),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t\tCustomerAddress: pulumi.String(\"175.45.176.1/30\"),\n\t\t\tAmazonAddress: pulumi.String(\"175.45.176.2/30\"),\n\t\t\tRouteFilterPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"210.52.109.0/24\"),\n\t\t\t\tpulumi.String(\"175.45.176.0/22\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedPublicVirtualInterfaceAccepter(ctx, \"accepterHostedPublicVirtualInterfaceAccepter\", &directconnect.HostedPublicVirtualInterfaceAccepterArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect hosted public virtual interfaces can be imported using the `vif id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/hostedPublicVirtualInterfaceAccepter:HostedPublicVirtualInterfaceAccepter test dxvif-33cc44dd\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface to accept.\n" + } + }, + "required": [ + "arn", + "tagsAll", + "virtualInterfaceId" + ], + "inputProperties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface to accept.\n" + } + }, + "requiredInputs": [ + "virtualInterfaceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering HostedPublicVirtualInterfaceAccepter resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface to accept.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/hostedTransitVirtualInterface:HostedTransitVirtualInterface": { + "description": "Provides a Direct Connect hosted transit virtual interface resource.\nThis resource represents the allocator's side of the hosted virtual interface.\nA hosted virtual interface is a virtual interface that is owned by another AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.directconnect.HostedTransitVirtualInterface(\"example\", {\n connectionId: aws_dx_connection.example.id,\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.directconnect.HostedTransitVirtualInterface(\"example\",\n connection_id=aws_dx_connection[\"example\"][\"id\"],\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DirectConnect.HostedTransitVirtualInterface(\"example\", new Aws.DirectConnect.HostedTransitVirtualInterfaceArgs\n {\n ConnectionId = aws_dx_connection.Example.Id,\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.NewHostedTransitVirtualInterface(ctx, \"example\", &directconnect.HostedTransitVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.Any(aws_dx_connection.Example.Id),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect hosted transit virtual interfaces can be imported using the `vif id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/hostedTransitVirtualInterface:HostedTransitVirtualInterface test dxvif-33cc44dd\n```\n\n ", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "jumboFrameCapable": { + "type": "boolean", + "description": "Indicates whether jumbo frames (8500 MTU) are supported.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a virtual transit interface can be either `1500` or `8500` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "The AWS account that will own the new virtual interface.\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "required": [ + "addressFamily", + "amazonAddress", + "amazonSideAsn", + "arn", + "awsDevice", + "bgpAsn", + "bgpAuthKey", + "connectionId", + "customerAddress", + "jumboFrameCapable", + "name", + "ownerAccountId", + "vlan" + ], + "inputProperties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a virtual transit interface can be either `1500` or `8500` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "The AWS account that will own the new virtual interface.\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "requiredInputs": [ + "addressFamily", + "bgpAsn", + "connectionId", + "ownerAccountId", + "vlan" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering HostedTransitVirtualInterface resources.\n", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "jumboFrameCapable": { + "type": "boolean", + "description": "Indicates whether jumbo frames (8500 MTU) are supported.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection. The MTU of a virtual transit interface can be either `1500` or `8500` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "The AWS account that will own the new virtual interface.\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/hostedTransitVirtualInterfaceAcceptor:HostedTransitVirtualInterfaceAcceptor": { + "description": "Provides a resource to manage the accepter's side of a Direct Connect hosted transit virtual interface.\nThis resource accepts ownership of a transit virtual interface created by another AWS account.\n\n> **NOTE:** AWS allows a Direct Connect hosted transit virtual interface to be deleted from either the allocator's or accepter's side. However, this provider only allows the Direct Connect hosted transit virtual interface to be deleted from the allocator's side by removing the corresponding `aws.directconnect.HostedTransitVirtualInterface` resource from your configuration. Removing a `aws.directconnect.HostedTransitVirtualInterfaceAcceptor` resource from your configuration will remove it from your statefile and management, **but will not delete the Direct Connect virtual interface.**\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst accepterCallerIdentity = aws.getCallerIdentity({});\n// Accepter's side of the VIF.\nconst example = new aws.directconnect.Gateway(\"example\", {amazonSideAsn: 64512}, {\n provider: aws.accepter,\n});\n// Creator's side of the VIF\nconst creator = new aws.directconnect.HostedTransitVirtualInterface(\"creator\", {\n connectionId: \"dxcon-zzzzzzzz\",\n ownerAccountId: accepterCallerIdentity.then(accepterCallerIdentity => accepterCallerIdentity.accountId),\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n}, {\n dependsOn: [example],\n});\nconst accepterHostedTransitVirtualInterfaceAcceptor = new aws.directconnect.HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\", {\n virtualInterfaceId: creator.id,\n dxGatewayId: example.id,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\naccepter = pulumi.providers.Aws(\"accepter\")\n# Accepter's credentials.\naccepter_caller_identity = aws.get_caller_identity()\n# Accepter's side of the VIF.\nexample = aws.directconnect.Gateway(\"example\", amazon_side_asn=\"64512\",\nopts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n# Creator's side of the VIF\ncreator = aws.directconnect.HostedTransitVirtualInterface(\"creator\",\n connection_id=\"dxcon-zzzzzzzz\",\n owner_account_id=accepter_caller_identity.account_id,\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352,\n opts=pulumi.ResourceOptions(depends_on=[example]))\naccepter_hosted_transit_virtual_interface_acceptor = aws.directconnect.HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\",\n virtual_interface_id=creator.id,\n dx_gateway_id=example.id,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var accepter = new Aws.Provider(\"accepter\", new Aws.ProviderArgs\n {\n });\n // Accepter's credentials.\n var accepterCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n // Accepter's side of the VIF.\n var example = new Aws.DirectConnect.Gateway(\"example\", new Aws.DirectConnect.GatewayArgs\n {\n AmazonSideAsn = \"64512\",\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n // Creator's side of the VIF\n var creator = new Aws.DirectConnect.HostedTransitVirtualInterface(\"creator\", new Aws.DirectConnect.HostedTransitVirtualInterfaceArgs\n {\n ConnectionId = \"dxcon-zzzzzzzz\",\n OwnerAccountId = accepterCallerIdentity.Apply(accepterCallerIdentity => accepterCallerIdentity.AccountId),\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n example,\n },\n });\n var accepterHostedTransitVirtualInterfaceAcceptor = new Aws.DirectConnect.HostedTransitVirtualInterfaceAcceptor(\"accepterHostedTransitVirtualInterfaceAcceptor\", new Aws.DirectConnect.HostedTransitVirtualInterfaceAcceptorArgs\n {\n VirtualInterfaceId = creator.Id,\n DxGatewayId = example.Id,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccepterCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := directconnect.NewGateway(ctx, \"example\", &directconnect.GatewayArgs{\n\t\t\tAmazonSideAsn: pulumi.String(\"64512\"),\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcreator, err := directconnect.NewHostedTransitVirtualInterface(ctx, \"creator\", &directconnect.HostedTransitVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tOwnerAccountId: pulumi.String(accepterCallerIdentity.AccountId),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewHostedTransitVirtualInterfaceAcceptor(ctx, \"accepterHostedTransitVirtualInterfaceAcceptor\", &directconnect.HostedTransitVirtualInterfaceAcceptorArgs{\n\t\t\tVirtualInterfaceId: creator.ID(),\n\t\t\tDxGatewayId: example.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect hosted transit virtual interfaces can be imported using the `vif id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/hostedTransitVirtualInterfaceAcceptor:HostedTransitVirtualInterfaceAcceptor test dxvif-33cc44dd\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface to accept.\n" + } + }, + "required": [ + "arn", + "dxGatewayId", + "tagsAll", + "virtualInterfaceId" + ], + "inputProperties": { + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface to accept.\n" + } + }, + "requiredInputs": [ + "dxGatewayId", + "virtualInterfaceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering HostedTransitVirtualInterfaceAcceptor resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualInterfaceId": { + "type": "string", + "description": "The ID of the Direct Connect virtual interface to accept.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/linkAggregationGroup:LinkAggregationGroup": { + "description": "Provides a Direct Connect LAG. Connections can be added to the LAG via the `aws.directconnect.Connection` and `aws.directconnect.ConnectionAssociation` resources.\n\n> *NOTE:* When creating a LAG, Direct Connect requires creating a Connection. This provider will remove this unmanaged connection during resource creation.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst hoge = new aws.directconnect.LinkAggregationGroup(\"hoge\", {\n connectionsBandwidth: \"1Gbps\",\n forceDestroy: true,\n location: \"EqDC2\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nhoge = aws.directconnect.LinkAggregationGroup(\"hoge\",\n connections_bandwidth=\"1Gbps\",\n force_destroy=True,\n location=\"EqDC2\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var hoge = new Aws.DirectConnect.LinkAggregationGroup(\"hoge\", new Aws.DirectConnect.LinkAggregationGroupArgs\n {\n ConnectionsBandwidth = \"1Gbps\",\n ForceDestroy = true,\n Location = \"EqDC2\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.NewLinkAggregationGroup(ctx, \"hoge\", &directconnect.LinkAggregationGroupArgs{\n\t\t\tConnectionsBandwidth: pulumi.String(\"1Gbps\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tLocation: pulumi.String(\"EqDC2\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect LAGs can be imported using the `lag id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/linkAggregationGroup:LinkAggregationGroup test_lag dxlag-fgnsp5rq\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the LAG.\n* `jumbo_frame_capable` -Indicates whether jumbo frames (9001 MTU) are supported.\n" + }, + "connectionsBandwidth": { + "type": "string", + "description": "The bandwidth of the individual physical connections bundled by the LAG. Valid values: 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 1Gbps, 2Gbps, 5Gbps, 10Gbps and 100Gbps. Case sensitive.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all connections associated with the LAG should be deleted so that the LAG can be destroyed without error. These objects are *not* recoverable.\n" + }, + "hasLogicalRedundancy": { + "type": "string", + "description": "Indicates whether the LAG supports a secondary BGP peer in the same address family (IPv4/IPv6).\n" + }, + "jumboFrameCapable": { + "type": "boolean" + }, + "location": { + "type": "string", + "description": "The AWS Direct Connect location in which the LAG should be allocated. See [DescribeLocations](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DescribeLocations.html) for the list of AWS Direct Connect locations. Use `locationCode`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LAG.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "connectionsBandwidth", + "hasLogicalRedundancy", + "jumboFrameCapable", + "location", + "name", + "tagsAll" + ], + "inputProperties": { + "connectionsBandwidth": { + "type": "string", + "description": "The bandwidth of the individual physical connections bundled by the LAG. Valid values: 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 1Gbps, 2Gbps, 5Gbps, 10Gbps and 100Gbps. Case sensitive.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all connections associated with the LAG should be deleted so that the LAG can be destroyed without error. These objects are *not* recoverable.\n" + }, + "location": { + "type": "string", + "description": "The AWS Direct Connect location in which the LAG should be allocated. See [DescribeLocations](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DescribeLocations.html) for the list of AWS Direct Connect locations. Use `locationCode`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LAG.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "connectionsBandwidth", + "location" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LinkAggregationGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the LAG.\n* `jumbo_frame_capable` -Indicates whether jumbo frames (9001 MTU) are supported.\n" + }, + "connectionsBandwidth": { + "type": "string", + "description": "The bandwidth of the individual physical connections bundled by the LAG. Valid values: 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, 500Mbps, 1Gbps, 2Gbps, 5Gbps, 10Gbps and 100Gbps. Case sensitive.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all connections associated with the LAG should be deleted so that the LAG can be destroyed without error. These objects are *not* recoverable.\n" + }, + "hasLogicalRedundancy": { + "type": "string", + "description": "Indicates whether the LAG supports a secondary BGP peer in the same address family (IPv4/IPv6).\n" + }, + "jumboFrameCapable": { + "type": "boolean" + }, + "location": { + "type": "string", + "description": "The AWS Direct Connect location in which the LAG should be allocated. See [DescribeLocations](https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DescribeLocations.html) for the list of AWS Direct Connect locations. Use `locationCode`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LAG.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/privateVirtualInterface:PrivateVirtualInterface": { + "description": "Provides a Direct Connect private virtual interface resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.directconnect.PrivateVirtualInterface(\"foo\", {\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n connectionId: \"dxcon-zzzzzzzz\",\n vlan: 4094,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.directconnect.PrivateVirtualInterface(\"foo\",\n address_family=\"ipv4\",\n bgp_asn=65352,\n connection_id=\"dxcon-zzzzzzzz\",\n vlan=4094)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.DirectConnect.PrivateVirtualInterface(\"foo\", new Aws.DirectConnect.PrivateVirtualInterfaceArgs\n {\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n ConnectionId = \"dxcon-zzzzzzzz\",\n Vlan = 4094,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.NewPrivateVirtualInterface(ctx, \"foo\", &directconnect.PrivateVirtualInterfaceArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect private virtual interfaces can be imported using the `vif id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/privateVirtualInterface:PrivateVirtualInterface test dxvif-33cc44dd\n```\n\n ", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "jumboFrameCapable": { + "type": "boolean", + "description": "Indicates whether jumbo frames (9001 MTU) are supported.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection.\nThe MTU of a virtual private interface can be either `1500` or `9001` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the virtual private gateway to which to connect the virtual interface.\n" + } + }, + "required": [ + "addressFamily", + "amazonAddress", + "amazonSideAsn", + "arn", + "awsDevice", + "bgpAsn", + "bgpAuthKey", + "connectionId", + "customerAddress", + "jumboFrameCapable", + "name", + "tagsAll", + "vlan" + ], + "inputProperties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection.\nThe MTU of a virtual private interface can be either `1500` or `9001` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the virtual private gateway to which to connect the virtual interface.\n" + } + }, + "requiredInputs": [ + "addressFamily", + "bgpAsn", + "connectionId", + "vlan" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PrivateVirtualInterface resources.\n", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "jumboFrameCapable": { + "type": "boolean", + "description": "Indicates whether jumbo frames (9001 MTU) are supported.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection.\nThe MTU of a virtual private interface can be either `1500` or `9001` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the virtual private gateway to which to connect the virtual interface.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/publicVirtualInterface:PublicVirtualInterface": { + "description": "Provides a Direct Connect public virtual interface resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.directconnect.PublicVirtualInterface(\"foo\", {\n addressFamily: \"ipv4\",\n amazonAddress: \"175.45.176.2/30\",\n bgpAsn: 65352,\n connectionId: \"dxcon-zzzzzzzz\",\n customerAddress: \"175.45.176.1/30\",\n routeFilterPrefixes: [\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ],\n vlan: 4094,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.directconnect.PublicVirtualInterface(\"foo\",\n address_family=\"ipv4\",\n amazon_address=\"175.45.176.2/30\",\n bgp_asn=65352,\n connection_id=\"dxcon-zzzzzzzz\",\n customer_address=\"175.45.176.1/30\",\n route_filter_prefixes=[\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n ],\n vlan=4094)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.DirectConnect.PublicVirtualInterface(\"foo\", new Aws.DirectConnect.PublicVirtualInterfaceArgs\n {\n AddressFamily = \"ipv4\",\n AmazonAddress = \"175.45.176.2/30\",\n BgpAsn = 65352,\n ConnectionId = \"dxcon-zzzzzzzz\",\n CustomerAddress = \"175.45.176.1/30\",\n RouteFilterPrefixes = \n {\n \"210.52.109.0/24\",\n \"175.45.176.0/22\",\n },\n Vlan = 4094,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.NewPublicVirtualInterface(ctx, \"foo\", &directconnect.PublicVirtualInterfaceArgs{\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tAmazonAddress: pulumi.String(\"175.45.176.2/30\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t\tConnectionId: pulumi.String(\"dxcon-zzzzzzzz\"),\n\t\t\tCustomerAddress: pulumi.String(\"175.45.176.1/30\"),\n\t\t\tRouteFilterPrefixes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"210.52.109.0/24\"),\n\t\t\t\tpulumi.String(\"175.45.176.0/22\"),\n\t\t\t},\n\t\t\tVlan: pulumi.Int(4094),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect public virtual interfaces can be imported using the `vif id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/publicVirtualInterface:PublicVirtualInterface test dxvif-33cc44dd\n```\n\n ", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "routeFilterPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of routes to be advertised to the AWS network in this region.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "required": [ + "addressFamily", + "amazonAddress", + "amazonSideAsn", + "arn", + "awsDevice", + "bgpAsn", + "bgpAuthKey", + "connectionId", + "customerAddress", + "name", + "routeFilterPrefixes", + "tagsAll", + "vlan" + ], + "inputProperties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "routeFilterPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of routes to be advertised to the AWS network in this region.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "requiredInputs": [ + "addressFamily", + "bgpAsn", + "connectionId", + "routeFilterPrefixes", + "vlan" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PublicVirtualInterface resources.\n", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "routeFilterPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of routes to be advertised to the AWS network in this region.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "type": "object" + } + }, + "aws:directconnect/transitVirtualInterface:TransitVirtualInterface": { + "description": "Provides a Direct Connect transit virtual interface resource.\nA transit virtual interface is a VLAN that transports traffic from a Direct Connect gateway to one or more transit gateways.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleGateway = new aws.directconnect.Gateway(\"exampleGateway\", {amazonSideAsn: 64512});\nconst exampleTransitVirtualInterface = new aws.directconnect.TransitVirtualInterface(\"exampleTransitVirtualInterface\", {\n connectionId: aws_dx_connection.example.id,\n dxGatewayId: exampleGateway.id,\n vlan: 4094,\n addressFamily: \"ipv4\",\n bgpAsn: 65352,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_gateway = aws.directconnect.Gateway(\"exampleGateway\", amazon_side_asn=\"64512\")\nexample_transit_virtual_interface = aws.directconnect.TransitVirtualInterface(\"exampleTransitVirtualInterface\",\n connection_id=aws_dx_connection[\"example\"][\"id\"],\n dx_gateway_id=example_gateway.id,\n vlan=4094,\n address_family=\"ipv4\",\n bgp_asn=65352)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleGateway = new Aws.DirectConnect.Gateway(\"exampleGateway\", new Aws.DirectConnect.GatewayArgs\n {\n AmazonSideAsn = \"64512\",\n });\n var exampleTransitVirtualInterface = new Aws.DirectConnect.TransitVirtualInterface(\"exampleTransitVirtualInterface\", new Aws.DirectConnect.TransitVirtualInterfaceArgs\n {\n ConnectionId = aws_dx_connection.Example.Id,\n DxGatewayId = exampleGateway.Id,\n Vlan = 4094,\n AddressFamily = \"ipv4\",\n BgpAsn = 65352,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleGateway, err := directconnect.NewGateway(ctx, \"exampleGateway\", &directconnect.GatewayArgs{\n\t\t\tAmazonSideAsn: pulumi.String(\"64512\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directconnect.NewTransitVirtualInterface(ctx, \"exampleTransitVirtualInterface\", &directconnect.TransitVirtualInterfaceArgs{\n\t\t\tConnectionId: pulumi.Any(aws_dx_connection.Example.Id),\n\t\t\tDxGatewayId: exampleGateway.ID(),\n\t\t\tVlan: pulumi.Int(4094),\n\t\t\tAddressFamily: pulumi.String(\"ipv4\"),\n\t\t\tBgpAsn: pulumi.Int(65352),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirect Connect transit virtual interfaces can be imported using the `vif id`, e.g.\n\n```sh\n $ pulumi import aws:directconnect/transitVirtualInterface:TransitVirtualInterface test dxvif-33cc44dd\n```\n\n ", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "jumboFrameCapable": { + "type": "boolean", + "description": "Indicates whether jumbo frames (8500 MTU) are supported.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection.\nThe MTU of a virtual transit interface can be either `1500` or `8500` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "required": [ + "addressFamily", + "amazonAddress", + "amazonSideAsn", + "arn", + "awsDevice", + "bgpAsn", + "bgpAuthKey", + "connectionId", + "customerAddress", + "dxGatewayId", + "jumboFrameCapable", + "name", + "tagsAll", + "vlan" + ], + "inputProperties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection.\nThe MTU of a virtual transit interface can be either `1500` or `8500` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "requiredInputs": [ + "addressFamily", + "bgpAsn", + "connectionId", + "dxGatewayId", + "vlan" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TransitVirtualInterface resources.\n", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family for the BGP peer. `ipv4 ` or `ipv6`.\n" + }, + "amazonAddress": { + "type": "string", + "description": "The IPv4 CIDR address to use to send traffic to Amazon. Required for IPv4 BGP peers.\n" + }, + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "The ARN of the virtual interface.\n" + }, + "awsDevice": { + "type": "string", + "description": "The Direct Connect endpoint on which the virtual interface terminates.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "The autonomous system (AS) number for Border Gateway Protocol (BGP) configuration.\n" + }, + "bgpAuthKey": { + "type": "string", + "description": "The authentication key for BGP configuration.\n" + }, + "connectionId": { + "type": "string", + "description": "The ID of the Direct Connect connection (or LAG) on which to create the virtual interface.\n" + }, + "customerAddress": { + "type": "string", + "description": "The IPv4 CIDR destination address to which Amazon should send traffic. Required for IPv4 BGP peers.\n" + }, + "dxGatewayId": { + "type": "string", + "description": "The ID of the Direct Connect gateway to which to connect the virtual interface.\n" + }, + "jumboFrameCapable": { + "type": "boolean", + "description": "Indicates whether jumbo frames (8500 MTU) are supported.\n" + }, + "mtu": { + "type": "integer", + "description": "The maximum transmission unit (MTU) is the size, in bytes, of the largest permissible packet that can be passed over the connection.\nThe MTU of a virtual transit interface can be either `1500` or `8500` (jumbo frames). Default is `1500`.\n" + }, + "name": { + "type": "string", + "description": "The name for the virtual interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vlan": { + "type": "integer", + "description": "The VLAN ID.\n" + } + }, + "type": "object" + } + }, + "aws:directoryservice/conditionalForwader:ConditionalForwader": { + "description": "Provides a conditional forwarder for managed Microsoft AD in AWS Directory Service.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.directoryservice.ConditionalForwader(\"example\", {\n directoryId: aws_directory_service_directory.ad.id,\n remoteDomainName: \"example.com\",\n dnsIps: [\n \"8.8.8.8\",\n \"8.8.4.4\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.directoryservice.ConditionalForwader(\"example\",\n directory_id=aws_directory_service_directory[\"ad\"][\"id\"],\n remote_domain_name=\"example.com\",\n dns_ips=[\n \"8.8.8.8\",\n \"8.8.4.4\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DirectoryService.ConditionalForwader(\"example\", new Aws.DirectoryService.ConditionalForwaderArgs\n {\n DirectoryId = aws_directory_service_directory.Ad.Id,\n RemoteDomainName = \"example.com\",\n DnsIps = \n {\n \"8.8.8.8\",\n \"8.8.4.4\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directoryservice.NewConditionalForwader(ctx, \"example\", &directoryservice.ConditionalForwaderArgs{\n\t\t\tDirectoryId: pulumi.Any(aws_directory_service_directory.Ad.Id),\n\t\t\tRemoteDomainName: pulumi.String(\"example.com\"),\n\t\t\tDnsIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"8.8.8.8\"),\n\t\t\t\tpulumi.String(\"8.8.4.4\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nConditional forwarders can be imported using the directory id and remote_domain_name, e.g.\n\n```sh\n $ pulumi import aws:directoryservice/conditionalForwader:ConditionalForwader example d-1234567890:example.com\n```\n\n ", + "properties": { + "directoryId": { + "type": "string", + "description": "The id of directory.\n" + }, + "dnsIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of forwarder IP addresses.\n" + }, + "remoteDomainName": { + "type": "string", + "description": "The fully qualified domain name of the remote domain for which forwarders will be used.\n" + } + }, + "required": [ + "directoryId", + "dnsIps", + "remoteDomainName" + ], + "inputProperties": { + "directoryId": { + "type": "string", + "description": "The id of directory.\n" + }, + "dnsIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of forwarder IP addresses.\n" + }, + "remoteDomainName": { + "type": "string", + "description": "The fully qualified domain name of the remote domain for which forwarders will be used.\n" + } + }, + "requiredInputs": [ + "directoryId", + "dnsIps", + "remoteDomainName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ConditionalForwader resources.\n", + "properties": { + "directoryId": { + "type": "string", + "description": "The id of directory.\n" + }, + "dnsIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of forwarder IP addresses.\n" + }, + "remoteDomainName": { + "type": "string", + "description": "The fully qualified domain name of the remote domain for which forwarders will be used.\n" + } + }, + "type": "object" + } + }, + "aws:directoryservice/directory:Directory": { + "description": "Provides a Simple or Managed Microsoft directory in AWS Directory Service.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### SimpleAD\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst foo = new aws.ec2.Subnet(\"foo\", {\n vpcId: main.id,\n availabilityZone: \"us-west-2a\",\n cidrBlock: \"10.0.1.0/24\",\n});\nconst barSubnet = new aws.ec2.Subnet(\"barSubnet\", {\n vpcId: main.id,\n availabilityZone: \"us-west-2b\",\n cidrBlock: \"10.0.2.0/24\",\n});\nconst barDirectory = new aws.directoryservice.Directory(\"barDirectory\", {\n name: \"corp.notexample.com\",\n password: \"SuperSecretPassw0rd\",\n size: \"Small\",\n vpcSettings: {\n vpcId: main.id,\n subnetIds: [\n foo.id,\n barSubnet.id,\n ],\n },\n tags: {\n Project: \"foo\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\nfoo = aws.ec2.Subnet(\"foo\",\n vpc_id=main.id,\n availability_zone=\"us-west-2a\",\n cidr_block=\"10.0.1.0/24\")\nbar_subnet = aws.ec2.Subnet(\"barSubnet\",\n vpc_id=main.id,\n availability_zone=\"us-west-2b\",\n cidr_block=\"10.0.2.0/24\")\nbar_directory = aws.directoryservice.Directory(\"barDirectory\",\n name=\"corp.notexample.com\",\n password=\"SuperSecretPassw0rd\",\n size=\"Small\",\n vpc_settings=aws.directoryservice.DirectoryVpcSettingsArgs(\n vpc_id=main.id,\n subnet_ids=[\n foo.id,\n bar_subnet.id,\n ],\n ),\n tags={\n \"Project\": \"foo\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var foo = new Aws.Ec2.Subnet(\"foo\", new Aws.Ec2.SubnetArgs\n {\n VpcId = main.Id,\n AvailabilityZone = \"us-west-2a\",\n CidrBlock = \"10.0.1.0/24\",\n });\n var barSubnet = new Aws.Ec2.Subnet(\"barSubnet\", new Aws.Ec2.SubnetArgs\n {\n VpcId = main.Id,\n AvailabilityZone = \"us-west-2b\",\n CidrBlock = \"10.0.2.0/24\",\n });\n var barDirectory = new Aws.DirectoryService.Directory(\"barDirectory\", new Aws.DirectoryService.DirectoryArgs\n {\n Name = \"corp.notexample.com\",\n Password = \"SuperSecretPassw0rd\",\n Size = \"Small\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = main.Id,\n SubnetIds = \n {\n foo.Id,\n barSubnet.Id,\n },\n },\n Tags = \n {\n { \"Project\", \"foo\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewSubnet(ctx, \"foo\", &ec2.SubnetArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbarSubnet, err := ec2.NewSubnet(ctx, \"barSubnet\", &ec2.SubnetArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2b\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.2.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directoryservice.NewDirectory(ctx, \"barDirectory\", &directoryservice.DirectoryArgs{\n\t\t\tName: pulumi.String(\"corp.notexample.com\"),\n\t\t\tPassword: pulumi.String(\"SuperSecretPassw0rd\"),\n\t\t\tSize: pulumi.String(\"Small\"),\n\t\t\tVpcSettings: &directoryservice.DirectoryVpcSettingsArgs{\n\t\t\t\tVpcId: main.ID(),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfoo.ID(),\n\t\t\t\t\tbarSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Project\": pulumi.String(\"foo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Microsoft Active Directory (MicrosoftAD)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst foo = new aws.ec2.Subnet(\"foo\", {\n vpcId: main.id,\n availabilityZone: \"us-west-2a\",\n cidrBlock: \"10.0.1.0/24\",\n});\nconst barSubnet = new aws.ec2.Subnet(\"barSubnet\", {\n vpcId: main.id,\n availabilityZone: \"us-west-2b\",\n cidrBlock: \"10.0.2.0/24\",\n});\nconst barDirectory = new aws.directoryservice.Directory(\"barDirectory\", {\n name: \"corp.notexample.com\",\n password: \"SuperSecretPassw0rd\",\n edition: \"Standard\",\n type: \"MicrosoftAD\",\n vpcSettings: {\n vpcId: main.id,\n subnetIds: [\n foo.id,\n barSubnet.id,\n ],\n },\n tags: {\n Project: \"foo\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\nfoo = aws.ec2.Subnet(\"foo\",\n vpc_id=main.id,\n availability_zone=\"us-west-2a\",\n cidr_block=\"10.0.1.0/24\")\nbar_subnet = aws.ec2.Subnet(\"barSubnet\",\n vpc_id=main.id,\n availability_zone=\"us-west-2b\",\n cidr_block=\"10.0.2.0/24\")\nbar_directory = aws.directoryservice.Directory(\"barDirectory\",\n name=\"corp.notexample.com\",\n password=\"SuperSecretPassw0rd\",\n edition=\"Standard\",\n type=\"MicrosoftAD\",\n vpc_settings=aws.directoryservice.DirectoryVpcSettingsArgs(\n vpc_id=main.id,\n subnet_ids=[\n foo.id,\n bar_subnet.id,\n ],\n ),\n tags={\n \"Project\": \"foo\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var foo = new Aws.Ec2.Subnet(\"foo\", new Aws.Ec2.SubnetArgs\n {\n VpcId = main.Id,\n AvailabilityZone = \"us-west-2a\",\n CidrBlock = \"10.0.1.0/24\",\n });\n var barSubnet = new Aws.Ec2.Subnet(\"barSubnet\", new Aws.Ec2.SubnetArgs\n {\n VpcId = main.Id,\n AvailabilityZone = \"us-west-2b\",\n CidrBlock = \"10.0.2.0/24\",\n });\n var barDirectory = new Aws.DirectoryService.Directory(\"barDirectory\", new Aws.DirectoryService.DirectoryArgs\n {\n Name = \"corp.notexample.com\",\n Password = \"SuperSecretPassw0rd\",\n Edition = \"Standard\",\n Type = \"MicrosoftAD\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = main.Id,\n SubnetIds = \n {\n foo.Id,\n barSubnet.Id,\n },\n },\n Tags = \n {\n { \"Project\", \"foo\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewSubnet(ctx, \"foo\", &ec2.SubnetArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbarSubnet, err := ec2.NewSubnet(ctx, \"barSubnet\", &ec2.SubnetArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2b\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.2.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directoryservice.NewDirectory(ctx, \"barDirectory\", &directoryservice.DirectoryArgs{\n\t\t\tName: pulumi.String(\"corp.notexample.com\"),\n\t\t\tPassword: pulumi.String(\"SuperSecretPassw0rd\"),\n\t\t\tEdition: pulumi.String(\"Standard\"),\n\t\t\tType: pulumi.String(\"MicrosoftAD\"),\n\t\t\tVpcSettings: &directoryservice.DirectoryVpcSettingsArgs{\n\t\t\t\tVpcId: main.ID(),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfoo.ID(),\n\t\t\t\t\tbarSubnet.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Project\": pulumi.String(\"foo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Microsoft Active Directory Connector (ADConnector)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst foo = new aws.ec2.Subnet(\"foo\", {\n vpcId: main.id,\n availabilityZone: \"us-west-2a\",\n cidrBlock: \"10.0.1.0/24\",\n});\nconst bar = new aws.ec2.Subnet(\"bar\", {\n vpcId: main.id,\n availabilityZone: \"us-west-2b\",\n cidrBlock: \"10.0.2.0/24\",\n});\nconst connector = new aws.directoryservice.Directory(\"connector\", {\n name: \"corp.notexample.com\",\n password: \"SuperSecretPassw0rd\",\n size: \"Small\",\n type: \"ADConnector\",\n connectSettings: {\n customerDnsIps: [\"A.B.C.D\"],\n customerUsername: \"Admin\",\n subnetIds: [\n foo.id,\n bar.id,\n ],\n vpcId: main.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\nfoo = aws.ec2.Subnet(\"foo\",\n vpc_id=main.id,\n availability_zone=\"us-west-2a\",\n cidr_block=\"10.0.1.0/24\")\nbar = aws.ec2.Subnet(\"bar\",\n vpc_id=main.id,\n availability_zone=\"us-west-2b\",\n cidr_block=\"10.0.2.0/24\")\nconnector = aws.directoryservice.Directory(\"connector\",\n name=\"corp.notexample.com\",\n password=\"SuperSecretPassw0rd\",\n size=\"Small\",\n type=\"ADConnector\",\n connect_settings=aws.directoryservice.DirectoryConnectSettingsArgs(\n customer_dns_ips=[\"A.B.C.D\"],\n customer_username=\"Admin\",\n subnet_ids=[\n foo.id,\n bar.id,\n ],\n vpc_id=main.id,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var foo = new Aws.Ec2.Subnet(\"foo\", new Aws.Ec2.SubnetArgs\n {\n VpcId = main.Id,\n AvailabilityZone = \"us-west-2a\",\n CidrBlock = \"10.0.1.0/24\",\n });\n var bar = new Aws.Ec2.Subnet(\"bar\", new Aws.Ec2.SubnetArgs\n {\n VpcId = main.Id,\n AvailabilityZone = \"us-west-2b\",\n CidrBlock = \"10.0.2.0/24\",\n });\n var connector = new Aws.DirectoryService.Directory(\"connector\", new Aws.DirectoryService.DirectoryArgs\n {\n Name = \"corp.notexample.com\",\n Password = \"SuperSecretPassw0rd\",\n Size = \"Small\",\n Type = \"ADConnector\",\n ConnectSettings = new Aws.DirectoryService.Inputs.DirectoryConnectSettingsArgs\n {\n CustomerDnsIps = \n {\n \"A.B.C.D\",\n },\n CustomerUsername = \"Admin\",\n SubnetIds = \n {\n foo.Id,\n bar.Id,\n },\n VpcId = main.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewSubnet(ctx, \"foo\", &ec2.SubnetArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewSubnet(ctx, \"bar\", &ec2.SubnetArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2b\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.2.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directoryservice.NewDirectory(ctx, \"connector\", &directoryservice.DirectoryArgs{\n\t\t\tName: pulumi.String(\"corp.notexample.com\"),\n\t\t\tPassword: pulumi.String(\"SuperSecretPassw0rd\"),\n\t\t\tSize: pulumi.String(\"Small\"),\n\t\t\tType: pulumi.String(\"ADConnector\"),\n\t\t\tConnectSettings: &directoryservice.DirectoryConnectSettingsArgs{\n\t\t\t\tCustomerDnsIps: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"A.B.C.D\"),\n\t\t\t\t},\n\t\t\t\tCustomerUsername: pulumi.String(\"Admin\"),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tfoo.ID(),\n\t\t\t\t\tbar.ID(),\n\t\t\t\t},\n\t\t\t\tVpcId: main.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDirectoryService directories can be imported using the directory `id`, e.g.\n\n```sh\n $ pulumi import aws:directoryservice/directory:Directory sample d-926724cf57\n```\n\n ", + "properties": { + "accessUrl": { + "type": "string", + "description": "The access URL for the directory, such as `http://alias.awsapps.com`.\n" + }, + "alias": { + "type": "string", + "description": "The alias for the directory (must be unique amongst all aliases in AWS). Required for `enable_sso`.\n" + }, + "connectSettings": { + "$ref": "#/types/aws:directoryservice/DirectoryConnectSettings:DirectoryConnectSettings", + "description": "Connector related information about the directory. Fields documented below.\n" + }, + "description": { + "type": "string", + "description": "A textual description for the directory.\n" + }, + "dnsIpAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IP addresses of the DNS servers for the directory or connector.\n" + }, + "edition": { + "type": "string", + "description": "The MicrosoftAD edition (`Standard` or `Enterprise`). Defaults to `Enterprise` (applies to MicrosoftAD type only).\n" + }, + "enableSso": { + "type": "boolean", + "description": "Whether to enable single-sign on for the directory. Requires `alias`. Defaults to `false`.\n" + }, + "name": { + "type": "string", + "description": "The fully qualified name for the directory, such as `corp.example.com`\n" + }, + "password": { + "type": "string", + "description": "The password for the directory administrator or connector user.\n" + }, + "securityGroupId": { + "type": "string", + "description": "The ID of the security group created by the directory.\n" + }, + "shortName": { + "type": "string", + "description": "The short name of the directory, such as `CORP`.\n" + }, + "size": { + "type": "string", + "description": "The size of the directory (`Small` or `Large` are accepted values).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The directory type (`SimpleAD`, `ADConnector` or `MicrosoftAD` are accepted values). Defaults to `SimpleAD`.\n" + }, + "vpcSettings": { + "$ref": "#/types/aws:directoryservice/DirectoryVpcSettings:DirectoryVpcSettings", + "description": "VPC related information about the directory. Fields documented below.\n" + } + }, + "required": [ + "accessUrl", + "alias", + "dnsIpAddresses", + "edition", + "name", + "password", + "securityGroupId", + "shortName", + "size", + "tagsAll" + ], + "inputProperties": { + "alias": { + "type": "string", + "description": "The alias for the directory (must be unique amongst all aliases in AWS). Required for `enable_sso`.\n" + }, + "connectSettings": { + "$ref": "#/types/aws:directoryservice/DirectoryConnectSettings:DirectoryConnectSettings", + "description": "Connector related information about the directory. Fields documented below.\n" + }, + "description": { + "type": "string", + "description": "A textual description for the directory.\n" + }, + "edition": { + "type": "string", + "description": "The MicrosoftAD edition (`Standard` or `Enterprise`). Defaults to `Enterprise` (applies to MicrosoftAD type only).\n" + }, + "enableSso": { + "type": "boolean", + "description": "Whether to enable single-sign on for the directory. Requires `alias`. Defaults to `false`.\n" + }, + "name": { + "type": "string", + "description": "The fully qualified name for the directory, such as `corp.example.com`\n" + }, + "password": { + "type": "string", + "description": "The password for the directory administrator or connector user.\n" + }, + "shortName": { + "type": "string", + "description": "The short name of the directory, such as `CORP`.\n" + }, + "size": { + "type": "string", + "description": "The size of the directory (`Small` or `Large` are accepted values).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The directory type (`SimpleAD`, `ADConnector` or `MicrosoftAD` are accepted values). Defaults to `SimpleAD`.\n" + }, + "vpcSettings": { + "$ref": "#/types/aws:directoryservice/DirectoryVpcSettings:DirectoryVpcSettings", + "description": "VPC related information about the directory. Fields documented below.\n" + } + }, + "requiredInputs": [ + "name", + "password" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Directory resources.\n", + "properties": { + "accessUrl": { + "type": "string", + "description": "The access URL for the directory, such as `http://alias.awsapps.com`.\n" + }, + "alias": { + "type": "string", + "description": "The alias for the directory (must be unique amongst all aliases in AWS). Required for `enable_sso`.\n" + }, + "connectSettings": { + "$ref": "#/types/aws:directoryservice/DirectoryConnectSettings:DirectoryConnectSettings", + "description": "Connector related information about the directory. Fields documented below.\n" + }, + "description": { + "type": "string", + "description": "A textual description for the directory.\n" + }, + "dnsIpAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IP addresses of the DNS servers for the directory or connector.\n" + }, + "edition": { + "type": "string", + "description": "The MicrosoftAD edition (`Standard` or `Enterprise`). Defaults to `Enterprise` (applies to MicrosoftAD type only).\n" + }, + "enableSso": { + "type": "boolean", + "description": "Whether to enable single-sign on for the directory. Requires `alias`. Defaults to `false`.\n" + }, + "name": { + "type": "string", + "description": "The fully qualified name for the directory, such as `corp.example.com`\n" + }, + "password": { + "type": "string", + "description": "The password for the directory administrator or connector user.\n" + }, + "securityGroupId": { + "type": "string", + "description": "The ID of the security group created by the directory.\n" + }, + "shortName": { + "type": "string", + "description": "The short name of the directory, such as `CORP`.\n" + }, + "size": { + "type": "string", + "description": "The size of the directory (`Small` or `Large` are accepted values).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The directory type (`SimpleAD`, `ADConnector` or `MicrosoftAD` are accepted values). Defaults to `SimpleAD`.\n" + }, + "vpcSettings": { + "$ref": "#/types/aws:directoryservice/DirectoryVpcSettings:DirectoryVpcSettings", + "description": "VPC related information about the directory. Fields documented below.\n" + } + }, + "type": "object" + } + }, + "aws:directoryservice/logService:LogService": { + "description": "Provides a Log subscription for AWS Directory Service that pushes logs to cloudwatch.\n\n\n## Import\n\nDirectory Service Log Subscriptions can be imported using the directory id, e.g.\n\n```sh\n $ pulumi import aws:directoryservice/logService:LogService msad d-1234567890\n```\n\n ", + "properties": { + "directoryId": { + "type": "string", + "description": "The id of directory.\n" + }, + "logGroupName": { + "type": "string", + "description": "Name of the cloudwatch log group to which the logs should be published. The log group should be already created and the directory service principal should be provided with required permission to create stream and publish logs. Changing this value would delete the current subscription and create a new one. A directory can only have one log subscription at a time.\n" + } + }, + "required": [ + "directoryId", + "logGroupName" + ], + "inputProperties": { + "directoryId": { + "type": "string", + "description": "The id of directory.\n" + }, + "logGroupName": { + "type": "string", + "description": "Name of the cloudwatch log group to which the logs should be published. The log group should be already created and the directory service principal should be provided with required permission to create stream and publish logs. Changing this value would delete the current subscription and create a new one. A directory can only have one log subscription at a time.\n" + } + }, + "requiredInputs": [ + "directoryId", + "logGroupName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LogService resources.\n", + "properties": { + "directoryId": { + "type": "string", + "description": "The id of directory.\n" + }, + "logGroupName": { + "type": "string", + "description": "Name of the cloudwatch log group to which the logs should be published. The log group should be already created and the directory service principal should be provided with required permission to create stream and publish logs. Changing this value would delete the current subscription and create a new one. A directory can only have one log subscription at a time.\n" + } + }, + "type": "object" + } + }, + "aws:dlm/lifecyclePolicy:LifecyclePolicy": { + "description": "Provides a [Data Lifecycle Manager (DLM) lifecycle policy](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/snapshot-lifecycle.html) for managing snapshots.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dlmLifecycleRole = new aws.iam.Role(\"dlmLifecycleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"dlm.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst dlmLifecycle = new aws.iam.RolePolicy(\"dlmLifecycle\", {\n role: dlmLifecycleRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*::snapshot/*\"\n }\n ]\n}\n`,\n});\nconst example = new aws.dlm.LifecyclePolicy(\"example\", {\n description: \"example DLM lifecycle policy\",\n executionRoleArn: dlmLifecycleRole.arn,\n state: \"ENABLED\",\n policyDetails: {\n resourceTypes: [\"VOLUME\"],\n schedules: [{\n name: \"2 weeks of daily snapshots\",\n createRule: {\n interval: 24,\n intervalUnit: \"HOURS\",\n times: [\"23:45\"],\n },\n retainRule: {\n count: 14,\n },\n tagsToAdd: {\n SnapshotCreator: \"DLM\",\n },\n copyTags: false,\n }],\n targetTags: {\n Snapshot: \"true\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndlm_lifecycle_role = aws.iam.Role(\"dlmLifecycleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"dlm.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ndlm_lifecycle = aws.iam.RolePolicy(\"dlmLifecycle\",\n role=dlm_lifecycle_role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateSnapshot\",\n \"ec2:CreateSnapshots\",\n \"ec2:DeleteSnapshot\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeVolumes\",\n \"ec2:DescribeSnapshots\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:CreateTags\"\n ],\n \"Resource\": \"arn:aws:ec2:*::snapshot/*\"\n }\n ]\n}\n\"\"\")\nexample = aws.dlm.LifecyclePolicy(\"example\",\n description=\"example DLM lifecycle policy\",\n execution_role_arn=dlm_lifecycle_role.arn,\n state=\"ENABLED\",\n policy_details=aws.dlm.LifecyclePolicyPolicyDetailsArgs(\n resource_types=[\"VOLUME\"],\n schedules=[aws.dlm.LifecyclePolicyPolicyDetailsScheduleArgs(\n name=\"2 weeks of daily snapshots\",\n create_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs(\n interval=24,\n interval_unit=\"HOURS\",\n times=[\"23:45\"],\n ),\n retain_rule=aws.dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs(\n count=14,\n ),\n tags_to_add={\n \"SnapshotCreator\": \"DLM\",\n },\n copy_tags=False,\n )],\n target_tags={\n \"Snapshot\": \"true\",\n },\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dlmLifecycleRole = new Aws.Iam.Role(\"dlmLifecycleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"dlm.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var dlmLifecycle = new Aws.Iam.RolePolicy(\"dlmLifecycle\", new Aws.Iam.RolePolicyArgs\n {\n Role = dlmLifecycleRole.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:CreateSnapshot\"\",\n \"\"ec2:CreateSnapshots\"\",\n \"\"ec2:DeleteSnapshot\"\",\n \"\"ec2:DescribeInstances\"\",\n \"\"ec2:DescribeVolumes\"\",\n \"\"ec2:DescribeSnapshots\"\"\n ],\n \"\"Resource\"\": \"\"*\"\"\n },\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:CreateTags\"\"\n ],\n \"\"Resource\"\": \"\"arn:aws:ec2:*::snapshot/*\"\"\n }\n ]\n}\n\",\n });\n var example = new Aws.Dlm.LifecyclePolicy(\"example\", new Aws.Dlm.LifecyclePolicyArgs\n {\n Description = \"example DLM lifecycle policy\",\n ExecutionRoleArn = dlmLifecycleRole.Arn,\n State = \"ENABLED\",\n PolicyDetails = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsArgs\n {\n ResourceTypes = \n {\n \"VOLUME\",\n },\n Schedules = \n {\n new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleArgs\n {\n Name = \"2 weeks of daily snapshots\",\n CreateRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs\n {\n Interval = 24,\n IntervalUnit = \"HOURS\",\n Times = \n {\n \"23:45\",\n },\n },\n RetainRule = new Aws.Dlm.Inputs.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs\n {\n Count = 14,\n },\n TagsToAdd = \n {\n { \"SnapshotCreator\", \"DLM\" },\n },\n CopyTags = false,\n },\n },\n TargetTags = \n {\n { \"Snapshot\", \"true\" },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dlm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdlmLifecycleRole, err := iam.NewRole(ctx, \"dlmLifecycleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"dlm.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"dlmLifecycle\", &iam.RolePolicyArgs{\n\t\t\tRole: dlmLifecycleRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:CreateSnapshot\\\",\\n\", \" \\\"ec2:CreateSnapshots\\\",\\n\", \" \\\"ec2:DeleteSnapshot\\\",\\n\", \" \\\"ec2:DescribeInstances\\\",\\n\", \" \\\"ec2:DescribeVolumes\\\",\\n\", \" \\\"ec2:DescribeSnapshots\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" },\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:CreateTags\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"arn:aws:ec2:*::snapshot/*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dlm.NewLifecyclePolicy(ctx, \"example\", &dlm.LifecyclePolicyArgs{\n\t\t\tDescription: pulumi.String(\"example DLM lifecycle policy\"),\n\t\t\tExecutionRoleArn: dlmLifecycleRole.Arn,\n\t\t\tState: pulumi.String(\"ENABLED\"),\n\t\t\tPolicyDetails: &dlm.LifecyclePolicyPolicyDetailsArgs{\n\t\t\t\tResourceTypes: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"VOLUME\"),\n\t\t\t\t},\n\t\t\t\tSchedules: dlm.LifecyclePolicyPolicyDetailsScheduleArray{\n\t\t\t\t\t&dlm.LifecyclePolicyPolicyDetailsScheduleArgs{\n\t\t\t\t\t\tName: pulumi.String(\"2 weeks of daily snapshots\"),\n\t\t\t\t\t\tCreateRule: &dlm.LifecyclePolicyPolicyDetailsScheduleCreateRuleArgs{\n\t\t\t\t\t\t\tInterval: pulumi.Int(24),\n\t\t\t\t\t\t\tIntervalUnit: pulumi.String(\"HOURS\"),\n\t\t\t\t\t\t\tTimes: pulumi.String{\n\t\t\t\t\t\t\t\t\"23:45\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRetainRule: &dlm.LifecyclePolicyPolicyDetailsScheduleRetainRuleArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(14),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTagsToAdd: pulumi.StringMap{\n\t\t\t\t\t\t\t\"SnapshotCreator\": pulumi.String(\"DLM\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tCopyTags: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetTags: pulumi.StringMap{\n\t\t\t\t\t\"Snapshot\": pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDLM lifecyle policies can be imported by their policy ID\n\n```sh\n $ pulumi import aws:dlm/lifecyclePolicy:LifecyclePolicy example policy-abcdef12345678901\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DLM Lifecycle Policy.\n" + }, + "description": { + "type": "string", + "description": "A description for the DLM lifecycle policy.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "The ARN of an IAM role that is able to be assumed by the DLM service.\n" + }, + "policyDetails": { + "$ref": "#/types/aws:dlm/LifecyclePolicyPolicyDetails:LifecyclePolicyPolicyDetails", + "description": "See the `policy_details` configuration block. Max of 1.\n" + }, + "state": { + "type": "string", + "description": "Whether the lifecycle policy should be enabled or disabled. `ENABLED` or `DISABLED` are valid values. Defaults to `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "description", + "executionRoleArn", + "policyDetails", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description for the DLM lifecycle policy.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "The ARN of an IAM role that is able to be assumed by the DLM service.\n" + }, + "policyDetails": { + "$ref": "#/types/aws:dlm/LifecyclePolicyPolicyDetails:LifecyclePolicyPolicyDetails", + "description": "See the `policy_details` configuration block. Max of 1.\n" + }, + "state": { + "type": "string", + "description": "Whether the lifecycle policy should be enabled or disabled. `ENABLED` or `DISABLED` are valid values. Defaults to `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "description", + "executionRoleArn", + "policyDetails" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LifecyclePolicy resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DLM Lifecycle Policy.\n" + }, + "description": { + "type": "string", + "description": "A description for the DLM lifecycle policy.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "The ARN of an IAM role that is able to be assumed by the DLM service.\n" + }, + "policyDetails": { + "$ref": "#/types/aws:dlm/LifecyclePolicyPolicyDetails:LifecyclePolicyPolicyDetails", + "description": "See the `policy_details` configuration block. Max of 1.\n" + }, + "state": { + "type": "string", + "description": "Whether the lifecycle policy should be enabled or disabled. `ENABLED` or `DISABLED` are valid values. Defaults to `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:dms/certificate:Certificate": { + "description": "Provides a DMS (Data Migration Service) certificate resource. DMS certificates can be created, deleted, and imported.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new certificate\nconst test = new aws.dms.Certificate(\"test\", {\n certificateId: \"test-dms-certificate-tf\",\n certificatePem: \"...\",\n tags: {\n Name: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new certificate\ntest = aws.dms.Certificate(\"test\",\n certificate_id=\"test-dms-certificate-tf\",\n certificate_pem=\"...\",\n tags={\n \"Name\": \"test\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new certificate\n var test = new Aws.Dms.Certificate(\"test\", new Aws.Dms.CertificateArgs\n {\n CertificateId = \"test-dms-certificate-tf\",\n CertificatePem = \"...\",\n Tags = \n {\n { \"Name\", \"test\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dms.NewCertificate(ctx, \"test\", &dms.CertificateArgs{\n\t\t\tCertificateId: pulumi.String(\"test-dms-certificate-tf\"),\n\t\t\tCertificatePem: pulumi.String(\"...\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCertificates can be imported using the `certificate_id`, e.g.\n\n```sh\n $ pulumi import aws:dms/certificate:Certificate test test-dms-certificate-tf\n```\n\n ", + "properties": { + "certificateArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the certificate.\n" + }, + "certificateId": { + "type": "string", + "description": "The certificate identifier.\n" + }, + "certificatePem": { + "type": "string", + "description": "The contents of the .pem X.509 certificate file for the certificate. Either `certificate_pem` or `certificate_wallet` must be set.\n" + }, + "certificateWallet": { + "type": "string", + "description": "The contents of the Oracle Wallet certificate for use with SSL, provided as a base64-encoded String. Either `certificate_pem` or `certificate_wallet` must be set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "certificateArn", + "certificateId", + "tagsAll" + ], + "inputProperties": { + "certificateId": { + "type": "string", + "description": "The certificate identifier.\n" + }, + "certificatePem": { + "type": "string", + "description": "The contents of the .pem X.509 certificate file for the certificate. Either `certificate_pem` or `certificate_wallet` must be set.\n" + }, + "certificateWallet": { + "type": "string", + "description": "The contents of the Oracle Wallet certificate for use with SSL, provided as a base64-encoded String. Either `certificate_pem` or `certificate_wallet` must be set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "certificateId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Certificate resources.\n", + "properties": { + "certificateArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the certificate.\n" + }, + "certificateId": { + "type": "string", + "description": "The certificate identifier.\n" + }, + "certificatePem": { + "type": "string", + "description": "The contents of the .pem X.509 certificate file for the certificate. Either `certificate_pem` or `certificate_wallet` must be set.\n" + }, + "certificateWallet": { + "type": "string", + "description": "The contents of the Oracle Wallet certificate for use with SSL, provided as a base64-encoded String. Either `certificate_pem` or `certificate_wallet` must be set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:dms/endpoint:Endpoint": { + "description": "Provides a DMS (Data Migration Service) endpoint resource. DMS endpoints can be created, updated, deleted, and imported.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new endpoint\nconst test = new aws.dms.Endpoint(\"test\", {\n certificateArn: \"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\",\n databaseName: \"test\",\n endpointId: \"test-dms-endpoint-tf\",\n endpointType: \"source\",\n engineName: \"aurora\",\n extraConnectionAttributes: \"\",\n kmsKeyArn: \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n password: \"test\",\n port: 3306,\n serverName: \"test\",\n sslMode: \"none\",\n tags: {\n Name: \"test\",\n },\n username: \"test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new endpoint\ntest = aws.dms.Endpoint(\"test\",\n certificate_arn=\"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\",\n database_name=\"test\",\n endpoint_id=\"test-dms-endpoint-tf\",\n endpoint_type=\"source\",\n engine_name=\"aurora\",\n extra_connection_attributes=\"\",\n kms_key_arn=\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n password=\"test\",\n port=3306,\n server_name=\"test\",\n ssl_mode=\"none\",\n tags={\n \"Name\": \"test\",\n },\n username=\"test\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new endpoint\n var test = new Aws.Dms.Endpoint(\"test\", new Aws.Dms.EndpointArgs\n {\n CertificateArn = \"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\",\n DatabaseName = \"test\",\n EndpointId = \"test-dms-endpoint-tf\",\n EndpointType = \"source\",\n EngineName = \"aurora\",\n ExtraConnectionAttributes = \"\",\n KmsKeyArn = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n Password = \"test\",\n Port = 3306,\n ServerName = \"test\",\n SslMode = \"none\",\n Tags = \n {\n { \"Name\", \"test\" },\n },\n Username = \"test\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dms.NewEndpoint(ctx, \"test\", &dms.EndpointArgs{\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:acm:us-east-1:123456789012:certificate/12345678-1234-1234-1234-123456789012\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tEndpointId: pulumi.String(\"test-dms-endpoint-tf\"),\n\t\t\tEndpointType: pulumi.String(\"source\"),\n\t\t\tEngineName: pulumi.String(\"aurora\"),\n\t\t\tExtraConnectionAttributes: pulumi.String(\"\"),\n\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"),\n\t\t\tPassword: pulumi.String(\"test\"),\n\t\t\tPort: pulumi.Int(3306),\n\t\t\tServerName: pulumi.String(\"test\"),\n\t\t\tSslMode: pulumi.String(\"none\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tUsername: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEndpoints can be imported using the `endpoint_id`, e.g.\n\n```sh\n $ pulumi import aws:dms/endpoint:Endpoint test test-dms-endpoint-tf\n```\n\n ", + "properties": { + "certificateArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the certificate.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the endpoint database.\n" + }, + "elasticsearchSettings": { + "$ref": "#/types/aws:dms/EndpointElasticsearchSettings:EndpointElasticsearchSettings", + "description": "Configuration block with Elasticsearch settings. Detailed below.\n" + }, + "endpointArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the endpoint.\n" + }, + "endpointId": { + "type": "string", + "description": "The database endpoint identifier.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of endpoint. Can be one of `source | target`.\n" + }, + "engineName": { + "type": "string", + "description": "The type of engine for the endpoint. Can be one of `aurora | aurora-postgresql| azuredb | db2 | docdb | dynamodb | elasticsearch | kafka | kinesis | mariadb | mongodb | mysql | oracle | postgres | redshift | s3 | sqlserver | sybase`.\n" + }, + "extraConnectionAttributes": { + "type": "string", + "description": "Additional attributes associated with the connection. For available attributes see [Using Extra Connection Attributes with AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib).\n" + }, + "kafkaSettings": { + "$ref": "#/types/aws:dms/EndpointKafkaSettings:EndpointKafkaSettings", + "description": "Configuration block with Kafka settings. Detailed below.\n" + }, + "kinesisSettings": { + "$ref": "#/types/aws:dms/EndpointKinesisSettings:EndpointKinesisSettings", + "description": "Configuration block with Kinesis settings. Detailed below.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for `kms_key_arn`, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.\n" + }, + "mongodbSettings": { + "$ref": "#/types/aws:dms/EndpointMongodbSettings:EndpointMongodbSettings", + "description": "Configuration block with MongoDB settings. Detailed below.\n" + }, + "password": { + "type": "string", + "description": "The password to be used to login to the endpoint database.\n" + }, + "port": { + "type": "integer", + "description": "The port used by the endpoint database.\n" + }, + "s3Settings": { + "$ref": "#/types/aws:dms/EndpointS3Settings:EndpointS3Settings", + "description": "Configuration block with S3 settings. Detailed below.\n" + }, + "serverName": { + "type": "string", + "description": "The host name of the server.\n" + }, + "serviceAccessRole": { + "type": "string", + "description": "The Amazon Resource Name (ARN) used by the service access IAM role for dynamodb endpoints.\n" + }, + "sslMode": { + "type": "string", + "description": "The SSL mode to use for the connection. Can be one of `none | require | verify-ca | verify-full`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "username": { + "type": "string", + "description": "The user name to be used to login to the endpoint database.\n" + } + }, + "required": [ + "certificateArn", + "endpointArn", + "endpointId", + "endpointType", + "engineName", + "extraConnectionAttributes", + "kmsKeyArn", + "sslMode", + "tagsAll" + ], + "inputProperties": { + "certificateArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the certificate.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the endpoint database.\n" + }, + "elasticsearchSettings": { + "$ref": "#/types/aws:dms/EndpointElasticsearchSettings:EndpointElasticsearchSettings", + "description": "Configuration block with Elasticsearch settings. Detailed below.\n" + }, + "endpointId": { + "type": "string", + "description": "The database endpoint identifier.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of endpoint. Can be one of `source | target`.\n" + }, + "engineName": { + "type": "string", + "description": "The type of engine for the endpoint. Can be one of `aurora | aurora-postgresql| azuredb | db2 | docdb | dynamodb | elasticsearch | kafka | kinesis | mariadb | mongodb | mysql | oracle | postgres | redshift | s3 | sqlserver | sybase`.\n" + }, + "extraConnectionAttributes": { + "type": "string", + "description": "Additional attributes associated with the connection. For available attributes see [Using Extra Connection Attributes with AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib).\n" + }, + "kafkaSettings": { + "$ref": "#/types/aws:dms/EndpointKafkaSettings:EndpointKafkaSettings", + "description": "Configuration block with Kafka settings. Detailed below.\n" + }, + "kinesisSettings": { + "$ref": "#/types/aws:dms/EndpointKinesisSettings:EndpointKinesisSettings", + "description": "Configuration block with Kinesis settings. Detailed below.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for `kms_key_arn`, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.\n" + }, + "mongodbSettings": { + "$ref": "#/types/aws:dms/EndpointMongodbSettings:EndpointMongodbSettings", + "description": "Configuration block with MongoDB settings. Detailed below.\n" + }, + "password": { + "type": "string", + "description": "The password to be used to login to the endpoint database.\n" + }, + "port": { + "type": "integer", + "description": "The port used by the endpoint database.\n" + }, + "s3Settings": { + "$ref": "#/types/aws:dms/EndpointS3Settings:EndpointS3Settings", + "description": "Configuration block with S3 settings. Detailed below.\n" + }, + "serverName": { + "type": "string", + "description": "The host name of the server.\n" + }, + "serviceAccessRole": { + "type": "string", + "description": "The Amazon Resource Name (ARN) used by the service access IAM role for dynamodb endpoints.\n" + }, + "sslMode": { + "type": "string", + "description": "The SSL mode to use for the connection. Can be one of `none | require | verify-ca | verify-full`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "username": { + "type": "string", + "description": "The user name to be used to login to the endpoint database.\n" + } + }, + "requiredInputs": [ + "endpointId", + "endpointType", + "engineName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Endpoint resources.\n", + "properties": { + "certificateArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the certificate.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the endpoint database.\n" + }, + "elasticsearchSettings": { + "$ref": "#/types/aws:dms/EndpointElasticsearchSettings:EndpointElasticsearchSettings", + "description": "Configuration block with Elasticsearch settings. Detailed below.\n" + }, + "endpointArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the endpoint.\n" + }, + "endpointId": { + "type": "string", + "description": "The database endpoint identifier.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of endpoint. Can be one of `source | target`.\n" + }, + "engineName": { + "type": "string", + "description": "The type of engine for the endpoint. Can be one of `aurora | aurora-postgresql| azuredb | db2 | docdb | dynamodb | elasticsearch | kafka | kinesis | mariadb | mongodb | mysql | oracle | postgres | redshift | s3 | sqlserver | sybase`.\n" + }, + "extraConnectionAttributes": { + "type": "string", + "description": "Additional attributes associated with the connection. For available attributes see [Using Extra Connection Attributes with AWS Database Migration Service](https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Source.PostgreSQL.html#CHAP_Source.PostgreSQL.ConnectionAttrib).\n" + }, + "kafkaSettings": { + "$ref": "#/types/aws:dms/EndpointKafkaSettings:EndpointKafkaSettings", + "description": "Configuration block with Kafka settings. Detailed below.\n" + }, + "kinesisSettings": { + "$ref": "#/types/aws:dms/EndpointKinesisSettings:EndpointKinesisSettings", + "description": "Configuration block with Kinesis settings. Detailed below.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for `kms_key_arn`, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.\n" + }, + "mongodbSettings": { + "$ref": "#/types/aws:dms/EndpointMongodbSettings:EndpointMongodbSettings", + "description": "Configuration block with MongoDB settings. Detailed below.\n" + }, + "password": { + "type": "string", + "description": "The password to be used to login to the endpoint database.\n" + }, + "port": { + "type": "integer", + "description": "The port used by the endpoint database.\n" + }, + "s3Settings": { + "$ref": "#/types/aws:dms/EndpointS3Settings:EndpointS3Settings", + "description": "Configuration block with S3 settings. Detailed below.\n" + }, + "serverName": { + "type": "string", + "description": "The host name of the server.\n" + }, + "serviceAccessRole": { + "type": "string", + "description": "The Amazon Resource Name (ARN) used by the service access IAM role for dynamodb endpoints.\n" + }, + "sslMode": { + "type": "string", + "description": "The SSL mode to use for the connection. Can be one of `none | require | verify-ca | verify-full`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "username": { + "type": "string", + "description": "The user name to be used to login to the endpoint database.\n" + } + }, + "type": "object" + } + }, + "aws:dms/eventSubscription:EventSubscription": { + "description": "Provides a DMS (Data Migration Service) event subscription resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.dms.EventSubscription(\"example\", {\n enabled: true,\n eventCategories: [\n \"creation\",\n \"failure\",\n ],\n snsTopicArn: aws_sns_topic.example.arn,\n sourceIds: [aws_dms_replication_task.example.replication_task_id],\n sourceType: \"replication-task\",\n tags: {\n Name: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.dms.EventSubscription(\"example\",\n enabled=True,\n event_categories=[\n \"creation\",\n \"failure\",\n ],\n sns_topic_arn=aws_sns_topic[\"example\"][\"arn\"],\n source_ids=[aws_dms_replication_task[\"example\"][\"replication_task_id\"]],\n source_type=\"replication-task\",\n tags={\n \"Name\": \"example\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Dms.EventSubscription(\"example\", new Aws.Dms.EventSubscriptionArgs\n {\n Enabled = true,\n EventCategories = \n {\n \"creation\",\n \"failure\",\n },\n SnsTopicArn = aws_sns_topic.Example.Arn,\n SourceIds = \n {\n aws_dms_replication_task.Example.Replication_task_id,\n },\n SourceType = \"replication-task\",\n Tags = \n {\n { \"Name\", \"example\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dms.NewEventSubscription(ctx, \"example\", &dms.EventSubscriptionArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEventCategories: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"creation\"),\n\t\t\t\tpulumi.String(\"failure\"),\n\t\t\t},\n\t\t\tSnsTopicArn: pulumi.Any(aws_sns_topic.Example.Arn),\n\t\t\tSourceIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_dms_replication_task.Example.Replication_task_id),\n\t\t\t},\n\t\t\tSourceType: pulumi.String(\"replication-task\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEvent subscriptions can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:dms/eventSubscription:EventSubscription test my-awesome-event-subscription\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DMS Event Subscription.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the event subscription should be enabled.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of event categories to listen for, see `DescribeEventCategories` for a canonical list.\n" + }, + "name": { + "type": "string", + "description": "Name of event subscription.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "SNS topic arn to send events on.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids of sources to listen to.\n" + }, + "sourceType": { + "type": "string", + "description": "Type of source for events. Valid values: `replication-instance` or `replication-task`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "eventCategories", + "name", + "snsTopicArn", + "tagsAll" + ], + "inputProperties": { + "enabled": { + "type": "boolean", + "description": "Whether the event subscription should be enabled.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of event categories to listen for, see `DescribeEventCategories` for a canonical list.\n" + }, + "name": { + "type": "string", + "description": "Name of event subscription.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "SNS topic arn to send events on.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids of sources to listen to.\n" + }, + "sourceType": { + "type": "string", + "description": "Type of source for events. Valid values: `replication-instance` or `replication-task`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "eventCategories", + "snsTopicArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventSubscription resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the DMS Event Subscription.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the event subscription should be enabled.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of event categories to listen for, see `DescribeEventCategories` for a canonical list.\n" + }, + "name": { + "type": "string", + "description": "Name of event subscription.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "SNS topic arn to send events on.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids of sources to listen to.\n" + }, + "sourceType": { + "type": "string", + "description": "Type of source for events. Valid values: `replication-instance` or `replication-task`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:dms/replicationInstance:ReplicationInstance": { + "description": "Provides a DMS (Data Migration Service) replication instance resource. DMS replication instances can be created, updated, deleted, and imported.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dmsAssumeRole = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n identifiers: [\"dms.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst dms_access_for_endpoint = new aws.iam.Role(\"dms-access-for-endpoint\", {assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole => dmsAssumeRole.json)});\nconst dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new aws.iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n role: dms_access_for_endpoint.name,\n});\nconst dms_cloudwatch_logs_role = new aws.iam.Role(\"dms-cloudwatch-logs-role\", {assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole => dmsAssumeRole.json)});\nconst dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new aws.iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n role: dms_cloudwatch_logs_role.name,\n});\nconst dms_vpc_role = new aws.iam.Role(\"dms-vpc-role\", {assumeRolePolicy: dmsAssumeRole.then(dmsAssumeRole => dmsAssumeRole.json)});\nconst dms_vpc_role_AmazonDMSVPCManagementRole = new aws.iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n role: dms_vpc_role.name,\n});\n// Create a new replication instance\nconst test = new aws.dms.ReplicationInstance(\"test\", {\n allocatedStorage: 20,\n applyImmediately: true,\n autoMinorVersionUpgrade: true,\n availabilityZone: \"us-west-2c\",\n engineVersion: \"3.1.4\",\n kmsKeyArn: \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n multiAz: false,\n preferredMaintenanceWindow: \"sun:10:30-sun:14:30\",\n publiclyAccessible: true,\n replicationInstanceClass: \"dms.t2.micro\",\n replicationInstanceId: \"test-dms-replication-instance-tf\",\n replicationSubnetGroupId: aws_dms_replication_subnet_group[\"test-dms-replication-subnet-group-tf\"].id,\n tags: {\n Name: \"test\",\n },\n vpcSecurityGroupIds: [\"sg-12345678\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndms_assume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"dms.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\ndms_access_for_endpoint = aws.iam.Role(\"dms-access-for-endpoint\", assume_role_policy=dms_assume_role.json)\ndms_access_for_endpoint__amazon_dms_redshift_s3_role = aws.iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n role=dms_access_for_endpoint.name)\ndms_cloudwatch_logs_role = aws.iam.Role(\"dms-cloudwatch-logs-role\", assume_role_policy=dms_assume_role.json)\ndms_cloudwatch_logs_role__amazon_dms_cloud_watch_logs_role = aws.iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n role=dms_cloudwatch_logs_role.name)\ndms_vpc_role = aws.iam.Role(\"dms-vpc-role\", assume_role_policy=dms_assume_role.json)\ndms_vpc_role__amazon_dmsvpc_management_role = aws.iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n role=dms_vpc_role.name)\n# Create a new replication instance\ntest = aws.dms.ReplicationInstance(\"test\",\n allocated_storage=20,\n apply_immediately=True,\n auto_minor_version_upgrade=True,\n availability_zone=\"us-west-2c\",\n engine_version=\"3.1.4\",\n kms_key_arn=\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n multi_az=False,\n preferred_maintenance_window=\"sun:10:30-sun:14:30\",\n publicly_accessible=True,\n replication_instance_class=\"dms.t2.micro\",\n replication_instance_id=\"test-dms-replication-instance-tf\",\n replication_subnet_group_id=aws_dms_replication_subnet_group[\"test-dms-replication-subnet-group-tf\"][\"id\"],\n tags={\n \"Name\": \"test\",\n },\n vpc_security_group_ids=[\"sg-12345678\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dmsAssumeRole = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sts:AssumeRole\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Identifiers = \n {\n \"dms.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n }));\n var dms_access_for_endpoint = new Aws.Iam.Role(\"dms-access-for-endpoint\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(dmsAssumeRole => dmsAssumeRole.Json),\n });\n var dms_access_for_endpoint_AmazonDMSRedshiftS3Role = new Aws.Iam.RolePolicyAttachment(\"dms-access-for-endpoint-AmazonDMSRedshiftS3Role\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\",\n Role = dms_access_for_endpoint.Name,\n });\n var dms_cloudwatch_logs_role = new Aws.Iam.Role(\"dms-cloudwatch-logs-role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(dmsAssumeRole => dmsAssumeRole.Json),\n });\n var dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole = new Aws.Iam.RolePolicyAttachment(\"dms-cloudwatch-logs-role-AmazonDMSCloudWatchLogsRole\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\",\n Role = dms_cloudwatch_logs_role.Name,\n });\n var dms_vpc_role = new Aws.Iam.Role(\"dms-vpc-role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = dmsAssumeRole.Apply(dmsAssumeRole => dmsAssumeRole.Json),\n });\n var dms_vpc_role_AmazonDMSVPCManagementRole = new Aws.Iam.RolePolicyAttachment(\"dms-vpc-role-AmazonDMSVPCManagementRole\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\",\n Role = dms_vpc_role.Name,\n });\n // Create a new replication instance\n var test = new Aws.Dms.ReplicationInstance(\"test\", new Aws.Dms.ReplicationInstanceArgs\n {\n AllocatedStorage = 20,\n ApplyImmediately = true,\n AutoMinorVersionUpgrade = true,\n AvailabilityZone = \"us-west-2c\",\n EngineVersion = \"3.1.4\",\n KmsKeyArn = \"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\",\n MultiAz = false,\n PreferredMaintenanceWindow = \"sun:10:30-sun:14:30\",\n PubliclyAccessible = true,\n ReplicationInstanceClass = \"dms.t2.micro\",\n ReplicationInstanceId = \"test-dms-replication-instance-tf\",\n ReplicationSubnetGroupId = aws_dms_replication_subnet_group.Test_dms_replication_subnet_group_tf.Id,\n Tags = \n {\n { \"Name\", \"test\" },\n },\n VpcSecurityGroupIds = \n {\n \"sg-12345678\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdmsAssumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"dms.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms_access_for_endpoint\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(dmsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms_access_for_endpoint_AmazonDMSRedshiftS3Role\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSRedshiftS3Role\"),\n\t\t\tRole: dms_access_for_endpoint.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms_cloudwatch_logs_role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(dmsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms_cloudwatch_logs_role_AmazonDMSCloudWatchLogsRole\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSCloudWatchLogsRole\"),\n\t\t\tRole: dms_cloudwatch_logs_role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"dms_vpc_role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(dmsAssumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"dms_vpc_role_AmazonDMSVPCManagementRole\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole\"),\n\t\t\tRole: dms_vpc_role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dms.NewReplicationInstance(ctx, \"test\", &dms.ReplicationInstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(20),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tAutoMinorVersionUpgrade: pulumi.Bool(true),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2c\"),\n\t\t\tEngineVersion: pulumi.String(\"3.1.4\"),\n\t\t\tKmsKeyArn: pulumi.String(\"arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012\"),\n\t\t\tMultiAz: pulumi.Bool(false),\n\t\t\tPreferredMaintenanceWindow: pulumi.String(\"sun:10:30-sun:14:30\"),\n\t\t\tPubliclyAccessible: pulumi.Bool(true),\n\t\t\tReplicationInstanceClass: pulumi.String(\"dms.t2.micro\"),\n\t\t\tReplicationInstanceId: pulumi.String(\"test-dms-replication-instance-tf\"),\n\t\t\tReplicationSubnetGroupId: pulumi.Any(aws_dms_replication_subnet_group.Test - dms - replication - subnet - group - tf.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"sg-12345678\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nReplication instances can be imported using the `replication_instance_id`, e.g.\n\n```sh\n $ pulumi import aws:dms/replicationInstance:ReplicationInstance test test-dms-replication-instance-tf\n```\n\n ", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "The amount of storage (in gigabytes) to be initially allocated for the replication instance.\n" + }, + "allowMajorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that major version upgrades are allowed.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Indicates whether the changes should be applied immediately or during the next maintenance window. Only used when updating an existing resource.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the replication instance during the maintenance window.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the replication instance will be created in.\n" + }, + "engineVersion": { + "type": "string", + "description": "The engine version number of the replication instance.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for `kms_key_arn`, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.\n" + }, + "multiAz": { + "type": "boolean", + "description": "Specifies if the replication instance is a multi-az deployment. You cannot set the `availability_zone` parameter if the `multi_az` parameter is set to `true`.\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Specifies the accessibility options for the replication instance. A value of true represents an instance with a public IP address. A value of false represents an instance with a private IP address.\n" + }, + "replicationInstanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the replication instance.\n" + }, + "replicationInstanceClass": { + "type": "string", + "description": "The compute and memory capacity of the replication instance as specified by the replication instance class. Can be one of `dms.t2.micro | dms.t2.small | dms.t2.medium | dms.t2.large | dms.c4.large | dms.c4.xlarge | dms.c4.2xlarge | dms.c4.4xlarge`\n" + }, + "replicationInstanceId": { + "type": "string", + "description": "The replication instance identifier. This parameter is stored as a lowercase string.\n" + }, + "replicationInstancePrivateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the private IP addresses of the replication instance.\n" + }, + "replicationInstancePublicIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the public IP addresses of the replication instance.\n" + }, + "replicationSubnetGroupId": { + "type": "string", + "description": "A subnet group to associate with the replication instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC security group IDs to be used with the replication instance. The VPC security groups must work with the VPC containing the replication instance.\n" + } + }, + "required": [ + "allocatedStorage", + "autoMinorVersionUpgrade", + "availabilityZone", + "engineVersion", + "kmsKeyArn", + "multiAz", + "preferredMaintenanceWindow", + "publiclyAccessible", + "replicationInstanceArn", + "replicationInstanceClass", + "replicationInstanceId", + "replicationInstancePrivateIps", + "replicationInstancePublicIps", + "replicationSubnetGroupId", + "tagsAll", + "vpcSecurityGroupIds" + ], + "inputProperties": { + "allocatedStorage": { + "type": "integer", + "description": "The amount of storage (in gigabytes) to be initially allocated for the replication instance.\n" + }, + "allowMajorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that major version upgrades are allowed.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Indicates whether the changes should be applied immediately or during the next maintenance window. Only used when updating an existing resource.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the replication instance during the maintenance window.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the replication instance will be created in.\n" + }, + "engineVersion": { + "type": "string", + "description": "The engine version number of the replication instance.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for `kms_key_arn`, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.\n" + }, + "multiAz": { + "type": "boolean", + "description": "Specifies if the replication instance is a multi-az deployment. You cannot set the `availability_zone` parameter if the `multi_az` parameter is set to `true`.\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Specifies the accessibility options for the replication instance. A value of true represents an instance with a public IP address. A value of false represents an instance with a private IP address.\n" + }, + "replicationInstanceClass": { + "type": "string", + "description": "The compute and memory capacity of the replication instance as specified by the replication instance class. Can be one of `dms.t2.micro | dms.t2.small | dms.t2.medium | dms.t2.large | dms.c4.large | dms.c4.xlarge | dms.c4.2xlarge | dms.c4.4xlarge`\n" + }, + "replicationInstanceId": { + "type": "string", + "description": "The replication instance identifier. This parameter is stored as a lowercase string.\n" + }, + "replicationSubnetGroupId": { + "type": "string", + "description": "A subnet group to associate with the replication instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC security group IDs to be used with the replication instance. The VPC security groups must work with the VPC containing the replication instance.\n" + } + }, + "requiredInputs": [ + "replicationInstanceClass", + "replicationInstanceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ReplicationInstance resources.\n", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "The amount of storage (in gigabytes) to be initially allocated for the replication instance.\n" + }, + "allowMajorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that major version upgrades are allowed.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Indicates whether the changes should be applied immediately or during the next maintenance window. Only used when updating an existing resource.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the replication instance during the maintenance window.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the replication instance will be created in.\n" + }, + "engineVersion": { + "type": "string", + "description": "The engine version number of the replication instance.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the KMS key that will be used to encrypt the connection parameters. If you do not specify a value for `kms_key_arn`, then AWS DMS will use your default encryption key. AWS KMS creates the default encryption key for your AWS account. Your AWS account has a different default encryption key for each AWS region.\n" + }, + "multiAz": { + "type": "boolean", + "description": "Specifies if the replication instance is a multi-az deployment. You cannot set the `availability_zone` parameter if the `multi_az` parameter is set to `true`.\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Specifies the accessibility options for the replication instance. A value of true represents an instance with a public IP address. A value of false represents an instance with a private IP address.\n" + }, + "replicationInstanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the replication instance.\n" + }, + "replicationInstanceClass": { + "type": "string", + "description": "The compute and memory capacity of the replication instance as specified by the replication instance class. Can be one of `dms.t2.micro | dms.t2.small | dms.t2.medium | dms.t2.large | dms.c4.large | dms.c4.xlarge | dms.c4.2xlarge | dms.c4.4xlarge`\n" + }, + "replicationInstanceId": { + "type": "string", + "description": "The replication instance identifier. This parameter is stored as a lowercase string.\n" + }, + "replicationInstancePrivateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the private IP addresses of the replication instance.\n" + }, + "replicationInstancePublicIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the public IP addresses of the replication instance.\n" + }, + "replicationSubnetGroupId": { + "type": "string", + "description": "A subnet group to associate with the replication instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC security group IDs to be used with the replication instance. The VPC security groups must work with the VPC containing the replication instance.\n" + } + }, + "type": "object" + } + }, + "aws:dms/replicationSubnetGroup:ReplicationSubnetGroup": { + "description": "Provides a DMS (Data Migration Service) replication subnet group resource. DMS replication subnet groups can be created, updated, deleted, and imported.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new replication subnet group\nconst test = new aws.dms.ReplicationSubnetGroup(\"test\", {\n replicationSubnetGroupDescription: \"Test replication subnet group\",\n replicationSubnetGroupId: \"test-dms-replication-subnet-group-tf\",\n subnetIds: [\"subnet-12345678\"],\n tags: {\n Name: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new replication subnet group\ntest = aws.dms.ReplicationSubnetGroup(\"test\",\n replication_subnet_group_description=\"Test replication subnet group\",\n replication_subnet_group_id=\"test-dms-replication-subnet-group-tf\",\n subnet_ids=[\"subnet-12345678\"],\n tags={\n \"Name\": \"test\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new replication subnet group\n var test = new Aws.Dms.ReplicationSubnetGroup(\"test\", new Aws.Dms.ReplicationSubnetGroupArgs\n {\n ReplicationSubnetGroupDescription = \"Test replication subnet group\",\n ReplicationSubnetGroupId = \"test-dms-replication-subnet-group-tf\",\n SubnetIds = \n {\n \"subnet-12345678\",\n },\n Tags = \n {\n { \"Name\", \"test\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dms.NewReplicationSubnetGroup(ctx, \"test\", &dms.ReplicationSubnetGroupArgs{\n\t\t\tReplicationSubnetGroupDescription: pulumi.String(\"Test replication subnet group\"),\n\t\t\tReplicationSubnetGroupId: pulumi.String(\"test-dms-replication-subnet-group-tf\"),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"subnet-12345678\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nReplication subnet groups can be imported using the `replication_subnet_group_id`, e.g.\n\n```sh\n $ pulumi import aws:dms/replicationSubnetGroup:ReplicationSubnetGroup test test-dms-replication-subnet-group-tf\n```\n\n ", + "properties": { + "replicationSubnetGroupArn": { + "type": "string" + }, + "replicationSubnetGroupDescription": { + "type": "string", + "description": "The description for the subnet group.\n" + }, + "replicationSubnetGroupId": { + "type": "string", + "description": "The name for the replication subnet group. This value is stored as a lowercase string.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the EC2 subnet IDs for the subnet group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC the subnet group is in.\n" + } + }, + "required": [ + "replicationSubnetGroupArn", + "replicationSubnetGroupDescription", + "replicationSubnetGroupId", + "subnetIds", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "replicationSubnetGroupDescription": { + "type": "string", + "description": "The description for the subnet group.\n" + }, + "replicationSubnetGroupId": { + "type": "string", + "description": "The name for the replication subnet group. This value is stored as a lowercase string.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the EC2 subnet IDs for the subnet group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "replicationSubnetGroupDescription", + "replicationSubnetGroupId", + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ReplicationSubnetGroup resources.\n", + "properties": { + "replicationSubnetGroupArn": { + "type": "string" + }, + "replicationSubnetGroupDescription": { + "type": "string", + "description": "The description for the subnet group.\n" + }, + "replicationSubnetGroupId": { + "type": "string", + "description": "The name for the replication subnet group. This value is stored as a lowercase string.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the EC2 subnet IDs for the subnet group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC the subnet group is in.\n" + } + }, + "type": "object" + } + }, + "aws:dms/replicationTask:ReplicationTask": { + "description": "Provides a DMS (Data Migration Service) replication task resource. DMS replication tasks can be created, updated, deleted, and imported.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new replication task\nconst test = new aws.dms.ReplicationTask(\"test\", {\n cdcStartTime: 1484346880,\n migrationType: \"full-load\",\n replicationInstanceArn: aws_dms_replication_instance[\"test-dms-replication-instance-tf\"].replication_instance_arn,\n replicationTaskId: \"test-dms-replication-task-tf\",\n replicationTaskSettings: \"...\",\n sourceEndpointArn: aws_dms_endpoint[\"test-dms-source-endpoint-tf\"].endpoint_arn,\n tableMappings: `{\"rules\":[{\"rule-type\":\"selection\",\"rule-id\":\"1\",\"rule-name\":\"1\",\"object-locator\":{\"schema-name\":\"%\",\"table-name\":\"%\"},\"rule-action\":\"include\"}]}`,\n tags: {\n Name: \"test\",\n },\n targetEndpointArn: aws_dms_endpoint[\"test-dms-target-endpoint-tf\"].endpoint_arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new replication task\ntest = aws.dms.ReplicationTask(\"test\",\n cdc_start_time=\"1484346880\",\n migration_type=\"full-load\",\n replication_instance_arn=aws_dms_replication_instance[\"test-dms-replication-instance-tf\"][\"replication_instance_arn\"],\n replication_task_id=\"test-dms-replication-task-tf\",\n replication_task_settings=\"...\",\n source_endpoint_arn=aws_dms_endpoint[\"test-dms-source-endpoint-tf\"][\"endpoint_arn\"],\n table_mappings=\"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\",\n tags={\n \"Name\": \"test\",\n },\n target_endpoint_arn=aws_dms_endpoint[\"test-dms-target-endpoint-tf\"][\"endpoint_arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new replication task\n var test = new Aws.Dms.ReplicationTask(\"test\", new Aws.Dms.ReplicationTaskArgs\n {\n CdcStartTime = \"1484346880\",\n MigrationType = \"full-load\",\n ReplicationInstanceArn = aws_dms_replication_instance.Test_dms_replication_instance_tf.Replication_instance_arn,\n ReplicationTaskId = \"test-dms-replication-task-tf\",\n ReplicationTaskSettings = \"...\",\n SourceEndpointArn = aws_dms_endpoint.Test_dms_source_endpoint_tf.Endpoint_arn,\n TableMappings = \"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"%\\\",\\\"table-name\\\":\\\"%\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\",\n Tags = \n {\n { \"Name\", \"test\" },\n },\n TargetEndpointArn = aws_dms_endpoint.Test_dms_target_endpoint_tf.Endpoint_arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dms.NewReplicationTask(ctx, \"test\", &dms.ReplicationTaskArgs{\n\t\t\tCdcStartTime: pulumi.String(\"1484346880\"),\n\t\t\tMigrationType: pulumi.String(\"full-load\"),\n\t\t\tReplicationInstanceArn: pulumi.Any(aws_dms_replication_instance.Test - dms - replication - instance - tf.Replication_instance_arn),\n\t\t\tReplicationTaskId: pulumi.String(\"test-dms-replication-task-tf\"),\n\t\t\tReplicationTaskSettings: pulumi.String(\"...\"),\n\t\t\tSourceEndpointArn: pulumi.Any(aws_dms_endpoint.Test - dms - source - endpoint - tf.Endpoint_arn),\n\t\t\tTableMappings: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v\", \"{\\\"rules\\\":[{\\\"rule-type\\\":\\\"selection\\\",\\\"rule-id\\\":\\\"1\\\",\\\"rule-name\\\":\\\"1\\\",\\\"object-locator\\\":{\\\"schema-name\\\":\\\"\", \"%\", \"\\\",\\\"table-name\\\":\\\"\", \"%\", \"\\\"},\\\"rule-action\\\":\\\"include\\\"}]}\")),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t\tTargetEndpointArn: pulumi.Any(aws_dms_endpoint.Test - dms - target - endpoint - tf.Endpoint_arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nReplication tasks can be imported using the `replication_task_id`, e.g.\n\n```sh\n $ pulumi import aws:dms/replicationTask:ReplicationTask test test-dms-replication-task-tf\n```\n\n ", + "properties": { + "cdcStartTime": { + "type": "string", + "description": "The Unix timestamp integer for the start of the Change Data Capture (CDC) operation.\n" + }, + "migrationType": { + "type": "string", + "description": "The migration type. Can be one of `full-load | cdc | full-load-and-cdc`.\n" + }, + "replicationInstanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the replication instance.\n" + }, + "replicationTaskArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the replication task.\n" + }, + "replicationTaskId": { + "type": "string", + "description": "The replication task identifier.\n" + }, + "replicationTaskSettings": { + "type": "string", + "description": "An escaped JSON string that contains the task settings. For a complete list of task settings, see [Task Settings for AWS Database Migration Service Tasks](http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.CustomizingTasks.TaskSettings.html).\n" + }, + "sourceEndpointArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) string that uniquely identifies the source endpoint.\n" + }, + "tableMappings": { + "type": "string", + "description": "An escaped JSON string that contains the table mappings. For information on table mapping see [Using Table Mapping with an AWS Database Migration Service Task to Select and Filter Data](http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.CustomizingTasks.TableMapping.html)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetEndpointArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) string that uniquely identifies the target endpoint.\n" + } + }, + "required": [ + "migrationType", + "replicationInstanceArn", + "replicationTaskArn", + "replicationTaskId", + "sourceEndpointArn", + "tableMappings", + "tagsAll", + "targetEndpointArn" + ], + "inputProperties": { + "cdcStartTime": { + "type": "string", + "description": "The Unix timestamp integer for the start of the Change Data Capture (CDC) operation.\n" + }, + "migrationType": { + "type": "string", + "description": "The migration type. Can be one of `full-load | cdc | full-load-and-cdc`.\n" + }, + "replicationInstanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the replication instance.\n" + }, + "replicationTaskId": { + "type": "string", + "description": "The replication task identifier.\n" + }, + "replicationTaskSettings": { + "type": "string", + "description": "An escaped JSON string that contains the task settings. For a complete list of task settings, see [Task Settings for AWS Database Migration Service Tasks](http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.CustomizingTasks.TaskSettings.html).\n" + }, + "sourceEndpointArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) string that uniquely identifies the source endpoint.\n" + }, + "tableMappings": { + "type": "string", + "description": "An escaped JSON string that contains the table mappings. For information on table mapping see [Using Table Mapping with an AWS Database Migration Service Task to Select and Filter Data](http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.CustomizingTasks.TableMapping.html)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetEndpointArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) string that uniquely identifies the target endpoint.\n" + } + }, + "requiredInputs": [ + "migrationType", + "replicationInstanceArn", + "replicationTaskId", + "sourceEndpointArn", + "tableMappings", + "targetEndpointArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ReplicationTask resources.\n", + "properties": { + "cdcStartTime": { + "type": "string", + "description": "The Unix timestamp integer for the start of the Change Data Capture (CDC) operation.\n" + }, + "migrationType": { + "type": "string", + "description": "The migration type. Can be one of `full-load | cdc | full-load-and-cdc`.\n" + }, + "replicationInstanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the replication instance.\n" + }, + "replicationTaskArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the replication task.\n" + }, + "replicationTaskId": { + "type": "string", + "description": "The replication task identifier.\n" + }, + "replicationTaskSettings": { + "type": "string", + "description": "An escaped JSON string that contains the task settings. For a complete list of task settings, see [Task Settings for AWS Database Migration Service Tasks](http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.CustomizingTasks.TaskSettings.html).\n" + }, + "sourceEndpointArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) string that uniquely identifies the source endpoint.\n" + }, + "tableMappings": { + "type": "string", + "description": "An escaped JSON string that contains the table mappings. For information on table mapping see [Using Table Mapping with an AWS Database Migration Service Task to Select and Filter Data](http://docs.aws.amazon.com/dms/latest/userguide/CHAP_Tasks.CustomizingTasks.TableMapping.html)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetEndpointArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) string that uniquely identifies the target endpoint.\n" + } + }, + "type": "object" + } + }, + "aws:docdb/cluster:Cluster": { + "description": "Manages a DocDB Cluster.\n\nChanges to a DocDB Cluster can occur when you manually change a\nparameter, such as `port`, and are reflected in the next maintenance\nwindow. Because of this, this provider may report a difference in its planning\nphase because a modification has not yet taken place. You can use the\n`apply_immediately` flag to instruct the service to apply the change immediately\n(see documentation below).\n\n> **Note:** using `apply_immediately` can result in a brief downtime as the server reboots.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst docdb = new aws.docdb.Cluster(\"docdb\", {\n backupRetentionPeriod: 5,\n clusterIdentifier: \"my-docdb-cluster\",\n engine: \"docdb\",\n masterPassword: \"mustbeeightchars\",\n masterUsername: \"foo\",\n preferredBackupWindow: \"07:00-09:00\",\n skipFinalSnapshot: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndocdb = aws.docdb.Cluster(\"docdb\",\n backup_retention_period=5,\n cluster_identifier=\"my-docdb-cluster\",\n engine=\"docdb\",\n master_password=\"mustbeeightchars\",\n master_username=\"foo\",\n preferred_backup_window=\"07:00-09:00\",\n skip_final_snapshot=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var docdb = new Aws.DocDB.Cluster(\"docdb\", new Aws.DocDB.ClusterArgs\n {\n BackupRetentionPeriod = 5,\n ClusterIdentifier = \"my-docdb-cluster\",\n Engine = \"docdb\",\n MasterPassword = \"mustbeeightchars\",\n MasterUsername = \"foo\",\n PreferredBackupWindow = \"07:00-09:00\",\n SkipFinalSnapshot = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := docdb.NewCluster(ctx, \"docdb\", &docdb.ClusterArgs{\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tClusterIdentifier: pulumi.String(\"my-docdb-cluster\"),\n\t\t\tEngine: pulumi.String(\"docdb\"),\n\t\t\tMasterPassword: pulumi.String(\"mustbeeightchars\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDocDB Clusters can be imported using the `cluster_identifier`, e.g.\n\n```sh\n $ pulumi import aws:docdb/cluster:Cluster docdb_cluster docdb-prod-cluster\n```\n\n ", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any cluster modifications\nare applied immediately, or during the next maintenance window. Default is\n`false`.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 Availability Zones that\ninstances in the DB cluster can be created in.\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Default `1`\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "clusterIdentifierPrefix": { + "type": "string", + "description": "Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifer`.\n" + }, + "clusterMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DocDB Instances that are a part of this cluster\n" + }, + "clusterResourceId": { + "type": "string", + "description": "The DocDB Cluster Resource ID\n" + }, + "dbClusterParameterGroupName": { + "type": "string", + "description": "A cluster parameter group to associate with the cluster.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "A DB subnet group to associate with this DB instance.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled.\n" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of log types to export to cloudwatch. If omitted, no logs will be exported.\nThe following log types are supported: `audit`, `profiler`.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address of the DocDB instance\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for this DB cluster. Defaults to `docdb`. Valid Values: `docdb`\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version. Updating this argument results in an outage.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final DB snapshot\nwhen this DB cluster is deleted. If omitted, no final snapshot will be\nmade.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The Route53 Hosted Zone ID of the endpoint\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to true.\n" + }, + "masterPassword": { + "type": "string", + "description": "Password for the master DB user. Note that this may\nshow up in logs, and it will be stored in the state file. Please refer to the DocDB Naming Constraints.\n" + }, + "masterUsername": { + "type": "string", + "description": "Username for the master DB user.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC\nDefault: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30\n" + }, + "readerEndpoint": { + "type": "string", + "description": "A read-only endpoint for the DocDB cluster, automatically load-balanced across replicas\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from `final_snapshot_identifier`. Default is `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted. The default is `false`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the DB cluster. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to associate\nwith the Cluster\n" + } + }, + "required": [ + "applyImmediately", + "arn", + "availabilityZones", + "clusterIdentifier", + "clusterIdentifierPrefix", + "clusterMembers", + "clusterResourceId", + "dbClusterParameterGroupName", + "dbSubnetGroupName", + "endpoint", + "engineVersion", + "hostedZoneId", + "kmsKeyId", + "masterUsername", + "preferredBackupWindow", + "preferredMaintenanceWindow", + "readerEndpoint", + "tagsAll", + "vpcSecurityGroupIds" + ], + "inputProperties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any cluster modifications\nare applied immediately, or during the next maintenance window. Default is\n`false`.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 Availability Zones that\ninstances in the DB cluster can be created in.\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Default `1`\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "clusterIdentifierPrefix": { + "type": "string", + "description": "Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifer`.\n" + }, + "clusterMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DocDB Instances that are a part of this cluster\n" + }, + "dbClusterParameterGroupName": { + "type": "string", + "description": "A cluster parameter group to associate with the cluster.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "A DB subnet group to associate with this DB instance.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled.\n" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of log types to export to cloudwatch. If omitted, no logs will be exported.\nThe following log types are supported: `audit`, `profiler`.\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for this DB cluster. Defaults to `docdb`. Valid Values: `docdb`\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version. Updating this argument results in an outage.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final DB snapshot\nwhen this DB cluster is deleted. If omitted, no final snapshot will be\nmade.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to true.\n" + }, + "masterPassword": { + "type": "string", + "description": "Password for the master DB user. Note that this may\nshow up in logs, and it will be stored in the state file. Please refer to the DocDB Naming Constraints.\n" + }, + "masterUsername": { + "type": "string", + "description": "Username for the master DB user.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC\nDefault: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from `final_snapshot_identifier`. Default is `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted. The default is `false`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the DB cluster. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to associate\nwith the Cluster\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any cluster modifications\nare applied immediately, or during the next maintenance window. Default is\n`false`.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 Availability Zones that\ninstances in the DB cluster can be created in.\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Default `1`\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "clusterIdentifierPrefix": { + "type": "string", + "description": "Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifer`.\n" + }, + "clusterMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DocDB Instances that are a part of this cluster\n" + }, + "clusterResourceId": { + "type": "string", + "description": "The DocDB Cluster Resource ID\n" + }, + "dbClusterParameterGroupName": { + "type": "string", + "description": "A cluster parameter group to associate with the cluster.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "A DB subnet group to associate with this DB instance.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled.\n" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of log types to export to cloudwatch. If omitted, no logs will be exported.\nThe following log types are supported: `audit`, `profiler`.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address of the DocDB instance\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for this DB cluster. Defaults to `docdb`. Valid Values: `docdb`\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version. Updating this argument results in an outage.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final DB snapshot\nwhen this DB cluster is deleted. If omitted, no final snapshot will be\nmade.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The Route53 Hosted Zone ID of the endpoint\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to true.\n" + }, + "masterPassword": { + "type": "string", + "description": "Password for the master DB user. Note that this may\nshow up in logs, and it will be stored in the state file. Please refer to the DocDB Naming Constraints.\n" + }, + "masterUsername": { + "type": "string", + "description": "Username for the master DB user.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC\nDefault: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30\n" + }, + "readerEndpoint": { + "type": "string", + "description": "A read-only endpoint for the DocDB cluster, automatically load-balanced across replicas\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from `final_snapshot_identifier`. Default is `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted. The default is `false`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the DB cluster. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to associate\nwith the Cluster\n" + } + }, + "type": "object" + } + }, + "aws:docdb/clusterInstance:ClusterInstance": { + "description": "Provides an DocDB Cluster Resource Instance. A Cluster Instance Resource defines\nattributes that are specific to a single instance in a [DocDB Cluster](https://www.terraform.io/docs/providers/aws/r/docdb_cluster.html).\n\nYou do not designate a primary and subsequent replicas. Instead, you simply add DocDB\nInstances and DocDB manages the replication. You can use the [count](https://www.terraform.io/docs/configuration/meta-arguments/count.html)\nmeta-parameter to make multiple instances and join them all to the same DocDB\nCluster, or you may specify different Cluster Instance resources with various\n`instance_class` sizes.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.docdb.Cluster(\"default\", {\n clusterIdentifier: \"docdb-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n masterUsername: \"foo\",\n masterPassword: \"barbut8chars\",\n});\nconst clusterInstances: aws.docdb.ClusterInstance[];\nfor (const range = {value: 0}; range.value < 2; range.value++) {\n clusterInstances.push(new aws.docdb.ClusterInstance(`clusterInstances-${range.value}`, {\n identifier: `docdb-cluster-demo-${range.value}`,\n clusterIdentifier: _default.id,\n instanceClass: \"db.r5.large\",\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.docdb.Cluster(\"default\",\n cluster_identifier=\"docdb-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n master_username=\"foo\",\n master_password=\"barbut8chars\")\ncluster_instances = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n cluster_instances.append(aws.docdb.ClusterInstance(f\"clusterInstances-{range['value']}\",\n identifier=f\"docdb-cluster-demo-{range['value']}\",\n cluster_identifier=default.id,\n instance_class=\"db.r5.large\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.DocDB.Cluster(\"default\", new Aws.DocDB.ClusterArgs\n {\n ClusterIdentifier = \"docdb-cluster-demo\",\n AvailabilityZones = \n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n MasterUsername = \"foo\",\n MasterPassword = \"barbut8chars\",\n });\n var clusterInstances = new List();\n for (var rangeIndex = 0; rangeIndex < 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n clusterInstances.Add(new Aws.DocDB.ClusterInstance($\"clusterInstances-{range.Value}\", new Aws.DocDB.ClusterInstanceArgs\n {\n Identifier = $\"docdb-cluster-demo-{range.Value}\",\n ClusterIdentifier = @default.Id,\n InstanceClass = \"db.r5.large\",\n }));\n }\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := docdb.NewCluster(ctx, \"_default\", &docdb.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"docdb-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"barbut8chars\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar clusterInstances []*docdb.ClusterInstance\n\t\tfor key0, val0 := range 2 {\n\t\t\t__res, err := docdb.NewClusterInstance(ctx, fmt.Sprintf(\"clusterInstances-%v\", key0), &docdb.ClusterInstanceArgs{\n\t\t\t\tIdentifier: pulumi.String(fmt.Sprintf(\"%v%v\", \"docdb-cluster-demo-\", val0)),\n\t\t\t\tClusterIdentifier: _default.ID(),\n\t\t\t\tInstanceClass: pulumi.String(\"db.r5.large\"),\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tclusterInstances = append(clusterInstances, __res)\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDocDB Cluster Instances can be imported using the `identifier`, e.g.\n\n```sh\n $ pulumi import aws:docdb/clusterInstance:ClusterInstance prod_instance_1 aurora-cluster-instance-1\n```\n\n ", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is`false`.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster instance\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the DB instance is created in. See [docs](https://docs.aws.amazon.com/documentdb/latest/developerguide/API_CreateDBInstance.html) about the details.\n" + }, + "caCertIdentifier": { + "type": "string", + "description": "(Optional) The identifier of the CA certificate for the DB instance.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The identifier of the `aws.docdb.Cluster` in which to launch this instance.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "The DB subnet group to associate with this DB instance.\n" + }, + "dbiResourceId": { + "type": "string", + "description": "The region-unique, immutable identifier for the DB instance.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address for this instance. May not be writable\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for the DocDB instance. Defaults to `docdb`. Valid Values: `docdb`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version\n" + }, + "identifier": { + "type": "string", + "description": "The identifier for the DocDB instance, if omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "description": "The instance class to use. For details on CPU and memory, see [Scaling for DocDB Instances](https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-manage-performance.html#db-cluster-manage-scaling-instance). DocDB currently\nsupports the below instance classes. Please see [AWS Documentation](https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-classes.html#db-instance-class-specs) for complete details.\n- db.r5.large\n- db.r5.xlarge\n- db.r5.2xlarge\n- db.r5.4xlarge\n- db.r5.12xlarge\n- db.r5.24xlarge\n- db.r4.large\n- db.r4.xlarge\n- db.r4.2xlarge\n- db.r4.4xlarge\n- db.r4.8xlarge\n- db.r4.16xlarge\n- db.t3.medium\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key if one is set to the cluster.\n" + }, + "port": { + "type": "integer", + "description": "The database port\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled.\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\".\n" + }, + "promotionTier": { + "type": "integer", + "description": "Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer.\n" + }, + "publiclyAccessible": { + "type": "boolean" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the instance. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "writer": { + "type": "boolean", + "description": "Boolean indicating if this instance is writable. `False` indicates this instance is a read replica.\n" + } + }, + "required": [ + "applyImmediately", + "arn", + "availabilityZone", + "caCertIdentifier", + "clusterIdentifier", + "dbSubnetGroupName", + "dbiResourceId", + "endpoint", + "engineVersion", + "identifier", + "identifierPrefix", + "instanceClass", + "kmsKeyId", + "port", + "preferredBackupWindow", + "preferredMaintenanceWindow", + "publiclyAccessible", + "storageEncrypted", + "tagsAll", + "writer" + ], + "inputProperties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is`false`.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the DB instance is created in. See [docs](https://docs.aws.amazon.com/documentdb/latest/developerguide/API_CreateDBInstance.html) about the details.\n" + }, + "caCertIdentifier": { + "type": "string", + "description": "(Optional) The identifier of the CA certificate for the DB instance.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The identifier of the `aws.docdb.Cluster` in which to launch this instance.\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for the DocDB instance. Defaults to `docdb`. Valid Values: `docdb`.\n" + }, + "identifier": { + "type": "string", + "description": "The identifier for the DocDB instance, if omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "description": "The instance class to use. For details on CPU and memory, see [Scaling for DocDB Instances](https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-manage-performance.html#db-cluster-manage-scaling-instance). DocDB currently\nsupports the below instance classes. Please see [AWS Documentation](https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-classes.html#db-instance-class-specs) for complete details.\n- db.r5.large\n- db.r5.xlarge\n- db.r5.2xlarge\n- db.r5.4xlarge\n- db.r5.12xlarge\n- db.r5.24xlarge\n- db.r4.large\n- db.r4.xlarge\n- db.r4.2xlarge\n- db.r4.4xlarge\n- db.r4.8xlarge\n- db.r4.16xlarge\n- db.t3.medium\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\".\n" + }, + "promotionTier": { + "type": "integer", + "description": "Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the instance. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "clusterIdentifier", + "instanceClass" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterInstance resources.\n", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is`false`.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster instance\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the DB instance is created in. See [docs](https://docs.aws.amazon.com/documentdb/latest/developerguide/API_CreateDBInstance.html) about the details.\n" + }, + "caCertIdentifier": { + "type": "string", + "description": "(Optional) The identifier of the CA certificate for the DB instance.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The identifier of the `aws.docdb.Cluster` in which to launch this instance.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "The DB subnet group to associate with this DB instance.\n" + }, + "dbiResourceId": { + "type": "string", + "description": "The region-unique, immutable identifier for the DB instance.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address for this instance. May not be writable\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for the DocDB instance. Defaults to `docdb`. Valid Values: `docdb`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version\n" + }, + "identifier": { + "type": "string", + "description": "The identifier for the DocDB instance, if omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "description": "The instance class to use. For details on CPU and memory, see [Scaling for DocDB Instances](https://docs.aws.amazon.com/documentdb/latest/developerguide/db-cluster-manage-performance.html#db-cluster-manage-scaling-instance). DocDB currently\nsupports the below instance classes. Please see [AWS Documentation](https://docs.aws.amazon.com/documentdb/latest/developerguide/db-instance-classes.html#db-instance-class-specs) for complete details.\n- db.r5.large\n- db.r5.xlarge\n- db.r5.2xlarge\n- db.r5.4xlarge\n- db.r5.12xlarge\n- db.r5.24xlarge\n- db.r4.large\n- db.r4.xlarge\n- db.r4.2xlarge\n- db.r4.4xlarge\n- db.r4.8xlarge\n- db.r4.16xlarge\n- db.t3.medium\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key if one is set to the cluster.\n" + }, + "port": { + "type": "integer", + "description": "The database port\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled.\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\".\n" + }, + "promotionTier": { + "type": "integer", + "description": "Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer.\n" + }, + "publiclyAccessible": { + "type": "boolean" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the instance. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "writer": { + "type": "boolean", + "description": "Boolean indicating if this instance is writable. `False` indicates this instance is a read replica.\n" + } + }, + "type": "object" + } + }, + "aws:docdb/clusterParameterGroup:ClusterParameterGroup": { + "description": "Manages a DocumentDB Cluster Parameter Group\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.docdb.ClusterParameterGroup(\"example\", {\n description: \"docdb cluster parameter group\",\n family: \"docdb3.6\",\n parameters: [{\n name: \"tls\",\n value: \"enabled\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.docdb.ClusterParameterGroup(\"example\",\n description=\"docdb cluster parameter group\",\n family=\"docdb3.6\",\n parameters=[aws.docdb.ClusterParameterGroupParameterArgs(\n name=\"tls\",\n value=\"enabled\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DocDB.ClusterParameterGroup(\"example\", new Aws.DocDB.ClusterParameterGroupArgs\n {\n Description = \"docdb cluster parameter group\",\n Family = \"docdb3.6\",\n Parameters = \n {\n new Aws.DocDB.Inputs.ClusterParameterGroupParameterArgs\n {\n Name = \"tls\",\n Value = \"enabled\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := docdb.NewClusterParameterGroup(ctx, \"example\", &docdb.ClusterParameterGroupArgs{\n\t\t\tDescription: pulumi.String(\"docdb cluster parameter group\"),\n\t\t\tFamily: pulumi.String(\"docdb3.6\"),\n\t\t\tParameters: docdb.ClusterParameterGroupParameterArray{\n\t\t\t\t&docdb.ClusterParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"tls\"),\n\t\t\t\t\tValue: pulumi.String(\"enabled\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDocumentDB Cluster Parameter Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:docdb/clusterParameterGroup:ClusterParameterGroup cluster_pg production-pg-1\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the documentDB cluster parameter group.\n" + }, + "description": { + "type": "string", + "description": "The description of the documentDB cluster parameter group. Defaults to \"Managed by Pulumi\".\n" + }, + "family": { + "type": "string", + "description": "The family of the documentDB cluster parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the documentDB parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:docdb/ClusterParameterGroupParameter:ClusterParameterGroupParameter" + }, + "description": "A list of documentDB parameters to apply. Setting parameters to system default values may show a difference on imported resources.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "family", + "name", + "namePrefix", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the documentDB cluster parameter group. Defaults to \"Managed by Pulumi\".\n" + }, + "family": { + "type": "string", + "description": "The family of the documentDB cluster parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the documentDB parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:docdb/ClusterParameterGroupParameter:ClusterParameterGroupParameter" + }, + "description": "A list of documentDB parameters to apply. Setting parameters to system default values may show a difference on imported resources.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "family" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterParameterGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the documentDB cluster parameter group.\n" + }, + "description": { + "type": "string", + "description": "The description of the documentDB cluster parameter group. Defaults to \"Managed by Pulumi\".\n" + }, + "family": { + "type": "string", + "description": "The family of the documentDB cluster parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the documentDB parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:docdb/ClusterParameterGroupParameter:ClusterParameterGroupParameter" + }, + "description": "A list of documentDB parameters to apply. Setting parameters to system default values may show a difference on imported resources.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:docdb/clusterSnapshot:ClusterSnapshot": { + "description": "Manages a DocDB database cluster snapshot for DocDB clusters.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.docdb.ClusterSnapshot(\"example\", {\n dbClusterIdentifier: aws_docdb_cluster.example.id,\n dbClusterSnapshotIdentifier: \"resourcetestsnapshot1234\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.docdb.ClusterSnapshot(\"example\",\n db_cluster_identifier=aws_docdb_cluster[\"example\"][\"id\"],\n db_cluster_snapshot_identifier=\"resourcetestsnapshot1234\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DocDB.ClusterSnapshot(\"example\", new Aws.DocDB.ClusterSnapshotArgs\n {\n DbClusterIdentifier = aws_docdb_cluster.Example.Id,\n DbClusterSnapshotIdentifier = \"resourcetestsnapshot1234\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := docdb.NewClusterSnapshot(ctx, \"example\", &docdb.ClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: pulumi.Any(aws_docdb_cluster.Example.Id),\n\t\t\tDbClusterSnapshotIdentifier: pulumi.String(\"resourcetestsnapshot1234\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_docdb_cluster_snapshot` can be imported by using the cluster snapshot identifier, e.g.\n\n```sh\n $ pulumi import aws:docdb/clusterSnapshot:ClusterSnapshot example my-cluster-snapshot\n```\n\n ", + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 Availability Zones that instances in the DocDB cluster snapshot can be restored in.\n" + }, + "dbClusterIdentifier": { + "type": "string", + "description": "The DocDB Cluster Identifier from which to take the snapshot.\n" + }, + "dbClusterSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DocDB Cluster Snapshot.\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the database engine for this DocDB cluster snapshot.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "If storage_encrypted is true, the AWS KMS key identifier for the encrypted DocDB cluster snapshot.\n" + }, + "port": { + "type": "integer", + "description": "Port that the DocDB cluster was listening on at the time of the snapshot.\n" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbClusterSnapshotArn": { + "type": "string" + }, + "status": { + "type": "string", + "description": "The status of this DocDB Cluster Snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DocDB cluster snapshot is encrypted.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID associated with the DocDB cluster snapshot.\n" + } + }, + "required": [ + "availabilityZones", + "dbClusterIdentifier", + "dbClusterSnapshotArn", + "dbClusterSnapshotIdentifier", + "engine", + "engineVersion", + "kmsKeyId", + "port", + "snapshotType", + "sourceDbClusterSnapshotArn", + "status", + "storageEncrypted", + "vpcId" + ], + "inputProperties": { + "dbClusterIdentifier": { + "type": "string", + "description": "The DocDB Cluster Identifier from which to take the snapshot.\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + } + }, + "requiredInputs": [ + "dbClusterIdentifier", + "dbClusterSnapshotIdentifier" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterSnapshot resources.\n", + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 Availability Zones that instances in the DocDB cluster snapshot can be restored in.\n" + }, + "dbClusterIdentifier": { + "type": "string", + "description": "The DocDB Cluster Identifier from which to take the snapshot.\n" + }, + "dbClusterSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DocDB Cluster Snapshot.\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the database engine for this DocDB cluster snapshot.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "If storage_encrypted is true, the AWS KMS key identifier for the encrypted DocDB cluster snapshot.\n" + }, + "port": { + "type": "integer", + "description": "Port that the DocDB cluster was listening on at the time of the snapshot.\n" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbClusterSnapshotArn": { + "type": "string" + }, + "status": { + "type": "string", + "description": "The status of this DocDB Cluster Snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DocDB cluster snapshot is encrypted.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID associated with the DocDB cluster snapshot.\n" + } + }, + "type": "object" + } + }, + "aws:docdb/subnetGroup:SubnetGroup": { + "description": "Provides an DocumentDB subnet group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.docdb.SubnetGroup(\"default\", {\n subnetIds: [\n aws_subnet.frontend.id,\n aws_subnet.backend.id,\n ],\n tags: {\n Name: \"My docdb subnet group\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.docdb.SubnetGroup(\"default\",\n subnet_ids=[\n aws_subnet[\"frontend\"][\"id\"],\n aws_subnet[\"backend\"][\"id\"],\n ],\n tags={\n \"Name\": \"My docdb subnet group\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.DocDB.SubnetGroup(\"default\", new Aws.DocDB.SubnetGroupArgs\n {\n SubnetIds = \n {\n aws_subnet.Frontend.Id,\n aws_subnet.Backend.Id,\n },\n Tags = \n {\n { \"Name\", \"My docdb subnet group\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := docdb.NewSubnetGroup(ctx, \"_default\", &docdb.SubnetGroupArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Frontend.Id),\n\t\t\t\tpulumi.Any(aws_subnet.Backend.Id),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"My docdb subnet group\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDocumentDB Subnet groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:docdb/subnetGroup:SubnetGroup default production-subnet-group\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the docDB subnet group.\n" + }, + "description": { + "type": "string", + "description": "The description of the docDB subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the docDB subnet group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "description", + "name", + "namePrefix", + "subnetIds", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the docDB subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the docDB subnet group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SubnetGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the docDB subnet group.\n" + }, + "description": { + "type": "string", + "description": "The description of the docDB subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the docDB subnet group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:dynamodb/globalTable:GlobalTable": { + "description": "Manages [DynamoDB Global Tables V1 (version 2017.11.29)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html). These are layered on top of existing DynamoDB Tables.\n\n> **NOTE:** To instead manage [DynamoDB Global Tables V2 (version 2019.11.21)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html), use the `aws.dynamodb.Table` resource `replica` configuration block.\n\n> Note: There are many restrictions before you can properly create DynamoDB Global Tables in multiple regions. See the [AWS DynamoDB Global Table Requirements](http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables_reqs_bestpractices.html) for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst us_east_1 = new aws.Provider(\"us-east-1\", {region: \"us-east-1\"});\nconst us_west_2 = new aws.Provider(\"us-west-2\", {region: \"us-west-2\"});\nconst us_east_1Table = new aws.dynamodb.Table(\"us-east-1Table\", {\n hashKey: \"myAttribute\",\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n readCapacity: 1,\n writeCapacity: 1,\n attributes: [{\n name: \"myAttribute\",\n type: \"S\",\n }],\n}, {\n provider: aws[\"us-east-1\"],\n});\nconst us_west_2Table = new aws.dynamodb.Table(\"us-west-2Table\", {\n hashKey: \"myAttribute\",\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n readCapacity: 1,\n writeCapacity: 1,\n attributes: [{\n name: \"myAttribute\",\n type: \"S\",\n }],\n}, {\n provider: aws[\"us-west-2\"],\n});\nconst myTable = new aws.dynamodb.GlobalTable(\"myTable\", {replicas: [\n {\n regionName: \"us-east-1\",\n },\n {\n regionName: \"us-west-2\",\n },\n]}, {\n provider: aws[\"us-east-1\"],\n dependsOn: [\n us_east_1Table,\n us_west_2Table,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\nus_east_1 = pulumi.providers.Aws(\"us-east-1\", region=\"us-east-1\")\nus_west_2 = pulumi.providers.Aws(\"us-west-2\", region=\"us-west-2\")\nus_east_1_table = aws.dynamodb.Table(\"us-east-1Table\",\n hash_key=\"myAttribute\",\n stream_enabled=True,\n stream_view_type=\"NEW_AND_OLD_IMAGES\",\n read_capacity=1,\n write_capacity=1,\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"myAttribute\",\n type=\"S\",\n )],\n opts=pulumi.ResourceOptions(provider=aws[\"us-east-1\"]))\nus_west_2_table = aws.dynamodb.Table(\"us-west-2Table\",\n hash_key=\"myAttribute\",\n stream_enabled=True,\n stream_view_type=\"NEW_AND_OLD_IMAGES\",\n read_capacity=1,\n write_capacity=1,\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"myAttribute\",\n type=\"S\",\n )],\n opts=pulumi.ResourceOptions(provider=aws[\"us-west-2\"]))\nmy_table = aws.dynamodb.GlobalTable(\"myTable\", replicas=[\n aws.dynamodb.GlobalTableReplicaArgs(\n region_name=\"us-east-1\",\n ),\n aws.dynamodb.GlobalTableReplicaArgs(\n region_name=\"us-west-2\",\n ),\n],\nopts=pulumi.ResourceOptions(provider=aws[\"us-east-1\"],\n depends_on=[\n us_east_1_table,\n us_west_2_table,\n ]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var us_east_1 = new Aws.Provider(\"us-east-1\", new Aws.ProviderArgs\n {\n Region = \"us-east-1\",\n });\n var us_west_2 = new Aws.Provider(\"us-west-2\", new Aws.ProviderArgs\n {\n Region = \"us-west-2\",\n });\n var us_east_1Table = new Aws.DynamoDB.Table(\"us-east-1Table\", new Aws.DynamoDB.TableArgs\n {\n HashKey = \"myAttribute\",\n StreamEnabled = true,\n StreamViewType = \"NEW_AND_OLD_IMAGES\",\n ReadCapacity = 1,\n WriteCapacity = 1,\n Attributes = \n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"myAttribute\",\n Type = \"S\",\n },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Us_east_1,\n });\n var us_west_2Table = new Aws.DynamoDB.Table(\"us-west-2Table\", new Aws.DynamoDB.TableArgs\n {\n HashKey = \"myAttribute\",\n StreamEnabled = true,\n StreamViewType = \"NEW_AND_OLD_IMAGES\",\n ReadCapacity = 1,\n WriteCapacity = 1,\n Attributes = \n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"myAttribute\",\n Type = \"S\",\n },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Us_west_2,\n });\n var myTable = new Aws.DynamoDB.GlobalTable(\"myTable\", new Aws.DynamoDB.GlobalTableArgs\n {\n Replicas = \n {\n new Aws.DynamoDB.Inputs.GlobalTableReplicaArgs\n {\n RegionName = \"us-east-1\",\n },\n new Aws.DynamoDB.Inputs.GlobalTableReplicaArgs\n {\n RegionName = \"us-west-2\",\n },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Us_east_1,\n DependsOn = \n {\n us_east_1Table,\n us_west_2Table,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"us_east_1\", &providers.awsArgs{\n\t\t\tRegion: \"us-east-1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = providers.Newaws(ctx, \"us_west_2\", &providers.awsArgs{\n\t\t\tRegion: \"us-west-2\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dynamodb.NewTable(ctx, \"us_east_1Table\", &dynamodb.TableArgs{\n\t\t\tHashKey: pulumi.String(\"myAttribute\"),\n\t\t\tStreamEnabled: pulumi.Bool(true),\n\t\t\tStreamViewType: pulumi.String(\"NEW_AND_OLD_IMAGES\"),\n\t\t\tReadCapacity: pulumi.Int(1),\n\t\t\tWriteCapacity: pulumi.Int(1),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t&dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"myAttribute\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Us-east-1))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dynamodb.NewTable(ctx, \"us_west_2Table\", &dynamodb.TableArgs{\n\t\t\tHashKey: pulumi.String(\"myAttribute\"),\n\t\t\tStreamEnabled: pulumi.Bool(true),\n\t\t\tStreamViewType: pulumi.String(\"NEW_AND_OLD_IMAGES\"),\n\t\t\tReadCapacity: pulumi.Int(1),\n\t\t\tWriteCapacity: pulumi.Int(1),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t&dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"myAttribute\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Us-west-2))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dynamodb.NewGlobalTable(ctx, \"myTable\", &dynamodb.GlobalTableArgs{\n\t\t\tReplicas: dynamodb.GlobalTableReplicaArray{\n\t\t\t\t&dynamodb.GlobalTableReplicaArgs{\n\t\t\t\t\tRegionName: pulumi.String(\"us-east-1\"),\n\t\t\t\t},\n\t\t\t\t&dynamodb.GlobalTableReplicaArgs{\n\t\t\t\t\tRegionName: pulumi.String(\"us-west-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Us-east-1), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tus_east_1Table,\n\t\t\tus_west_2Table,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDynamoDB Global Tables can be imported using the global table name, e.g.\n\n```sh\n $ pulumi import aws:dynamodb/globalTable:GlobalTable MyTable MyTable\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the DynamoDB Global Table\n" + }, + "name": { + "type": "string", + "description": "The name of the global table. Must match underlying DynamoDB Table names in all regions.\n" + }, + "replicas": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/GlobalTableReplica:GlobalTableReplica" + }, + "description": "Underlying DynamoDB Table. At least 1 replica must be defined. See below.\n" + } + }, + "required": [ + "arn", + "name", + "replicas" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the global table. Must match underlying DynamoDB Table names in all regions.\n" + }, + "replicas": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/GlobalTableReplica:GlobalTableReplica" + }, + "description": "Underlying DynamoDB Table. At least 1 replica must be defined. See below.\n" + } + }, + "requiredInputs": [ + "replicas" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GlobalTable resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the DynamoDB Global Table\n" + }, + "name": { + "type": "string", + "description": "The name of the global table. Must match underlying DynamoDB Table names in all regions.\n" + }, + "replicas": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/GlobalTableReplica:GlobalTableReplica" + }, + "description": "Underlying DynamoDB Table. At least 1 replica must be defined. See below.\n" + } + }, + "type": "object" + } + }, + "aws:dynamodb/kinesisStreamingDestination:KinesisStreamingDestination": { + "description": "Enables a [Kinesis streaming destination](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/kds.html) for data replication of a DynamoDB table.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleTable = new aws.dynamodb.Table(\"exampleTable\", {\n hashKey: \"id\",\n attributes: [{\n name: \"id\",\n type: \"S\",\n }],\n});\nconst exampleStream = new aws.kinesis.Stream(\"exampleStream\", {shardCount: 1});\nconst exampleKinesisStreamingDestination = new aws.dynamodb.KinesisStreamingDestination(\"exampleKinesisStreamingDestination\", {\n streamArn: exampleStream.arn,\n tableName: exampleTable.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_table = aws.dynamodb.Table(\"exampleTable\",\n hash_key=\"id\",\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"id\",\n type=\"S\",\n )])\nexample_stream = aws.kinesis.Stream(\"exampleStream\", shard_count=1)\nexample_kinesis_streaming_destination = aws.dynamodb.KinesisStreamingDestination(\"exampleKinesisStreamingDestination\",\n stream_arn=example_stream.arn,\n table_name=example_table.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleTable = new Aws.DynamoDB.Table(\"exampleTable\", new Aws.DynamoDB.TableArgs\n {\n HashKey = \"id\",\n Attributes = \n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"id\",\n Type = \"S\",\n },\n },\n });\n var exampleStream = new Aws.Kinesis.Stream(\"exampleStream\", new Aws.Kinesis.StreamArgs\n {\n ShardCount = 1,\n });\n var exampleKinesisStreamingDestination = new Aws.DynamoDB.KinesisStreamingDestination(\"exampleKinesisStreamingDestination\", new Aws.DynamoDB.KinesisStreamingDestinationArgs\n {\n StreamArn = exampleStream.Arn,\n TableName = exampleTable.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleTable, err := dynamodb.NewTable(ctx, \"exampleTable\", &dynamodb.TableArgs{\n\t\t\tHashKey: pulumi.String(\"id\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t&dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"id\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleStream, err := kinesis.NewStream(ctx, \"exampleStream\", &kinesis.StreamArgs{\n\t\t\tShardCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dynamodb.NewKinesisStreamingDestination(ctx, \"exampleKinesisStreamingDestination\", &dynamodb.KinesisStreamingDestinationArgs{\n\t\t\tStreamArn: exampleStream.Arn,\n\t\t\tTableName: exampleTable.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDynamoDB Kinesis Streaming Destinations can be imported using the `table_name` and `stream_arn` separated by `,`, e.g.\n\n```sh\n $ pulumi import aws:dynamodb/kinesisStreamingDestination:KinesisStreamingDestination example example,arn:aws:kinesis:us-east-1:111122223333:exampleStreamName\n```\n\n ", + "properties": { + "streamArn": { + "type": "string", + "description": "The ARN for a Kinesis data stream. This must exist in the same account and region as the DynamoDB table.\n" + }, + "tableName": { + "type": "string", + "description": "The name of the DynamoDB table. There\ncan only be one Kinesis streaming destination for a given DynamoDB table.\n" + } + }, + "required": [ + "streamArn", + "tableName" + ], + "inputProperties": { + "streamArn": { + "type": "string", + "description": "The ARN for a Kinesis data stream. This must exist in the same account and region as the DynamoDB table.\n" + }, + "tableName": { + "type": "string", + "description": "The name of the DynamoDB table. There\ncan only be one Kinesis streaming destination for a given DynamoDB table.\n" + } + }, + "requiredInputs": [ + "streamArn", + "tableName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering KinesisStreamingDestination resources.\n", + "properties": { + "streamArn": { + "type": "string", + "description": "The ARN for a Kinesis data stream. This must exist in the same account and region as the DynamoDB table.\n" + }, + "tableName": { + "type": "string", + "description": "The name of the DynamoDB table. There\ncan only be one Kinesis streaming destination for a given DynamoDB table.\n" + } + }, + "type": "object" + } + }, + "aws:dynamodb/table:Table": { + "description": "Provides a DynamoDB table resource\n\n> **Note:** It is recommended to use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) for `read_capacity` and/or `write_capacity` if there's `autoscaling policy` attached to the table.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following dynamodb table description models the table and GSI shown\nin the [AWS SDK example documentation](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GSI.html)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst basic_dynamodb_table = new aws.dynamodb.Table(\"basic-dynamodb-table\", {\n attributes: [\n {\n name: \"UserId\",\n type: \"S\",\n },\n {\n name: \"GameTitle\",\n type: \"S\",\n },\n {\n name: \"TopScore\",\n type: \"N\",\n },\n ],\n billingMode: \"PROVISIONED\",\n globalSecondaryIndexes: [{\n hashKey: \"GameTitle\",\n name: \"GameTitleIndex\",\n nonKeyAttributes: [\"UserId\"],\n projectionType: \"INCLUDE\",\n rangeKey: \"TopScore\",\n readCapacity: 10,\n writeCapacity: 10,\n }],\n hashKey: \"UserId\",\n rangeKey: \"GameTitle\",\n readCapacity: 20,\n tags: {\n Environment: \"production\",\n Name: \"dynamodb-table-1\",\n },\n ttl: {\n attributeName: \"TimeToExist\",\n enabled: false,\n },\n writeCapacity: 20,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbasic_dynamodb_table = aws.dynamodb.Table(\"basic-dynamodb-table\",\n attributes=[\n aws.dynamodb.TableAttributeArgs(\n name=\"UserId\",\n type=\"S\",\n ),\n aws.dynamodb.TableAttributeArgs(\n name=\"GameTitle\",\n type=\"S\",\n ),\n aws.dynamodb.TableAttributeArgs(\n name=\"TopScore\",\n type=\"N\",\n ),\n ],\n billing_mode=\"PROVISIONED\",\n global_secondary_indexes=[aws.dynamodb.TableGlobalSecondaryIndexArgs(\n hash_key=\"GameTitle\",\n name=\"GameTitleIndex\",\n non_key_attributes=[\"UserId\"],\n projection_type=\"INCLUDE\",\n range_key=\"TopScore\",\n read_capacity=10,\n write_capacity=10,\n )],\n hash_key=\"UserId\",\n range_key=\"GameTitle\",\n read_capacity=20,\n tags={\n \"Environment\": \"production\",\n \"Name\": \"dynamodb-table-1\",\n },\n ttl=aws.dynamodb.TableTtlArgs(\n attribute_name=\"TimeToExist\",\n enabled=False,\n ),\n write_capacity=20)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var basic_dynamodb_table = new Aws.DynamoDB.Table(\"basic-dynamodb-table\", new Aws.DynamoDB.TableArgs\n {\n Attributes = \n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"UserId\",\n Type = \"S\",\n },\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"GameTitle\",\n Type = \"S\",\n },\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"TopScore\",\n Type = \"N\",\n },\n },\n BillingMode = \"PROVISIONED\",\n GlobalSecondaryIndexes = \n {\n new Aws.DynamoDB.Inputs.TableGlobalSecondaryIndexArgs\n {\n HashKey = \"GameTitle\",\n Name = \"GameTitleIndex\",\n NonKeyAttributes = \n {\n \"UserId\",\n },\n ProjectionType = \"INCLUDE\",\n RangeKey = \"TopScore\",\n ReadCapacity = 10,\n WriteCapacity = 10,\n },\n },\n HashKey = \"UserId\",\n RangeKey = \"GameTitle\",\n ReadCapacity = 20,\n Tags = \n {\n { \"Environment\", \"production\" },\n { \"Name\", \"dynamodb-table-1\" },\n },\n Ttl = new Aws.DynamoDB.Inputs.TableTtlArgs\n {\n AttributeName = \"TimeToExist\",\n Enabled = false,\n },\n WriteCapacity = 20,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dynamodb.NewTable(ctx, \"basic_dynamodb_table\", &dynamodb.TableArgs{\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t&dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"UserId\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t\t&dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"GameTitle\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t\t&dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"TopScore\"),\n\t\t\t\t\tType: pulumi.String(\"N\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBillingMode: pulumi.String(\"PROVISIONED\"),\n\t\t\tGlobalSecondaryIndexes: dynamodb.TableGlobalSecondaryIndexArray{\n\t\t\t\t&dynamodb.TableGlobalSecondaryIndexArgs{\n\t\t\t\t\tHashKey: pulumi.String(\"GameTitle\"),\n\t\t\t\t\tName: pulumi.String(\"GameTitleIndex\"),\n\t\t\t\t\tNonKeyAttributes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"UserId\"),\n\t\t\t\t\t},\n\t\t\t\t\tProjectionType: pulumi.String(\"INCLUDE\"),\n\t\t\t\t\tRangeKey: pulumi.String(\"TopScore\"),\n\t\t\t\t\tReadCapacity: pulumi.Int(10),\n\t\t\t\t\tWriteCapacity: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHashKey: pulumi.String(\"UserId\"),\n\t\t\tRangeKey: pulumi.String(\"GameTitle\"),\n\t\t\tReadCapacity: pulumi.Int(20),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"production\"),\n\t\t\t\t\"Name\": pulumi.String(\"dynamodb-table-1\"),\n\t\t\t},\n\t\t\tTtl: &dynamodb.TableTtlArgs{\n\t\t\t\tAttributeName: pulumi.String(\"TimeToExist\"),\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tWriteCapacity: pulumi.Int(20),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Global Tables\n\nThis resource implements support for [DynamoDB Global Tables V2 (version 2019.11.21)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) via `replica` configuration blocks. For working with [DynamoDB Global Tables V1 (version 2017.11.29)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V1.html), see the `aws.dynamodb.GlobalTable` resource.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.dynamodb.Table(\"example\", {\n attributes: [{\n name: \"TestTableHashKey\",\n type: \"S\",\n }],\n billingMode: \"PAY_PER_REQUEST\",\n hashKey: \"TestTableHashKey\",\n replicas: [\n {\n regionName: \"us-east-2\",\n },\n {\n regionName: \"us-west-2\",\n },\n ],\n streamEnabled: true,\n streamViewType: \"NEW_AND_OLD_IMAGES\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.dynamodb.Table(\"example\",\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"TestTableHashKey\",\n type=\"S\",\n )],\n billing_mode=\"PAY_PER_REQUEST\",\n hash_key=\"TestTableHashKey\",\n replicas=[\n aws.dynamodb.TableReplicaArgs(\n region_name=\"us-east-2\",\n ),\n aws.dynamodb.TableReplicaArgs(\n region_name=\"us-west-2\",\n ),\n ],\n stream_enabled=True,\n stream_view_type=\"NEW_AND_OLD_IMAGES\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.DynamoDB.Table(\"example\", new Aws.DynamoDB.TableArgs\n {\n Attributes = \n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"TestTableHashKey\",\n Type = \"S\",\n },\n },\n BillingMode = \"PAY_PER_REQUEST\",\n HashKey = \"TestTableHashKey\",\n Replicas = \n {\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = \"us-east-2\",\n },\n new Aws.DynamoDB.Inputs.TableReplicaArgs\n {\n RegionName = \"us-west-2\",\n },\n },\n StreamEnabled = true,\n StreamViewType = \"NEW_AND_OLD_IMAGES\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dynamodb.NewTable(ctx, \"example\", &dynamodb.TableArgs{\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t&dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"TestTableHashKey\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tBillingMode: pulumi.String(\"PAY_PER_REQUEST\"),\n\t\t\tHashKey: pulumi.String(\"TestTableHashKey\"),\n\t\t\tReplicas: dynamodb.TableReplicaArray{\n\t\t\t\t&dynamodb.TableReplicaArgs{\n\t\t\t\t\tRegionName: pulumi.String(\"us-east-2\"),\n\t\t\t\t},\n\t\t\t\t&dynamodb.TableReplicaArgs{\n\t\t\t\t\tRegionName: pulumi.String(\"us-west-2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tStreamEnabled: pulumi.Bool(true),\n\t\t\tStreamViewType: pulumi.String(\"NEW_AND_OLD_IMAGES\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDynamoDB tables can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:dynamodb/table:Table basic-dynamodb-table GameScores\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The arn of the table\n" + }, + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableAttribute:TableAttribute" + }, + "description": "List of nested attribute definitions. Only required for `hash_key` and `range_key` attributes. Each attribute has two properties:\n" + }, + "billingMode": { + "type": "string", + "description": "Controls how you are charged for read and write throughput and how you manage capacity. The valid values are `PROVISIONED` and `PAY_PER_REQUEST`. Defaults to `PROVISIONED`.\n" + }, + "globalSecondaryIndexes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableGlobalSecondaryIndex:TableGlobalSecondaryIndex" + }, + "description": "Describe a GSI for the table;\nsubject to the normal limits on the number of GSIs, projected\nattributes, etc.\n" + }, + "hashKey": { + "type": "string", + "description": "The name of the hash key in the index; must be\ndefined as an attribute in the resource.\n" + }, + "localSecondaryIndexes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableLocalSecondaryIndex:TableLocalSecondaryIndex" + }, + "description": "Describe an LSI on the table;\nthese can only be allocated *at creation* so you cannot change this\ndefinition after you have created the resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the index\n" + }, + "pointInTimeRecovery": { + "$ref": "#/types/aws:dynamodb/TablePointInTimeRecovery:TablePointInTimeRecovery", + "description": "Point-in-time recovery options.\n" + }, + "rangeKey": { + "type": "string", + "description": "The name of the range key; must be defined\n" + }, + "readCapacity": { + "type": "integer", + "description": "The number of read units for this index. Must be set if billing_mode is set to PROVISIONED.\n" + }, + "replicas": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableReplica:TableReplica" + }, + "description": "Configuration block(s) with [DynamoDB Global Tables V2 (version 2019.11.21)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) replication configurations. Detailed below.\n" + }, + "serverSideEncryption": { + "$ref": "#/types/aws:dynamodb/TableServerSideEncryption:TableServerSideEncryption", + "description": "Encryption at rest options. AWS DynamoDB tables are automatically encrypted at rest with an AWS owned Customer Master Key if this argument isn't specified.\n" + }, + "streamArn": { + "type": "string", + "description": "The ARN of the Table Stream. Only available when `stream_enabled = true`\n" + }, + "streamEnabled": { + "type": "boolean", + "description": "Indicates whether Streams are to be enabled (true) or disabled (false).\n" + }, + "streamLabel": { + "type": "string", + "description": "A timestamp, in ISO 8601 format, for this stream. Note that this timestamp is not\na unique identifier for the stream on its own. However, the combination of AWS customer ID,\ntable name and this field is guaranteed to be unique.\nIt can be used for creating CloudWatch Alarms. Only available when `stream_enabled = true`\n" + }, + "streamViewType": { + "type": "string", + "description": "When an item in the table is modified, StreamViewType determines what information is written to the table's stream. Valid values are `KEYS_ONLY`, `NEW_IMAGE`, `OLD_IMAGE`, `NEW_AND_OLD_IMAGES`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to populate on the created table. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "ttl": { + "$ref": "#/types/aws:dynamodb/TableTtl:TableTtl", + "description": "Defines ttl, has two properties, and can only be specified once:\n" + }, + "writeCapacity": { + "type": "integer", + "description": "The number of write units for this index. Must be set if billing_mode is set to PROVISIONED.\n" + } + }, + "required": [ + "arn", + "attributes", + "hashKey", + "name", + "pointInTimeRecovery", + "serverSideEncryption", + "streamArn", + "streamLabel", + "streamViewType", + "tagsAll" + ], + "inputProperties": { + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableAttribute:TableAttribute" + }, + "description": "List of nested attribute definitions. Only required for `hash_key` and `range_key` attributes. Each attribute has two properties:\n" + }, + "billingMode": { + "type": "string", + "description": "Controls how you are charged for read and write throughput and how you manage capacity. The valid values are `PROVISIONED` and `PAY_PER_REQUEST`. Defaults to `PROVISIONED`.\n" + }, + "globalSecondaryIndexes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableGlobalSecondaryIndex:TableGlobalSecondaryIndex" + }, + "description": "Describe a GSI for the table;\nsubject to the normal limits on the number of GSIs, projected\nattributes, etc.\n" + }, + "hashKey": { + "type": "string", + "description": "The name of the hash key in the index; must be\ndefined as an attribute in the resource.\n" + }, + "localSecondaryIndexes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableLocalSecondaryIndex:TableLocalSecondaryIndex" + }, + "description": "Describe an LSI on the table;\nthese can only be allocated *at creation* so you cannot change this\ndefinition after you have created the resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the index\n" + }, + "pointInTimeRecovery": { + "$ref": "#/types/aws:dynamodb/TablePointInTimeRecovery:TablePointInTimeRecovery", + "description": "Point-in-time recovery options.\n" + }, + "rangeKey": { + "type": "string", + "description": "The name of the range key; must be defined\n" + }, + "readCapacity": { + "type": "integer", + "description": "The number of read units for this index. Must be set if billing_mode is set to PROVISIONED.\n" + }, + "replicas": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableReplica:TableReplica" + }, + "description": "Configuration block(s) with [DynamoDB Global Tables V2 (version 2019.11.21)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) replication configurations. Detailed below.\n" + }, + "serverSideEncryption": { + "$ref": "#/types/aws:dynamodb/TableServerSideEncryption:TableServerSideEncryption", + "description": "Encryption at rest options. AWS DynamoDB tables are automatically encrypted at rest with an AWS owned Customer Master Key if this argument isn't specified.\n" + }, + "streamEnabled": { + "type": "boolean", + "description": "Indicates whether Streams are to be enabled (true) or disabled (false).\n" + }, + "streamViewType": { + "type": "string", + "description": "When an item in the table is modified, StreamViewType determines what information is written to the table's stream. Valid values are `KEYS_ONLY`, `NEW_IMAGE`, `OLD_IMAGE`, `NEW_AND_OLD_IMAGES`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to populate on the created table. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "ttl": { + "$ref": "#/types/aws:dynamodb/TableTtl:TableTtl", + "description": "Defines ttl, has two properties, and can only be specified once:\n" + }, + "writeCapacity": { + "type": "integer", + "description": "The number of write units for this index. Must be set if billing_mode is set to PROVISIONED.\n" + } + }, + "requiredInputs": [ + "attributes", + "hashKey" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Table resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The arn of the table\n" + }, + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableAttribute:TableAttribute" + }, + "description": "List of nested attribute definitions. Only required for `hash_key` and `range_key` attributes. Each attribute has two properties:\n" + }, + "billingMode": { + "type": "string", + "description": "Controls how you are charged for read and write throughput and how you manage capacity. The valid values are `PROVISIONED` and `PAY_PER_REQUEST`. Defaults to `PROVISIONED`.\n" + }, + "globalSecondaryIndexes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableGlobalSecondaryIndex:TableGlobalSecondaryIndex" + }, + "description": "Describe a GSI for the table;\nsubject to the normal limits on the number of GSIs, projected\nattributes, etc.\n" + }, + "hashKey": { + "type": "string", + "description": "The name of the hash key in the index; must be\ndefined as an attribute in the resource.\n" + }, + "localSecondaryIndexes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableLocalSecondaryIndex:TableLocalSecondaryIndex" + }, + "description": "Describe an LSI on the table;\nthese can only be allocated *at creation* so you cannot change this\ndefinition after you have created the resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the index\n" + }, + "pointInTimeRecovery": { + "$ref": "#/types/aws:dynamodb/TablePointInTimeRecovery:TablePointInTimeRecovery", + "description": "Point-in-time recovery options.\n" + }, + "rangeKey": { + "type": "string", + "description": "The name of the range key; must be defined\n" + }, + "readCapacity": { + "type": "integer", + "description": "The number of read units for this index. Must be set if billing_mode is set to PROVISIONED.\n" + }, + "replicas": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/TableReplica:TableReplica" + }, + "description": "Configuration block(s) with [DynamoDB Global Tables V2 (version 2019.11.21)](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/globaltables.V2.html) replication configurations. Detailed below.\n" + }, + "serverSideEncryption": { + "$ref": "#/types/aws:dynamodb/TableServerSideEncryption:TableServerSideEncryption", + "description": "Encryption at rest options. AWS DynamoDB tables are automatically encrypted at rest with an AWS owned Customer Master Key if this argument isn't specified.\n" + }, + "streamArn": { + "type": "string", + "description": "The ARN of the Table Stream. Only available when `stream_enabled = true`\n" + }, + "streamEnabled": { + "type": "boolean", + "description": "Indicates whether Streams are to be enabled (true) or disabled (false).\n" + }, + "streamLabel": { + "type": "string", + "description": "A timestamp, in ISO 8601 format, for this stream. Note that this timestamp is not\na unique identifier for the stream on its own. However, the combination of AWS customer ID,\ntable name and this field is guaranteed to be unique.\nIt can be used for creating CloudWatch Alarms. Only available when `stream_enabled = true`\n" + }, + "streamViewType": { + "type": "string", + "description": "When an item in the table is modified, StreamViewType determines what information is written to the table's stream. Valid values are `KEYS_ONLY`, `NEW_IMAGE`, `OLD_IMAGE`, `NEW_AND_OLD_IMAGES`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to populate on the created table. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "ttl": { + "$ref": "#/types/aws:dynamodb/TableTtl:TableTtl", + "description": "Defines ttl, has two properties, and can only be specified once:\n" + }, + "writeCapacity": { + "type": "integer", + "description": "The number of write units for this index. Must be set if billing_mode is set to PROVISIONED.\n" + } + }, + "type": "object" + } + }, + "aws:dynamodb/tableItem:TableItem": { + "description": "Provides a DynamoDB table item resource\n\n> **Note:** This resource is not meant to be used for managing large amounts of data in your table, it is not designed to scale.\n You should perform **regular backups** of all data in the table, see [AWS docs for more](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/BackupRestore.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleTable = new aws.dynamodb.Table(\"exampleTable\", {\n readCapacity: 10,\n writeCapacity: 10,\n hashKey: \"exampleHashKey\",\n attributes: [{\n name: \"exampleHashKey\",\n type: \"S\",\n }],\n});\nconst exampleTableItem = new aws.dynamodb.TableItem(\"exampleTableItem\", {\n tableName: exampleTable.name,\n hashKey: exampleTable.hashKey,\n item: `{\n \"exampleHashKey\": {\"S\": \"something\"},\n \"one\": {\"N\": \"11111\"},\n \"two\": {\"N\": \"22222\"},\n \"three\": {\"N\": \"33333\"},\n \"four\": {\"N\": \"44444\"}\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_table = aws.dynamodb.Table(\"exampleTable\",\n read_capacity=10,\n write_capacity=10,\n hash_key=\"exampleHashKey\",\n attributes=[aws.dynamodb.TableAttributeArgs(\n name=\"exampleHashKey\",\n type=\"S\",\n )])\nexample_table_item = aws.dynamodb.TableItem(\"exampleTableItem\",\n table_name=example_table.name,\n hash_key=example_table.hash_key,\n item=\"\"\"{\n \"exampleHashKey\": {\"S\": \"something\"},\n \"one\": {\"N\": \"11111\"},\n \"two\": {\"N\": \"22222\"},\n \"three\": {\"N\": \"33333\"},\n \"four\": {\"N\": \"44444\"}\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleTable = new Aws.DynamoDB.Table(\"exampleTable\", new Aws.DynamoDB.TableArgs\n {\n ReadCapacity = 10,\n WriteCapacity = 10,\n HashKey = \"exampleHashKey\",\n Attributes = \n {\n new Aws.DynamoDB.Inputs.TableAttributeArgs\n {\n Name = \"exampleHashKey\",\n Type = \"S\",\n },\n },\n });\n var exampleTableItem = new Aws.DynamoDB.TableItem(\"exampleTableItem\", new Aws.DynamoDB.TableItemArgs\n {\n TableName = exampleTable.Name,\n HashKey = exampleTable.HashKey,\n Item = @\"{\n \"\"exampleHashKey\"\": {\"\"S\"\": \"\"something\"\"},\n \"\"one\"\": {\"\"N\"\": \"\"11111\"\"},\n \"\"two\"\": {\"\"N\"\": \"\"22222\"\"},\n \"\"three\"\": {\"\"N\"\": \"\"33333\"\"},\n \"\"four\"\": {\"\"N\"\": \"\"44444\"\"}\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleTable, err := dynamodb.NewTable(ctx, \"exampleTable\", &dynamodb.TableArgs{\n\t\t\tReadCapacity: pulumi.Int(10),\n\t\t\tWriteCapacity: pulumi.Int(10),\n\t\t\tHashKey: pulumi.String(\"exampleHashKey\"),\n\t\t\tAttributes: dynamodb.TableAttributeArray{\n\t\t\t\t&dynamodb.TableAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"exampleHashKey\"),\n\t\t\t\t\tType: pulumi.String(\"S\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dynamodb.NewTableItem(ctx, \"exampleTableItem\", &dynamodb.TableItemArgs{\n\t\t\tTableName: exampleTable.Name,\n\t\t\tHashKey: exampleTable.HashKey,\n\t\t\tItem: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"exampleHashKey\\\": {\\\"S\\\": \\\"something\\\"},\\n\", \" \\\"one\\\": {\\\"N\\\": \\\"11111\\\"},\\n\", \" \\\"two\\\": {\\\"N\\\": \\\"22222\\\"},\\n\", \" \\\"three\\\": {\\\"N\\\": \\\"33333\\\"},\\n\", \" \\\"four\\\": {\\\"N\\\": \\\"44444\\\"}\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDynamoDB table items cannot be imported. ", + "properties": { + "hashKey": { + "type": "string", + "description": "Hash key to use for lookups and identification of the item\n" + }, + "item": { + "type": "string", + "description": "JSON representation of a map of attribute name/value pairs, one for each attribute.\nOnly the primary key attributes are required; you can optionally provide other attribute name-value pairs for the item.\n" + }, + "rangeKey": { + "type": "string", + "description": "Range key to use for lookups and identification of the item. Required if there is range key defined in the table.\n" + }, + "tableName": { + "type": "string", + "description": "The name of the table to contain the item.\n" + } + }, + "required": [ + "hashKey", + "item", + "tableName" + ], + "inputProperties": { + "hashKey": { + "type": "string", + "description": "Hash key to use for lookups and identification of the item\n" + }, + "item": { + "type": "string", + "description": "JSON representation of a map of attribute name/value pairs, one for each attribute.\nOnly the primary key attributes are required; you can optionally provide other attribute name-value pairs for the item.\n" + }, + "rangeKey": { + "type": "string", + "description": "Range key to use for lookups and identification of the item. Required if there is range key defined in the table.\n" + }, + "tableName": { + "type": "string", + "description": "The name of the table to contain the item.\n" + } + }, + "requiredInputs": [ + "hashKey", + "item", + "tableName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TableItem resources.\n", + "properties": { + "hashKey": { + "type": "string", + "description": "Hash key to use for lookups and identification of the item\n" + }, + "item": { + "type": "string", + "description": "JSON representation of a map of attribute name/value pairs, one for each attribute.\nOnly the primary key attributes are required; you can optionally provide other attribute name-value pairs for the item.\n" + }, + "rangeKey": { + "type": "string", + "description": "Range key to use for lookups and identification of the item. Required if there is range key defined in the table.\n" + }, + "tableName": { + "type": "string", + "description": "The name of the table to contain the item.\n" + } + }, + "type": "object" + } + }, + "aws:ebs/defaultKmsKey:DefaultKmsKey": { + "description": "Provides a resource to manage the default customer master key (CMK) that your AWS account uses to encrypt EBS volumes.\n\nYour AWS account has an AWS-managed default CMK that is used for encrypting an EBS volume when no CMK is specified in the API call that creates the volume.\nBy using the `aws.ebs.DefaultKmsKey` resource, you can specify a customer-managed CMK to use in place of the AWS-managed default CMK.\n\n> **NOTE:** Creating an `aws.ebs.DefaultKmsKey` resource does not enable default EBS encryption. Use the `aws.ebs.EncryptionByDefault` to enable default EBS encryption.\n\n> **NOTE:** Destroying this resource will reset the default CMK to the account's AWS-managed default CMK for EBS.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ebs.DefaultKmsKey(\"example\", {keyArn: aws_kms_key.example.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ebs.DefaultKmsKey(\"example\", key_arn=aws_kms_key[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ebs.DefaultKmsKey(\"example\", new Aws.Ebs.DefaultKmsKeyArgs\n {\n KeyArn = aws_kms_key.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ebs.NewDefaultKmsKey(ctx, \"example\", &ebs.DefaultKmsKeyArgs{\n\t\t\tKeyArn: pulumi.Any(aws_kms_key.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe EBS default KMS CMK can be imported with the KMS key ARN, e.g. console\n\n```sh\n $ pulumi import aws:ebs/defaultKmsKey:DefaultKmsKey example arn:aws:kms:us-east-1:123456789012:key/abcd-1234\n```\n\n ", + "properties": { + "keyArn": { + "type": "string", + "description": "The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the EBS volume.\n" + } + }, + "required": [ + "keyArn" + ], + "inputProperties": { + "keyArn": { + "type": "string", + "description": "The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the EBS volume.\n" + } + }, + "requiredInputs": [ + "keyArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DefaultKmsKey resources.\n", + "properties": { + "keyArn": { + "type": "string", + "description": "The ARN of the AWS Key Management Service (AWS KMS) customer master key (CMK) to use to encrypt the EBS volume.\n" + } + }, + "type": "object" + } + }, + "aws:ebs/encryptionByDefault:EncryptionByDefault": { + "description": "Provides a resource to manage whether default EBS encryption is enabled for your AWS account in the current AWS region. To manage the default KMS key for the region, see the `aws.ebs.DefaultKmsKey` resource.\n\n> **NOTE:** Removing this resource disables default EBS encryption.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ebs.EncryptionByDefault(\"example\", {\n enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ebs.EncryptionByDefault(\"example\", enabled=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ebs.EncryptionByDefault(\"example\", new Aws.Ebs.EncryptionByDefaultArgs\n {\n Enabled = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ebs.NewEncryptionByDefault(ctx, \"example\", &ebs.EncryptionByDefaultArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether or not default EBS encryption is enabled. Valid values are `true` or `false`. Defaults to `true`.\n" + } + }, + "inputProperties": { + "enabled": { + "type": "boolean", + "description": "Whether or not default EBS encryption is enabled. Valid values are `true` or `false`. Defaults to `true`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering EncryptionByDefault resources.\n", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether or not default EBS encryption is enabled. Valid values are `true` or `false`. Defaults to `true`.\n" + } + }, + "type": "object" + } + }, + "aws:ebs/snapshot:Snapshot": { + "description": "Creates a Snapshot of an EBS Volume.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ebs.Volume(\"example\", {\n availabilityZone: \"us-west-2a\",\n size: 40,\n tags: {\n Name: \"HelloWorld\",\n },\n});\nconst exampleSnapshot = new aws.ebs.Snapshot(\"exampleSnapshot\", {\n volumeId: example.id,\n tags: {\n Name: \"HelloWorld_snap\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ebs.Volume(\"example\",\n availability_zone=\"us-west-2a\",\n size=40,\n tags={\n \"Name\": \"HelloWorld\",\n })\nexample_snapshot = aws.ebs.Snapshot(\"exampleSnapshot\",\n volume_id=example.id,\n tags={\n \"Name\": \"HelloWorld_snap\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ebs.Volume(\"example\", new Aws.Ebs.VolumeArgs\n {\n AvailabilityZone = \"us-west-2a\",\n Size = 40,\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n var exampleSnapshot = new Aws.Ebs.Snapshot(\"exampleSnapshot\", new Aws.Ebs.SnapshotArgs\n {\n VolumeId = example.Id,\n Tags = \n {\n { \"Name\", \"HelloWorld_snap\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ebs.NewVolume(ctx, \"example\", &ebs.VolumeArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tSize: pulumi.Int(40),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ebs.NewSnapshot(ctx, \"exampleSnapshot\", &ebs.SnapshotArgs{\n\t\t\tVolumeId: example.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld_snap\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEBS Snapshot can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ebs/snapshot:Snapshot id snap-049df61146c4d7901\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EBS Snapshot.\n" + }, + "dataEncryptionKeyId": { + "type": "string", + "description": "The data encryption key identifier for the snapshot.\n" + }, + "description": { + "type": "string", + "description": "A description of what the snapshot is.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Whether the snapshot is encrypted.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "ownerAlias": { + "type": "string", + "description": "Value from an Amazon-maintained list (`amazon`, `aws-marketplace`, `microsoft`) of snapshot owners.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the EBS snapshot owner.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the snapshot.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "volumeId": { + "type": "string", + "description": "The Volume ID of which to make a snapshot.\n" + }, + "volumeSize": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + } + }, + "required": [ + "arn", + "dataEncryptionKeyId", + "encrypted", + "kmsKeyId", + "ownerAlias", + "ownerId", + "tagsAll", + "volumeId", + "volumeSize" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of what the snapshot is.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the snapshot.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "volumeId": { + "type": "string", + "description": "The Volume ID of which to make a snapshot.\n" + } + }, + "requiredInputs": [ + "volumeId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Snapshot resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EBS Snapshot.\n" + }, + "dataEncryptionKeyId": { + "type": "string", + "description": "The data encryption key identifier for the snapshot.\n" + }, + "description": { + "type": "string", + "description": "A description of what the snapshot is.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Whether the snapshot is encrypted.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "ownerAlias": { + "type": "string", + "description": "Value from an Amazon-maintained list (`amazon`, `aws-marketplace`, `microsoft`) of snapshot owners.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the EBS snapshot owner.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the snapshot.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "volumeId": { + "type": "string", + "description": "The Volume ID of which to make a snapshot.\n" + }, + "volumeSize": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + } + }, + "type": "object" + } + }, + "aws:ebs/snapshotCopy:SnapshotCopy": { + "description": "Creates a Snapshot of a snapshot.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ebs.Volume(\"example\", {\n availabilityZone: \"us-west-2a\",\n size: 40,\n tags: {\n Name: \"HelloWorld\",\n },\n});\nconst exampleSnapshot = new aws.ebs.Snapshot(\"exampleSnapshot\", {\n volumeId: example.id,\n tags: {\n Name: \"HelloWorld_snap\",\n },\n});\nconst exampleCopy = new aws.ebs.SnapshotCopy(\"exampleCopy\", {\n sourceSnapshotId: exampleSnapshot.id,\n sourceRegion: \"us-west-2\",\n tags: {\n Name: \"HelloWorld_copy_snap\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ebs.Volume(\"example\",\n availability_zone=\"us-west-2a\",\n size=40,\n tags={\n \"Name\": \"HelloWorld\",\n })\nexample_snapshot = aws.ebs.Snapshot(\"exampleSnapshot\",\n volume_id=example.id,\n tags={\n \"Name\": \"HelloWorld_snap\",\n })\nexample_copy = aws.ebs.SnapshotCopy(\"exampleCopy\",\n source_snapshot_id=example_snapshot.id,\n source_region=\"us-west-2\",\n tags={\n \"Name\": \"HelloWorld_copy_snap\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ebs.Volume(\"example\", new Aws.Ebs.VolumeArgs\n {\n AvailabilityZone = \"us-west-2a\",\n Size = 40,\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n var exampleSnapshot = new Aws.Ebs.Snapshot(\"exampleSnapshot\", new Aws.Ebs.SnapshotArgs\n {\n VolumeId = example.Id,\n Tags = \n {\n { \"Name\", \"HelloWorld_snap\" },\n },\n });\n var exampleCopy = new Aws.Ebs.SnapshotCopy(\"exampleCopy\", new Aws.Ebs.SnapshotCopyArgs\n {\n SourceSnapshotId = exampleSnapshot.Id,\n SourceRegion = \"us-west-2\",\n Tags = \n {\n { \"Name\", \"HelloWorld_copy_snap\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ebs.NewVolume(ctx, \"example\", &ebs.VolumeArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tSize: pulumi.Int(40),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSnapshot, err := ebs.NewSnapshot(ctx, \"exampleSnapshot\", &ebs.SnapshotArgs{\n\t\t\tVolumeId: example.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld_snap\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ebs.NewSnapshotCopy(ctx, \"exampleCopy\", &ebs.SnapshotCopyArgs{\n\t\t\tSourceSnapshotId: exampleSnapshot.ID(),\n\t\t\tSourceRegion: pulumi.String(\"us-west-2\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld_copy_snap\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EBS Snapshot.\n" + }, + "dataEncryptionKeyId": { + "type": "string", + "description": "The data encryption key identifier for the snapshot.\n* `source_snapshot_id` The ARN of the copied snapshot.\n* `source_region` The region of the source snapshot.\n" + }, + "description": { + "type": "string", + "description": "A description of what the snapshot is.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Whether the snapshot is encrypted.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "ownerAlias": { + "type": "string", + "description": "Value from an Amazon-maintained list (`amazon`, `aws-marketplace`, `microsoft`) of snapshot owners.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the snapshot owner.\n" + }, + "sourceRegion": { + "type": "string", + "description": "The region of the source snapshot.\n" + }, + "sourceSnapshotId": { + "type": "string", + "description": "The ARN for the snapshot to be copied.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the snapshot.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "volumeId": { + "type": "string" + }, + "volumeSize": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + } + }, + "required": [ + "arn", + "dataEncryptionKeyId", + "ownerAlias", + "ownerId", + "sourceRegion", + "sourceSnapshotId", + "tagsAll", + "volumeId", + "volumeSize" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of what the snapshot is.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Whether the snapshot is encrypted.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "sourceRegion": { + "type": "string", + "description": "The region of the source snapshot.\n" + }, + "sourceSnapshotId": { + "type": "string", + "description": "The ARN for the snapshot to be copied.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the snapshot.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "sourceRegion", + "sourceSnapshotId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SnapshotCopy resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EBS Snapshot.\n" + }, + "dataEncryptionKeyId": { + "type": "string", + "description": "The data encryption key identifier for the snapshot.\n* `source_snapshot_id` The ARN of the copied snapshot.\n* `source_region` The region of the source snapshot.\n" + }, + "description": { + "type": "string", + "description": "A description of what the snapshot is.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Whether the snapshot is encrypted.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "ownerAlias": { + "type": "string", + "description": "Value from an Amazon-maintained list (`amazon`, `aws-marketplace`, `microsoft`) of snapshot owners.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the snapshot owner.\n" + }, + "sourceRegion": { + "type": "string", + "description": "The region of the source snapshot.\n" + }, + "sourceSnapshotId": { + "type": "string", + "description": "The ARN for the snapshot to be copied.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the snapshot.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "volumeId": { + "type": "string" + }, + "volumeSize": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + } + }, + "type": "object" + } + }, + "aws:ebs/snapshotImport:SnapshotImport": { + "description": "Imports a disk image from S3 as a Snapshot.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ebs.SnapshotImport(\"example\", {\n diskContainer: {\n format: \"VHD\",\n userBucket: {\n s3Bucket: \"disk-images\",\n s3Key: \"source.vhd\",\n },\n },\n roleName: \"disk-image-import\",\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ebs.SnapshotImport(\"example\",\n disk_container=aws.ebs.SnapshotImportDiskContainerArgs(\n format=\"VHD\",\n user_bucket=aws.ebs.SnapshotImportDiskContainerUserBucketArgs(\n s3_bucket=\"disk-images\",\n s3_key=\"source.vhd\",\n ),\n ),\n role_name=\"disk-image-import\",\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ebs.SnapshotImport(\"example\", new Aws.Ebs.SnapshotImportArgs\n {\n DiskContainer = new Aws.Ebs.Inputs.SnapshotImportDiskContainerArgs\n {\n Format = \"VHD\",\n UserBucket = new Aws.Ebs.Inputs.SnapshotImportDiskContainerUserBucketArgs\n {\n S3Bucket = \"disk-images\",\n S3Key = \"source.vhd\",\n },\n },\n RoleName = \"disk-image-import\",\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ebs.NewSnapshotImport(ctx, \"example\", &ebs.SnapshotImportArgs{\n\t\t\tDiskContainer: &ebs.SnapshotImportDiskContainerArgs{\n\t\t\t\tFormat: pulumi.String(\"VHD\"),\n\t\t\t\tUserBucket: &ebs.SnapshotImportDiskContainerUserBucketArgs{\n\t\t\t\t\tS3Bucket: pulumi.String(\"disk-images\"),\n\t\t\t\t\tS3Key: pulumi.String(\"source.vhd\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRoleName: pulumi.String(\"disk-image-import\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EBS Snapshot.\n" + }, + "clientData": { + "$ref": "#/types/aws:ebs/SnapshotImportClientData:SnapshotImportClientData", + "description": "The client-specific data. Detailed below.\n" + }, + "dataEncryptionKeyId": { + "type": "string", + "description": "The data encryption key identifier for the snapshot.\n" + }, + "description": { + "type": "string", + "description": "The description of the disk image being imported.\n" + }, + "diskContainer": { + "$ref": "#/types/aws:ebs/SnapshotImportDiskContainer:SnapshotImportDiskContainer", + "description": "Information about the disk container. Detailed below.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "An identifier for the symmetric KMS key to use when creating the encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.\n" + }, + "ownerAlias": { + "type": "string", + "description": "Value from an Amazon-maintained list (`amazon`, `aws-marketplace`, `microsoft`) of snapshot owners.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the EBS snapshot owner.\n" + }, + "roleName": { + "type": "string", + "description": "The name of the IAM Role the VM Import/Export service will assume. This role needs certain permissions. See https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role. Default: `vmimport`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the snapshot.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "volumeSize": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + } + }, + "required": [ + "arn", + "dataEncryptionKeyId", + "description", + "diskContainer", + "ownerAlias", + "ownerId", + "tagsAll", + "volumeSize" + ], + "inputProperties": { + "clientData": { + "$ref": "#/types/aws:ebs/SnapshotImportClientData:SnapshotImportClientData", + "description": "The client-specific data. Detailed below.\n" + }, + "description": { + "type": "string", + "description": "The description of the disk image being imported.\n" + }, + "diskContainer": { + "$ref": "#/types/aws:ebs/SnapshotImportDiskContainer:SnapshotImportDiskContainer", + "description": "Information about the disk container. Detailed below.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "An identifier for the symmetric KMS key to use when creating the encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.\n" + }, + "roleName": { + "type": "string", + "description": "The name of the IAM Role the VM Import/Export service will assume. This role needs certain permissions. See https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role. Default: `vmimport`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the snapshot.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "diskContainer" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SnapshotImport resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EBS Snapshot.\n" + }, + "clientData": { + "$ref": "#/types/aws:ebs/SnapshotImportClientData:SnapshotImportClientData", + "description": "The client-specific data. Detailed below.\n" + }, + "dataEncryptionKeyId": { + "type": "string", + "description": "The data encryption key identifier for the snapshot.\n" + }, + "description": { + "type": "string", + "description": "The description of the disk image being imported.\n" + }, + "diskContainer": { + "$ref": "#/types/aws:ebs/SnapshotImportDiskContainer:SnapshotImportDiskContainer", + "description": "Information about the disk container. Detailed below.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Specifies whether the destination snapshot of the imported image should be encrypted. The default KMS key for EBS is used unless you specify a non-default KMS key using KmsKeyId.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "An identifier for the symmetric KMS key to use when creating the encrypted snapshot. This parameter is only required if you want to use a non-default KMS key; if this parameter is not specified, the default KMS key for EBS is used. If a KmsKeyId is specified, the Encrypted flag must also be set.\n" + }, + "ownerAlias": { + "type": "string", + "description": "Value from an Amazon-maintained list (`amazon`, `aws-marketplace`, `microsoft`) of snapshot owners.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the EBS snapshot owner.\n" + }, + "roleName": { + "type": "string", + "description": "The name of the IAM Role the VM Import/Export service will assume. This role needs certain permissions. See https://docs.aws.amazon.com/vm-import/latest/userguide/vmie_prereqs.html#vmimport-role. Default: `vmimport`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the snapshot.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "volumeSize": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + } + }, + "type": "object" + } + }, + "aws:ebs/volume:Volume": { + "description": "Manages a single EBS volume.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ebs.Volume(\"example\", {\n availabilityZone: \"us-west-2a\",\n size: 40,\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ebs.Volume(\"example\",\n availability_zone=\"us-west-2a\",\n size=40,\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ebs.Volume(\"example\", new Aws.Ebs.VolumeArgs\n {\n AvailabilityZone = \"us-west-2a\",\n Size = 40,\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ebs.NewVolume(ctx, \"example\", &ebs.VolumeArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tSize: pulumi.Int(40),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n> **NOTE**: At least one of `size` or `snapshot_id` is required when specifying an EBS volume\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEBS Volumes can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ebs/volume:Volume id vol-049df61146c4d7901\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The volume ARN (e.g. arn:aws:ec2:us-east-1:0123456789012:volume/vol-59fcb34e).\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ where the EBS volume will exist.\n" + }, + "encrypted": { + "type": "boolean", + "description": "If true, the disk will be encrypted.\n" + }, + "iops": { + "type": "integer", + "description": "The amount of IOPS to provision for the disk. Only valid for `type` of `io1`, `io2` or `gp3`.\n" + }, + "kmsKeyId": { + "type": "string" + }, + "multiAttachEnabled": { + "type": "boolean", + "description": "Specifies whether to enable Amazon EBS Multi-Attach. Multi-Attach is supported exclusively on `io1` volumes.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost.\n" + }, + "size": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + }, + "snapshotId": { + "type": "string", + "description": "A snapshot to base the EBS volume off of.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "throughput": { + "type": "integer", + "description": "The throughput that the volume supports, in MiB/s. Only valid for `type` of `gp3`.\n" + }, + "type": { + "type": "string", + "description": "The type of EBS volume. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `gp2`).\n" + } + }, + "required": [ + "arn", + "availabilityZone", + "encrypted", + "iops", + "kmsKeyId", + "size", + "snapshotId", + "tagsAll", + "throughput", + "type" + ], + "inputProperties": { + "availabilityZone": { + "type": "string", + "description": "The AZ where the EBS volume will exist.\n" + }, + "encrypted": { + "type": "boolean", + "description": "If true, the disk will be encrypted.\n" + }, + "iops": { + "type": "integer", + "description": "The amount of IOPS to provision for the disk. Only valid for `type` of `io1`, `io2` or `gp3`.\n" + }, + "kmsKeyId": { + "type": "string" + }, + "multiAttachEnabled": { + "type": "boolean", + "description": "Specifies whether to enable Amazon EBS Multi-Attach. Multi-Attach is supported exclusively on `io1` volumes.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost.\n" + }, + "size": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + }, + "snapshotId": { + "type": "string", + "description": "A snapshot to base the EBS volume off of.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "throughput": { + "type": "integer", + "description": "The throughput that the volume supports, in MiB/s. Only valid for `type` of `gp3`.\n" + }, + "type": { + "type": "string", + "description": "The type of EBS volume. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `gp2`).\n" + } + }, + "requiredInputs": [ + "availabilityZone" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Volume resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The volume ARN (e.g. arn:aws:ec2:us-east-1:0123456789012:volume/vol-59fcb34e).\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ where the EBS volume will exist.\n" + }, + "encrypted": { + "type": "boolean", + "description": "If true, the disk will be encrypted.\n" + }, + "iops": { + "type": "integer", + "description": "The amount of IOPS to provision for the disk. Only valid for `type` of `io1`, `io2` or `gp3`.\n" + }, + "kmsKeyId": { + "type": "string" + }, + "multiAttachEnabled": { + "type": "boolean", + "description": "Specifies whether to enable Amazon EBS Multi-Attach. Multi-Attach is supported exclusively on `io1` volumes.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost.\n" + }, + "size": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + }, + "snapshotId": { + "type": "string", + "description": "A snapshot to base the EBS volume off of.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "throughput": { + "type": "integer", + "description": "The throughput that the volume supports, in MiB/s. Only valid for `type` of `gp3`.\n" + }, + "type": { + "type": "string", + "description": "The type of EBS volume. Can be `standard`, `gp2`, `gp3`, `io1`, `io2`, `sc1` or `st1` (Default: `gp2`).\n" + } + }, + "type": "object" + } + }, + "aws:ec2/ami:Ami": { + "description": "The AMI resource allows the creation and management of a completely-custom\n*Amazon Machine Image* (AMI).\n\nIf you just want to duplicate an existing AMI, possibly copying it to another\nregion, it's better to use `aws.ec2.AmiCopy` instead.\n\nIf you just want to share an existing AMI with another AWS account,\nit's better to use `aws.ec2.AmiLaunchPermission` instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create an AMI that will start a machine whose root device is backed by\n// an EBS volume populated from a snapshot. It is assumed that such a snapshot\n// already exists with the id \"snap-xxxxxxxx\".\nconst example = new aws.ec2.Ami(\"example\", {\n ebsBlockDevices: [{\n deviceName: \"/dev/xvda\",\n snapshotId: \"snap-xxxxxxxx\",\n volumeSize: 8,\n }],\n rootDeviceName: \"/dev/xvda\",\n virtualizationType: \"hvm\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create an AMI that will start a machine whose root device is backed by\n# an EBS volume populated from a snapshot. It is assumed that such a snapshot\n# already exists with the id \"snap-xxxxxxxx\".\nexample = aws.ec2.Ami(\"example\",\n ebs_block_devices=[aws.ec2.AmiEbsBlockDeviceArgs(\n device_name=\"/dev/xvda\",\n snapshot_id=\"snap-xxxxxxxx\",\n volume_size=8,\n )],\n root_device_name=\"/dev/xvda\",\n virtualization_type=\"hvm\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create an AMI that will start a machine whose root device is backed by\n // an EBS volume populated from a snapshot. It is assumed that such a snapshot\n // already exists with the id \"snap-xxxxxxxx\".\n var example = new Aws.Ec2.Ami(\"example\", new Aws.Ec2.AmiArgs\n {\n EbsBlockDevices = \n {\n new Aws.Ec2.Inputs.AmiEbsBlockDeviceArgs\n {\n DeviceName = \"/dev/xvda\",\n SnapshotId = \"snap-xxxxxxxx\",\n VolumeSize = 8,\n },\n },\n RootDeviceName = \"/dev/xvda\",\n VirtualizationType = \"hvm\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewAmi(ctx, \"example\", &ec2.AmiArgs{\n\t\t\tEbsBlockDevices: ec2.AmiEbsBlockDeviceArray{\n\t\t\t\t&ec2.AmiEbsBlockDeviceArgs{\n\t\t\t\t\tDeviceName: pulumi.String(\"/dev/xvda\"),\n\t\t\t\t\tSnapshotId: pulumi.String(\"snap-xxxxxxxx\"),\n\t\t\t\t\tVolumeSize: pulumi.Int(8),\n\t\t\t\t},\n\t\t\t},\n\t\t\tRootDeviceName: pulumi.String(\"/dev/xvda\"),\n\t\t\tVirtualizationType: pulumi.String(\"hvm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ami` can be imported using the ID of the AMI, e.g.\n\n```sh\n $ pulumi import aws:ec2/ami:Ami example ami-12345678\n```\n\n ", + "properties": { + "architecture": { + "type": "string", + "description": "Machine architecture for created instances. Defaults to \"x86_64\".\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the AMI.\n" + }, + "description": { + "type": "string", + "description": "A longer, human-readable description for the AMI.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiEbsBlockDevice:AmiEbsBlockDevice" + }, + "description": "Nested block describing an EBS block device that should be\nattached to created instances. The structure of this block is described below.\n" + }, + "enaSupport": { + "type": "boolean", + "description": "Specifies whether enhanced networking with ENA is enabled. Defaults to `false`.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiEphemeralBlockDevice:AmiEphemeralBlockDevice" + }, + "description": "Nested block describing an ephemeral block device that\nshould be attached to created instances. The structure of this block is described below.\n" + }, + "hypervisor": { + "type": "string", + "description": "The hypervisor type of the image.\n" + }, + "imageLocation": { + "type": "string", + "description": "Path to an S3 object containing an image manifest, e.g. created\nby the `ec2-upload-bundle` command in the EC2 command line tools.\n" + }, + "imageOwnerAlias": { + "type": "string", + "description": "The AWS account alias (for example, amazon, self) or the AWS account ID of the AMI owner.\n" + }, + "imageType": { + "type": "string", + "description": "The type of image.\n" + }, + "kernelId": { + "type": "string", + "description": "The id of the kernel image (AKI) that will be used as the paravirtual\nkernel in created instances.\n" + }, + "manageEbsSnapshots": { + "type": "boolean" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the image owner.\n" + }, + "platform": { + "type": "string", + "description": "This value is set to windows for Windows AMIs; otherwise, it is blank.\n" + }, + "platformDetails": { + "type": "string", + "description": "The platform details associated with the billing code of the AMI.\n" + }, + "public": { + "type": "boolean", + "description": "Indicates whether the image has public launch permissions.\n" + }, + "ramdiskId": { + "type": "string", + "description": "The id of an initrd image (ARI) that will be used when booting the\ncreated instances.\n" + }, + "rootDeviceName": { + "type": "string", + "description": "The name of the root device (for example, `/dev/sda1`, or `/dev/xvda`).\n" + }, + "rootSnapshotId": { + "type": "string", + "description": "The Snapshot ID for the root volume (for EBS-backed AMIs)\n" + }, + "sriovNetSupport": { + "type": "string", + "description": "When set to \"simple\" (the default), enables enhanced networking\nfor created instances. No other value is supported at this time.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "usageOperation": { + "type": "string", + "description": "The operation of the Amazon EC2 instance and the billing code that is associated with the AMI.\n" + }, + "virtualizationType": { + "type": "string", + "description": "Keyword to choose what virtualization mode created instances\nwill use. Can be either \"paravirtual\" (the default) or \"hvm\". The choice of virtualization type\nchanges the set of further arguments that are required, as described below.\n" + } + }, + "required": [ + "arn", + "ebsBlockDevices", + "ephemeralBlockDevices", + "hypervisor", + "imageLocation", + "imageOwnerAlias", + "imageType", + "manageEbsSnapshots", + "name", + "ownerId", + "platform", + "platformDetails", + "public", + "rootSnapshotId", + "tagsAll", + "usageOperation" + ], + "inputProperties": { + "architecture": { + "type": "string", + "description": "Machine architecture for created instances. Defaults to \"x86_64\".\n" + }, + "description": { + "type": "string", + "description": "A longer, human-readable description for the AMI.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiEbsBlockDevice:AmiEbsBlockDevice" + }, + "description": "Nested block describing an EBS block device that should be\nattached to created instances. The structure of this block is described below.\n" + }, + "enaSupport": { + "type": "boolean", + "description": "Specifies whether enhanced networking with ENA is enabled. Defaults to `false`.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiEphemeralBlockDevice:AmiEphemeralBlockDevice" + }, + "description": "Nested block describing an ephemeral block device that\nshould be attached to created instances. The structure of this block is described below.\n" + }, + "imageLocation": { + "type": "string", + "description": "Path to an S3 object containing an image manifest, e.g. created\nby the `ec2-upload-bundle` command in the EC2 command line tools.\n" + }, + "kernelId": { + "type": "string", + "description": "The id of the kernel image (AKI) that will be used as the paravirtual\nkernel in created instances.\n" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "ramdiskId": { + "type": "string", + "description": "The id of an initrd image (ARI) that will be used when booting the\ncreated instances.\n" + }, + "rootDeviceName": { + "type": "string", + "description": "The name of the root device (for example, `/dev/sda1`, or `/dev/xvda`).\n" + }, + "sriovNetSupport": { + "type": "string", + "description": "When set to \"simple\" (the default), enables enhanced networking\nfor created instances. No other value is supported at this time.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "virtualizationType": { + "type": "string", + "description": "Keyword to choose what virtualization mode created instances\nwill use. Can be either \"paravirtual\" (the default) or \"hvm\". The choice of virtualization type\nchanges the set of further arguments that are required, as described below.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Ami resources.\n", + "properties": { + "architecture": { + "type": "string", + "description": "Machine architecture for created instances. Defaults to \"x86_64\".\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the AMI.\n" + }, + "description": { + "type": "string", + "description": "A longer, human-readable description for the AMI.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiEbsBlockDevice:AmiEbsBlockDevice" + }, + "description": "Nested block describing an EBS block device that should be\nattached to created instances. The structure of this block is described below.\n" + }, + "enaSupport": { + "type": "boolean", + "description": "Specifies whether enhanced networking with ENA is enabled. Defaults to `false`.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiEphemeralBlockDevice:AmiEphemeralBlockDevice" + }, + "description": "Nested block describing an ephemeral block device that\nshould be attached to created instances. The structure of this block is described below.\n" + }, + "hypervisor": { + "type": "string", + "description": "The hypervisor type of the image.\n" + }, + "imageLocation": { + "type": "string", + "description": "Path to an S3 object containing an image manifest, e.g. created\nby the `ec2-upload-bundle` command in the EC2 command line tools.\n" + }, + "imageOwnerAlias": { + "type": "string", + "description": "The AWS account alias (for example, amazon, self) or the AWS account ID of the AMI owner.\n" + }, + "imageType": { + "type": "string", + "description": "The type of image.\n" + }, + "kernelId": { + "type": "string", + "description": "The id of the kernel image (AKI) that will be used as the paravirtual\nkernel in created instances.\n" + }, + "manageEbsSnapshots": { + "type": "boolean" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the image owner.\n" + }, + "platform": { + "type": "string", + "description": "This value is set to windows for Windows AMIs; otherwise, it is blank.\n" + }, + "platformDetails": { + "type": "string", + "description": "The platform details associated with the billing code of the AMI.\n" + }, + "public": { + "type": "boolean", + "description": "Indicates whether the image has public launch permissions.\n" + }, + "ramdiskId": { + "type": "string", + "description": "The id of an initrd image (ARI) that will be used when booting the\ncreated instances.\n" + }, + "rootDeviceName": { + "type": "string", + "description": "The name of the root device (for example, `/dev/sda1`, or `/dev/xvda`).\n" + }, + "rootSnapshotId": { + "type": "string", + "description": "The Snapshot ID for the root volume (for EBS-backed AMIs)\n" + }, + "sriovNetSupport": { + "type": "string", + "description": "When set to \"simple\" (the default), enables enhanced networking\nfor created instances. No other value is supported at this time.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "usageOperation": { + "type": "string", + "description": "The operation of the Amazon EC2 instance and the billing code that is associated with the AMI.\n" + }, + "virtualizationType": { + "type": "string", + "description": "Keyword to choose what virtualization mode created instances\nwill use. Can be either \"paravirtual\" (the default) or \"hvm\". The choice of virtualization type\nchanges the set of further arguments that are required, as described below.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/amiCopy:AmiCopy": { + "description": "The \"AMI copy\" resource allows duplication of an Amazon Machine Image (AMI),\nincluding cross-region copies.\n\nIf the source AMI has associated EBS snapshots, those will also be duplicated\nalong with the AMI.\n\nThis is useful for taking a single AMI provisioned in one region and making\nit available in another for a multi-region deployment.\n\nCopying an AMI can take several minutes. The creation of this resource will\nblock until the new AMI is available for use on new instances.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AmiCopy(\"example\", {\n description: \"A copy of ami-xxxxxxxx\",\n sourceAmiId: \"ami-xxxxxxxx\",\n sourceAmiRegion: \"us-west-1\",\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AmiCopy(\"example\",\n description=\"A copy of ami-xxxxxxxx\",\n source_ami_id=\"ami-xxxxxxxx\",\n source_ami_region=\"us-west-1\",\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.AmiCopy(\"example\", new Aws.Ec2.AmiCopyArgs\n {\n Description = \"A copy of ami-xxxxxxxx\",\n SourceAmiId = \"ami-xxxxxxxx\",\n SourceAmiRegion = \"us-west-1\",\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewAmiCopy(ctx, \"example\", &ec2.AmiCopyArgs{\n\t\t\tDescription: pulumi.String(\"A copy of ami-xxxxxxxx\"),\n\t\t\tSourceAmiId: pulumi.String(\"ami-xxxxxxxx\"),\n\t\t\tSourceAmiRegion: pulumi.String(\"us-west-1\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "architecture": { + "type": "string", + "description": "Machine architecture for created instances. Defaults to \"x86_64\".\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the AMI.\n" + }, + "description": { + "type": "string", + "description": "A longer, human-readable description for the AMI.\n" + }, + "destinationOutpostArn": { + "type": "string", + "description": "The ARN of the Outpost to which to copy the AMI.\nOnly specify this parameter when copying an AMI from an AWS Region to an Outpost. The AMI must be in the Region of the destination Outpost.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiCopyEbsBlockDevice:AmiCopyEbsBlockDevice" + }, + "description": "Nested block describing an EBS block device that should be\nattached to created instances. The structure of this block is described below.\n" + }, + "enaSupport": { + "type": "boolean", + "description": "Specifies whether enhanced networking with ENA is enabled. Defaults to `false`.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshot_id`.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiCopyEphemeralBlockDevice:AmiCopyEphemeralBlockDevice" + }, + "description": "Nested block describing an ephemeral block device that\nshould be attached to created instances. The structure of this block is described below.\n" + }, + "hypervisor": { + "type": "string" + }, + "imageLocation": { + "type": "string", + "description": "Path to an S3 object containing an image manifest, e.g. created\nby the `ec2-upload-bundle` command in the EC2 command line tools.\n" + }, + "imageOwnerAlias": { + "type": "string" + }, + "imageType": { + "type": "string" + }, + "kernelId": { + "type": "string", + "description": "The id of the kernel image (AKI) that will be used as the paravirtual\nkernel in created instances.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The full ARN of the AWS Key Management Service (AWS KMS) CMK to use when encrypting the snapshots of\nan image during a copy operation. This parameter is only required if you want to use a non-default CMK;\nif this parameter is not specified, the default CMK for EBS is used\n" + }, + "manageEbsSnapshots": { + "type": "boolean" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "ownerId": { + "type": "string" + }, + "platform": { + "type": "string" + }, + "platformDetails": { + "type": "string" + }, + "public": { + "type": "boolean" + }, + "ramdiskId": { + "type": "string", + "description": "The id of an initrd image (ARI) that will be used when booting the\ncreated instances.\n" + }, + "rootDeviceName": { + "type": "string", + "description": "The name of the root device (for example, `/dev/sda1`, or `/dev/xvda`).\n" + }, + "rootSnapshotId": { + "type": "string" + }, + "sourceAmiId": { + "type": "string", + "description": "The id of the AMI to copy. This id must be valid in the region\ngiven by `source_ami_region`.\n" + }, + "sourceAmiRegion": { + "type": "string", + "description": "The region from which the AMI will be copied. This may be the\nsame as the AWS provider region in order to create a copy within the same region.\n" + }, + "sriovNetSupport": { + "type": "string", + "description": "When set to \"simple\" (the default), enables enhanced networking\nfor created instances. No other value is supported at this time.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "usageOperation": { + "type": "string" + }, + "virtualizationType": { + "type": "string", + "description": "Keyword to choose what virtualization mode created instances\nwill use. Can be either \"paravirtual\" (the default) or \"hvm\". The choice of virtualization type\nchanges the set of further arguments that are required, as described below.\n" + } + }, + "required": [ + "architecture", + "arn", + "ebsBlockDevices", + "enaSupport", + "ephemeralBlockDevices", + "hypervisor", + "imageLocation", + "imageOwnerAlias", + "imageType", + "kernelId", + "kmsKeyId", + "manageEbsSnapshots", + "name", + "ownerId", + "platform", + "platformDetails", + "public", + "ramdiskId", + "rootDeviceName", + "rootSnapshotId", + "sourceAmiId", + "sourceAmiRegion", + "sriovNetSupport", + "tagsAll", + "usageOperation", + "virtualizationType" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A longer, human-readable description for the AMI.\n" + }, + "destinationOutpostArn": { + "type": "string", + "description": "The ARN of the Outpost to which to copy the AMI.\nOnly specify this parameter when copying an AMI from an AWS Region to an Outpost. The AMI must be in the Region of the destination Outpost.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiCopyEbsBlockDevice:AmiCopyEbsBlockDevice" + }, + "description": "Nested block describing an EBS block device that should be\nattached to created instances. The structure of this block is described below.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshot_id`.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiCopyEphemeralBlockDevice:AmiCopyEphemeralBlockDevice" + }, + "description": "Nested block describing an ephemeral block device that\nshould be attached to created instances. The structure of this block is described below.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The full ARN of the AWS Key Management Service (AWS KMS) CMK to use when encrypting the snapshots of\nan image during a copy operation. This parameter is only required if you want to use a non-default CMK;\nif this parameter is not specified, the default CMK for EBS is used\n" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "sourceAmiId": { + "type": "string", + "description": "The id of the AMI to copy. This id must be valid in the region\ngiven by `source_ami_region`.\n" + }, + "sourceAmiRegion": { + "type": "string", + "description": "The region from which the AMI will be copied. This may be the\nsame as the AWS provider region in order to create a copy within the same region.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "sourceAmiId", + "sourceAmiRegion" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AmiCopy resources.\n", + "properties": { + "architecture": { + "type": "string", + "description": "Machine architecture for created instances. Defaults to \"x86_64\".\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the AMI.\n" + }, + "description": { + "type": "string", + "description": "A longer, human-readable description for the AMI.\n" + }, + "destinationOutpostArn": { + "type": "string", + "description": "The ARN of the Outpost to which to copy the AMI.\nOnly specify this parameter when copying an AMI from an AWS Region to an Outpost. The AMI must be in the Region of the destination Outpost.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiCopyEbsBlockDevice:AmiCopyEbsBlockDevice" + }, + "description": "Nested block describing an EBS block device that should be\nattached to created instances. The structure of this block is described below.\n" + }, + "enaSupport": { + "type": "boolean", + "description": "Specifies whether enhanced networking with ENA is enabled. Defaults to `false`.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Boolean controlling whether the created EBS volumes will be encrypted. Can't be used with `snapshot_id`.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiCopyEphemeralBlockDevice:AmiCopyEphemeralBlockDevice" + }, + "description": "Nested block describing an ephemeral block device that\nshould be attached to created instances. The structure of this block is described below.\n" + }, + "hypervisor": { + "type": "string" + }, + "imageLocation": { + "type": "string", + "description": "Path to an S3 object containing an image manifest, e.g. created\nby the `ec2-upload-bundle` command in the EC2 command line tools.\n" + }, + "imageOwnerAlias": { + "type": "string" + }, + "imageType": { + "type": "string" + }, + "kernelId": { + "type": "string", + "description": "The id of the kernel image (AKI) that will be used as the paravirtual\nkernel in created instances.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The full ARN of the AWS Key Management Service (AWS KMS) CMK to use when encrypting the snapshots of\nan image during a copy operation. This parameter is only required if you want to use a non-default CMK;\nif this parameter is not specified, the default CMK for EBS is used\n" + }, + "manageEbsSnapshots": { + "type": "boolean" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "ownerId": { + "type": "string" + }, + "platform": { + "type": "string" + }, + "platformDetails": { + "type": "string" + }, + "public": { + "type": "boolean" + }, + "ramdiskId": { + "type": "string", + "description": "The id of an initrd image (ARI) that will be used when booting the\ncreated instances.\n" + }, + "rootDeviceName": { + "type": "string", + "description": "The name of the root device (for example, `/dev/sda1`, or `/dev/xvda`).\n" + }, + "rootSnapshotId": { + "type": "string" + }, + "sourceAmiId": { + "type": "string", + "description": "The id of the AMI to copy. This id must be valid in the region\ngiven by `source_ami_region`.\n" + }, + "sourceAmiRegion": { + "type": "string", + "description": "The region from which the AMI will be copied. This may be the\nsame as the AWS provider region in order to create a copy within the same region.\n" + }, + "sriovNetSupport": { + "type": "string", + "description": "When set to \"simple\" (the default), enables enhanced networking\nfor created instances. No other value is supported at this time.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "usageOperation": { + "type": "string" + }, + "virtualizationType": { + "type": "string", + "description": "Keyword to choose what virtualization mode created instances\nwill use. Can be either \"paravirtual\" (the default) or \"hvm\". The choice of virtualization type\nchanges the set of further arguments that are required, as described below.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/amiFromInstance:AmiFromInstance": { + "description": "The \"AMI from instance\" resource allows the creation of an Amazon Machine\nImage (AMI) modelled after an existing EBS-backed EC2 instance.\n\nThe created AMI will refer to implicitly-created snapshots of the instance's\nEBS volumes and mimick its assigned block device configuration at the time\nthe resource is created.\n\nThis resource is best applied to an instance that is stopped when this instance\nis created, so that the contents of the created image are predictable. When\napplied to an instance that is running, *the instance will be stopped before taking\nthe snapshots and then started back up again*, resulting in a period of\ndowntime.\n\nNote that the source instance is inspected only at the initial creation of this\nresource. Ongoing updates to the referenced instance will not be propagated into\nthe generated AMI. Users may taint or otherwise recreate the resource in order\nto produce a fresh snapshot.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AmiFromInstance(\"example\", {\n sourceInstanceId: \"i-xxxxxxxx\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AmiFromInstance(\"example\", source_instance_id=\"i-xxxxxxxx\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.AmiFromInstance(\"example\", new Aws.Ec2.AmiFromInstanceArgs\n {\n SourceInstanceId = \"i-xxxxxxxx\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewAmiFromInstance(ctx, \"example\", &ec2.AmiFromInstanceArgs{\n\t\t\tSourceInstanceId: pulumi.String(\"i-xxxxxxxx\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "architecture": { + "type": "string", + "description": "Machine architecture for created instances. Defaults to \"x86_64\".\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the AMI.\n" + }, + "description": { + "type": "string", + "description": "A longer, human-readable description for the AMI.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiFromInstanceEbsBlockDevice:AmiFromInstanceEbsBlockDevice" + }, + "description": "Nested block describing an EBS block device that should be\nattached to created instances. The structure of this block is described below.\n" + }, + "enaSupport": { + "type": "boolean", + "description": "Specifies whether enhanced networking with ENA is enabled. Defaults to `false`.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiFromInstanceEphemeralBlockDevice:AmiFromInstanceEphemeralBlockDevice" + }, + "description": "Nested block describing an ephemeral block device that\nshould be attached to created instances. The structure of this block is described below.\n" + }, + "hypervisor": { + "type": "string" + }, + "imageLocation": { + "type": "string", + "description": "Path to an S3 object containing an image manifest, e.g. created\nby the `ec2-upload-bundle` command in the EC2 command line tools.\n" + }, + "imageOwnerAlias": { + "type": "string" + }, + "imageType": { + "type": "string" + }, + "kernelId": { + "type": "string", + "description": "The id of the kernel image (AKI) that will be used as the paravirtual\nkernel in created instances.\n" + }, + "manageEbsSnapshots": { + "type": "boolean" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "ownerId": { + "type": "string" + }, + "platform": { + "type": "string" + }, + "platformDetails": { + "type": "string" + }, + "public": { + "type": "boolean" + }, + "ramdiskId": { + "type": "string", + "description": "The id of an initrd image (ARI) that will be used when booting the\ncreated instances.\n" + }, + "rootDeviceName": { + "type": "string", + "description": "The name of the root device (for example, `/dev/sda1`, or `/dev/xvda`).\n" + }, + "rootSnapshotId": { + "type": "string" + }, + "snapshotWithoutReboot": { + "type": "boolean", + "description": "Boolean that overrides the behavior of stopping\nthe instance before snapshotting. This is risky since it may cause a snapshot of an\ninconsistent filesystem state, but can be used to avoid downtime if the user otherwise\nguarantees that no filesystem writes will be underway at the time of snapshot.\n" + }, + "sourceInstanceId": { + "type": "string", + "description": "The id of the instance to use as the basis of the AMI.\n" + }, + "sriovNetSupport": { + "type": "string", + "description": "When set to \"simple\" (the default), enables enhanced networking\nfor created instances. No other value is supported at this time.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "usageOperation": { + "type": "string" + }, + "virtualizationType": { + "type": "string", + "description": "Keyword to choose what virtualization mode created instances\nwill use. Can be either \"paravirtual\" (the default) or \"hvm\". The choice of virtualization type\nchanges the set of further arguments that are required, as described below.\n" + } + }, + "required": [ + "architecture", + "arn", + "ebsBlockDevices", + "enaSupport", + "ephemeralBlockDevices", + "hypervisor", + "imageLocation", + "imageOwnerAlias", + "imageType", + "kernelId", + "manageEbsSnapshots", + "name", + "ownerId", + "platform", + "platformDetails", + "public", + "ramdiskId", + "rootDeviceName", + "rootSnapshotId", + "sourceInstanceId", + "sriovNetSupport", + "tagsAll", + "usageOperation", + "virtualizationType" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A longer, human-readable description for the AMI.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiFromInstanceEbsBlockDevice:AmiFromInstanceEbsBlockDevice" + }, + "description": "Nested block describing an EBS block device that should be\nattached to created instances. The structure of this block is described below.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiFromInstanceEphemeralBlockDevice:AmiFromInstanceEphemeralBlockDevice" + }, + "description": "Nested block describing an ephemeral block device that\nshould be attached to created instances. The structure of this block is described below.\n" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "snapshotWithoutReboot": { + "type": "boolean", + "description": "Boolean that overrides the behavior of stopping\nthe instance before snapshotting. This is risky since it may cause a snapshot of an\ninconsistent filesystem state, but can be used to avoid downtime if the user otherwise\nguarantees that no filesystem writes will be underway at the time of snapshot.\n" + }, + "sourceInstanceId": { + "type": "string", + "description": "The id of the instance to use as the basis of the AMI.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "sourceInstanceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AmiFromInstance resources.\n", + "properties": { + "architecture": { + "type": "string", + "description": "Machine architecture for created instances. Defaults to \"x86_64\".\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the AMI.\n" + }, + "description": { + "type": "string", + "description": "A longer, human-readable description for the AMI.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiFromInstanceEbsBlockDevice:AmiFromInstanceEbsBlockDevice" + }, + "description": "Nested block describing an EBS block device that should be\nattached to created instances. The structure of this block is described below.\n" + }, + "enaSupport": { + "type": "boolean", + "description": "Specifies whether enhanced networking with ENA is enabled. Defaults to `false`.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/AmiFromInstanceEphemeralBlockDevice:AmiFromInstanceEphemeralBlockDevice" + }, + "description": "Nested block describing an ephemeral block device that\nshould be attached to created instances. The structure of this block is described below.\n" + }, + "hypervisor": { + "type": "string" + }, + "imageLocation": { + "type": "string", + "description": "Path to an S3 object containing an image manifest, e.g. created\nby the `ec2-upload-bundle` command in the EC2 command line tools.\n" + }, + "imageOwnerAlias": { + "type": "string" + }, + "imageType": { + "type": "string" + }, + "kernelId": { + "type": "string", + "description": "The id of the kernel image (AKI) that will be used as the paravirtual\nkernel in created instances.\n" + }, + "manageEbsSnapshots": { + "type": "boolean" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "ownerId": { + "type": "string" + }, + "platform": { + "type": "string" + }, + "platformDetails": { + "type": "string" + }, + "public": { + "type": "boolean" + }, + "ramdiskId": { + "type": "string", + "description": "The id of an initrd image (ARI) that will be used when booting the\ncreated instances.\n" + }, + "rootDeviceName": { + "type": "string", + "description": "The name of the root device (for example, `/dev/sda1`, or `/dev/xvda`).\n" + }, + "rootSnapshotId": { + "type": "string" + }, + "snapshotWithoutReboot": { + "type": "boolean", + "description": "Boolean that overrides the behavior of stopping\nthe instance before snapshotting. This is risky since it may cause a snapshot of an\ninconsistent filesystem state, but can be used to avoid downtime if the user otherwise\nguarantees that no filesystem writes will be underway at the time of snapshot.\n" + }, + "sourceInstanceId": { + "type": "string", + "description": "The id of the instance to use as the basis of the AMI.\n" + }, + "sriovNetSupport": { + "type": "string", + "description": "When set to \"simple\" (the default), enables enhanced networking\nfor created instances. No other value is supported at this time.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "usageOperation": { + "type": "string" + }, + "virtualizationType": { + "type": "string", + "description": "Keyword to choose what virtualization mode created instances\nwill use. Can be either \"paravirtual\" (the default) or \"hvm\". The choice of virtualization type\nchanges the set of further arguments that are required, as described below.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/amiLaunchPermission:AmiLaunchPermission": { + "description": "Adds launch permission to Amazon Machine Image (AMI) from another AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AmiLaunchPermission(\"example\", {\n accountId: \"123456789012\",\n imageId: \"ami-12345678\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AmiLaunchPermission(\"example\",\n account_id=\"123456789012\",\n image_id=\"ami-12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.AmiLaunchPermission(\"example\", new Aws.Ec2.AmiLaunchPermissionArgs\n {\n AccountId = \"123456789012\",\n ImageId = \"ami-12345678\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewAmiLaunchPermission(ctx, \"example\", &ec2.AmiLaunchPermissionArgs{\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t\tImageId: pulumi.String(\"ami-12345678\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS AMI Launch Permission can be imported using the `ACCOUNT-ID/IMAGE-ID`, e.g.\n\n```sh\n $ pulumi import aws:ec2/amiLaunchPermission:AmiLaunchPermission example 123456789012/ami-12345678\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "An AWS Account ID to add launch permissions.\n" + }, + "imageId": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + } + }, + "required": [ + "accountId", + "imageId" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "An AWS Account ID to add launch permissions.\n" + }, + "imageId": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + } + }, + "requiredInputs": [ + "accountId", + "imageId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AmiLaunchPermission resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "An AWS Account ID to add launch permissions.\n" + }, + "imageId": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/availabilityZoneGroup:AvailabilityZoneGroup": { + "description": "Manages an EC2 Availability Zone Group, such as updating its opt-in status.\n\n> **NOTE:** This is an advanced resource. The provider will automatically assume management of the EC2 Availability Zone Group without import and perform no actions on removal from configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.AvailabilityZoneGroup(\"example\", {\n groupName: \"us-west-2-lax-1\",\n optInStatus: \"opted-in\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.AvailabilityZoneGroup(\"example\",\n group_name=\"us-west-2-lax-1\",\n opt_in_status=\"opted-in\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.AvailabilityZoneGroup(\"example\", new Aws.Ec2.AvailabilityZoneGroupArgs\n {\n GroupName = \"us-west-2-lax-1\",\n OptInStatus = \"opted-in\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewAvailabilityZoneGroup(ctx, \"example\", &ec2.AvailabilityZoneGroupArgs{\n\t\t\tGroupName: pulumi.String(\"us-west-2-lax-1\"),\n\t\t\tOptInStatus: pulumi.String(\"opted-in\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEC2 Availability Zone Groups can be imported using the group name, e.g.\n\n```sh\n $ pulumi import aws:ec2/availabilityZoneGroup:AvailabilityZoneGroup example us-west-2-lax-1\n```\n\n ", + "properties": { + "groupName": { + "type": "string", + "description": "Name of the Availability Zone Group.\n" + }, + "optInStatus": { + "type": "string", + "description": "Indicates whether to enable or disable Availability Zone Group. Valid values: `opted-in` or `not-opted-in`.\n" + } + }, + "required": [ + "groupName", + "optInStatus" + ], + "inputProperties": { + "groupName": { + "type": "string", + "description": "Name of the Availability Zone Group.\n" + }, + "optInStatus": { + "type": "string", + "description": "Indicates whether to enable or disable Availability Zone Group. Valid values: `opted-in` or `not-opted-in`.\n" + } + }, + "requiredInputs": [ + "groupName", + "optInStatus" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AvailabilityZoneGroup resources.\n", + "properties": { + "groupName": { + "type": "string", + "description": "Name of the Availability Zone Group.\n" + }, + "optInStatus": { + "type": "string", + "description": "Indicates whether to enable or disable Availability Zone Group. Valid values: `opted-in` or `not-opted-in`.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/capacityReservation:CapacityReservation": { + "description": "Provides an EC2 Capacity Reservation. This allows you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultCapacityReservation = new aws.ec2.CapacityReservation(\"default\", {\n availabilityZone: \"eu-west-1a\",\n instanceCount: 1,\n instancePlatform: \"Linux/UNIX\",\n instanceType: \"t2.micro\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.CapacityReservation(\"default\",\n availability_zone=\"eu-west-1a\",\n instance_count=1,\n instance_platform=\"Linux/UNIX\",\n instance_type=\"t2.micro\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Ec2.CapacityReservation(\"default\", new Aws.Ec2.CapacityReservationArgs\n {\n AvailabilityZone = \"eu-west-1a\",\n InstanceCount = 1,\n InstancePlatform = \"Linux/UNIX\",\n InstanceType = \"t2.micro\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewCapacityReservation(ctx, \"_default\", &ec2.CapacityReservationArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"eu-west-1a\"),\n\t\t\tInstanceCount: pulumi.Int(1),\n\t\t\tInstancePlatform: pulumi.String(\"Linux/UNIX\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCapacity Reservations can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/capacityReservation:CapacityReservation web cr-0123456789abcdef0\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Capacity Reservation.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone in which to create the Capacity Reservation.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "Indicates whether the Capacity Reservation supports EBS-optimized instances.\n" + }, + "endDate": { + "type": "string", + "description": "The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)\n" + }, + "endDateType": { + "type": "string", + "description": "Indicates the way in which the Capacity Reservation ends. Specify either `unlimited` or `limited`.\n" + }, + "ephemeralStorage": { + "type": "boolean", + "description": "Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.\n" + }, + "instanceCount": { + "type": "integer", + "description": "The number of instances for which to reserve capacity.\n" + }, + "instanceMatchCriteria": { + "type": "string", + "description": "Indicates the type of instance launches that the Capacity Reservation accepts. Specify either `open` or `targeted`.\n" + }, + "instancePlatform": { + "type": "string", + "description": "The type of operating system for which to reserve capacity. Valid options are `Linux/UNIX`, `Red Hat Enterprise Linux`, `SUSE Linux`, `Windows`, `Windows with SQL Server`, `Windows with SQL Server Enterprise`, `Windows with SQL Server Standard` or `Windows with SQL Server Web`.\n" + }, + "instanceType": { + "type": "string", + "description": "The instance type for which to reserve capacity.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the Capacity Reservation.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tenancy": { + "type": "string", + "description": "Indicates the tenancy of the Capacity Reservation. Specify either `default` or `dedicated`.\n" + } + }, + "required": [ + "arn", + "availabilityZone", + "instanceCount", + "instancePlatform", + "instanceType", + "ownerId", + "tagsAll" + ], + "inputProperties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone in which to create the Capacity Reservation.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "Indicates whether the Capacity Reservation supports EBS-optimized instances.\n" + }, + "endDate": { + "type": "string", + "description": "The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)\n" + }, + "endDateType": { + "type": "string", + "description": "Indicates the way in which the Capacity Reservation ends. Specify either `unlimited` or `limited`.\n" + }, + "ephemeralStorage": { + "type": "boolean", + "description": "Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.\n" + }, + "instanceCount": { + "type": "integer", + "description": "The number of instances for which to reserve capacity.\n" + }, + "instanceMatchCriteria": { + "type": "string", + "description": "Indicates the type of instance launches that the Capacity Reservation accepts. Specify either `open` or `targeted`.\n" + }, + "instancePlatform": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/InstancePlatform:InstancePlatform" + } + ], + "description": "The type of operating system for which to reserve capacity. Valid options are `Linux/UNIX`, `Red Hat Enterprise Linux`, `SUSE Linux`, `Windows`, `Windows with SQL Server`, `Windows with SQL Server Enterprise`, `Windows with SQL Server Standard` or `Windows with SQL Server Web`.\n" + }, + "instanceType": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/InstanceType:InstanceType" + } + ], + "description": "The instance type for which to reserve capacity.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tenancy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/Tenancy:Tenancy" + } + ], + "description": "Indicates the tenancy of the Capacity Reservation. Specify either `default` or `dedicated`.\n" + } + }, + "requiredInputs": [ + "availabilityZone", + "instanceCount", + "instancePlatform", + "instanceType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CapacityReservation resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Capacity Reservation.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone in which to create the Capacity Reservation.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "Indicates whether the Capacity Reservation supports EBS-optimized instances.\n" + }, + "endDate": { + "type": "string", + "description": "The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)\n" + }, + "endDateType": { + "type": "string", + "description": "Indicates the way in which the Capacity Reservation ends. Specify either `unlimited` or `limited`.\n" + }, + "ephemeralStorage": { + "type": "boolean", + "description": "Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.\n" + }, + "instanceCount": { + "type": "integer", + "description": "The number of instances for which to reserve capacity.\n" + }, + "instanceMatchCriteria": { + "type": "string", + "description": "Indicates the type of instance launches that the Capacity Reservation accepts. Specify either `open` or `targeted`.\n" + }, + "instancePlatform": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/InstancePlatform:InstancePlatform" + } + ], + "description": "The type of operating system for which to reserve capacity. Valid options are `Linux/UNIX`, `Red Hat Enterprise Linux`, `SUSE Linux`, `Windows`, `Windows with SQL Server`, `Windows with SQL Server Enterprise`, `Windows with SQL Server Standard` or `Windows with SQL Server Web`.\n" + }, + "instanceType": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/InstanceType:InstanceType" + } + ], + "description": "The instance type for which to reserve capacity.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the Capacity Reservation.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tenancy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/Tenancy:Tenancy" + } + ], + "description": "Indicates the tenancy of the Capacity Reservation. Specify either `default` or `dedicated`.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/carrierGateway:CarrierGateway": { + "description": "Manages an EC2 Carrier Gateway. See the AWS [documentation](https://docs.aws.amazon.com/vpc/latest/userguide/Carrier_Gateway.html) for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.CarrierGateway(\"example\", {\n vpcId: aws_vpc.example.id,\n tags: {\n Name: \"example-carrier-gateway\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.CarrierGateway(\"example\",\n vpc_id=aws_vpc[\"example\"][\"id\"],\n tags={\n \"Name\": \"example-carrier-gateway\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.CarrierGateway(\"example\", new Aws.Ec2.CarrierGatewayArgs\n {\n VpcId = aws_vpc.Example.Id,\n Tags = \n {\n { \"Name\", \"example-carrier-gateway\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewCarrierGateway(ctx, \"example\", &ec2.CarrierGatewayArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example-carrier-gateway\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_carrier_gateway` can be imported using the carrier gateway's ID, e.g.\n\n```sh\n $ pulumi import aws:ec2/carrierGateway:CarrierGateway example cgw-12345\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the carrier gateway.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the owner of the carrier gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC to associate with the carrier gateway.\n" + } + }, + "required": [ + "arn", + "ownerId", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC to associate with the carrier gateway.\n" + } + }, + "requiredInputs": [ + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CarrierGateway resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the carrier gateway.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the owner of the carrier gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC to associate with the carrier gateway.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/customerGateway:CustomerGateway": { + "description": "Provides a customer gateway inside a VPC. These objects can be connected to VPN gateways via VPN connections, and allow you to establish tunnels between your network and the VPC.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.CustomerGateway(\"main\", {\n bgpAsn: \"65000\",\n ipAddress: \"172.83.124.10\",\n tags: {\n Name: \"main-customer-gateway\",\n },\n type: \"ipsec.1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.CustomerGateway(\"main\",\n bgp_asn=\"65000\",\n ip_address=\"172.83.124.10\",\n tags={\n \"Name\": \"main-customer-gateway\",\n },\n type=\"ipsec.1\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.CustomerGateway(\"main\", new Aws.Ec2.CustomerGatewayArgs\n {\n BgpAsn = \"65000\",\n IpAddress = \"172.83.124.10\",\n Tags = \n {\n { \"Name\", \"main-customer-gateway\" },\n },\n Type = \"ipsec.1\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewCustomerGateway(ctx, \"main\", &ec2.CustomerGatewayArgs{\n\t\t\tBgpAsn: pulumi.String(\"65000\"),\n\t\t\tIpAddress: pulumi.String(\"172.83.124.10\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"main-customer-gateway\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"ipsec.1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCustomer Gateways can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/customerGateway:CustomerGateway main cgw-b4dc3961\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the customer gateway.\n" + }, + "bgpAsn": { + "type": "string", + "description": "The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN).\n" + }, + "deviceName": { + "type": "string", + "description": "A name for the customer gateway device.\n" + }, + "ipAddress": { + "type": "string", + "description": "The IP address of the gateway's Internet-routable external interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the gateway. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of customer gateway. The only type AWS\nsupports at this time is \"ipsec.1\".\n" + } + }, + "required": [ + "arn", + "bgpAsn", + "ipAddress", + "tagsAll", + "type" + ], + "inputProperties": { + "bgpAsn": { + "type": "string", + "description": "The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN).\n" + }, + "deviceName": { + "type": "string", + "description": "A name for the customer gateway device.\n" + }, + "ipAddress": { + "type": "string", + "description": "The IP address of the gateway's Internet-routable external interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the gateway. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of customer gateway. The only type AWS\nsupports at this time is \"ipsec.1\".\n" + } + }, + "requiredInputs": [ + "bgpAsn", + "ipAddress", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CustomerGateway resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the customer gateway.\n" + }, + "bgpAsn": { + "type": "string", + "description": "The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN).\n" + }, + "deviceName": { + "type": "string", + "description": "A name for the customer gateway device.\n" + }, + "ipAddress": { + "type": "string", + "description": "The IP address of the gateway's Internet-routable external interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the gateway. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of customer gateway. The only type AWS\nsupports at this time is \"ipsec.1\".\n" + } + }, + "type": "object" + } + }, + "aws:ec2/dedicatedHost:DedicatedHost": { + "description": "Provides an EC2 host resource. This allows hosts to be created, updated,\nand deleted.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ec2.DedicatedHost(\"test\", {\n autoPlacement: \"on\",\n availabilityZone: \"us-west-1a\",\n hostRecovery: \"on\",\n instanceType: \"c5.18xlarge\",\n});\nconst testData = test.id.apply(id => aws.ec2.getDedicatedHost({\n hostId: id,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.DedicatedHost(\"test\",\n auto_placement=\"on\",\n availability_zone=\"us-west-1a\",\n host_recovery=\"on\",\n instance_type=\"c5.18xlarge\")\ntest_data = test.id.apply(lambda id: aws.ec2.get_dedicated_host(host_id=id))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Ec2.DedicatedHost(\"test\", new Aws.Ec2.DedicatedHostArgs\n {\n AutoPlacement = \"on\",\n AvailabilityZone = \"us-west-1a\",\n HostRecovery = \"on\",\n InstanceType = \"c5.18xlarge\",\n });\n var testData = test.Id.Apply(id => Aws.Ec2.GetDedicatedHost.InvokeAsync(new Aws.Ec2.GetDedicatedHostArgs\n {\n HostId = id,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := ec2.NewDedicatedHost(ctx, \"test\", &ec2.DedicatedHostArgs{\n\t\t\tAutoPlacement: pulumi.String(\"on\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-1a\"),\n\t\t\tHostRecovery: pulumi.String(\"on\"),\n\t\t\tInstanceType: pulumi.String(\"c5.18xlarge\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nhosts can be imported using the `host_id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/dedicatedHost:DedicatedHost host_id h-0385a99d0e4b20cbb\n```\n\n ", + "properties": { + "autoPlacement": { + "type": "string", + "description": "Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ to start the host in.\n" + }, + "hostRecovery": { + "type": "string", + "description": "Indicates whether to enable or disable host recovery for the Dedicated Host. Host recovery is disabled by default.\n" + }, + "instanceFamily": { + "type": "string", + "description": "Specifies the instance family for which to configure your Dedicated Host. Mutually exclusive with `instance_type`.\n" + }, + "instanceType": { + "type": "string", + "description": "Specifies the instance type for which to configure your Dedicated Host. When you specify the instance type, that is the only instance type that you can launch onto that host. Mutually exclusive with `instance_family`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "autoPlacement", + "availabilityZone", + "hostRecovery" + ], + "inputProperties": { + "autoPlacement": { + "type": "string", + "description": "Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ to start the host in.\n" + }, + "hostRecovery": { + "type": "string", + "description": "Indicates whether to enable or disable host recovery for the Dedicated Host. Host recovery is disabled by default.\n" + }, + "instanceFamily": { + "type": "string", + "description": "Specifies the instance family for which to configure your Dedicated Host. Mutually exclusive with `instance_type`.\n" + }, + "instanceType": { + "type": "string", + "description": "Specifies the instance type for which to configure your Dedicated Host. When you specify the instance type, that is the only instance type that you can launch onto that host. Mutually exclusive with `instance_family`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "availabilityZone" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DedicatedHost resources.\n", + "properties": { + "autoPlacement": { + "type": "string", + "description": "Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ to start the host in.\n" + }, + "hostRecovery": { + "type": "string", + "description": "Indicates whether to enable or disable host recovery for the Dedicated Host. Host recovery is disabled by default.\n" + }, + "instanceFamily": { + "type": "string", + "description": "Specifies the instance family for which to configure your Dedicated Host. Mutually exclusive with `instance_type`.\n" + }, + "instanceType": { + "type": "string", + "description": "Specifies the instance type for which to configure your Dedicated Host. When you specify the instance type, that is the only instance type that you can launch onto that host. Mutually exclusive with `instance_family`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:ec2/defaultNetworkAcl:DefaultNetworkAcl": { + "description": "Provides a resource to manage a VPC's default network ACL. This resource can manage the default network ACL of the default or a non-default VPC.\n\n> **NOTE:** This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The `aws.ec2.DefaultNetworkAcl` behaves differently from normal resources. This provider does not _create_ this resource but instead attempts to \"adopt\" it into management.\n\nEvery VPC has a default network ACL that can be managed but not destroyed. When the provider first adopts the Default Network ACL, it **immediately removes all rules in the ACL**. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.\n\nThis resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diffs being shown. For these reasons, this resource is incompatible with the `aws.ec2.NetworkAclRule` resource.\n\nFor more information about Network ACLs, see the AWS Documentation on [Network ACLs][aws-network-acls].\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\nThe following config gives the Default Network ACL the same rules that AWS includes but pulls the resource under management by this provider. This means that any ACL rules added or changed will be detected as drift.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {\n defaultNetworkAclId: mainvpc.defaultNetworkAclId,\n ingress: [{\n protocol: -1,\n ruleNo: 100,\n action: \"allow\",\n cidrBlock: mainvpc.cidrBlock,\n fromPort: 0,\n toPort: 0,\n }],\n egress: [{\n protocol: -1,\n ruleNo: 100,\n action: \"allow\",\n cidrBlock: \"0.0.0.0/0\",\n fromPort: 0,\n toPort: 0,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultNetworkAcl(\"default\",\n default_network_acl_id=mainvpc.default_network_acl_id,\n ingress=[aws.ec2.DefaultNetworkAclIngressArgs(\n protocol=\"-1\",\n rule_no=100,\n action=\"allow\",\n cidr_block=mainvpc.cidr_block,\n from_port=0,\n to_port=0,\n )],\n egress=[aws.ec2.DefaultNetworkAclEgressArgs(\n protocol=\"-1\",\n rule_no=100,\n action=\"allow\",\n cidr_block=\"0.0.0.0/0\",\n from_port=0,\n to_port=0,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\", new Aws.Ec2.DefaultNetworkAclArgs\n {\n DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,\n Ingress = \n {\n new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs\n {\n Protocol = \"-1\",\n RuleNo = 100,\n Action = \"allow\",\n CidrBlock = mainvpc.CidrBlock,\n FromPort = 0,\n ToPort = 0,\n },\n },\n Egress = \n {\n new Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs\n {\n Protocol = \"-1\",\n RuleNo = 100,\n Action = \"allow\",\n CidrBlock = \"0.0.0.0/0\",\n FromPort = 0,\n ToPort = 0,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultNetworkAcl(ctx, \"_default\", &ec2.DefaultNetworkAclArgs{\n\t\t\tDefaultNetworkAclId: mainvpc.DefaultNetworkAclId,\n\t\t\tIngress: ec2.DefaultNetworkAclIngressArray{\n\t\t\t\t&ec2.DefaultNetworkAclIngressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tRuleNo: pulumi.Int(100),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: mainvpc.CidrBlock,\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEgress: ec2.DefaultNetworkAclEgressArray{\n\t\t\t\t&ec2.DefaultNetworkAclEgressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tRuleNo: pulumi.Int(100),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: pulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example: Deny All Egress Traffic, Allow Ingress\n\nThe following denies all Egress traffic by omitting any `egress` rules, while including the default `ingress` rule to allow all traffic.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {\n defaultNetworkAclId: mainvpc.defaultNetworkAclId,\n ingress: [{\n protocol: -1,\n ruleNo: 100,\n action: \"allow\",\n cidrBlock: aws_default_vpc.mainvpc.cidr_block,\n fromPort: 0,\n toPort: 0,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultNetworkAcl(\"default\",\n default_network_acl_id=mainvpc.default_network_acl_id,\n ingress=[aws.ec2.DefaultNetworkAclIngressArgs(\n protocol=\"-1\",\n rule_no=100,\n action=\"allow\",\n cidr_block=aws_default_vpc[\"mainvpc\"][\"cidr_block\"],\n from_port=0,\n to_port=0,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\", new Aws.Ec2.DefaultNetworkAclArgs\n {\n DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,\n Ingress = \n {\n new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs\n {\n Protocol = \"-1\",\n RuleNo = 100,\n Action = \"allow\",\n CidrBlock = aws_default_vpc.Mainvpc.Cidr_block,\n FromPort = 0,\n ToPort = 0,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultNetworkAcl(ctx, \"_default\", &ec2.DefaultNetworkAclArgs{\n\t\t\tDefaultNetworkAclId: mainvpc.DefaultNetworkAclId,\n\t\t\tIngress: ec2.DefaultNetworkAclIngressArray{\n\t\t\t\t&ec2.DefaultNetworkAclIngressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tRuleNo: pulumi.Int(100),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: pulumi.Any(aws_default_vpc.Mainvpc.Cidr_block),\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example: Deny All Traffic To Any Subnet In The Default Network ACL\n\nThis config denies all traffic in the Default ACL. This can be useful if you want to lock down the VPC to force all resources to assign a non-default ACL.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {defaultNetworkAclId: mainvpc.defaultNetworkAclId});\n// no rules defined, deny all traffic in this ACL\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultNetworkAcl(\"default\", default_network_acl_id=mainvpc.default_network_acl_id)\n# no rules defined, deny all traffic in this ACL\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\", new Aws.Ec2.DefaultNetworkAclArgs\n {\n DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,\n });\n // no rules defined, deny all traffic in this ACL\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultNetworkAcl(ctx, \"_default\", &ec2.DefaultNetworkAclArgs{\n\t\t\tDefaultNetworkAclId: mainvpc.DefaultNetworkAclId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Managing Subnets In A Default Network ACL\n\nWithin a VPC, all Subnets must be associated with a Network ACL. In order to \"delete\" the association between a Subnet and a non-default Network ACL, the association is destroyed by replacing it with an association between the Subnet and the Default ACL instead.\n\nWhen managing the Default Network ACL, you cannot \"remove\" Subnets. Instead, they must be reassigned to another Network ACL, or the Subnet itself must be destroyed. Because of these requirements, removing the `subnet_ids` attribute from the configuration of a `aws.ec2.DefaultNetworkAcl` resource may result in a reoccurring plan, until the Subnets are reassigned to another Network ACL or are destroyed.\n\nBecause Subnets are by default associated with the Default Network ACL, any non-explicit association will show up as a plan to remove the Subnet. For example: if you have a custom `aws.ec2.NetworkAcl` with two subnets attached, and you remove the `aws.ec2.NetworkAcl` resource, after successfully destroying this resource future plans will show a diff on the managed `aws.ec2.DefaultNetworkAcl`, as those two Subnets have been orphaned by the now destroyed network acl and thus adopted by the Default Network ACL. In order to avoid a reoccurring plan, they will need to be reassigned, destroyed, or added to the `subnet_ids` attribute of the `aws.ec2.DefaultNetworkAcl` entry.\n\nAs an alternative to the above, you can also specify the following lifecycle configuration in your `aws.ec2.DefaultNetworkAcl` resource:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst _default = new aws.ec2.DefaultNetworkAcl(\"default\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\ndefault = aws.ec2.DefaultNetworkAcl(\"default\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configuration ...\n var @default = new Aws.Ec2.DefaultNetworkAcl(\"default\", new Aws.Ec2.DefaultNetworkAclArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewDefaultNetworkAcl(ctx, \"_default\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n### Removing `aws.ec2.DefaultNetworkAcl` From Your Configuration\n\nEach AWS VPC comes with a Default Network ACL that cannot be deleted. The `aws.ec2.DefaultNetworkAcl` allows you to manage this Network ACL, but the provider cannot destroy it. Removing this resource from your configuration will remove it from your statefile and management, **but will not destroy the Network ACL.** All Subnets associations and ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console.\n{{% /examples %}}\n\n## Import\n\nDefault Network ACLs can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/defaultNetworkAcl:DefaultNetworkAcl sample acl-7aaabd18\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Default Network ACL\n" + }, + "defaultNetworkAclId": { + "type": "string", + "description": "Network ACL ID to manage. This attribute is exported from `aws.ec2.Vpc`, or manually found via the AWS Console.\n" + }, + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultNetworkAclEgress:DefaultNetworkAclEgress" + }, + "description": "Configuration block for an egress rule. Detailed below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultNetworkAclIngress:DefaultNetworkAclIngress" + }, + "description": "Configuration block for an ingress rule. Detailed below.\n" + }, + "ownerId": { + "type": "string", + "description": "ID of the AWS account that owns the Default Network ACL\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Subnet IDs to apply the ACL to. See the notes below on managing Subnets in the Default Network ACL\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "ID of the associated VPC\n" + } + }, + "required": [ + "arn", + "defaultNetworkAclId", + "ownerId", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "defaultNetworkAclId": { + "type": "string", + "description": "Network ACL ID to manage. This attribute is exported from `aws.ec2.Vpc`, or manually found via the AWS Console.\n" + }, + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultNetworkAclEgress:DefaultNetworkAclEgress" + }, + "description": "Configuration block for an egress rule. Detailed below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultNetworkAclIngress:DefaultNetworkAclIngress" + }, + "description": "Configuration block for an ingress rule. Detailed below.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Subnet IDs to apply the ACL to. See the notes below on managing Subnets in the Default Network ACL\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "defaultNetworkAclId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DefaultNetworkAcl resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Default Network ACL\n" + }, + "defaultNetworkAclId": { + "type": "string", + "description": "Network ACL ID to manage. This attribute is exported from `aws.ec2.Vpc`, or manually found via the AWS Console.\n" + }, + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultNetworkAclEgress:DefaultNetworkAclEgress" + }, + "description": "Configuration block for an egress rule. Detailed below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultNetworkAclIngress:DefaultNetworkAclIngress" + }, + "description": "Configuration block for an ingress rule. Detailed below.\n" + }, + "ownerId": { + "type": "string", + "description": "ID of the AWS account that owns the Default Network ACL\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Subnet IDs to apply the ACL to. See the notes below on managing Subnets in the Default Network ACL\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "ID of the associated VPC\n" + } + }, + "type": "object" + } + }, + "aws:ec2/defaultRouteTable:DefaultRouteTable": { + "description": "Provides a resource to manage a default route table of a VPC. This resource can manage the default route table of the default or a non-default VPC.\n\n> **NOTE:** This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The `aws.ec2.DefaultRouteTable` resource behaves differently from normal resources. This provider does not _create_ this resource but instead attempts to \"adopt\" it into management. **Do not** use both `aws.ec2.DefaultRouteTable` to manage a default route table **and** `aws.ec2.MainRouteTableAssociation` with the same VPC due to possible route conflicts. See aws.ec2.MainRouteTableAssociation documentation for more details.\n\nEvery VPC has a default route table that can be managed but not destroyed. When the provider first adopts a default route table, it **immediately removes all defined routes**. It then proceeds to create any routes specified in the configuration. This step is required so that only the routes specified in the configuration exist in the default route table.\n\nFor more information, see the Amazon VPC User Guide on [Route Tables](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_Route_Tables.html). For information about managing normal route tables in this provider, see `aws.ec2.RouteTable`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.DefaultRouteTable(\"example\", {\n defaultRouteTableId: aws_vpc.example.default_route_table_id,\n routes: [\n {\n cidrBlock: \"10.0.1.0/24\",\n gatewayId: aws_internet_gateway.example.id,\n },\n {\n ipv6CidrBlock: \"::/0\",\n egressOnlyGatewayId: aws_egress_only_internet_gateway.example.id,\n },\n ],\n tags: {\n Name: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.DefaultRouteTable(\"example\",\n default_route_table_id=aws_vpc[\"example\"][\"default_route_table_id\"],\n routes=[\n aws.ec2.DefaultRouteTableRouteArgs(\n cidr_block=\"10.0.1.0/24\",\n gateway_id=aws_internet_gateway[\"example\"][\"id\"],\n ),\n aws.ec2.DefaultRouteTableRouteArgs(\n ipv6_cidr_block=\"::/0\",\n egress_only_gateway_id=aws_egress_only_internet_gateway[\"example\"][\"id\"],\n ),\n ],\n tags={\n \"Name\": \"example\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.DefaultRouteTable(\"example\", new Aws.Ec2.DefaultRouteTableArgs\n {\n DefaultRouteTableId = aws_vpc.Example.Default_route_table_id,\n Routes = \n {\n new Aws.Ec2.Inputs.DefaultRouteTableRouteArgs\n {\n CidrBlock = \"10.0.1.0/24\",\n GatewayId = aws_internet_gateway.Example.Id,\n },\n new Aws.Ec2.Inputs.DefaultRouteTableRouteArgs\n {\n Ipv6CidrBlock = \"::/0\",\n EgressOnlyGatewayId = aws_egress_only_internet_gateway.Example.Id,\n },\n },\n Tags = \n {\n { \"Name\", \"example\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewDefaultRouteTable(ctx, \"example\", &ec2.DefaultRouteTableArgs{\n\t\t\tDefaultRouteTableId: pulumi.Any(aws_vpc.Example.Default_route_table_id),\n\t\t\tRoutes: ec2.DefaultRouteTableRouteArray{\n\t\t\t\t&ec2.DefaultRouteTableRouteArgs{\n\t\t\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t\t\t\tGatewayId: pulumi.Any(aws_internet_gateway.Example.Id),\n\t\t\t\t},\n\t\t\t\t&ec2.DefaultRouteTableRouteArgs{\n\t\t\t\t\tIpv6CidrBlock: pulumi.String(\"::/0\"),\n\t\t\t\t\tEgressOnlyGatewayId: pulumi.Any(aws_egress_only_internet_gateway.Example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nTo subsequently remove all managed routes:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.DefaultRouteTable(\"example\", {\n defaultRouteTableId: aws_vpc.example.default_route_table_id,\n routes: [],\n tags: {\n Name: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.DefaultRouteTable(\"example\",\n default_route_table_id=aws_vpc[\"example\"][\"default_route_table_id\"],\n routes=[],\n tags={\n \"Name\": \"example\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.DefaultRouteTable(\"example\", new Aws.Ec2.DefaultRouteTableArgs\n {\n DefaultRouteTableId = aws_vpc.Example.Default_route_table_id,\n Routes = {},\n Tags = \n {\n { \"Name\", \"example\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewDefaultRouteTable(ctx, \"example\", &ec2.DefaultRouteTableArgs{\n\t\t\tDefaultRouteTableId: pulumi.Any(aws_vpc.Example.Default_route_table_id),\n\t\t\tRoutes: ec2.DefaultRouteTableRouteArray{},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDefault VPC route tables can be imported using the `vpc_id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/defaultRouteTable:DefaultRouteTable example vpc-33cc44dd\n```\n\n [aws-route-tables]http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html#Route_Replacing_Main_Table [tf-route-tables]/docs/providers/aws/r/route_table.html [tf-main-route-table-association]/docs/providers/aws/r/main_route_table_association.html ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the route table.\n" + }, + "defaultRouteTableId": { + "type": "string", + "description": "ID of the default route table.\n" + }, + "ownerId": { + "type": "string", + "description": "ID of the AWS account that owns the route table.\n" + }, + "propagatingVgws": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of virtual gateways for propagation.\n" + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultRouteTableRoute:DefaultRouteTableRoute" + }, + "description": "Set of objects. Detailed below\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "ID of the VPC.\n" + } + }, + "required": [ + "arn", + "defaultRouteTableId", + "ownerId", + "routes", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "defaultRouteTableId": { + "type": "string", + "description": "ID of the default route table.\n" + }, + "propagatingVgws": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of virtual gateways for propagation.\n" + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultRouteTableRoute:DefaultRouteTableRoute" + }, + "description": "Set of objects. Detailed below\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "defaultRouteTableId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DefaultRouteTable resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the route table.\n" + }, + "defaultRouteTableId": { + "type": "string", + "description": "ID of the default route table.\n" + }, + "ownerId": { + "type": "string", + "description": "ID of the AWS account that owns the route table.\n" + }, + "propagatingVgws": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of virtual gateways for propagation.\n" + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultRouteTableRoute:DefaultRouteTableRoute" + }, + "description": "Set of objects. Detailed below\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "ID of the VPC.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/defaultSecurityGroup:DefaultSecurityGroup": { + "description": "Provides a resource to manage a default security group. This resource can manage the default security group of the default or a non-default VPC.\n\n> **NOTE:** This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The `aws.ec2.DefaultSecurityGroup` resource behaves differently from normal resources. This provider does not _create_ this resource but instead attempts to \"adopt\" it into management.\n\nFor EC2 Classic accounts, each region comes with a default security group. Additionally, each VPC created in AWS comes with a default security group that can be managed but not destroyed.\n\nWhen the provider first adopts the default security group, it **immediately removes all ingress and egress rules in the Security Group**. It then creates any rules specified in the configuration. This way only the rules specified in the configuration are created.\n\nThis resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diff shown. For these reasons, this resource is incompatible with the `aws.ec2.SecurityGroupRule` resource.\n\nFor more information about default security groups, see the AWS documentation on [Default Security Groups][aws-default-security-groups]. To manage normal security groups, see the `aws.ec2.SecurityGroup` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following config gives the default security group the same rules that AWS provides by default but under management by this provider. This means that any ingress or egress rules added or changed will be detected as drift.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultSecurityGroup(\"default\", {\n vpcId: mainvpc.id,\n ingress: [{\n protocol: -1,\n self: true,\n fromPort: 0,\n toPort: 0,\n }],\n egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: [\"0.0.0.0/0\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultSecurityGroup(\"default\",\n vpc_id=mainvpc.id,\n ingress=[aws.ec2.DefaultSecurityGroupIngressArgs(\n protocol=\"-1\",\n self=True,\n from_port=0,\n to_port=0,\n )],\n egress=[aws.ec2.DefaultSecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n cidr_blocks=[\"0.0.0.0/0\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n var @default = new Aws.Ec2.DefaultSecurityGroup(\"default\", new Aws.Ec2.DefaultSecurityGroupArgs\n {\n VpcId = mainvpc.Id,\n Ingress = \n {\n new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs\n {\n Protocol = \"-1\",\n Self = true,\n FromPort = 0,\n ToPort = 0,\n },\n },\n Egress = \n {\n new Aws.Ec2.Inputs.DefaultSecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = \n {\n \"0.0.0.0/0\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultSecurityGroup(ctx, \"_default\", &ec2.DefaultSecurityGroupArgs{\n\t\t\tVpcId: mainvpc.ID(),\n\t\t\tIngress: ec2.DefaultSecurityGroupIngressArray{\n\t\t\t\t&ec2.DefaultSecurityGroupIngressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tSelf: pulumi.Bool(true),\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEgress: ec2.DefaultSecurityGroupEgressArray{\n\t\t\t\t&ec2.DefaultSecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example Config To Deny All Egress Traffic, Allowing Ingress\n\nThe following denies all Egress traffic by omitting any `egress` rules, while including the default `ingress` rule to allow all traffic.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainvpc = new aws.ec2.Vpc(\"mainvpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst _default = new aws.ec2.DefaultSecurityGroup(\"default\", {\n vpcId: mainvpc.id,\n ingress: [{\n protocol: -1,\n self: true,\n fromPort: 0,\n toPort: 0,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmainvpc = aws.ec2.Vpc(\"mainvpc\", cidr_block=\"10.1.0.0/16\")\ndefault = aws.ec2.DefaultSecurityGroup(\"default\",\n vpc_id=mainvpc.id,\n ingress=[aws.ec2.DefaultSecurityGroupIngressArgs(\n protocol=\"-1\",\n self=True,\n from_port=0,\n to_port=0,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mainvpc = new Aws.Ec2.Vpc(\"mainvpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n var @default = new Aws.Ec2.DefaultSecurityGroup(\"default\", new Aws.Ec2.DefaultSecurityGroupArgs\n {\n VpcId = mainvpc.Id,\n Ingress = \n {\n new Aws.Ec2.Inputs.DefaultSecurityGroupIngressArgs\n {\n Protocol = \"-1\",\n Self = true,\n FromPort = 0,\n ToPort = 0,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainvpc, err := ec2.NewVpc(ctx, \"mainvpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewDefaultSecurityGroup(ctx, \"_default\", &ec2.DefaultSecurityGroupArgs{\n\t\t\tVpcId: mainvpc.ID(),\n\t\t\tIngress: ec2.DefaultSecurityGroupIngressArray{\n\t\t\t\t&ec2.DefaultSecurityGroupIngressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tSelf: pulumi.Bool(true),\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n### Removing `aws.ec2.DefaultSecurityGroup` From Your Configuration\n\nRemoving this resource from your configuration will remove it from your statefile and management, but will not destroy the Security Group. All ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console.\n{{% /examples %}}\n\n## Import\n\nSecurity Groups can be imported using the `security group id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/defaultSecurityGroup:DefaultSecurityGroup default_sg sg-903004f8\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the security group.\n" + }, + "description": { + "type": "string", + "description": "Description of this rule.\n" + }, + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultSecurityGroupEgress:DefaultSecurityGroupEgress" + }, + "description": "Configuration block. Detailed below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultSecurityGroupIngress:DefaultSecurityGroupIngress" + }, + "description": "Configuration block. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the security group.\n" + }, + "ownerId": { + "type": "string", + "description": "Owner ID.\n" + }, + "revokeRulesOnDelete": { + "type": "boolean" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID. **Note that changing the `vpc_id` will _not_ restore any default security group rules that were modified, added, or removed.** It will be left in its current state.\n" + } + }, + "required": [ + "arn", + "description", + "egress", + "ingress", + "name", + "ownerId", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultSecurityGroupEgress:DefaultSecurityGroupEgress" + }, + "description": "Configuration block. Detailed below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultSecurityGroupIngress:DefaultSecurityGroupIngress" + }, + "description": "Configuration block. Detailed below.\n" + }, + "revokeRulesOnDelete": { + "type": "boolean" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID. **Note that changing the `vpc_id` will _not_ restore any default security group rules that were modified, added, or removed.** It will be left in its current state.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering DefaultSecurityGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the security group.\n" + }, + "description": { + "type": "string", + "description": "Description of this rule.\n" + }, + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultSecurityGroupEgress:DefaultSecurityGroupEgress" + }, + "description": "Configuration block. Detailed below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/DefaultSecurityGroupIngress:DefaultSecurityGroupIngress" + }, + "description": "Configuration block. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the security group.\n" + }, + "ownerId": { + "type": "string", + "description": "Owner ID.\n" + }, + "revokeRulesOnDelete": { + "type": "boolean" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID. **Note that changing the `vpc_id` will _not_ restore any default security group rules that were modified, added, or removed.** It will be left in its current state.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/defaultSubnet:DefaultSubnet": { + "description": "Provides a resource to manage a [default AWS VPC subnet](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html#default-vpc-basics) in the current region.\n\nThe `aws.ec2.DefaultSubnet` behaves differently from normal resources, in that this provider does not _create_ this resource but instead \"adopts\" it into management.\n\nThe `aws.ec2.DefaultSubnet` resource allows you to manage a region's default VPC subnet but this provider cannot destroy it. Removing this resource from your configuration will remove it from your statefile and the provider management.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultAz1 = new aws.ec2.DefaultSubnet(\"default_az1\", {\n availabilityZone: \"us-west-2a\",\n tags: {\n Name: \"Default subnet for us-west-2a\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_az1 = aws.ec2.DefaultSubnet(\"defaultAz1\",\n availability_zone=\"us-west-2a\",\n tags={\n \"Name\": \"Default subnet for us-west-2a\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var defaultAz1 = new Aws.Ec2.DefaultSubnet(\"defaultAz1\", new Aws.Ec2.DefaultSubnetArgs\n {\n AvailabilityZone = \"us-west-2a\",\n Tags = \n {\n { \"Name\", \"Default subnet for us-west-2a\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewDefaultSubnet(ctx, \"defaultAz1\", &ec2.DefaultSubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Default subnet for us-west-2a\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSubnets can be imported using the `subnet id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/defaultSubnet:DefaultSubnet public_subnet subnet-9d4a7b6c\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN for the subnet.\n" + }, + "assignIpv6AddressOnCreation": { + "type": "boolean", + "description": "Whether IPv6 addresses are assigned on creation.\n* `availability_zone_id`- AZ ID of the subnet.\n" + }, + "availabilityZone": { + "type": "string", + "description": "AZ for the subnet.\n" + }, + "availabilityZoneId": { + "type": "string" + }, + "cidrBlock": { + "type": "string", + "description": "CIDR block for the subnet.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "IPv6 CIDR block.\n" + }, + "ipv6CidrBlockAssociationId": { + "type": "string" + }, + "mapCustomerOwnedIpOnLaunch": { + "type": "boolean" + }, + "mapPublicIpOnLaunch": { + "type": "boolean", + "description": "Whether instances launched into the subnet should be assigned a public IP address.\n" + }, + "outpostArn": { + "type": "string" + }, + "ownerId": { + "type": "string", + "description": "ID of the AWS account that owns the subnet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "VPC ID.\n" + } + }, + "required": [ + "arn", + "assignIpv6AddressOnCreation", + "availabilityZone", + "availabilityZoneId", + "cidrBlock", + "ipv6CidrBlock", + "ipv6CidrBlockAssociationId", + "mapPublicIpOnLaunch", + "ownerId", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "availabilityZone": { + "type": "string", + "description": "AZ for the subnet.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string" + }, + "mapCustomerOwnedIpOnLaunch": { + "type": "boolean" + }, + "mapPublicIpOnLaunch": { + "type": "boolean", + "description": "Whether instances launched into the subnet should be assigned a public IP address.\n" + }, + "outpostArn": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "availabilityZone" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DefaultSubnet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN for the subnet.\n" + }, + "assignIpv6AddressOnCreation": { + "type": "boolean", + "description": "Whether IPv6 addresses are assigned on creation.\n* `availability_zone_id`- AZ ID of the subnet.\n" + }, + "availabilityZone": { + "type": "string", + "description": "AZ for the subnet.\n" + }, + "availabilityZoneId": { + "type": "string" + }, + "cidrBlock": { + "type": "string", + "description": "CIDR block for the subnet.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "IPv6 CIDR block.\n" + }, + "ipv6CidrBlockAssociationId": { + "type": "string" + }, + "mapCustomerOwnedIpOnLaunch": { + "type": "boolean" + }, + "mapPublicIpOnLaunch": { + "type": "boolean", + "description": "Whether instances launched into the subnet should be assigned a public IP address.\n" + }, + "outpostArn": { + "type": "string" + }, + "ownerId": { + "type": "string", + "description": "ID of the AWS account that owns the subnet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "VPC ID.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/defaultVpc:DefaultVpc": { + "description": "Provides a resource to manage the [default AWS VPC](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/default-vpc.html)\nin the current region.\n\nFor AWS accounts created after 2013-12-04, each region comes with a Default VPC.\n**This is an advanced resource**, and has special caveats to be aware of when\nusing it. Please read this document in its entirety before using this resource.\n\nThe `aws.ec2.DefaultVpc` behaves differently from normal resources, in that\nthis provider does not _create_ this resource, but instead \"adopts\" it\ninto management.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage with tags:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultDefaultVpc = new aws.ec2.DefaultVpc(\"default\", {\n tags: {\n Name: \"Default VPC\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.DefaultVpc(\"default\", tags={\n \"Name\": \"Default VPC\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Ec2.DefaultVpc(\"default\", new Aws.Ec2.DefaultVpcArgs\n {\n Tags = \n {\n { \"Name\", \"Default VPC\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewDefaultVpc(ctx, \"_default\", &ec2.DefaultVpcArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Default VPC\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDefault VPCs can be imported using the `vpc id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/defaultVpc:DefaultVpc default vpc-a01106c2\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of VPC\n" + }, + "assignGeneratedIpv6CidrBlock": { + "type": "boolean", + "description": "Whether or not an Amazon-provided IPv6 CIDR\nblock with a /56 prefix length for the VPC was assigned\n" + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block of the VPC\n" + }, + "defaultNetworkAclId": { + "type": "string", + "description": "The ID of the network ACL created by default on VPC creation\n" + }, + "defaultRouteTableId": { + "type": "string", + "description": "The ID of the route table created by default on VPC creation\n" + }, + "defaultSecurityGroupId": { + "type": "string", + "description": "The ID of the security group created by default on VPC creation\n" + }, + "dhcpOptionsId": { + "type": "string" + }, + "enableClassiclink": { + "type": "boolean", + "description": "A boolean flag to enable/disable ClassicLink\nfor the VPC. Only valid in regions and accounts that support EC2 Classic.\nSee the [ClassicLink documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) for more information. Defaults false.\n" + }, + "enableClassiclinkDnsSupport": { + "type": "boolean" + }, + "enableDnsHostnames": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.\n" + }, + "enableDnsSupport": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS support in the VPC. Defaults true.\n" + }, + "instanceTenancy": { + "type": "string", + "description": "Tenancy of instances spin up within VPC.\n" + }, + "ipv6AssociationId": { + "type": "string", + "description": "The association ID for the IPv6 CIDR block of the VPC\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block of the VPC\n" + }, + "mainRouteTableId": { + "type": "string", + "description": "The ID of the main route table associated with\nthis VPC. Note that you can change a VPC's main route table by using an\n`aws.ec2.MainRouteTableAssociation`\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the VPC.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "assignGeneratedIpv6CidrBlock", + "cidrBlock", + "defaultNetworkAclId", + "defaultRouteTableId", + "defaultSecurityGroupId", + "dhcpOptionsId", + "enableClassiclink", + "enableClassiclinkDnsSupport", + "enableDnsHostnames", + "instanceTenancy", + "ipv6AssociationId", + "ipv6CidrBlock", + "mainRouteTableId", + "ownerId", + "tagsAll" + ], + "inputProperties": { + "enableClassiclink": { + "type": "boolean", + "description": "A boolean flag to enable/disable ClassicLink\nfor the VPC. Only valid in regions and accounts that support EC2 Classic.\nSee the [ClassicLink documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) for more information. Defaults false.\n" + }, + "enableClassiclinkDnsSupport": { + "type": "boolean" + }, + "enableDnsHostnames": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.\n" + }, + "enableDnsSupport": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS support in the VPC. Defaults true.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering DefaultVpc resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of VPC\n" + }, + "assignGeneratedIpv6CidrBlock": { + "type": "boolean", + "description": "Whether or not an Amazon-provided IPv6 CIDR\nblock with a /56 prefix length for the VPC was assigned\n" + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block of the VPC\n" + }, + "defaultNetworkAclId": { + "type": "string", + "description": "The ID of the network ACL created by default on VPC creation\n" + }, + "defaultRouteTableId": { + "type": "string", + "description": "The ID of the route table created by default on VPC creation\n" + }, + "defaultSecurityGroupId": { + "type": "string", + "description": "The ID of the security group created by default on VPC creation\n" + }, + "dhcpOptionsId": { + "type": "string" + }, + "enableClassiclink": { + "type": "boolean", + "description": "A boolean flag to enable/disable ClassicLink\nfor the VPC. Only valid in regions and accounts that support EC2 Classic.\nSee the [ClassicLink documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) for more information. Defaults false.\n" + }, + "enableClassiclinkDnsSupport": { + "type": "boolean" + }, + "enableDnsHostnames": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.\n" + }, + "enableDnsSupport": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS support in the VPC. Defaults true.\n" + }, + "instanceTenancy": { + "type": "string", + "description": "Tenancy of instances spin up within VPC.\n" + }, + "ipv6AssociationId": { + "type": "string", + "description": "The association ID for the IPv6 CIDR block of the VPC\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block of the VPC\n" + }, + "mainRouteTableId": { + "type": "string", + "description": "The ID of the main route table associated with\nthis VPC. Note that you can change a VPC's main route table by using an\n`aws.ec2.MainRouteTableAssociation`\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the VPC.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:ec2/defaultVpcDhcpOptions:DefaultVpcDhcpOptions": { + "description": "Provides a resource to manage the [default AWS DHCP Options Set](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html#AmazonDNS)\nin the current region.\n\nEach AWS region comes with a default set of DHCP options.\n**This is an advanced resource**, and has special caveats to be aware of when\nusing it. Please read this document in its entirety before using this resource.\n\nThe `aws.ec2.DefaultVpcDhcpOptions` behaves differently from normal resources, in that\nthis provider does not _create_ this resource, but instead \"adopts\" it\ninto management.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage with tags:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultDefaultVpcDhcpOptions = new aws.ec2.DefaultVpcDhcpOptions(\"default\", {\n tags: {\n Name: \"Default DHCP Option Set\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.DefaultVpcDhcpOptions(\"default\", tags={\n \"Name\": \"Default DHCP Option Set\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Ec2.DefaultVpcDhcpOptions(\"default\", new Aws.Ec2.DefaultVpcDhcpOptionsArgs\n {\n Tags = \n {\n { \"Name\", \"Default DHCP Option Set\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewDefaultVpcDhcpOptions(ctx, \"_default\", &ec2.DefaultVpcDhcpOptionsArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Default DHCP Option Set\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nVPC DHCP Options can be imported using the `dhcp options id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/defaultVpcDhcpOptions:DefaultVpcDhcpOptions default_options dopt-d9070ebb\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the DHCP Options Set.\n" + }, + "domainName": { + "type": "string" + }, + "domainNameServers": { + "type": "string" + }, + "netbiosNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NETBIOS name servers.\n" + }, + "netbiosNodeType": { + "type": "string", + "description": "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see [RFC 2132](http://www.ietf.org/rfc/rfc2132.txt).\n" + }, + "ntpServers": { + "type": "string" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the DHCP options set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "domainName", + "domainNameServers", + "ntpServers", + "ownerId", + "tagsAll" + ], + "inputProperties": { + "netbiosNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NETBIOS name servers.\n" + }, + "netbiosNodeType": { + "type": "string", + "description": "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see [RFC 2132](http://www.ietf.org/rfc/rfc2132.txt).\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the DHCP options set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering DefaultVpcDhcpOptions resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the DHCP Options Set.\n" + }, + "domainName": { + "type": "string" + }, + "domainNameServers": { + "type": "string" + }, + "netbiosNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NETBIOS name servers.\n" + }, + "netbiosNodeType": { + "type": "string", + "description": "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see [RFC 2132](http://www.ietf.org/rfc/rfc2132.txt).\n" + }, + "ntpServers": { + "type": "string" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the DHCP options set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:ec2/egressOnlyInternetGateway:EgressOnlyInternetGateway": { + "description": "[IPv6 only] Creates an egress-only Internet gateway for your VPC.\nAn egress-only Internet gateway is used to enable outbound communication\nover IPv6 from instances in your VPC to the Internet, and prevents hosts\noutside of your VPC from initiating an IPv6 connection with your instance.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {\n cidrBlock: \"10.1.0.0/16\",\n assignGeneratedIpv6CidrBlock: true,\n});\nconst exampleEgressOnlyInternetGateway = new aws.ec2.EgressOnlyInternetGateway(\"exampleEgressOnlyInternetGateway\", {\n vpcId: exampleVpc.id,\n tags: {\n Name: \"main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\",\n cidr_block=\"10.1.0.0/16\",\n assign_generated_ipv6_cidr_block=True)\nexample_egress_only_internet_gateway = aws.ec2.EgressOnlyInternetGateway(\"exampleEgressOnlyInternetGateway\",\n vpc_id=example_vpc.id,\n tags={\n \"Name\": \"main\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n AssignGeneratedIpv6CidrBlock = true,\n });\n var exampleEgressOnlyInternetGateway = new Aws.Ec2.EgressOnlyInternetGateway(\"exampleEgressOnlyInternetGateway\", new Aws.Ec2.EgressOnlyInternetGatewayArgs\n {\n VpcId = exampleVpc.Id,\n Tags = \n {\n { \"Name\", \"main\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tAssignGeneratedIpv6CidrBlock: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEgressOnlyInternetGateway(ctx, \"exampleEgressOnlyInternetGateway\", &ec2.EgressOnlyInternetGatewayArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEgress-only Internet gateways can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/egressOnlyInternetGateway:EgressOnlyInternetGateway example eigw-015e0e244e24dfe8a\n```\n\n ", + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "The VPC ID to create in.\n" + } + }, + "required": [ + "tagsAll", + "vpcId" + ], + "inputProperties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "The VPC ID to create in.\n" + } + }, + "requiredInputs": [ + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EgressOnlyInternetGateway resources.\n", + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "The VPC ID to create in.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/eip:Eip": { + "description": "Provides an Elastic IP resource.\n\n> **Note:** EIP may require IGW to exist prior to association. Use `depends_on` to set an explicit dependency on the IGW.\n\n> **Note:** Do not use `network_interface` to associate the EIP to `aws.lb.LoadBalancer` or `aws.ec2.NatGateway` resources. Instead use the `allocation_id` available in those resources to allow AWS to manage the association, otherwise you will see `AuthFailure` errors.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Single EIP associated with an instance\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.ec2.Eip(\"lb\", {\n instance: aws_instance.web.id,\n vpc: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.ec2.Eip(\"lb\",\n instance=aws_instance[\"web\"][\"id\"],\n vpc=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lb = new Aws.Ec2.Eip(\"lb\", new Aws.Ec2.EipArgs\n {\n Instance = aws_instance.Web.Id,\n Vpc = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewEip(ctx, \"lb\", &ec2.EipArgs{\n\t\t\tInstance: pulumi.Any(aws_instance.Web.Id),\n\t\t\tVpc: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Multiple EIPs associated with a single network interface\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst multi_ip = new aws.ec2.NetworkInterface(\"multi-ip\", {\n subnetId: aws_subnet.main.id,\n privateIps: [\n \"10.0.0.10\",\n \"10.0.0.11\",\n ],\n});\nconst one = new aws.ec2.Eip(\"one\", {\n vpc: true,\n networkInterface: multi_ip.id,\n associateWithPrivateIp: \"10.0.0.10\",\n});\nconst two = new aws.ec2.Eip(\"two\", {\n vpc: true,\n networkInterface: multi_ip.id,\n associateWithPrivateIp: \"10.0.0.11\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmulti_ip = aws.ec2.NetworkInterface(\"multi-ip\",\n subnet_id=aws_subnet[\"main\"][\"id\"],\n private_ips=[\n \"10.0.0.10\",\n \"10.0.0.11\",\n ])\none = aws.ec2.Eip(\"one\",\n vpc=True,\n network_interface=multi_ip.id,\n associate_with_private_ip=\"10.0.0.10\")\ntwo = aws.ec2.Eip(\"two\",\n vpc=True,\n network_interface=multi_ip.id,\n associate_with_private_ip=\"10.0.0.11\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var multi_ip = new Aws.Ec2.NetworkInterface(\"multi-ip\", new Aws.Ec2.NetworkInterfaceArgs\n {\n SubnetId = aws_subnet.Main.Id,\n PrivateIps = \n {\n \"10.0.0.10\",\n \"10.0.0.11\",\n },\n });\n var one = new Aws.Ec2.Eip(\"one\", new Aws.Ec2.EipArgs\n {\n Vpc = true,\n NetworkInterface = multi_ip.Id,\n AssociateWithPrivateIp = \"10.0.0.10\",\n });\n var two = new Aws.Ec2.Eip(\"two\", new Aws.Ec2.EipArgs\n {\n Vpc = true,\n NetworkInterface = multi_ip.Id,\n AssociateWithPrivateIp = \"10.0.0.11\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewNetworkInterface(ctx, \"multi_ip\", &ec2.NetworkInterfaceArgs{\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Main.Id),\n\t\t\tPrivateIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.0.0.10\"),\n\t\t\t\tpulumi.String(\"10.0.0.11\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEip(ctx, \"one\", &ec2.EipArgs{\n\t\t\tVpc: pulumi.Bool(true),\n\t\t\tNetworkInterface: multi_ip.ID(),\n\t\t\tAssociateWithPrivateIp: pulumi.String(\"10.0.0.10\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEip(ctx, \"two\", &ec2.EipArgs{\n\t\t\tVpc: pulumi.Bool(true),\n\t\t\tNetworkInterface: multi_ip.ID(),\n\t\t\tAssociateWithPrivateIp: pulumi.String(\"10.0.0.11\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Attaching an EIP to an Instance with a pre-assigned private ip (VPC Only)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.ec2.Vpc(\"default\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsHostnames: true,\n});\nconst gw = new aws.ec2.InternetGateway(\"gw\", {vpcId: _default.id});\nconst tfTestSubnet = new aws.ec2.Subnet(\"tfTestSubnet\", {\n vpcId: _default.id,\n cidrBlock: \"10.0.0.0/24\",\n mapPublicIpOnLaunch: true,\n}, {\n dependsOn: [gw],\n});\nconst foo = new aws.ec2.Instance(\"foo\", {\n ami: \"ami-5189a661\",\n instanceType: \"t2.micro\",\n privateIp: \"10.0.0.12\",\n subnetId: tfTestSubnet.id,\n});\nconst bar = new aws.ec2.Eip(\"bar\", {\n vpc: true,\n instance: foo.id,\n associateWithPrivateIp: \"10.0.0.12\",\n}, {\n dependsOn: [gw],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.Vpc(\"default\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_hostnames=True)\ngw = aws.ec2.InternetGateway(\"gw\", vpc_id=default.id)\ntf_test_subnet = aws.ec2.Subnet(\"tfTestSubnet\",\n vpc_id=default.id,\n cidr_block=\"10.0.0.0/24\",\n map_public_ip_on_launch=True,\n opts=pulumi.ResourceOptions(depends_on=[gw]))\nfoo = aws.ec2.Instance(\"foo\",\n ami=\"ami-5189a661\",\n instance_type=\"t2.micro\",\n private_ip=\"10.0.0.12\",\n subnet_id=tf_test_subnet.id)\nbar = aws.ec2.Eip(\"bar\",\n vpc=True,\n instance=foo.id,\n associate_with_private_ip=\"10.0.0.12\",\n opts=pulumi.ResourceOptions(depends_on=[gw]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Ec2.Vpc(\"default\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsHostnames = true,\n });\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new Aws.Ec2.InternetGatewayArgs\n {\n VpcId = @default.Id,\n });\n var tfTestSubnet = new Aws.Ec2.Subnet(\"tfTestSubnet\", new Aws.Ec2.SubnetArgs\n {\n VpcId = @default.Id,\n CidrBlock = \"10.0.0.0/24\",\n MapPublicIpOnLaunch = true,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n gw,\n },\n });\n var foo = new Aws.Ec2.Instance(\"foo\", new Aws.Ec2.InstanceArgs\n {\n Ami = \"ami-5189a661\",\n InstanceType = \"t2.micro\",\n PrivateIp = \"10.0.0.12\",\n SubnetId = tfTestSubnet.Id,\n });\n var bar = new Aws.Ec2.Eip(\"bar\", new Aws.Ec2.EipArgs\n {\n Vpc = true,\n Instance = foo.Id,\n AssociateWithPrivateIp = \"10.0.0.12\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n gw,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpc(ctx, \"_default\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgw, err := ec2.NewInternetGateway(ctx, \"gw\", &ec2.InternetGatewayArgs{\n\t\t\tVpcId: _default.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttfTestSubnet, err := ec2.NewSubnet(ctx, \"tfTestSubnet\", &ec2.SubnetArgs{\n\t\t\tVpcId: _default.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tMapPublicIpOnLaunch: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewInstance(ctx, \"foo\", &ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-5189a661\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tPrivateIp: pulumi.String(\"10.0.0.12\"),\n\t\t\tSubnetId: tfTestSubnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEip(ctx, \"bar\", &ec2.EipArgs{\n\t\t\tVpc: pulumi.Bool(true),\n\t\t\tInstance: foo.ID(),\n\t\t\tAssociateWithPrivateIp: pulumi.String(\"10.0.0.12\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgw,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Allocating EIP from the BYOIP pool\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byoip_ip = new aws.ec2.Eip(\"byoip-ip\", {\n publicIpv4Pool: \"ipv4pool-ec2-012345\",\n vpc: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbyoip_ip = aws.ec2.Eip(\"byoip-ip\",\n public_ipv4_pool=\"ipv4pool-ec2-012345\",\n vpc=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byoip_ip = new Aws.Ec2.Eip(\"byoip-ip\", new Aws.Ec2.EipArgs\n {\n PublicIpv4Pool = \"ipv4pool-ec2-012345\",\n Vpc = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewEip(ctx, \"byoip_ip\", &ec2.EipArgs{\n\t\t\tPublicIpv4Pool: pulumi.String(\"ipv4pool-ec2-012345\"),\n\t\t\tVpc: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEIPs in a VPC can be imported using their Allocation ID, e.g.\n\n```sh\n $ pulumi import aws:ec2/eip:Eip bar eipalloc-00a10e96\n```\n\n EIPs in EC2 Classic can be imported using their Public IP, e.g.\n\n```sh\n $ pulumi import aws:ec2/eip:Eip bar 52.0.0.0\n```\n\n [1]https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AssociateAddress.html ", + "properties": { + "address": { + "type": "string", + "description": "IP address from an EC2 BYOIP pool. This option is only available for VPC EIPs.\n" + }, + "allocationId": { + "type": "string", + "description": "ID that AWS assigns to represent the allocation of the Elastic IP address for use with instances in a VPC.\n" + }, + "associateWithPrivateIp": { + "type": "string", + "description": "User-specified primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.\n" + }, + "associationId": { + "type": "string", + "description": "ID representing the association of the address with an instance in a VPC.\n" + }, + "carrierIp": { + "type": "string", + "description": "Carrier IP address.\n" + }, + "customerOwnedIp": { + "type": "string", + "description": "Customer owned IP.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "ID of a customer-owned address pool. For more on customer owned IP addressed check out [Customer-owned IP addresses guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#ip-addressing).\n" + }, + "domain": { + "type": "string", + "description": "Indicates if this EIP is for use in VPC (`vpc`) or EC2 Classic (`standard`).\n" + }, + "instance": { + "type": "string", + "description": "EC2 instance ID.\n" + }, + "networkBorderGroup": { + "type": "string", + "description": "Location from which the IP address is advertised. Use this parameter to limit the address to this location.\n" + }, + "networkInterface": { + "type": "string", + "description": "Network interface ID to associate with.\n" + }, + "privateDns": { + "type": "string", + "description": "The Private DNS associated with the Elastic IP address (if in VPC).\n" + }, + "privateIp": { + "type": "string", + "description": "Contains the private IP address (if in VPC).\n" + }, + "publicDns": { + "type": "string", + "description": "Public DNS associated with the Elastic IP address.\n" + }, + "publicIp": { + "type": "string", + "description": "Contains the public IP address.\n" + }, + "publicIpv4Pool": { + "type": "string", + "description": "EC2 IPv4 address pool identifier or `amazon`. This option is only available for VPC EIPs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpc": { + "type": "boolean", + "description": "Boolean if the EIP is in a VPC or not.\n" + } + }, + "required": [ + "allocationId", + "associationId", + "carrierIp", + "customerOwnedIp", + "domain", + "instance", + "networkBorderGroup", + "networkInterface", + "privateDns", + "privateIp", + "publicDns", + "publicIp", + "publicIpv4Pool", + "tagsAll", + "vpc" + ], + "inputProperties": { + "address": { + "type": "string", + "description": "IP address from an EC2 BYOIP pool. This option is only available for VPC EIPs.\n" + }, + "associateWithPrivateIp": { + "type": "string", + "description": "User-specified primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "ID of a customer-owned address pool. For more on customer owned IP addressed check out [Customer-owned IP addresses guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#ip-addressing).\n" + }, + "instance": { + "type": "string", + "description": "EC2 instance ID.\n" + }, + "networkBorderGroup": { + "type": "string", + "description": "Location from which the IP address is advertised. Use this parameter to limit the address to this location.\n" + }, + "networkInterface": { + "type": "string", + "description": "Network interface ID to associate with.\n" + }, + "publicIpv4Pool": { + "type": "string", + "description": "EC2 IPv4 address pool identifier or `amazon`. This option is only available for VPC EIPs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpc": { + "type": "boolean", + "description": "Boolean if the EIP is in a VPC or not.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Eip resources.\n", + "properties": { + "address": { + "type": "string", + "description": "IP address from an EC2 BYOIP pool. This option is only available for VPC EIPs.\n" + }, + "allocationId": { + "type": "string", + "description": "ID that AWS assigns to represent the allocation of the Elastic IP address for use with instances in a VPC.\n" + }, + "associateWithPrivateIp": { + "type": "string", + "description": "User-specified primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.\n" + }, + "associationId": { + "type": "string", + "description": "ID representing the association of the address with an instance in a VPC.\n" + }, + "carrierIp": { + "type": "string", + "description": "Carrier IP address.\n" + }, + "customerOwnedIp": { + "type": "string", + "description": "Customer owned IP.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "ID of a customer-owned address pool. For more on customer owned IP addressed check out [Customer-owned IP addresses guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#ip-addressing).\n" + }, + "domain": { + "type": "string", + "description": "Indicates if this EIP is for use in VPC (`vpc`) or EC2 Classic (`standard`).\n" + }, + "instance": { + "type": "string", + "description": "EC2 instance ID.\n" + }, + "networkBorderGroup": { + "type": "string", + "description": "Location from which the IP address is advertised. Use this parameter to limit the address to this location.\n" + }, + "networkInterface": { + "type": "string", + "description": "Network interface ID to associate with.\n" + }, + "privateDns": { + "type": "string", + "description": "The Private DNS associated with the Elastic IP address (if in VPC).\n" + }, + "privateIp": { + "type": "string", + "description": "Contains the private IP address (if in VPC).\n" + }, + "publicDns": { + "type": "string", + "description": "Public DNS associated with the Elastic IP address.\n" + }, + "publicIp": { + "type": "string", + "description": "Contains the public IP address.\n" + }, + "publicIpv4Pool": { + "type": "string", + "description": "EC2 IPv4 address pool identifier or `amazon`. This option is only available for VPC EIPs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpc": { + "type": "boolean", + "description": "Boolean if the EIP is in a VPC or not.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/eipAssociation:EipAssociation": { + "description": "Provides an AWS EIP Association as a top level resource, to associate and\ndisassociate Elastic IPs from AWS Instances and Network Interfaces.\n\n> **NOTE:** Do not use this resource to associate an EIP to `aws.lb.LoadBalancer` or `aws.ec2.NatGateway` resources. Instead use the `allocation_id` available in those resources to allow AWS to manage the association, otherwise you will see `AuthFailure` errors.\n\n> **NOTE:** `aws.ec2.EipAssociation` is useful in scenarios where EIPs are either\npre-existing or distributed to customers or users and therefore cannot be changed.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-21f78e11\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"t2.micro\",\n tags: {\n Name: \"HelloWorld\",\n },\n});\nconst example = new aws.ec2.Eip(\"example\", {vpc: true});\nconst eipAssoc = new aws.ec2.EipAssociation(\"eipAssoc\", {\n instanceId: web.id,\n allocationId: example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-21f78e11\",\n availability_zone=\"us-west-2a\",\n instance_type=\"t2.micro\",\n tags={\n \"Name\": \"HelloWorld\",\n })\nexample = aws.ec2.Eip(\"example\", vpc=True)\neip_assoc = aws.ec2.EipAssociation(\"eipAssoc\",\n instance_id=web.id,\n allocation_id=example.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var web = new Aws.Ec2.Instance(\"web\", new Aws.Ec2.InstanceArgs\n {\n Ami = \"ami-21f78e11\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"t2.micro\",\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n var example = new Aws.Ec2.Eip(\"example\", new Aws.Ec2.EipArgs\n {\n Vpc = true,\n });\n var eipAssoc = new Aws.Ec2.EipAssociation(\"eipAssoc\", new Aws.Ec2.EipAssociationArgs\n {\n InstanceId = web.Id,\n AllocationId = example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tweb, err := ec2.NewInstance(ctx, \"web\", &ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-21f78e11\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ec2.NewEip(ctx, \"example\", &ec2.EipArgs{\n\t\t\tVpc: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewEipAssociation(ctx, \"eipAssoc\", &ec2.EipAssociationArgs{\n\t\t\tInstanceId: web.ID(),\n\t\t\tAllocationId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEIP Assocations can be imported using their association ID.\n\n```sh\n $ pulumi import aws:ec2/eipAssociation:EipAssociation test eipassoc-ab12c345\n```\n\n ", + "properties": { + "allocationId": { + "type": "string", + "description": "The allocation ID. This is required for EC2-VPC.\n" + }, + "allowReassociation": { + "type": "boolean", + "description": "Whether to allow an Elastic IP to\nbe re-associated. Defaults to `true` in VPC.\n" + }, + "instanceId": { + "type": "string", + "description": "The ID of the instance. This is required for\nEC2-Classic. For EC2-VPC, you can specify either the instance ID or the\nnetwork interface ID, but not both. The operation fails if you specify an\ninstance ID unless exactly one network interface is attached.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface. If the\ninstance has more than one network interface, you must specify a network\ninterface ID.\n" + }, + "privateIpAddress": { + "type": "string", + "description": "The primary or secondary private IP address\nto associate with the Elastic IP address. If no private IP address is\nspecified, the Elastic IP address is associated with the primary private IP\naddress.\n" + }, + "publicIp": { + "type": "string", + "description": "The Elastic IP address. This is required for EC2-Classic.\n" + } + }, + "required": [ + "allocationId", + "instanceId", + "networkInterfaceId", + "privateIpAddress", + "publicIp" + ], + "inputProperties": { + "allocationId": { + "type": "string", + "description": "The allocation ID. This is required for EC2-VPC.\n" + }, + "allowReassociation": { + "type": "boolean", + "description": "Whether to allow an Elastic IP to\nbe re-associated. Defaults to `true` in VPC.\n" + }, + "instanceId": { + "type": "string", + "description": "The ID of the instance. This is required for\nEC2-Classic. For EC2-VPC, you can specify either the instance ID or the\nnetwork interface ID, but not both. The operation fails if you specify an\ninstance ID unless exactly one network interface is attached.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface. If the\ninstance has more than one network interface, you must specify a network\ninterface ID.\n" + }, + "privateIpAddress": { + "type": "string", + "description": "The primary or secondary private IP address\nto associate with the Elastic IP address. If no private IP address is\nspecified, the Elastic IP address is associated with the primary private IP\naddress.\n" + }, + "publicIp": { + "type": "string", + "description": "The Elastic IP address. This is required for EC2-Classic.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering EipAssociation resources.\n", + "properties": { + "allocationId": { + "type": "string", + "description": "The allocation ID. This is required for EC2-VPC.\n" + }, + "allowReassociation": { + "type": "boolean", + "description": "Whether to allow an Elastic IP to\nbe re-associated. Defaults to `true` in VPC.\n" + }, + "instanceId": { + "type": "string", + "description": "The ID of the instance. This is required for\nEC2-Classic. For EC2-VPC, you can specify either the instance ID or the\nnetwork interface ID, but not both. The operation fails if you specify an\ninstance ID unless exactly one network interface is attached.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface. If the\ninstance has more than one network interface, you must specify a network\ninterface ID.\n" + }, + "privateIpAddress": { + "type": "string", + "description": "The primary or secondary private IP address\nto associate with the Elastic IP address. If no private IP address is\nspecified, the Elastic IP address is associated with the primary private IP\naddress.\n" + }, + "publicIp": { + "type": "string", + "description": "The Elastic IP address. This is required for EC2-Classic.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/fleet:Fleet": { + "description": "Provides a resource to manage EC2 Fleets.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.Fleet(\"example\", {\n launchTemplateConfig: {\n launchTemplateSpecification: {\n launchTemplateId: aws_launch_template.example.id,\n version: aws_launch_template.example.latest_version,\n },\n },\n targetCapacitySpecification: {\n defaultTargetCapacityType: \"spot\",\n totalTargetCapacity: 5,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.Fleet(\"example\",\n launch_template_config=aws.ec2.FleetLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.FleetLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n launch_template_id=aws_launch_template[\"example\"][\"id\"],\n version=aws_launch_template[\"example\"][\"latest_version\"],\n ),\n ),\n target_capacity_specification=aws.ec2.FleetTargetCapacitySpecificationArgs(\n default_target_capacity_type=\"spot\",\n total_target_capacity=5,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.Fleet(\"example\", new Aws.Ec2.FleetArgs\n {\n LaunchTemplateConfig = new Aws.Ec2.Inputs.FleetLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.FleetLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n LaunchTemplateId = aws_launch_template.Example.Id,\n Version = aws_launch_template.Example.Latest_version,\n },\n },\n TargetCapacitySpecification = new Aws.Ec2.Inputs.FleetTargetCapacitySpecificationArgs\n {\n DefaultTargetCapacityType = \"spot\",\n TotalTargetCapacity = 5,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewFleet(ctx, \"example\", &ec2.FleetArgs{\n\t\t\tLaunchTemplateConfig: &ec2.FleetLaunchTemplateConfigArgs{\n\t\t\t\tLaunchTemplateSpecification: &ec2.FleetLaunchTemplateConfigLaunchTemplateSpecificationArgs{\n\t\t\t\t\tLaunchTemplateId: pulumi.Any(aws_launch_template.Example.Id),\n\t\t\t\t\tVersion: pulumi.Any(aws_launch_template.Example.Latest_version),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetCapacitySpecification: &ec2.FleetTargetCapacitySpecificationArgs{\n\t\t\t\tDefaultTargetCapacityType: pulumi.String(\"spot\"),\n\t\t\t\tTotalTargetCapacity: pulumi.Int(5),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_fleet` can be imported by using the Fleet identifier, e.g.\n\n```sh\n $ pulumi import aws:ec2/fleet:Fleet example fleet-b9b55d27-c5fc-41ac-a6f3-48fcc91f080c\n```\n\n ", + "properties": { + "excessCapacityTerminationPolicy": { + "type": "string", + "description": "Whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2. Valid values: `no-termination`, `termination`. Defaults to `termination`.\n" + }, + "launchTemplateConfig": { + "$ref": "#/types/aws:ec2/FleetLaunchTemplateConfig:FleetLaunchTemplateConfig", + "description": "Nested argument containing EC2 Launch Template configurations. Defined below.\n" + }, + "onDemandOptions": { + "$ref": "#/types/aws:ec2/FleetOnDemandOptions:FleetOnDemandOptions", + "description": "Nested argument containing On-Demand configurations. Defined below.\n" + }, + "replaceUnhealthyInstances": { + "type": "boolean", + "description": "Whether EC2 Fleet should replace unhealthy instances. Defaults to `false`.\n" + }, + "spotOptions": { + "$ref": "#/types/aws:ec2/FleetSpotOptions:FleetSpotOptions", + "description": "Nested argument containing Spot configurations. Defined below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetCapacitySpecification": { + "$ref": "#/types/aws:ec2/FleetTargetCapacitySpecification:FleetTargetCapacitySpecification", + "description": "Nested argument containing target capacity configurations. Defined below.\n" + }, + "terminateInstances": { + "type": "boolean", + "description": "Whether to terminate instances for an EC2 Fleet if it is deleted successfully. Defaults to `false`.\n" + }, + "terminateInstancesWithExpiration": { + "type": "boolean", + "description": "Whether running instances should be terminated when the EC2 Fleet expires. Defaults to `false`.\n" + }, + "type": { + "type": "string", + "description": "The type of request. Indicates whether the EC2 Fleet only requests the target capacity, or also attempts to maintain it. Valid values: `maintain`, `request`. Defaults to `maintain`.\n" + } + }, + "required": [ + "launchTemplateConfig", + "tagsAll", + "targetCapacitySpecification" + ], + "inputProperties": { + "excessCapacityTerminationPolicy": { + "type": "string", + "description": "Whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2. Valid values: `no-termination`, `termination`. Defaults to `termination`.\n" + }, + "launchTemplateConfig": { + "$ref": "#/types/aws:ec2/FleetLaunchTemplateConfig:FleetLaunchTemplateConfig", + "description": "Nested argument containing EC2 Launch Template configurations. Defined below.\n" + }, + "onDemandOptions": { + "$ref": "#/types/aws:ec2/FleetOnDemandOptions:FleetOnDemandOptions", + "description": "Nested argument containing On-Demand configurations. Defined below.\n" + }, + "replaceUnhealthyInstances": { + "type": "boolean", + "description": "Whether EC2 Fleet should replace unhealthy instances. Defaults to `false`.\n" + }, + "spotOptions": { + "$ref": "#/types/aws:ec2/FleetSpotOptions:FleetSpotOptions", + "description": "Nested argument containing Spot configurations. Defined below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetCapacitySpecification": { + "$ref": "#/types/aws:ec2/FleetTargetCapacitySpecification:FleetTargetCapacitySpecification", + "description": "Nested argument containing target capacity configurations. Defined below.\n" + }, + "terminateInstances": { + "type": "boolean", + "description": "Whether to terminate instances for an EC2 Fleet if it is deleted successfully. Defaults to `false`.\n" + }, + "terminateInstancesWithExpiration": { + "type": "boolean", + "description": "Whether running instances should be terminated when the EC2 Fleet expires. Defaults to `false`.\n" + }, + "type": { + "type": "string", + "description": "The type of request. Indicates whether the EC2 Fleet only requests the target capacity, or also attempts to maintain it. Valid values: `maintain`, `request`. Defaults to `maintain`.\n" + } + }, + "requiredInputs": [ + "launchTemplateConfig", + "targetCapacitySpecification" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Fleet resources.\n", + "properties": { + "excessCapacityTerminationPolicy": { + "type": "string", + "description": "Whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2. Valid values: `no-termination`, `termination`. Defaults to `termination`.\n" + }, + "launchTemplateConfig": { + "$ref": "#/types/aws:ec2/FleetLaunchTemplateConfig:FleetLaunchTemplateConfig", + "description": "Nested argument containing EC2 Launch Template configurations. Defined below.\n" + }, + "onDemandOptions": { + "$ref": "#/types/aws:ec2/FleetOnDemandOptions:FleetOnDemandOptions", + "description": "Nested argument containing On-Demand configurations. Defined below.\n" + }, + "replaceUnhealthyInstances": { + "type": "boolean", + "description": "Whether EC2 Fleet should replace unhealthy instances. Defaults to `false`.\n" + }, + "spotOptions": { + "$ref": "#/types/aws:ec2/FleetSpotOptions:FleetSpotOptions", + "description": "Nested argument containing Spot configurations. Defined below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetCapacitySpecification": { + "$ref": "#/types/aws:ec2/FleetTargetCapacitySpecification:FleetTargetCapacitySpecification", + "description": "Nested argument containing target capacity configurations. Defined below.\n" + }, + "terminateInstances": { + "type": "boolean", + "description": "Whether to terminate instances for an EC2 Fleet if it is deleted successfully. Defaults to `false`.\n" + }, + "terminateInstancesWithExpiration": { + "type": "boolean", + "description": "Whether running instances should be terminated when the EC2 Fleet expires. Defaults to `false`.\n" + }, + "type": { + "type": "string", + "description": "The type of request. Indicates whether the EC2 Fleet only requests the target capacity, or also attempts to maintain it. Valid values: `maintain`, `request`. Defaults to `maintain`.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/flowLog:FlowLog": { + "description": "Provides a VPC/Subnet/ENI Flow Log to capture IP traffic for a specific network\ninterface, subnet, or VPC. Logs are sent to a CloudWatch Log Group or a S3 Bucket.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### CloudWatch Logging\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"vpc-flow-logs.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst exampleFlowLog = new aws.ec2.FlowLog(\"exampleFlowLog\", {\n iamRoleArn: exampleRole.arn,\n logDestination: exampleLogGroup.arn,\n trafficType: \"ALL\",\n vpcId: aws_vpc.example.id,\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"exampleRolePolicy\", {\n role: exampleRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"vpc-flow-logs.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\nexample_flow_log = aws.ec2.FlowLog(\"exampleFlowLog\",\n iam_role_arn=example_role.arn,\n log_destination=example_log_group.arn,\n traffic_type=\"ALL\",\n vpc_id=aws_vpc[\"example\"][\"id\"])\nexample_role_policy = aws.iam.RolePolicy(\"exampleRolePolicy\",\n role=example_role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n \"logs:DescribeLogGroups\",\n \"logs:DescribeLogStreams\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new Aws.CloudWatch.LogGroupArgs\n {\n });\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"vpc-flow-logs.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var exampleFlowLog = new Aws.Ec2.FlowLog(\"exampleFlowLog\", new Aws.Ec2.FlowLogArgs\n {\n IamRoleArn = exampleRole.Arn,\n LogDestination = exampleLogGroup.Arn,\n TrafficType = \"ALL\",\n VpcId = aws_vpc.Example.Id,\n });\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"exampleRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = exampleRole.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": [\n \"\"logs:CreateLogGroup\"\",\n \"\"logs:CreateLogStream\"\",\n \"\"logs:PutLogEvents\"\",\n \"\"logs:DescribeLogGroups\"\",\n \"\"logs:DescribeLogStreams\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"vpc-flow-logs.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewFlowLog(ctx, \"exampleFlowLog\", &ec2.FlowLogArgs{\n\t\t\tIamRoleArn: exampleRole.Arn,\n\t\t\tLogDestination: exampleLogGroup.Arn,\n\t\t\tTrafficType: pulumi.String(\"ALL\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"exampleRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"logs:CreateLogGroup\\\",\\n\", \" \\\"logs:CreateLogStream\\\",\\n\", \" \\\"logs:PutLogEvents\\\",\\n\", \" \\\"logs:DescribeLogGroups\\\",\\n\", \" \\\"logs:DescribeLogStreams\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### S3 Logging\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {});\nconst exampleFlowLog = new aws.ec2.FlowLog(\"exampleFlowLog\", {\n logDestination: exampleBucket.arn,\n logDestinationType: \"s3\",\n trafficType: \"ALL\",\n vpcId: aws_vpc.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3.Bucket(\"exampleBucket\")\nexample_flow_log = aws.ec2.FlowLog(\"exampleFlowLog\",\n log_destination=example_bucket.arn,\n log_destination_type=\"s3\",\n traffic_type=\"ALL\",\n vpc_id=aws_vpc[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n });\n var exampleFlowLog = new Aws.Ec2.FlowLog(\"exampleFlowLog\", new Aws.Ec2.FlowLogArgs\n {\n LogDestination = exampleBucket.Arn,\n LogDestinationType = \"s3\",\n TrafficType = \"ALL\",\n VpcId = aws_vpc.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewFlowLog(ctx, \"exampleFlowLog\", &ec2.FlowLogArgs{\n\t\t\tLogDestination: exampleBucket.Arn,\n\t\t\tLogDestinationType: pulumi.String(\"s3\"),\n\t\t\tTrafficType: pulumi.String(\"ALL\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nFlow Logs can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/flowLog:FlowLog test_flow_log fl-1a2b3c4d\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Flow Log.\n" + }, + "eniId": { + "type": "string", + "description": "Elastic Network Interface ID to attach to\n" + }, + "iamRoleArn": { + "type": "string", + "description": "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group\n" + }, + "logDestination": { + "type": "string", + "description": "The ARN of the logging destination.\n" + }, + "logDestinationType": { + "type": "string", + "description": "The type of the logging destination. Valid values: `cloud-watch-logs`, `s3`. Default: `cloud-watch-logs`.\n" + }, + "logFormat": { + "type": "string", + "description": "The fields to include in the flow log record, in the order in which they should appear.\n" + }, + "logGroupName": { + "type": "string", + "description": "*Deprecated:* Use `log_destination` instead. The name of the CloudWatch log group.\n", + "deprecationMessage": "use 'log_destination' argument instead" + }, + "maxAggregationInterval": { + "type": "integer", + "description": "The maximum interval of time\nduring which a flow of packets is captured and aggregated into a flow\nlog record. Valid Values: `60` seconds (1 minute) or `600` seconds (10\nminutes). Default: `600`.\n" + }, + "subnetId": { + "type": "string", + "description": "Subnet ID to attach to\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "trafficType": { + "type": "string", + "description": "The type of traffic to capture. Valid values: `ACCEPT`,`REJECT`, `ALL`.\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID to attach to\n" + } + }, + "required": [ + "arn", + "logDestination", + "logFormat", + "logGroupName", + "tagsAll", + "trafficType" + ], + "inputProperties": { + "eniId": { + "type": "string", + "description": "Elastic Network Interface ID to attach to\n" + }, + "iamRoleArn": { + "type": "string", + "description": "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group\n" + }, + "logDestination": { + "type": "string", + "description": "The ARN of the logging destination.\n" + }, + "logDestinationType": { + "type": "string", + "description": "The type of the logging destination. Valid values: `cloud-watch-logs`, `s3`. Default: `cloud-watch-logs`.\n" + }, + "logFormat": { + "type": "string", + "description": "The fields to include in the flow log record, in the order in which they should appear.\n" + }, + "logGroupName": { + "type": "string", + "description": "*Deprecated:* Use `log_destination` instead. The name of the CloudWatch log group.\n", + "deprecationMessage": "use 'log_destination' argument instead" + }, + "maxAggregationInterval": { + "type": "integer", + "description": "The maximum interval of time\nduring which a flow of packets is captured and aggregated into a flow\nlog record. Valid Values: `60` seconds (1 minute) or `600` seconds (10\nminutes). Default: `600`.\n" + }, + "subnetId": { + "type": "string", + "description": "Subnet ID to attach to\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "trafficType": { + "type": "string", + "description": "The type of traffic to capture. Valid values: `ACCEPT`,`REJECT`, `ALL`.\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID to attach to\n" + } + }, + "requiredInputs": [ + "trafficType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering FlowLog resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Flow Log.\n" + }, + "eniId": { + "type": "string", + "description": "Elastic Network Interface ID to attach to\n" + }, + "iamRoleArn": { + "type": "string", + "description": "The ARN for the IAM role that's used to post flow logs to a CloudWatch Logs log group\n" + }, + "logDestination": { + "type": "string", + "description": "The ARN of the logging destination.\n" + }, + "logDestinationType": { + "type": "string", + "description": "The type of the logging destination. Valid values: `cloud-watch-logs`, `s3`. Default: `cloud-watch-logs`.\n" + }, + "logFormat": { + "type": "string", + "description": "The fields to include in the flow log record, in the order in which they should appear.\n" + }, + "logGroupName": { + "type": "string", + "description": "*Deprecated:* Use `log_destination` instead. The name of the CloudWatch log group.\n", + "deprecationMessage": "use 'log_destination' argument instead" + }, + "maxAggregationInterval": { + "type": "integer", + "description": "The maximum interval of time\nduring which a flow of packets is captured and aggregated into a flow\nlog record. Valid Values: `60` seconds (1 minute) or `600` seconds (10\nminutes). Default: `600`.\n" + }, + "subnetId": { + "type": "string", + "description": "Subnet ID to attach to\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "trafficType": { + "type": "string", + "description": "The type of traffic to capture. Valid values: `ACCEPT`,`REJECT`, `ALL`.\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID to attach to\n" + } + }, + "type": "object" + } + }, + "aws:ec2/instance:Instance": { + "description": "Provides an EC2 instance resource. This allows instances to be created, updated, and deleted.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example Using AMI Lookup\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: ubuntu.then(ubuntu => ubuntu.id),\n instanceType: \"t3.micro\",\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nweb = aws.ec2.Instance(\"web\",\n ami=ubuntu.id,\n instance_type=\"t3.micro\",\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ubuntu = Output.Create(Aws.Ec2.GetAmi.InvokeAsync(new Aws.Ec2.GetAmiArgs\n {\n MostRecent = true,\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"virtualization-type\",\n Values = \n {\n \"hvm\",\n },\n },\n },\n Owners = \n {\n \"099720109477\",\n },\n }));\n var web = new Aws.Ec2.Instance(\"web\", new Aws.Ec2.InstanceArgs\n {\n Ami = ubuntu.Apply(ubuntu => ubuntu.Id),\n InstanceType = \"t3.micro\",\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\tubuntu, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{\n\t\t\tMostRecent: &opt0,\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", &ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"t3.micro\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Network and Credit Specification Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myVpc = new aws.ec2.Vpc(\"myVpc\", {\n cidrBlock: \"172.16.0.0/16\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst mySubnet = new aws.ec2.Subnet(\"mySubnet\", {\n vpcId: myVpc.id,\n cidrBlock: \"172.16.10.0/24\",\n availabilityZone: \"us-west-2a\",\n tags: {\n Name: \"tf-example\",\n },\n});\nconst fooNetworkInterface = new aws.ec2.NetworkInterface(\"fooNetworkInterface\", {\n subnetId: mySubnet.id,\n privateIps: [\"172.16.10.100\"],\n tags: {\n Name: \"primary_network_interface\",\n },\n});\nconst fooInstance = new aws.ec2.Instance(\"fooInstance\", {\n ami: \"ami-005e54dee72cc1d00\",\n instanceType: \"t2.micro\",\n networkInterfaces: [{\n networkInterfaceId: fooNetworkInterface.id,\n deviceIndex: 0,\n }],\n creditSpecification: {\n cpuCredits: \"unlimited\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_vpc = aws.ec2.Vpc(\"myVpc\",\n cidr_block=\"172.16.0.0/16\",\n tags={\n \"Name\": \"tf-example\",\n })\nmy_subnet = aws.ec2.Subnet(\"mySubnet\",\n vpc_id=my_vpc.id,\n cidr_block=\"172.16.10.0/24\",\n availability_zone=\"us-west-2a\",\n tags={\n \"Name\": \"tf-example\",\n })\nfoo_network_interface = aws.ec2.NetworkInterface(\"fooNetworkInterface\",\n subnet_id=my_subnet.id,\n private_ips=[\"172.16.10.100\"],\n tags={\n \"Name\": \"primary_network_interface\",\n })\nfoo_instance = aws.ec2.Instance(\"fooInstance\",\n ami=\"ami-005e54dee72cc1d00\",\n instance_type=\"t2.micro\",\n network_interfaces=[aws.ec2.InstanceNetworkInterfaceArgs(\n network_interface_id=foo_network_interface.id,\n device_index=0,\n )],\n credit_specification=aws.ec2.InstanceCreditSpecificationArgs(\n cpu_credits=\"unlimited\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myVpc = new Aws.Ec2.Vpc(\"myVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"172.16.0.0/16\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n var mySubnet = new Aws.Ec2.Subnet(\"mySubnet\", new Aws.Ec2.SubnetArgs\n {\n VpcId = myVpc.Id,\n CidrBlock = \"172.16.10.0/24\",\n AvailabilityZone = \"us-west-2a\",\n Tags = \n {\n { \"Name\", \"tf-example\" },\n },\n });\n var fooNetworkInterface = new Aws.Ec2.NetworkInterface(\"fooNetworkInterface\", new Aws.Ec2.NetworkInterfaceArgs\n {\n SubnetId = mySubnet.Id,\n PrivateIps = \n {\n \"172.16.10.100\",\n },\n Tags = \n {\n { \"Name\", \"primary_network_interface\" },\n },\n });\n var fooInstance = new Aws.Ec2.Instance(\"fooInstance\", new Aws.Ec2.InstanceArgs\n {\n Ami = \"ami-005e54dee72cc1d00\",\n InstanceType = \"t2.micro\",\n NetworkInterfaces = \n {\n new Aws.Ec2.Inputs.InstanceNetworkInterfaceArgs\n {\n NetworkInterfaceId = fooNetworkInterface.Id,\n DeviceIndex = 0,\n },\n },\n CreditSpecification = new Aws.Ec2.Inputs.InstanceCreditSpecificationArgs\n {\n CpuCredits = \"unlimited\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyVpc, err := ec2.NewVpc(ctx, \"myVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"172.16.0.0/16\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmySubnet, err := ec2.NewSubnet(ctx, \"mySubnet\", &ec2.SubnetArgs{\n\t\t\tVpcId: myVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"172.16.10.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooNetworkInterface, err := ec2.NewNetworkInterface(ctx, \"fooNetworkInterface\", &ec2.NetworkInterfaceArgs{\n\t\t\tSubnetId: mySubnet.ID(),\n\t\t\tPrivateIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"172.16.10.100\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"primary_network_interface\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"fooInstance\", &ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-005e54dee72cc1d00\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tNetworkInterfaces: ec2.InstanceNetworkInterfaceArray{\n\t\t\t\t&ec2.InstanceNetworkInterfaceArgs{\n\t\t\t\t\tNetworkInterfaceId: fooNetworkInterface.ID(),\n\t\t\t\t\tDeviceIndex: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCreditSpecification: &ec2.InstanceCreditSpecificationArgs{\n\t\t\t\tCpuCredits: pulumi.String(\"unlimited\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nInstances can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/instance:Instance web i-12345678\n```\n\n ", + "properties": { + "ami": { + "type": "string", + "description": "AMI to use for the instance. Required unless `launch_template` is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting `ami` will override the AMI specified in the Launch Template.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the instance.\n" + }, + "associatePublicIpAddress": { + "type": "boolean", + "description": "Whether to associate a public IP address with an instance in a VPC.\n" + }, + "availabilityZone": { + "type": "string", + "description": "AZ to start the instance in.\n" + }, + "capacityReservationSpecification": { + "$ref": "#/types/aws:ec2/InstanceCapacityReservationSpecification:InstanceCapacityReservationSpecification", + "description": "Describes an instance's Capacity Reservation targeting option. See Capacity Reservation Specification below for more details.\n" + }, + "cpuCoreCount": { + "type": "integer", + "description": "Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options [CPU Cores and Threads Per CPU Core Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values) - specifying this option for unsupported instance types will return an error from the EC2 API.\n" + }, + "cpuThreadsPerCore": { + "type": "integer", + "description": "If set to to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) for more information.\n" + }, + "creditSpecification": { + "$ref": "#/types/aws:ec2/InstanceCreditSpecification:InstanceCreditSpecification", + "description": "Configuration block for customizing the credit specification of the instance. See Credit Specification below for more details. the provider will only perform drift detection of its value when present in a configuration. Removing this configuration on existing instances will only stop managing it. It will not change the configuration back to the default for the instance type.\n" + }, + "disableApiTermination": { + "type": "boolean", + "description": "If true, enables [EC2 Instance Termination Protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination).\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/InstanceEbsBlockDevice:InstanceEbsBlockDevice" + }, + "description": "One or more configuration blocks with additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the [EBS Optimized section](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html) of the AWS User Guide for more information.\n" + }, + "enclaveOptions": { + "$ref": "#/types/aws:ec2/InstanceEnclaveOptions:InstanceEnclaveOptions", + "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/InstanceEphemeralBlockDevice:InstanceEphemeralBlockDevice" + }, + "description": "One or more configuration blocks to customize Ephemeral (also known as \"Instance Store\") volumes on the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "getPasswordData": { + "type": "boolean", + "description": "If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the `password_data` attribute. See [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) for more information.\n" + }, + "hibernation": { + "type": "boolean", + "description": "If true, the launched EC2 instance will support hibernation.\n" + }, + "hostId": { + "type": "string", + "description": "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.\n" + }, + "iamInstanceProfile": { + "type": "string", + "description": "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the [EC2 documentation](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html#roles-usingrole-ec2instance-permissions), notably `iam:PassRole`.\n" + }, + "instanceInitiatedShutdownBehavior": { + "type": "string", + "description": "Shutdown behavior for the instance. Amazon defaults this to `stop` for EBS-backed instances and `terminate` for instance-store instances. Cannot be set on instance-store instances. See [Shutdown Behavior](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior) for more information.\n" + }, + "instanceState": { + "type": "string", + "description": "The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped`. See [Instance Lifecycle](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html) for more information.\n", + "language": { + "csharp": { + "name": "State" + } + } + }, + "instanceType": { + "type": "string", + "description": "The instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance.\n" + }, + "ipv6AddressCount": { + "type": "integer", + "description": "A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.\n" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface\n" + }, + "keyName": { + "type": "string", + "description": "Key name of the Key Pair to use for the instance; which can be managed using the `aws.ec2.KeyPair` resource.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:ec2/InstanceLaunchTemplate:InstanceLaunchTemplate", + "description": "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template.\nSee Launch Template Specification below for more details.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/InstanceMetadataOptions:InstanceMetadataOptions", + "description": "Customize the metadata options of the instance. See Metadata Options below for more details.\n" + }, + "monitoring": { + "type": "boolean", + "description": "If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/InstanceNetworkInterface:InstanceNetworkInterface" + }, + "description": "Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.\n" + }, + "outpostArn": { + "type": "string", + "description": "The ARN of the Outpost the instance is assigned to.\n" + }, + "passwordData": { + "type": "string", + "description": "Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if `get_password_data` is true. Note that this encrypted value will be stored in the state file, as with all exported attributes. See [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) for more information.\n" + }, + "placementGroup": { + "type": "string", + "description": "Placement Group to start the instance in.\n" + }, + "primaryNetworkInterfaceId": { + "type": "string", + "description": "The ID of the instance's primary network interface.\n" + }, + "privateDns": { + "type": "string", + "description": "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC.\n" + }, + "privateIp": { + "type": "string", + "description": "Private IP address to associate with the instance in a VPC.\n" + }, + "publicDns": { + "type": "string", + "description": "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC.\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP address assigned to the instance, if applicable. **NOTE**: If you are using an `aws.ec2.Eip` with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached.\n" + }, + "rootBlockDevice": { + "$ref": "#/types/aws:ec2/InstanceRootBlockDevice:InstanceRootBlockDevice", + "description": "Configuration block to customize details about the root block device of the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a list containing one object.\n" + }, + "secondaryPrivateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface` block. Refer to the [Elastic network interfaces documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI) to see the maximum number of private IP addresses allowed per instance type.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.\n", + "deprecationMessage": "Use of `securityGroups` is discouraged as it does not allow for changes and will force your instance to be replaced if changes are made. To avoid this, use `vpcSecurityGroupIds` which allows for updates." + }, + "sourceDestCheck": { + "type": "boolean", + "description": "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.\n" + }, + "subnetId": { + "type": "string", + "description": "VPC Subnet ID to launch in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. Note that these tags apply to the instance and not block storage devices. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "tenancy": { + "type": "string", + "description": "Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command.\n" + }, + "userData": { + "type": "string", + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead.\n" + }, + "userDataBase64": { + "type": "string", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.\n" + }, + "volumeTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign, at instance-creation time, to root and EBS volumes.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with.\n" + } + }, + "required": [ + "ami", + "arn", + "associatePublicIpAddress", + "availabilityZone", + "capacityReservationSpecification", + "cpuCoreCount", + "cpuThreadsPerCore", + "disableApiTermination", + "ebsBlockDevices", + "ebsOptimized", + "enclaveOptions", + "ephemeralBlockDevices", + "hostId", + "instanceInitiatedShutdownBehavior", + "instanceState", + "instanceType", + "ipv6AddressCount", + "ipv6Addresses", + "keyName", + "metadataOptions", + "monitoring", + "networkInterfaces", + "outpostArn", + "passwordData", + "placementGroup", + "primaryNetworkInterfaceId", + "privateDns", + "privateIp", + "publicDns", + "publicIp", + "rootBlockDevice", + "secondaryPrivateIps", + "securityGroups", + "subnetId", + "tagsAll", + "tenancy", + "userData", + "userDataBase64", + "vpcSecurityGroupIds" + ], + "inputProperties": { + "ami": { + "type": "string", + "description": "AMI to use for the instance. Required unless `launch_template` is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting `ami` will override the AMI specified in the Launch Template.\n" + }, + "associatePublicIpAddress": { + "type": "boolean", + "description": "Whether to associate a public IP address with an instance in a VPC.\n" + }, + "availabilityZone": { + "type": "string", + "description": "AZ to start the instance in.\n" + }, + "capacityReservationSpecification": { + "$ref": "#/types/aws:ec2/InstanceCapacityReservationSpecification:InstanceCapacityReservationSpecification", + "description": "Describes an instance's Capacity Reservation targeting option. See Capacity Reservation Specification below for more details.\n" + }, + "cpuCoreCount": { + "type": "integer", + "description": "Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options [CPU Cores and Threads Per CPU Core Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values) - specifying this option for unsupported instance types will return an error from the EC2 API.\n" + }, + "cpuThreadsPerCore": { + "type": "integer", + "description": "If set to to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) for more information.\n" + }, + "creditSpecification": { + "$ref": "#/types/aws:ec2/InstanceCreditSpecification:InstanceCreditSpecification", + "description": "Configuration block for customizing the credit specification of the instance. See Credit Specification below for more details. the provider will only perform drift detection of its value when present in a configuration. Removing this configuration on existing instances will only stop managing it. It will not change the configuration back to the default for the instance type.\n" + }, + "disableApiTermination": { + "type": "boolean", + "description": "If true, enables [EC2 Instance Termination Protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination).\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/InstanceEbsBlockDevice:InstanceEbsBlockDevice" + }, + "description": "One or more configuration blocks with additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the [EBS Optimized section](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html) of the AWS User Guide for more information.\n" + }, + "enclaveOptions": { + "$ref": "#/types/aws:ec2/InstanceEnclaveOptions:InstanceEnclaveOptions", + "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/InstanceEphemeralBlockDevice:InstanceEphemeralBlockDevice" + }, + "description": "One or more configuration blocks to customize Ephemeral (also known as \"Instance Store\") volumes on the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "getPasswordData": { + "type": "boolean", + "description": "If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the `password_data` attribute. See [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) for more information.\n" + }, + "hibernation": { + "type": "boolean", + "description": "If true, the launched EC2 instance will support hibernation.\n" + }, + "hostId": { + "type": "string", + "description": "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.\n" + }, + "iamInstanceProfile": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/instanceProfile:InstanceProfile" + } + ], + "description": "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the [EC2 documentation](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html#roles-usingrole-ec2instance-permissions), notably `iam:PassRole`.\n" + }, + "instanceInitiatedShutdownBehavior": { + "type": "string", + "description": "Shutdown behavior for the instance. Amazon defaults this to `stop` for EBS-backed instances and `terminate` for instance-store instances. Cannot be set on instance-store instances. See [Shutdown Behavior](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior) for more information.\n" + }, + "instanceType": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/InstanceType:InstanceType" + } + ], + "description": "The instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance.\n" + }, + "ipv6AddressCount": { + "type": "integer", + "description": "A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.\n" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface\n" + }, + "keyName": { + "type": "string", + "description": "Key name of the Key Pair to use for the instance; which can be managed using the `aws.ec2.KeyPair` resource.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:ec2/InstanceLaunchTemplate:InstanceLaunchTemplate", + "description": "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template.\nSee Launch Template Specification below for more details.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/InstanceMetadataOptions:InstanceMetadataOptions", + "description": "Customize the metadata options of the instance. See Metadata Options below for more details.\n" + }, + "monitoring": { + "type": "boolean", + "description": "If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/InstanceNetworkInterface:InstanceNetworkInterface" + }, + "description": "Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.\n" + }, + "placementGroup": { + "type": "string", + "description": "Placement Group to start the instance in.\n" + }, + "privateIp": { + "type": "string", + "description": "Private IP address to associate with the instance in a VPC.\n" + }, + "rootBlockDevice": { + "$ref": "#/types/aws:ec2/InstanceRootBlockDevice:InstanceRootBlockDevice", + "description": "Configuration block to customize details about the root block device of the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a list containing one object.\n" + }, + "secondaryPrivateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface` block. Refer to the [Elastic network interfaces documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI) to see the maximum number of private IP addresses allowed per instance type.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.\n", + "deprecationMessage": "Use of `securityGroups` is discouraged as it does not allow for changes and will force your instance to be replaced if changes are made. To avoid this, use `vpcSecurityGroupIds` which allows for updates." + }, + "sourceDestCheck": { + "type": "boolean", + "description": "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.\n" + }, + "subnetId": { + "type": "string", + "description": "VPC Subnet ID to launch in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. Note that these tags apply to the instance and not block storage devices. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "tenancy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/Tenancy:Tenancy" + } + ], + "description": "Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command.\n" + }, + "userData": { + "type": "string", + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead.\n" + }, + "userDataBase64": { + "type": "string", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.\n" + }, + "volumeTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign, at instance-creation time, to root and EBS volumes.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Instance resources.\n", + "properties": { + "ami": { + "type": "string", + "description": "AMI to use for the instance. Required unless `launch_template` is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting `ami` will override the AMI specified in the Launch Template.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the instance.\n" + }, + "associatePublicIpAddress": { + "type": "boolean", + "description": "Whether to associate a public IP address with an instance in a VPC.\n" + }, + "availabilityZone": { + "type": "string", + "description": "AZ to start the instance in.\n" + }, + "capacityReservationSpecification": { + "$ref": "#/types/aws:ec2/InstanceCapacityReservationSpecification:InstanceCapacityReservationSpecification", + "description": "Describes an instance's Capacity Reservation targeting option. See Capacity Reservation Specification below for more details.\n" + }, + "cpuCoreCount": { + "type": "integer", + "description": "Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options [CPU Cores and Threads Per CPU Core Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values) - specifying this option for unsupported instance types will return an error from the EC2 API.\n" + }, + "cpuThreadsPerCore": { + "type": "integer", + "description": "If set to to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) for more information.\n" + }, + "creditSpecification": { + "$ref": "#/types/aws:ec2/InstanceCreditSpecification:InstanceCreditSpecification", + "description": "Configuration block for customizing the credit specification of the instance. See Credit Specification below for more details. the provider will only perform drift detection of its value when present in a configuration. Removing this configuration on existing instances will only stop managing it. It will not change the configuration back to the default for the instance type.\n" + }, + "disableApiTermination": { + "type": "boolean", + "description": "If true, enables [EC2 Instance Termination Protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination).\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/InstanceEbsBlockDevice:InstanceEbsBlockDevice" + }, + "description": "One or more configuration blocks with additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the [EBS Optimized section](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html) of the AWS User Guide for more information.\n" + }, + "enclaveOptions": { + "$ref": "#/types/aws:ec2/InstanceEnclaveOptions:InstanceEnclaveOptions", + "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/InstanceEphemeralBlockDevice:InstanceEphemeralBlockDevice" + }, + "description": "One or more configuration blocks to customize Ephemeral (also known as \"Instance Store\") volumes on the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "getPasswordData": { + "type": "boolean", + "description": "If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the `password_data` attribute. See [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) for more information.\n" + }, + "hibernation": { + "type": "boolean", + "description": "If true, the launched EC2 instance will support hibernation.\n" + }, + "hostId": { + "type": "string", + "description": "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.\n" + }, + "iamInstanceProfile": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/instanceProfile:InstanceProfile" + } + ], + "description": "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the [EC2 documentation](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html#roles-usingrole-ec2instance-permissions), notably `iam:PassRole`.\n" + }, + "instanceInitiatedShutdownBehavior": { + "type": "string", + "description": "Shutdown behavior for the instance. Amazon defaults this to `stop` for EBS-backed instances and `terminate` for instance-store instances. Cannot be set on instance-store instances. See [Shutdown Behavior](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior) for more information.\n" + }, + "instanceState": { + "type": "string", + "description": "The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped`. See [Instance Lifecycle](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html) for more information.\n", + "language": { + "csharp": { + "name": "State" + } + } + }, + "instanceType": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/InstanceType:InstanceType" + } + ], + "description": "The instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance.\n" + }, + "ipv6AddressCount": { + "type": "integer", + "description": "A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.\n" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface\n" + }, + "keyName": { + "type": "string", + "description": "Key name of the Key Pair to use for the instance; which can be managed using the `aws.ec2.KeyPair` resource.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:ec2/InstanceLaunchTemplate:InstanceLaunchTemplate", + "description": "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template.\nSee Launch Template Specification below for more details.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/InstanceMetadataOptions:InstanceMetadataOptions", + "description": "Customize the metadata options of the instance. See Metadata Options below for more details.\n" + }, + "monitoring": { + "type": "boolean", + "description": "If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/InstanceNetworkInterface:InstanceNetworkInterface" + }, + "description": "Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.\n" + }, + "outpostArn": { + "type": "string", + "description": "The ARN of the Outpost the instance is assigned to.\n" + }, + "passwordData": { + "type": "string", + "description": "Base-64 encoded encrypted password data for the instance. Useful for getting the administrator password for instances running Microsoft Windows. This attribute is only exported if `get_password_data` is true. Note that this encrypted value will be stored in the state file, as with all exported attributes. See [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) for more information.\n" + }, + "placementGroup": { + "type": "string", + "description": "Placement Group to start the instance in.\n" + }, + "primaryNetworkInterfaceId": { + "type": "string", + "description": "The ID of the instance's primary network interface.\n" + }, + "privateDns": { + "type": "string", + "description": "The private DNS name assigned to the instance. Can only be used inside the Amazon EC2, and only available if you've enabled DNS hostnames for your VPC.\n" + }, + "privateIp": { + "type": "string", + "description": "Private IP address to associate with the instance in a VPC.\n" + }, + "publicDns": { + "type": "string", + "description": "The public DNS name assigned to the instance. For EC2-VPC, this is only available if you've enabled DNS hostnames for your VPC.\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP address assigned to the instance, if applicable. **NOTE**: If you are using an `aws.ec2.Eip` with your instance, you should refer to the EIP's address directly and not use `public_ip` as this field will change after the EIP is attached.\n" + }, + "rootBlockDevice": { + "$ref": "#/types/aws:ec2/InstanceRootBlockDevice:InstanceRootBlockDevice", + "description": "Configuration block to customize details about the root block device of the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a list containing one object.\n" + }, + "secondaryPrivateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface` block. Refer to the [Elastic network interfaces documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI) to see the maximum number of private IP addresses allowed per instance type.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.\n", + "deprecationMessage": "Use of `securityGroups` is discouraged as it does not allow for changes and will force your instance to be replaced if changes are made. To avoid this, use `vpcSecurityGroupIds` which allows for updates." + }, + "sourceDestCheck": { + "type": "boolean", + "description": "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.\n" + }, + "subnetId": { + "type": "string", + "description": "VPC Subnet ID to launch in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. Note that these tags apply to the instance and not block storage devices. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "tenancy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/Tenancy:Tenancy" + } + ], + "description": "Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command.\n" + }, + "userData": { + "type": "string", + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead.\n" + }, + "userDataBase64": { + "type": "string", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.\n" + }, + "volumeTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign, at instance-creation time, to root and EBS volumes.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/internetGateway:InternetGateway": { + "description": "Provides a resource to create a VPC Internet Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst gw = new aws.ec2.InternetGateway(\"gw\", {\n vpcId: aws_vpc.main.id,\n tags: {\n Name: \"main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngw = aws.ec2.InternetGateway(\"gw\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n tags={\n \"Name\": \"main\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new Aws.Ec2.InternetGatewayArgs\n {\n VpcId = aws_vpc.Main.Id,\n Tags = \n {\n { \"Name\", \"main\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewInternetGateway(ctx, \"gw\", &ec2.InternetGatewayArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nInternet Gateways can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/internetGateway:InternetGateway gw igw-c0a643a9\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Internet Gateway.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the internet gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID to create in.\n" + } + }, + "required": [ + "arn", + "ownerId", + "tagsAll" + ], + "inputProperties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID to create in.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering InternetGateway resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Internet Gateway.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the internet gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID to create in.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/keyPair:KeyPair": { + "description": "Provides an [EC2 key pair](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html) resource. A key pair is used to control login access to EC2 instances.\n\nCurrently this resource requires an existing user-supplied key pair. This key pair's public key will be registered with AWS to allow logging-in to EC2 instances.\n\nWhen importing an existing key pair the public key material may be in any format supported by AWS. Supported formats (per the [AWS documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#how-to-generate-your-own-key-and-import-it-to-aws)) are:\n\n* OpenSSH public key format (the format in ~/.ssh/authorized_keys)\n* Base64 encoded DER format\n* SSH public key file format as specified in RFC4716\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst deployer = new aws.ec2.KeyPair(\"deployer\", {\n publicKey: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndeployer = aws.ec2.KeyPair(\"deployer\", public_key=\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var deployer = new Aws.Ec2.KeyPair(\"deployer\", new Aws.Ec2.KeyPairArgs\n {\n PublicKey = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewKeyPair(ctx, \"deployer\", &ec2.KeyPairArgs{\n\t\t\tPublicKey: pulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nKey Pairs can be imported using the `key_name`, e.g.\n\n```sh\n $ pulumi import aws:ec2/keyPair:KeyPair deployer deployer-key\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The key pair ARN.\n" + }, + "fingerprint": { + "type": "string", + "description": "The MD5 public key fingerprint as specified in section 4 of RFC 4716.\n" + }, + "keyName": { + "type": "string", + "description": "The name for the key pair.\n" + }, + "keyNamePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `key_name`.\n" + }, + "keyPairId": { + "type": "string", + "description": "The key pair ID.\n" + }, + "publicKey": { + "type": "string", + "description": "The public key material.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "fingerprint", + "keyName", + "keyPairId", + "publicKey", + "tagsAll" + ], + "inputProperties": { + "keyName": { + "type": "string", + "description": "The name for the key pair.\n" + }, + "keyNamePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `key_name`.\n" + }, + "publicKey": { + "type": "string", + "description": "The public key material.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "publicKey" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering KeyPair resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The key pair ARN.\n" + }, + "fingerprint": { + "type": "string", + "description": "The MD5 public key fingerprint as specified in section 4 of RFC 4716.\n" + }, + "keyName": { + "type": "string", + "description": "The name for the key pair.\n" + }, + "keyNamePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `key_name`.\n" + }, + "keyPairId": { + "type": "string", + "description": "The key pair ID.\n" + }, + "publicKey": { + "type": "string", + "description": "The public key material.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:ec2/launchConfiguration:LaunchConfiguration": { + "description": "Provides a resource to create a new launch configuration, used for autoscaling groups.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst asConf = new aws.ec2.LaunchConfiguration(\"asConf\", {\n imageId: ubuntu.then(ubuntu => ubuntu.id),\n instanceType: \"t2.micro\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nas_conf = aws.ec2.LaunchConfiguration(\"asConf\",\n image_id=ubuntu.id,\n instance_type=\"t2.micro\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ubuntu = Output.Create(Aws.Ec2.GetAmi.InvokeAsync(new Aws.Ec2.GetAmiArgs\n {\n MostRecent = true,\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"virtualization-type\",\n Values = \n {\n \"hvm\",\n },\n },\n },\n Owners = \n {\n \"099720109477\",\n },\n }));\n var asConf = new Aws.Ec2.LaunchConfiguration(\"asConf\", new Aws.Ec2.LaunchConfigurationArgs\n {\n ImageId = ubuntu.Apply(ubuntu => ubuntu.Id),\n InstanceType = \"t2.micro\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\tubuntu, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{\n\t\t\tMostRecent: &opt0,\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewLaunchConfiguration(ctx, \"asConf\", &ec2.LaunchConfigurationArgs{\n\t\t\tImageId: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Using with AutoScaling Groups\n\nLaunch Configurations cannot be updated after creation with the Amazon\nWeb Service API. In order to update a Launch Configuration, this provider will\ndestroy the existing resource and create a replacement. In order to effectively\nuse a Launch Configuration resource with an [AutoScaling Group resource](https://www.terraform.io/docs/providers/aws/r/autoscaling_group.html),\nit's recommended to specify `create_before_destroy` in a [lifecycle](https://www.terraform.io/docs/configuration/meta-arguments/lifecycle.html) block.\nEither omit the Launch Configuration `name` attribute, or specify a partial name\nwith `name_prefix`. Example:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst asConf = new aws.ec2.LaunchConfiguration(\"asConf\", {\n namePrefix: \"lc-example-\",\n imageId: ubuntu.then(ubuntu => ubuntu.id),\n instanceType: \"t2.micro\",\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {\n launchConfiguration: asConf.name,\n minSize: 1,\n maxSize: 2,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nas_conf = aws.ec2.LaunchConfiguration(\"asConf\",\n name_prefix=\"lc-example-\",\n image_id=ubuntu.id,\n instance_type=\"t2.micro\")\nbar = aws.autoscaling.Group(\"bar\",\n launch_configuration=as_conf.name,\n min_size=1,\n max_size=2)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ubuntu = Output.Create(Aws.Ec2.GetAmi.InvokeAsync(new Aws.Ec2.GetAmiArgs\n {\n MostRecent = true,\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"virtualization-type\",\n Values = \n {\n \"hvm\",\n },\n },\n },\n Owners = \n {\n \"099720109477\",\n },\n }));\n var asConf = new Aws.Ec2.LaunchConfiguration(\"asConf\", new Aws.Ec2.LaunchConfigurationArgs\n {\n NamePrefix = \"lc-example-\",\n ImageId = ubuntu.Apply(ubuntu => ubuntu.Id),\n InstanceType = \"t2.micro\",\n });\n var bar = new Aws.AutoScaling.Group(\"bar\", new Aws.AutoScaling.GroupArgs\n {\n LaunchConfiguration = asConf.Name,\n MinSize = 1,\n MaxSize = 2,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\tubuntu, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{\n\t\t\tMostRecent: &opt0,\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tasConf, err := ec2.NewLaunchConfiguration(ctx, \"asConf\", &ec2.LaunchConfigurationArgs{\n\t\t\tNamePrefix: pulumi.String(\"lc-example-\"),\n\t\t\tImageId: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", &autoscaling.GroupArgs{\n\t\t\tLaunchConfiguration: asConf.Name,\n\t\t\tMinSize: pulumi.Int(1),\n\t\t\tMaxSize: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nWith this setup this provider generates a unique name for your Launch\nConfiguration and can then update the AutoScaling Group without conflict before\ndestroying the previous Launch Configuration.\n\n## Using with Spot Instances\n\nLaunch configurations can set the spot instance pricing to be used for the\nAuto Scaling Group to reserve instances. Simply specifying the `spot_price`\nparameter will set the price on the Launch Configuration which will attempt to\nreserve your instances at this price. See the [AWS Spot Instance\ndocumentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html)\nfor more information or how to launch [Spot Instances](https://www.terraform.io/docs/providers/aws/r/spot_instance_request.html) with this provider.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = aws.ec2.getAmi({\n mostRecent: true,\n filters: [\n {\n name: \"name\",\n values: [\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n owners: [\"099720109477\"],\n});\nconst asConf = new aws.ec2.LaunchConfiguration(\"asConf\", {\n imageId: ubuntu.then(ubuntu => ubuntu.id),\n instanceType: \"m4.large\",\n spotPrice: \"0.001\",\n});\nconst bar = new aws.autoscaling.Group(\"bar\", {launchConfiguration: asConf.name});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami(most_recent=True,\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n owners=[\"099720109477\"])\nas_conf = aws.ec2.LaunchConfiguration(\"asConf\",\n image_id=ubuntu.id,\n instance_type=\"m4.large\",\n spot_price=\"0.001\")\nbar = aws.autoscaling.Group(\"bar\", launch_configuration=as_conf.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ubuntu = Output.Create(Aws.Ec2.GetAmi.InvokeAsync(new Aws.Ec2.GetAmiArgs\n {\n MostRecent = true,\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"virtualization-type\",\n Values = \n {\n \"hvm\",\n },\n },\n },\n Owners = \n {\n \"099720109477\",\n },\n }));\n var asConf = new Aws.Ec2.LaunchConfiguration(\"asConf\", new Aws.Ec2.LaunchConfigurationArgs\n {\n ImageId = ubuntu.Apply(ubuntu => ubuntu.Id),\n InstanceType = \"m4.large\",\n SpotPrice = \"0.001\",\n });\n var bar = new Aws.AutoScaling.Group(\"bar\", new Aws.AutoScaling.GroupArgs\n {\n LaunchConfiguration = asConf.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\tubuntu, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{\n\t\t\tMostRecent: &opt0,\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tasConf, err := ec2.NewLaunchConfiguration(ctx, \"asConf\", &ec2.LaunchConfigurationArgs{\n\t\t\tImageId: pulumi.String(ubuntu.Id),\n\t\t\tInstanceType: pulumi.String(\"m4.large\"),\n\t\t\tSpotPrice: pulumi.String(\"0.001\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewGroup(ctx, \"bar\", &autoscaling.GroupArgs{\n\t\t\tLaunchConfiguration: asConf.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Block devices\n\nEach of the `*_block_device` attributes controls a portion of the AWS\nLaunch Configuration's \"Block Device Mapping\". It's a good idea to familiarize yourself with [AWS's Block Device\nMapping docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html)\nto understand the implications of using these attributes.\n\nThe `root_block_device` mapping supports the following:\n\n* `volume_type` - (Optional) The type of volume. Can be `\"standard\"`, `\"gp2\"`, `\"gp3\"`, `\"st1\"`, `\"sc1\"`\n or `\"io1\"`. (Default: `\"standard\"`).\n* `volume_size` - (Optional) The size of the volume in gigabytes.\n* `iops` - (Optional) The amount of provisioned\n [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html).\n This must be set with a `volume_type` of `\"io1\"`.\n* `throughput` - (Optional) The throughput (MiBps) to provision for a `gp3` volume.\n* `delete_on_termination` - (Optional) Whether the volume should be destroyed\n on instance termination (Default: `true`).\n* `encrypted` - (Optional) Whether the volume should be encrypted or not. (Default: `false`).\n\nModifying any of the `root_block_device` settings requires resource\nreplacement.\n\nEach `ebs_block_device` supports the following:\n\n* `device_name` - (Required) The name of the device to mount.\n* `snapshot_id` - (Optional) The Snapshot ID to mount.\n* `volume_type` - (Optional) The type of volume. Can be `\"standard\"`, `\"gp2\"`, `\"gp3\"`, `\"st1\"`, `\"sc1\"`\n or `\"io1\"`. (Default: `\"standard\"`).\n* `volume_size` - (Optional) The size of the volume in gigabytes.\n* `iops` - (Optional) The amount of provisioned\n [IOPS](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html).\n This must be set with a `volume_type` of `\"io1\"`.\n* `throughput` - (Optional) The throughput (MiBps) to provision for a `gp3` volume.\n* `delete_on_termination` - (Optional) Whether the volume should be destroyed\n on instance termination (Default: `true`).\n* `encrypted` - (Optional) Whether the volume should be encrypted or not. Do not use this option if you are using `snapshot_id` as the encrypted flag will be determined by the snapshot. (Default: `false`).\n* `no_device` - (Optional) Whether the device in the block device mapping of the AMI is suppressed.\n\nModifying any `ebs_block_device` currently requires resource replacement.\n\nEach `ephemeral_block_device` supports the following:\n\n* `device_name` - The name of the block device to mount on the instance.\n* `virtual_name` - The [Instance Store Device\n Name](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames)\n (e.g. `\"ephemeral0\"`)\n\nEach AWS Instance type has a different set of Instance Store block devices\navailable for attachment. AWS [publishes a\nlist](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#StorageOnInstanceTypes)\nof which ephemeral devices are available on each type. The devices are always\nidentified by the `virtual_name` in the format `\"ephemeral{0..N}\"`.\n\n> **NOTE:** Changes to `*_block_device` configuration of _existing_ resources\ncannot currently be detected by this provider. After updating to block device\nconfiguration, resource recreation can be manually triggered by using the\n[`up` command with the --replace argument](https://www.pulumi.com/docs/reference/cli/pulumi_up/).\n\n\n## Import\n\nLaunch configurations can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:ec2/launchConfiguration:LaunchConfiguration as_conf lg-123456\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the launch configuration.\n" + }, + "associatePublicIpAddress": { + "type": "boolean", + "description": "Associate a public ip address with an instance in a VPC.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchConfigurationEbsBlockDevice:LaunchConfigurationEbsBlockDevice" + }, + "description": "Additional EBS block devices to attach to the\ninstance. See Block Devices below for details.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized.\n" + }, + "enableMonitoring": { + "type": "boolean", + "description": "Enables/disables detailed monitoring. This is enabled by default.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchConfigurationEphemeralBlockDevice:LaunchConfigurationEphemeralBlockDevice" + }, + "description": "Customize Ephemeral (also known as\n\"Instance Store\") volumes on the instance. See Block Devices below for details.\n" + }, + "iamInstanceProfile": { + "type": "string", + "description": "The name attribute of the IAM instance profile to associate\nwith launched instances.\n" + }, + "imageId": { + "type": "string", + "description": "The EC2 image ID to launch.\n" + }, + "instanceType": { + "type": "string", + "description": "The size of instance to launch.\n" + }, + "keyName": { + "type": "string", + "description": "The key name that should be used for the instance.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/LaunchConfigurationMetadataOptions:LaunchConfigurationMetadataOptions", + "description": "The metadata options for the instance.\n" + }, + "name": { + "type": "string", + "description": "The name of the launch configuration. If you leave\nthis blank, this provider will auto-generate a unique name. Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "placementTenancy": { + "type": "string", + "description": "The tenancy of the instance. Valid values are\n`\"default\"` or `\"dedicated\"`, see [AWS's Create Launch Configuration](http://docs.aws.amazon.com/AutoScaling/latest/APIReference/API_CreateLaunchConfiguration.html)\nfor more details\n" + }, + "rootBlockDevice": { + "$ref": "#/types/aws:ec2/LaunchConfigurationRootBlockDevice:LaunchConfigurationRootBlockDevice", + "description": "Customize details about the root block\ndevice of the instance. See Block Devices below for details.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of associated security group IDS.\n" + }, + "spotPrice": { + "type": "string", + "description": "The maximum price to use for reserving spot instances.\n" + }, + "userData": { + "type": "string", + "description": "The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead.\n" + }, + "userDataBase64": { + "type": "string", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.\n" + }, + "vpcClassicLinkId": { + "type": "string", + "description": "The ID of a ClassicLink-enabled VPC. Only applies to EC2-Classic instances. (eg. `vpc-2730681a`)\n" + }, + "vpcClassicLinkSecurityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IDs of one or more security groups for the specified ClassicLink-enabled VPC (eg. `sg-46ae3d11`).\n" + } + }, + "required": [ + "arn", + "ebsBlockDevices", + "ebsOptimized", + "imageId", + "instanceType", + "keyName", + "metadataOptions", + "name", + "namePrefix", + "rootBlockDevice" + ], + "inputProperties": { + "associatePublicIpAddress": { + "type": "boolean", + "description": "Associate a public ip address with an instance in a VPC.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchConfigurationEbsBlockDevice:LaunchConfigurationEbsBlockDevice" + }, + "description": "Additional EBS block devices to attach to the\ninstance. See Block Devices below for details.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized.\n" + }, + "enableMonitoring": { + "type": "boolean", + "description": "Enables/disables detailed monitoring. This is enabled by default.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchConfigurationEphemeralBlockDevice:LaunchConfigurationEphemeralBlockDevice" + }, + "description": "Customize Ephemeral (also known as\n\"Instance Store\") volumes on the instance. See Block Devices below for details.\n" + }, + "iamInstanceProfile": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/instanceProfile:InstanceProfile" + } + ], + "description": "The name attribute of the IAM instance profile to associate\nwith launched instances.\n" + }, + "imageId": { + "type": "string", + "description": "The EC2 image ID to launch.\n" + }, + "instanceType": { + "type": "string", + "description": "The size of instance to launch.\n" + }, + "keyName": { + "type": "string", + "description": "The key name that should be used for the instance.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/LaunchConfigurationMetadataOptions:LaunchConfigurationMetadataOptions", + "description": "The metadata options for the instance.\n" + }, + "name": { + "type": "string", + "description": "The name of the launch configuration. If you leave\nthis blank, this provider will auto-generate a unique name. Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "placementTenancy": { + "type": "string", + "description": "The tenancy of the instance. Valid values are\n`\"default\"` or `\"dedicated\"`, see [AWS's Create Launch Configuration](http://docs.aws.amazon.com/AutoScaling/latest/APIReference/API_CreateLaunchConfiguration.html)\nfor more details\n" + }, + "rootBlockDevice": { + "$ref": "#/types/aws:ec2/LaunchConfigurationRootBlockDevice:LaunchConfigurationRootBlockDevice", + "description": "Customize details about the root block\ndevice of the instance. See Block Devices below for details.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of associated security group IDS.\n" + }, + "spotPrice": { + "type": "string", + "description": "The maximum price to use for reserving spot instances.\n" + }, + "userData": { + "type": "string", + "description": "The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead.\n" + }, + "userDataBase64": { + "type": "string", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.\n" + }, + "vpcClassicLinkId": { + "type": "string", + "description": "The ID of a ClassicLink-enabled VPC. Only applies to EC2-Classic instances. (eg. `vpc-2730681a`)\n" + }, + "vpcClassicLinkSecurityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IDs of one or more security groups for the specified ClassicLink-enabled VPC (eg. `sg-46ae3d11`).\n" + } + }, + "requiredInputs": [ + "imageId", + "instanceType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LaunchConfiguration resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the launch configuration.\n" + }, + "associatePublicIpAddress": { + "type": "boolean", + "description": "Associate a public ip address with an instance in a VPC.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchConfigurationEbsBlockDevice:LaunchConfigurationEbsBlockDevice" + }, + "description": "Additional EBS block devices to attach to the\ninstance. See Block Devices below for details.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized.\n" + }, + "enableMonitoring": { + "type": "boolean", + "description": "Enables/disables detailed monitoring. This is enabled by default.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchConfigurationEphemeralBlockDevice:LaunchConfigurationEphemeralBlockDevice" + }, + "description": "Customize Ephemeral (also known as\n\"Instance Store\") volumes on the instance. See Block Devices below for details.\n" + }, + "iamInstanceProfile": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/instanceProfile:InstanceProfile" + } + ], + "description": "The name attribute of the IAM instance profile to associate\nwith launched instances.\n" + }, + "imageId": { + "type": "string", + "description": "The EC2 image ID to launch.\n" + }, + "instanceType": { + "type": "string", + "description": "The size of instance to launch.\n" + }, + "keyName": { + "type": "string", + "description": "The key name that should be used for the instance.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/LaunchConfigurationMetadataOptions:LaunchConfigurationMetadataOptions", + "description": "The metadata options for the instance.\n" + }, + "name": { + "type": "string", + "description": "The name of the launch configuration. If you leave\nthis blank, this provider will auto-generate a unique name. Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "placementTenancy": { + "type": "string", + "description": "The tenancy of the instance. Valid values are\n`\"default\"` or `\"dedicated\"`, see [AWS's Create Launch Configuration](http://docs.aws.amazon.com/AutoScaling/latest/APIReference/API_CreateLaunchConfiguration.html)\nfor more details\n" + }, + "rootBlockDevice": { + "$ref": "#/types/aws:ec2/LaunchConfigurationRootBlockDevice:LaunchConfigurationRootBlockDevice", + "description": "Customize details about the root block\ndevice of the instance. See Block Devices below for details.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of associated security group IDS.\n" + }, + "spotPrice": { + "type": "string", + "description": "The maximum price to use for reserving spot instances.\n" + }, + "userData": { + "type": "string", + "description": "The user data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead.\n" + }, + "userDataBase64": { + "type": "string", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.\n" + }, + "vpcClassicLinkId": { + "type": "string", + "description": "The ID of a ClassicLink-enabled VPC. Only applies to EC2-Classic instances. (eg. `vpc-2730681a`)\n" + }, + "vpcClassicLinkSecurityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IDs of one or more security groups for the specified ClassicLink-enabled VPC (eg. `sg-46ae3d11`).\n" + } + }, + "type": "object" + } + }, + "aws:ec2/launchTemplate:LaunchTemplate": { + "description": "Provides an EC2 launch template resource. Can be used to create instances or auto scaling groups.\n\n\n## Import\n\nLaunch Templates can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/launchTemplate:LaunchTemplate web lt-12345678\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the instance profile.\n" + }, + "blockDeviceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateBlockDeviceMapping:LaunchTemplateBlockDeviceMapping" + }, + "description": "Specify volumes to attach to the instance besides the volumes specified by the AMI.\nSee Block Devices below for details.\n" + }, + "capacityReservationSpecification": { + "$ref": "#/types/aws:ec2/LaunchTemplateCapacityReservationSpecification:LaunchTemplateCapacityReservationSpecification", + "description": "Targeting for EC2 capacity reservations. See Capacity Reservation Specification below for more details.\n" + }, + "cpuOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateCpuOptions:LaunchTemplateCpuOptions", + "description": "The CPU options for the instance. See CPU Options below for more details.\n" + }, + "creditSpecification": { + "$ref": "#/types/aws:ec2/LaunchTemplateCreditSpecification:LaunchTemplateCreditSpecification", + "description": "Customize the credit specification of the instance. See Credit\nSpecification below for more details.\n" + }, + "defaultVersion": { + "type": "integer", + "description": "Default Version of the launch template.\n" + }, + "description": { + "type": "string", + "description": "Description of the launch template.\n" + }, + "disableApiTermination": { + "type": "boolean", + "description": "If `true`, enables [EC2 Instance\nTermination Protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination)\n" + }, + "ebsOptimized": { + "type": "string", + "description": "If `true`, the launched EC2 instance will be EBS-optimized.\n" + }, + "elasticGpuSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateElasticGpuSpecification:LaunchTemplateElasticGpuSpecification" + }, + "description": "The elastic GPU to attach to the instance. See Elastic GPU\nbelow for more details.\n" + }, + "elasticInferenceAccelerator": { + "$ref": "#/types/aws:ec2/LaunchTemplateElasticInferenceAccelerator:LaunchTemplateElasticInferenceAccelerator", + "description": "Configuration block containing an Elastic Inference Accelerator to attach to the instance. See Elastic Inference Accelerator below for more details.\n" + }, + "enclaveOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateEnclaveOptions:LaunchTemplateEnclaveOptions", + "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.\n" + }, + "hibernationOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateHibernationOptions:LaunchTemplateHibernationOptions", + "description": "The hibernation options for the instance. See Hibernation Options below for more details.\n" + }, + "iamInstanceProfile": { + "$ref": "#/types/aws:ec2/LaunchTemplateIamInstanceProfile:LaunchTemplateIamInstanceProfile", + "description": "The IAM Instance Profile to launch the instance with. See Instance Profile\nbelow for more details.\n" + }, + "imageId": { + "type": "string", + "description": "The AMI from which to launch the instance.\n" + }, + "instanceInitiatedShutdownBehavior": { + "type": "string", + "description": "Shutdown behavior for the instance. Can be `stop` or `terminate`.\n(Default: `stop`).\n" + }, + "instanceMarketOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateInstanceMarketOptions:LaunchTemplateInstanceMarketOptions", + "description": "The market (purchasing) option for the instance. See Market Options\nbelow for details.\n" + }, + "instanceType": { + "type": "string", + "description": "The type of the instance.\n" + }, + "kernelId": { + "type": "string", + "description": "The kernel ID.\n" + }, + "keyName": { + "type": "string", + "description": "The key name to use for the instance.\n" + }, + "latestVersion": { + "type": "integer", + "description": "The latest version of the launch template.\n" + }, + "licenseSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateLicenseSpecification:LaunchTemplateLicenseSpecification" + }, + "description": "A list of license specifications to associate with. See License Specification below for more details.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateMetadataOptions:LaunchTemplateMetadataOptions", + "description": "Customize the metadata options for the instance. See Metadata Options below for more details.\n" + }, + "monitoring": { + "$ref": "#/types/aws:ec2/LaunchTemplateMonitoring:LaunchTemplateMonitoring", + "description": "The monitoring option for the instance. See Monitoring below for more details.\n" + }, + "name": { + "type": "string", + "description": "The name of the launch template. If you leave this blank, this provider will auto-generate a unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateNetworkInterface:LaunchTemplateNetworkInterface" + }, + "description": "Customize network interfaces to be attached at instance boot time. See Network\nInterfaces below for more details.\n" + }, + "placement": { + "$ref": "#/types/aws:ec2/LaunchTemplatePlacement:LaunchTemplatePlacement", + "description": "The placement of the instance. See Placement below for more details.\n" + }, + "ramDiskId": { + "type": "string", + "description": "The ID of the RAM disk.\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group names to associate with. If you are creating Instances in a VPC, use\n`vpc_security_group_ids` instead.\n" + }, + "tagSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateTagSpecification:LaunchTemplateTagSpecification" + }, + "description": "The tags to apply to the resources during launch. See Tag Specifications below for more details.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the launch template. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "updateDefaultVersion": { + "type": "boolean", + "description": "Whether to update Default Version each update. Conflicts with `default_version`.\n" + }, + "userData": { + "type": "string", + "description": "The Base64-encoded user data to provide when launching the instance.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with.\n" + } + }, + "required": [ + "arn", + "defaultVersion", + "latestVersion", + "metadataOptions", + "name", + "namePrefix", + "tagsAll" + ], + "inputProperties": { + "blockDeviceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateBlockDeviceMapping:LaunchTemplateBlockDeviceMapping" + }, + "description": "Specify volumes to attach to the instance besides the volumes specified by the AMI.\nSee Block Devices below for details.\n" + }, + "capacityReservationSpecification": { + "$ref": "#/types/aws:ec2/LaunchTemplateCapacityReservationSpecification:LaunchTemplateCapacityReservationSpecification", + "description": "Targeting for EC2 capacity reservations. See Capacity Reservation Specification below for more details.\n" + }, + "cpuOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateCpuOptions:LaunchTemplateCpuOptions", + "description": "The CPU options for the instance. See CPU Options below for more details.\n" + }, + "creditSpecification": { + "$ref": "#/types/aws:ec2/LaunchTemplateCreditSpecification:LaunchTemplateCreditSpecification", + "description": "Customize the credit specification of the instance. See Credit\nSpecification below for more details.\n" + }, + "defaultVersion": { + "type": "integer", + "description": "Default Version of the launch template.\n" + }, + "description": { + "type": "string", + "description": "Description of the launch template.\n" + }, + "disableApiTermination": { + "type": "boolean", + "description": "If `true`, enables [EC2 Instance\nTermination Protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination)\n" + }, + "ebsOptimized": { + "type": "string", + "description": "If `true`, the launched EC2 instance will be EBS-optimized.\n" + }, + "elasticGpuSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateElasticGpuSpecification:LaunchTemplateElasticGpuSpecification" + }, + "description": "The elastic GPU to attach to the instance. See Elastic GPU\nbelow for more details.\n" + }, + "elasticInferenceAccelerator": { + "$ref": "#/types/aws:ec2/LaunchTemplateElasticInferenceAccelerator:LaunchTemplateElasticInferenceAccelerator", + "description": "Configuration block containing an Elastic Inference Accelerator to attach to the instance. See Elastic Inference Accelerator below for more details.\n" + }, + "enclaveOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateEnclaveOptions:LaunchTemplateEnclaveOptions", + "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.\n" + }, + "hibernationOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateHibernationOptions:LaunchTemplateHibernationOptions", + "description": "The hibernation options for the instance. See Hibernation Options below for more details.\n" + }, + "iamInstanceProfile": { + "$ref": "#/types/aws:ec2/LaunchTemplateIamInstanceProfile:LaunchTemplateIamInstanceProfile", + "description": "The IAM Instance Profile to launch the instance with. See Instance Profile\nbelow for more details.\n" + }, + "imageId": { + "type": "string", + "description": "The AMI from which to launch the instance.\n" + }, + "instanceInitiatedShutdownBehavior": { + "type": "string", + "description": "Shutdown behavior for the instance. Can be `stop` or `terminate`.\n(Default: `stop`).\n" + }, + "instanceMarketOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateInstanceMarketOptions:LaunchTemplateInstanceMarketOptions", + "description": "The market (purchasing) option for the instance. See Market Options\nbelow for details.\n" + }, + "instanceType": { + "type": "string", + "description": "The type of the instance.\n" + }, + "kernelId": { + "type": "string", + "description": "The kernel ID.\n" + }, + "keyName": { + "type": "string", + "description": "The key name to use for the instance.\n" + }, + "licenseSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateLicenseSpecification:LaunchTemplateLicenseSpecification" + }, + "description": "A list of license specifications to associate with. See License Specification below for more details.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateMetadataOptions:LaunchTemplateMetadataOptions", + "description": "Customize the metadata options for the instance. See Metadata Options below for more details.\n" + }, + "monitoring": { + "$ref": "#/types/aws:ec2/LaunchTemplateMonitoring:LaunchTemplateMonitoring", + "description": "The monitoring option for the instance. See Monitoring below for more details.\n" + }, + "name": { + "type": "string", + "description": "The name of the launch template. If you leave this blank, this provider will auto-generate a unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateNetworkInterface:LaunchTemplateNetworkInterface" + }, + "description": "Customize network interfaces to be attached at instance boot time. See Network\nInterfaces below for more details.\n" + }, + "placement": { + "$ref": "#/types/aws:ec2/LaunchTemplatePlacement:LaunchTemplatePlacement", + "description": "The placement of the instance. See Placement below for more details.\n" + }, + "ramDiskId": { + "type": "string", + "description": "The ID of the RAM disk.\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group names to associate with. If you are creating Instances in a VPC, use\n`vpc_security_group_ids` instead.\n" + }, + "tagSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateTagSpecification:LaunchTemplateTagSpecification" + }, + "description": "The tags to apply to the resources during launch. See Tag Specifications below for more details.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the launch template. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "updateDefaultVersion": { + "type": "boolean", + "description": "Whether to update Default Version each update. Conflicts with `default_version`.\n" + }, + "userData": { + "type": "string", + "description": "The Base64-encoded user data to provide when launching the instance.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering LaunchTemplate resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the instance profile.\n" + }, + "blockDeviceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateBlockDeviceMapping:LaunchTemplateBlockDeviceMapping" + }, + "description": "Specify volumes to attach to the instance besides the volumes specified by the AMI.\nSee Block Devices below for details.\n" + }, + "capacityReservationSpecification": { + "$ref": "#/types/aws:ec2/LaunchTemplateCapacityReservationSpecification:LaunchTemplateCapacityReservationSpecification", + "description": "Targeting for EC2 capacity reservations. See Capacity Reservation Specification below for more details.\n" + }, + "cpuOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateCpuOptions:LaunchTemplateCpuOptions", + "description": "The CPU options for the instance. See CPU Options below for more details.\n" + }, + "creditSpecification": { + "$ref": "#/types/aws:ec2/LaunchTemplateCreditSpecification:LaunchTemplateCreditSpecification", + "description": "Customize the credit specification of the instance. See Credit\nSpecification below for more details.\n" + }, + "defaultVersion": { + "type": "integer", + "description": "Default Version of the launch template.\n" + }, + "description": { + "type": "string", + "description": "Description of the launch template.\n" + }, + "disableApiTermination": { + "type": "boolean", + "description": "If `true`, enables [EC2 Instance\nTermination Protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination)\n" + }, + "ebsOptimized": { + "type": "string", + "description": "If `true`, the launched EC2 instance will be EBS-optimized.\n" + }, + "elasticGpuSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateElasticGpuSpecification:LaunchTemplateElasticGpuSpecification" + }, + "description": "The elastic GPU to attach to the instance. See Elastic GPU\nbelow for more details.\n" + }, + "elasticInferenceAccelerator": { + "$ref": "#/types/aws:ec2/LaunchTemplateElasticInferenceAccelerator:LaunchTemplateElasticInferenceAccelerator", + "description": "Configuration block containing an Elastic Inference Accelerator to attach to the instance. See Elastic Inference Accelerator below for more details.\n" + }, + "enclaveOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateEnclaveOptions:LaunchTemplateEnclaveOptions", + "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.\n" + }, + "hibernationOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateHibernationOptions:LaunchTemplateHibernationOptions", + "description": "The hibernation options for the instance. See Hibernation Options below for more details.\n" + }, + "iamInstanceProfile": { + "$ref": "#/types/aws:ec2/LaunchTemplateIamInstanceProfile:LaunchTemplateIamInstanceProfile", + "description": "The IAM Instance Profile to launch the instance with. See Instance Profile\nbelow for more details.\n" + }, + "imageId": { + "type": "string", + "description": "The AMI from which to launch the instance.\n" + }, + "instanceInitiatedShutdownBehavior": { + "type": "string", + "description": "Shutdown behavior for the instance. Can be `stop` or `terminate`.\n(Default: `stop`).\n" + }, + "instanceMarketOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateInstanceMarketOptions:LaunchTemplateInstanceMarketOptions", + "description": "The market (purchasing) option for the instance. See Market Options\nbelow for details.\n" + }, + "instanceType": { + "type": "string", + "description": "The type of the instance.\n" + }, + "kernelId": { + "type": "string", + "description": "The kernel ID.\n" + }, + "keyName": { + "type": "string", + "description": "The key name to use for the instance.\n" + }, + "latestVersion": { + "type": "integer", + "description": "The latest version of the launch template.\n" + }, + "licenseSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateLicenseSpecification:LaunchTemplateLicenseSpecification" + }, + "description": "A list of license specifications to associate with. See License Specification below for more details.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/LaunchTemplateMetadataOptions:LaunchTemplateMetadataOptions", + "description": "Customize the metadata options for the instance. See Metadata Options below for more details.\n" + }, + "monitoring": { + "$ref": "#/types/aws:ec2/LaunchTemplateMonitoring:LaunchTemplateMonitoring", + "description": "The monitoring option for the instance. See Monitoring below for more details.\n" + }, + "name": { + "type": "string", + "description": "The name of the launch template. If you leave this blank, this provider will auto-generate a unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateNetworkInterface:LaunchTemplateNetworkInterface" + }, + "description": "Customize network interfaces to be attached at instance boot time. See Network\nInterfaces below for more details.\n" + }, + "placement": { + "$ref": "#/types/aws:ec2/LaunchTemplatePlacement:LaunchTemplatePlacement", + "description": "The placement of the instance. See Placement below for more details.\n" + }, + "ramDiskId": { + "type": "string", + "description": "The ID of the RAM disk.\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group names to associate with. If you are creating Instances in a VPC, use\n`vpc_security_group_ids` instead.\n" + }, + "tagSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/LaunchTemplateTagSpecification:LaunchTemplateTagSpecification" + }, + "description": "The tags to apply to the resources during launch. See Tag Specifications below for more details.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the launch template. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "updateDefaultVersion": { + "type": "boolean", + "description": "Whether to update Default Version each update. Conflicts with `default_version`.\n" + }, + "userData": { + "type": "string", + "description": "The Base64-encoded user data to provide when launching the instance.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/localGatewayRoute:LocalGatewayRoute": { + "description": "Manages an EC2 Local Gateway Route. More information can be found in the [Outposts User Guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#routing).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.LocalGatewayRoute(\"example\", {\n destinationCidrBlock: \"172.16.0.0/16\",\n localGatewayRouteTableId: data.aws_ec2_local_gateway_route_table.example.id,\n localGatewayVirtualInterfaceGroupId: data.aws_ec2_local_gateway_virtual_interface_group.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.LocalGatewayRoute(\"example\",\n destination_cidr_block=\"172.16.0.0/16\",\n local_gateway_route_table_id=data[\"aws_ec2_local_gateway_route_table\"][\"example\"][\"id\"],\n local_gateway_virtual_interface_group_id=data[\"aws_ec2_local_gateway_virtual_interface_group\"][\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.LocalGatewayRoute(\"example\", new Aws.Ec2.LocalGatewayRouteArgs\n {\n DestinationCidrBlock = \"172.16.0.0/16\",\n LocalGatewayRouteTableId = data.Aws_ec2_local_gateway_route_table.Example.Id,\n LocalGatewayVirtualInterfaceGroupId = data.Aws_ec2_local_gateway_virtual_interface_group.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewLocalGatewayRoute(ctx, \"example\", &ec2.LocalGatewayRouteArgs{\n\t\t\tDestinationCidrBlock: pulumi.String(\"172.16.0.0/16\"),\n\t\t\tLocalGatewayRouteTableId: pulumi.Any(data.Aws_ec2_local_gateway_route_table.Example.Id),\n\t\t\tLocalGatewayVirtualInterfaceGroupId: pulumi.Any(data.Aws_ec2_local_gateway_virtual_interface_group.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_local_gateway_route` can be imported by using the EC2 Local Gateway Route Table identifier and destination CIDR block separated by underscores (`_`), e.g.\n\n```sh\n $ pulumi import aws:ec2/localGatewayRoute:LocalGatewayRoute example lgw-rtb-12345678_172.16.0.0/16\n```\n\n ", + "properties": { + "destinationCidrBlock": { + "type": "string", + "description": "IPv4 CIDR range used for destination matches. Routing decisions are based on the most specific match.\n" + }, + "localGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Route Table.\n" + }, + "localGatewayVirtualInterfaceGroupId": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Virtual Interface Group.\n" + } + }, + "required": [ + "destinationCidrBlock", + "localGatewayRouteTableId", + "localGatewayVirtualInterfaceGroupId" + ], + "inputProperties": { + "destinationCidrBlock": { + "type": "string", + "description": "IPv4 CIDR range used for destination matches. Routing decisions are based on the most specific match.\n" + }, + "localGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Route Table.\n" + }, + "localGatewayVirtualInterfaceGroupId": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Virtual Interface Group.\n" + } + }, + "requiredInputs": [ + "destinationCidrBlock", + "localGatewayRouteTableId", + "localGatewayVirtualInterfaceGroupId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LocalGatewayRoute resources.\n", + "properties": { + "destinationCidrBlock": { + "type": "string", + "description": "IPv4 CIDR range used for destination matches. Routing decisions are based on the most specific match.\n" + }, + "localGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Route Table.\n" + }, + "localGatewayVirtualInterfaceGroupId": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Virtual Interface Group.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/localGatewayRouteTableVpcAssociation:LocalGatewayRouteTableVpcAssociation": { + "description": "Manages an EC2 Local Gateway Route Table VPC Association. More information can be found in the [Outposts User Guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-local-gateways.html#vpc-associations).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLocalGatewayRouteTable = aws.ec2.getLocalGatewayRouteTable({\n outpostArn: \"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\",\n});\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {cidrBlock: \"10.0.0.0/16\"});\nconst exampleLocalGatewayRouteTableVpcAssociation = new aws.ec2.LocalGatewayRouteTableVpcAssociation(\"exampleLocalGatewayRouteTableVpcAssociation\", {\n localGatewayRouteTableId: exampleLocalGatewayRouteTable.then(exampleLocalGatewayRouteTable => exampleLocalGatewayRouteTable.id),\n vpcId: exampleVpc.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_local_gateway_route_table = aws.ec2.get_local_gateway_route_table(outpost_arn=\"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\")\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\", cidr_block=\"10.0.0.0/16\")\nexample_local_gateway_route_table_vpc_association = aws.ec2.LocalGatewayRouteTableVpcAssociation(\"exampleLocalGatewayRouteTableVpcAssociation\",\n local_gateway_route_table_id=example_local_gateway_route_table.id,\n vpc_id=example_vpc.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLocalGatewayRouteTable = Output.Create(Aws.Ec2.GetLocalGatewayRouteTable.InvokeAsync(new Aws.Ec2.GetLocalGatewayRouteTableArgs\n {\n OutpostArn = \"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\",\n }));\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var exampleLocalGatewayRouteTableVpcAssociation = new Aws.Ec2.LocalGatewayRouteTableVpcAssociation(\"exampleLocalGatewayRouteTableVpcAssociation\", new Aws.Ec2.LocalGatewayRouteTableVpcAssociationArgs\n {\n LocalGatewayRouteTableId = exampleLocalGatewayRouteTable.Apply(exampleLocalGatewayRouteTable => exampleLocalGatewayRouteTable.Id),\n VpcId = exampleVpc.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"arn:aws:outposts:us-west-2:123456789012:outpost/op-1234567890abcdef\"\n\t\texampleLocalGatewayRouteTable, err := ec2.GetLocalGatewayRouteTable(ctx, &ec2.GetLocalGatewayRouteTableArgs{\n\t\t\tOutpostArn: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewLocalGatewayRouteTableVpcAssociation(ctx, \"exampleLocalGatewayRouteTableVpcAssociation\", &ec2.LocalGatewayRouteTableVpcAssociationArgs{\n\t\t\tLocalGatewayRouteTableId: pulumi.String(exampleLocalGatewayRouteTable.Id),\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_local_gateway_route_table_vpc_association` can be imported by using the Local Gateway Route Table VPC Association identifier, e.g.\n\n```sh\n $ pulumi import aws:ec2/localGatewayRouteTableVpcAssociation:LocalGatewayRouteTableVpcAssociation example lgw-vpc-assoc-1234567890abcdef\n```\n\n ", + "properties": { + "localGatewayId": { + "type": "string" + }, + "localGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Route Table.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "Identifier of EC2 VPC.\n" + } + }, + "required": [ + "localGatewayId", + "localGatewayRouteTableId", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "localGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Route Table.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "Identifier of EC2 VPC.\n" + } + }, + "requiredInputs": [ + "localGatewayRouteTableId", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LocalGatewayRouteTableVpcAssociation resources.\n", + "properties": { + "localGatewayId": { + "type": "string" + }, + "localGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Route Table.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "Identifier of EC2 VPC.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/mainRouteTableAssociation:MainRouteTableAssociation": { + "properties": { + "originalRouteTableId": { + "type": "string", + "description": "Used internally, see __Notes__ below\n" + }, + "routeTableId": { + "type": "string", + "description": "The ID of the Route Table to set as the new\nmain route table for the target VPC\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC whose main route table should be set\n" + } + }, + "required": [ + "originalRouteTableId", + "routeTableId", + "vpcId" + ], + "inputProperties": { + "routeTableId": { + "type": "string", + "description": "The ID of the Route Table to set as the new\nmain route table for the target VPC\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC whose main route table should be set\n" + } + }, + "requiredInputs": [ + "routeTableId", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MainRouteTableAssociation resources.\n", + "properties": { + "originalRouteTableId": { + "type": "string", + "description": "Used internally, see __Notes__ below\n" + }, + "routeTableId": { + "type": "string", + "description": "The ID of the Route Table to set as the new\nmain route table for the target VPC\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC whose main route table should be set\n" + } + }, + "type": "object" + } + }, + "aws:ec2/managedPrefixList:ManagedPrefixList": { + "description": "Provides a managed prefix list resource.\n\n> **NOTE on `max_entries`:** When you reference a Prefix List in a resource,\nthe maximum number of entries for the prefix lists counts as the same number of rules\nor entries for the resource. For example, if you create a prefix list with a maximum\nof 20 entries and you reference that prefix list in a security group rule, this counts\nas 20 rules for the security group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.ManagedPrefixList(\"example\", {\n addressFamily: \"IPv4\",\n maxEntries: 5,\n entries: [\n {\n cidr: aws_vpc.example.cidr_block,\n description: \"Primary\",\n },\n {\n cidr: aws_vpc_ipv4_cidr_block_association.example.cidr_block,\n description: \"Secondary\",\n },\n ],\n tags: {\n Env: \"live\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.ManagedPrefixList(\"example\",\n address_family=\"IPv4\",\n max_entries=5,\n entries=[\n aws.ec2.ManagedPrefixListEntryArgs(\n cidr=aws_vpc[\"example\"][\"cidr_block\"],\n description=\"Primary\",\n ),\n aws.ec2.ManagedPrefixListEntryArgs(\n cidr=aws_vpc_ipv4_cidr_block_association[\"example\"][\"cidr_block\"],\n description=\"Secondary\",\n ),\n ],\n tags={\n \"Env\": \"live\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.ManagedPrefixList(\"example\", new Aws.Ec2.ManagedPrefixListArgs\n {\n AddressFamily = \"IPv4\",\n MaxEntries = 5,\n Entries = \n {\n new Aws.Ec2.Inputs.ManagedPrefixListEntryArgs\n {\n Cidr = aws_vpc.Example.Cidr_block,\n Description = \"Primary\",\n },\n new Aws.Ec2.Inputs.ManagedPrefixListEntryArgs\n {\n Cidr = aws_vpc_ipv4_cidr_block_association.Example.Cidr_block,\n Description = \"Secondary\",\n },\n },\n Tags = \n {\n { \"Env\", \"live\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewManagedPrefixList(ctx, \"example\", &ec2.ManagedPrefixListArgs{\n\t\t\tAddressFamily: pulumi.String(\"IPv4\"),\n\t\t\tMaxEntries: pulumi.Int(5),\n\t\t\tEntries: ec2.ManagedPrefixListEntryArray{\n\t\t\t\t&ec2.ManagedPrefixListEntryArgs{\n\t\t\t\t\tCidr: pulumi.Any(aws_vpc.Example.Cidr_block),\n\t\t\t\t\tDescription: pulumi.String(\"Primary\"),\n\t\t\t\t},\n\t\t\t\t&ec2.ManagedPrefixListEntryArgs{\n\t\t\t\t\tCidr: pulumi.Any(aws_vpc_ipv4_cidr_block_association.Example.Cidr_block),\n\t\t\t\t\tDescription: pulumi.String(\"Secondary\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Env\": pulumi.String(\"live\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPrefix Lists can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/managedPrefixList:ManagedPrefixList default pl-0570a1d2d725c16be\n```\n\n ", + "properties": { + "addressFamily": { + "type": "string", + "description": "Address family (`IPv4` or `IPv6`) of this prefix list.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the prefix list.\n" + }, + "entries": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/ManagedPrefixListEntry:ManagedPrefixListEntry" + }, + "description": "Configuration block for prefix list entry. Detailed below. Different entries may have overlapping CIDR blocks, but a particular CIDR should not be duplicated.\n" + }, + "maxEntries": { + "type": "integer", + "description": "Maximum number of entries that this prefix list can contain.\n" + }, + "name": { + "type": "string", + "description": "Name of this resource. The name must not start with `com.amazonaws`.\n" + }, + "ownerId": { + "type": "string", + "description": "ID of the AWS account that owns this prefix list.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "version": { + "type": "integer", + "description": "Latest version of this prefix list.\n" + } + }, + "required": [ + "addressFamily", + "arn", + "maxEntries", + "name", + "ownerId", + "tagsAll", + "version" + ], + "inputProperties": { + "addressFamily": { + "type": "string", + "description": "Address family (`IPv4` or `IPv6`) of this prefix list.\n" + }, + "entries": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/ManagedPrefixListEntry:ManagedPrefixListEntry" + }, + "description": "Configuration block for prefix list entry. Detailed below. Different entries may have overlapping CIDR blocks, but a particular CIDR should not be duplicated.\n" + }, + "maxEntries": { + "type": "integer", + "description": "Maximum number of entries that this prefix list can contain.\n" + }, + "name": { + "type": "string", + "description": "Name of this resource. The name must not start with `com.amazonaws`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "addressFamily", + "maxEntries" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ManagedPrefixList resources.\n", + "properties": { + "addressFamily": { + "type": "string", + "description": "Address family (`IPv4` or `IPv6`) of this prefix list.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the prefix list.\n" + }, + "entries": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/ManagedPrefixListEntry:ManagedPrefixListEntry" + }, + "description": "Configuration block for prefix list entry. Detailed below. Different entries may have overlapping CIDR blocks, but a particular CIDR should not be duplicated.\n" + }, + "maxEntries": { + "type": "integer", + "description": "Maximum number of entries that this prefix list can contain.\n" + }, + "name": { + "type": "string", + "description": "Name of this resource. The name must not start with `com.amazonaws`.\n" + }, + "ownerId": { + "type": "string", + "description": "ID of the AWS account that owns this prefix list.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "version": { + "type": "integer", + "description": "Latest version of this prefix list.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/natGateway:NatGateway": { + "description": "Provides a resource to create a VPC NAT Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Public NAT\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.NatGateway(\"example\", {\n allocationId: aws_eip.example.id,\n subnetId: aws_subnet.example.id,\n tags: {\n Name: \"gw NAT\",\n },\n}, {\n dependsOn: [aws_internet_gateway.example],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.NatGateway(\"example\",\n allocation_id=aws_eip[\"example\"][\"id\"],\n subnet_id=aws_subnet[\"example\"][\"id\"],\n tags={\n \"Name\": \"gw NAT\",\n },\n opts=pulumi.ResourceOptions(depends_on=[aws_internet_gateway[\"example\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.NatGateway(\"example\", new Aws.Ec2.NatGatewayArgs\n {\n AllocationId = aws_eip.Example.Id,\n SubnetId = aws_subnet.Example.Id,\n Tags = \n {\n { \"Name\", \"gw NAT\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_internet_gateway.Example,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewNatGateway(ctx, \"example\", &ec2.NatGatewayArgs{\n\t\t\tAllocationId: pulumi.Any(aws_eip.Example.Id),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"gw NAT\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_internet_gateway.Example,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Private NAT\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.NatGateway(\"example\", {\n connectivityType: \"private\",\n subnetId: aws_subnet.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.NatGateway(\"example\",\n connectivity_type=\"private\",\n subnet_id=aws_subnet[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.NatGateway(\"example\", new Aws.Ec2.NatGatewayArgs\n {\n ConnectivityType = \"private\",\n SubnetId = aws_subnet.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewNatGateway(ctx, \"example\", &ec2.NatGatewayArgs{\n\t\t\tConnectivityType: pulumi.String(\"private\"),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nNAT Gateways can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/natGateway:NatGateway private_gw nat-05dba92075d71c408\n```\n\n ", + "properties": { + "allocationId": { + "type": "string", + "description": "The Allocation ID of the Elastic IP address for the gateway. Required for `connectivity_type` of `public`.\n" + }, + "connectivityType": { + "type": "string", + "description": "Connectivity type for the gateway. Valid values are `private` and `public`. Defaults to `public`.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ENI ID of the network interface created by the NAT gateway.\n" + }, + "privateIp": { + "type": "string", + "description": "The private IP address of the NAT Gateway.\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP address of the NAT Gateway.\n" + }, + "subnetId": { + "type": "string", + "description": "The Subnet ID of the subnet in which to place the gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "networkInterfaceId", + "privateIp", + "publicIp", + "subnetId", + "tagsAll" + ], + "inputProperties": { + "allocationId": { + "type": "string", + "description": "The Allocation ID of the Elastic IP address for the gateway. Required for `connectivity_type` of `public`.\n" + }, + "connectivityType": { + "type": "string", + "description": "Connectivity type for the gateway. Valid values are `private` and `public`. Defaults to `public`.\n" + }, + "subnetId": { + "type": "string", + "description": "The Subnet ID of the subnet in which to place the gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "subnetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NatGateway resources.\n", + "properties": { + "allocationId": { + "type": "string", + "description": "The Allocation ID of the Elastic IP address for the gateway. Required for `connectivity_type` of `public`.\n" + }, + "connectivityType": { + "type": "string", + "description": "Connectivity type for the gateway. Valid values are `private` and `public`. Defaults to `public`.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ENI ID of the network interface created by the NAT gateway.\n" + }, + "privateIp": { + "type": "string", + "description": "The private IP address of the NAT Gateway.\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP address of the NAT Gateway.\n" + }, + "subnetId": { + "type": "string", + "description": "The Subnet ID of the subnet in which to place the gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ec2/networkAcl:NetworkAcl": { + "description": "Provides an network ACL resource. You might set up network ACLs with rules similar\nto your security groups in order to add an additional layer of security to your VPC.\n\n> **NOTE on Network ACLs and Network ACL Rules:** This provider currently\nprovides both a standalone Network ACL Rule resource and a Network ACL resource with rules\ndefined in-line. At this time you cannot use a Network ACL with in-line rules\nin conjunction with any Network ACL Rule resources. Doing so will cause\na conflict of rule settings and will overwrite rules.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.NetworkAcl(\"main\", {\n vpcId: aws_vpc.main.id,\n egress: [{\n protocol: \"tcp\",\n ruleNo: 200,\n action: \"allow\",\n cidrBlock: \"10.3.0.0/18\",\n fromPort: 443,\n toPort: 443,\n }],\n ingress: [{\n protocol: \"tcp\",\n ruleNo: 100,\n action: \"allow\",\n cidrBlock: \"10.3.0.0/18\",\n fromPort: 80,\n toPort: 80,\n }],\n tags: {\n Name: \"main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.NetworkAcl(\"main\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n egress=[aws.ec2.NetworkAclEgressArgs(\n protocol=\"tcp\",\n rule_no=200,\n action=\"allow\",\n cidr_block=\"10.3.0.0/18\",\n from_port=443,\n to_port=443,\n )],\n ingress=[aws.ec2.NetworkAclIngressArgs(\n protocol=\"tcp\",\n rule_no=100,\n action=\"allow\",\n cidr_block=\"10.3.0.0/18\",\n from_port=80,\n to_port=80,\n )],\n tags={\n \"Name\": \"main\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.NetworkAcl(\"main\", new Aws.Ec2.NetworkAclArgs\n {\n VpcId = aws_vpc.Main.Id,\n Egress = \n {\n new Aws.Ec2.Inputs.NetworkAclEgressArgs\n {\n Protocol = \"tcp\",\n RuleNo = 200,\n Action = \"allow\",\n CidrBlock = \"10.3.0.0/18\",\n FromPort = 443,\n ToPort = 443,\n },\n },\n Ingress = \n {\n new Aws.Ec2.Inputs.NetworkAclIngressArgs\n {\n Protocol = \"tcp\",\n RuleNo = 100,\n Action = \"allow\",\n CidrBlock = \"10.3.0.0/18\",\n FromPort = 80,\n ToPort = 80,\n },\n },\n Tags = \n {\n { \"Name\", \"main\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewNetworkAcl(ctx, \"main\", &ec2.NetworkAclArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tEgress: ec2.NetworkAclEgressArray{\n\t\t\t\t&ec2.NetworkAclEgressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tRuleNo: pulumi.Int(200),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: pulumi.String(\"10.3.0.0/18\"),\n\t\t\t\t\tFromPort: pulumi.Int(443),\n\t\t\t\t\tToPort: pulumi.Int(443),\n\t\t\t\t},\n\t\t\t},\n\t\t\tIngress: ec2.NetworkAclIngressArray{\n\t\t\t\t&ec2.NetworkAclIngressArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tRuleNo: pulumi.Int(100),\n\t\t\t\t\tAction: pulumi.String(\"allow\"),\n\t\t\t\t\tCidrBlock: pulumi.String(\"10.3.0.0/18\"),\n\t\t\t\t\tFromPort: pulumi.Int(80),\n\t\t\t\t\tToPort: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nNetwork ACLs can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/networkAcl:NetworkAcl main acl-7aaabd18\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the network ACL\n" + }, + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/NetworkAclEgress:NetworkAclEgress" + }, + "description": "Specifies an egress rule. Parameters defined below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/NetworkAclIngress:NetworkAclIngress" + }, + "description": "Specifies an ingress rule. Parameters defined below.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the network ACL.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Subnet IDs to apply the ACL to\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the associated VPC.\n" + } + }, + "required": [ + "arn", + "egress", + "ingress", + "ownerId", + "subnetIds", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/NetworkAclEgress:NetworkAclEgress" + }, + "description": "Specifies an egress rule. Parameters defined below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/NetworkAclIngress:NetworkAclIngress" + }, + "description": "Specifies an ingress rule. Parameters defined below.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Subnet IDs to apply the ACL to\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the associated VPC.\n" + } + }, + "requiredInputs": [ + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NetworkAcl resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the network ACL\n" + }, + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/NetworkAclEgress:NetworkAclEgress" + }, + "description": "Specifies an egress rule. Parameters defined below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/NetworkAclIngress:NetworkAclIngress" + }, + "description": "Specifies an ingress rule. Parameters defined below.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the network ACL.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Subnet IDs to apply the ACL to\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the associated VPC.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/networkAclRule:NetworkAclRule": { + "description": "Creates an entry (a rule) in a network ACL with the specified rule number.\n\n> **NOTE on Network ACLs and Network ACL Rules:** This provider currently\nprovides both a standalone Network ACL Rule resource and a Network ACL resource with rules\ndefined in-line. At this time you cannot use a Network ACL with in-line rules\nin conjunction with any Network ACL Rule resources. Doing so will cause\na conflict of rule settings and will overwrite rules.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst barNetworkAcl = new aws.ec2.NetworkAcl(\"barNetworkAcl\", {vpcId: aws_vpc.foo.id});\nconst barNetworkAclRule = new aws.ec2.NetworkAclRule(\"barNetworkAclRule\", {\n networkAclId: barNetworkAcl.id,\n ruleNumber: 200,\n egress: false,\n protocol: \"tcp\",\n ruleAction: \"allow\",\n cidrBlock: aws_vpc.foo.cidr_block,\n fromPort: 22,\n toPort: 22,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar_network_acl = aws.ec2.NetworkAcl(\"barNetworkAcl\", vpc_id=aws_vpc[\"foo\"][\"id\"])\nbar_network_acl_rule = aws.ec2.NetworkAclRule(\"barNetworkAclRule\",\n network_acl_id=bar_network_acl.id,\n rule_number=200,\n egress=False,\n protocol=\"tcp\",\n rule_action=\"allow\",\n cidr_block=aws_vpc[\"foo\"][\"cidr_block\"],\n from_port=22,\n to_port=22)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var barNetworkAcl = new Aws.Ec2.NetworkAcl(\"barNetworkAcl\", new Aws.Ec2.NetworkAclArgs\n {\n VpcId = aws_vpc.Foo.Id,\n });\n var barNetworkAclRule = new Aws.Ec2.NetworkAclRule(\"barNetworkAclRule\", new Aws.Ec2.NetworkAclRuleArgs\n {\n NetworkAclId = barNetworkAcl.Id,\n RuleNumber = 200,\n Egress = false,\n Protocol = \"tcp\",\n RuleAction = \"allow\",\n CidrBlock = aws_vpc.Foo.Cidr_block,\n FromPort = 22,\n ToPort = 22,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbarNetworkAcl, err := ec2.NewNetworkAcl(ctx, \"barNetworkAcl\", &ec2.NetworkAclArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewNetworkAclRule(ctx, \"barNetworkAclRule\", &ec2.NetworkAclRuleArgs{\n\t\t\tNetworkAclId: barNetworkAcl.ID(),\n\t\t\tRuleNumber: pulumi.Int(200),\n\t\t\tEgress: pulumi.Bool(false),\n\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\tRuleAction: pulumi.String(\"allow\"),\n\t\t\tCidrBlock: pulumi.Any(aws_vpc.Foo.Cidr_block),\n\t\t\tFromPort: pulumi.Int(22),\n\t\t\tToPort: pulumi.Int(22),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n> **Note:** One of either `cidr_block` or `ipv6_cidr_block` is required.\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIndividual rules can be imported using `NETWORK_ACL_ID:RULE_NUMBER:PROTOCOL:EGRESS`, where `PROTOCOL` can be a decimal (e.g. 6) or string (e.g. tcp) value. If importing a rule previously provisioned by the provider, the `PROTOCOL` must be the input value used at creation time. For more information on protocol numbers and keywords, see herehttps://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml For example, import a network ACL Rule with an argument like thisconsole\n\n```sh\n $ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:tcp:false\n```\n\n Or by the procotol's decimal valueconsole\n\n```sh\n $ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:6:false\n```\n\n ", + "properties": { + "cidrBlock": { + "type": "string", + "description": "The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).\n" + }, + "egress": { + "type": "boolean", + "description": "Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default `false`.\n" + }, + "fromPort": { + "type": "integer", + "description": "The from port to match.\n" + }, + "icmpCode": { + "type": "string", + "description": "ICMP protocol: The ICMP code. Required if specifying ICMP for the protocol. e.g. -1\n" + }, + "icmpType": { + "type": "string", + "description": "ICMP protocol: The ICMP type. Required if specifying ICMP for the protocol. e.g. -1\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block to allow or deny.\n" + }, + "networkAclId": { + "type": "string", + "description": "The ID of the network ACL.\n" + }, + "protocol": { + "type": "string", + "description": "The protocol. A value of -1 means all protocols.\n" + }, + "ruleAction": { + "type": "string", + "description": "Indicates whether to allow or deny the traffic that matches the rule. Accepted values: `allow` | `deny`\n" + }, + "ruleNumber": { + "type": "integer", + "description": "The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.\n" + }, + "toPort": { + "type": "integer", + "description": "The to port to match.\n" + } + }, + "required": [ + "networkAclId", + "protocol", + "ruleAction", + "ruleNumber" + ], + "inputProperties": { + "cidrBlock": { + "type": "string", + "description": "The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).\n" + }, + "egress": { + "type": "boolean", + "description": "Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default `false`.\n" + }, + "fromPort": { + "type": "integer", + "description": "The from port to match.\n" + }, + "icmpCode": { + "type": "string", + "description": "ICMP protocol: The ICMP code. Required if specifying ICMP for the protocol. e.g. -1\n" + }, + "icmpType": { + "type": "string", + "description": "ICMP protocol: The ICMP type. Required if specifying ICMP for the protocol. e.g. -1\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block to allow or deny.\n" + }, + "networkAclId": { + "type": "string", + "description": "The ID of the network ACL.\n" + }, + "protocol": { + "type": "string", + "description": "The protocol. A value of -1 means all protocols.\n" + }, + "ruleAction": { + "type": "string", + "description": "Indicates whether to allow or deny the traffic that matches the rule. Accepted values: `allow` | `deny`\n" + }, + "ruleNumber": { + "type": "integer", + "description": "The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.\n" + }, + "toPort": { + "type": "integer", + "description": "The to port to match.\n" + } + }, + "requiredInputs": [ + "networkAclId", + "protocol", + "ruleAction", + "ruleNumber" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NetworkAclRule resources.\n", + "properties": { + "cidrBlock": { + "type": "string", + "description": "The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).\n" + }, + "egress": { + "type": "boolean", + "description": "Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default `false`.\n" + }, + "fromPort": { + "type": "integer", + "description": "The from port to match.\n" + }, + "icmpCode": { + "type": "string", + "description": "ICMP protocol: The ICMP code. Required if specifying ICMP for the protocol. e.g. -1\n" + }, + "icmpType": { + "type": "string", + "description": "ICMP protocol: The ICMP type. Required if specifying ICMP for the protocol. e.g. -1\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block to allow or deny.\n" + }, + "networkAclId": { + "type": "string", + "description": "The ID of the network ACL.\n" + }, + "protocol": { + "type": "string", + "description": "The protocol. A value of -1 means all protocols.\n" + }, + "ruleAction": { + "type": "string", + "description": "Indicates whether to allow or deny the traffic that matches the rule. Accepted values: `allow` | `deny`\n" + }, + "ruleNumber": { + "type": "integer", + "description": "The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.\n" + }, + "toPort": { + "type": "integer", + "description": "The to port to match.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/networkInterface:NetworkInterface": { + "description": "Provides an Elastic network interface (ENI) resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ec2.NetworkInterface(\"test\", {\n subnetId: aws_subnet.public_a.id,\n privateIps: [\"10.0.0.50\"],\n securityGroups: [aws_security_group.web.id],\n attachments: [{\n instance: aws_instance.test.id,\n deviceIndex: 1,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.NetworkInterface(\"test\",\n subnet_id=aws_subnet[\"public_a\"][\"id\"],\n private_ips=[\"10.0.0.50\"],\n security_groups=[aws_security_group[\"web\"][\"id\"]],\n attachments=[aws.ec2.NetworkInterfaceAttachmentArgs(\n instance=aws_instance[\"test\"][\"id\"],\n device_index=1,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Ec2.NetworkInterface(\"test\", new Aws.Ec2.NetworkInterfaceArgs\n {\n SubnetId = aws_subnet.Public_a.Id,\n PrivateIps = \n {\n \"10.0.0.50\",\n },\n SecurityGroups = \n {\n aws_security_group.Web.Id,\n },\n Attachments = \n {\n new Aws.Ec2.Inputs.NetworkInterfaceAttachmentArgs\n {\n Instance = aws_instance.Test.Id,\n DeviceIndex = 1,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewNetworkInterface(ctx, \"test\", &ec2.NetworkInterfaceArgs{\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Public_a.Id),\n\t\t\tPrivateIps: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.0.0.50\"),\n\t\t\t},\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Web.Id),\n\t\t\t},\n\t\t\tAttachments: ec2.NetworkInterfaceAttachmentArray{\n\t\t\t\t&ec2.NetworkInterfaceAttachmentArgs{\n\t\t\t\t\tInstance: pulumi.Any(aws_instance.Test.Id),\n\t\t\t\t\tDeviceIndex: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nNetwork Interfaces can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/networkInterface:NetworkInterface test eni-e5aa89a3\n```\n\n ", + "properties": { + "attachments": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/NetworkInterfaceAttachment:NetworkInterfaceAttachment" + }, + "description": "Block to define the attachment of the ENI. Documented below.\n" + }, + "description": { + "type": "string", + "description": "A description for the network interface.\n" + }, + "interfaceType": { + "type": "string", + "description": "Type of network interface to create. Set to `efa` for Elastic Fabric Adapter.\n" + }, + "ipv6AddressCount": { + "type": "integer", + "description": "The number of IPv6 addresses to assign to a network interface. You can't use this option if specifying specific `ipv6_addresses`. If your subnet has the AssignIpv6AddressOnCreation attribute set to `true`, you can specify `0` to override this setting.\n" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you're specifying `ipv6_address_count`.\n" + }, + "macAddress": { + "type": "string", + "description": "The MAC address of the network interface.\n" + }, + "outpostArn": { + "type": "string" + }, + "privateDnsName": { + "type": "string", + "description": "The private DNS name of the network interface (IPv4).\n" + }, + "privateIp": { + "type": "string" + }, + "privateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of private IPs to assign to the ENI.\n" + }, + "privateIpsCount": { + "type": "integer", + "description": "Number of secondary private IPs to assign to the ENI. The total number of private IPs will be 1 + private_ips_count, as a primary private IP will be assiged to an ENI by default.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group IDs to assign to the ENI.\n" + }, + "sourceDestCheck": { + "type": "boolean", + "description": "Whether to enable source destination checking for the ENI. Default true.\n" + }, + "subnetId": { + "type": "string", + "description": "Subnet ID to create the ENI in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "attachments", + "interfaceType", + "ipv6AddressCount", + "ipv6Addresses", + "macAddress", + "outpostArn", + "privateDnsName", + "privateIp", + "privateIps", + "privateIpsCount", + "securityGroups", + "subnetId", + "tagsAll" + ], + "inputProperties": { + "attachments": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/NetworkInterfaceAttachment:NetworkInterfaceAttachment" + }, + "description": "Block to define the attachment of the ENI. Documented below.\n" + }, + "description": { + "type": "string", + "description": "A description for the network interface.\n" + }, + "interfaceType": { + "type": "string", + "description": "Type of network interface to create. Set to `efa` for Elastic Fabric Adapter.\n" + }, + "ipv6AddressCount": { + "type": "integer", + "description": "The number of IPv6 addresses to assign to a network interface. You can't use this option if specifying specific `ipv6_addresses`. If your subnet has the AssignIpv6AddressOnCreation attribute set to `true`, you can specify `0` to override this setting.\n" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you're specifying `ipv6_address_count`.\n" + }, + "privateIp": { + "type": "string" + }, + "privateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of private IPs to assign to the ENI.\n" + }, + "privateIpsCount": { + "type": "integer", + "description": "Number of secondary private IPs to assign to the ENI. The total number of private IPs will be 1 + private_ips_count, as a primary private IP will be assiged to an ENI by default.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group IDs to assign to the ENI.\n" + }, + "sourceDestCheck": { + "type": "boolean", + "description": "Whether to enable source destination checking for the ENI. Default true.\n" + }, + "subnetId": { + "type": "string", + "description": "Subnet ID to create the ENI in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "subnetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NetworkInterface resources.\n", + "properties": { + "attachments": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/NetworkInterfaceAttachment:NetworkInterfaceAttachment" + }, + "description": "Block to define the attachment of the ENI. Documented below.\n" + }, + "description": { + "type": "string", + "description": "A description for the network interface.\n" + }, + "interfaceType": { + "type": "string", + "description": "Type of network interface to create. Set to `efa` for Elastic Fabric Adapter.\n" + }, + "ipv6AddressCount": { + "type": "integer", + "description": "The number of IPv6 addresses to assign to a network interface. You can't use this option if specifying specific `ipv6_addresses`. If your subnet has the AssignIpv6AddressOnCreation attribute set to `true`, you can specify `0` to override this setting.\n" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more specific IPv6 addresses from the IPv6 CIDR block range of your subnet. You can't use this option if you're specifying `ipv6_address_count`.\n" + }, + "macAddress": { + "type": "string", + "description": "The MAC address of the network interface.\n" + }, + "outpostArn": { + "type": "string" + }, + "privateDnsName": { + "type": "string", + "description": "The private DNS name of the network interface (IPv4).\n" + }, + "privateIp": { + "type": "string" + }, + "privateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of private IPs to assign to the ENI.\n" + }, + "privateIpsCount": { + "type": "integer", + "description": "Number of secondary private IPs to assign to the ENI. The total number of private IPs will be 1 + private_ips_count, as a primary private IP will be assiged to an ENI by default.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group IDs to assign to the ENI.\n" + }, + "sourceDestCheck": { + "type": "boolean", + "description": "Whether to enable source destination checking for the ENI. Default true.\n" + }, + "subnetId": { + "type": "string", + "description": "Subnet ID to create the ENI in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ec2/networkInterfaceAttachment:NetworkInterfaceAttachment": { + "description": "Attach an Elastic network interface (ENI) resource with EC2 instance.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ec2.NetworkInterfaceAttachment(\"test\", {\n instanceId: aws_instance.test.id,\n networkInterfaceId: aws_network_interface.test.id,\n deviceIndex: 0,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.NetworkInterfaceAttachment(\"test\",\n instance_id=aws_instance[\"test\"][\"id\"],\n network_interface_id=aws_network_interface[\"test\"][\"id\"],\n device_index=0)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Ec2.NetworkInterfaceAttachment(\"test\", new Aws.Ec2.NetworkInterfaceAttachmentArgs\n {\n InstanceId = aws_instance.Test.Id,\n NetworkInterfaceId = aws_network_interface.Test.Id,\n DeviceIndex = 0,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewNetworkInterfaceAttachment(ctx, \"test\", &ec2.NetworkInterfaceAttachmentArgs{\n\t\t\tInstanceId: pulumi.Any(aws_instance.Test.Id),\n\t\t\tNetworkInterfaceId: pulumi.Any(aws_network_interface.Test.Id),\n\t\t\tDeviceIndex: pulumi.Int(0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "attachmentId": { + "type": "string", + "description": "The ENI Attachment ID.\n" + }, + "deviceIndex": { + "type": "integer", + "description": "Network interface index (int).\n" + }, + "instanceId": { + "type": "string", + "description": "Instance ID to attach.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "ENI ID to attach.\n" + }, + "status": { + "type": "string", + "description": "The status of the Network Interface Attachment.\n" + } + }, + "required": [ + "attachmentId", + "deviceIndex", + "instanceId", + "networkInterfaceId", + "status" + ], + "inputProperties": { + "deviceIndex": { + "type": "integer", + "description": "Network interface index (int).\n" + }, + "instanceId": { + "type": "string", + "description": "Instance ID to attach.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "ENI ID to attach.\n" + } + }, + "requiredInputs": [ + "deviceIndex", + "instanceId", + "networkInterfaceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NetworkInterfaceAttachment resources.\n", + "properties": { + "attachmentId": { + "type": "string", + "description": "The ENI Attachment ID.\n" + }, + "deviceIndex": { + "type": "integer", + "description": "Network interface index (int).\n" + }, + "instanceId": { + "type": "string", + "description": "Instance ID to attach.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "ENI ID to attach.\n" + }, + "status": { + "type": "string", + "description": "The status of the Network Interface Attachment.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/networkInterfaceSecurityGroupAttachment:NetworkInterfaceSecurityGroupAttachment": { + "description": "This resource attaches a security group to an Elastic Network Interface (ENI).\nIt can be used to attach a security group to any existing ENI, be it a\nsecondary ENI or one attached as the primary interface on an instance.\n\n> **NOTE on instances, interfaces, and security groups:** This provider currently\nprovides the capability to assign security groups via the `aws.ec2.Instance`\nand the `aws.ec2.NetworkInterface` resources. Using this resource in\nconjunction with security groups provided in-line in those resources will cause\nconflicts, and will lead to spurious diffs and undefined behavior - please use\none or the other.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following provides a very basic example of setting up an instance (provided\nby `instance`) in the default security group, creating a security group\n(provided by `sg`) and then attaching the security group to the instance's\nprimary network interface via the `aws.ec2.NetworkInterfaceSecurityGroupAttachment` resource,\nnamed `sg_attachment`:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ami = aws.ec2.getAmi({\n mostRecent: true,\n filters: [{\n name: \"name\",\n values: [\"amzn-ami-hvm-*\"],\n }],\n owners: [\"amazon\"],\n});\nconst instance = new aws.ec2.Instance(\"instance\", {\n instanceType: \"t2.micro\",\n ami: ami.then(ami => ami.id),\n tags: {\n type: \"test-instance\",\n },\n});\nconst sg = new aws.ec2.SecurityGroup(\"sg\", {tags: {\n type: \"test-security-group\",\n}});\nconst sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sgAttachment\", {\n securityGroupId: sg.id,\n networkInterfaceId: instance.primaryNetworkInterfaceId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nami = aws.ec2.get_ami(most_recent=True,\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-hvm-*\"],\n )],\n owners=[\"amazon\"])\ninstance = aws.ec2.Instance(\"instance\",\n instance_type=\"t2.micro\",\n ami=ami.id,\n tags={\n \"type\": \"test-instance\",\n })\nsg = aws.ec2.SecurityGroup(\"sg\", tags={\n \"type\": \"test-security-group\",\n})\nsg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sgAttachment\",\n security_group_id=sg.id,\n network_interface_id=instance.primary_network_interface_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ami = Output.Create(Aws.Ec2.GetAmi.InvokeAsync(new Aws.Ec2.GetAmiArgs\n {\n MostRecent = true,\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"amzn-ami-hvm-*\",\n },\n },\n },\n Owners = \n {\n \"amazon\",\n },\n }));\n var instance = new Aws.Ec2.Instance(\"instance\", new Aws.Ec2.InstanceArgs\n {\n InstanceType = \"t2.micro\",\n Ami = ami.Apply(ami => ami.Id),\n Tags = \n {\n { \"type\", \"test-instance\" },\n },\n });\n var sg = new Aws.Ec2.SecurityGroup(\"sg\", new Aws.Ec2.SecurityGroupArgs\n {\n Tags = \n {\n { \"type\", \"test-security-group\" },\n },\n });\n var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment(\"sgAttachment\", new Aws.Ec2.NetworkInterfaceSecurityGroupAttachmentArgs\n {\n SecurityGroupId = sg.Id,\n NetworkInterfaceId = instance.PrimaryNetworkInterfaceId,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\tami, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{\n\t\t\tMostRecent: &opt0,\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-hvm-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinstance, err := ec2.NewInstance(ctx, \"instance\", &ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tAmi: pulumi.String(ami.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"type\": pulumi.String(\"test-instance\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsg, err := ec2.NewSecurityGroup(ctx, \"sg\", &ec2.SecurityGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"type\": pulumi.String(\"test-security-group\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, \"sgAttachment\", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{\n\t\t\tSecurityGroupId: sg.ID(),\n\t\t\tNetworkInterfaceId: instance.PrimaryNetworkInterfaceId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nIn this example, `instance` is provided by the `aws.ec2.Instance` data source,\nfetching an external instance, possibly not managed by this provider.\n`sg_attachment` then attaches to the output instance's `network_interface_id`:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst instance = aws.ec2.getInstance({\n instanceId: \"i-1234567890abcdef0\",\n});\nconst sg = new aws.ec2.SecurityGroup(\"sg\", {tags: {\n type: \"test-security-group\",\n}});\nconst sgAttachment = new aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sgAttachment\", {\n securityGroupId: sg.id,\n networkInterfaceId: instance.then(instance => instance.networkInterfaceId),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ninstance = aws.ec2.get_instance(instance_id=\"i-1234567890abcdef0\")\nsg = aws.ec2.SecurityGroup(\"sg\", tags={\n \"type\": \"test-security-group\",\n})\nsg_attachment = aws.ec2.NetworkInterfaceSecurityGroupAttachment(\"sgAttachment\",\n security_group_id=sg.id,\n network_interface_id=instance.network_interface_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var instance = Output.Create(Aws.Ec2.GetInstance.InvokeAsync(new Aws.Ec2.GetInstanceArgs\n {\n InstanceId = \"i-1234567890abcdef0\",\n }));\n var sg = new Aws.Ec2.SecurityGroup(\"sg\", new Aws.Ec2.SecurityGroupArgs\n {\n Tags = \n {\n { \"type\", \"test-security-group\" },\n },\n });\n var sgAttachment = new Aws.Ec2.NetworkInterfaceSecurityGroupAttachment(\"sgAttachment\", new Aws.Ec2.NetworkInterfaceSecurityGroupAttachmentArgs\n {\n SecurityGroupId = sg.Id,\n NetworkInterfaceId = instance.Apply(instance => instance.NetworkInterfaceId),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"i-1234567890abcdef0\"\n\t\tinstance, err := ec2.LookupInstance(ctx, &ec2.LookupInstanceArgs{\n\t\t\tInstanceId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsg, err := ec2.NewSecurityGroup(ctx, \"sg\", &ec2.SecurityGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"type\": pulumi.String(\"test-security-group\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewNetworkInterfaceSecurityGroupAttachment(ctx, \"sgAttachment\", &ec2.NetworkInterfaceSecurityGroupAttachmentArgs{\n\t\t\tSecurityGroupId: sg.ID(),\n\t\t\tNetworkInterfaceId: pulumi.String(instance.NetworkInterfaceId),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface to attach to.\n" + }, + "securityGroupId": { + "type": "string", + "description": "The ID of the security group.\n" + } + }, + "required": [ + "networkInterfaceId", + "securityGroupId" + ], + "inputProperties": { + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface to attach to.\n" + }, + "securityGroupId": { + "type": "string", + "description": "The ID of the security group.\n" + } + }, + "requiredInputs": [ + "networkInterfaceId", + "securityGroupId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NetworkInterfaceSecurityGroupAttachment resources.\n", + "properties": { + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface to attach to.\n" + }, + "securityGroupId": { + "type": "string", + "description": "The ID of the security group.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/peeringConnectionOptions:PeeringConnectionOptions": { + "description": "Provides a resource to manage VPC peering connection options.\n\n> **NOTE on VPC Peering Connections and VPC Peering Connection Options:** This provider provides\nboth a standalone VPC Peering Connection Options and a VPC Peering Connection\nresource with `accepter` and `requester` attributes. Do not manage options for the same VPC peering\nconnection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource.\nDoing so will cause a conflict of options and will overwrite the options.\nUsing a VPC Peering Connection Options resource decouples management of the connection options from\nmanagement of the VPC Peering Connection and allows options to be set correctly in cross-region and\ncross-account scenarios.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooVpc = new aws.ec2.Vpc(\"fooVpc\", {cidrBlock: \"10.0.0.0/16\"});\nconst bar = new aws.ec2.Vpc(\"bar\", {cidrBlock: \"10.1.0.0/16\"});\nconst fooVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\", {\n vpcId: fooVpc.id,\n peerVpcId: bar.id,\n autoAccept: true,\n});\nconst fooPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"fooPeeringConnectionOptions\", {\n vpcPeeringConnectionId: fooVpcPeeringConnection.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n requester: {\n allowVpcToRemoteClassicLink: true,\n allowClassicLinkToRemoteVpc: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_vpc = aws.ec2.Vpc(\"fooVpc\", cidr_block=\"10.0.0.0/16\")\nbar = aws.ec2.Vpc(\"bar\", cidr_block=\"10.1.0.0/16\")\nfoo_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\",\n vpc_id=foo_vpc.id,\n peer_vpc_id=bar.id,\n auto_accept=True)\nfoo_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"fooPeeringConnectionOptions\",\n vpc_peering_connection_id=foo_vpc_peering_connection.id,\n accepter=aws.ec2.PeeringConnectionOptionsAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ),\n requester=aws.ec2.PeeringConnectionOptionsRequesterArgs(\n allow_vpc_to_remote_classic_link=True,\n allow_classic_link_to_remote_vpc=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooVpc = new Aws.Ec2.Vpc(\"fooVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var bar = new Aws.Ec2.Vpc(\"bar\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n var fooVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\", new Aws.Ec2.VpcPeeringConnectionArgs\n {\n VpcId = fooVpc.Id,\n PeerVpcId = bar.Id,\n AutoAccept = true,\n });\n var fooPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"fooPeeringConnectionOptions\", new Aws.Ec2.PeeringConnectionOptionsArgs\n {\n VpcPeeringConnectionId = fooVpcPeeringConnection.Id,\n Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n Requester = new Aws.Ec2.Inputs.PeeringConnectionOptionsRequesterArgs\n {\n AllowVpcToRemoteClassicLink = true,\n AllowClassicLinkToRemoteVpc = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooVpc, err := ec2.NewVpc(ctx, \"fooVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewVpc(ctx, \"bar\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"fooVpcPeeringConnection\", &ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tPeerVpcId: bar.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"fooPeeringConnectionOptions\", &ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: fooVpcPeeringConnection.ID(),\n\t\t\tAccepter: &ec2.PeeringConnectionOptionsAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t\tRequester: &ec2.PeeringConnectionOptionsRequesterArgs{\n\t\t\t\tAllowVpcToRemoteClassicLink: pulumi.Bool(true),\n\t\t\t\tAllowClassicLinkToRemoteVpc: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Cross-Account Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst requester = new aws.Provider(\"requester\", {});\n// Requester's credentials.\nconst accepter = new aws.Provider(\"accepter\", {});\n// Accepter's credentials.\nconst main = new aws.ec2.Vpc(\"main\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n}, {\n provider: aws.requester,\n});\nconst peerVpc = new aws.ec2.Vpc(\"peerVpc\", {\n cidrBlock: \"10.1.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n}, {\n provider: aws.accepter,\n});\nconst peerCallerIdentity = aws.getCallerIdentity({});\n// Requester's side of the connection.\nconst peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", {\n vpcId: main.id,\n peerVpcId: peerVpc.id,\n peerOwnerId: peerCallerIdentity.then(peerCallerIdentity => peerCallerIdentity.accountId),\n autoAccept: false,\n tags: {\n Side: \"Requester\",\n },\n}, {\n provider: aws.requester,\n});\n// Accepter's side of the connection.\nconst peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", {\n vpcPeeringConnectionId: peerVpcPeeringConnection.id,\n autoAccept: true,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.accepter,\n});\nconst requesterPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"requesterPeeringConnectionOptions\", {\n vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,\n requester: {\n allowRemoteVpcDnsResolution: true,\n },\n}, {\n provider: aws.requester,\n});\nconst accepterPeeringConnectionOptions = new aws.ec2.PeeringConnectionOptions(\"accepterPeeringConnectionOptions\", {\n vpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n}, {\n provider: aws.accepter,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\nrequester = pulumi.providers.Aws(\"requester\")\n# Requester's credentials.\naccepter = pulumi.providers.Aws(\"accepter\")\n# Accepter's credentials.\nmain = aws.ec2.Vpc(\"main\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True,\n opts=pulumi.ResourceOptions(provider=aws[\"requester\"]))\npeer_vpc = aws.ec2.Vpc(\"peerVpc\",\n cidr_block=\"10.1.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True,\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\npeer_caller_identity = aws.get_caller_identity()\n# Requester's side of the connection.\npeer_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\",\n vpc_id=main.id,\n peer_vpc_id=peer_vpc.id,\n peer_owner_id=peer_caller_identity.account_id,\n auto_accept=False,\n tags={\n \"Side\": \"Requester\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"requester\"]))\n# Accepter's side of the connection.\npeer_vpc_peering_connection_accepter = aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\",\n vpc_peering_connection_id=peer_vpc_peering_connection.id,\n auto_accept=True,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\nrequester_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"requesterPeeringConnectionOptions\",\n vpc_peering_connection_id=peer_vpc_peering_connection_accepter.id,\n requester=aws.ec2.PeeringConnectionOptionsRequesterArgs(\n allow_remote_vpc_dns_resolution=True,\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"requester\"]))\naccepter_peering_connection_options = aws.ec2.PeeringConnectionOptions(\"accepterPeeringConnectionOptions\",\n vpc_peering_connection_id=peer_vpc_peering_connection_accepter.id,\n accepter=aws.ec2.PeeringConnectionOptionsAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"accepter\"]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var requester = new Aws.Provider(\"requester\", new Aws.ProviderArgs\n {\n });\n // Requester's credentials.\n var accepter = new Aws.Provider(\"accepter\", new Aws.ProviderArgs\n {\n });\n // Accepter's credentials.\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n }, new CustomResourceOptions\n {\n Provider = aws.Requester,\n });\n var peerVpc = new Aws.Ec2.Vpc(\"peerVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n var peerCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n // Requester's side of the connection.\n var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", new Aws.Ec2.VpcPeeringConnectionArgs\n {\n VpcId = main.Id,\n PeerVpcId = peerVpc.Id,\n PeerOwnerId = peerCallerIdentity.Apply(peerCallerIdentity => peerCallerIdentity.AccountId),\n AutoAccept = false,\n Tags = \n {\n { \"Side\", \"Requester\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Requester,\n });\n // Accepter's side of the connection.\n var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", new Aws.Ec2.VpcPeeringConnectionAccepterArgs\n {\n VpcPeeringConnectionId = peerVpcPeeringConnection.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n var requesterPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"requesterPeeringConnectionOptions\", new Aws.Ec2.PeeringConnectionOptionsArgs\n {\n VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,\n Requester = new Aws.Ec2.Inputs.PeeringConnectionOptionsRequesterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Requester,\n });\n var accepterPeeringConnectionOptions = new Aws.Ec2.PeeringConnectionOptions(\"accepterPeeringConnectionOptions\", new Aws.Ec2.PeeringConnectionOptionsArgs\n {\n VpcPeeringConnectionId = peerVpcPeeringConnectionAccepter.Id,\n Accepter = new Aws.Ec2.Inputs.PeeringConnectionOptionsAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Accepter,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"requester\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = providers.Newaws(ctx, \"accepter\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t}, pulumi.Provider(aws.Requester))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpc, err := ec2.NewVpc(ctx, \"peerVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"peerVpcPeeringConnection\", &ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tPeerVpcId: peerVpc.ID(),\n\t\t\tPeerOwnerId: pulumi.String(peerCallerIdentity.AccountId),\n\t\t\tAutoAccept: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Requester\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Requester))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpcPeeringConnectionAccepter, err := ec2.NewVpcPeeringConnectionAccepter(ctx, \"peerVpcPeeringConnectionAccepter\", &ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnection.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"requesterPeeringConnectionOptions\", &ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.ID(),\n\t\t\tRequester: &ec2.PeeringConnectionOptionsRequesterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Requester))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewPeeringConnectionOptions(ctx, \"accepterPeeringConnectionOptions\", &ec2.PeeringConnectionOptionsArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnectionAccepter.ID(),\n\t\t\tAccepter: &ec2.PeeringConnectionOptionsAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Accepter))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nVPC Peering Connection Options can be imported using the `vpc peering id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/peeringConnectionOptions:PeeringConnectionOptions foo pcx-111aaa111\n```\n\n ", + "properties": { + "accepter": { + "$ref": "#/types/aws:ec2/PeeringConnectionOptionsAccepter:PeeringConnectionOptionsAccepter", + "description": "An optional configuration block that allows for [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that accepts\nthe peering connection (a maximum of one).\n" + }, + "requester": { + "$ref": "#/types/aws:ec2/PeeringConnectionOptionsRequester:PeeringConnectionOptionsRequester", + "description": "A optional configuration block that allows for [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that requests\nthe peering connection (a maximum of one).\n" + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "The ID of the requester VPC peering connection.\n" + } + }, + "required": [ + "accepter", + "requester", + "vpcPeeringConnectionId" + ], + "inputProperties": { + "accepter": { + "$ref": "#/types/aws:ec2/PeeringConnectionOptionsAccepter:PeeringConnectionOptionsAccepter", + "description": "An optional configuration block that allows for [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that accepts\nthe peering connection (a maximum of one).\n" + }, + "requester": { + "$ref": "#/types/aws:ec2/PeeringConnectionOptionsRequester:PeeringConnectionOptionsRequester", + "description": "A optional configuration block that allows for [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that requests\nthe peering connection (a maximum of one).\n" + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "The ID of the requester VPC peering connection.\n" + } + }, + "requiredInputs": [ + "vpcPeeringConnectionId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PeeringConnectionOptions resources.\n", + "properties": { + "accepter": { + "$ref": "#/types/aws:ec2/PeeringConnectionOptionsAccepter:PeeringConnectionOptionsAccepter", + "description": "An optional configuration block that allows for [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that accepts\nthe peering connection (a maximum of one).\n" + }, + "requester": { + "$ref": "#/types/aws:ec2/PeeringConnectionOptionsRequester:PeeringConnectionOptionsRequester", + "description": "A optional configuration block that allows for [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that requests\nthe peering connection (a maximum of one).\n" + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "The ID of the requester VPC peering connection.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/placementGroup:PlacementGroup": { + "description": "Provides an EC2 placement group. Read more about placement groups\nin [AWS Docs](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst web = new aws.ec2.PlacementGroup(\"web\", {\n strategy: \"cluster\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nweb = aws.ec2.PlacementGroup(\"web\", strategy=\"cluster\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var web = new Aws.Ec2.PlacementGroup(\"web\", new Aws.Ec2.PlacementGroupArgs\n {\n Strategy = \"cluster\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewPlacementGroup(ctx, \"web\", &ec2.PlacementGroupArgs{\n\t\t\tStrategy: pulumi.String(\"cluster\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPlacement groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:ec2/placementGroup:PlacementGroup prod_pg production-placement-group\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the placement group.\n" + }, + "name": { + "type": "string", + "description": "The name of the placement group.\n" + }, + "placementGroupId": { + "type": "string", + "description": "The ID of the placement group.\n" + }, + "strategy": { + "type": "string", + "description": "The placement strategy. Can be `\"cluster\"`, `\"partition\"` or `\"spread\"`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "placementGroupId", + "strategy", + "tagsAll" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the placement group.\n" + }, + "strategy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/PlacementStrategy:PlacementStrategy" + } + ], + "description": "The placement strategy. Can be `\"cluster\"`, `\"partition\"` or `\"spread\"`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "strategy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PlacementGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the placement group.\n" + }, + "name": { + "type": "string", + "description": "The name of the placement group.\n" + }, + "placementGroupId": { + "type": "string", + "description": "The ID of the placement group.\n" + }, + "strategy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/PlacementStrategy:PlacementStrategy" + } + ], + "description": "The placement strategy. Can be `\"cluster\"`, `\"partition\"` or `\"spread\"`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ec2/proxyProtocolPolicy:ProxyProtocolPolicy": { + "description": "Provides a proxy protocol policy, which allows an ELB to carry a client connection information to a backend.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.elb.LoadBalancer(\"lb\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [\n {\n instancePort: 25,\n instanceProtocol: \"tcp\",\n lbPort: 25,\n lbProtocol: \"tcp\",\n },\n {\n instancePort: 587,\n instanceProtocol: \"tcp\",\n lbPort: 587,\n lbProtocol: \"tcp\",\n },\n ],\n});\nconst smtp = new aws.ec2.ProxyProtocolPolicy(\"smtp\", {\n loadBalancer: lb.name,\n instancePorts: [\n \"25\",\n \"587\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.elb.LoadBalancer(\"lb\",\n availability_zones=[\"us-east-1a\"],\n listeners=[\n aws.elb.LoadBalancerListenerArgs(\n instance_port=25,\n instance_protocol=\"tcp\",\n lb_port=25,\n lb_protocol=\"tcp\",\n ),\n aws.elb.LoadBalancerListenerArgs(\n instance_port=587,\n instance_protocol=\"tcp\",\n lb_port=587,\n lb_protocol=\"tcp\",\n ),\n ])\nsmtp = aws.ec2.ProxyProtocolPolicy(\"smtp\",\n load_balancer=lb.name,\n instance_ports=[\n \"25\",\n \"587\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lb = new Aws.Elb.LoadBalancer(\"lb\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 25,\n InstanceProtocol = \"tcp\",\n LbPort = 25,\n LbProtocol = \"tcp\",\n },\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 587,\n InstanceProtocol = \"tcp\",\n LbPort = 587,\n LbProtocol = \"tcp\",\n },\n },\n });\n var smtp = new Aws.Ec2.ProxyProtocolPolicy(\"smtp\", new Aws.Ec2.ProxyProtocolPolicyArgs\n {\n LoadBalancer = lb.Name,\n InstancePorts = \n {\n \"25\",\n \"587\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlb, err := elb.NewLoadBalancer(ctx, \"lb\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(25),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tLbPort: pulumi.Int(25),\n\t\t\t\t\tLbProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(587),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tLbPort: pulumi.Int(587),\n\t\t\t\t\tLbProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewProxyProtocolPolicy(ctx, \"smtp\", &ec2.ProxyProtocolPolicyArgs{\n\t\t\tLoadBalancer: lb.Name,\n\t\t\tInstancePorts: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"25\"),\n\t\t\t\tpulumi.String(\"587\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "instancePorts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of instance ports to which the policy\nshould be applied. This can be specified if the protocol is SSL or TCP.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + } + }, + "required": [ + "instancePorts", + "loadBalancer" + ], + "inputProperties": { + "instancePorts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of instance ports to which the policy\nshould be applied. This can be specified if the protocol is SSL or TCP.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + } + }, + "requiredInputs": [ + "instancePorts", + "loadBalancer" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ProxyProtocolPolicy resources.\n", + "properties": { + "instancePorts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of instance ports to which the policy\nshould be applied. This can be specified if the protocol is SSL or TCP.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/route:Route": { + "description": "\n\n\n## Import\n\nIndividual routes can be imported using `ROUTETABLEID_DESTINATION`. For example, import a route in route table `rtb-656C65616E6F72` with an IPv4 destination CIDR of `10.42.0.0/16` like thisconsole\n\n```sh\n $ pulumi import aws:ec2/route:Route my_route rtb-656C65616E6F72_10.42.0.0/16\n```\n\n Import a route in route table `rtb-656C65616E6F72` with an IPv6 destination CIDR of `2620:0:2d0:200::8/125` similarlyconsole\n\n```sh\n $ pulumi import aws:ec2/route:Route my_route rtb-656C65616E6F72_2620:0:2d0:200::8/125\n```\n\n Import a route in route table `rtb-656C65616E6F72` with a managed prefix list destination of `pl-0570a1d2d725c16be` similarlyconsole\n\n```sh\n $ pulumi import aws:ec2/route:Route my_route rtb-656C65616E6F72_pl-0570a1d2d725c16be\n```\n\n ", + "properties": { + "carrierGatewayId": { + "type": "string", + "description": "Identifier of a carrier gateway. This attribute can only be used when the VPC contains a subnet which is associated with a Wavelength Zone.\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "The destination CIDR block.\n" + }, + "destinationIpv6CidrBlock": { + "type": "string", + "description": "The destination IPv6 CIDR block.\n" + }, + "destinationPrefixListId": { + "type": "string", + "description": "The ID of a managed prefix list destination.\n" + }, + "egressOnlyGatewayId": { + "type": "string", + "description": "Identifier of a VPC Egress Only Internet Gateway.\n" + }, + "gatewayId": { + "type": "string", + "description": "Identifier of a VPC internet gateway or a virtual private gateway.\n" + }, + "instanceId": { + "type": "string", + "description": "Identifier of an EC2 instance.\n" + }, + "instanceOwnerId": { + "type": "string", + "description": "The AWS account ID of the owner of the EC2 instance.\n" + }, + "localGatewayId": { + "type": "string", + "description": "Identifier of a Outpost local gateway.\n" + }, + "natGatewayId": { + "type": "string", + "description": "Identifier of a VPC NAT gateway.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "Identifier of an EC2 network interface.\n" + }, + "origin": { + "type": "string", + "description": "How the route was created - `CreateRouteTable`, `CreateRoute` or `EnableVgwRoutePropagation`.\n" + }, + "routeTableId": { + "type": "string", + "description": "The ID of the routing table.\n" + }, + "state": { + "type": "string", + "description": "The state of the route - `active` or `blackhole`.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of an EC2 Transit Gateway.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "Identifier of a VPC Endpoint.\n" + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "Identifier of a VPC peering connection.\n" + } + }, + "required": [ + "instanceId", + "instanceOwnerId", + "networkInterfaceId", + "origin", + "routeTableId", + "state" + ], + "inputProperties": { + "carrierGatewayId": { + "type": "string", + "description": "Identifier of a carrier gateway. This attribute can only be used when the VPC contains a subnet which is associated with a Wavelength Zone.\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "The destination CIDR block.\n" + }, + "destinationIpv6CidrBlock": { + "type": "string", + "description": "The destination IPv6 CIDR block.\n" + }, + "destinationPrefixListId": { + "type": "string", + "description": "The ID of a managed prefix list destination.\n" + }, + "egressOnlyGatewayId": { + "type": "string", + "description": "Identifier of a VPC Egress Only Internet Gateway.\n" + }, + "gatewayId": { + "type": "string", + "description": "Identifier of a VPC internet gateway or a virtual private gateway.\n" + }, + "instanceId": { + "type": "string", + "description": "Identifier of an EC2 instance.\n" + }, + "localGatewayId": { + "type": "string", + "description": "Identifier of a Outpost local gateway.\n" + }, + "natGatewayId": { + "type": "string", + "description": "Identifier of a VPC NAT gateway.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "Identifier of an EC2 network interface.\n" + }, + "routeTableId": { + "type": "string", + "description": "The ID of the routing table.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of an EC2 Transit Gateway.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "Identifier of a VPC Endpoint.\n" + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "Identifier of a VPC peering connection.\n" + } + }, + "requiredInputs": [ + "routeTableId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Route resources.\n", + "properties": { + "carrierGatewayId": { + "type": "string", + "description": "Identifier of a carrier gateway. This attribute can only be used when the VPC contains a subnet which is associated with a Wavelength Zone.\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "The destination CIDR block.\n" + }, + "destinationIpv6CidrBlock": { + "type": "string", + "description": "The destination IPv6 CIDR block.\n" + }, + "destinationPrefixListId": { + "type": "string", + "description": "The ID of a managed prefix list destination.\n" + }, + "egressOnlyGatewayId": { + "type": "string", + "description": "Identifier of a VPC Egress Only Internet Gateway.\n" + }, + "gatewayId": { + "type": "string", + "description": "Identifier of a VPC internet gateway or a virtual private gateway.\n" + }, + "instanceId": { + "type": "string", + "description": "Identifier of an EC2 instance.\n" + }, + "instanceOwnerId": { + "type": "string", + "description": "The AWS account ID of the owner of the EC2 instance.\n" + }, + "localGatewayId": { + "type": "string", + "description": "Identifier of a Outpost local gateway.\n" + }, + "natGatewayId": { + "type": "string", + "description": "Identifier of a VPC NAT gateway.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "Identifier of an EC2 network interface.\n" + }, + "origin": { + "type": "string", + "description": "How the route was created - `CreateRouteTable`, `CreateRoute` or `EnableVgwRoutePropagation`.\n" + }, + "routeTableId": { + "type": "string", + "description": "The ID of the routing table.\n" + }, + "state": { + "type": "string", + "description": "The state of the route - `active` or `blackhole`.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of an EC2 Transit Gateway.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "Identifier of a VPC Endpoint.\n" + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "Identifier of a VPC peering connection.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/routeTable:RouteTable": { + "description": "Provides a resource to create a VPC routing table.\n\n> **NOTE on Route Tables and Routes:** This provider currently\nprovides both a standalone Route resource and a Route Table resource with routes\ndefined in-line. At this time you cannot use a Route Table with in-line routes\nin conjunction with any Route resources. Doing so will cause\na conflict of rule settings and will overwrite rules.\n\n> **NOTE on `gateway_id` and `nat_gateway_id`:** The AWS API is very forgiving with these two\nattributes and the `aws.ec2.RouteTable` resource can be created with a NAT ID specified as a Gateway ID attribute.\nThis _will_ lead to a permanent diff between your configuration and statefile, as the API returns the correct\nparameters in the returned route table. If you're experiencing constant diffs in your `aws.ec2.RouteTable` resources,\nthe first thing to check is whether or not you're specifying a NAT ID instead of a Gateway ID, or vice-versa.\n\n> **NOTE on `propagating_vgws` and the `aws.ec2.VpnGatewayRoutePropagation` resource:**\nIf the `propagating_vgws` argument is present, it's not supported to _also_\ndefine route propagations using `aws.ec2.VpnGatewayRoutePropagation`, since\nthis resource will delete any propagating gateways not explicitly listed in\n`propagating_vgws`. Omit this argument when defining route propagation using\nthe separate resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.RouteTable(\"example\", {\n vpcId: aws_vpc.example.id,\n routes: [\n {\n cidrBlock: \"10.0.1.0/24\",\n gatewayId: aws_internet_gateway.example.id,\n },\n {\n ipv6CidrBlock: \"::/0\",\n egressOnlyGatewayId: aws_egress_only_internet_gateway.example.id,\n },\n ],\n tags: {\n Name: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.RouteTable(\"example\",\n vpc_id=aws_vpc[\"example\"][\"id\"],\n routes=[\n aws.ec2.RouteTableRouteArgs(\n cidr_block=\"10.0.1.0/24\",\n gateway_id=aws_internet_gateway[\"example\"][\"id\"],\n ),\n aws.ec2.RouteTableRouteArgs(\n ipv6_cidr_block=\"::/0\",\n egress_only_gateway_id=aws_egress_only_internet_gateway[\"example\"][\"id\"],\n ),\n ],\n tags={\n \"Name\": \"example\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.RouteTable(\"example\", new Aws.Ec2.RouteTableArgs\n {\n VpcId = aws_vpc.Example.Id,\n Routes = \n {\n new Aws.Ec2.Inputs.RouteTableRouteArgs\n {\n CidrBlock = \"10.0.1.0/24\",\n GatewayId = aws_internet_gateway.Example.Id,\n },\n new Aws.Ec2.Inputs.RouteTableRouteArgs\n {\n Ipv6CidrBlock = \"::/0\",\n EgressOnlyGatewayId = aws_egress_only_internet_gateway.Example.Id,\n },\n },\n Tags = \n {\n { \"Name\", \"example\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewRouteTable(ctx, \"example\", &ec2.RouteTableArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\tRoutes: ec2.RouteTableRouteArray{\n\t\t\t\t&ec2.RouteTableRouteArgs{\n\t\t\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t\t\t\tGatewayId: pulumi.Any(aws_internet_gateway.Example.Id),\n\t\t\t\t},\n\t\t\t\t&ec2.RouteTableRouteArgs{\n\t\t\t\t\tIpv6CidrBlock: pulumi.String(\"::/0\"),\n\t\t\t\t\tEgressOnlyGatewayId: pulumi.Any(aws_egress_only_internet_gateway.Example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nTo subsequently remove all managed routes:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.RouteTable(\"example\", {\n vpcId: aws_vpc.example.id,\n routes: [],\n tags: {\n Name: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.RouteTable(\"example\",\n vpc_id=aws_vpc[\"example\"][\"id\"],\n routes=[],\n tags={\n \"Name\": \"example\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.RouteTable(\"example\", new Aws.Ec2.RouteTableArgs\n {\n VpcId = aws_vpc.Example.Id,\n Routes = {},\n Tags = \n {\n { \"Name\", \"example\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewRouteTable(ctx, \"example\", &ec2.RouteTableArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\tRoutes: ec2.RouteTableRouteArray{},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute Tables can be imported using the route table `id`. For example, to import route table `rtb-4e616f6d69`, use this command\n\n```sh\n $ pulumi import aws:ec2/routeTable:RouteTable public_rt rtb-4e616f6d69\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the route table.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the route table.\n" + }, + "propagatingVgws": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of virtual gateways for propagation.\n" + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/RouteTableRoute:RouteTableRoute" + }, + "description": "A list of route objects. Their keys are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID.\n" + } + }, + "required": [ + "arn", + "ownerId", + "propagatingVgws", + "routes", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "propagatingVgws": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of virtual gateways for propagation.\n" + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/RouteTableRoute:RouteTableRoute" + }, + "description": "A list of route objects. Their keys are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID.\n" + } + }, + "requiredInputs": [ + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RouteTable resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the route table.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the route table.\n" + }, + "propagatingVgws": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of virtual gateways for propagation.\n" + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/RouteTableRoute:RouteTableRoute" + }, + "description": "A list of route objects. Their keys are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/routeTableAssociation:RouteTableAssociation": { + "description": "Provides a resource to create an association between a route table and a subnet or a route table and an\ninternet gateway or virtual private gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst routeTableAssociation = new aws.ec2.RouteTableAssociation(\"routeTableAssociation\", {\n subnetId: aws_subnet.foo.id,\n routeTableId: aws_route_table.bar.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nroute_table_association = aws.ec2.RouteTableAssociation(\"routeTableAssociation\",\n subnet_id=aws_subnet[\"foo\"][\"id\"],\n route_table_id=aws_route_table[\"bar\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var routeTableAssociation = new Aws.Ec2.RouteTableAssociation(\"routeTableAssociation\", new Aws.Ec2.RouteTableAssociationArgs\n {\n SubnetId = aws_subnet.Foo.Id,\n RouteTableId = aws_route_table.Bar.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewRouteTableAssociation(ctx, \"routeTableAssociation\", &ec2.RouteTableAssociationArgs{\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Foo.Id),\n\t\t\tRouteTableId: pulumi.Any(aws_route_table.Bar.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst routeTableAssociation = new aws.ec2.RouteTableAssociation(\"routeTableAssociation\", {\n gatewayId: aws_internet_gateway.foo.id,\n routeTableId: aws_route_table.bar.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nroute_table_association = aws.ec2.RouteTableAssociation(\"routeTableAssociation\",\n gateway_id=aws_internet_gateway[\"foo\"][\"id\"],\n route_table_id=aws_route_table[\"bar\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var routeTableAssociation = new Aws.Ec2.RouteTableAssociation(\"routeTableAssociation\", new Aws.Ec2.RouteTableAssociationArgs\n {\n GatewayId = aws_internet_gateway.Foo.Id,\n RouteTableId = aws_route_table.Bar.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewRouteTableAssociation(ctx, \"routeTableAssociation\", &ec2.RouteTableAssociationArgs{\n\t\t\tGatewayId: pulumi.Any(aws_internet_gateway.Foo.Id),\n\t\t\tRouteTableId: pulumi.Any(aws_route_table.Bar.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nis already associated, will result in an error (e.g., `Resource.AlreadyAssociatedthe specified association for route table rtb-4176657279 conflicts with an existing association`) unless you first import the original association. EC2 Route Table Associations can be imported using the associated resource ID and Route Table ID separated by a forward slash (`/`). For example with EC2 Subnets\n\n```sh\n $ pulumi import aws:ec2/routeTableAssociation:RouteTableAssociation assoc subnet-6777656e646f6c796e/rtb-656c65616e6f72\n```\n\n For example with EC2 Internet Gateways\n\n```sh\n $ pulumi import aws:ec2/routeTableAssociation:RouteTableAssociation assoc igw-01b3a60780f8d034a/rtb-656c65616e6f72\n```\n\n ", + "properties": { + "gatewayId": { + "type": "string", + "description": "The gateway ID to create an association. Conflicts with `subnet_id`.\n" + }, + "routeTableId": { + "type": "string", + "description": "The ID of the routing table to associate with.\n" + }, + "subnetId": { + "type": "string", + "description": "The subnet ID to create an association. Conflicts with `gateway_id`.\n" + } + }, + "required": [ + "routeTableId" + ], + "inputProperties": { + "gatewayId": { + "type": "string", + "description": "The gateway ID to create an association. Conflicts with `subnet_id`.\n" + }, + "routeTableId": { + "type": "string", + "description": "The ID of the routing table to associate with.\n" + }, + "subnetId": { + "type": "string", + "description": "The subnet ID to create an association. Conflicts with `gateway_id`.\n" + } + }, + "requiredInputs": [ + "routeTableId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RouteTableAssociation resources.\n", + "properties": { + "gatewayId": { + "type": "string", + "description": "The gateway ID to create an association. Conflicts with `subnet_id`.\n" + }, + "routeTableId": { + "type": "string", + "description": "The ID of the routing table to associate with.\n" + }, + "subnetId": { + "type": "string", + "description": "The subnet ID to create an association. Conflicts with `gateway_id`.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/securityGroup:SecurityGroup": { + "description": "Provides a security group resource.\n\n> **NOTE on Security Groups and Security Group Rules:** This provider currently\nprovides both a standalone Security Group Rule resource (a single `ingress` or\n`egress` rule), and a Security Group resource with `ingress` and `egress` rules\ndefined in-line. At this time you cannot use a Security Group with in-line rules\nin conjunction with any Security Group Rule resources. Doing so will cause\na conflict of rule settings and will overwrite rules.\n\n> **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n> **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), security groups associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst allowTls = new aws.ec2.SecurityGroup(\"allowTls\", {\n description: \"Allow TLS inbound traffic\",\n vpcId: aws_vpc.main.id,\n ingress: [{\n description: \"TLS from VPC\",\n fromPort: 443,\n toPort: 443,\n protocol: \"tcp\",\n cidrBlocks: [aws_vpc.main.cidr_block],\n ipv6CidrBlocks: [aws_vpc.main.ipv6_cidr_block],\n }],\n egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: [\"0.0.0.0/0\"],\n ipv6CidrBlocks: [\"::/0\"],\n }],\n tags: {\n Name: \"allow_tls\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nallow_tls = aws.ec2.SecurityGroup(\"allowTls\",\n description=\"Allow TLS inbound traffic\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n description=\"TLS from VPC\",\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=[aws_vpc[\"main\"][\"cidr_block\"]],\n ipv6_cidr_blocks=[aws_vpc[\"main\"][\"ipv6_cidr_block\"]],\n )],\n egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n cidr_blocks=[\"0.0.0.0/0\"],\n ipv6_cidr_blocks=[\"::/0\"],\n )],\n tags={\n \"Name\": \"allow_tls\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var allowTls = new Aws.Ec2.SecurityGroup(\"allowTls\", new Aws.Ec2.SecurityGroupArgs\n {\n Description = \"Allow TLS inbound traffic\",\n VpcId = aws_vpc.Main.Id,\n Ingress = \n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n Description = \"TLS from VPC\",\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = \n {\n aws_vpc.Main.Cidr_block,\n },\n Ipv6CidrBlocks = \n {\n aws_vpc.Main.Ipv6_cidr_block,\n },\n },\n },\n Egress = \n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = \n {\n \"0.0.0.0/0\",\n },\n Ipv6CidrBlocks = \n {\n \"::/0\",\n },\n },\n },\n Tags = \n {\n { \"Name\", \"allow_tls\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"allowTls\", &ec2.SecurityGroupArgs{\n\t\t\tDescription: pulumi.String(\"Allow TLS inbound traffic\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{\n\t\t\t\t&ec2.SecurityGroupIngressArgs{\n\t\t\t\t\tDescription: pulumi.String(\"TLS from VPC\"),\n\t\t\t\t\tFromPort: pulumi.Int(443),\n\t\t\t\t\tToPort: pulumi.Int(443),\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_vpc.Main.Cidr_block),\n\t\t\t\t\t},\n\t\t\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_vpc.Main.Ipv6_cidr_block),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t&ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"::/0\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"allow_tls\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n> **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a new Security Group inside of a VPC. When creating a new Security Group inside a VPC, **this provider will remove this default rule**, and require you specifically re-create it if you desire that rule. We feel this leads to fewer surprises in terms of controlling your egress rules. If you desire this rule to be in place, you can use this `egress` block:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroup(\"example\", {\n egress: [{\n cidrBlocks: [\"0.0.0.0/0\"],\n fromPort: 0,\n ipv6CidrBlocks: [\"::/0\"],\n protocol: \"-1\",\n toPort: 0,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroup(\"example\", egress=[aws.ec2.SecurityGroupEgressArgs(\n cidr_blocks=[\"0.0.0.0/0\"],\n from_port=0,\n ipv6_cidr_blocks=[\"::/0\"],\n protocol=\"-1\",\n to_port=0,\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.SecurityGroup(\"example\", new Aws.Ec2.SecurityGroupArgs\n {\n Egress = \n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n CidrBlocks = \n {\n \"0.0.0.0/0\",\n },\n FromPort = 0,\n Ipv6CidrBlocks = \n {\n \"::/0\",\n },\n Protocol = \"-1\",\n ToPort = 0,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroup(ctx, \"example\", &ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t&ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"::/0\"),\n\t\t\t\t\t},\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nPrefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"myEndpoint\", {});\n// ... other configuration ...\n// ... other configuration ...\nconst example = new aws.ec2.SecurityGroup(\"example\", {egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_endpoint = aws.ec2.VpcEndpoint(\"myEndpoint\")\n# ... other configuration ...\n# ... other configuration ...\nexample = aws.ec2.SecurityGroup(\"example\", egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n prefix_list_ids=[my_endpoint.prefix_list_id],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"myEndpoint\", new Aws.Ec2.VpcEndpointArgs\n {\n });\n // ... other configuration ...\n // ... other configuration ...\n var example = new Aws.Ec2.SecurityGroup(\"example\", new Aws.Ec2.SecurityGroupArgs\n {\n Egress = \n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = \n {\n myEndpoint.PrefixListId,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"myEndpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"example\", &ec2.SecurityGroupArgs{\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t&ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList` data source.\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSecurity Groups can be imported using the `security group id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/securityGroup:SecurityGroup elb_sg sg-903004f8\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the security group.\n" + }, + "description": { + "type": "string", + "description": "Description of this egress rule.\n", + "default": "Managed by Pulumi" + }, + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SecurityGroupEgress:SecurityGroupEgress" + }, + "description": "Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SecurityGroupIngress:SecurityGroupIngress" + }, + "description": "Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.\n" + }, + "name": { + "type": "string", + "description": "Name of the security group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "ownerId": { + "type": "string", + "description": "Owner ID.\n" + }, + "revokeRulesOnDelete": { + "type": "boolean", + "description": "Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default `false`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID.\n" + } + }, + "required": [ + "arn", + "description", + "egress", + "ingress", + "name", + "namePrefix", + "ownerId", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of this egress rule.\n", + "default": "Managed by Pulumi" + }, + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SecurityGroupEgress:SecurityGroupEgress" + }, + "description": "Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SecurityGroupIngress:SecurityGroupIngress" + }, + "description": "Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.\n" + }, + "name": { + "type": "string", + "description": "Name of the security group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "revokeRulesOnDelete": { + "type": "boolean", + "description": "Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default `false`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SecurityGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the security group.\n" + }, + "description": { + "type": "string", + "description": "Description of this egress rule.\n", + "default": "Managed by Pulumi" + }, + "egress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SecurityGroupEgress:SecurityGroupEgress" + }, + "description": "Configuration block for egress rules. Can be specified multiple times for each egress rule. Each egress block supports fields documented below.\n" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SecurityGroupIngress:SecurityGroupIngress" + }, + "description": "Configuration block for egress rules. Can be specified multiple times for each ingress rule. Each ingress block supports fields documented below.\n" + }, + "name": { + "type": "string", + "description": "Name of the security group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "ownerId": { + "type": "string", + "description": "Owner ID.\n" + }, + "revokeRulesOnDelete": { + "type": "boolean", + "description": "Instruct this provider to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself. This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first. Default `false`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "VPC ID.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/securityGroupRule:SecurityGroupRule": { + "description": "Provides a security group rule resource. Represents a single `ingress` or\n`egress` group rule, which can be added to external Security Groups.\n\n> **NOTE on Security Groups and Security Group Rules:** This provider currently\nprovides both a standalone Security Group Rule resource (a single `ingress` or\n`egress` rule), and a Security Group resource with `ingress` and `egress` rules\ndefined in-line. At this time you cannot use a Security Group with in-line rules\nin conjunction with any Security Group Rule resources. Doing so will cause\na conflict of rule settings and will overwrite rules.\n\n> **NOTE:** Setting `protocol = \"all\"` or `protocol = -1` with `from_port` and `to_port` will result in the EC2 API creating a security group rule with all ports open. This API behavior cannot be controlled by this provider and may generate warnings in the future.\n\n> **NOTE:** Referencing Security Groups across VPC peering has certain restrictions. More information is available in the [VPC Peering User Guide](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.SecurityGroupRule(\"example\", {\n type: \"ingress\",\n fromPort: 0,\n toPort: 65535,\n protocol: \"tcp\",\n cidrBlocks: [aws_vpc.example.cidr_block],\n ipv6CidrBlocks: [aws_vpc.example.ipv6_cidr_block],\n securityGroupId: \"sg-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.SecurityGroupRule(\"example\",\n type=\"ingress\",\n from_port=0,\n to_port=65535,\n protocol=\"tcp\",\n cidr_blocks=[aws_vpc[\"example\"][\"cidr_block\"]],\n ipv6_cidr_blocks=[aws_vpc[\"example\"][\"ipv6_cidr_block\"]],\n security_group_id=\"sg-123456\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.SecurityGroupRule(\"example\", new Aws.Ec2.SecurityGroupRuleArgs\n {\n Type = \"ingress\",\n FromPort = 0,\n ToPort = 65535,\n Protocol = \"tcp\",\n CidrBlocks = \n {\n aws_vpc.Example.Cidr_block,\n },\n Ipv6CidrBlocks = \n {\n aws_vpc.Example.Ipv6_cidr_block,\n },\n SecurityGroupId = \"sg-123456\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSecurityGroupRule(ctx, \"example\", &ec2.SecurityGroupRuleArgs{\n\t\t\tType: pulumi.String(\"ingress\"),\n\t\t\tFromPort: pulumi.Int(0),\n\t\t\tToPort: pulumi.Int(65535),\n\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_vpc.Example.Cidr_block),\n\t\t\t},\n\t\t\tIpv6CidrBlocks: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_vpc.Example.Ipv6_cidr_block),\n\t\t\t},\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Usage With Prefix List IDs\n\nPrefix Lists are either managed by AWS internally, or created by the customer using a\nManaged Prefix List resource. Prefix Lists provided by\nAWS are associated with a prefix list name, or service name, that is linked to a specific region.\n\nPrefix list IDs are exported on VPC Endpoints, so you can use this format:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst myEndpoint = new aws.ec2.VpcEndpoint(\"myEndpoint\", {});\n// ...\nconst allowAll = new aws.ec2.SecurityGroupRule(\"allowAll\", {\n type: \"egress\",\n toPort: 0,\n protocol: \"-1\",\n prefixListIds: [myEndpoint.prefixListId],\n fromPort: 0,\n securityGroupId: \"sg-123456\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nmy_endpoint = aws.ec2.VpcEndpoint(\"myEndpoint\")\n# ...\nallow_all = aws.ec2.SecurityGroupRule(\"allowAll\",\n type=\"egress\",\n to_port=0,\n protocol=\"-1\",\n prefix_list_ids=[my_endpoint.prefix_list_id],\n from_port=0,\n security_group_id=\"sg-123456\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ...\n var myEndpoint = new Aws.Ec2.VpcEndpoint(\"myEndpoint\", new Aws.Ec2.VpcEndpointArgs\n {\n });\n // ...\n var allowAll = new Aws.Ec2.SecurityGroupRule(\"allowAll\", new Aws.Ec2.SecurityGroupRuleArgs\n {\n Type = \"egress\",\n ToPort = 0,\n Protocol = \"-1\",\n PrefixListIds = \n {\n myEndpoint.PrefixListId,\n },\n FromPort = 0,\n SecurityGroupId = \"sg-123456\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyEndpoint, err := ec2.NewVpcEndpoint(ctx, \"myEndpoint\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroupRule(ctx, \"allowAll\", &ec2.SecurityGroupRuleArgs{\n\t\t\tType: pulumi.String(\"egress\"),\n\t\t\tToPort: pulumi.Int(0),\n\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\tPrefixListIds: pulumi.StringArray{\n\t\t\t\tmyEndpoint.PrefixListId,\n\t\t\t},\n\t\t\tFromPort: pulumi.Int(0),\n\t\t\tSecurityGroupId: pulumi.String(\"sg-123456\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nYou can also find a specific Prefix List using the `aws.ec2.getPrefixList` data source.\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSecurity Group Rules can be imported using the `security_group_id`, `type`, `protocol`, `from_port`, `to_port`, and source(s)/destination(s) (e.g. `cidr_block`) separated by underscores (`_`). All parts are required. Not all rule permissions (e.g., not all of a rule's CIDR blocks) need to be imported for this provider to manage rule permissions. However, importing some of a rule's permissions but not others, and then making changes to the rule will result in the creation of an additional rule to capture the updated permissions. Rule permissions that were not imported are left intact in the original rule. Import an ingress rule in security group `sg-6e616f6d69` for TCP port 8000 with an IPv4 destination CIDR of `10.0.3.0/24`console\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-6e616f6d69_ingress_tcp_8000_8000_10.0.3.0/24\n```\n\n Import a rule with various IPv4 and IPv6 source CIDR blocksconsole\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-4973616163_ingress_tcp_100_121_10.1.0.0/16_2001:db8::/48_10.2.0.0/16_2002:db8::/48\n```\n\n Import a rule, applicable to all ports, with a protocol other than TCP/UDP/ICMP/ALL, e.g., Multicast Transport Protocol (MTP), using the IANA protocol number, e.g., 92. console\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress sg-6777656e646f6c796e_ingress_92_0_65536_10.0.3.0/24_10.0.4.0/24\n```\n\n Import an egress rule with a prefix list ID destinationconsole\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule egress sg-62726f6479_egress_tcp_8000_8000_pl-6469726b\n```\n\n Import a rule applicable to all protocols and ports with a security group sourceconsole\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule ingress_rule sg-7472697374616e_ingress_all_0_65536_sg-6176657279\n```\n\n Import a rule that has itself and an IPv6 CIDR block as sourcesconsole\n\n```sh\n $ pulumi import aws:ec2/securityGroupRule:SecurityGroupRule rule_name sg-656c65616e6f72_ingress_tcp_80_80_self_2001:db8::/48\n```\n\n ", + "properties": { + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CIDR blocks. Cannot be specified with `source_security_group_id` or `self`.\n" + }, + "description": { + "type": "string", + "description": "Description of the rule.\n" + }, + "fromPort": { + "type": "integer", + "description": "Start port (or ICMP type number if protocol is \"icmp\" or \"icmpv6\").\n" + }, + "ipv6CidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv6 CIDR blocks. Cannot be specified with `source_security_group_id` or `self`.\n" + }, + "prefixListIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Prefix List IDs.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. If not icmp, icmpv6, tcp, udp, or all use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)\n" + }, + "securityGroupId": { + "type": "string", + "description": "Security group to apply this rule to.\n" + }, + "self": { + "type": "boolean", + "description": "Whether the security group itself will be added as a source to this ingress rule. Cannot be specified with `cidr_blocks`, `ipv6_cidr_blocks`, or `source_security_group_id`.\n" + }, + "sourceSecurityGroupId": { + "type": "string", + "description": "Security group id to allow access to/from, depending on the `type`. Cannot be specified with `cidr_blocks`, `ipv6_cidr_blocks`, or `self`.\n" + }, + "toPort": { + "type": "integer", + "description": "End port (or ICMP code if protocol is \"icmp\").\n" + }, + "type": { + "type": "string", + "description": "Type of rule being created. Valid options are `ingress` (inbound)\nor `egress` (outbound).\n" + } + }, + "required": [ + "fromPort", + "protocol", + "securityGroupId", + "sourceSecurityGroupId", + "toPort", + "type" + ], + "inputProperties": { + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CIDR blocks. Cannot be specified with `source_security_group_id` or `self`.\n" + }, + "description": { + "type": "string", + "description": "Description of the rule.\n" + }, + "fromPort": { + "type": "integer", + "description": "Start port (or ICMP type number if protocol is \"icmp\" or \"icmpv6\").\n" + }, + "ipv6CidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv6 CIDR blocks. Cannot be specified with `source_security_group_id` or `self`.\n" + }, + "prefixListIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Prefix List IDs.\n" + }, + "protocol": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/ProtocolType:ProtocolType" + } + ], + "description": "Protocol. If not icmp, icmpv6, tcp, udp, or all use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)\n" + }, + "securityGroupId": { + "type": "string", + "description": "Security group to apply this rule to.\n" + }, + "self": { + "type": "boolean", + "description": "Whether the security group itself will be added as a source to this ingress rule. Cannot be specified with `cidr_blocks`, `ipv6_cidr_blocks`, or `source_security_group_id`.\n" + }, + "sourceSecurityGroupId": { + "type": "string", + "description": "Security group id to allow access to/from, depending on the `type`. Cannot be specified with `cidr_blocks`, `ipv6_cidr_blocks`, or `self`.\n" + }, + "toPort": { + "type": "integer", + "description": "End port (or ICMP code if protocol is \"icmp\").\n" + }, + "type": { + "type": "string", + "description": "Type of rule being created. Valid options are `ingress` (inbound)\nor `egress` (outbound).\n" + } + }, + "requiredInputs": [ + "fromPort", + "protocol", + "securityGroupId", + "toPort", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SecurityGroupRule resources.\n", + "properties": { + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of CIDR blocks. Cannot be specified with `source_security_group_id` or `self`.\n" + }, + "description": { + "type": "string", + "description": "Description of the rule.\n" + }, + "fromPort": { + "type": "integer", + "description": "Start port (or ICMP type number if protocol is \"icmp\" or \"icmpv6\").\n" + }, + "ipv6CidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv6 CIDR blocks. Cannot be specified with `source_security_group_id` or `self`.\n" + }, + "prefixListIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Prefix List IDs.\n" + }, + "protocol": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ec2/ProtocolType:ProtocolType" + } + ], + "description": "Protocol. If not icmp, icmpv6, tcp, udp, or all use the [protocol number](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml)\n" + }, + "securityGroupId": { + "type": "string", + "description": "Security group to apply this rule to.\n" + }, + "self": { + "type": "boolean", + "description": "Whether the security group itself will be added as a source to this ingress rule. Cannot be specified with `cidr_blocks`, `ipv6_cidr_blocks`, or `source_security_group_id`.\n" + }, + "sourceSecurityGroupId": { + "type": "string", + "description": "Security group id to allow access to/from, depending on the `type`. Cannot be specified with `cidr_blocks`, `ipv6_cidr_blocks`, or `self`.\n" + }, + "toPort": { + "type": "integer", + "description": "End port (or ICMP code if protocol is \"icmp\").\n" + }, + "type": { + "type": "string", + "description": "Type of rule being created. Valid options are `ingress` (inbound)\nor `egress` (outbound).\n" + } + }, + "type": "object" + } + }, + "aws:ec2/snapshotCreateVolumePermission:SnapshotCreateVolumePermission": { + "description": "Adds permission to create volumes off of a given EBS Snapshot.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ebs.Volume(\"example\", {\n availabilityZone: \"us-west-2a\",\n size: 40,\n});\nconst exampleSnapshot = new aws.ebs.Snapshot(\"exampleSnapshot\", {volumeId: example.id});\nconst examplePerm = new aws.ec2.SnapshotCreateVolumePermission(\"examplePerm\", {\n snapshotId: exampleSnapshot.id,\n accountId: \"12345678\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ebs.Volume(\"example\",\n availability_zone=\"us-west-2a\",\n size=40)\nexample_snapshot = aws.ebs.Snapshot(\"exampleSnapshot\", volume_id=example.id)\nexample_perm = aws.ec2.SnapshotCreateVolumePermission(\"examplePerm\",\n snapshot_id=example_snapshot.id,\n account_id=\"12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ebs.Volume(\"example\", new Aws.Ebs.VolumeArgs\n {\n AvailabilityZone = \"us-west-2a\",\n Size = 40,\n });\n var exampleSnapshot = new Aws.Ebs.Snapshot(\"exampleSnapshot\", new Aws.Ebs.SnapshotArgs\n {\n VolumeId = example.Id,\n });\n var examplePerm = new Aws.Ec2.SnapshotCreateVolumePermission(\"examplePerm\", new Aws.Ec2.SnapshotCreateVolumePermissionArgs\n {\n SnapshotId = exampleSnapshot.Id,\n AccountId = \"12345678\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ebs.NewVolume(ctx, \"example\", &ebs.VolumeArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tSize: pulumi.Int(40),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleSnapshot, err := ebs.NewSnapshot(ctx, \"exampleSnapshot\", &ebs.SnapshotArgs{\n\t\t\tVolumeId: example.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSnapshotCreateVolumePermission(ctx, \"examplePerm\", &ec2.SnapshotCreateVolumePermissionArgs{\n\t\t\tSnapshotId: exampleSnapshot.ID(),\n\t\t\tAccountId: pulumi.String(\"12345678\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "accountId": { + "type": "string", + "description": "An AWS Account ID to add create volume permissions\n" + }, + "snapshotId": { + "type": "string", + "description": "A snapshot ID\n" + } + }, + "required": [ + "accountId", + "snapshotId" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "An AWS Account ID to add create volume permissions\n" + }, + "snapshotId": { + "type": "string", + "description": "A snapshot ID\n" + } + }, + "requiredInputs": [ + "accountId", + "snapshotId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SnapshotCreateVolumePermission resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "An AWS Account ID to add create volume permissions\n" + }, + "snapshotId": { + "type": "string", + "description": "A snapshot ID\n" + } + }, + "type": "object" + } + }, + "aws:ec2/spotDatafeedSubscription:SpotDatafeedSubscription": { + "description": "> **Note:** There is only a single subscription allowed per account.\n\nTo help you understand the charges for your Spot instances, Amazon EC2 provides a data feed that describes your Spot instance usage and pricing.\nThis data feed is sent to an Amazon S3 bucket that you specify when you subscribe to the data feed.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultBucket = new aws.s3.Bucket(\"defaultBucket\", {});\nconst defaultSpotDatafeedSubscription = new aws.ec2.SpotDatafeedSubscription(\"defaultSpotDatafeedSubscription\", {\n bucket: defaultBucket.bucket,\n prefix: \"my_subdirectory\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_bucket = aws.s3.Bucket(\"defaultBucket\")\ndefault_spot_datafeed_subscription = aws.ec2.SpotDatafeedSubscription(\"defaultSpotDatafeedSubscription\",\n bucket=default_bucket.bucket,\n prefix=\"my_subdirectory\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var defaultBucket = new Aws.S3.Bucket(\"defaultBucket\", new Aws.S3.BucketArgs\n {\n });\n var defaultSpotDatafeedSubscription = new Aws.Ec2.SpotDatafeedSubscription(\"defaultSpotDatafeedSubscription\", new Aws.Ec2.SpotDatafeedSubscriptionArgs\n {\n Bucket = defaultBucket.BucketName,\n Prefix = \"my_subdirectory\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultBucket, err := s3.NewBucket(ctx, \"defaultBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSpotDatafeedSubscription(ctx, \"defaultSpotDatafeedSubscription\", &ec2.SpotDatafeedSubscriptionArgs{\n\t\t\tBucket: defaultBucket.Bucket,\n\t\t\tPrefix: pulumi.String(\"my_subdirectory\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nA Spot Datafeed Subscription can be imported using the word `spot-datafeed-subscription`, e.g.\n\n```sh\n $ pulumi import aws:ec2/spotDatafeedSubscription:SpotDatafeedSubscription mysubscription spot-datafeed-subscription\n```\n\n ", + "properties": { + "bucket": { + "type": "string", + "description": "The Amazon S3 bucket in which to store the Spot instance data feed.\n" + }, + "prefix": { + "type": "string", + "description": "Path of folder inside bucket to place spot pricing data.\n" + } + }, + "required": [ + "bucket" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "The Amazon S3 bucket in which to store the Spot instance data feed.\n" + }, + "prefix": { + "type": "string", + "description": "Path of folder inside bucket to place spot pricing data.\n" + } + }, + "requiredInputs": [ + "bucket" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SpotDatafeedSubscription resources.\n", + "properties": { + "bucket": { + "type": "string", + "description": "The Amazon S3 bucket in which to store the Spot instance data feed.\n" + }, + "prefix": { + "type": "string", + "description": "Path of folder inside bucket to place spot pricing data.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/spotFleetRequest:SpotFleetRequest": { + "description": "Provides an EC2 Spot Fleet Request resource. This allows a fleet of Spot\ninstances to be requested on the Spot market.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using launch specifications\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Request a Spot fleet\nconst cheapCompute = new aws.ec2.SpotFleetRequest(\"cheapCompute\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.03\",\n allocationStrategy: \"diversified\",\n targetCapacity: 6,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchSpecifications: [\n {\n instanceType: \"m4.10xlarge\",\n ami: \"ami-1234\",\n spotPrice: \"2.793\",\n placementTenancy: \"dedicated\",\n iamInstanceProfileArn: aws_iam_instance_profile.example.arn,\n },\n {\n instanceType: \"m4.4xlarge\",\n ami: \"ami-5678\",\n keyName: \"my-key\",\n spotPrice: \"1.117\",\n iamInstanceProfileArn: aws_iam_instance_profile.example.arn,\n availabilityZone: \"us-west-1a\",\n subnetId: \"subnet-1234\",\n weightedCapacity: 35,\n rootBlockDevices: [{\n volumeSize: \"300\",\n volumeType: \"gp2\",\n }],\n tags: {\n Name: \"spot-fleet-example\",\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Request a Spot fleet\ncheap_compute = aws.ec2.SpotFleetRequest(\"cheapCompute\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.03\",\n allocation_strategy=\"diversified\",\n target_capacity=6,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.10xlarge\",\n ami=\"ami-1234\",\n spot_price=\"2.793\",\n placement_tenancy=\"dedicated\",\n iam_instance_profile_arn=aws_iam_instance_profile[\"example\"][\"arn\"],\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n instance_type=\"m4.4xlarge\",\n ami=\"ami-5678\",\n key_name=\"my-key\",\n spot_price=\"1.117\",\n iam_instance_profile_arn=aws_iam_instance_profile[\"example\"][\"arn\"],\n availability_zone=\"us-west-1a\",\n subnet_id=\"subnet-1234\",\n weighted_capacity=\"35\",\n root_block_devices=[aws.ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs(\n volume_size=300,\n volume_type=\"gp2\",\n )],\n tags={\n \"Name\": \"spot-fleet-example\",\n },\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Request a Spot fleet\n var cheapCompute = new Aws.Ec2.SpotFleetRequest(\"cheapCompute\", new Aws.Ec2.SpotFleetRequestArgs\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.03\",\n AllocationStrategy = \"diversified\",\n TargetCapacity = 6,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchSpecifications = \n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.10xlarge\",\n Ami = \"ami-1234\",\n SpotPrice = \"2.793\",\n PlacementTenancy = \"dedicated\",\n IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n InstanceType = \"m4.4xlarge\",\n Ami = \"ami-5678\",\n KeyName = \"my-key\",\n SpotPrice = \"1.117\",\n IamInstanceProfileArn = aws_iam_instance_profile.Example.Arn,\n AvailabilityZone = \"us-west-1a\",\n SubnetId = \"subnet-1234\",\n WeightedCapacity = \"35\",\n RootBlockDevices = \n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs\n {\n VolumeSize = 300,\n VolumeType = \"gp2\",\n },\n },\n Tags = \n {\n { \"Name\", \"spot-fleet-example\" },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"cheapCompute\", &ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.03\"),\n\t\t\tAllocationStrategy: pulumi.String(\"diversified\"),\n\t\t\tTargetCapacity: pulumi.Int(6),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t&ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.10xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-1234\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"2.793\"),\n\t\t\t\t\tPlacementTenancy: pulumi.String(\"dedicated\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Example.Arn),\n\t\t\t\t},\n\t\t\t\t&ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.4xlarge\"),\n\t\t\t\t\tAmi: pulumi.String(\"ami-5678\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t\tSpotPrice: pulumi.String(\"1.117\"),\n\t\t\t\t\tIamInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Example.Arn),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-1a\"),\n\t\t\t\t\tSubnetId: pulumi.String(\"subnet-1234\"),\n\t\t\t\t\tWeightedCapacity: pulumi.String(\"35\"),\n\t\t\t\t\tRootBlockDevices: ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArray{\n\t\t\t\t\t\t&ec2.SpotFleetRequestLaunchSpecificationRootBlockDeviceArgs{\n\t\t\t\t\t\t\tVolumeSize: pulumi.Int(300),\n\t\t\t\t\t\t\tVolumeType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\t\"Name\": pulumi.String(\"spot-fleet-example\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using launch templates\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooLaunchTemplate = new aws.ec2.LaunchTemplate(\"fooLaunchTemplate\", {\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: fooLaunchTemplate.id,\n version: fooLaunchTemplate.latestVersion,\n },\n }],\n}, {\n dependsOn: [aws_iam_policy_attachment[\"test-attach\"]],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_launch_template = aws.ec2.LaunchTemplate(\"fooLaunchTemplate\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo_launch_template.id,\n version=foo_launch_template.latest_version,\n ),\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_policy_attachment[\"test-attach\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"fooLaunchTemplate\", new Aws.Ec2.LaunchTemplateArgs\n {\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"fooSpotFleetRequest\", new Aws.Ec2.SpotFleetRequestArgs\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = \n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = fooLaunchTemplate.Id,\n Version = fooLaunchTemplate.LatestVersion,\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_iam_policy_attachment.Test_attach,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"fooLaunchTemplate\", &ec2.LaunchTemplateArgs{\n\t\t\tImageId: pulumi.String(\"ami-516b9131\"),\n\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\tKeyName: pulumi.String(\"some-key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSpotFleetRequest(ctx, \"fooSpotFleetRequest\", &ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\t\t\t\t&ec2.SpotFleetRequestLaunchTemplateConfigArgs{\n\t\t\t\t\tLaunchTemplateSpecification: &ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tId: fooLaunchTemplate.ID(),\n\t\t\t\t\t\tVersion: fooLaunchTemplate.LatestVersion,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_policy_attachment.Test - attach,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n> **NOTE:** This provider does not support the functionality where multiple `subnet_id` or `availability_zone` parameters can be specified in the same\nlaunch configuration block. If you want to specify multiple values, then separate launch configuration blocks should be used:\n{{% /example %}}\n{{% example %}}\n### Using multiple launch specifications\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.SpotFleetRequest(\"foo\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n launchSpecifications: [\n {\n ami: \"ami-d06a90b0\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"m1.small\",\n keyName: \"my-key\",\n },\n {\n ami: \"ami-d06a90b0\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"m5.large\",\n keyName: \"my-key\",\n },\n ],\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.SpotFleetRequest(\"foo\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n launch_specifications=[\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-d06a90b0\",\n availability_zone=\"us-west-2a\",\n instance_type=\"m1.small\",\n key_name=\"my-key\",\n ),\n aws.ec2.SpotFleetRequestLaunchSpecificationArgs(\n ami=\"ami-d06a90b0\",\n availability_zone=\"us-west-2a\",\n instance_type=\"m5.large\",\n key_name=\"my-key\",\n ),\n ],\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ec2.SpotFleetRequest(\"foo\", new Aws.Ec2.SpotFleetRequestArgs\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n LaunchSpecifications = \n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-d06a90b0\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"m1.small\",\n KeyName = \"my-key\",\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchSpecificationArgs\n {\n Ami = \"ami-d06a90b0\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"m5.large\",\n KeyName = \"my-key\",\n },\n },\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotFleetRequest(ctx, \"foo\", &ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tLaunchSpecifications: ec2.SpotFleetRequestLaunchSpecificationArray{\n\t\t\t\t&ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t},\n\t\t\t\t&ec2.SpotFleetRequestLaunchSpecificationArgs{\n\t\t\t\t\tAmi: pulumi.String(\"ami-d06a90b0\"),\n\t\t\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\t\t\tInstanceType: pulumi.String(\"m5.large\"),\n\t\t\t\t\tKeyName: pulumi.String(\"my-key\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### Using multiple launch configurations\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getSubnetIds({\n vpcId: _var.vpc_id,\n});\nconst fooLaunchTemplate = new aws.ec2.LaunchTemplate(\"fooLaunchTemplate\", {\n imageId: \"ami-516b9131\",\n instanceType: \"m1.small\",\n keyName: \"some-key\",\n});\nconst fooSpotFleetRequest = new aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\", {\n iamFleetRole: \"arn:aws:iam::12345678:role/spot-fleet\",\n spotPrice: \"0.005\",\n targetCapacity: 2,\n validUntil: \"2019-11-04T20:44:20Z\",\n launchTemplateConfigs: [{\n launchTemplateSpecification: {\n id: fooLaunchTemplate.id,\n version: fooLaunchTemplate.latestVersion,\n },\n overrides: [\n {\n subnetId: data.aws_subnets.example.ids[0],\n },\n {\n subnetId: data.aws_subnets.example.ids[1],\n },\n {\n subnetId: data.aws_subnets.example.ids[2],\n },\n ],\n }],\n}, {\n dependsOn: [aws_iam_policy_attachment[\"test-attach\"]],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_subnet_ids(vpc_id=var[\"vpc_id\"])\nfoo_launch_template = aws.ec2.LaunchTemplate(\"fooLaunchTemplate\",\n image_id=\"ami-516b9131\",\n instance_type=\"m1.small\",\n key_name=\"some-key\")\nfoo_spot_fleet_request = aws.ec2.SpotFleetRequest(\"fooSpotFleetRequest\",\n iam_fleet_role=\"arn:aws:iam::12345678:role/spot-fleet\",\n spot_price=\"0.005\",\n target_capacity=2,\n valid_until=\"2019-11-04T20:44:20Z\",\n launch_template_configs=[aws.ec2.SpotFleetRequestLaunchTemplateConfigArgs(\n launch_template_specification=aws.ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs(\n id=foo_launch_template.id,\n version=foo_launch_template.latest_version,\n ),\n overrides=[\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=data[\"aws_subnets\"][\"example\"][\"ids\"],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=data[\"aws_subnets\"][\"example\"][\"ids\"],\n ),\n aws.ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs(\n subnet_id=data[\"aws_subnets\"][\"example\"][\"ids\"],\n ),\n ],\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_policy_attachment[\"test-attach\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetSubnetIds.InvokeAsync(new Aws.Ec2.GetSubnetIdsArgs\n {\n VpcId = @var.Vpc_id,\n }));\n var fooLaunchTemplate = new Aws.Ec2.LaunchTemplate(\"fooLaunchTemplate\", new Aws.Ec2.LaunchTemplateArgs\n {\n ImageId = \"ami-516b9131\",\n InstanceType = \"m1.small\",\n KeyName = \"some-key\",\n });\n var fooSpotFleetRequest = new Aws.Ec2.SpotFleetRequest(\"fooSpotFleetRequest\", new Aws.Ec2.SpotFleetRequestArgs\n {\n IamFleetRole = \"arn:aws:iam::12345678:role/spot-fleet\",\n SpotPrice = \"0.005\",\n TargetCapacity = 2,\n ValidUntil = \"2019-11-04T20:44:20Z\",\n LaunchTemplateConfigs = \n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigArgs\n {\n LaunchTemplateSpecification = new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs\n {\n Id = fooLaunchTemplate.Id,\n Version = fooLaunchTemplate.LatestVersion,\n },\n Overrides = \n {\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = data.Aws_subnets.Example.Ids[0],\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = data.Aws_subnets.Example.Ids[1],\n },\n new Aws.Ec2.Inputs.SpotFleetRequestLaunchTemplateConfigOverrideArgs\n {\n SubnetId = data.Aws_subnets.Example.Ids[2],\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_iam_policy_attachment.Test_attach,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetSubnetIds(ctx, &ec2.GetSubnetIdsArgs{\n\t\t\tVpcId: _var.Vpc_id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooLaunchTemplate, err := ec2.NewLaunchTemplate(ctx, \"fooLaunchTemplate\", &ec2.LaunchTemplateArgs{\n\t\t\tImageId: pulumi.String(\"ami-516b9131\"),\n\t\t\tInstanceType: pulumi.String(\"m1.small\"),\n\t\t\tKeyName: pulumi.String(\"some-key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSpotFleetRequest(ctx, \"fooSpotFleetRequest\", &ec2.SpotFleetRequestArgs{\n\t\t\tIamFleetRole: pulumi.String(\"arn:aws:iam::12345678:role/spot-fleet\"),\n\t\t\tSpotPrice: pulumi.String(\"0.005\"),\n\t\t\tTargetCapacity: pulumi.Int(2),\n\t\t\tValidUntil: pulumi.String(\"2019-11-04T20:44:20Z\"),\n\t\t\tLaunchTemplateConfigs: ec2.SpotFleetRequestLaunchTemplateConfigArray{\n\t\t\t\t&ec2.SpotFleetRequestLaunchTemplateConfigArgs{\n\t\t\t\t\tLaunchTemplateSpecification: &ec2.SpotFleetRequestLaunchTemplateConfigLaunchTemplateSpecificationArgs{\n\t\t\t\t\t\tId: fooLaunchTemplate.ID(),\n\t\t\t\t\t\tVersion: fooLaunchTemplate.LatestVersion,\n\t\t\t\t\t},\n\t\t\t\t\tOverrides: ec2.SpotFleetRequestLaunchTemplateConfigOverrideArray{\n\t\t\t\t\t\t&ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\n\t\t\t\t\t\t\tSubnetId: pulumi.Any(data.Aws_subnets.Example.Ids[0]),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\n\t\t\t\t\t\t\tSubnetId: pulumi.Any(data.Aws_subnets.Example.Ids[1]),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&ec2.SpotFleetRequestLaunchTemplateConfigOverrideArgs{\n\t\t\t\t\t\t\tSubnetId: pulumi.Any(data.Aws_subnets.Example.Ids[2]),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_policy_attachment.Test - attach,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSpot Fleet Requests can be imported using `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/spotFleetRequest:SpotFleetRequest fleet sfr-005e9ec8-5546-4c31-b317-31a62325411e\n```\n\n ", + "properties": { + "allocationStrategy": { + "type": "string", + "description": "Indicates how to allocate the target capacity across\nthe Spot pools specified by the Spot fleet request. The default is\n`lowestPrice`.\n" + }, + "clientToken": { + "type": "string" + }, + "excessCapacityTerminationPolicy": { + "type": "string", + "description": "Indicates whether running Spot\ninstances should be terminated if the target capacity of the Spot fleet\nrequest is decreased below the current size of the Spot fleet.\n" + }, + "fleetType": { + "type": "string", + "description": "The type of fleet request. Indicates whether the Spot Fleet only requests the target\ncapacity or also attempts to maintain it. Default is `maintain`.\n" + }, + "iamFleetRole": { + "type": "string", + "description": "Grants the Spot fleet permission to terminate\nSpot instances on your behalf when you cancel its Spot fleet request using\nCancelSpotFleetRequests or when the Spot fleet request expires, if you set\nterminateInstancesWithExpiration.\n" + }, + "instanceInterruptionBehaviour": { + "type": "string", + "description": "Indicates whether a Spot\ninstance stops or terminates when it is interrupted. Default is\n`terminate`.\n" + }, + "instancePoolsToUseCount": { + "type": "integer", + "description": "The number of Spot pools across which to allocate your target Spot capacity.\nValid only when `allocation_strategy` is set to `lowestPrice`. Spot Fleet selects\nthe cheapest Spot pools and evenly allocates your target Spot capacity across\nthe number of Spot pools that you specify.\n" + }, + "launchSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchSpecification:SpotFleetRequestLaunchSpecification" + }, + "description": "Used to define the launch configuration of the\nspot-fleet request. Can be specified multiple times to define different bids\nacross different markets and instance types. Conflicts with `launch_template_config`. At least one of `launch_specification` or `launch_template_config` is required.\n" + }, + "launchTemplateConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchTemplateConfig:SpotFleetRequestLaunchTemplateConfig" + }, + "description": "Launch template configuration block. See Launch Template Configs below for more details. Conflicts with `launch_specification`. At least one of `launch_specification` or `launch_template_config` is required.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of elastic load balancer names to add to the Spot fleet.\n" + }, + "onDemandAllocationStrategy": { + "type": "string", + "description": "The order of the launch template overrides to use in fulfilling On-Demand capacity. the possible values are: `lowestPrice` and `prioritized`. the default is `lowestPrice`.\n" + }, + "onDemandMaxTotalPrice": { + "type": "string", + "description": "The maximum amount per hour for On-Demand Instances that you're willing to pay. When the maximum amount you're willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.\n" + }, + "onDemandTargetCapacity": { + "type": "integer", + "description": "The number of On-Demand units to request. If the request type is `maintain`, you can specify a target capacity of 0 and add capacity later.\n" + }, + "replaceUnhealthyInstances": { + "type": "boolean", + "description": "Indicates whether Spot fleet should replace unhealthy instances. Default `false`.\n" + }, + "spotMaintenanceStrategies": { + "$ref": "#/types/aws:ec2/SpotFleetRequestSpotMaintenanceStrategies:SpotFleetRequestSpotMaintenanceStrategies", + "description": "Nested argument containing maintenance strategies for managing your Spot Instances that are at an elevated risk of being interrupted. Defined below.\n" + }, + "spotPrice": { + "type": "string", + "description": "The maximum spot bid for this override request.\n" + }, + "spotRequestState": { + "type": "string", + "description": "The state of the Spot fleet request.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetCapacity": { + "type": "integer", + "description": "The number of units to request. You can choose to set the\ntarget capacity in terms of instances or a performance characteristic that is\nimportant to your application workload, such as vCPUs, memory, or I/O.\n" + }, + "targetGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of `aws.alb.TargetGroup` ARNs, for use with Application Load Balancing.\n" + }, + "terminateInstancesWithExpiration": { + "type": "boolean", + "description": "Indicates whether running Spot\ninstances should be terminated when the Spot fleet request expires.\n" + }, + "validFrom": { + "type": "string", + "description": "The start date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.\n" + }, + "validUntil": { + "type": "string", + "description": "The end date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request.\n" + }, + "waitForFulfillment": { + "type": "boolean", + "description": "If set, this provider will\nwait for the Spot Request to be fulfilled, and will throw an error if the\ntimeout of 10m is reached.\n" + } + }, + "required": [ + "clientToken", + "iamFleetRole", + "loadBalancers", + "spotRequestState", + "tagsAll", + "targetCapacity", + "targetGroupArns" + ], + "inputProperties": { + "allocationStrategy": { + "type": "string", + "description": "Indicates how to allocate the target capacity across\nthe Spot pools specified by the Spot fleet request. The default is\n`lowestPrice`.\n" + }, + "excessCapacityTerminationPolicy": { + "type": "string", + "description": "Indicates whether running Spot\ninstances should be terminated if the target capacity of the Spot fleet\nrequest is decreased below the current size of the Spot fleet.\n" + }, + "fleetType": { + "type": "string", + "description": "The type of fleet request. Indicates whether the Spot Fleet only requests the target\ncapacity or also attempts to maintain it. Default is `maintain`.\n" + }, + "iamFleetRole": { + "type": "string", + "description": "Grants the Spot fleet permission to terminate\nSpot instances on your behalf when you cancel its Spot fleet request using\nCancelSpotFleetRequests or when the Spot fleet request expires, if you set\nterminateInstancesWithExpiration.\n" + }, + "instanceInterruptionBehaviour": { + "type": "string", + "description": "Indicates whether a Spot\ninstance stops or terminates when it is interrupted. Default is\n`terminate`.\n" + }, + "instancePoolsToUseCount": { + "type": "integer", + "description": "The number of Spot pools across which to allocate your target Spot capacity.\nValid only when `allocation_strategy` is set to `lowestPrice`. Spot Fleet selects\nthe cheapest Spot pools and evenly allocates your target Spot capacity across\nthe number of Spot pools that you specify.\n" + }, + "launchSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchSpecification:SpotFleetRequestLaunchSpecification" + }, + "description": "Used to define the launch configuration of the\nspot-fleet request. Can be specified multiple times to define different bids\nacross different markets and instance types. Conflicts with `launch_template_config`. At least one of `launch_specification` or `launch_template_config` is required.\n" + }, + "launchTemplateConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchTemplateConfig:SpotFleetRequestLaunchTemplateConfig" + }, + "description": "Launch template configuration block. See Launch Template Configs below for more details. Conflicts with `launch_specification`. At least one of `launch_specification` or `launch_template_config` is required.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of elastic load balancer names to add to the Spot fleet.\n" + }, + "onDemandAllocationStrategy": { + "type": "string", + "description": "The order of the launch template overrides to use in fulfilling On-Demand capacity. the possible values are: `lowestPrice` and `prioritized`. the default is `lowestPrice`.\n" + }, + "onDemandMaxTotalPrice": { + "type": "string", + "description": "The maximum amount per hour for On-Demand Instances that you're willing to pay. When the maximum amount you're willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.\n" + }, + "onDemandTargetCapacity": { + "type": "integer", + "description": "The number of On-Demand units to request. If the request type is `maintain`, you can specify a target capacity of 0 and add capacity later.\n" + }, + "replaceUnhealthyInstances": { + "type": "boolean", + "description": "Indicates whether Spot fleet should replace unhealthy instances. Default `false`.\n" + }, + "spotMaintenanceStrategies": { + "$ref": "#/types/aws:ec2/SpotFleetRequestSpotMaintenanceStrategies:SpotFleetRequestSpotMaintenanceStrategies", + "description": "Nested argument containing maintenance strategies for managing your Spot Instances that are at an elevated risk of being interrupted. Defined below.\n" + }, + "spotPrice": { + "type": "string", + "description": "The maximum spot bid for this override request.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetCapacity": { + "type": "integer", + "description": "The number of units to request. You can choose to set the\ntarget capacity in terms of instances or a performance characteristic that is\nimportant to your application workload, such as vCPUs, memory, or I/O.\n" + }, + "targetGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of `aws.alb.TargetGroup` ARNs, for use with Application Load Balancing.\n" + }, + "terminateInstancesWithExpiration": { + "type": "boolean", + "description": "Indicates whether running Spot\ninstances should be terminated when the Spot fleet request expires.\n" + }, + "validFrom": { + "type": "string", + "description": "The start date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.\n" + }, + "validUntil": { + "type": "string", + "description": "The end date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request.\n" + }, + "waitForFulfillment": { + "type": "boolean", + "description": "If set, this provider will\nwait for the Spot Request to be fulfilled, and will throw an error if the\ntimeout of 10m is reached.\n" + } + }, + "requiredInputs": [ + "iamFleetRole", + "targetCapacity" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SpotFleetRequest resources.\n", + "properties": { + "allocationStrategy": { + "type": "string", + "description": "Indicates how to allocate the target capacity across\nthe Spot pools specified by the Spot fleet request. The default is\n`lowestPrice`.\n" + }, + "clientToken": { + "type": "string" + }, + "excessCapacityTerminationPolicy": { + "type": "string", + "description": "Indicates whether running Spot\ninstances should be terminated if the target capacity of the Spot fleet\nrequest is decreased below the current size of the Spot fleet.\n" + }, + "fleetType": { + "type": "string", + "description": "The type of fleet request. Indicates whether the Spot Fleet only requests the target\ncapacity or also attempts to maintain it. Default is `maintain`.\n" + }, + "iamFleetRole": { + "type": "string", + "description": "Grants the Spot fleet permission to terminate\nSpot instances on your behalf when you cancel its Spot fleet request using\nCancelSpotFleetRequests or when the Spot fleet request expires, if you set\nterminateInstancesWithExpiration.\n" + }, + "instanceInterruptionBehaviour": { + "type": "string", + "description": "Indicates whether a Spot\ninstance stops or terminates when it is interrupted. Default is\n`terminate`.\n" + }, + "instancePoolsToUseCount": { + "type": "integer", + "description": "The number of Spot pools across which to allocate your target Spot capacity.\nValid only when `allocation_strategy` is set to `lowestPrice`. Spot Fleet selects\nthe cheapest Spot pools and evenly allocates your target Spot capacity across\nthe number of Spot pools that you specify.\n" + }, + "launchSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchSpecification:SpotFleetRequestLaunchSpecification" + }, + "description": "Used to define the launch configuration of the\nspot-fleet request. Can be specified multiple times to define different bids\nacross different markets and instance types. Conflicts with `launch_template_config`. At least one of `launch_specification` or `launch_template_config` is required.\n" + }, + "launchTemplateConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotFleetRequestLaunchTemplateConfig:SpotFleetRequestLaunchTemplateConfig" + }, + "description": "Launch template configuration block. See Launch Template Configs below for more details. Conflicts with `launch_specification`. At least one of `launch_specification` or `launch_template_config` is required.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of elastic load balancer names to add to the Spot fleet.\n" + }, + "onDemandAllocationStrategy": { + "type": "string", + "description": "The order of the launch template overrides to use in fulfilling On-Demand capacity. the possible values are: `lowestPrice` and `prioritized`. the default is `lowestPrice`.\n" + }, + "onDemandMaxTotalPrice": { + "type": "string", + "description": "The maximum amount per hour for On-Demand Instances that you're willing to pay. When the maximum amount you're willing to pay is reached, the fleet stops launching instances even if it hasn’t met the target capacity.\n" + }, + "onDemandTargetCapacity": { + "type": "integer", + "description": "The number of On-Demand units to request. If the request type is `maintain`, you can specify a target capacity of 0 and add capacity later.\n" + }, + "replaceUnhealthyInstances": { + "type": "boolean", + "description": "Indicates whether Spot fleet should replace unhealthy instances. Default `false`.\n" + }, + "spotMaintenanceStrategies": { + "$ref": "#/types/aws:ec2/SpotFleetRequestSpotMaintenanceStrategies:SpotFleetRequestSpotMaintenanceStrategies", + "description": "Nested argument containing maintenance strategies for managing your Spot Instances that are at an elevated risk of being interrupted. Defined below.\n" + }, + "spotPrice": { + "type": "string", + "description": "The maximum spot bid for this override request.\n" + }, + "spotRequestState": { + "type": "string", + "description": "The state of the Spot fleet request.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetCapacity": { + "type": "integer", + "description": "The number of units to request. You can choose to set the\ntarget capacity in terms of instances or a performance characteristic that is\nimportant to your application workload, such as vCPUs, memory, or I/O.\n" + }, + "targetGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of `aws.alb.TargetGroup` ARNs, for use with Application Load Balancing.\n" + }, + "terminateInstancesWithExpiration": { + "type": "boolean", + "description": "Indicates whether running Spot\ninstances should be terminated when the Spot fleet request expires.\n" + }, + "validFrom": { + "type": "string", + "description": "The start date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.\n" + }, + "validUntil": { + "type": "string", + "description": "The end date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request.\n" + }, + "waitForFulfillment": { + "type": "boolean", + "description": "If set, this provider will\nwait for the Spot Request to be fulfilled, and will throw an error if the\ntimeout of 10m is reached.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/spotInstanceRequest:SpotInstanceRequest": { + "description": "Provides an EC2 Spot Instance Request resource. This allows instances to be\nrequested on the spot market.\n\nBy default this provider creates Spot Instance Requests with a `persistent` type,\nwhich means that for the duration of their lifetime, AWS will launch an\ninstance with the configured details if and when the spot market will accept\nthe requested price.\n\nOn destruction, this provider will make an attempt to terminate the associated Spot\nInstance if there is one present.\n\nSpot Instances requests with a `one-time` type will close the spot request\nwhen the instance is terminated either by the request being below the current spot\nprice availability or by a user.\n\n> **NOTE:** Because their behavior depends on the live status of the spot\nmarket, Spot Instance Requests have a unique lifecycle that makes them behave\ndifferently than other resources. Most importantly: there is __no\nguarantee__ that a Spot Instance exists to fulfill the request at any given\npoint in time. See the [AWS Spot Instance\ndocumentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-spot-instances.html)\nfor more information.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Request a spot instance at $0.03\nconst cheapWorker = new aws.ec2.SpotInstanceRequest(\"cheap_worker\", {\n ami: \"ami-1234\",\n instanceType: \"c4.xlarge\",\n spotPrice: \"0.03\",\n tags: {\n Name: \"CheapWorker\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Request a spot instance at $0.03\ncheap_worker = aws.ec2.SpotInstanceRequest(\"cheapWorker\",\n ami=\"ami-1234\",\n instance_type=\"c4.xlarge\",\n spot_price=\"0.03\",\n tags={\n \"Name\": \"CheapWorker\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Request a spot instance at $0.03\n var cheapWorker = new Aws.Ec2.SpotInstanceRequest(\"cheapWorker\", new Aws.Ec2.SpotInstanceRequestArgs\n {\n Ami = \"ami-1234\",\n InstanceType = \"c4.xlarge\",\n SpotPrice = \"0.03\",\n Tags = \n {\n { \"Name\", \"CheapWorker\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSpotInstanceRequest(ctx, \"cheapWorker\", &ec2.SpotInstanceRequestArgs{\n\t\t\tAmi: pulumi.String(\"ami-1234\"),\n\t\t\tInstanceType: pulumi.String(\"c4.xlarge\"),\n\t\t\tSpotPrice: pulumi.String(\"0.03\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"CheapWorker\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "ami": { + "type": "string", + "description": "AMI to use for the instance. Required unless `launch_template` is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting `ami` will override the AMI specified in the Launch Template.\n" + }, + "arn": { + "type": "string" + }, + "associatePublicIpAddress": { + "type": "boolean", + "description": "Whether to associate a public IP address with an instance in a VPC.\n" + }, + "availabilityZone": { + "type": "string", + "description": "AZ to start the instance in.\n" + }, + "blockDurationMinutes": { + "type": "integer", + "description": "The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360).\nThe duration period starts as soon as your Spot instance receives its instance ID. At the end of the duration period, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates.\nNote that you can't specify an Availability Zone group or a launch group if you specify a duration.\n" + }, + "capacityReservationSpecification": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestCapacityReservationSpecification:SpotInstanceRequestCapacityReservationSpecification", + "description": "Describes an instance's Capacity Reservation targeting option. See Capacity Reservation Specification below for more details.\n" + }, + "cpuCoreCount": { + "type": "integer", + "description": "Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options [CPU Cores and Threads Per CPU Core Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values) - specifying this option for unsupported instance types will return an error from the EC2 API.\n" + }, + "cpuThreadsPerCore": { + "type": "integer", + "description": "If set to to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) for more information.\n" + }, + "creditSpecification": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestCreditSpecification:SpotInstanceRequestCreditSpecification", + "description": "Configuration block for customizing the credit specification of the instance. See Credit Specification below for more details. the provider will only perform drift detection of its value when present in a configuration. Removing this configuration on existing instances will only stop managing it. It will not change the configuration back to the default for the instance type.\n" + }, + "disableApiTermination": { + "type": "boolean", + "description": "If true, enables [EC2 Instance Termination Protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination).\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestEbsBlockDevice:SpotInstanceRequestEbsBlockDevice" + }, + "description": "One or more configuration blocks with additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the [EBS Optimized section](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html) of the AWS User Guide for more information.\n" + }, + "enclaveOptions": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestEnclaveOptions:SpotInstanceRequestEnclaveOptions", + "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestEphemeralBlockDevice:SpotInstanceRequestEphemeralBlockDevice" + }, + "description": "One or more configuration blocks to customize Ephemeral (also known as \"Instance Store\") volumes on the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "getPasswordData": { + "type": "boolean", + "description": "If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the `password_data` attribute. See [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) for more information.\n" + }, + "hibernation": { + "type": "boolean", + "description": "If true, the launched EC2 instance will support hibernation.\n" + }, + "hostId": { + "type": "string", + "description": "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.\n" + }, + "iamInstanceProfile": { + "type": "string", + "description": "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the [EC2 documentation](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html#roles-usingrole-ec2instance-permissions), notably `iam:PassRole`.\n" + }, + "instanceInitiatedShutdownBehavior": { + "type": "string", + "description": "Shutdown behavior for the instance. Amazon defaults this to `stop` for EBS-backed instances and `terminate` for instance-store instances. Cannot be set on instance-store instances. See [Shutdown Behavior](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior) for more information.\n" + }, + "instanceInterruptionBehavior": { + "type": "string", + "description": "Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate`. Default value is `terminate`.\n" + }, + "instanceInterruptionBehaviour": { + "type": "string", + "description": "Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate`. Default value is `terminate`. Use the argument `instance_interruption_behavior` instead.\n", + "deprecationMessage": "Use the parameter \"instance_interruption_behavior\" instead." + }, + "instanceState": { + "type": "string" + }, + "instanceType": { + "type": "string", + "description": "The instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance.\n" + }, + "ipv6AddressCount": { + "type": "integer", + "description": "A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.\n" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface\n" + }, + "keyName": { + "type": "string", + "description": "Key name of the Key Pair to use for the instance; which can be managed using the `aws.ec2.KeyPair` resource.\n" + }, + "launchGroup": { + "type": "string", + "description": "A launch group is a group of spot instances that launch together and terminate together.\nIf left empty instances are launched and terminated individually.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestLaunchTemplate:SpotInstanceRequestLaunchTemplate", + "description": "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template.\nSee Launch Template Specification below for more details.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestMetadataOptions:SpotInstanceRequestMetadataOptions", + "description": "Customize the metadata options of the instance. See Metadata Options below for more details.\n" + }, + "monitoring": { + "type": "boolean", + "description": "If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestNetworkInterface:SpotInstanceRequestNetworkInterface" + }, + "description": "Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.\n" + }, + "outpostArn": { + "type": "string" + }, + "passwordData": { + "type": "string" + }, + "placementGroup": { + "type": "string", + "description": "Placement Group to start the instance in.\n" + }, + "primaryNetworkInterfaceId": { + "type": "string" + }, + "privateDns": { + "type": "string", + "description": "The private DNS name assigned to the instance. Can only be\nused inside the Amazon EC2, and only available if you've enabled DNS hostnames\nfor your VPC\n" + }, + "privateIp": { + "type": "string", + "description": "Private IP address to associate with the instance in a VPC.\n" + }, + "publicDns": { + "type": "string", + "description": "The public DNS name assigned to the instance. For EC2-VPC, this\nis only available if you've enabled DNS hostnames for your VPC\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP address assigned to the instance, if applicable.\n" + }, + "rootBlockDevice": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestRootBlockDevice:SpotInstanceRequestRootBlockDevice", + "description": "Configuration block to customize details about the root block device of the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a list containing one object.\n" + }, + "secondaryPrivateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface` block. Refer to the [Elastic network interfaces documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI) to see the maximum number of private IP addresses allowed per instance type.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.\n" + }, + "sourceDestCheck": { + "type": "boolean", + "description": "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.\n" + }, + "spotBidStatus": { + "type": "string", + "description": "The current [bid\nstatus](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-bid-status.html)\nof the Spot Instance Request.\n* `spot_request_state` The current [request\nstate](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html#creating-spot-request-status)\nof the Spot Instance Request.\n" + }, + "spotInstanceId": { + "type": "string", + "description": "The Instance ID (if any) that is currently fulfilling\nthe Spot Instance request.\n" + }, + "spotPrice": { + "type": "string", + "description": "The maximum price to request on the spot market.\n" + }, + "spotRequestState": { + "type": "string" + }, + "spotType": { + "type": "string", + "description": "If set to `one-time`, after\nthe instance is terminated, the spot request will be closed.\n" + }, + "subnetId": { + "type": "string", + "description": "VPC Subnet ID to launch in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. Note that these tags apply to the instance and not block storage devices. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "tenancy": { + "type": "string", + "description": "Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command.\n" + }, + "userData": { + "type": "string", + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead.\n" + }, + "userDataBase64": { + "type": "string", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.\n" + }, + "validFrom": { + "type": "string", + "description": "The start date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.\n" + }, + "validUntil": { + "type": "string", + "description": "The end date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request. The default end date is 7 days from the current date.\n" + }, + "volumeTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign, at instance-creation time, to root and EBS volumes.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with.\n" + }, + "waitForFulfillment": { + "type": "boolean", + "description": "If set, this provider will\nwait for the Spot Request to be fulfilled, and will throw an error if the\ntimeout of 10m is reached.\n" + } + }, + "required": [ + "ami", + "arn", + "associatePublicIpAddress", + "availabilityZone", + "capacityReservationSpecification", + "cpuCoreCount", + "cpuThreadsPerCore", + "disableApiTermination", + "ebsBlockDevices", + "ebsOptimized", + "enclaveOptions", + "ephemeralBlockDevices", + "hostId", + "instanceInitiatedShutdownBehavior", + "instanceInterruptionBehavior", + "instanceInterruptionBehaviour", + "instanceState", + "instanceType", + "ipv6AddressCount", + "ipv6Addresses", + "keyName", + "metadataOptions", + "monitoring", + "networkInterfaces", + "outpostArn", + "passwordData", + "placementGroup", + "primaryNetworkInterfaceId", + "privateDns", + "privateIp", + "publicDns", + "publicIp", + "rootBlockDevice", + "secondaryPrivateIps", + "securityGroups", + "spotBidStatus", + "spotInstanceId", + "spotPrice", + "spotRequestState", + "subnetId", + "tagsAll", + "tenancy", + "userData", + "userDataBase64", + "validFrom", + "validUntil", + "vpcSecurityGroupIds" + ], + "inputProperties": { + "ami": { + "type": "string", + "description": "AMI to use for the instance. Required unless `launch_template` is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting `ami` will override the AMI specified in the Launch Template.\n" + }, + "associatePublicIpAddress": { + "type": "boolean", + "description": "Whether to associate a public IP address with an instance in a VPC.\n" + }, + "availabilityZone": { + "type": "string", + "description": "AZ to start the instance in.\n" + }, + "blockDurationMinutes": { + "type": "integer", + "description": "The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360).\nThe duration period starts as soon as your Spot instance receives its instance ID. At the end of the duration period, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates.\nNote that you can't specify an Availability Zone group or a launch group if you specify a duration.\n" + }, + "capacityReservationSpecification": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestCapacityReservationSpecification:SpotInstanceRequestCapacityReservationSpecification", + "description": "Describes an instance's Capacity Reservation targeting option. See Capacity Reservation Specification below for more details.\n" + }, + "cpuCoreCount": { + "type": "integer", + "description": "Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options [CPU Cores and Threads Per CPU Core Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values) - specifying this option for unsupported instance types will return an error from the EC2 API.\n" + }, + "cpuThreadsPerCore": { + "type": "integer", + "description": "If set to to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) for more information.\n" + }, + "creditSpecification": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestCreditSpecification:SpotInstanceRequestCreditSpecification", + "description": "Configuration block for customizing the credit specification of the instance. See Credit Specification below for more details. the provider will only perform drift detection of its value when present in a configuration. Removing this configuration on existing instances will only stop managing it. It will not change the configuration back to the default for the instance type.\n" + }, + "disableApiTermination": { + "type": "boolean", + "description": "If true, enables [EC2 Instance Termination Protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination).\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestEbsBlockDevice:SpotInstanceRequestEbsBlockDevice" + }, + "description": "One or more configuration blocks with additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the [EBS Optimized section](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html) of the AWS User Guide for more information.\n" + }, + "enclaveOptions": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestEnclaveOptions:SpotInstanceRequestEnclaveOptions", + "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestEphemeralBlockDevice:SpotInstanceRequestEphemeralBlockDevice" + }, + "description": "One or more configuration blocks to customize Ephemeral (also known as \"Instance Store\") volumes on the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "getPasswordData": { + "type": "boolean", + "description": "If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the `password_data` attribute. See [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) for more information.\n" + }, + "hibernation": { + "type": "boolean", + "description": "If true, the launched EC2 instance will support hibernation.\n" + }, + "hostId": { + "type": "string", + "description": "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.\n" + }, + "iamInstanceProfile": { + "type": "string", + "description": "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the [EC2 documentation](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html#roles-usingrole-ec2instance-permissions), notably `iam:PassRole`.\n" + }, + "instanceInitiatedShutdownBehavior": { + "type": "string", + "description": "Shutdown behavior for the instance. Amazon defaults this to `stop` for EBS-backed instances and `terminate` for instance-store instances. Cannot be set on instance-store instances. See [Shutdown Behavior](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior) for more information.\n" + }, + "instanceInterruptionBehavior": { + "type": "string", + "description": "Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate`. Default value is `terminate`.\n" + }, + "instanceInterruptionBehaviour": { + "type": "string", + "description": "Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate`. Default value is `terminate`. Use the argument `instance_interruption_behavior` instead.\n", + "deprecationMessage": "Use the parameter \"instance_interruption_behavior\" instead." + }, + "instanceType": { + "type": "string", + "description": "The instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance.\n" + }, + "ipv6AddressCount": { + "type": "integer", + "description": "A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.\n" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface\n" + }, + "keyName": { + "type": "string", + "description": "Key name of the Key Pair to use for the instance; which can be managed using the `aws.ec2.KeyPair` resource.\n" + }, + "launchGroup": { + "type": "string", + "description": "A launch group is a group of spot instances that launch together and terminate together.\nIf left empty instances are launched and terminated individually.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestLaunchTemplate:SpotInstanceRequestLaunchTemplate", + "description": "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template.\nSee Launch Template Specification below for more details.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestMetadataOptions:SpotInstanceRequestMetadataOptions", + "description": "Customize the metadata options of the instance. See Metadata Options below for more details.\n" + }, + "monitoring": { + "type": "boolean", + "description": "If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestNetworkInterface:SpotInstanceRequestNetworkInterface" + }, + "description": "Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.\n" + }, + "placementGroup": { + "type": "string", + "description": "Placement Group to start the instance in.\n" + }, + "privateIp": { + "type": "string", + "description": "Private IP address to associate with the instance in a VPC.\n" + }, + "rootBlockDevice": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestRootBlockDevice:SpotInstanceRequestRootBlockDevice", + "description": "Configuration block to customize details about the root block device of the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a list containing one object.\n" + }, + "secondaryPrivateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface` block. Refer to the [Elastic network interfaces documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI) to see the maximum number of private IP addresses allowed per instance type.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.\n" + }, + "sourceDestCheck": { + "type": "boolean", + "description": "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.\n" + }, + "spotPrice": { + "type": "string", + "description": "The maximum price to request on the spot market.\n" + }, + "spotType": { + "type": "string", + "description": "If set to `one-time`, after\nthe instance is terminated, the spot request will be closed.\n" + }, + "subnetId": { + "type": "string", + "description": "VPC Subnet ID to launch in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. Note that these tags apply to the instance and not block storage devices. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "tenancy": { + "type": "string", + "description": "Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command.\n" + }, + "userData": { + "type": "string", + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead.\n" + }, + "userDataBase64": { + "type": "string", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.\n" + }, + "validFrom": { + "type": "string", + "description": "The start date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.\n" + }, + "validUntil": { + "type": "string", + "description": "The end date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request. The default end date is 7 days from the current date.\n" + }, + "volumeTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign, at instance-creation time, to root and EBS volumes.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with.\n" + }, + "waitForFulfillment": { + "type": "boolean", + "description": "If set, this provider will\nwait for the Spot Request to be fulfilled, and will throw an error if the\ntimeout of 10m is reached.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SpotInstanceRequest resources.\n", + "properties": { + "ami": { + "type": "string", + "description": "AMI to use for the instance. Required unless `launch_template` is specified and the Launch Template specifes an AMI. If an AMI is specified in the Launch Template, setting `ami` will override the AMI specified in the Launch Template.\n" + }, + "arn": { + "type": "string" + }, + "associatePublicIpAddress": { + "type": "boolean", + "description": "Whether to associate a public IP address with an instance in a VPC.\n" + }, + "availabilityZone": { + "type": "string", + "description": "AZ to start the instance in.\n" + }, + "blockDurationMinutes": { + "type": "integer", + "description": "The required duration for the Spot instances, in minutes. This value must be a multiple of 60 (60, 120, 180, 240, 300, or 360).\nThe duration period starts as soon as your Spot instance receives its instance ID. At the end of the duration period, Amazon EC2 marks the Spot instance for termination and provides a Spot instance termination notice, which gives the instance a two-minute warning before it terminates.\nNote that you can't specify an Availability Zone group or a launch group if you specify a duration.\n" + }, + "capacityReservationSpecification": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestCapacityReservationSpecification:SpotInstanceRequestCapacityReservationSpecification", + "description": "Describes an instance's Capacity Reservation targeting option. See Capacity Reservation Specification below for more details.\n" + }, + "cpuCoreCount": { + "type": "integer", + "description": "Sets the number of CPU cores for an instance. This option is only supported on creation of instance type that support CPU Options [CPU Cores and Threads Per CPU Core Per Instance Type](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html#cpu-options-supported-instances-values) - specifying this option for unsupported instance types will return an error from the EC2 API.\n" + }, + "cpuThreadsPerCore": { + "type": "integer", + "description": "If set to to 1, hyperthreading is disabled on the launched instance. Defaults to 2 if not set. See [Optimizing CPU Options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-optimize-cpu.html) for more information.\n" + }, + "creditSpecification": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestCreditSpecification:SpotInstanceRequestCreditSpecification", + "description": "Configuration block for customizing the credit specification of the instance. See Credit Specification below for more details. the provider will only perform drift detection of its value when present in a configuration. Removing this configuration on existing instances will only stop managing it. It will not change the configuration back to the default for the instance type.\n" + }, + "disableApiTermination": { + "type": "boolean", + "description": "If true, enables [EC2 Instance Termination Protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination).\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestEbsBlockDevice:SpotInstanceRequestEbsBlockDevice" + }, + "description": "One or more configuration blocks with additional EBS block devices to attach to the instance. Block device configurations only apply on resource creation. See Block Devices below for details on attributes and drift detection. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized. Note that if this is not set on an instance type that is optimized by default then this will show as disabled but if the instance type is optimized by default then there is no need to set this and there is no effect to disabling it. See the [EBS Optimized section](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSOptimized.html) of the AWS User Guide for more information.\n" + }, + "enclaveOptions": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestEnclaveOptions:SpotInstanceRequestEnclaveOptions", + "description": "Enable Nitro Enclaves on launched instances. See Enclave Options below for more details.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestEphemeralBlockDevice:SpotInstanceRequestEphemeralBlockDevice" + }, + "description": "One or more configuration blocks to customize Ephemeral (also known as \"Instance Store\") volumes on the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a set of objects.\n" + }, + "getPasswordData": { + "type": "boolean", + "description": "If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the `password_data` attribute. See [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) for more information.\n" + }, + "hibernation": { + "type": "boolean", + "description": "If true, the launched EC2 instance will support hibernation.\n" + }, + "hostId": { + "type": "string", + "description": "ID of a dedicated host that the instance will be assigned to. Use when an instance is to be launched on a specific dedicated host.\n" + }, + "iamInstanceProfile": { + "type": "string", + "description": "IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile. Ensure your credentials have the correct permission to assign the instance profile according to the [EC2 documentation](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html#roles-usingrole-ec2instance-permissions), notably `iam:PassRole`.\n" + }, + "instanceInitiatedShutdownBehavior": { + "type": "string", + "description": "Shutdown behavior for the instance. Amazon defaults this to `stop` for EBS-backed instances and `terminate` for instance-store instances. Cannot be set on instance-store instances. See [Shutdown Behavior](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingInstanceInitiatedShutdownBehavior) for more information.\n" + }, + "instanceInterruptionBehavior": { + "type": "string", + "description": "Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate`. Default value is `terminate`.\n" + }, + "instanceInterruptionBehaviour": { + "type": "string", + "description": "Indicates Spot instance behavior when it is interrupted. Valid values are `terminate`, `stop`, or `hibernate`. Default value is `terminate`. Use the argument `instance_interruption_behavior` instead.\n", + "deprecationMessage": "Use the parameter \"instance_interruption_behavior\" instead." + }, + "instanceState": { + "type": "string" + }, + "instanceType": { + "type": "string", + "description": "The instance type to use for the instance. Updates to this field will trigger a stop/start of the EC2 instance.\n" + }, + "ipv6AddressCount": { + "type": "integer", + "description": "A number of IPv6 addresses to associate with the primary network interface. Amazon EC2 chooses the IPv6 addresses from the range of your subnet.\n" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specify one or more IPv6 addresses from the range of the subnet to associate with the primary network interface\n" + }, + "keyName": { + "type": "string", + "description": "Key name of the Key Pair to use for the instance; which can be managed using the `aws.ec2.KeyPair` resource.\n" + }, + "launchGroup": { + "type": "string", + "description": "A launch group is a group of spot instances that launch together and terminate together.\nIf left empty instances are launched and terminated individually.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestLaunchTemplate:SpotInstanceRequestLaunchTemplate", + "description": "Specifies a Launch Template to configure the instance. Parameters configured on this resource will override the corresponding parameters in the Launch Template.\nSee Launch Template Specification below for more details.\n" + }, + "metadataOptions": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestMetadataOptions:SpotInstanceRequestMetadataOptions", + "description": "Customize the metadata options of the instance. See Metadata Options below for more details.\n" + }, + "monitoring": { + "type": "boolean", + "description": "If true, the launched EC2 instance will have detailed monitoring enabled. (Available since v0.6.0)\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestNetworkInterface:SpotInstanceRequestNetworkInterface" + }, + "description": "Customize network interfaces to be attached at instance boot time. See Network Interfaces below for more details.\n" + }, + "outpostArn": { + "type": "string" + }, + "passwordData": { + "type": "string" + }, + "placementGroup": { + "type": "string", + "description": "Placement Group to start the instance in.\n" + }, + "primaryNetworkInterfaceId": { + "type": "string" + }, + "privateDns": { + "type": "string", + "description": "The private DNS name assigned to the instance. Can only be\nused inside the Amazon EC2, and only available if you've enabled DNS hostnames\nfor your VPC\n" + }, + "privateIp": { + "type": "string", + "description": "Private IP address to associate with the instance in a VPC.\n" + }, + "publicDns": { + "type": "string", + "description": "The public DNS name assigned to the instance. For EC2-VPC, this\nis only available if you've enabled DNS hostnames for your VPC\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP address assigned to the instance, if applicable.\n" + }, + "rootBlockDevice": { + "$ref": "#/types/aws:ec2/SpotInstanceRequestRootBlockDevice:SpotInstanceRequestRootBlockDevice", + "description": "Configuration block to customize details about the root block device of the instance. See Block Devices below for details. When accessing this as an attribute reference, it is a list containing one object.\n" + }, + "secondaryPrivateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of secondary private IPv4 addresses to assign to the instance's primary network interface (eth0) in a VPC. Can only be assigned to the primary network interface (eth0) attached at instance creation, not a pre-existing network interface i.e. referenced in a `network_interface` block. Refer to the [Elastic network interfaces documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI) to see the maximum number of private IP addresses allowed per instance type.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.\n" + }, + "sourceDestCheck": { + "type": "boolean", + "description": "Controls if traffic is routed to the instance when the destination address does not match the instance. Used for NAT or VPNs. Defaults true.\n" + }, + "spotBidStatus": { + "type": "string", + "description": "The current [bid\nstatus](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-bid-status.html)\nof the Spot Instance Request.\n* `spot_request_state` The current [request\nstate](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-requests.html#creating-spot-request-status)\nof the Spot Instance Request.\n" + }, + "spotInstanceId": { + "type": "string", + "description": "The Instance ID (if any) that is currently fulfilling\nthe Spot Instance request.\n" + }, + "spotPrice": { + "type": "string", + "description": "The maximum price to request on the spot market.\n" + }, + "spotRequestState": { + "type": "string" + }, + "spotType": { + "type": "string", + "description": "If set to `one-time`, after\nthe instance is terminated, the spot request will be closed.\n" + }, + "subnetId": { + "type": "string", + "description": "VPC Subnet ID to launch in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. Note that these tags apply to the instance and not block storage devices. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "tenancy": { + "type": "string", + "description": "Tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the import-instance command.\n" + }, + "userData": { + "type": "string", + "description": "User data to provide when launching the instance. Do not pass gzip-compressed data via this argument; see `user_data_base64` instead.\n" + }, + "userDataBase64": { + "type": "string", + "description": "Can be used instead of `user_data` to pass base64-encoded binary data directly. Use this instead of `user_data` whenever the value is not a valid UTF-8 string. For example, gzip-encoded user data must be base64-encoded and passed via this argument to avoid corruption.\n" + }, + "validFrom": { + "type": "string", + "description": "The start date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). The default is to start fulfilling the request immediately.\n" + }, + "validUntil": { + "type": "string", + "description": "The end date and time of the request, in UTC [RFC3339](https://tools.ietf.org/html/rfc3339#section-5.8) format(for example, YYYY-MM-DDTHH:MM:SSZ). At this point, no new Spot instance requests are placed or enabled to fulfill the request. The default end date is 7 days from the current date.\n" + }, + "volumeTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign, at instance-creation time, to root and EBS volumes.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with.\n" + }, + "waitForFulfillment": { + "type": "boolean", + "description": "If set, this provider will\nwait for the Spot Request to be fulfilled, and will throw an error if the\ntimeout of 10m is reached.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/subnet:Subnet": { + "description": "Provides an VPC subnet resource.\n\n> **NOTE:** Due to [AWS Lambda improved VPC networking changes that began deploying in September 2019](https://aws.amazon.com/blogs/compute/announcing-improved-vpc-networking-for-aws-lambda-functions/), subnets associated with Lambda Functions can take up to 45 minutes to successfully delete.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Subnet(\"main\", {\n vpcId: aws_vpc.main.id,\n cidrBlock: \"10.0.1.0/24\",\n tags: {\n Name: \"Main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Subnet(\"main\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n cidr_block=\"10.0.1.0/24\",\n tags={\n \"Name\": \"Main\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Subnet(\"main\", new Aws.Ec2.SubnetArgs\n {\n VpcId = aws_vpc.Main.Id,\n CidrBlock = \"10.0.1.0/24\",\n Tags = \n {\n { \"Name\", \"Main\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewSubnet(ctx, \"main\", &ec2.SubnetArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Subnets In Secondary VPC CIDR Blocks\n\nWhen managing subnets in one of a VPC's secondary CIDR blocks created using a `aws.ec2.VpcIpv4CidrBlockAssociation`\nresource, it is recommended to reference that resource's `vpc_id` attribute to ensure correct dependency ordering.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst secondaryCidr = new aws.ec2.VpcIpv4CidrBlockAssociation(\"secondaryCidr\", {\n vpcId: aws_vpc.main.id,\n cidrBlock: \"172.2.0.0/16\",\n});\nconst inSecondaryCidr = new aws.ec2.Subnet(\"inSecondaryCidr\", {\n vpcId: secondaryCidr.vpcId,\n cidrBlock: \"172.2.0.0/24\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsecondary_cidr = aws.ec2.VpcIpv4CidrBlockAssociation(\"secondaryCidr\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n cidr_block=\"172.2.0.0/16\")\nin_secondary_cidr = aws.ec2.Subnet(\"inSecondaryCidr\",\n vpc_id=secondary_cidr.vpc_id,\n cidr_block=\"172.2.0.0/24\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var secondaryCidr = new Aws.Ec2.VpcIpv4CidrBlockAssociation(\"secondaryCidr\", new Aws.Ec2.VpcIpv4CidrBlockAssociationArgs\n {\n VpcId = aws_vpc.Main.Id,\n CidrBlock = \"172.2.0.0/16\",\n });\n var inSecondaryCidr = new Aws.Ec2.Subnet(\"inSecondaryCidr\", new Aws.Ec2.SubnetArgs\n {\n VpcId = secondaryCidr.VpcId,\n CidrBlock = \"172.2.0.0/24\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsecondaryCidr, err := ec2.NewVpcIpv4CidrBlockAssociation(ctx, \"secondaryCidr\", &ec2.VpcIpv4CidrBlockAssociationArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tCidrBlock: pulumi.String(\"172.2.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSubnet(ctx, \"inSecondaryCidr\", &ec2.SubnetArgs{\n\t\t\tVpcId: secondaryCidr.VpcId,\n\t\t\tCidrBlock: pulumi.String(\"172.2.0.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSubnets can be imported using the `subnet id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/subnet:Subnet public_subnet subnet-9d4a7b6c\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the subnet.\n" + }, + "assignIpv6AddressOnCreation": { + "type": "boolean", + "description": "Specify true to indicate\nthat network interfaces created in the specified subnet should be\nassigned an IPv6 address. Default is `false`\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ for the subnet.\n" + }, + "availabilityZoneId": { + "type": "string", + "description": "The AZ ID of the subnet.\n" + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block for the subnet.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured.\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 network range for the subnet,\nin CIDR notation. The subnet size must use a /64 prefix length.\n" + }, + "ipv6CidrBlockAssociationId": { + "type": "string", + "description": "The association ID for the IPv6 CIDR block.\n" + }, + "mapCustomerOwnedIpOnLaunch": { + "type": "boolean", + "description": "Specify `true` to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The `customer_owned_ipv4_pool` and `outpost_arn` arguments must be specified when set to `true`. Default is `false`.\n" + }, + "mapPublicIpOnLaunch": { + "type": "boolean", + "description": "Specify true to indicate\nthat instances launched into the subnet should be assigned\na public IP address. Default is `false`.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the subnet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID.\n" + } + }, + "required": [ + "arn", + "availabilityZone", + "availabilityZoneId", + "cidrBlock", + "ipv6CidrBlockAssociationId", + "ownerId", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "assignIpv6AddressOnCreation": { + "type": "boolean", + "description": "Specify true to indicate\nthat network interfaces created in the specified subnet should be\nassigned an IPv6 address. Default is `false`\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ for the subnet.\n" + }, + "availabilityZoneId": { + "type": "string", + "description": "The AZ ID of the subnet.\n" + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block for the subnet.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured.\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 network range for the subnet,\nin CIDR notation. The subnet size must use a /64 prefix length.\n" + }, + "mapCustomerOwnedIpOnLaunch": { + "type": "boolean", + "description": "Specify `true` to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The `customer_owned_ipv4_pool` and `outpost_arn` arguments must be specified when set to `true`. Default is `false`.\n" + }, + "mapPublicIpOnLaunch": { + "type": "boolean", + "description": "Specify true to indicate\nthat instances launched into the subnet should be assigned\na public IP address. Default is `false`.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID.\n" + } + }, + "requiredInputs": [ + "cidrBlock", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Subnet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the subnet.\n" + }, + "assignIpv6AddressOnCreation": { + "type": "boolean", + "description": "Specify true to indicate\nthat network interfaces created in the specified subnet should be\nassigned an IPv6 address. Default is `false`\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ for the subnet.\n" + }, + "availabilityZoneId": { + "type": "string", + "description": "The AZ ID of the subnet.\n" + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block for the subnet.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The customer owned IPv4 address pool. Typically used with the `map_customer_owned_ip_on_launch` argument. The `outpost_arn` argument must be specified when configured.\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 network range for the subnet,\nin CIDR notation. The subnet size must use a /64 prefix length.\n" + }, + "ipv6CidrBlockAssociationId": { + "type": "string", + "description": "The association ID for the IPv6 CIDR block.\n" + }, + "mapCustomerOwnedIpOnLaunch": { + "type": "boolean", + "description": "Specify `true` to indicate that network interfaces created in the subnet should be assigned a customer owned IP address. The `customer_owned_ipv4_pool` and `outpost_arn` arguments must be specified when set to `true`. Default is `false`.\n" + }, + "mapPublicIpOnLaunch": { + "type": "boolean", + "description": "Specify true to indicate\nthat instances launched into the subnet should be assigned\na public IP address. Default is `false`.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the subnet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/tag:Tag": { + "description": "Manages an individual EC2 resource tag. This resource should only be used in cases where EC2 resources are created outside the provider (e.g. AMIs), being shared via Resource Access Manager (RAM), or implicitly created by other means (e.g. Transit Gateway VPN Attachments).\n\n> **NOTE:** This tagging resource should not be combined with the providers resource for managing the parent resource. For example, using `aws.ec2.Vpc` and `aws.ec2.Tag` to manage tags of the same VPC will cause a perpetual difference where the `aws.ec2.Vpc` resource will try to remove the tag being added by the `aws.ec2.Tag` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleTransitGateway = new aws.ec2transitgateway.TransitGateway(\"exampleTransitGateway\", {});\nconst exampleCustomerGateway = new aws.ec2.CustomerGateway(\"exampleCustomerGateway\", {\n bgpAsn: 65000,\n ipAddress: \"172.0.0.1\",\n type: \"ipsec.1\",\n});\nconst exampleVpnConnection = new aws.ec2.VpnConnection(\"exampleVpnConnection\", {\n customerGatewayId: exampleCustomerGateway.id,\n transitGatewayId: exampleTransitGateway.id,\n type: exampleCustomerGateway.type,\n});\nconst exampleTag = new aws.ec2.Tag(\"exampleTag\", {\n resourceId: exampleVpnConnection.transitGatewayAttachmentId,\n key: \"Name\",\n value: \"Hello World\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_transit_gateway = aws.ec2transitgateway.TransitGateway(\"exampleTransitGateway\")\nexample_customer_gateway = aws.ec2.CustomerGateway(\"exampleCustomerGateway\",\n bgp_asn=\"65000\",\n ip_address=\"172.0.0.1\",\n type=\"ipsec.1\")\nexample_vpn_connection = aws.ec2.VpnConnection(\"exampleVpnConnection\",\n customer_gateway_id=example_customer_gateway.id,\n transit_gateway_id=example_transit_gateway.id,\n type=example_customer_gateway.type)\nexample_tag = aws.ec2.Tag(\"exampleTag\",\n resource_id=example_vpn_connection.transit_gateway_attachment_id,\n key=\"Name\",\n value=\"Hello World\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleTransitGateway = new Aws.Ec2TransitGateway.TransitGateway(\"exampleTransitGateway\", new Aws.Ec2TransitGateway.TransitGatewayArgs\n {\n });\n var exampleCustomerGateway = new Aws.Ec2.CustomerGateway(\"exampleCustomerGateway\", new Aws.Ec2.CustomerGatewayArgs\n {\n BgpAsn = \"65000\",\n IpAddress = \"172.0.0.1\",\n Type = \"ipsec.1\",\n });\n var exampleVpnConnection = new Aws.Ec2.VpnConnection(\"exampleVpnConnection\", new Aws.Ec2.VpnConnectionArgs\n {\n CustomerGatewayId = exampleCustomerGateway.Id,\n TransitGatewayId = exampleTransitGateway.Id,\n Type = exampleCustomerGateway.Type,\n });\n var exampleTag = new Aws.Ec2.Tag(\"exampleTag\", new Aws.Ec2.TagArgs\n {\n ResourceId = exampleVpnConnection.TransitGatewayAttachmentId,\n Key = \"Name\",\n Value = \"Hello World\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleTransitGateway, err := ec2transitgateway.NewTransitGateway(ctx, \"exampleTransitGateway\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleCustomerGateway, err := ec2.NewCustomerGateway(ctx, \"exampleCustomerGateway\", &ec2.CustomerGatewayArgs{\n\t\t\tBgpAsn: pulumi.String(\"65000\"),\n\t\t\tIpAddress: pulumi.String(\"172.0.0.1\"),\n\t\t\tType: pulumi.String(\"ipsec.1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpnConnection, err := ec2.NewVpnConnection(ctx, \"exampleVpnConnection\", &ec2.VpnConnectionArgs{\n\t\t\tCustomerGatewayId: exampleCustomerGateway.ID(),\n\t\t\tTransitGatewayId: exampleTransitGateway.ID(),\n\t\t\tType: exampleCustomerGateway.Type,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewTag(ctx, \"exampleTag\", &ec2.TagArgs{\n\t\t\tResourceId: exampleVpnConnection.TransitGatewayAttachmentId,\n\t\t\tKey: pulumi.String(\"Name\"),\n\t\t\tValue: pulumi.String(\"Hello World\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_tag` can be imported by using the EC2 resource identifier and key, separated by a comma (`,`), e.g.\n\n```sh\n $ pulumi import aws:ec2/tag:Tag example tgw-attach-1234567890abcdef,Name\n```\n\n ", + "properties": { + "key": { + "type": "string", + "description": "The tag name.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of the EC2 resource to manage the tag for.\n" + }, + "value": { + "type": "string", + "description": "The value of the tag.\n" + } + }, + "required": [ + "key", + "resourceId", + "value" + ], + "inputProperties": { + "key": { + "type": "string", + "description": "The tag name.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of the EC2 resource to manage the tag for.\n" + }, + "value": { + "type": "string", + "description": "The value of the tag.\n" + } + }, + "requiredInputs": [ + "key", + "resourceId", + "value" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Tag resources.\n", + "properties": { + "key": { + "type": "string", + "description": "The tag name.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of the EC2 resource to manage the tag for.\n" + }, + "value": { + "type": "string", + "description": "The value of the tag.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/trafficMirrorFilter:TrafficMirrorFilter": { + "description": "Provides an Traffic mirror filter. \nRead [limits and considerations](https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-considerations.html) for traffic mirroring\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nTo create a basic traffic mirror filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.TrafficMirrorFilter(\"foo\", {\n description: \"traffic mirror filter - example\",\n networkServices: [\"amazon-dns\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.TrafficMirrorFilter(\"foo\",\n description=\"traffic mirror filter - example\",\n network_services=[\"amazon-dns\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ec2.TrafficMirrorFilter(\"foo\", new Aws.Ec2.TrafficMirrorFilterArgs\n {\n Description = \"traffic mirror filter - example\",\n NetworkServices = \n {\n \"amazon-dns\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewTrafficMirrorFilter(ctx, \"foo\", &ec2.TrafficMirrorFilterArgs{\n\t\t\tDescription: pulumi.String(\"traffic mirror filter - example\"),\n\t\t\tNetworkServices: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"amazon-dns\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTraffic mirror filter can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/trafficMirrorFilter:TrafficMirrorFilter foo tmf-0fbb93ddf38198f64\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the traffic mirror filter.\n" + }, + "description": { + "type": "string", + "description": "A description of the filter.\n" + }, + "networkServices": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of amazon network services that should be mirrored. Valid values: `amazon-dns`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the filter.\n" + }, + "networkServices": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of amazon network services that should be mirrored. Valid values: `amazon-dns`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering TrafficMirrorFilter resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the traffic mirror filter.\n" + }, + "description": { + "type": "string", + "description": "A description of the filter.\n" + }, + "networkServices": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of amazon network services that should be mirrored. Valid values: `amazon-dns`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:ec2/trafficMirrorFilterRule:TrafficMirrorFilterRule": { + "description": "Provides an Traffic mirror filter rule. \nRead [limits and considerations](https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-considerations.html) for traffic mirroring\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nTo create a basic traffic mirror session\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst filter = new aws.ec2.TrafficMirrorFilter(\"filter\", {\n description: \"traffic mirror filter - example\",\n networkServices: [\"amazon-dns\"],\n});\nconst ruleout = new aws.ec2.TrafficMirrorFilterRule(\"ruleout\", {\n description: \"test rule\",\n trafficMirrorFilterId: filter.id,\n destinationCidrBlock: \"10.0.0.0/8\",\n sourceCidrBlock: \"10.0.0.0/8\",\n ruleNumber: 1,\n ruleAction: \"accept\",\n trafficDirection: \"egress\",\n});\nconst rulein = new aws.ec2.TrafficMirrorFilterRule(\"rulein\", {\n description: \"test rule\",\n trafficMirrorFilterId: filter.id,\n destinationCidrBlock: \"10.0.0.0/8\",\n sourceCidrBlock: \"10.0.0.0/8\",\n ruleNumber: 1,\n ruleAction: \"accept\",\n trafficDirection: \"ingress\",\n protocol: 6,\n destinationPortRange: {\n fromPort: 22,\n toPort: 53,\n },\n sourcePortRange: {\n fromPort: 0,\n toPort: 10,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfilter = aws.ec2.TrafficMirrorFilter(\"filter\",\n description=\"traffic mirror filter - example\",\n network_services=[\"amazon-dns\"])\nruleout = aws.ec2.TrafficMirrorFilterRule(\"ruleout\",\n description=\"test rule\",\n traffic_mirror_filter_id=filter.id,\n destination_cidr_block=\"10.0.0.0/8\",\n source_cidr_block=\"10.0.0.0/8\",\n rule_number=1,\n rule_action=\"accept\",\n traffic_direction=\"egress\")\nrulein = aws.ec2.TrafficMirrorFilterRule(\"rulein\",\n description=\"test rule\",\n traffic_mirror_filter_id=filter.id,\n destination_cidr_block=\"10.0.0.0/8\",\n source_cidr_block=\"10.0.0.0/8\",\n rule_number=1,\n rule_action=\"accept\",\n traffic_direction=\"ingress\",\n protocol=6,\n destination_port_range=aws.ec2.TrafficMirrorFilterRuleDestinationPortRangeArgs(\n from_port=22,\n to_port=53,\n ),\n source_port_range=aws.ec2.TrafficMirrorFilterRuleSourcePortRangeArgs(\n from_port=0,\n to_port=10,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var filter = new Aws.Ec2.TrafficMirrorFilter(\"filter\", new Aws.Ec2.TrafficMirrorFilterArgs\n {\n Description = \"traffic mirror filter - example\",\n NetworkServices = \n {\n \"amazon-dns\",\n },\n });\n var ruleout = new Aws.Ec2.TrafficMirrorFilterRule(\"ruleout\", new Aws.Ec2.TrafficMirrorFilterRuleArgs\n {\n Description = \"test rule\",\n TrafficMirrorFilterId = filter.Id,\n DestinationCidrBlock = \"10.0.0.0/8\",\n SourceCidrBlock = \"10.0.0.0/8\",\n RuleNumber = 1,\n RuleAction = \"accept\",\n TrafficDirection = \"egress\",\n });\n var rulein = new Aws.Ec2.TrafficMirrorFilterRule(\"rulein\", new Aws.Ec2.TrafficMirrorFilterRuleArgs\n {\n Description = \"test rule\",\n TrafficMirrorFilterId = filter.Id,\n DestinationCidrBlock = \"10.0.0.0/8\",\n SourceCidrBlock = \"10.0.0.0/8\",\n RuleNumber = 1,\n RuleAction = \"accept\",\n TrafficDirection = \"ingress\",\n Protocol = 6,\n DestinationPortRange = new Aws.Ec2.Inputs.TrafficMirrorFilterRuleDestinationPortRangeArgs\n {\n FromPort = 22,\n ToPort = 53,\n },\n SourcePortRange = new Aws.Ec2.Inputs.TrafficMirrorFilterRuleSourcePortRangeArgs\n {\n FromPort = 0,\n ToPort = 10,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfilter, err := ec2.NewTrafficMirrorFilter(ctx, \"filter\", &ec2.TrafficMirrorFilterArgs{\n\t\t\tDescription: pulumi.String(\"traffic mirror filter - example\"),\n\t\t\tNetworkServices: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"amazon-dns\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewTrafficMirrorFilterRule(ctx, \"ruleout\", &ec2.TrafficMirrorFilterRuleArgs{\n\t\t\tDescription: pulumi.String(\"test rule\"),\n\t\t\tTrafficMirrorFilterId: filter.ID(),\n\t\t\tDestinationCidrBlock: pulumi.String(\"10.0.0.0/8\"),\n\t\t\tSourceCidrBlock: pulumi.String(\"10.0.0.0/8\"),\n\t\t\tRuleNumber: pulumi.Int(1),\n\t\t\tRuleAction: pulumi.String(\"accept\"),\n\t\t\tTrafficDirection: pulumi.String(\"egress\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewTrafficMirrorFilterRule(ctx, \"rulein\", &ec2.TrafficMirrorFilterRuleArgs{\n\t\t\tDescription: pulumi.String(\"test rule\"),\n\t\t\tTrafficMirrorFilterId: filter.ID(),\n\t\t\tDestinationCidrBlock: pulumi.String(\"10.0.0.0/8\"),\n\t\t\tSourceCidrBlock: pulumi.String(\"10.0.0.0/8\"),\n\t\t\tRuleNumber: pulumi.Int(1),\n\t\t\tRuleAction: pulumi.String(\"accept\"),\n\t\t\tTrafficDirection: pulumi.String(\"ingress\"),\n\t\t\tProtocol: pulumi.Int(6),\n\t\t\tDestinationPortRange: &ec2.TrafficMirrorFilterRuleDestinationPortRangeArgs{\n\t\t\t\tFromPort: pulumi.Int(22),\n\t\t\t\tToPort: pulumi.Int(53),\n\t\t\t},\n\t\t\tSourcePortRange: &ec2.TrafficMirrorFilterRuleSourcePortRangeArgs{\n\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\tToPort: pulumi.Int(10),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTraffic mirror rules can be imported using the `traffic_mirror_filter_id` and `id` separated by `:` e.g.\n\n```sh\n $ pulumi import aws:ec2/trafficMirrorFilterRule:TrafficMirrorFilterRule rule tmf-0fbb93ddf38198f64:tmfr-05a458f06445d0aee\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the traffic mirror filter rule.\n" + }, + "description": { + "type": "string", + "description": "Description of the traffic mirror filter rule.\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "Destination CIDR block to assign to the Traffic Mirror rule.\n" + }, + "destinationPortRange": { + "$ref": "#/types/aws:ec2/TrafficMirrorFilterRuleDestinationPortRange:TrafficMirrorFilterRuleDestinationPortRange", + "description": "Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below\n" + }, + "protocol": { + "type": "integer", + "description": "Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see [Protocol Numbers](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) on the Internet Assigned Numbers Authority (IANA) website.\n" + }, + "ruleAction": { + "type": "string", + "description": "Action to take (accept | reject) on the filtered traffic. Valid values are `accept` and `reject`\n" + }, + "ruleNumber": { + "type": "integer", + "description": "Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.\n" + }, + "sourceCidrBlock": { + "type": "string", + "description": "Source CIDR block to assign to the Traffic Mirror rule.\n" + }, + "sourcePortRange": { + "$ref": "#/types/aws:ec2/TrafficMirrorFilterRuleSourcePortRange:TrafficMirrorFilterRuleSourcePortRange", + "description": "Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below\n" + }, + "trafficDirection": { + "type": "string", + "description": "Direction of traffic to be captured. Valid values are `ingress` and `egress`\n" + }, + "trafficMirrorFilterId": { + "type": "string", + "description": "ID of the traffic mirror filter to which this rule should be added\n" + } + }, + "required": [ + "arn", + "destinationCidrBlock", + "ruleAction", + "ruleNumber", + "sourceCidrBlock", + "trafficDirection", + "trafficMirrorFilterId" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the traffic mirror filter rule.\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "Destination CIDR block to assign to the Traffic Mirror rule.\n" + }, + "destinationPortRange": { + "$ref": "#/types/aws:ec2/TrafficMirrorFilterRuleDestinationPortRange:TrafficMirrorFilterRuleDestinationPortRange", + "description": "Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below\n" + }, + "protocol": { + "type": "integer", + "description": "Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see [Protocol Numbers](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) on the Internet Assigned Numbers Authority (IANA) website.\n" + }, + "ruleAction": { + "type": "string", + "description": "Action to take (accept | reject) on the filtered traffic. Valid values are `accept` and `reject`\n" + }, + "ruleNumber": { + "type": "integer", + "description": "Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.\n" + }, + "sourceCidrBlock": { + "type": "string", + "description": "Source CIDR block to assign to the Traffic Mirror rule.\n" + }, + "sourcePortRange": { + "$ref": "#/types/aws:ec2/TrafficMirrorFilterRuleSourcePortRange:TrafficMirrorFilterRuleSourcePortRange", + "description": "Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below\n" + }, + "trafficDirection": { + "type": "string", + "description": "Direction of traffic to be captured. Valid values are `ingress` and `egress`\n" + }, + "trafficMirrorFilterId": { + "type": "string", + "description": "ID of the traffic mirror filter to which this rule should be added\n" + } + }, + "requiredInputs": [ + "destinationCidrBlock", + "ruleAction", + "ruleNumber", + "sourceCidrBlock", + "trafficDirection", + "trafficMirrorFilterId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TrafficMirrorFilterRule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the traffic mirror filter rule.\n" + }, + "description": { + "type": "string", + "description": "Description of the traffic mirror filter rule.\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "Destination CIDR block to assign to the Traffic Mirror rule.\n" + }, + "destinationPortRange": { + "$ref": "#/types/aws:ec2/TrafficMirrorFilterRuleDestinationPortRange:TrafficMirrorFilterRuleDestinationPortRange", + "description": "Destination port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below\n" + }, + "protocol": { + "type": "integer", + "description": "Protocol number, for example 17 (UDP), to assign to the Traffic Mirror rule. For information about the protocol value, see [Protocol Numbers](https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) on the Internet Assigned Numbers Authority (IANA) website.\n" + }, + "ruleAction": { + "type": "string", + "description": "Action to take (accept | reject) on the filtered traffic. Valid values are `accept` and `reject`\n" + }, + "ruleNumber": { + "type": "integer", + "description": "Number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.\n" + }, + "sourceCidrBlock": { + "type": "string", + "description": "Source CIDR block to assign to the Traffic Mirror rule.\n" + }, + "sourcePortRange": { + "$ref": "#/types/aws:ec2/TrafficMirrorFilterRuleSourcePortRange:TrafficMirrorFilterRuleSourcePortRange", + "description": "Source port range. Supported only when the protocol is set to TCP(6) or UDP(17). See Traffic mirror port range documented below\n" + }, + "trafficDirection": { + "type": "string", + "description": "Direction of traffic to be captured. Valid values are `ingress` and `egress`\n" + }, + "trafficMirrorFilterId": { + "type": "string", + "description": "ID of the traffic mirror filter to which this rule should be added\n" + } + }, + "type": "object" + } + }, + "aws:ec2/trafficMirrorSession:TrafficMirrorSession": { + "description": "Provides an Traffic mirror session. \nRead [limits and considerations](https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-considerations.html) for traffic mirroring\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nTo create a basic traffic mirror session\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst filter = new aws.ec2.TrafficMirrorFilter(\"filter\", {\n description: \"traffic mirror filter - example\",\n networkServices: [\"amazon-dns\"],\n});\nconst target = new aws.ec2.TrafficMirrorTarget(\"target\", {networkLoadBalancerArn: aws_lb.lb.arn});\nconst session = new aws.ec2.TrafficMirrorSession(\"session\", {\n description: \"traffic mirror session - example\",\n networkInterfaceId: aws_instance.test.primary_network_interface_id,\n sessionNumber: 1,\n trafficMirrorFilterId: filter.id,\n trafficMirrorTargetId: target.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfilter = aws.ec2.TrafficMirrorFilter(\"filter\",\n description=\"traffic mirror filter - example\",\n network_services=[\"amazon-dns\"])\ntarget = aws.ec2.TrafficMirrorTarget(\"target\", network_load_balancer_arn=aws_lb[\"lb\"][\"arn\"])\nsession = aws.ec2.TrafficMirrorSession(\"session\",\n description=\"traffic mirror session - example\",\n network_interface_id=aws_instance[\"test\"][\"primary_network_interface_id\"],\n session_number=1,\n traffic_mirror_filter_id=filter.id,\n traffic_mirror_target_id=target.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var filter = new Aws.Ec2.TrafficMirrorFilter(\"filter\", new Aws.Ec2.TrafficMirrorFilterArgs\n {\n Description = \"traffic mirror filter - example\",\n NetworkServices = \n {\n \"amazon-dns\",\n },\n });\n var target = new Aws.Ec2.TrafficMirrorTarget(\"target\", new Aws.Ec2.TrafficMirrorTargetArgs\n {\n NetworkLoadBalancerArn = aws_lb.Lb.Arn,\n });\n var session = new Aws.Ec2.TrafficMirrorSession(\"session\", new Aws.Ec2.TrafficMirrorSessionArgs\n {\n Description = \"traffic mirror session - example\",\n NetworkInterfaceId = aws_instance.Test.Primary_network_interface_id,\n SessionNumber = 1,\n TrafficMirrorFilterId = filter.Id,\n TrafficMirrorTargetId = target.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfilter, err := ec2.NewTrafficMirrorFilter(ctx, \"filter\", &ec2.TrafficMirrorFilterArgs{\n\t\t\tDescription: pulumi.String(\"traffic mirror filter - example\"),\n\t\t\tNetworkServices: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"amazon-dns\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttarget, err := ec2.NewTrafficMirrorTarget(ctx, \"target\", &ec2.TrafficMirrorTargetArgs{\n\t\t\tNetworkLoadBalancerArn: pulumi.Any(aws_lb.Lb.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewTrafficMirrorSession(ctx, \"session\", &ec2.TrafficMirrorSessionArgs{\n\t\t\tDescription: pulumi.String(\"traffic mirror session - example\"),\n\t\t\tNetworkInterfaceId: pulumi.Any(aws_instance.Test.Primary_network_interface_id),\n\t\t\tSessionNumber: pulumi.Int(1),\n\t\t\tTrafficMirrorFilterId: filter.ID(),\n\t\t\tTrafficMirrorTargetId: target.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTraffic mirror sessions can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/trafficMirrorSession:TrafficMirrorSession session tms-0d8aa3ca35897b82e\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the traffic mirror session.\n" + }, + "description": { + "type": "string", + "description": "A description of the traffic mirror session.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "ID of the source network interface. Not all network interfaces are eligible as mirror sources. On EC2 instances only nitro based instances support mirroring.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the session owner.\n" + }, + "packetLength": { + "type": "integer", + "description": "The number of bytes in each packet to mirror. These are bytes after the VXLAN header. Do not specify this parameter when you want to mirror the entire packet. To mirror a subset of the packet, set this to the length (in bytes) that you want to mirror.\n" + }, + "sessionNumber": { + "type": "integer", + "description": "- The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "trafficMirrorFilterId": { + "type": "string", + "description": "ID of the traffic mirror filter to be used\n" + }, + "trafficMirrorTargetId": { + "type": "string", + "description": "ID of the traffic mirror target to be used\n" + }, + "virtualNetworkId": { + "type": "integer", + "description": "- The VXLAN ID for the Traffic Mirror session. For more information about the VXLAN protocol, see RFC 7348. If you do not specify a VirtualNetworkId, an account-wide unique id is chosen at random.\n" + } + }, + "required": [ + "arn", + "networkInterfaceId", + "ownerId", + "sessionNumber", + "tagsAll", + "trafficMirrorFilterId", + "trafficMirrorTargetId", + "virtualNetworkId" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the traffic mirror session.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "ID of the source network interface. Not all network interfaces are eligible as mirror sources. On EC2 instances only nitro based instances support mirroring.\n" + }, + "packetLength": { + "type": "integer", + "description": "The number of bytes in each packet to mirror. These are bytes after the VXLAN header. Do not specify this parameter when you want to mirror the entire packet. To mirror a subset of the packet, set this to the length (in bytes) that you want to mirror.\n" + }, + "sessionNumber": { + "type": "integer", + "description": "- The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "trafficMirrorFilterId": { + "type": "string", + "description": "ID of the traffic mirror filter to be used\n" + }, + "trafficMirrorTargetId": { + "type": "string", + "description": "ID of the traffic mirror target to be used\n" + }, + "virtualNetworkId": { + "type": "integer", + "description": "- The VXLAN ID for the Traffic Mirror session. For more information about the VXLAN protocol, see RFC 7348. If you do not specify a VirtualNetworkId, an account-wide unique id is chosen at random.\n" + } + }, + "requiredInputs": [ + "networkInterfaceId", + "sessionNumber", + "trafficMirrorFilterId", + "trafficMirrorTargetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TrafficMirrorSession resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the traffic mirror session.\n" + }, + "description": { + "type": "string", + "description": "A description of the traffic mirror session.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "ID of the source network interface. Not all network interfaces are eligible as mirror sources. On EC2 instances only nitro based instances support mirroring.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the session owner.\n" + }, + "packetLength": { + "type": "integer", + "description": "The number of bytes in each packet to mirror. These are bytes after the VXLAN header. Do not specify this parameter when you want to mirror the entire packet. To mirror a subset of the packet, set this to the length (in bytes) that you want to mirror.\n" + }, + "sessionNumber": { + "type": "integer", + "description": "- The session number determines the order in which sessions are evaluated when an interface is used by multiple sessions. The first session with a matching filter is the one that mirrors the packets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "trafficMirrorFilterId": { + "type": "string", + "description": "ID of the traffic mirror filter to be used\n" + }, + "trafficMirrorTargetId": { + "type": "string", + "description": "ID of the traffic mirror target to be used\n" + }, + "virtualNetworkId": { + "type": "integer", + "description": "- The VXLAN ID for the Traffic Mirror session. For more information about the VXLAN protocol, see RFC 7348. If you do not specify a VirtualNetworkId, an account-wide unique id is chosen at random.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/trafficMirrorTarget:TrafficMirrorTarget": { + "description": "Provides a Traffic mirror target. \nRead [limits and considerations](https://docs.aws.amazon.com/vpc/latest/mirroring/traffic-mirroring-considerations.html) for traffic mirroring\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nTo create a basic traffic mirror session\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst nlb = new aws.ec2.TrafficMirrorTarget(\"nlb\", {\n description: \"NLB target\",\n networkLoadBalancerArn: aws_lb.lb.arn,\n});\nconst eni = new aws.ec2.TrafficMirrorTarget(\"eni\", {\n description: \"ENI target\",\n networkInterfaceId: aws_instance.test.primary_network_interface_id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nnlb = aws.ec2.TrafficMirrorTarget(\"nlb\",\n description=\"NLB target\",\n network_load_balancer_arn=aws_lb[\"lb\"][\"arn\"])\neni = aws.ec2.TrafficMirrorTarget(\"eni\",\n description=\"ENI target\",\n network_interface_id=aws_instance[\"test\"][\"primary_network_interface_id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var nlb = new Aws.Ec2.TrafficMirrorTarget(\"nlb\", new Aws.Ec2.TrafficMirrorTargetArgs\n {\n Description = \"NLB target\",\n NetworkLoadBalancerArn = aws_lb.Lb.Arn,\n });\n var eni = new Aws.Ec2.TrafficMirrorTarget(\"eni\", new Aws.Ec2.TrafficMirrorTargetArgs\n {\n Description = \"ENI target\",\n NetworkInterfaceId = aws_instance.Test.Primary_network_interface_id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewTrafficMirrorTarget(ctx, \"nlb\", &ec2.TrafficMirrorTargetArgs{\n\t\t\tDescription: pulumi.String(\"NLB target\"),\n\t\t\tNetworkLoadBalancerArn: pulumi.Any(aws_lb.Lb.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewTrafficMirrorTarget(ctx, \"eni\", &ec2.TrafficMirrorTargetArgs{\n\t\t\tDescription: pulumi.String(\"ENI target\"),\n\t\t\tNetworkInterfaceId: pulumi.Any(aws_instance.Test.Primary_network_interface_id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTraffic mirror targets can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/trafficMirrorTarget:TrafficMirrorTarget target tmt-0c13a005422b86606\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the traffic mirror target.\n" + }, + "description": { + "type": "string", + "description": "A description of the traffic mirror session.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface ID that is associated with the target.\n" + }, + "networkLoadBalancerArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the target.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the traffic mirror target.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "ownerId", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the traffic mirror session.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface ID that is associated with the target.\n" + }, + "networkLoadBalancerArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the target.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering TrafficMirrorTarget resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the traffic mirror target.\n" + }, + "description": { + "type": "string", + "description": "A description of the traffic mirror session.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface ID that is associated with the target.\n" + }, + "networkLoadBalancerArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Network Load Balancer that is associated with the target.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the traffic mirror target.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:ec2/transitGatewayPeeringAttachmentAccepter:TransitGatewayPeeringAttachmentAccepter": { + "description": "Manages the accepter's side of an EC2 Transit Gateway Peering Attachment.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.TransitGatewayPeeringAttachmentAccepter(\"example\", {\n transitGatewayAttachmentId: aws_ec2_transit_gateway_peering_attachment.example.id,\n tags: {\n Name: \"Example cross-account attachment\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.TransitGatewayPeeringAttachmentAccepter(\"example\",\n transit_gateway_attachment_id=aws_ec2_transit_gateway_peering_attachment[\"example\"][\"id\"],\n tags={\n \"Name\": \"Example cross-account attachment\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.TransitGatewayPeeringAttachmentAccepter(\"example\", new Aws.Ec2.TransitGatewayPeeringAttachmentAccepterArgs\n {\n TransitGatewayAttachmentId = aws_ec2_transit_gateway_peering_attachment.Example.Id,\n Tags = \n {\n { \"Name\", \"Example cross-account attachment\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewTransitGatewayPeeringAttachmentAccepter(ctx, \"example\", &ec2.TransitGatewayPeeringAttachmentAccepterArgs{\n\t\t\tTransitGatewayAttachmentId: pulumi.Any(aws_ec2_transit_gateway_peering_attachment.Example.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Example cross-account attachment\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_transit_gateway_peering_attachment_accepter` can be imported by using the EC2 Transit Gateway Attachment identifier, e.g.\n\n```sh\n $ pulumi import aws:ec2/transitGatewayPeeringAttachmentAccepter:TransitGatewayPeeringAttachmentAccepter example tgw-attach-12345678\n```\n\n ", + "properties": { + "peerAccountId": { + "type": "string", + "description": "Identifier of the AWS account that owns the EC2 TGW peering.\n" + }, + "peerRegion": { + "type": "string" + }, + "peerTransitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway to peer with.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "The ID of the EC2 Transit Gateway Peering Attachment to manage.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + } + }, + "required": [ + "peerAccountId", + "peerRegion", + "peerTransitGatewayId", + "tagsAll", + "transitGatewayAttachmentId", + "transitGatewayId" + ], + "inputProperties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "The ID of the EC2 Transit Gateway Peering Attachment to manage.\n" + } + }, + "requiredInputs": [ + "transitGatewayAttachmentId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TransitGatewayPeeringAttachmentAccepter resources.\n", + "properties": { + "peerAccountId": { + "type": "string", + "description": "Identifier of the AWS account that owns the EC2 TGW peering.\n" + }, + "peerRegion": { + "type": "string" + }, + "peerTransitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway to peer with.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "The ID of the EC2 Transit Gateway Peering Attachment to manage.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/volumeAttachment:VolumeAttachment": { + "description": "Provides an AWS EBS Volume Attachment as a top level resource, to attach and\ndetach volumes from AWS Instances.\n\n> **NOTE on EBS block devices:** If you use `ebs_block_device` on an `aws.ec2.Instance`, this provider will assume management over the full set of non-root EBS block devices for the instance, and treats additional block devices as drift. For this reason, `ebs_block_device` cannot be mixed with external `aws.ebs.Volume` + `aws_ebs_volume_attachment` resources for a given instance.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-21f78e11\",\n availabilityZone: \"us-west-2a\",\n instanceType: \"t2.micro\",\n tags: {\n Name: \"HelloWorld\",\n },\n});\nconst example = new aws.ebs.Volume(\"example\", {\n availabilityZone: \"us-west-2a\",\n size: 1,\n});\nconst ebsAtt = new aws.ec2.VolumeAttachment(\"ebsAtt\", {\n deviceName: \"/dev/sdh\",\n volumeId: example.id,\n instanceId: web.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-21f78e11\",\n availability_zone=\"us-west-2a\",\n instance_type=\"t2.micro\",\n tags={\n \"Name\": \"HelloWorld\",\n })\nexample = aws.ebs.Volume(\"example\",\n availability_zone=\"us-west-2a\",\n size=1)\nebs_att = aws.ec2.VolumeAttachment(\"ebsAtt\",\n device_name=\"/dev/sdh\",\n volume_id=example.id,\n instance_id=web.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var web = new Aws.Ec2.Instance(\"web\", new Aws.Ec2.InstanceArgs\n {\n Ami = \"ami-21f78e11\",\n AvailabilityZone = \"us-west-2a\",\n InstanceType = \"t2.micro\",\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n var example = new Aws.Ebs.Volume(\"example\", new Aws.Ebs.VolumeArgs\n {\n AvailabilityZone = \"us-west-2a\",\n Size = 1,\n });\n var ebsAtt = new Aws.Ec2.VolumeAttachment(\"ebsAtt\", new Aws.Ec2.VolumeAttachmentArgs\n {\n DeviceName = \"/dev/sdh\",\n VolumeId = example.Id,\n InstanceId = web.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tweb, err := ec2.NewInstance(ctx, \"web\", &ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-21f78e11\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := ebs.NewVolume(ctx, \"example\", &ebs.VolumeArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tSize: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVolumeAttachment(ctx, \"ebsAtt\", &ec2.VolumeAttachmentArgs{\n\t\t\tDeviceName: pulumi.String(\"/dev/sdh\"),\n\t\t\tVolumeId: example.ID(),\n\t\t\tInstanceId: web.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEBS Volume Attachments can be imported using `DEVICE_NAME:VOLUME_ID:INSTANCE_ID`, e.g.\n\n```sh\n $ pulumi import aws:ec2/volumeAttachment:VolumeAttachment example /dev/sdh:vol-049df61146c4d7901:i-12345678\n```\n\n [1]https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html#available-ec2-device-names [2]https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/device_naming.html#available-ec2-device-names [3]https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html ", + "properties": { + "deviceName": { + "type": "string", + "description": "The device name to expose to the instance (for\nexample, `/dev/sdh` or `xvdh`). See [Device Naming on Linux Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html#available-ec2-device-names) and [Device Naming on Windows Instances](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/device_naming.html#available-ec2-device-names) for more information.\n" + }, + "forceDetach": { + "type": "boolean", + "description": "Set to `true` if you want to force the\nvolume to detach. Useful if previous attempts failed, but use this option only\nas a last resort, as this can result in **data loss**. See\n[Detaching an Amazon EBS Volume from an Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html) for more information.\n" + }, + "instanceId": { + "type": "string", + "description": "ID of the Instance to attach to\n" + }, + "skipDestroy": { + "type": "boolean", + "description": "Set this to true if you do not wish\nto detach the volume from the instance to which it is attached at destroy\ntime, and instead just remove the attachment from this provider state. This is\nuseful when destroying an instance which has volumes created by some other\nmeans attached.\n" + }, + "volumeId": { + "type": "string", + "description": "ID of the Volume to be attached\n" + } + }, + "required": [ + "deviceName", + "instanceId", + "volumeId" + ], + "inputProperties": { + "deviceName": { + "type": "string", + "description": "The device name to expose to the instance (for\nexample, `/dev/sdh` or `xvdh`). See [Device Naming on Linux Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html#available-ec2-device-names) and [Device Naming on Windows Instances](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/device_naming.html#available-ec2-device-names) for more information.\n" + }, + "forceDetach": { + "type": "boolean", + "description": "Set to `true` if you want to force the\nvolume to detach. Useful if previous attempts failed, but use this option only\nas a last resort, as this can result in **data loss**. See\n[Detaching an Amazon EBS Volume from an Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html) for more information.\n" + }, + "instanceId": { + "type": "string", + "description": "ID of the Instance to attach to\n" + }, + "skipDestroy": { + "type": "boolean", + "description": "Set this to true if you do not wish\nto detach the volume from the instance to which it is attached at destroy\ntime, and instead just remove the attachment from this provider state. This is\nuseful when destroying an instance which has volumes created by some other\nmeans attached.\n" + }, + "volumeId": { + "type": "string", + "description": "ID of the Volume to be attached\n" + } + }, + "requiredInputs": [ + "deviceName", + "instanceId", + "volumeId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VolumeAttachment resources.\n", + "properties": { + "deviceName": { + "type": "string", + "description": "The device name to expose to the instance (for\nexample, `/dev/sdh` or `xvdh`). See [Device Naming on Linux Instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html#available-ec2-device-names) and [Device Naming on Windows Instances](https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/device_naming.html#available-ec2-device-names) for more information.\n" + }, + "forceDetach": { + "type": "boolean", + "description": "Set to `true` if you want to force the\nvolume to detach. Useful if previous attempts failed, but use this option only\nas a last resort, as this can result in **data loss**. See\n[Detaching an Amazon EBS Volume from an Instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html) for more information.\n" + }, + "instanceId": { + "type": "string", + "description": "ID of the Instance to attach to\n" + }, + "skipDestroy": { + "type": "boolean", + "description": "Set this to true if you do not wish\nto detach the volume from the instance to which it is attached at destroy\ntime, and instead just remove the attachment from this provider state. This is\nuseful when destroying an instance which has volumes created by some other\nmeans attached.\n" + }, + "volumeId": { + "type": "string", + "description": "ID of the Volume to be attached\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpc:Vpc": { + "description": "Provides a VPC resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {\n cidrBlock: \"10.0.0.0/16\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nBasic usage with tags:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {\n cidrBlock: \"10.0.0.0/16\",\n instanceTenancy: \"default\",\n tags: {\n Name: \"main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\",\n cidr_block=\"10.0.0.0/16\",\n instance_tenancy=\"default\",\n tags={\n \"Name\": \"main\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n InstanceTenancy = \"default\",\n Tags = \n {\n { \"Name\", \"main\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tInstanceTenancy: pulumi.String(\"default\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nVPCs can be imported using the `vpc id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpc:Vpc test_vpc vpc-a01106c2\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of VPC\n" + }, + "assignGeneratedIpv6CidrBlock": { + "type": "boolean", + "description": "Requests an Amazon-provided IPv6 CIDR\nblock with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or\nthe size of the CIDR block. Default is `false`.\n" + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block for the VPC.\n" + }, + "defaultNetworkAclId": { + "type": "string", + "description": "The ID of the network ACL created by default on VPC creation\n" + }, + "defaultRouteTableId": { + "type": "string", + "description": "The ID of the route table created by default on VPC creation\n" + }, + "defaultSecurityGroupId": { + "type": "string", + "description": "The ID of the security group created by default on VPC creation\n" + }, + "dhcpOptionsId": { + "type": "string" + }, + "enableClassiclink": { + "type": "boolean", + "description": "A boolean flag to enable/disable ClassicLink\nfor the VPC. Only valid in regions and accounts that support EC2 Classic.\nSee the [ClassicLink documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) for more information. Defaults false.\n" + }, + "enableClassiclinkDnsSupport": { + "type": "boolean", + "description": "A boolean flag to enable/disable ClassicLink DNS Support for the VPC.\nOnly valid in regions and accounts that support EC2 Classic.\n" + }, + "enableDnsHostnames": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.\n" + }, + "enableDnsSupport": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS support in the VPC. Defaults true.\n" + }, + "instanceTenancy": { + "type": "string", + "description": "A tenancy option for instances launched into the VPC. Default is `default`, which\nmakes your instances shared on the host. Using either of the other options (`dedicated` or `host`) costs at least $2/hr.\n" + }, + "ipv6AssociationId": { + "type": "string", + "description": "The association ID for the IPv6 CIDR block.\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block.\n" + }, + "mainRouteTableId": { + "type": "string", + "description": "The ID of the main route table associated with\nthis VPC. Note that you can change a VPC's main route table by using an\n`aws.ec2.MainRouteTableAssociation`.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the VPC.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "cidrBlock", + "defaultNetworkAclId", + "defaultRouteTableId", + "defaultSecurityGroupId", + "dhcpOptionsId", + "enableClassiclink", + "enableClassiclinkDnsSupport", + "enableDnsHostnames", + "ipv6AssociationId", + "ipv6CidrBlock", + "mainRouteTableId", + "ownerId", + "tagsAll" + ], + "inputProperties": { + "assignGeneratedIpv6CidrBlock": { + "type": "boolean", + "description": "Requests an Amazon-provided IPv6 CIDR\nblock with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or\nthe size of the CIDR block. Default is `false`.\n" + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block for the VPC.\n" + }, + "enableClassiclink": { + "type": "boolean", + "description": "A boolean flag to enable/disable ClassicLink\nfor the VPC. Only valid in regions and accounts that support EC2 Classic.\nSee the [ClassicLink documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) for more information. Defaults false.\n" + }, + "enableClassiclinkDnsSupport": { + "type": "boolean", + "description": "A boolean flag to enable/disable ClassicLink DNS Support for the VPC.\nOnly valid in regions and accounts that support EC2 Classic.\n" + }, + "enableDnsHostnames": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.\n" + }, + "enableDnsSupport": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS support in the VPC. Defaults true.\n" + }, + "instanceTenancy": { + "type": "string", + "description": "A tenancy option for instances launched into the VPC. Default is `default`, which\nmakes your instances shared on the host. Using either of the other options (`dedicated` or `host`) costs at least $2/hr.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "cidrBlock" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Vpc resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of VPC\n" + }, + "assignGeneratedIpv6CidrBlock": { + "type": "boolean", + "description": "Requests an Amazon-provided IPv6 CIDR\nblock with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or\nthe size of the CIDR block. Default is `false`.\n" + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block for the VPC.\n" + }, + "defaultNetworkAclId": { + "type": "string", + "description": "The ID of the network ACL created by default on VPC creation\n" + }, + "defaultRouteTableId": { + "type": "string", + "description": "The ID of the route table created by default on VPC creation\n" + }, + "defaultSecurityGroupId": { + "type": "string", + "description": "The ID of the security group created by default on VPC creation\n" + }, + "dhcpOptionsId": { + "type": "string" + }, + "enableClassiclink": { + "type": "boolean", + "description": "A boolean flag to enable/disable ClassicLink\nfor the VPC. Only valid in regions and accounts that support EC2 Classic.\nSee the [ClassicLink documentation](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/vpc-classiclink.html) for more information. Defaults false.\n" + }, + "enableClassiclinkDnsSupport": { + "type": "boolean", + "description": "A boolean flag to enable/disable ClassicLink DNS Support for the VPC.\nOnly valid in regions and accounts that support EC2 Classic.\n" + }, + "enableDnsHostnames": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS hostnames in the VPC. Defaults false.\n" + }, + "enableDnsSupport": { + "type": "boolean", + "description": "A boolean flag to enable/disable DNS support in the VPC. Defaults true.\n" + }, + "instanceTenancy": { + "type": "string", + "description": "A tenancy option for instances launched into the VPC. Default is `default`, which\nmakes your instances shared on the host. Using either of the other options (`dedicated` or `host`) costs at least $2/hr.\n" + }, + "ipv6AssociationId": { + "type": "string", + "description": "The association ID for the IPv6 CIDR block.\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block.\n" + }, + "mainRouteTableId": { + "type": "string", + "description": "The ID of the main route table associated with\nthis VPC. Note that you can change a VPC's main route table by using an\n`aws.ec2.MainRouteTableAssociation`.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the VPC.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcDhcpOptions:VpcDhcpOptions": { + "description": "Provides a VPC DHCP Options resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dnsResolver = new aws.ec2.VpcDhcpOptions(\"dns_resolver\", {\n domainNameServers: [\n \"8.8.8.8\",\n \"8.8.4.4\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndns_resolver = aws.ec2.VpcDhcpOptions(\"dnsResolver\", domain_name_servers=[\n \"8.8.8.8\",\n \"8.8.4.4\",\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dnsResolver = new Aws.Ec2.VpcDhcpOptions(\"dnsResolver\", new Aws.Ec2.VpcDhcpOptionsArgs\n {\n DomainNameServers = \n {\n \"8.8.8.8\",\n \"8.8.4.4\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcDhcpOptions(ctx, \"dnsResolver\", &ec2.VpcDhcpOptionsArgs{\n\t\t\tDomainNameServers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"8.8.8.8\"),\n\t\t\t\tpulumi.String(\"8.8.4.4\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nFull usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.VpcDhcpOptions(\"foo\", {\n domainName: \"service.consul\",\n domainNameServers: [\n \"127.0.0.1\",\n \"10.0.0.2\",\n ],\n netbiosNameServers: [\"127.0.0.1\"],\n netbiosNodeType: \"2\",\n ntpServers: [\"127.0.0.1\"],\n tags: {\n Name: \"foo-name\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.VpcDhcpOptions(\"foo\",\n domain_name=\"service.consul\",\n domain_name_servers=[\n \"127.0.0.1\",\n \"10.0.0.2\",\n ],\n netbios_name_servers=[\"127.0.0.1\"],\n netbios_node_type=\"2\",\n ntp_servers=[\"127.0.0.1\"],\n tags={\n \"Name\": \"foo-name\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ec2.VpcDhcpOptions(\"foo\", new Aws.Ec2.VpcDhcpOptionsArgs\n {\n DomainName = \"service.consul\",\n DomainNameServers = \n {\n \"127.0.0.1\",\n \"10.0.0.2\",\n },\n NetbiosNameServers = \n {\n \"127.0.0.1\",\n },\n NetbiosNodeType = \"2\",\n NtpServers = \n {\n \"127.0.0.1\",\n },\n Tags = \n {\n { \"Name\", \"foo-name\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcDhcpOptions(ctx, \"foo\", &ec2.VpcDhcpOptionsArgs{\n\t\t\tDomainName: pulumi.String(\"service.consul\"),\n\t\t\tDomainNameServers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"127.0.0.1\"),\n\t\t\t\tpulumi.String(\"10.0.0.2\"),\n\t\t\t},\n\t\t\tNetbiosNameServers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"127.0.0.1\"),\n\t\t\t},\n\t\t\tNetbiosNodeType: pulumi.String(\"2\"),\n\t\t\tNtpServers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"127.0.0.1\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foo-name\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Remarks\n\n* Notice that all arguments are optional but you have to specify at least one argument.\n* `domain_name_servers`, `netbios_name_servers`, `ntp_servers` are limited by AWS to maximum four servers only.\n* To actually use the DHCP Options Set you need to associate it to a VPC using `aws.ec2.VpcDhcpOptionsAssociation`.\n* If you delete a DHCP Options Set, all VPCs using it will be associated to AWS's `default` DHCP Option Set.\n* In most cases unless you're configuring your own DNS you'll want to set `domain_name_servers` to `AmazonProvidedDNS`.\n\n\n## Import\n\nVPC DHCP Options can be imported using the `dhcp options id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpcDhcpOptions:VpcDhcpOptions my_options dopt-d9070ebb\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the DHCP Options Set.\n" + }, + "domainName": { + "type": "string", + "description": "the suffix domain name to use by default when resolving non Fully Qualified Domain Names. In other words, this is what ends up being the `search` value in the `/etc/resolv.conf` file.\n" + }, + "domainNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of name servers to configure in `/etc/resolv.conf`. If you want to use the default AWS nameservers you should set this to `AmazonProvidedDNS`.\n" + }, + "netbiosNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NETBIOS name servers.\n" + }, + "netbiosNodeType": { + "type": "string", + "description": "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see [RFC 2132](http://www.ietf.org/rfc/rfc2132.txt).\n" + }, + "ntpServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NTP servers to configure.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the DHCP options set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "ownerId", + "tagsAll" + ], + "inputProperties": { + "domainName": { + "type": "string", + "description": "the suffix domain name to use by default when resolving non Fully Qualified Domain Names. In other words, this is what ends up being the `search` value in the `/etc/resolv.conf` file.\n" + }, + "domainNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of name servers to configure in `/etc/resolv.conf`. If you want to use the default AWS nameservers you should set this to `AmazonProvidedDNS`.\n" + }, + "netbiosNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NETBIOS name servers.\n" + }, + "netbiosNodeType": { + "type": "string", + "description": "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see [RFC 2132](http://www.ietf.org/rfc/rfc2132.txt).\n" + }, + "ntpServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NTP servers to configure.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcDhcpOptions resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the DHCP Options Set.\n" + }, + "domainName": { + "type": "string", + "description": "the suffix domain name to use by default when resolving non Fully Qualified Domain Names. In other words, this is what ends up being the `search` value in the `/etc/resolv.conf` file.\n" + }, + "domainNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of name servers to configure in `/etc/resolv.conf`. If you want to use the default AWS nameservers you should set this to `AmazonProvidedDNS`.\n" + }, + "netbiosNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NETBIOS name servers.\n" + }, + "netbiosNodeType": { + "type": "string", + "description": "The NetBIOS node type (1, 2, 4, or 8). AWS recommends to specify 2 since broadcast and multicast are not supported in their network. For more information about these node types, see [RFC 2132](http://www.ietf.org/rfc/rfc2132.txt).\n" + }, + "ntpServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NTP servers to configure.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the DHCP options set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcDhcpOptionsAssociation:VpcDhcpOptionsAssociation": { + "description": "Provides a VPC DHCP Options Association resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dnsResolver = new aws.ec2.VpcDhcpOptionsAssociation(\"dnsResolver\", {\n vpcId: aws_vpc.foo.id,\n dhcpOptionsId: aws_vpc_dhcp_options.foo.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndns_resolver = aws.ec2.VpcDhcpOptionsAssociation(\"dnsResolver\",\n vpc_id=aws_vpc[\"foo\"][\"id\"],\n dhcp_options_id=aws_vpc_dhcp_options[\"foo\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dnsResolver = new Aws.Ec2.VpcDhcpOptionsAssociation(\"dnsResolver\", new Aws.Ec2.VpcDhcpOptionsAssociationArgs\n {\n VpcId = aws_vpc.Foo.Id,\n DhcpOptionsId = aws_vpc_dhcp_options.Foo.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcDhcpOptionsAssociation(ctx, \"dnsResolver\", &ec2.VpcDhcpOptionsAssociationArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t\tDhcpOptionsId: pulumi.Any(aws_vpc_dhcp_options.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Remarks\n\n* You can only associate one DHCP Options Set to a given VPC ID.\n* Removing the DHCP Options Association automatically sets AWS's `default` DHCP Options Set to the VPC.\n\n\n## Import\n\nDHCP associations can be imported by providing the VPC ID associated with the options\n\n```sh\n $ pulumi import aws:ec2/vpcDhcpOptionsAssociation:VpcDhcpOptionsAssociation imported vpc-0f001273ec18911b1\n```\n\n ", + "properties": { + "dhcpOptionsId": { + "type": "string", + "description": "The ID of the DHCP Options Set to associate to the VPC.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC to which we would like to associate a DHCP Options Set.\n" + } + }, + "required": [ + "dhcpOptionsId", + "vpcId" + ], + "inputProperties": { + "dhcpOptionsId": { + "type": "string", + "description": "The ID of the DHCP Options Set to associate to the VPC.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC to which we would like to associate a DHCP Options Set.\n" + } + }, + "requiredInputs": [ + "dhcpOptionsId", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcDhcpOptionsAssociation resources.\n", + "properties": { + "dhcpOptionsId": { + "type": "string", + "description": "The ID of the DHCP Options Set to associate to the VPC.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC to which we would like to associate a DHCP Options Set.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcEndpoint:VpcEndpoint": { + "description": "Provides a VPC Endpoint resource.\n\n> **NOTE on VPC Endpoints and VPC Endpoint Associations:** This provider provides both standalone VPC Endpoint Associations for\nRoute Tables - (an association between a VPC endpoint and a single `route_table_id`) and\nSubnets - (an association between a VPC endpoint and a single `subnet_id`) and\na VPC Endpoint resource with `route_table_ids` and `subnet_ids` attributes.\nDo not use the same resource ID in both a VPC Endpoint resource and a VPC Endpoint Association resource.\nDoing so will cause a conflict of associations and will overwrite the association.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = new aws.ec2.VpcEndpoint(\"s3\", {\n vpcId: aws_vpc.main.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.ec2.VpcEndpoint(\"s3\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var s3 = new Aws.Ec2.VpcEndpoint(\"s3\", new Aws.Ec2.VpcEndpointArgs\n {\n VpcId = aws_vpc.Main.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpoint(ctx, \"s3\", &ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.s3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Basic w/ Tags\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = new aws.ec2.VpcEndpoint(\"s3\", {\n vpcId: aws_vpc.main.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n tags: {\n Environment: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.ec2.VpcEndpoint(\"s3\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\",\n tags={\n \"Environment\": \"test\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var s3 = new Aws.Ec2.VpcEndpoint(\"s3\", new Aws.Ec2.VpcEndpointArgs\n {\n VpcId = aws_vpc.Main.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpoint(ctx, \"s3\", &ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.s3\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Interface Endpoint Type\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ec2 = new aws.ec2.VpcEndpoint(\"ec2\", {\n vpcId: aws_vpc.main.id,\n serviceName: \"com.amazonaws.us-west-2.ec2\",\n vpcEndpointType: \"Interface\",\n securityGroupIds: [aws_security_group.sg1.id],\n privateDnsEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nec2 = aws.ec2.VpcEndpoint(\"ec2\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n service_name=\"com.amazonaws.us-west-2.ec2\",\n vpc_endpoint_type=\"Interface\",\n security_group_ids=[aws_security_group[\"sg1\"][\"id\"]],\n private_dns_enabled=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ec2 = new Aws.Ec2.VpcEndpoint(\"ec2\", new Aws.Ec2.VpcEndpointArgs\n {\n VpcId = aws_vpc.Main.Id,\n ServiceName = \"com.amazonaws.us-west-2.ec2\",\n VpcEndpointType = \"Interface\",\n SecurityGroupIds = \n {\n aws_security_group.Sg1.Id,\n },\n PrivateDnsEnabled = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpoint(ctx, \"ec2\", &ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.ec2\"),\n\t\t\tVpcEndpointType: pulumi.String(\"Interface\"),\n\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Sg1.Id),\n\t\t\t},\n\t\t\tPrivateDnsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Gateway Load Balancer Endpoint Type\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst exampleVpcEndpointService = new aws.ec2.VpcEndpointService(\"exampleVpcEndpointService\", {\n acceptanceRequired: false,\n allowedPrincipals: [current.then(current => current.arn)],\n gatewayLoadBalancerArns: [aws_lb.example.arn],\n});\nconst exampleVpcEndpoint = new aws.ec2.VpcEndpoint(\"exampleVpcEndpoint\", {\n serviceName: exampleVpcEndpointService.serviceName,\n subnetIds: [aws_subnet.example.id],\n vpcEndpointType: exampleVpcEndpointService.serviceType,\n vpcId: aws_vpc.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample_vpc_endpoint_service = aws.ec2.VpcEndpointService(\"exampleVpcEndpointService\",\n acceptance_required=False,\n allowed_principals=[current.arn],\n gateway_load_balancer_arns=[aws_lb[\"example\"][\"arn\"]])\nexample_vpc_endpoint = aws.ec2.VpcEndpoint(\"exampleVpcEndpoint\",\n service_name=example_vpc_endpoint_service.service_name,\n subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n vpc_endpoint_type=example_vpc_endpoint_service.service_type,\n vpc_id=aws_vpc[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var exampleVpcEndpointService = new Aws.Ec2.VpcEndpointService(\"exampleVpcEndpointService\", new Aws.Ec2.VpcEndpointServiceArgs\n {\n AcceptanceRequired = false,\n AllowedPrincipals = \n {\n current.Apply(current => current.Arn),\n },\n GatewayLoadBalancerArns = \n {\n aws_lb.Example.Arn,\n },\n });\n var exampleVpcEndpoint = new Aws.Ec2.VpcEndpoint(\"exampleVpcEndpoint\", new Aws.Ec2.VpcEndpointArgs\n {\n ServiceName = exampleVpcEndpointService.ServiceName,\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n VpcEndpointType = exampleVpcEndpointService.ServiceType,\n VpcId = aws_vpc.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcEndpointService, err := ec2.NewVpcEndpointService(ctx, \"exampleVpcEndpointService\", &ec2.VpcEndpointServiceArgs{\n\t\t\tAcceptanceRequired: pulumi.Bool(false),\n\t\t\tAllowedPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(current.Arn),\n\t\t\t},\n\t\t\tGatewayLoadBalancerArns: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_lb.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpoint(ctx, \"exampleVpcEndpoint\", &ec2.VpcEndpointArgs{\n\t\t\tServiceName: exampleVpcEndpointService.ServiceName,\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t},\n\t\t\tVpcEndpointType: exampleVpcEndpointService.ServiceType,\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nVPC Endpoints can be imported using the `vpc endpoint id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpcEndpoint:VpcEndpoint endpoint1 vpce-3ecf2a57\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the VPC endpoint.\n" + }, + "autoAccept": { + "type": "boolean", + "description": "Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).\n" + }, + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type `Gateway`.\n" + }, + "dnsEntries": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/VpcEndpointDnsEntry:VpcEndpointDnsEntry" + }, + "description": "The DNS entries for the VPC Endpoint. Applicable for endpoints of type `Interface`. DNS blocks are documented below.\n" + }, + "networkInterfaceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type `Interface`.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the VPC endpoint.\n" + }, + "policy": { + "type": "string", + "description": "A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All `Gateway` and some `Interface` endpoints support policies - see the [relevant AWS documentation](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) for more details.\n" + }, + "prefixListId": { + "type": "string", + "description": "The prefix list ID of the exposed AWS service. Applicable for endpoints of type `Gateway`.\n" + }, + "privateDnsEnabled": { + "type": "boolean", + "description": "Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type `Interface`.\nDefaults to `false`.\n" + }, + "requesterManaged": { + "type": "boolean", + "description": "Whether or not the VPC Endpoint is being managed by its service - `true` or `false`.\n" + }, + "routeTableIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more route table IDs. Applicable for endpoints of type `Gateway`.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of one or more security groups to associate with the network interface. Required for endpoints of type `Interface`.\n" + }, + "serviceName": { + "type": "string", + "description": "The service name. For AWS services the service name is usually in the form `com.amazonaws..` (the SageMaker Notebook service is an exception to this rule, the service name is in the form `aws.sagemaker..notebook`).\n" + }, + "state": { + "type": "string", + "description": "The state of the VPC endpoint.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type `GatewayLoadBalancer` and `Interface`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcEndpointType": { + "type": "string", + "description": "The VPC endpoint type, `Gateway`, `GatewayLoadBalancer`, or `Interface`. Defaults to `Gateway`.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC in which the endpoint will be used.\n" + } + }, + "required": [ + "arn", + "cidrBlocks", + "dnsEntries", + "networkInterfaceIds", + "ownerId", + "policy", + "prefixListId", + "requesterManaged", + "routeTableIds", + "securityGroupIds", + "serviceName", + "state", + "subnetIds", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "autoAccept": { + "type": "boolean", + "description": "Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).\n" + }, + "policy": { + "type": "string", + "description": "A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All `Gateway` and some `Interface` endpoints support policies - see the [relevant AWS documentation](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) for more details.\n" + }, + "privateDnsEnabled": { + "type": "boolean", + "description": "Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type `Interface`.\nDefaults to `false`.\n" + }, + "routeTableIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more route table IDs. Applicable for endpoints of type `Gateway`.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of one or more security groups to associate with the network interface. Required for endpoints of type `Interface`.\n" + }, + "serviceName": { + "type": "string", + "description": "The service name. For AWS services the service name is usually in the form `com.amazonaws..` (the SageMaker Notebook service is an exception to this rule, the service name is in the form `aws.sagemaker..notebook`).\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type `GatewayLoadBalancer` and `Interface`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcEndpointType": { + "type": "string", + "description": "The VPC endpoint type, `Gateway`, `GatewayLoadBalancer`, or `Interface`. Defaults to `Gateway`.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC in which the endpoint will be used.\n" + } + }, + "requiredInputs": [ + "serviceName", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcEndpoint resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the VPC endpoint.\n" + }, + "autoAccept": { + "type": "boolean", + "description": "Accept the VPC endpoint (the VPC endpoint and service need to be in the same AWS account).\n" + }, + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type `Gateway`.\n" + }, + "dnsEntries": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/VpcEndpointDnsEntry:VpcEndpointDnsEntry" + }, + "description": "The DNS entries for the VPC Endpoint. Applicable for endpoints of type `Interface`. DNS blocks are documented below.\n" + }, + "networkInterfaceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type `Interface`.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the VPC endpoint.\n" + }, + "policy": { + "type": "string", + "description": "A policy to attach to the endpoint that controls access to the service. This is a JSON formatted string. Defaults to full access. All `Gateway` and some `Interface` endpoints support policies - see the [relevant AWS documentation](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html) for more details.\n" + }, + "prefixListId": { + "type": "string", + "description": "The prefix list ID of the exposed AWS service. Applicable for endpoints of type `Gateway`.\n" + }, + "privateDnsEnabled": { + "type": "boolean", + "description": "Whether or not to associate a private hosted zone with the specified VPC. Applicable for endpoints of type `Interface`.\nDefaults to `false`.\n" + }, + "requesterManaged": { + "type": "boolean", + "description": "Whether or not the VPC Endpoint is being managed by its service - `true` or `false`.\n" + }, + "routeTableIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more route table IDs. Applicable for endpoints of type `Gateway`.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of one or more security groups to associate with the network interface. Required for endpoints of type `Interface`.\n" + }, + "serviceName": { + "type": "string", + "description": "The service name. For AWS services the service name is usually in the form `com.amazonaws..` (the SageMaker Notebook service is an exception to this rule, the service name is in the form `aws.sagemaker..notebook`).\n" + }, + "state": { + "type": "string", + "description": "The state of the VPC endpoint.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of one or more subnets in which to create a network interface for the endpoint. Applicable for endpoints of type `GatewayLoadBalancer` and `Interface`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcEndpointType": { + "type": "string", + "description": "The VPC endpoint type, `Gateway`, `GatewayLoadBalancer`, or `Interface`. Defaults to `Gateway`.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC in which the endpoint will be used.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcEndpointConnectionNotification:VpcEndpointConnectionNotification": { + "description": "Provides a VPC Endpoint connection notification resource.\nConnection notifications notify subscribers of VPC Endpoint events.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst topic = new aws.sns.Topic(\"topic\", {policy: `{\n \"Version\":\"2012-10-17\",\n \"Statement\":[{\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"vpce.amazonaws.com\"\n },\n \"Action\": \"SNS:Publish\",\n \"Resource\": \"arn:aws:sns:*:*:vpce-notification-topic\"\n }]\n}\n`});\nconst fooVpcEndpointService = new aws.ec2.VpcEndpointService(\"fooVpcEndpointService\", {\n acceptanceRequired: false,\n networkLoadBalancerArns: [aws_lb.test.arn],\n});\nconst fooVpcEndpointConnectionNotification = new aws.ec2.VpcEndpointConnectionNotification(\"fooVpcEndpointConnectionNotification\", {\n vpcEndpointServiceId: fooVpcEndpointService.id,\n connectionNotificationArn: topic.arn,\n connectionEvents: [\n \"Accept\",\n \"Reject\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntopic = aws.sns.Topic(\"topic\", policy=\"\"\"{\n \"Version\":\"2012-10-17\",\n \"Statement\":[{\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"vpce.amazonaws.com\"\n },\n \"Action\": \"SNS:Publish\",\n \"Resource\": \"arn:aws:sns:*:*:vpce-notification-topic\"\n }]\n}\n\"\"\")\nfoo_vpc_endpoint_service = aws.ec2.VpcEndpointService(\"fooVpcEndpointService\",\n acceptance_required=False,\n network_load_balancer_arns=[aws_lb[\"test\"][\"arn\"]])\nfoo_vpc_endpoint_connection_notification = aws.ec2.VpcEndpointConnectionNotification(\"fooVpcEndpointConnectionNotification\",\n vpc_endpoint_service_id=foo_vpc_endpoint_service.id,\n connection_notification_arn=topic.arn,\n connection_events=[\n \"Accept\",\n \"Reject\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var topic = new Aws.Sns.Topic(\"topic\", new Aws.Sns.TopicArgs\n {\n Policy = @\"{\n \"\"Version\"\":\"\"2012-10-17\"\",\n \"\"Statement\"\":[{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"vpce.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"SNS:Publish\"\",\n \"\"Resource\"\": \"\"arn:aws:sns:*:*:vpce-notification-topic\"\"\n }]\n}\n\",\n });\n var fooVpcEndpointService = new Aws.Ec2.VpcEndpointService(\"fooVpcEndpointService\", new Aws.Ec2.VpcEndpointServiceArgs\n {\n AcceptanceRequired = false,\n NetworkLoadBalancerArns = \n {\n aws_lb.Test.Arn,\n },\n });\n var fooVpcEndpointConnectionNotification = new Aws.Ec2.VpcEndpointConnectionNotification(\"fooVpcEndpointConnectionNotification\", new Aws.Ec2.VpcEndpointConnectionNotificationArgs\n {\n VpcEndpointServiceId = fooVpcEndpointService.Id,\n ConnectionNotificationArn = topic.Arn,\n ConnectionEvents = \n {\n \"Accept\",\n \"Reject\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttopic, err := sns.NewTopic(ctx, \"topic\", &sns.TopicArgs{\n\t\t\tPolicy: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\":\\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\":[{\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"vpce.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"SNS:Publish\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:sns:*:*:vpce-notification-topic\\\"\\n\", \" }]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooVpcEndpointService, err := ec2.NewVpcEndpointService(ctx, \"fooVpcEndpointService\", &ec2.VpcEndpointServiceArgs{\n\t\t\tAcceptanceRequired: pulumi.Bool(false),\n\t\t\tNetworkLoadBalancerArns: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_lb.Test.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpointConnectionNotification(ctx, \"fooVpcEndpointConnectionNotification\", &ec2.VpcEndpointConnectionNotificationArgs{\n\t\t\tVpcEndpointServiceId: fooVpcEndpointService.ID(),\n\t\t\tConnectionNotificationArn: topic.Arn,\n\t\t\tConnectionEvents: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Accept\"),\n\t\t\t\tpulumi.String(\"Reject\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nVPC Endpoint connection notifications can be imported using the `VPC endpoint connection notification id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpcEndpointConnectionNotification:VpcEndpointConnectionNotification foo vpce-nfn-09e6ed3b4efba2263\n```\n\n ", + "properties": { + "connectionEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more endpoint [events](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpcEndpointConnectionNotification.html#API_CreateVpcEndpointConnectionNotification_RequestParameters) for which to receive notifications.\n" + }, + "connectionNotificationArn": { + "type": "string", + "description": "The ARN of the SNS topic for the notifications.\n" + }, + "notificationType": { + "type": "string", + "description": "The type of notification.\n" + }, + "state": { + "type": "string", + "description": "The state of the notification.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC Endpoint to receive notifications for.\n" + }, + "vpcEndpointServiceId": { + "type": "string", + "description": "The ID of the VPC Endpoint Service to receive notifications for.\n" + } + }, + "required": [ + "connectionEvents", + "connectionNotificationArn", + "notificationType", + "state" + ], + "inputProperties": { + "connectionEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more endpoint [events](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpcEndpointConnectionNotification.html#API_CreateVpcEndpointConnectionNotification_RequestParameters) for which to receive notifications.\n" + }, + "connectionNotificationArn": { + "type": "string", + "description": "The ARN of the SNS topic for the notifications.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC Endpoint to receive notifications for.\n" + }, + "vpcEndpointServiceId": { + "type": "string", + "description": "The ID of the VPC Endpoint Service to receive notifications for.\n" + } + }, + "requiredInputs": [ + "connectionEvents", + "connectionNotificationArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcEndpointConnectionNotification resources.\n", + "properties": { + "connectionEvents": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more endpoint [events](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateVpcEndpointConnectionNotification.html#API_CreateVpcEndpointConnectionNotification_RequestParameters) for which to receive notifications.\n" + }, + "connectionNotificationArn": { + "type": "string", + "description": "The ARN of the SNS topic for the notifications.\n" + }, + "notificationType": { + "type": "string", + "description": "The type of notification.\n" + }, + "state": { + "type": "string", + "description": "The state of the notification.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC Endpoint to receive notifications for.\n" + }, + "vpcEndpointServiceId": { + "type": "string", + "description": "The ID of the VPC Endpoint Service to receive notifications for.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcEndpointRouteTableAssociation:VpcEndpointRouteTableAssociation": { + "description": "Manages a VPC Endpoint Route Table Association\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.VpcEndpointRouteTableAssociation(\"example\", {\n routeTableId: aws_route_table.example.id,\n vpcEndpointId: aws_vpc_endpoint.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.VpcEndpointRouteTableAssociation(\"example\",\n route_table_id=aws_route_table[\"example\"][\"id\"],\n vpc_endpoint_id=aws_vpc_endpoint[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.VpcEndpointRouteTableAssociation(\"example\", new Aws.Ec2.VpcEndpointRouteTableAssociationArgs\n {\n RouteTableId = aws_route_table.Example.Id,\n VpcEndpointId = aws_vpc_endpoint.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpointRouteTableAssociation(ctx, \"example\", &ec2.VpcEndpointRouteTableAssociationArgs{\n\t\t\tRouteTableId: pulumi.Any(aws_route_table.Example.Id),\n\t\t\tVpcEndpointId: pulumi.Any(aws_vpc_endpoint.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nVPC Endpoint Route Table Associations can be imported using `vpc_endpoint_id` together with `route_table_id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpcEndpointRouteTableAssociation:VpcEndpointRouteTableAssociation example vpce-aaaaaaaa/rtb-bbbbbbbb\n```\n\n ", + "properties": { + "routeTableId": { + "type": "string", + "description": "Identifier of the EC2 Route Table to be associated with the VPC Endpoint.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "Identifier of the VPC Endpoint with which the EC2 Route Table will be associated.\n" + } + }, + "required": [ + "routeTableId", + "vpcEndpointId" + ], + "inputProperties": { + "routeTableId": { + "type": "string", + "description": "Identifier of the EC2 Route Table to be associated with the VPC Endpoint.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "Identifier of the VPC Endpoint with which the EC2 Route Table will be associated.\n" + } + }, + "requiredInputs": [ + "routeTableId", + "vpcEndpointId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcEndpointRouteTableAssociation resources.\n", + "properties": { + "routeTableId": { + "type": "string", + "description": "Identifier of the EC2 Route Table to be associated with the VPC Endpoint.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "Identifier of the VPC Endpoint with which the EC2 Route Table will be associated.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcEndpointService:VpcEndpointService": { + "description": "Provides a VPC Endpoint Service resource.\nService consumers can create an _Interface_ VPC Endpoint to connect to the service.\n\n> **NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals:** This provider provides\nboth a standalone VPC Endpoint Service Allowed Principal resource\nand a VPC Endpoint Service resource with an `allowed_principals` attribute. Do not use the same principal ARN in both\na VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict\nand will overwrite the association.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Network Load Balancers\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.VpcEndpointService(\"example\", {\n acceptanceRequired: false,\n networkLoadBalancerArns: [aws_lb.example.arn],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.VpcEndpointService(\"example\",\n acceptance_required=False,\n network_load_balancer_arns=[aws_lb[\"example\"][\"arn\"]])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.VpcEndpointService(\"example\", new Aws.Ec2.VpcEndpointServiceArgs\n {\n AcceptanceRequired = false,\n NetworkLoadBalancerArns = \n {\n aws_lb.Example.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpointService(ctx, \"example\", &ec2.VpcEndpointServiceArgs{\n\t\t\tAcceptanceRequired: pulumi.Bool(false),\n\t\t\tNetworkLoadBalancerArns: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_lb.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Gateway Load Balancers\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.VpcEndpointService(\"example\", {\n acceptanceRequired: false,\n gatewayLoadBalancerArns: [aws_lb.example.arn],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.VpcEndpointService(\"example\",\n acceptance_required=False,\n gateway_load_balancer_arns=[aws_lb[\"example\"][\"arn\"]])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.VpcEndpointService(\"example\", new Aws.Ec2.VpcEndpointServiceArgs\n {\n AcceptanceRequired = false,\n GatewayLoadBalancerArns = \n {\n aws_lb.Example.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpointService(ctx, \"example\", &ec2.VpcEndpointServiceArgs{\n\t\t\tAcceptanceRequired: pulumi.Bool(false),\n\t\t\tGatewayLoadBalancerArns: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_lb.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nVPC Endpoint Services can be imported using the `VPC endpoint service id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpcEndpointService:VpcEndpointService foo vpce-svc-0f97a19d3fa8220bc\n```\n\n ", + "properties": { + "acceptanceRequired": { + "type": "boolean", + "description": "Whether or not VPC endpoint connection requests to the service must be accepted by the service owner - `true` or `false`.\n" + }, + "allowedPrincipals": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ARNs of one or more principals allowed to discover the endpoint service.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the VPC endpoint service.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Availability Zones in which the service is available.\n" + }, + "baseEndpointDnsNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The DNS names for the service.\n" + }, + "gatewayLoadBalancerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Amazon Resource Names (ARNs) of one or more Gateway Load Balancers for the endpoint service.\n" + }, + "managesVpcEndpoints": { + "type": "boolean", + "description": "Whether or not the service manages its VPC endpoints - `true` or `false`.\n" + }, + "networkLoadBalancerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Amazon Resource Names (ARNs) of one or more Network Load Balancers for the endpoint service.\n" + }, + "privateDnsName": { + "type": "string", + "description": "The private DNS name for the service.\n" + }, + "privateDnsNameConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/VpcEndpointServicePrivateDnsNameConfiguration:VpcEndpointServicePrivateDnsNameConfiguration" + }, + "description": "List of objects containing information about the endpoint service private DNS name configuration.\n" + }, + "serviceName": { + "type": "string", + "description": "The service name.\n" + }, + "serviceType": { + "type": "string", + "description": "The service type, `Gateway` or `Interface`.\n" + }, + "state": { + "type": "string", + "description": "Verification state of the VPC endpoint service. Consumers of the endpoint service can use the private name only when the state is `verified`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "acceptanceRequired", + "allowedPrincipals", + "arn", + "availabilityZones", + "baseEndpointDnsNames", + "managesVpcEndpoints", + "privateDnsName", + "privateDnsNameConfigurations", + "serviceName", + "serviceType", + "state", + "tagsAll" + ], + "inputProperties": { + "acceptanceRequired": { + "type": "boolean", + "description": "Whether or not VPC endpoint connection requests to the service must be accepted by the service owner - `true` or `false`.\n" + }, + "allowedPrincipals": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ARNs of one or more principals allowed to discover the endpoint service.\n" + }, + "gatewayLoadBalancerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Amazon Resource Names (ARNs) of one or more Gateway Load Balancers for the endpoint service.\n" + }, + "networkLoadBalancerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Amazon Resource Names (ARNs) of one or more Network Load Balancers for the endpoint service.\n" + }, + "privateDnsName": { + "type": "string", + "description": "The private DNS name for the service.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "acceptanceRequired" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcEndpointService resources.\n", + "properties": { + "acceptanceRequired": { + "type": "boolean", + "description": "Whether or not VPC endpoint connection requests to the service must be accepted by the service owner - `true` or `false`.\n" + }, + "allowedPrincipals": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ARNs of one or more principals allowed to discover the endpoint service.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the VPC endpoint service.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Availability Zones in which the service is available.\n" + }, + "baseEndpointDnsNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The DNS names for the service.\n" + }, + "gatewayLoadBalancerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Amazon Resource Names (ARNs) of one or more Gateway Load Balancers for the endpoint service.\n" + }, + "managesVpcEndpoints": { + "type": "boolean", + "description": "Whether or not the service manages its VPC endpoints - `true` or `false`.\n" + }, + "networkLoadBalancerArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Amazon Resource Names (ARNs) of one or more Network Load Balancers for the endpoint service.\n" + }, + "privateDnsName": { + "type": "string", + "description": "The private DNS name for the service.\n" + }, + "privateDnsNameConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/VpcEndpointServicePrivateDnsNameConfiguration:VpcEndpointServicePrivateDnsNameConfiguration" + }, + "description": "List of objects containing information about the endpoint service private DNS name configuration.\n" + }, + "serviceName": { + "type": "string", + "description": "The service name.\n" + }, + "serviceType": { + "type": "string", + "description": "The service type, `Gateway` or `Interface`.\n" + }, + "state": { + "type": "string", + "description": "Verification state of the VPC endpoint service. Consumers of the endpoint service can use the private name only when the state is `verified`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcEndpointServiceAllowedPrinciple:VpcEndpointServiceAllowedPrinciple": { + "description": "Provides a resource to allow a principal to discover a VPC endpoint service.\n\n> **NOTE on VPC Endpoint Services and VPC Endpoint Service Allowed Principals:** This provider provides\nboth a standalone VPC Endpoint Service Allowed Principal resource\nand a VPC Endpoint Service resource with an `allowed_principals` attribute. Do not use the same principal ARN in both\na VPC Endpoint Service resource and a VPC Endpoint Service Allowed Principal resource. Doing so will cause a conflict\nand will overwrite the association.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst allowMeToFoo = new aws.ec2.VpcEndpointServiceAllowedPrinciple(\"allowMeToFoo\", {\n vpcEndpointServiceId: aws_vpc_endpoint_service.foo.id,\n principalArn: current.then(current => current.arn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nallow_me_to_foo = aws.ec2.VpcEndpointServiceAllowedPrinciple(\"allowMeToFoo\",\n vpc_endpoint_service_id=aws_vpc_endpoint_service[\"foo\"][\"id\"],\n principal_arn=current.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var allowMeToFoo = new Aws.Ec2.VpcEndpointServiceAllowedPrinciple(\"allowMeToFoo\", new Aws.Ec2.VpcEndpointServiceAllowedPrincipleArgs\n {\n VpcEndpointServiceId = aws_vpc_endpoint_service.Foo.Id,\n PrincipalArn = current.Apply(current => current.Arn),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpointServiceAllowedPrinciple(ctx, \"allowMeToFoo\", &ec2.VpcEndpointServiceAllowedPrincipleArgs{\n\t\t\tVpcEndpointServiceId: pulumi.Any(aws_vpc_endpoint_service.Foo.Id),\n\t\t\tPrincipalArn: pulumi.String(current.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "principalArn": { + "type": "string", + "description": "The ARN of the principal to allow permissions.\n" + }, + "vpcEndpointServiceId": { + "type": "string", + "description": "The ID of the VPC endpoint service to allow permission.\n" + } + }, + "required": [ + "principalArn", + "vpcEndpointServiceId" + ], + "inputProperties": { + "principalArn": { + "type": "string", + "description": "The ARN of the principal to allow permissions.\n" + }, + "vpcEndpointServiceId": { + "type": "string", + "description": "The ID of the VPC endpoint service to allow permission.\n" + } + }, + "requiredInputs": [ + "principalArn", + "vpcEndpointServiceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcEndpointServiceAllowedPrinciple resources.\n", + "properties": { + "principalArn": { + "type": "string", + "description": "The ARN of the principal to allow permissions.\n" + }, + "vpcEndpointServiceId": { + "type": "string", + "description": "The ID of the VPC endpoint service to allow permission.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcEndpointSubnetAssociation:VpcEndpointSubnetAssociation": { + "description": "Provides a resource to create an association between a VPC endpoint and a subnet.\n\n> **NOTE on VPC Endpoints and VPC Endpoint Subnet Associations:** This provider provides\nboth a standalone VPC Endpoint Subnet Association (an association between a VPC endpoint\nand a single `subnet_id`) and a VPC Endpoint resource with a `subnet_ids`\nattribute. Do not use the same subnet ID in both a VPC Endpoint resource and a VPC Endpoint Subnet\nAssociation resource. Doing so will cause a conflict of associations and will overwrite the association.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst snEc2 = new aws.ec2.VpcEndpointSubnetAssociation(\"snEc2\", {\n vpcEndpointId: aws_vpc_endpoint.ec2.id,\n subnetId: aws_subnet.sn.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsn_ec2 = aws.ec2.VpcEndpointSubnetAssociation(\"snEc2\",\n vpc_endpoint_id=aws_vpc_endpoint[\"ec2\"][\"id\"],\n subnet_id=aws_subnet[\"sn\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var snEc2 = new Aws.Ec2.VpcEndpointSubnetAssociation(\"snEc2\", new Aws.Ec2.VpcEndpointSubnetAssociationArgs\n {\n VpcEndpointId = aws_vpc_endpoint.Ec2.Id,\n SubnetId = aws_subnet.Sn.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcEndpointSubnetAssociation(ctx, \"snEc2\", &ec2.VpcEndpointSubnetAssociationArgs{\n\t\t\tVpcEndpointId: pulumi.Any(aws_vpc_endpoint.Ec2.Id),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Sn.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "subnetId": { + "type": "string", + "description": "The ID of the subnet to be associated with the VPC endpoint.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC endpoint with which the subnet will be associated.\n" + } + }, + "required": [ + "subnetId", + "vpcEndpointId" + ], + "inputProperties": { + "subnetId": { + "type": "string", + "description": "The ID of the subnet to be associated with the VPC endpoint.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC endpoint with which the subnet will be associated.\n" + } + }, + "requiredInputs": [ + "subnetId", + "vpcEndpointId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcEndpointSubnetAssociation resources.\n", + "properties": { + "subnetId": { + "type": "string", + "description": "The ID of the subnet to be associated with the VPC endpoint.\n" + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC endpoint with which the subnet will be associated.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcIpv4CidrBlockAssociation:VpcIpv4CidrBlockAssociation": { + "description": "Provides a resource to associate additional IPv4 CIDR blocks with a VPC.\n\nWhen a VPC is created, a primary IPv4 CIDR block for the VPC must be specified.\nThe `aws.ec2.VpcIpv4CidrBlockAssociation` resource allows further IPv4 CIDR blocks to be added to the VPC.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst secondaryCidr = new aws.ec2.VpcIpv4CidrBlockAssociation(\"secondaryCidr\", {\n vpcId: main.id,\n cidrBlock: \"172.2.0.0/16\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\nsecondary_cidr = aws.ec2.VpcIpv4CidrBlockAssociation(\"secondaryCidr\",\n vpc_id=main.id,\n cidr_block=\"172.2.0.0/16\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var secondaryCidr = new Aws.Ec2.VpcIpv4CidrBlockAssociation(\"secondaryCidr\", new Aws.Ec2.VpcIpv4CidrBlockAssociationArgs\n {\n VpcId = main.Id,\n CidrBlock = \"172.2.0.0/16\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcIpv4CidrBlockAssociation(ctx, \"secondaryCidr\", &ec2.VpcIpv4CidrBlockAssociationArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tCidrBlock: pulumi.String(\"172.2.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_vpc_ipv4_cidr_block_association` can be imported by using the VPC CIDR Association ID, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpcIpv4CidrBlockAssociation:VpcIpv4CidrBlockAssociation example vpc-cidr-assoc-xxxxxxxx\n```\n\n ", + "properties": { + "cidrBlock": { + "type": "string", + "description": "The additional IPv4 CIDR block to associate with the VPC.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC to make the association with.\n" + } + }, + "required": [ + "cidrBlock", + "vpcId" + ], + "inputProperties": { + "cidrBlock": { + "type": "string", + "description": "The additional IPv4 CIDR block to associate with the VPC.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC to make the association with.\n" + } + }, + "requiredInputs": [ + "cidrBlock", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcIpv4CidrBlockAssociation resources.\n", + "properties": { + "cidrBlock": { + "type": "string", + "description": "The additional IPv4 CIDR block to associate with the VPC.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC to make the association with.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcPeeringConnection:VpcPeeringConnection": { + "description": "Provides a resource to manage a VPC peering connection.\n\n> **NOTE on VPC Peering Connections and VPC Peering Connection Options:** This provider provides\nboth a standalone VPC Peering Connection Options and a VPC Peering Connection\nresource with `accepter` and `requester` attributes. Do not manage options for the same VPC peering\nconnection in both a VPC Peering Connection resource and a VPC Peering Connection Options resource.\nDoing so will cause a conflict of options and will overwrite the options.\nUsing a VPC Peering Connection Options resource decouples management of the connection options from\nmanagement of the VPC Peering Connection and allows options to be set correctly in cross-account scenarios.\n\n> **Note:** For cross-account (requester's AWS account differs from the accepter's AWS account) or inter-region\nVPC Peering Connections use the `aws.ec2.VpcPeeringConnection` resource to manage the requester's side of the\nconnection and use the `aws.ec2.VpcPeeringConnectionAccepter` resource to manage the accepter's side of the connection.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.VpcPeeringConnection(\"foo\", {\n peerOwnerId: _var.peer_owner_id,\n peerVpcId: aws_vpc.bar.id,\n vpcId: aws_vpc.foo.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.VpcPeeringConnection(\"foo\",\n peer_owner_id=var[\"peer_owner_id\"],\n peer_vpc_id=aws_vpc[\"bar\"][\"id\"],\n vpc_id=aws_vpc[\"foo\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ec2.VpcPeeringConnection(\"foo\", new Aws.Ec2.VpcPeeringConnectionArgs\n {\n PeerOwnerId = @var.Peer_owner_id,\n PeerVpcId = aws_vpc.Bar.Id,\n VpcId = aws_vpc.Foo.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcPeeringConnection(ctx, \"foo\", &ec2.VpcPeeringConnectionArgs{\n\t\t\tPeerOwnerId: pulumi.Any(_var.Peer_owner_id),\n\t\t\tPeerVpcId: pulumi.Any(aws_vpc.Bar.Id),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nBasic usage with connection options:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.VpcPeeringConnection(\"foo\", {\n peerOwnerId: _var.peer_owner_id,\n peerVpcId: aws_vpc.bar.id,\n vpcId: aws_vpc.foo.id,\n accepter: {\n allowRemoteVpcDnsResolution: true,\n },\n requester: {\n allowRemoteVpcDnsResolution: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.VpcPeeringConnection(\"foo\",\n peer_owner_id=var[\"peer_owner_id\"],\n peer_vpc_id=aws_vpc[\"bar\"][\"id\"],\n vpc_id=aws_vpc[\"foo\"][\"id\"],\n accepter=aws.ec2.VpcPeeringConnectionAccepterArgs(\n allow_remote_vpc_dns_resolution=True,\n ),\n requester=aws.ec2.VpcPeeringConnectionRequesterArgs(\n allow_remote_vpc_dns_resolution=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ec2.VpcPeeringConnection(\"foo\", new Aws.Ec2.VpcPeeringConnectionArgs\n {\n PeerOwnerId = @var.Peer_owner_id,\n PeerVpcId = aws_vpc.Bar.Id,\n VpcId = aws_vpc.Foo.Id,\n Accepter = new Aws.Ec2.Inputs.VpcPeeringConnectionAccepterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n Requester = new Aws.Ec2.Inputs.VpcPeeringConnectionRequesterArgs\n {\n AllowRemoteVpcDnsResolution = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpcPeeringConnection(ctx, \"foo\", &ec2.VpcPeeringConnectionArgs{\n\t\t\tPeerOwnerId: pulumi.Any(_var.Peer_owner_id),\n\t\t\tPeerVpcId: pulumi.Any(aws_vpc.Bar.Id),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t\tAccepter: &ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t\tRequester: &ec2.VpcPeeringConnectionRequesterArgs{\n\t\t\t\tAllowRemoteVpcDnsResolution: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nBasic usage with tags:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooVpc = new aws.ec2.Vpc(\"fooVpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst bar = new aws.ec2.Vpc(\"bar\", {cidrBlock: \"10.2.0.0/16\"});\nconst fooVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\", {\n peerOwnerId: _var.peer_owner_id,\n peerVpcId: bar.id,\n vpcId: fooVpc.id,\n autoAccept: true,\n tags: {\n Name: \"VPC Peering between foo and bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_vpc = aws.ec2.Vpc(\"fooVpc\", cidr_block=\"10.1.0.0/16\")\nbar = aws.ec2.Vpc(\"bar\", cidr_block=\"10.2.0.0/16\")\nfoo_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\",\n peer_owner_id=var[\"peer_owner_id\"],\n peer_vpc_id=bar.id,\n vpc_id=foo_vpc.id,\n auto_accept=True,\n tags={\n \"Name\": \"VPC Peering between foo and bar\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooVpc = new Aws.Ec2.Vpc(\"fooVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n var bar = new Aws.Ec2.Vpc(\"bar\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.2.0.0/16\",\n });\n var fooVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\", new Aws.Ec2.VpcPeeringConnectionArgs\n {\n PeerOwnerId = @var.Peer_owner_id,\n PeerVpcId = bar.Id,\n VpcId = fooVpc.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Name\", \"VPC Peering between foo and bar\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooVpc, err := ec2.NewVpc(ctx, \"fooVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewVpc(ctx, \"bar\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.2.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcPeeringConnection(ctx, \"fooVpcPeeringConnection\", &ec2.VpcPeeringConnectionArgs{\n\t\t\tPeerOwnerId: pulumi.Any(_var.Peer_owner_id),\n\t\t\tPeerVpcId: bar.ID(),\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"VPC Peering between foo and bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nBasic usage with region:\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooVpc = new aws.ec2.Vpc(\"fooVpc\", {cidrBlock: \"10.1.0.0/16\"}, {\n provider: aws[\"us-west-2\"],\n});\nconst bar = new aws.ec2.Vpc(\"bar\", {cidrBlock: \"10.2.0.0/16\"}, {\n provider: aws[\"us-east-1\"],\n});\nconst fooVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\", {\n peerOwnerId: _var.peer_owner_id,\n peerVpcId: bar.id,\n vpcId: fooVpc.id,\n peerRegion: \"us-east-1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_vpc = aws.ec2.Vpc(\"fooVpc\", cidr_block=\"10.1.0.0/16\",\nopts=pulumi.ResourceOptions(provider=aws[\"us-west-2\"]))\nbar = aws.ec2.Vpc(\"bar\", cidr_block=\"10.2.0.0/16\",\nopts=pulumi.ResourceOptions(provider=aws[\"us-east-1\"]))\nfoo_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\",\n peer_owner_id=var[\"peer_owner_id\"],\n peer_vpc_id=bar.id,\n vpc_id=foo_vpc.id,\n peer_region=\"us-east-1\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooVpc = new Aws.Ec2.Vpc(\"fooVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n }, new CustomResourceOptions\n {\n Provider = aws.Us_west_2,\n });\n var bar = new Aws.Ec2.Vpc(\"bar\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.2.0.0/16\",\n }, new CustomResourceOptions\n {\n Provider = aws.Us_east_1,\n });\n var fooVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"fooVpcPeeringConnection\", new Aws.Ec2.VpcPeeringConnectionArgs\n {\n PeerOwnerId = @var.Peer_owner_id,\n PeerVpcId = bar.Id,\n VpcId = fooVpc.Id,\n PeerRegion = \"us-east-1\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooVpc, err := ec2.NewVpc(ctx, \"fooVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t}, pulumi.Provider(aws.Us-west-2))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewVpc(ctx, \"bar\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.2.0.0/16\"),\n\t\t}, pulumi.Provider(aws.Us-east-1))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcPeeringConnection(ctx, \"fooVpcPeeringConnection\", &ec2.VpcPeeringConnectionArgs{\n\t\t\tPeerOwnerId: pulumi.Any(_var.Peer_owner_id),\n\t\t\tPeerVpcId: bar.ID(),\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tPeerRegion: pulumi.String(\"us-east-1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Notes\n\nIf both VPCs are not in the same AWS account do not enable the `auto_accept` attribute.\nThe accepter can manage its side of the connection using the `aws.ec2.VpcPeeringConnectionAccepter` resource\nor accept the connection manually using the AWS Management Console, AWS CLI, through SDKs, etc.\n\n\n## Import\n\nVPC Peering resources can be imported using the `vpc peering id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpcPeeringConnection:VpcPeeringConnection test_connection pcx-111aaa111\n```\n\n [1]/docs/providers/aws/index.html ", + "properties": { + "acceptStatus": { + "type": "string", + "description": "The status of the VPC Peering Connection request.\n" + }, + "accepter": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter", + "description": "An optional configuration block that allows for [VPC Peering Connection](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that accepts\nthe peering connection (a maximum of one).\n" + }, + "autoAccept": { + "type": "boolean", + "description": "Accept the peering (both VPCs need to be in the same AWS account).\n" + }, + "peerOwnerId": { + "type": "string", + "description": "The AWS account ID of the owner of the peer VPC.\nDefaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "peerRegion": { + "type": "string", + "description": "The region of the accepter VPC of the VPC Peering Connection. `auto_accept` must be `false`,\nand use the `aws.ec2.VpcPeeringConnectionAccepter` to manage the accepter side.\n" + }, + "peerVpcId": { + "type": "string", + "description": "The ID of the VPC with which you are creating the VPC Peering Connection.\n" + }, + "requester": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionRequester:VpcPeeringConnectionRequester", + "description": "A optional configuration block that allows for [VPC Peering Connection](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that requests\nthe peering connection (a maximum of one).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the requester VPC.\n" + } + }, + "required": [ + "acceptStatus", + "accepter", + "peerOwnerId", + "peerRegion", + "peerVpcId", + "requester", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "accepter": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter", + "description": "An optional configuration block that allows for [VPC Peering Connection](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that accepts\nthe peering connection (a maximum of one).\n" + }, + "autoAccept": { + "type": "boolean", + "description": "Accept the peering (both VPCs need to be in the same AWS account).\n" + }, + "peerOwnerId": { + "type": "string", + "description": "The AWS account ID of the owner of the peer VPC.\nDefaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "peerRegion": { + "type": "string", + "description": "The region of the accepter VPC of the VPC Peering Connection. `auto_accept` must be `false`,\nand use the `aws.ec2.VpcPeeringConnectionAccepter` to manage the accepter side.\n" + }, + "peerVpcId": { + "type": "string", + "description": "The ID of the VPC with which you are creating the VPC Peering Connection.\n" + }, + "requester": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionRequester:VpcPeeringConnectionRequester", + "description": "A optional configuration block that allows for [VPC Peering Connection](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that requests\nthe peering connection (a maximum of one).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the requester VPC.\n" + } + }, + "requiredInputs": [ + "peerVpcId", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcPeeringConnection resources.\n", + "properties": { + "acceptStatus": { + "type": "string", + "description": "The status of the VPC Peering Connection request.\n" + }, + "accepter": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter", + "description": "An optional configuration block that allows for [VPC Peering Connection](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that accepts\nthe peering connection (a maximum of one).\n" + }, + "autoAccept": { + "type": "boolean", + "description": "Accept the peering (both VPCs need to be in the same AWS account).\n" + }, + "peerOwnerId": { + "type": "string", + "description": "The AWS account ID of the owner of the peer VPC.\nDefaults to the account ID the [AWS provider](https://www.terraform.io/docs/providers/aws/index.html) is currently connected to.\n" + }, + "peerRegion": { + "type": "string", + "description": "The region of the accepter VPC of the VPC Peering Connection. `auto_accept` must be `false`,\nand use the `aws.ec2.VpcPeeringConnectionAccepter` to manage the accepter side.\n" + }, + "peerVpcId": { + "type": "string", + "description": "The ID of the VPC with which you are creating the VPC Peering Connection.\n" + }, + "requester": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionRequester:VpcPeeringConnectionRequester", + "description": "A optional configuration block that allows for [VPC Peering Connection](https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options to be set for the VPC that requests\nthe peering connection (a maximum of one).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the requester VPC.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter": { + "description": "Provides a resource to manage the accepter's side of a VPC Peering Connection.\n\nWhen a cross-account (requester's AWS account differs from the accepter's AWS account) or an inter-region\nVPC Peering Connection is created, a VPC Peering Connection resource is automatically created in the\naccepter's account.\nThe requester can use the `aws.ec2.VpcPeeringConnection` resource to manage its side of the connection\nand the accepter can use the `aws.ec2.VpcPeeringConnectionAccepter` resource to \"adopt\" its side of the\nconnection into management.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst peer = new aws.Provider(\"peer\", {region: \"us-west-2\"});\n// Accepter's credentials.\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst peerVpc = new aws.ec2.Vpc(\"peerVpc\", {cidrBlock: \"10.1.0.0/16\"}, {\n provider: aws.peer,\n});\nconst peerCallerIdentity = aws.getCallerIdentity({});\n// Requester's side of the connection.\nconst peerVpcPeeringConnection = new aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", {\n vpcId: main.id,\n peerVpcId: peerVpc.id,\n peerOwnerId: peerCallerIdentity.then(peerCallerIdentity => peerCallerIdentity.accountId),\n peerRegion: \"us-west-2\",\n autoAccept: false,\n tags: {\n Side: \"Requester\",\n },\n});\n// Accepter's side of the connection.\nconst peerVpcPeeringConnectionAccepter = new aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", {\n vpcPeeringConnectionId: peerVpcPeeringConnection.id,\n autoAccept: true,\n tags: {\n Side: \"Accepter\",\n },\n}, {\n provider: aws.peer,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\npeer = pulumi.providers.Aws(\"peer\", region=\"us-west-2\")\n# Accepter's credentials.\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\npeer_vpc = aws.ec2.Vpc(\"peerVpc\", cidr_block=\"10.1.0.0/16\",\nopts=pulumi.ResourceOptions(provider=aws[\"peer\"]))\npeer_caller_identity = aws.get_caller_identity()\n# Requester's side of the connection.\npeer_vpc_peering_connection = aws.ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\",\n vpc_id=main.id,\n peer_vpc_id=peer_vpc.id,\n peer_owner_id=peer_caller_identity.account_id,\n peer_region=\"us-west-2\",\n auto_accept=False,\n tags={\n \"Side\": \"Requester\",\n })\n# Accepter's side of the connection.\npeer_vpc_peering_connection_accepter = aws.ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\",\n vpc_peering_connection_id=peer_vpc_peering_connection.id,\n auto_accept=True,\n tags={\n \"Side\": \"Accepter\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"peer\"]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var peer = new Aws.Provider(\"peer\", new Aws.ProviderArgs\n {\n Region = \"us-west-2\",\n });\n // Accepter's credentials.\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var peerVpc = new Aws.Ec2.Vpc(\"peerVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n }, new CustomResourceOptions\n {\n Provider = aws.Peer,\n });\n var peerCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n // Requester's side of the connection.\n var peerVpcPeeringConnection = new Aws.Ec2.VpcPeeringConnection(\"peerVpcPeeringConnection\", new Aws.Ec2.VpcPeeringConnectionArgs\n {\n VpcId = main.Id,\n PeerVpcId = peerVpc.Id,\n PeerOwnerId = peerCallerIdentity.Apply(peerCallerIdentity => peerCallerIdentity.AccountId),\n PeerRegion = \"us-west-2\",\n AutoAccept = false,\n Tags = \n {\n { \"Side\", \"Requester\" },\n },\n });\n // Accepter's side of the connection.\n var peerVpcPeeringConnectionAccepter = new Aws.Ec2.VpcPeeringConnectionAccepter(\"peerVpcPeeringConnectionAccepter\", new Aws.Ec2.VpcPeeringConnectionAccepterArgs\n {\n VpcPeeringConnectionId = peerVpcPeeringConnection.Id,\n AutoAccept = true,\n Tags = \n {\n { \"Side\", \"Accepter\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Peer,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"peer\", &providers.awsArgs{\n\t\t\tRegion: \"us-west-2\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpc, err := ec2.NewVpc(ctx, \"peerVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t}, pulumi.Provider(aws.Peer))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerVpcPeeringConnection, err := ec2.NewVpcPeeringConnection(ctx, \"peerVpcPeeringConnection\", &ec2.VpcPeeringConnectionArgs{\n\t\t\tVpcId: main.ID(),\n\t\t\tPeerVpcId: peerVpc.ID(),\n\t\t\tPeerOwnerId: pulumi.String(peerCallerIdentity.AccountId),\n\t\t\tPeerRegion: pulumi.String(\"us-west-2\"),\n\t\t\tAutoAccept: pulumi.Bool(false),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Requester\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcPeeringConnectionAccepter(ctx, \"peerVpcPeeringConnectionAccepter\", &ec2.VpcPeeringConnectionAccepterArgs{\n\t\t\tVpcPeeringConnectionId: peerVpcPeeringConnection.ID(),\n\t\t\tAutoAccept: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Side\": pulumi.String(\"Accepter\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Peer))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nVPC Peering Connection Accepters can be imported by using the Peering Connection ID, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpcPeeringConnectionAccepter:VpcPeeringConnectionAccepter example pcx-12345678\n```\n\n Certain resource arguments, like `auto_accept`, do not have an EC2 API method for reading the information after peering connection creation. If the argument is set in the provider configuration on an imported resource, this provder will always show a difference. To workaround this behavior, either omit the argument from the configuration or use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to hide the difference, e.g. terraform resource \"aws_vpc_peering_connection_accepter\" \"example\" {\n\n # ... other configuration ...\n\n # There is no AWS EC2 API for reading auto_accept\n\n lifecycle {\n\n\n\n ignore_changes = [auto_accept]\n\n } } ", + "properties": { + "acceptStatus": { + "type": "string", + "description": "The status of the VPC Peering Connection request.\n" + }, + "accepter": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionAccepterAccepter:VpcPeeringConnectionAccepterAccepter", + "description": "A configuration block that describes [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the accepter VPC.\n" + }, + "autoAccept": { + "type": "boolean", + "description": "Whether or not to accept the peering request. Defaults to `false`.\n" + }, + "peerOwnerId": { + "type": "string", + "description": "The AWS account ID of the owner of the requester VPC.\n" + }, + "peerRegion": { + "type": "string", + "description": "The region of the accepter VPC.\n" + }, + "peerVpcId": { + "type": "string", + "description": "The ID of the requester VPC.\n" + }, + "requester": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionAccepterRequester:VpcPeeringConnectionAccepterRequester", + "description": "A configuration block that describes [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the requester VPC.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the accepter VPC.\n" + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "The VPC Peering Connection ID to manage.\n" + } + }, + "required": [ + "acceptStatus", + "accepter", + "peerOwnerId", + "peerRegion", + "peerVpcId", + "requester", + "tagsAll", + "vpcId", + "vpcPeeringConnectionId" + ], + "inputProperties": { + "accepter": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionAccepterAccepter:VpcPeeringConnectionAccepterAccepter", + "description": "A configuration block that describes [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the accepter VPC.\n" + }, + "autoAccept": { + "type": "boolean", + "description": "Whether or not to accept the peering request. Defaults to `false`.\n" + }, + "requester": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionAccepterRequester:VpcPeeringConnectionAccepterRequester", + "description": "A configuration block that describes [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the requester VPC.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "The VPC Peering Connection ID to manage.\n" + } + }, + "requiredInputs": [ + "vpcPeeringConnectionId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcPeeringConnectionAccepter resources.\n", + "properties": { + "acceptStatus": { + "type": "string", + "description": "The status of the VPC Peering Connection request.\n" + }, + "accepter": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionAccepterAccepter:VpcPeeringConnectionAccepterAccepter", + "description": "A configuration block that describes [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the accepter VPC.\n" + }, + "autoAccept": { + "type": "boolean", + "description": "Whether or not to accept the peering request. Defaults to `false`.\n" + }, + "peerOwnerId": { + "type": "string", + "description": "The AWS account ID of the owner of the requester VPC.\n" + }, + "peerRegion": { + "type": "string", + "description": "The region of the accepter VPC.\n" + }, + "peerVpcId": { + "type": "string", + "description": "The ID of the requester VPC.\n" + }, + "requester": { + "$ref": "#/types/aws:ec2/VpcPeeringConnectionAccepterRequester:VpcPeeringConnectionAccepterRequester", + "description": "A configuration block that describes [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the requester VPC.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the accepter VPC.\n" + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "The VPC Peering Connection ID to manage.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpnConnection:VpnConnection": { + "description": "Manages an EC2 VPN connection. These objects can be connected to customer gateways, and allow you to establish tunnels between your network and Amazon.\n\n> **Note:** The CIDR blocks in the arguments `tunnel1_inside_cidr` and `tunnel2_inside_cidr` must have a prefix of /30 and be a part of a specific range.\n[Read more about this in the AWS documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_VpnTunnelOptionsSpecification.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### EC2 Transit Gateway\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleTransitGateway = new aws.ec2transitgateway.TransitGateway(\"exampleTransitGateway\", {});\nconst exampleCustomerGateway = new aws.ec2.CustomerGateway(\"exampleCustomerGateway\", {\n bgpAsn: 65000,\n ipAddress: \"172.0.0.1\",\n type: \"ipsec.1\",\n});\nconst exampleVpnConnection = new aws.ec2.VpnConnection(\"exampleVpnConnection\", {\n customerGatewayId: exampleCustomerGateway.id,\n transitGatewayId: exampleTransitGateway.id,\n type: exampleCustomerGateway.type,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_transit_gateway = aws.ec2transitgateway.TransitGateway(\"exampleTransitGateway\")\nexample_customer_gateway = aws.ec2.CustomerGateway(\"exampleCustomerGateway\",\n bgp_asn=\"65000\",\n ip_address=\"172.0.0.1\",\n type=\"ipsec.1\")\nexample_vpn_connection = aws.ec2.VpnConnection(\"exampleVpnConnection\",\n customer_gateway_id=example_customer_gateway.id,\n transit_gateway_id=example_transit_gateway.id,\n type=example_customer_gateway.type)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleTransitGateway = new Aws.Ec2TransitGateway.TransitGateway(\"exampleTransitGateway\", new Aws.Ec2TransitGateway.TransitGatewayArgs\n {\n });\n var exampleCustomerGateway = new Aws.Ec2.CustomerGateway(\"exampleCustomerGateway\", new Aws.Ec2.CustomerGatewayArgs\n {\n BgpAsn = \"65000\",\n IpAddress = \"172.0.0.1\",\n Type = \"ipsec.1\",\n });\n var exampleVpnConnection = new Aws.Ec2.VpnConnection(\"exampleVpnConnection\", new Aws.Ec2.VpnConnectionArgs\n {\n CustomerGatewayId = exampleCustomerGateway.Id,\n TransitGatewayId = exampleTransitGateway.Id,\n Type = exampleCustomerGateway.Type,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleTransitGateway, err := ec2transitgateway.NewTransitGateway(ctx, \"exampleTransitGateway\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleCustomerGateway, err := ec2.NewCustomerGateway(ctx, \"exampleCustomerGateway\", &ec2.CustomerGatewayArgs{\n\t\t\tBgpAsn: pulumi.String(\"65000\"),\n\t\t\tIpAddress: pulumi.String(\"172.0.0.1\"),\n\t\t\tType: pulumi.String(\"ipsec.1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpnConnection(ctx, \"exampleVpnConnection\", &ec2.VpnConnectionArgs{\n\t\t\tCustomerGatewayId: exampleCustomerGateway.ID(),\n\t\t\tTransitGatewayId: exampleTransitGateway.ID(),\n\t\t\tType: exampleCustomerGateway.Type,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Virtual Private Gateway\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst vpc = new aws.ec2.Vpc(\"vpc\", {cidrBlock: \"10.0.0.0/16\"});\nconst vpnGateway = new aws.ec2.VpnGateway(\"vpnGateway\", {vpcId: vpc.id});\nconst customerGateway = new aws.ec2.CustomerGateway(\"customerGateway\", {\n bgpAsn: 65000,\n ipAddress: \"172.0.0.1\",\n type: \"ipsec.1\",\n});\nconst main = new aws.ec2.VpnConnection(\"main\", {\n vpnGatewayId: vpnGateway.id,\n customerGatewayId: customerGateway.id,\n type: \"ipsec.1\",\n staticRoutesOnly: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nvpc = aws.ec2.Vpc(\"vpc\", cidr_block=\"10.0.0.0/16\")\nvpn_gateway = aws.ec2.VpnGateway(\"vpnGateway\", vpc_id=vpc.id)\ncustomer_gateway = aws.ec2.CustomerGateway(\"customerGateway\",\n bgp_asn=\"65000\",\n ip_address=\"172.0.0.1\",\n type=\"ipsec.1\")\nmain = aws.ec2.VpnConnection(\"main\",\n vpn_gateway_id=vpn_gateway.id,\n customer_gateway_id=customer_gateway.id,\n type=\"ipsec.1\",\n static_routes_only=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var vpc = new Aws.Ec2.Vpc(\"vpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var vpnGateway = new Aws.Ec2.VpnGateway(\"vpnGateway\", new Aws.Ec2.VpnGatewayArgs\n {\n VpcId = vpc.Id,\n });\n var customerGateway = new Aws.Ec2.CustomerGateway(\"customerGateway\", new Aws.Ec2.CustomerGatewayArgs\n {\n BgpAsn = \"65000\",\n IpAddress = \"172.0.0.1\",\n Type = \"ipsec.1\",\n });\n var main = new Aws.Ec2.VpnConnection(\"main\", new Aws.Ec2.VpnConnectionArgs\n {\n VpnGatewayId = vpnGateway.Id,\n CustomerGatewayId = customerGateway.Id,\n Type = \"ipsec.1\",\n StaticRoutesOnly = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvpc, err := ec2.NewVpc(ctx, \"vpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnGateway, err := ec2.NewVpnGateway(ctx, \"vpnGateway\", &ec2.VpnGatewayArgs{\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcustomerGateway, err := ec2.NewCustomerGateway(ctx, \"customerGateway\", &ec2.CustomerGatewayArgs{\n\t\t\tBgpAsn: pulumi.String(\"65000\"),\n\t\t\tIpAddress: pulumi.String(\"172.0.0.1\"),\n\t\t\tType: pulumi.String(\"ipsec.1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpnConnection(ctx, \"main\", &ec2.VpnConnectionArgs{\n\t\t\tVpnGatewayId: vpnGateway.ID(),\n\t\t\tCustomerGatewayId: customerGateway.ID(),\n\t\t\tType: pulumi.String(\"ipsec.1\"),\n\t\t\tStaticRoutesOnly: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nVPN Connections can be imported using the `vpn connection id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpnConnection:VpnConnection testvpnconnection vpn-40f41529\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the VPN Connection.\n" + }, + "customerGatewayConfiguration": { + "type": "string", + "description": "The configuration information for the VPN connection's customer gateway (in the native XML format).\n" + }, + "customerGatewayId": { + "type": "string", + "description": "The ID of the customer gateway.\n" + }, + "enableAcceleration": { + "type": "boolean", + "description": "Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.\n" + }, + "localIpv4NetworkCidr": { + "type": "string", + "description": "The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.\n" + }, + "localIpv6NetworkCidr": { + "type": "string", + "description": "The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.\n" + }, + "remoteIpv4NetworkCidr": { + "type": "string", + "description": "The IPv4 CIDR on the AWS side of the VPN connection.\n" + }, + "remoteIpv6NetworkCidr": { + "type": "string", + "description": "The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.\n" + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/VpnConnectionRoute:VpnConnectionRoute" + } + }, + "staticRoutesOnly": { + "type": "boolean", + "description": "Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the connection. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "When associated with an EC2 Transit Gateway (`transit_gateway_id` argument), the attachment ID. See also the `aws.ec2.Tag` for tagging the EC2 Transit Gateway VPN Attachment.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "The ID of the EC2 Transit Gateway.\n" + }, + "tunnel1Address": { + "type": "string", + "description": "The public IP address of the first VPN tunnel.\n" + }, + "tunnel1BgpAsn": { + "type": "string", + "description": "The bgp asn number of the first VPN tunnel.\n" + }, + "tunnel1BgpHoldtime": { + "type": "integer", + "description": "The bgp holdtime of the first VPN tunnel.\n" + }, + "tunnel1CgwInsideAddress": { + "type": "string", + "description": "The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).\n" + }, + "tunnel1DpdTimeoutAction": { + "type": "string", + "description": "The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are `clear | none | restart`.\n" + }, + "tunnel1DpdTimeoutSeconds": { + "type": "integer", + "description": "The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than `30`.\n" + }, + "tunnel1IkeVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IKE versions that are permitted for the first VPN tunnel. Valid values are `ikev1 | ikev2`.\n" + }, + "tunnel1InsideCidr": { + "type": "string", + "description": "The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.\n" + }, + "tunnel1InsideIpv6Cidr": { + "type": "string", + "description": "The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.\n" + }, + "tunnel1Phase1DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are ` 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel1Phase1EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel1Phase1IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel1Phase1LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between `900` and `28800`.\n" + }, + "tunnel1Phase2DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are `2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel1Phase2EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel1Phase2IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel1Phase2LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between `900` and `3600`.\n" + }, + "tunnel1PresharedKey": { + "type": "string", + "description": "The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).\n" + }, + "tunnel1RekeyFuzzPercentage": { + "type": "integer", + "description": "The percentage of the rekey window for the first VPN tunnel (determined by `tunnel1_rekey_margin_time_seconds`) during which the rekey time is randomly selected. Valid value is between `0` and `100`.\n" + }, + "tunnel1RekeyMarginTimeSeconds": { + "type": "integer", + "description": "The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for `tunnel1_rekey_fuzz_percentage`. Valid value is between `60` and half of `tunnel1_phase2_lifetime_seconds`.\n" + }, + "tunnel1ReplayWindowSize": { + "type": "integer", + "description": "The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between `64` and `2048`.\n" + }, + "tunnel1StartupAction": { + "type": "string", + "description": "The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are `add | start`.\n" + }, + "tunnel1VgwInsideAddress": { + "type": "string", + "description": "The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).\n" + }, + "tunnel2Address": { + "type": "string", + "description": "The public IP address of the second VPN tunnel.\n" + }, + "tunnel2BgpAsn": { + "type": "string", + "description": "The bgp asn number of the second VPN tunnel.\n" + }, + "tunnel2BgpHoldtime": { + "type": "integer", + "description": "The bgp holdtime of the second VPN tunnel.\n" + }, + "tunnel2CgwInsideAddress": { + "type": "string", + "description": "The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).\n" + }, + "tunnel2DpdTimeoutAction": { + "type": "string", + "description": "The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are `clear | none | restart`.\n" + }, + "tunnel2DpdTimeoutSeconds": { + "type": "integer", + "description": "The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than `30`.\n" + }, + "tunnel2IkeVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IKE versions that are permitted for the second VPN tunnel. Valid values are `ikev1 | ikev2`.\n" + }, + "tunnel2InsideCidr": { + "type": "string", + "description": "The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.\n" + }, + "tunnel2InsideIpv6Cidr": { + "type": "string", + "description": "The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.\n" + }, + "tunnel2Phase1DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are ` 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel2Phase1EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel2Phase1IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel2Phase1LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between `900` and `28800`.\n" + }, + "tunnel2Phase2DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are `2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel2Phase2EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel2Phase2IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel2Phase2LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between `900` and `3600`.\n" + }, + "tunnel2PresharedKey": { + "type": "string", + "description": "The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).\n" + }, + "tunnel2RekeyFuzzPercentage": { + "type": "integer", + "description": "The percentage of the rekey window for the second VPN tunnel (determined by `tunnel2_rekey_margin_time_seconds`) during which the rekey time is randomly selected. Valid value is between `0` and `100`.\n" + }, + "tunnel2RekeyMarginTimeSeconds": { + "type": "integer", + "description": "The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for `tunnel2_rekey_fuzz_percentage`. Valid value is between `60` and half of `tunnel2_phase2_lifetime_seconds`.\n" + }, + "tunnel2ReplayWindowSize": { + "type": "integer", + "description": "The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between `64` and `2048`.\n" + }, + "tunnel2StartupAction": { + "type": "string", + "description": "The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are `add | start`.\n" + }, + "tunnel2VgwInsideAddress": { + "type": "string", + "description": "The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).\n" + }, + "tunnelInsideIpVersion": { + "type": "string", + "description": "Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are `ipv4 | ipv6`. `ipv6` Supports only EC2 Transit Gateway.\n" + }, + "type": { + "type": "string", + "description": "The type of VPN connection. The only type AWS supports at this time is \"ipsec.1\".\n" + }, + "vgwTelemetries": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/VpnConnectionVgwTelemetry:VpnConnectionVgwTelemetry" + } + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the Virtual Private Gateway.\n" + } + }, + "required": [ + "arn", + "customerGatewayConfiguration", + "customerGatewayId", + "enableAcceleration", + "localIpv4NetworkCidr", + "localIpv6NetworkCidr", + "remoteIpv4NetworkCidr", + "remoteIpv6NetworkCidr", + "routes", + "staticRoutesOnly", + "tagsAll", + "transitGatewayAttachmentId", + "tunnel1Address", + "tunnel1BgpAsn", + "tunnel1BgpHoldtime", + "tunnel1CgwInsideAddress", + "tunnel1InsideCidr", + "tunnel1InsideIpv6Cidr", + "tunnel1PresharedKey", + "tunnel1VgwInsideAddress", + "tunnel2Address", + "tunnel2BgpAsn", + "tunnel2BgpHoldtime", + "tunnel2CgwInsideAddress", + "tunnel2InsideCidr", + "tunnel2InsideIpv6Cidr", + "tunnel2PresharedKey", + "tunnel2VgwInsideAddress", + "tunnelInsideIpVersion", + "type", + "vgwTelemetries" + ], + "inputProperties": { + "customerGatewayId": { + "type": "string", + "description": "The ID of the customer gateway.\n" + }, + "enableAcceleration": { + "type": "boolean", + "description": "Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.\n" + }, + "localIpv4NetworkCidr": { + "type": "string", + "description": "The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.\n" + }, + "localIpv6NetworkCidr": { + "type": "string", + "description": "The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.\n" + }, + "remoteIpv4NetworkCidr": { + "type": "string", + "description": "The IPv4 CIDR on the AWS side of the VPN connection.\n" + }, + "remoteIpv6NetworkCidr": { + "type": "string", + "description": "The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.\n" + }, + "staticRoutesOnly": { + "type": "boolean", + "description": "Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the connection. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "The ID of the EC2 Transit Gateway.\n" + }, + "tunnel1DpdTimeoutAction": { + "type": "string", + "description": "The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are `clear | none | restart`.\n" + }, + "tunnel1DpdTimeoutSeconds": { + "type": "integer", + "description": "The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than `30`.\n" + }, + "tunnel1IkeVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IKE versions that are permitted for the first VPN tunnel. Valid values are `ikev1 | ikev2`.\n" + }, + "tunnel1InsideCidr": { + "type": "string", + "description": "The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.\n" + }, + "tunnel1InsideIpv6Cidr": { + "type": "string", + "description": "The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.\n" + }, + "tunnel1Phase1DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are ` 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel1Phase1EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel1Phase1IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel1Phase1LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between `900` and `28800`.\n" + }, + "tunnel1Phase2DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are `2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel1Phase2EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel1Phase2IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel1Phase2LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between `900` and `3600`.\n" + }, + "tunnel1PresharedKey": { + "type": "string", + "description": "The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).\n" + }, + "tunnel1RekeyFuzzPercentage": { + "type": "integer", + "description": "The percentage of the rekey window for the first VPN tunnel (determined by `tunnel1_rekey_margin_time_seconds`) during which the rekey time is randomly selected. Valid value is between `0` and `100`.\n" + }, + "tunnel1RekeyMarginTimeSeconds": { + "type": "integer", + "description": "The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for `tunnel1_rekey_fuzz_percentage`. Valid value is between `60` and half of `tunnel1_phase2_lifetime_seconds`.\n" + }, + "tunnel1ReplayWindowSize": { + "type": "integer", + "description": "The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between `64` and `2048`.\n" + }, + "tunnel1StartupAction": { + "type": "string", + "description": "The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are `add | start`.\n" + }, + "tunnel2DpdTimeoutAction": { + "type": "string", + "description": "The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are `clear | none | restart`.\n" + }, + "tunnel2DpdTimeoutSeconds": { + "type": "integer", + "description": "The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than `30`.\n" + }, + "tunnel2IkeVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IKE versions that are permitted for the second VPN tunnel. Valid values are `ikev1 | ikev2`.\n" + }, + "tunnel2InsideCidr": { + "type": "string", + "description": "The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.\n" + }, + "tunnel2InsideIpv6Cidr": { + "type": "string", + "description": "The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.\n" + }, + "tunnel2Phase1DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are ` 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel2Phase1EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel2Phase1IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel2Phase1LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between `900` and `28800`.\n" + }, + "tunnel2Phase2DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are `2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel2Phase2EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel2Phase2IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel2Phase2LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between `900` and `3600`.\n" + }, + "tunnel2PresharedKey": { + "type": "string", + "description": "The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).\n" + }, + "tunnel2RekeyFuzzPercentage": { + "type": "integer", + "description": "The percentage of the rekey window for the second VPN tunnel (determined by `tunnel2_rekey_margin_time_seconds`) during which the rekey time is randomly selected. Valid value is between `0` and `100`.\n" + }, + "tunnel2RekeyMarginTimeSeconds": { + "type": "integer", + "description": "The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for `tunnel2_rekey_fuzz_percentage`. Valid value is between `60` and half of `tunnel2_phase2_lifetime_seconds`.\n" + }, + "tunnel2ReplayWindowSize": { + "type": "integer", + "description": "The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between `64` and `2048`.\n" + }, + "tunnel2StartupAction": { + "type": "string", + "description": "The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are `add | start`.\n" + }, + "tunnelInsideIpVersion": { + "type": "string", + "description": "Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are `ipv4 | ipv6`. `ipv6` Supports only EC2 Transit Gateway.\n" + }, + "type": { + "type": "string", + "description": "The type of VPN connection. The only type AWS supports at this time is \"ipsec.1\".\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the Virtual Private Gateway.\n" + } + }, + "requiredInputs": [ + "customerGatewayId", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpnConnection resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the VPN Connection.\n" + }, + "customerGatewayConfiguration": { + "type": "string", + "description": "The configuration information for the VPN connection's customer gateway (in the native XML format).\n" + }, + "customerGatewayId": { + "type": "string", + "description": "The ID of the customer gateway.\n" + }, + "enableAcceleration": { + "type": "boolean", + "description": "Indicate whether to enable acceleration for the VPN connection. Supports only EC2 Transit Gateway.\n" + }, + "localIpv4NetworkCidr": { + "type": "string", + "description": "The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.\n" + }, + "localIpv6NetworkCidr": { + "type": "string", + "description": "The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.\n" + }, + "remoteIpv4NetworkCidr": { + "type": "string", + "description": "The IPv4 CIDR on the AWS side of the VPN connection.\n" + }, + "remoteIpv6NetworkCidr": { + "type": "string", + "description": "The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.\n" + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/VpnConnectionRoute:VpnConnectionRoute" + } + }, + "staticRoutesOnly": { + "type": "boolean", + "description": "Whether the VPN connection uses static routes exclusively. Static routes must be used for devices that don't support BGP.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the connection. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "When associated with an EC2 Transit Gateway (`transit_gateway_id` argument), the attachment ID. See also the `aws.ec2.Tag` for tagging the EC2 Transit Gateway VPN Attachment.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "The ID of the EC2 Transit Gateway.\n" + }, + "tunnel1Address": { + "type": "string", + "description": "The public IP address of the first VPN tunnel.\n" + }, + "tunnel1BgpAsn": { + "type": "string", + "description": "The bgp asn number of the first VPN tunnel.\n" + }, + "tunnel1BgpHoldtime": { + "type": "integer", + "description": "The bgp holdtime of the first VPN tunnel.\n" + }, + "tunnel1CgwInsideAddress": { + "type": "string", + "description": "The RFC 6890 link-local address of the first VPN tunnel (Customer Gateway Side).\n" + }, + "tunnel1DpdTimeoutAction": { + "type": "string", + "description": "The action to take after DPD timeout occurs for the first VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are `clear | none | restart`.\n" + }, + "tunnel1DpdTimeoutSeconds": { + "type": "integer", + "description": "The number of seconds after which a DPD timeout occurs for the first VPN tunnel. Valid value is equal or higher than `30`.\n" + }, + "tunnel1IkeVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IKE versions that are permitted for the first VPN tunnel. Valid values are `ikev1 | ikev2`.\n" + }, + "tunnel1InsideCidr": { + "type": "string", + "description": "The CIDR block of the inside IP addresses for the first VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.\n" + }, + "tunnel1InsideIpv6Cidr": { + "type": "string", + "description": "The range of inside IPv6 addresses for the first VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.\n" + }, + "tunnel1Phase1DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are ` 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel1Phase1EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel1Phase1IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more integrity algorithms that are permitted for the first VPN tunnel for phase 1 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel1Phase1LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 1 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between `900` and `28800`.\n" + }, + "tunnel1Phase2DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are `2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel1Phase2EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel1Phase2IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more integrity algorithms that are permitted for the first VPN tunnel for phase 2 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel1Phase2LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 2 of the IKE negotiation for the first VPN tunnel, in seconds. Valid value is between `900` and `3600`.\n" + }, + "tunnel1PresharedKey": { + "type": "string", + "description": "The preshared key of the first VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).\n" + }, + "tunnel1RekeyFuzzPercentage": { + "type": "integer", + "description": "The percentage of the rekey window for the first VPN tunnel (determined by `tunnel1_rekey_margin_time_seconds`) during which the rekey time is randomly selected. Valid value is between `0` and `100`.\n" + }, + "tunnel1RekeyMarginTimeSeconds": { + "type": "integer", + "description": "The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the first VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for `tunnel1_rekey_fuzz_percentage`. Valid value is between `60` and half of `tunnel1_phase2_lifetime_seconds`.\n" + }, + "tunnel1ReplayWindowSize": { + "type": "integer", + "description": "The number of packets in an IKE replay window for the first VPN tunnel. Valid value is between `64` and `2048`.\n" + }, + "tunnel1StartupAction": { + "type": "string", + "description": "The action to take when the establishing the tunnel for the first VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are `add | start`.\n" + }, + "tunnel1VgwInsideAddress": { + "type": "string", + "description": "The RFC 6890 link-local address of the first VPN tunnel (VPN Gateway Side).\n" + }, + "tunnel2Address": { + "type": "string", + "description": "The public IP address of the second VPN tunnel.\n" + }, + "tunnel2BgpAsn": { + "type": "string", + "description": "The bgp asn number of the second VPN tunnel.\n" + }, + "tunnel2BgpHoldtime": { + "type": "integer", + "description": "The bgp holdtime of the second VPN tunnel.\n" + }, + "tunnel2CgwInsideAddress": { + "type": "string", + "description": "The RFC 6890 link-local address of the second VPN tunnel (Customer Gateway Side).\n" + }, + "tunnel2DpdTimeoutAction": { + "type": "string", + "description": "The action to take after DPD timeout occurs for the second VPN tunnel. Specify restart to restart the IKE initiation. Specify clear to end the IKE session. Valid values are `clear | none | restart`.\n" + }, + "tunnel2DpdTimeoutSeconds": { + "type": "integer", + "description": "The number of seconds after which a DPD timeout occurs for the second VPN tunnel. Valid value is equal or higher than `30`.\n" + }, + "tunnel2IkeVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IKE versions that are permitted for the second VPN tunnel. Valid values are `ikev1 | ikev2`.\n" + }, + "tunnel2InsideCidr": { + "type": "string", + "description": "The CIDR block of the inside IP addresses for the second VPN tunnel. Valid value is a size /30 CIDR block from the 169.254.0.0/16 range.\n" + }, + "tunnel2InsideIpv6Cidr": { + "type": "string", + "description": "The range of inside IPv6 addresses for the second VPN tunnel. Supports only EC2 Transit Gateway. Valid value is a size /126 CIDR block from the local fd00::/8 range.\n" + }, + "tunnel2Phase1DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are ` 2 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel2Phase1EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel2Phase1IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more integrity algorithms that are permitted for the second VPN tunnel for phase 1 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel2Phase1LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 1 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between `900` and `28800`.\n" + }, + "tunnel2Phase2DhGroupNumbers": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of one or more Diffie-Hellman group numbers that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are `2 | 5 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24`.\n" + }, + "tunnel2Phase2EncryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more encryption algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are `AES128 | AES256 | AES128-GCM-16 | AES256-GCM-16`.\n" + }, + "tunnel2Phase2IntegrityAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of one or more integrity algorithms that are permitted for the second VPN tunnel for phase 2 IKE negotiations. Valid values are `SHA1 | SHA2-256 | SHA2-384 | SHA2-512`.\n" + }, + "tunnel2Phase2LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 2 of the IKE negotiation for the second VPN tunnel, in seconds. Valid value is between `900` and `3600`.\n" + }, + "tunnel2PresharedKey": { + "type": "string", + "description": "The preshared key of the second VPN tunnel. The preshared key must be between 8 and 64 characters in length and cannot start with zero(0). Allowed characters are alphanumeric characters, periods(.) and underscores(_).\n" + }, + "tunnel2RekeyFuzzPercentage": { + "type": "integer", + "description": "The percentage of the rekey window for the second VPN tunnel (determined by `tunnel2_rekey_margin_time_seconds`) during which the rekey time is randomly selected. Valid value is between `0` and `100`.\n" + }, + "tunnel2RekeyMarginTimeSeconds": { + "type": "integer", + "description": "The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the second VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for `tunnel2_rekey_fuzz_percentage`. Valid value is between `60` and half of `tunnel2_phase2_lifetime_seconds`.\n" + }, + "tunnel2ReplayWindowSize": { + "type": "integer", + "description": "The number of packets in an IKE replay window for the second VPN tunnel. Valid value is between `64` and `2048`.\n" + }, + "tunnel2StartupAction": { + "type": "string", + "description": "The action to take when the establishing the tunnel for the second VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify start for AWS to initiate the IKE negotiation. Valid values are `add | start`.\n" + }, + "tunnel2VgwInsideAddress": { + "type": "string", + "description": "The RFC 6890 link-local address of the second VPN tunnel (VPN Gateway Side).\n" + }, + "tunnelInsideIpVersion": { + "type": "string", + "description": "Indicate whether the VPN tunnels process IPv4 or IPv6 traffic. Valid values are `ipv4 | ipv6`. `ipv6` Supports only EC2 Transit Gateway.\n" + }, + "type": { + "type": "string", + "description": "The type of VPN connection. The only type AWS supports at this time is \"ipsec.1\".\n" + }, + "vgwTelemetries": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/VpnConnectionVgwTelemetry:VpnConnectionVgwTelemetry" + } + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the Virtual Private Gateway.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpnConnectionRoute:VpnConnectionRoute": { + "description": "Provides a static route between a VPN connection and a customer gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst vpc = new aws.ec2.Vpc(\"vpc\", {cidrBlock: \"10.0.0.0/16\"});\nconst vpnGateway = new aws.ec2.VpnGateway(\"vpnGateway\", {vpcId: vpc.id});\nconst customerGateway = new aws.ec2.CustomerGateway(\"customerGateway\", {\n bgpAsn: 65000,\n ipAddress: \"172.0.0.1\",\n type: \"ipsec.1\",\n});\nconst main = new aws.ec2.VpnConnection(\"main\", {\n vpnGatewayId: vpnGateway.id,\n customerGatewayId: customerGateway.id,\n type: \"ipsec.1\",\n staticRoutesOnly: true,\n});\nconst office = new aws.ec2.VpnConnectionRoute(\"office\", {\n destinationCidrBlock: \"192.168.10.0/24\",\n vpnConnectionId: main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nvpc = aws.ec2.Vpc(\"vpc\", cidr_block=\"10.0.0.0/16\")\nvpn_gateway = aws.ec2.VpnGateway(\"vpnGateway\", vpc_id=vpc.id)\ncustomer_gateway = aws.ec2.CustomerGateway(\"customerGateway\",\n bgp_asn=\"65000\",\n ip_address=\"172.0.0.1\",\n type=\"ipsec.1\")\nmain = aws.ec2.VpnConnection(\"main\",\n vpn_gateway_id=vpn_gateway.id,\n customer_gateway_id=customer_gateway.id,\n type=\"ipsec.1\",\n static_routes_only=True)\noffice = aws.ec2.VpnConnectionRoute(\"office\",\n destination_cidr_block=\"192.168.10.0/24\",\n vpn_connection_id=main.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var vpc = new Aws.Ec2.Vpc(\"vpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var vpnGateway = new Aws.Ec2.VpnGateway(\"vpnGateway\", new Aws.Ec2.VpnGatewayArgs\n {\n VpcId = vpc.Id,\n });\n var customerGateway = new Aws.Ec2.CustomerGateway(\"customerGateway\", new Aws.Ec2.CustomerGatewayArgs\n {\n BgpAsn = \"65000\",\n IpAddress = \"172.0.0.1\",\n Type = \"ipsec.1\",\n });\n var main = new Aws.Ec2.VpnConnection(\"main\", new Aws.Ec2.VpnConnectionArgs\n {\n VpnGatewayId = vpnGateway.Id,\n CustomerGatewayId = customerGateway.Id,\n Type = \"ipsec.1\",\n StaticRoutesOnly = true,\n });\n var office = new Aws.Ec2.VpnConnectionRoute(\"office\", new Aws.Ec2.VpnConnectionRouteArgs\n {\n DestinationCidrBlock = \"192.168.10.0/24\",\n VpnConnectionId = main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvpc, err := ec2.NewVpc(ctx, \"vpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpnGateway, err := ec2.NewVpnGateway(ctx, \"vpnGateway\", &ec2.VpnGatewayArgs{\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcustomerGateway, err := ec2.NewCustomerGateway(ctx, \"customerGateway\", &ec2.CustomerGatewayArgs{\n\t\t\tBgpAsn: pulumi.String(\"65000\"),\n\t\t\tIpAddress: pulumi.String(\"172.0.0.1\"),\n\t\t\tType: pulumi.String(\"ipsec.1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := ec2.NewVpnConnection(ctx, \"main\", &ec2.VpnConnectionArgs{\n\t\t\tVpnGatewayId: vpnGateway.ID(),\n\t\t\tCustomerGatewayId: customerGateway.ID(),\n\t\t\tType: pulumi.String(\"ipsec.1\"),\n\t\t\tStaticRoutesOnly: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpnConnectionRoute(ctx, \"office\", &ec2.VpnConnectionRouteArgs{\n\t\t\tDestinationCidrBlock: pulumi.String(\"192.168.10.0/24\"),\n\t\t\tVpnConnectionId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "destinationCidrBlock": { + "type": "string", + "description": "The CIDR block associated with the local subnet of the customer network.\n" + }, + "vpnConnectionId": { + "type": "string", + "description": "The ID of the VPN connection.\n" + } + }, + "required": [ + "destinationCidrBlock", + "vpnConnectionId" + ], + "inputProperties": { + "destinationCidrBlock": { + "type": "string", + "description": "The CIDR block associated with the local subnet of the customer network.\n" + }, + "vpnConnectionId": { + "type": "string", + "description": "The ID of the VPN connection.\n" + } + }, + "requiredInputs": [ + "destinationCidrBlock", + "vpnConnectionId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpnConnectionRoute resources.\n", + "properties": { + "destinationCidrBlock": { + "type": "string", + "description": "The CIDR block associated with the local subnet of the customer network.\n" + }, + "vpnConnectionId": { + "type": "string", + "description": "The ID of the VPN connection.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpnGateway:VpnGateway": { + "description": "Provides a resource to create a VPC VPN Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst vpnGw = new aws.ec2.VpnGateway(\"vpnGw\", {\n vpcId: aws_vpc.main.id,\n tags: {\n Name: \"main\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nvpn_gw = aws.ec2.VpnGateway(\"vpnGw\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n tags={\n \"Name\": \"main\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var vpnGw = new Aws.Ec2.VpnGateway(\"vpnGw\", new Aws.Ec2.VpnGatewayArgs\n {\n VpcId = aws_vpc.Main.Id,\n Tags = \n {\n { \"Name\", \"main\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpnGateway(ctx, \"vpnGw\", &ec2.VpnGatewayArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"main\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nVPN Gateways can be imported using the `vpn gateway id`, e.g.\n\n```sh\n $ pulumi import aws:ec2/vpnGateway:VpnGateway testvpngateway vgw-9a4cacf3\n```\n\n ", + "properties": { + "amazonSideAsn": { + "type": "string", + "description": "The Autonomous System Number (ASN) for the Amazon side of the gateway. If you don't specify an ASN, the virtual private gateway is created with the default ASN.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the VPN Gateway.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone for the virtual private gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID to create in.\n" + } + }, + "required": [ + "amazonSideAsn", + "arn", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "amazonSideAsn": { + "type": "string", + "description": "The Autonomous System Number (ASN) for the Amazon side of the gateway. If you don't specify an ASN, the virtual private gateway is created with the default ASN.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone for the virtual private gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID to create in.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering VpnGateway resources.\n", + "properties": { + "amazonSideAsn": { + "type": "string", + "description": "The Autonomous System Number (ASN) for the Amazon side of the gateway. If you don't specify an ASN, the virtual private gateway is created with the default ASN.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the VPN Gateway.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone for the virtual private gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID to create in.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpnGatewayAttachment:VpnGatewayAttachment": { + "description": "Provides a Virtual Private Gateway attachment resource, allowing for an existing\nhardware VPN gateway to be attached and/or detached from a VPC.\n\n> **Note:** The `aws.ec2.VpnGateway`\nresource can also automatically attach the Virtual Private Gateway it creates\nto an existing VPC by setting the `vpc_id` attribute accordingly.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst network = new aws.ec2.Vpc(\"network\", {cidrBlock: \"10.0.0.0/16\"});\nconst vpn = new aws.ec2.VpnGateway(\"vpn\", {tags: {\n Name: \"example-vpn-gateway\",\n}});\nconst vpnAttachment = new aws.ec2.VpnGatewayAttachment(\"vpnAttachment\", {\n vpcId: network.id,\n vpnGatewayId: vpn.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nnetwork = aws.ec2.Vpc(\"network\", cidr_block=\"10.0.0.0/16\")\nvpn = aws.ec2.VpnGateway(\"vpn\", tags={\n \"Name\": \"example-vpn-gateway\",\n})\nvpn_attachment = aws.ec2.VpnGatewayAttachment(\"vpnAttachment\",\n vpc_id=network.id,\n vpn_gateway_id=vpn.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var network = new Aws.Ec2.Vpc(\"network\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var vpn = new Aws.Ec2.VpnGateway(\"vpn\", new Aws.Ec2.VpnGatewayArgs\n {\n Tags = \n {\n { \"Name\", \"example-vpn-gateway\" },\n },\n });\n var vpnAttachment = new Aws.Ec2.VpnGatewayAttachment(\"vpnAttachment\", new Aws.Ec2.VpnGatewayAttachmentArgs\n {\n VpcId = network.Id,\n VpnGatewayId = vpn.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := ec2.NewVpc(ctx, \"network\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvpn, err := ec2.NewVpnGateway(ctx, \"vpn\", &ec2.VpnGatewayArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example-vpn-gateway\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpnGatewayAttachment(ctx, \"vpnAttachment\", &ec2.VpnGatewayAttachmentArgs{\n\t\t\tVpcId: network.ID(),\n\t\t\tVpnGatewayId: vpn.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nSee [Virtual Private Cloud](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Introduction.html)\nand [Virtual Private Gateway](http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_VPN.html) user\nguides for more information.\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThis resource does not support importing. ", + "properties": { + "vpcId": { + "type": "string", + "description": "The ID of the VPC.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the Virtual Private Gateway.\n" + } + }, + "required": [ + "vpcId", + "vpnGatewayId" + ], + "inputProperties": { + "vpcId": { + "type": "string", + "description": "The ID of the VPC.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the Virtual Private Gateway.\n" + } + }, + "requiredInputs": [ + "vpcId", + "vpnGatewayId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpnGatewayAttachment resources.\n", + "properties": { + "vpcId": { + "type": "string", + "description": "The ID of the VPC.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The ID of the Virtual Private Gateway.\n" + } + }, + "type": "object" + } + }, + "aws:ec2/vpnGatewayRoutePropagation:VpnGatewayRoutePropagation": { + "description": "Requests automatic route propagation between a VPN gateway and a route table.\n\n> **Note:** This resource should not be used with a route table that has\nthe `propagating_vgws` argument set. If that argument is set, any route\npropagation not explicitly listed in its value will be removed.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2.VpnGatewayRoutePropagation(\"example\", {\n vpnGatewayId: aws_vpn_gateway.example.id,\n routeTableId: aws_route_table.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.VpnGatewayRoutePropagation(\"example\",\n vpn_gateway_id=aws_vpn_gateway[\"example\"][\"id\"],\n route_table_id=aws_route_table[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2.VpnGatewayRoutePropagation(\"example\", new Aws.Ec2.VpnGatewayRoutePropagationArgs\n {\n VpnGatewayId = aws_vpn_gateway.Example.Id,\n RouteTableId = aws_route_table.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.NewVpnGatewayRoutePropagation(ctx, \"example\", &ec2.VpnGatewayRoutePropagationArgs{\n\t\t\tVpnGatewayId: pulumi.Any(aws_vpn_gateway.Example.Id),\n\t\t\tRouteTableId: pulumi.Any(aws_route_table.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "routeTableId": { + "type": "string", + "description": "The id of the `aws.ec2.RouteTable` to propagate routes into.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The id of the `aws.ec2.VpnGateway` to propagate routes from.\n" + } + }, + "required": [ + "routeTableId", + "vpnGatewayId" + ], + "inputProperties": { + "routeTableId": { + "type": "string", + "description": "The id of the `aws.ec2.RouteTable` to propagate routes into.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The id of the `aws.ec2.VpnGateway` to propagate routes from.\n" + } + }, + "requiredInputs": [ + "routeTableId", + "vpnGatewayId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpnGatewayRoutePropagation resources.\n", + "properties": { + "routeTableId": { + "type": "string", + "description": "The id of the `aws.ec2.RouteTable` to propagate routes into.\n" + }, + "vpnGatewayId": { + "type": "string", + "description": "The id of the `aws.ec2.VpnGateway` to propagate routes from.\n" + } + }, + "type": "object" + } + }, + "aws:ec2clientvpn/authorizationRule:AuthorizationRule": { + "description": "Provides authorization rules for AWS Client VPN endpoints. For more information on usage, please see the\n[AWS Client VPN Administrator's Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2clientvpn.AuthorizationRule(\"example\", {\n clientVpnEndpointId: aws_ec2_client_vpn_endpoint.example.id,\n targetNetworkCidr: aws_subnet.example.cidr_block,\n authorizeAllGroups: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2clientvpn.AuthorizationRule(\"example\",\n client_vpn_endpoint_id=aws_ec2_client_vpn_endpoint[\"example\"][\"id\"],\n target_network_cidr=aws_subnet[\"example\"][\"cidr_block\"],\n authorize_all_groups=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2ClientVpn.AuthorizationRule(\"example\", new Aws.Ec2ClientVpn.AuthorizationRuleArgs\n {\n ClientVpnEndpointId = aws_ec2_client_vpn_endpoint.Example.Id,\n TargetNetworkCidr = aws_subnet.Example.Cidr_block,\n AuthorizeAllGroups = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2clientvpn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2clientvpn.NewAuthorizationRule(ctx, \"example\", &ec2clientvpn.AuthorizationRuleArgs{\n\t\t\tClientVpnEndpointId: pulumi.Any(aws_ec2_client_vpn_endpoint.Example.Id),\n\t\t\tTargetNetworkCidr: pulumi.Any(aws_subnet.Example.Cidr_block),\n\t\t\tAuthorizeAllGroups: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS Client VPN authorization rules can be imported using the endpoint ID and target network CIDR. If there is a specific group name that is included as well. All values are separated by a `,`.\n\n```sh\n $ pulumi import aws:ec2clientvpn/authorizationRule:AuthorizationRule example cvpn-endpoint-0ac3a1abbccddd666,10.1.0.0/24\n```\n\n\n\n```sh\n $ pulumi import aws:ec2clientvpn/authorizationRule:AuthorizationRule example cvpn-endpoint-0ac3a1abbccddd666,10.1.0.0/24,team-a\n```\n\n ", + "properties": { + "accessGroupId": { + "type": "string", + "description": "The ID of the group to which the authorization rule grants access. One of `access_group_id` or `authorize_all_groups` must be set.\n" + }, + "authorizeAllGroups": { + "type": "boolean", + "description": "Indicates whether the authorization rule grants access to all clients. One of `access_group_id` or `authorize_all_groups` must be set.\n" + }, + "clientVpnEndpointId": { + "type": "string", + "description": "The ID of the Client VPN endpoint.\n" + }, + "description": { + "type": "string", + "description": "A brief description of the authorization rule.\n" + }, + "targetNetworkCidr": { + "type": "string", + "description": "The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.\n" + } + }, + "required": [ + "clientVpnEndpointId", + "targetNetworkCidr" + ], + "inputProperties": { + "accessGroupId": { + "type": "string", + "description": "The ID of the group to which the authorization rule grants access. One of `access_group_id` or `authorize_all_groups` must be set.\n" + }, + "authorizeAllGroups": { + "type": "boolean", + "description": "Indicates whether the authorization rule grants access to all clients. One of `access_group_id` or `authorize_all_groups` must be set.\n" + }, + "clientVpnEndpointId": { + "type": "string", + "description": "The ID of the Client VPN endpoint.\n" + }, + "description": { + "type": "string", + "description": "A brief description of the authorization rule.\n" + }, + "targetNetworkCidr": { + "type": "string", + "description": "The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.\n" + } + }, + "requiredInputs": [ + "clientVpnEndpointId", + "targetNetworkCidr" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AuthorizationRule resources.\n", + "properties": { + "accessGroupId": { + "type": "string", + "description": "The ID of the group to which the authorization rule grants access. One of `access_group_id` or `authorize_all_groups` must be set.\n" + }, + "authorizeAllGroups": { + "type": "boolean", + "description": "Indicates whether the authorization rule grants access to all clients. One of `access_group_id` or `authorize_all_groups` must be set.\n" + }, + "clientVpnEndpointId": { + "type": "string", + "description": "The ID of the Client VPN endpoint.\n" + }, + "description": { + "type": "string", + "description": "A brief description of the authorization rule.\n" + }, + "targetNetworkCidr": { + "type": "string", + "description": "The IPv4 address range, in CIDR notation, of the network to which the authorization rule applies.\n" + } + }, + "type": "object" + } + }, + "aws:ec2clientvpn/endpoint:Endpoint": { + "description": "Provides an AWS Client VPN endpoint for OpenVPN clients. For more information on usage, please see the\n[AWS Client VPN Administrator's Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2clientvpn.Endpoint(\"example\", {\n description: \"clientvpn-example\",\n serverCertificateArn: aws_acm_certificate.cert.arn,\n clientCidrBlock: \"10.0.0.0/16\",\n authenticationOptions: [{\n type: \"certificate-authentication\",\n rootCertificateChainArn: aws_acm_certificate.root_cert.arn,\n }],\n connectionLogOptions: {\n enabled: true,\n cloudwatchLogGroup: aws_cloudwatch_log_group.lg.name,\n cloudwatchLogStream: aws_cloudwatch_log_stream.ls.name,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2clientvpn.Endpoint(\"example\",\n description=\"clientvpn-example\",\n server_certificate_arn=aws_acm_certificate[\"cert\"][\"arn\"],\n client_cidr_block=\"10.0.0.0/16\",\n authentication_options=[aws.ec2clientvpn.EndpointAuthenticationOptionArgs(\n type=\"certificate-authentication\",\n root_certificate_chain_arn=aws_acm_certificate[\"root_cert\"][\"arn\"],\n )],\n connection_log_options=aws.ec2clientvpn.EndpointConnectionLogOptionsArgs(\n enabled=True,\n cloudwatch_log_group=aws_cloudwatch_log_group[\"lg\"][\"name\"],\n cloudwatch_log_stream=aws_cloudwatch_log_stream[\"ls\"][\"name\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2ClientVpn.Endpoint(\"example\", new Aws.Ec2ClientVpn.EndpointArgs\n {\n Description = \"clientvpn-example\",\n ServerCertificateArn = aws_acm_certificate.Cert.Arn,\n ClientCidrBlock = \"10.0.0.0/16\",\n AuthenticationOptions = \n {\n new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs\n {\n Type = \"certificate-authentication\",\n RootCertificateChainArn = aws_acm_certificate.Root_cert.Arn,\n },\n },\n ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs\n {\n Enabled = true,\n CloudwatchLogGroup = aws_cloudwatch_log_group.Lg.Name,\n CloudwatchLogStream = aws_cloudwatch_log_stream.Ls.Name,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2clientvpn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2clientvpn.NewEndpoint(ctx, \"example\", &ec2clientvpn.EndpointArgs{\n\t\t\tDescription: pulumi.String(\"clientvpn-example\"),\n\t\t\tServerCertificateArn: pulumi.Any(aws_acm_certificate.Cert.Arn),\n\t\t\tClientCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tAuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{\n\t\t\t\t&ec2clientvpn.EndpointAuthenticationOptionArgs{\n\t\t\t\t\tType: pulumi.String(\"certificate-authentication\"),\n\t\t\t\t\tRootCertificateChainArn: pulumi.Any(aws_acm_certificate.Root_cert.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\tCloudwatchLogGroup: pulumi.Any(aws_cloudwatch_log_group.Lg.Name),\n\t\t\t\tCloudwatchLogStream: pulumi.Any(aws_cloudwatch_log_stream.Ls.Name),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS Client VPN endpoints can be imported using the `id` value found via `aws ec2 describe-client-vpn-endpoints`, e.g.\n\n```sh\n $ pulumi import aws:ec2clientvpn/endpoint:Endpoint example cvpn-endpoint-0ac3a1abbccddd666\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Client VPN endpoint.\n" + }, + "authenticationOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2clientvpn/EndpointAuthenticationOption:EndpointAuthenticationOption" + }, + "description": "Information about the authentication method to be used to authenticate clients.\n" + }, + "clientCidrBlock": { + "type": "string", + "description": "The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.\n" + }, + "connectionLogOptions": { + "$ref": "#/types/aws:ec2clientvpn/EndpointConnectionLogOptions:EndpointConnectionLogOptions", + "description": "Information about the client connection logging options.\n" + }, + "description": { + "type": "string", + "description": "Name of the repository.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name to be used by clients when establishing their VPN session.\n" + }, + "dnsServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.\n" + }, + "serverCertificateArn": { + "type": "string", + "description": "The ARN of the ACM server certificate.\n" + }, + "splitTunnel": { + "type": "boolean", + "description": "Indicates whether split-tunnel is enabled on VPN endpoint. Default value is `false`.\n" + }, + "status": { + "type": "string", + "description": "The current state of the Client VPN endpoint.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transportProtocol": { + "type": "string", + "description": "The transport protocol to be used by the VPN session. Default value is `udp`.\n" + } + }, + "required": [ + "arn", + "authenticationOptions", + "clientCidrBlock", + "connectionLogOptions", + "dnsName", + "serverCertificateArn", + "status", + "tagsAll" + ], + "inputProperties": { + "authenticationOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2clientvpn/EndpointAuthenticationOption:EndpointAuthenticationOption" + }, + "description": "Information about the authentication method to be used to authenticate clients.\n" + }, + "clientCidrBlock": { + "type": "string", + "description": "The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.\n" + }, + "connectionLogOptions": { + "$ref": "#/types/aws:ec2clientvpn/EndpointConnectionLogOptions:EndpointConnectionLogOptions", + "description": "Information about the client connection logging options.\n" + }, + "description": { + "type": "string", + "description": "Name of the repository.\n" + }, + "dnsServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.\n" + }, + "serverCertificateArn": { + "type": "string", + "description": "The ARN of the ACM server certificate.\n" + }, + "splitTunnel": { + "type": "boolean", + "description": "Indicates whether split-tunnel is enabled on VPN endpoint. Default value is `false`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transportProtocol": { + "type": "string", + "description": "The transport protocol to be used by the VPN session. Default value is `udp`.\n" + } + }, + "requiredInputs": [ + "authenticationOptions", + "clientCidrBlock", + "connectionLogOptions", + "serverCertificateArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Endpoint resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Client VPN endpoint.\n" + }, + "authenticationOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2clientvpn/EndpointAuthenticationOption:EndpointAuthenticationOption" + }, + "description": "Information about the authentication method to be used to authenticate clients.\n" + }, + "clientCidrBlock": { + "type": "string", + "description": "The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.\n" + }, + "connectionLogOptions": { + "$ref": "#/types/aws:ec2clientvpn/EndpointConnectionLogOptions:EndpointConnectionLogOptions", + "description": "Information about the client connection logging options.\n" + }, + "description": { + "type": "string", + "description": "Name of the repository.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name to be used by clients when establishing their VPN session.\n" + }, + "dnsServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address of the VPC that is to be associated with Client VPN endpoint is used as the DNS server.\n" + }, + "serverCertificateArn": { + "type": "string", + "description": "The ARN of the ACM server certificate.\n" + }, + "splitTunnel": { + "type": "boolean", + "description": "Indicates whether split-tunnel is enabled on VPN endpoint. Default value is `false`.\n" + }, + "status": { + "type": "string", + "description": "The current state of the Client VPN endpoint.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transportProtocol": { + "type": "string", + "description": "The transport protocol to be used by the VPN session. Default value is `udp`.\n" + } + }, + "type": "object" + } + }, + "aws:ec2clientvpn/networkAssociation:NetworkAssociation": { + "description": "Provides network associations for AWS Client VPN endpoints. For more information on usage, please see the\n[AWS Client VPN Administrator's Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using default security group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2clientvpn.NetworkAssociation(\"example\", {\n clientVpnEndpointId: aws_ec2_client_vpn_endpoint.example.id,\n subnetId: aws_subnet.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2clientvpn.NetworkAssociation(\"example\",\n client_vpn_endpoint_id=aws_ec2_client_vpn_endpoint[\"example\"][\"id\"],\n subnet_id=aws_subnet[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2ClientVpn.NetworkAssociation(\"example\", new Aws.Ec2ClientVpn.NetworkAssociationArgs\n {\n ClientVpnEndpointId = aws_ec2_client_vpn_endpoint.Example.Id,\n SubnetId = aws_subnet.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2clientvpn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2clientvpn.NewNetworkAssociation(ctx, \"example\", &ec2clientvpn.NetworkAssociationArgs{\n\t\t\tClientVpnEndpointId: pulumi.Any(aws_ec2_client_vpn_endpoint.Example.Id),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using custom security groups\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2clientvpn.NetworkAssociation(\"example\", {\n clientVpnEndpointId: aws_ec2_client_vpn_endpoint.example.id,\n subnetId: aws_subnet.example.id,\n securityGroups: [\n aws_security_group.example1.id,\n aws_security_group.example2.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2clientvpn.NetworkAssociation(\"example\",\n client_vpn_endpoint_id=aws_ec2_client_vpn_endpoint[\"example\"][\"id\"],\n subnet_id=aws_subnet[\"example\"][\"id\"],\n security_groups=[\n aws_security_group[\"example1\"][\"id\"],\n aws_security_group[\"example2\"][\"id\"],\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2ClientVpn.NetworkAssociation(\"example\", new Aws.Ec2ClientVpn.NetworkAssociationArgs\n {\n ClientVpnEndpointId = aws_ec2_client_vpn_endpoint.Example.Id,\n SubnetId = aws_subnet.Example.Id,\n SecurityGroups = \n {\n aws_security_group.Example1.Id,\n aws_security_group.Example2.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2clientvpn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2clientvpn.NewNetworkAssociation(ctx, \"example\", &ec2clientvpn.NetworkAssociationArgs{\n\t\t\tClientVpnEndpointId: pulumi.Any(aws_ec2_client_vpn_endpoint.Example.Id),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Example1.Id),\n\t\t\t\tpulumi.Any(aws_security_group.Example2.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS Client VPN network associations can be imported using the endpoint ID and the association ID. Values are separated by a `,`.\n\n```sh\n $ pulumi import aws:ec2clientvpn/networkAssociation:NetworkAssociation example cvpn-endpoint-0ac3a1abbccddd666,vpn-assoc-0b8db902465d069ad\n```\n\n ", + "properties": { + "associationId": { + "type": "string", + "description": "The unique ID of the target network association.\n" + }, + "clientVpnEndpointId": { + "type": "string", + "description": "The ID of the Client VPN endpoint.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.\n" + }, + "status": { + "type": "string", + "description": "The current state of the target network association.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet to associate with the Client VPN endpoint.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC in which the target subnet is located.\n" + } + }, + "required": [ + "associationId", + "clientVpnEndpointId", + "securityGroups", + "status", + "subnetId", + "vpcId" + ], + "inputProperties": { + "clientVpnEndpointId": { + "type": "string", + "description": "The ID of the Client VPN endpoint.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet to associate with the Client VPN endpoint.\n" + } + }, + "requiredInputs": [ + "clientVpnEndpointId", + "subnetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NetworkAssociation resources.\n", + "properties": { + "associationId": { + "type": "string", + "description": "The unique ID of the target network association.\n" + }, + "clientVpnEndpointId": { + "type": "string", + "description": "The ID of the Client VPN endpoint.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of up to five custom security groups to apply to the target network. If not specified, the VPC's default security group is assigned.\n" + }, + "status": { + "type": "string", + "description": "The current state of the target network association.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet to associate with the Client VPN endpoint.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC in which the target subnet is located.\n" + } + }, + "type": "object" + } + }, + "aws:ec2clientvpn/route:Route": { + "description": "Provides additional routes for AWS Client VPN endpoints. For more information on usage, please see the\n[AWS Client VPN Administrator's Guide](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/what-is.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEndpoint = new aws.ec2clientvpn.Endpoint(\"exampleEndpoint\", {\n description: \"Example Client VPN endpoint\",\n serverCertificateArn: aws_acm_certificate.example.arn,\n clientCidrBlock: \"10.0.0.0/16\",\n authenticationOptions: [{\n type: \"certificate-authentication\",\n rootCertificateChainArn: aws_acm_certificate.example.arn,\n }],\n connectionLogOptions: {\n enabled: false,\n },\n});\nconst exampleNetworkAssociation = new aws.ec2clientvpn.NetworkAssociation(\"exampleNetworkAssociation\", {\n clientVpnEndpointId: exampleEndpoint.id,\n subnetId: aws_subnet.example.id,\n});\nconst exampleRoute = new aws.ec2clientvpn.Route(\"exampleRoute\", {\n clientVpnEndpointId: exampleEndpoint.id,\n destinationCidrBlock: \"0.0.0.0/0\",\n targetVpcSubnetId: exampleNetworkAssociation.subnetId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_endpoint = aws.ec2clientvpn.Endpoint(\"exampleEndpoint\",\n description=\"Example Client VPN endpoint\",\n server_certificate_arn=aws_acm_certificate[\"example\"][\"arn\"],\n client_cidr_block=\"10.0.0.0/16\",\n authentication_options=[aws.ec2clientvpn.EndpointAuthenticationOptionArgs(\n type=\"certificate-authentication\",\n root_certificate_chain_arn=aws_acm_certificate[\"example\"][\"arn\"],\n )],\n connection_log_options=aws.ec2clientvpn.EndpointConnectionLogOptionsArgs(\n enabled=False,\n ))\nexample_network_association = aws.ec2clientvpn.NetworkAssociation(\"exampleNetworkAssociation\",\n client_vpn_endpoint_id=example_endpoint.id,\n subnet_id=aws_subnet[\"example\"][\"id\"])\nexample_route = aws.ec2clientvpn.Route(\"exampleRoute\",\n client_vpn_endpoint_id=example_endpoint.id,\n destination_cidr_block=\"0.0.0.0/0\",\n target_vpc_subnet_id=example_network_association.subnet_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleEndpoint = new Aws.Ec2ClientVpn.Endpoint(\"exampleEndpoint\", new Aws.Ec2ClientVpn.EndpointArgs\n {\n Description = \"Example Client VPN endpoint\",\n ServerCertificateArn = aws_acm_certificate.Example.Arn,\n ClientCidrBlock = \"10.0.0.0/16\",\n AuthenticationOptions = \n {\n new Aws.Ec2ClientVpn.Inputs.EndpointAuthenticationOptionArgs\n {\n Type = \"certificate-authentication\",\n RootCertificateChainArn = aws_acm_certificate.Example.Arn,\n },\n },\n ConnectionLogOptions = new Aws.Ec2ClientVpn.Inputs.EndpointConnectionLogOptionsArgs\n {\n Enabled = false,\n },\n });\n var exampleNetworkAssociation = new Aws.Ec2ClientVpn.NetworkAssociation(\"exampleNetworkAssociation\", new Aws.Ec2ClientVpn.NetworkAssociationArgs\n {\n ClientVpnEndpointId = exampleEndpoint.Id,\n SubnetId = aws_subnet.Example.Id,\n });\n var exampleRoute = new Aws.Ec2ClientVpn.Route(\"exampleRoute\", new Aws.Ec2ClientVpn.RouteArgs\n {\n ClientVpnEndpointId = exampleEndpoint.Id,\n DestinationCidrBlock = \"0.0.0.0/0\",\n TargetVpcSubnetId = exampleNetworkAssociation.SubnetId,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2clientvpn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEndpoint, err := ec2clientvpn.NewEndpoint(ctx, \"exampleEndpoint\", &ec2clientvpn.EndpointArgs{\n\t\t\tDescription: pulumi.String(\"Example Client VPN endpoint\"),\n\t\t\tServerCertificateArn: pulumi.Any(aws_acm_certificate.Example.Arn),\n\t\t\tClientCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tAuthenticationOptions: ec2clientvpn.EndpointAuthenticationOptionArray{\n\t\t\t\t&ec2clientvpn.EndpointAuthenticationOptionArgs{\n\t\t\t\t\tType: pulumi.String(\"certificate-authentication\"),\n\t\t\t\t\tRootCertificateChainArn: pulumi.Any(aws_acm_certificate.Example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tConnectionLogOptions: &ec2clientvpn.EndpointConnectionLogOptionsArgs{\n\t\t\t\tEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleNetworkAssociation, err := ec2clientvpn.NewNetworkAssociation(ctx, \"exampleNetworkAssociation\", &ec2clientvpn.NetworkAssociationArgs{\n\t\t\tClientVpnEndpointId: exampleEndpoint.ID(),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2clientvpn.NewRoute(ctx, \"exampleRoute\", &ec2clientvpn.RouteArgs{\n\t\t\tClientVpnEndpointId: exampleEndpoint.ID(),\n\t\t\tDestinationCidrBlock: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tTargetVpcSubnetId: exampleNetworkAssociation.SubnetId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS Client VPN routes can be imported using the endpoint ID, target subnet ID, and destination CIDR block. All values are separated by a `,`.\n\n```sh\n $ pulumi import aws:ec2clientvpn/route:Route example cvpn-endpoint-1234567890abcdef,subnet-9876543210fedcba,10.1.0.0/24\n```\n\n ", + "properties": { + "clientVpnEndpointId": { + "type": "string", + "description": "The ID of the Client VPN endpoint.\n" + }, + "description": { + "type": "string", + "description": "A brief description of the authorization rule.\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "The IPv4 address range, in CIDR notation, of the route destination.\n" + }, + "origin": { + "type": "string", + "description": "Indicates how the Client VPN route was added. Will be `add-route` for routes created by this resource.\n" + }, + "targetVpcSubnetId": { + "type": "string", + "description": "The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.\n" + }, + "type": { + "type": "string", + "description": "The type of the route.\n" + } + }, + "required": [ + "clientVpnEndpointId", + "destinationCidrBlock", + "origin", + "targetVpcSubnetId", + "type" + ], + "inputProperties": { + "clientVpnEndpointId": { + "type": "string", + "description": "The ID of the Client VPN endpoint.\n" + }, + "description": { + "type": "string", + "description": "A brief description of the authorization rule.\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "The IPv4 address range, in CIDR notation, of the route destination.\n" + }, + "targetVpcSubnetId": { + "type": "string", + "description": "The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.\n" + } + }, + "requiredInputs": [ + "clientVpnEndpointId", + "destinationCidrBlock", + "targetVpcSubnetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Route resources.\n", + "properties": { + "clientVpnEndpointId": { + "type": "string", + "description": "The ID of the Client VPN endpoint.\n" + }, + "description": { + "type": "string", + "description": "A brief description of the authorization rule.\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "The IPv4 address range, in CIDR notation, of the route destination.\n" + }, + "origin": { + "type": "string", + "description": "Indicates how the Client VPN route was added. Will be `add-route` for routes created by this resource.\n" + }, + "targetVpcSubnetId": { + "type": "string", + "description": "The ID of the Subnet to route the traffic through. It must already be attached to the Client VPN.\n" + }, + "type": { + "type": "string", + "description": "The type of the route.\n" + } + }, + "type": "object" + } + }, + "aws:ec2transitgateway/peeringAttachment:PeeringAttachment": { + "description": "Manages an EC2 Transit Gateway Peering Attachment.\nFor examples of custom route table association and propagation, see the [EC2 Transit Gateway Networking Examples Guide](https://docs.aws.amazon.com/vpc/latest/tgw/TGW_Scenarios.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst local = new aws.Provider(\"local\", {region: \"us-east-1\"});\nconst peer = new aws.Provider(\"peer\", {region: \"us-west-2\"});\nconst peerRegion = aws.getRegion({});\nconst localTransitGateway = new aws.ec2transitgateway.TransitGateway(\"localTransitGateway\", {tags: {\n Name: \"Local TGW\",\n}}, {\n provider: aws.local,\n});\nconst peerTransitGateway = new aws.ec2transitgateway.TransitGateway(\"peerTransitGateway\", {tags: {\n Name: \"Peer TGW\",\n}}, {\n provider: aws.peer,\n});\nconst example = new aws.ec2transitgateway.PeeringAttachment(\"example\", {\n peerAccountId: peerTransitGateway.ownerId,\n peerRegion: peerRegion.then(peerRegion => peerRegion.name),\n peerTransitGatewayId: peerTransitGateway.id,\n transitGatewayId: localTransitGateway.id,\n tags: {\n Name: \"TGW Peering Requestor\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\nlocal = pulumi.providers.Aws(\"local\", region=\"us-east-1\")\npeer = pulumi.providers.Aws(\"peer\", region=\"us-west-2\")\npeer_region = aws.get_region()\nlocal_transit_gateway = aws.ec2transitgateway.TransitGateway(\"localTransitGateway\", tags={\n \"Name\": \"Local TGW\",\n},\nopts=pulumi.ResourceOptions(provider=aws[\"local\"]))\npeer_transit_gateway = aws.ec2transitgateway.TransitGateway(\"peerTransitGateway\", tags={\n \"Name\": \"Peer TGW\",\n},\nopts=pulumi.ResourceOptions(provider=aws[\"peer\"]))\nexample = aws.ec2transitgateway.PeeringAttachment(\"example\",\n peer_account_id=peer_transit_gateway.owner_id,\n peer_region=peer_region.name,\n peer_transit_gateway_id=peer_transit_gateway.id,\n transit_gateway_id=local_transit_gateway.id,\n tags={\n \"Name\": \"TGW Peering Requestor\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var local = new Aws.Provider(\"local\", new Aws.ProviderArgs\n {\n Region = \"us-east-1\",\n });\n var peer = new Aws.Provider(\"peer\", new Aws.ProviderArgs\n {\n Region = \"us-west-2\",\n });\n var peerRegion = Output.Create(Aws.GetRegion.InvokeAsync());\n var localTransitGateway = new Aws.Ec2TransitGateway.TransitGateway(\"localTransitGateway\", new Aws.Ec2TransitGateway.TransitGatewayArgs\n {\n Tags = \n {\n { \"Name\", \"Local TGW\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Local,\n });\n var peerTransitGateway = new Aws.Ec2TransitGateway.TransitGateway(\"peerTransitGateway\", new Aws.Ec2TransitGateway.TransitGatewayArgs\n {\n Tags = \n {\n { \"Name\", \"Peer TGW\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Peer,\n });\n var example = new Aws.Ec2TransitGateway.PeeringAttachment(\"example\", new Aws.Ec2TransitGateway.PeeringAttachmentArgs\n {\n PeerAccountId = peerTransitGateway.OwnerId,\n PeerRegion = peerRegion.Apply(peerRegion => peerRegion.Name),\n PeerTransitGatewayId = peerTransitGateway.Id,\n TransitGatewayId = localTransitGateway.Id,\n Tags = \n {\n { \"Name\", \"TGW Peering Requestor\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"local\", &providers.awsArgs{\n\t\t\tRegion: \"us-east-1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = providers.Newaws(ctx, \"peer\", &providers.awsArgs{\n\t\t\tRegion: \"us-west-2\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlocalTransitGateway, err := ec2transitgateway.NewTransitGateway(ctx, \"localTransitGateway\", &ec2transitgateway.TransitGatewayArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Local TGW\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Local))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpeerTransitGateway, err := ec2transitgateway.NewTransitGateway(ctx, \"peerTransitGateway\", &ec2transitgateway.TransitGatewayArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Peer TGW\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Peer))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2transitgateway.NewPeeringAttachment(ctx, \"example\", &ec2transitgateway.PeeringAttachmentArgs{\n\t\t\tPeerAccountId: peerTransitGateway.OwnerId,\n\t\t\tPeerRegion: pulumi.String(peerRegion.Name),\n\t\t\tPeerTransitGatewayId: peerTransitGateway.ID(),\n\t\t\tTransitGatewayId: localTransitGateway.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"TGW Peering Requestor\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_transit_gateway_peering_attachment` can be imported by using the EC2 Transit Gateway Attachment identifier, e.g.\n\n```sh\n $ pulumi import aws:ec2transitgateway/peeringAttachment:PeeringAttachment example tgw-attach-12345678\n```\n\n ", + "properties": { + "peerAccountId": { + "type": "string", + "description": "Account ID of EC2 Transit Gateway to peer with. Defaults to the account ID the current provider is currently connected to.\n" + }, + "peerRegion": { + "type": "string", + "description": "Region of EC2 Transit Gateway to peer with.\n" + }, + "peerTransitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway to peer with.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + } + }, + "required": [ + "peerAccountId", + "peerRegion", + "peerTransitGatewayId", + "tagsAll", + "transitGatewayId" + ], + "inputProperties": { + "peerAccountId": { + "type": "string", + "description": "Account ID of EC2 Transit Gateway to peer with. Defaults to the account ID the current provider is currently connected to.\n" + }, + "peerRegion": { + "type": "string", + "description": "Region of EC2 Transit Gateway to peer with.\n" + }, + "peerTransitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway to peer with.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + } + }, + "requiredInputs": [ + "peerRegion", + "peerTransitGatewayId", + "transitGatewayId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PeeringAttachment resources.\n", + "properties": { + "peerAccountId": { + "type": "string", + "description": "Account ID of EC2 Transit Gateway to peer with. Defaults to the account ID the current provider is currently connected to.\n" + }, + "peerRegion": { + "type": "string", + "description": "Region of EC2 Transit Gateway to peer with.\n" + }, + "peerTransitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway to peer with.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + } + }, + "type": "object" + } + }, + "aws:ec2transitgateway/prefixListReference:PrefixListReference": { + "description": "Manages an EC2 Transit Gateway Prefix List Reference.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Attachment Routing\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2transitgateway.PrefixListReference(\"example\", {\n prefixListId: aws_ec2_managed_prefix_list.example.id,\n transitGatewayAttachmentId: aws_ec2_transit_gateway_vpc_attachment.example.id,\n transitGatewayRouteTableId: aws_ec2_transit_gateway.example.association_default_route_table_id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.PrefixListReference(\"example\",\n prefix_list_id=aws_ec2_managed_prefix_list[\"example\"][\"id\"],\n transit_gateway_attachment_id=aws_ec2_transit_gateway_vpc_attachment[\"example\"][\"id\"],\n transit_gateway_route_table_id=aws_ec2_transit_gateway[\"example\"][\"association_default_route_table_id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2TransitGateway.PrefixListReference(\"example\", new Aws.Ec2TransitGateway.PrefixListReferenceArgs\n {\n PrefixListId = aws_ec2_managed_prefix_list.Example.Id,\n TransitGatewayAttachmentId = aws_ec2_transit_gateway_vpc_attachment.Example.Id,\n TransitGatewayRouteTableId = aws_ec2_transit_gateway.Example.Association_default_route_table_id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.NewPrefixListReference(ctx, \"example\", &ec2transitgateway.PrefixListReferenceArgs{\n\t\t\tPrefixListId: pulumi.Any(aws_ec2_managed_prefix_list.Example.Id),\n\t\t\tTransitGatewayAttachmentId: pulumi.Any(aws_ec2_transit_gateway_vpc_attachment.Example.Id),\n\t\t\tTransitGatewayRouteTableId: pulumi.Any(aws_ec2_transit_gateway.Example.Association_default_route_table_id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Blackhole Routing\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2transitgateway.PrefixListReference(\"example\", {\n blackhole: true,\n prefixListId: aws_ec2_managed_prefix_list.example.id,\n transitGatewayRouteTableId: aws_ec2_transit_gateway.example.association_default_route_table_id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.PrefixListReference(\"example\",\n blackhole=True,\n prefix_list_id=aws_ec2_managed_prefix_list[\"example\"][\"id\"],\n transit_gateway_route_table_id=aws_ec2_transit_gateway[\"example\"][\"association_default_route_table_id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2TransitGateway.PrefixListReference(\"example\", new Aws.Ec2TransitGateway.PrefixListReferenceArgs\n {\n Blackhole = true,\n PrefixListId = aws_ec2_managed_prefix_list.Example.Id,\n TransitGatewayRouteTableId = aws_ec2_transit_gateway.Example.Association_default_route_table_id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.NewPrefixListReference(ctx, \"example\", &ec2transitgateway.PrefixListReferenceArgs{\n\t\t\tBlackhole: pulumi.Bool(true),\n\t\t\tPrefixListId: pulumi.Any(aws_ec2_managed_prefix_list.Example.Id),\n\t\t\tTransitGatewayRouteTableId: pulumi.Any(aws_ec2_transit_gateway.Example.Association_default_route_table_id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_transit_gateway_prefix_list_reference` can be imported by using the EC2 Transit Gateway Route Table identifier and EC2 Prefix List identifier, separated by an underscore (`_`), e.g. console\n\n```sh\n $ pulumi import aws:ec2transitgateway/prefixListReference:PrefixListReference example tgw-rtb-12345678_pl-12345678\n```\n\n ", + "properties": { + "blackhole": { + "type": "boolean", + "description": "Indicates whether to drop traffic that matches the Prefix List. Defaults to `false`.\n" + }, + "prefixListId": { + "type": "string", + "description": "Identifier of EC2 Prefix List.\n" + }, + "prefixListOwnerId": { + "type": "string" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment.\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "required": [ + "prefixListId", + "prefixListOwnerId", + "transitGatewayRouteTableId" + ], + "inputProperties": { + "blackhole": { + "type": "boolean", + "description": "Indicates whether to drop traffic that matches the Prefix List. Defaults to `false`.\n" + }, + "prefixListId": { + "type": "string", + "description": "Identifier of EC2 Prefix List.\n" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment.\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "requiredInputs": [ + "prefixListId", + "transitGatewayRouteTableId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PrefixListReference resources.\n", + "properties": { + "blackhole": { + "type": "boolean", + "description": "Indicates whether to drop traffic that matches the Prefix List. Defaults to `false`.\n" + }, + "prefixListId": { + "type": "string", + "description": "Identifier of EC2 Prefix List.\n" + }, + "prefixListOwnerId": { + "type": "string" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment.\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "type": "object" + } + }, + "aws:ec2transitgateway/route:Route": { + "description": "Manages an EC2 Transit Gateway Route.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Standard usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2transitgateway.Route(\"example\", {\n destinationCidrBlock: \"0.0.0.0/0\",\n transitGatewayAttachmentId: aws_ec2_transit_gateway_vpc_attachment.example.id,\n transitGatewayRouteTableId: aws_ec2_transit_gateway.example.association_default_route_table_id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.Route(\"example\",\n destination_cidr_block=\"0.0.0.0/0\",\n transit_gateway_attachment_id=aws_ec2_transit_gateway_vpc_attachment[\"example\"][\"id\"],\n transit_gateway_route_table_id=aws_ec2_transit_gateway[\"example\"][\"association_default_route_table_id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2TransitGateway.Route(\"example\", new Aws.Ec2TransitGateway.RouteArgs\n {\n DestinationCidrBlock = \"0.0.0.0/0\",\n TransitGatewayAttachmentId = aws_ec2_transit_gateway_vpc_attachment.Example.Id,\n TransitGatewayRouteTableId = aws_ec2_transit_gateway.Example.Association_default_route_table_id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.NewRoute(ctx, \"example\", &ec2transitgateway.RouteArgs{\n\t\t\tDestinationCidrBlock: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tTransitGatewayAttachmentId: pulumi.Any(aws_ec2_transit_gateway_vpc_attachment.Example.Id),\n\t\t\tTransitGatewayRouteTableId: pulumi.Any(aws_ec2_transit_gateway.Example.Association_default_route_table_id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Blackhole route\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2transitgateway.Route(\"example\", {\n destinationCidrBlock: \"0.0.0.0/0\",\n blackhole: true,\n transitGatewayRouteTableId: aws_ec2_transit_gateway.example.association_default_route_table_id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.Route(\"example\",\n destination_cidr_block=\"0.0.0.0/0\",\n blackhole=True,\n transit_gateway_route_table_id=aws_ec2_transit_gateway[\"example\"][\"association_default_route_table_id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2TransitGateway.Route(\"example\", new Aws.Ec2TransitGateway.RouteArgs\n {\n DestinationCidrBlock = \"0.0.0.0/0\",\n Blackhole = true,\n TransitGatewayRouteTableId = aws_ec2_transit_gateway.Example.Association_default_route_table_id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.NewRoute(ctx, \"example\", &ec2transitgateway.RouteArgs{\n\t\t\tDestinationCidrBlock: pulumi.String(\"0.0.0.0/0\"),\n\t\t\tBlackhole: pulumi.Bool(true),\n\t\t\tTransitGatewayRouteTableId: pulumi.Any(aws_ec2_transit_gateway.Example.Association_default_route_table_id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_transit_gateway_route` can be imported by using the EC2 Transit Gateway Route Table, an underscore, and the destination, e.g.\n\n```sh\n $ pulumi import aws:ec2transitgateway/route:Route example tgw-rtb-12345678_0.0.0.0/0\n```\n\n ", + "properties": { + "blackhole": { + "type": "boolean", + "description": "Indicates whether to drop traffic that matches this route (default to `false`).\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "IPv4 or IPv6 RFC1924 CIDR used for destination matches. Routing decisions are based on the most specific match.\n" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment (required if `blackhole` is set to false).\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "required": [ + "destinationCidrBlock", + "transitGatewayRouteTableId" + ], + "inputProperties": { + "blackhole": { + "type": "boolean", + "description": "Indicates whether to drop traffic that matches this route (default to `false`).\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "IPv4 or IPv6 RFC1924 CIDR used for destination matches. Routing decisions are based on the most specific match.\n" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment (required if `blackhole` is set to false).\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "requiredInputs": [ + "destinationCidrBlock", + "transitGatewayRouteTableId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Route resources.\n", + "properties": { + "blackhole": { + "type": "boolean", + "description": "Indicates whether to drop traffic that matches this route (default to `false`).\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "IPv4 or IPv6 RFC1924 CIDR used for destination matches. Routing decisions are based on the most specific match.\n" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment (required if `blackhole` is set to false).\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "type": "object" + } + }, + "aws:ec2transitgateway/routeTable:RouteTable": { + "description": "Manages an EC2 Transit Gateway Route Table.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2transitgateway.RouteTable(\"example\", {transitGatewayId: aws_ec2_transit_gateway.example.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.RouteTable(\"example\", transit_gateway_id=aws_ec2_transit_gateway[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2TransitGateway.RouteTable(\"example\", new Aws.Ec2TransitGateway.RouteTableArgs\n {\n TransitGatewayId = aws_ec2_transit_gateway.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.NewRouteTable(ctx, \"example\", &ec2transitgateway.RouteTableArgs{\n\t\t\tTransitGatewayId: pulumi.Any(aws_ec2_transit_gateway.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_transit_gateway_route_table` can be imported by using the EC2 Transit Gateway Route Table identifier, e.g.\n\n```sh\n $ pulumi import aws:ec2transitgateway/routeTable:RouteTable example tgw-rtb-12345678\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "EC2 Transit Gateway Route Table Amazon Resource Name (ARN).\n" + }, + "defaultAssociationRouteTable": { + "type": "boolean", + "description": "Boolean whether this is the default association route table for the EC2 Transit Gateway.\n" + }, + "defaultPropagationRouteTable": { + "type": "boolean", + "description": "Boolean whether this is the default propagation route table for the EC2 Transit Gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + } + }, + "required": [ + "arn", + "defaultAssociationRouteTable", + "defaultPropagationRouteTable", + "tagsAll", + "transitGatewayId" + ], + "inputProperties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + } + }, + "requiredInputs": [ + "transitGatewayId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RouteTable resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "EC2 Transit Gateway Route Table Amazon Resource Name (ARN).\n" + }, + "defaultAssociationRouteTable": { + "type": "boolean", + "description": "Boolean whether this is the default association route table for the EC2 Transit Gateway.\n" + }, + "defaultPropagationRouteTable": { + "type": "boolean", + "description": "Boolean whether this is the default propagation route table for the EC2 Transit Gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + } + }, + "type": "object" + } + }, + "aws:ec2transitgateway/routeTableAssociation:RouteTableAssociation": { + "description": "Manages an EC2 Transit Gateway Route Table association.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2transitgateway.RouteTableAssociation(\"example\", {\n transitGatewayAttachmentId: aws_ec2_transit_gateway_vpc_attachment.example.id,\n transitGatewayRouteTableId: aws_ec2_transit_gateway_route_table.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.RouteTableAssociation(\"example\",\n transit_gateway_attachment_id=aws_ec2_transit_gateway_vpc_attachment[\"example\"][\"id\"],\n transit_gateway_route_table_id=aws_ec2_transit_gateway_route_table[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2TransitGateway.RouteTableAssociation(\"example\", new Aws.Ec2TransitGateway.RouteTableAssociationArgs\n {\n TransitGatewayAttachmentId = aws_ec2_transit_gateway_vpc_attachment.Example.Id,\n TransitGatewayRouteTableId = aws_ec2_transit_gateway_route_table.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.NewRouteTableAssociation(ctx, \"example\", &ec2transitgateway.RouteTableAssociationArgs{\n\t\t\tTransitGatewayAttachmentId: pulumi.Any(aws_ec2_transit_gateway_vpc_attachment.Example.Id),\n\t\t\tTransitGatewayRouteTableId: pulumi.Any(aws_ec2_transit_gateway_route_table.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_transit_gateway_route_table_association` can be imported by using the EC2 Transit Gateway Route Table identifier, an underscore, and the EC2 Transit Gateway Attachment identifier, e.g.\n\n```sh\n $ pulumi import aws:ec2transitgateway/routeTableAssociation:RouteTableAssociation example tgw-rtb-12345678_tgw-attach-87654321\n```\n\n ", + "properties": { + "resourceId": { + "type": "string", + "description": "Identifier of the resource\n" + }, + "resourceType": { + "type": "string", + "description": "Type of the resource\n" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment.\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "required": [ + "resourceId", + "resourceType", + "transitGatewayAttachmentId", + "transitGatewayRouteTableId" + ], + "inputProperties": { + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment.\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "requiredInputs": [ + "transitGatewayAttachmentId", + "transitGatewayRouteTableId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RouteTableAssociation resources.\n", + "properties": { + "resourceId": { + "type": "string", + "description": "Identifier of the resource\n" + }, + "resourceType": { + "type": "string", + "description": "Type of the resource\n" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment.\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "type": "object" + } + }, + "aws:ec2transitgateway/routeTablePropagation:RouteTablePropagation": { + "description": "Manages an EC2 Transit Gateway Route Table propagation.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2transitgateway.RouteTablePropagation(\"example\", {\n transitGatewayAttachmentId: aws_ec2_transit_gateway_vpc_attachment.example.id,\n transitGatewayRouteTableId: aws_ec2_transit_gateway_route_table.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.RouteTablePropagation(\"example\",\n transit_gateway_attachment_id=aws_ec2_transit_gateway_vpc_attachment[\"example\"][\"id\"],\n transit_gateway_route_table_id=aws_ec2_transit_gateway_route_table[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2TransitGateway.RouteTablePropagation(\"example\", new Aws.Ec2TransitGateway.RouteTablePropagationArgs\n {\n TransitGatewayAttachmentId = aws_ec2_transit_gateway_vpc_attachment.Example.Id,\n TransitGatewayRouteTableId = aws_ec2_transit_gateway_route_table.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.NewRouteTablePropagation(ctx, \"example\", &ec2transitgateway.RouteTablePropagationArgs{\n\t\t\tTransitGatewayAttachmentId: pulumi.Any(aws_ec2_transit_gateway_vpc_attachment.Example.Id),\n\t\t\tTransitGatewayRouteTableId: pulumi.Any(aws_ec2_transit_gateway_route_table.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_transit_gateway_route_table_propagation` can be imported by using the EC2 Transit Gateway Route Table identifier, an underscore, and the EC2 Transit Gateway Attachment identifier, e.g.\n\n```sh\n $ pulumi import aws:ec2transitgateway/routeTablePropagation:RouteTablePropagation example tgw-rtb-12345678_tgw-attach-87654321\n```\n\n ", + "properties": { + "resourceId": { + "type": "string", + "description": "Identifier of the resource\n" + }, + "resourceType": { + "type": "string", + "description": "Type of the resource\n" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment.\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "required": [ + "resourceId", + "resourceType", + "transitGatewayAttachmentId", + "transitGatewayRouteTableId" + ], + "inputProperties": { + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment.\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "requiredInputs": [ + "transitGatewayAttachmentId", + "transitGatewayRouteTableId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RouteTablePropagation resources.\n", + "properties": { + "resourceId": { + "type": "string", + "description": "Identifier of the resource\n" + }, + "resourceType": { + "type": "string", + "description": "Type of the resource\n" + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Attachment.\n" + }, + "transitGatewayRouteTableId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway Route Table.\n" + } + }, + "type": "object" + } + }, + "aws:ec2transitgateway/transitGateway:TransitGateway": { + "description": "Manages an EC2 Transit Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2transitgateway.TransitGateway(\"example\", {\n description: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.TransitGateway(\"example\", description=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2TransitGateway.TransitGateway(\"example\", new Aws.Ec2TransitGateway.TransitGatewayArgs\n {\n Description = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.NewTransitGateway(ctx, \"example\", &ec2transitgateway.TransitGatewayArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_transit_gateway` can be imported by using the EC2 Transit Gateway identifier, e.g.\n\n```sh\n $ pulumi import aws:ec2transitgateway/transitGateway:TransitGateway example tgw-12345678\n```\n\n ", + "properties": { + "amazonSideAsn": { + "type": "integer", + "description": "Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is `64512` to `65534` for 16-bit ASNs and `4200000000` to `4294967294` for 32-bit ASNs. Default value: `64512`.\n" + }, + "arn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "EC2 Transit Gateway Amazon Resource Name (ARN)\n" + }, + "associationDefaultRouteTableId": { + "type": "string", + "description": "Identifier of the default association route table\n" + }, + "autoAcceptSharedAttachments": { + "type": "string", + "description": "Whether resource attachment requests are automatically accepted. Valid values: `disable`, `enable`. Default value: `disable`.\n" + }, + "defaultRouteTableAssociation": { + "type": "string", + "description": "Whether resource attachments are automatically associated with the default association route table. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "defaultRouteTablePropagation": { + "type": "string", + "description": "Whether resource attachments automatically propagate routes to the default propagation route table. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "description": { + "type": "string", + "description": "Description of the EC2 Transit Gateway.\n" + }, + "dnsSupport": { + "type": "string", + "description": "Whether DNS support is enabled. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "ownerId": { + "type": "string", + "description": "Identifier of the AWS account that owns the EC2 Transit Gateway\n" + }, + "propagationDefaultRouteTableId": { + "type": "string", + "description": "Identifier of the default propagation route table\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpnEcmpSupport": { + "type": "string", + "description": "Whether VPN Equal Cost Multipath Protocol support is enabled. Valid values: `disable`, `enable`. Default value: `enable`.\n" + } + }, + "required": [ + "arn", + "associationDefaultRouteTableId", + "ownerId", + "propagationDefaultRouteTableId", + "tagsAll" + ], + "inputProperties": { + "amazonSideAsn": { + "type": "integer", + "description": "Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is `64512` to `65534` for 16-bit ASNs and `4200000000` to `4294967294` for 32-bit ASNs. Default value: `64512`.\n" + }, + "autoAcceptSharedAttachments": { + "type": "string", + "description": "Whether resource attachment requests are automatically accepted. Valid values: `disable`, `enable`. Default value: `disable`.\n" + }, + "defaultRouteTableAssociation": { + "type": "string", + "description": "Whether resource attachments are automatically associated with the default association route table. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "defaultRouteTablePropagation": { + "type": "string", + "description": "Whether resource attachments automatically propagate routes to the default propagation route table. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "description": { + "type": "string", + "description": "Description of the EC2 Transit Gateway.\n" + }, + "dnsSupport": { + "type": "string", + "description": "Whether DNS support is enabled. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpnEcmpSupport": { + "type": "string", + "description": "Whether VPN Equal Cost Multipath Protocol support is enabled. Valid values: `disable`, `enable`. Default value: `enable`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering TransitGateway resources.\n", + "properties": { + "amazonSideAsn": { + "type": "integer", + "description": "Private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is `64512` to `65534` for 16-bit ASNs and `4200000000` to `4294967294` for 32-bit ASNs. Default value: `64512`.\n" + }, + "arn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "EC2 Transit Gateway Amazon Resource Name (ARN)\n" + }, + "associationDefaultRouteTableId": { + "type": "string", + "description": "Identifier of the default association route table\n" + }, + "autoAcceptSharedAttachments": { + "type": "string", + "description": "Whether resource attachment requests are automatically accepted. Valid values: `disable`, `enable`. Default value: `disable`.\n" + }, + "defaultRouteTableAssociation": { + "type": "string", + "description": "Whether resource attachments are automatically associated with the default association route table. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "defaultRouteTablePropagation": { + "type": "string", + "description": "Whether resource attachments automatically propagate routes to the default propagation route table. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "description": { + "type": "string", + "description": "Description of the EC2 Transit Gateway.\n" + }, + "dnsSupport": { + "type": "string", + "description": "Whether DNS support is enabled. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "ownerId": { + "type": "string", + "description": "Identifier of the AWS account that owns the EC2 Transit Gateway\n" + }, + "propagationDefaultRouteTableId": { + "type": "string", + "description": "Identifier of the default propagation route table\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpnEcmpSupport": { + "type": "string", + "description": "Whether VPN Equal Cost Multipath Protocol support is enabled. Valid values: `disable`, `enable`. Default value: `enable`.\n" + } + }, + "type": "object" + } + }, + "aws:ec2transitgateway/vpcAttachment:VpcAttachment": { + "description": "Manages an EC2 Transit Gateway VPC Attachment. For examples of custom route table association and propagation, see the EC2 Transit Gateway Networking Examples Guide.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2transitgateway.VpcAttachment(\"example\", {\n subnetIds: [aws_subnet.example.id],\n transitGatewayId: aws_ec2_transit_gateway.example.id,\n vpcId: aws_vpc.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.VpcAttachment(\"example\",\n subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n transit_gateway_id=aws_ec2_transit_gateway[\"example\"][\"id\"],\n vpc_id=aws_vpc[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2TransitGateway.VpcAttachment(\"example\", new Aws.Ec2TransitGateway.VpcAttachmentArgs\n {\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n TransitGatewayId = aws_ec2_transit_gateway.Example.Id,\n VpcId = aws_vpc.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.NewVpcAttachment(ctx, \"example\", &ec2transitgateway.VpcAttachmentArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t},\n\t\t\tTransitGatewayId: pulumi.Any(aws_ec2_transit_gateway.Example.Id),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_transit_gateway_vpc_attachment` can be imported by using the EC2 Transit Gateway Attachment identifier, e.g.\n\n```sh\n $ pulumi import aws:ec2transitgateway/vpcAttachment:VpcAttachment example tgw-attach-12345678\n```\n\n ", + "properties": { + "applianceModeSupport": { + "type": "string", + "description": "Whether Appliance Mode support is enabled. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Valid values: `disable`, `enable`. Default value: `disable`.\n" + }, + "dnsSupport": { + "type": "string", + "description": "Whether DNS support is enabled. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "ipv6Support": { + "type": "string", + "description": "Whether IPv6 support is enabled. Valid values: `disable`, `enable`. Default value: `disable`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of EC2 Subnets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayDefaultRouteTableAssociation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: `true`.\n" + }, + "transitGatewayDefaultRouteTablePropagation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: `true`.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of EC2 VPC.\n" + }, + "vpcOwnerId": { + "type": "string", + "description": "Identifier of the AWS account that owns the EC2 VPC.\n" + } + }, + "required": [ + "subnetIds", + "tagsAll", + "transitGatewayId", + "vpcId", + "vpcOwnerId" + ], + "inputProperties": { + "applianceModeSupport": { + "type": "string", + "description": "Whether Appliance Mode support is enabled. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Valid values: `disable`, `enable`. Default value: `disable`.\n" + }, + "dnsSupport": { + "type": "string", + "description": "Whether DNS support is enabled. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "ipv6Support": { + "type": "string", + "description": "Whether IPv6 support is enabled. Valid values: `disable`, `enable`. Default value: `disable`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of EC2 Subnets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayDefaultRouteTableAssociation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: `true`.\n" + }, + "transitGatewayDefaultRouteTablePropagation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: `true`.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of EC2 VPC.\n" + } + }, + "requiredInputs": [ + "subnetIds", + "transitGatewayId", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcAttachment resources.\n", + "properties": { + "applianceModeSupport": { + "type": "string", + "description": "Whether Appliance Mode support is enabled. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. Valid values: `disable`, `enable`. Default value: `disable`.\n" + }, + "dnsSupport": { + "type": "string", + "description": "Whether DNS support is enabled. Valid values: `disable`, `enable`. Default value: `enable`.\n" + }, + "ipv6Support": { + "type": "string", + "description": "Whether IPv6 support is enabled. Valid values: `disable`, `enable`. Default value: `disable`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of EC2 Subnets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayDefaultRouteTableAssociation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: `true`.\n" + }, + "transitGatewayDefaultRouteTablePropagation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. This cannot be configured or perform drift detection with Resource Access Manager shared EC2 Transit Gateways. Default value: `true`.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of EC2 VPC.\n" + }, + "vpcOwnerId": { + "type": "string", + "description": "Identifier of the AWS account that owns the EC2 VPC.\n" + } + }, + "type": "object" + } + }, + "aws:ec2transitgateway/vpcAttachmentAccepter:VpcAttachmentAccepter": { + "description": "Manages the accepter's side of an EC2 Transit Gateway VPC Attachment.\n\nWhen a cross-account (requester's AWS account differs from the accepter's AWS account) EC2 Transit Gateway VPC Attachment\nis created, an EC2 Transit Gateway VPC Attachment resource is automatically created in the accepter's account.\nThe requester can use the `aws.ec2transitgateway.VpcAttachment` resource to manage its side of the connection\nand the accepter can use the `aws.ec2transitgateway.VpcAttachmentAccepter` resource to \"adopt\" its side of the\nconnection into management.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ec2transitgateway.VpcAttachmentAccepter(\"example\", {\n transitGatewayAttachmentId: aws_ec2_transit_gateway_vpc_attachment.example.id,\n tags: {\n Name: \"Example cross-account attachment\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.VpcAttachmentAccepter(\"example\",\n transit_gateway_attachment_id=aws_ec2_transit_gateway_vpc_attachment[\"example\"][\"id\"],\n tags={\n \"Name\": \"Example cross-account attachment\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ec2TransitGateway.VpcAttachmentAccepter(\"example\", new Aws.Ec2TransitGateway.VpcAttachmentAccepterArgs\n {\n TransitGatewayAttachmentId = aws_ec2_transit_gateway_vpc_attachment.Example.Id,\n Tags = \n {\n { \"Name\", \"Example cross-account attachment\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.NewVpcAttachmentAccepter(ctx, \"example\", &ec2transitgateway.VpcAttachmentAccepterArgs{\n\t\t\tTransitGatewayAttachmentId: pulumi.Any(aws_ec2_transit_gateway_vpc_attachment.Example.Id),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Example cross-account attachment\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_ec2_transit_gateway_vpc_attachment_accepter` can be imported by using the EC2 Transit Gateway Attachment identifier, e.g.\n\n```sh\n $ pulumi import aws:ec2transitgateway/vpcAttachmentAccepter:VpcAttachmentAccepter example tgw-attach-12345678\n```\n\n ", + "properties": { + "applianceModeSupport": { + "type": "string", + "description": "Whether Appliance Mode support is enabled. Valid values: `disable`, `enable`.\n" + }, + "dnsSupport": { + "type": "string", + "description": "Whether DNS support is enabled. Valid values: `disable`, `enable`.\n" + }, + "ipv6Support": { + "type": "string", + "description": "Whether IPv6 support is enabled. Valid values: `disable`, `enable`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of EC2 Subnets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "The ID of the EC2 Transit Gateway Attachment to manage.\n" + }, + "transitGatewayDefaultRouteTableAssociation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. Default value: `true`.\n" + }, + "transitGatewayDefaultRouteTablePropagation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. Default value: `true`.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of EC2 VPC.\n" + }, + "vpcOwnerId": { + "type": "string", + "description": "Identifier of the AWS account that owns the EC2 VPC.\n" + } + }, + "required": [ + "applianceModeSupport", + "dnsSupport", + "ipv6Support", + "subnetIds", + "tagsAll", + "transitGatewayAttachmentId", + "transitGatewayId", + "vpcId", + "vpcOwnerId" + ], + "inputProperties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "The ID of the EC2 Transit Gateway Attachment to manage.\n" + }, + "transitGatewayDefaultRouteTableAssociation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. Default value: `true`.\n" + }, + "transitGatewayDefaultRouteTablePropagation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. Default value: `true`.\n" + } + }, + "requiredInputs": [ + "transitGatewayAttachmentId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcAttachmentAccepter resources.\n", + "properties": { + "applianceModeSupport": { + "type": "string", + "description": "Whether Appliance Mode support is enabled. Valid values: `disable`, `enable`.\n" + }, + "dnsSupport": { + "type": "string", + "description": "Whether DNS support is enabled. Valid values: `disable`, `enable`.\n" + }, + "ipv6Support": { + "type": "string", + "description": "Whether IPv6 support is enabled. Valid values: `disable`, `enable`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of EC2 Subnets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayAttachmentId": { + "type": "string", + "description": "The ID of the EC2 Transit Gateway Attachment to manage.\n" + }, + "transitGatewayDefaultRouteTableAssociation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should be associated with the EC2 Transit Gateway association default route table. Default value: `true`.\n" + }, + "transitGatewayDefaultRouteTablePropagation": { + "type": "boolean", + "description": "Boolean whether the VPC Attachment should propagate routes with the EC2 Transit Gateway propagation default route table. Default value: `true`.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of EC2 Transit Gateway.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of EC2 VPC.\n" + }, + "vpcOwnerId": { + "type": "string", + "description": "Identifier of the AWS account that owns the EC2 VPC.\n" + } + }, + "type": "object" + } + }, + "aws:ecr/lifecyclePolicy:LifecyclePolicy": { + "description": "Manages an ECR repository lifecycle policy.\n\n> **NOTE:** Only one `aws.ecr.LifecyclePolicy` resource can be used with the same ECR repository. To apply multiple rules, they must be combined in the `policy` JSON.\n\n> **NOTE:** The AWS ECR API seems to reorder rules based on `rulePriority`. If you define multiple rules that are not sorted in ascending `rulePriority` order in the this provider code, the resource will be flagged for recreation every deployment.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Policy on untagged image\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ecr.Repository(\"foo\", {});\nconst foopolicy = new aws.ecr.LifecyclePolicy(\"foopolicy\", {\n repository: foo.name,\n policy: `{\n \"rules\": [\n {\n \"rulePriority\": 1,\n \"description\": \"Expire images older than 14 days\",\n \"selection\": {\n \"tagStatus\": \"untagged\",\n \"countType\": \"sinceImagePushed\",\n \"countUnit\": \"days\",\n \"countNumber\": 14\n },\n \"action\": {\n \"type\": \"expire\"\n }\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ecr.Repository(\"foo\")\nfoopolicy = aws.ecr.LifecyclePolicy(\"foopolicy\",\n repository=foo.name,\n policy=\"\"\"{\n \"rules\": [\n {\n \"rulePriority\": 1,\n \"description\": \"Expire images older than 14 days\",\n \"selection\": {\n \"tagStatus\": \"untagged\",\n \"countType\": \"sinceImagePushed\",\n \"countUnit\": \"days\",\n \"countNumber\": 14\n },\n \"action\": {\n \"type\": \"expire\"\n }\n }\n ]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ecr.Repository(\"foo\", new Aws.Ecr.RepositoryArgs\n {\n });\n var foopolicy = new Aws.Ecr.LifecyclePolicy(\"foopolicy\", new Aws.Ecr.LifecyclePolicyArgs\n {\n Repository = foo.Name,\n Policy = @\"{\n \"\"rules\"\": [\n {\n \"\"rulePriority\"\": 1,\n \"\"description\"\": \"\"Expire images older than 14 days\"\",\n \"\"selection\"\": {\n \"\"tagStatus\"\": \"\"untagged\"\",\n \"\"countType\"\": \"\"sinceImagePushed\"\",\n \"\"countUnit\"\": \"\"days\"\",\n \"\"countNumber\"\": 14\n },\n \"\"action\"\": {\n \"\"type\"\": \"\"expire\"\"\n }\n }\n ]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ecr.NewRepository(ctx, \"foo\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewLifecyclePolicy(ctx, \"foopolicy\", &ecr.LifecyclePolicyArgs{\n\t\t\tRepository: foo.Name,\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"rules\\\": [\\n\", \" {\\n\", \" \\\"rulePriority\\\": 1,\\n\", \" \\\"description\\\": \\\"Expire images older than 14 days\\\",\\n\", \" \\\"selection\\\": {\\n\", \" \\\"tagStatus\\\": \\\"untagged\\\",\\n\", \" \\\"countType\\\": \\\"sinceImagePushed\\\",\\n\", \" \\\"countUnit\\\": \\\"days\\\",\\n\", \" \\\"countNumber\\\": 14\\n\", \" },\\n\", \" \\\"action\\\": {\\n\", \" \\\"type\\\": \\\"expire\\\"\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Policy on tagged image\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ecr.Repository(\"foo\", {});\nconst foopolicy = new aws.ecr.LifecyclePolicy(\"foopolicy\", {\n repository: foo.name,\n policy: `{\n \"rules\": [\n {\n \"rulePriority\": 1,\n \"description\": \"Keep last 30 images\",\n \"selection\": {\n \"tagStatus\": \"tagged\",\n \"tagPrefixList\": [\"v\"],\n \"countType\": \"imageCountMoreThan\",\n \"countNumber\": 30\n },\n \"action\": {\n \"type\": \"expire\"\n }\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ecr.Repository(\"foo\")\nfoopolicy = aws.ecr.LifecyclePolicy(\"foopolicy\",\n repository=foo.name,\n policy=\"\"\"{\n \"rules\": [\n {\n \"rulePriority\": 1,\n \"description\": \"Keep last 30 images\",\n \"selection\": {\n \"tagStatus\": \"tagged\",\n \"tagPrefixList\": [\"v\"],\n \"countType\": \"imageCountMoreThan\",\n \"countNumber\": 30\n },\n \"action\": {\n \"type\": \"expire\"\n }\n }\n ]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ecr.Repository(\"foo\", new Aws.Ecr.RepositoryArgs\n {\n });\n var foopolicy = new Aws.Ecr.LifecyclePolicy(\"foopolicy\", new Aws.Ecr.LifecyclePolicyArgs\n {\n Repository = foo.Name,\n Policy = @\"{\n \"\"rules\"\": [\n {\n \"\"rulePriority\"\": 1,\n \"\"description\"\": \"\"Keep last 30 images\"\",\n \"\"selection\"\": {\n \"\"tagStatus\"\": \"\"tagged\"\",\n \"\"tagPrefixList\"\": [\"\"v\"\"],\n \"\"countType\"\": \"\"imageCountMoreThan\"\",\n \"\"countNumber\"\": 30\n },\n \"\"action\"\": {\n \"\"type\"\": \"\"expire\"\"\n }\n }\n ]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ecr.NewRepository(ctx, \"foo\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewLifecyclePolicy(ctx, \"foopolicy\", &ecr.LifecyclePolicyArgs{\n\t\t\tRepository: foo.Name,\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"rules\\\": [\\n\", \" {\\n\", \" \\\"rulePriority\\\": 1,\\n\", \" \\\"description\\\": \\\"Keep last 30 images\\\",\\n\", \" \\\"selection\\\": {\\n\", \" \\\"tagStatus\\\": \\\"tagged\\\",\\n\", \" \\\"tagPrefixList\\\": [\\\"v\\\"],\\n\", \" \\\"countType\\\": \\\"imageCountMoreThan\\\",\\n\", \" \\\"countNumber\\\": 30\\n\", \" },\\n\", \" \\\"action\\\": {\\n\", \" \\\"type\\\": \\\"expire\\\"\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nECR Lifecycle Policy can be imported using the name of the repository, e.g.\n\n```sh\n $ pulumi import aws:ecr/lifecyclePolicy:LifecyclePolicy example tf-example\n```\n\n ", + "properties": { + "policy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string. See more details about [Policy Parameters](http://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html#lifecycle_policy_parameters) in the official AWS docs.\n" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the repository was created.\n" + }, + "repository": { + "type": "string", + "description": "Name of the repository to apply the policy.\n" + } + }, + "required": [ + "policy", + "registryId", + "repository" + ], + "inputProperties": { + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ecr/lifecyclePolicyDocument:LifecyclePolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string. See more details about [Policy Parameters](http://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html#lifecycle_policy_parameters) in the official AWS docs.\n" + }, + "repository": { + "type": "string", + "description": "Name of the repository to apply the policy.\n" + } + }, + "requiredInputs": [ + "policy", + "repository" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LifecyclePolicy resources.\n", + "properties": { + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ecr/lifecyclePolicyDocument:LifecyclePolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string. See more details about [Policy Parameters](http://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html#lifecycle_policy_parameters) in the official AWS docs.\n" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the repository was created.\n" + }, + "repository": { + "type": "string", + "description": "Name of the repository to apply the policy.\n" + } + }, + "type": "object" + } + }, + "aws:ecr/registryPolicy:RegistryPolicy": { + "description": "Provides an Elastic Container Registry Policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst currentRegion = aws.getRegion({});\nconst currentPartition = aws.getPartition({});\nconst example = new aws.ecr.RegistryPolicy(\"example\", {policy: Promise.all([currentPartition, currentCallerIdentity, currentPartition, currentRegion, currentCallerIdentity]).then(([currentPartition, currentCallerIdentity, currentPartition1, currentRegion, currentCallerIdentity1]) => JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Sid: \"testpolicy\",\n Effect: \"Allow\",\n Principal: {\n AWS: `arn:${currentPartition.partition}:iam::${currentCallerIdentity.accountId}:root`,\n },\n Action: [\"ecr:ReplicateImage\"],\n Resource: [`arn:${currentPartition1.partition}:ecr:${currentRegion.name}:${currentCallerIdentity1.accountId}:repository/*`],\n }],\n}))});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ncurrent_caller_identity = aws.get_caller_identity()\ncurrent_region = aws.get_region()\ncurrent_partition = aws.get_partition()\nexample = aws.ecr.RegistryPolicy(\"example\", policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Sid\": \"testpolicy\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": f\"arn:{current_partition.partition}:iam::{current_caller_identity.account_id}:root\",\n },\n \"Action\": [\"ecr:ReplicateImage\"],\n \"Resource\": [f\"arn:{current_partition.partition}:ecr:{current_region.name}:{current_caller_identity.account_id}:repository/*\"],\n }],\n}))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());\n var currentPartition = Output.Create(Aws.GetPartition.InvokeAsync());\n var example = new Aws.Ecr.RegistryPolicy(\"example\", new Aws.Ecr.RegistryPolicyArgs\n {\n Policy = Output.Tuple(currentPartition, currentCallerIdentity, currentPartition, currentRegion, currentCallerIdentity).Apply(values =>\n {\n var currentPartition = values.Item1;\n var currentCallerIdentity = values.Item2;\n var currentPartition1 = values.Item3;\n var currentRegion = values.Item4;\n var currentCallerIdentity1 = values.Item5;\n return JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Sid\", \"testpolicy\" },\n { \"Effect\", \"Allow\" },\n { \"Principal\", new Dictionary\n {\n { \"AWS\", $\"arn:{currentPartition.Partition}:iam::{currentCallerIdentity.AccountId}:root\" },\n } },\n { \"Action\", new[]\n {\n \"ecr:ReplicateImage\",\n }\n },\n { \"Resource\", new[]\n {\n $\"arn:{currentPartition1.Partition}:ecr:{currentRegion.Name}:{currentCallerIdentity1.AccountId}:repository/*\",\n }\n },\n },\n }\n },\n });\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentPartition, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Sid\": \"testpolicy\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"AWS\": fmt.Sprintf(\"%v%v%v%v%v\", \"arn:\", currentPartition.Partition, \":iam::\", currentCallerIdentity.AccountId, \":root\"),\n\t\t\t\t\t},\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ecr:ReplicateImage\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Resource\": []string{\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v%v%v%v%v\", \"arn:\", currentPartition.Partition, \":ecr:\", currentRegion.Name, \":\", currentCallerIdentity.AccountId, \":repository/*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = ecr.NewRegistryPolicy(ctx, \"example\", &ecr.RegistryPolicyArgs{\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nECR Registry Policy can be imported using the registry id, e.g.\n\n```sh\n $ pulumi import aws:ecr/registryPolicy:RegistryPolicy example 123456789012\n```\n\n ", + "properties": { + "policy": { + "type": "string" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the registry was created.\n" + } + }, + "required": [ + "policy", + "registryId" + ], + "inputProperties": { + "policy": { + "type": "string" + } + }, + "requiredInputs": [ + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RegistryPolicy resources.\n", + "properties": { + "policy": { + "type": "string" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the registry was created.\n" + } + }, + "type": "object" + } + }, + "aws:ecr/replicationConfiguration:ReplicationConfiguration": { + "description": "Provides an Elastic Container Registry Replication Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst exampleRegions = aws.getRegions({});\nconst exampleReplicationConfiguration = new aws.ecr.ReplicationConfiguration(\"exampleReplicationConfiguration\", {replicationConfiguration: {\n rule: {\n destinations: [{\n region: exampleRegions.then(exampleRegions => exampleRegions.names?[0]),\n registryId: current.then(current => current.accountId),\n }],\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample_regions = aws.get_regions()\nexample_replication_configuration = aws.ecr.ReplicationConfiguration(\"exampleReplicationConfiguration\", replication_configuration=aws.ecr.ReplicationConfigurationReplicationConfigurationArgs(\n rule=aws.ecr.ReplicationConfigurationReplicationConfigurationRuleArgs(\n destinations=[aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example_regions.names[0],\n registry_id=current.account_id,\n )],\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var exampleRegions = Output.Create(Aws.GetRegions.InvokeAsync());\n var exampleReplicationConfiguration = new Aws.Ecr.ReplicationConfiguration(\"exampleReplicationConfiguration\", new Aws.Ecr.ReplicationConfigurationArgs\n {\n ReplicationConfiguration = new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationArgs\n {\n Rule = new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleArgs\n {\n Destinations = \n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = exampleRegions.Apply(exampleRegions => exampleRegions.Names?[0]),\n RegistryId = current.Apply(current => current.AccountId),\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRegions, err := aws.GetRegions(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewReplicationConfiguration(ctx, \"exampleReplicationConfiguration\", &ecr.ReplicationConfigurationArgs{\n\t\t\tReplicationConfiguration: &ecr.ReplicationConfigurationReplicationConfigurationArgs{\n\t\t\t\tRule: &ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{\n\t\t\t\t\tDestinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{\n\t\t\t\t\t\t&ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\tRegion: pulumi.String(exampleRegions.Names[0]),\n\t\t\t\t\t\t\tRegistryId: pulumi.String(current.AccountId),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Multiple Region Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst exampleRegions = aws.getRegions({});\nconst exampleReplicationConfiguration = new aws.ecr.ReplicationConfiguration(\"exampleReplicationConfiguration\", {replicationConfiguration: {\n rule: {\n destinations: [\n {\n region: exampleRegions.then(exampleRegions => exampleRegions.names?[0]),\n registryId: current.then(current => current.accountId),\n },\n {\n region: exampleRegions.then(exampleRegions => exampleRegions.names?[1]),\n registryId: current.then(current => current.accountId),\n },\n ],\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nexample_regions = aws.get_regions()\nexample_replication_configuration = aws.ecr.ReplicationConfiguration(\"exampleReplicationConfiguration\", replication_configuration=aws.ecr.ReplicationConfigurationReplicationConfigurationArgs(\n rule=aws.ecr.ReplicationConfigurationReplicationConfigurationRuleArgs(\n destinations=[\n aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example_regions.names[0],\n registry_id=current.account_id,\n ),\n aws.ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs(\n region=example_regions.names[1],\n registry_id=current.account_id,\n ),\n ],\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var exampleRegions = Output.Create(Aws.GetRegions.InvokeAsync());\n var exampleReplicationConfiguration = new Aws.Ecr.ReplicationConfiguration(\"exampleReplicationConfiguration\", new Aws.Ecr.ReplicationConfigurationArgs\n {\n ReplicationConfiguration = new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationArgs\n {\n Rule = new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleArgs\n {\n Destinations = \n {\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = exampleRegions.Apply(exampleRegions => exampleRegions.Names?[0]),\n RegistryId = current.Apply(current => current.AccountId),\n },\n new Aws.Ecr.Inputs.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs\n {\n Region = exampleRegions.Apply(exampleRegions => exampleRegions.Names?[1]),\n RegistryId = current.Apply(current => current.AccountId),\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRegions, err := aws.GetRegions(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewReplicationConfiguration(ctx, \"exampleReplicationConfiguration\", &ecr.ReplicationConfigurationArgs{\n\t\t\tReplicationConfiguration: &ecr.ReplicationConfigurationReplicationConfigurationArgs{\n\t\t\t\tRule: &ecr.ReplicationConfigurationReplicationConfigurationRuleArgs{\n\t\t\t\t\tDestinations: ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArray{\n\t\t\t\t\t\t&ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\tRegion: pulumi.String(exampleRegions.Names[0]),\n\t\t\t\t\t\t\tRegistryId: pulumi.String(current.AccountId),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&ecr.ReplicationConfigurationReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\tRegion: pulumi.String(exampleRegions.Names[1]),\n\t\t\t\t\t\t\tRegistryId: pulumi.String(current.AccountId),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nECR Replication Configuration can be imported using the `registry_id`, e.g.\n\n```sh\n $ pulumi import aws:ecr/replicationConfiguration:ReplicationConfiguration service 012345678912\n```\n\n ", + "properties": { + "registryId": { + "type": "string", + "description": "The account ID of the destination registry to replicate to.\n" + }, + "replicationConfiguration": { + "$ref": "#/types/aws:ecr/ReplicationConfigurationReplicationConfiguration:ReplicationConfigurationReplicationConfiguration", + "description": "Replication configuration for a registry. See Replication Configuration.\n", + "language": { + "csharp": { + "name": "ReplicationConfigurationDetails" + } + } + } + }, + "required": [ + "registryId" + ], + "inputProperties": { + "replicationConfiguration": { + "$ref": "#/types/aws:ecr/ReplicationConfigurationReplicationConfiguration:ReplicationConfigurationReplicationConfiguration", + "description": "Replication configuration for a registry. See Replication Configuration.\n", + "language": { + "csharp": { + "name": "ReplicationConfigurationDetails" + } + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ReplicationConfiguration resources.\n", + "properties": { + "registryId": { + "type": "string", + "description": "The account ID of the destination registry to replicate to.\n" + }, + "replicationConfiguration": { + "$ref": "#/types/aws:ecr/ReplicationConfigurationReplicationConfiguration:ReplicationConfigurationReplicationConfiguration", + "description": "Replication configuration for a registry. See Replication Configuration.\n", + "language": { + "csharp": { + "name": "ReplicationConfigurationDetails" + } + } + } + }, + "type": "object" + } + }, + "aws:ecr/repository:Repository": { + "description": "Provides an Elastic Container Registry Repository.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ecr.Repository(\"foo\", {\n imageScanningConfiguration: {\n scanOnPush: true,\n },\n imageTagMutability: \"MUTABLE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ecr.Repository(\"foo\",\n image_scanning_configuration=aws.ecr.RepositoryImageScanningConfigurationArgs(\n scan_on_push=True,\n ),\n image_tag_mutability=\"MUTABLE\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ecr.Repository(\"foo\", new Aws.Ecr.RepositoryArgs\n {\n ImageScanningConfiguration = new Aws.Ecr.Inputs.RepositoryImageScanningConfigurationArgs\n {\n ScanOnPush = true,\n },\n ImageTagMutability = \"MUTABLE\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecr.NewRepository(ctx, \"foo\", &ecr.RepositoryArgs{\n\t\t\tImageScanningConfiguration: &ecr.RepositoryImageScanningConfigurationArgs{\n\t\t\t\tScanOnPush: pulumi.Bool(true),\n\t\t\t},\n\t\t\tImageTagMutability: pulumi.String(\"MUTABLE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nECR Repositories can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:ecr/repository:Repository service test-service\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Full ARN of the repository.\n" + }, + "encryptionConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecr/RepositoryEncryptionConfiguration:RepositoryEncryptionConfiguration" + }, + "description": "Encryption configuration for the repository. See below for schema.\n" + }, + "imageScanningConfiguration": { + "$ref": "#/types/aws:ecr/RepositoryImageScanningConfiguration:RepositoryImageScanningConfiguration", + "description": "Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the [ECR User Guide](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html) for more information about image scanning.\n" + }, + "imageTagMutability": { + "type": "string", + "description": "The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`. Defaults to `MUTABLE`.\n" + }, + "name": { + "type": "string", + "description": "Name of the repository.\n" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the repository was created.\n" + }, + "repositoryUrl": { + "type": "string", + "description": "The URL of the repository (in the form `aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "name", + "registryId", + "repositoryUrl", + "tagsAll" + ], + "inputProperties": { + "encryptionConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecr/RepositoryEncryptionConfiguration:RepositoryEncryptionConfiguration" + }, + "description": "Encryption configuration for the repository. See below for schema.\n" + }, + "imageScanningConfiguration": { + "$ref": "#/types/aws:ecr/RepositoryImageScanningConfiguration:RepositoryImageScanningConfiguration", + "description": "Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the [ECR User Guide](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html) for more information about image scanning.\n" + }, + "imageTagMutability": { + "type": "string", + "description": "The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`. Defaults to `MUTABLE`.\n" + }, + "name": { + "type": "string", + "description": "Name of the repository.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Repository resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Full ARN of the repository.\n" + }, + "encryptionConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecr/RepositoryEncryptionConfiguration:RepositoryEncryptionConfiguration" + }, + "description": "Encryption configuration for the repository. See below for schema.\n" + }, + "imageScanningConfiguration": { + "$ref": "#/types/aws:ecr/RepositoryImageScanningConfiguration:RepositoryImageScanningConfiguration", + "description": "Configuration block that defines image scanning configuration for the repository. By default, image scanning must be manually triggered. See the [ECR User Guide](https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html) for more information about image scanning.\n" + }, + "imageTagMutability": { + "type": "string", + "description": "The tag mutability setting for the repository. Must be one of: `MUTABLE` or `IMMUTABLE`. Defaults to `MUTABLE`.\n" + }, + "name": { + "type": "string", + "description": "Name of the repository.\n" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the repository was created.\n" + }, + "repositoryUrl": { + "type": "string", + "description": "The URL of the repository (in the form `aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:ecr/repositoryPolicy:RepositoryPolicy": { + "description": "Provides an Elastic Container Registry Repository Policy.\n\nNote that currently only one policy may be applied to a repository.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ecr.Repository(\"foo\", {});\nconst foopolicy = new aws.ecr.RepositoryPolicy(\"foopolicy\", {\n repository: foo.name,\n policy: `{\n \"Version\": \"2008-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"new policy\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": [\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\"\n ]\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ecr.Repository(\"foo\")\nfoopolicy = aws.ecr.RepositoryPolicy(\"foopolicy\",\n repository=foo.name,\n policy=\"\"\"{\n \"Version\": \"2008-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"new policy\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": [\n \"ecr:GetDownloadUrlForLayer\",\n \"ecr:BatchGetImage\",\n \"ecr:BatchCheckLayerAvailability\",\n \"ecr:PutImage\",\n \"ecr:InitiateLayerUpload\",\n \"ecr:UploadLayerPart\",\n \"ecr:CompleteLayerUpload\",\n \"ecr:DescribeRepositories\",\n \"ecr:GetRepositoryPolicy\",\n \"ecr:ListImages\",\n \"ecr:DeleteRepository\",\n \"ecr:BatchDeleteImage\",\n \"ecr:SetRepositoryPolicy\",\n \"ecr:DeleteRepositoryPolicy\"\n ]\n }\n ]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ecr.Repository(\"foo\", new Aws.Ecr.RepositoryArgs\n {\n });\n var foopolicy = new Aws.Ecr.RepositoryPolicy(\"foopolicy\", new Aws.Ecr.RepositoryPolicyArgs\n {\n Repository = foo.Name,\n Policy = @\"{\n \"\"Version\"\": \"\"2008-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"new policy\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Action\"\": [\n \"\"ecr:GetDownloadUrlForLayer\"\",\n \"\"ecr:BatchGetImage\"\",\n \"\"ecr:BatchCheckLayerAvailability\"\",\n \"\"ecr:PutImage\"\",\n \"\"ecr:InitiateLayerUpload\"\",\n \"\"ecr:UploadLayerPart\"\",\n \"\"ecr:CompleteLayerUpload\"\",\n \"\"ecr:DescribeRepositories\"\",\n \"\"ecr:GetRepositoryPolicy\"\",\n \"\"ecr:ListImages\"\",\n \"\"ecr:DeleteRepository\"\",\n \"\"ecr:BatchDeleteImage\"\",\n \"\"ecr:SetRepositoryPolicy\"\",\n \"\"ecr:DeleteRepositoryPolicy\"\"\n ]\n }\n ]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ecr.NewRepository(ctx, \"foo\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecr.NewRepositoryPolicy(ctx, \"foopolicy\", &ecr.RepositoryPolicyArgs{\n\t\t\tRepository: foo.Name,\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2008-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"new policy\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": \\\"*\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ecr:GetDownloadUrlForLayer\\\",\\n\", \" \\\"ecr:BatchGetImage\\\",\\n\", \" \\\"ecr:BatchCheckLayerAvailability\\\",\\n\", \" \\\"ecr:PutImage\\\",\\n\", \" \\\"ecr:InitiateLayerUpload\\\",\\n\", \" \\\"ecr:UploadLayerPart\\\",\\n\", \" \\\"ecr:CompleteLayerUpload\\\",\\n\", \" \\\"ecr:DescribeRepositories\\\",\\n\", \" \\\"ecr:GetRepositoryPolicy\\\",\\n\", \" \\\"ecr:ListImages\\\",\\n\", \" \\\"ecr:DeleteRepository\\\",\\n\", \" \\\"ecr:BatchDeleteImage\\\",\\n\", \" \\\"ecr:SetRepositoryPolicy\\\",\\n\", \" \\\"ecr:DeleteRepositoryPolicy\\\"\\n\", \" ]\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nECR Repository Policy can be imported using the repository name, e.g.\n\n```sh\n $ pulumi import aws:ecr/repositoryPolicy:RepositoryPolicy example example\n```\n\n ", + "properties": { + "policy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\n" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the repository was created.\n" + }, + "repository": { + "type": "string", + "description": "Name of the repository to apply the policy.\n" + } + }, + "required": [ + "policy", + "registryId", + "repository" + ], + "inputProperties": { + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string.\n" + }, + "repository": { + "type": "string", + "description": "Name of the repository to apply the policy.\n" + } + }, + "requiredInputs": [ + "policy", + "repository" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RepositoryPolicy resources.\n", + "properties": { + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string.\n" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the repository was created.\n" + }, + "repository": { + "type": "string", + "description": "Name of the repository to apply the policy.\n" + } + }, + "type": "object" + } + }, + "aws:ecrpublic/repository:Repository": { + "description": "Provides a Public Elastic Container Registry Repository.\n\n> **NOTE:** This resource can only be used with `us-east-1` region.\n\n\n## Import\n\nECR Public Repositories can be imported using the `repository_name`, e.g.\n\n```sh\n $ pulumi import aws:ecrpublic/repository:Repository example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Full ARN of the repository.\n" + }, + "catalogData": { + "$ref": "#/types/aws:ecrpublic/RepositoryCatalogData:RepositoryCatalogData", + "description": "Catalog data configuration for the repository. See below for schema.\n" + }, + "forceDestroy": { + "type": "boolean" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the repository was created.\n" + }, + "repositoryName": { + "type": "string", + "description": "Name of the repository.\n" + }, + "repositoryUri": { + "type": "string", + "description": "The URI of the repository.\n" + } + }, + "required": [ + "arn", + "registryId", + "repositoryName", + "repositoryUri" + ], + "inputProperties": { + "catalogData": { + "$ref": "#/types/aws:ecrpublic/RepositoryCatalogData:RepositoryCatalogData", + "description": "Catalog data configuration for the repository. See below for schema.\n" + }, + "forceDestroy": { + "type": "boolean" + }, + "repositoryName": { + "type": "string", + "description": "Name of the repository.\n" + } + }, + "requiredInputs": [ + "repositoryName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Repository resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Full ARN of the repository.\n" + }, + "catalogData": { + "$ref": "#/types/aws:ecrpublic/RepositoryCatalogData:RepositoryCatalogData", + "description": "Catalog data configuration for the repository. See below for schema.\n" + }, + "forceDestroy": { + "type": "boolean" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the repository was created.\n" + }, + "repositoryName": { + "type": "string", + "description": "Name of the repository.\n" + }, + "repositoryUri": { + "type": "string", + "description": "The URI of the repository.\n" + } + }, + "type": "object" + } + }, + "aws:ecs/capacityProvider:CapacityProvider": { + "description": "Provides an ECS cluster capacity provider. More information can be found on the [ECS Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/cluster-capacity-providers.html).\n\n> **NOTE:** Associating an ECS Capacity Provider to an Auto Scaling Group will automatically add the `AmazonECSManaged` tag to the Auto Scaling Group. This tag should be included in the `aws.autoscaling.Group` resource configuration to prevent the provider from removing it in subsequent executions as well as ensuring the `AmazonECSManaged` tag is propagated to all EC2 Instances in the Auto Scaling Group if `min_size` is above 0 on creation. Any EC2 Instances in the Auto Scaling Group without this tag must be manually be updated, otherwise they may cause unexpected scaling behavior and metrics.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration, including potentially other tags ...\nconst testGroup = new aws.autoscaling.Group(\"testGroup\", {tags: [{\n key: \"AmazonECSManaged\",\n value: \"\",\n propagateAtLaunch: true,\n}]});\nconst testCapacityProvider = new aws.ecs.CapacityProvider(\"testCapacityProvider\", {autoScalingGroupProvider: {\n autoScalingGroupArn: testGroup.arn,\n managedTerminationProtection: \"ENABLED\",\n managedScaling: {\n maximumScalingStepSize: 1000,\n minimumScalingStepSize: 1,\n status: \"ENABLED\",\n targetCapacity: 10,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration, including potentially other tags ...\ntest_group = aws.autoscaling.Group(\"testGroup\", tags=[aws.autoscaling.GroupTagArgs(\n key=\"AmazonECSManaged\",\n value=\"\",\n propagate_at_launch=True,\n)])\ntest_capacity_provider = aws.ecs.CapacityProvider(\"testCapacityProvider\", auto_scaling_group_provider=aws.ecs.CapacityProviderAutoScalingGroupProviderArgs(\n auto_scaling_group_arn=test_group.arn,\n managed_termination_protection=\"ENABLED\",\n managed_scaling=aws.ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs(\n maximum_scaling_step_size=1000,\n minimum_scaling_step_size=1,\n status=\"ENABLED\",\n target_capacity=10,\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configuration, including potentially other tags ...\n var testGroup = new Aws.AutoScaling.Group(\"testGroup\", new Aws.AutoScaling.GroupArgs\n {\n Tags = \n {\n new Aws.AutoScaling.Inputs.GroupTagArgs\n {\n Key = \"AmazonECSManaged\",\n Value = \"\",\n PropagateAtLaunch = true,\n },\n },\n });\n var testCapacityProvider = new Aws.Ecs.CapacityProvider(\"testCapacityProvider\", new Aws.Ecs.CapacityProviderArgs\n {\n AutoScalingGroupProvider = new Aws.Ecs.Inputs.CapacityProviderAutoScalingGroupProviderArgs\n {\n AutoScalingGroupArn = testGroup.Arn,\n ManagedTerminationProtection = \"ENABLED\",\n ManagedScaling = new Aws.Ecs.Inputs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs\n {\n MaximumScalingStepSize = 1000,\n MinimumScalingStepSize = 1,\n Status = \"ENABLED\",\n TargetCapacity = 10,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestGroup, err := autoscaling.NewGroup(ctx, \"testGroup\", &autoscaling.GroupArgs{\n\t\t\tTags: autoscaling.GroupTagArray{\n\t\t\t\t&autoscaling.GroupTagArgs{\n\t\t\t\t\tKey: pulumi.String(\"AmazonECSManaged\"),\n\t\t\t\t\tValue: pulumi.String(\"\"),\n\t\t\t\t\tPropagateAtLaunch: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecs.NewCapacityProvider(ctx, \"testCapacityProvider\", &ecs.CapacityProviderArgs{\n\t\t\tAutoScalingGroupProvider: &ecs.CapacityProviderAutoScalingGroupProviderArgs{\n\t\t\t\tAutoScalingGroupArn: testGroup.Arn,\n\t\t\t\tManagedTerminationProtection: pulumi.String(\"ENABLED\"),\n\t\t\t\tManagedScaling: &ecs.CapacityProviderAutoScalingGroupProviderManagedScalingArgs{\n\t\t\t\t\tMaximumScalingStepSize: pulumi.Int(1000),\n\t\t\t\t\tMinimumScalingStepSize: pulumi.Int(1),\n\t\t\t\t\tStatus: pulumi.String(\"ENABLED\"),\n\t\t\t\t\tTargetCapacity: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nECS Capacity Providers can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:ecs/capacityProvider:CapacityProvider example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN that identifies the capacity provider.\n" + }, + "autoScalingGroupProvider": { + "$ref": "#/types/aws:ecs/CapacityProviderAutoScalingGroupProvider:CapacityProviderAutoScalingGroupProvider", + "description": "Configuration block for the provider for the ECS auto scaling group. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the capacity provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "autoScalingGroupProvider", + "name", + "tagsAll" + ], + "inputProperties": { + "autoScalingGroupProvider": { + "$ref": "#/types/aws:ecs/CapacityProviderAutoScalingGroupProvider:CapacityProviderAutoScalingGroupProvider", + "description": "Configuration block for the provider for the ECS auto scaling group. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the capacity provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "autoScalingGroupProvider" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CapacityProvider resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN that identifies the capacity provider.\n" + }, + "autoScalingGroupProvider": { + "$ref": "#/types/aws:ecs/CapacityProviderAutoScalingGroupProvider:CapacityProviderAutoScalingGroupProvider", + "description": "Configuration block for the provider for the ECS auto scaling group. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the capacity provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:ecs/cluster:Cluster": { + "description": "Provides an ECS cluster.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ecs.Cluster(\"foo\", {\n settings: [{\n name: \"containerInsights\",\n value: \"enabled\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ecs.Cluster(\"foo\", settings=[aws.ecs.ClusterSettingArgs(\n name=\"containerInsights\",\n value=\"enabled\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ecs.Cluster(\"foo\", new Aws.Ecs.ClusterArgs\n {\n Settings = \n {\n new Aws.Ecs.Inputs.ClusterSettingArgs\n {\n Name = \"containerInsights\",\n Value = \"enabled\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewCluster(ctx, \"foo\", &ecs.ClusterArgs{\n\t\t\tSettings: ecs.ClusterSettingArray{\n\t\t\t\t&ecs.ClusterSettingArgs{\n\t\t\t\t\tName: pulumi.String(\"containerInsights\"),\n\t\t\t\t\tValue: pulumi.String(\"enabled\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example W/Log Configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {\n description: \"example\",\n deletionWindowInDays: 7,\n});\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst test = new aws.ecs.Cluster(\"test\", {configuration: {\n executeCommandConfiguration: {\n kmsKeyId: exampleKey.arn,\n logging: \"OVERRIDE\",\n logConfiguration: {\n cloudWatchEncryptionEnabled: true,\n cloudWatchLogGroupName: exampleLogGroup.name,\n },\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_key = aws.kms.Key(\"exampleKey\",\n description=\"example\",\n deletion_window_in_days=7)\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\ntest = aws.ecs.Cluster(\"test\", configuration=aws.ecs.ClusterConfigurationArgs(\n execute_command_configuration=aws.ecs.ClusterConfigurationExecuteCommandConfigurationArgs(\n kms_key_id=example_key.arn,\n logging=\"OVERRIDE\",\n log_configuration=aws.ecs.ClusterConfigurationExecuteCommandConfigurationLogConfigurationArgs(\n cloud_watch_encryption_enabled=True,\n cloud_watch_log_group_name=example_log_group.name,\n ),\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new Aws.Kms.KeyArgs\n {\n Description = \"example\",\n DeletionWindowInDays = 7,\n });\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new Aws.CloudWatch.LogGroupArgs\n {\n });\n var test = new Aws.Ecs.Cluster(\"test\", new Aws.Ecs.ClusterArgs\n {\n Configuration = new Aws.Ecs.Inputs.ClusterConfigurationArgs\n {\n ExecuteCommandConfiguration = new Aws.Ecs.Inputs.ClusterConfigurationExecuteCommandConfigurationArgs\n {\n KmsKeyId = exampleKey.Arn,\n Logging = \"OVERRIDE\",\n LogConfiguration = new Aws.Ecs.Inputs.ClusterConfigurationExecuteCommandConfigurationLogConfigurationArgs\n {\n CloudWatchEncryptionEnabled = true,\n CloudWatchLogGroupName = exampleLogGroup.Name,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ecs.NewCluster(ctx, \"test\", &ecs.ClusterArgs{\n\t\t\tConfiguration: &ecs.ClusterConfigurationArgs{\n\t\t\t\tExecuteCommandConfiguration: &ecs.ClusterConfigurationExecuteCommandConfigurationArgs{\n\t\t\t\t\tKmsKeyId: exampleKey.Arn,\n\t\t\t\t\tLogging: pulumi.String(\"OVERRIDE\"),\n\t\t\t\t\tLogConfiguration: &ecs.ClusterConfigurationExecuteCommandConfigurationLogConfigurationArgs{\n\t\t\t\t\t\tCloudWatchEncryptionEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tCloudWatchLogGroupName: exampleLogGroup.Name,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nECS clusters can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:ecs/cluster:Cluster stateless stateless-app\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN that identifies the cluster.\n" + }, + "capacityProviders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of short names of one or more capacity providers to associate with the cluster. Valid values also include `FARGATE` and `FARGATE_SPOT`.\n" + }, + "configuration": { + "$ref": "#/types/aws:ecs/ClusterConfiguration:ClusterConfiguration", + "description": "The execute command configuration for the cluster. Detailed below.\n" + }, + "defaultCapacityProviderStrategies": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ClusterDefaultCapacityProviderStrategy:ClusterDefaultCapacityProviderStrategy" + }, + "description": "Configuration block for capacity provider strategy to use by default for the cluster. Can be one or more. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the setting to manage. Valid values: `containerInsights`.\n" + }, + "settings": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ClusterSetting:ClusterSetting" + }, + "description": "Configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "name", + "settings", + "tagsAll" + ], + "inputProperties": { + "capacityProviders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of short names of one or more capacity providers to associate with the cluster. Valid values also include `FARGATE` and `FARGATE_SPOT`.\n" + }, + "configuration": { + "$ref": "#/types/aws:ecs/ClusterConfiguration:ClusterConfiguration", + "description": "The execute command configuration for the cluster. Detailed below.\n" + }, + "defaultCapacityProviderStrategies": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ClusterDefaultCapacityProviderStrategy:ClusterDefaultCapacityProviderStrategy" + }, + "description": "Configuration block for capacity provider strategy to use by default for the cluster. Can be one or more. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the setting to manage. Valid values: `containerInsights`.\n" + }, + "settings": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ClusterSetting:ClusterSetting" + }, + "description": "Configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN that identifies the cluster.\n" + }, + "capacityProviders": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of short names of one or more capacity providers to associate with the cluster. Valid values also include `FARGATE` and `FARGATE_SPOT`.\n" + }, + "configuration": { + "$ref": "#/types/aws:ecs/ClusterConfiguration:ClusterConfiguration", + "description": "The execute command configuration for the cluster. Detailed below.\n" + }, + "defaultCapacityProviderStrategies": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ClusterDefaultCapacityProviderStrategy:ClusterDefaultCapacityProviderStrategy" + }, + "description": "Configuration block for capacity provider strategy to use by default for the cluster. Can be one or more. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the setting to manage. Valid values: `containerInsights`.\n" + }, + "settings": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ClusterSetting:ClusterSetting" + }, + "description": "Configuration block(s) with cluster settings. For example, this can be used to enable CloudWatch Container Insights for a cluster. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:ecs/service:Service": { + "description": "> **Note:** To prevent a race condition during service deletion, make sure to set `depends_on` to the related `aws.iam.RolePolicy`; otherwise, the policy may be destroyed too soon and the ECS service will then get stuck in the `DRAINING` state.\n\nProvides an ECS service - effectively a task that is expected to run until an error occurs or a user terminates it (typically a webserver or a database).\n\nSee [ECS Services section in AWS developer guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mongo = new aws.ecs.Service(\"mongo\", {\n cluster: aws_ecs_cluster.foo.id,\n taskDefinition: aws_ecs_task_definition.mongo.arn,\n desiredCount: 3,\n iamRole: aws_iam_role.foo.arn,\n orderedPlacementStrategies: [{\n type: \"binpack\",\n field: \"cpu\",\n }],\n loadBalancers: [{\n targetGroupArn: aws_lb_target_group.foo.arn,\n containerName: \"mongo\",\n containerPort: 8080,\n }],\n placementConstraints: [{\n type: \"memberOf\",\n expression: \"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n }],\n}, {\n dependsOn: [aws_iam_role_policy.foo],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmongo = aws.ecs.Service(\"mongo\",\n cluster=aws_ecs_cluster[\"foo\"][\"id\"],\n task_definition=aws_ecs_task_definition[\"mongo\"][\"arn\"],\n desired_count=3,\n iam_role=aws_iam_role[\"foo\"][\"arn\"],\n ordered_placement_strategies=[aws.ecs.ServiceOrderedPlacementStrategyArgs(\n type=\"binpack\",\n field=\"cpu\",\n )],\n load_balancers=[aws.ecs.ServiceLoadBalancerArgs(\n target_group_arn=aws_lb_target_group[\"foo\"][\"arn\"],\n container_name=\"mongo\",\n container_port=8080,\n )],\n placement_constraints=[aws.ecs.ServicePlacementConstraintArgs(\n type=\"memberOf\",\n expression=\"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n )],\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_role_policy[\"foo\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mongo = new Aws.Ecs.Service(\"mongo\", new Aws.Ecs.ServiceArgs\n {\n Cluster = aws_ecs_cluster.Foo.Id,\n TaskDefinition = aws_ecs_task_definition.Mongo.Arn,\n DesiredCount = 3,\n IamRole = aws_iam_role.Foo.Arn,\n OrderedPlacementStrategies = \n {\n new Aws.Ecs.Inputs.ServiceOrderedPlacementStrategyArgs\n {\n Type = \"binpack\",\n Field = \"cpu\",\n },\n },\n LoadBalancers = \n {\n new Aws.Ecs.Inputs.ServiceLoadBalancerArgs\n {\n TargetGroupArn = aws_lb_target_group.Foo.Arn,\n ContainerName = \"mongo\",\n ContainerPort = 8080,\n },\n },\n PlacementConstraints = \n {\n new Aws.Ecs.Inputs.ServicePlacementConstraintArgs\n {\n Type = \"memberOf\",\n Expression = \"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_iam_role_policy.Foo,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"mongo\", &ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Foo.Id),\n\t\t\tTaskDefinition: pulumi.Any(aws_ecs_task_definition.Mongo.Arn),\n\t\t\tDesiredCount: pulumi.Int(3),\n\t\t\tIamRole: pulumi.Any(aws_iam_role.Foo.Arn),\n\t\t\tOrderedPlacementStrategies: ecs.ServiceOrderedPlacementStrategyArray{\n\t\t\t\t&ecs.ServiceOrderedPlacementStrategyArgs{\n\t\t\t\t\tType: pulumi.String(\"binpack\"),\n\t\t\t\t\tField: pulumi.String(\"cpu\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLoadBalancers: ecs.ServiceLoadBalancerArray{\n\t\t\t\t&ecs.ServiceLoadBalancerArgs{\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Foo.Arn),\n\t\t\t\t\tContainerName: pulumi.String(\"mongo\"),\n\t\t\t\t\tContainerPort: pulumi.Int(8080),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPlacementConstraints: ecs.ServicePlacementConstraintArray{\n\t\t\t\t&ecs.ServicePlacementConstraintArgs{\n\t\t\t\t\tType: pulumi.String(\"memberOf\"),\n\t\t\t\t\tExpression: pulumi.String(\"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_role_policy.Foo,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Ignoring Changes to Desired Count\n\nYou can use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to create an ECS service with an initial count of running instances, then ignore any changes to that count caused externally (e.g. Application Autoscaling).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configurations ...\nconst example = new aws.ecs.Service(\"example\", {desiredCount: 2});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configurations ...\nexample = aws.ecs.Service(\"example\", desired_count=2)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configurations ...\n var example = new Aws.Ecs.Service(\"example\", new Aws.Ecs.ServiceArgs\n {\n DesiredCount = 2,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"example\", &ecs.ServiceArgs{\n\t\t\tDesiredCount: pulumi.Int(2),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Daemon Scheduling Strategy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.ecs.Service(\"bar\", {\n cluster: aws_ecs_cluster.foo.id,\n taskDefinition: aws_ecs_task_definition.bar.arn,\n schedulingStrategy: \"DAEMON\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.ecs.Service(\"bar\",\n cluster=aws_ecs_cluster[\"foo\"][\"id\"],\n task_definition=aws_ecs_task_definition[\"bar\"][\"arn\"],\n scheduling_strategy=\"DAEMON\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = new Aws.Ecs.Service(\"bar\", new Aws.Ecs.ServiceArgs\n {\n Cluster = aws_ecs_cluster.Foo.Id,\n TaskDefinition = aws_ecs_task_definition.Bar.Arn,\n SchedulingStrategy = \"DAEMON\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"bar\", &ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Foo.Id),\n\t\t\tTaskDefinition: pulumi.Any(aws_ecs_task_definition.Bar.Arn),\n\t\t\tSchedulingStrategy: pulumi.String(\"DAEMON\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### External Deployment Controller\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ecs.Service(\"example\", {\n cluster: aws_ecs_cluster.example.id,\n deploymentController: {\n type: \"EXTERNAL\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ecs.Service(\"example\",\n cluster=aws_ecs_cluster[\"example\"][\"id\"],\n deployment_controller=aws.ecs.ServiceDeploymentControllerArgs(\n type=\"EXTERNAL\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ecs.Service(\"example\", new Aws.Ecs.ServiceArgs\n {\n Cluster = aws_ecs_cluster.Example.Id,\n DeploymentController = new Aws.Ecs.Inputs.ServiceDeploymentControllerArgs\n {\n Type = \"EXTERNAL\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewService(ctx, \"example\", &ecs.ServiceArgs{\n\t\t\tCluster: pulumi.Any(aws_ecs_cluster.Example.Id),\n\t\t\tDeploymentController: &ecs.ServiceDeploymentControllerArgs{\n\t\t\t\tType: pulumi.String(\"EXTERNAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nECS services can be imported using the `name` together with ecs cluster `name`, e.g.\n\n```sh\n $ pulumi import aws:ecs/service:Service imported cluster-name/service-name\n```\n\n ", + "properties": { + "capacityProviderStrategies": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceCapacityProviderStrategy:ServiceCapacityProviderStrategy" + }, + "description": "Capacity provider strategy to use for the service. Can be one or more. Detailed below.\n" + }, + "cluster": { + "type": "string", + "description": "ARN of an ECS cluster\n" + }, + "deploymentCircuitBreaker": { + "$ref": "#/types/aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker", + "description": "Configuration block for deployment circuit breaker. Detailed below.\n" + }, + "deploymentController": { + "$ref": "#/types/aws:ecs/ServiceDeploymentController:ServiceDeploymentController", + "description": "Configuration block for deployment controller configuration. Detailed below.\n" + }, + "deploymentMaximumPercent": { + "type": "integer", + "description": "Upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the `DAEMON` scheduling strategy.\n" + }, + "deploymentMinimumHealthyPercent": { + "type": "integer", + "description": "Lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.\n" + }, + "desiredCount": { + "type": "integer", + "description": "Number of instances of the task definition to place and keep running. Defaults to 0. Do not specify if using the `DAEMON` scheduling strategy.\n" + }, + "enableEcsManagedTags": { + "type": "boolean", + "description": "Specifies whether to enable Amazon ECS managed tags for the tasks within the service.\n" + }, + "enableExecuteCommand": { + "type": "boolean", + "description": "Specifies whether to enable Amazon ECS Exec for the tasks within the service.\n" + }, + "forceNewDeployment": { + "type": "boolean", + "description": "Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. `myimage:latest`), roll Fargate tasks onto a newer platform version, or immediately deploy `ordered_placement_strategy` and `placement_constraints` updates.\n" + }, + "healthCheckGracePeriodSeconds": { + "type": "integer", + "description": "Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 2147483647. Only valid for services configured to use load balancers.\n" + }, + "iamRole": { + "type": "string", + "description": "ARN of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is required if you are using a load balancer with your service, but only if your task definition does not use the `awsvpc` network mode. If using `awsvpc` network mode, do not specify this role. If your account has already created the Amazon ECS service-linked role, that role is used by default for your service unless you specify a role here.\n" + }, + "launchType": { + "type": "string", + "description": "Launch type on which to run your service. The valid values are `EC2`, `FARGATE`, and `EXTERNAL`. Defaults to `EC2`.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer" + }, + "description": "Configuration block for load balancers. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the service (up to 255 letters, numbers, hyphens, and underscores)\n" + }, + "networkConfiguration": { + "$ref": "#/types/aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration", + "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. Detailed below.\n" + }, + "orderedPlacementStrategies": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceOrderedPlacementStrategy:ServiceOrderedPlacementStrategy" + }, + "description": "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. Detailed below.\n" + }, + "placementConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint" + }, + "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. Detailed below.\n" + }, + "platformVersion": { + "type": "string", + "description": "Platform version on which to run your service. Only applicable for `launch_type` set to `FARGATE`. Defaults to `LATEST`. More information about Fargate platform versions can be found in the [AWS ECS User Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html).\n" + }, + "propagateTags": { + "type": "string", + "description": "Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are `SERVICE` and `TASK_DEFINITION`.\n" + }, + "schedulingStrategy": { + "type": "string", + "description": "Scheduling strategy to use for the service. The valid values are `REPLICA` and `DAEMON`. Defaults to `REPLICA`. Note that [*Tasks using the Fargate launch type or the `CODE_DEPLOY` or `EXTERNAL` deployment controller types don't support the `DAEMON` scheduling strategy*](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html).\n" + }, + "serviceRegistries": { + "$ref": "#/types/aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries", + "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "taskDefinition": { + "type": "string", + "description": "Family and revision (`family:revision`) or full ARN of the task definition that you want to run in your service. Required unless using the `EXTERNAL` deployment controller. If a revision is not specified, the latest `ACTIVE` revision is used.\n" + }, + "waitForSteadyState": { + "type": "boolean", + "description": "If `true`, this provider will wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`.\n" + } + }, + "required": [ + "cluster", + "iamRole", + "launchType", + "name", + "platformVersion", + "tagsAll" + ], + "inputProperties": { + "capacityProviderStrategies": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceCapacityProviderStrategy:ServiceCapacityProviderStrategy" + }, + "description": "Capacity provider strategy to use for the service. Can be one or more. Detailed below.\n" + }, + "cluster": { + "type": "string", + "description": "ARN of an ECS cluster\n" + }, + "deploymentCircuitBreaker": { + "$ref": "#/types/aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker", + "description": "Configuration block for deployment circuit breaker. Detailed below.\n" + }, + "deploymentController": { + "$ref": "#/types/aws:ecs/ServiceDeploymentController:ServiceDeploymentController", + "description": "Configuration block for deployment controller configuration. Detailed below.\n" + }, + "deploymentMaximumPercent": { + "type": "integer", + "description": "Upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the `DAEMON` scheduling strategy.\n" + }, + "deploymentMinimumHealthyPercent": { + "type": "integer", + "description": "Lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.\n" + }, + "desiredCount": { + "type": "integer", + "description": "Number of instances of the task definition to place and keep running. Defaults to 0. Do not specify if using the `DAEMON` scheduling strategy.\n" + }, + "enableEcsManagedTags": { + "type": "boolean", + "description": "Specifies whether to enable Amazon ECS managed tags for the tasks within the service.\n" + }, + "enableExecuteCommand": { + "type": "boolean", + "description": "Specifies whether to enable Amazon ECS Exec for the tasks within the service.\n" + }, + "forceNewDeployment": { + "type": "boolean", + "description": "Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. `myimage:latest`), roll Fargate tasks onto a newer platform version, or immediately deploy `ordered_placement_strategy` and `placement_constraints` updates.\n" + }, + "healthCheckGracePeriodSeconds": { + "type": "integer", + "description": "Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 2147483647. Only valid for services configured to use load balancers.\n" + }, + "iamRole": { + "type": "string", + "description": "ARN of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is required if you are using a load balancer with your service, but only if your task definition does not use the `awsvpc` network mode. If using `awsvpc` network mode, do not specify this role. If your account has already created the Amazon ECS service-linked role, that role is used by default for your service unless you specify a role here.\n" + }, + "launchType": { + "type": "string", + "description": "Launch type on which to run your service. The valid values are `EC2`, `FARGATE`, and `EXTERNAL`. Defaults to `EC2`.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer" + }, + "description": "Configuration block for load balancers. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the service (up to 255 letters, numbers, hyphens, and underscores)\n" + }, + "networkConfiguration": { + "$ref": "#/types/aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration", + "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. Detailed below.\n" + }, + "orderedPlacementStrategies": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceOrderedPlacementStrategy:ServiceOrderedPlacementStrategy" + }, + "description": "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. Detailed below.\n" + }, + "placementConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint" + }, + "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. Detailed below.\n" + }, + "platformVersion": { + "type": "string", + "description": "Platform version on which to run your service. Only applicable for `launch_type` set to `FARGATE`. Defaults to `LATEST`. More information about Fargate platform versions can be found in the [AWS ECS User Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html).\n" + }, + "propagateTags": { + "type": "string", + "description": "Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are `SERVICE` and `TASK_DEFINITION`.\n" + }, + "schedulingStrategy": { + "type": "string", + "description": "Scheduling strategy to use for the service. The valid values are `REPLICA` and `DAEMON`. Defaults to `REPLICA`. Note that [*Tasks using the Fargate launch type or the `CODE_DEPLOY` or `EXTERNAL` deployment controller types don't support the `DAEMON` scheduling strategy*](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html).\n" + }, + "serviceRegistries": { + "$ref": "#/types/aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries", + "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "taskDefinition": { + "type": "string", + "description": "Family and revision (`family:revision`) or full ARN of the task definition that you want to run in your service. Required unless using the `EXTERNAL` deployment controller. If a revision is not specified, the latest `ACTIVE` revision is used.\n" + }, + "waitForSteadyState": { + "type": "boolean", + "description": "If `true`, this provider will wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Service resources.\n", + "properties": { + "capacityProviderStrategies": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceCapacityProviderStrategy:ServiceCapacityProviderStrategy" + }, + "description": "Capacity provider strategy to use for the service. Can be one or more. Detailed below.\n" + }, + "cluster": { + "type": "string", + "description": "ARN of an ECS cluster\n" + }, + "deploymentCircuitBreaker": { + "$ref": "#/types/aws:ecs/ServiceDeploymentCircuitBreaker:ServiceDeploymentCircuitBreaker", + "description": "Configuration block for deployment circuit breaker. Detailed below.\n" + }, + "deploymentController": { + "$ref": "#/types/aws:ecs/ServiceDeploymentController:ServiceDeploymentController", + "description": "Configuration block for deployment controller configuration. Detailed below.\n" + }, + "deploymentMaximumPercent": { + "type": "integer", + "description": "Upper limit (as a percentage of the service's desiredCount) of the number of running tasks that can be running in a service during a deployment. Not valid when using the `DAEMON` scheduling strategy.\n" + }, + "deploymentMinimumHealthyPercent": { + "type": "integer", + "description": "Lower limit (as a percentage of the service's desiredCount) of the number of running tasks that must remain running and healthy in a service during a deployment.\n" + }, + "desiredCount": { + "type": "integer", + "description": "Number of instances of the task definition to place and keep running. Defaults to 0. Do not specify if using the `DAEMON` scheduling strategy.\n" + }, + "enableEcsManagedTags": { + "type": "boolean", + "description": "Specifies whether to enable Amazon ECS managed tags for the tasks within the service.\n" + }, + "enableExecuteCommand": { + "type": "boolean", + "description": "Specifies whether to enable Amazon ECS Exec for the tasks within the service.\n" + }, + "forceNewDeployment": { + "type": "boolean", + "description": "Enable to force a new task deployment of the service. This can be used to update tasks to use a newer Docker image with same image/tag combination (e.g. `myimage:latest`), roll Fargate tasks onto a newer platform version, or immediately deploy `ordered_placement_strategy` and `placement_constraints` updates.\n" + }, + "healthCheckGracePeriodSeconds": { + "type": "integer", + "description": "Seconds to ignore failing load balancer health checks on newly instantiated tasks to prevent premature shutdown, up to 2147483647. Only valid for services configured to use load balancers.\n" + }, + "iamRole": { + "type": "string", + "description": "ARN of the IAM role that allows Amazon ECS to make calls to your load balancer on your behalf. This parameter is required if you are using a load balancer with your service, but only if your task definition does not use the `awsvpc` network mode. If using `awsvpc` network mode, do not specify this role. If your account has already created the Amazon ECS service-linked role, that role is used by default for your service unless you specify a role here.\n" + }, + "launchType": { + "type": "string", + "description": "Launch type on which to run your service. The valid values are `EC2`, `FARGATE`, and `EXTERNAL`. Defaults to `EC2`.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceLoadBalancer:ServiceLoadBalancer" + }, + "description": "Configuration block for load balancers. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the service (up to 255 letters, numbers, hyphens, and underscores)\n" + }, + "networkConfiguration": { + "$ref": "#/types/aws:ecs/ServiceNetworkConfiguration:ServiceNetworkConfiguration", + "description": "Network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own Elastic Network Interface, and it is not supported for other network modes. Detailed below.\n" + }, + "orderedPlacementStrategies": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServiceOrderedPlacementStrategy:ServiceOrderedPlacementStrategy" + }, + "description": "Service level strategy rules that are taken into consideration during task placement. List from top to bottom in order of precedence. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. The maximum number of `ordered_placement_strategy` blocks is `5`. Detailed below.\n" + }, + "placementConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/ServicePlacementConstraint:ServicePlacementConstraint" + }, + "description": "Rules that are taken into consideration during task placement. Updates to this configuration will take effect next task deployment unless `force_new_deployment` is enabled. Maximum number of `placement_constraints` is `10`. Detailed below.\n" + }, + "platformVersion": { + "type": "string", + "description": "Platform version on which to run your service. Only applicable for `launch_type` set to `FARGATE`. Defaults to `LATEST`. More information about Fargate platform versions can be found in the [AWS ECS User Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html).\n" + }, + "propagateTags": { + "type": "string", + "description": "Specifies whether to propagate the tags from the task definition or the service to the tasks. The valid values are `SERVICE` and `TASK_DEFINITION`.\n" + }, + "schedulingStrategy": { + "type": "string", + "description": "Scheduling strategy to use for the service. The valid values are `REPLICA` and `DAEMON`. Defaults to `REPLICA`. Note that [*Tasks using the Fargate launch type or the `CODE_DEPLOY` or `EXTERNAL` deployment controller types don't support the `DAEMON` scheduling strategy*](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html).\n" + }, + "serviceRegistries": { + "$ref": "#/types/aws:ecs/ServiceServiceRegistries:ServiceServiceRegistries", + "description": "Service discovery registries for the service. The maximum number of `service_registries` blocks is `1`. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "taskDefinition": { + "type": "string", + "description": "Family and revision (`family:revision`) or full ARN of the task definition that you want to run in your service. Required unless using the `EXTERNAL` deployment controller. If a revision is not specified, the latest `ACTIVE` revision is used.\n" + }, + "waitForSteadyState": { + "type": "boolean", + "description": "If `true`, this provider will wait for the service to reach a steady state (like [`aws ecs wait services-stable`](https://docs.aws.amazon.com/cli/latest/reference/ecs/wait/services-stable.html)) before continuing. Default `false`.\n" + } + }, + "type": "object" + } + }, + "aws:ecs/taskDefinition:TaskDefinition": { + "description": "Manages a revision of an ECS task definition to be used in `aws.ecs.Service`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst service = new aws.ecs.TaskDefinition(\"service\", {\n family: \"service\",\n containerDefinitions: JSON.stringify([\n {\n name: \"first\",\n image: \"service-first\",\n cpu: 10,\n memory: 512,\n essential: true,\n portMappings: [{\n containerPort: 80,\n hostPort: 80,\n }],\n },\n {\n name: \"second\",\n image: \"service-second\",\n cpu: 10,\n memory: 256,\n essential: true,\n portMappings: [{\n containerPort: 443,\n hostPort: 443,\n }],\n },\n ]),\n volumes: [{\n name: \"service-storage\",\n hostPath: \"/ecs/service-storage\",\n }],\n placementConstraints: [{\n type: \"memberOf\",\n expression: \"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n }],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nservice = aws.ecs.TaskDefinition(\"service\",\n family=\"service\",\n container_definitions=json.dumps([\n {\n \"name\": \"first\",\n \"image\": \"service-first\",\n \"cpu\": 10,\n \"memory\": 512,\n \"essential\": True,\n \"portMappings\": [{\n \"containerPort\": 80,\n \"hostPort\": 80,\n }],\n },\n {\n \"name\": \"second\",\n \"image\": \"service-second\",\n \"cpu\": 10,\n \"memory\": 256,\n \"essential\": True,\n \"portMappings\": [{\n \"containerPort\": 443,\n \"hostPort\": 443,\n }],\n },\n ]),\n volumes=[aws.ecs.TaskDefinitionVolumeArgs(\n name=\"service-storage\",\n host_path=\"/ecs/service-storage\",\n )],\n placement_constraints=[aws.ecs.TaskDefinitionPlacementConstraintArgs(\n type=\"memberOf\",\n expression=\"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var service = new Aws.Ecs.TaskDefinition(\"service\", new Aws.Ecs.TaskDefinitionArgs\n {\n Family = \"service\",\n ContainerDefinitions = JsonSerializer.Serialize(new[]\n {\n new Dictionary\n {\n { \"name\", \"first\" },\n { \"image\", \"service-first\" },\n { \"cpu\", 10 },\n { \"memory\", 512 },\n { \"essential\", true },\n { \"portMappings\", new[]\n {\n new Dictionary\n {\n { \"containerPort\", 80 },\n { \"hostPort\", 80 },\n },\n }\n },\n },\n new Dictionary\n {\n { \"name\", \"second\" },\n { \"image\", \"service-second\" },\n { \"cpu\", 10 },\n { \"memory\", 256 },\n { \"essential\", true },\n { \"portMappings\", new[]\n {\n new Dictionary\n {\n { \"containerPort\", 443 },\n { \"hostPort\", 443 },\n },\n }\n },\n },\n }\n ),\n Volumes = \n {\n new Aws.Ecs.Inputs.TaskDefinitionVolumeArgs\n {\n Name = \"service-storage\",\n HostPath = \"/ecs/service-storage\",\n },\n },\n PlacementConstraints = \n {\n new Aws.Ecs.Inputs.TaskDefinitionPlacementConstraintArgs\n {\n Type = \"memberOf\",\n Expression = \"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal([]interface{}{\n\t\t\tmap[string]interface{}{\n\t\t\t\t\"name\": \"first\",\n\t\t\t\t\"image\": \"service-first\",\n\t\t\t\t\"cpu\": 10,\n\t\t\t\t\"memory\": 512,\n\t\t\t\t\"essential\": true,\n\t\t\t\t\"portMappings\": []map[string]interface{}{\n\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\"containerPort\": 80,\n\t\t\t\t\t\t\"hostPort\": 80,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tmap[string]interface{}{\n\t\t\t\t\"name\": \"second\",\n\t\t\t\t\"image\": \"service-second\",\n\t\t\t\t\"cpu\": 10,\n\t\t\t\t\"memory\": 256,\n\t\t\t\t\"essential\": true,\n\t\t\t\t\"portMappings\": []map[string]interface{}{\n\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\"containerPort\": 443,\n\t\t\t\t\t\t\"hostPort\": 443,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := ecs.NewTaskDefinition(ctx, \"service\", &ecs.TaskDefinitionArgs{\n\t\t\tFamily: pulumi.String(\"service\"),\n\t\t\tContainerDefinitions: pulumi.String(json0),\n\t\t\tVolumes: ecs.TaskDefinitionVolumeArray{\n\t\t\t\t&ecs.TaskDefinitionVolumeArgs{\n\t\t\t\t\tName: pulumi.String(\"service-storage\"),\n\t\t\t\t\tHostPath: pulumi.String(\"/ecs/service-storage\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPlacementConstraints: ecs.TaskDefinitionPlacementConstraintArray{\n\t\t\t\t&ecs.TaskDefinitionPlacementConstraintArgs{\n\t\t\t\t\tType: pulumi.String(\"memberOf\"),\n\t\t\t\t\tExpression: pulumi.String(\"attribute:ecs.availability-zone in [us-west-2a, us-west-2b]\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### With AppMesh Proxy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst service = new aws.ecs.TaskDefinition(\"service\", {\n family: \"service\",\n containerDefinitions: fs.readFileSync(\"task-definitions/service.json\"),\n proxyConfiguration: {\n type: \"APPMESH\",\n containerName: \"applicationContainerName\",\n properties: {\n AppPorts: \"8080\",\n EgressIgnoredIPs: \"169.254.170.2,169.254.169.254\",\n IgnoredUID: \"1337\",\n ProxyEgressPort: 15001,\n ProxyIngressPort: 15000,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nservice = aws.ecs.TaskDefinition(\"service\",\n family=\"service\",\n container_definitions=(lambda path: open(path).read())(\"task-definitions/service.json\"),\n proxy_configuration=aws.ecs.TaskDefinitionProxyConfigurationArgs(\n type=\"APPMESH\",\n container_name=\"applicationContainerName\",\n properties={\n \"AppPorts\": \"8080\",\n \"EgressIgnoredIPs\": \"169.254.170.2,169.254.169.254\",\n \"IgnoredUID\": \"1337\",\n \"ProxyEgressPort\": \"15001\",\n \"ProxyIngressPort\": \"15000\",\n },\n ))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var service = new Aws.Ecs.TaskDefinition(\"service\", new Aws.Ecs.TaskDefinitionArgs\n {\n Family = \"service\",\n ContainerDefinitions = File.ReadAllText(\"task-definitions/service.json\"),\n ProxyConfiguration = new Aws.Ecs.Inputs.TaskDefinitionProxyConfigurationArgs\n {\n Type = \"APPMESH\",\n ContainerName = \"applicationContainerName\",\n Properties = \n {\n { \"AppPorts\", \"8080\" },\n { \"EgressIgnoredIPs\", \"169.254.170.2,169.254.169.254\" },\n { \"IgnoredUID\", \"1337\" },\n { \"ProxyEgressPort\", \"15001\" },\n { \"ProxyIngressPort\", \"15000\" },\n },\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example Using `docker_volume_configuration`\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst service = new aws.ecs.TaskDefinition(\"service\", {\n family: \"service\",\n containerDefinitions: fs.readFileSync(\"task-definitions/service.json\"),\n volumes: [{\n name: \"service-storage\",\n dockerVolumeConfiguration: {\n scope: \"shared\",\n autoprovision: true,\n driver: \"local\",\n driverOpts: {\n type: \"nfs\",\n device: `${aws_efs_file_system.fs.dns_name}:/`,\n o: `addr=${aws_efs_file_system.fs.dns_name},rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport`,\n },\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nservice = aws.ecs.TaskDefinition(\"service\",\n family=\"service\",\n container_definitions=(lambda path: open(path).read())(\"task-definitions/service.json\"),\n volumes=[aws.ecs.TaskDefinitionVolumeArgs(\n name=\"service-storage\",\n docker_volume_configuration=aws.ecs.TaskDefinitionVolumeDockerVolumeConfigurationArgs(\n scope=\"shared\",\n autoprovision=True,\n driver=\"local\",\n driver_opts={\n \"type\": \"nfs\",\n \"device\": f\"{aws_efs_file_system['fs']['dns_name']}:/\",\n \"o\": f\"addr={aws_efs_file_system['fs']['dns_name']},rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport\",\n },\n ),\n )])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var service = new Aws.Ecs.TaskDefinition(\"service\", new Aws.Ecs.TaskDefinitionArgs\n {\n Family = \"service\",\n ContainerDefinitions = File.ReadAllText(\"task-definitions/service.json\"),\n Volumes = \n {\n new Aws.Ecs.Inputs.TaskDefinitionVolumeArgs\n {\n Name = \"service-storage\",\n DockerVolumeConfiguration = new Aws.Ecs.Inputs.TaskDefinitionVolumeDockerVolumeConfigurationArgs\n {\n Scope = \"shared\",\n Autoprovision = true,\n Driver = \"local\",\n DriverOpts = \n {\n { \"type\", \"nfs\" },\n { \"device\", $\"{aws_efs_file_system.Fs.Dns_name}:/\" },\n { \"o\", $\"addr={aws_efs_file_system.Fs.Dns_name},rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport\" },\n },\n },\n },\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example Using `efs_volume_configuration`\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst service = new aws.ecs.TaskDefinition(\"service\", {\n family: \"service\",\n containerDefinitions: fs.readFileSync(\"task-definitions/service.json\"),\n volumes: [{\n name: \"service-storage\",\n efsVolumeConfiguration: {\n fileSystemId: aws_efs_file_system.fs.id,\n rootDirectory: \"/opt/data\",\n transitEncryption: \"ENABLED\",\n transitEncryptionPort: 2999,\n authorizationConfig: {\n accessPointId: aws_efs_access_point.test.id,\n iam: \"ENABLED\",\n },\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nservice = aws.ecs.TaskDefinition(\"service\",\n family=\"service\",\n container_definitions=(lambda path: open(path).read())(\"task-definitions/service.json\"),\n volumes=[aws.ecs.TaskDefinitionVolumeArgs(\n name=\"service-storage\",\n efs_volume_configuration=aws.ecs.TaskDefinitionVolumeEfsVolumeConfigurationArgs(\n file_system_id=aws_efs_file_system[\"fs\"][\"id\"],\n root_directory=\"/opt/data\",\n transit_encryption=\"ENABLED\",\n transit_encryption_port=2999,\n authorization_config=aws.ecs.TaskDefinitionVolumeEfsVolumeConfigurationAuthorizationConfigArgs(\n access_point_id=aws_efs_access_point[\"test\"][\"id\"],\n iam=\"ENABLED\",\n ),\n ),\n )])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var service = new Aws.Ecs.TaskDefinition(\"service\", new Aws.Ecs.TaskDefinitionArgs\n {\n Family = \"service\",\n ContainerDefinitions = File.ReadAllText(\"task-definitions/service.json\"),\n Volumes = \n {\n new Aws.Ecs.Inputs.TaskDefinitionVolumeArgs\n {\n Name = \"service-storage\",\n EfsVolumeConfiguration = new Aws.Ecs.Inputs.TaskDefinitionVolumeEfsVolumeConfigurationArgs\n {\n FileSystemId = aws_efs_file_system.Fs.Id,\n RootDirectory = \"/opt/data\",\n TransitEncryption = \"ENABLED\",\n TransitEncryptionPort = 2999,\n AuthorizationConfig = new Aws.Ecs.Inputs.TaskDefinitionVolumeEfsVolumeConfigurationAuthorizationConfigArgs\n {\n AccessPointId = aws_efs_access_point.Test.Id,\n Iam = \"ENABLED\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example Using `fsx_windows_file_server_volume_configuration`\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst test = new aws.secretsmanager.SecretVersion(\"test\", {\n secretId: aws_secretsmanager_secret.test.id,\n secretString: JSON.stringify({\n username: \"admin\",\n password: aws_directory_service_directory.test.password,\n }),\n});\nconst service = new aws.ecs.TaskDefinition(\"service\", {\n family: \"service\",\n containerDefinitions: fs.readFileSync(\"task-definitions/service.json\"),\n volumes: [{\n name: \"service-storage\",\n fsxWindowsFileServerVolumeConfiguration: {\n fileSystemId: aws_fsx_windows_file_system.test.id,\n rootDirectory: \"\\\\data\",\n authorizationConfig: {\n credentialsParameter: test.arn,\n domain: aws_directory_service_directory.test.name,\n },\n },\n }],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest = aws.secretsmanager.SecretVersion(\"test\",\n secret_id=aws_secretsmanager_secret[\"test\"][\"id\"],\n secret_string=json.dumps({\n \"username\": \"admin\",\n \"password\": aws_directory_service_directory[\"test\"][\"password\"],\n }))\nservice = aws.ecs.TaskDefinition(\"service\",\n family=\"service\",\n container_definitions=(lambda path: open(path).read())(\"task-definitions/service.json\"),\n volumes=[aws.ecs.TaskDefinitionVolumeArgs(\n name=\"service-storage\",\n fsx_windows_file_server_volume_configuration=aws.ecs.TaskDefinitionVolumeFsxWindowsFileServerVolumeConfigurationArgs(\n file_system_id=aws_fsx_windows_file_system[\"test\"][\"id\"],\n root_directory=\"\\\\data\",\n authorization_config=aws.ecs.TaskDefinitionVolumeFsxWindowsFileServerVolumeConfigurationAuthorizationConfigArgs(\n credentials_parameter=test.arn,\n domain=aws_directory_service_directory[\"test\"][\"name\"],\n ),\n ),\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.SecretsManager.SecretVersion(\"test\", new Aws.SecretsManager.SecretVersionArgs\n {\n SecretId = aws_secretsmanager_secret.Test.Id,\n SecretString = JsonSerializer.Serialize(new Dictionary\n {\n { \"username\", \"admin\" },\n { \"password\", aws_directory_service_directory.Test.Password },\n }),\n });\n var service = new Aws.Ecs.TaskDefinition(\"service\", new Aws.Ecs.TaskDefinitionArgs\n {\n Family = \"service\",\n ContainerDefinitions = File.ReadAllText(\"task-definitions/service.json\"),\n Volumes = \n {\n new Aws.Ecs.Inputs.TaskDefinitionVolumeArgs\n {\n Name = \"service-storage\",\n FsxWindowsFileServerVolumeConfiguration = new Aws.Ecs.Inputs.TaskDefinitionVolumeFsxWindowsFileServerVolumeConfigurationArgs\n {\n FileSystemId = aws_fsx_windows_file_system.Test.Id,\n RootDirectory = \"\\\\data\",\n AuthorizationConfig = new Aws.Ecs.Inputs.TaskDefinitionVolumeFsxWindowsFileServerVolumeConfigurationAuthorizationConfigArgs\n {\n CredentialsParameter = test.Arn,\n Domain = aws_directory_service_directory.Test.Name,\n },\n },\n },\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example Using `container_definitions` and `inference_accelerator`\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ecs.TaskDefinition(\"test\", {\n containerDefinitions: `[\n\t{\n\t\t\"cpu\": 10,\n\t\t\"command\": [\"sleep\", \"10\"],\n\t\t\"entryPoint\": [\"/\"],\n\t\t\"environment\": [\n\t\t\t{\"name\": \"VARNAME\", \"value\": \"VARVAL\"}\n\t\t],\n\t\t\"essential\": true,\n\t\t\"image\": \"jenkins\",\n\t\t\"memory\": 128,\n\t\t\"name\": \"jenkins\",\n\t\t\"portMappings\": [\n\t\t\t{\n\t\t\t\t\"containerPort\": 80,\n\t\t\t\t\"hostPort\": 8080\n\t\t\t}\n\t\t],\n \"resourceRequirements\":[\n {\n \"type\":\"InferenceAccelerator\",\n \"value\":\"device_1\"\n }\n ]\n\t}\n]\n`,\n family: \"test\",\n inferenceAccelerators: [{\n deviceName: \"device_1\",\n deviceType: \"eia1.medium\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ecs.TaskDefinition(\"test\",\n container_definitions=\"\"\"[\n\t{\n\t\t\"cpu\": 10,\n\t\t\"command\": [\"sleep\", \"10\"],\n\t\t\"entryPoint\": [\"/\"],\n\t\t\"environment\": [\n\t\t\t{\"name\": \"VARNAME\", \"value\": \"VARVAL\"}\n\t\t],\n\t\t\"essential\": true,\n\t\t\"image\": \"jenkins\",\n\t\t\"memory\": 128,\n\t\t\"name\": \"jenkins\",\n\t\t\"portMappings\": [\n\t\t\t{\n\t\t\t\t\"containerPort\": 80,\n\t\t\t\t\"hostPort\": 8080\n\t\t\t}\n\t\t],\n \"resourceRequirements\":[\n {\n \"type\":\"InferenceAccelerator\",\n \"value\":\"device_1\"\n }\n ]\n\t}\n]\n\n\"\"\",\n family=\"test\",\n inference_accelerators=[aws.ecs.TaskDefinitionInferenceAcceleratorArgs(\n device_name=\"device_1\",\n device_type=\"eia1.medium\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Ecs.TaskDefinition(\"test\", new Aws.Ecs.TaskDefinitionArgs\n {\n ContainerDefinitions = @\"[\n\t{\n\t\t\"\"cpu\"\": 10,\n\t\t\"\"command\"\": [\"\"sleep\"\", \"\"10\"\"],\n\t\t\"\"entryPoint\"\": [\"\"/\"\"],\n\t\t\"\"environment\"\": [\n\t\t\t{\"\"name\"\": \"\"VARNAME\"\", \"\"value\"\": \"\"VARVAL\"\"}\n\t\t],\n\t\t\"\"essential\"\": true,\n\t\t\"\"image\"\": \"\"jenkins\"\",\n\t\t\"\"memory\"\": 128,\n\t\t\"\"name\"\": \"\"jenkins\"\",\n\t\t\"\"portMappings\"\": [\n\t\t\t{\n\t\t\t\t\"\"containerPort\"\": 80,\n\t\t\t\t\"\"hostPort\"\": 8080\n\t\t\t}\n\t\t],\n \"\"resourceRequirements\"\":[\n {\n \"\"type\"\":\"\"InferenceAccelerator\"\",\n \"\"value\"\":\"\"device_1\"\"\n }\n ]\n\t}\n]\n\n\",\n Family = \"test\",\n InferenceAccelerators = \n {\n new Aws.Ecs.Inputs.TaskDefinitionInferenceAcceleratorArgs\n {\n DeviceName = \"device_1\",\n DeviceType = \"eia1.medium\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.NewTaskDefinition(ctx, \"test\", &ecs.TaskDefinitionArgs{\n\t\t\tContainerDefinitions: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"[\\n\", \"\t{\\n\", \"\t\t\\\"cpu\\\": 10,\\n\", \"\t\t\\\"command\\\": [\\\"sleep\\\", \\\"10\\\"],\\n\", \"\t\t\\\"entryPoint\\\": [\\\"/\\\"],\\n\", \"\t\t\\\"environment\\\": [\\n\", \"\t\t\t{\\\"name\\\": \\\"VARNAME\\\", \\\"value\\\": \\\"VARVAL\\\"}\\n\", \"\t\t],\\n\", \"\t\t\\\"essential\\\": true,\\n\", \"\t\t\\\"image\\\": \\\"jenkins\\\",\\n\", \"\t\t\\\"memory\\\": 128,\\n\", \"\t\t\\\"name\\\": \\\"jenkins\\\",\\n\", \"\t\t\\\"portMappings\\\": [\\n\", \"\t\t\t{\\n\", \"\t\t\t\t\\\"containerPort\\\": 80,\\n\", \"\t\t\t\t\\\"hostPort\\\": 8080\\n\", \"\t\t\t}\\n\", \"\t\t],\\n\", \" \\\"resourceRequirements\\\":[\\n\", \" {\\n\", \" \\\"type\\\":\\\"InferenceAccelerator\\\",\\n\", \" \\\"value\\\":\\\"device_1\\\"\\n\", \" }\\n\", \" ]\\n\", \"\t}\\n\", \"]\\n\", \"\\n\")),\n\t\t\tFamily: pulumi.String(\"test\"),\n\t\t\tInferenceAccelerators: ecs.TaskDefinitionInferenceAcceleratorArray{\n\t\t\t\t&ecs.TaskDefinitionInferenceAcceleratorArgs{\n\t\t\t\t\tDeviceName: pulumi.String(\"device_1\"),\n\t\t\t\t\tDeviceType: pulumi.String(\"eia1.medium\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nECS Task Definitions can be imported via their Amazon Resource Name (ARN)\n\n```sh\n $ pulumi import aws:ecs/taskDefinition:TaskDefinition example arn:aws:ecs:us-east-1:012345678910:task-definition/mytaskfamily:123\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Full ARN of the Task Definition (including both `family` and `revision`).\n" + }, + "containerDefinitions": { + "type": "string", + "description": "A list of valid [container definitions](http://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) provided as a single valid JSON document. Please note that you should only provide values that are part of the container definition document. For a detailed description of what parameters are available, see the [Task Definition Parameters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) section from the official [Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide).\n" + }, + "cpu": { + "type": "string", + "description": "Number of cpu units used by the task. If the `requires_compatibilities` is `FARGATE` this field is required.\n" + }, + "ephemeralStorage": { + "$ref": "#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", + "description": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "ARN of the task execution role that the Amazon ECS container agent and the Docker daemon can assume.\n" + }, + "family": { + "type": "string", + "description": "A unique name for your task definition.\n" + }, + "inferenceAccelerators": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" + }, + "description": "Configuration block(s) with Inference Accelerators settings. Detailed below.\n" + }, + "ipcMode": { + "type": "string", + "description": "IPC resource namespace to be used for the containers in the task The valid values are `host`, `task`, and `none`.\n" + }, + "memory": { + "type": "string", + "description": "Amount (in MiB) of memory used by the task. If the `requires_compatibilities` is `FARGATE` this field is required.\n" + }, + "networkMode": { + "type": "string", + "description": "Docker networking mode to use for the containers in the task. Valid values are `none`, `bridge`, `awsvpc`, and `host`.\n" + }, + "pidMode": { + "type": "string", + "description": "Process namespace to use for the containers in the task. The valid values are `host` and `task`.\n" + }, + "placementConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" + }, + "description": "Configuration block for rules that are taken into consideration during task placement. Maximum number of `placement_constraints` is `10`. Detailed below.\n" + }, + "proxyConfiguration": { + "$ref": "#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", + "description": "Configuration block for the App Mesh proxy. Detailed below.\n" + }, + "requiresCompatibilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of launch types required by the task. The valid values are `EC2` and `FARGATE`.\n" + }, + "revision": { + "type": "integer", + "description": "Revision of the task in a particular family.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "taskRoleArn": { + "type": "string", + "description": "ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services.\n" + }, + "volumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" + }, + "description": "Configuration block for volumes that containers in your task may use. Detailed below.\n" + } + }, + "required": [ + "arn", + "containerDefinitions", + "family", + "networkMode", + "revision", + "tagsAll" + ], + "inputProperties": { + "containerDefinitions": { + "type": "string", + "description": "A list of valid [container definitions](http://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) provided as a single valid JSON document. Please note that you should only provide values that are part of the container definition document. For a detailed description of what parameters are available, see the [Task Definition Parameters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) section from the official [Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide).\n" + }, + "cpu": { + "type": "string", + "description": "Number of cpu units used by the task. If the `requires_compatibilities` is `FARGATE` this field is required.\n" + }, + "ephemeralStorage": { + "$ref": "#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", + "description": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "ARN of the task execution role that the Amazon ECS container agent and the Docker daemon can assume.\n" + }, + "family": { + "type": "string", + "description": "A unique name for your task definition.\n" + }, + "inferenceAccelerators": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" + }, + "description": "Configuration block(s) with Inference Accelerators settings. Detailed below.\n" + }, + "ipcMode": { + "type": "string", + "description": "IPC resource namespace to be used for the containers in the task The valid values are `host`, `task`, and `none`.\n" + }, + "memory": { + "type": "string", + "description": "Amount (in MiB) of memory used by the task. If the `requires_compatibilities` is `FARGATE` this field is required.\n" + }, + "networkMode": { + "type": "string", + "description": "Docker networking mode to use for the containers in the task. Valid values are `none`, `bridge`, `awsvpc`, and `host`.\n" + }, + "pidMode": { + "type": "string", + "description": "Process namespace to use for the containers in the task. The valid values are `host` and `task`.\n" + }, + "placementConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" + }, + "description": "Configuration block for rules that are taken into consideration during task placement. Maximum number of `placement_constraints` is `10`. Detailed below.\n" + }, + "proxyConfiguration": { + "$ref": "#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", + "description": "Configuration block for the App Mesh proxy. Detailed below.\n" + }, + "requiresCompatibilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of launch types required by the task. The valid values are `EC2` and `FARGATE`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "taskRoleArn": { + "type": "string", + "description": "ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services.\n" + }, + "volumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" + }, + "description": "Configuration block for volumes that containers in your task may use. Detailed below.\n" + } + }, + "requiredInputs": [ + "containerDefinitions", + "family" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TaskDefinition resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Full ARN of the Task Definition (including both `family` and `revision`).\n" + }, + "containerDefinitions": { + "type": "string", + "description": "A list of valid [container definitions](http://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_ContainerDefinition.html) provided as a single valid JSON document. Please note that you should only provide values that are part of the container definition document. For a detailed description of what parameters are available, see the [Task Definition Parameters](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html) section from the official [Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide).\n" + }, + "cpu": { + "type": "string", + "description": "Number of cpu units used by the task. If the `requires_compatibilities` is `FARGATE` this field is required.\n" + }, + "ephemeralStorage": { + "$ref": "#/types/aws:ecs/TaskDefinitionEphemeralStorage:TaskDefinitionEphemeralStorage", + "description": "The amount of ephemeral storage to allocate for the task. This parameter is used to expand the total amount of ephemeral storage available, beyond the default amount, for tasks hosted on AWS Fargate. See Ephemeral Storage.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "ARN of the task execution role that the Amazon ECS container agent and the Docker daemon can assume.\n" + }, + "family": { + "type": "string", + "description": "A unique name for your task definition.\n" + }, + "inferenceAccelerators": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/TaskDefinitionInferenceAccelerator:TaskDefinitionInferenceAccelerator" + }, + "description": "Configuration block(s) with Inference Accelerators settings. Detailed below.\n" + }, + "ipcMode": { + "type": "string", + "description": "IPC resource namespace to be used for the containers in the task The valid values are `host`, `task`, and `none`.\n" + }, + "memory": { + "type": "string", + "description": "Amount (in MiB) of memory used by the task. If the `requires_compatibilities` is `FARGATE` this field is required.\n" + }, + "networkMode": { + "type": "string", + "description": "Docker networking mode to use for the containers in the task. Valid values are `none`, `bridge`, `awsvpc`, and `host`.\n" + }, + "pidMode": { + "type": "string", + "description": "Process namespace to use for the containers in the task. The valid values are `host` and `task`.\n" + }, + "placementConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/TaskDefinitionPlacementConstraint:TaskDefinitionPlacementConstraint" + }, + "description": "Configuration block for rules that are taken into consideration during task placement. Maximum number of `placement_constraints` is `10`. Detailed below.\n" + }, + "proxyConfiguration": { + "$ref": "#/types/aws:ecs/TaskDefinitionProxyConfiguration:TaskDefinitionProxyConfiguration", + "description": "Configuration block for the App Mesh proxy. Detailed below.\n" + }, + "requiresCompatibilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of launch types required by the task. The valid values are `EC2` and `FARGATE`.\n" + }, + "revision": { + "type": "integer", + "description": "Revision of the task in a particular family.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "taskRoleArn": { + "type": "string", + "description": "ARN of IAM role that allows your Amazon ECS container task to make calls to other AWS services.\n" + }, + "volumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/TaskDefinitionVolume:TaskDefinitionVolume" + }, + "description": "Configuration block for volumes that containers in your task may use. Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:efs/accessPoint:AccessPoint": { + "description": "Provides an Elastic File System (EFS) access point.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.efs.AccessPoint(\"test\", {fileSystemId: aws_efs_file_system.foo.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.efs.AccessPoint(\"test\", file_system_id=aws_efs_file_system[\"foo\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Efs.AccessPoint(\"test\", new Aws.Efs.AccessPointArgs\n {\n FileSystemId = aws_efs_file_system.Foo.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := efs.NewAccessPoint(ctx, \"test\", &efs.AccessPointArgs{\n\t\t\tFileSystemId: pulumi.Any(aws_efs_file_system.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe EFS access points can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:efs/accessPoint:AccessPoint test fsap-52a643fb\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the access point.\n" + }, + "fileSystemArn": { + "type": "string", + "description": "ARN of the file system.\n" + }, + "fileSystemId": { + "type": "string", + "description": "ID of the file system for which the access point is intended.\n" + }, + "ownerId": { + "type": "string" + }, + "posixUser": { + "$ref": "#/types/aws:efs/AccessPointPosixUser:AccessPointPosixUser", + "description": "Operating system user and group applied to all file system requests made using the access point. Detailed below.\n" + }, + "rootDirectory": { + "$ref": "#/types/aws:efs/AccessPointRootDirectory:AccessPointRootDirectory", + "description": "Directory on the Amazon EFS file system that the access point provides access to. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "fileSystemArn", + "fileSystemId", + "ownerId", + "rootDirectory", + "tagsAll" + ], + "inputProperties": { + "fileSystemId": { + "type": "string", + "description": "ID of the file system for which the access point is intended.\n" + }, + "posixUser": { + "$ref": "#/types/aws:efs/AccessPointPosixUser:AccessPointPosixUser", + "description": "Operating system user and group applied to all file system requests made using the access point. Detailed below.\n" + }, + "rootDirectory": { + "$ref": "#/types/aws:efs/AccessPointRootDirectory:AccessPointRootDirectory", + "description": "Directory on the Amazon EFS file system that the access point provides access to. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "fileSystemId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AccessPoint resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the access point.\n" + }, + "fileSystemArn": { + "type": "string", + "description": "ARN of the file system.\n" + }, + "fileSystemId": { + "type": "string", + "description": "ID of the file system for which the access point is intended.\n" + }, + "ownerId": { + "type": "string" + }, + "posixUser": { + "$ref": "#/types/aws:efs/AccessPointPosixUser:AccessPointPosixUser", + "description": "Operating system user and group applied to all file system requests made using the access point. Detailed below.\n" + }, + "rootDirectory": { + "$ref": "#/types/aws:efs/AccessPointRootDirectory:AccessPointRootDirectory", + "description": "Directory on the Amazon EFS file system that the access point provides access to. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:efs/backupPolicy:BackupPolicy": { + "description": "Provides an Elastic File System (EFS) Backup Policy resource.\nBackup policies turn automatic backups on or off for an existing file system.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fs = new aws.efs.FileSystem(\"fs\", {});\nconst policy = new aws.efs.BackupPolicy(\"policy\", {\n fileSystemId: fs.id,\n backupPolicy: {\n status: \"ENABLED\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfs = aws.efs.FileSystem(\"fs\")\npolicy = aws.efs.BackupPolicy(\"policy\",\n file_system_id=fs.id,\n backup_policy=aws.efs.BackupPolicyBackupPolicyArgs(\n status=\"ENABLED\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fs = new Aws.Efs.FileSystem(\"fs\", new Aws.Efs.FileSystemArgs\n {\n });\n var policy = new Aws.Efs.BackupPolicy(\"policy\", new Aws.Efs.BackupPolicyArgs\n {\n FileSystemId = fs.Id,\n BackupPolicy = new Aws.Efs.Inputs.BackupPolicyBackupPolicyArgs\n {\n Status = \"ENABLED\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfs, err := efs.NewFileSystem(ctx, \"fs\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = efs.NewBackupPolicy(ctx, \"policy\", &efs.BackupPolicyArgs{\n\t\t\tFileSystemId: fs.ID(),\n\t\t\tBackupPolicy: &efs.BackupPolicyBackupPolicyArgs{\n\t\t\t\tStatus: pulumi.String(\"ENABLED\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe EFS backup policies can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:efs/backupPolicy:BackupPolicy example fs-6fa144c6\n```\n\n ", + "properties": { + "backupPolicy": { + "$ref": "#/types/aws:efs/BackupPolicyBackupPolicy:BackupPolicyBackupPolicy", + "description": "A backup_policy object (documented below).\n", + "language": { + "csharp": { + "name": "BackupPolicyDetails" + } + } + }, + "fileSystemId": { + "type": "string", + "description": "The ID of the EFS file system.\n" + } + }, + "required": [ + "backupPolicy", + "fileSystemId" + ], + "inputProperties": { + "backupPolicy": { + "$ref": "#/types/aws:efs/BackupPolicyBackupPolicy:BackupPolicyBackupPolicy", + "description": "A backup_policy object (documented below).\n", + "language": { + "csharp": { + "name": "BackupPolicyDetails" + } + } + }, + "fileSystemId": { + "type": "string", + "description": "The ID of the EFS file system.\n" + } + }, + "requiredInputs": [ + "backupPolicy", + "fileSystemId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BackupPolicy resources.\n", + "properties": { + "backupPolicy": { + "$ref": "#/types/aws:efs/BackupPolicyBackupPolicy:BackupPolicyBackupPolicy", + "description": "A backup_policy object (documented below).\n", + "language": { + "csharp": { + "name": "BackupPolicyDetails" + } + } + }, + "fileSystemId": { + "type": "string", + "description": "The ID of the EFS file system.\n" + } + }, + "type": "object" + } + }, + "aws:efs/fileSystem:FileSystem": { + "description": "Provides an Elastic File System (EFS) File System resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### EFS File System w/ tags\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.efs.FileSystem(\"foo\", {\n tags: {\n Name: \"MyProduct\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.efs.FileSystem(\"foo\", tags={\n \"Name\": \"MyProduct\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Efs.FileSystem(\"foo\", new Aws.Efs.FileSystemArgs\n {\n Tags = \n {\n { \"Name\", \"MyProduct\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := efs.NewFileSystem(ctx, \"foo\", &efs.FileSystemArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"MyProduct\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using lifecycle policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooWithLifecylePolicy = new aws.efs.FileSystem(\"foo_with_lifecyle_policy\", {\n lifecyclePolicy: {\n transitionToIa: \"AFTER_30_DAYS\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_with_lifecyle_policy = aws.efs.FileSystem(\"fooWithLifecylePolicy\", lifecycle_policy=aws.efs.FileSystemLifecyclePolicyArgs(\n transition_to_ia=\"AFTER_30_DAYS\",\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooWithLifecylePolicy = new Aws.Efs.FileSystem(\"fooWithLifecylePolicy\", new Aws.Efs.FileSystemArgs\n {\n LifecyclePolicy = new Aws.Efs.Inputs.FileSystemLifecyclePolicyArgs\n {\n TransitionToIa = \"AFTER_30_DAYS\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := efs.NewFileSystem(ctx, \"fooWithLifecylePolicy\", &efs.FileSystemArgs{\n\t\t\tLifecyclePolicy: &efs.FileSystemLifecyclePolicyArgs{\n\t\t\t\tTransitionToIa: pulumi.String(\"AFTER_30_DAYS\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe EFS file systems can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:efs/fileSystem:FileSystem foo fs-6fa144c6\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "availabilityZoneId": { + "type": "string", + "description": "The identifier of the Availability Zone in which the file system's One Zone storage classes exist.\n" + }, + "availabilityZoneName": { + "type": "string", + "description": "the AWS Availability Zone in which to create the file system. Used to create a file system that uses One Zone storage classes. See [user guide](https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) for more information.\n" + }, + "creationToken": { + "type": "string", + "description": "A unique name (a maximum of 64 characters are allowed)\nused as reference when creating the Elastic File System to ensure idempotent file\nsystem creation. By default generated by this provider. See [Elastic File System]\n(http://docs.aws.amazon.com/efs/latest/ug/) user guide for more information.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name for the filesystem per [documented convention](http://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html).\n" + }, + "encrypted": { + "type": "boolean", + "description": "If true, the disk will be encrypted.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true.\n" + }, + "lifecyclePolicy": { + "$ref": "#/types/aws:efs/FileSystemLifecyclePolicy:FileSystemLifecyclePolicy", + "description": "A file system [lifecycle policy](https://docs.aws.amazon.com/efs/latest/ug/API_LifecyclePolicy.html) object (documented below).\n" + }, + "numberOfMountTargets": { + "type": "integer", + "description": "The current number of mount targets that the file system has.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account that created the file system. If the file system was createdby an IAM user, the parent account to which the user belongs is the owner.\n" + }, + "performanceMode": { + "type": "string", + "description": "The file system performance mode. Can be either `\"generalPurpose\"` or `\"maxIO\"` (Default: `\"generalPurpose\"`).\n" + }, + "provisionedThroughputInMibps": { + "type": "number", + "description": "The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with `throughput_mode` set to `provisioned`.\n" + }, + "sizeInBytes": { + "type": "array", + "items": { + "$ref": "#/types/aws:efs/FileSystemSizeInByte:FileSystemSizeInByte" + }, + "description": "The latest known metered size (in bytes) of data stored in the file system, the value is not the exact size that the file system was at any point in time. See Size In Bytes.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "throughputMode": { + "type": "string", + "description": "Throughput mode for the file system. Defaults to `bursting`. Valid values: `bursting`, `provisioned`. When using `provisioned`, also set `provisioned_throughput_in_mibps`.\n" + } + }, + "required": [ + "arn", + "availabilityZoneId", + "availabilityZoneName", + "creationToken", + "dnsName", + "encrypted", + "kmsKeyId", + "numberOfMountTargets", + "ownerId", + "performanceMode", + "sizeInBytes", + "tagsAll" + ], + "inputProperties": { + "availabilityZoneName": { + "type": "string", + "description": "the AWS Availability Zone in which to create the file system. Used to create a file system that uses One Zone storage classes. See [user guide](https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) for more information.\n" + }, + "creationToken": { + "type": "string", + "description": "A unique name (a maximum of 64 characters are allowed)\nused as reference when creating the Elastic File System to ensure idempotent file\nsystem creation. By default generated by this provider. See [Elastic File System]\n(http://docs.aws.amazon.com/efs/latest/ug/) user guide for more information.\n" + }, + "encrypted": { + "type": "boolean", + "description": "If true, the disk will be encrypted.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true.\n" + }, + "lifecyclePolicy": { + "$ref": "#/types/aws:efs/FileSystemLifecyclePolicy:FileSystemLifecyclePolicy", + "description": "A file system [lifecycle policy](https://docs.aws.amazon.com/efs/latest/ug/API_LifecyclePolicy.html) object (documented below).\n" + }, + "performanceMode": { + "type": "string", + "description": "The file system performance mode. Can be either `\"generalPurpose\"` or `\"maxIO\"` (Default: `\"generalPurpose\"`).\n" + }, + "provisionedThroughputInMibps": { + "type": "number", + "description": "The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with `throughput_mode` set to `provisioned`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "throughputMode": { + "type": "string", + "description": "Throughput mode for the file system. Defaults to `bursting`. Valid values: `bursting`, `provisioned`. When using `provisioned`, also set `provisioned_throughput_in_mibps`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering FileSystem resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "availabilityZoneId": { + "type": "string", + "description": "The identifier of the Availability Zone in which the file system's One Zone storage classes exist.\n" + }, + "availabilityZoneName": { + "type": "string", + "description": "the AWS Availability Zone in which to create the file system. Used to create a file system that uses One Zone storage classes. See [user guide](https://docs.aws.amazon.com/efs/latest/ug/storage-classes.html) for more information.\n" + }, + "creationToken": { + "type": "string", + "description": "A unique name (a maximum of 64 characters are allowed)\nused as reference when creating the Elastic File System to ensure idempotent file\nsystem creation. By default generated by this provider. See [Elastic File System]\n(http://docs.aws.amazon.com/efs/latest/ug/) user guide for more information.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name for the filesystem per [documented convention](http://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html).\n" + }, + "encrypted": { + "type": "boolean", + "description": "If true, the disk will be encrypted.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying kms_key_id, encrypted needs to be set to true.\n" + }, + "lifecyclePolicy": { + "$ref": "#/types/aws:efs/FileSystemLifecyclePolicy:FileSystemLifecyclePolicy", + "description": "A file system [lifecycle policy](https://docs.aws.amazon.com/efs/latest/ug/API_LifecyclePolicy.html) object (documented below).\n" + }, + "numberOfMountTargets": { + "type": "integer", + "description": "The current number of mount targets that the file system has.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account that created the file system. If the file system was createdby an IAM user, the parent account to which the user belongs is the owner.\n" + }, + "performanceMode": { + "type": "string", + "description": "The file system performance mode. Can be either `\"generalPurpose\"` or `\"maxIO\"` (Default: `\"generalPurpose\"`).\n" + }, + "provisionedThroughputInMibps": { + "type": "number", + "description": "The throughput, measured in MiB/s, that you want to provision for the file system. Only applicable with `throughput_mode` set to `provisioned`.\n" + }, + "sizeInBytes": { + "type": "array", + "items": { + "$ref": "#/types/aws:efs/FileSystemSizeInByte:FileSystemSizeInByte" + }, + "description": "The latest known metered size (in bytes) of data stored in the file system, the value is not the exact size that the file system was at any point in time. See Size In Bytes.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "throughputMode": { + "type": "string", + "description": "Throughput mode for the file system. Defaults to `bursting`. Valid values: `bursting`, `provisioned`. When using `provisioned`, also set `provisioned_throughput_in_mibps`.\n" + } + }, + "type": "object" + } + }, + "aws:efs/fileSystemPolicy:FileSystemPolicy": { + "description": "Provides an Elastic File System (EFS) File System Policy resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fs = new aws.efs.FileSystem(\"fs\", {});\nconst policy = new aws.efs.FileSystemPolicy(\"policy\", {\n fileSystemId: fs.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Id\": \"ExamplePolicy01\",\n \"Statement\": [\n {\n \"Sid\": \"ExampleStatement01\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Resource\": \"${aws_efs_file_system.test.arn}\",\n \"Action\": [\n \"elasticfilesystem:ClientMount\",\n \"elasticfilesystem:ClientWrite\"\n ],\n \"Condition\": {\n \"Bool\": {\n \"aws:SecureTransport\": \"true\"\n }\n }\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfs = aws.efs.FileSystem(\"fs\")\npolicy = aws.efs.FileSystemPolicy(\"policy\",\n file_system_id=fs.id,\n policy=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Id\": \"ExamplePolicy01\",\n \"Statement\": [\n {{\n \"Sid\": \"ExampleStatement01\",\n \"Effect\": \"Allow\",\n \"Principal\": {{\n \"AWS\": \"*\"\n }},\n \"Resource\": \"{aws_efs_file_system[\"test\"][\"arn\"]}\",\n \"Action\": [\n \"elasticfilesystem:ClientMount\",\n \"elasticfilesystem:ClientWrite\"\n ],\n \"Condition\": {{\n \"Bool\": {{\n \"aws:SecureTransport\": \"true\"\n }}\n }}\n }}\n ]\n}}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fs = new Aws.Efs.FileSystem(\"fs\", new Aws.Efs.FileSystemArgs\n {\n });\n var policy = new Aws.Efs.FileSystemPolicy(\"policy\", new Aws.Efs.FileSystemPolicyArgs\n {\n FileSystemId = fs.Id,\n Policy = @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Id\"\": \"\"ExamplePolicy01\"\",\n \"\"Statement\"\": [\n {{\n \"\"Sid\"\": \"\"ExampleStatement01\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n \"\"AWS\"\": \"\"*\"\"\n }},\n \"\"Resource\"\": \"\"{aws_efs_file_system.Test.Arn}\"\",\n \"\"Action\"\": [\n \"\"elasticfilesystem:ClientMount\"\",\n \"\"elasticfilesystem:ClientWrite\"\"\n ],\n \"\"Condition\"\": {{\n \"\"Bool\"\": {{\n \"\"aws:SecureTransport\"\": \"\"true\"\"\n }}\n }}\n }}\n ]\n}}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfs, err := efs.NewFileSystem(ctx, \"fs\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = efs.NewFileSystemPolicy(ctx, \"policy\", &efs.FileSystemPolicyArgs{\n\t\t\tFileSystemId: fs.ID(),\n\t\t\tPolicy: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Id\\\": \\\"ExamplePolicy01\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"ExampleStatement01\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": \\\"*\\\"\\n\", \" },\\n\", \" \\\"Resource\\\": \\\"\", aws_efs_file_system.Test.Arn, \"\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"elasticfilesystem:ClientMount\\\",\\n\", \" \\\"elasticfilesystem:ClientWrite\\\"\\n\", \" ],\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"Bool\\\": {\\n\", \" \\\"aws:SecureTransport\\\": \\\"true\\\"\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe EFS file system policies can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:efs/fileSystemPolicy:FileSystemPolicy foo fs-6fa144c6\n```\n\n ", + "properties": { + "fileSystemId": { + "type": "string", + "description": "The ID of the EFS file system.\n" + }, + "policy": { + "type": "string", + "description": "The JSON formatted file system policy for the EFS file system. see [Docs](https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies) for more info.\n" + } + }, + "required": [ + "fileSystemId", + "policy" + ], + "inputProperties": { + "fileSystemId": { + "type": "string", + "description": "The ID of the EFS file system.\n" + }, + "policy": { + "type": "string", + "description": "The JSON formatted file system policy for the EFS file system. see [Docs](https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies) for more info.\n" + } + }, + "requiredInputs": [ + "fileSystemId", + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering FileSystemPolicy resources.\n", + "properties": { + "fileSystemId": { + "type": "string", + "description": "The ID of the EFS file system.\n" + }, + "policy": { + "type": "string", + "description": "The JSON formatted file system policy for the EFS file system. see [Docs](https://docs.aws.amazon.com/efs/latest/ug/access-control-overview.html#access-control-manage-access-intro-resource-policies) for more info.\n" + } + }, + "type": "object" + } + }, + "aws:efs/mountTarget:MountTarget": { + "description": "Provides an Elastic File System (EFS) mount target.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ec2.Vpc(\"foo\", {cidrBlock: \"10.0.0.0/16\"});\nconst alphaSubnet = new aws.ec2.Subnet(\"alphaSubnet\", {\n vpcId: foo.id,\n availabilityZone: \"us-west-2a\",\n cidrBlock: \"10.0.1.0/24\",\n});\nconst alphaMountTarget = new aws.efs.MountTarget(\"alphaMountTarget\", {\n fileSystemId: aws_efs_file_system.foo.id,\n subnetId: alphaSubnet.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.Vpc(\"foo\", cidr_block=\"10.0.0.0/16\")\nalpha_subnet = aws.ec2.Subnet(\"alphaSubnet\",\n vpc_id=foo.id,\n availability_zone=\"us-west-2a\",\n cidr_block=\"10.0.1.0/24\")\nalpha_mount_target = aws.efs.MountTarget(\"alphaMountTarget\",\n file_system_id=aws_efs_file_system[\"foo\"][\"id\"],\n subnet_id=alpha_subnet.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ec2.Vpc(\"foo\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var alphaSubnet = new Aws.Ec2.Subnet(\"alphaSubnet\", new Aws.Ec2.SubnetArgs\n {\n VpcId = foo.Id,\n AvailabilityZone = \"us-west-2a\",\n CidrBlock = \"10.0.1.0/24\",\n });\n var alphaMountTarget = new Aws.Efs.MountTarget(\"alphaMountTarget\", new Aws.Efs.MountTargetArgs\n {\n FileSystemId = aws_efs_file_system.Foo.Id,\n SubnetId = alphaSubnet.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ec2.NewVpc(ctx, \"foo\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\talphaSubnet, err := ec2.NewSubnet(ctx, \"alphaSubnet\", &ec2.SubnetArgs{\n\t\t\tVpcId: foo.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = efs.NewMountTarget(ctx, \"alphaMountTarget\", &efs.MountTargetArgs{\n\t\t\tFileSystemId: pulumi.Any(aws_efs_file_system.Foo.Id),\n\t\t\tSubnetId: alphaSubnet.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe EFS mount targets can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:efs/mountTarget:MountTarget alpha fsmt-52a643fb\n```\n\n ", + "properties": { + "availabilityZoneId": { + "type": "string", + "description": "The unique and consistent identifier of the Availability Zone (AZ) that the mount target resides in.\n" + }, + "availabilityZoneName": { + "type": "string", + "description": "The name of the Availability Zone (AZ) that the mount target resides in.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name for the EFS file system.\n" + }, + "fileSystemArn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "fileSystemId": { + "type": "string", + "description": "The ID of the file system for which the mount target is intended.\n" + }, + "ipAddress": { + "type": "string", + "description": "The address (within the address range of the specified subnet) at\nwhich the file system may be mounted via the mount target.\n" + }, + "mountTargetDnsName": { + "type": "string", + "description": "The DNS name for the given subnet/AZ per [documented convention](http://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html).\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface that Amazon EFS created when it created the mount target.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS account ID that owns the resource.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of up to 5 VPC security group IDs (that must\nbe for the same VPC as subnet specified) in effect for the mount target.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet to add the mount target in.\n" + } + }, + "required": [ + "availabilityZoneId", + "availabilityZoneName", + "dnsName", + "fileSystemArn", + "fileSystemId", + "ipAddress", + "mountTargetDnsName", + "networkInterfaceId", + "ownerId", + "securityGroups", + "subnetId" + ], + "inputProperties": { + "fileSystemId": { + "type": "string", + "description": "The ID of the file system for which the mount target is intended.\n" + }, + "ipAddress": { + "type": "string", + "description": "The address (within the address range of the specified subnet) at\nwhich the file system may be mounted via the mount target.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of up to 5 VPC security group IDs (that must\nbe for the same VPC as subnet specified) in effect for the mount target.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet to add the mount target in.\n" + } + }, + "requiredInputs": [ + "fileSystemId", + "subnetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MountTarget resources.\n", + "properties": { + "availabilityZoneId": { + "type": "string", + "description": "The unique and consistent identifier of the Availability Zone (AZ) that the mount target resides in.\n" + }, + "availabilityZoneName": { + "type": "string", + "description": "The name of the Availability Zone (AZ) that the mount target resides in.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name for the EFS file system.\n" + }, + "fileSystemArn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "fileSystemId": { + "type": "string", + "description": "The ID of the file system for which the mount target is intended.\n" + }, + "ipAddress": { + "type": "string", + "description": "The address (within the address range of the specified subnet) at\nwhich the file system may be mounted via the mount target.\n" + }, + "mountTargetDnsName": { + "type": "string", + "description": "The DNS name for the given subnet/AZ per [documented convention](http://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html).\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface that Amazon EFS created when it created the mount target.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS account ID that owns the resource.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of up to 5 VPC security group IDs (that must\nbe for the same VPC as subnet specified) in effect for the mount target.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet to add the mount target in.\n" + } + }, + "type": "object" + } + }, + "aws:eks/addon:Addon": { + "description": "Manages an EKS add-on.\n\n> **Note:** Amazon EKS add-on can only be used with Amazon EKS Clusters\nrunning version 1.18 with platform version eks.3 or later\nbecause add-ons rely on the Server-side Apply Kubernetes feature,\nwhich is only available in Kubernetes 1.18 and later.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.eks.Addon(\"example\", {\n clusterName: aws_eks_cluster.example.name,\n addonName: \"vpc-cni\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.eks.Addon(\"example\",\n cluster_name=aws_eks_cluster[\"example\"][\"name\"],\n addon_name=\"vpc-cni\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Eks.Addon(\"example\", new Aws.Eks.AddonArgs\n {\n ClusterName = aws_eks_cluster.Example.Name,\n AddonName = \"vpc-cni\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := eks.NewAddon(ctx, \"example\", &eks.AddonArgs{\n\t\t\tClusterName: pulumi.Any(aws_eks_cluster.Example.Name),\n\t\t\tAddonName: pulumi.String(\"vpc-cni\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEKS add-on can be imported using the `cluster_name` and `addon_name` separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:eks/addon:Addon my_eks_addon my_cluster_name:my_addon_name\n```\n\n ", + "properties": { + "addonName": { + "type": "string", + "description": "Name of the EKS add-on. The name must match one of\nthe names returned by [list-addon](https://docs.aws.amazon.com/cli/latest/reference/eks/list-addons.html).\n" + }, + "addonVersion": { + "type": "string", + "description": "The version of the EKS add-on. The version must\nmatch one of the versions returned by [describe-addon-versions](https://docs.aws.amazon.com/cli/latest/reference/eks/describe-addon-versions.html).\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EKS add-on.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "createdAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the EKS add-on was created.\n" + }, + "modifiedAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the EKS add-on was updated.\n" + }, + "resolveConflicts": { + "type": "string", + "description": "Define how to resolve parameter value conflicts\nwhen migrating an existing add-on to an Amazon EKS add-on or when applying\nversion updates to the add-on. Valid values are `NONE` and `OVERWRITE`.\n" + }, + "serviceAccountRoleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of an\nexisting IAM role to bind to the add-on's service account. The role must be\nassigned the IAM permissions required by the add-on. If you don't specify\nan existing IAM role, then the add-on uses the permissions assigned to the node\nIAM role. For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html)\nin the Amazon EKS User Guide.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "(Optional) Key-value map of resource tags, including those inherited from the provider .\n" + } + }, + "required": [ + "addonName", + "addonVersion", + "arn", + "clusterName", + "createdAt", + "modifiedAt", + "tagsAll" + ], + "inputProperties": { + "addonName": { + "type": "string", + "description": "Name of the EKS add-on. The name must match one of\nthe names returned by [list-addon](https://docs.aws.amazon.com/cli/latest/reference/eks/list-addons.html).\n" + }, + "addonVersion": { + "type": "string", + "description": "The version of the EKS add-on. The version must\nmatch one of the versions returned by [describe-addon-versions](https://docs.aws.amazon.com/cli/latest/reference/eks/describe-addon-versions.html).\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "resolveConflicts": { + "type": "string", + "description": "Define how to resolve parameter value conflicts\nwhen migrating an existing add-on to an Amazon EKS add-on or when applying\nversion updates to the add-on. Valid values are `NONE` and `OVERWRITE`.\n" + }, + "serviceAccountRoleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of an\nexisting IAM role to bind to the add-on's service account. The role must be\nassigned the IAM permissions required by the add-on. If you don't specify\nan existing IAM role, then the add-on uses the permissions assigned to the node\nIAM role. For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html)\nin the Amazon EKS User Guide.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "(Optional) Key-value map of resource tags, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "addonName", + "clusterName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Addon resources.\n", + "properties": { + "addonName": { + "type": "string", + "description": "Name of the EKS add-on. The name must match one of\nthe names returned by [list-addon](https://docs.aws.amazon.com/cli/latest/reference/eks/list-addons.html).\n" + }, + "addonVersion": { + "type": "string", + "description": "The version of the EKS add-on. The version must\nmatch one of the versions returned by [describe-addon-versions](https://docs.aws.amazon.com/cli/latest/reference/eks/describe-addon-versions.html).\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EKS add-on.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "createdAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the EKS add-on was created.\n" + }, + "modifiedAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the EKS add-on was updated.\n" + }, + "resolveConflicts": { + "type": "string", + "description": "Define how to resolve parameter value conflicts\nwhen migrating an existing add-on to an Amazon EKS add-on or when applying\nversion updates to the add-on. Valid values are `NONE` and `OVERWRITE`.\n" + }, + "serviceAccountRoleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of an\nexisting IAM role to bind to the add-on's service account. The role must be\nassigned the IAM permissions required by the add-on. If you don't specify\nan existing IAM role, then the add-on uses the permissions assigned to the node\nIAM role. For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html)\nin the Amazon EKS User Guide.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "(Optional) Key-value map of resource tags, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:eks/cluster:Cluster": { + "description": "Manages an EKS Cluster.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Example IAM Role for EKS Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst example_AmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role: example.name,\n});\n// Optionally, enable Security Groups for Pods\n// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\nconst example_AmazonEKSVPCResourceController = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"eks.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\nexample__amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n role=example.name)\n# Optionally, enable Security Groups for Pods\n# Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\nexample__amazon_eksvpc_resource_controller = aws.iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n role=example.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Iam.Role(\"example\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"eks.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var example_AmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSClusterPolicy\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\",\n Role = example.Name,\n });\n // Optionally, enable Security Groups for Pods\n // Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html\n var example_AmazonEKSVPCResourceController = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSVPCResourceController\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\",\n Role = example.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := iam.NewRole(ctx, \"example\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"eks.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example_AmazonEKSClusterPolicy\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example_AmazonEKSVPCResourceController\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Enabling Control Plane Logging\n\n[EKS Control Plane Logging](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) can be enabled via the `enabled_cluster_log_types` argument. To manage the CloudWatch Log Group retention period, the `aws.cloudwatch.LogGroup` resource can be used.\n\n> The below configuration uses [`dependsOn`](https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson) to prevent ordering issues with EKS automatically creating the log group first and a variable for naming consistency. Other ordering and naming methodologies may be more appropriate for your environment.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst clusterName = config.get(\"clusterName\") || \"example\";\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {retentionInDays: 7});\n// ... potentially other configuration ...\nconst exampleCluster = new aws.eks.Cluster(\"exampleCluster\", {enabledClusterLogTypes: [\n \"api\",\n \"audit\",\n]}, {\n dependsOn: [exampleLogGroup],\n});\n// ... other configuration ...\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ncluster_name = config.get(\"clusterName\")\nif cluster_name is None:\n cluster_name = \"example\"\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\", retention_in_days=7)\n# ... potentially other configuration ...\nexample_cluster = aws.eks.Cluster(\"exampleCluster\", enabled_cluster_log_types=[\n \"api\",\n \"audit\",\n],\nopts=pulumi.ResourceOptions(depends_on=[example_log_group]))\n# ... other configuration ...\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var clusterName = config.Get(\"clusterName\") ?? \"example\";\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new Aws.CloudWatch.LogGroupArgs\n {\n RetentionInDays = 7,\n });\n // ... potentially other configuration ...\n var exampleCluster = new Aws.Eks.Cluster(\"exampleCluster\", new Aws.Eks.ClusterArgs\n {\n EnabledClusterLogTypes = \n {\n \"api\",\n \"audit\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleLogGroup,\n },\n });\n // ... other configuration ...\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tclusterName := \"example\"\n\t\tif param := cfg.Get(\"clusterName\"); param != \"\" {\n\t\t\tclusterName = param\n\t\t}\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", &cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = eks.NewCluster(ctx, \"exampleCluster\", &eks.ClusterArgs{\n\t\t\tEnabledClusterLogTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"api\"),\n\t\t\t\tpulumi.String(\"audit\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleLogGroup,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEKS Clusters can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:eks/cluster:Cluster my_cluster my_cluster\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the cluster.\n" + }, + "certificateAuthority": { + "$ref": "#/types/aws:eks/ClusterCertificateAuthority:ClusterCertificateAuthority", + "description": "Attribute block containing `certificate-authority-data` for your cluster. Detailed below.\n" + }, + "createdAt": { + "type": "string", + "description": "Unix epoch timestamp in seconds for when the cluster was created.\n" + }, + "enabledClusterLogTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the desired control plane logging to enable. For more information, see [Amazon EKS Control Plane Logging](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html).\n" + }, + "encryptionConfig": { + "$ref": "#/types/aws:eks/ClusterEncryptionConfig:ClusterEncryptionConfig", + "description": "Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.\n" + }, + "endpoint": { + "type": "string", + "description": "Endpoint for your Kubernetes API server.\n" + }, + "identities": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/ClusterIdentity:ClusterIdentity" + }, + "description": "Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.\n" + }, + "kubernetesNetworkConfig": { + "$ref": "#/types/aws:eks/ClusterKubernetesNetworkConfig:ClusterKubernetesNetworkConfig", + "description": "Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, this provider will only perform drift detection if a configuration value is provided.\n" + }, + "name": { + "type": "string", + "description": "Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "platformVersion": { + "type": "string", + "description": "Platform version for the cluster.\n" + }, + "roleArn": { + "type": "string", + "description": "ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.\n" + }, + "status": { + "type": "string", + "description": "Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "version": { + "type": "string", + "description": "Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:eks/ClusterVpcConfig:ClusterVpcConfig", + "description": "Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see [Cluster VPC Considerations](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) and [Cluster Security Group Considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.\n" + } + }, + "required": [ + "arn", + "certificateAuthority", + "createdAt", + "endpoint", + "identities", + "kubernetesNetworkConfig", + "name", + "platformVersion", + "roleArn", + "status", + "tagsAll", + "version", + "vpcConfig" + ], + "inputProperties": { + "enabledClusterLogTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the desired control plane logging to enable. For more information, see [Amazon EKS Control Plane Logging](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html).\n" + }, + "encryptionConfig": { + "$ref": "#/types/aws:eks/ClusterEncryptionConfig:ClusterEncryptionConfig", + "description": "Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.\n" + }, + "kubernetesNetworkConfig": { + "$ref": "#/types/aws:eks/ClusterKubernetesNetworkConfig:ClusterKubernetesNetworkConfig", + "description": "Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, this provider will only perform drift detection if a configuration value is provided.\n" + }, + "name": { + "type": "string", + "description": "Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "roleArn": { + "type": "string", + "description": "ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "version": { + "type": "string", + "description": "Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:eks/ClusterVpcConfig:ClusterVpcConfig", + "description": "Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see [Cluster VPC Considerations](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) and [Cluster Security Group Considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.\n" + } + }, + "requiredInputs": [ + "roleArn", + "vpcConfig" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the cluster.\n" + }, + "certificateAuthority": { + "$ref": "#/types/aws:eks/ClusterCertificateAuthority:ClusterCertificateAuthority", + "description": "Attribute block containing `certificate-authority-data` for your cluster. Detailed below.\n" + }, + "createdAt": { + "type": "string", + "description": "Unix epoch timestamp in seconds for when the cluster was created.\n" + }, + "enabledClusterLogTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the desired control plane logging to enable. For more information, see [Amazon EKS Control Plane Logging](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html).\n" + }, + "encryptionConfig": { + "$ref": "#/types/aws:eks/ClusterEncryptionConfig:ClusterEncryptionConfig", + "description": "Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.\n" + }, + "endpoint": { + "type": "string", + "description": "Endpoint for your Kubernetes API server.\n" + }, + "identities": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/ClusterIdentity:ClusterIdentity" + }, + "description": "Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.\n" + }, + "kubernetesNetworkConfig": { + "$ref": "#/types/aws:eks/ClusterKubernetesNetworkConfig:ClusterKubernetesNetworkConfig", + "description": "Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, this provider will only perform drift detection if a configuration value is provided.\n" + }, + "name": { + "type": "string", + "description": "Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "platformVersion": { + "type": "string", + "description": "Platform version for the cluster.\n" + }, + "roleArn": { + "type": "string", + "description": "ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.\n" + }, + "status": { + "type": "string", + "description": "Status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "version": { + "type": "string", + "description": "Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:eks/ClusterVpcConfig:ClusterVpcConfig", + "description": "Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see [Cluster VPC Considerations](https://docs.aws.amazon.com/eks/latest/userguide/network_reqs.html) and [Cluster Security Group Considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.\n" + } + }, + "type": "object" + } + }, + "aws:eks/fargateProfile:FargateProfile": { + "description": "Manages an EKS Fargate Profile.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Example IAM Role for EKS Fargate Profile\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {assumeRolePolicy: JSON.stringify({\n Statement: [{\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Principal: {\n Service: \"eks-fargate-pods.amazonaws.com\",\n },\n }],\n Version: \"2012-10-17\",\n})});\nconst example_AmazonEKSFargatePodExecutionRolePolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSFargatePodExecutionRolePolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy\",\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\", assume_role_policy=json.dumps({\n \"Statement\": [{\n \"Action\": \"sts:AssumeRole\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"eks-fargate-pods.amazonaws.com\",\n },\n }],\n \"Version\": \"2012-10-17\",\n}))\nexample__amazon_eks_fargate_pod_execution_role_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSFargatePodExecutionRolePolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy\",\n role=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Iam.Role(\"example\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", \"sts:AssumeRole\" },\n { \"Effect\", \"Allow\" },\n { \"Principal\", new Dictionary\n {\n { \"Service\", \"eks-fargate-pods.amazonaws.com\" },\n } },\n },\n }\n },\n { \"Version\", \"2012-10-17\" },\n }),\n });\n var example_AmazonEKSFargatePodExecutionRolePolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSFargatePodExecutionRolePolicy\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy\",\n Role = example.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"eks-fargate-pods.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texample, err := iam.NewRole(ctx, \"example\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example_AmazonEKSFargatePodExecutionRolePolicy\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEKS Fargate Profiles can be imported using the `cluster_name` and `fargate_profile_name` separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:eks/fargateProfile:FargateProfile my_fargate_profile my_cluster:my_fargate_profile\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EKS Fargate Profile.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "fargateProfileName": { + "type": "string", + "description": "Name of the EKS Fargate Profile.\n" + }, + "podExecutionRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Fargate Profile.\n" + }, + "selectors": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/FargateProfileSelector:FargateProfileSelector" + }, + "description": "Configuration block(s) for selecting Kubernetes Pods to execute with this EKS Fargate Profile. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the EKS Fargate Profile.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of private EC2 Subnets to associate with the EKS Fargate Profile. These subnets must have the following resource tag: `kubernetes.io/cluster/CLUSTER_NAME` (where `CLUSTER_NAME` is replaced with the name of the EKS Cluster).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "clusterName", + "fargateProfileName", + "podExecutionRoleArn", + "selectors", + "status", + "tagsAll" + ], + "inputProperties": { + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "fargateProfileName": { + "type": "string", + "description": "Name of the EKS Fargate Profile.\n" + }, + "podExecutionRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Fargate Profile.\n" + }, + "selectors": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/FargateProfileSelector:FargateProfileSelector" + }, + "description": "Configuration block(s) for selecting Kubernetes Pods to execute with this EKS Fargate Profile. Detailed below.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of private EC2 Subnets to associate with the EKS Fargate Profile. These subnets must have the following resource tag: `kubernetes.io/cluster/CLUSTER_NAME` (where `CLUSTER_NAME` is replaced with the name of the EKS Cluster).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "clusterName", + "podExecutionRoleArn", + "selectors" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering FargateProfile resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EKS Fargate Profile.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "fargateProfileName": { + "type": "string", + "description": "Name of the EKS Fargate Profile.\n" + }, + "podExecutionRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Fargate Profile.\n" + }, + "selectors": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/FargateProfileSelector:FargateProfileSelector" + }, + "description": "Configuration block(s) for selecting Kubernetes Pods to execute with this EKS Fargate Profile. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the EKS Fargate Profile.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of private EC2 Subnets to associate with the EKS Fargate Profile. These subnets must have the following resource tag: `kubernetes.io/cluster/CLUSTER_NAME` (where `CLUSTER_NAME` is replaced with the name of the EKS Cluster).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:eks/identityProviderConfig:IdentityProviderConfig": { + "description": "Manages an EKS Identity Provider Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.eks.IdentityProviderConfig(\"example\", {\n clusterName: aws_eks_cluster.example.name,\n oidc: {\n clientId: \"your client_id\",\n identityProviderConfigName: \"example\",\n issuerUrl: \"your issuer_url\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.eks.IdentityProviderConfig(\"example\",\n cluster_name=aws_eks_cluster[\"example\"][\"name\"],\n oidc=aws.eks.IdentityProviderConfigOidcArgs(\n client_id=\"your client_id\",\n identity_provider_config_name=\"example\",\n issuer_url=\"your issuer_url\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Eks.IdentityProviderConfig(\"example\", new Aws.Eks.IdentityProviderConfigArgs\n {\n ClusterName = aws_eks_cluster.Example.Name,\n Oidc = new Aws.Eks.Inputs.IdentityProviderConfigOidcArgs\n {\n ClientId = \"your client_id\",\n IdentityProviderConfigName = \"example\",\n IssuerUrl = \"your issuer_url\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := eks.NewIdentityProviderConfig(ctx, \"example\", &eks.IdentityProviderConfigArgs{\n\t\t\tClusterName: pulumi.Any(aws_eks_cluster.Example.Name),\n\t\t\tOidc: &eks.IdentityProviderConfigOidcArgs{\n\t\t\t\tClientId: pulumi.String(\"your client_id\"),\n\t\t\t\tIdentityProviderConfigName: pulumi.String(\"example\"),\n\t\t\t\tIssuerUrl: pulumi.String(\"your issuer_url\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEKS Identity Provider Configurations can be imported using the `cluster_name` and `identity_provider_config_name` separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:eks/identityProviderConfig:IdentityProviderConfig my_identity_provider_config my_cluster:my_identity_provider_config\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EKS Identity Provider Configuration.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster.\n" + }, + "oidc": { + "$ref": "#/types/aws:eks/IdentityProviderConfigOidc:IdentityProviderConfigOidc", + "description": "Nested attribute containing [OpenID Connect](https://openid.net/connect/) identity provider information for the cluster. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the EKS Identity Provider Configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "clusterName", + "oidc", + "status", + "tagsAll" + ], + "inputProperties": { + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster.\n" + }, + "oidc": { + "$ref": "#/types/aws:eks/IdentityProviderConfigOidc:IdentityProviderConfigOidc", + "description": "Nested attribute containing [OpenID Connect](https://openid.net/connect/) identity provider information for the cluster. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "clusterName", + "oidc" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IdentityProviderConfig resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EKS Identity Provider Configuration.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster.\n" + }, + "oidc": { + "$ref": "#/types/aws:eks/IdentityProviderConfigOidc:IdentityProviderConfigOidc", + "description": "Nested attribute containing [OpenID Connect](https://openid.net/connect/) identity provider information for the cluster. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the EKS Identity Provider Configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:eks/nodeGroup:NodeGroup": { + "description": "Manages an EKS Node Group, which can provision and optionally update an Auto Scaling Group of Kubernetes worker nodes compatible with EKS. Additional documentation about this functionality can be found in the [EKS User Guide](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Ignoring Changes to Desired Size\n\nYou can utilize [ignoreChanges](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) create an EKS Node Group with an initial size of running instances, then ignore any changes to that count caused externally (e.g. Application Autoscaling).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configurations ...\nconst example = new aws.eks.NodeGroup(\"example\", {scalingConfig: {\n desiredSize: 2,\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configurations ...\nexample = aws.eks.NodeGroup(\"example\", scaling_config=aws.eks.NodeGroupScalingConfigArgs(\n desired_size=2,\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configurations ...\n var example = new Aws.Eks.NodeGroup(\"example\", new Aws.Eks.NodeGroupArgs\n {\n ScalingConfig = new Aws.Eks.Inputs.NodeGroupScalingConfigArgs\n {\n DesiredSize = 2,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := eks.NewNodeGroup(ctx, \"example\", &eks.NodeGroupArgs{\n\t\t\tScalingConfig: &eks.NodeGroupScalingConfigArgs{\n\t\t\t\tDesiredSize: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example IAM Role for EKS Node Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {assumeRolePolicy: JSON.stringify({\n Statement: [{\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Principal: {\n Service: \"ec2.amazonaws.com\",\n },\n }],\n Version: \"2012-10-17\",\n})});\nconst example_AmazonEKSWorkerNodePolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\n role: example.name,\n});\nconst example_AmazonEKSCNIPolicy = new aws.iam.RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\n role: example.name,\n});\nconst example_AmazonEC2ContainerRegistryReadOnly = new aws.iam.RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\", {\n policyArn: \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\n role: example.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\", assume_role_policy=json.dumps({\n \"Statement\": [{\n \"Action\": \"sts:AssumeRole\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\",\n },\n }],\n \"Version\": \"2012-10-17\",\n}))\nexample__amazon_eks_worker_node_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\n role=example.name)\nexample__amazon_ekscni_policy = aws.iam.RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\n role=example.name)\nexample__amazon_ec2_container_registry_read_only = aws.iam.RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\",\n policy_arn=\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\n role=example.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Iam.Role(\"example\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", \"sts:AssumeRole\" },\n { \"Effect\", \"Allow\" },\n { \"Principal\", new Dictionary\n {\n { \"Service\", \"ec2.amazonaws.com\" },\n } },\n },\n }\n },\n { \"Version\", \"2012-10-17\" },\n }),\n });\n var example_AmazonEKSWorkerNodePolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSWorkerNodePolicy\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\",\n Role = example.Name,\n });\n var example_AmazonEKSCNIPolicy = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEKSCNIPolicy\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\",\n Role = example.Name,\n });\n var example_AmazonEC2ContainerRegistryReadOnly = new Aws.Iam.RolePolicyAttachment(\"example-AmazonEC2ContainerRegistryReadOnly\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\",\n Role = example.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texample, err := iam.NewRole(ctx, \"example\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example_AmazonEKSWorkerNodePolicy\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example_AmazonEKSCNIPolicy\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example_AmazonEC2ContainerRegistryReadOnly\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\"),\n\t\t\tRole: example.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEKS Node Groups can be imported using the `cluster_name` and `node_group_name` separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:eks/nodeGroup:NodeGroup my_node_group my_cluster:my_node_group\n```\n\n ", + "properties": { + "amiType": { + "type": "string", + "description": "Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to `AL2_x86_64`. Valid values: `AL2_x86_64`, `AL2_x86_64_GPU`, `AL2_ARM_64`, `CUSTOM`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EKS Node Group.\n" + }, + "capacityType": { + "type": "string", + "description": "Type of capacity associated with the EKS Node Group. Valid values: `ON_DEMAND`, `SPOT`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "diskSize": { + "type": "integer", + "description": "Disk size in GiB for worker nodes. Defaults to `20`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "forceUpdateVersion": { + "type": "boolean", + "description": "Force version update if existing pods are unable to be drained due to a pod disruption budget issue.\n" + }, + "instanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of instance types associated with the EKS Node Group. Defaults to `[\"t3.medium\"]`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:eks/NodeGroupLaunchTemplate:NodeGroupLaunchTemplate", + "description": "Configuration block with Launch Template settings. Detailed below.\n" + }, + "nodeGroupName": { + "type": "string", + "description": "Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with `node_group_name_prefix`.\n" + }, + "nodeGroupNamePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `node_group_name`.\n" + }, + "nodeRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.\n" + }, + "releaseVersion": { + "type": "string", + "description": "AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.\n" + }, + "remoteAccess": { + "$ref": "#/types/aws:eks/NodeGroupRemoteAccess:NodeGroupRemoteAccess", + "description": "Configuration block with remote access settings. Detailed below.\n" + }, + "resources": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/NodeGroupResource:NodeGroupResource" + }, + "description": "List of objects containing information about underlying resources.\n" + }, + "scalingConfig": { + "$ref": "#/types/aws:eks/NodeGroupScalingConfig:NodeGroupScalingConfig", + "description": "Configuration block with scaling settings. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the EKS Node Group.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: `kubernetes.io/cluster/CLUSTER_NAME` (where `CLUSTER_NAME` is replaced with the name of the EKS Cluster).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider defaultTags present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "taints": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/NodeGroupTaint:NodeGroupTaint" + }, + "description": "The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group. Detailed below.\n" + }, + "version": { + "type": "string", + "description": "EC2 Launch Template version number. While the API accepts values like `$Default` and `$Latest`, the API will convert the value to the associated version number (e.g. `1`) on read and This provider will show a difference on next plan. Using the `default_version` or `latest_version` attribute of the `aws.ec2.LaunchTemplate` resource or data source is recommended for this argument.\n" + } + }, + "required": [ + "amiType", + "arn", + "capacityType", + "clusterName", + "diskSize", + "instanceTypes", + "nodeGroupName", + "nodeGroupNamePrefix", + "nodeRoleArn", + "releaseVersion", + "resources", + "scalingConfig", + "status", + "subnetIds", + "tagsAll", + "version" + ], + "inputProperties": { + "amiType": { + "type": "string", + "description": "Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to `AL2_x86_64`. Valid values: `AL2_x86_64`, `AL2_x86_64_GPU`, `AL2_ARM_64`, `CUSTOM`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "capacityType": { + "type": "string", + "description": "Type of capacity associated with the EKS Node Group. Valid values: `ON_DEMAND`, `SPOT`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "diskSize": { + "type": "integer", + "description": "Disk size in GiB for worker nodes. Defaults to `20`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "forceUpdateVersion": { + "type": "boolean", + "description": "Force version update if existing pods are unable to be drained due to a pod disruption budget issue.\n" + }, + "instanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of instance types associated with the EKS Node Group. Defaults to `[\"t3.medium\"]`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:eks/NodeGroupLaunchTemplate:NodeGroupLaunchTemplate", + "description": "Configuration block with Launch Template settings. Detailed below.\n" + }, + "nodeGroupName": { + "type": "string", + "description": "Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with `node_group_name_prefix`.\n" + }, + "nodeGroupNamePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `node_group_name`.\n" + }, + "nodeRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.\n" + }, + "releaseVersion": { + "type": "string", + "description": "AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.\n" + }, + "remoteAccess": { + "$ref": "#/types/aws:eks/NodeGroupRemoteAccess:NodeGroupRemoteAccess", + "description": "Configuration block with remote access settings. Detailed below.\n" + }, + "scalingConfig": { + "$ref": "#/types/aws:eks/NodeGroupScalingConfig:NodeGroupScalingConfig", + "description": "Configuration block with scaling settings. Detailed below.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: `kubernetes.io/cluster/CLUSTER_NAME` (where `CLUSTER_NAME` is replaced with the name of the EKS Cluster).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider defaultTags present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "taints": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/NodeGroupTaint:NodeGroupTaint" + }, + "description": "The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group. Detailed below.\n" + }, + "version": { + "type": "string", + "description": "EC2 Launch Template version number. While the API accepts values like `$Default` and `$Latest`, the API will convert the value to the associated version number (e.g. `1`) on read and This provider will show a difference on next plan. Using the `default_version` or `latest_version` attribute of the `aws.ec2.LaunchTemplate` resource or data source is recommended for this argument.\n" + } + }, + "requiredInputs": [ + "clusterName", + "nodeRoleArn", + "scalingConfig", + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NodeGroup resources.\n", + "properties": { + "amiType": { + "type": "string", + "description": "Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to `AL2_x86_64`. Valid values: `AL2_x86_64`, `AL2_x86_64_GPU`, `AL2_ARM_64`, `CUSTOM`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EKS Node Group.\n" + }, + "capacityType": { + "type": "string", + "description": "Type of capacity associated with the EKS Node Group. Valid values: `ON_DEMAND`, `SPOT`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "diskSize": { + "type": "integer", + "description": "Disk size in GiB for worker nodes. Defaults to `20`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "forceUpdateVersion": { + "type": "boolean", + "description": "Force version update if existing pods are unable to be drained due to a pod disruption budget issue.\n" + }, + "instanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of instance types associated with the EKS Node Group. Defaults to `[\"t3.medium\"]`. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "labels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.\n" + }, + "launchTemplate": { + "$ref": "#/types/aws:eks/NodeGroupLaunchTemplate:NodeGroupLaunchTemplate", + "description": "Configuration block with Launch Template settings. Detailed below.\n" + }, + "nodeGroupName": { + "type": "string", + "description": "Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with `node_group_name_prefix`.\n" + }, + "nodeGroupNamePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `node_group_name`.\n" + }, + "nodeRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.\n" + }, + "releaseVersion": { + "type": "string", + "description": "AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.\n" + }, + "remoteAccess": { + "$ref": "#/types/aws:eks/NodeGroupRemoteAccess:NodeGroupRemoteAccess", + "description": "Configuration block with remote access settings. Detailed below.\n" + }, + "resources": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/NodeGroupResource:NodeGroupResource" + }, + "description": "List of objects containing information about underlying resources.\n" + }, + "scalingConfig": { + "$ref": "#/types/aws:eks/NodeGroupScalingConfig:NodeGroupScalingConfig", + "description": "Configuration block with scaling settings. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the EKS Node Group.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: `kubernetes.io/cluster/CLUSTER_NAME` (where `CLUSTER_NAME` is replaced with the name of the EKS Cluster).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider defaultTags present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "taints": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/NodeGroupTaint:NodeGroupTaint" + }, + "description": "The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group. Detailed below.\n" + }, + "version": { + "type": "string", + "description": "EC2 Launch Template version number. While the API accepts values like `$Default` and `$Latest`, the API will convert the value to the associated version number (e.g. `1`) on read and This provider will show a difference on next plan. Using the `default_version` or `latest_version` attribute of the `aws.ec2.LaunchTemplate` resource or data source is recommended for this argument.\n" + } + }, + "type": "object" + } + }, + "aws:elasticache/cluster:Cluster": { + "description": "Provides an ElastiCache Cluster resource, which manages either a\n[Memcached cluster](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/WhatIs.html), a\n[single-node Redis instance](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.html), or a\n[read replica in a Redis (Cluster Mode Enabled) replication group].\n\nFor working with Redis (Cluster Mode Enabled) replication groups, see the\n`aws.elasticache.ReplicationGroup` resource.\n\n> **Note:** When you change an attribute, such as `num_cache_nodes`, by default\nit is applied in the next maintenance window. Because of this, this provider may report\na difference in its planning phase because the actual modification has not yet taken\nplace. You can use the `apply_immediately` flag to instruct the service to apply the\nchange immediately. Using `apply_immediately` can result in a brief downtime as the server reboots.\nSee the AWS Documentation on Modifying an ElastiCache Cache Cluster for\n[ElastiCache for Memcached](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/Clusters.Modify.html) or\n[ElastiCache for Redis](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.Modify.html)\nfor more information.\n\n> **Note:** Any attribute changes that re-create the resource will be applied immediately, regardless of the value of `apply_immediately`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Memcached Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticache.Cluster(\"example\", {\n engine: \"memcached\",\n nodeType: \"cache.m4.large\",\n numCacheNodes: 2,\n parameterGroupName: \"default.memcached1.4\",\n port: 11211,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticache.Cluster(\"example\",\n engine=\"memcached\",\n node_type=\"cache.m4.large\",\n num_cache_nodes=2,\n parameter_group_name=\"default.memcached1.4\",\n port=11211)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ElastiCache.Cluster(\"example\", new Aws.ElastiCache.ClusterArgs\n {\n Engine = \"memcached\",\n NodeType = \"cache.m4.large\",\n NumCacheNodes = 2,\n ParameterGroupName = \"default.memcached1.4\",\n Port = 11211,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticache.NewCluster(ctx, \"example\", &elasticache.ClusterArgs{\n\t\t\tEngine: pulumi.String(\"memcached\"),\n\t\t\tNodeType: pulumi.String(\"cache.m4.large\"),\n\t\t\tNumCacheNodes: pulumi.Int(2),\n\t\t\tParameterGroupName: pulumi.String(\"default.memcached1.4\"),\n\t\t\tPort: pulumi.Int(11211),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Redis Instance\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticache.Cluster(\"example\", {\n engine: \"redis\",\n engineVersion: \"3.2.10\",\n nodeType: \"cache.m4.large\",\n numCacheNodes: 1,\n parameterGroupName: \"default.redis3.2\",\n port: 6379,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticache.Cluster(\"example\",\n engine=\"redis\",\n engine_version=\"3.2.10\",\n node_type=\"cache.m4.large\",\n num_cache_nodes=1,\n parameter_group_name=\"default.redis3.2\",\n port=6379)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ElastiCache.Cluster(\"example\", new Aws.ElastiCache.ClusterArgs\n {\n Engine = \"redis\",\n EngineVersion = \"3.2.10\",\n NodeType = \"cache.m4.large\",\n NumCacheNodes = 1,\n ParameterGroupName = \"default.redis3.2\",\n Port = 6379,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticache.NewCluster(ctx, \"example\", &elasticache.ClusterArgs{\n\t\t\tEngine: pulumi.String(\"redis\"),\n\t\t\tEngineVersion: pulumi.String(\"3.2.10\"),\n\t\t\tNodeType: pulumi.String(\"cache.m4.large\"),\n\t\t\tNumCacheNodes: pulumi.Int(1),\n\t\t\tParameterGroupName: pulumi.String(\"default.redis3.2\"),\n\t\t\tPort: pulumi.Int(6379),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Redis Cluster Mode Disabled Read Replica Instance\n\nThese inherit their settings from the replication group.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst replica = new aws.elasticache.Cluster(\"replica\", {replicationGroupId: aws_elasticache_replication_group.example.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nreplica = aws.elasticache.Cluster(\"replica\", replication_group_id=aws_elasticache_replication_group[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var replica = new Aws.ElastiCache.Cluster(\"replica\", new Aws.ElastiCache.ClusterArgs\n {\n ReplicationGroupId = aws_elasticache_replication_group.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticache.NewCluster(ctx, \"replica\", &elasticache.ClusterArgs{\n\t\t\tReplicationGroupId: pulumi.Any(aws_elasticache_replication_group.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastiCache Clusters can be imported using the `cluster_id`, e.g.\n\n```sh\n $ pulumi import aws:elasticache/cluster:Cluster my_cluster my_cluster\n```\n\n ", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Whether any database modifications are applied immediately, or during the next maintenance window. Default is `false`. See [Amazon ElastiCache Documentation for more information.](https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyCacheCluster.html).\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the created ElastiCache Cluster.\n" + }, + "availabilityZone": { + "type": "string", + "description": "Availability Zone for the cache cluster. If you want to create cache nodes in multi-az, use `preferred_availability_zones` instead. Default: System chosen Availability Zone. Changing this value will re-create the resource.\n" + }, + "azMode": { + "type": "string", + "description": "Whether the nodes in this Memcached node group are created in a single Availability Zone or created across multiple Availability Zones in the cluster's region. Valid values for this parameter are `single-az` or `cross-az`, default is `single-az`. If you want to choose `cross-az`, `num_cache_nodes` must be greater than `1`.\n" + }, + "cacheNodes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticache/ClusterCacheNode:ClusterCacheNode" + }, + "description": "List of node objects including `id`, `address`, `port` and `availability_zone`.\n" + }, + "clusterAddress": { + "type": "string", + "description": "(Memcached only) DNS name of the cache cluster without the port appended.\n" + }, + "clusterId": { + "type": "string", + "description": "Group identifier. ElastiCache converts this name to lowercase. Changing this value will re-create the resource.\n" + }, + "configurationEndpoint": { + "type": "string", + "description": "(Memcached only) Configuration endpoint to allow host discovery.\n" + }, + "engine": { + "type": "string", + "description": "Name of the cache engine to be used for this cache cluster. Valid values are `memcached` or `redis`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version number of the cache engine to be used.\nSee [Describe Cache Engine Versions](https://docs.aws.amazon.com/cli/latest/reference/elasticache/describe-cache-engine-versions.html)\nin the AWS Documentation for supported versions. When `engine` is `redis` and the version is 6 or higher, only the major version can be set, e.g. `6.x`, otherwise, specify the full version desired, e.g. `5.0.6`. The actual engine version used is returned in the attribute `engine_version_actual`, defined below.\n" + }, + "engineVersionActual": { + "type": "string", + "description": "The running version of the cache engine.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "Name of your final cluster snapshot. If omitted, no final snapshot will be made.\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range for when maintenance\non the cache cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC).\nThe minimum maintenance window is a 60 minute period. Example: `sun:05:00-sun:09:00`.\n" + }, + "nodeType": { + "type": "string", + "description": "The instance class used. See AWS documentation for information on [supported node types for Redis](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types for Redis](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/nodes-select-size.html). See AWS documentation for information on [supported node types for Memcached](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types for Memcached](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/nodes-select-size.html). For Memcached, changing this value will re-create the resource.\n" + }, + "notificationTopicArn": { + "type": "string", + "description": "ARN of an SNS topic to send ElastiCache notifications to. Example: `arn:aws:sns:us-east-1:012345678999:my_sns_topic`.\n" + }, + "numCacheNodes": { + "type": "integer", + "description": "The initial number of cache nodes that the cache cluster will have. For Redis, this value must be 1. For Memcached, this value must be between 1 and 20. If this number is reduced on subsequent runs, the highest numbered nodes will be removed.\n" + }, + "parameterGroupName": { + "type": "string", + "description": "The name of the parameter group to associate with this cache cluster.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which each of the cache nodes will accept connections. For Memcached the default is 11211, and for Redis the default port is 6379. Cannot be provided with `replication_group_id`. Changing this value will re-create the resource.\n" + }, + "preferredAvailabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the Availability Zones in which cache nodes are created. If you are creating your cluster in an Amazon VPC you can only locate nodes in Availability Zones that are associated with the subnets in the selected subnet group. The number of Availability Zones listed must equal the value of `num_cache_nodes`. If you want all the nodes in the same Availability Zone, use `availability_zone` instead, or repeat the Availability Zone multiple times in the list. Default: System chosen Availability Zones. Detecting drift of existing node availability zone is not currently supported. Updating this argument by itself to migrate existing node availability zones is not currently supported and will show a perpetual difference.\n" + }, + "replicationGroupId": { + "type": "string", + "description": "ID of the replication group to which this cluster should belong. If this parameter is specified, the cluster is added to the specified replication group as a read replica; otherwise, the cluster is a standalone primary that is not part of any replication group.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security groups associated with the cache cluster\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group names to associate with this cache cluster. Changing this value will re-create the resource.\n" + }, + "snapshotArns": { + "type": "string", + "description": "Single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. The object name cannot contain any commas. Changing `snapshot_arns` forces a new resource.\n" + }, + "snapshotName": { + "type": "string", + "description": "Name of a snapshot from which to restore data into the new node group. Changing `snapshot_name` forces a new resource.\n" + }, + "snapshotRetentionLimit": { + "type": "integer", + "description": "Number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a `snapshot_retention_limit` is not supported on cache.t1.micro cache nodes\n" + }, + "snapshotWindow": { + "type": "string", + "description": "Daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. Example: 05:00-09:00\n" + }, + "subnetGroupName": { + "type": "string", + "description": "Name of the subnet group to be used for the cache cluster. Changing this value will re-create the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "applyImmediately", + "arn", + "availabilityZone", + "azMode", + "cacheNodes", + "clusterAddress", + "clusterId", + "configurationEndpoint", + "engine", + "engineVersion", + "engineVersionActual", + "maintenanceWindow", + "nodeType", + "numCacheNodes", + "parameterGroupName", + "port", + "replicationGroupId", + "securityGroupIds", + "securityGroupNames", + "snapshotWindow", + "subnetGroupName", + "tagsAll" + ], + "inputProperties": { + "applyImmediately": { + "type": "boolean", + "description": "Whether any database modifications are applied immediately, or during the next maintenance window. Default is `false`. See [Amazon ElastiCache Documentation for more information.](https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyCacheCluster.html).\n" + }, + "availabilityZone": { + "type": "string", + "description": "Availability Zone for the cache cluster. If you want to create cache nodes in multi-az, use `preferred_availability_zones` instead. Default: System chosen Availability Zone. Changing this value will re-create the resource.\n" + }, + "azMode": { + "type": "string", + "description": "Whether the nodes in this Memcached node group are created in a single Availability Zone or created across multiple Availability Zones in the cluster's region. Valid values for this parameter are `single-az` or `cross-az`, default is `single-az`. If you want to choose `cross-az`, `num_cache_nodes` must be greater than `1`.\n" + }, + "clusterId": { + "type": "string", + "description": "Group identifier. ElastiCache converts this name to lowercase. Changing this value will re-create the resource.\n" + }, + "engine": { + "type": "string", + "description": "Name of the cache engine to be used for this cache cluster. Valid values are `memcached` or `redis`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version number of the cache engine to be used.\nSee [Describe Cache Engine Versions](https://docs.aws.amazon.com/cli/latest/reference/elasticache/describe-cache-engine-versions.html)\nin the AWS Documentation for supported versions. When `engine` is `redis` and the version is 6 or higher, only the major version can be set, e.g. `6.x`, otherwise, specify the full version desired, e.g. `5.0.6`. The actual engine version used is returned in the attribute `engine_version_actual`, defined below.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "Name of your final cluster snapshot. If omitted, no final snapshot will be made.\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range for when maintenance\non the cache cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC).\nThe minimum maintenance window is a 60 minute period. Example: `sun:05:00-sun:09:00`.\n" + }, + "nodeType": { + "type": "string", + "description": "The instance class used. See AWS documentation for information on [supported node types for Redis](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types for Redis](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/nodes-select-size.html). See AWS documentation for information on [supported node types for Memcached](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types for Memcached](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/nodes-select-size.html). For Memcached, changing this value will re-create the resource.\n" + }, + "notificationTopicArn": { + "type": "string", + "description": "ARN of an SNS topic to send ElastiCache notifications to. Example: `arn:aws:sns:us-east-1:012345678999:my_sns_topic`.\n" + }, + "numCacheNodes": { + "type": "integer", + "description": "The initial number of cache nodes that the cache cluster will have. For Redis, this value must be 1. For Memcached, this value must be between 1 and 20. If this number is reduced on subsequent runs, the highest numbered nodes will be removed.\n" + }, + "parameterGroupName": { + "type": "string", + "description": "The name of the parameter group to associate with this cache cluster.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which each of the cache nodes will accept connections. For Memcached the default is 11211, and for Redis the default port is 6379. Cannot be provided with `replication_group_id`. Changing this value will re-create the resource.\n" + }, + "preferredAvailabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the Availability Zones in which cache nodes are created. If you are creating your cluster in an Amazon VPC you can only locate nodes in Availability Zones that are associated with the subnets in the selected subnet group. The number of Availability Zones listed must equal the value of `num_cache_nodes`. If you want all the nodes in the same Availability Zone, use `availability_zone` instead, or repeat the Availability Zone multiple times in the list. Default: System chosen Availability Zones. Detecting drift of existing node availability zone is not currently supported. Updating this argument by itself to migrate existing node availability zones is not currently supported and will show a perpetual difference.\n" + }, + "replicationGroupId": { + "type": "string", + "description": "ID of the replication group to which this cluster should belong. If this parameter is specified, the cluster is added to the specified replication group as a read replica; otherwise, the cluster is a standalone primary that is not part of any replication group.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security groups associated with the cache cluster\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group names to associate with this cache cluster. Changing this value will re-create the resource.\n" + }, + "snapshotArns": { + "type": "string", + "description": "Single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. The object name cannot contain any commas. Changing `snapshot_arns` forces a new resource.\n" + }, + "snapshotName": { + "type": "string", + "description": "Name of a snapshot from which to restore data into the new node group. Changing `snapshot_name` forces a new resource.\n" + }, + "snapshotRetentionLimit": { + "type": "integer", + "description": "Number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a `snapshot_retention_limit` is not supported on cache.t1.micro cache nodes\n" + }, + "snapshotWindow": { + "type": "string", + "description": "Daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. Example: 05:00-09:00\n" + }, + "subnetGroupName": { + "type": "string", + "description": "Name of the subnet group to be used for the cache cluster. Changing this value will re-create the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Whether any database modifications are applied immediately, or during the next maintenance window. Default is `false`. See [Amazon ElastiCache Documentation for more information.](https://docs.aws.amazon.com/AmazonElastiCache/latest/APIReference/API_ModifyCacheCluster.html).\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the created ElastiCache Cluster.\n" + }, + "availabilityZone": { + "type": "string", + "description": "Availability Zone for the cache cluster. If you want to create cache nodes in multi-az, use `preferred_availability_zones` instead. Default: System chosen Availability Zone. Changing this value will re-create the resource.\n" + }, + "azMode": { + "type": "string", + "description": "Whether the nodes in this Memcached node group are created in a single Availability Zone or created across multiple Availability Zones in the cluster's region. Valid values for this parameter are `single-az` or `cross-az`, default is `single-az`. If you want to choose `cross-az`, `num_cache_nodes` must be greater than `1`.\n" + }, + "cacheNodes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticache/ClusterCacheNode:ClusterCacheNode" + }, + "description": "List of node objects including `id`, `address`, `port` and `availability_zone`.\n" + }, + "clusterAddress": { + "type": "string", + "description": "(Memcached only) DNS name of the cache cluster without the port appended.\n" + }, + "clusterId": { + "type": "string", + "description": "Group identifier. ElastiCache converts this name to lowercase. Changing this value will re-create the resource.\n" + }, + "configurationEndpoint": { + "type": "string", + "description": "(Memcached only) Configuration endpoint to allow host discovery.\n" + }, + "engine": { + "type": "string", + "description": "Name of the cache engine to be used for this cache cluster. Valid values are `memcached` or `redis`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version number of the cache engine to be used.\nSee [Describe Cache Engine Versions](https://docs.aws.amazon.com/cli/latest/reference/elasticache/describe-cache-engine-versions.html)\nin the AWS Documentation for supported versions. When `engine` is `redis` and the version is 6 or higher, only the major version can be set, e.g. `6.x`, otherwise, specify the full version desired, e.g. `5.0.6`. The actual engine version used is returned in the attribute `engine_version_actual`, defined below.\n" + }, + "engineVersionActual": { + "type": "string", + "description": "The running version of the cache engine.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "Name of your final cluster snapshot. If omitted, no final snapshot will be made.\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range for when maintenance\non the cache cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC).\nThe minimum maintenance window is a 60 minute period. Example: `sun:05:00-sun:09:00`.\n" + }, + "nodeType": { + "type": "string", + "description": "The instance class used. See AWS documentation for information on [supported node types for Redis](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types for Redis](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/nodes-select-size.html). See AWS documentation for information on [supported node types for Memcached](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types for Memcached](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/nodes-select-size.html). For Memcached, changing this value will re-create the resource.\n" + }, + "notificationTopicArn": { + "type": "string", + "description": "ARN of an SNS topic to send ElastiCache notifications to. Example: `arn:aws:sns:us-east-1:012345678999:my_sns_topic`.\n" + }, + "numCacheNodes": { + "type": "integer", + "description": "The initial number of cache nodes that the cache cluster will have. For Redis, this value must be 1. For Memcached, this value must be between 1 and 20. If this number is reduced on subsequent runs, the highest numbered nodes will be removed.\n" + }, + "parameterGroupName": { + "type": "string", + "description": "The name of the parameter group to associate with this cache cluster.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which each of the cache nodes will accept connections. For Memcached the default is 11211, and for Redis the default port is 6379. Cannot be provided with `replication_group_id`. Changing this value will re-create the resource.\n" + }, + "preferredAvailabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the Availability Zones in which cache nodes are created. If you are creating your cluster in an Amazon VPC you can only locate nodes in Availability Zones that are associated with the subnets in the selected subnet group. The number of Availability Zones listed must equal the value of `num_cache_nodes`. If you want all the nodes in the same Availability Zone, use `availability_zone` instead, or repeat the Availability Zone multiple times in the list. Default: System chosen Availability Zones. Detecting drift of existing node availability zone is not currently supported. Updating this argument by itself to migrate existing node availability zones is not currently supported and will show a perpetual difference.\n" + }, + "replicationGroupId": { + "type": "string", + "description": "ID of the replication group to which this cluster should belong. If this parameter is specified, the cluster is added to the specified replication group as a read replica; otherwise, the cluster is a standalone primary that is not part of any replication group.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security groups associated with the cache cluster\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group names to associate with this cache cluster. Changing this value will re-create the resource.\n" + }, + "snapshotArns": { + "type": "string", + "description": "Single-element string list containing an Amazon Resource Name (ARN) of a Redis RDB snapshot file stored in Amazon S3. The object name cannot contain any commas. Changing `snapshot_arns` forces a new resource.\n" + }, + "snapshotName": { + "type": "string", + "description": "Name of a snapshot from which to restore data into the new node group. Changing `snapshot_name` forces a new resource.\n" + }, + "snapshotRetentionLimit": { + "type": "integer", + "description": "Number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a `snapshot_retention_limit` is not supported on cache.t1.micro cache nodes\n" + }, + "snapshotWindow": { + "type": "string", + "description": "Daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. Example: 05:00-09:00\n" + }, + "subnetGroupName": { + "type": "string", + "description": "Name of the subnet group to be used for the cache cluster. Changing this value will re-create the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:elasticache/globalReplicationGroup:GlobalReplicationGroup": { + "description": "Provides an ElastiCache Global Replication Group resource, which manages replication between two or more Replication Groups in different regions. For more information, see the [ElastiCache User Guide](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Redis-Global-Datastore.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Global replication group with one secondary replication group\n\nThe global replication group depends on the primary group existing. Secondary replication groups depend on the global replication group. the provider dependency management will handle this transparently using resource value references.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.elasticache.ReplicationGroup(\"primary\", {\n replicationGroupDescription: \"primary replication group\",\n engine: \"redis\",\n engineVersion: \"5.0.6\",\n nodeType: \"cache.m5.large\",\n numberCacheClusters: 1,\n});\nconst example = new aws.elasticache.GlobalReplicationGroup(\"example\", {\n globalReplicationGroupIdSuffix: \"example\",\n primaryReplicationGroupId: primary.id,\n});\nconst secondary = new aws.elasticache.ReplicationGroup(\"secondary\", {\n replicationGroupDescription: \"secondary replication group\",\n globalReplicationGroupId: example.globalReplicationGroupId,\n numberCacheClusters: 1,\n}, {\n provider: aws.other_region,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.elasticache.ReplicationGroup(\"primary\",\n replication_group_description=\"primary replication group\",\n engine=\"redis\",\n engine_version=\"5.0.6\",\n node_type=\"cache.m5.large\",\n number_cache_clusters=1)\nexample = aws.elasticache.GlobalReplicationGroup(\"example\",\n global_replication_group_id_suffix=\"example\",\n primary_replication_group_id=primary.id)\nsecondary = aws.elasticache.ReplicationGroup(\"secondary\",\n replication_group_description=\"secondary replication group\",\n global_replication_group_id=example.global_replication_group_id,\n number_cache_clusters=1,\n opts=pulumi.ResourceOptions(provider=aws[\"other_region\"]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var primary = new Aws.ElastiCache.ReplicationGroup(\"primary\", new Aws.ElastiCache.ReplicationGroupArgs\n {\n ReplicationGroupDescription = \"primary replication group\",\n Engine = \"redis\",\n EngineVersion = \"5.0.6\",\n NodeType = \"cache.m5.large\",\n NumberCacheClusters = 1,\n });\n var example = new Aws.ElastiCache.GlobalReplicationGroup(\"example\", new Aws.ElastiCache.GlobalReplicationGroupArgs\n {\n GlobalReplicationGroupIdSuffix = \"example\",\n PrimaryReplicationGroupId = primary.Id,\n });\n var secondary = new Aws.ElastiCache.ReplicationGroup(\"secondary\", new Aws.ElastiCache.ReplicationGroupArgs\n {\n ReplicationGroupDescription = \"secondary replication group\",\n GlobalReplicationGroupId = example.GlobalReplicationGroupId,\n NumberCacheClusters = 1,\n }, new CustomResourceOptions\n {\n Provider = aws.Other_region,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := elasticache.NewReplicationGroup(ctx, \"primary\", &elasticache.ReplicationGroupArgs{\n\t\t\tReplicationGroupDescription: pulumi.String(\"primary replication group\"),\n\t\t\tEngine: pulumi.String(\"redis\"),\n\t\t\tEngineVersion: pulumi.String(\"5.0.6\"),\n\t\t\tNodeType: pulumi.String(\"cache.m5.large\"),\n\t\t\tNumberCacheClusters: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := elasticache.NewGlobalReplicationGroup(ctx, \"example\", &elasticache.GlobalReplicationGroupArgs{\n\t\t\tGlobalReplicationGroupIdSuffix: pulumi.String(\"example\"),\n\t\t\tPrimaryReplicationGroupId: primary.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticache.NewReplicationGroup(ctx, \"secondary\", &elasticache.ReplicationGroupArgs{\n\t\t\tReplicationGroupDescription: pulumi.String(\"secondary replication group\"),\n\t\t\tGlobalReplicationGroupId: example.GlobalReplicationGroupId,\n\t\t\tNumberCacheClusters: pulumi.Int(1),\n\t\t}, pulumi.Provider(aws.Other_region))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastiCache Global Replication Groups can be imported using the `global_replication_group_id`, e.g.\n\n```sh\n $ pulumi import aws:elasticache/globalReplicationGroup:GlobalReplicationGroup my_global_replication_group okuqm-global-replication-group-1\n```\n\n ", + "properties": { + "actualEngineVersion": { + "type": "string", + "description": "(**DEPRECATED** use `engine_version_actual` instead) The full version number of the cache engine running on the members of this global replication group.\n", + "deprecationMessage": "Use engine_version_actual instead" + }, + "arn": { + "type": "string", + "description": "The ARN of the ElastiCache Global Replication Group.\n" + }, + "atRestEncryptionEnabled": { + "type": "boolean", + "description": "A flag that indicate whether the encryption at rest is enabled.\n" + }, + "authTokenEnabled": { + "type": "boolean", + "description": "A flag that indicate whether AuthToken (password) is enabled.\n" + }, + "cacheNodeType": { + "type": "string", + "description": "The instance class used. See AWS documentation for information on [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/nodes-select-size.html).\n" + }, + "clusterEnabled": { + "type": "boolean", + "description": "Indicates whether the Global Datastore is cluster enabled.\n" + }, + "engine": { + "type": "string", + "description": "The name of the cache engine to be used for the clusters in this global replication group.\n" + }, + "engineVersionActual": { + "type": "string", + "description": "The full version number of the cache engine running on the members of this global replication group.\n" + }, + "globalReplicationGroupDescription": { + "type": "string", + "description": "A user-created description for the global replication group.\n" + }, + "globalReplicationGroupId": { + "type": "string", + "description": "The full ID of the global replication group.\n" + }, + "globalReplicationGroupIdSuffix": { + "type": "string", + "description": "The suffix name of a Global Datastore. If `global_replication_group_id_suffix` is changed, creates a new resource.\n" + }, + "primaryReplicationGroupId": { + "type": "string", + "description": "The ID of the primary cluster that accepts writes and will replicate updates to the secondary cluster. If `primary_replication_group_id` is changed, creates a new resource.\n" + }, + "transitEncryptionEnabled": { + "type": "boolean", + "description": "A flag that indicates whether the encryption in transit is enabled.\n" + } + }, + "required": [ + "actualEngineVersion", + "arn", + "atRestEncryptionEnabled", + "authTokenEnabled", + "cacheNodeType", + "clusterEnabled", + "engine", + "engineVersionActual", + "globalReplicationGroupId", + "globalReplicationGroupIdSuffix", + "primaryReplicationGroupId", + "transitEncryptionEnabled" + ], + "inputProperties": { + "globalReplicationGroupDescription": { + "type": "string", + "description": "A user-created description for the global replication group.\n" + }, + "globalReplicationGroupIdSuffix": { + "type": "string", + "description": "The suffix name of a Global Datastore. If `global_replication_group_id_suffix` is changed, creates a new resource.\n" + }, + "primaryReplicationGroupId": { + "type": "string", + "description": "The ID of the primary cluster that accepts writes and will replicate updates to the secondary cluster. If `primary_replication_group_id` is changed, creates a new resource.\n" + } + }, + "requiredInputs": [ + "globalReplicationGroupIdSuffix", + "primaryReplicationGroupId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GlobalReplicationGroup resources.\n", + "properties": { + "actualEngineVersion": { + "type": "string", + "description": "(**DEPRECATED** use `engine_version_actual` instead) The full version number of the cache engine running on the members of this global replication group.\n", + "deprecationMessage": "Use engine_version_actual instead" + }, + "arn": { + "type": "string", + "description": "The ARN of the ElastiCache Global Replication Group.\n" + }, + "atRestEncryptionEnabled": { + "type": "boolean", + "description": "A flag that indicate whether the encryption at rest is enabled.\n" + }, + "authTokenEnabled": { + "type": "boolean", + "description": "A flag that indicate whether AuthToken (password) is enabled.\n" + }, + "cacheNodeType": { + "type": "string", + "description": "The instance class used. See AWS documentation for information on [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/nodes-select-size.html).\n" + }, + "clusterEnabled": { + "type": "boolean", + "description": "Indicates whether the Global Datastore is cluster enabled.\n" + }, + "engine": { + "type": "string", + "description": "The name of the cache engine to be used for the clusters in this global replication group.\n" + }, + "engineVersionActual": { + "type": "string", + "description": "The full version number of the cache engine running on the members of this global replication group.\n" + }, + "globalReplicationGroupDescription": { + "type": "string", + "description": "A user-created description for the global replication group.\n" + }, + "globalReplicationGroupId": { + "type": "string", + "description": "The full ID of the global replication group.\n" + }, + "globalReplicationGroupIdSuffix": { + "type": "string", + "description": "The suffix name of a Global Datastore. If `global_replication_group_id_suffix` is changed, creates a new resource.\n" + }, + "primaryReplicationGroupId": { + "type": "string", + "description": "The ID of the primary cluster that accepts writes and will replicate updates to the secondary cluster. If `primary_replication_group_id` is changed, creates a new resource.\n" + }, + "transitEncryptionEnabled": { + "type": "boolean", + "description": "A flag that indicates whether the encryption in transit is enabled.\n" + } + }, + "type": "object" + } + }, + "aws:elasticache/parameterGroup:ParameterGroup": { + "description": "Provides an ElastiCache parameter group resource.\n\n> **NOTE:** Attempting to remove the `reserved-memory` parameter when `family` is set to `redis2.6` or `redis2.8` may show a perpetual difference in this provider due to an Elasticache API limitation. Leave that parameter configured with any value to workaround the issue.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultParameterGroup = new aws.elasticache.ParameterGroup(\"default\", {\n family: \"redis2.8\",\n parameters: [\n {\n name: \"activerehashing\",\n value: \"yes\",\n },\n {\n name: \"min-slaves-to-write\",\n value: \"2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.elasticache.ParameterGroup(\"default\",\n family=\"redis2.8\",\n parameters=[\n aws.elasticache.ParameterGroupParameterArgs(\n name=\"activerehashing\",\n value=\"yes\",\n ),\n aws.elasticache.ParameterGroupParameterArgs(\n name=\"min-slaves-to-write\",\n value=\"2\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.ElastiCache.ParameterGroup(\"default\", new Aws.ElastiCache.ParameterGroupArgs\n {\n Family = \"redis2.8\",\n Parameters = \n {\n new Aws.ElastiCache.Inputs.ParameterGroupParameterArgs\n {\n Name = \"activerehashing\",\n Value = \"yes\",\n },\n new Aws.ElastiCache.Inputs.ParameterGroupParameterArgs\n {\n Name = \"min-slaves-to-write\",\n Value = \"2\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticache.NewParameterGroup(ctx, \"_default\", &elasticache.ParameterGroupArgs{\n\t\t\tFamily: pulumi.String(\"redis2.8\"),\n\t\t\tParameters: elasticache.ParameterGroupParameterArray{\n\t\t\t\t&elasticache.ParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"activerehashing\"),\n\t\t\t\t\tValue: pulumi.String(\"yes\"),\n\t\t\t\t},\n\t\t\t\t&elasticache.ParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"min-slaves-to-write\"),\n\t\t\t\t\tValue: pulumi.String(\"2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastiCache Parameter Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:elasticache/parameterGroup:ParameterGroup default redis-params\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The AWS ARN associated with the parameter group.\n" + }, + "description": { + "type": "string", + "description": "The description of the ElastiCache parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the ElastiCache parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the ElastiCache parameter.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticache/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of ElastiCache parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "description", + "family", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the ElastiCache parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the ElastiCache parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the ElastiCache parameter.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticache/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of ElastiCache parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "family" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ParameterGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The AWS ARN associated with the parameter group.\n" + }, + "description": { + "type": "string", + "description": "The description of the ElastiCache parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the ElastiCache parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the ElastiCache parameter.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticache/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of ElastiCache parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:elasticache/replicationGroup:ReplicationGroup": { + "description": "Provides an ElastiCache Replication Group resource.\n\nFor working with a [Memcached cluster](https://docs.aws.amazon.com/AmazonElastiCache/latest/mem-ug/WhatIs.html) or a\n[single-node Redis instance (Cluster Mode Disabled)](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/WhatIs.html),\nsee the `aws.elasticache.Cluster` resource.\n\n> **Note:** When you change an attribute, such as `engine_version`, by\ndefault the ElastiCache API applies it in the next maintenance window. Because\nof this, this provider may report a difference in its planning phase because the\nactual modification has not yet taken place. You can use the\n`apply_immediately` flag to instruct the service to apply the change\nimmediately. Using `apply_immediately` can result in a brief downtime as\nservers reboots.\nSee the AWS Documentation on\n[Modifying an ElastiCache Cache Cluster](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.Modify.html)\nfor more information.\n\n> **Note:** Any attribute changes that re-create the resource will be applied immediately, regardless of the value of `apply_immediately`.\n\n> **Note:** Be aware of the terminology collision around \"cluster\" for `aws.elasticache.ReplicationGroup`. For example, it is possible to create a [\"Cluster Mode Disabled [Redis] Cluster\"](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.Create.CON.Redis.html). With \"Cluster Mode Enabled\", the data will be stored in shards (called \"node groups\"). See [Redis Cluster Configuration](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/cluster-create-determine-requirements.html#redis-cluster-configuration) for a diagram of the differences. To enable cluster mode, use a parameter group that has cluster mode enabled. The default parameter groups provided by AWS end with \".cluster.on\", for example `default.redis6.x.cluster.on`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Redis Cluster Mode Disabled\n\nTo create a single shard primary with single read replica:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticache.ReplicationGroup(\"example\", {\n automaticFailoverEnabled: true,\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n ],\n nodeType: \"cache.m4.large\",\n numberCacheClusters: 2,\n parameterGroupName: \"default.redis3.2\",\n port: 6379,\n replicationGroupDescription: \"test description\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticache.ReplicationGroup(\"example\",\n automatic_failover_enabled=True,\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n ],\n node_type=\"cache.m4.large\",\n number_cache_clusters=2,\n parameter_group_name=\"default.redis3.2\",\n port=6379,\n replication_group_description=\"test description\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ElastiCache.ReplicationGroup(\"example\", new Aws.ElastiCache.ReplicationGroupArgs\n {\n AutomaticFailoverEnabled = true,\n AvailabilityZones = \n {\n \"us-west-2a\",\n \"us-west-2b\",\n },\n NodeType = \"cache.m4.large\",\n NumberCacheClusters = 2,\n ParameterGroupName = \"default.redis3.2\",\n Port = 6379,\n ReplicationGroupDescription = \"test description\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticache.NewReplicationGroup(ctx, \"example\", &elasticache.ReplicationGroupArgs{\n\t\t\tAutomaticFailoverEnabled: pulumi.Bool(true),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t},\n\t\t\tNodeType: pulumi.String(\"cache.m4.large\"),\n\t\t\tNumberCacheClusters: pulumi.Int(2),\n\t\t\tParameterGroupName: pulumi.String(\"default.redis3.2\"),\n\t\t\tPort: pulumi.Int(6379),\n\t\t\tReplicationGroupDescription: pulumi.String(\"test description\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nYou have two options for adjusting the number of replicas:\n\n* Adjusting `number_cache_clusters` directly. This will attempt to automatically add or remove replicas, but provides no granular control (e.g. preferred availability zone, cache cluster ID) for the added or removed replicas. This also currently expects cache cluster IDs in the form of `replication_group_id-00#`.\n* Otherwise for fine grained control of the underlying cache clusters, they can be added or removed with the `aws.elasticache.Cluster` resource and its `replication_group_id` attribute. In this situation, you will need to utilize [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to prevent perpetual differences with the `number_cache_cluster` attribute.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticache.ReplicationGroup(\"example\", {\n automaticFailoverEnabled: true,\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n ],\n replicationGroupDescription: \"test description\",\n nodeType: \"cache.m4.large\",\n numberCacheClusters: 2,\n parameterGroupName: \"default.redis3.2\",\n port: 6379,\n});\nlet replica: aws.elasticache.Cluster | undefined;\nif (1 == true) {\n replica = new aws.elasticache.Cluster(\"replica\", {replicationGroupId: example.id});\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticache.ReplicationGroup(\"example\",\n automatic_failover_enabled=True,\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n ],\n replication_group_description=\"test description\",\n node_type=\"cache.m4.large\",\n number_cache_clusters=2,\n parameter_group_name=\"default.redis3.2\",\n port=6379)\nreplica = None\nif 1 == True:\n replica = aws.elasticache.Cluster(\"replica\", replication_group_id=example.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ElastiCache.ReplicationGroup(\"example\", new Aws.ElastiCache.ReplicationGroupArgs\n {\n AutomaticFailoverEnabled = true,\n AvailabilityZones = \n {\n \"us-west-2a\",\n \"us-west-2b\",\n },\n ReplicationGroupDescription = \"test description\",\n NodeType = \"cache.m4.large\",\n NumberCacheClusters = 2,\n ParameterGroupName = \"default.redis3.2\",\n Port = 6379,\n });\n var replica = new List();\n for (var rangeIndex = 0; rangeIndex < (1 == true); rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n replica.Add(new Aws.ElastiCache.Cluster($\"replica-{range.Value}\", new Aws.ElastiCache.ClusterArgs\n {\n ReplicationGroupId = example.Id,\n }));\n }\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := elasticache.NewReplicationGroup(ctx, \"example\", &elasticache.ReplicationGroupArgs{\n\t\t\tAutomaticFailoverEnabled: pulumi.Bool(true),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t},\n\t\t\tReplicationGroupDescription: pulumi.String(\"test description\"),\n\t\t\tNodeType: pulumi.String(\"cache.m4.large\"),\n\t\t\tNumberCacheClusters: pulumi.Int(2),\n\t\t\tParameterGroupName: pulumi.String(\"default.redis3.2\"),\n\t\t\tPort: pulumi.Int(6379),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar replica []*elasticache.Cluster\n\t\tfor key0, _ := range 1 == true {\n\t\t\t__res, err := elasticache.NewCluster(ctx, fmt.Sprintf(\"replica-%v\", key0), &elasticache.ClusterArgs{\n\t\t\t\tReplicationGroupId: example.ID(),\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\treplica = append(replica, __res)\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Redis Cluster Mode Enabled\n\nTo create two shards with a primary and a single read replica each:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst baz = new aws.elasticache.ReplicationGroup(\"baz\", {\n automaticFailoverEnabled: true,\n clusterMode: {\n numNodeGroups: 2,\n replicasPerNodeGroup: 1,\n },\n nodeType: \"cache.t2.small\",\n parameterGroupName: \"default.redis3.2.cluster.on\",\n port: 6379,\n replicationGroupDescription: \"test description\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbaz = aws.elasticache.ReplicationGroup(\"baz\",\n automatic_failover_enabled=True,\n cluster_mode=aws.elasticache.ReplicationGroupClusterModeArgs(\n num_node_groups=2,\n replicas_per_node_group=1,\n ),\n node_type=\"cache.t2.small\",\n parameter_group_name=\"default.redis3.2.cluster.on\",\n port=6379,\n replication_group_description=\"test description\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var baz = new Aws.ElastiCache.ReplicationGroup(\"baz\", new Aws.ElastiCache.ReplicationGroupArgs\n {\n AutomaticFailoverEnabled = true,\n ClusterMode = new Aws.ElastiCache.Inputs.ReplicationGroupClusterModeArgs\n {\n NumNodeGroups = 2,\n ReplicasPerNodeGroup = 1,\n },\n NodeType = \"cache.t2.small\",\n ParameterGroupName = \"default.redis3.2.cluster.on\",\n Port = 6379,\n ReplicationGroupDescription = \"test description\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticache.NewReplicationGroup(ctx, \"baz\", &elasticache.ReplicationGroupArgs{\n\t\t\tAutomaticFailoverEnabled: pulumi.Bool(true),\n\t\t\tClusterMode: &elasticache.ReplicationGroupClusterModeArgs{\n\t\t\t\tNumNodeGroups: pulumi.Int(2),\n\t\t\t\tReplicasPerNodeGroup: pulumi.Int(1),\n\t\t\t},\n\t\t\tNodeType: pulumi.String(\"cache.t2.small\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.redis3.2.cluster.on\"),\n\t\t\tPort: pulumi.Int(6379),\n\t\t\tReplicationGroupDescription: pulumi.String(\"test description\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n> **Note:** We currently do not support passing a `primary_cluster_id` in order to create the Replication Group.\n\n> **Note:** Automatic Failover is unavailable for Redis versions earlier than 2.8.6,\nand unavailable on T1 node types. For T2 node types, it is only available on Redis version 3.2.4 or later with cluster mode enabled. See the [High Availability Using Replication Groups](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Replication.html) guide\nfor full details on using Replication Groups.\n{{% /example %}}\n{{% example %}}\n### Creating a secondary replication group for a global replication group\n\nA Global Replication Group can have one one two secondary Replication Groups in different regions. These are added to an existing Global Replication Group.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.elasticache.ReplicationGroup(\"primary\", {\n replicationGroupDescription: \"primary replication group\",\n engine: \"redis\",\n engineVersion: \"5.0.6\",\n nodeType: \"cache.m5.large\",\n numberCacheClusters: 1,\n}, {\n provider: aws.other_region,\n});\nconst example = new aws.elasticache.GlobalReplicationGroup(\"example\", {\n globalReplicationGroupIdSuffix: \"example\",\n primaryReplicationGroupId: primary.id,\n}, {\n provider: aws.other_region,\n});\nconst secondary = new aws.elasticache.ReplicationGroup(\"secondary\", {\n replicationGroupDescription: \"secondary replication group\",\n globalReplicationGroupId: example.globalReplicationGroupId,\n numberCacheClusters: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.elasticache.ReplicationGroup(\"primary\",\n replication_group_description=\"primary replication group\",\n engine=\"redis\",\n engine_version=\"5.0.6\",\n node_type=\"cache.m5.large\",\n number_cache_clusters=1,\n opts=pulumi.ResourceOptions(provider=aws[\"other_region\"]))\nexample = aws.elasticache.GlobalReplicationGroup(\"example\",\n global_replication_group_id_suffix=\"example\",\n primary_replication_group_id=primary.id,\n opts=pulumi.ResourceOptions(provider=aws[\"other_region\"]))\nsecondary = aws.elasticache.ReplicationGroup(\"secondary\",\n replication_group_description=\"secondary replication group\",\n global_replication_group_id=example.global_replication_group_id,\n number_cache_clusters=1)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var primary = new Aws.ElastiCache.ReplicationGroup(\"primary\", new Aws.ElastiCache.ReplicationGroupArgs\n {\n ReplicationGroupDescription = \"primary replication group\",\n Engine = \"redis\",\n EngineVersion = \"5.0.6\",\n NodeType = \"cache.m5.large\",\n NumberCacheClusters = 1,\n }, new CustomResourceOptions\n {\n Provider = aws.Other_region,\n });\n var example = new Aws.ElastiCache.GlobalReplicationGroup(\"example\", new Aws.ElastiCache.GlobalReplicationGroupArgs\n {\n GlobalReplicationGroupIdSuffix = \"example\",\n PrimaryReplicationGroupId = primary.Id,\n }, new CustomResourceOptions\n {\n Provider = aws.Other_region,\n });\n var secondary = new Aws.ElastiCache.ReplicationGroup(\"secondary\", new Aws.ElastiCache.ReplicationGroupArgs\n {\n ReplicationGroupDescription = \"secondary replication group\",\n GlobalReplicationGroupId = example.GlobalReplicationGroupId,\n NumberCacheClusters = 1,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := elasticache.NewReplicationGroup(ctx, \"primary\", &elasticache.ReplicationGroupArgs{\n\t\t\tReplicationGroupDescription: pulumi.String(\"primary replication group\"),\n\t\t\tEngine: pulumi.String(\"redis\"),\n\t\t\tEngineVersion: pulumi.String(\"5.0.6\"),\n\t\t\tNodeType: pulumi.String(\"cache.m5.large\"),\n\t\t\tNumberCacheClusters: pulumi.Int(1),\n\t\t}, pulumi.Provider(aws.Other_region))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := elasticache.NewGlobalReplicationGroup(ctx, \"example\", &elasticache.GlobalReplicationGroupArgs{\n\t\t\tGlobalReplicationGroupIdSuffix: pulumi.String(\"example\"),\n\t\t\tPrimaryReplicationGroupId: primary.ID(),\n\t\t}, pulumi.Provider(aws.Other_region))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticache.NewReplicationGroup(ctx, \"secondary\", &elasticache.ReplicationGroupArgs{\n\t\t\tReplicationGroupDescription: pulumi.String(\"secondary replication group\"),\n\t\t\tGlobalReplicationGroupId: example.GlobalReplicationGroupId,\n\t\t\tNumberCacheClusters: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastiCache Replication Groups can be imported using the `replication_group_id`, e.g.\n\n```sh\n $ pulumi import aws:elasticache/replicationGroup:ReplicationGroup my_replication_group replication-group-1\n```\n\n ", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is `false`.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the created ElastiCache Replication Group.\n" + }, + "atRestEncryptionEnabled": { + "type": "boolean", + "description": "Whether to enable encryption at rest.\n" + }, + "authToken": { + "type": "string", + "description": "The password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true`.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. This parameter is currently not supported by the AWS API. Defaults to `true`.\n" + }, + "automaticFailoverEnabled": { + "type": "boolean", + "description": "Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If enabled, `number_cache_clusters` must be greater than 1. Must be enabled for Redis (cluster mode enabled) replication groups. Defaults to `false`.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important.\n" + }, + "clusterEnabled": { + "type": "boolean", + "description": "Indicates if cluster mode is enabled.\n" + }, + "clusterMode": { + "$ref": "#/types/aws:elasticache/ReplicationGroupClusterMode:ReplicationGroupClusterMode", + "description": "Create a native Redis cluster. `automatic_failover_enabled` must be set to true. Cluster Mode documented below. Only 1 `cluster_mode` block is allowed. Note that configuring this block does not enable cluster mode, i.e. data sharding, this requires using a parameter group that has the parameter `cluster-enabled` set to true.\n" + }, + "configurationEndpointAddress": { + "type": "string", + "description": "The address of the replication group configuration endpoint when cluster mode is enabled.\n" + }, + "engine": { + "type": "string", + "description": "The name of the cache engine to be used for the clusters in this replication group. The only valid value is `redis`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The version number of the cache engine to be used for the cache clusters in this replication group. If the version is 6 or higher, only the major version can be set, e.g. `6.x`, otherwise, specify the full version desired, e.g. `5.0.6`. The actual engine version used is returned in the attribute `engine_version_actual`, defined below.\n" + }, + "engineVersionActual": { + "type": "string", + "description": "The running version of the cache engine.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made.\n" + }, + "globalReplicationGroupId": { + "type": "string", + "description": "The ID of the global replication group to which this replication group should belong. If this parameter is specified, the replication group is added to the specified global replication group as a secondary replication group; otherwise, the replication group is not part of any global replication group. If `global_replication_group_id` is set, the `num_node_groups` parameter of the `cluster_mode` block cannot be set.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if `at_rest_encryption_enabled = true`.\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: `sun:05:00-sun:09:00`\n" + }, + "memberClusters": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of all the nodes that are part of this replication group.\n" + }, + "multiAzEnabled": { + "type": "boolean", + "description": "Specifies whether to enable Multi-AZ Support for the replication group. If `true`, `automatic_failover_enabled` must also be enabled. Defaults to `false`.\n" + }, + "nodeType": { + "type": "string", + "description": "The instance class to be used. See AWS documentation for information on [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/nodes-select-size.html). Required unless `global_replication_group_id` is set. Cannot be set if `global_replication_group_id` is set.\n" + }, + "notificationTopicArn": { + "type": "string", + "description": "An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: `arn:aws:sns:us-east-1:012345678999:my_sns_topic`\n" + }, + "numberCacheClusters": { + "type": "integer", + "description": "The number of cache clusters (primary and replicas) this replication group will have. If Multi-AZ is enabled, the value of this parameter must be at least 2. Updates will occur before other modifications. One of `number_cache_clusters` or `cluster_mode` is required.\n" + }, + "parameterGroupName": { + "type": "string", + "description": "The name of the parameter group to associate with this replication group. If this argument is omitted, the default cache parameter group for the specified engine is used. To enable \"cluster mode\", i.e. data sharding, use a parameter group that has the parameter `cluster-enabled` set to true.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which each of the cache nodes will accept connections. For Memcache the default is 11211, and for Redis the default port is 6379.\n" + }, + "primaryEndpointAddress": { + "type": "string", + "description": "(Redis only) The address of the endpoint for the primary node in the replication group, if the cluster mode is disabled.\n" + }, + "readerEndpointAddress": { + "type": "string", + "description": "(Redis only) The address of the endpoint for the reader node in the replication group, if the cluster mode is disabled.\n" + }, + "replicationGroupDescription": { + "type": "string", + "description": "A user-created description for the replication group.\n" + }, + "replicationGroupId": { + "type": "string", + "description": "The replication group identifier. This parameter is stored as a lowercase string.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more Amazon VPC security groups associated with this replication group. Use this parameter only when you are creating a replication group in an Amazon Virtual Private Cloud\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of cache security group names to associate with this replication group.\n" + }, + "snapshotArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Amazon Resource Names (ARNs) that identify Redis RDB snapshot files stored in Amazon S3. The names object names cannot contain any commas.\n" + }, + "snapshotName": { + "type": "string", + "description": "The name of a snapshot from which to restore data into the new node group. Changing the `snapshot_name` forces a new resource.\n" + }, + "snapshotRetentionLimit": { + "type": "integer", + "description": "The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a `snapshot_retention_limit` is not supported on cache.t1.micro cache nodes\n" + }, + "snapshotWindow": { + "type": "string", + "description": "The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period. Example: `05:00-09:00`\n" + }, + "subnetGroupName": { + "type": "string", + "description": "The name of the cache subnet group to be used for the replication group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitEncryptionEnabled": { + "type": "boolean", + "description": "Whether to enable encryption in transit.\n" + } + }, + "required": [ + "applyImmediately", + "arn", + "atRestEncryptionEnabled", + "clusterEnabled", + "clusterMode", + "configurationEndpointAddress", + "engineVersion", + "engineVersionActual", + "globalReplicationGroupId", + "maintenanceWindow", + "memberClusters", + "nodeType", + "numberCacheClusters", + "parameterGroupName", + "primaryEndpointAddress", + "readerEndpointAddress", + "replicationGroupDescription", + "replicationGroupId", + "securityGroupIds", + "securityGroupNames", + "snapshotWindow", + "subnetGroupName", + "tagsAll", + "transitEncryptionEnabled" + ], + "inputProperties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is `false`.\n" + }, + "atRestEncryptionEnabled": { + "type": "boolean", + "description": "Whether to enable encryption at rest.\n" + }, + "authToken": { + "type": "string", + "description": "The password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true`.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. This parameter is currently not supported by the AWS API. Defaults to `true`.\n" + }, + "automaticFailoverEnabled": { + "type": "boolean", + "description": "Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If enabled, `number_cache_clusters` must be greater than 1. Must be enabled for Redis (cluster mode enabled) replication groups. Defaults to `false`.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important.\n" + }, + "clusterMode": { + "$ref": "#/types/aws:elasticache/ReplicationGroupClusterMode:ReplicationGroupClusterMode", + "description": "Create a native Redis cluster. `automatic_failover_enabled` must be set to true. Cluster Mode documented below. Only 1 `cluster_mode` block is allowed. Note that configuring this block does not enable cluster mode, i.e. data sharding, this requires using a parameter group that has the parameter `cluster-enabled` set to true.\n" + }, + "engine": { + "type": "string", + "description": "The name of the cache engine to be used for the clusters in this replication group. The only valid value is `redis`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The version number of the cache engine to be used for the cache clusters in this replication group. If the version is 6 or higher, only the major version can be set, e.g. `6.x`, otherwise, specify the full version desired, e.g. `5.0.6`. The actual engine version used is returned in the attribute `engine_version_actual`, defined below.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made.\n" + }, + "globalReplicationGroupId": { + "type": "string", + "description": "The ID of the global replication group to which this replication group should belong. If this parameter is specified, the replication group is added to the specified global replication group as a secondary replication group; otherwise, the replication group is not part of any global replication group. If `global_replication_group_id` is set, the `num_node_groups` parameter of the `cluster_mode` block cannot be set.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if `at_rest_encryption_enabled = true`.\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: `sun:05:00-sun:09:00`\n" + }, + "multiAzEnabled": { + "type": "boolean", + "description": "Specifies whether to enable Multi-AZ Support for the replication group. If `true`, `automatic_failover_enabled` must also be enabled. Defaults to `false`.\n" + }, + "nodeType": { + "type": "string", + "description": "The instance class to be used. See AWS documentation for information on [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/nodes-select-size.html). Required unless `global_replication_group_id` is set. Cannot be set if `global_replication_group_id` is set.\n" + }, + "notificationTopicArn": { + "type": "string", + "description": "An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: `arn:aws:sns:us-east-1:012345678999:my_sns_topic`\n" + }, + "numberCacheClusters": { + "type": "integer", + "description": "The number of cache clusters (primary and replicas) this replication group will have. If Multi-AZ is enabled, the value of this parameter must be at least 2. Updates will occur before other modifications. One of `number_cache_clusters` or `cluster_mode` is required.\n" + }, + "parameterGroupName": { + "type": "string", + "description": "The name of the parameter group to associate with this replication group. If this argument is omitted, the default cache parameter group for the specified engine is used. To enable \"cluster mode\", i.e. data sharding, use a parameter group that has the parameter `cluster-enabled` set to true.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which each of the cache nodes will accept connections. For Memcache the default is 11211, and for Redis the default port is 6379.\n" + }, + "replicationGroupDescription": { + "type": "string", + "description": "A user-created description for the replication group.\n" + }, + "replicationGroupId": { + "type": "string", + "description": "The replication group identifier. This parameter is stored as a lowercase string.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more Amazon VPC security groups associated with this replication group. Use this parameter only when you are creating a replication group in an Amazon Virtual Private Cloud\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of cache security group names to associate with this replication group.\n" + }, + "snapshotArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Amazon Resource Names (ARNs) that identify Redis RDB snapshot files stored in Amazon S3. The names object names cannot contain any commas.\n" + }, + "snapshotName": { + "type": "string", + "description": "The name of a snapshot from which to restore data into the new node group. Changing the `snapshot_name` forces a new resource.\n" + }, + "snapshotRetentionLimit": { + "type": "integer", + "description": "The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a `snapshot_retention_limit` is not supported on cache.t1.micro cache nodes\n" + }, + "snapshotWindow": { + "type": "string", + "description": "The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period. Example: `05:00-09:00`\n" + }, + "subnetGroupName": { + "type": "string", + "description": "The name of the cache subnet group to be used for the replication group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitEncryptionEnabled": { + "type": "boolean", + "description": "Whether to enable encryption in transit.\n" + } + }, + "requiredInputs": [ + "replicationGroupDescription" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ReplicationGroup resources.\n", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any modifications are applied immediately, or during the next maintenance window. Default is `false`.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the created ElastiCache Replication Group.\n" + }, + "atRestEncryptionEnabled": { + "type": "boolean", + "description": "Whether to enable encryption at rest.\n" + }, + "authToken": { + "type": "string", + "description": "The password used to access a password protected server. Can be specified only if `transit_encryption_enabled = true`.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Specifies whether a minor engine upgrades will be applied automatically to the underlying Cache Cluster instances during the maintenance window. This parameter is currently not supported by the AWS API. Defaults to `true`.\n" + }, + "automaticFailoverEnabled": { + "type": "boolean", + "description": "Specifies whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails. If enabled, `number_cache_clusters` must be greater than 1. Must be enabled for Redis (cluster mode enabled) replication groups. Defaults to `false`.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 availability zones in which the replication group's cache clusters will be created. The order of the availability zones in the list is not important.\n" + }, + "clusterEnabled": { + "type": "boolean", + "description": "Indicates if cluster mode is enabled.\n" + }, + "clusterMode": { + "$ref": "#/types/aws:elasticache/ReplicationGroupClusterMode:ReplicationGroupClusterMode", + "description": "Create a native Redis cluster. `automatic_failover_enabled` must be set to true. Cluster Mode documented below. Only 1 `cluster_mode` block is allowed. Note that configuring this block does not enable cluster mode, i.e. data sharding, this requires using a parameter group that has the parameter `cluster-enabled` set to true.\n" + }, + "configurationEndpointAddress": { + "type": "string", + "description": "The address of the replication group configuration endpoint when cluster mode is enabled.\n" + }, + "engine": { + "type": "string", + "description": "The name of the cache engine to be used for the clusters in this replication group. The only valid value is `redis`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The version number of the cache engine to be used for the cache clusters in this replication group. If the version is 6 or higher, only the major version can be set, e.g. `6.x`, otherwise, specify the full version desired, e.g. `5.0.6`. The actual engine version used is returned in the attribute `engine_version_actual`, defined below.\n" + }, + "engineVersionActual": { + "type": "string", + "description": "The running version of the cache engine.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final node group (shard) snapshot. ElastiCache creates the snapshot from the primary node in the cluster. If omitted, no final snapshot will be made.\n" + }, + "globalReplicationGroupId": { + "type": "string", + "description": "The ID of the global replication group to which this replication group should belong. If this parameter is specified, the replication group is added to the specified global replication group as a secondary replication group; otherwise, the replication group is not part of any global replication group. If `global_replication_group_id` is set, the `num_node_groups` parameter of the `cluster_mode` block cannot be set.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN of the key that you wish to use if encrypting at rest. If not supplied, uses service managed encryption. Can be specified only if `at_rest_encryption_enabled = true`.\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range for when maintenance on the cache cluster is performed. The format is `ddd:hh24:mi-ddd:hh24:mi` (24H Clock UTC). The minimum maintenance window is a 60 minute period. Example: `sun:05:00-sun:09:00`\n" + }, + "memberClusters": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of all the nodes that are part of this replication group.\n" + }, + "multiAzEnabled": { + "type": "boolean", + "description": "Specifies whether to enable Multi-AZ Support for the replication group. If `true`, `automatic_failover_enabled` must also be enabled. Defaults to `false`.\n" + }, + "nodeType": { + "type": "string", + "description": "The instance class to be used. See AWS documentation for information on [supported node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/CacheNodes.SupportedTypes.html) and [guidance on selecting node types](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/nodes-select-size.html). Required unless `global_replication_group_id` is set. Cannot be set if `global_replication_group_id` is set.\n" + }, + "notificationTopicArn": { + "type": "string", + "description": "An Amazon Resource Name (ARN) of an SNS topic to send ElastiCache notifications to. Example: `arn:aws:sns:us-east-1:012345678999:my_sns_topic`\n" + }, + "numberCacheClusters": { + "type": "integer", + "description": "The number of cache clusters (primary and replicas) this replication group will have. If Multi-AZ is enabled, the value of this parameter must be at least 2. Updates will occur before other modifications. One of `number_cache_clusters` or `cluster_mode` is required.\n" + }, + "parameterGroupName": { + "type": "string", + "description": "The name of the parameter group to associate with this replication group. If this argument is omitted, the default cache parameter group for the specified engine is used. To enable \"cluster mode\", i.e. data sharding, use a parameter group that has the parameter `cluster-enabled` set to true.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which each of the cache nodes will accept connections. For Memcache the default is 11211, and for Redis the default port is 6379.\n" + }, + "primaryEndpointAddress": { + "type": "string", + "description": "(Redis only) The address of the endpoint for the primary node in the replication group, if the cluster mode is disabled.\n" + }, + "readerEndpointAddress": { + "type": "string", + "description": "(Redis only) The address of the endpoint for the reader node in the replication group, if the cluster mode is disabled.\n" + }, + "replicationGroupDescription": { + "type": "string", + "description": "A user-created description for the replication group.\n" + }, + "replicationGroupId": { + "type": "string", + "description": "The replication group identifier. This parameter is stored as a lowercase string.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more Amazon VPC security groups associated with this replication group. Use this parameter only when you are creating a replication group in an Amazon Virtual Private Cloud\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of cache security group names to associate with this replication group.\n" + }, + "snapshotArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Amazon Resource Names (ARNs) that identify Redis RDB snapshot files stored in Amazon S3. The names object names cannot contain any commas.\n" + }, + "snapshotName": { + "type": "string", + "description": "The name of a snapshot from which to restore data into the new node group. Changing the `snapshot_name` forces a new resource.\n" + }, + "snapshotRetentionLimit": { + "type": "integer", + "description": "The number of days for which ElastiCache will retain automatic cache cluster snapshots before deleting them. For example, if you set SnapshotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days before being deleted. If the value of SnapshotRetentionLimit is set to zero (0), backups are turned off. Please note that setting a `snapshot_retention_limit` is not supported on cache.t1.micro cache nodes\n" + }, + "snapshotWindow": { + "type": "string", + "description": "The daily time range (in UTC) during which ElastiCache will begin taking a daily snapshot of your cache cluster. The minimum snapshot window is a 60 minute period. Example: `05:00-09:00`\n" + }, + "subnetGroupName": { + "type": "string", + "description": "The name of the cache subnet group to be used for the replication group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitEncryptionEnabled": { + "type": "boolean", + "description": "Whether to enable encryption in transit.\n" + } + }, + "type": "object" + } + }, + "aws:elasticache/securityGroup:SecurityGroup": { + "description": "Provides an ElastiCache Security Group to control access to one or more cache\nclusters.\n\n> **NOTE:** ElastiCache Security Groups are for use only when working with an\nElastiCache cluster **outside** of a VPC. If you are using a VPC, see the\nElastiCache Subnet Group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst barSecurityGroup = new aws.ec2.SecurityGroup(\"barSecurityGroup\", {});\nconst barElasticache_securityGroupSecurityGroup = new aws.elasticache.SecurityGroup(\"barElasticache/securityGroupSecurityGroup\", {securityGroupNames: [barSecurityGroup.name]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar_security_group = aws.ec2.SecurityGroup(\"barSecurityGroup\")\nbar_elasticache_security_group_security_group = aws.elasticache.SecurityGroup(\"barElasticache/securityGroupSecurityGroup\", security_group_names=[bar_security_group.name])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var barSecurityGroup = new Aws.Ec2.SecurityGroup(\"barSecurityGroup\", new Aws.Ec2.SecurityGroupArgs\n {\n });\n var barElasticache_securityGroupSecurityGroup = new Aws.ElastiCache.SecurityGroup(\"barElasticache/securityGroupSecurityGroup\", new Aws.ElastiCache.SecurityGroupArgs\n {\n SecurityGroupNames = \n {\n barSecurityGroup.Name,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbarSecurityGroup, err := ec2.NewSecurityGroup(ctx, \"barSecurityGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticache.NewSecurityGroup(ctx, \"barElasticache_securityGroupSecurityGroup\", &elasticache.SecurityGroupArgs{\n\t\t\tSecurityGroupNames: pulumi.StringArray{\n\t\t\t\tbarSecurityGroup.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastiCache Security Groups can be imported by name, e.g.\n\n```sh\n $ pulumi import aws:elasticache/securityGroup:SecurityGroup my_ec_security_group ec-security-group-1\n```\n\n ", + "properties": { + "description": { + "type": "string", + "description": "description for the cache security group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "Name for the cache security group. This value is stored as a lowercase string.\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 security group names to be\nauthorized for ingress to the cache security group\n" + } + }, + "required": [ + "description", + "name", + "securityGroupNames" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "description for the cache security group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "Name for the cache security group. This value is stored as a lowercase string.\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 security group names to be\nauthorized for ingress to the cache security group\n" + } + }, + "requiredInputs": [ + "securityGroupNames" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SecurityGroup resources.\n", + "properties": { + "description": { + "type": "string", + "description": "description for the cache security group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "Name for the cache security group. This value is stored as a lowercase string.\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 security group names to be\nauthorized for ingress to the cache security group\n" + } + }, + "type": "object" + } + }, + "aws:elasticache/subnetGroup:SubnetGroup": { + "description": "Provides an ElastiCache Subnet Group resource.\n\n> **NOTE:** ElastiCache Subnet Groups are only for use when working with an\nElastiCache cluster **inside** of a VPC. If you are on EC2 Classic, see the\nElastiCache Security Group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooVpc = new aws.ec2.Vpc(\"fooVpc\", {\n cidrBlock: \"10.0.0.0/16\",\n tags: {\n Name: \"tf-test\",\n },\n});\nconst fooSubnet = new aws.ec2.Subnet(\"fooSubnet\", {\n vpcId: fooVpc.id,\n cidrBlock: \"10.0.0.0/24\",\n availabilityZone: \"us-west-2a\",\n tags: {\n Name: \"tf-test\",\n },\n});\nconst bar = new aws.elasticache.SubnetGroup(\"bar\", {subnetIds: [fooSubnet.id]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_vpc = aws.ec2.Vpc(\"fooVpc\",\n cidr_block=\"10.0.0.0/16\",\n tags={\n \"Name\": \"tf-test\",\n })\nfoo_subnet = aws.ec2.Subnet(\"fooSubnet\",\n vpc_id=foo_vpc.id,\n cidr_block=\"10.0.0.0/24\",\n availability_zone=\"us-west-2a\",\n tags={\n \"Name\": \"tf-test\",\n })\nbar = aws.elasticache.SubnetGroup(\"bar\", subnet_ids=[foo_subnet.id])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooVpc = new Aws.Ec2.Vpc(\"fooVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n Tags = \n {\n { \"Name\", \"tf-test\" },\n },\n });\n var fooSubnet = new Aws.Ec2.Subnet(\"fooSubnet\", new Aws.Ec2.SubnetArgs\n {\n VpcId = fooVpc.Id,\n CidrBlock = \"10.0.0.0/24\",\n AvailabilityZone = \"us-west-2a\",\n Tags = \n {\n { \"Name\", \"tf-test\" },\n },\n });\n var bar = new Aws.ElastiCache.SubnetGroup(\"bar\", new Aws.ElastiCache.SubnetGroupArgs\n {\n SubnetIds = \n {\n fooSubnet.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooVpc, err := ec2.NewVpc(ctx, \"fooVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooSubnet, err := ec2.NewSubnet(ctx, \"fooSubnet\", &ec2.SubnetArgs{\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticache.NewSubnetGroup(ctx, \"bar\", &elasticache.SubnetGroupArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tfooSubnet.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastiCache Subnet Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:elasticache/subnetGroup:SubnetGroup bar tf-test-cache-subnet\n```\n\n ", + "properties": { + "arn": { + "type": "string" + }, + "description": { + "type": "string", + "description": "Description for the cache subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "Name for the cache subnet group. Elasticache converts this name to lowercase.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC Subnet IDs for the cache subnet group\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "description", + "name", + "subnetIds", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description for the cache subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "Name for the cache subnet group. Elasticache converts this name to lowercase.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC Subnet IDs for the cache subnet group\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SubnetGroup resources.\n", + "properties": { + "arn": { + "type": "string" + }, + "description": { + "type": "string", + "description": "Description for the cache subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "Name for the cache subnet group. Elasticache converts this name to lowercase.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC Subnet IDs for the cache subnet group\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:elasticache/user:User": { + "description": "Provides an ElastiCache user resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.elasticache.User(\"test\", {\n accessString: \"on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember\",\n engine: \"REDIS\",\n passwords: [\"password123456789\"],\n userId: \"testUserId\",\n userName: \"testUserName\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.elasticache.User(\"test\",\n access_string=\"on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember\",\n engine=\"REDIS\",\n passwords=[\"password123456789\"],\n user_id=\"testUserId\",\n user_name=\"testUserName\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.ElastiCache.User(\"test\", new Aws.ElastiCache.UserArgs\n {\n AccessString = \"on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember\",\n Engine = \"REDIS\",\n Passwords = \n {\n \"password123456789\",\n },\n UserId = \"testUserId\",\n UserName = \"testUserName\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticache.NewUser(ctx, \"test\", &elasticache.UserArgs{\n\t\t\tAccessString: pulumi.String(\"on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember\"),\n\t\t\tEngine: pulumi.String(\"REDIS\"),\n\t\t\tPasswords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"password123456789\"),\n\t\t\t},\n\t\t\tUserId: pulumi.String(\"testUserId\"),\n\t\t\tUserName: pulumi.String(\"testUserName\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastiCache users can be imported using the `user_id`, e.g.\n\n```sh\n $ pulumi import aws:elasticache/user:User my_user userId1\n```\n\n ", + "properties": { + "accessString": { + "type": "string", + "description": "Access permissions string used for this user. See [Specifying Permissions Using an Access String](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html#Access-string) for more details.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the created ElastiCache User.\n" + }, + "engine": { + "type": "string", + "description": "The current supported value is `REDIS`.\n" + }, + "noPasswordRequired": { + "type": "boolean", + "description": "Indicates a password is not required for this user.\n" + }, + "passwords": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Passwords used for this user. You can create up to two passwords for each user.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags to be added to this resource. A tag is a key-value pair.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "userId": { + "type": "string", + "description": "The ID of the user.\n" + }, + "userName": { + "type": "string", + "description": "The username of the user.\n" + } + }, + "required": [ + "accessString", + "arn", + "engine", + "tagsAll", + "userId", + "userName" + ], + "inputProperties": { + "accessString": { + "type": "string", + "description": "Access permissions string used for this user. See [Specifying Permissions Using an Access String](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html#Access-string) for more details.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the created ElastiCache User.\n" + }, + "engine": { + "type": "string", + "description": "The current supported value is `REDIS`.\n" + }, + "noPasswordRequired": { + "type": "boolean", + "description": "Indicates a password is not required for this user.\n" + }, + "passwords": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Passwords used for this user. You can create up to two passwords for each user.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags to be added to this resource. A tag is a key-value pair.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "userId": { + "type": "string", + "description": "The ID of the user.\n" + }, + "userName": { + "type": "string", + "description": "The username of the user.\n" + } + }, + "requiredInputs": [ + "accessString", + "engine", + "userId", + "userName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering User resources.\n", + "properties": { + "accessString": { + "type": "string", + "description": "Access permissions string used for this user. See [Specifying Permissions Using an Access String](https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/Clusters.RBAC.html#Access-string) for more details.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the created ElastiCache User.\n" + }, + "engine": { + "type": "string", + "description": "The current supported value is `REDIS`.\n" + }, + "noPasswordRequired": { + "type": "boolean", + "description": "Indicates a password is not required for this user.\n" + }, + "passwords": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Passwords used for this user. You can create up to two passwords for each user.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags to be added to this resource. A tag is a key-value pair.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "userId": { + "type": "string", + "description": "The ID of the user.\n" + }, + "userName": { + "type": "string", + "description": "The username of the user.\n" + } + }, + "type": "object" + } + }, + "aws:elasticache/userGroup:UserGroup": { + "description": "Provides an ElastiCache user group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testUser = new aws.elasticache.User(\"testUser\", {\n userId: \"testUserId\",\n userName: \"default\",\n accessString: \"on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember\",\n engine: \"REDIS\",\n passwords: [\"password123456789\"],\n});\nconst testUserGroup = new aws.elasticache.UserGroup(\"testUserGroup\", {\n engine: \"REDIS\",\n userGroupId: \"userGroupId\",\n userIds: [testUser.userId],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_user = aws.elasticache.User(\"testUser\",\n user_id=\"testUserId\",\n user_name=\"default\",\n access_string=\"on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember\",\n engine=\"REDIS\",\n passwords=[\"password123456789\"])\ntest_user_group = aws.elasticache.UserGroup(\"testUserGroup\",\n engine=\"REDIS\",\n user_group_id=\"userGroupId\",\n user_ids=[test_user.user_id])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testUser = new Aws.ElastiCache.User(\"testUser\", new Aws.ElastiCache.UserArgs\n {\n UserId = \"testUserId\",\n UserName = \"default\",\n AccessString = \"on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember\",\n Engine = \"REDIS\",\n Passwords = \n {\n \"password123456789\",\n },\n });\n var testUserGroup = new Aws.ElastiCache.UserGroup(\"testUserGroup\", new Aws.ElastiCache.UserGroupArgs\n {\n Engine = \"REDIS\",\n UserGroupId = \"userGroupId\",\n UserIds = \n {\n testUser.UserId,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestUser, err := elasticache.NewUser(ctx, \"testUser\", &elasticache.UserArgs{\n\t\t\tUserId: pulumi.String(\"testUserId\"),\n\t\t\tUserName: pulumi.String(\"default\"),\n\t\t\tAccessString: pulumi.String(\"on ~app::* -@all +@read +@hash +@bitmap +@geo -setbit -bitfield -hset -hsetnx -hmset -hincrby -hincrbyfloat -hdel -bitop -geoadd -georadius -georadiusbymember\"),\n\t\t\tEngine: pulumi.String(\"REDIS\"),\n\t\t\tPasswords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"password123456789\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticache.NewUserGroup(ctx, \"testUserGroup\", &elasticache.UserGroupArgs{\n\t\t\tEngine: pulumi.String(\"REDIS\"),\n\t\t\tUserGroupId: pulumi.String(\"userGroupId\"),\n\t\t\tUserIds: pulumi.StringArray{\n\t\t\t\ttestUser.UserId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastiCache user groups can be imported using the `user_group_id`, e.g.\n\n```sh\n $ pulumi import aws:elasticache/userGroup:UserGroup my_user_group userGoupId1\n```\n\n ", + "properties": { + "arn": { + "type": "string" + }, + "engine": { + "type": "string", + "description": "The current supported value is `REDIS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "userGroupId": { + "type": "string", + "description": "The ID of the user group.\n" + }, + "userIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of user IDs that belong to the user group.\n" + } + }, + "required": [ + "arn", + "engine", + "tagsAll", + "userGroupId" + ], + "inputProperties": { + "arn": { + "type": "string" + }, + "engine": { + "type": "string", + "description": "The current supported value is `REDIS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "userGroupId": { + "type": "string", + "description": "The ID of the user group.\n" + }, + "userIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of user IDs that belong to the user group.\n" + } + }, + "requiredInputs": [ + "engine", + "userGroupId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserGroup resources.\n", + "properties": { + "arn": { + "type": "string" + }, + "engine": { + "type": "string", + "description": "The current supported value is `REDIS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "userGroupId": { + "type": "string", + "description": "The ID of the user group.\n" + }, + "userIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of user IDs that belong to the user group.\n" + } + }, + "type": "object" + } + }, + "aws:elasticbeanstalk/application:Application": { + "description": "Provides an Elastic Beanstalk Application Resource. Elastic Beanstalk allows\nyou to deploy and manage applications in the AWS cloud without worrying about\nthe infrastructure that runs those applications.\n\nThis resource creates an application that has one configuration template named\n`default`, and no application versions\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst tftest = new aws.elasticbeanstalk.Application(\"tftest\", {\n description: \"tf-test-desc\",\n appversionLifecycle: {\n serviceRole: aws_iam_role.beanstalk_service.arn,\n maxCount: 128,\n deleteSourceFromS3: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntftest = aws.elasticbeanstalk.Application(\"tftest\",\n description=\"tf-test-desc\",\n appversion_lifecycle=aws.elasticbeanstalk.ApplicationAppversionLifecycleArgs(\n service_role=aws_iam_role[\"beanstalk_service\"][\"arn\"],\n max_count=128,\n delete_source_from_s3=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var tftest = new Aws.ElasticBeanstalk.Application(\"tftest\", new Aws.ElasticBeanstalk.ApplicationArgs\n {\n Description = \"tf-test-desc\",\n AppversionLifecycle = new Aws.ElasticBeanstalk.Inputs.ApplicationAppversionLifecycleArgs\n {\n ServiceRole = aws_iam_role.Beanstalk_service.Arn,\n MaxCount = 128,\n DeleteSourceFromS3 = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticbeanstalk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticbeanstalk.NewApplication(ctx, \"tftest\", &elasticbeanstalk.ApplicationArgs{\n\t\t\tDescription: pulumi.String(\"tf-test-desc\"),\n\t\t\tAppversionLifecycle: &elasticbeanstalk.ApplicationAppversionLifecycleArgs{\n\t\t\t\tServiceRole: pulumi.Any(aws_iam_role.Beanstalk_service.Arn),\n\t\t\t\tMaxCount: pulumi.Int(128),\n\t\t\t\tDeleteSourceFromS3: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastic Beanstalk Applications can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:elasticbeanstalk/application:Application tf_test tf-test-name\n```\n\n ", + "properties": { + "appversionLifecycle": { + "$ref": "#/types/aws:elasticbeanstalk/ApplicationAppversionLifecycle:ApplicationAppversionLifecycle" + }, + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this Elastic Beanstalk Application.\n" + }, + "description": { + "type": "string", + "description": "Short description of the application\n" + }, + "name": { + "type": "string", + "description": "The name of the application, must be unique within your account\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "appversionLifecycle": { + "$ref": "#/types/aws:elasticbeanstalk/ApplicationAppversionLifecycle:ApplicationAppversionLifecycle" + }, + "description": { + "type": "string", + "description": "Short description of the application\n" + }, + "name": { + "type": "string", + "description": "The name of the application, must be unique within your account\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Application resources.\n", + "properties": { + "appversionLifecycle": { + "$ref": "#/types/aws:elasticbeanstalk/ApplicationAppversionLifecycle:ApplicationAppversionLifecycle" + }, + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this Elastic Beanstalk Application.\n" + }, + "description": { + "type": "string", + "description": "Short description of the application\n" + }, + "name": { + "type": "string", + "description": "The name of the application, must be unique within your account\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:elasticbeanstalk/applicationVersion:ApplicationVersion": { + "description": "Provides an Elastic Beanstalk Application Version Resource. Elastic Beanstalk allows\nyou to deploy and manage applications in the AWS cloud without worrying about\nthe infrastructure that runs those applications.\n\nThis resource creates a Beanstalk Application Version that can be deployed to a Beanstalk\nEnvironment.\n\n> **NOTE on Application Version Resource:** When using the Application Version resource with multiple\nElastic Beanstalk Environments it is possible that an error may be returned\nwhen attempting to delete an Application Version while it is still in use by a different environment.\nTo work around this you can either create each environment in a separate AWS account or create your `aws.elasticbeanstalk.ApplicationVersion` resources with a unique names in your Elastic Beanstalk Application. For example <revision>-<environment>.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultBucket = new aws.s3.Bucket(\"defaultBucket\", {});\nconst defaultBucketObject = new aws.s3.BucketObject(\"defaultBucketObject\", {\n bucket: defaultBucket.id,\n key: \"beanstalk/go-v1.zip\",\n source: new pulumi.asset.FileAsset(\"go-v1.zip\"),\n});\nconst defaultApplication = new aws.elasticbeanstalk.Application(\"defaultApplication\", {description: \"tf-test-desc\"});\nconst defaultApplicationVersion = new aws.elasticbeanstalk.ApplicationVersion(\"defaultApplicationVersion\", {\n application: \"tf-test-name\",\n description: \"application version\",\n bucket: defaultBucket.id,\n key: defaultBucketObject.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_bucket = aws.s3.Bucket(\"defaultBucket\")\ndefault_bucket_object = aws.s3.BucketObject(\"defaultBucketObject\",\n bucket=default_bucket.id,\n key=\"beanstalk/go-v1.zip\",\n source=pulumi.FileAsset(\"go-v1.zip\"))\ndefault_application = aws.elasticbeanstalk.Application(\"defaultApplication\", description=\"tf-test-desc\")\ndefault_application_version = aws.elasticbeanstalk.ApplicationVersion(\"defaultApplicationVersion\",\n application=\"tf-test-name\",\n description=\"application version\",\n bucket=default_bucket.id,\n key=default_bucket_object.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var defaultBucket = new Aws.S3.Bucket(\"defaultBucket\", new Aws.S3.BucketArgs\n {\n });\n var defaultBucketObject = new Aws.S3.BucketObject(\"defaultBucketObject\", new Aws.S3.BucketObjectArgs\n {\n Bucket = defaultBucket.Id,\n Key = \"beanstalk/go-v1.zip\",\n Source = new FileAsset(\"go-v1.zip\"),\n });\n var defaultApplication = new Aws.ElasticBeanstalk.Application(\"defaultApplication\", new Aws.ElasticBeanstalk.ApplicationArgs\n {\n Description = \"tf-test-desc\",\n });\n var defaultApplicationVersion = new Aws.ElasticBeanstalk.ApplicationVersion(\"defaultApplicationVersion\", new Aws.ElasticBeanstalk.ApplicationVersionArgs\n {\n Application = \"tf-test-name\",\n Description = \"application version\",\n Bucket = defaultBucket.Id,\n Key = defaultBucketObject.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticbeanstalk\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultBucket, err := s3.NewBucket(ctx, \"defaultBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultBucketObject, err := s3.NewBucketObject(ctx, \"defaultBucketObject\", &s3.BucketObjectArgs{\n\t\t\tBucket: defaultBucket.ID(),\n\t\t\tKey: pulumi.String(\"beanstalk/go-v1.zip\"),\n\t\t\tSource: pulumi.NewFileAsset(\"go-v1.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticbeanstalk.NewApplication(ctx, \"defaultApplication\", &elasticbeanstalk.ApplicationArgs{\n\t\t\tDescription: pulumi.String(\"tf-test-desc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticbeanstalk.NewApplicationVersion(ctx, \"defaultApplicationVersion\", &elasticbeanstalk.ApplicationVersionArgs{\n\t\t\tApplication: pulumi.Any(\"tf-test-name\"),\n\t\t\tDescription: pulumi.String(\"application version\"),\n\t\t\tBucket: defaultBucket.ID(),\n\t\t\tKey: defaultBucketObject.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "application": { + "type": "string", + "description": "Name of the Beanstalk Application the version is associated with.\n" + }, + "arn": { + "type": "string", + "description": "ARN assigned by AWS for this Elastic Beanstalk Application.\n" + }, + "bucket": { + "type": "string", + "description": "S3 bucket that contains the Application Version source bundle.\n" + }, + "description": { + "type": "string", + "description": "Short description of the Application Version.\n" + }, + "forceDelete": { + "type": "boolean", + "description": "On delete, force an Application Version to be deleted when it may be in use by multiple Elastic Beanstalk Environments.\n" + }, + "key": { + "type": "string", + "description": "S3 object that is the Application Version source bundle.\n" + }, + "name": { + "type": "string", + "description": "Unique name for the this Application Version.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "application", + "arn", + "bucket", + "key", + "name", + "tagsAll" + ], + "inputProperties": { + "application": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:elasticbeanstalk/application:Application" + } + ], + "description": "Name of the Beanstalk Application the version is associated with.\n" + }, + "bucket": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:s3/bucket:Bucket" + } + ], + "description": "S3 bucket that contains the Application Version source bundle.\n" + }, + "description": { + "type": "string", + "description": "Short description of the Application Version.\n" + }, + "forceDelete": { + "type": "boolean", + "description": "On delete, force an Application Version to be deleted when it may be in use by multiple Elastic Beanstalk Environments.\n" + }, + "key": { + "type": "string", + "description": "S3 object that is the Application Version source bundle.\n" + }, + "name": { + "type": "string", + "description": "Unique name for the this Application Version.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "application", + "bucket", + "key" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ApplicationVersion resources.\n", + "properties": { + "application": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:elasticbeanstalk/application:Application" + } + ], + "description": "Name of the Beanstalk Application the version is associated with.\n" + }, + "arn": { + "type": "string", + "description": "ARN assigned by AWS for this Elastic Beanstalk Application.\n" + }, + "bucket": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:s3/bucket:Bucket" + } + ], + "description": "S3 bucket that contains the Application Version source bundle.\n" + }, + "description": { + "type": "string", + "description": "Short description of the Application Version.\n" + }, + "forceDelete": { + "type": "boolean", + "description": "On delete, force an Application Version to be deleted when it may be in use by multiple Elastic Beanstalk Environments.\n" + }, + "key": { + "type": "string", + "description": "S3 object that is the Application Version source bundle.\n" + }, + "name": { + "type": "string", + "description": "Unique name for the this Application Version.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:elasticbeanstalk/configurationTemplate:ConfigurationTemplate": { + "description": "Provides an Elastic Beanstalk Configuration Template, which are associated with\na specific application and are used to deploy different versions of the\napplication with the same configuration settings.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst tftest = new aws.elasticbeanstalk.Application(\"tftest\", {description: \"tf-test-desc\"});\nconst tfTemplate = new aws.elasticbeanstalk.ConfigurationTemplate(\"tfTemplate\", {\n application: tftest.name,\n solutionStackName: \"64bit Amazon Linux 2015.09 v2.0.8 running Go 1.4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntftest = aws.elasticbeanstalk.Application(\"tftest\", description=\"tf-test-desc\")\ntf_template = aws.elasticbeanstalk.ConfigurationTemplate(\"tfTemplate\",\n application=tftest.name,\n solution_stack_name=\"64bit Amazon Linux 2015.09 v2.0.8 running Go 1.4\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var tftest = new Aws.ElasticBeanstalk.Application(\"tftest\", new Aws.ElasticBeanstalk.ApplicationArgs\n {\n Description = \"tf-test-desc\",\n });\n var tfTemplate = new Aws.ElasticBeanstalk.ConfigurationTemplate(\"tfTemplate\", new Aws.ElasticBeanstalk.ConfigurationTemplateArgs\n {\n Application = tftest.Name,\n SolutionStackName = \"64bit Amazon Linux 2015.09 v2.0.8 running Go 1.4\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticbeanstalk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttftest, err := elasticbeanstalk.NewApplication(ctx, \"tftest\", &elasticbeanstalk.ApplicationArgs{\n\t\t\tDescription: pulumi.String(\"tf-test-desc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticbeanstalk.NewConfigurationTemplate(ctx, \"tfTemplate\", &elasticbeanstalk.ConfigurationTemplateArgs{\n\t\t\tApplication: tftest.Name,\n\t\t\tSolutionStackName: pulumi.String(\"64bit Amazon Linux 2015.09 v2.0.8 running Go 1.4\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Option Settings\n\nThe `setting` field supports the following format:\n\n* `namespace` - unique namespace identifying the option's associated AWS resource\n* `name` - name of the configuration option\n* `value` - value for the configuration option\n* `resource` - (Optional) resource name for [scheduled action](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-autoscalingscheduledaction)\n", + "properties": { + "application": { + "type": "string", + "description": "name of the application to associate with this configuration template\n" + }, + "description": { + "type": "string", + "description": "Short description of the Template\n" + }, + "environmentId": { + "type": "string", + "description": "The ID of the environment used with this configuration template\n" + }, + "name": { + "type": "string", + "description": "A unique name for this Template.\n" + }, + "settings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticbeanstalk/ConfigurationTemplateSetting:ConfigurationTemplateSetting" + }, + "description": "Option settings to configure the new Environment. These\noverride specific values that are set as defaults. The format is detailed\nbelow in Option Settings\n" + }, + "solutionStackName": { + "type": "string", + "description": "A solution stack to base your Template\noff of. Example stacks can be found in the [Amazon API documentation](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html)\n" + } + }, + "required": [ + "application", + "name", + "settings" + ], + "inputProperties": { + "application": { + "type": "string", + "description": "name of the application to associate with this configuration template\n" + }, + "description": { + "type": "string", + "description": "Short description of the Template\n" + }, + "environmentId": { + "type": "string", + "description": "The ID of the environment used with this configuration template\n" + }, + "name": { + "type": "string", + "description": "A unique name for this Template.\n" + }, + "settings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticbeanstalk/ConfigurationTemplateSetting:ConfigurationTemplateSetting" + }, + "description": "Option settings to configure the new Environment. These\noverride specific values that are set as defaults. The format is detailed\nbelow in Option Settings\n" + }, + "solutionStackName": { + "type": "string", + "description": "A solution stack to base your Template\noff of. Example stacks can be found in the [Amazon API documentation](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html)\n" + } + }, + "requiredInputs": [ + "application" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ConfigurationTemplate resources.\n", + "properties": { + "application": { + "type": "string", + "description": "name of the application to associate with this configuration template\n" + }, + "description": { + "type": "string", + "description": "Short description of the Template\n" + }, + "environmentId": { + "type": "string", + "description": "The ID of the environment used with this configuration template\n" + }, + "name": { + "type": "string", + "description": "A unique name for this Template.\n" + }, + "settings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticbeanstalk/ConfigurationTemplateSetting:ConfigurationTemplateSetting" + }, + "description": "Option settings to configure the new Environment. These\noverride specific values that are set as defaults. The format is detailed\nbelow in Option Settings\n" + }, + "solutionStackName": { + "type": "string", + "description": "A solution stack to base your Template\noff of. Example stacks can be found in the [Amazon API documentation](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html)\n" + } + }, + "type": "object" + } + }, + "aws:elasticbeanstalk/environment:Environment": { + "description": "Provides an Elastic Beanstalk Environment Resource. Elastic Beanstalk allows\nyou to deploy and manage applications in the AWS cloud without worrying about\nthe infrastructure that runs those applications.\n\nEnvironments are often things such as `development`, `integration`, or\n`production`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst tftest = new aws.elasticbeanstalk.Application(\"tftest\", {description: \"tf-test-desc\"});\nconst tfenvtest = new aws.elasticbeanstalk.Environment(\"tfenvtest\", {\n application: tftest.name,\n solutionStackName: \"64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntftest = aws.elasticbeanstalk.Application(\"tftest\", description=\"tf-test-desc\")\ntfenvtest = aws.elasticbeanstalk.Environment(\"tfenvtest\",\n application=tftest.name,\n solution_stack_name=\"64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var tftest = new Aws.ElasticBeanstalk.Application(\"tftest\", new Aws.ElasticBeanstalk.ApplicationArgs\n {\n Description = \"tf-test-desc\",\n });\n var tfenvtest = new Aws.ElasticBeanstalk.Environment(\"tfenvtest\", new Aws.ElasticBeanstalk.EnvironmentArgs\n {\n Application = tftest.Name,\n SolutionStackName = \"64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticbeanstalk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttftest, err := elasticbeanstalk.NewApplication(ctx, \"tftest\", &elasticbeanstalk.ApplicationArgs{\n\t\t\tDescription: pulumi.String(\"tf-test-desc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticbeanstalk.NewEnvironment(ctx, \"tfenvtest\", &elasticbeanstalk.EnvironmentArgs{\n\t\t\tApplication: tftest.Name,\n\t\t\tSolutionStackName: pulumi.String(\"64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Option Settings\n\nSome options can be stack-specific, check [AWS Docs](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html)\nfor supported options and examples.\n\nThe `setting` and `all_settings` mappings support the following format:\n\n* `namespace` - unique namespace identifying the option's associated AWS resource\n* `name` - name of the configuration option\n* `value` - value for the configuration option\n* `resource` - (Optional) resource name for [scheduled action](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/command-options-general.html#command-options-general-autoscalingscheduledaction)\n\n### Example With Options\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst tftest = new aws.elasticbeanstalk.Application(\"tftest\", {description: \"tf-test-desc\"});\nconst tfenvtest = new aws.elasticbeanstalk.Environment(\"tfenvtest\", {\n application: tftest.name,\n solutionStackName: \"64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4\",\n settings: [\n {\n namespace: \"aws:ec2:vpc\",\n name: \"VPCId\",\n value: \"vpc-xxxxxxxx\",\n },\n {\n namespace: \"aws:ec2:vpc\",\n name: \"Subnets\",\n value: \"subnet-xxxxxxxx\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntftest = aws.elasticbeanstalk.Application(\"tftest\", description=\"tf-test-desc\")\ntfenvtest = aws.elasticbeanstalk.Environment(\"tfenvtest\",\n application=tftest.name,\n solution_stack_name=\"64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4\",\n settings=[\n aws.elasticbeanstalk.EnvironmentSettingArgs(\n namespace=\"aws:ec2:vpc\",\n name=\"VPCId\",\n value=\"vpc-xxxxxxxx\",\n ),\n aws.elasticbeanstalk.EnvironmentSettingArgs(\n namespace=\"aws:ec2:vpc\",\n name=\"Subnets\",\n value=\"subnet-xxxxxxxx\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var tftest = new Aws.ElasticBeanstalk.Application(\"tftest\", new Aws.ElasticBeanstalk.ApplicationArgs\n {\n Description = \"tf-test-desc\",\n });\n var tfenvtest = new Aws.ElasticBeanstalk.Environment(\"tfenvtest\", new Aws.ElasticBeanstalk.EnvironmentArgs\n {\n Application = tftest.Name,\n SolutionStackName = \"64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4\",\n Settings = \n {\n new Aws.ElasticBeanstalk.Inputs.EnvironmentSettingArgs\n {\n Namespace = \"aws:ec2:vpc\",\n Name = \"VPCId\",\n Value = \"vpc-xxxxxxxx\",\n },\n new Aws.ElasticBeanstalk.Inputs.EnvironmentSettingArgs\n {\n Namespace = \"aws:ec2:vpc\",\n Name = \"Subnets\",\n Value = \"subnet-xxxxxxxx\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticbeanstalk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttftest, err := elasticbeanstalk.NewApplication(ctx, \"tftest\", &elasticbeanstalk.ApplicationArgs{\n\t\t\tDescription: pulumi.String(\"tf-test-desc\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticbeanstalk.NewEnvironment(ctx, \"tfenvtest\", &elasticbeanstalk.EnvironmentArgs{\n\t\t\tApplication: tftest.Name,\n\t\t\tSolutionStackName: pulumi.String(\"64bit Amazon Linux 2015.03 v2.0.3 running Go 1.4\"),\n\t\t\tSettings: elasticbeanstalk.EnvironmentSettingArray{\n\t\t\t\t&elasticbeanstalk.EnvironmentSettingArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"aws:ec2:vpc\"),\n\t\t\t\t\tName: pulumi.String(\"VPCId\"),\n\t\t\t\t\tValue: pulumi.String(\"vpc-xxxxxxxx\"),\n\t\t\t\t},\n\t\t\t\t&elasticbeanstalk.EnvironmentSettingArgs{\n\t\t\t\t\tNamespace: pulumi.String(\"aws:ec2:vpc\"),\n\t\t\t\t\tName: pulumi.String(\"Subnets\"),\n\t\t\t\t\tValue: pulumi.String(\"subnet-xxxxxxxx\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nElastic Beanstalk Environments can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:elasticbeanstalk/environment:Environment prodenv e-rpqsewtp2j\n```\n\n ", + "properties": { + "allSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticbeanstalk/EnvironmentAllSetting:EnvironmentAllSetting" + }, + "description": "List of all option settings configured in this Environment. These\nare a combination of default settings and their overrides from `setting` in\nthe configuration.\n" + }, + "application": { + "type": "string", + "description": "Name of the application that contains the version\nto be deployed\n" + }, + "arn": { + "type": "string" + }, + "autoscalingGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The autoscaling groups used by this Environment.\n" + }, + "cname": { + "type": "string", + "description": "Fully qualified DNS name for this Environment.\n" + }, + "cnamePrefix": { + "type": "string", + "description": "Prefix to use for the fully qualified DNS name of\nthe Environment.\n" + }, + "description": { + "type": "string", + "description": "Short description of the Environment\n" + }, + "endpointUrl": { + "type": "string", + "description": "The URL to the Load Balancer for this Environment\n" + }, + "instances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Instances used by this Environment.\n" + }, + "launchConfigurations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Launch configurations in use by this Environment.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Elastic load balancers in use by this Environment.\n" + }, + "name": { + "type": "string", + "description": "A unique name for this Environment. This name is used\nin the application URL\n" + }, + "platformArn": { + "type": "string", + "description": "The [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of the Elastic Beanstalk [Platform](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-beanstalk-environment.html#cfn-beanstalk-environment-platformarn)\nto use in deployment\n" + }, + "pollInterval": { + "type": "string", + "description": "The time between polling the AWS API to\ncheck if changes have been applied. Use this to adjust the rate of API calls\nfor any `create` or `update` action. Minimum `10s`, maximum `180s`. Omit this to\nuse the default behavior, which is an exponential backoff\n" + }, + "queues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "SQS queues in use by this Environment.\n" + }, + "settings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticbeanstalk/EnvironmentSetting:EnvironmentSetting" + }, + "description": "Option settings to configure the new Environment. These\noverride specific values that are set as defaults. The format is detailed\nbelow in Option Settings\n" + }, + "solutionStackName": { + "type": "string", + "description": "A solution stack to base your environment\noff of. Example stacks can be found in the [Amazon API documentation](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "templateName": { + "type": "string", + "description": "The name of the Elastic Beanstalk Configuration\ntemplate to use in deployment\n" + }, + "tier": { + "type": "string", + "description": "Elastic Beanstalk Environment tier. Valid values are `Worker`\nor `WebServer`. If tier is left blank `WebServer` will be used.\n" + }, + "triggers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Autoscaling triggers in use by this Environment.\n" + }, + "version": { + "type": "string", + "$ref": "#/types/aws:elasticbeanstalk/applicationVersion:ApplicationVersion", + "description": "The name of the Elastic Beanstalk Application Version\nto use in deployment.\n" + }, + "waitForReadyTimeout": { + "type": "string", + "description": "The maximum\n[duration](https://golang.org/pkg/time/#ParseDuration) that this provider should\nwait for an Elastic Beanstalk Environment to be in a ready state before timing\nout.\n" + } + }, + "required": [ + "allSettings", + "application", + "arn", + "autoscalingGroups", + "cname", + "cnamePrefix", + "endpointUrl", + "instances", + "launchConfigurations", + "loadBalancers", + "name", + "platformArn", + "queues", + "solutionStackName", + "tagsAll", + "triggers", + "version" + ], + "inputProperties": { + "application": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:elasticbeanstalk/application:Application" + } + ], + "description": "Name of the application that contains the version\nto be deployed\n" + }, + "cnamePrefix": { + "type": "string", + "description": "Prefix to use for the fully qualified DNS name of\nthe Environment.\n" + }, + "description": { + "type": "string", + "description": "Short description of the Environment\n" + }, + "name": { + "type": "string", + "description": "A unique name for this Environment. This name is used\nin the application URL\n" + }, + "platformArn": { + "type": "string", + "description": "The [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of the Elastic Beanstalk [Platform](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-beanstalk-environment.html#cfn-beanstalk-environment-platformarn)\nto use in deployment\n" + }, + "pollInterval": { + "type": "string", + "description": "The time between polling the AWS API to\ncheck if changes have been applied. Use this to adjust the rate of API calls\nfor any `create` or `update` action. Minimum `10s`, maximum `180s`. Omit this to\nuse the default behavior, which is an exponential backoff\n" + }, + "settings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticbeanstalk/EnvironmentSetting:EnvironmentSetting" + }, + "description": "Option settings to configure the new Environment. These\noverride specific values that are set as defaults. The format is detailed\nbelow in Option Settings\n" + }, + "solutionStackName": { + "type": "string", + "description": "A solution stack to base your environment\noff of. Example stacks can be found in the [Amazon API documentation](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "templateName": { + "type": "string", + "description": "The name of the Elastic Beanstalk Configuration\ntemplate to use in deployment\n" + }, + "tier": { + "type": "string", + "description": "Elastic Beanstalk Environment tier. Valid values are `Worker`\nor `WebServer`. If tier is left blank `WebServer` will be used.\n" + }, + "version": { + "type": "string", + "$ref": "#/types/aws:elasticbeanstalk/applicationVersion:ApplicationVersion", + "description": "The name of the Elastic Beanstalk Application Version\nto use in deployment.\n" + }, + "waitForReadyTimeout": { + "type": "string", + "description": "The maximum\n[duration](https://golang.org/pkg/time/#ParseDuration) that this provider should\nwait for an Elastic Beanstalk Environment to be in a ready state before timing\nout.\n" + } + }, + "requiredInputs": [ + "application" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Environment resources.\n", + "properties": { + "allSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticbeanstalk/EnvironmentAllSetting:EnvironmentAllSetting" + }, + "description": "List of all option settings configured in this Environment. These\nare a combination of default settings and their overrides from `setting` in\nthe configuration.\n" + }, + "application": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:elasticbeanstalk/application:Application" + } + ], + "description": "Name of the application that contains the version\nto be deployed\n" + }, + "arn": { + "type": "string" + }, + "autoscalingGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The autoscaling groups used by this Environment.\n" + }, + "cname": { + "type": "string", + "description": "Fully qualified DNS name for this Environment.\n" + }, + "cnamePrefix": { + "type": "string", + "description": "Prefix to use for the fully qualified DNS name of\nthe Environment.\n" + }, + "description": { + "type": "string", + "description": "Short description of the Environment\n" + }, + "endpointUrl": { + "type": "string", + "description": "The URL to the Load Balancer for this Environment\n" + }, + "instances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Instances used by this Environment.\n" + }, + "launchConfigurations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Launch configurations in use by this Environment.\n" + }, + "loadBalancers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Elastic load balancers in use by this Environment.\n" + }, + "name": { + "type": "string", + "description": "A unique name for this Environment. This name is used\nin the application URL\n" + }, + "platformArn": { + "type": "string", + "description": "The [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of the Elastic Beanstalk [Platform](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-beanstalk-environment.html#cfn-beanstalk-environment-platformarn)\nto use in deployment\n" + }, + "pollInterval": { + "type": "string", + "description": "The time between polling the AWS API to\ncheck if changes have been applied. Use this to adjust the rate of API calls\nfor any `create` or `update` action. Minimum `10s`, maximum `180s`. Omit this to\nuse the default behavior, which is an exponential backoff\n" + }, + "queues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "SQS queues in use by this Environment.\n" + }, + "settings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticbeanstalk/EnvironmentSetting:EnvironmentSetting" + }, + "description": "Option settings to configure the new Environment. These\noverride specific values that are set as defaults. The format is detailed\nbelow in Option Settings\n" + }, + "solutionStackName": { + "type": "string", + "description": "A solution stack to base your environment\noff of. Example stacks can be found in the [Amazon API documentation](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/concepts.platforms.html)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "templateName": { + "type": "string", + "description": "The name of the Elastic Beanstalk Configuration\ntemplate to use in deployment\n" + }, + "tier": { + "type": "string", + "description": "Elastic Beanstalk Environment tier. Valid values are `Worker`\nor `WebServer`. If tier is left blank `WebServer` will be used.\n" + }, + "triggers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Autoscaling triggers in use by this Environment.\n" + }, + "version": { + "type": "string", + "$ref": "#/types/aws:elasticbeanstalk/applicationVersion:ApplicationVersion", + "description": "The name of the Elastic Beanstalk Application Version\nto use in deployment.\n" + }, + "waitForReadyTimeout": { + "type": "string", + "description": "The maximum\n[duration](https://golang.org/pkg/time/#ParseDuration) that this provider should\nwait for an Elastic Beanstalk Environment to be in a ready state before timing\nout.\n" + } + }, + "type": "object" + } + }, + "aws:elasticloadbalancing/appCookieStickinessPolicy:AppCookieStickinessPolicy": { + "description": "Provides an application cookie stickiness policy, which allows an ELB to wed its sticky cookie's expiration to a cookie generated by your application.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.elb.LoadBalancer(\"lb\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\nconst foo = new aws.elb.AppCookieStickinessPolicy(\"foo\", {\n loadBalancer: lb.name,\n lbPort: 80,\n cookieName: \"MyAppCookie\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.elb.LoadBalancer(\"lb\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\nfoo = aws.elb.AppCookieStickinessPolicy(\"foo\",\n load_balancer=lb.name,\n lb_port=80,\n cookie_name=\"MyAppCookie\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lb = new Aws.Elb.LoadBalancer(\"lb\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n var foo = new Aws.Elb.AppCookieStickinessPolicy(\"foo\", new Aws.Elb.AppCookieStickinessPolicyArgs\n {\n LoadBalancer = lb.Name,\n LbPort = 80,\n CookieName = \"MyAppCookie\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlb, err := elb.NewLoadBalancer(ctx, \"lb\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewAppCookieStickinessPolicy(ctx, \"foo\", &elb.AppCookieStickinessPolicyArgs{\n\t\t\tLoadBalancer: lb.Name,\n\t\t\tLbPort: pulumi.Int(80),\n\t\t\tCookieName: pulumi.String(\"MyAppCookie\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApplication cookie stickiness policies can be imported using the ELB name, port, and policy name separated by colons (`:`), e.g.\n\n```sh\n $ pulumi import aws:elasticloadbalancing/appCookieStickinessPolicy:AppCookieStickinessPolicy example my-elb:80:my-policy\n```\n\n ", + "properties": { + "cookieName": { + "type": "string", + "description": "The application cookie whose lifetime the ELB's cookie should follow.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The name of load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "required": [ + "cookieName", + "lbPort", + "loadBalancer", + "name" + ], + "inputProperties": { + "cookieName": { + "type": "string", + "description": "The application cookie whose lifetime the ELB's cookie should follow.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The name of load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "requiredInputs": [ + "cookieName", + "lbPort", + "loadBalancer" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AppCookieStickinessPolicy resources.\n", + "properties": { + "cookieName": { + "type": "string", + "description": "The application cookie whose lifetime the ELB's cookie should follow.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The name of load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancing.AppCookieStickinessPolicy has been deprecated in favor of aws.elb.AppCookieStickinessPolicy" + }, + "aws:elasticloadbalancing/attachment:Attachment": { + "description": "Attaches an EC2 instance to an Elastic Load Balancer (ELB). For attaching resources with Application Load Balancer (ALB) or Network Load Balancer (NLB), see the `aws.lb.TargetGroupAttachment` resource.\n\n> **NOTE on ELB Instances and ELB Attachments:** This provider currently provides\nboth a standalone ELB Attachment resource (describing an instance attached to\nan ELB), and an Elastic Load Balancer resource with\n`instances` defined in-line. At this time you cannot use an ELB with in-line\ninstances in conjunction with an ELB Attachment resource. Doing so will cause a\nconflict and will overwrite attachments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer attachment\nconst baz = new aws.elb.Attachment(\"baz\", {\n elb: aws_elb.bar.id,\n instance: aws_instance.foo.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer attachment\nbaz = aws.elb.Attachment(\"baz\",\n elb=aws_elb[\"bar\"][\"id\"],\n instance=aws_instance[\"foo\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new load balancer attachment\n var baz = new Aws.Elb.Attachment(\"baz\", new Aws.Elb.AttachmentArgs\n {\n Elb = aws_elb.Bar.Id,\n Instance = aws_instance.Foo.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elb.NewAttachment(ctx, \"baz\", &elb.AttachmentArgs{\n\t\t\tElb: pulumi.Any(aws_elb.Bar.Id),\n\t\t\tInstance: pulumi.Any(aws_instance.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "elb": { + "type": "string", + "description": "The name of the ELB.\n" + }, + "instance": { + "type": "string", + "description": "Instance ID to place in the ELB pool.\n" + } + }, + "required": [ + "elb", + "instance" + ], + "inputProperties": { + "elb": { + "type": "string", + "description": "The name of the ELB.\n" + }, + "instance": { + "type": "string", + "description": "Instance ID to place in the ELB pool.\n" + } + }, + "requiredInputs": [ + "elb", + "instance" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Attachment resources.\n", + "properties": { + "elb": { + "type": "string", + "description": "The name of the ELB.\n" + }, + "instance": { + "type": "string", + "description": "Instance ID to place in the ELB pool.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancing.Attachment has been deprecated in favor of aws.elb.Attachment" + }, + "aws:elasticloadbalancing/listenerPolicy:ListenerPolicy": { + "description": "Attaches a load balancer policy to an ELB Listener.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Custom Policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst wu_tang = new aws.elb.LoadBalancer(\"wu-tang\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 443,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n }],\n tags: {\n Name: \"wu-tang\",\n },\n});\nconst wu_tang_ssl = new aws.elb.LoadBalancerPolicy(\"wu-tang-ssl\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ssl\",\n policyTypeName: \"SSLNegotiationPolicyType\",\n policyAttributes: [\n {\n name: \"ECDHE-ECDSA-AES128-GCM-SHA256\",\n value: \"true\",\n },\n {\n name: \"Protocol-TLSv1.2\",\n value: \"true\",\n },\n ],\n});\nconst wu_tang_listener_policies_443 = new aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\", {\n loadBalancerName: wu_tang.name,\n loadBalancerPort: 443,\n policyNames: [wu_tang_ssl.policyName],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwu_tang = aws.elb.LoadBalancer(\"wu-tang\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=443,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n )],\n tags={\n \"Name\": \"wu-tang\",\n })\nwu_tang_ssl = aws.elb.LoadBalancerPolicy(\"wu-tang-ssl\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ssl\",\n policy_type_name=\"SSLNegotiationPolicyType\",\n policy_attributes=[\n aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"ECDHE-ECDSA-AES128-GCM-SHA256\",\n value=\"true\",\n ),\n aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"Protocol-TLSv1.2\",\n value=\"true\",\n ),\n ])\nwu_tang_listener_policies_443 = aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\",\n load_balancer_name=wu_tang.name,\n load_balancer_port=443,\n policy_names=[wu_tang_ssl.policy_name])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var wu_tang = new Aws.Elb.LoadBalancer(\"wu-tang\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 443,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n },\n },\n Tags = \n {\n { \"Name\", \"wu-tang\" },\n },\n });\n var wu_tang_ssl = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ssl\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ssl\",\n PolicyTypeName = \"SSLNegotiationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"ECDHE-ECDSA-AES128-GCM-SHA256\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"Protocol-TLSv1.2\",\n Value = \"true\",\n },\n },\n });\n var wu_tang_listener_policies_443 = new Aws.Elb.ListenerPolicy(\"wu-tang-listener-policies-443\", new Aws.Elb.ListenerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n LoadBalancerPort = 443,\n PolicyNames = \n {\n wu_tang_ssl.PolicyName,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elb.NewLoadBalancer(ctx, \"wu_tang\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(443),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"wu-tang\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancerPolicy(ctx, \"wu_tang_ssl\", &elb.LoadBalancerPolicyArgs{\n\t\t\tLoadBalancerName: wu_tang.Name,\n\t\t\tPolicyName: pulumi.String(\"wu-tang-ssl\"),\n\t\t\tPolicyTypeName: pulumi.String(\"SSLNegotiationPolicyType\"),\n\t\t\tPolicyAttributes: elb.LoadBalancerPolicyPolicyAttributeArray{\n\t\t\t\t&elb.LoadBalancerPolicyPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"ECDHE-ECDSA-AES128-GCM-SHA256\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&elb.LoadBalancerPolicyPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Protocol-TLSv1.2\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewListenerPolicy(ctx, \"wu_tang_listener_policies_443\", &elb.ListenerPolicyArgs{\n\t\t\tLoadBalancerName: wu_tang.Name,\n\t\t\tLoadBalancerPort: pulumi.Int(443),\n\t\t\tPolicyNames: pulumi.StringArray{\n\t\t\t\twu_tang_ssl.PolicyName,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nThis example shows how to customize the TLS settings of an HTTPS listener.\n{{% /example %}}\n{{% example %}}\n### AWS Predefined Security Policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst wu_tang = new aws.elb.LoadBalancer(\"wu-tang\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 443,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n }],\n tags: {\n Name: \"wu-tang\",\n },\n});\nconst wu_tang_ssl_tls_1_1 = new aws.elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ssl\",\n policyTypeName: \"SSLNegotiationPolicyType\",\n policyAttributes: [{\n name: \"Reference-Security-Policy\",\n value: \"ELBSecurityPolicy-TLS-1-1-2017-01\",\n }],\n});\nconst wu_tang_listener_policies_443 = new aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\", {\n loadBalancerName: wu_tang.name,\n loadBalancerPort: 443,\n policyNames: [wu_tang_ssl_tls_1_1.policyName],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwu_tang = aws.elb.LoadBalancer(\"wu-tang\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=443,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n )],\n tags={\n \"Name\": \"wu-tang\",\n })\nwu_tang_ssl_tls_1_1 = aws.elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ssl\",\n policy_type_name=\"SSLNegotiationPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"Reference-Security-Policy\",\n value=\"ELBSecurityPolicy-TLS-1-1-2017-01\",\n )])\nwu_tang_listener_policies_443 = aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\",\n load_balancer_name=wu_tang.name,\n load_balancer_port=443,\n policy_names=[wu_tang_ssl_tls_1_1.policy_name])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var wu_tang = new Aws.Elb.LoadBalancer(\"wu-tang\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 443,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n },\n },\n Tags = \n {\n { \"Name\", \"wu-tang\" },\n },\n });\n var wu_tang_ssl_tls_1_1 = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ssl\",\n PolicyTypeName = \"SSLNegotiationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"Reference-Security-Policy\",\n Value = \"ELBSecurityPolicy-TLS-1-1-2017-01\",\n },\n },\n });\n var wu_tang_listener_policies_443 = new Aws.Elb.ListenerPolicy(\"wu-tang-listener-policies-443\", new Aws.Elb.ListenerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n LoadBalancerPort = 443,\n PolicyNames = \n {\n wu_tang_ssl_tls_1_1.PolicyName,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elb.NewLoadBalancer(ctx, \"wu_tang\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(443),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"wu-tang\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancerPolicy(ctx, \"wu_tang_ssl_tls_1_1\", &elb.LoadBalancerPolicyArgs{\n\t\t\tLoadBalancerName: wu_tang.Name,\n\t\t\tPolicyName: pulumi.String(\"wu-tang-ssl\"),\n\t\t\tPolicyTypeName: pulumi.String(\"SSLNegotiationPolicyType\"),\n\t\t\tPolicyAttributes: elb.LoadBalancerPolicyPolicyAttributeArray{\n\t\t\t\t&elb.LoadBalancerPolicyPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Reference-Security-Policy\"),\n\t\t\t\t\tValue: pulumi.String(\"ELBSecurityPolicy-TLS-1-1-2017-01\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewListenerPolicy(ctx, \"wu_tang_listener_policies_443\", &elb.ListenerPolicyArgs{\n\t\t\tLoadBalancerName: wu_tang.Name,\n\t\t\tLoadBalancerPort: pulumi.Int(443),\n\t\t\tPolicyNames: pulumi.StringArray{\n\t\t\t\twu_tang_ssl_tls_1_1.PolicyName,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nThis example shows how to add a [Predefined Security Policy for ELBs](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html)\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "loadBalancerPort": { + "type": "integer", + "description": "The load balancer listener port to apply the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "required": [ + "loadBalancerName", + "loadBalancerPort" + ], + "inputProperties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "loadBalancerPort": { + "type": "integer", + "description": "The load balancer listener port to apply the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "requiredInputs": [ + "loadBalancerName", + "loadBalancerPort" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ListenerPolicy resources.\n", + "properties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "loadBalancerPort": { + "type": "integer", + "description": "The load balancer listener port to apply the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancing.ListenerPolicy has been deprecated in favor of aws.elb.ListenerPolicy" + }, + "aws:elasticloadbalancing/loadBalancer:LoadBalancer": { + "description": "Provides an Elastic Load Balancer resource, also known as a \"Classic\nLoad Balancer\" after the release of\n`Application/Network Load Balancers`.\n\n> **NOTE on ELB Instances and ELB Attachments:** This provider currently\nprovides both a standalone ELB Attachment resource\n(describing an instance attached to an ELB), and an ELB resource with\n`instances` defined in-line. At this time you cannot use an ELB with in-line\ninstances in conjunction with a ELB Attachment resources. Doing so will cause a\nconflict and will overwrite attachments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer\nconst bar = new aws.elb.LoadBalancer(\"bar\", {\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n accessLogs: {\n bucket: \"foo\",\n bucketPrefix: \"bar\",\n interval: 60,\n },\n listeners: [\n {\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n },\n {\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::123456789012:server-certificate/certName\",\n },\n ],\n healthCheck: {\n healthyThreshold: 2,\n unhealthyThreshold: 2,\n timeout: 3,\n target: \"HTTP:8000/\",\n interval: 30,\n },\n instances: [aws_instance.foo.id],\n crossZoneLoadBalancing: true,\n idleTimeout: 400,\n connectionDraining: true,\n connectionDrainingTimeout: 400,\n tags: {\n Name: \"foobar-elb\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer\nbar = aws.elb.LoadBalancer(\"bar\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n access_logs=aws.elb.LoadBalancerAccessLogsArgs(\n bucket=\"foo\",\n bucket_prefix=\"bar\",\n interval=60,\n ),\n listeners=[\n aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n ),\n aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::123456789012:server-certificate/certName\",\n ),\n ],\n health_check=aws.elb.LoadBalancerHealthCheckArgs(\n healthy_threshold=2,\n unhealthy_threshold=2,\n timeout=3,\n target=\"HTTP:8000/\",\n interval=30,\n ),\n instances=[aws_instance[\"foo\"][\"id\"]],\n cross_zone_load_balancing=True,\n idle_timeout=400,\n connection_draining=True,\n connection_draining_timeout=400,\n tags={\n \"Name\": \"foobar-elb\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new load balancer\n var bar = new Aws.Elb.LoadBalancer(\"bar\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n AccessLogs = new Aws.Elb.Inputs.LoadBalancerAccessLogsArgs\n {\n Bucket = \"foo\",\n BucketPrefix = \"bar\",\n Interval = 60,\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::123456789012:server-certificate/certName\",\n },\n },\n HealthCheck = new Aws.Elb.Inputs.LoadBalancerHealthCheckArgs\n {\n HealthyThreshold = 2,\n UnhealthyThreshold = 2,\n Timeout = 3,\n Target = \"HTTP:8000/\",\n Interval = 30,\n },\n Instances = \n {\n aws_instance.Foo.Id,\n },\n CrossZoneLoadBalancing = true,\n IdleTimeout = 400,\n ConnectionDraining = true,\n ConnectionDrainingTimeout = 400,\n Tags = \n {\n { \"Name\", \"foobar-elb\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elb.NewLoadBalancer(ctx, \"bar\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tAccessLogs: &elb.LoadBalancerAccessLogsArgs{\n\t\t\t\tBucket: pulumi.String(\"foo\"),\n\t\t\t\tBucketPrefix: pulumi.String(\"bar\"),\n\t\t\t\tInterval: pulumi.Int(60),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(\"arn:aws:iam::123456789012:server-certificate/certName\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthCheck: &elb.LoadBalancerHealthCheckArgs{\n\t\t\t\tHealthyThreshold: pulumi.Int(2),\n\t\t\t\tUnhealthyThreshold: pulumi.Int(2),\n\t\t\t\tTimeout: pulumi.Int(3),\n\t\t\t\tTarget: pulumi.String(\"HTTP:8000/\"),\n\t\t\t\tInterval: pulumi.Int(30),\n\t\t\t},\n\t\t\tInstances: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_instance.Foo.Id),\n\t\t\t},\n\t\t\tCrossZoneLoadBalancing: pulumi.Bool(true),\n\t\t\tIdleTimeout: pulumi.Int(400),\n\t\t\tConnectionDraining: pulumi.Bool(true),\n\t\t\tConnectionDrainingTimeout: pulumi.Int(400),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foobar-elb\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Note on ECDSA Key Algorithm\n\nIf the ARN of the `ssl_certificate_id` that is pointed to references a\ncertificate that was signed by an ECDSA key, note that ELB only supports the\nP256 and P384 curves. Using a certificate signed by a key using a different\ncurve could produce the error `ERR_SSL_VERSION_OR_CIPHER_MISMATCH` in your\nbrowser.\n\n\n## Import\n\nELBs can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:elasticloadbalancing/loadBalancer:LoadBalancer bar elb-production-12345\n```\n\n ", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the ELB\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The AZ's to serve traffic in.\n" + }, + "connectionDraining": { + "type": "boolean", + "description": "Boolean to enable connection draining. Default: `false`\n" + }, + "connectionDrainingTimeout": { + "type": "integer", + "description": "The time in seconds to allow for connections to drain. Default: `300`\n" + }, + "crossZoneLoadBalancing": { + "type": "boolean", + "description": "Enable cross-zone load balancing. Default: `true`\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the ELB\n" + }, + "healthCheck": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerHealthCheck:LoadBalancerHealthCheck", + "description": "A health_check block. Health Check documented below.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Default: `60`\n" + }, + "instances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of instance ids to place in the ELB pool.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, ELB will be an internal ELB.\n" + }, + "listeners": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerListener:LoadBalancerListener" + }, + "description": "A list of listener blocks. Listeners documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the ELB. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the ELB.\nOnly valid if creating an ELB within a VPC\n" + }, + "sourceSecurityGroup": { + "type": "string", + "description": "The name of the security group that you can use as\npart of your inbound rules for your load balancer's back-end application\ninstances. Use this for Classic or Default VPC only.\n" + }, + "sourceSecurityGroupId": { + "type": "string", + "description": "The ID of the security group that you can use as\npart of your inbound rules for your load balancer's back-end application\ninstances. Only available on ELBs launched in a VPC.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the ELB.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)\n" + } + }, + "required": [ + "arn", + "availabilityZones", + "dnsName", + "healthCheck", + "instances", + "internal", + "listeners", + "name", + "securityGroups", + "sourceSecurityGroup", + "sourceSecurityGroupId", + "subnets", + "tagsAll", + "zoneId" + ], + "inputProperties": { + "accessLogs": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The AZ's to serve traffic in.\n" + }, + "connectionDraining": { + "type": "boolean", + "description": "Boolean to enable connection draining. Default: `false`\n" + }, + "connectionDrainingTimeout": { + "type": "integer", + "description": "The time in seconds to allow for connections to drain. Default: `300`\n" + }, + "crossZoneLoadBalancing": { + "type": "boolean", + "description": "Enable cross-zone load balancing. Default: `true`\n" + }, + "healthCheck": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerHealthCheck:LoadBalancerHealthCheck", + "description": "A health_check block. Health Check documented below.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Default: `60`\n" + }, + "instances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of instance ids to place in the ELB pool.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, ELB will be an internal ELB.\n" + }, + "listeners": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerListener:LoadBalancerListener" + }, + "description": "A list of listener blocks. Listeners documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the ELB. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the ELB.\nOnly valid if creating an ELB within a VPC\n" + }, + "sourceSecurityGroup": { + "type": "string", + "description": "The name of the security group that you can use as\npart of your inbound rules for your load balancer's back-end application\ninstances. Use this for Classic or Default VPC only.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the ELB.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "listeners" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancer resources.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the ELB\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The AZ's to serve traffic in.\n" + }, + "connectionDraining": { + "type": "boolean", + "description": "Boolean to enable connection draining. Default: `false`\n" + }, + "connectionDrainingTimeout": { + "type": "integer", + "description": "The time in seconds to allow for connections to drain. Default: `300`\n" + }, + "crossZoneLoadBalancing": { + "type": "boolean", + "description": "Enable cross-zone load balancing. Default: `true`\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the ELB\n" + }, + "healthCheck": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerHealthCheck:LoadBalancerHealthCheck", + "description": "A health_check block. Health Check documented below.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Default: `60`\n" + }, + "instances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of instance ids to place in the ELB pool.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, ELB will be an internal ELB.\n" + }, + "listeners": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerListener:LoadBalancerListener" + }, + "description": "A list of listener blocks. Listeners documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the ELB. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the ELB.\nOnly valid if creating an ELB within a VPC\n" + }, + "sourceSecurityGroup": { + "type": "string", + "description": "The name of the security group that you can use as\npart of your inbound rules for your load balancer's back-end application\ninstances. Use this for Classic or Default VPC only.\n" + }, + "sourceSecurityGroupId": { + "type": "string", + "description": "The ID of the security group that you can use as\npart of your inbound rules for your load balancer's back-end application\ninstances. Only available on ELBs launched in a VPC.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the ELB.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancing.LoadBalancer has been deprecated in favor of aws.elb.LoadBalancer" + }, + "aws:elasticloadbalancing/loadBalancerBackendServerPolicy:LoadBalancerBackendServerPolicy": { + "description": "Attaches a load balancer policy to an ELB backend server.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst wu_tang = new aws.elb.LoadBalancer(\"wu-tang\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 443,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n }],\n tags: {\n Name: \"wu-tang\",\n },\n});\nconst wu_tang_ca_pubkey_policy = new aws.elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ca-pubkey-policy\",\n policyTypeName: \"PublicKeyPolicyType\",\n policyAttributes: [{\n name: \"PublicKey\",\n value: fs.readFileSync(\"wu-tang-pubkey\"),\n }],\n});\nconst wu_tang_root_ca_backend_auth_policy = new aws.elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-root-ca-backend-auth-policy\",\n policyTypeName: \"BackendServerAuthenticationPolicyType\",\n policyAttributes: [{\n name: \"PublicKeyPolicyName\",\n value: aws_load_balancer_policy[\"wu-tang-root-ca-pubkey-policy\"].policy_name,\n }],\n});\nconst wu_tang_backend_auth_policies_443 = new aws.elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\", {\n loadBalancerName: wu_tang.name,\n instancePort: 443,\n policyNames: [wu_tang_root_ca_backend_auth_policy.policyName],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwu_tang = aws.elb.LoadBalancer(\"wu-tang\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=443,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n )],\n tags={\n \"Name\": \"wu-tang\",\n })\nwu_tang_ca_pubkey_policy = aws.elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ca-pubkey-policy\",\n policy_type_name=\"PublicKeyPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"PublicKey\",\n value=(lambda path: open(path).read())(\"wu-tang-pubkey\"),\n )])\nwu_tang_root_ca_backend_auth_policy = aws.elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-root-ca-backend-auth-policy\",\n policy_type_name=\"BackendServerAuthenticationPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"PublicKeyPolicyName\",\n value=aws_load_balancer_policy[\"wu-tang-root-ca-pubkey-policy\"][\"policy_name\"],\n )])\nwu_tang_backend_auth_policies_443 = aws.elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\",\n load_balancer_name=wu_tang.name,\n instance_port=443,\n policy_names=[wu_tang_root_ca_backend_auth_policy.policy_name])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var wu_tang = new Aws.Elb.LoadBalancer(\"wu-tang\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 443,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n },\n },\n Tags = \n {\n { \"Name\", \"wu-tang\" },\n },\n });\n var wu_tang_ca_pubkey_policy = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ca-pubkey-policy\",\n PolicyTypeName = \"PublicKeyPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"PublicKey\",\n Value = File.ReadAllText(\"wu-tang-pubkey\"),\n },\n },\n });\n var wu_tang_root_ca_backend_auth_policy = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-root-ca-backend-auth-policy\",\n PolicyTypeName = \"BackendServerAuthenticationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"PublicKeyPolicyName\",\n Value = aws_load_balancer_policy.Wu_tang_root_ca_pubkey_policy.Policy_name,\n },\n },\n });\n var wu_tang_backend_auth_policies_443 = new Aws.Elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\", new Aws.Elb.LoadBalancerBackendServerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n InstancePort = 443,\n PolicyNames = \n {\n wu_tang_root_ca_backend_auth_policy.PolicyName,\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "instancePort": { + "type": "integer", + "description": "The instance port to apply the policy to.\n" + }, + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "required": [ + "instancePort", + "loadBalancerName" + ], + "inputProperties": { + "instancePort": { + "type": "integer", + "description": "The instance port to apply the policy to.\n" + }, + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "requiredInputs": [ + "instancePort", + "loadBalancerName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancerBackendServerPolicy resources.\n", + "properties": { + "instancePort": { + "type": "integer", + "description": "The instance port to apply the policy to.\n" + }, + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancing.LoadBalancerBackendServerPolicy has been deprecated in favor of aws.elb.LoadBalancerBackendServerPolicy" + }, + "aws:elasticloadbalancing/loadBalancerCookieStickinessPolicy:LoadBalancerCookieStickinessPolicy": { + "description": "Provides a load balancer cookie stickiness policy, which allows an ELB to control the sticky session lifetime of the browser.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.elb.LoadBalancer(\"lb\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\nconst foo = new aws.elb.LoadBalancerCookieStickinessPolicy(\"foo\", {\n loadBalancer: lb.id,\n lbPort: 80,\n cookieExpirationPeriod: 600,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.elb.LoadBalancer(\"lb\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\nfoo = aws.elb.LoadBalancerCookieStickinessPolicy(\"foo\",\n load_balancer=lb.id,\n lb_port=80,\n cookie_expiration_period=600)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lb = new Aws.Elb.LoadBalancer(\"lb\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n var foo = new Aws.Elb.LoadBalancerCookieStickinessPolicy(\"foo\", new Aws.Elb.LoadBalancerCookieStickinessPolicyArgs\n {\n LoadBalancer = lb.Id,\n LbPort = 80,\n CookieExpirationPeriod = 600,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlb, err := elb.NewLoadBalancer(ctx, \"lb\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancerCookieStickinessPolicy(ctx, \"foo\", &elb.LoadBalancerCookieStickinessPolicyArgs{\n\t\t\tLoadBalancer: lb.ID(),\n\t\t\tLbPort: pulumi.Int(80),\n\t\t\tCookieExpirationPeriod: pulumi.Int(600),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "cookieExpirationPeriod": { + "type": "integer", + "description": "The time period after which\nthe session cookie should be considered stale, expressed in seconds.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "required": [ + "lbPort", + "loadBalancer", + "name" + ], + "inputProperties": { + "cookieExpirationPeriod": { + "type": "integer", + "description": "The time period after which\nthe session cookie should be considered stale, expressed in seconds.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "requiredInputs": [ + "lbPort", + "loadBalancer" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancerCookieStickinessPolicy resources.\n", + "properties": { + "cookieExpirationPeriod": { + "type": "integer", + "description": "The time period after which\nthe session cookie should be considered stale, expressed in seconds.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancing.LoadBalancerCookieStickinessPolicy has been deprecated in favor of aws.elb.LoadBalancerCookieStickinessPolicy" + }, + "aws:elasticloadbalancing/loadBalancerPolicy:LoadBalancerPolicy": { + "description": "Provides a load balancer policy, which can be attached to an ELB listener or backend server.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst wu_tang = new aws.elb.LoadBalancer(\"wu-tang\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 443,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n }],\n tags: {\n Name: \"wu-tang\",\n },\n});\nconst wu_tang_ca_pubkey_policy = new aws.elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ca-pubkey-policy\",\n policyTypeName: \"PublicKeyPolicyType\",\n policyAttributes: [{\n name: \"PublicKey\",\n value: fs.readFileSync(\"wu-tang-pubkey\"),\n }],\n});\nconst wu_tang_root_ca_backend_auth_policy = new aws.elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-root-ca-backend-auth-policy\",\n policyTypeName: \"BackendServerAuthenticationPolicyType\",\n policyAttributes: [{\n name: \"PublicKeyPolicyName\",\n value: aws_load_balancer_policy[\"wu-tang-root-ca-pubkey-policy\"].policy_name,\n }],\n});\nconst wu_tang_ssl = new aws.elb.LoadBalancerPolicy(\"wu-tang-ssl\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ssl\",\n policyTypeName: \"SSLNegotiationPolicyType\",\n policyAttributes: [\n {\n name: \"ECDHE-ECDSA-AES128-GCM-SHA256\",\n value: \"true\",\n },\n {\n name: \"Protocol-TLSv1.2\",\n value: \"true\",\n },\n ],\n});\nconst wu_tang_ssl_tls_1_1 = new aws.elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ssl\",\n policyTypeName: \"SSLNegotiationPolicyType\",\n policyAttributes: [{\n name: \"Reference-Security-Policy\",\n value: \"ELBSecurityPolicy-TLS-1-1-2017-01\",\n }],\n});\nconst wu_tang_backend_auth_policies_443 = new aws.elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\", {\n loadBalancerName: wu_tang.name,\n instancePort: 443,\n policyNames: [wu_tang_root_ca_backend_auth_policy.policyName],\n});\nconst wu_tang_listener_policies_443 = new aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\", {\n loadBalancerName: wu_tang.name,\n loadBalancerPort: 443,\n policyNames: [wu_tang_ssl.policyName],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwu_tang = aws.elb.LoadBalancer(\"wu-tang\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=443,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n )],\n tags={\n \"Name\": \"wu-tang\",\n })\nwu_tang_ca_pubkey_policy = aws.elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ca-pubkey-policy\",\n policy_type_name=\"PublicKeyPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"PublicKey\",\n value=(lambda path: open(path).read())(\"wu-tang-pubkey\"),\n )])\nwu_tang_root_ca_backend_auth_policy = aws.elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-root-ca-backend-auth-policy\",\n policy_type_name=\"BackendServerAuthenticationPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"PublicKeyPolicyName\",\n value=aws_load_balancer_policy[\"wu-tang-root-ca-pubkey-policy\"][\"policy_name\"],\n )])\nwu_tang_ssl = aws.elb.LoadBalancerPolicy(\"wu-tang-ssl\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ssl\",\n policy_type_name=\"SSLNegotiationPolicyType\",\n policy_attributes=[\n aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"ECDHE-ECDSA-AES128-GCM-SHA256\",\n value=\"true\",\n ),\n aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"Protocol-TLSv1.2\",\n value=\"true\",\n ),\n ])\nwu_tang_ssl_tls_1_1 = aws.elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ssl\",\n policy_type_name=\"SSLNegotiationPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"Reference-Security-Policy\",\n value=\"ELBSecurityPolicy-TLS-1-1-2017-01\",\n )])\nwu_tang_backend_auth_policies_443 = aws.elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\",\n load_balancer_name=wu_tang.name,\n instance_port=443,\n policy_names=[wu_tang_root_ca_backend_auth_policy.policy_name])\nwu_tang_listener_policies_443 = aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\",\n load_balancer_name=wu_tang.name,\n load_balancer_port=443,\n policy_names=[wu_tang_ssl.policy_name])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var wu_tang = new Aws.Elb.LoadBalancer(\"wu-tang\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 443,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n },\n },\n Tags = \n {\n { \"Name\", \"wu-tang\" },\n },\n });\n var wu_tang_ca_pubkey_policy = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ca-pubkey-policy\",\n PolicyTypeName = \"PublicKeyPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"PublicKey\",\n Value = File.ReadAllText(\"wu-tang-pubkey\"),\n },\n },\n });\n var wu_tang_root_ca_backend_auth_policy = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-root-ca-backend-auth-policy\",\n PolicyTypeName = \"BackendServerAuthenticationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"PublicKeyPolicyName\",\n Value = aws_load_balancer_policy.Wu_tang_root_ca_pubkey_policy.Policy_name,\n },\n },\n });\n var wu_tang_ssl = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ssl\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ssl\",\n PolicyTypeName = \"SSLNegotiationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"ECDHE-ECDSA-AES128-GCM-SHA256\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"Protocol-TLSv1.2\",\n Value = \"true\",\n },\n },\n });\n var wu_tang_ssl_tls_1_1 = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ssl\",\n PolicyTypeName = \"SSLNegotiationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"Reference-Security-Policy\",\n Value = \"ELBSecurityPolicy-TLS-1-1-2017-01\",\n },\n },\n });\n var wu_tang_backend_auth_policies_443 = new Aws.Elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\", new Aws.Elb.LoadBalancerBackendServerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n InstancePort = 443,\n PolicyNames = \n {\n wu_tang_root_ca_backend_auth_policy.PolicyName,\n },\n });\n var wu_tang_listener_policies_443 = new Aws.Elb.ListenerPolicy(\"wu-tang-listener-policies-443\", new Aws.Elb.ListenerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n LoadBalancerPort = 443,\n PolicyNames = \n {\n wu_tang_ssl.PolicyName,\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer on which the policy is defined.\n" + }, + "policyAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerPolicyPolicyAttribute:LoadBalancerPolicyPolicyAttribute" + }, + "description": "Policy attribute to apply to the policy.\n" + }, + "policyName": { + "type": "string", + "description": "The name of the load balancer policy.\n" + }, + "policyTypeName": { + "type": "string", + "description": "The policy type.\n" + } + }, + "required": [ + "loadBalancerName", + "policyName", + "policyTypeName" + ], + "inputProperties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer on which the policy is defined.\n" + }, + "policyAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerPolicyPolicyAttribute:LoadBalancerPolicyPolicyAttribute" + }, + "description": "Policy attribute to apply to the policy.\n" + }, + "policyName": { + "type": "string", + "description": "The name of the load balancer policy.\n" + }, + "policyTypeName": { + "type": "string", + "description": "The policy type.\n" + } + }, + "requiredInputs": [ + "loadBalancerName", + "policyName", + "policyTypeName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancerPolicy resources.\n", + "properties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer on which the policy is defined.\n" + }, + "policyAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancing/LoadBalancerPolicyPolicyAttribute:LoadBalancerPolicyPolicyAttribute" + }, + "description": "Policy attribute to apply to the policy.\n" + }, + "policyName": { + "type": "string", + "description": "The name of the load balancer policy.\n" + }, + "policyTypeName": { + "type": "string", + "description": "The policy type.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancing.LoadBalancerPolicy has been deprecated in favor of aws.elb.LoadBalancerPolicy" + }, + "aws:elasticloadbalancing/sslNegotiationPolicy:SslNegotiationPolicy": { + "description": "Provides a load balancer SSL negotiation policy, which allows an ELB to control the ciphers and protocols that are supported during SSL negotiations between a client and a load balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.elb.LoadBalancer(\"lb\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"https\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::123456789012:server-certificate/certName\",\n }],\n});\nconst foo = new aws.elb.SslNegotiationPolicy(\"foo\", {\n loadBalancer: lb.id,\n lbPort: 443,\n attributes: [\n {\n name: \"Protocol-TLSv1\",\n value: \"false\",\n },\n {\n name: \"Protocol-TLSv1.1\",\n value: \"false\",\n },\n {\n name: \"Protocol-TLSv1.2\",\n value: \"true\",\n },\n {\n name: \"Server-Defined-Cipher-Order\",\n value: \"true\",\n },\n {\n name: \"ECDHE-RSA-AES128-GCM-SHA256\",\n value: \"true\",\n },\n {\n name: \"AES128-GCM-SHA256\",\n value: \"true\",\n },\n {\n name: \"EDH-RSA-DES-CBC3-SHA\",\n value: \"false\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.elb.LoadBalancer(\"lb\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"https\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::123456789012:server-certificate/certName\",\n )])\nfoo = aws.elb.SslNegotiationPolicy(\"foo\",\n load_balancer=lb.id,\n lb_port=443,\n attributes=[\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"Protocol-TLSv1\",\n value=\"false\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"Protocol-TLSv1.1\",\n value=\"false\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"Protocol-TLSv1.2\",\n value=\"true\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"Server-Defined-Cipher-Order\",\n value=\"true\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"ECDHE-RSA-AES128-GCM-SHA256\",\n value=\"true\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"AES128-GCM-SHA256\",\n value=\"true\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"EDH-RSA-DES-CBC3-SHA\",\n value=\"false\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lb = new Aws.Elb.LoadBalancer(\"lb\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"https\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::123456789012:server-certificate/certName\",\n },\n },\n });\n var foo = new Aws.Elb.SslNegotiationPolicy(\"foo\", new Aws.Elb.SslNegotiationPolicyArgs\n {\n LoadBalancer = lb.Id,\n LbPort = 443,\n Attributes = \n {\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"Protocol-TLSv1\",\n Value = \"false\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"Protocol-TLSv1.1\",\n Value = \"false\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"Protocol-TLSv1.2\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"Server-Defined-Cipher-Order\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"ECDHE-RSA-AES128-GCM-SHA256\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"AES128-GCM-SHA256\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"EDH-RSA-DES-CBC3-SHA\",\n Value = \"false\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlb, err := elb.NewLoadBalancer(ctx, \"lb\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(\"arn:aws:iam::123456789012:server-certificate/certName\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewSslNegotiationPolicy(ctx, \"foo\", &elb.SslNegotiationPolicyArgs{\n\t\t\tLoadBalancer: lb.ID(),\n\t\t\tLbPort: pulumi.Int(443),\n\t\t\tAttributes: elb.SslNegotiationPolicyAttributeArray{\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Protocol-TLSv1\"),\n\t\t\t\t\tValue: pulumi.String(\"false\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Protocol-TLSv1.1\"),\n\t\t\t\t\tValue: pulumi.String(\"false\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Protocol-TLSv1.2\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Server-Defined-Cipher-Order\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"ECDHE-RSA-AES128-GCM-SHA256\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"AES128-GCM-SHA256\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"EDH-RSA-DES-CBC3-SHA\"),\n\t\t\t\t\tValue: pulumi.String(\"false\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancing/SslNegotiationPolicyAttribute:SslNegotiationPolicyAttribute" + }, + "description": "An SSL Negotiation policy attribute. Each has two properties:\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the attribute\n" + } + }, + "required": [ + "lbPort", + "loadBalancer", + "name" + ], + "inputProperties": { + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancing/SslNegotiationPolicyAttribute:SslNegotiationPolicyAttribute" + }, + "description": "An SSL Negotiation policy attribute. Each has two properties:\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the attribute\n" + } + }, + "requiredInputs": [ + "lbPort", + "loadBalancer" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SslNegotiationPolicy resources.\n", + "properties": { + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancing/SslNegotiationPolicyAttribute:SslNegotiationPolicyAttribute" + }, + "description": "An SSL Negotiation policy attribute. Each has two properties:\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the attribute\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancing.SslNegotiationPolicy has been deprecated in favor of aws.elb.SslNegotiationPolicy" + }, + "aws:elasticloadbalancingv2/listener:Listener": { + "description": "Provides a Load Balancer Listener resource.\n\n> **Note:** `aws.alb.Listener` is known as `aws.lb.Listener`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Forward Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"443\",\n protocol: \"HTTPS\",\n sslPolicy: \"ELBSecurityPolicy-2016-08\",\n certificateArn: \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n defaultActions: [{\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=443,\n protocol=\"HTTPS\",\n ssl_policy=\"ELBSecurityPolicy-2016-08\",\n certificate_arn=\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 443,\n Protocol = \"HTTPS\",\n SslPolicy = \"ELBSecurityPolicy-2016-08\",\n CertificateArn = \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\tSslPolicy: pulumi.String(\"ELBSecurityPolicy-2016-08\"),\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nTo a NLB:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEnd = new aws.lb.Listener(\"frontEnd\", {\n loadBalancerArn: aws_lb.front_end.arn,\n port: \"443\",\n protocol: \"TLS\",\n certificateArn: \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n alpnPolicy: \"HTTP2Preferred\",\n defaultActions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.front_end.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end = aws.lb.Listener(\"frontEnd\",\n load_balancer_arn=aws_lb[\"front_end\"][\"arn\"],\n port=443,\n protocol=\"TLS\",\n certificate_arn=\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n alpn_policy=\"HTTP2Preferred\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"front_end\"][\"arn\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEnd = new Aws.LB.Listener(\"frontEnd\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = aws_lb.Front_end.Arn,\n Port = 443,\n Protocol = \"TLS\",\n CertificateArn = \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n AlpnPolicy = \"HTTP2Preferred\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Front_end.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewListener(ctx, \"frontEnd\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: pulumi.Any(aws_lb.Front_end.Arn),\n\t\t\tPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"TLS\"),\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\"),\n\t\t\tAlpnPolicy: pulumi.String(\"HTTP2Preferred\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Front_end.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Redirect Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [{\n type: \"redirect\",\n redirect: {\n port: \"443\",\n protocol: \"HTTPS\",\n statusCode: \"HTTP_301\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"redirect\",\n redirect=aws.lb.ListenerDefaultActionRedirectArgs(\n port=\"443\",\n protocol=\"HTTPS\",\n status_code=\"HTTP_301\",\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"redirect\",\n Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs\n {\n Port = \"443\",\n Protocol = \"HTTPS\",\n StatusCode = \"HTTP_301\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"redirect\"),\n\t\t\t\t\tRedirect: &lb.ListenerDefaultActionRedirectArgs{\n\t\t\t\t\t\tPort: pulumi.String(\"443\"),\n\t\t\t\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"HTTP_301\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Fixed-response Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [{\n type: \"fixed-response\",\n fixedResponse: {\n contentType: \"text/plain\",\n messageBody: \"Fixed response content\",\n statusCode: \"200\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"fixed-response\",\n fixed_response=aws.lb.ListenerDefaultActionFixedResponseArgs(\n content_type=\"text/plain\",\n message_body=\"Fixed response content\",\n status_code=\"200\",\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"fixed-response\",\n FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs\n {\n ContentType = \"text/plain\",\n MessageBody = \"Fixed response content\",\n StatusCode = \"200\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"fixed-response\"),\n\t\t\t\t\tFixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{\n\t\t\t\t\t\tContentType: pulumi.String(\"text/plain\"),\n\t\t\t\t\t\tMessageBody: pulumi.String(\"Fixed response content\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Authenticate-cognito Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n// ...\nconst client = new aws.cognito.UserPoolClient(\"client\", {});\n// ...\nconst domain = new aws.cognito.UserPoolDomain(\"domain\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [\n {\n type: \"authenticate-cognito\",\n authenticateCognito: {\n userPoolArn: pool.arn,\n userPoolClientId: client.id,\n userPoolDomain: domain.domain,\n },\n },\n {\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\npool = aws.cognito.UserPool(\"pool\")\n# ...\nclient = aws.cognito.UserPoolClient(\"client\")\n# ...\ndomain = aws.cognito.UserPoolDomain(\"domain\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[\n aws.lb.ListenerDefaultActionArgs(\n type=\"authenticate-cognito\",\n authenticate_cognito=aws.lb.ListenerDefaultActionAuthenticateCognitoArgs(\n user_pool_arn=pool.arn,\n user_pool_client_id=client.id,\n user_pool_domain=domain.domain,\n ),\n ),\n aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n // ...\n var client = new Aws.Cognito.UserPoolClient(\"client\", new Aws.Cognito.UserPoolClientArgs\n {\n });\n // ...\n var domain = new Aws.Cognito.UserPoolDomain(\"domain\", new Aws.Cognito.UserPoolDomainArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"authenticate-cognito\",\n AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs\n {\n UserPoolArn = pool.Arn,\n UserPoolClientId = client.Id,\n UserPoolDomain = domain.Domain,\n },\n },\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := cognito.NewUserPoolClient(ctx, \"client\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdomain, err := cognito.NewUserPoolDomain(ctx, \"domain\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-cognito\"),\n\t\t\t\t\tAuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{\n\t\t\t\t\t\tUserPoolArn: pool.Arn,\n\t\t\t\t\t\tUserPoolClientId: client.ID(),\n\t\t\t\t\t\tUserPoolDomain: domain.Domain,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Authenticate-OIDC Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [\n {\n type: \"authenticate-oidc\",\n authenticateOidc: {\n authorizationEndpoint: \"https://example.com/authorization_endpoint\",\n clientId: \"client_id\",\n clientSecret: \"client_secret\",\n issuer: \"https://example.com\",\n tokenEndpoint: \"https://example.com/token_endpoint\",\n userInfoEndpoint: \"https://example.com/user_info_endpoint\",\n },\n },\n {\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[\n aws.lb.ListenerDefaultActionArgs(\n type=\"authenticate-oidc\",\n authenticate_oidc=aws.lb.ListenerDefaultActionAuthenticateOidcArgs(\n authorization_endpoint=\"https://example.com/authorization_endpoint\",\n client_id=\"client_id\",\n client_secret=\"client_secret\",\n issuer=\"https://example.com\",\n token_endpoint=\"https://example.com/token_endpoint\",\n user_info_endpoint=\"https://example.com/user_info_endpoint\",\n ),\n ),\n aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"authenticate-oidc\",\n AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs\n {\n AuthorizationEndpoint = \"https://example.com/authorization_endpoint\",\n ClientId = \"client_id\",\n ClientSecret = \"client_secret\",\n Issuer = \"https://example.com\",\n TokenEndpoint = \"https://example.com/token_endpoint\",\n UserInfoEndpoint = \"https://example.com/user_info_endpoint\",\n },\n },\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-oidc\"),\n\t\t\t\t\tAuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{\n\t\t\t\t\t\tAuthorizationEndpoint: pulumi.String(\"https://example.com/authorization_endpoint\"),\n\t\t\t\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"client_secret\"),\n\t\t\t\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\t\t\t\tTokenEndpoint: pulumi.String(\"https://example.com/token_endpoint\"),\n\t\t\t\t\t\tUserInfoEndpoint: pulumi.String(\"https://example.com/user_info_endpoint\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Gateway Load Balancer Listener\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLoadBalancer = new aws.lb.LoadBalancer(\"exampleLoadBalancer\", {\n loadBalancerType: \"gateway\",\n subnetMappings: [{\n subnetId: aws_subnet.example.id,\n }],\n});\nconst exampleTargetGroup = new aws.lb.TargetGroup(\"exampleTargetGroup\", {\n port: 6081,\n protocol: \"GENEVE\",\n vpcId: aws_vpc.example.id,\n healthCheck: {\n port: 80,\n protocol: \"HTTP\",\n },\n});\nconst exampleListener = new aws.lb.Listener(\"exampleListener\", {\n loadBalancerArn: exampleLoadBalancer.id,\n defaultActions: [{\n targetGroupArn: exampleTargetGroup.id,\n type: \"forward\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_load_balancer = aws.lb.LoadBalancer(\"exampleLoadBalancer\",\n load_balancer_type=\"gateway\",\n subnet_mappings=[aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example\"][\"id\"],\n )])\nexample_target_group = aws.lb.TargetGroup(\"exampleTargetGroup\",\n port=6081,\n protocol=\"GENEVE\",\n vpc_id=aws_vpc[\"example\"][\"id\"],\n health_check=aws.lb.TargetGroupHealthCheckArgs(\n port=\"80\",\n protocol=\"HTTP\",\n ))\nexample_listener = aws.lb.Listener(\"exampleListener\",\n load_balancer_arn=example_load_balancer.id,\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n target_group_arn=example_target_group.id,\n type=\"forward\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLoadBalancer = new Aws.LB.LoadBalancer(\"exampleLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"gateway\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example.Id,\n },\n },\n });\n var exampleTargetGroup = new Aws.LB.TargetGroup(\"exampleTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n Port = 6081,\n Protocol = \"GENEVE\",\n VpcId = aws_vpc.Example.Id,\n HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs\n {\n Port = \"80\",\n Protocol = \"HTTP\",\n },\n });\n var exampleListener = new Aws.LB.Listener(\"exampleListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = exampleLoadBalancer.Id,\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n TargetGroupArn = exampleTargetGroup.Id,\n Type = \"forward\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLoadBalancer, err := lb.NewLoadBalancer(ctx, \"exampleLoadBalancer\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"gateway\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTargetGroup, err := lb.NewTargetGroup(ctx, \"exampleTargetGroup\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(6081),\n\t\t\tProtocol: pulumi.String(\"GENEVE\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\tHealthCheck: &lb.TargetGroupHealthCheckArgs{\n\t\t\t\tPort: pulumi.String(\"80\"),\n\t\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"exampleListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: exampleLoadBalancer.ID(),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tTargetGroupArn: exampleTargetGroup.ID(),\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nListeners can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:elasticloadbalancingv2/listener:Listener front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96\n```\n\n ", + "properties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the target group.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "defaultActions", + "loadBalancerArn", + "protocol", + "sslPolicy", + "tagsAll" + ], + "inputProperties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "defaultActions", + "loadBalancerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Listener resources.\n", + "properties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the target group.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancingv2.Listener has been deprecated in favor of aws.lb.Listener" + }, + "aws:elasticloadbalancingv2/listenerCertificate:ListenerCertificate": { + "description": "Provides a Load Balancer Listener Certificate resource.\n\nThis resource is for additional certificates and does not replace the default certificate on the listener.\n\n> **Note:** `aws.alb.ListenerCertificate` is known as `aws.lb.ListenerCertificate`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleCertificate = new aws.acm.Certificate(\"exampleCertificate\", {});\n// ...\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {});\n// ...\nconst exampleListenerCertificate = new aws.lb.ListenerCertificate(\"exampleListenerCertificate\", {\n listenerArn: frontEndListener.arn,\n certificateArn: exampleCertificate.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_certificate = aws.acm.Certificate(\"exampleCertificate\")\n# ...\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\")\n# ...\nexample_listener_certificate = aws.lb.ListenerCertificate(\"exampleListenerCertificate\",\n listener_arn=front_end_listener.arn,\n certificate_arn=example_certificate.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleCertificate = new Aws.Acm.Certificate(\"exampleCertificate\", new Aws.Acm.CertificateArgs\n {\n });\n // ...\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n });\n // ...\n var exampleListenerCertificate = new Aws.LB.ListenerCertificate(\"exampleListenerCertificate\", new Aws.LB.ListenerCertificateArgs\n {\n ListenerArn = frontEndListener.Arn,\n CertificateArn = exampleCertificate.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCertificate, err := acm.NewCertificate(ctx, \"exampleCertificate\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndListener, err := lb.NewListener(ctx, \"frontEndListener\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerCertificate(ctx, \"exampleListenerCertificate\", &lb.ListenerCertificateArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tCertificateArn: exampleCertificate.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nListener Certificates can be imported using their id, e.g.\n\n```sh\n $ pulumi import aws:elasticloadbalancingv2/listenerCertificate:ListenerCertificate example arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/test/8e4497da625e2d8a/9ab28ade35828f96/67b3d2d36dd7c26b_arn:aws:iam::123456789012:server-certificate/tf-acc-test-6453083910015726063\n```\n\n ", + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "required": [ + "certificateArn", + "listenerArn" + ], + "inputProperties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "requiredInputs": [ + "certificateArn", + "listenerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ListenerCertificate resources.\n", + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancingv2.ListenerCertificate has been deprecated in favor of aws.lb.ListenerCertificate" + }, + "aws:elasticloadbalancingv2/listenerRule:ListenerRule": { + "description": "Provides a Load Balancer Listener Rule resource.\n\n> **Note:** `aws.alb.ListenerRule` is known as `aws.lb.ListenerRule`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {});\n// Other parameters\nconst static = new aws.lb.ListenerRule(\"static\", {\n listenerArn: frontEndListener.arn,\n priority: 100,\n actions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n }],\n conditions: [\n {\n pathPattern: {\n values: [\"/static/*\"],\n },\n },\n {\n hostHeader: {\n values: [\"example.com\"],\n },\n },\n ],\n});\n// Forward action\nconst hostBasedWeightedRouting = new aws.lb.ListenerRule(\"hostBasedWeightedRouting\", {\n listenerArn: frontEndListener.arn,\n priority: 99,\n actions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n }],\n conditions: [{\n hostHeader: {\n values: [\"my-service.*.mycompany.io\"],\n },\n }],\n});\n// Weighted Forward action\nconst hostBasedRouting = new aws.lb.ListenerRule(\"hostBasedRouting\", {\n listenerArn: frontEndListener.arn,\n priority: 99,\n actions: [{\n type: \"forward\",\n forward: {\n targetGroups: [\n {\n arn: aws_lb_target_group.main.arn,\n weight: 80,\n },\n {\n arn: aws_lb_target_group.canary.arn,\n weight: 20,\n },\n ],\n stickiness: {\n enabled: true,\n duration: 600,\n },\n },\n }],\n conditions: [{\n hostHeader: {\n values: [\"my-service.*.mycompany.io\"],\n },\n }],\n});\n// Redirect action\nconst redirectHttpToHttps = new aws.lb.ListenerRule(\"redirectHttpToHttps\", {\n listenerArn: frontEndListener.arn,\n actions: [{\n type: \"redirect\",\n redirect: {\n port: \"443\",\n protocol: \"HTTPS\",\n statusCode: \"HTTP_301\",\n },\n }],\n conditions: [{\n httpHeader: {\n httpHeaderName: \"X-Forwarded-For\",\n values: [\"192.168.1.*\"],\n },\n }],\n});\n// Fixed-response action\nconst healthCheck = new aws.lb.ListenerRule(\"healthCheck\", {\n listenerArn: frontEndListener.arn,\n actions: [{\n type: \"fixed-response\",\n fixedResponse: {\n contentType: \"text/plain\",\n messageBody: \"HEALTHY\",\n statusCode: \"200\",\n },\n }],\n conditions: [{\n queryStrings: [\n {\n key: \"health\",\n value: \"check\",\n },\n {\n value: \"bar\",\n },\n ],\n }],\n});\n// Authenticate-cognito Action\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n// ...\nconst client = new aws.cognito.UserPoolClient(\"client\", {});\n// ...\nconst domain = new aws.cognito.UserPoolDomain(\"domain\", {});\n// ...\nconst admin = new aws.lb.ListenerRule(\"admin\", {\n listenerArn: frontEndListener.arn,\n actions: [\n {\n type: \"authenticate-cognito\",\n authenticateCognito: {\n userPoolArn: pool.arn,\n userPoolClientId: client.id,\n userPoolDomain: domain.domain,\n },\n },\n {\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n },\n ],\n});\n// Authenticate-oidc Action\nconst oidc = new aws.lb.ListenerRule(\"oidc\", {\n listenerArn: frontEndListener.arn,\n actions: [\n {\n type: \"authenticate-oidc\",\n authenticateOidc: {\n authorizationEndpoint: \"https://example.com/authorization_endpoint\",\n clientId: \"client_id\",\n clientSecret: \"client_secret\",\n issuer: \"https://example.com\",\n tokenEndpoint: \"https://example.com/token_endpoint\",\n userInfoEndpoint: \"https://example.com/user_info_endpoint\",\n },\n },\n {\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\")\n# Other parameters\nstatic = aws.lb.ListenerRule(\"static\",\n listener_arn=front_end_listener.arn,\n priority=100,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n )],\n conditions=[\n aws.lb.ListenerRuleConditionArgs(\n path_pattern=aws.lb.ListenerRuleConditionPathPatternArgs(\n values=[\"/static/*\"],\n ),\n ),\n aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"example.com\"],\n ),\n ),\n ])\n# Forward action\nhost_based_weighted_routing = aws.lb.ListenerRule(\"hostBasedWeightedRouting\",\n listener_arn=front_end_listener.arn,\n priority=99,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"my-service.*.mycompany.io\"],\n ),\n )])\n# Weighted Forward action\nhost_based_routing = aws.lb.ListenerRule(\"hostBasedRouting\",\n listener_arn=front_end_listener.arn,\n priority=99,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n forward=aws.lb.ListenerRuleActionForwardArgs(\n target_groups=[\n aws.lb.ListenerRuleActionForwardTargetGroupArgs(\n arn=aws_lb_target_group[\"main\"][\"arn\"],\n weight=80,\n ),\n aws.lb.ListenerRuleActionForwardTargetGroupArgs(\n arn=aws_lb_target_group[\"canary\"][\"arn\"],\n weight=20,\n ),\n ],\n stickiness=aws.lb.ListenerRuleActionForwardStickinessArgs(\n enabled=True,\n duration=600,\n ),\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"my-service.*.mycompany.io\"],\n ),\n )])\n# Redirect action\nredirect_http_to_https = aws.lb.ListenerRule(\"redirectHttpToHttps\",\n listener_arn=front_end_listener.arn,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"redirect\",\n redirect=aws.lb.ListenerRuleActionRedirectArgs(\n port=\"443\",\n protocol=\"HTTPS\",\n status_code=\"HTTP_301\",\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n http_header=aws.lb.ListenerRuleConditionHttpHeaderArgs(\n http_header_name=\"X-Forwarded-For\",\n values=[\"192.168.1.*\"],\n ),\n )])\n# Fixed-response action\nhealth_check = aws.lb.ListenerRule(\"healthCheck\",\n listener_arn=front_end_listener.arn,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"fixed-response\",\n fixed_response=aws.lb.ListenerRuleActionFixedResponseArgs(\n content_type=\"text/plain\",\n message_body=\"HEALTHY\",\n status_code=\"200\",\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n query_strings=[\n aws.lb.ListenerRuleConditionQueryStringArgs(\n key=\"health\",\n value=\"check\",\n ),\n aws.lb.ListenerRuleConditionQueryStringArgs(\n value=\"bar\",\n ),\n ],\n )])\n# Authenticate-cognito Action\npool = aws.cognito.UserPool(\"pool\")\n# ...\nclient = aws.cognito.UserPoolClient(\"client\")\n# ...\ndomain = aws.cognito.UserPoolDomain(\"domain\")\n# ...\nadmin = aws.lb.ListenerRule(\"admin\",\n listener_arn=front_end_listener.arn,\n actions=[\n aws.lb.ListenerRuleActionArgs(\n type=\"authenticate-cognito\",\n authenticate_cognito=aws.lb.ListenerRuleActionAuthenticateCognitoArgs(\n user_pool_arn=pool.arn,\n user_pool_client_id=client.id,\n user_pool_domain=domain.domain,\n ),\n ),\n aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n ),\n ])\n# Authenticate-oidc Action\noidc = aws.lb.ListenerRule(\"oidc\",\n listener_arn=front_end_listener.arn,\n actions=[\n aws.lb.ListenerRuleActionArgs(\n type=\"authenticate-oidc\",\n authenticate_oidc=aws.lb.ListenerRuleActionAuthenticateOidcArgs(\n authorization_endpoint=\"https://example.com/authorization_endpoint\",\n client_id=\"client_id\",\n client_secret=\"client_secret\",\n issuer=\"https://example.com\",\n token_endpoint=\"https://example.com/token_endpoint\",\n user_info_endpoint=\"https://example.com/user_info_endpoint\",\n ),\n ),\n aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n });\n // Other parameters\n var @static = new Aws.LB.ListenerRule(\"static\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 100,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n PathPattern = new Aws.LB.Inputs.ListenerRuleConditionPathPatternArgs\n {\n Values = \n {\n \"/static/*\",\n },\n },\n },\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"example.com\",\n },\n },\n },\n },\n });\n // Forward action\n var hostBasedWeightedRouting = new Aws.LB.ListenerRule(\"hostBasedWeightedRouting\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 99,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"my-service.*.mycompany.io\",\n },\n },\n },\n },\n });\n // Weighted Forward action\n var hostBasedRouting = new Aws.LB.ListenerRule(\"hostBasedRouting\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 99,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n Forward = new Aws.LB.Inputs.ListenerRuleActionForwardArgs\n {\n TargetGroups = \n {\n new Aws.LB.Inputs.ListenerRuleActionForwardTargetGroupArgs\n {\n Arn = aws_lb_target_group.Main.Arn,\n Weight = 80,\n },\n new Aws.LB.Inputs.ListenerRuleActionForwardTargetGroupArgs\n {\n Arn = aws_lb_target_group.Canary.Arn,\n Weight = 20,\n },\n },\n Stickiness = new Aws.LB.Inputs.ListenerRuleActionForwardStickinessArgs\n {\n Enabled = true,\n Duration = 600,\n },\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"my-service.*.mycompany.io\",\n },\n },\n },\n },\n });\n // Redirect action\n var redirectHttpToHttps = new Aws.LB.ListenerRule(\"redirectHttpToHttps\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"redirect\",\n Redirect = new Aws.LB.Inputs.ListenerRuleActionRedirectArgs\n {\n Port = \"443\",\n Protocol = \"HTTPS\",\n StatusCode = \"HTTP_301\",\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HttpHeader = new Aws.LB.Inputs.ListenerRuleConditionHttpHeaderArgs\n {\n HttpHeaderName = \"X-Forwarded-For\",\n Values = \n {\n \"192.168.1.*\",\n },\n },\n },\n },\n });\n // Fixed-response action\n var healthCheck = new Aws.LB.ListenerRule(\"healthCheck\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"fixed-response\",\n FixedResponse = new Aws.LB.Inputs.ListenerRuleActionFixedResponseArgs\n {\n ContentType = \"text/plain\",\n MessageBody = \"HEALTHY\",\n StatusCode = \"200\",\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n QueryStrings = \n {\n new Aws.LB.Inputs.ListenerRuleConditionQueryStringArgs\n {\n Key = \"health\",\n Value = \"check\",\n },\n new Aws.LB.Inputs.ListenerRuleConditionQueryStringArgs\n {\n Value = \"bar\",\n },\n },\n },\n },\n });\n // Authenticate-cognito Action\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n // ...\n var client = new Aws.Cognito.UserPoolClient(\"client\", new Aws.Cognito.UserPoolClientArgs\n {\n });\n // ...\n var domain = new Aws.Cognito.UserPoolDomain(\"domain\", new Aws.Cognito.UserPoolDomainArgs\n {\n });\n // ...\n var admin = new Aws.LB.ListenerRule(\"admin\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"authenticate-cognito\",\n AuthenticateCognito = new Aws.LB.Inputs.ListenerRuleActionAuthenticateCognitoArgs\n {\n UserPoolArn = pool.Arn,\n UserPoolClientId = client.Id,\n UserPoolDomain = domain.Domain,\n },\n },\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n });\n // Authenticate-oidc Action\n var oidc = new Aws.LB.ListenerRule(\"oidc\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"authenticate-oidc\",\n AuthenticateOidc = new Aws.LB.Inputs.ListenerRuleActionAuthenticateOidcArgs\n {\n AuthorizationEndpoint = \"https://example.com/authorization_endpoint\",\n ClientId = \"client_id\",\n ClientSecret = \"client_secret\",\n Issuer = \"https://example.com\",\n TokenEndpoint = \"https://example.com/token_endpoint\",\n UserInfoEndpoint = \"https://example.com/user_info_endpoint\",\n },\n },\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndListener, err := lb.NewListener(ctx, \"frontEndListener\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"static\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tPathPattern: &lb.ListenerRuleConditionPathPatternArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"/static/*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"hostBasedWeightedRouting\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(99),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"my-service.*.mycompany.io\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"hostBasedRouting\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(99),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tForward: &lb.ListenerRuleActionForwardArgs{\n\t\t\t\t\t\tTargetGroups: lb.ListenerRuleActionForwardTargetGroupArray{\n\t\t\t\t\t\t\t&lb.ListenerRuleActionForwardTargetGroupArgs{\n\t\t\t\t\t\t\t\tArn: pulumi.Any(aws_lb_target_group.Main.Arn),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(80),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t&lb.ListenerRuleActionForwardTargetGroupArgs{\n\t\t\t\t\t\t\t\tArn: pulumi.Any(aws_lb_target_group.Canary.Arn),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(20),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStickiness: &lb.ListenerRuleActionForwardStickinessArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tDuration: pulumi.Int(600),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"my-service.*.mycompany.io\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"redirectHttpToHttps\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"redirect\"),\n\t\t\t\t\tRedirect: &lb.ListenerRuleActionRedirectArgs{\n\t\t\t\t\t\tPort: pulumi.String(\"443\"),\n\t\t\t\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"HTTP_301\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHttpHeader: &lb.ListenerRuleConditionHttpHeaderArgs{\n\t\t\t\t\t\tHttpHeaderName: pulumi.String(\"X-Forwarded-For\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"192.168.1.*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"healthCheck\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"fixed-response\"),\n\t\t\t\t\tFixedResponse: &lb.ListenerRuleActionFixedResponseArgs{\n\t\t\t\t\t\tContentType: pulumi.String(\"text/plain\"),\n\t\t\t\t\t\tMessageBody: pulumi.String(\"HEALTHY\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tQueryStrings: lb.ListenerRuleConditionQueryStringArray{\n\t\t\t\t\t\t&lb.ListenerRuleConditionQueryStringArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"health\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"check\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&lb.ListenerRuleConditionQueryStringArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := cognito.NewUserPoolClient(ctx, \"client\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdomain, err := cognito.NewUserPoolDomain(ctx, \"domain\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"admin\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-cognito\"),\n\t\t\t\t\tAuthenticateCognito: &lb.ListenerRuleActionAuthenticateCognitoArgs{\n\t\t\t\t\t\tUserPoolArn: pool.Arn,\n\t\t\t\t\t\tUserPoolClientId: client.ID(),\n\t\t\t\t\t\tUserPoolDomain: domain.Domain,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"oidc\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-oidc\"),\n\t\t\t\t\tAuthenticateOidc: &lb.ListenerRuleActionAuthenticateOidcArgs{\n\t\t\t\t\t\tAuthorizationEndpoint: pulumi.String(\"https://example.com/authorization_endpoint\"),\n\t\t\t\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"client_secret\"),\n\t\t\t\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\t\t\t\tTokenEndpoint: pulumi.String(\"https://example.com/token_endpoint\"),\n\t\t\t\t\t\tUserInfoEndpoint: pulumi.String(\"https://example.com/user_info_endpoint\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRules can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:elasticloadbalancingv2/listenerRule:ListenerRule front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener-rule/app/test/8e4497da625e2d8a/9ab28ade35828f96/67b3d2d36dd7c26b\n```\n\n ", + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "actions", + "arn", + "conditions", + "listenerArn", + "priority", + "tagsAll" + ], + "inputProperties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "actions", + "conditions", + "listenerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ListenerRule resources.\n", + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancingv2.ListenerRule has been deprecated in favor of aws.lb.ListenerRule" + }, + "aws:elasticloadbalancingv2/loadBalancer:LoadBalancer": { + "description": "Provides a Load Balancer resource.\n\n> **Note:** `aws.alb.LoadBalancer` is known as `aws.lb.LoadBalancer`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Specifying Elastic IPs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lb.LoadBalancer(\"example\", {\n loadBalancerType: \"network\",\n subnetMappings: [\n {\n subnetId: aws_subnet.example1.id,\n allocationId: aws_eip.example1.id,\n },\n {\n subnetId: aws_subnet.example2.id,\n allocationId: aws_eip.example2.id,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lb.LoadBalancer(\"example\",\n load_balancer_type=\"network\",\n subnet_mappings=[\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example1\"][\"id\"],\n allocation_id=aws_eip[\"example1\"][\"id\"],\n ),\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example2\"][\"id\"],\n allocation_id=aws_eip[\"example2\"][\"id\"],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LB.LoadBalancer(\"example\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"network\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example1.Id,\n AllocationId = aws_eip.Example1.Id,\n },\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example2.Id,\n AllocationId = aws_eip.Example2.Id,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"example\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\t\tAllocationId: pulumi.Any(aws_eip.Example1.Id),\n\t\t\t\t},\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example2.Id),\n\t\t\t\t\tAllocationId: pulumi.Any(aws_eip.Example2.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Specifying private IP addresses for an internal-facing load balancer\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lb.LoadBalancer(\"example\", {\n loadBalancerType: \"network\",\n subnetMappings: [\n {\n subnetId: aws_subnet.example1.id,\n privateIpv4Address: \"10.0.1.15\",\n },\n {\n subnetId: aws_subnet.example2.id,\n privateIpv4Address: \"10.0.2.15\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lb.LoadBalancer(\"example\",\n load_balancer_type=\"network\",\n subnet_mappings=[\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example1\"][\"id\"],\n private_ipv4_address=\"10.0.1.15\",\n ),\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example2\"][\"id\"],\n private_ipv4_address=\"10.0.2.15\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LB.LoadBalancer(\"example\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"network\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example1.Id,\n PrivateIpv4Address = \"10.0.1.15\",\n },\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example2.Id,\n PrivateIpv4Address = \"10.0.2.15\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"example\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\t\tPrivateIpv4Address: pulumi.String(\"10.0.1.15\"),\n\t\t\t\t},\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example2.Id),\n\t\t\t\t\tPrivateIpv4Address: pulumi.String(\"10.0.2.15\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLBs can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:elasticloadbalancingv2/loadBalancer:LoadBalancer bar arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188\n```\n\n ", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:elasticloadbalancingv2/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the load balancer (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "The ARN suffix for use with CloudWatch Metrics.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).\n* `subnet_mapping.*.outpost_id` - ID of the Outpost containing the load balancer.\n" + } + }, + "required": [ + "arn", + "arnSuffix", + "dnsName", + "internal", + "ipAddressType", + "name", + "securityGroups", + "subnetMappings", + "subnets", + "tagsAll", + "vpcId", + "zoneId" + ], + "inputProperties": { + "accessLogs": { + "$ref": "#/types/aws:elasticloadbalancingv2/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancer resources.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:elasticloadbalancingv2/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the load balancer (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "The ARN suffix for use with CloudWatch Metrics.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).\n* `subnet_mapping.*.outpost_id` - ID of the Outpost containing the load balancer.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancingv2.LoadBalancer has been deprecated in favor of aws.lb.LoadBalancer" + }, + "aws:elasticloadbalancingv2/targetGroup:TargetGroup": { + "description": "Provides a Target Group resource for use with Load Balancer resources.\n\n> **Note:** `aws.alb.TargetGroup` is known as `aws.lb.TargetGroup`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Instance Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst test = new aws.lb.TargetGroup(\"test\", {\n port: 80,\n protocol: \"HTTP\",\n vpcId: main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\ntest = aws.lb.TargetGroup(\"test\",\n port=80,\n protocol=\"HTTP\",\n vpc_id=main.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var test = new Aws.LB.TargetGroup(\"test\", new Aws.LB.TargetGroupArgs\n {\n Port = 80,\n Protocol = \"HTTP\",\n VpcId = main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroup(ctx, \"test\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tVpcId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### IP Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst ip_example = new aws.lb.TargetGroup(\"ip-example\", {\n port: 80,\n protocol: \"HTTP\",\n targetType: \"ip\",\n vpcId: main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\nip_example = aws.lb.TargetGroup(\"ip-example\",\n port=80,\n protocol=\"HTTP\",\n target_type=\"ip\",\n vpc_id=main.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var ip_example = new Aws.LB.TargetGroup(\"ip-example\", new Aws.LB.TargetGroupArgs\n {\n Port = 80,\n Protocol = \"HTTP\",\n TargetType = \"ip\",\n VpcId = main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroup(ctx, \"ip_example\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTargetType: pulumi.String(\"ip\"),\n\t\t\tVpcId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lambda_example = new aws.lb.TargetGroup(\"lambda-example\", {\n targetType: \"lambda\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlambda_example = aws.lb.TargetGroup(\"lambda-example\", target_type=\"lambda\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lambda_example = new Aws.LB.TargetGroup(\"lambda-example\", new Aws.LB.TargetGroupArgs\n {\n TargetType = \"lambda\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewTargetGroup(ctx, \"lambda_example\", &lb.TargetGroupArgs{\n\t\t\tTargetType: pulumi.String(\"lambda\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTarget Groups can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:elasticloadbalancingv2/targetGroup:TargetGroup app_front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:targetgroup/app-front-end/20cfe21448b66314\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Target Group (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "ARN suffix for use with CloudWatch Metrics.\n" + }, + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:elasticloadbalancingv2/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:elasticloadbalancingv2/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "required": [ + "arn", + "arnSuffix", + "healthCheck", + "loadBalancingAlgorithmType", + "name", + "preserveClientIp", + "protocolVersion", + "stickiness", + "tagsAll" + ], + "inputProperties": { + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:elasticloadbalancingv2/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:elasticloadbalancingv2/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering TargetGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Target Group (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "ARN suffix for use with CloudWatch Metrics.\n" + }, + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:elasticloadbalancingv2/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:elasticloadbalancingv2/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancingv2.TargetGroup has been deprecated in favor of aws.lb.TargetGroup" + }, + "aws:elasticloadbalancingv2/targetGroupAttachment:TargetGroupAttachment": { + "description": "Provides the ability to register instances and containers with an Application Load Balancer (ALB) or Network Load Balancer (NLB) target group. For attaching resources with Elastic Load Balancer (ELB), see the `aws.elb.Attachment` resource.\n\n> **Note:** `aws.alb.TargetGroupAttachment` is known as `aws.lb.TargetGroupAttachment`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTargetGroup = new aws.lb.TargetGroup(\"testTargetGroup\", {});\n// ... other configuration ...\nconst testInstance = new aws.ec2.Instance(\"testInstance\", {});\n// ... other configuration ...\nconst testTargetGroupAttachment = new aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\", {\n targetGroupArn: testTargetGroup.arn,\n targetId: testInstance.id,\n port: 80,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_target_group = aws.lb.TargetGroup(\"testTargetGroup\")\n# ... other configuration ...\ntest_instance = aws.ec2.Instance(\"testInstance\")\n# ... other configuration ...\ntest_target_group_attachment = aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\",\n target_group_arn=test_target_group.arn,\n target_id=test_instance.id,\n port=80)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testTargetGroup = new Aws.LB.TargetGroup(\"testTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ... other configuration ...\n var testInstance = new Aws.Ec2.Instance(\"testInstance\", new Aws.Ec2.InstanceArgs\n {\n });\n // ... other configuration ...\n var testTargetGroupAttachment = new Aws.LB.TargetGroupAttachment(\"testTargetGroupAttachment\", new Aws.LB.TargetGroupAttachmentArgs\n {\n TargetGroupArn = testTargetGroup.Arn,\n TargetId = testInstance.Id,\n Port = 80,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTargetGroup, err := lb.NewTargetGroup(ctx, \"testTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := ec2.NewInstance(ctx, \"testInstance\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroupAttachment(ctx, \"testTargetGroupAttachment\", &lb.TargetGroupAttachmentArgs{\n\t\t\tTargetGroupArn: testTargetGroup.Arn,\n\t\t\tTargetId: testInstance.ID(),\n\t\t\tPort: pulumi.Int(80),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Usage with lambda\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTargetGroup = new aws.lb.TargetGroup(\"testTargetGroup\", {targetType: \"lambda\"});\nconst testFunction = new aws.lambda.Function(\"testFunction\", {});\n// ... other configuration ...\nconst withLb = new aws.lambda.Permission(\"withLb\", {\n action: \"lambda:InvokeFunction\",\n \"function\": testFunction.arn,\n principal: \"elasticloadbalancing.amazonaws.com\",\n sourceArn: testTargetGroup.arn,\n});\nconst testTargetGroupAttachment = new aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\", {\n targetGroupArn: testTargetGroup.arn,\n targetId: testFunction.arn,\n}, {\n dependsOn: [withLb],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_target_group = aws.lb.TargetGroup(\"testTargetGroup\", target_type=\"lambda\")\ntest_function = aws.lambda_.Function(\"testFunction\")\n# ... other configuration ...\nwith_lb = aws.lambda_.Permission(\"withLb\",\n action=\"lambda:InvokeFunction\",\n function=test_function.arn,\n principal=\"elasticloadbalancing.amazonaws.com\",\n source_arn=test_target_group.arn)\ntest_target_group_attachment = aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\",\n target_group_arn=test_target_group.arn,\n target_id=test_function.arn,\n opts=pulumi.ResourceOptions(depends_on=[with_lb]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testTargetGroup = new Aws.LB.TargetGroup(\"testTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n TargetType = \"lambda\",\n });\n var testFunction = new Aws.Lambda.Function(\"testFunction\", new Aws.Lambda.FunctionArgs\n {\n });\n // ... other configuration ...\n var withLb = new Aws.Lambda.Permission(\"withLb\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = testFunction.Arn,\n Principal = \"elasticloadbalancing.amazonaws.com\",\n SourceArn = testTargetGroup.Arn,\n });\n var testTargetGroupAttachment = new Aws.LB.TargetGroupAttachment(\"testTargetGroupAttachment\", new Aws.LB.TargetGroupAttachmentArgs\n {\n TargetGroupArn = testTargetGroup.Arn,\n TargetId = testFunction.Arn,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n withLb,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTargetGroup, err := lb.NewTargetGroup(ctx, \"testTargetGroup\", &lb.TargetGroupArgs{\n\t\t\tTargetType: pulumi.String(\"lambda\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestFunction, err := lambda.NewFunction(ctx, \"testFunction\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twithLb, err := lambda.NewPermission(ctx, \"withLb\", &lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: testFunction.Arn,\n\t\t\tPrincipal: pulumi.String(\"elasticloadbalancing.amazonaws.com\"),\n\t\t\tSourceArn: testTargetGroup.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroupAttachment(ctx, \"testTargetGroupAttachment\", &lb.TargetGroupAttachmentArgs{\n\t\t\tTargetGroupArn: testTargetGroup.Arn,\n\t\t\tTargetId: testFunction.Arn,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twithLb,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nTarget Group Attachments cannot be imported. ", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "required": [ + "targetGroupArn", + "targetId" + ], + "inputProperties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "requiredInputs": [ + "targetGroupArn", + "targetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TargetGroupAttachment resources.\n", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.elasticloadbalancingv2.TargetGroupAttachment has been deprecated in favor of aws.lb.TargetGroupAttachment" + }, + "aws:elasticsearch/domain:Domain": { + "description": "Manages an AWS Elasticsearch Domain.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticsearch.Domain(\"example\", {\n clusterConfig: {\n instanceType: \"r4.large.elasticsearch\",\n },\n elasticsearchVersion: \"1.5\",\n snapshotOptions: {\n automatedSnapshotStartHour: 23,\n },\n tags: {\n Domain: \"TestDomain\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticsearch.Domain(\"example\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.elasticsearch\",\n ),\n elasticsearch_version=\"1.5\",\n snapshot_options=aws.elasticsearch.DomainSnapshotOptionsArgs(\n automated_snapshot_start_hour=23,\n ),\n tags={\n \"Domain\": \"TestDomain\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ElasticSearch.Domain(\"example\", new Aws.ElasticSearch.DomainArgs\n {\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.elasticsearch\",\n },\n ElasticsearchVersion = \"1.5\",\n SnapshotOptions = new Aws.ElasticSearch.Inputs.DomainSnapshotOptionsArgs\n {\n AutomatedSnapshotStartHour = 23,\n },\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticsearch.NewDomain(ctx, \"example\", &elasticsearch.DomainArgs{\n\t\t\tClusterConfig: &elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceType: pulumi.String(\"r4.large.elasticsearch\"),\n\t\t\t},\n\t\t\tElasticsearchVersion: pulumi.String(\"1.5\"),\n\t\t\tSnapshotOptions: &elasticsearch.DomainSnapshotOptionsArgs{\n\t\t\t\tAutomatedSnapshotStartHour: pulumi.Int(23),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Domain\": pulumi.String(\"TestDomain\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Access Policy\n\n> See also: `aws.elasticsearch.DomainPolicy` resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst domain = config.get(\"domain\") || \"tf-test\";\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst example = new aws.elasticsearch.Domain(\"example\", {accessPolicies: Promise.all([currentRegion, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity]) => `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:${currentRegion.name}:${currentCallerIdentity.accountId}:domain/${domain}/*\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": [\"66.193.100.22/32\"]}\n }\n }\n ]\n}\n`)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ndomain = config.get(\"domain\")\nif domain is None:\n domain = \"tf-test\"\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample = aws.elasticsearch.Domain(\"example\", access_policies=f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:es:{current_region.name}:{current_caller_identity.account_id}:domain/{domain}/*\",\n \"Condition\": {{\n \"IpAddress\": {{\"aws:SourceIp\": [\"66.193.100.22/32\"]}}\n }}\n }}\n ]\n}}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var domain = config.Get(\"domain\") ?? \"tf-test\";\n var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());\n var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var example = new Aws.ElasticSearch.Domain(\"example\", new Aws.ElasticSearch.DomainArgs\n {\n AccessPolicies = Output.Tuple(currentRegion, currentCallerIdentity).Apply(values =>\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": \"\"es:*\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:es:{currentRegion.Name}:{currentCallerIdentity.AccountId}:domain/{domain}/*\"\",\n \"\"Condition\"\": {{\n \"\"IpAddress\"\": {{\"\"aws:SourceIp\"\": [\"\"66.193.100.22/32\"\"]}}\n }}\n }}\n ]\n}}\n\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tdomain := \"tf-test\"\n\t\tif param := cfg.Get(\"domain\"); param != \"\" {\n\t\t\tdomain = param\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"example\", &elasticsearch.DomainArgs{\n\t\t\tAccessPolicies: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"es:*\\\",\\n\", \" \\\"Principal\\\": \\\"*\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:es:\", currentRegion.Name, \":\", currentCallerIdentity.AccountId, \":domain/\", domain, \"/*\\\",\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"IpAddress\\\": {\\\"aws:SourceIp\\\": [\\\"66.193.100.22/32\\\"]}\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Log Publishing to CloudWatch Logs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst exampleLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\", {\n policyName: \"example\",\n policyDocument: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"es.amazonaws.com\"\n },\n \"Action\": [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\"\n ],\n \"Resource\": \"arn:aws:logs:*\"\n }\n ]\n}\n`,\n});\n// .. other configuration ...\nconst exampleDomain = new aws.elasticsearch.Domain(\"exampleDomain\", {logPublishingOptions: [{\n cloudwatchLogGroupArn: exampleLogGroup.arn,\n logType: \"INDEX_SLOW_LOGS\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"exampleLogResourcePolicy\",\n policy_name=\"example\",\n policy_document=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"es.amazonaws.com\"\n },\n \"Action\": [\n \"logs:PutLogEvents\",\n \"logs:PutLogEventsBatch\",\n \"logs:CreateLogStream\"\n ],\n \"Resource\": \"arn:aws:logs:*\"\n }\n ]\n}\n\"\"\")\n# .. other configuration ...\nexample_domain = aws.elasticsearch.Domain(\"exampleDomain\", log_publishing_options=[aws.elasticsearch.DomainLogPublishingOptionArgs(\n cloudwatch_log_group_arn=example_log_group.arn,\n log_type=\"INDEX_SLOW_LOGS\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new Aws.CloudWatch.LogGroupArgs\n {\n });\n var exampleLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"exampleLogResourcePolicy\", new Aws.CloudWatch.LogResourcePolicyArgs\n {\n PolicyName = \"example\",\n PolicyDocument = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"es.amazonaws.com\"\"\n },\n \"\"Action\"\": [\n \"\"logs:PutLogEvents\"\",\n \"\"logs:PutLogEventsBatch\"\",\n \"\"logs:CreateLogStream\"\"\n ],\n \"\"Resource\"\": \"\"arn:aws:logs:*\"\"\n }\n ]\n}\n\",\n });\n // .. other configuration ...\n var exampleDomain = new Aws.ElasticSearch.Domain(\"exampleDomain\", new Aws.ElasticSearch.DomainArgs\n {\n LogPublishingOptions = \n {\n new Aws.ElasticSearch.Inputs.DomainLogPublishingOptionArgs\n {\n CloudwatchLogGroupArn = exampleLogGroup.Arn,\n LogType = \"INDEX_SLOW_LOGS\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"exampleLogResourcePolicy\", &cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyName: pulumi.String(\"example\"),\n\t\t\tPolicyDocument: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"es.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": [\\n\", \" \\\"logs:PutLogEvents\\\",\\n\", \" \\\"logs:PutLogEventsBatch\\\",\\n\", \" \\\"logs:CreateLogStream\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"arn:aws:logs:*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomain(ctx, \"exampleDomain\", &elasticsearch.DomainArgs{\n\t\t\tLogPublishingOptions: elasticsearch.DomainLogPublishingOptionArray{\n\t\t\t\t&elasticsearch.DomainLogPublishingOptionArgs{\n\t\t\t\t\tCloudwatchLogGroupArn: exampleLogGroup.Arn,\n\t\t\t\t\tLogType: pulumi.String(\"INDEX_SLOW_LOGS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElasticsearch domains can be imported using the `domain_name`, e.g.\n\n```sh\n $ pulumi import aws:elasticsearch/domain:Domain example domain_name\n```\n\n ", + "properties": { + "accessPolicies": { + "type": "string", + "description": "IAM policy document specifying the access policies for the domain.\n" + }, + "advancedOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "advancedSecurityOptions": { + "$ref": "#/types/aws:elasticsearch/DomainAdvancedSecurityOptions:DomainAdvancedSecurityOptions", + "description": "Configuration block for [fine-grained access control](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html). Detailed below.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the domain.\n" + }, + "clusterConfig": { + "$ref": "#/types/aws:elasticsearch/DomainClusterConfig:DomainClusterConfig", + "description": "Configuration block for the cluster of the domain. Detailed below.\n" + }, + "cognitoOptions": { + "$ref": "#/types/aws:elasticsearch/DomainCognitoOptions:DomainCognitoOptions", + "description": "Configuration block for authenticating Kibana with Cognito. Detailed below.\n" + }, + "domainEndpointOptions": { + "$ref": "#/types/aws:elasticsearch/DomainDomainEndpointOptions:DomainDomainEndpointOptions", + "description": "Configuration block for domain endpoint HTTP(S) related options. Detailed below.\n" + }, + "domainId": { + "type": "string", + "description": "Unique identifier for the domain.\n" + }, + "domainName": { + "type": "string", + "description": "Name of the domain.\n" + }, + "ebsOptions": { + "$ref": "#/types/aws:elasticsearch/DomainEbsOptions:DomainEbsOptions", + "description": "Configuration block for EBS related options, may be required based on chosen [instance size](https://aws.amazon.com/elasticsearch-service/pricing/). Detailed below.\n" + }, + "elasticsearchVersion": { + "type": "string", + "description": "Version of Elasticsearch to deploy. Defaults to `1.5`.\n" + }, + "encryptAtRest": { + "$ref": "#/types/aws:elasticsearch/DomainEncryptAtRest:DomainEncryptAtRest", + "description": "Configuration block for encrypt at rest options. Only available for [certain instance types](http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html). Detailed below.\n" + }, + "endpoint": { + "type": "string", + "description": "Domain-specific endpoint used to submit index, search, and data upload requests.\n" + }, + "kibanaEndpoint": { + "type": "string", + "description": "Domain-specific endpoint for kibana without https scheme.\n" + }, + "logPublishingOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/DomainLogPublishingOption:DomainLogPublishingOption" + }, + "description": "Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.\n" + }, + "nodeToNodeEncryption": { + "$ref": "#/types/aws:elasticsearch/DomainNodeToNodeEncryption:DomainNodeToNodeEncryption", + "description": "Configuration block for node-to-node encryption options. Detailed below.\n" + }, + "snapshotOptions": { + "$ref": "#/types/aws:elasticsearch/DomainSnapshotOptions:DomainSnapshotOptions", + "description": "Configuration block for snapshot related options. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcOptions": { + "$ref": "#/types/aws:elasticsearch/DomainVpcOptions:DomainVpcOptions", + "description": "Configuration block for VPC related options. Adding or removing this configuration forces a new resource ([documentation](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-vpc-limitations)). Detailed below.\n" + } + }, + "required": [ + "accessPolicies", + "advancedOptions", + "advancedSecurityOptions", + "arn", + "clusterConfig", + "domainEndpointOptions", + "domainId", + "domainName", + "ebsOptions", + "encryptAtRest", + "endpoint", + "kibanaEndpoint", + "nodeToNodeEncryption", + "tagsAll" + ], + "inputProperties": { + "accessPolicies": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "IAM policy document specifying the access policies for the domain.\n" + }, + "advancedOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "advancedSecurityOptions": { + "$ref": "#/types/aws:elasticsearch/DomainAdvancedSecurityOptions:DomainAdvancedSecurityOptions", + "description": "Configuration block for [fine-grained access control](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html). Detailed below.\n" + }, + "clusterConfig": { + "$ref": "#/types/aws:elasticsearch/DomainClusterConfig:DomainClusterConfig", + "description": "Configuration block for the cluster of the domain. Detailed below.\n" + }, + "cognitoOptions": { + "$ref": "#/types/aws:elasticsearch/DomainCognitoOptions:DomainCognitoOptions", + "description": "Configuration block for authenticating Kibana with Cognito. Detailed below.\n" + }, + "domainEndpointOptions": { + "$ref": "#/types/aws:elasticsearch/DomainDomainEndpointOptions:DomainDomainEndpointOptions", + "description": "Configuration block for domain endpoint HTTP(S) related options. Detailed below.\n" + }, + "domainName": { + "type": "string", + "description": "Name of the domain.\n" + }, + "ebsOptions": { + "$ref": "#/types/aws:elasticsearch/DomainEbsOptions:DomainEbsOptions", + "description": "Configuration block for EBS related options, may be required based on chosen [instance size](https://aws.amazon.com/elasticsearch-service/pricing/). Detailed below.\n" + }, + "elasticsearchVersion": { + "type": "string", + "description": "Version of Elasticsearch to deploy. Defaults to `1.5`.\n" + }, + "encryptAtRest": { + "$ref": "#/types/aws:elasticsearch/DomainEncryptAtRest:DomainEncryptAtRest", + "description": "Configuration block for encrypt at rest options. Only available for [certain instance types](http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html). Detailed below.\n" + }, + "logPublishingOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/DomainLogPublishingOption:DomainLogPublishingOption" + }, + "description": "Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.\n" + }, + "nodeToNodeEncryption": { + "$ref": "#/types/aws:elasticsearch/DomainNodeToNodeEncryption:DomainNodeToNodeEncryption", + "description": "Configuration block for node-to-node encryption options. Detailed below.\n" + }, + "snapshotOptions": { + "$ref": "#/types/aws:elasticsearch/DomainSnapshotOptions:DomainSnapshotOptions", + "description": "Configuration block for snapshot related options. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcOptions": { + "$ref": "#/types/aws:elasticsearch/DomainVpcOptions:DomainVpcOptions", + "description": "Configuration block for VPC related options. Adding or removing this configuration forces a new resource ([documentation](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-vpc-limitations)). Detailed below.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Domain resources.\n", + "properties": { + "accessPolicies": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "IAM policy document specifying the access policies for the domain.\n" + }, + "advancedOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "advancedSecurityOptions": { + "$ref": "#/types/aws:elasticsearch/DomainAdvancedSecurityOptions:DomainAdvancedSecurityOptions", + "description": "Configuration block for [fine-grained access control](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/fgac.html). Detailed below.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the domain.\n" + }, + "clusterConfig": { + "$ref": "#/types/aws:elasticsearch/DomainClusterConfig:DomainClusterConfig", + "description": "Configuration block for the cluster of the domain. Detailed below.\n" + }, + "cognitoOptions": { + "$ref": "#/types/aws:elasticsearch/DomainCognitoOptions:DomainCognitoOptions", + "description": "Configuration block for authenticating Kibana with Cognito. Detailed below.\n" + }, + "domainEndpointOptions": { + "$ref": "#/types/aws:elasticsearch/DomainDomainEndpointOptions:DomainDomainEndpointOptions", + "description": "Configuration block for domain endpoint HTTP(S) related options. Detailed below.\n" + }, + "domainId": { + "type": "string", + "description": "Unique identifier for the domain.\n" + }, + "domainName": { + "type": "string", + "description": "Name of the domain.\n" + }, + "ebsOptions": { + "$ref": "#/types/aws:elasticsearch/DomainEbsOptions:DomainEbsOptions", + "description": "Configuration block for EBS related options, may be required based on chosen [instance size](https://aws.amazon.com/elasticsearch-service/pricing/). Detailed below.\n" + }, + "elasticsearchVersion": { + "type": "string", + "description": "Version of Elasticsearch to deploy. Defaults to `1.5`.\n" + }, + "encryptAtRest": { + "$ref": "#/types/aws:elasticsearch/DomainEncryptAtRest:DomainEncryptAtRest", + "description": "Configuration block for encrypt at rest options. Only available for [certain instance types](http://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/aes-supported-instance-types.html). Detailed below.\n" + }, + "endpoint": { + "type": "string", + "description": "Domain-specific endpoint used to submit index, search, and data upload requests.\n" + }, + "kibanaEndpoint": { + "type": "string", + "description": "Domain-specific endpoint for kibana without https scheme.\n" + }, + "logPublishingOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/DomainLogPublishingOption:DomainLogPublishingOption" + }, + "description": "Configuration block for publishing slow and application logs to CloudWatch Logs. This block can be declared multiple times, for each log_type, within the same resource. Detailed below.\n" + }, + "nodeToNodeEncryption": { + "$ref": "#/types/aws:elasticsearch/DomainNodeToNodeEncryption:DomainNodeToNodeEncryption", + "description": "Configuration block for node-to-node encryption options. Detailed below.\n" + }, + "snapshotOptions": { + "$ref": "#/types/aws:elasticsearch/DomainSnapshotOptions:DomainSnapshotOptions", + "description": "Configuration block for snapshot related options. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcOptions": { + "$ref": "#/types/aws:elasticsearch/DomainVpcOptions:DomainVpcOptions", + "description": "Configuration block for VPC related options. Adding or removing this configuration forces a new resource ([documentation](https://docs.aws.amazon.com/elasticsearch-service/latest/developerguide/es-vpc.html#es-vpc-limitations)). Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:elasticsearch/domainPolicy:DomainPolicy": { + "description": "Allows setting policy to an Elasticsearch domain while referencing domain attributes (e.g. ARN)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.elasticsearch.Domain(\"example\", {elasticsearchVersion: \"2.3\"});\nconst main = new aws.elasticsearch.DomainPolicy(\"main\", {\n domainName: example.domainName,\n accessPolicies: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Condition\": {\n \"IpAddress\": {\"aws:SourceIp\": \"127.0.0.1/32\"}\n },\n \"Resource\": \"${example.arn}/*\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticsearch.Domain(\"example\", elasticsearch_version=\"2.3\")\nmain = aws.elasticsearch.DomainPolicy(\"main\",\n domain_name=example.domain_name,\n access_policies=example.arn.apply(lambda arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": \"es:*\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Condition\": {{\n \"IpAddress\": {{\"aws:SourceIp\": \"127.0.0.1/32\"}}\n }},\n \"Resource\": \"{arn}/*\"\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ElasticSearch.Domain(\"example\", new Aws.ElasticSearch.DomainArgs\n {\n ElasticsearchVersion = \"2.3\",\n });\n var main = new Aws.ElasticSearch.DomainPolicy(\"main\", new Aws.ElasticSearch.DomainPolicyArgs\n {\n DomainName = example.DomainName,\n AccessPolicies = example.Arn.Apply(arn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": \"\"es:*\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Condition\"\": {{\n \"\"IpAddress\"\": {{\"\"aws:SourceIp\"\": \"\"127.0.0.1/32\"\"}}\n }},\n \"\"Resource\"\": \"\"{arn}/*\"\"\n }}\n ]\n}}\n\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := elasticsearch.NewDomain(ctx, \"example\", &elasticsearch.DomainArgs{\n\t\t\tElasticsearchVersion: pulumi.String(\"2.3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elasticsearch.NewDomainPolicy(ctx, \"main\", &elasticsearch.DomainPolicyArgs{\n\t\t\tDomainName: example.DomainName,\n\t\t\tAccessPolicies: example.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"es:*\\\",\\n\", \" \\\"Principal\\\": \\\"*\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"IpAddress\\\": {\\\"aws:SourceIp\\\": \\\"127.0.0.1/32\\\"}\\n\", \" },\\n\", \" \\\"Resource\\\": \\\"\", arn, \"/*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "accessPolicies": { + "type": "string", + "description": "IAM policy document specifying the access policies for the domain\n" + }, + "domainName": { + "type": "string", + "description": "Name of the domain.\n" + } + }, + "required": [ + "accessPolicies", + "domainName" + ], + "inputProperties": { + "accessPolicies": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "IAM policy document specifying the access policies for the domain\n" + }, + "domainName": { + "type": "string", + "description": "Name of the domain.\n" + } + }, + "requiredInputs": [ + "accessPolicies", + "domainName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DomainPolicy resources.\n", + "properties": { + "accessPolicies": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "IAM policy document specifying the access policies for the domain\n" + }, + "domainName": { + "type": "string", + "description": "Name of the domain.\n" + } + }, + "type": "object" + } + }, + "aws:elasticsearch/domainSamlOptions:DomainSamlOptions": { + "description": "Manages SAML authentication options for an AWS Elasticsearch Domain.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst exampleDomain = new aws.elasticsearch.Domain(\"exampleDomain\", {\n elasticsearchVersion: \"1.5\",\n clusterConfig: {\n instanceType: \"r4.large.elasticsearch\",\n },\n snapshotOptions: {\n automatedSnapshotStartHour: 23,\n },\n tags: {\n Domain: \"TestDomain\",\n },\n});\nconst exampleDomainSamlOptions = new aws.elasticsearch.DomainSamlOptions(\"exampleDomainSamlOptions\", {\n domainName: exampleDomain.domainName,\n samlOptions: {\n enabled: true,\n idp: {\n entityId: \"https://example.com\",\n metadataContent: fs.readFileSync(\"./saml-metadata.xml\"),\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain = aws.elasticsearch.Domain(\"exampleDomain\",\n elasticsearch_version=\"1.5\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_type=\"r4.large.elasticsearch\",\n ),\n snapshot_options=aws.elasticsearch.DomainSnapshotOptionsArgs(\n automated_snapshot_start_hour=23,\n ),\n tags={\n \"Domain\": \"TestDomain\",\n })\nexample_domain_saml_options = aws.elasticsearch.DomainSamlOptions(\"exampleDomainSamlOptions\",\n domain_name=example_domain.domain_name,\n saml_options=aws.elasticsearch.DomainSamlOptionsSamlOptionsArgs(\n enabled=True,\n idp=aws.elasticsearch.DomainSamlOptionsSamlOptionsIdpArgs(\n entity_id=\"https://example.com\",\n metadata_content=(lambda path: open(path).read())(\"./saml-metadata.xml\"),\n ),\n ))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleDomain = new Aws.ElasticSearch.Domain(\"exampleDomain\", new Aws.ElasticSearch.DomainArgs\n {\n ElasticsearchVersion = \"1.5\",\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceType = \"r4.large.elasticsearch\",\n },\n SnapshotOptions = new Aws.ElasticSearch.Inputs.DomainSnapshotOptionsArgs\n {\n AutomatedSnapshotStartHour = 23,\n },\n Tags = \n {\n { \"Domain\", \"TestDomain\" },\n },\n });\n var exampleDomainSamlOptions = new Aws.ElasticSearch.DomainSamlOptions(\"exampleDomainSamlOptions\", new Aws.ElasticSearch.DomainSamlOptionsArgs\n {\n DomainName = exampleDomain.DomainName,\n SamlOptions = new Aws.ElasticSearch.Inputs.DomainSamlOptionsSamlOptionsArgs\n {\n Enabled = true,\n Idp = new Aws.ElasticSearch.Inputs.DomainSamlOptionsSamlOptionsIdpArgs\n {\n EntityId = \"https://example.com\",\n MetadataContent = File.ReadAllText(\"./saml-metadata.xml\"),\n },\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElasticsearch domains can be imported using the `domain_name`, e.g.\n\n```sh\n $ pulumi import aws:elasticsearch/domainSamlOptions:DomainSamlOptions example domain_name\n```\n\n ", + "properties": { + "domainName": { + "type": "string", + "description": "Name of the domain.\n" + }, + "samlOptions": { + "$ref": "#/types/aws:elasticsearch/DomainSamlOptionsSamlOptions:DomainSamlOptionsSamlOptions", + "description": "The SAML authentication options for an AWS Elasticsearch Domain.\n" + } + }, + "required": [ + "domainName" + ], + "inputProperties": { + "domainName": { + "type": "string", + "description": "Name of the domain.\n" + }, + "samlOptions": { + "$ref": "#/types/aws:elasticsearch/DomainSamlOptionsSamlOptions:DomainSamlOptionsSamlOptions", + "description": "The SAML authentication options for an AWS Elasticsearch Domain.\n" + } + }, + "requiredInputs": [ + "domainName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DomainSamlOptions resources.\n", + "properties": { + "domainName": { + "type": "string", + "description": "Name of the domain.\n" + }, + "samlOptions": { + "$ref": "#/types/aws:elasticsearch/DomainSamlOptionsSamlOptions:DomainSamlOptionsSamlOptions", + "description": "The SAML authentication options for an AWS Elasticsearch Domain.\n" + } + }, + "type": "object" + } + }, + "aws:elastictranscoder/pipeline:Pipeline": { + "description": "Provides an Elastic Transcoder pipeline resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.elastictranscoder.Pipeline(\"bar\", {\n inputBucket: aws_s3_bucket.input_bucket.bucket,\n role: aws_iam_role.test_role.arn,\n contentConfig: {\n bucket: aws_s3_bucket.content_bucket.bucket,\n storageClass: \"Standard\",\n },\n thumbnailConfig: {\n bucket: aws_s3_bucket.thumb_bucket.bucket,\n storageClass: \"Standard\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.elastictranscoder.Pipeline(\"bar\",\n input_bucket=aws_s3_bucket[\"input_bucket\"][\"bucket\"],\n role=aws_iam_role[\"test_role\"][\"arn\"],\n content_config=aws.elastictranscoder.PipelineContentConfigArgs(\n bucket=aws_s3_bucket[\"content_bucket\"][\"bucket\"],\n storage_class=\"Standard\",\n ),\n thumbnail_config=aws.elastictranscoder.PipelineThumbnailConfigArgs(\n bucket=aws_s3_bucket[\"thumb_bucket\"][\"bucket\"],\n storage_class=\"Standard\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = new Aws.ElasticTranscoder.Pipeline(\"bar\", new Aws.ElasticTranscoder.PipelineArgs\n {\n InputBucket = aws_s3_bucket.Input_bucket.Bucket,\n Role = aws_iam_role.Test_role.Arn,\n ContentConfig = new Aws.ElasticTranscoder.Inputs.PipelineContentConfigArgs\n {\n Bucket = aws_s3_bucket.Content_bucket.Bucket,\n StorageClass = \"Standard\",\n },\n ThumbnailConfig = new Aws.ElasticTranscoder.Inputs.PipelineThumbnailConfigArgs\n {\n Bucket = aws_s3_bucket.Thumb_bucket.Bucket,\n StorageClass = \"Standard\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elastictranscoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elastictranscoder.NewPipeline(ctx, \"bar\", &elastictranscoder.PipelineArgs{\n\t\t\tInputBucket: pulumi.Any(aws_s3_bucket.Input_bucket.Bucket),\n\t\t\tRole: pulumi.Any(aws_iam_role.Test_role.Arn),\n\t\t\tContentConfig: &elastictranscoder.PipelineContentConfigArgs{\n\t\t\t\tBucket: pulumi.Any(aws_s3_bucket.Content_bucket.Bucket),\n\t\t\t\tStorageClass: pulumi.String(\"Standard\"),\n\t\t\t},\n\t\t\tThumbnailConfig: &elastictranscoder.PipelineThumbnailConfigArgs{\n\t\t\t\tBucket: pulumi.Any(aws_s3_bucket.Thumb_bucket.Bucket),\n\t\t\t\tStorageClass: pulumi.String(\"Standard\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastic Transcoder pipelines can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:elastictranscoder/pipeline:Pipeline basic_pipeline 1407981661351-cttk8b\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Elastictranscoder pipeline.\n" + }, + "awsKmsKeyArn": { + "type": "string", + "description": "The AWS Key Management Service (AWS KMS) key that you want to use with this pipeline.\n" + }, + "contentConfig": { + "$ref": "#/types/aws:elastictranscoder/PipelineContentConfig:PipelineContentConfig", + "description": "The ContentConfig object specifies information about the Amazon S3 bucket in which you want Elastic Transcoder to save transcoded files and playlists. (documented below)\n" + }, + "contentConfigPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elastictranscoder/PipelineContentConfigPermission:PipelineContentConfigPermission" + }, + "description": "The permissions for the `content_config` object. (documented below)\n" + }, + "inputBucket": { + "type": "string", + "description": "The Amazon S3 bucket in which you saved the media files that you want to transcode and the graphics that you want to use as watermarks.\n" + }, + "name": { + "type": "string", + "description": "The name of the pipeline. Maximum 40 characters\n" + }, + "notifications": { + "$ref": "#/types/aws:elastictranscoder/PipelineNotifications:PipelineNotifications", + "description": "The Amazon Simple Notification Service (Amazon SNS) topic that you want to notify to report job status. (documented below)\n" + }, + "outputBucket": { + "type": "string", + "description": "The Amazon S3 bucket in which you want Elastic Transcoder to save the transcoded files.\n" + }, + "role": { + "type": "string", + "description": "The IAM Amazon Resource Name (ARN) for the role that you want Elastic Transcoder to use to transcode jobs for this pipeline.\n" + }, + "thumbnailConfig": { + "$ref": "#/types/aws:elastictranscoder/PipelineThumbnailConfig:PipelineThumbnailConfig", + "description": "The ThumbnailConfig object specifies information about the Amazon S3 bucket in which you want Elastic Transcoder to save thumbnail files. (documented below)\n" + }, + "thumbnailConfigPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elastictranscoder/PipelineThumbnailConfigPermission:PipelineThumbnailConfigPermission" + }, + "description": "The permissions for the `thumbnail_config` object. (documented below)\n" + } + }, + "required": [ + "arn", + "contentConfig", + "inputBucket", + "name", + "outputBucket", + "role", + "thumbnailConfig" + ], + "inputProperties": { + "awsKmsKeyArn": { + "type": "string", + "description": "The AWS Key Management Service (AWS KMS) key that you want to use with this pipeline.\n" + }, + "contentConfig": { + "$ref": "#/types/aws:elastictranscoder/PipelineContentConfig:PipelineContentConfig", + "description": "The ContentConfig object specifies information about the Amazon S3 bucket in which you want Elastic Transcoder to save transcoded files and playlists. (documented below)\n" + }, + "contentConfigPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elastictranscoder/PipelineContentConfigPermission:PipelineContentConfigPermission" + }, + "description": "The permissions for the `content_config` object. (documented below)\n" + }, + "inputBucket": { + "type": "string", + "description": "The Amazon S3 bucket in which you saved the media files that you want to transcode and the graphics that you want to use as watermarks.\n" + }, + "name": { + "type": "string", + "description": "The name of the pipeline. Maximum 40 characters\n" + }, + "notifications": { + "$ref": "#/types/aws:elastictranscoder/PipelineNotifications:PipelineNotifications", + "description": "The Amazon Simple Notification Service (Amazon SNS) topic that you want to notify to report job status. (documented below)\n" + }, + "outputBucket": { + "type": "string", + "description": "The Amazon S3 bucket in which you want Elastic Transcoder to save the transcoded files.\n" + }, + "role": { + "type": "string", + "description": "The IAM Amazon Resource Name (ARN) for the role that you want Elastic Transcoder to use to transcode jobs for this pipeline.\n" + }, + "thumbnailConfig": { + "$ref": "#/types/aws:elastictranscoder/PipelineThumbnailConfig:PipelineThumbnailConfig", + "description": "The ThumbnailConfig object specifies information about the Amazon S3 bucket in which you want Elastic Transcoder to save thumbnail files. (documented below)\n" + }, + "thumbnailConfigPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elastictranscoder/PipelineThumbnailConfigPermission:PipelineThumbnailConfigPermission" + }, + "description": "The permissions for the `thumbnail_config` object. (documented below)\n" + } + }, + "requiredInputs": [ + "inputBucket", + "role" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Pipeline resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Elastictranscoder pipeline.\n" + }, + "awsKmsKeyArn": { + "type": "string", + "description": "The AWS Key Management Service (AWS KMS) key that you want to use with this pipeline.\n" + }, + "contentConfig": { + "$ref": "#/types/aws:elastictranscoder/PipelineContentConfig:PipelineContentConfig", + "description": "The ContentConfig object specifies information about the Amazon S3 bucket in which you want Elastic Transcoder to save transcoded files and playlists. (documented below)\n" + }, + "contentConfigPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elastictranscoder/PipelineContentConfigPermission:PipelineContentConfigPermission" + }, + "description": "The permissions for the `content_config` object. (documented below)\n" + }, + "inputBucket": { + "type": "string", + "description": "The Amazon S3 bucket in which you saved the media files that you want to transcode and the graphics that you want to use as watermarks.\n" + }, + "name": { + "type": "string", + "description": "The name of the pipeline. Maximum 40 characters\n" + }, + "notifications": { + "$ref": "#/types/aws:elastictranscoder/PipelineNotifications:PipelineNotifications", + "description": "The Amazon Simple Notification Service (Amazon SNS) topic that you want to notify to report job status. (documented below)\n" + }, + "outputBucket": { + "type": "string", + "description": "The Amazon S3 bucket in which you want Elastic Transcoder to save the transcoded files.\n" + }, + "role": { + "type": "string", + "description": "The IAM Amazon Resource Name (ARN) for the role that you want Elastic Transcoder to use to transcode jobs for this pipeline.\n" + }, + "thumbnailConfig": { + "$ref": "#/types/aws:elastictranscoder/PipelineThumbnailConfig:PipelineThumbnailConfig", + "description": "The ThumbnailConfig object specifies information about the Amazon S3 bucket in which you want Elastic Transcoder to save thumbnail files. (documented below)\n" + }, + "thumbnailConfigPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elastictranscoder/PipelineThumbnailConfigPermission:PipelineThumbnailConfigPermission" + }, + "description": "The permissions for the `thumbnail_config` object. (documented below)\n" + } + }, + "type": "object" + } + }, + "aws:elastictranscoder/preset:Preset": { + "description": "Provides an Elastic Transcoder preset resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.elastictranscoder.Preset(\"bar\", {\n audio: {\n audioPackingMode: \"SingleTrack\",\n bitRate: \"96\",\n channels: \"2\",\n codec: \"AAC\",\n sampleRate: \"44100\",\n },\n audioCodecOptions: {\n profile: \"AAC-LC\",\n },\n container: \"mp4\",\n description: \"Sample Preset\",\n thumbnails: {\n format: \"png\",\n interval: \"120\",\n maxHeight: \"auto\",\n maxWidth: \"auto\",\n paddingPolicy: \"Pad\",\n sizingPolicy: \"Fit\",\n },\n video: {\n bitRate: \"1600\",\n codec: \"H.264\",\n displayAspectRatio: \"16:9\",\n fixedGop: \"false\",\n frameRate: \"auto\",\n keyframesMaxDist: \"240\",\n maxFrameRate: \"60\",\n maxHeight: \"auto\",\n maxWidth: \"auto\",\n paddingPolicy: \"Pad\",\n sizingPolicy: \"Fit\",\n },\n videoCodecOptions: {\n ColorSpaceConversionMode: \"None\",\n InterlacedMode: \"Progressive\",\n Level: \"2.2\",\n MaxReferenceFrames: 3,\n Profile: \"main\",\n },\n videoWatermarks: [{\n horizontalAlign: \"Right\",\n horizontalOffset: \"10px\",\n id: \"Test\",\n maxHeight: \"20%\",\n maxWidth: \"20%\",\n opacity: \"55.5\",\n sizingPolicy: \"ShrinkToFit\",\n target: \"Content\",\n verticalAlign: \"Bottom\",\n verticalOffset: \"10px\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.elastictranscoder.Preset(\"bar\",\n audio=aws.elastictranscoder.PresetAudioArgs(\n audio_packing_mode=\"SingleTrack\",\n bit_rate=\"96\",\n channels=\"2\",\n codec=\"AAC\",\n sample_rate=\"44100\",\n ),\n audio_codec_options=aws.elastictranscoder.PresetAudioCodecOptionsArgs(\n profile=\"AAC-LC\",\n ),\n container=\"mp4\",\n description=\"Sample Preset\",\n thumbnails=aws.elastictranscoder.PresetThumbnailsArgs(\n format=\"png\",\n interval=\"120\",\n max_height=\"auto\",\n max_width=\"auto\",\n padding_policy=\"Pad\",\n sizing_policy=\"Fit\",\n ),\n video=aws.elastictranscoder.PresetVideoArgs(\n bit_rate=\"1600\",\n codec=\"H.264\",\n display_aspect_ratio=\"16:9\",\n fixed_gop=\"false\",\n frame_rate=\"auto\",\n keyframes_max_dist=\"240\",\n max_frame_rate=\"60\",\n max_height=\"auto\",\n max_width=\"auto\",\n padding_policy=\"Pad\",\n sizing_policy=\"Fit\",\n ),\n video_codec_options={\n \"ColorSpaceConversionMode\": \"None\",\n \"InterlacedMode\": \"Progressive\",\n \"Level\": \"2.2\",\n \"MaxReferenceFrames\": \"3\",\n \"Profile\": \"main\",\n },\n video_watermarks=[aws.elastictranscoder.PresetVideoWatermarkArgs(\n horizontal_align=\"Right\",\n horizontal_offset=\"10px\",\n id=\"Test\",\n max_height=\"20%\",\n max_width=\"20%\",\n opacity=\"55.5\",\n sizing_policy=\"ShrinkToFit\",\n target=\"Content\",\n vertical_align=\"Bottom\",\n vertical_offset=\"10px\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = new Aws.ElasticTranscoder.Preset(\"bar\", new Aws.ElasticTranscoder.PresetArgs\n {\n Audio = new Aws.ElasticTranscoder.Inputs.PresetAudioArgs\n {\n AudioPackingMode = \"SingleTrack\",\n BitRate = \"96\",\n Channels = \"2\",\n Codec = \"AAC\",\n SampleRate = \"44100\",\n },\n AudioCodecOptions = new Aws.ElasticTranscoder.Inputs.PresetAudioCodecOptionsArgs\n {\n Profile = \"AAC-LC\",\n },\n Container = \"mp4\",\n Description = \"Sample Preset\",\n Thumbnails = new Aws.ElasticTranscoder.Inputs.PresetThumbnailsArgs\n {\n Format = \"png\",\n Interval = \"120\",\n MaxHeight = \"auto\",\n MaxWidth = \"auto\",\n PaddingPolicy = \"Pad\",\n SizingPolicy = \"Fit\",\n },\n Video = new Aws.ElasticTranscoder.Inputs.PresetVideoArgs\n {\n BitRate = \"1600\",\n Codec = \"H.264\",\n DisplayAspectRatio = \"16:9\",\n FixedGop = \"false\",\n FrameRate = \"auto\",\n KeyframesMaxDist = \"240\",\n MaxFrameRate = \"60\",\n MaxHeight = \"auto\",\n MaxWidth = \"auto\",\n PaddingPolicy = \"Pad\",\n SizingPolicy = \"Fit\",\n },\n VideoCodecOptions = \n {\n { \"ColorSpaceConversionMode\", \"None\" },\n { \"InterlacedMode\", \"Progressive\" },\n { \"Level\", \"2.2\" },\n { \"MaxReferenceFrames\", \"3\" },\n { \"Profile\", \"main\" },\n },\n VideoWatermarks = \n {\n new Aws.ElasticTranscoder.Inputs.PresetVideoWatermarkArgs\n {\n HorizontalAlign = \"Right\",\n HorizontalOffset = \"10px\",\n Id = \"Test\",\n MaxHeight = \"20%\",\n MaxWidth = \"20%\",\n Opacity = \"55.5\",\n SizingPolicy = \"ShrinkToFit\",\n Target = \"Content\",\n VerticalAlign = \"Bottom\",\n VerticalOffset = \"10px\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elastictranscoder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elastictranscoder.NewPreset(ctx, \"bar\", &elastictranscoder.PresetArgs{\n\t\t\tAudio: &elastictranscoder.PresetAudioArgs{\n\t\t\t\tAudioPackingMode: pulumi.String(\"SingleTrack\"),\n\t\t\t\tBitRate: pulumi.String(\"96\"),\n\t\t\t\tChannels: pulumi.String(\"2\"),\n\t\t\t\tCodec: pulumi.String(\"AAC\"),\n\t\t\t\tSampleRate: pulumi.String(\"44100\"),\n\t\t\t},\n\t\t\tAudioCodecOptions: &elastictranscoder.PresetAudioCodecOptionsArgs{\n\t\t\t\tProfile: pulumi.String(\"AAC-LC\"),\n\t\t\t},\n\t\t\tContainer: pulumi.String(\"mp4\"),\n\t\t\tDescription: pulumi.String(\"Sample Preset\"),\n\t\t\tThumbnails: &elastictranscoder.PresetThumbnailsArgs{\n\t\t\t\tFormat: pulumi.String(\"png\"),\n\t\t\t\tInterval: pulumi.String(\"120\"),\n\t\t\t\tMaxHeight: pulumi.String(\"auto\"),\n\t\t\t\tMaxWidth: pulumi.String(\"auto\"),\n\t\t\t\tPaddingPolicy: pulumi.String(\"Pad\"),\n\t\t\t\tSizingPolicy: pulumi.String(\"Fit\"),\n\t\t\t},\n\t\t\tVideo: &elastictranscoder.PresetVideoArgs{\n\t\t\t\tBitRate: pulumi.String(\"1600\"),\n\t\t\t\tCodec: pulumi.String(\"H.264\"),\n\t\t\t\tDisplayAspectRatio: pulumi.String(\"16:9\"),\n\t\t\t\tFixedGop: pulumi.String(\"false\"),\n\t\t\t\tFrameRate: pulumi.String(\"auto\"),\n\t\t\t\tKeyframesMaxDist: pulumi.String(\"240\"),\n\t\t\t\tMaxFrameRate: pulumi.String(\"60\"),\n\t\t\t\tMaxHeight: pulumi.String(\"auto\"),\n\t\t\t\tMaxWidth: pulumi.String(\"auto\"),\n\t\t\t\tPaddingPolicy: pulumi.String(\"Pad\"),\n\t\t\t\tSizingPolicy: pulumi.String(\"Fit\"),\n\t\t\t},\n\t\t\tVideoCodecOptions: pulumi.StringMap{\n\t\t\t\t\"ColorSpaceConversionMode\": pulumi.String(\"None\"),\n\t\t\t\t\"InterlacedMode\": pulumi.String(\"Progressive\"),\n\t\t\t\t\"Level\": pulumi.String(\"2.2\"),\n\t\t\t\t\"MaxReferenceFrames\": pulumi.String(\"3\"),\n\t\t\t\t\"Profile\": pulumi.String(\"main\"),\n\t\t\t},\n\t\t\tVideoWatermarks: elastictranscoder.PresetVideoWatermarkArray{\n\t\t\t\t&elastictranscoder.PresetVideoWatermarkArgs{\n\t\t\t\t\tHorizontalAlign: pulumi.String(\"Right\"),\n\t\t\t\t\tHorizontalOffset: pulumi.String(\"10px\"),\n\t\t\t\t\tId: pulumi.String(\"Test\"),\n\t\t\t\t\tMaxHeight: pulumi.String(fmt.Sprintf(\"%v%v\", \"20\", \"%\")),\n\t\t\t\t\tMaxWidth: pulumi.String(fmt.Sprintf(\"%v%v\", \"20\", \"%\")),\n\t\t\t\t\tOpacity: pulumi.String(\"55.5\"),\n\t\t\t\t\tSizingPolicy: pulumi.String(\"ShrinkToFit\"),\n\t\t\t\t\tTarget: pulumi.String(\"Content\"),\n\t\t\t\t\tVerticalAlign: pulumi.String(\"Bottom\"),\n\t\t\t\t\tVerticalOffset: pulumi.String(\"10px\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nElastic Transcoder presets can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:elastictranscoder/preset:Preset basic_preset 1407981661351-cttk8b\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Elastic Transcoder Preset.\n" + }, + "audio": { + "$ref": "#/types/aws:elastictranscoder/PresetAudio:PresetAudio", + "description": "Audio parameters object (documented below).\n" + }, + "audioCodecOptions": { + "$ref": "#/types/aws:elastictranscoder/PresetAudioCodecOptions:PresetAudioCodecOptions", + "description": "Codec options for the audio parameters (documented below)\n" + }, + "container": { + "type": "string", + "description": "The container type for the output file. Valid values are `flac`, `flv`, `fmp4`, `gif`, `mp3`, `mp4`, `mpg`, `mxf`, `oga`, `ogg`, `ts`, and `webm`.\n" + }, + "description": { + "type": "string", + "description": "A description of the preset (maximum 255 characters)\n" + }, + "name": { + "type": "string", + "description": "The name of the preset. (maximum 40 characters)\n" + }, + "thumbnails": { + "$ref": "#/types/aws:elastictranscoder/PresetThumbnails:PresetThumbnails", + "description": "Thumbnail parameters object (documented below)\n" + }, + "type": { + "type": "string" + }, + "video": { + "$ref": "#/types/aws:elastictranscoder/PresetVideo:PresetVideo", + "description": "Video parameters object (documented below)\n" + }, + "videoCodecOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Codec options for the video parameters\n" + }, + "videoWatermarks": { + "type": "array", + "items": { + "$ref": "#/types/aws:elastictranscoder/PresetVideoWatermark:PresetVideoWatermark" + }, + "description": "Watermark parameters for the video parameters (documented below)\n" + } + }, + "required": [ + "arn", + "container", + "name", + "type" + ], + "inputProperties": { + "audio": { + "$ref": "#/types/aws:elastictranscoder/PresetAudio:PresetAudio", + "description": "Audio parameters object (documented below).\n" + }, + "audioCodecOptions": { + "$ref": "#/types/aws:elastictranscoder/PresetAudioCodecOptions:PresetAudioCodecOptions", + "description": "Codec options for the audio parameters (documented below)\n" + }, + "container": { + "type": "string", + "description": "The container type for the output file. Valid values are `flac`, `flv`, `fmp4`, `gif`, `mp3`, `mp4`, `mpg`, `mxf`, `oga`, `ogg`, `ts`, and `webm`.\n" + }, + "description": { + "type": "string", + "description": "A description of the preset (maximum 255 characters)\n" + }, + "name": { + "type": "string", + "description": "The name of the preset. (maximum 40 characters)\n" + }, + "thumbnails": { + "$ref": "#/types/aws:elastictranscoder/PresetThumbnails:PresetThumbnails", + "description": "Thumbnail parameters object (documented below)\n" + }, + "type": { + "type": "string" + }, + "video": { + "$ref": "#/types/aws:elastictranscoder/PresetVideo:PresetVideo", + "description": "Video parameters object (documented below)\n" + }, + "videoCodecOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Codec options for the video parameters\n" + }, + "videoWatermarks": { + "type": "array", + "items": { + "$ref": "#/types/aws:elastictranscoder/PresetVideoWatermark:PresetVideoWatermark" + }, + "description": "Watermark parameters for the video parameters (documented below)\n" + } + }, + "requiredInputs": [ + "container" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Preset resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Elastic Transcoder Preset.\n" + }, + "audio": { + "$ref": "#/types/aws:elastictranscoder/PresetAudio:PresetAudio", + "description": "Audio parameters object (documented below).\n" + }, + "audioCodecOptions": { + "$ref": "#/types/aws:elastictranscoder/PresetAudioCodecOptions:PresetAudioCodecOptions", + "description": "Codec options for the audio parameters (documented below)\n" + }, + "container": { + "type": "string", + "description": "The container type for the output file. Valid values are `flac`, `flv`, `fmp4`, `gif`, `mp3`, `mp4`, `mpg`, `mxf`, `oga`, `ogg`, `ts`, and `webm`.\n" + }, + "description": { + "type": "string", + "description": "A description of the preset (maximum 255 characters)\n" + }, + "name": { + "type": "string", + "description": "The name of the preset. (maximum 40 characters)\n" + }, + "thumbnails": { + "$ref": "#/types/aws:elastictranscoder/PresetThumbnails:PresetThumbnails", + "description": "Thumbnail parameters object (documented below)\n" + }, + "type": { + "type": "string" + }, + "video": { + "$ref": "#/types/aws:elastictranscoder/PresetVideo:PresetVideo", + "description": "Video parameters object (documented below)\n" + }, + "videoCodecOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Codec options for the video parameters\n" + }, + "videoWatermarks": { + "type": "array", + "items": { + "$ref": "#/types/aws:elastictranscoder/PresetVideoWatermark:PresetVideoWatermark" + }, + "description": "Watermark parameters for the video parameters (documented below)\n" + } + }, + "type": "object" + } + }, + "aws:elb/appCookieStickinessPolicy:AppCookieStickinessPolicy": { + "description": "Provides an application cookie stickiness policy, which allows an ELB to wed its sticky cookie's expiration to a cookie generated by your application.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.elb.LoadBalancer(\"lb\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\nconst foo = new aws.elb.AppCookieStickinessPolicy(\"foo\", {\n loadBalancer: lb.name,\n lbPort: 80,\n cookieName: \"MyAppCookie\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.elb.LoadBalancer(\"lb\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\nfoo = aws.elb.AppCookieStickinessPolicy(\"foo\",\n load_balancer=lb.name,\n lb_port=80,\n cookie_name=\"MyAppCookie\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lb = new Aws.Elb.LoadBalancer(\"lb\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n var foo = new Aws.Elb.AppCookieStickinessPolicy(\"foo\", new Aws.Elb.AppCookieStickinessPolicyArgs\n {\n LoadBalancer = lb.Name,\n LbPort = 80,\n CookieName = \"MyAppCookie\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlb, err := elb.NewLoadBalancer(ctx, \"lb\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewAppCookieStickinessPolicy(ctx, \"foo\", &elb.AppCookieStickinessPolicyArgs{\n\t\t\tLoadBalancer: lb.Name,\n\t\t\tLbPort: pulumi.Int(80),\n\t\t\tCookieName: pulumi.String(\"MyAppCookie\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nApplication cookie stickiness policies can be imported using the ELB name, port, and policy name separated by colons (`:`), e.g.\n\n```sh\n $ pulumi import aws:elb/appCookieStickinessPolicy:AppCookieStickinessPolicy example my-elb:80:my-policy\n```\n\n ", + "properties": { + "cookieName": { + "type": "string", + "description": "The application cookie whose lifetime the ELB's cookie should follow.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The name of load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "required": [ + "cookieName", + "lbPort", + "loadBalancer", + "name" + ], + "inputProperties": { + "cookieName": { + "type": "string", + "description": "The application cookie whose lifetime the ELB's cookie should follow.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The name of load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "requiredInputs": [ + "cookieName", + "lbPort", + "loadBalancer" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AppCookieStickinessPolicy resources.\n", + "properties": { + "cookieName": { + "type": "string", + "description": "The application cookie whose lifetime the ELB's cookie should follow.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The name of load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancing/appCookieStickinessPolicy:AppCookieStickinessPolicy" + } + ] + }, + "aws:elb/attachment:Attachment": { + "description": "Attaches an EC2 instance to an Elastic Load Balancer (ELB). For attaching resources with Application Load Balancer (ALB) or Network Load Balancer (NLB), see the `aws.lb.TargetGroupAttachment` resource.\n\n> **NOTE on ELB Instances and ELB Attachments:** This provider currently provides\nboth a standalone ELB Attachment resource (describing an instance attached to\nan ELB), and an Elastic Load Balancer resource with\n`instances` defined in-line. At this time you cannot use an ELB with in-line\ninstances in conjunction with an ELB Attachment resource. Doing so will cause a\nconflict and will overwrite attachments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer attachment\nconst baz = new aws.elb.Attachment(\"baz\", {\n elb: aws_elb.bar.id,\n instance: aws_instance.foo.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer attachment\nbaz = aws.elb.Attachment(\"baz\",\n elb=aws_elb[\"bar\"][\"id\"],\n instance=aws_instance[\"foo\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new load balancer attachment\n var baz = new Aws.Elb.Attachment(\"baz\", new Aws.Elb.AttachmentArgs\n {\n Elb = aws_elb.Bar.Id,\n Instance = aws_instance.Foo.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elb.NewAttachment(ctx, \"baz\", &elb.AttachmentArgs{\n\t\t\tElb: pulumi.Any(aws_elb.Bar.Id),\n\t\t\tInstance: pulumi.Any(aws_instance.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "elb": { + "type": "string", + "description": "The name of the ELB.\n" + }, + "instance": { + "type": "string", + "description": "Instance ID to place in the ELB pool.\n" + } + }, + "required": [ + "elb", + "instance" + ], + "inputProperties": { + "elb": { + "type": "string", + "description": "The name of the ELB.\n" + }, + "instance": { + "type": "string", + "description": "Instance ID to place in the ELB pool.\n" + } + }, + "requiredInputs": [ + "elb", + "instance" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Attachment resources.\n", + "properties": { + "elb": { + "type": "string", + "description": "The name of the ELB.\n" + }, + "instance": { + "type": "string", + "description": "Instance ID to place in the ELB pool.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancing/attachment:Attachment" + } + ] + }, + "aws:elb/listenerPolicy:ListenerPolicy": { + "description": "Attaches a load balancer policy to an ELB Listener.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Custom Policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst wu_tang = new aws.elb.LoadBalancer(\"wu-tang\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 443,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n }],\n tags: {\n Name: \"wu-tang\",\n },\n});\nconst wu_tang_ssl = new aws.elb.LoadBalancerPolicy(\"wu-tang-ssl\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ssl\",\n policyTypeName: \"SSLNegotiationPolicyType\",\n policyAttributes: [\n {\n name: \"ECDHE-ECDSA-AES128-GCM-SHA256\",\n value: \"true\",\n },\n {\n name: \"Protocol-TLSv1.2\",\n value: \"true\",\n },\n ],\n});\nconst wu_tang_listener_policies_443 = new aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\", {\n loadBalancerName: wu_tang.name,\n loadBalancerPort: 443,\n policyNames: [wu_tang_ssl.policyName],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwu_tang = aws.elb.LoadBalancer(\"wu-tang\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=443,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n )],\n tags={\n \"Name\": \"wu-tang\",\n })\nwu_tang_ssl = aws.elb.LoadBalancerPolicy(\"wu-tang-ssl\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ssl\",\n policy_type_name=\"SSLNegotiationPolicyType\",\n policy_attributes=[\n aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"ECDHE-ECDSA-AES128-GCM-SHA256\",\n value=\"true\",\n ),\n aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"Protocol-TLSv1.2\",\n value=\"true\",\n ),\n ])\nwu_tang_listener_policies_443 = aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\",\n load_balancer_name=wu_tang.name,\n load_balancer_port=443,\n policy_names=[wu_tang_ssl.policy_name])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var wu_tang = new Aws.Elb.LoadBalancer(\"wu-tang\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 443,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n },\n },\n Tags = \n {\n { \"Name\", \"wu-tang\" },\n },\n });\n var wu_tang_ssl = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ssl\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ssl\",\n PolicyTypeName = \"SSLNegotiationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"ECDHE-ECDSA-AES128-GCM-SHA256\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"Protocol-TLSv1.2\",\n Value = \"true\",\n },\n },\n });\n var wu_tang_listener_policies_443 = new Aws.Elb.ListenerPolicy(\"wu-tang-listener-policies-443\", new Aws.Elb.ListenerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n LoadBalancerPort = 443,\n PolicyNames = \n {\n wu_tang_ssl.PolicyName,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elb.NewLoadBalancer(ctx, \"wu_tang\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(443),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"wu-tang\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancerPolicy(ctx, \"wu_tang_ssl\", &elb.LoadBalancerPolicyArgs{\n\t\t\tLoadBalancerName: wu_tang.Name,\n\t\t\tPolicyName: pulumi.String(\"wu-tang-ssl\"),\n\t\t\tPolicyTypeName: pulumi.String(\"SSLNegotiationPolicyType\"),\n\t\t\tPolicyAttributes: elb.LoadBalancerPolicyPolicyAttributeArray{\n\t\t\t\t&elb.LoadBalancerPolicyPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"ECDHE-ECDSA-AES128-GCM-SHA256\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&elb.LoadBalancerPolicyPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Protocol-TLSv1.2\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewListenerPolicy(ctx, \"wu_tang_listener_policies_443\", &elb.ListenerPolicyArgs{\n\t\t\tLoadBalancerName: wu_tang.Name,\n\t\t\tLoadBalancerPort: pulumi.Int(443),\n\t\t\tPolicyNames: pulumi.StringArray{\n\t\t\t\twu_tang_ssl.PolicyName,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nThis example shows how to customize the TLS settings of an HTTPS listener.\n{{% /example %}}\n{{% example %}}\n### AWS Predefined Security Policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst wu_tang = new aws.elb.LoadBalancer(\"wu-tang\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 443,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n }],\n tags: {\n Name: \"wu-tang\",\n },\n});\nconst wu_tang_ssl_tls_1_1 = new aws.elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ssl\",\n policyTypeName: \"SSLNegotiationPolicyType\",\n policyAttributes: [{\n name: \"Reference-Security-Policy\",\n value: \"ELBSecurityPolicy-TLS-1-1-2017-01\",\n }],\n});\nconst wu_tang_listener_policies_443 = new aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\", {\n loadBalancerName: wu_tang.name,\n loadBalancerPort: 443,\n policyNames: [wu_tang_ssl_tls_1_1.policyName],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwu_tang = aws.elb.LoadBalancer(\"wu-tang\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=443,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n )],\n tags={\n \"Name\": \"wu-tang\",\n })\nwu_tang_ssl_tls_1_1 = aws.elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ssl\",\n policy_type_name=\"SSLNegotiationPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"Reference-Security-Policy\",\n value=\"ELBSecurityPolicy-TLS-1-1-2017-01\",\n )])\nwu_tang_listener_policies_443 = aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\",\n load_balancer_name=wu_tang.name,\n load_balancer_port=443,\n policy_names=[wu_tang_ssl_tls_1_1.policy_name])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var wu_tang = new Aws.Elb.LoadBalancer(\"wu-tang\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 443,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n },\n },\n Tags = \n {\n { \"Name\", \"wu-tang\" },\n },\n });\n var wu_tang_ssl_tls_1_1 = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ssl\",\n PolicyTypeName = \"SSLNegotiationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"Reference-Security-Policy\",\n Value = \"ELBSecurityPolicy-TLS-1-1-2017-01\",\n },\n },\n });\n var wu_tang_listener_policies_443 = new Aws.Elb.ListenerPolicy(\"wu-tang-listener-policies-443\", new Aws.Elb.ListenerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n LoadBalancerPort = 443,\n PolicyNames = \n {\n wu_tang_ssl_tls_1_1.PolicyName,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elb.NewLoadBalancer(ctx, \"wu_tang\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(443),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"wu-tang\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancerPolicy(ctx, \"wu_tang_ssl_tls_1_1\", &elb.LoadBalancerPolicyArgs{\n\t\t\tLoadBalancerName: wu_tang.Name,\n\t\t\tPolicyName: pulumi.String(\"wu-tang-ssl\"),\n\t\t\tPolicyTypeName: pulumi.String(\"SSLNegotiationPolicyType\"),\n\t\t\tPolicyAttributes: elb.LoadBalancerPolicyPolicyAttributeArray{\n\t\t\t\t&elb.LoadBalancerPolicyPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Reference-Security-Policy\"),\n\t\t\t\t\tValue: pulumi.String(\"ELBSecurityPolicy-TLS-1-1-2017-01\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewListenerPolicy(ctx, \"wu_tang_listener_policies_443\", &elb.ListenerPolicyArgs{\n\t\t\tLoadBalancerName: wu_tang.Name,\n\t\t\tLoadBalancerPort: pulumi.Int(443),\n\t\t\tPolicyNames: pulumi.StringArray{\n\t\t\t\twu_tang_ssl_tls_1_1.PolicyName,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nThis example shows how to add a [Predefined Security Policy for ELBs](https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html)\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "loadBalancerPort": { + "type": "integer", + "description": "The load balancer listener port to apply the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "required": [ + "loadBalancerName", + "loadBalancerPort" + ], + "inputProperties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "loadBalancerPort": { + "type": "integer", + "description": "The load balancer listener port to apply the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "requiredInputs": [ + "loadBalancerName", + "loadBalancerPort" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ListenerPolicy resources.\n", + "properties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "loadBalancerPort": { + "type": "integer", + "description": "The load balancer listener port to apply the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancing/listenerPolicy:ListenerPolicy" + } + ] + }, + "aws:elb/loadBalancer:LoadBalancer": { + "description": "Provides an Elastic Load Balancer resource, also known as a \"Classic\nLoad Balancer\" after the release of\n`Application/Network Load Balancers`.\n\n> **NOTE on ELB Instances and ELB Attachments:** This provider currently\nprovides both a standalone ELB Attachment resource\n(describing an instance attached to an ELB), and an ELB resource with\n`instances` defined in-line. At this time you cannot use an ELB with in-line\ninstances in conjunction with a ELB Attachment resources. Doing so will cause a\nconflict and will overwrite attachments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new load balancer\nconst bar = new aws.elb.LoadBalancer(\"bar\", {\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n accessLogs: {\n bucket: \"foo\",\n bucketPrefix: \"bar\",\n interval: 60,\n },\n listeners: [\n {\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n },\n {\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::123456789012:server-certificate/certName\",\n },\n ],\n healthCheck: {\n healthyThreshold: 2,\n unhealthyThreshold: 2,\n timeout: 3,\n target: \"HTTP:8000/\",\n interval: 30,\n },\n instances: [aws_instance.foo.id],\n crossZoneLoadBalancing: true,\n idleTimeout: 400,\n connectionDraining: true,\n connectionDrainingTimeout: 400,\n tags: {\n Name: \"foobar-elb\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new load balancer\nbar = aws.elb.LoadBalancer(\"bar\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n access_logs=aws.elb.LoadBalancerAccessLogsArgs(\n bucket=\"foo\",\n bucket_prefix=\"bar\",\n interval=60,\n ),\n listeners=[\n aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n ),\n aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::123456789012:server-certificate/certName\",\n ),\n ],\n health_check=aws.elb.LoadBalancerHealthCheckArgs(\n healthy_threshold=2,\n unhealthy_threshold=2,\n timeout=3,\n target=\"HTTP:8000/\",\n interval=30,\n ),\n instances=[aws_instance[\"foo\"][\"id\"]],\n cross_zone_load_balancing=True,\n idle_timeout=400,\n connection_draining=True,\n connection_draining_timeout=400,\n tags={\n \"Name\": \"foobar-elb\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new load balancer\n var bar = new Aws.Elb.LoadBalancer(\"bar\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n AccessLogs = new Aws.Elb.Inputs.LoadBalancerAccessLogsArgs\n {\n Bucket = \"foo\",\n BucketPrefix = \"bar\",\n Interval = 60,\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::123456789012:server-certificate/certName\",\n },\n },\n HealthCheck = new Aws.Elb.Inputs.LoadBalancerHealthCheckArgs\n {\n HealthyThreshold = 2,\n UnhealthyThreshold = 2,\n Timeout = 3,\n Target = \"HTTP:8000/\",\n Interval = 30,\n },\n Instances = \n {\n aws_instance.Foo.Id,\n },\n CrossZoneLoadBalancing = true,\n IdleTimeout = 400,\n ConnectionDraining = true,\n ConnectionDrainingTimeout = 400,\n Tags = \n {\n { \"Name\", \"foobar-elb\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elb.NewLoadBalancer(ctx, \"bar\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tAccessLogs: &elb.LoadBalancerAccessLogsArgs{\n\t\t\t\tBucket: pulumi.String(\"foo\"),\n\t\t\t\tBucketPrefix: pulumi.String(\"bar\"),\n\t\t\t\tInterval: pulumi.Int(60),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(\"arn:aws:iam::123456789012:server-certificate/certName\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthCheck: &elb.LoadBalancerHealthCheckArgs{\n\t\t\t\tHealthyThreshold: pulumi.Int(2),\n\t\t\t\tUnhealthyThreshold: pulumi.Int(2),\n\t\t\t\tTimeout: pulumi.Int(3),\n\t\t\t\tTarget: pulumi.String(\"HTTP:8000/\"),\n\t\t\t\tInterval: pulumi.Int(30),\n\t\t\t},\n\t\t\tInstances: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_instance.Foo.Id),\n\t\t\t},\n\t\t\tCrossZoneLoadBalancing: pulumi.Bool(true),\n\t\t\tIdleTimeout: pulumi.Int(400),\n\t\t\tConnectionDraining: pulumi.Bool(true),\n\t\t\tConnectionDrainingTimeout: pulumi.Int(400),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foobar-elb\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Note on ECDSA Key Algorithm\n\nIf the ARN of the `ssl_certificate_id` that is pointed to references a\ncertificate that was signed by an ECDSA key, note that ELB only supports the\nP256 and P384 curves. Using a certificate signed by a key using a different\ncurve could produce the error `ERR_SSL_VERSION_OR_CIPHER_MISMATCH` in your\nbrowser.\n\n\n## Import\n\nELBs can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:elb/loadBalancer:LoadBalancer bar elb-production-12345\n```\n\n ", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:elb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the ELB\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The AZ's to serve traffic in.\n" + }, + "connectionDraining": { + "type": "boolean", + "description": "Boolean to enable connection draining. Default: `false`\n" + }, + "connectionDrainingTimeout": { + "type": "integer", + "description": "The time in seconds to allow for connections to drain. Default: `300`\n" + }, + "crossZoneLoadBalancing": { + "type": "boolean", + "description": "Enable cross-zone load balancing. Default: `true`\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the ELB\n" + }, + "healthCheck": { + "$ref": "#/types/aws:elb/LoadBalancerHealthCheck:LoadBalancerHealthCheck", + "description": "A health_check block. Health Check documented below.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Default: `60`\n" + }, + "instances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of instance ids to place in the ELB pool.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, ELB will be an internal ELB.\n" + }, + "listeners": { + "type": "array", + "items": { + "$ref": "#/types/aws:elb/LoadBalancerListener:LoadBalancerListener" + }, + "description": "A list of listener blocks. Listeners documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the ELB. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the ELB.\nOnly valid if creating an ELB within a VPC\n" + }, + "sourceSecurityGroup": { + "type": "string", + "description": "The name of the security group that you can use as\npart of your inbound rules for your load balancer's back-end application\ninstances. Use this for Classic or Default VPC only.\n" + }, + "sourceSecurityGroupId": { + "type": "string", + "description": "The ID of the security group that you can use as\npart of your inbound rules for your load balancer's back-end application\ninstances. Only available on ELBs launched in a VPC.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the ELB.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)\n" + } + }, + "required": [ + "arn", + "availabilityZones", + "dnsName", + "healthCheck", + "instances", + "internal", + "listeners", + "name", + "securityGroups", + "sourceSecurityGroup", + "sourceSecurityGroupId", + "subnets", + "tagsAll", + "zoneId" + ], + "inputProperties": { + "accessLogs": { + "$ref": "#/types/aws:elb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The AZ's to serve traffic in.\n" + }, + "connectionDraining": { + "type": "boolean", + "description": "Boolean to enable connection draining. Default: `false`\n" + }, + "connectionDrainingTimeout": { + "type": "integer", + "description": "The time in seconds to allow for connections to drain. Default: `300`\n" + }, + "crossZoneLoadBalancing": { + "type": "boolean", + "description": "Enable cross-zone load balancing. Default: `true`\n" + }, + "healthCheck": { + "$ref": "#/types/aws:elb/LoadBalancerHealthCheck:LoadBalancerHealthCheck", + "description": "A health_check block. Health Check documented below.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Default: `60`\n" + }, + "instances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of instance ids to place in the ELB pool.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, ELB will be an internal ELB.\n" + }, + "listeners": { + "type": "array", + "items": { + "$ref": "#/types/aws:elb/LoadBalancerListener:LoadBalancerListener" + }, + "description": "A list of listener blocks. Listeners documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the ELB. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the ELB.\nOnly valid if creating an ELB within a VPC\n" + }, + "sourceSecurityGroup": { + "type": "string", + "description": "The name of the security group that you can use as\npart of your inbound rules for your load balancer's back-end application\ninstances. Use this for Classic or Default VPC only.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the ELB.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "listeners" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancer resources.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:elb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the ELB\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The AZ's to serve traffic in.\n" + }, + "connectionDraining": { + "type": "boolean", + "description": "Boolean to enable connection draining. Default: `false`\n" + }, + "connectionDrainingTimeout": { + "type": "integer", + "description": "The time in seconds to allow for connections to drain. Default: `300`\n" + }, + "crossZoneLoadBalancing": { + "type": "boolean", + "description": "Enable cross-zone load balancing. Default: `true`\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the ELB\n" + }, + "healthCheck": { + "$ref": "#/types/aws:elb/LoadBalancerHealthCheck:LoadBalancerHealthCheck", + "description": "A health_check block. Health Check documented below.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Default: `60`\n" + }, + "instances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of instance ids to place in the ELB pool.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, ELB will be an internal ELB.\n" + }, + "listeners": { + "type": "array", + "items": { + "$ref": "#/types/aws:elb/LoadBalancerListener:LoadBalancerListener" + }, + "description": "A list of listener blocks. Listeners documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the ELB. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the ELB.\nOnly valid if creating an ELB within a VPC\n" + }, + "sourceSecurityGroup": { + "type": "string", + "description": "The name of the security group that you can use as\npart of your inbound rules for your load balancer's back-end application\ninstances. Use this for Classic or Default VPC only.\n" + }, + "sourceSecurityGroupId": { + "type": "string", + "description": "The ID of the security group that you can use as\npart of your inbound rules for your load balancer's back-end application\ninstances. Only available on ELBs launched in a VPC.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the ELB.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the ELB (to be used in a Route 53 Alias record)\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancing/loadBalancer:LoadBalancer" + } + ] + }, + "aws:elb/loadBalancerBackendServerPolicy:LoadBalancerBackendServerPolicy": { + "description": "Attaches a load balancer policy to an ELB backend server.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst wu_tang = new aws.elb.LoadBalancer(\"wu-tang\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 443,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n }],\n tags: {\n Name: \"wu-tang\",\n },\n});\nconst wu_tang_ca_pubkey_policy = new aws.elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ca-pubkey-policy\",\n policyTypeName: \"PublicKeyPolicyType\",\n policyAttributes: [{\n name: \"PublicKey\",\n value: fs.readFileSync(\"wu-tang-pubkey\"),\n }],\n});\nconst wu_tang_root_ca_backend_auth_policy = new aws.elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-root-ca-backend-auth-policy\",\n policyTypeName: \"BackendServerAuthenticationPolicyType\",\n policyAttributes: [{\n name: \"PublicKeyPolicyName\",\n value: aws_load_balancer_policy[\"wu-tang-root-ca-pubkey-policy\"].policy_name,\n }],\n});\nconst wu_tang_backend_auth_policies_443 = new aws.elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\", {\n loadBalancerName: wu_tang.name,\n instancePort: 443,\n policyNames: [wu_tang_root_ca_backend_auth_policy.policyName],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwu_tang = aws.elb.LoadBalancer(\"wu-tang\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=443,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n )],\n tags={\n \"Name\": \"wu-tang\",\n })\nwu_tang_ca_pubkey_policy = aws.elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ca-pubkey-policy\",\n policy_type_name=\"PublicKeyPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"PublicKey\",\n value=(lambda path: open(path).read())(\"wu-tang-pubkey\"),\n )])\nwu_tang_root_ca_backend_auth_policy = aws.elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-root-ca-backend-auth-policy\",\n policy_type_name=\"BackendServerAuthenticationPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"PublicKeyPolicyName\",\n value=aws_load_balancer_policy[\"wu-tang-root-ca-pubkey-policy\"][\"policy_name\"],\n )])\nwu_tang_backend_auth_policies_443 = aws.elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\",\n load_balancer_name=wu_tang.name,\n instance_port=443,\n policy_names=[wu_tang_root_ca_backend_auth_policy.policy_name])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var wu_tang = new Aws.Elb.LoadBalancer(\"wu-tang\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 443,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n },\n },\n Tags = \n {\n { \"Name\", \"wu-tang\" },\n },\n });\n var wu_tang_ca_pubkey_policy = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ca-pubkey-policy\",\n PolicyTypeName = \"PublicKeyPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"PublicKey\",\n Value = File.ReadAllText(\"wu-tang-pubkey\"),\n },\n },\n });\n var wu_tang_root_ca_backend_auth_policy = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-root-ca-backend-auth-policy\",\n PolicyTypeName = \"BackendServerAuthenticationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"PublicKeyPolicyName\",\n Value = aws_load_balancer_policy.Wu_tang_root_ca_pubkey_policy.Policy_name,\n },\n },\n });\n var wu_tang_backend_auth_policies_443 = new Aws.Elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\", new Aws.Elb.LoadBalancerBackendServerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n InstancePort = 443,\n PolicyNames = \n {\n wu_tang_root_ca_backend_auth_policy.PolicyName,\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "instancePort": { + "type": "integer", + "description": "The instance port to apply the policy to.\n" + }, + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "required": [ + "instancePort", + "loadBalancerName" + ], + "inputProperties": { + "instancePort": { + "type": "integer", + "description": "The instance port to apply the policy to.\n" + }, + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "requiredInputs": [ + "instancePort", + "loadBalancerName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancerBackendServerPolicy resources.\n", + "properties": { + "instancePort": { + "type": "integer", + "description": "The instance port to apply the policy to.\n" + }, + "loadBalancerName": { + "type": "string", + "description": "The load balancer to attach the policy to.\n" + }, + "policyNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Policy Names to apply to the backend server.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancing/loadBalancerBackendServerPolicy:LoadBalancerBackendServerPolicy" + } + ] + }, + "aws:elb/loadBalancerCookieStickinessPolicy:LoadBalancerCookieStickinessPolicy": { + "description": "Provides a load balancer cookie stickiness policy, which allows an ELB to control the sticky session lifetime of the browser.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.elb.LoadBalancer(\"lb\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\nconst foo = new aws.elb.LoadBalancerCookieStickinessPolicy(\"foo\", {\n loadBalancer: lb.id,\n lbPort: 80,\n cookieExpirationPeriod: 600,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.elb.LoadBalancer(\"lb\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\nfoo = aws.elb.LoadBalancerCookieStickinessPolicy(\"foo\",\n load_balancer=lb.id,\n lb_port=80,\n cookie_expiration_period=600)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lb = new Aws.Elb.LoadBalancer(\"lb\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n var foo = new Aws.Elb.LoadBalancerCookieStickinessPolicy(\"foo\", new Aws.Elb.LoadBalancerCookieStickinessPolicyArgs\n {\n LoadBalancer = lb.Id,\n LbPort = 80,\n CookieExpirationPeriod = 600,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlb, err := elb.NewLoadBalancer(ctx, \"lb\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancerCookieStickinessPolicy(ctx, \"foo\", &elb.LoadBalancerCookieStickinessPolicyArgs{\n\t\t\tLoadBalancer: lb.ID(),\n\t\t\tLbPort: pulumi.Int(80),\n\t\t\tCookieExpirationPeriod: pulumi.Int(600),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "cookieExpirationPeriod": { + "type": "integer", + "description": "The time period after which\nthe session cookie should be considered stale, expressed in seconds.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "required": [ + "lbPort", + "loadBalancer", + "name" + ], + "inputProperties": { + "cookieExpirationPeriod": { + "type": "integer", + "description": "The time period after which\nthe session cookie should be considered stale, expressed in seconds.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "requiredInputs": [ + "lbPort", + "loadBalancer" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancerCookieStickinessPolicy resources.\n", + "properties": { + "cookieExpirationPeriod": { + "type": "integer", + "description": "The time period after which\nthe session cookie should be considered stale, expressed in seconds.\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the stickiness policy.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancing/loadBalancerCookieStickinessPolicy:LoadBalancerCookieStickinessPolicy" + } + ] + }, + "aws:elb/loadBalancerPolicy:LoadBalancerPolicy": { + "description": "Provides a load balancer policy, which can be attached to an ELB listener or backend server.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst wu_tang = new aws.elb.LoadBalancer(\"wu-tang\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 443,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n }],\n tags: {\n Name: \"wu-tang\",\n },\n});\nconst wu_tang_ca_pubkey_policy = new aws.elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ca-pubkey-policy\",\n policyTypeName: \"PublicKeyPolicyType\",\n policyAttributes: [{\n name: \"PublicKey\",\n value: fs.readFileSync(\"wu-tang-pubkey\"),\n }],\n});\nconst wu_tang_root_ca_backend_auth_policy = new aws.elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-root-ca-backend-auth-policy\",\n policyTypeName: \"BackendServerAuthenticationPolicyType\",\n policyAttributes: [{\n name: \"PublicKeyPolicyName\",\n value: aws_load_balancer_policy[\"wu-tang-root-ca-pubkey-policy\"].policy_name,\n }],\n});\nconst wu_tang_ssl = new aws.elb.LoadBalancerPolicy(\"wu-tang-ssl\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ssl\",\n policyTypeName: \"SSLNegotiationPolicyType\",\n policyAttributes: [\n {\n name: \"ECDHE-ECDSA-AES128-GCM-SHA256\",\n value: \"true\",\n },\n {\n name: \"Protocol-TLSv1.2\",\n value: \"true\",\n },\n ],\n});\nconst wu_tang_ssl_tls_1_1 = new aws.elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\", {\n loadBalancerName: wu_tang.name,\n policyName: \"wu-tang-ssl\",\n policyTypeName: \"SSLNegotiationPolicyType\",\n policyAttributes: [{\n name: \"Reference-Security-Policy\",\n value: \"ELBSecurityPolicy-TLS-1-1-2017-01\",\n }],\n});\nconst wu_tang_backend_auth_policies_443 = new aws.elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\", {\n loadBalancerName: wu_tang.name,\n instancePort: 443,\n policyNames: [wu_tang_root_ca_backend_auth_policy.policyName],\n});\nconst wu_tang_listener_policies_443 = new aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\", {\n loadBalancerName: wu_tang.name,\n loadBalancerPort: 443,\n policyNames: [wu_tang_ssl.policyName],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwu_tang = aws.elb.LoadBalancer(\"wu-tang\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=443,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n )],\n tags={\n \"Name\": \"wu-tang\",\n })\nwu_tang_ca_pubkey_policy = aws.elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ca-pubkey-policy\",\n policy_type_name=\"PublicKeyPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"PublicKey\",\n value=(lambda path: open(path).read())(\"wu-tang-pubkey\"),\n )])\nwu_tang_root_ca_backend_auth_policy = aws.elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-root-ca-backend-auth-policy\",\n policy_type_name=\"BackendServerAuthenticationPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"PublicKeyPolicyName\",\n value=aws_load_balancer_policy[\"wu-tang-root-ca-pubkey-policy\"][\"policy_name\"],\n )])\nwu_tang_ssl = aws.elb.LoadBalancerPolicy(\"wu-tang-ssl\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ssl\",\n policy_type_name=\"SSLNegotiationPolicyType\",\n policy_attributes=[\n aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"ECDHE-ECDSA-AES128-GCM-SHA256\",\n value=\"true\",\n ),\n aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"Protocol-TLSv1.2\",\n value=\"true\",\n ),\n ])\nwu_tang_ssl_tls_1_1 = aws.elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\",\n load_balancer_name=wu_tang.name,\n policy_name=\"wu-tang-ssl\",\n policy_type_name=\"SSLNegotiationPolicyType\",\n policy_attributes=[aws.elb.LoadBalancerPolicyPolicyAttributeArgs(\n name=\"Reference-Security-Policy\",\n value=\"ELBSecurityPolicy-TLS-1-1-2017-01\",\n )])\nwu_tang_backend_auth_policies_443 = aws.elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\",\n load_balancer_name=wu_tang.name,\n instance_port=443,\n policy_names=[wu_tang_root_ca_backend_auth_policy.policy_name])\nwu_tang_listener_policies_443 = aws.elb.ListenerPolicy(\"wu-tang-listener-policies-443\",\n load_balancer_name=wu_tang.name,\n load_balancer_port=443,\n policy_names=[wu_tang_ssl.policy_name])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var wu_tang = new Aws.Elb.LoadBalancer(\"wu-tang\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 443,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::000000000000:server-certificate/wu-tang.net\",\n },\n },\n Tags = \n {\n { \"Name\", \"wu-tang\" },\n },\n });\n var wu_tang_ca_pubkey_policy = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ca-pubkey-policy\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ca-pubkey-policy\",\n PolicyTypeName = \"PublicKeyPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"PublicKey\",\n Value = File.ReadAllText(\"wu-tang-pubkey\"),\n },\n },\n });\n var wu_tang_root_ca_backend_auth_policy = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-root-ca-backend-auth-policy\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-root-ca-backend-auth-policy\",\n PolicyTypeName = \"BackendServerAuthenticationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"PublicKeyPolicyName\",\n Value = aws_load_balancer_policy.Wu_tang_root_ca_pubkey_policy.Policy_name,\n },\n },\n });\n var wu_tang_ssl = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ssl\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ssl\",\n PolicyTypeName = \"SSLNegotiationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"ECDHE-ECDSA-AES128-GCM-SHA256\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"Protocol-TLSv1.2\",\n Value = \"true\",\n },\n },\n });\n var wu_tang_ssl_tls_1_1 = new Aws.Elb.LoadBalancerPolicy(\"wu-tang-ssl-tls-1-1\", new Aws.Elb.LoadBalancerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n PolicyName = \"wu-tang-ssl\",\n PolicyTypeName = \"SSLNegotiationPolicyType\",\n PolicyAttributes = \n {\n new Aws.Elb.Inputs.LoadBalancerPolicyPolicyAttributeArgs\n {\n Name = \"Reference-Security-Policy\",\n Value = \"ELBSecurityPolicy-TLS-1-1-2017-01\",\n },\n },\n });\n var wu_tang_backend_auth_policies_443 = new Aws.Elb.LoadBalancerBackendServerPolicy(\"wu-tang-backend-auth-policies-443\", new Aws.Elb.LoadBalancerBackendServerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n InstancePort = 443,\n PolicyNames = \n {\n wu_tang_root_ca_backend_auth_policy.PolicyName,\n },\n });\n var wu_tang_listener_policies_443 = new Aws.Elb.ListenerPolicy(\"wu-tang-listener-policies-443\", new Aws.Elb.ListenerPolicyArgs\n {\n LoadBalancerName = wu_tang.Name,\n LoadBalancerPort = 443,\n PolicyNames = \n {\n wu_tang_ssl.PolicyName,\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer on which the policy is defined.\n" + }, + "policyAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elb/LoadBalancerPolicyPolicyAttribute:LoadBalancerPolicyPolicyAttribute" + }, + "description": "Policy attribute to apply to the policy.\n" + }, + "policyName": { + "type": "string", + "description": "The name of the load balancer policy.\n" + }, + "policyTypeName": { + "type": "string", + "description": "The policy type.\n" + } + }, + "required": [ + "loadBalancerName", + "policyName", + "policyTypeName" + ], + "inputProperties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer on which the policy is defined.\n" + }, + "policyAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elb/LoadBalancerPolicyPolicyAttribute:LoadBalancerPolicyPolicyAttribute" + }, + "description": "Policy attribute to apply to the policy.\n" + }, + "policyName": { + "type": "string", + "description": "The name of the load balancer policy.\n" + }, + "policyTypeName": { + "type": "string", + "description": "The policy type.\n" + } + }, + "requiredInputs": [ + "loadBalancerName", + "policyName", + "policyTypeName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancerPolicy resources.\n", + "properties": { + "loadBalancerName": { + "type": "string", + "description": "The load balancer on which the policy is defined.\n" + }, + "policyAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elb/LoadBalancerPolicyPolicyAttribute:LoadBalancerPolicyPolicyAttribute" + }, + "description": "Policy attribute to apply to the policy.\n" + }, + "policyName": { + "type": "string", + "description": "The name of the load balancer policy.\n" + }, + "policyTypeName": { + "type": "string", + "description": "The policy type.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancing/loadBalancerPolicy:LoadBalancerPolicy" + } + ] + }, + "aws:elb/sslNegotiationPolicy:SslNegotiationPolicy": { + "description": "Provides a load balancer SSL negotiation policy, which allows an ELB to control the ciphers and protocols that are supported during SSL negotiations between a client and a load balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.elb.LoadBalancer(\"lb\", {\n availabilityZones: [\"us-east-1a\"],\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"https\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: \"arn:aws:iam::123456789012:server-certificate/certName\",\n }],\n});\nconst foo = new aws.elb.SslNegotiationPolicy(\"foo\", {\n loadBalancer: lb.id,\n lbPort: 443,\n attributes: [\n {\n name: \"Protocol-TLSv1\",\n value: \"false\",\n },\n {\n name: \"Protocol-TLSv1.1\",\n value: \"false\",\n },\n {\n name: \"Protocol-TLSv1.2\",\n value: \"true\",\n },\n {\n name: \"Server-Defined-Cipher-Order\",\n value: \"true\",\n },\n {\n name: \"ECDHE-RSA-AES128-GCM-SHA256\",\n value: \"true\",\n },\n {\n name: \"AES128-GCM-SHA256\",\n value: \"true\",\n },\n {\n name: \"EDH-RSA-DES-CBC3-SHA\",\n value: \"false\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.elb.LoadBalancer(\"lb\",\n availability_zones=[\"us-east-1a\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"https\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=\"arn:aws:iam::123456789012:server-certificate/certName\",\n )])\nfoo = aws.elb.SslNegotiationPolicy(\"foo\",\n load_balancer=lb.id,\n lb_port=443,\n attributes=[\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"Protocol-TLSv1\",\n value=\"false\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"Protocol-TLSv1.1\",\n value=\"false\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"Protocol-TLSv1.2\",\n value=\"true\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"Server-Defined-Cipher-Order\",\n value=\"true\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"ECDHE-RSA-AES128-GCM-SHA256\",\n value=\"true\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"AES128-GCM-SHA256\",\n value=\"true\",\n ),\n aws.elb.SslNegotiationPolicyAttributeArgs(\n name=\"EDH-RSA-DES-CBC3-SHA\",\n value=\"false\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lb = new Aws.Elb.LoadBalancer(\"lb\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1a\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"https\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = \"arn:aws:iam::123456789012:server-certificate/certName\",\n },\n },\n });\n var foo = new Aws.Elb.SslNegotiationPolicy(\"foo\", new Aws.Elb.SslNegotiationPolicyArgs\n {\n LoadBalancer = lb.Id,\n LbPort = 443,\n Attributes = \n {\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"Protocol-TLSv1\",\n Value = \"false\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"Protocol-TLSv1.1\",\n Value = \"false\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"Protocol-TLSv1.2\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"Server-Defined-Cipher-Order\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"ECDHE-RSA-AES128-GCM-SHA256\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"AES128-GCM-SHA256\",\n Value = \"true\",\n },\n new Aws.Elb.Inputs.SslNegotiationPolicyAttributeArgs\n {\n Name = \"EDH-RSA-DES-CBC3-SHA\",\n Value = \"false\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlb, err := elb.NewLoadBalancer(ctx, \"lb\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1a\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(\"arn:aws:iam::123456789012:server-certificate/certName\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewSslNegotiationPolicy(ctx, \"foo\", &elb.SslNegotiationPolicyArgs{\n\t\t\tLoadBalancer: lb.ID(),\n\t\t\tLbPort: pulumi.Int(443),\n\t\t\tAttributes: elb.SslNegotiationPolicyAttributeArray{\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Protocol-TLSv1\"),\n\t\t\t\t\tValue: pulumi.String(\"false\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Protocol-TLSv1.1\"),\n\t\t\t\t\tValue: pulumi.String(\"false\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Protocol-TLSv1.2\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"Server-Defined-Cipher-Order\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"ECDHE-RSA-AES128-GCM-SHA256\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"AES128-GCM-SHA256\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&elb.SslNegotiationPolicyAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"EDH-RSA-DES-CBC3-SHA\"),\n\t\t\t\t\tValue: pulumi.String(\"false\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elb/SslNegotiationPolicyAttribute:SslNegotiationPolicyAttribute" + }, + "description": "An SSL Negotiation policy attribute. Each has two properties:\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the attribute\n" + } + }, + "required": [ + "lbPort", + "loadBalancer", + "name" + ], + "inputProperties": { + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elb/SslNegotiationPolicyAttribute:SslNegotiationPolicyAttribute" + }, + "description": "An SSL Negotiation policy attribute. Each has two properties:\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the attribute\n" + } + }, + "requiredInputs": [ + "lbPort", + "loadBalancer" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SslNegotiationPolicy resources.\n", + "properties": { + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elb/SslNegotiationPolicyAttribute:SslNegotiationPolicyAttribute" + }, + "description": "An SSL Negotiation policy attribute. Each has two properties:\n" + }, + "lbPort": { + "type": "integer", + "description": "The load balancer port to which the policy\nshould be applied. This must be an active listener on the load\nbalancer.\n" + }, + "loadBalancer": { + "type": "string", + "description": "The load balancer to which the policy\nshould be attached.\n" + }, + "name": { + "type": "string", + "description": "The name of the attribute\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancing/sslNegotiationPolicy:SslNegotiationPolicy" + } + ] + }, + "aws:emr/cluster:Cluster": { + "description": "Provides an Elastic MapReduce Cluster, a web service that makes it easy to\nprocess large amounts of data efficiently. See [Amazon Elastic MapReduce Documentation](https://aws.amazon.com/documentation/elastic-mapreduce/)\nfor more information.\n\nTo configure [Instance Groups](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for [task nodes](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-task), see the `aws.emr.InstanceGroup` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cluster = new aws.emr.Cluster(\"cluster\", {\n releaseLabel: \"emr-4.6.0\",\n applications: [\"Spark\"],\n additionalInfo: `{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n`,\n terminationProtection: false,\n keepJobFlowAliveWhenNoSteps: true,\n ec2Attributes: {\n subnetId: aws_subnet.main.id,\n emrManagedMasterSecurityGroup: aws_security_group.sg.id,\n emrManagedSlaveSecurityGroup: aws_security_group.sg.id,\n instanceProfile: aws_iam_instance_profile.emr_profile.arn,\n },\n masterInstanceGroup: {\n instanceType: \"m4.large\",\n },\n coreInstanceGroup: {\n instanceType: \"c4.large\",\n instanceCount: 1,\n ebsConfigs: [{\n size: \"40\",\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n bidPrice: \"0.30\",\n autoscalingPolicy: `{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n`,\n },\n ebsRootVolumeSize: 100,\n tags: {\n role: \"rolename\",\n env: \"env\",\n },\n bootstrapActions: [{\n path: \"s3://elasticmapreduce/bootstrap-actions/run-if\",\n name: \"runif\",\n args: [\n \"instance.isMaster=true\",\n \"echo running on master node\",\n ],\n }],\n configurationsJson: ` [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n`,\n serviceRole: aws_iam_role.iam_emr_service_role.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncluster = aws.emr.Cluster(\"cluster\",\n release_label=\"emr-4.6.0\",\n applications=[\"Spark\"],\n additional_info=\"\"\"{\n \"instanceAwsClientConfiguration\": {\n \"proxyPort\": 8099,\n \"proxyHost\": \"myproxy.example.com\"\n }\n}\n\"\"\",\n termination_protection=False,\n keep_job_flow_alive_when_no_steps=True,\n ec2_attributes=aws.emr.ClusterEc2AttributesArgs(\n subnet_id=aws_subnet[\"main\"][\"id\"],\n emr_managed_master_security_group=aws_security_group[\"sg\"][\"id\"],\n emr_managed_slave_security_group=aws_security_group[\"sg\"][\"id\"],\n instance_profile=aws_iam_instance_profile[\"emr_profile\"][\"arn\"],\n ),\n master_instance_group=aws.emr.ClusterMasterInstanceGroupArgs(\n instance_type=\"m4.large\",\n ),\n core_instance_group=aws.emr.ClusterCoreInstanceGroupArgs(\n instance_type=\"c4.large\",\n instance_count=1,\n ebs_configs=[aws.emr.ClusterCoreInstanceGroupEbsConfigArgs(\n size=40,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n bid_price=\"0.30\",\n autoscaling_policy=\"\"\"{\n\"Constraints\": {\n \"MinCapacity\": 1,\n \"MaxCapacity\": 2\n},\n\"Rules\": [\n {\n \"Name\": \"ScaleOutMemoryPercentage\",\n \"Description\": \"Scale out if YARNMemoryAvailablePercentage is less than 15\",\n \"Action\": {\n \"SimpleScalingPolicyConfiguration\": {\n \"AdjustmentType\": \"CHANGE_IN_CAPACITY\",\n \"ScalingAdjustment\": 1,\n \"CoolDown\": 300\n }\n },\n \"Trigger\": {\n \"CloudWatchAlarmDefinition\": {\n \"ComparisonOperator\": \"LESS_THAN\",\n \"EvaluationPeriods\": 1,\n \"MetricName\": \"YARNMemoryAvailablePercentage\",\n \"Namespace\": \"AWS/ElasticMapReduce\",\n \"Period\": 300,\n \"Statistic\": \"AVERAGE\",\n \"Threshold\": 15.0,\n \"Unit\": \"PERCENT\"\n }\n }\n }\n]\n}\n\"\"\",\n ),\n ebs_root_volume_size=100,\n tags={\n \"role\": \"rolename\",\n \"env\": \"env\",\n },\n bootstrap_actions=[aws.emr.ClusterBootstrapActionArgs(\n path=\"s3://elasticmapreduce/bootstrap-actions/run-if\",\n name=\"runif\",\n args=[\n \"instance.isMaster=true\",\n \"echo running on master node\",\n ],\n )],\n configurations_json=\"\"\" [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n\"\"\",\n service_role=aws_iam_role[\"iam_emr_service_role\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cluster = new Aws.Emr.Cluster(\"cluster\", new Aws.Emr.ClusterArgs\n {\n ReleaseLabel = \"emr-4.6.0\",\n Applications = \n {\n \"Spark\",\n },\n AdditionalInfo = @\"{\n \"\"instanceAwsClientConfiguration\"\": {\n \"\"proxyPort\"\": 8099,\n \"\"proxyHost\"\": \"\"myproxy.example.com\"\"\n }\n}\n\",\n TerminationProtection = false,\n KeepJobFlowAliveWhenNoSteps = true,\n Ec2Attributes = new Aws.Emr.Inputs.ClusterEc2AttributesArgs\n {\n SubnetId = aws_subnet.Main.Id,\n EmrManagedMasterSecurityGroup = aws_security_group.Sg.Id,\n EmrManagedSlaveSecurityGroup = aws_security_group.Sg.Id,\n InstanceProfile = aws_iam_instance_profile.Emr_profile.Arn,\n },\n MasterInstanceGroup = new Aws.Emr.Inputs.ClusterMasterInstanceGroupArgs\n {\n InstanceType = \"m4.large\",\n },\n CoreInstanceGroup = new Aws.Emr.Inputs.ClusterCoreInstanceGroupArgs\n {\n InstanceType = \"c4.large\",\n InstanceCount = 1,\n EbsConfigs = \n {\n new Aws.Emr.Inputs.ClusterCoreInstanceGroupEbsConfigArgs\n {\n Size = 40,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n BidPrice = \"0.30\",\n AutoscalingPolicy = @\"{\n\"\"Constraints\"\": {\n \"\"MinCapacity\"\": 1,\n \"\"MaxCapacity\"\": 2\n},\n\"\"Rules\"\": [\n {\n \"\"Name\"\": \"\"ScaleOutMemoryPercentage\"\",\n \"\"Description\"\": \"\"Scale out if YARNMemoryAvailablePercentage is less than 15\"\",\n \"\"Action\"\": {\n \"\"SimpleScalingPolicyConfiguration\"\": {\n \"\"AdjustmentType\"\": \"\"CHANGE_IN_CAPACITY\"\",\n \"\"ScalingAdjustment\"\": 1,\n \"\"CoolDown\"\": 300\n }\n },\n \"\"Trigger\"\": {\n \"\"CloudWatchAlarmDefinition\"\": {\n \"\"ComparisonOperator\"\": \"\"LESS_THAN\"\",\n \"\"EvaluationPeriods\"\": 1,\n \"\"MetricName\"\": \"\"YARNMemoryAvailablePercentage\"\",\n \"\"Namespace\"\": \"\"AWS/ElasticMapReduce\"\",\n \"\"Period\"\": 300,\n \"\"Statistic\"\": \"\"AVERAGE\"\",\n \"\"Threshold\"\": 15.0,\n \"\"Unit\"\": \"\"PERCENT\"\"\n }\n }\n }\n]\n}\n\",\n },\n EbsRootVolumeSize = 100,\n Tags = \n {\n { \"role\", \"rolename\" },\n { \"env\", \"env\" },\n },\n BootstrapActions = \n {\n new Aws.Emr.Inputs.ClusterBootstrapActionArgs\n {\n Path = \"s3://elasticmapreduce/bootstrap-actions/run-if\",\n Name = \"runif\",\n Args = \n {\n \"instance.isMaster=true\",\n \"echo running on master node\",\n },\n },\n },\n ConfigurationsJson = @\" [\n {\n \"\"Classification\"\": \"\"hadoop-env\"\",\n \"\"Configurations\"\": [\n {\n \"\"Classification\"\": \"\"export\"\",\n \"\"Properties\"\": {\n \"\"JAVA_HOME\"\": \"\"/usr/lib/jvm/java-1.8.0\"\"\n }\n }\n ],\n \"\"Properties\"\": {}\n },\n {\n \"\"Classification\"\": \"\"spark-env\"\",\n \"\"Configurations\"\": [\n {\n \"\"Classification\"\": \"\"export\"\",\n \"\"Properties\"\": {\n \"\"JAVA_HOME\"\": \"\"/usr/lib/jvm/java-1.8.0\"\"\n }\n }\n ],\n \"\"Properties\"\": {}\n }\n ]\n\",\n ServiceRole = aws_iam_role.Iam_emr_service_role.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := emr.NewCluster(ctx, \"cluster\", &emr.ClusterArgs{\n\t\t\tReleaseLabel: pulumi.String(\"emr-4.6.0\"),\n\t\t\tApplications: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Spark\"),\n\t\t\t},\n\t\t\tAdditionalInfo: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v\", \"{\\n\", \" \\\"instanceAwsClientConfiguration\\\": {\\n\", \" \\\"proxyPort\\\": 8099,\\n\", \" \\\"proxyHost\\\": \\\"myproxy.example.com\\\"\\n\", \" }\\n\", \"}\\n\")),\n\t\t\tTerminationProtection: pulumi.Bool(false),\n\t\t\tKeepJobFlowAliveWhenNoSteps: pulumi.Bool(true),\n\t\t\tEc2Attributes: &emr.ClusterEc2AttributesArgs{\n\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Main.Id),\n\t\t\t\tEmrManagedMasterSecurityGroup: pulumi.Any(aws_security_group.Sg.Id),\n\t\t\t\tEmrManagedSlaveSecurityGroup: pulumi.Any(aws_security_group.Sg.Id),\n\t\t\t\tInstanceProfile: pulumi.Any(aws_iam_instance_profile.Emr_profile.Arn),\n\t\t\t},\n\t\t\tMasterInstanceGroup: &emr.ClusterMasterInstanceGroupArgs{\n\t\t\t\tInstanceType: pulumi.String(\"m4.large\"),\n\t\t\t},\n\t\t\tCoreInstanceGroup: &emr.ClusterCoreInstanceGroupArgs{\n\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t\tInstanceCount: pulumi.Int(1),\n\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceGroupEbsConfigArray{\n\t\t\t\t\t&emr.ClusterCoreInstanceGroupEbsConfigArgs{\n\t\t\t\t\t\tSize: pulumi.Int(40),\n\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tBidPrice: pulumi.String(\"0.30\"),\n\t\t\t\tAutoscalingPolicy: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \"\\\"Constraints\\\": {\\n\", \" \\\"MinCapacity\\\": 1,\\n\", \" \\\"MaxCapacity\\\": 2\\n\", \"},\\n\", \"\\\"Rules\\\": [\\n\", \" {\\n\", \" \\\"Name\\\": \\\"ScaleOutMemoryPercentage\\\",\\n\", \" \\\"Description\\\": \\\"Scale out if YARNMemoryAvailablePercentage is less than 15\\\",\\n\", \" \\\"Action\\\": {\\n\", \" \\\"SimpleScalingPolicyConfiguration\\\": {\\n\", \" \\\"AdjustmentType\\\": \\\"CHANGE_IN_CAPACITY\\\",\\n\", \" \\\"ScalingAdjustment\\\": 1,\\n\", \" \\\"CoolDown\\\": 300\\n\", \" }\\n\", \" },\\n\", \" \\\"Trigger\\\": {\\n\", \" \\\"CloudWatchAlarmDefinition\\\": {\\n\", \" \\\"ComparisonOperator\\\": \\\"LESS_THAN\\\",\\n\", \" \\\"EvaluationPeriods\\\": 1,\\n\", \" \\\"MetricName\\\": \\\"YARNMemoryAvailablePercentage\\\",\\n\", \" \\\"Namespace\\\": \\\"AWS/ElasticMapReduce\\\",\\n\", \" \\\"Period\\\": 300,\\n\", \" \\\"Statistic\\\": \\\"AVERAGE\\\",\\n\", \" \\\"Threshold\\\": 15.0,\\n\", \" \\\"Unit\\\": \\\"PERCENT\\\"\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \"]\\n\", \"}\\n\")),\n\t\t\t},\n\t\t\tEbsRootVolumeSize: pulumi.Int(100),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"role\": pulumi.String(\"rolename\"),\n\t\t\t\t\"env\": pulumi.String(\"env\"),\n\t\t\t},\n\t\t\tBootstrapActions: emr.ClusterBootstrapActionArray{\n\t\t\t\t&emr.ClusterBootstrapActionArgs{\n\t\t\t\t\tPath: pulumi.String(\"s3://elasticmapreduce/bootstrap-actions/run-if\"),\n\t\t\t\t\tName: pulumi.String(\"runif\"),\n\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"instance.isMaster=true\"),\n\t\t\t\t\t\tpulumi.String(\"echo running on master node\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConfigurationsJson: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \" [\\n\", \" {\\n\", \" \\\"Classification\\\": \\\"hadoop-env\\\",\\n\", \" \\\"Configurations\\\": [\\n\", \" {\\n\", \" \\\"Classification\\\": \\\"export\\\",\\n\", \" \\\"Properties\\\": {\\n\", \" \\\"JAVA_HOME\\\": \\\"/usr/lib/jvm/java-1.8.0\\\"\\n\", \" }\\n\", \" }\\n\", \" ],\\n\", \" \\\"Properties\\\": {}\\n\", \" },\\n\", \" {\\n\", \" \\\"Classification\\\": \\\"spark-env\\\",\\n\", \" \\\"Configurations\\\": [\\n\", \" {\\n\", \" \\\"Classification\\\": \\\"export\\\",\\n\", \" \\\"Properties\\\": {\\n\", \" \\\"JAVA_HOME\\\": \\\"/usr/lib/jvm/java-1.8.0\\\"\\n\", \" }\\n\", \" }\\n\", \" ],\\n\", \" \\\"Properties\\\": {}\\n\", \" }\\n\", \" ]\\n\")),\n\t\t\tServiceRole: pulumi.Any(aws_iam_role.Iam_emr_service_role.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nThe `aws.emr.Cluster` resource typically requires two IAM roles, one for the EMR Cluster\nto use as a service, and another to place on your Cluster Instances to interact\nwith AWS from those instances. The suggested role policy template for the EMR service is `AmazonElasticMapReduceRole`,\nand `AmazonElasticMapReduceforEC2Role` for the EC2 profile. See the [Getting\nStarted](https://docs.aws.amazon.com/ElasticMapReduce/latest/ManagementGuide/emr-gs-launch-sample-cluster.html)\nguide for more information on these IAM roles. There is also a fully-bootable\nexample this provider configuration at the bottom of this page.\n{{% /example %}}\n{{% /examples %}}\n## Instance Fleet\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.emr.Cluster(\"example\", {\n masterInstanceFleet: {\n instanceTypeConfigs: [{\n instanceType: \"m4.xlarge\",\n }],\n targetOnDemandCapacity: 1,\n },\n coreInstanceFleet: {\n instanceTypeConfigs: [\n {\n bidPriceAsPercentageOfOnDemandPrice: 80,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m3.xlarge\",\n weightedCapacity: 1,\n },\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.xlarge\",\n weightedCapacity: 1,\n },\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.2xlarge\",\n weightedCapacity: 2,\n },\n ],\n launchSpecifications: {\n spotSpecifications: [{\n allocationStrategy: \"capacity-optimized\",\n blockDurationMinutes: 0,\n timeoutAction: \"SWITCH_TO_ON_DEMAND\",\n timeoutDurationMinutes: 10,\n }],\n },\n name: \"core fleet\",\n targetOnDemandCapacity: 2,\n targetSpotCapacity: 2,\n },\n});\nconst task = new aws.emr.InstanceFleet(\"task\", {\n clusterId: example.id,\n instanceTypeConfigs: [\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.xlarge\",\n weightedCapacity: 1,\n },\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.2xlarge\",\n weightedCapacity: 2,\n },\n ],\n launchSpecifications: {\n spotSpecifications: [{\n allocationStrategy: \"capacity-optimized\",\n blockDurationMinutes: 0,\n timeoutAction: \"TERMINATE_CLUSTER\",\n timeoutDurationMinutes: 10,\n }],\n },\n targetOnDemandCapacity: 1,\n targetSpotCapacity: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.emr.Cluster(\"example\",\n master_instance_fleet=aws.emr.ClusterMasterInstanceFleetArgs(\n instance_type_configs=[aws.emr.ClusterMasterInstanceFleetInstanceTypeConfigArgs(\n instance_type=\"m4.xlarge\",\n )],\n target_on_demand_capacity=1,\n ),\n core_instance_fleet=aws.emr.ClusterCoreInstanceFleetArgs(\n instance_type_configs=[\n aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=80,\n ebs_configs=[aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m3.xlarge\",\n weighted_capacity=1,\n ),\n aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.xlarge\",\n weighted_capacity=1,\n ),\n aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.2xlarge\",\n weighted_capacity=2,\n ),\n ],\n launch_specifications=aws.emr.ClusterCoreInstanceFleetLaunchSpecificationsArgs(\n spot_specifications=[aws.emr.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs(\n allocation_strategy=\"capacity-optimized\",\n block_duration_minutes=0,\n timeout_action=\"SWITCH_TO_ON_DEMAND\",\n timeout_duration_minutes=10,\n )],\n ),\n name=\"core fleet\",\n target_on_demand_capacity=2,\n target_spot_capacity=2,\n ))\ntask = aws.emr.InstanceFleet(\"task\",\n cluster_id=example.id,\n instance_type_configs=[\n aws.emr.InstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.InstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.xlarge\",\n weighted_capacity=1,\n ),\n aws.emr.InstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.InstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.2xlarge\",\n weighted_capacity=2,\n ),\n ],\n launch_specifications=aws.emr.InstanceFleetLaunchSpecificationsArgs(\n spot_specifications=[aws.emr.InstanceFleetLaunchSpecificationsSpotSpecificationArgs(\n allocation_strategy=\"capacity-optimized\",\n block_duration_minutes=0,\n timeout_action=\"TERMINATE_CLUSTER\",\n timeout_duration_minutes=10,\n )],\n ),\n target_on_demand_capacity=1,\n target_spot_capacity=1)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Emr.Cluster(\"example\", new Aws.Emr.ClusterArgs\n {\n MasterInstanceFleet = new Aws.Emr.Inputs.ClusterMasterInstanceFleetArgs\n {\n InstanceTypeConfigs = \n {\n new Aws.Emr.Inputs.ClusterMasterInstanceFleetInstanceTypeConfigArgs\n {\n InstanceType = \"m4.xlarge\",\n },\n },\n TargetOnDemandCapacity = 1,\n },\n CoreInstanceFleet = new Aws.Emr.Inputs.ClusterCoreInstanceFleetArgs\n {\n InstanceTypeConfigs = \n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 80,\n EbsConfigs = \n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m3.xlarge\",\n WeightedCapacity = 1,\n },\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = \n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.xlarge\",\n WeightedCapacity = 1,\n },\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = \n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.2xlarge\",\n WeightedCapacity = 2,\n },\n },\n LaunchSpecifications = new Aws.Emr.Inputs.ClusterCoreInstanceFleetLaunchSpecificationsArgs\n {\n SpotSpecifications = \n {\n new Aws.Emr.Inputs.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs\n {\n AllocationStrategy = \"capacity-optimized\",\n BlockDurationMinutes = 0,\n TimeoutAction = \"SWITCH_TO_ON_DEMAND\",\n TimeoutDurationMinutes = 10,\n },\n },\n },\n Name = \"core fleet\",\n TargetOnDemandCapacity = 2,\n TargetSpotCapacity = 2,\n },\n });\n var task = new Aws.Emr.InstanceFleet(\"task\", new Aws.Emr.InstanceFleetArgs\n {\n ClusterId = example.Id,\n InstanceTypeConfigs = \n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = \n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.xlarge\",\n WeightedCapacity = 1,\n },\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = \n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.2xlarge\",\n WeightedCapacity = 2,\n },\n },\n LaunchSpecifications = new Aws.Emr.Inputs.InstanceFleetLaunchSpecificationsArgs\n {\n SpotSpecifications = \n {\n new Aws.Emr.Inputs.InstanceFleetLaunchSpecificationsSpotSpecificationArgs\n {\n AllocationStrategy = \"capacity-optimized\",\n BlockDurationMinutes = 0,\n TimeoutAction = \"TERMINATE_CLUSTER\",\n TimeoutDurationMinutes = 10,\n },\n },\n },\n TargetOnDemandCapacity = 1,\n TargetSpotCapacity = 1,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := emr.NewCluster(ctx, \"example\", &emr.ClusterArgs{\n\t\t\tMasterInstanceFleet: &emr.ClusterMasterInstanceFleetArgs{\n\t\t\t\tInstanceTypeConfigs: emr.ClusterMasterInstanceFleetInstanceTypeConfigArray{\n\t\t\t\t\t&emr.ClusterMasterInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m4.xlarge\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tTargetOnDemandCapacity: pulumi.Int(1),\n\t\t\t},\n\t\t\tCoreInstanceFleet: &emr.ClusterCoreInstanceFleetArgs{\n\t\t\t\tInstanceTypeConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigArray{\n\t\t\t\t\t&emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(80),\n\t\t\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\t&emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m3.xlarge\"),\n\t\t\t\t\t\tWeightedCapacity: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t&emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\t&emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m4.xlarge\"),\n\t\t\t\t\t\tWeightedCapacity: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t\t&emr.ClusterCoreInstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\t\tEbsConfigs: emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t\t&emr.ClusterCoreInstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInstanceType: pulumi.String(\"m4.2xlarge\"),\n\t\t\t\t\t\tWeightedCapacity: pulumi.Int(2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tLaunchSpecifications: &emr.ClusterCoreInstanceFleetLaunchSpecificationsArgs{\n\t\t\t\t\tSpotSpecifications: emr.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArray{\n\t\t\t\t\t\t&emr.ClusterCoreInstanceFleetLaunchSpecificationsSpotSpecificationArgs{\n\t\t\t\t\t\t\tAllocationStrategy: pulumi.String(\"capacity-optimized\"),\n\t\t\t\t\t\t\tBlockDurationMinutes: pulumi.Int(0),\n\t\t\t\t\t\t\tTimeoutAction: pulumi.String(\"SWITCH_TO_ON_DEMAND\"),\n\t\t\t\t\t\t\tTimeoutDurationMinutes: pulumi.Int(10),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tName: pulumi.String(\"core fleet\"),\n\t\t\t\tTargetOnDemandCapacity: pulumi.Int(2),\n\t\t\t\tTargetSpotCapacity: pulumi.Int(2),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = emr.NewInstanceFleet(ctx, \"task\", &emr.InstanceFleetArgs{\n\t\t\tClusterId: example.ID(),\n\t\t\tInstanceTypeConfigs: emr.InstanceFleetInstanceTypeConfigArray{\n\t\t\t\t&emr.InstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\tEbsConfigs: emr.InstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t&emr.InstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.xlarge\"),\n\t\t\t\t\tWeightedCapacity: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\t&emr.InstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\tEbsConfigs: emr.InstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t&emr.InstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.2xlarge\"),\n\t\t\t\t\tWeightedCapacity: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLaunchSpecifications: &emr.InstanceFleetLaunchSpecificationsArgs{\n\t\t\t\tSpotSpecifications: emr.InstanceFleetLaunchSpecificationsSpotSpecificationArray{\n\t\t\t\t\t&emr.InstanceFleetLaunchSpecificationsSpotSpecificationArgs{\n\t\t\t\t\t\tAllocationStrategy: pulumi.String(\"capacity-optimized\"),\n\t\t\t\t\t\tBlockDurationMinutes: pulumi.Int(0),\n\t\t\t\t\t\tTimeoutAction: pulumi.String(\"TERMINATE_CLUSTER\"),\n\t\t\t\t\t\tTimeoutDurationMinutes: pulumi.Int(10),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetOnDemandCapacity: pulumi.Int(1),\n\t\t\tTargetSpotCapacity: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n### Enable Debug Logging\n\n[Debug logging in EMR](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-debugging.html)\nis implemented as a step. It is highly recommended to utilize [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) if other\nsteps are being managed outside of this provider.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.emr.Cluster(\"example\", {steps: [{\n actionOnFailure: \"TERMINATE_CLUSTER\",\n name: \"Setup Hadoop Debugging\",\n hadoopJarStep: [{\n jar: \"command-runner.jar\",\n args: [\"state-pusher-script\"],\n }],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.emr.Cluster(\"example\", steps=[aws.emr.ClusterStepArgs(\n action_on_failure=\"TERMINATE_CLUSTER\",\n name=\"Setup Hadoop Debugging\",\n hadoop_jar_step=[{\n \"jar\": \"command-runner.jar\",\n \"args\": [\"state-pusher-script\"],\n }],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configuration ...\n var example = new Aws.Emr.Cluster(\"example\", new Aws.Emr.ClusterArgs\n {\n Steps = \n {\n new Aws.Emr.Inputs.ClusterStepArgs\n {\n ActionOnFailure = \"TERMINATE_CLUSTER\",\n Name = \"Setup Hadoop Debugging\",\n HadoopJarStep = \n {\n \n {\n { \"jar\", \"command-runner.jar\" },\n { \"args\", \n {\n \"state-pusher-script\",\n } },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := emr.NewCluster(ctx, \"example\", &emr.ClusterArgs{\n\t\t\tSteps: emr.ClusterStepArray{\n\t\t\t\t&emr.ClusterStepArgs{\n\t\t\t\t\tActionOnFailure: pulumi.String(\"TERMINATE_CLUSTER\"),\n\t\t\t\t\tName: pulumi.String(\"Setup Hadoop Debugging\"),\n\t\t\t\t\tHadoopJarStep: emr.ClusterStepHadoopJarStepArgs{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"jar\": \"command-runner.jar\",\n\t\t\t\t\t\t\t\"args\": []string{\n\t\t\t\t\t\t\t\t\"state-pusher-script\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n### Multiple Node Master Instance Group\n\nAvailable in EMR version 5.23.0 and later, an EMR Cluster can be launched with three master nodes for high availability. Additional information about this functionality and its requirements can be found in the [EMR Management Guide](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-ha.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// This configuration is for illustrative purposes and highlights\n// only relevant configurations for working with this functionality.\n// Map public IP on launch must be enabled for public (Internet accessible) subnets\n// ... other configuration ...\nconst exampleSubnet = new aws.ec2.Subnet(\"exampleSubnet\", {mapPublicIpOnLaunch: true});\n// ... other configuration ...\nconst exampleCluster = new aws.emr.Cluster(\"exampleCluster\", {\n releaseLabel: \"emr-5.24.1\",\n terminationProtection: true,\n ec2Attributes: {\n subnetId: exampleSubnet.id,\n },\n masterInstanceGroup: {\n instanceCount: 3,\n },\n coreInstanceGroup: {},\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# This configuration is for illustrative purposes and highlights\n# only relevant configurations for working with this functionality.\n# Map public IP on launch must be enabled for public (Internet accessible) subnets\n# ... other configuration ...\nexample_subnet = aws.ec2.Subnet(\"exampleSubnet\", map_public_ip_on_launch=True)\n# ... other configuration ...\nexample_cluster = aws.emr.Cluster(\"exampleCluster\",\n release_label=\"emr-5.24.1\",\n termination_protection=True,\n ec2_attributes=aws.emr.ClusterEc2AttributesArgs(\n subnet_id=example_subnet.id,\n ),\n master_instance_group=aws.emr.ClusterMasterInstanceGroupArgs(\n instance_count=3,\n ),\n core_instance_group=aws.emr.ClusterCoreInstanceGroupArgs())\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // This configuration is for illustrative purposes and highlights\n // only relevant configurations for working with this functionality.\n // Map public IP on launch must be enabled for public (Internet accessible) subnets\n // ... other configuration ...\n var exampleSubnet = new Aws.Ec2.Subnet(\"exampleSubnet\", new Aws.Ec2.SubnetArgs\n {\n MapPublicIpOnLaunch = true,\n });\n // ... other configuration ...\n var exampleCluster = new Aws.Emr.Cluster(\"exampleCluster\", new Aws.Emr.ClusterArgs\n {\n ReleaseLabel = \"emr-5.24.1\",\n TerminationProtection = true,\n Ec2Attributes = new Aws.Emr.Inputs.ClusterEc2AttributesArgs\n {\n SubnetId = exampleSubnet.Id,\n },\n MasterInstanceGroup = new Aws.Emr.Inputs.ClusterMasterInstanceGroupArgs\n {\n InstanceCount = 3,\n },\n CoreInstanceGroup = ,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleSubnet, err := ec2.NewSubnet(ctx, \"exampleSubnet\", &ec2.SubnetArgs{\n\t\t\tMapPublicIpOnLaunch: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = emr.NewCluster(ctx, \"exampleCluster\", &emr.ClusterArgs{\n\t\t\tReleaseLabel: pulumi.String(\"emr-5.24.1\"),\n\t\t\tTerminationProtection: pulumi.Bool(true),\n\t\t\tEc2Attributes: &emr.ClusterEc2AttributesArgs{\n\t\t\t\tSubnetId: exampleSubnet.ID(),\n\t\t\t},\n\t\t\tMasterInstanceGroup: &emr.ClusterMasterInstanceGroupArgs{\n\t\t\t\tInstanceCount: pulumi.Int(3),\n\t\t\t},\n\t\t\tCoreInstanceGroup: nil,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Example bootable config\n\n**NOTE:** This configuration demonstrates a minimal configuration needed to\nboot an example EMR Cluster. It is not meant to display best practices. Please\nuse at your own risk.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mainVpc = new aws.ec2.Vpc(\"mainVpc\", {\n cidrBlock: \"168.31.0.0/16\",\n enableDnsHostnames: true,\n tags: {\n name: \"emr_test\",\n },\n});\nconst mainSubnet = new aws.ec2.Subnet(\"mainSubnet\", {\n vpcId: mainVpc.id,\n cidrBlock: \"168.31.0.0/20\",\n tags: {\n name: \"emr_test\",\n },\n});\n// IAM role for EMR Service\nconst iamEmrServiceRole = new aws.iam.Role(\"iamEmrServiceRole\", {assumeRolePolicy: `{\n \"Version\": \"2008-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"elasticmapreduce.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\n// IAM Role for EC2 Instance Profile\nconst iamEmrProfileRole = new aws.iam.Role(\"iamEmrProfileRole\", {assumeRolePolicy: `{\n \"Version\": \"2008-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst emrProfile = new aws.iam.InstanceProfile(\"emrProfile\", {role: iamEmrProfileRole.name});\nconst cluster = new aws.emr.Cluster(\"cluster\", {\n releaseLabel: \"emr-4.6.0\",\n applications: [\"Spark\"],\n ec2Attributes: {\n subnetId: mainSubnet.id,\n emrManagedMasterSecurityGroup: aws_security_group.allow_all.id,\n emrManagedSlaveSecurityGroup: aws_security_group.allow_all.id,\n instanceProfile: emrProfile.arn,\n },\n masterInstanceGroup: {\n instanceType: \"m5.xlarge\",\n },\n coreInstanceGroup: {\n instanceCount: 1,\n instanceType: \"m5.xlarge\",\n },\n tags: {\n role: \"rolename\",\n dns_zone: \"env_zone\",\n env: \"env\",\n name: \"name-env\",\n },\n bootstrapActions: [{\n path: \"s3://elasticmapreduce/bootstrap-actions/run-if\",\n name: \"runif\",\n args: [\n \"instance.isMaster=true\",\n \"echo running on master node\",\n ],\n }],\n configurationsJson: ` [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n`,\n serviceRole: iamEmrServiceRole.arn,\n});\nconst allowAccess = new aws.ec2.SecurityGroup(\"allowAccess\", {\n description: \"Allow inbound traffic\",\n vpcId: mainVpc.id,\n ingress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: mainVpc.cidrBlock,\n }],\n egress: [{\n fromPort: 0,\n toPort: 0,\n protocol: \"-1\",\n cidrBlocks: [\"0.0.0.0/0\"],\n }],\n tags: {\n name: \"emr_test\",\n },\n}, {\n dependsOn: [mainSubnet],\n});\nconst gw = new aws.ec2.InternetGateway(\"gw\", {vpcId: mainVpc.id});\nconst routeTable = new aws.ec2.RouteTable(\"routeTable\", {\n vpcId: mainVpc.id,\n routes: [{\n cidrBlock: \"0.0.0.0/0\",\n gatewayId: gw.id,\n }],\n});\nconst mainRouteTableAssociation = new aws.ec2.MainRouteTableAssociation(\"mainRouteTableAssociation\", {\n vpcId: mainVpc.id,\n routeTableId: routeTable.id,\n});\n//##\nconst iamEmrServicePolicy = new aws.iam.RolePolicy(\"iamEmrServicePolicy\", {\n role: iamEmrServiceRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n \"Action\": [\n \"ec2:AuthorizeSecurityGroupEgress\",\n \"ec2:AuthorizeSecurityGroupIngress\",\n \"ec2:CancelSpotInstanceRequests\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateSecurityGroup\",\n \"ec2:CreateTags\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DeleteSecurityGroup\",\n \"ec2:DeleteTags\",\n \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeAccountAttributes\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeInstanceStatus\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeKeyPairs\",\n \"ec2:DescribeNetworkAcls\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribePrefixLists\",\n \"ec2:DescribeRouteTables\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeSpotInstanceRequests\",\n \"ec2:DescribeSpotPriceHistory\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeVpcEndpoints\",\n \"ec2:DescribeVpcEndpointServices\",\n \"ec2:DescribeVpcs\",\n \"ec2:DetachNetworkInterface\",\n \"ec2:ModifyImageAttribute\",\n \"ec2:ModifyInstanceAttribute\",\n \"ec2:RequestSpotInstances\",\n \"ec2:RevokeSecurityGroupEgress\",\n \"ec2:RunInstances\",\n \"ec2:TerminateInstances\",\n \"ec2:DeleteVolume\",\n \"ec2:DescribeVolumeStatus\",\n \"ec2:DescribeVolumes\",\n \"ec2:DetachVolume\",\n \"iam:GetRole\",\n \"iam:GetRolePolicy\",\n \"iam:ListInstanceProfiles\",\n \"iam:ListRolePolicies\",\n \"iam:PassRole\",\n \"s3:CreateBucket\",\n \"s3:Get*\",\n \"s3:List*\",\n \"sdb:BatchPutAttributes\",\n \"sdb:Select\",\n \"sqs:CreateQueue\",\n \"sqs:Delete*\",\n \"sqs:GetQueue*\",\n \"sqs:PurgeQueue\",\n \"sqs:ReceiveMessage\"\n ]\n }]\n}\n`,\n});\nconst iamEmrProfilePolicy = new aws.iam.RolePolicy(\"iamEmrProfilePolicy\", {\n role: iamEmrProfileRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n \"Action\": [\n \"cloudwatch:*\",\n \"dynamodb:*\",\n \"ec2:Describe*\",\n \"elasticmapreduce:Describe*\",\n \"elasticmapreduce:ListBootstrapActions\",\n \"elasticmapreduce:ListClusters\",\n \"elasticmapreduce:ListInstanceGroups\",\n \"elasticmapreduce:ListInstances\",\n \"elasticmapreduce:ListSteps\",\n \"kinesis:CreateStream\",\n \"kinesis:DeleteStream\",\n \"kinesis:DescribeStream\",\n \"kinesis:GetRecords\",\n \"kinesis:GetShardIterator\",\n \"kinesis:MergeShards\",\n \"kinesis:PutRecord\",\n \"kinesis:SplitShard\",\n \"rds:Describe*\",\n \"s3:*\",\n \"sdb:*\",\n \"sns:*\",\n \"sqs:*\"\n ]\n }]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain_vpc = aws.ec2.Vpc(\"mainVpc\",\n cidr_block=\"168.31.0.0/16\",\n enable_dns_hostnames=True,\n tags={\n \"name\": \"emr_test\",\n })\nmain_subnet = aws.ec2.Subnet(\"mainSubnet\",\n vpc_id=main_vpc.id,\n cidr_block=\"168.31.0.0/20\",\n tags={\n \"name\": \"emr_test\",\n })\n# IAM role for EMR Service\niam_emr_service_role = aws.iam.Role(\"iamEmrServiceRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2008-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"elasticmapreduce.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\n# IAM Role for EC2 Instance Profile\niam_emr_profile_role = aws.iam.Role(\"iamEmrProfileRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2008-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\nemr_profile = aws.iam.InstanceProfile(\"emrProfile\", role=iam_emr_profile_role.name)\ncluster = aws.emr.Cluster(\"cluster\",\n release_label=\"emr-4.6.0\",\n applications=[\"Spark\"],\n ec2_attributes=aws.emr.ClusterEc2AttributesArgs(\n subnet_id=main_subnet.id,\n emr_managed_master_security_group=aws_security_group[\"allow_all\"][\"id\"],\n emr_managed_slave_security_group=aws_security_group[\"allow_all\"][\"id\"],\n instance_profile=emr_profile.arn,\n ),\n master_instance_group=aws.emr.ClusterMasterInstanceGroupArgs(\n instance_type=\"m5.xlarge\",\n ),\n core_instance_group=aws.emr.ClusterCoreInstanceGroupArgs(\n instance_count=1,\n instance_type=\"m5.xlarge\",\n ),\n tags={\n \"role\": \"rolename\",\n \"dns_zone\": \"env_zone\",\n \"env\": \"env\",\n \"name\": \"name-env\",\n },\n bootstrap_actions=[aws.emr.ClusterBootstrapActionArgs(\n path=\"s3://elasticmapreduce/bootstrap-actions/run-if\",\n name=\"runif\",\n args=[\n \"instance.isMaster=true\",\n \"echo running on master node\",\n ],\n )],\n configurations_json=\"\"\" [\n {\n \"Classification\": \"hadoop-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n },\n {\n \"Classification\": \"spark-env\",\n \"Configurations\": [\n {\n \"Classification\": \"export\",\n \"Properties\": {\n \"JAVA_HOME\": \"/usr/lib/jvm/java-1.8.0\"\n }\n }\n ],\n \"Properties\": {}\n }\n ]\n\"\"\",\n service_role=iam_emr_service_role.arn)\nallow_access = aws.ec2.SecurityGroup(\"allowAccess\",\n description=\"Allow inbound traffic\",\n vpc_id=main_vpc.id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n cidr_blocks=main_vpc.cidr_block,\n )],\n egress=[aws.ec2.SecurityGroupEgressArgs(\n from_port=0,\n to_port=0,\n protocol=\"-1\",\n cidr_blocks=[\"0.0.0.0/0\"],\n )],\n tags={\n \"name\": \"emr_test\",\n },\n opts=pulumi.ResourceOptions(depends_on=[main_subnet]))\ngw = aws.ec2.InternetGateway(\"gw\", vpc_id=main_vpc.id)\nroute_table = aws.ec2.RouteTable(\"routeTable\",\n vpc_id=main_vpc.id,\n routes=[aws.ec2.RouteTableRouteArgs(\n cidr_block=\"0.0.0.0/0\",\n gateway_id=gw.id,\n )])\nmain_route_table_association = aws.ec2.MainRouteTableAssociation(\"mainRouteTableAssociation\",\n vpc_id=main_vpc.id,\n route_table_id=route_table.id)\n###\niam_emr_service_policy = aws.iam.RolePolicy(\"iamEmrServicePolicy\",\n role=iam_emr_service_role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n \"Action\": [\n \"ec2:AuthorizeSecurityGroupEgress\",\n \"ec2:AuthorizeSecurityGroupIngress\",\n \"ec2:CancelSpotInstanceRequests\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateSecurityGroup\",\n \"ec2:CreateTags\",\n \"ec2:DeleteNetworkInterface\",\n \"ec2:DeleteSecurityGroup\",\n \"ec2:DeleteTags\",\n \"ec2:DescribeAvailabilityZones\",\n \"ec2:DescribeAccountAttributes\",\n \"ec2:DescribeDhcpOptions\",\n \"ec2:DescribeInstanceStatus\",\n \"ec2:DescribeInstances\",\n \"ec2:DescribeKeyPairs\",\n \"ec2:DescribeNetworkAcls\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:DescribePrefixLists\",\n \"ec2:DescribeRouteTables\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeSpotInstanceRequests\",\n \"ec2:DescribeSpotPriceHistory\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeVpcEndpoints\",\n \"ec2:DescribeVpcEndpointServices\",\n \"ec2:DescribeVpcs\",\n \"ec2:DetachNetworkInterface\",\n \"ec2:ModifyImageAttribute\",\n \"ec2:ModifyInstanceAttribute\",\n \"ec2:RequestSpotInstances\",\n \"ec2:RevokeSecurityGroupEgress\",\n \"ec2:RunInstances\",\n \"ec2:TerminateInstances\",\n \"ec2:DeleteVolume\",\n \"ec2:DescribeVolumeStatus\",\n \"ec2:DescribeVolumes\",\n \"ec2:DetachVolume\",\n \"iam:GetRole\",\n \"iam:GetRolePolicy\",\n \"iam:ListInstanceProfiles\",\n \"iam:ListRolePolicies\",\n \"iam:PassRole\",\n \"s3:CreateBucket\",\n \"s3:Get*\",\n \"s3:List*\",\n \"sdb:BatchPutAttributes\",\n \"sdb:Select\",\n \"sqs:CreateQueue\",\n \"sqs:Delete*\",\n \"sqs:GetQueue*\",\n \"sqs:PurgeQueue\",\n \"sqs:ReceiveMessage\"\n ]\n }]\n}\n\"\"\")\niam_emr_profile_policy = aws.iam.RolePolicy(\"iamEmrProfilePolicy\",\n role=iam_emr_profile_role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n \"Action\": [\n \"cloudwatch:*\",\n \"dynamodb:*\",\n \"ec2:Describe*\",\n \"elasticmapreduce:Describe*\",\n \"elasticmapreduce:ListBootstrapActions\",\n \"elasticmapreduce:ListClusters\",\n \"elasticmapreduce:ListInstanceGroups\",\n \"elasticmapreduce:ListInstances\",\n \"elasticmapreduce:ListSteps\",\n \"kinesis:CreateStream\",\n \"kinesis:DeleteStream\",\n \"kinesis:DescribeStream\",\n \"kinesis:GetRecords\",\n \"kinesis:GetShardIterator\",\n \"kinesis:MergeShards\",\n \"kinesis:PutRecord\",\n \"kinesis:SplitShard\",\n \"rds:Describe*\",\n \"s3:*\",\n \"sdb:*\",\n \"sns:*\",\n \"sqs:*\"\n ]\n }]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mainVpc = new Aws.Ec2.Vpc(\"mainVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"168.31.0.0/16\",\n EnableDnsHostnames = true,\n Tags = \n {\n { \"name\", \"emr_test\" },\n },\n });\n var mainSubnet = new Aws.Ec2.Subnet(\"mainSubnet\", new Aws.Ec2.SubnetArgs\n {\n VpcId = mainVpc.Id,\n CidrBlock = \"168.31.0.0/20\",\n Tags = \n {\n { \"name\", \"emr_test\" },\n },\n });\n // IAM role for EMR Service\n var iamEmrServiceRole = new Aws.Iam.Role(\"iamEmrServiceRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2008-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"elasticmapreduce.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n // IAM Role for EC2 Instance Profile\n var iamEmrProfileRole = new Aws.Iam.Role(\"iamEmrProfileRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2008-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"ec2.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var emrProfile = new Aws.Iam.InstanceProfile(\"emrProfile\", new Aws.Iam.InstanceProfileArgs\n {\n Role = iamEmrProfileRole.Name,\n });\n var cluster = new Aws.Emr.Cluster(\"cluster\", new Aws.Emr.ClusterArgs\n {\n ReleaseLabel = \"emr-4.6.0\",\n Applications = \n {\n \"Spark\",\n },\n Ec2Attributes = new Aws.Emr.Inputs.ClusterEc2AttributesArgs\n {\n SubnetId = mainSubnet.Id,\n EmrManagedMasterSecurityGroup = aws_security_group.Allow_all.Id,\n EmrManagedSlaveSecurityGroup = aws_security_group.Allow_all.Id,\n InstanceProfile = emrProfile.Arn,\n },\n MasterInstanceGroup = new Aws.Emr.Inputs.ClusterMasterInstanceGroupArgs\n {\n InstanceType = \"m5.xlarge\",\n },\n CoreInstanceGroup = new Aws.Emr.Inputs.ClusterCoreInstanceGroupArgs\n {\n InstanceCount = 1,\n InstanceType = \"m5.xlarge\",\n },\n Tags = \n {\n { \"role\", \"rolename\" },\n { \"dns_zone\", \"env_zone\" },\n { \"env\", \"env\" },\n { \"name\", \"name-env\" },\n },\n BootstrapActions = \n {\n new Aws.Emr.Inputs.ClusterBootstrapActionArgs\n {\n Path = \"s3://elasticmapreduce/bootstrap-actions/run-if\",\n Name = \"runif\",\n Args = \n {\n \"instance.isMaster=true\",\n \"echo running on master node\",\n },\n },\n },\n ConfigurationsJson = @\" [\n {\n \"\"Classification\"\": \"\"hadoop-env\"\",\n \"\"Configurations\"\": [\n {\n \"\"Classification\"\": \"\"export\"\",\n \"\"Properties\"\": {\n \"\"JAVA_HOME\"\": \"\"/usr/lib/jvm/java-1.8.0\"\"\n }\n }\n ],\n \"\"Properties\"\": {}\n },\n {\n \"\"Classification\"\": \"\"spark-env\"\",\n \"\"Configurations\"\": [\n {\n \"\"Classification\"\": \"\"export\"\",\n \"\"Properties\"\": {\n \"\"JAVA_HOME\"\": \"\"/usr/lib/jvm/java-1.8.0\"\"\n }\n }\n ],\n \"\"Properties\"\": {}\n }\n ]\n\",\n ServiceRole = iamEmrServiceRole.Arn,\n });\n var allowAccess = new Aws.Ec2.SecurityGroup(\"allowAccess\", new Aws.Ec2.SecurityGroupArgs\n {\n Description = \"Allow inbound traffic\",\n VpcId = mainVpc.Id,\n Ingress = \n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = mainVpc.CidrBlock,\n },\n },\n Egress = \n {\n new Aws.Ec2.Inputs.SecurityGroupEgressArgs\n {\n FromPort = 0,\n ToPort = 0,\n Protocol = \"-1\",\n CidrBlocks = \n {\n \"0.0.0.0/0\",\n },\n },\n },\n Tags = \n {\n { \"name\", \"emr_test\" },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n mainSubnet,\n },\n });\n var gw = new Aws.Ec2.InternetGateway(\"gw\", new Aws.Ec2.InternetGatewayArgs\n {\n VpcId = mainVpc.Id,\n });\n var routeTable = new Aws.Ec2.RouteTable(\"routeTable\", new Aws.Ec2.RouteTableArgs\n {\n VpcId = mainVpc.Id,\n Routes = \n {\n new Aws.Ec2.Inputs.RouteTableRouteArgs\n {\n CidrBlock = \"0.0.0.0/0\",\n GatewayId = gw.Id,\n },\n },\n });\n var mainRouteTableAssociation = new Aws.Ec2.MainRouteTableAssociation(\"mainRouteTableAssociation\", new Aws.Ec2.MainRouteTableAssociationArgs\n {\n VpcId = mainVpc.Id,\n RouteTableId = routeTable.Id,\n });\n //##\n var iamEmrServicePolicy = new Aws.Iam.RolePolicy(\"iamEmrServicePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = iamEmrServiceRole.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"*\"\",\n \"\"Action\"\": [\n \"\"ec2:AuthorizeSecurityGroupEgress\"\",\n \"\"ec2:AuthorizeSecurityGroupIngress\"\",\n \"\"ec2:CancelSpotInstanceRequests\"\",\n \"\"ec2:CreateNetworkInterface\"\",\n \"\"ec2:CreateSecurityGroup\"\",\n \"\"ec2:CreateTags\"\",\n \"\"ec2:DeleteNetworkInterface\"\",\n \"\"ec2:DeleteSecurityGroup\"\",\n \"\"ec2:DeleteTags\"\",\n \"\"ec2:DescribeAvailabilityZones\"\",\n \"\"ec2:DescribeAccountAttributes\"\",\n \"\"ec2:DescribeDhcpOptions\"\",\n \"\"ec2:DescribeInstanceStatus\"\",\n \"\"ec2:DescribeInstances\"\",\n \"\"ec2:DescribeKeyPairs\"\",\n \"\"ec2:DescribeNetworkAcls\"\",\n \"\"ec2:DescribeNetworkInterfaces\"\",\n \"\"ec2:DescribePrefixLists\"\",\n \"\"ec2:DescribeRouteTables\"\",\n \"\"ec2:DescribeSecurityGroups\"\",\n \"\"ec2:DescribeSpotInstanceRequests\"\",\n \"\"ec2:DescribeSpotPriceHistory\"\",\n \"\"ec2:DescribeSubnets\"\",\n \"\"ec2:DescribeVpcAttribute\"\",\n \"\"ec2:DescribeVpcEndpoints\"\",\n \"\"ec2:DescribeVpcEndpointServices\"\",\n \"\"ec2:DescribeVpcs\"\",\n \"\"ec2:DetachNetworkInterface\"\",\n \"\"ec2:ModifyImageAttribute\"\",\n \"\"ec2:ModifyInstanceAttribute\"\",\n \"\"ec2:RequestSpotInstances\"\",\n \"\"ec2:RevokeSecurityGroupEgress\"\",\n \"\"ec2:RunInstances\"\",\n \"\"ec2:TerminateInstances\"\",\n \"\"ec2:DeleteVolume\"\",\n \"\"ec2:DescribeVolumeStatus\"\",\n \"\"ec2:DescribeVolumes\"\",\n \"\"ec2:DetachVolume\"\",\n \"\"iam:GetRole\"\",\n \"\"iam:GetRolePolicy\"\",\n \"\"iam:ListInstanceProfiles\"\",\n \"\"iam:ListRolePolicies\"\",\n \"\"iam:PassRole\"\",\n \"\"s3:CreateBucket\"\",\n \"\"s3:Get*\"\",\n \"\"s3:List*\"\",\n \"\"sdb:BatchPutAttributes\"\",\n \"\"sdb:Select\"\",\n \"\"sqs:CreateQueue\"\",\n \"\"sqs:Delete*\"\",\n \"\"sqs:GetQueue*\"\",\n \"\"sqs:PurgeQueue\"\",\n \"\"sqs:ReceiveMessage\"\"\n ]\n }]\n}\n\",\n });\n var iamEmrProfilePolicy = new Aws.Iam.RolePolicy(\"iamEmrProfilePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = iamEmrProfileRole.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"*\"\",\n \"\"Action\"\": [\n \"\"cloudwatch:*\"\",\n \"\"dynamodb:*\"\",\n \"\"ec2:Describe*\"\",\n \"\"elasticmapreduce:Describe*\"\",\n \"\"elasticmapreduce:ListBootstrapActions\"\",\n \"\"elasticmapreduce:ListClusters\"\",\n \"\"elasticmapreduce:ListInstanceGroups\"\",\n \"\"elasticmapreduce:ListInstances\"\",\n \"\"elasticmapreduce:ListSteps\"\",\n \"\"kinesis:CreateStream\"\",\n \"\"kinesis:DeleteStream\"\",\n \"\"kinesis:DescribeStream\"\",\n \"\"kinesis:GetRecords\"\",\n \"\"kinesis:GetShardIterator\"\",\n \"\"kinesis:MergeShards\"\",\n \"\"kinesis:PutRecord\"\",\n \"\"kinesis:SplitShard\"\",\n \"\"rds:Describe*\"\",\n \"\"s3:*\"\",\n \"\"sdb:*\"\",\n \"\"sns:*\"\",\n \"\"sqs:*\"\"\n ]\n }]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/emr\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmainVpc, err := ec2.NewVpc(ctx, \"mainVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"168.31.0.0/16\"),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"name\": pulumi.String(\"emr_test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmainSubnet, err := ec2.NewSubnet(ctx, \"mainSubnet\", &ec2.SubnetArgs{\n\t\t\tVpcId: mainVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"168.31.0.0/20\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"name\": pulumi.String(\"emr_test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamEmrServiceRole, err := iam.NewRole(ctx, \"iamEmrServiceRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2008-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"elasticmapreduce.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tiamEmrProfileRole, err := iam.NewRole(ctx, \"iamEmrProfileRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2008-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"ec2.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\temrProfile, err := iam.NewInstanceProfile(ctx, \"emrProfile\", &iam.InstanceProfileArgs{\n\t\t\tRole: iamEmrProfileRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = emr.NewCluster(ctx, \"cluster\", &emr.ClusterArgs{\n\t\t\tReleaseLabel: pulumi.String(\"emr-4.6.0\"),\n\t\t\tApplications: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Spark\"),\n\t\t\t},\n\t\t\tEc2Attributes: &emr.ClusterEc2AttributesArgs{\n\t\t\t\tSubnetId: mainSubnet.ID(),\n\t\t\t\tEmrManagedMasterSecurityGroup: pulumi.Any(aws_security_group.Allow_all.Id),\n\t\t\t\tEmrManagedSlaveSecurityGroup: pulumi.Any(aws_security_group.Allow_all.Id),\n\t\t\t\tInstanceProfile: emrProfile.Arn,\n\t\t\t},\n\t\t\tMasterInstanceGroup: &emr.ClusterMasterInstanceGroupArgs{\n\t\t\t\tInstanceType: pulumi.String(\"m5.xlarge\"),\n\t\t\t},\n\t\t\tCoreInstanceGroup: &emr.ClusterCoreInstanceGroupArgs{\n\t\t\t\tInstanceCount: pulumi.Int(1),\n\t\t\t\tInstanceType: pulumi.String(\"m5.xlarge\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"role\": pulumi.String(\"rolename\"),\n\t\t\t\t\"dns_zone\": pulumi.String(\"env_zone\"),\n\t\t\t\t\"env\": pulumi.String(\"env\"),\n\t\t\t\t\"name\": pulumi.String(\"name-env\"),\n\t\t\t},\n\t\t\tBootstrapActions: emr.ClusterBootstrapActionArray{\n\t\t\t\t&emr.ClusterBootstrapActionArgs{\n\t\t\t\t\tPath: pulumi.String(\"s3://elasticmapreduce/bootstrap-actions/run-if\"),\n\t\t\t\t\tName: pulumi.String(\"runif\"),\n\t\t\t\t\tArgs: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"instance.isMaster=true\"),\n\t\t\t\t\t\tpulumi.String(\"echo running on master node\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConfigurationsJson: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \" [\\n\", \" {\\n\", \" \\\"Classification\\\": \\\"hadoop-env\\\",\\n\", \" \\\"Configurations\\\": [\\n\", \" {\\n\", \" \\\"Classification\\\": \\\"export\\\",\\n\", \" \\\"Properties\\\": {\\n\", \" \\\"JAVA_HOME\\\": \\\"/usr/lib/jvm/java-1.8.0\\\"\\n\", \" }\\n\", \" }\\n\", \" ],\\n\", \" \\\"Properties\\\": {}\\n\", \" },\\n\", \" {\\n\", \" \\\"Classification\\\": \\\"spark-env\\\",\\n\", \" \\\"Configurations\\\": [\\n\", \" {\\n\", \" \\\"Classification\\\": \\\"export\\\",\\n\", \" \\\"Properties\\\": {\\n\", \" \\\"JAVA_HOME\\\": \\\"/usr/lib/jvm/java-1.8.0\\\"\\n\", \" }\\n\", \" }\\n\", \" ],\\n\", \" \\\"Properties\\\": {}\\n\", \" }\\n\", \" ]\\n\")),\n\t\t\tServiceRole: iamEmrServiceRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"allowAccess\", &ec2.SecurityGroupArgs{\n\t\t\tDescription: pulumi.String(\"Allow inbound traffic\"),\n\t\t\tVpcId: mainVpc.ID(),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{\n\t\t\t\t&ec2.SecurityGroupIngressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: mainVpc.CidrBlock,\n\t\t\t\t},\n\t\t\t},\n\t\t\tEgress: ec2.SecurityGroupEgressArray{\n\t\t\t\t&ec2.SecurityGroupEgressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(0),\n\t\t\t\t\tToPort: pulumi.Int(0),\n\t\t\t\t\tProtocol: pulumi.String(\"-1\"),\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"name\": pulumi.String(\"emr_test\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tmainSubnet,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgw, err := ec2.NewInternetGateway(ctx, \"gw\", &ec2.InternetGatewayArgs{\n\t\t\tVpcId: mainVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trouteTable, err := ec2.NewRouteTable(ctx, \"routeTable\", &ec2.RouteTableArgs{\n\t\t\tVpcId: mainVpc.ID(),\n\t\t\tRoutes: ec2.RouteTableRouteArray{\n\t\t\t\t&ec2.RouteTableRouteArgs{\n\t\t\t\t\tCidrBlock: pulumi.String(\"0.0.0.0/0\"),\n\t\t\t\t\tGatewayId: gw.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewMainRouteTableAssociation(ctx, \"mainRouteTableAssociation\", &ec2.MainRouteTableAssociationArgs{\n\t\t\tVpcId: mainVpc.ID(),\n\t\t\tRouteTableId: routeTable.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"iamEmrServicePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: iamEmrServiceRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [{\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:AuthorizeSecurityGroupEgress\\\",\\n\", \" \\\"ec2:AuthorizeSecurityGroupIngress\\\",\\n\", \" \\\"ec2:CancelSpotInstanceRequests\\\",\\n\", \" \\\"ec2:CreateNetworkInterface\\\",\\n\", \" \\\"ec2:CreateSecurityGroup\\\",\\n\", \" \\\"ec2:CreateTags\\\",\\n\", \" \\\"ec2:DeleteNetworkInterface\\\",\\n\", \" \\\"ec2:DeleteSecurityGroup\\\",\\n\", \" \\\"ec2:DeleteTags\\\",\\n\", \" \\\"ec2:DescribeAvailabilityZones\\\",\\n\", \" \\\"ec2:DescribeAccountAttributes\\\",\\n\", \" \\\"ec2:DescribeDhcpOptions\\\",\\n\", \" \\\"ec2:DescribeInstanceStatus\\\",\\n\", \" \\\"ec2:DescribeInstances\\\",\\n\", \" \\\"ec2:DescribeKeyPairs\\\",\\n\", \" \\\"ec2:DescribeNetworkAcls\\\",\\n\", \" \\\"ec2:DescribeNetworkInterfaces\\\",\\n\", \" \\\"ec2:DescribePrefixLists\\\",\\n\", \" \\\"ec2:DescribeRouteTables\\\",\\n\", \" \\\"ec2:DescribeSecurityGroups\\\",\\n\", \" \\\"ec2:DescribeSpotInstanceRequests\\\",\\n\", \" \\\"ec2:DescribeSpotPriceHistory\\\",\\n\", \" \\\"ec2:DescribeSubnets\\\",\\n\", \" \\\"ec2:DescribeVpcAttribute\\\",\\n\", \" \\\"ec2:DescribeVpcEndpoints\\\",\\n\", \" \\\"ec2:DescribeVpcEndpointServices\\\",\\n\", \" \\\"ec2:DescribeVpcs\\\",\\n\", \" \\\"ec2:DetachNetworkInterface\\\",\\n\", \" \\\"ec2:ModifyImageAttribute\\\",\\n\", \" \\\"ec2:ModifyInstanceAttribute\\\",\\n\", \" \\\"ec2:RequestSpotInstances\\\",\\n\", \" \\\"ec2:RevokeSecurityGroupEgress\\\",\\n\", \" \\\"ec2:RunInstances\\\",\\n\", \" \\\"ec2:TerminateInstances\\\",\\n\", \" \\\"ec2:DeleteVolume\\\",\\n\", \" \\\"ec2:DescribeVolumeStatus\\\",\\n\", \" \\\"ec2:DescribeVolumes\\\",\\n\", \" \\\"ec2:DetachVolume\\\",\\n\", \" \\\"iam:GetRole\\\",\\n\", \" \\\"iam:GetRolePolicy\\\",\\n\", \" \\\"iam:ListInstanceProfiles\\\",\\n\", \" \\\"iam:ListRolePolicies\\\",\\n\", \" \\\"iam:PassRole\\\",\\n\", \" \\\"s3:CreateBucket\\\",\\n\", \" \\\"s3:Get*\\\",\\n\", \" \\\"s3:List*\\\",\\n\", \" \\\"sdb:BatchPutAttributes\\\",\\n\", \" \\\"sdb:Select\\\",\\n\", \" \\\"sqs:CreateQueue\\\",\\n\", \" \\\"sqs:Delete*\\\",\\n\", \" \\\"sqs:GetQueue*\\\",\\n\", \" \\\"sqs:PurgeQueue\\\",\\n\", \" \\\"sqs:ReceiveMessage\\\"\\n\", \" ]\\n\", \" }]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"iamEmrProfilePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: iamEmrProfileRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [{\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"cloudwatch:*\\\",\\n\", \" \\\"dynamodb:*\\\",\\n\", \" \\\"ec2:Describe*\\\",\\n\", \" \\\"elasticmapreduce:Describe*\\\",\\n\", \" \\\"elasticmapreduce:ListBootstrapActions\\\",\\n\", \" \\\"elasticmapreduce:ListClusters\\\",\\n\", \" \\\"elasticmapreduce:ListInstanceGroups\\\",\\n\", \" \\\"elasticmapreduce:ListInstances\\\",\\n\", \" \\\"elasticmapreduce:ListSteps\\\",\\n\", \" \\\"kinesis:CreateStream\\\",\\n\", \" \\\"kinesis:DeleteStream\\\",\\n\", \" \\\"kinesis:DescribeStream\\\",\\n\", \" \\\"kinesis:GetRecords\\\",\\n\", \" \\\"kinesis:GetShardIterator\\\",\\n\", \" \\\"kinesis:MergeShards\\\",\\n\", \" \\\"kinesis:PutRecord\\\",\\n\", \" \\\"kinesis:SplitShard\\\",\\n\", \" \\\"rds:Describe*\\\",\\n\", \" \\\"s3:*\\\",\\n\", \" \\\"sdb:*\\\",\\n\", \" \\\"sns:*\\\",\\n\", \" \\\"sqs:*\\\"\\n\", \" ]\\n\", \" }]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nEMR clusters can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:emr/cluster:Cluster cluster j-123456ABCDEF\n```\n\n Since the API does not return the actual values for Kerberos configurations, environments with those this provider configurations will need to use the [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) available to all this provider resources to prevent perpetual differences, e.g. terraform resource \"aws_emr_cluster\" \"example\" {\n\n # ... other configuration ...\n\n lifecycle {\n\n\n\n ignore_changes = [kerberos_attributes]\n\n } } ", + "properties": { + "additionalInfo": { + "type": "string", + "description": "A JSON string for selecting additional features such as adding proxy information. Note: Currently there is no API to retrieve the value of this argument after EMR cluster creation from provider, therefore this provider cannot detect drift from the actual EMR cluster if its value is changed outside this provider.\n" + }, + "applications": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of applications for the cluster. Valid values are: `Flink`, `Hadoop`, `Hive`, `Mahout`, `Pig`, `Spark`, and `JupyterHub` (as of EMR 5.14.0). Case insensitive\n" + }, + "arn": { + "type": "string" + }, + "autoscalingRole": { + "type": "string", + "description": "An IAM role for automatic scaling policies. The IAM role provides permissions that the automatic scaling feature requires to launch and terminate EC2 instances in an instance group.\n" + }, + "bootstrapActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterBootstrapAction:ClusterBootstrapAction" + }, + "description": "Ordered list of bootstrap actions that will be run before Hadoop is started on the cluster nodes. Defined below.\n" + }, + "clusterState": { + "type": "string", + "language": { + "csharp": { + "name": "State" + } + } + }, + "configurations": { + "type": "string", + "description": "A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks.\n" + }, + "configurationsJson": { + "type": "string", + "description": "A JSON string for supplying list of configurations for the EMR cluster.\n" + }, + "coreInstanceFleet": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceFleet:ClusterCoreInstanceFleet", + "description": "Configuration block to use an [Instance Fleet](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html) for the core node type. Cannot be specified if any `core_instance_group` configuration blocks are set. Detailed below.\n" + }, + "coreInstanceGroup": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceGroup:ClusterCoreInstanceGroup", + "description": "Configuration block to use an [Instance Group](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for the [core node type](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-core).\n" + }, + "customAmiId": { + "type": "string", + "description": "A custom Amazon Linux AMI for the cluster (instead of an EMR-owned AMI). Available in Amazon EMR version 5.7.0 and later.\n" + }, + "ebsRootVolumeSize": { + "type": "integer", + "description": "Size in GiB of the EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later.\n" + }, + "ec2Attributes": { + "$ref": "#/types/aws:emr/ClusterEc2Attributes:ClusterEc2Attributes", + "description": "Attributes for the EC2 instances running the job flow. Defined below\n" + }, + "keepJobFlowAliveWhenNoSteps": { + "type": "boolean", + "description": "Switch on/off run cluster with no steps or when all steps are complete (default is on)\n" + }, + "kerberosAttributes": { + "$ref": "#/types/aws:emr/ClusterKerberosAttributes:ClusterKerberosAttributes", + "description": "Kerberos configuration for the cluster. Defined below\n" + }, + "logUri": { + "type": "string", + "description": "S3 bucket to write the log files of the job flow. If a value is not provided, logs are not created\n" + }, + "masterInstanceFleet": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceFleet:ClusterMasterInstanceFleet", + "description": "Configuration block to use an [Instance Fleet](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html) for the master node type. Cannot be specified if any `master_instance_group` configuration blocks are set. Detailed below.\n" + }, + "masterInstanceGroup": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceGroup:ClusterMasterInstanceGroup", + "description": "Configuration block to use an [Instance Group](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for the [master node type](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-master).\n" + }, + "masterPublicDns": { + "type": "string", + "description": "The public DNS name of the master EC2 instance.\n* `core_instance_group.0.id` - Core node type Instance Group ID, if using Instance Group for this node type.\n" + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n" + }, + "releaseLabel": { + "type": "string", + "description": "The release label for the Amazon EMR release\n" + }, + "scaleDownBehavior": { + "type": "string", + "description": "The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an `instance group` is resized.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The security configuration name to attach to the EMR cluster. Only valid for EMR clusters with `release_label` 4.8.0 or greater\n" + }, + "serviceRole": { + "type": "string", + "description": "IAM role that will be assumed by the Amazon EMR service to access AWS resources\n" + }, + "stepConcurrencyLevel": { + "type": "integer", + "description": "The number of steps that can be executed concurrently. You can specify a maximum of 256 steps. Only valid for EMR clusters with `release_label` 5.28.0 or greater. (default is 1)\n" + }, + "steps": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterStep:ClusterStep" + }, + "description": "List of steps to run when creating the cluster. Defined below. It is highly recommended to utilize [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) if other steps are being managed outside of this provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "terminationProtection": { + "type": "boolean", + "description": "Switch on/off termination protection (default is `false`, except when using multiple master nodes). Before attempting to destroy the resource when termination protection is enabled, this configuration must be applied with its value set to `false`.\n" + }, + "visibleToAllUsers": { + "type": "boolean", + "description": "Whether the job flow is visible to all IAM users of the AWS account associated with the job flow. Default `true`\n" + } + }, + "required": [ + "arn", + "clusterState", + "coreInstanceFleet", + "coreInstanceGroup", + "keepJobFlowAliveWhenNoSteps", + "masterInstanceFleet", + "masterInstanceGroup", + "masterPublicDns", + "name", + "releaseLabel", + "scaleDownBehavior", + "serviceRole", + "steps", + "tagsAll", + "terminationProtection" + ], + "inputProperties": { + "additionalInfo": { + "type": "string", + "description": "A JSON string for selecting additional features such as adding proxy information. Note: Currently there is no API to retrieve the value of this argument after EMR cluster creation from provider, therefore this provider cannot detect drift from the actual EMR cluster if its value is changed outside this provider.\n" + }, + "applications": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of applications for the cluster. Valid values are: `Flink`, `Hadoop`, `Hive`, `Mahout`, `Pig`, `Spark`, and `JupyterHub` (as of EMR 5.14.0). Case insensitive\n" + }, + "autoscalingRole": { + "type": "string", + "description": "An IAM role for automatic scaling policies. The IAM role provides permissions that the automatic scaling feature requires to launch and terminate EC2 instances in an instance group.\n" + }, + "bootstrapActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterBootstrapAction:ClusterBootstrapAction" + }, + "description": "Ordered list of bootstrap actions that will be run before Hadoop is started on the cluster nodes. Defined below.\n" + }, + "configurations": { + "type": "string", + "description": "A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks.\n" + }, + "configurationsJson": { + "type": "string", + "description": "A JSON string for supplying list of configurations for the EMR cluster.\n" + }, + "coreInstanceFleet": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceFleet:ClusterCoreInstanceFleet", + "description": "Configuration block to use an [Instance Fleet](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html) for the core node type. Cannot be specified if any `core_instance_group` configuration blocks are set. Detailed below.\n" + }, + "coreInstanceGroup": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceGroup:ClusterCoreInstanceGroup", + "description": "Configuration block to use an [Instance Group](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for the [core node type](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-core).\n" + }, + "customAmiId": { + "type": "string", + "description": "A custom Amazon Linux AMI for the cluster (instead of an EMR-owned AMI). Available in Amazon EMR version 5.7.0 and later.\n" + }, + "ebsRootVolumeSize": { + "type": "integer", + "description": "Size in GiB of the EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later.\n" + }, + "ec2Attributes": { + "$ref": "#/types/aws:emr/ClusterEc2Attributes:ClusterEc2Attributes", + "description": "Attributes for the EC2 instances running the job flow. Defined below\n" + }, + "keepJobFlowAliveWhenNoSteps": { + "type": "boolean", + "description": "Switch on/off run cluster with no steps or when all steps are complete (default is on)\n" + }, + "kerberosAttributes": { + "$ref": "#/types/aws:emr/ClusterKerberosAttributes:ClusterKerberosAttributes", + "description": "Kerberos configuration for the cluster. Defined below\n" + }, + "logUri": { + "type": "string", + "description": "S3 bucket to write the log files of the job flow. If a value is not provided, logs are not created\n" + }, + "masterInstanceFleet": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceFleet:ClusterMasterInstanceFleet", + "description": "Configuration block to use an [Instance Fleet](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html) for the master node type. Cannot be specified if any `master_instance_group` configuration blocks are set. Detailed below.\n" + }, + "masterInstanceGroup": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceGroup:ClusterMasterInstanceGroup", + "description": "Configuration block to use an [Instance Group](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for the [master node type](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-master).\n" + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n" + }, + "releaseLabel": { + "type": "string", + "description": "The release label for the Amazon EMR release\n" + }, + "scaleDownBehavior": { + "type": "string", + "description": "The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an `instance group` is resized.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The security configuration name to attach to the EMR cluster. Only valid for EMR clusters with `release_label` 4.8.0 or greater\n" + }, + "serviceRole": { + "type": "string", + "description": "IAM role that will be assumed by the Amazon EMR service to access AWS resources\n" + }, + "stepConcurrencyLevel": { + "type": "integer", + "description": "The number of steps that can be executed concurrently. You can specify a maximum of 256 steps. Only valid for EMR clusters with `release_label` 5.28.0 or greater. (default is 1)\n" + }, + "steps": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterStep:ClusterStep" + }, + "description": "List of steps to run when creating the cluster. Defined below. It is highly recommended to utilize [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) if other steps are being managed outside of this provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "terminationProtection": { + "type": "boolean", + "description": "Switch on/off termination protection (default is `false`, except when using multiple master nodes). Before attempting to destroy the resource when termination protection is enabled, this configuration must be applied with its value set to `false`.\n" + }, + "visibleToAllUsers": { + "type": "boolean", + "description": "Whether the job flow is visible to all IAM users of the AWS account associated with the job flow. Default `true`\n" + } + }, + "requiredInputs": [ + "releaseLabel", + "serviceRole" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "additionalInfo": { + "type": "string", + "description": "A JSON string for selecting additional features such as adding proxy information. Note: Currently there is no API to retrieve the value of this argument after EMR cluster creation from provider, therefore this provider cannot detect drift from the actual EMR cluster if its value is changed outside this provider.\n" + }, + "applications": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of applications for the cluster. Valid values are: `Flink`, `Hadoop`, `Hive`, `Mahout`, `Pig`, `Spark`, and `JupyterHub` (as of EMR 5.14.0). Case insensitive\n" + }, + "arn": { + "type": "string" + }, + "autoscalingRole": { + "type": "string", + "description": "An IAM role for automatic scaling policies. The IAM role provides permissions that the automatic scaling feature requires to launch and terminate EC2 instances in an instance group.\n" + }, + "bootstrapActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterBootstrapAction:ClusterBootstrapAction" + }, + "description": "Ordered list of bootstrap actions that will be run before Hadoop is started on the cluster nodes. Defined below.\n" + }, + "clusterState": { + "type": "string", + "language": { + "csharp": { + "name": "State" + } + } + }, + "configurations": { + "type": "string", + "description": "A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster. List of `configuration` blocks.\n" + }, + "configurationsJson": { + "type": "string", + "description": "A JSON string for supplying list of configurations for the EMR cluster.\n" + }, + "coreInstanceFleet": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceFleet:ClusterCoreInstanceFleet", + "description": "Configuration block to use an [Instance Fleet](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html) for the core node type. Cannot be specified if any `core_instance_group` configuration blocks are set. Detailed below.\n" + }, + "coreInstanceGroup": { + "$ref": "#/types/aws:emr/ClusterCoreInstanceGroup:ClusterCoreInstanceGroup", + "description": "Configuration block to use an [Instance Group](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for the [core node type](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-core).\n" + }, + "customAmiId": { + "type": "string", + "description": "A custom Amazon Linux AMI for the cluster (instead of an EMR-owned AMI). Available in Amazon EMR version 5.7.0 and later.\n" + }, + "ebsRootVolumeSize": { + "type": "integer", + "description": "Size in GiB of the EBS root device volume of the Linux AMI that is used for each EC2 instance. Available in Amazon EMR version 4.x and later.\n" + }, + "ec2Attributes": { + "$ref": "#/types/aws:emr/ClusterEc2Attributes:ClusterEc2Attributes", + "description": "Attributes for the EC2 instances running the job flow. Defined below\n" + }, + "keepJobFlowAliveWhenNoSteps": { + "type": "boolean", + "description": "Switch on/off run cluster with no steps or when all steps are complete (default is on)\n" + }, + "kerberosAttributes": { + "$ref": "#/types/aws:emr/ClusterKerberosAttributes:ClusterKerberosAttributes", + "description": "Kerberos configuration for the cluster. Defined below\n" + }, + "logUri": { + "type": "string", + "description": "S3 bucket to write the log files of the job flow. If a value is not provided, logs are not created\n" + }, + "masterInstanceFleet": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceFleet:ClusterMasterInstanceFleet", + "description": "Configuration block to use an [Instance Fleet](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-fleet.html) for the master node type. Cannot be specified if any `master_instance_group` configuration blocks are set. Detailed below.\n" + }, + "masterInstanceGroup": { + "$ref": "#/types/aws:emr/ClusterMasterInstanceGroup:ClusterMasterInstanceGroup", + "description": "Configuration block to use an [Instance Group](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-instance-group-configuration.html#emr-plan-instance-groups) for the [master node type](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-master-core-task-nodes.html#emr-plan-master).\n" + }, + "masterPublicDns": { + "type": "string", + "description": "The public DNS name of the master EC2 instance.\n* `core_instance_group.0.id` - Core node type Instance Group ID, if using Instance Group for this node type.\n" + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n" + }, + "releaseLabel": { + "type": "string", + "description": "The release label for the Amazon EMR release\n" + }, + "scaleDownBehavior": { + "type": "string", + "description": "The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an `instance group` is resized.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The security configuration name to attach to the EMR cluster. Only valid for EMR clusters with `release_label` 4.8.0 or greater\n" + }, + "serviceRole": { + "type": "string", + "description": "IAM role that will be assumed by the Amazon EMR service to access AWS resources\n" + }, + "stepConcurrencyLevel": { + "type": "integer", + "description": "The number of steps that can be executed concurrently. You can specify a maximum of 256 steps. Only valid for EMR clusters with `release_label` 5.28.0 or greater. (default is 1)\n" + }, + "steps": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ClusterStep:ClusterStep" + }, + "description": "List of steps to run when creating the cluster. Defined below. It is highly recommended to utilize [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) if other steps are being managed outside of this provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "terminationProtection": { + "type": "boolean", + "description": "Switch on/off termination protection (default is `false`, except when using multiple master nodes). Before attempting to destroy the resource when termination protection is enabled, this configuration must be applied with its value set to `false`.\n" + }, + "visibleToAllUsers": { + "type": "boolean", + "description": "Whether the job flow is visible to all IAM users of the AWS account associated with the job flow. Default `true`\n" + } + }, + "type": "object" + } + }, + "aws:emr/instanceFleet:InstanceFleet": { + "description": "Provides an Elastic MapReduce Cluster Instance Fleet configuration.\nSee [Amazon Elastic MapReduce Documentation](https://aws.amazon.com/documentation/emr/) for more information.\n\n> **NOTE:** At this time, Instance Fleets cannot be destroyed through the API nor\nweb interface. Instance Fleets are destroyed when the EMR Cluster is destroyed.\nthe provider will resize any Instance Fleet to zero when destroying the resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst task = new aws.emr.InstanceFleet(\"task\", {\n clusterId: aws_emr_cluster.cluster.id,\n instanceTypeConfigs: [\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.xlarge\",\n weightedCapacity: 1,\n },\n {\n bidPriceAsPercentageOfOnDemandPrice: 100,\n ebsConfigs: [{\n size: 100,\n type: \"gp2\",\n volumesPerInstance: 1,\n }],\n instanceType: \"m4.2xlarge\",\n weightedCapacity: 2,\n },\n ],\n launchSpecifications: {\n spotSpecifications: [{\n allocationStrategy: \"capacity-optimized\",\n blockDurationMinutes: 0,\n timeoutAction: \"TERMINATE_CLUSTER\",\n timeoutDurationMinutes: 10,\n }],\n },\n targetOnDemandCapacity: 1,\n targetSpotCapacity: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntask = aws.emr.InstanceFleet(\"task\",\n cluster_id=aws_emr_cluster[\"cluster\"][\"id\"],\n instance_type_configs=[\n aws.emr.InstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.InstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.xlarge\",\n weighted_capacity=1,\n ),\n aws.emr.InstanceFleetInstanceTypeConfigArgs(\n bid_price_as_percentage_of_on_demand_price=100,\n ebs_configs=[aws.emr.InstanceFleetInstanceTypeConfigEbsConfigArgs(\n size=100,\n type=\"gp2\",\n volumes_per_instance=1,\n )],\n instance_type=\"m4.2xlarge\",\n weighted_capacity=2,\n ),\n ],\n launch_specifications=aws.emr.InstanceFleetLaunchSpecificationsArgs(\n spot_specifications=[aws.emr.InstanceFleetLaunchSpecificationsSpotSpecificationArgs(\n allocation_strategy=\"capacity-optimized\",\n block_duration_minutes=0,\n timeout_action=\"TERMINATE_CLUSTER\",\n timeout_duration_minutes=10,\n )],\n ),\n target_on_demand_capacity=1,\n target_spot_capacity=1)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var task = new Aws.Emr.InstanceFleet(\"task\", new Aws.Emr.InstanceFleetArgs\n {\n ClusterId = aws_emr_cluster.Cluster.Id,\n InstanceTypeConfigs = \n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = \n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.xlarge\",\n WeightedCapacity = 1,\n },\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigArgs\n {\n BidPriceAsPercentageOfOnDemandPrice = 100,\n EbsConfigs = \n {\n new Aws.Emr.Inputs.InstanceFleetInstanceTypeConfigEbsConfigArgs\n {\n Size = 100,\n Type = \"gp2\",\n VolumesPerInstance = 1,\n },\n },\n InstanceType = \"m4.2xlarge\",\n WeightedCapacity = 2,\n },\n },\n LaunchSpecifications = new Aws.Emr.Inputs.InstanceFleetLaunchSpecificationsArgs\n {\n SpotSpecifications = \n {\n new Aws.Emr.Inputs.InstanceFleetLaunchSpecificationsSpotSpecificationArgs\n {\n AllocationStrategy = \"capacity-optimized\",\n BlockDurationMinutes = 0,\n TimeoutAction = \"TERMINATE_CLUSTER\",\n TimeoutDurationMinutes = 10,\n },\n },\n },\n TargetOnDemandCapacity = 1,\n TargetSpotCapacity = 1,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := emr.NewInstanceFleet(ctx, \"task\", &emr.InstanceFleetArgs{\n\t\t\tClusterId: pulumi.Any(aws_emr_cluster.Cluster.Id),\n\t\t\tInstanceTypeConfigs: emr.InstanceFleetInstanceTypeConfigArray{\n\t\t\t\t&emr.InstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\tEbsConfigs: emr.InstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t&emr.InstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.xlarge\"),\n\t\t\t\t\tWeightedCapacity: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\t&emr.InstanceFleetInstanceTypeConfigArgs{\n\t\t\t\t\tBidPriceAsPercentageOfOnDemandPrice: pulumi.Float64(100),\n\t\t\t\t\tEbsConfigs: emr.InstanceFleetInstanceTypeConfigEbsConfigArray{\n\t\t\t\t\t\t&emr.InstanceFleetInstanceTypeConfigEbsConfigArgs{\n\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\tType: pulumi.String(\"gp2\"),\n\t\t\t\t\t\t\tVolumesPerInstance: pulumi.Int(1),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tInstanceType: pulumi.String(\"m4.2xlarge\"),\n\t\t\t\t\tWeightedCapacity: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLaunchSpecifications: &emr.InstanceFleetLaunchSpecificationsArgs{\n\t\t\t\tSpotSpecifications: emr.InstanceFleetLaunchSpecificationsSpotSpecificationArray{\n\t\t\t\t\t&emr.InstanceFleetLaunchSpecificationsSpotSpecificationArgs{\n\t\t\t\t\t\tAllocationStrategy: pulumi.String(\"capacity-optimized\"),\n\t\t\t\t\t\tBlockDurationMinutes: pulumi.Int(0),\n\t\t\t\t\t\tTimeoutAction: pulumi.String(\"TERMINATE_CLUSTER\"),\n\t\t\t\t\t\tTimeoutDurationMinutes: pulumi.Int(10),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTargetOnDemandCapacity: pulumi.Int(1),\n\t\t\tTargetSpotCapacity: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEMR Instance Fleet can be imported with the EMR Cluster identifier and Instance Fleet identifier separated by a forward slash (`/`), e.g. console\n\n```sh\n $ pulumi import aws:emr/instanceFleet:InstanceFleet example j-123456ABCDEF/if-15EK4O09RZLNR\n```\n\n ", + "properties": { + "clusterId": { + "type": "string", + "description": "ID of the EMR Cluster to attach to. Changing this forces a new resource to be created.\n" + }, + "instanceTypeConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/InstanceFleetInstanceTypeConfig:InstanceFleetInstanceTypeConfig" + }, + "description": "Configuration block for instance fleet\n" + }, + "launchSpecifications": { + "$ref": "#/types/aws:emr/InstanceFleetLaunchSpecifications:InstanceFleetLaunchSpecifications", + "description": "Configuration block for launch specification\n" + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n" + }, + "provisionedOnDemandCapacity": { + "type": "integer" + }, + "provisionedSpotCapacity": { + "type": "integer" + }, + "targetOnDemandCapacity": { + "type": "integer", + "description": "The target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision.\n" + }, + "targetSpotCapacity": { + "type": "integer", + "description": "The target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision.\n" + } + }, + "required": [ + "clusterId", + "name", + "provisionedOnDemandCapacity", + "provisionedSpotCapacity" + ], + "inputProperties": { + "clusterId": { + "type": "string", + "description": "ID of the EMR Cluster to attach to. Changing this forces a new resource to be created.\n" + }, + "instanceTypeConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/InstanceFleetInstanceTypeConfig:InstanceFleetInstanceTypeConfig" + }, + "description": "Configuration block for instance fleet\n" + }, + "launchSpecifications": { + "$ref": "#/types/aws:emr/InstanceFleetLaunchSpecifications:InstanceFleetLaunchSpecifications", + "description": "Configuration block for launch specification\n" + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n" + }, + "targetOnDemandCapacity": { + "type": "integer", + "description": "The target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision.\n" + }, + "targetSpotCapacity": { + "type": "integer", + "description": "The target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision.\n" + } + }, + "requiredInputs": [ + "clusterId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering InstanceFleet resources.\n", + "properties": { + "clusterId": { + "type": "string", + "description": "ID of the EMR Cluster to attach to. Changing this forces a new resource to be created.\n" + }, + "instanceTypeConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/InstanceFleetInstanceTypeConfig:InstanceFleetInstanceTypeConfig" + }, + "description": "Configuration block for instance fleet\n" + }, + "launchSpecifications": { + "$ref": "#/types/aws:emr/InstanceFleetLaunchSpecifications:InstanceFleetLaunchSpecifications", + "description": "Configuration block for launch specification\n" + }, + "name": { + "type": "string", + "description": "Friendly name given to the instance fleet.\n" + }, + "provisionedOnDemandCapacity": { + "type": "integer" + }, + "provisionedSpotCapacity": { + "type": "integer" + }, + "targetOnDemandCapacity": { + "type": "integer", + "description": "The target capacity of On-Demand units for the instance fleet, which determines how many On-Demand instances to provision.\n" + }, + "targetSpotCapacity": { + "type": "integer", + "description": "The target capacity of Spot units for the instance fleet, which determines how many Spot instances to provision.\n" + } + }, + "type": "object" + } + }, + "aws:emr/instanceGroup:InstanceGroup": { + "description": "Provides an Elastic MapReduce Cluster Instance Group configuration.\nSee [Amazon Elastic MapReduce Documentation](https://aws.amazon.com/documentation/emr/) for more information.\n\n> **NOTE:** At this time, Instance Groups cannot be destroyed through the API nor\nweb interface. Instance Groups are destroyed when the EMR Cluster is destroyed.\nthis provider will resize any Instance Group to zero when destroying the resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst task = new aws.emr.InstanceGroup(\"task\", {\n clusterId: aws_emr_cluster[\"tf-test-cluster\"].id,\n instanceCount: 1,\n instanceType: \"m5.xlarge\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntask = aws.emr.InstanceGroup(\"task\",\n cluster_id=aws_emr_cluster[\"tf-test-cluster\"][\"id\"],\n instance_count=1,\n instance_type=\"m5.xlarge\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var task = new Aws.Emr.InstanceGroup(\"task\", new Aws.Emr.InstanceGroupArgs\n {\n ClusterId = aws_emr_cluster.Tf_test_cluster.Id,\n InstanceCount = 1,\n InstanceType = \"m5.xlarge\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := emr.NewInstanceGroup(ctx, \"task\", &emr.InstanceGroupArgs{\n\t\t\tClusterId: pulumi.Any(aws_emr_cluster.Tf - test - cluster.Id),\n\t\t\tInstanceCount: pulumi.Int(1),\n\t\t\tInstanceType: pulumi.String(\"m5.xlarge\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEMR task instance group can be imported using their EMR Cluster id and Instance Group id separated by a forward-slash `/`, e.g.\n\n```sh\n $ pulumi import aws:emr/instanceGroup:InstanceGroup task_greoup j-123456ABCDEF/ig-15EK4O09RZLNR\n```\n\n ", + "properties": { + "autoscalingPolicy": { + "type": "string", + "description": "The autoscaling policy document. This is a JSON formatted string. See [EMR Auto Scaling](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-automatic-scaling.html)\n" + }, + "bidPrice": { + "type": "string", + "description": "If set, the bid price for each EC2 instance in the instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances.\n" + }, + "clusterId": { + "type": "string", + "description": "ID of the EMR Cluster to attach to. Changing this forces a new resource to be created.\n" + }, + "configurationsJson": { + "type": "string", + "description": "A JSON string for supplying list of configurations specific to the EMR instance group. Note that this can only be changed when using EMR release 5.21 or later.\n" + }, + "ebsConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/InstanceGroupEbsConfig:InstanceGroupEbsConfig" + }, + "description": "One or more `ebs_config` blocks as defined below. Changing this forces a new resource to be created.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "Indicates whether an Amazon EBS volume is EBS-optimized. Changing this forces a new resource to be created.\n" + }, + "instanceCount": { + "type": "integer", + "description": "target number of instances for the instance group. defaults to 0.\n" + }, + "instanceType": { + "type": "string", + "description": "The EC2 instance type for all instances in the instance group. Changing this forces a new resource to be created.\n" + }, + "name": { + "type": "string", + "description": "Human friendly name given to the instance group. Changing this forces a new resource to be created.\n" + }, + "runningInstanceCount": { + "type": "integer" + }, + "status": { + "type": "string" + } + }, + "required": [ + "clusterId", + "ebsConfigs", + "instanceType", + "name", + "runningInstanceCount", + "status" + ], + "inputProperties": { + "autoscalingPolicy": { + "type": "string", + "description": "The autoscaling policy document. This is a JSON formatted string. See [EMR Auto Scaling](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-automatic-scaling.html)\n" + }, + "bidPrice": { + "type": "string", + "description": "If set, the bid price for each EC2 instance in the instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances.\n" + }, + "clusterId": { + "type": "string", + "description": "ID of the EMR Cluster to attach to. Changing this forces a new resource to be created.\n" + }, + "configurationsJson": { + "type": "string", + "description": "A JSON string for supplying list of configurations specific to the EMR instance group. Note that this can only be changed when using EMR release 5.21 or later.\n" + }, + "ebsConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/InstanceGroupEbsConfig:InstanceGroupEbsConfig" + }, + "description": "One or more `ebs_config` blocks as defined below. Changing this forces a new resource to be created.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "Indicates whether an Amazon EBS volume is EBS-optimized. Changing this forces a new resource to be created.\n" + }, + "instanceCount": { + "type": "integer", + "description": "target number of instances for the instance group. defaults to 0.\n" + }, + "instanceType": { + "type": "string", + "description": "The EC2 instance type for all instances in the instance group. Changing this forces a new resource to be created.\n" + }, + "name": { + "type": "string", + "description": "Human friendly name given to the instance group. Changing this forces a new resource to be created.\n" + } + }, + "requiredInputs": [ + "clusterId", + "instanceType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering InstanceGroup resources.\n", + "properties": { + "autoscalingPolicy": { + "type": "string", + "description": "The autoscaling policy document. This is a JSON formatted string. See [EMR Auto Scaling](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-automatic-scaling.html)\n" + }, + "bidPrice": { + "type": "string", + "description": "If set, the bid price for each EC2 instance in the instance group, expressed in USD. By setting this attribute, the instance group is being declared as a Spot Instance, and will implicitly create a Spot request. Leave this blank to use On-Demand Instances.\n" + }, + "clusterId": { + "type": "string", + "description": "ID of the EMR Cluster to attach to. Changing this forces a new resource to be created.\n" + }, + "configurationsJson": { + "type": "string", + "description": "A JSON string for supplying list of configurations specific to the EMR instance group. Note that this can only be changed when using EMR release 5.21 or later.\n" + }, + "ebsConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/InstanceGroupEbsConfig:InstanceGroupEbsConfig" + }, + "description": "One or more `ebs_config` blocks as defined below. Changing this forces a new resource to be created.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "Indicates whether an Amazon EBS volume is EBS-optimized. Changing this forces a new resource to be created.\n" + }, + "instanceCount": { + "type": "integer", + "description": "target number of instances for the instance group. defaults to 0.\n" + }, + "instanceType": { + "type": "string", + "description": "The EC2 instance type for all instances in the instance group. Changing this forces a new resource to be created.\n" + }, + "name": { + "type": "string", + "description": "Human friendly name given to the instance group. Changing this forces a new resource to be created.\n" + }, + "runningInstanceCount": { + "type": "integer" + }, + "status": { + "type": "string" + } + }, + "type": "object" + } + }, + "aws:emr/managedScalingPolicy:ManagedScalingPolicy": { + "description": "Provides a Managed Scaling policy for EMR Cluster. With Amazon EMR versions 5.30.0 and later (except for Amazon EMR 6.0.0), you can enable EMR managed scaling to automatically increase or decrease the number of instances or units in your cluster based on workload. See [Using EMR Managed Scaling in Amazon EMR](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-scaling.html) for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sample = new aws.emr.Cluster(\"sample\", {\n releaseLabel: \"emr-5.30.0\",\n masterInstanceGroup: {\n instanceType: \"m4.large\",\n },\n coreInstanceGroup: {\n instanceType: \"c4.large\",\n },\n});\n// skip ...\nconst samplepolicy = new aws.emr.ManagedScalingPolicy(\"samplepolicy\", {\n clusterId: sample.id,\n computeLimits: [{\n unitType: \"Instances\",\n minimumCapacityUnits: 2,\n maximumCapacityUnits: 10,\n maximumOndemandCapacityUnits: 2,\n maximumCoreCapacityUnits: 10,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsample = aws.emr.Cluster(\"sample\",\n release_label=\"emr-5.30.0\",\n master_instance_group=aws.emr.ClusterMasterInstanceGroupArgs(\n instance_type=\"m4.large\",\n ),\n core_instance_group=aws.emr.ClusterCoreInstanceGroupArgs(\n instance_type=\"c4.large\",\n ))\n# skip ...\nsamplepolicy = aws.emr.ManagedScalingPolicy(\"samplepolicy\",\n cluster_id=sample.id,\n compute_limits=[aws.emr.ManagedScalingPolicyComputeLimitArgs(\n unit_type=\"Instances\",\n minimum_capacity_units=2,\n maximum_capacity_units=10,\n maximum_ondemand_capacity_units=2,\n maximum_core_capacity_units=10,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sample = new Aws.Emr.Cluster(\"sample\", new Aws.Emr.ClusterArgs\n {\n ReleaseLabel = \"emr-5.30.0\",\n MasterInstanceGroup = new Aws.Emr.Inputs.ClusterMasterInstanceGroupArgs\n {\n InstanceType = \"m4.large\",\n },\n CoreInstanceGroup = new Aws.Emr.Inputs.ClusterCoreInstanceGroupArgs\n {\n InstanceType = \"c4.large\",\n },\n });\n // skip ...\n var samplepolicy = new Aws.Emr.ManagedScalingPolicy(\"samplepolicy\", new Aws.Emr.ManagedScalingPolicyArgs\n {\n ClusterId = sample.Id,\n ComputeLimits = \n {\n new Aws.Emr.Inputs.ManagedScalingPolicyComputeLimitArgs\n {\n UnitType = \"Instances\",\n MinimumCapacityUnits = 2,\n MaximumCapacityUnits = 10,\n MaximumOndemandCapacityUnits = 2,\n MaximumCoreCapacityUnits = 10,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsample, err := emr.NewCluster(ctx, \"sample\", &emr.ClusterArgs{\n\t\t\tReleaseLabel: pulumi.String(\"emr-5.30.0\"),\n\t\t\tMasterInstanceGroup: &emr.ClusterMasterInstanceGroupArgs{\n\t\t\t\tInstanceType: pulumi.String(\"m4.large\"),\n\t\t\t},\n\t\t\tCoreInstanceGroup: &emr.ClusterCoreInstanceGroupArgs{\n\t\t\t\tInstanceType: pulumi.String(\"c4.large\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = emr.NewManagedScalingPolicy(ctx, \"samplepolicy\", &emr.ManagedScalingPolicyArgs{\n\t\t\tClusterId: sample.ID(),\n\t\t\tComputeLimits: emr.ManagedScalingPolicyComputeLimitArray{\n\t\t\t\t&emr.ManagedScalingPolicyComputeLimitArgs{\n\t\t\t\t\tUnitType: pulumi.String(\"Instances\"),\n\t\t\t\t\tMinimumCapacityUnits: pulumi.Int(2),\n\t\t\t\t\tMaximumCapacityUnits: pulumi.Int(10),\n\t\t\t\t\tMaximumOndemandCapacityUnits: pulumi.Int(2),\n\t\t\t\t\tMaximumCoreCapacityUnits: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEMR Managed Scaling Policies can be imported via the EMR Cluster identifier, e.g. console\n\n```sh\n $ pulumi import aws:emr/managedScalingPolicy:ManagedScalingPolicy example j-123456ABCDEF\n```\n\n ", + "properties": { + "clusterId": { + "type": "string", + "description": "The id of the EMR cluster\n" + }, + "computeLimits": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ManagedScalingPolicyComputeLimit:ManagedScalingPolicyComputeLimit" + }, + "description": "Configuration block with compute limit settings. Described below.\n" + } + }, + "required": [ + "clusterId", + "computeLimits" + ], + "inputProperties": { + "clusterId": { + "type": "string", + "description": "The id of the EMR cluster\n" + }, + "computeLimits": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ManagedScalingPolicyComputeLimit:ManagedScalingPolicyComputeLimit" + }, + "description": "Configuration block with compute limit settings. Described below.\n" + } + }, + "requiredInputs": [ + "clusterId", + "computeLimits" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ManagedScalingPolicy resources.\n", + "properties": { + "clusterId": { + "type": "string", + "description": "The id of the EMR cluster\n" + }, + "computeLimits": { + "type": "array", + "items": { + "$ref": "#/types/aws:emr/ManagedScalingPolicyComputeLimit:ManagedScalingPolicyComputeLimit" + }, + "description": "Configuration block with compute limit settings. Described below.\n" + } + }, + "type": "object" + } + }, + "aws:emr/securityConfiguration:SecurityConfiguration": { + "description": "Provides a resource to manage AWS EMR Security Configurations\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.emr.SecurityConfiguration(\"foo\", {\n configuration: `{\n \"EncryptionConfiguration\": {\n \"AtRestEncryptionConfiguration\": {\n \"S3EncryptionConfiguration\": {\n \"EncryptionMode\": \"SSE-S3\"\n },\n \"LocalDiskEncryptionConfiguration\": {\n \"EncryptionKeyProviderType\": \"AwsKms\",\n \"AwsKmsKey\": \"arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key\"\n }\n },\n \"EnableInTransitEncryption\": false,\n \"EnableAtRestEncryption\": true\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.emr.SecurityConfiguration(\"foo\", configuration=\"\"\"{\n \"EncryptionConfiguration\": {\n \"AtRestEncryptionConfiguration\": {\n \"S3EncryptionConfiguration\": {\n \"EncryptionMode\": \"SSE-S3\"\n },\n \"LocalDiskEncryptionConfiguration\": {\n \"EncryptionKeyProviderType\": \"AwsKms\",\n \"AwsKmsKey\": \"arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key\"\n }\n },\n \"EnableInTransitEncryption\": false,\n \"EnableAtRestEncryption\": true\n }\n}\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Emr.SecurityConfiguration(\"foo\", new Aws.Emr.SecurityConfigurationArgs\n {\n Configuration = @\"{\n \"\"EncryptionConfiguration\"\": {\n \"\"AtRestEncryptionConfiguration\"\": {\n \"\"S3EncryptionConfiguration\"\": {\n \"\"EncryptionMode\"\": \"\"SSE-S3\"\"\n },\n \"\"LocalDiskEncryptionConfiguration\"\": {\n \"\"EncryptionKeyProviderType\"\": \"\"AwsKms\"\",\n \"\"AwsKmsKey\"\": \"\"arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key\"\"\n }\n },\n \"\"EnableInTransitEncryption\"\": false,\n \"\"EnableAtRestEncryption\"\": true\n }\n}\n\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/emr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := emr.NewSecurityConfiguration(ctx, \"foo\", &emr.SecurityConfigurationArgs{\n\t\t\tConfiguration: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"EncryptionConfiguration\\\": {\\n\", \" \\\"AtRestEncryptionConfiguration\\\": {\\n\", \" \\\"S3EncryptionConfiguration\\\": {\\n\", \" \\\"EncryptionMode\\\": \\\"SSE-S3\\\"\\n\", \" },\\n\", \" \\\"LocalDiskEncryptionConfiguration\\\": {\\n\", \" \\\"EncryptionKeyProviderType\\\": \\\"AwsKms\\\",\\n\", \" \\\"AwsKmsKey\\\": \\\"arn:aws:kms:us-west-2:187416307283:alias/tf_emr_test_key\\\"\\n\", \" }\\n\", \" },\\n\", \" \\\"EnableInTransitEncryption\\\": false,\\n\", \" \\\"EnableAtRestEncryption\\\": true\\n\", \" }\\n\", \"}\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEMR Security Configurations can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:emr/securityConfiguration:SecurityConfiguration sc example-sc-name\n```\n\n ", + "properties": { + "configuration": { + "type": "string", + "description": "A JSON formatted Security Configuration\n" + }, + "creationDate": { + "type": "string", + "description": "Date the Security Configuration was created\n" + }, + "name": { + "type": "string", + "description": "The name of the EMR Security Configuration. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + } + }, + "required": [ + "configuration", + "creationDate", + "name" + ], + "inputProperties": { + "configuration": { + "type": "string", + "description": "A JSON formatted Security Configuration\n" + }, + "name": { + "type": "string", + "description": "The name of the EMR Security Configuration. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + } + }, + "requiredInputs": [ + "configuration" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SecurityConfiguration resources.\n", + "properties": { + "configuration": { + "type": "string", + "description": "A JSON formatted Security Configuration\n" + }, + "creationDate": { + "type": "string", + "description": "Date the Security Configuration was created\n" + }, + "name": { + "type": "string", + "description": "The name of the EMR Security Configuration. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + } + }, + "type": "object" + } + }, + "aws:fms/adminAccount:AdminAccount": { + "description": "Provides a resource to associate/disassociate an AWS Firewall Manager administrator account. This operation must be performed in the `us-east-1` region.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.fms.AdminAccount(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.fms.AdminAccount(\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Fms.AdminAccount(\"example\", new Aws.Fms.AdminAccountArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fms.NewAdminAccount(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nFirewall Manager administrator account association can be imported using the account ID, e.g.\n\n```sh\n $ pulumi import aws:fms/adminAccount:AdminAccount example 123456789012\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "The AWS account ID to associate with AWS Firewall Manager as the AWS Firewall Manager administrator account. This can be an AWS Organizations master account or a member account. Defaults to the current account. Must be configured to perform drift detection.\n" + } + }, + "required": [ + "accountId" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "The AWS account ID to associate with AWS Firewall Manager as the AWS Firewall Manager administrator account. This can be an AWS Organizations master account or a member account. Defaults to the current account. Must be configured to perform drift detection.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering AdminAccount resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "The AWS account ID to associate with AWS Firewall Manager as the AWS Firewall Manager administrator account. This can be an AWS Organizations master account or a member account. Defaults to the current account. Must be configured to perform drift detection.\n" + } + }, + "type": "object" + } + }, + "aws:fms/policy:Policy": { + "description": "Provides a resource to create an AWS Firewall Manager policy. You need to be using AWS organizations and have enabled the Firewall Manager administrator account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRuleGroup = new aws.wafregional.RuleGroup(\"exampleRuleGroup\", {metricName: \"WAFRuleGroupExample\"});\nconst examplePolicy = new aws.fms.Policy(\"examplePolicy\", {\n excludeResourceTags: false,\n remediationEnabled: false,\n resourceTypeLists: [\"AWS::ElasticLoadBalancingV2::LoadBalancer\"],\n securityServicePolicyData: {\n type: \"WAF\",\n managedServiceData: exampleRuleGroup.id.apply(id => JSON.stringify({\n type: \"WAF\",\n ruleGroups: [{\n id: id,\n overrideAction: {\n type: \"COUNT\",\n },\n }],\n defaultAction: {\n type: \"BLOCK\",\n },\n overrideCustomerWebACLAssociation: false,\n })),\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample_rule_group = aws.wafregional.RuleGroup(\"exampleRuleGroup\", metric_name=\"WAFRuleGroupExample\")\nexample_policy = aws.fms.Policy(\"examplePolicy\",\n exclude_resource_tags=False,\n remediation_enabled=False,\n resource_type_lists=[\"AWS::ElasticLoadBalancingV2::LoadBalancer\"],\n security_service_policy_data=aws.fms.PolicySecurityServicePolicyDataArgs(\n type=\"WAF\",\n managed_service_data=example_rule_group.id.apply(lambda id: json.dumps({\n \"type\": \"WAF\",\n \"ruleGroups\": [{\n \"id\": id,\n \"overrideAction\": {\n \"type\": \"COUNT\",\n },\n }],\n \"defaultAction\": {\n \"type\": \"BLOCK\",\n },\n \"overrideCustomerWebACLAssociation\": False,\n })),\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRuleGroup = new Aws.WafRegional.RuleGroup(\"exampleRuleGroup\", new Aws.WafRegional.RuleGroupArgs\n {\n MetricName = \"WAFRuleGroupExample\",\n });\n var examplePolicy = new Aws.Fms.Policy(\"examplePolicy\", new Aws.Fms.PolicyArgs\n {\n ExcludeResourceTags = false,\n RemediationEnabled = false,\n ResourceTypeLists = \n {\n \"AWS::ElasticLoadBalancingV2::LoadBalancer\",\n },\n SecurityServicePolicyData = new Aws.Fms.Inputs.PolicySecurityServicePolicyDataArgs\n {\n Type = \"WAF\",\n ManagedServiceData = exampleRuleGroup.Id.Apply(id => JsonSerializer.Serialize(new Dictionary\n {\n { \"type\", \"WAF\" },\n { \"ruleGroups\", new[]\n {\n new Dictionary\n {\n { \"id\", id },\n { \"overrideAction\", new Dictionary\n {\n { \"type\", \"COUNT\" },\n } },\n },\n }\n },\n { \"defaultAction\", new Dictionary\n {\n { \"type\", \"BLOCK\" },\n } },\n { \"overrideCustomerWebACLAssociation\", false },\n })),\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRuleGroup, err := wafregional.NewRuleGroup(ctx, \"exampleRuleGroup\", &wafregional.RuleGroupArgs{\n\t\t\tMetricName: pulumi.String(\"WAFRuleGroupExample\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = fms.NewPolicy(ctx, \"examplePolicy\", &fms.PolicyArgs{\n\t\t\tExcludeResourceTags: pulumi.Bool(false),\n\t\t\tRemediationEnabled: pulumi.Bool(false),\n\t\t\tResourceTypeLists: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"AWS::ElasticLoadBalancingV2::LoadBalancer\"),\n\t\t\t},\n\t\t\tSecurityServicePolicyData: &fms.PolicySecurityServicePolicyDataArgs{\n\t\t\t\tType: pulumi.String(\"WAF\"),\n\t\t\t\tManagedServiceData: exampleRuleGroup.ID().ApplyT(func(id string) (pulumi.String, error) {\n\t\t\t\t\tvar _zero pulumi.String\n\t\t\t\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\t\t\t\"type\": \"WAF\",\n\t\t\t\t\t\t\"ruleGroups\": []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"id\": id,\n\t\t\t\t\t\t\t\t\"overrideAction\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"type\": \"COUNT\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"defaultAction\": map[string]interface{}{\n\t\t\t\t\t\t\t\"type\": \"BLOCK\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\"overrideCustomerWebACLAssociation\": false,\n\t\t\t\t\t})\n\t\t\t\t\tif err != nil {\n\t\t\t\t\t\treturn _zero, err\n\t\t\t\t\t}\n\t\t\t\t\tjson0 := string(tmpJSON0)\n\t\t\t\t\treturn json0, nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nFirewall Manager policies can be imported using the policy ID, e.g.\n\n```sh\n $ pulumi import aws:fms/policy:Policy example 5be49585-a7e3-4c49-dde1-a179fe4a619a\n```\n\n ", + "properties": { + "arn": { + "type": "string" + }, + "deleteAllPolicyResources": { + "type": "boolean", + "description": "If true, the request will also perform a clean-up process. Defaults to `true`. More information can be found here [AWS Firewall Manager delete policy](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_DeletePolicy.html)\n" + }, + "excludeMap": { + "$ref": "#/types/aws:fms/PolicyExcludeMap:PolicyExcludeMap", + "description": "A map of lists, with a single key named 'account' with a list of AWS Account IDs to exclude from this policy.\n" + }, + "excludeResourceTags": { + "type": "boolean", + "description": "A boolean value, if true the tags that are specified in the `resource_tags` are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.\n" + }, + "includeMap": { + "$ref": "#/types/aws:fms/PolicyIncludeMap:PolicyIncludeMap", + "description": "A map of lists, with a single key named 'account' with a list of AWS Account IDs to include for this policy.\n" + }, + "name": { + "type": "string", + "description": "The friendly name of the AWS Firewall Manager Policy.\n" + }, + "policyUpdateToken": { + "type": "string", + "description": "A unique identifier for each update to the policy.\n" + }, + "remediationEnabled": { + "type": "boolean", + "description": "A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.\n" + }, + "resourceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.\n" + }, + "resourceType": { + "type": "string", + "description": "A resource type to protect. Conflicts with `resource_type_list`. See the [FMS API Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_Policy.html#fms-Type-Policy-ResourceType) for more information about supported values.\n" + }, + "resourceTypeLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of resource types to protect. Conflicts with `resource_type`. See the [FMS API Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_Policy.html#fms-Type-Policy-ResourceType) for more information about supported values.\n" + }, + "securityServicePolicyData": { + "$ref": "#/types/aws:fms/PolicySecurityServicePolicyData:PolicySecurityServicePolicyData", + "description": "The objects to include in Security Service Policy Data. Documented below.\n" + } + }, + "required": [ + "arn", + "excludeResourceTags", + "name", + "policyUpdateToken", + "resourceType", + "resourceTypeLists", + "securityServicePolicyData" + ], + "inputProperties": { + "deleteAllPolicyResources": { + "type": "boolean", + "description": "If true, the request will also perform a clean-up process. Defaults to `true`. More information can be found here [AWS Firewall Manager delete policy](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_DeletePolicy.html)\n" + }, + "excludeMap": { + "$ref": "#/types/aws:fms/PolicyExcludeMap:PolicyExcludeMap", + "description": "A map of lists, with a single key named 'account' with a list of AWS Account IDs to exclude from this policy.\n" + }, + "excludeResourceTags": { + "type": "boolean", + "description": "A boolean value, if true the tags that are specified in the `resource_tags` are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.\n" + }, + "includeMap": { + "$ref": "#/types/aws:fms/PolicyIncludeMap:PolicyIncludeMap", + "description": "A map of lists, with a single key named 'account' with a list of AWS Account IDs to include for this policy.\n" + }, + "name": { + "type": "string", + "description": "The friendly name of the AWS Firewall Manager Policy.\n" + }, + "remediationEnabled": { + "type": "boolean", + "description": "A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.\n" + }, + "resourceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.\n" + }, + "resourceType": { + "type": "string", + "description": "A resource type to protect. Conflicts with `resource_type_list`. See the [FMS API Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_Policy.html#fms-Type-Policy-ResourceType) for more information about supported values.\n" + }, + "resourceTypeLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of resource types to protect. Conflicts with `resource_type`. See the [FMS API Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_Policy.html#fms-Type-Policy-ResourceType) for more information about supported values.\n" + }, + "securityServicePolicyData": { + "$ref": "#/types/aws:fms/PolicySecurityServicePolicyData:PolicySecurityServicePolicyData", + "description": "The objects to include in Security Service Policy Data. Documented below.\n" + } + }, + "requiredInputs": [ + "excludeResourceTags", + "securityServicePolicyData" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Policy resources.\n", + "properties": { + "arn": { + "type": "string" + }, + "deleteAllPolicyResources": { + "type": "boolean", + "description": "If true, the request will also perform a clean-up process. Defaults to `true`. More information can be found here [AWS Firewall Manager delete policy](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_DeletePolicy.html)\n" + }, + "excludeMap": { + "$ref": "#/types/aws:fms/PolicyExcludeMap:PolicyExcludeMap", + "description": "A map of lists, with a single key named 'account' with a list of AWS Account IDs to exclude from this policy.\n" + }, + "excludeResourceTags": { + "type": "boolean", + "description": "A boolean value, if true the tags that are specified in the `resource_tags` are not protected by this policy. If set to false and resource_tags are populated, resources that contain tags will be protected by this policy.\n" + }, + "includeMap": { + "$ref": "#/types/aws:fms/PolicyIncludeMap:PolicyIncludeMap", + "description": "A map of lists, with a single key named 'account' with a list of AWS Account IDs to include for this policy.\n" + }, + "name": { + "type": "string", + "description": "The friendly name of the AWS Firewall Manager Policy.\n" + }, + "policyUpdateToken": { + "type": "string", + "description": "A unique identifier for each update to the policy.\n" + }, + "remediationEnabled": { + "type": "boolean", + "description": "A boolean value, indicates if the policy should automatically applied to resources that already exist in the account.\n" + }, + "resourceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of resource tags, that if present will filter protections on resources based on the exclude_resource_tags.\n" + }, + "resourceType": { + "type": "string", + "description": "A resource type to protect. Conflicts with `resource_type_list`. See the [FMS API Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_Policy.html#fms-Type-Policy-ResourceType) for more information about supported values.\n" + }, + "resourceTypeLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of resource types to protect. Conflicts with `resource_type`. See the [FMS API Reference](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_Policy.html#fms-Type-Policy-ResourceType) for more information about supported values.\n" + }, + "securityServicePolicyData": { + "$ref": "#/types/aws:fms/PolicySecurityServicePolicyData:PolicySecurityServicePolicyData", + "description": "The objects to include in Security Service Policy Data. Documented below.\n" + } + }, + "type": "object" + } + }, + "aws:fsx/lustreFileSystem:LustreFileSystem": { + "description": "Manages a FSx Lustre File System. See the [FSx Lustre Guide](https://docs.aws.amazon.com/fsx/latest/LustreGuide/what-is.html) for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.fsx.LustreFileSystem(\"example\", {\n importPath: `s3://${aws_s3_bucket.example.bucket}`,\n storageCapacity: 1200,\n subnetIds: [aws_subnet.example.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.fsx.LustreFileSystem(\"example\",\n import_path=f\"s3://{aws_s3_bucket['example']['bucket']}\",\n storage_capacity=1200,\n subnet_ids=[aws_subnet[\"example\"][\"id\"]])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Fsx.LustreFileSystem(\"example\", new Aws.Fsx.LustreFileSystemArgs\n {\n ImportPath = $\"s3://{aws_s3_bucket.Example.Bucket}\",\n StorageCapacity = 1200,\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fsx.NewLustreFileSystem(ctx, \"example\", &fsx.LustreFileSystemArgs{\n\t\t\tImportPath: pulumi.String(fmt.Sprintf(\"%v%v\", \"s3://\", aws_s3_bucket.Example.Bucket)),\n\t\t\tStorageCapacity: pulumi.Int(1200),\n\t\t\tSubnetIds: pulumi.String{\n\t\t\t\taws_subnet.Example.Id,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nFSx File Systems can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:fsx/lustreFileSystem:LustreFileSystem example fs-543ab12b1ca672f33\n```\n\n Certain resource arguments, like `security_group_ids`, do not have a FSx API method for reading the information after creation. If the argument is set in the provider configuration on an imported resource, this provider will always show a difference. To workaround this behavior, either omit the argument from the provider configuration or use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to hide the difference, e.g. terraform resource \"aws_fsx_lustre_file_system\" \"example\" {\n\n # ... other configuration ...\n\n security_group_ids = [aws_security_group.example.id]\n\n # There is no FSx API for reading security_group_ids\n\n lifecycle {\n\n\n\n ignore_changes = [security_group_ids]\n\n } } ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "autoImportPolicy": { + "type": "string", + "description": "How Amazon FSx keeps your file and directory listings up to date as you add or modify objects in your linked S3 bucket. see [Auto Import Data Repo](https://docs.aws.amazon.com/fsx/latest/LustreGuide/autoimport-data-repo.html) for more details.\n" + }, + "automaticBackupRetentionDays": { + "type": "integer", + "description": "The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 90 days. only valid for `PERSISTENT_1` deployment_type.\n" + }, + "copyTagsToBackups": { + "type": "boolean", + "description": "A boolean flag indicating whether tags for the file system should be copied to backups. Applicable for `PERSISTENT_1` deployment_type. The default value is false.\n" + }, + "dailyAutomaticBackupStartTime": { + "type": "string", + "description": "A recurring daily time, in the format HH:MM. HH is the zero-padded hour of the day (0-23), and MM is the zero-padded minute of the hour. For example, 05:00 specifies 5 AM daily. only valid for `PERSISTENT_1` deployment_type. Requires `automatic_backup_retention_days` to be set.\n" + }, + "dataCompressionType": { + "type": "string", + "description": "Sets the data compression configuration for the file system. Valid values are `LZ4` and `NONE`. Default value is `NONE`. Unsetting this value reverts the compression type back to `NONE`.\n" + }, + "deploymentType": { + "type": "string", + "description": "- The filesystem deployment type. One of: `SCRATCH_1`, `SCRATCH_2`, `PERSISTENT_1`. `SCRATCH_1` deployment types cannot have `storage_capacity` increased.\n" + }, + "dnsName": { + "type": "string", + "description": "DNS name for the file system, e.g. `fs-12345678.fsx.us-west-2.amazonaws.com`\n" + }, + "driveCacheType": { + "type": "string", + "description": "- The type of drive cache used by `PERSISTENT_1` filesystems that are provisioned with `HDD` storage_type. Required for `HDD` storage_type, set to either `READ` or `NONE`.\n" + }, + "exportPath": { + "type": "string", + "description": "S3 URI (with optional prefix) where the root of your Amazon FSx file system is exported. Can only be specified with `import_path` argument and the path must use the same Amazon S3 bucket as specified in `import_path`. Set equal to `import_path` to overwrite files on export. Defaults to `s3://{IMPORT BUCKET}/FSxLustre{CREATION TIMESTAMP}`.\n" + }, + "importPath": { + "type": "string", + "description": "S3 URI (with optional prefix) that you're using as the data repository for your FSx for Lustre file system. For example, `s3://example-bucket/optional-prefix/`.\n" + }, + "importedFileChunkSize": { + "type": "integer", + "description": "For files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. Can only be specified with `import_path` argument. Defaults to `1024`. Minimum of `1` and maximum of `512000`.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN for the KMS Key to encrypt the file system at rest, applicable for `PERSISTENT_1` deployment_type. Defaults to an AWS managed KMS Key.\n" + }, + "mountName": { + "type": "string", + "description": "The value to be used when mounting the filesystem.\n" + }, + "networkInterfaceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Elastic Network Interface identifiers from which the file system is accessible. As explained in the [documentation](https://docs.aws.amazon.com/fsx/latest/LustreGuide/mounting-on-premises.html), the first network interface returned is the primary network interface.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS account identifier that created the file system.\n" + }, + "perUnitStorageThroughput": { + "type": "integer", + "description": "- Describes the amount of read and write throughput for each 1 tebibyte of storage, in MB/s/TiB, required for the `PERSISTENT_1` deployment_type. Valid values for `SSD` storage_type are 50, 100, 200. Valid values for `HDD` storage_type are 12, 40.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups will apply to all network interfaces.\n" + }, + "storageCapacity": { + "type": "integer", + "description": "The storage capacity (GiB) of the file system. Minimum of `1200`. See more details at [Allowed values for Fsx storage capacity](https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystem.html#FSx-CreateFileSystem-request-StorageCapacity). Update is allowed only for `SCRATCH_2` and `PERSISTENT_1` deployment types, See more details at [Fsx Storage Capacity Update](https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html#FSx-UpdateFileSystem-request-StorageCapacity).\n" + }, + "storageType": { + "type": "string", + "description": "- The filesystem storage type. Either `SSD` or `HDD`, defaults to `SSD`. `HDD` is only supported on `PERSISTENT_1` deployment types.\n" + }, + "subnetIds": { + "type": "string", + "description": "A list of IDs for the subnets that the file system will be accessible from. File systems currently support only one subnet. The file server is also launched in that subnet's Availability Zone.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the file system. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the Virtual Private Cloud for the file system.\n" + }, + "weeklyMaintenanceStartTime": { + "type": "string", + "description": "The preferred start time (in `d:HH:MM` format) to perform weekly maintenance, in the UTC time zone.\n" + } + }, + "required": [ + "arn", + "autoImportPolicy", + "automaticBackupRetentionDays", + "dailyAutomaticBackupStartTime", + "dnsName", + "exportPath", + "importedFileChunkSize", + "kmsKeyId", + "mountName", + "networkInterfaceIds", + "ownerId", + "storageCapacity", + "subnetIds", + "tagsAll", + "vpcId", + "weeklyMaintenanceStartTime" + ], + "inputProperties": { + "autoImportPolicy": { + "type": "string", + "description": "How Amazon FSx keeps your file and directory listings up to date as you add or modify objects in your linked S3 bucket. see [Auto Import Data Repo](https://docs.aws.amazon.com/fsx/latest/LustreGuide/autoimport-data-repo.html) for more details.\n" + }, + "automaticBackupRetentionDays": { + "type": "integer", + "description": "The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 90 days. only valid for `PERSISTENT_1` deployment_type.\n" + }, + "copyTagsToBackups": { + "type": "boolean", + "description": "A boolean flag indicating whether tags for the file system should be copied to backups. Applicable for `PERSISTENT_1` deployment_type. The default value is false.\n" + }, + "dailyAutomaticBackupStartTime": { + "type": "string", + "description": "A recurring daily time, in the format HH:MM. HH is the zero-padded hour of the day (0-23), and MM is the zero-padded minute of the hour. For example, 05:00 specifies 5 AM daily. only valid for `PERSISTENT_1` deployment_type. Requires `automatic_backup_retention_days` to be set.\n" + }, + "dataCompressionType": { + "type": "string", + "description": "Sets the data compression configuration for the file system. Valid values are `LZ4` and `NONE`. Default value is `NONE`. Unsetting this value reverts the compression type back to `NONE`.\n" + }, + "deploymentType": { + "type": "string", + "description": "- The filesystem deployment type. One of: `SCRATCH_1`, `SCRATCH_2`, `PERSISTENT_1`. `SCRATCH_1` deployment types cannot have `storage_capacity` increased.\n" + }, + "driveCacheType": { + "type": "string", + "description": "- The type of drive cache used by `PERSISTENT_1` filesystems that are provisioned with `HDD` storage_type. Required for `HDD` storage_type, set to either `READ` or `NONE`.\n" + }, + "exportPath": { + "type": "string", + "description": "S3 URI (with optional prefix) where the root of your Amazon FSx file system is exported. Can only be specified with `import_path` argument and the path must use the same Amazon S3 bucket as specified in `import_path`. Set equal to `import_path` to overwrite files on export. Defaults to `s3://{IMPORT BUCKET}/FSxLustre{CREATION TIMESTAMP}`.\n" + }, + "importPath": { + "type": "string", + "description": "S3 URI (with optional prefix) that you're using as the data repository for your FSx for Lustre file system. For example, `s3://example-bucket/optional-prefix/`.\n" + }, + "importedFileChunkSize": { + "type": "integer", + "description": "For files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. Can only be specified with `import_path` argument. Defaults to `1024`. Minimum of `1` and maximum of `512000`.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN for the KMS Key to encrypt the file system at rest, applicable for `PERSISTENT_1` deployment_type. Defaults to an AWS managed KMS Key.\n" + }, + "perUnitStorageThroughput": { + "type": "integer", + "description": "- Describes the amount of read and write throughput for each 1 tebibyte of storage, in MB/s/TiB, required for the `PERSISTENT_1` deployment_type. Valid values for `SSD` storage_type are 50, 100, 200. Valid values for `HDD` storage_type are 12, 40.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups will apply to all network interfaces.\n" + }, + "storageCapacity": { + "type": "integer", + "description": "The storage capacity (GiB) of the file system. Minimum of `1200`. See more details at [Allowed values for Fsx storage capacity](https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystem.html#FSx-CreateFileSystem-request-StorageCapacity). Update is allowed only for `SCRATCH_2` and `PERSISTENT_1` deployment types, See more details at [Fsx Storage Capacity Update](https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html#FSx-UpdateFileSystem-request-StorageCapacity).\n" + }, + "storageType": { + "type": "string", + "description": "- The filesystem storage type. Either `SSD` or `HDD`, defaults to `SSD`. `HDD` is only supported on `PERSISTENT_1` deployment types.\n" + }, + "subnetIds": { + "type": "string", + "description": "A list of IDs for the subnets that the file system will be accessible from. File systems currently support only one subnet. The file server is also launched in that subnet's Availability Zone.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the file system. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "weeklyMaintenanceStartTime": { + "type": "string", + "description": "The preferred start time (in `d:HH:MM` format) to perform weekly maintenance, in the UTC time zone.\n" + } + }, + "requiredInputs": [ + "storageCapacity", + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LustreFileSystem resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "autoImportPolicy": { + "type": "string", + "description": "How Amazon FSx keeps your file and directory listings up to date as you add or modify objects in your linked S3 bucket. see [Auto Import Data Repo](https://docs.aws.amazon.com/fsx/latest/LustreGuide/autoimport-data-repo.html) for more details.\n" + }, + "automaticBackupRetentionDays": { + "type": "integer", + "description": "The number of days to retain automatic backups. Setting this to 0 disables automatic backups. You can retain automatic backups for a maximum of 90 days. only valid for `PERSISTENT_1` deployment_type.\n" + }, + "copyTagsToBackups": { + "type": "boolean", + "description": "A boolean flag indicating whether tags for the file system should be copied to backups. Applicable for `PERSISTENT_1` deployment_type. The default value is false.\n" + }, + "dailyAutomaticBackupStartTime": { + "type": "string", + "description": "A recurring daily time, in the format HH:MM. HH is the zero-padded hour of the day (0-23), and MM is the zero-padded minute of the hour. For example, 05:00 specifies 5 AM daily. only valid for `PERSISTENT_1` deployment_type. Requires `automatic_backup_retention_days` to be set.\n" + }, + "dataCompressionType": { + "type": "string", + "description": "Sets the data compression configuration for the file system. Valid values are `LZ4` and `NONE`. Default value is `NONE`. Unsetting this value reverts the compression type back to `NONE`.\n" + }, + "deploymentType": { + "type": "string", + "description": "- The filesystem deployment type. One of: `SCRATCH_1`, `SCRATCH_2`, `PERSISTENT_1`. `SCRATCH_1` deployment types cannot have `storage_capacity` increased.\n" + }, + "dnsName": { + "type": "string", + "description": "DNS name for the file system, e.g. `fs-12345678.fsx.us-west-2.amazonaws.com`\n" + }, + "driveCacheType": { + "type": "string", + "description": "- The type of drive cache used by `PERSISTENT_1` filesystems that are provisioned with `HDD` storage_type. Required for `HDD` storage_type, set to either `READ` or `NONE`.\n" + }, + "exportPath": { + "type": "string", + "description": "S3 URI (with optional prefix) where the root of your Amazon FSx file system is exported. Can only be specified with `import_path` argument and the path must use the same Amazon S3 bucket as specified in `import_path`. Set equal to `import_path` to overwrite files on export. Defaults to `s3://{IMPORT BUCKET}/FSxLustre{CREATION TIMESTAMP}`.\n" + }, + "importPath": { + "type": "string", + "description": "S3 URI (with optional prefix) that you're using as the data repository for your FSx for Lustre file system. For example, `s3://example-bucket/optional-prefix/`.\n" + }, + "importedFileChunkSize": { + "type": "integer", + "description": "For files imported from a data repository, this value determines the stripe count and maximum amount of data per file (in MiB) stored on a single physical disk. Can only be specified with `import_path` argument. Defaults to `1024`. Minimum of `1` and maximum of `512000`.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN for the KMS Key to encrypt the file system at rest, applicable for `PERSISTENT_1` deployment_type. Defaults to an AWS managed KMS Key.\n" + }, + "mountName": { + "type": "string", + "description": "The value to be used when mounting the filesystem.\n" + }, + "networkInterfaceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Elastic Network Interface identifiers from which the file system is accessible. As explained in the [documentation](https://docs.aws.amazon.com/fsx/latest/LustreGuide/mounting-on-premises.html), the first network interface returned is the primary network interface.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS account identifier that created the file system.\n" + }, + "perUnitStorageThroughput": { + "type": "integer", + "description": "- Describes the amount of read and write throughput for each 1 tebibyte of storage, in MB/s/TiB, required for the `PERSISTENT_1` deployment_type. Valid values for `SSD` storage_type are 50, 100, 200. Valid values for `HDD` storage_type are 12, 40.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups will apply to all network interfaces.\n" + }, + "storageCapacity": { + "type": "integer", + "description": "The storage capacity (GiB) of the file system. Minimum of `1200`. See more details at [Allowed values for Fsx storage capacity](https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystem.html#FSx-CreateFileSystem-request-StorageCapacity). Update is allowed only for `SCRATCH_2` and `PERSISTENT_1` deployment types, See more details at [Fsx Storage Capacity Update](https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html#FSx-UpdateFileSystem-request-StorageCapacity).\n" + }, + "storageType": { + "type": "string", + "description": "- The filesystem storage type. Either `SSD` or `HDD`, defaults to `SSD`. `HDD` is only supported on `PERSISTENT_1` deployment types.\n" + }, + "subnetIds": { + "type": "string", + "description": "A list of IDs for the subnets that the file system will be accessible from. File systems currently support only one subnet. The file server is also launched in that subnet's Availability Zone.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the file system. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the Virtual Private Cloud for the file system.\n" + }, + "weeklyMaintenanceStartTime": { + "type": "string", + "description": "The preferred start time (in `d:HH:MM` format) to perform weekly maintenance, in the UTC time zone.\n" + } + }, + "type": "object" + } + }, + "aws:fsx/windowsFileSystem:WindowsFileSystem": { + "description": "Manages a FSx Windows File System. See the [FSx Windows Guide](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html) for more information.\n\n> **NOTE:** Either the `active_directory_id` argument or `self_managed_active_directory` configuration block must be specified.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Using AWS Directory Service\n\nAdditional information for using AWS Directory Service with Windows File Systems can be found in the [FSx Windows Guide](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/fsx-aws-managed-ad.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.fsx.WindowsFileSystem(\"example\", {\n activeDirectoryId: aws_directory_service_directory.example.id,\n kmsKeyId: aws_kms_key.example.arn,\n storageCapacity: 300,\n subnetIds: [aws_subnet.example.id],\n throughputCapacity: 1024,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.fsx.WindowsFileSystem(\"example\",\n active_directory_id=aws_directory_service_directory[\"example\"][\"id\"],\n kms_key_id=aws_kms_key[\"example\"][\"arn\"],\n storage_capacity=300,\n subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n throughput_capacity=1024)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Fsx.WindowsFileSystem(\"example\", new Aws.Fsx.WindowsFileSystemArgs\n {\n ActiveDirectoryId = aws_directory_service_directory.Example.Id,\n KmsKeyId = aws_kms_key.Example.Arn,\n StorageCapacity = 300,\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n ThroughputCapacity = 1024,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fsx.NewWindowsFileSystem(ctx, \"example\", &fsx.WindowsFileSystemArgs{\n\t\t\tActiveDirectoryId: pulumi.Any(aws_directory_service_directory.Example.Id),\n\t\t\tKmsKeyId: pulumi.Any(aws_kms_key.Example.Arn),\n\t\t\tStorageCapacity: pulumi.Int(300),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t},\n\t\t\tThroughputCapacity: pulumi.Int(1024),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using a Self-Managed Microsoft Active Directory\n\nAdditional information for using AWS Directory Service with Windows File Systems can be found in the [FSx Windows Guide](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/self-managed-AD.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.fsx.WindowsFileSystem(\"example\", {\n kmsKeyId: aws_kms_key.example.arn,\n storageCapacity: 300,\n subnetIds: [aws_subnet.example.id],\n throughputCapacity: 1024,\n selfManagedActiveDirectory: {\n dnsIps: [\n \"10.0.0.111\",\n \"10.0.0.222\",\n ],\n domainName: \"corp.example.com\",\n password: \"avoid-plaintext-passwords\",\n username: \"Admin\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.fsx.WindowsFileSystem(\"example\",\n kms_key_id=aws_kms_key[\"example\"][\"arn\"],\n storage_capacity=300,\n subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n throughput_capacity=1024,\n self_managed_active_directory=aws.fsx.WindowsFileSystemSelfManagedActiveDirectoryArgs(\n dns_ips=[\n \"10.0.0.111\",\n \"10.0.0.222\",\n ],\n domain_name=\"corp.example.com\",\n password=\"avoid-plaintext-passwords\",\n username=\"Admin\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Fsx.WindowsFileSystem(\"example\", new Aws.Fsx.WindowsFileSystemArgs\n {\n KmsKeyId = aws_kms_key.Example.Arn,\n StorageCapacity = 300,\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n ThroughputCapacity = 1024,\n SelfManagedActiveDirectory = new Aws.Fsx.Inputs.WindowsFileSystemSelfManagedActiveDirectoryArgs\n {\n DnsIps = \n {\n \"10.0.0.111\",\n \"10.0.0.222\",\n },\n DomainName = \"corp.example.com\",\n Password = \"avoid-plaintext-passwords\",\n Username = \"Admin\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := fsx.NewWindowsFileSystem(ctx, \"example\", &fsx.WindowsFileSystemArgs{\n\t\t\tKmsKeyId: pulumi.Any(aws_kms_key.Example.Arn),\n\t\t\tStorageCapacity: pulumi.Int(300),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t},\n\t\t\tThroughputCapacity: pulumi.Int(1024),\n\t\t\tSelfManagedActiveDirectory: &fsx.WindowsFileSystemSelfManagedActiveDirectoryArgs{\n\t\t\t\tDnsIps: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"10.0.0.111\"),\n\t\t\t\t\tpulumi.String(\"10.0.0.222\"),\n\t\t\t\t},\n\t\t\t\tDomainName: pulumi.String(\"corp.example.com\"),\n\t\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nFSx File Systems can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:fsx/windowsFileSystem:WindowsFileSystem example fs-543ab12b1ca672f33\n```\n\n Certain resource arguments, like `security_group_ids` and the `self_managed_active_directory` configuation block `password`, do not have a FSx API method for reading the information after creation. If these arguments are set in the provider configuration on an imported resource, the povider will always show a difference. To workaround this behavior, either omit the argument from the configuration or use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to hide the difference, e.g. terraform resource \"aws_fsx_windows_file_system\" \"example\" {\n\n # ... other configuration ...\n\n security_group_ids = [aws_security_group.example.id]\n\n # There is no FSx API for reading security_group_ids\n\n lifecycle {\n\n\n\n ignore_changes = [security_group_ids]\n\n } } ", + "properties": { + "activeDirectoryId": { + "type": "string", + "description": "The ID for an existing Microsoft Active Directory instance that the file system should join when it's created. Cannot be specified with `self_managed_active_directory`.\n" + }, + "aliases": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array DNS alias names that you want to associate with the Amazon FSx file system. For more information, see [Working with DNS Aliases](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-dns-aliases.html)\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "auditLogConfiguration": { + "$ref": "#/types/aws:fsx/WindowsFileSystemAuditLogConfiguration:WindowsFileSystemAuditLogConfiguration", + "description": "The configuration that Amazon FSx for Windows File Server uses to audit and log user accesses of files, folders, and file shares on the Amazon FSx for Windows File Server file system. See below.\n" + }, + "automaticBackupRetentionDays": { + "type": "integer", + "description": "The number of days to retain automatic backups. Minimum of `0` and maximum of `90`. Defaults to `7`. Set to `0` to disable.\n" + }, + "copyTagsToBackups": { + "type": "boolean", + "description": "A boolean flag indicating whether tags on the file system should be copied to backups. Defaults to `false`.\n" + }, + "dailyAutomaticBackupStartTime": { + "type": "string", + "description": "The preferred time (in `HH:MM` format) to take daily automatic backups, in the UTC time zone.\n" + }, + "deploymentType": { + "type": "string", + "description": "Specifies the file system deployment type, valid values are `MULTI_AZ_1`, `SINGLE_AZ_1` and `SINGLE_AZ_2`. Default value is `SINGLE_AZ_1`.\n" + }, + "dnsName": { + "type": "string", + "description": "DNS name for the file system, e.g. `fs-12345678.corp.example.com` (domain name matching the Active Directory domain name)\n" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN for the KMS Key to encrypt the file system at rest. Defaults to an AWS managed KMS Key.\n" + }, + "networkInterfaceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Elastic Network Interface identifiers from which the file system is accessible.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS account identifier that created the file system.\n" + }, + "preferredFileServerIp": { + "type": "string", + "description": "The IP address of the primary, or preferred, file server.\n" + }, + "preferredSubnetId": { + "type": "string", + "description": "Specifies the subnet in which you want the preferred file server to be located. Required for when deployment type is `MULTI_AZ_1`.\n" + }, + "remoteAdministrationEndpoint": { + "type": "string", + "description": "For `MULTI_AZ_1` deployment types, use this endpoint when performing administrative tasks on the file system using Amazon FSx Remote PowerShell. For `SINGLE_AZ_1` deployment types, this is the DNS name of the file system.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups will apply to all network interfaces.\n" + }, + "selfManagedActiveDirectory": { + "$ref": "#/types/aws:fsx/WindowsFileSystemSelfManagedActiveDirectory:WindowsFileSystemSelfManagedActiveDirectory", + "description": "Configuration block that Amazon FSx uses to join the Windows File Server instance to your self-managed (including on-premises) Microsoft Active Directory (AD) directory. Cannot be specified with `active_directory_id`. Detailed below.\n" + }, + "skipFinalBackup": { + "type": "boolean", + "description": "When enabled, will skip the default final backup taken when the file system is deleted. This configuration must be applied separately before attempting to delete the resource to have the desired behavior. Defaults to `false`.\n" + }, + "storageCapacity": { + "type": "integer", + "description": "Storage capacity (GiB) of the file system. Minimum of 32 and maximum of 65536. If the storage type is set to `HDD` the minimum value is 2000.\n" + }, + "storageType": { + "type": "string", + "description": "Specifies the storage type, Valid values are `SSD` and `HDD`. `HDD` is supported on `SINGLE_AZ_2` and `MULTI_AZ_1` Windows file system deployment types. Default value is `SSD`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IDs for the subnets that the file system will be accessible from. To specify more than a single subnet set `deployment_type` to `MULTI_AZ_1`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the file system. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "throughputCapacity": { + "type": "integer", + "description": "Throughput (megabytes per second) of the file system in power of 2 increments. Minimum of `8` and maximum of `2048`.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the Virtual Private Cloud for the file system.\n" + }, + "weeklyMaintenanceStartTime": { + "type": "string", + "description": "The preferred start time (in `d:HH:MM` format) to perform weekly maintenance, in the UTC time zone.\n" + } + }, + "required": [ + "arn", + "auditLogConfiguration", + "dailyAutomaticBackupStartTime", + "dnsName", + "kmsKeyId", + "networkInterfaceIds", + "ownerId", + "preferredFileServerIp", + "preferredSubnetId", + "remoteAdministrationEndpoint", + "storageCapacity", + "subnetIds", + "tagsAll", + "throughputCapacity", + "vpcId", + "weeklyMaintenanceStartTime" + ], + "inputProperties": { + "activeDirectoryId": { + "type": "string", + "description": "The ID for an existing Microsoft Active Directory instance that the file system should join when it's created. Cannot be specified with `self_managed_active_directory`.\n" + }, + "aliases": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array DNS alias names that you want to associate with the Amazon FSx file system. For more information, see [Working with DNS Aliases](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-dns-aliases.html)\n" + }, + "auditLogConfiguration": { + "$ref": "#/types/aws:fsx/WindowsFileSystemAuditLogConfiguration:WindowsFileSystemAuditLogConfiguration", + "description": "The configuration that Amazon FSx for Windows File Server uses to audit and log user accesses of files, folders, and file shares on the Amazon FSx for Windows File Server file system. See below.\n" + }, + "automaticBackupRetentionDays": { + "type": "integer", + "description": "The number of days to retain automatic backups. Minimum of `0` and maximum of `90`. Defaults to `7`. Set to `0` to disable.\n" + }, + "copyTagsToBackups": { + "type": "boolean", + "description": "A boolean flag indicating whether tags on the file system should be copied to backups. Defaults to `false`.\n" + }, + "dailyAutomaticBackupStartTime": { + "type": "string", + "description": "The preferred time (in `HH:MM` format) to take daily automatic backups, in the UTC time zone.\n" + }, + "deploymentType": { + "type": "string", + "description": "Specifies the file system deployment type, valid values are `MULTI_AZ_1`, `SINGLE_AZ_1` and `SINGLE_AZ_2`. Default value is `SINGLE_AZ_1`.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN for the KMS Key to encrypt the file system at rest. Defaults to an AWS managed KMS Key.\n" + }, + "preferredSubnetId": { + "type": "string", + "description": "Specifies the subnet in which you want the preferred file server to be located. Required for when deployment type is `MULTI_AZ_1`.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups will apply to all network interfaces.\n" + }, + "selfManagedActiveDirectory": { + "$ref": "#/types/aws:fsx/WindowsFileSystemSelfManagedActiveDirectory:WindowsFileSystemSelfManagedActiveDirectory", + "description": "Configuration block that Amazon FSx uses to join the Windows File Server instance to your self-managed (including on-premises) Microsoft Active Directory (AD) directory. Cannot be specified with `active_directory_id`. Detailed below.\n" + }, + "skipFinalBackup": { + "type": "boolean", + "description": "When enabled, will skip the default final backup taken when the file system is deleted. This configuration must be applied separately before attempting to delete the resource to have the desired behavior. Defaults to `false`.\n" + }, + "storageCapacity": { + "type": "integer", + "description": "Storage capacity (GiB) of the file system. Minimum of 32 and maximum of 65536. If the storage type is set to `HDD` the minimum value is 2000.\n" + }, + "storageType": { + "type": "string", + "description": "Specifies the storage type, Valid values are `SSD` and `HDD`. `HDD` is supported on `SINGLE_AZ_2` and `MULTI_AZ_1` Windows file system deployment types. Default value is `SSD`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IDs for the subnets that the file system will be accessible from. To specify more than a single subnet set `deployment_type` to `MULTI_AZ_1`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the file system. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "throughputCapacity": { + "type": "integer", + "description": "Throughput (megabytes per second) of the file system in power of 2 increments. Minimum of `8` and maximum of `2048`.\n" + }, + "weeklyMaintenanceStartTime": { + "type": "string", + "description": "The preferred start time (in `d:HH:MM` format) to perform weekly maintenance, in the UTC time zone.\n" + } + }, + "requiredInputs": [ + "storageCapacity", + "subnetIds", + "throughputCapacity" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering WindowsFileSystem resources.\n", + "properties": { + "activeDirectoryId": { + "type": "string", + "description": "The ID for an existing Microsoft Active Directory instance that the file system should join when it's created. Cannot be specified with `self_managed_active_directory`.\n" + }, + "aliases": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array DNS alias names that you want to associate with the Amazon FSx file system. For more information, see [Working with DNS Aliases](https://docs.aws.amazon.com/fsx/latest/WindowsGuide/managing-dns-aliases.html)\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "auditLogConfiguration": { + "$ref": "#/types/aws:fsx/WindowsFileSystemAuditLogConfiguration:WindowsFileSystemAuditLogConfiguration", + "description": "The configuration that Amazon FSx for Windows File Server uses to audit and log user accesses of files, folders, and file shares on the Amazon FSx for Windows File Server file system. See below.\n" + }, + "automaticBackupRetentionDays": { + "type": "integer", + "description": "The number of days to retain automatic backups. Minimum of `0` and maximum of `90`. Defaults to `7`. Set to `0` to disable.\n" + }, + "copyTagsToBackups": { + "type": "boolean", + "description": "A boolean flag indicating whether tags on the file system should be copied to backups. Defaults to `false`.\n" + }, + "dailyAutomaticBackupStartTime": { + "type": "string", + "description": "The preferred time (in `HH:MM` format) to take daily automatic backups, in the UTC time zone.\n" + }, + "deploymentType": { + "type": "string", + "description": "Specifies the file system deployment type, valid values are `MULTI_AZ_1`, `SINGLE_AZ_1` and `SINGLE_AZ_2`. Default value is `SINGLE_AZ_1`.\n" + }, + "dnsName": { + "type": "string", + "description": "DNS name for the file system, e.g. `fs-12345678.corp.example.com` (domain name matching the Active Directory domain name)\n" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN for the KMS Key to encrypt the file system at rest. Defaults to an AWS managed KMS Key.\n" + }, + "networkInterfaceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Elastic Network Interface identifiers from which the file system is accessible.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS account identifier that created the file system.\n" + }, + "preferredFileServerIp": { + "type": "string", + "description": "The IP address of the primary, or preferred, file server.\n" + }, + "preferredSubnetId": { + "type": "string", + "description": "Specifies the subnet in which you want the preferred file server to be located. Required for when deployment type is `MULTI_AZ_1`.\n" + }, + "remoteAdministrationEndpoint": { + "type": "string", + "description": "For `MULTI_AZ_1` deployment types, use this endpoint when performing administrative tasks on the file system using Amazon FSx Remote PowerShell. For `SINGLE_AZ_1` deployment types, this is the DNS name of the file system.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IDs for the security groups that apply to the specified network interfaces created for file system access. These security groups will apply to all network interfaces.\n" + }, + "selfManagedActiveDirectory": { + "$ref": "#/types/aws:fsx/WindowsFileSystemSelfManagedActiveDirectory:WindowsFileSystemSelfManagedActiveDirectory", + "description": "Configuration block that Amazon FSx uses to join the Windows File Server instance to your self-managed (including on-premises) Microsoft Active Directory (AD) directory. Cannot be specified with `active_directory_id`. Detailed below.\n" + }, + "skipFinalBackup": { + "type": "boolean", + "description": "When enabled, will skip the default final backup taken when the file system is deleted. This configuration must be applied separately before attempting to delete the resource to have the desired behavior. Defaults to `false`.\n" + }, + "storageCapacity": { + "type": "integer", + "description": "Storage capacity (GiB) of the file system. Minimum of 32 and maximum of 65536. If the storage type is set to `HDD` the minimum value is 2000.\n" + }, + "storageType": { + "type": "string", + "description": "Specifies the storage type, Valid values are `SSD` and `HDD`. `HDD` is supported on `SINGLE_AZ_2` and `MULTI_AZ_1` Windows file system deployment types. Default value is `SSD`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IDs for the subnets that the file system will be accessible from. To specify more than a single subnet set `deployment_type` to `MULTI_AZ_1`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the file system. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "throughputCapacity": { + "type": "integer", + "description": "Throughput (megabytes per second) of the file system in power of 2 increments. Minimum of `8` and maximum of `2048`.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the Virtual Private Cloud for the file system.\n" + }, + "weeklyMaintenanceStartTime": { + "type": "string", + "description": "The preferred start time (in `d:HH:MM` format) to perform weekly maintenance, in the UTC time zone.\n" + } + }, + "type": "object" + } + }, + "aws:gamelift/alias:Alias": { + "description": "Provides a Gamelift Alias resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.gamelift.Alias(\"example\", {\n description: \"Example Description\",\n routingStrategy: {\n message: \"Example Message\",\n type: \"TERMINAL\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.gamelift.Alias(\"example\",\n description=\"Example Description\",\n routing_strategy=aws.gamelift.AliasRoutingStrategyArgs(\n message=\"Example Message\",\n type=\"TERMINAL\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.GameLift.Alias(\"example\", new Aws.GameLift.AliasArgs\n {\n Description = \"Example Description\",\n RoutingStrategy = new Aws.GameLift.Inputs.AliasRoutingStrategyArgs\n {\n Message = \"Example Message\",\n Type = \"TERMINAL\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/gamelift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gamelift.NewAlias(ctx, \"example\", &gamelift.AliasArgs{\n\t\t\tDescription: pulumi.String(\"Example Description\"),\n\t\t\tRoutingStrategy: &gamelift.AliasRoutingStrategyArgs{\n\t\t\t\tMessage: pulumi.String(\"Example Message\"),\n\t\t\t\tType: pulumi.String(\"TERMINAL\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGamelift Aliases can be imported using the ID, e.g.\n\n```sh\n $ pulumi import aws:gamelift/alias:Alias example \n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Alias ARN.\n" + }, + "description": { + "type": "string", + "description": "Description of the alias.\n" + }, + "name": { + "type": "string", + "description": "Name of the alias.\n" + }, + "routingStrategy": { + "$ref": "#/types/aws:gamelift/AliasRoutingStrategy:AliasRoutingStrategy", + "description": "Specifies the fleet and/or routing type to use for the alias.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "routingStrategy", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the alias.\n" + }, + "name": { + "type": "string", + "description": "Name of the alias.\n" + }, + "routingStrategy": { + "$ref": "#/types/aws:gamelift/AliasRoutingStrategy:AliasRoutingStrategy", + "description": "Specifies the fleet and/or routing type to use for the alias.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "routingStrategy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Alias resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Alias ARN.\n" + }, + "description": { + "type": "string", + "description": "Description of the alias.\n" + }, + "name": { + "type": "string", + "description": "Name of the alias.\n" + }, + "routingStrategy": { + "$ref": "#/types/aws:gamelift/AliasRoutingStrategy:AliasRoutingStrategy", + "description": "Specifies the fleet and/or routing type to use for the alias.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:gamelift/build:Build": { + "description": "Provides an Gamelift Build resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.gamelift.Build(\"test\", {\n operatingSystem: \"WINDOWS_2012\",\n storageLocation: {\n bucket: aws_s3_bucket.test.bucket,\n key: aws_s3_bucket_object.test.key,\n roleArn: aws_iam_role.test.arn,\n },\n}, {\n dependsOn: [aws_iam_role_policy.test],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.gamelift.Build(\"test\",\n operating_system=\"WINDOWS_2012\",\n storage_location=aws.gamelift.BuildStorageLocationArgs(\n bucket=aws_s3_bucket[\"test\"][\"bucket\"],\n key=aws_s3_bucket_object[\"test\"][\"key\"],\n role_arn=aws_iam_role[\"test\"][\"arn\"],\n ),\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_role_policy[\"test\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.GameLift.Build(\"test\", new Aws.GameLift.BuildArgs\n {\n OperatingSystem = \"WINDOWS_2012\",\n StorageLocation = new Aws.GameLift.Inputs.BuildStorageLocationArgs\n {\n Bucket = aws_s3_bucket.Test.Bucket,\n Key = aws_s3_bucket_object.Test.Key,\n RoleArn = aws_iam_role.Test.Arn,\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_iam_role_policy.Test,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/gamelift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gamelift.NewBuild(ctx, \"test\", &gamelift.BuildArgs{\n\t\t\tOperatingSystem: pulumi.String(\"WINDOWS_2012\"),\n\t\t\tStorageLocation: &gamelift.BuildStorageLocationArgs{\n\t\t\t\tBucket: pulumi.Any(aws_s3_bucket.Test.Bucket),\n\t\t\t\tKey: pulumi.Any(aws_s3_bucket_object.Test.Key),\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Test.Arn),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_role_policy.Test,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGamelift Builds cannot be imported at this time. ", + "properties": { + "arn": { + "type": "string", + "description": "Gamelift Build ARN.\n" + }, + "name": { + "type": "string", + "description": "Name of the build\n" + }, + "operatingSystem": { + "type": "string", + "description": "Operating system that the game server binaries are built to run on. e.g. `WINDOWS_2012`, `AMAZON_LINUX` or `AMAZON_LINUX_2`.\n" + }, + "storageLocation": { + "$ref": "#/types/aws:gamelift/BuildStorageLocation:BuildStorageLocation", + "description": "Information indicating where your game build files are stored. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "Version that is associated with this build.\n" + } + }, + "required": [ + "arn", + "name", + "operatingSystem", + "storageLocation", + "tagsAll" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "Name of the build\n" + }, + "operatingSystem": { + "type": "string", + "description": "Operating system that the game server binaries are built to run on. e.g. `WINDOWS_2012`, `AMAZON_LINUX` or `AMAZON_LINUX_2`.\n" + }, + "storageLocation": { + "$ref": "#/types/aws:gamelift/BuildStorageLocation:BuildStorageLocation", + "description": "Information indicating where your game build files are stored. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "Version that is associated with this build.\n" + } + }, + "requiredInputs": [ + "operatingSystem", + "storageLocation" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Build resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Gamelift Build ARN.\n" + }, + "name": { + "type": "string", + "description": "Name of the build\n" + }, + "operatingSystem": { + "type": "string", + "description": "Operating system that the game server binaries are built to run on. e.g. `WINDOWS_2012`, `AMAZON_LINUX` or `AMAZON_LINUX_2`.\n" + }, + "storageLocation": { + "$ref": "#/types/aws:gamelift/BuildStorageLocation:BuildStorageLocation", + "description": "Information indicating where your game build files are stored. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "Version that is associated with this build.\n" + } + }, + "type": "object" + } + }, + "aws:gamelift/fleet:Fleet": { + "description": "Provides a Gamelift Fleet resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.gamelift.Fleet(\"example\", {\n buildId: aws_gamelift_build.example.id,\n ec2InstanceType: \"t2.micro\",\n fleetType: \"ON_DEMAND\",\n runtimeConfiguration: {\n serverProcesses: [{\n concurrentExecutions: 1,\n launchPath: \"C:\\\\game\\\\GomokuServer.exe\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.gamelift.Fleet(\"example\",\n build_id=aws_gamelift_build[\"example\"][\"id\"],\n ec2_instance_type=\"t2.micro\",\n fleet_type=\"ON_DEMAND\",\n runtime_configuration=aws.gamelift.FleetRuntimeConfigurationArgs(\n server_processes=[aws.gamelift.FleetRuntimeConfigurationServerProcessArgs(\n concurrent_executions=1,\n launch_path=\"C:\\\\game\\\\GomokuServer.exe\",\n )],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.GameLift.Fleet(\"example\", new Aws.GameLift.FleetArgs\n {\n BuildId = aws_gamelift_build.Example.Id,\n Ec2InstanceType = \"t2.micro\",\n FleetType = \"ON_DEMAND\",\n RuntimeConfiguration = new Aws.GameLift.Inputs.FleetRuntimeConfigurationArgs\n {\n ServerProcesses = \n {\n new Aws.GameLift.Inputs.FleetRuntimeConfigurationServerProcessArgs\n {\n ConcurrentExecutions = 1,\n LaunchPath = \"C:\\\\game\\\\GomokuServer.exe\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/gamelift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gamelift.NewFleet(ctx, \"example\", &gamelift.FleetArgs{\n\t\t\tBuildId: pulumi.Any(aws_gamelift_build.Example.Id),\n\t\t\tEc2InstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tFleetType: pulumi.String(\"ON_DEMAND\"),\n\t\t\tRuntimeConfiguration: &gamelift.FleetRuntimeConfigurationArgs{\n\t\t\t\tServerProcesses: gamelift.FleetRuntimeConfigurationServerProcessArray{\n\t\t\t\t\t&gamelift.FleetRuntimeConfigurationServerProcessArgs{\n\t\t\t\t\t\tConcurrentExecutions: pulumi.Int(1),\n\t\t\t\t\t\tLaunchPath: pulumi.String(\"C:\\\\game\\\\GomokuServer.exe\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGamelift Fleets cannot be imported at this time. ", + "properties": { + "arn": { + "type": "string", + "description": "Fleet ARN.\n" + }, + "buildId": { + "type": "string", + "description": "ID of the Gamelift Build to be deployed on the fleet.\n" + }, + "description": { + "type": "string", + "description": "Human-readable description of the fleet.\n" + }, + "ec2InboundPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:gamelift/FleetEc2InboundPermission:FleetEc2InboundPermission" + }, + "description": "Range of IP addresses and port settings that permit inbound traffic to access server processes running on the fleet. See below.\n" + }, + "ec2InstanceType": { + "type": "string", + "description": "Name of an EC2 instance type. e.g. `t2.micro`\n" + }, + "fleetType": { + "type": "string", + "description": "Type of fleet. This value must be `ON_DEMAND` or `SPOT`. Defaults to `ON_DEMAND`.\n" + }, + "instanceRoleArn": { + "type": "string", + "description": "ARN of an IAM role that instances in the fleet can assume.\n" + }, + "logPaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "metricGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of names of metric groups to add this fleet to. A metric group tracks metrics across all fleets in the group. Defaults to `default`.\n" + }, + "name": { + "type": "string", + "description": "The name of the fleet.\n" + }, + "newGameSessionProtectionPolicy": { + "type": "string", + "description": "Game session protection policy to apply to all instances in this fleet. e.g. `FullProtection`. Defaults to `NoProtection`.\n" + }, + "operatingSystem": { + "type": "string", + "description": "Operating system of the fleet's computing resources.\n" + }, + "resourceCreationLimitPolicy": { + "$ref": "#/types/aws:gamelift/FleetResourceCreationLimitPolicy:FleetResourceCreationLimitPolicy", + "description": "Policy that limits the number of game sessions an individual player can create over a span of time for this fleet. See below.\n" + }, + "runtimeConfiguration": { + "$ref": "#/types/aws:gamelift/FleetRuntimeConfiguration:FleetRuntimeConfiguration", + "description": "Instructions for launching server processes on each instance in the fleet. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "buildId", + "ec2InstanceType", + "logPaths", + "metricGroups", + "name", + "operatingSystem", + "tagsAll" + ], + "inputProperties": { + "buildId": { + "type": "string", + "description": "ID of the Gamelift Build to be deployed on the fleet.\n" + }, + "description": { + "type": "string", + "description": "Human-readable description of the fleet.\n" + }, + "ec2InboundPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:gamelift/FleetEc2InboundPermission:FleetEc2InboundPermission" + }, + "description": "Range of IP addresses and port settings that permit inbound traffic to access server processes running on the fleet. See below.\n" + }, + "ec2InstanceType": { + "type": "string", + "description": "Name of an EC2 instance type. e.g. `t2.micro`\n" + }, + "fleetType": { + "type": "string", + "description": "Type of fleet. This value must be `ON_DEMAND` or `SPOT`. Defaults to `ON_DEMAND`.\n" + }, + "instanceRoleArn": { + "type": "string", + "description": "ARN of an IAM role that instances in the fleet can assume.\n" + }, + "metricGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of names of metric groups to add this fleet to. A metric group tracks metrics across all fleets in the group. Defaults to `default`.\n" + }, + "name": { + "type": "string", + "description": "The name of the fleet.\n" + }, + "newGameSessionProtectionPolicy": { + "type": "string", + "description": "Game session protection policy to apply to all instances in this fleet. e.g. `FullProtection`. Defaults to `NoProtection`.\n" + }, + "resourceCreationLimitPolicy": { + "$ref": "#/types/aws:gamelift/FleetResourceCreationLimitPolicy:FleetResourceCreationLimitPolicy", + "description": "Policy that limits the number of game sessions an individual player can create over a span of time for this fleet. See below.\n" + }, + "runtimeConfiguration": { + "$ref": "#/types/aws:gamelift/FleetRuntimeConfiguration:FleetRuntimeConfiguration", + "description": "Instructions for launching server processes on each instance in the fleet. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "buildId", + "ec2InstanceType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Fleet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Fleet ARN.\n" + }, + "buildId": { + "type": "string", + "description": "ID of the Gamelift Build to be deployed on the fleet.\n" + }, + "description": { + "type": "string", + "description": "Human-readable description of the fleet.\n" + }, + "ec2InboundPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:gamelift/FleetEc2InboundPermission:FleetEc2InboundPermission" + }, + "description": "Range of IP addresses and port settings that permit inbound traffic to access server processes running on the fleet. See below.\n" + }, + "ec2InstanceType": { + "type": "string", + "description": "Name of an EC2 instance type. e.g. `t2.micro`\n" + }, + "fleetType": { + "type": "string", + "description": "Type of fleet. This value must be `ON_DEMAND` or `SPOT`. Defaults to `ON_DEMAND`.\n" + }, + "instanceRoleArn": { + "type": "string", + "description": "ARN of an IAM role that instances in the fleet can assume.\n" + }, + "logPaths": { + "type": "array", + "items": { + "type": "string" + } + }, + "metricGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of names of metric groups to add this fleet to. A metric group tracks metrics across all fleets in the group. Defaults to `default`.\n" + }, + "name": { + "type": "string", + "description": "The name of the fleet.\n" + }, + "newGameSessionProtectionPolicy": { + "type": "string", + "description": "Game session protection policy to apply to all instances in this fleet. e.g. `FullProtection`. Defaults to `NoProtection`.\n" + }, + "operatingSystem": { + "type": "string", + "description": "Operating system of the fleet's computing resources.\n" + }, + "resourceCreationLimitPolicy": { + "$ref": "#/types/aws:gamelift/FleetResourceCreationLimitPolicy:FleetResourceCreationLimitPolicy", + "description": "Policy that limits the number of game sessions an individual player can create over a span of time for this fleet. See below.\n" + }, + "runtimeConfiguration": { + "$ref": "#/types/aws:gamelift/FleetRuntimeConfiguration:FleetRuntimeConfiguration", + "description": "Instructions for launching server processes on each instance in the fleet. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:gamelift/gameSessionQueue:GameSessionQueue": { + "description": "Provides an Gamelift Game Session Queue resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.gamelift.GameSessionQueue(\"test\", {\n destinations: [\n aws_gamelift_fleet.us_west_2_fleet.arn,\n aws_gamelift_fleet.eu_central_1_fleet.arn,\n ],\n playerLatencyPolicies: [\n {\n maximumIndividualPlayerLatencyMilliseconds: 100,\n policyDurationSeconds: 5,\n },\n {\n maximumIndividualPlayerLatencyMilliseconds: 200,\n },\n ],\n timeoutInSeconds: 60,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.gamelift.GameSessionQueue(\"test\",\n destinations=[\n aws_gamelift_fleet[\"us_west_2_fleet\"][\"arn\"],\n aws_gamelift_fleet[\"eu_central_1_fleet\"][\"arn\"],\n ],\n player_latency_policies=[\n aws.gamelift.GameSessionQueuePlayerLatencyPolicyArgs(\n maximum_individual_player_latency_milliseconds=100,\n policy_duration_seconds=5,\n ),\n aws.gamelift.GameSessionQueuePlayerLatencyPolicyArgs(\n maximum_individual_player_latency_milliseconds=200,\n ),\n ],\n timeout_in_seconds=60)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.GameLift.GameSessionQueue(\"test\", new Aws.GameLift.GameSessionQueueArgs\n {\n Destinations = \n {\n aws_gamelift_fleet.Us_west_2_fleet.Arn,\n aws_gamelift_fleet.Eu_central_1_fleet.Arn,\n },\n PlayerLatencyPolicies = \n {\n new Aws.GameLift.Inputs.GameSessionQueuePlayerLatencyPolicyArgs\n {\n MaximumIndividualPlayerLatencyMilliseconds = 100,\n PolicyDurationSeconds = 5,\n },\n new Aws.GameLift.Inputs.GameSessionQueuePlayerLatencyPolicyArgs\n {\n MaximumIndividualPlayerLatencyMilliseconds = 200,\n },\n },\n TimeoutInSeconds = 60,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/gamelift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gamelift.NewGameSessionQueue(ctx, \"test\", &gamelift.GameSessionQueueArgs{\n\t\t\tDestinations: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_gamelift_fleet.Us_west_2_fleet.Arn),\n\t\t\t\tpulumi.Any(aws_gamelift_fleet.Eu_central_1_fleet.Arn),\n\t\t\t},\n\t\t\tPlayerLatencyPolicies: gamelift.GameSessionQueuePlayerLatencyPolicyArray{\n\t\t\t\t&gamelift.GameSessionQueuePlayerLatencyPolicyArgs{\n\t\t\t\t\tMaximumIndividualPlayerLatencyMilliseconds: pulumi.Int(100),\n\t\t\t\t\tPolicyDurationSeconds: pulumi.Int(5),\n\t\t\t\t},\n\t\t\t\t&gamelift.GameSessionQueuePlayerLatencyPolicyArgs{\n\t\t\t\t\tMaximumIndividualPlayerLatencyMilliseconds: pulumi.Int(200),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTimeoutInSeconds: pulumi.Int(60),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGamelift Game Session Queues can be imported by their `name`, e.g.\n\n```sh\n $ pulumi import aws:gamelift/gameSessionQueue:GameSessionQueue example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Game Session Queue ARN.\n" + }, + "destinations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of fleet/alias ARNs used by session queue for placing game sessions.\n" + }, + "name": { + "type": "string", + "description": "Name of the session queue.\n" + }, + "playerLatencyPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:gamelift/GameSessionQueuePlayerLatencyPolicy:GameSessionQueuePlayerLatencyPolicy" + }, + "description": "One or more policies used to choose fleet based on player latency. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timeoutInSeconds": { + "type": "integer", + "description": "Maximum time a game session request can remain in the queue.\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "destinations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of fleet/alias ARNs used by session queue for placing game sessions.\n" + }, + "name": { + "type": "string", + "description": "Name of the session queue.\n" + }, + "playerLatencyPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:gamelift/GameSessionQueuePlayerLatencyPolicy:GameSessionQueuePlayerLatencyPolicy" + }, + "description": "One or more policies used to choose fleet based on player latency. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timeoutInSeconds": { + "type": "integer", + "description": "Maximum time a game session request can remain in the queue.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering GameSessionQueue resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Game Session Queue ARN.\n" + }, + "destinations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of fleet/alias ARNs used by session queue for placing game sessions.\n" + }, + "name": { + "type": "string", + "description": "Name of the session queue.\n" + }, + "playerLatencyPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:gamelift/GameSessionQueuePlayerLatencyPolicy:GameSessionQueuePlayerLatencyPolicy" + }, + "description": "One or more policies used to choose fleet based on player latency. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timeoutInSeconds": { + "type": "integer", + "description": "Maximum time a game session request can remain in the queue.\n" + } + }, + "type": "object" + } + }, + "aws:glacier/vault:Vault": { + "description": "Provides a Glacier Vault Resource. You can refer to the [Glacier Developer Guide](https://docs.aws.amazon.com/amazonglacier/latest/dev/working-with-vaults.html) for a full explanation of the Glacier Vault functionality\n\n> **NOTE:** When removing a Glacier Vault, the Vault must be empty.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst awsSnsTopic = new aws.sns.Topic(\"awsSnsTopic\", {});\nconst myArchive = new aws.glacier.Vault(\"myArchive\", {\n notification: {\n snsTopic: awsSnsTopic.arn,\n events: [\n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\",\n ],\n },\n accessPolicy: `{\n \"Version\":\"2012-10-17\",\n \"Statement\":[\n {\n \"Sid\": \"add-read-only-perm\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\"\n ],\n \"Resource\": \"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\"\n }\n ]\n}\n`,\n tags: {\n Test: \"MyArchive\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naws_sns_topic = aws.sns.Topic(\"awsSnsTopic\")\nmy_archive = aws.glacier.Vault(\"myArchive\",\n notification=aws.glacier.VaultNotificationArgs(\n sns_topic=aws_sns_topic.arn,\n events=[\n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\",\n ],\n ),\n access_policy=\"\"\"{\n \"Version\":\"2012-10-17\",\n \"Statement\":[\n {\n \"Sid\": \"add-read-only-perm\",\n \"Principal\": \"*\",\n \"Effect\": \"Allow\",\n \"Action\": [\n \"glacier:InitiateJob\",\n \"glacier:GetJobOutput\"\n ],\n \"Resource\": \"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\"\n }\n ]\n}\n\"\"\",\n tags={\n \"Test\": \"MyArchive\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var awsSnsTopic = new Aws.Sns.Topic(\"awsSnsTopic\", new Aws.Sns.TopicArgs\n {\n });\n var myArchive = new Aws.Glacier.Vault(\"myArchive\", new Aws.Glacier.VaultArgs\n {\n Notification = new Aws.Glacier.Inputs.VaultNotificationArgs\n {\n SnsTopic = awsSnsTopic.Arn,\n Events = \n {\n \"ArchiveRetrievalCompleted\",\n \"InventoryRetrievalCompleted\",\n },\n },\n AccessPolicy = @\"{\n \"\"Version\"\":\"\"2012-10-17\"\",\n \"\"Statement\"\":[\n {\n \"\"Sid\"\": \"\"add-read-only-perm\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"glacier:InitiateJob\"\",\n \"\"glacier:GetJobOutput\"\"\n ],\n \"\"Resource\"\": \"\"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\"\"\n }\n ]\n}\n\",\n Tags = \n {\n { \"Test\", \"MyArchive\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glacier\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tawsSnsTopic, err := sns.NewTopic(ctx, \"awsSnsTopic\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glacier.NewVault(ctx, \"myArchive\", &glacier.VaultArgs{\n\t\t\tNotification: &glacier.VaultNotificationArgs{\n\t\t\t\tSnsTopic: awsSnsTopic.Arn,\n\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"ArchiveRetrievalCompleted\"),\n\t\t\t\t\tpulumi.String(\"InventoryRetrievalCompleted\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tAccessPolicy: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\":\\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\":[\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"add-read-only-perm\\\",\\n\", \" \\\"Principal\\\": \\\"*\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"glacier:InitiateJob\\\",\\n\", \" \\\"glacier:GetJobOutput\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"arn:aws:glacier:eu-west-1:432981146916:vaults/MyArchive\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Test\": pulumi.String(\"MyArchive\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlacier Vaults can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:glacier/vault:Vault archive my_archive\n```\n\n ", + "properties": { + "accessPolicy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\nThe heredoc syntax or `file` function is helpful here. Use the [Glacier Developer Guide](https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-access-policy.html) for more information on Glacier Vault Policy\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the vault.\n" + }, + "location": { + "type": "string", + "description": "The URI of the vault that was created.\n" + }, + "name": { + "type": "string", + "description": "The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).\n" + }, + "notification": { + "$ref": "#/types/aws:glacier/VaultNotification:VaultNotification", + "description": "The notifications for the Vault. Fields documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "location", + "name", + "tagsAll" + ], + "inputProperties": { + "accessPolicy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\nThe heredoc syntax or `file` function is helpful here. Use the [Glacier Developer Guide](https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-access-policy.html) for more information on Glacier Vault Policy\n" + }, + "name": { + "type": "string", + "description": "The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).\n" + }, + "notification": { + "$ref": "#/types/aws:glacier/VaultNotification:VaultNotification", + "description": "The notifications for the Vault. Fields documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Vault resources.\n", + "properties": { + "accessPolicy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\nThe heredoc syntax or `file` function is helpful here. Use the [Glacier Developer Guide](https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-access-policy.html) for more information on Glacier Vault Policy\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the vault.\n" + }, + "location": { + "type": "string", + "description": "The URI of the vault that was created.\n" + }, + "name": { + "type": "string", + "description": "The name of the Vault. Names can be between 1 and 255 characters long and the valid characters are a-z, A-Z, 0-9, '_' (underscore), '-' (hyphen), and '.' (period).\n" + }, + "notification": { + "$ref": "#/types/aws:glacier/VaultNotification:VaultNotification", + "description": "The notifications for the Vault. Fields documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:glacier/vaultLock:VaultLock": { + "description": "Manages a Glacier Vault Lock. You can refer to the [Glacier Developer Guide](https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-lock.html) for a full explanation of the Glacier Vault Lock functionality.\n\n> **NOTE:** This resource allows you to test Glacier Vault Lock policies by setting the `complete_lock` argument to `false`. When testing policies in this manner, the Glacier Vault Lock automatically expires after 24 hours and this provider will show this resource as needing recreation after that time. To permanently apply the policy, set the `complete_lock` argument to `true`. When changing `complete_lock` to `true`, it is expected the resource will show as recreating.\n\n!> **WARNING:** Once a Glacier Vault Lock is completed, it is immutable. The deletion of the Glacier Vault Lock is not be possible and attempting to remove it from this provider will return an error. Set the `ignore_deletion_error` argument to `true` and apply this configuration before attempting to delete this resource via this provider or remove this resource from this provider's management.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Testing Glacier Vault Lock Policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleVault = new aws.glacier.Vault(\"exampleVault\", {});\nconst examplePolicyDocument = exampleVault.arn.apply(arn => aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"glacier:DeleteArchive\"],\n effect: \"Deny\",\n resources: [arn],\n conditions: [{\n test: \"NumericLessThanEquals\",\n variable: \"glacier:ArchiveAgeinDays\",\n values: [\"365\"],\n }],\n }],\n}));\nconst exampleVaultLock = new aws.glacier.VaultLock(\"exampleVaultLock\", {\n completeLock: false,\n policy: examplePolicyDocument.apply(examplePolicyDocument => examplePolicyDocument.json),\n vaultName: exampleVault.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_vault = aws.glacier.Vault(\"exampleVault\")\nexample_policy_document = example_vault.arn.apply(lambda arn: aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"glacier:DeleteArchive\"],\n effect=\"Deny\",\n resources=[arn],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"NumericLessThanEquals\",\n variable=\"glacier:ArchiveAgeinDays\",\n values=[\"365\"],\n )],\n)]))\nexample_vault_lock = aws.glacier.VaultLock(\"exampleVaultLock\",\n complete_lock=False,\n policy=example_policy_document.json,\n vault_name=example_vault.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleVault = new Aws.Glacier.Vault(\"exampleVault\", new Aws.Glacier.VaultArgs\n {\n });\n var examplePolicyDocument = exampleVault.Arn.Apply(arn => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"glacier:DeleteArchive\",\n },\n Effect = \"Deny\",\n Resources = \n {\n arn,\n },\n Conditions = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs\n {\n Test = \"NumericLessThanEquals\",\n Variable = \"glacier:ArchiveAgeinDays\",\n Values = \n {\n \"365\",\n },\n },\n },\n },\n },\n }));\n var exampleVaultLock = new Aws.Glacier.VaultLock(\"exampleVaultLock\", new Aws.Glacier.VaultLockArgs\n {\n CompleteLock = false,\n Policy = examplePolicyDocument.Apply(examplePolicyDocument => examplePolicyDocument.Json),\n VaultName = exampleVault.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glacier\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleVault, err := glacier.NewVault(ctx, \"exampleVault\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glacier.NewVaultLock(ctx, \"exampleVaultLock\", &glacier.VaultLockArgs{\n\t\t\tCompleteLock: pulumi.Bool(false),\n\t\t\tPolicy: examplePolicyDocument.ApplyT(func(examplePolicyDocument iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn examplePolicyDocument.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tVaultName: exampleVault.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Permanently Applying Glacier Vault Lock Policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glacier.VaultLock(\"example\", {\n completeLock: true,\n policy: data.aws_iam_policy_document.example.json,\n vaultName: aws_glacier_vault.example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glacier.VaultLock(\"example\",\n complete_lock=True,\n policy=data[\"aws_iam_policy_document\"][\"example\"][\"json\"],\n vault_name=aws_glacier_vault[\"example\"][\"name\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glacier.VaultLock(\"example\", new Aws.Glacier.VaultLockArgs\n {\n CompleteLock = true,\n Policy = data.Aws_iam_policy_document.Example.Json,\n VaultName = aws_glacier_vault.Example.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glacier\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glacier.NewVaultLock(ctx, \"example\", &glacier.VaultLockArgs{\n\t\t\tCompleteLock: pulumi.Bool(true),\n\t\t\tPolicy: pulumi.Any(data.Aws_iam_policy_document.Example.Json),\n\t\t\tVaultName: pulumi.Any(aws_glacier_vault.Example.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlacier Vault Locks can be imported using the Glacier Vault name, e.g.\n\n```sh\n $ pulumi import aws:glacier/vaultLock:VaultLock example example-vault\n```\n\n ", + "properties": { + "completeLock": { + "type": "boolean", + "description": "Boolean whether to permanently apply this Glacier Lock Policy. Once completed, this cannot be undone. If set to `false`, the Glacier Lock Policy remains in a testing mode for 24 hours. After that time, the Glacier Lock Policy is automatically removed by Glacier and the this provider resource will show as needing recreation. Changing this from `false` to `true` will show as resource recreation, which is expected. Changing this from `true` to `false` is not possible unless the Glacier Vault is recreated at the same time.\n" + }, + "ignoreDeletionError": { + "type": "boolean", + "description": "Allow this provider to ignore the error returned when attempting to delete the Glacier Lock Policy. This can be used to delete or recreate the Glacier Vault via this provider, for example, if the Glacier Vault Lock policy permits that action. This should only be used in conjunction with `complete_lock` being set to `true`.\n" + }, + "policy": { + "type": "string", + "description": "JSON string containing the IAM policy to apply as the Glacier Vault Lock policy.\n" + }, + "vaultName": { + "type": "string", + "description": "The name of the Glacier Vault.\n" + } + }, + "required": [ + "completeLock", + "policy", + "vaultName" + ], + "inputProperties": { + "completeLock": { + "type": "boolean", + "description": "Boolean whether to permanently apply this Glacier Lock Policy. Once completed, this cannot be undone. If set to `false`, the Glacier Lock Policy remains in a testing mode for 24 hours. After that time, the Glacier Lock Policy is automatically removed by Glacier and the this provider resource will show as needing recreation. Changing this from `false` to `true` will show as resource recreation, which is expected. Changing this from `true` to `false` is not possible unless the Glacier Vault is recreated at the same time.\n" + }, + "ignoreDeletionError": { + "type": "boolean", + "description": "Allow this provider to ignore the error returned when attempting to delete the Glacier Lock Policy. This can be used to delete or recreate the Glacier Vault via this provider, for example, if the Glacier Vault Lock policy permits that action. This should only be used in conjunction with `complete_lock` being set to `true`.\n" + }, + "policy": { + "type": "string", + "description": "JSON string containing the IAM policy to apply as the Glacier Vault Lock policy.\n" + }, + "vaultName": { + "type": "string", + "description": "The name of the Glacier Vault.\n" + } + }, + "requiredInputs": [ + "completeLock", + "policy", + "vaultName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VaultLock resources.\n", + "properties": { + "completeLock": { + "type": "boolean", + "description": "Boolean whether to permanently apply this Glacier Lock Policy. Once completed, this cannot be undone. If set to `false`, the Glacier Lock Policy remains in a testing mode for 24 hours. After that time, the Glacier Lock Policy is automatically removed by Glacier and the this provider resource will show as needing recreation. Changing this from `false` to `true` will show as resource recreation, which is expected. Changing this from `true` to `false` is not possible unless the Glacier Vault is recreated at the same time.\n" + }, + "ignoreDeletionError": { + "type": "boolean", + "description": "Allow this provider to ignore the error returned when attempting to delete the Glacier Lock Policy. This can be used to delete or recreate the Glacier Vault via this provider, for example, if the Glacier Vault Lock policy permits that action. This should only be used in conjunction with `complete_lock` being set to `true`.\n" + }, + "policy": { + "type": "string", + "description": "JSON string containing the IAM policy to apply as the Glacier Vault Lock policy.\n" + }, + "vaultName": { + "type": "string", + "description": "The name of the Glacier Vault.\n" + } + }, + "type": "object" + } + }, + "aws:globalaccelerator/accelerator:Accelerator": { + "description": "Creates a Global Accelerator accelerator.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.globalaccelerator.Accelerator(\"example\", {\n attributes: {\n flowLogsEnabled: true,\n flowLogsS3Bucket: \"example-bucket\",\n flowLogsS3Prefix: \"flow-logs/\",\n },\n enabled: true,\n ipAddressType: \"IPV4\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.globalaccelerator.Accelerator(\"example\",\n attributes=aws.globalaccelerator.AcceleratorAttributesArgs(\n flow_logs_enabled=True,\n flow_logs_s3_bucket=\"example-bucket\",\n flow_logs_s3_prefix=\"flow-logs/\",\n ),\n enabled=True,\n ip_address_type=\"IPV4\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.GlobalAccelerator.Accelerator(\"example\", new Aws.GlobalAccelerator.AcceleratorArgs\n {\n Attributes = new Aws.GlobalAccelerator.Inputs.AcceleratorAttributesArgs\n {\n FlowLogsEnabled = true,\n FlowLogsS3Bucket = \"example-bucket\",\n FlowLogsS3Prefix = \"flow-logs/\",\n },\n Enabled = true,\n IpAddressType = \"IPV4\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/globalaccelerator\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := globalaccelerator.NewAccelerator(ctx, \"example\", &globalaccelerator.AcceleratorArgs{\n\t\t\tAttributes: &globalaccelerator.AcceleratorAttributesArgs{\n\t\t\t\tFlowLogsEnabled: pulumi.Bool(true),\n\t\t\t\tFlowLogsS3Bucket: pulumi.String(\"example-bucket\"),\n\t\t\t\tFlowLogsS3Prefix: pulumi.String(\"flow-logs/\"),\n\t\t\t},\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tIpAddressType: pulumi.String(\"IPV4\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlobal Accelerator accelerators can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:globalaccelerator/accelerator:Accelerator example arn:aws:globalaccelerator::111111111111:accelerator/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\n```\n\n ", + "properties": { + "attributes": { + "$ref": "#/types/aws:globalaccelerator/AcceleratorAttributes:AcceleratorAttributes", + "description": "The attributes of the accelerator. Fields documented below.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the accelerator. For example, `a5d53ff5ee6bca4ce.awsglobalaccelerator.com`.\n* `hosted_zone_id` -- The Global Accelerator Route 53 zone ID that can be used to\nroute an [Alias Resource Record Set](https://docs.aws.amazon.com/Route53/latest/APIReference/API_AliasTarget.html) to the Global Accelerator. This attribute\nis simply an alias for the zone ID `Z2BJ6XQ5FK7U4H`.\n" + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether the accelerator is enabled. Defaults to `true`. Valid values: `true`, `false`.\n" + }, + "hostedZoneId": { + "type": "string" + }, + "ipAddressType": { + "type": "string", + "description": "The value for the address type. Defaults to `IPV4`. Valid values: `IPV4`.\n" + }, + "ipSets": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/AcceleratorIpSet:AcceleratorIpSet" + }, + "description": "IP address set associated with the accelerator.\n" + }, + "name": { + "type": "string", + "description": "The name of the accelerator.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "dnsName", + "hostedZoneId", + "ipSets", + "name", + "tagsAll" + ], + "inputProperties": { + "attributes": { + "$ref": "#/types/aws:globalaccelerator/AcceleratorAttributes:AcceleratorAttributes", + "description": "The attributes of the accelerator. Fields documented below.\n" + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether the accelerator is enabled. Defaults to `true`. Valid values: `true`, `false`.\n" + }, + "ipAddressType": { + "type": "string", + "description": "The value for the address type. Defaults to `IPV4`. Valid values: `IPV4`.\n" + }, + "name": { + "type": "string", + "description": "The name of the accelerator.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Accelerator resources.\n", + "properties": { + "attributes": { + "$ref": "#/types/aws:globalaccelerator/AcceleratorAttributes:AcceleratorAttributes", + "description": "The attributes of the accelerator. Fields documented below.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the accelerator. For example, `a5d53ff5ee6bca4ce.awsglobalaccelerator.com`.\n* `hosted_zone_id` -- The Global Accelerator Route 53 zone ID that can be used to\nroute an [Alias Resource Record Set](https://docs.aws.amazon.com/Route53/latest/APIReference/API_AliasTarget.html) to the Global Accelerator. This attribute\nis simply an alias for the zone ID `Z2BJ6XQ5FK7U4H`.\n" + }, + "enabled": { + "type": "boolean", + "description": "Indicates whether the accelerator is enabled. Defaults to `true`. Valid values: `true`, `false`.\n" + }, + "hostedZoneId": { + "type": "string" + }, + "ipAddressType": { + "type": "string", + "description": "The value for the address type. Defaults to `IPV4`. Valid values: `IPV4`.\n" + }, + "ipSets": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/AcceleratorIpSet:AcceleratorIpSet" + }, + "description": "IP address set associated with the accelerator.\n" + }, + "name": { + "type": "string", + "description": "The name of the accelerator.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:globalaccelerator/endpointGroup:EndpointGroup": { + "description": "Provides a Global Accelerator endpoint group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.globalaccelerator.EndpointGroup(\"example\", {\n listenerArn: aws_globalaccelerator_listener.example.id,\n endpointConfigurations: [{\n endpointId: aws_lb.example.arn,\n weight: 100,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.globalaccelerator.EndpointGroup(\"example\",\n listener_arn=aws_globalaccelerator_listener[\"example\"][\"id\"],\n endpoint_configurations=[aws.globalaccelerator.EndpointGroupEndpointConfigurationArgs(\n endpoint_id=aws_lb[\"example\"][\"arn\"],\n weight=100,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.GlobalAccelerator.EndpointGroup(\"example\", new Aws.GlobalAccelerator.EndpointGroupArgs\n {\n ListenerArn = aws_globalaccelerator_listener.Example.Id,\n EndpointConfigurations = \n {\n new Aws.GlobalAccelerator.Inputs.EndpointGroupEndpointConfigurationArgs\n {\n EndpointId = aws_lb.Example.Arn,\n Weight = 100,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/globalaccelerator\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := globalaccelerator.NewEndpointGroup(ctx, \"example\", &globalaccelerator.EndpointGroupArgs{\n\t\t\tListenerArn: pulumi.Any(aws_globalaccelerator_listener.Example.Id),\n\t\t\tEndpointConfigurations: globalaccelerator.EndpointGroupEndpointConfigurationArray{\n\t\t\t\t&globalaccelerator.EndpointGroupEndpointConfigurationArgs{\n\t\t\t\t\tEndpointId: pulumi.Any(aws_lb.Example.Arn),\n\t\t\t\t\tWeight: pulumi.Int(100),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlobal Accelerator endpoint groups can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:globalaccelerator/endpointGroup:EndpointGroup example arn:aws:globalaccelerator::111111111111:accelerator/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/listener/xxxxxxx/endpoint-group/xxxxxxxx\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the endpoint group.\n" + }, + "endpointConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/EndpointGroupEndpointConfiguration:EndpointGroupEndpointConfiguration" + }, + "description": "The list of endpoint objects. Fields documented below.\n" + }, + "endpointGroupRegion": { + "type": "string", + "description": "The name of the AWS Region where the endpoint group is located.\n" + }, + "healthCheckIntervalSeconds": { + "type": "integer", + "description": "The time—10 seconds or 30 seconds—between each health check for an endpoint. The default value is 30.\n" + }, + "healthCheckPath": { + "type": "string", + "description": "If the protocol is HTTP/S, then this specifies the path that is the destination for health check targets. The default value is slash (`/`). the provider will only perform drift detection of its value when present in a configuration.\n" + }, + "healthCheckPort": { + "type": "integer", + "description": "The port that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default port is the listener port that this endpoint group is associated with. If listener port is a list of ports, Global Accelerator uses the first port in the list.\nthe provider will only perform drift detection of its value when present in a configuration.\n" + }, + "healthCheckProtocol": { + "type": "string", + "description": "The protocol that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default value is TCP.\n" + }, + "listenerArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the listener.\n" + }, + "portOverrides": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/EndpointGroupPortOverride:EndpointGroupPortOverride" + }, + "description": "Override specific listener ports used to route traffic to endpoints that are part of this endpoint group. Fields documented below.\n" + }, + "thresholdCount": { + "type": "integer", + "description": "The number of consecutive health checks required to set the state of a healthy endpoint to unhealthy, or to set an unhealthy endpoint to healthy. The default value is 3.\n" + }, + "trafficDialPercentage": { + "type": "number", + "description": "The percentage of traffic to send to an AWS Region. Additional traffic is distributed to other endpoint groups for this listener. The default value is 100.\n" + } + }, + "required": [ + "arn", + "endpointGroupRegion", + "healthCheckPath", + "healthCheckPort", + "listenerArn" + ], + "inputProperties": { + "endpointConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/EndpointGroupEndpointConfiguration:EndpointGroupEndpointConfiguration" + }, + "description": "The list of endpoint objects. Fields documented below.\n" + }, + "endpointGroupRegion": { + "type": "string", + "description": "The name of the AWS Region where the endpoint group is located.\n" + }, + "healthCheckIntervalSeconds": { + "type": "integer", + "description": "The time—10 seconds or 30 seconds—between each health check for an endpoint. The default value is 30.\n" + }, + "healthCheckPath": { + "type": "string", + "description": "If the protocol is HTTP/S, then this specifies the path that is the destination for health check targets. The default value is slash (`/`). the provider will only perform drift detection of its value when present in a configuration.\n" + }, + "healthCheckPort": { + "type": "integer", + "description": "The port that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default port is the listener port that this endpoint group is associated with. If listener port is a list of ports, Global Accelerator uses the first port in the list.\nthe provider will only perform drift detection of its value when present in a configuration.\n" + }, + "healthCheckProtocol": { + "type": "string", + "description": "The protocol that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default value is TCP.\n" + }, + "listenerArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the listener.\n" + }, + "portOverrides": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/EndpointGroupPortOverride:EndpointGroupPortOverride" + }, + "description": "Override specific listener ports used to route traffic to endpoints that are part of this endpoint group. Fields documented below.\n" + }, + "thresholdCount": { + "type": "integer", + "description": "The number of consecutive health checks required to set the state of a healthy endpoint to unhealthy, or to set an unhealthy endpoint to healthy. The default value is 3.\n" + }, + "trafficDialPercentage": { + "type": "number", + "description": "The percentage of traffic to send to an AWS Region. Additional traffic is distributed to other endpoint groups for this listener. The default value is 100.\n" + } + }, + "requiredInputs": [ + "listenerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EndpointGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the endpoint group.\n" + }, + "endpointConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/EndpointGroupEndpointConfiguration:EndpointGroupEndpointConfiguration" + }, + "description": "The list of endpoint objects. Fields documented below.\n" + }, + "endpointGroupRegion": { + "type": "string", + "description": "The name of the AWS Region where the endpoint group is located.\n" + }, + "healthCheckIntervalSeconds": { + "type": "integer", + "description": "The time—10 seconds or 30 seconds—between each health check for an endpoint. The default value is 30.\n" + }, + "healthCheckPath": { + "type": "string", + "description": "If the protocol is HTTP/S, then this specifies the path that is the destination for health check targets. The default value is slash (`/`). the provider will only perform drift detection of its value when present in a configuration.\n" + }, + "healthCheckPort": { + "type": "integer", + "description": "The port that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default port is the listener port that this endpoint group is associated with. If listener port is a list of ports, Global Accelerator uses the first port in the list.\nthe provider will only perform drift detection of its value when present in a configuration.\n" + }, + "healthCheckProtocol": { + "type": "string", + "description": "The protocol that AWS Global Accelerator uses to check the health of endpoints that are part of this endpoint group. The default value is TCP.\n" + }, + "listenerArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the listener.\n" + }, + "portOverrides": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/EndpointGroupPortOverride:EndpointGroupPortOverride" + }, + "description": "Override specific listener ports used to route traffic to endpoints that are part of this endpoint group. Fields documented below.\n" + }, + "thresholdCount": { + "type": "integer", + "description": "The number of consecutive health checks required to set the state of a healthy endpoint to unhealthy, or to set an unhealthy endpoint to healthy. The default value is 3.\n" + }, + "trafficDialPercentage": { + "type": "number", + "description": "The percentage of traffic to send to an AWS Region. Additional traffic is distributed to other endpoint groups for this listener. The default value is 100.\n" + } + }, + "type": "object" + } + }, + "aws:globalaccelerator/listener:Listener": { + "description": "Provides a Global Accelerator listener.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccelerator = new aws.globalaccelerator.Accelerator(\"exampleAccelerator\", {\n ipAddressType: \"IPV4\",\n enabled: true,\n attributes: {\n flowLogsEnabled: true,\n flowLogsS3Bucket: \"example-bucket\",\n flowLogsS3Prefix: \"flow-logs/\",\n },\n});\nconst exampleListener = new aws.globalaccelerator.Listener(\"exampleListener\", {\n acceleratorArn: exampleAccelerator.id,\n clientAffinity: \"SOURCE_IP\",\n protocol: \"TCP\",\n portRanges: [{\n fromPort: 80,\n toPort: 80,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_accelerator = aws.globalaccelerator.Accelerator(\"exampleAccelerator\",\n ip_address_type=\"IPV4\",\n enabled=True,\n attributes=aws.globalaccelerator.AcceleratorAttributesArgs(\n flow_logs_enabled=True,\n flow_logs_s3_bucket=\"example-bucket\",\n flow_logs_s3_prefix=\"flow-logs/\",\n ))\nexample_listener = aws.globalaccelerator.Listener(\"exampleListener\",\n accelerator_arn=example_accelerator.id,\n client_affinity=\"SOURCE_IP\",\n protocol=\"TCP\",\n port_ranges=[aws.globalaccelerator.ListenerPortRangeArgs(\n from_port=80,\n to_port=80,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccelerator = new Aws.GlobalAccelerator.Accelerator(\"exampleAccelerator\", new Aws.GlobalAccelerator.AcceleratorArgs\n {\n IpAddressType = \"IPV4\",\n Enabled = true,\n Attributes = new Aws.GlobalAccelerator.Inputs.AcceleratorAttributesArgs\n {\n FlowLogsEnabled = true,\n FlowLogsS3Bucket = \"example-bucket\",\n FlowLogsS3Prefix = \"flow-logs/\",\n },\n });\n var exampleListener = new Aws.GlobalAccelerator.Listener(\"exampleListener\", new Aws.GlobalAccelerator.ListenerArgs\n {\n AcceleratorArn = exampleAccelerator.Id,\n ClientAffinity = \"SOURCE_IP\",\n Protocol = \"TCP\",\n PortRanges = \n {\n new Aws.GlobalAccelerator.Inputs.ListenerPortRangeArgs\n {\n FromPort = 80,\n ToPort = 80,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/globalaccelerator\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleAccelerator, err := globalaccelerator.NewAccelerator(ctx, \"exampleAccelerator\", &globalaccelerator.AcceleratorArgs{\n\t\t\tIpAddressType: pulumi.String(\"IPV4\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAttributes: &globalaccelerator.AcceleratorAttributesArgs{\n\t\t\t\tFlowLogsEnabled: pulumi.Bool(true),\n\t\t\t\tFlowLogsS3Bucket: pulumi.String(\"example-bucket\"),\n\t\t\t\tFlowLogsS3Prefix: pulumi.String(\"flow-logs/\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = globalaccelerator.NewListener(ctx, \"exampleListener\", &globalaccelerator.ListenerArgs{\n\t\t\tAcceleratorArn: exampleAccelerator.ID(),\n\t\t\tClientAffinity: pulumi.String(\"SOURCE_IP\"),\n\t\t\tProtocol: pulumi.String(\"TCP\"),\n\t\t\tPortRanges: globalaccelerator.ListenerPortRangeArray{\n\t\t\t\t&globalaccelerator.ListenerPortRangeArgs{\n\t\t\t\t\tFromPort: pulumi.Int(80),\n\t\t\t\t\tToPort: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlobal Accelerator listeners can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:globalaccelerator/listener:Listener example arn:aws:globalaccelerator::111111111111:accelerator/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/listener/xxxxxxxx\n```\n\n ", + "properties": { + "acceleratorArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of your accelerator.\n" + }, + "clientAffinity": { + "type": "string", + "description": "Direct all requests from a user to the same endpoint. Valid values are `NONE`, `SOURCE_IP`. Default: `NONE`. If `NONE`, Global Accelerator uses the \"five-tuple\" properties of source IP address, source port, destination IP address, destination port, and protocol to select the hash value. If `SOURCE_IP`, Global Accelerator uses the \"two-tuple\" properties of source (client) IP address and destination IP address to select the hash value.\n" + }, + "portRanges": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/ListenerPortRange:ListenerPortRange" + }, + "description": "The list of port ranges for the connections from clients to the accelerator. Fields documented below.\n" + }, + "protocol": { + "type": "string", + "description": "The protocol for the connections from clients to the accelerator. Valid values are `TCP`, `UDP`.\n" + } + }, + "required": [ + "acceleratorArn", + "portRanges", + "protocol" + ], + "inputProperties": { + "acceleratorArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of your accelerator.\n" + }, + "clientAffinity": { + "type": "string", + "description": "Direct all requests from a user to the same endpoint. Valid values are `NONE`, `SOURCE_IP`. Default: `NONE`. If `NONE`, Global Accelerator uses the \"five-tuple\" properties of source IP address, source port, destination IP address, destination port, and protocol to select the hash value. If `SOURCE_IP`, Global Accelerator uses the \"two-tuple\" properties of source (client) IP address and destination IP address to select the hash value.\n" + }, + "portRanges": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/ListenerPortRange:ListenerPortRange" + }, + "description": "The list of port ranges for the connections from clients to the accelerator. Fields documented below.\n" + }, + "protocol": { + "type": "string", + "description": "The protocol for the connections from clients to the accelerator. Valid values are `TCP`, `UDP`.\n" + } + }, + "requiredInputs": [ + "acceleratorArn", + "portRanges", + "protocol" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Listener resources.\n", + "properties": { + "acceleratorArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of your accelerator.\n" + }, + "clientAffinity": { + "type": "string", + "description": "Direct all requests from a user to the same endpoint. Valid values are `NONE`, `SOURCE_IP`. Default: `NONE`. If `NONE`, Global Accelerator uses the \"five-tuple\" properties of source IP address, source port, destination IP address, destination port, and protocol to select the hash value. If `SOURCE_IP`, Global Accelerator uses the \"two-tuple\" properties of source (client) IP address and destination IP address to select the hash value.\n" + }, + "portRanges": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/ListenerPortRange:ListenerPortRange" + }, + "description": "The list of port ranges for the connections from clients to the accelerator. Fields documented below.\n" + }, + "protocol": { + "type": "string", + "description": "The protocol for the connections from clients to the accelerator. Valid values are `TCP`, `UDP`.\n" + } + }, + "type": "object" + } + }, + "aws:glue/catalogDatabase:CatalogDatabase": { + "description": "Provides a Glue Catalog Database Resource. You can refer to the [Glue Developer Guide](http://docs.aws.amazon.com/glue/latest/dg/populate-data-catalog.html) for a full explanation of the Glue Data Catalog functionality\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst awsGlueCatalogDatabase = new aws.glue.CatalogDatabase(\"aws_glue_catalog_database\", {\n name: \"MyCatalogDatabase\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naws_glue_catalog_database = aws.glue.CatalogDatabase(\"awsGlueCatalogDatabase\", name=\"MyCatalogDatabase\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var awsGlueCatalogDatabase = new Aws.Glue.CatalogDatabase(\"awsGlueCatalogDatabase\", new Aws.Glue.CatalogDatabaseArgs\n {\n Name = \"MyCatalogDatabase\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCatalogDatabase(ctx, \"awsGlueCatalogDatabase\", &glue.CatalogDatabaseArgs{\n\t\t\tName: pulumi.String(\"MyCatalogDatabase\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Catalog Databases can be imported using the `catalog_id:name`. If you have not set a Catalog ID specify the AWS Account ID that the database is in, e.g.\n\n```sh\n $ pulumi import aws:glue/catalogDatabase:CatalogDatabase database 123456789012:my_database\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Glue Catalog Database.\n" + }, + "catalogId": { + "type": "string", + "description": "ID of the Data Catalog in which the database resides.\n" + }, + "description": { + "type": "string", + "description": "Description of the database.\n" + }, + "locationUri": { + "type": "string", + "description": "Location of the database (for example, an HDFS path).\n" + }, + "name": { + "type": "string", + "description": "Name of the database. The acceptable characters are lowercase letters, numbers, and the underscore character.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "List of key-value pairs that define parameters and properties of the database.\n" + }, + "targetDatabase": { + "$ref": "#/types/aws:glue/CatalogDatabaseTargetDatabase:CatalogDatabaseTargetDatabase", + "description": "Configuration block for a target database for resource linking. See `target_database` below.\n" + } + }, + "required": [ + "arn", + "catalogId", + "locationUri", + "name" + ], + "inputProperties": { + "catalogId": { + "type": "string", + "description": "ID of the Data Catalog in which the database resides.\n" + }, + "description": { + "type": "string", + "description": "Description of the database.\n" + }, + "locationUri": { + "type": "string", + "description": "Location of the database (for example, an HDFS path).\n" + }, + "name": { + "type": "string", + "description": "Name of the database. The acceptable characters are lowercase letters, numbers, and the underscore character.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "List of key-value pairs that define parameters and properties of the database.\n" + }, + "targetDatabase": { + "$ref": "#/types/aws:glue/CatalogDatabaseTargetDatabase:CatalogDatabaseTargetDatabase", + "description": "Configuration block for a target database for resource linking. See `target_database` below.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering CatalogDatabase resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Glue Catalog Database.\n" + }, + "catalogId": { + "type": "string", + "description": "ID of the Data Catalog in which the database resides.\n" + }, + "description": { + "type": "string", + "description": "Description of the database.\n" + }, + "locationUri": { + "type": "string", + "description": "Location of the database (for example, an HDFS path).\n" + }, + "name": { + "type": "string", + "description": "Name of the database. The acceptable characters are lowercase letters, numbers, and the underscore character.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "List of key-value pairs that define parameters and properties of the database.\n" + }, + "targetDatabase": { + "$ref": "#/types/aws:glue/CatalogDatabaseTargetDatabase:CatalogDatabaseTargetDatabase", + "description": "Configuration block for a target database for resource linking. See `target_database` below.\n" + } + }, + "type": "object" + } + }, + "aws:glue/catalogTable:CatalogTable": { + "description": "Provides a Glue Catalog Table Resource. You can refer to the [Glue Developer Guide](http://docs.aws.amazon.com/glue/latest/dg/populate-data-catalog.html) for a full explanation of the Glue Data Catalog functionality.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Table\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst awsGlueCatalogTable = new aws.glue.CatalogTable(\"aws_glue_catalog_table\", {\n databaseName: \"MyCatalogDatabase\",\n name: \"MyCatalogTable\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naws_glue_catalog_table = aws.glue.CatalogTable(\"awsGlueCatalogTable\",\n database_name=\"MyCatalogDatabase\",\n name=\"MyCatalogTable\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var awsGlueCatalogTable = new Aws.Glue.CatalogTable(\"awsGlueCatalogTable\", new Aws.Glue.CatalogTableArgs\n {\n DatabaseName = \"MyCatalogDatabase\",\n Name = \"MyCatalogTable\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCatalogTable(ctx, \"awsGlueCatalogTable\", &glue.CatalogTableArgs{\n\t\t\tDatabaseName: pulumi.String(\"MyCatalogDatabase\"),\n\t\t\tName: pulumi.String(\"MyCatalogTable\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Parquet Table for Athena\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst awsGlueCatalogTable = new aws.glue.CatalogTable(\"aws_glue_catalog_table\", {\n databaseName: \"MyCatalogDatabase\",\n name: \"MyCatalogTable\",\n parameters: {\n EXTERNAL: \"TRUE\",\n \"parquet.compression\": \"SNAPPY\",\n },\n storageDescriptor: {\n columns: [\n {\n name: \"my_string\",\n type: \"string\",\n },\n {\n name: \"my_double\",\n type: \"double\",\n },\n {\n comment: \"\",\n name: \"my_date\",\n type: \"date\",\n },\n {\n comment: \"\",\n name: \"my_bigint\",\n type: \"bigint\",\n },\n {\n comment: \"\",\n name: \"my_struct\",\n type: \"struct\",\n },\n ],\n inputFormat: \"org.apache.hadoop.hive.ql.io.parquet.MapredParquetInputFormat\",\n location: \"s3://my-bucket/event-streams/my-stream\",\n outputFormat: \"org.apache.hadoop.hive.ql.io.parquet.MapredParquetOutputFormat\",\n serDeInfo: {\n name: \"my-stream\",\n parameters: {\n \"serialization.format\": 1,\n },\n serializationLibrary: \"org.apache.hadoop.hive.ql.io.parquet.serde.ParquetHiveSerDe\",\n },\n },\n tableType: \"EXTERNAL_TABLE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naws_glue_catalog_table = aws.glue.CatalogTable(\"awsGlueCatalogTable\",\n database_name=\"MyCatalogDatabase\",\n name=\"MyCatalogTable\",\n parameters={\n \"EXTERNAL\": \"TRUE\",\n \"parquet.compression\": \"SNAPPY\",\n },\n storage_descriptor=aws.glue.CatalogTableStorageDescriptorArgs(\n columns=[\n aws.glue.CatalogTableStorageDescriptorColumnArgs(\n name=\"my_string\",\n type=\"string\",\n ),\n aws.glue.CatalogTableStorageDescriptorColumnArgs(\n name=\"my_double\",\n type=\"double\",\n ),\n aws.glue.CatalogTableStorageDescriptorColumnArgs(\n comment=\"\",\n name=\"my_date\",\n type=\"date\",\n ),\n aws.glue.CatalogTableStorageDescriptorColumnArgs(\n comment=\"\",\n name=\"my_bigint\",\n type=\"bigint\",\n ),\n aws.glue.CatalogTableStorageDescriptorColumnArgs(\n comment=\"\",\n name=\"my_struct\",\n type=\"struct\",\n ),\n ],\n input_format=\"org.apache.hadoop.hive.ql.io.parquet.MapredParquetInputFormat\",\n location=\"s3://my-bucket/event-streams/my-stream\",\n output_format=\"org.apache.hadoop.hive.ql.io.parquet.MapredParquetOutputFormat\",\n ser_de_info=aws.glue.CatalogTableStorageDescriptorSerDeInfoArgs(\n name=\"my-stream\",\n parameters={\n \"serialization.format\": \"1\",\n },\n serialization_library=\"org.apache.hadoop.hive.ql.io.parquet.serde.ParquetHiveSerDe\",\n ),\n ),\n table_type=\"EXTERNAL_TABLE\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var awsGlueCatalogTable = new Aws.Glue.CatalogTable(\"awsGlueCatalogTable\", new Aws.Glue.CatalogTableArgs\n {\n DatabaseName = \"MyCatalogDatabase\",\n Name = \"MyCatalogTable\",\n Parameters = \n {\n { \"EXTERNAL\", \"TRUE\" },\n { \"parquet.compression\", \"SNAPPY\" },\n },\n StorageDescriptor = new Aws.Glue.Inputs.CatalogTableStorageDescriptorArgs\n {\n Columns = \n {\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Name = \"my_string\",\n Type = \"string\",\n },\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Name = \"my_double\",\n Type = \"double\",\n },\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Comment = \"\",\n Name = \"my_date\",\n Type = \"date\",\n },\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Comment = \"\",\n Name = \"my_bigint\",\n Type = \"bigint\",\n },\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Comment = \"\",\n Name = \"my_struct\",\n Type = \"struct\",\n },\n },\n InputFormat = \"org.apache.hadoop.hive.ql.io.parquet.MapredParquetInputFormat\",\n Location = \"s3://my-bucket/event-streams/my-stream\",\n OutputFormat = \"org.apache.hadoop.hive.ql.io.parquet.MapredParquetOutputFormat\",\n SerDeInfo = new Aws.Glue.Inputs.CatalogTableStorageDescriptorSerDeInfoArgs\n {\n Name = \"my-stream\",\n Parameters = \n {\n { \"serialization.format\", \"1\" },\n },\n SerializationLibrary = \"org.apache.hadoop.hive.ql.io.parquet.serde.ParquetHiveSerDe\",\n },\n },\n TableType = \"EXTERNAL_TABLE\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCatalogTable(ctx, \"awsGlueCatalogTable\", &glue.CatalogTableArgs{\n\t\t\tDatabaseName: pulumi.String(\"MyCatalogDatabase\"),\n\t\t\tName: pulumi.String(\"MyCatalogTable\"),\n\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\"EXTERNAL\": pulumi.String(\"TRUE\"),\n\t\t\t\t\"parquet.compression\": pulumi.String(\"SNAPPY\"),\n\t\t\t},\n\t\t\tStorageDescriptor: &glue.CatalogTableStorageDescriptorArgs{\n\t\t\t\tColumns: glue.CatalogTableStorageDescriptorColumnArray{\n\t\t\t\t\t&glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tName: pulumi.String(\"my_string\"),\n\t\t\t\t\t\tType: pulumi.String(\"string\"),\n\t\t\t\t\t},\n\t\t\t\t\t&glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tName: pulumi.String(\"my_double\"),\n\t\t\t\t\t\tType: pulumi.String(\"double\"),\n\t\t\t\t\t},\n\t\t\t\t\t&glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tComment: pulumi.String(\"\"),\n\t\t\t\t\t\tName: pulumi.String(\"my_date\"),\n\t\t\t\t\t\tType: pulumi.String(\"date\"),\n\t\t\t\t\t},\n\t\t\t\t\t&glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tComment: pulumi.String(\"\"),\n\t\t\t\t\t\tName: pulumi.String(\"my_bigint\"),\n\t\t\t\t\t\tType: pulumi.String(\"bigint\"),\n\t\t\t\t\t},\n\t\t\t\t\t&glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tComment: pulumi.String(\"\"),\n\t\t\t\t\t\tName: pulumi.String(\"my_struct\"),\n\t\t\t\t\t\tType: pulumi.String(\"struct\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tInputFormat: pulumi.String(\"org.apache.hadoop.hive.ql.io.parquet.MapredParquetInputFormat\"),\n\t\t\t\tLocation: pulumi.String(\"s3://my-bucket/event-streams/my-stream\"),\n\t\t\t\tOutputFormat: pulumi.String(\"org.apache.hadoop.hive.ql.io.parquet.MapredParquetOutputFormat\"),\n\t\t\t\tSerDeInfo: &glue.CatalogTableStorageDescriptorSerDeInfoArgs{\n\t\t\t\t\tName: pulumi.String(\"my-stream\"),\n\t\t\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\t\t\"serialization.format\": pulumi.String(\"1\"),\n\t\t\t\t\t},\n\t\t\t\t\tSerializationLibrary: pulumi.String(\"org.apache.hadoop.hive.ql.io.parquet.serde.ParquetHiveSerDe\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTableType: pulumi.String(\"EXTERNAL_TABLE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Tables can be imported with their catalog ID (usually AWS account ID), database name, and table name, e.g.\n\n```sh\n $ pulumi import aws:glue/catalogTable:CatalogTable MyTable 123456789012:MyDatabase:MyTable\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Glue Table.\n" + }, + "catalogId": { + "type": "string", + "description": "ID of the Data Catalog in which the table resides.\n" + }, + "databaseName": { + "type": "string", + "description": "Name of the catalog database that contains the target table.\n" + }, + "description": { + "type": "string", + "description": "Description of the table.\n" + }, + "name": { + "type": "string", + "description": "Name of the target table.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the table.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of initialization parameters for the SerDe, in key-value form.\n" + }, + "partitionIndices": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CatalogTablePartitionIndex:CatalogTablePartitionIndex" + }, + "description": "Configuration block for a maximum of 3 partition indexes. See `partition_index` below.\n" + }, + "partitionKeys": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CatalogTablePartitionKey:CatalogTablePartitionKey" + }, + "description": "Configuration block of columns by which the table is partitioned. Only primitive types are supported as partition keys. See `partition_keys` below.\n" + }, + "retention": { + "type": "integer", + "description": "Retention time for this table.\n" + }, + "storageDescriptor": { + "$ref": "#/types/aws:glue/CatalogTableStorageDescriptor:CatalogTableStorageDescriptor", + "description": "Configuration block for information about the physical storage of this table. For more information, refer to the [Glue Developer Guide](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-catalog-tables.html#aws-glue-api-catalog-tables-StorageDescriptor). See `storage_descriptor` below.\n" + }, + "tableType": { + "type": "string", + "description": "Type of this table (EXTERNAL_TABLE, VIRTUAL_VIEW, etc.). While optional, some Athena DDL queries such as `ALTER TABLE` and `SHOW CREATE TABLE` will fail if this argument is empty.\n" + }, + "targetTable": { + "$ref": "#/types/aws:glue/CatalogTableTargetTable:CatalogTableTargetTable", + "description": "Configuration block of a target table for resource linking. See `target_table` below.\n" + }, + "viewExpandedText": { + "type": "string", + "description": "If the table is a view, the expanded text of the view; otherwise null.\n" + }, + "viewOriginalText": { + "type": "string", + "description": "If the table is a view, the original text of the view; otherwise null.\n" + } + }, + "required": [ + "arn", + "catalogId", + "databaseName", + "name" + ], + "inputProperties": { + "catalogId": { + "type": "string", + "description": "ID of the Data Catalog in which the table resides.\n" + }, + "databaseName": { + "type": "string", + "description": "Name of the catalog database that contains the target table.\n" + }, + "description": { + "type": "string", + "description": "Description of the table.\n" + }, + "name": { + "type": "string", + "description": "Name of the target table.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the table.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of initialization parameters for the SerDe, in key-value form.\n" + }, + "partitionIndices": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CatalogTablePartitionIndex:CatalogTablePartitionIndex" + }, + "description": "Configuration block for a maximum of 3 partition indexes. See `partition_index` below.\n" + }, + "partitionKeys": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CatalogTablePartitionKey:CatalogTablePartitionKey" + }, + "description": "Configuration block of columns by which the table is partitioned. Only primitive types are supported as partition keys. See `partition_keys` below.\n" + }, + "retention": { + "type": "integer", + "description": "Retention time for this table.\n" + }, + "storageDescriptor": { + "$ref": "#/types/aws:glue/CatalogTableStorageDescriptor:CatalogTableStorageDescriptor", + "description": "Configuration block for information about the physical storage of this table. For more information, refer to the [Glue Developer Guide](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-catalog-tables.html#aws-glue-api-catalog-tables-StorageDescriptor). See `storage_descriptor` below.\n" + }, + "tableType": { + "type": "string", + "description": "Type of this table (EXTERNAL_TABLE, VIRTUAL_VIEW, etc.). While optional, some Athena DDL queries such as `ALTER TABLE` and `SHOW CREATE TABLE` will fail if this argument is empty.\n" + }, + "targetTable": { + "$ref": "#/types/aws:glue/CatalogTableTargetTable:CatalogTableTargetTable", + "description": "Configuration block of a target table for resource linking. See `target_table` below.\n" + }, + "viewExpandedText": { + "type": "string", + "description": "If the table is a view, the expanded text of the view; otherwise null.\n" + }, + "viewOriginalText": { + "type": "string", + "description": "If the table is a view, the original text of the view; otherwise null.\n" + } + }, + "requiredInputs": [ + "databaseName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CatalogTable resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Glue Table.\n" + }, + "catalogId": { + "type": "string", + "description": "ID of the Data Catalog in which the table resides.\n" + }, + "databaseName": { + "type": "string", + "description": "Name of the catalog database that contains the target table.\n" + }, + "description": { + "type": "string", + "description": "Description of the table.\n" + }, + "name": { + "type": "string", + "description": "Name of the target table.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the table.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of initialization parameters for the SerDe, in key-value form.\n" + }, + "partitionIndices": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CatalogTablePartitionIndex:CatalogTablePartitionIndex" + }, + "description": "Configuration block for a maximum of 3 partition indexes. See `partition_index` below.\n" + }, + "partitionKeys": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CatalogTablePartitionKey:CatalogTablePartitionKey" + }, + "description": "Configuration block of columns by which the table is partitioned. Only primitive types are supported as partition keys. See `partition_keys` below.\n" + }, + "retention": { + "type": "integer", + "description": "Retention time for this table.\n" + }, + "storageDescriptor": { + "$ref": "#/types/aws:glue/CatalogTableStorageDescriptor:CatalogTableStorageDescriptor", + "description": "Configuration block for information about the physical storage of this table. For more information, refer to the [Glue Developer Guide](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-catalog-tables.html#aws-glue-api-catalog-tables-StorageDescriptor). See `storage_descriptor` below.\n" + }, + "tableType": { + "type": "string", + "description": "Type of this table (EXTERNAL_TABLE, VIRTUAL_VIEW, etc.). While optional, some Athena DDL queries such as `ALTER TABLE` and `SHOW CREATE TABLE` will fail if this argument is empty.\n" + }, + "targetTable": { + "$ref": "#/types/aws:glue/CatalogTableTargetTable:CatalogTableTargetTable", + "description": "Configuration block of a target table for resource linking. See `target_table` below.\n" + }, + "viewExpandedText": { + "type": "string", + "description": "If the table is a view, the expanded text of the view; otherwise null.\n" + }, + "viewOriginalText": { + "type": "string", + "description": "If the table is a view, the original text of the view; otherwise null.\n" + } + }, + "type": "object" + } + }, + "aws:glue/classifier:Classifier": { + "description": "Provides a Glue Classifier resource.\n\n> **NOTE:** It is only valid to create one type of classifier (csv, grok, JSON, or XML). Changing classifier types will recreate the classifier.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Csv Classifier\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Classifier(\"example\", {\n csvClassifier: {\n allowSingleColumn: false,\n containsHeader: \"PRESENT\",\n delimiter: \",\",\n disableValueTrimming: false,\n headers: [\n \"example1\",\n \"example2\",\n ],\n quoteSymbol: \"'\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Classifier(\"example\", csv_classifier=aws.glue.ClassifierCsvClassifierArgs(\n allow_single_column=False,\n contains_header=\"PRESENT\",\n delimiter=\",\",\n disable_value_trimming=False,\n headers=[\n \"example1\",\n \"example2\",\n ],\n quote_symbol=\"'\",\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Classifier(\"example\", new Aws.Glue.ClassifierArgs\n {\n CsvClassifier = new Aws.Glue.Inputs.ClassifierCsvClassifierArgs\n {\n AllowSingleColumn = false,\n ContainsHeader = \"PRESENT\",\n Delimiter = \",\",\n DisableValueTrimming = false,\n Headers = \n {\n \"example1\",\n \"example2\",\n },\n QuoteSymbol = \"'\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewClassifier(ctx, \"example\", &glue.ClassifierArgs{\n\t\t\tCsvClassifier: &glue.ClassifierCsvClassifierArgs{\n\t\t\t\tAllowSingleColumn: pulumi.Bool(false),\n\t\t\t\tContainsHeader: pulumi.String(\"PRESENT\"),\n\t\t\t\tDelimiter: pulumi.String(\",\"),\n\t\t\t\tDisableValueTrimming: pulumi.Bool(false),\n\t\t\t\tHeaders: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"example1\"),\n\t\t\t\t\tpulumi.String(\"example2\"),\n\t\t\t\t},\n\t\t\t\tQuoteSymbol: pulumi.String(\"'\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Grok Classifier\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Classifier(\"example\", {\n grokClassifier: {\n classification: \"example\",\n grokPattern: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Classifier(\"example\", grok_classifier=aws.glue.ClassifierGrokClassifierArgs(\n classification=\"example\",\n grok_pattern=\"example\",\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Classifier(\"example\", new Aws.Glue.ClassifierArgs\n {\n GrokClassifier = new Aws.Glue.Inputs.ClassifierGrokClassifierArgs\n {\n Classification = \"example\",\n GrokPattern = \"example\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewClassifier(ctx, \"example\", &glue.ClassifierArgs{\n\t\t\tGrokClassifier: &glue.ClassifierGrokClassifierArgs{\n\t\t\t\tClassification: pulumi.String(\"example\"),\n\t\t\t\tGrokPattern: pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### JSON Classifier\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Classifier(\"example\", {\n jsonClassifier: {\n jsonPath: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Classifier(\"example\", json_classifier=aws.glue.ClassifierJsonClassifierArgs(\n json_path=\"example\",\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Classifier(\"example\", new Aws.Glue.ClassifierArgs\n {\n JsonClassifier = new Aws.Glue.Inputs.ClassifierJsonClassifierArgs\n {\n JsonPath = \"example\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewClassifier(ctx, \"example\", &glue.ClassifierArgs{\n\t\t\tJsonClassifier: &glue.ClassifierJsonClassifierArgs{\n\t\t\t\tJsonPath: pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### XML Classifier\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Classifier(\"example\", {\n xmlClassifier: {\n classification: \"example\",\n rowTag: \"example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Classifier(\"example\", xml_classifier=aws.glue.ClassifierXmlClassifierArgs(\n classification=\"example\",\n row_tag=\"example\",\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Classifier(\"example\", new Aws.Glue.ClassifierArgs\n {\n XmlClassifier = new Aws.Glue.Inputs.ClassifierXmlClassifierArgs\n {\n Classification = \"example\",\n RowTag = \"example\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewClassifier(ctx, \"example\", &glue.ClassifierArgs{\n\t\t\tXmlClassifier: &glue.ClassifierXmlClassifierArgs{\n\t\t\t\tClassification: pulumi.String(\"example\"),\n\t\t\t\tRowTag: pulumi.String(\"example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Classifiers can be imported using their name, e.g.\n\n```sh\n $ pulumi import aws:glue/classifier:Classifier MyClassifier MyClassifier\n```\n\n ", + "properties": { + "csvClassifier": { + "$ref": "#/types/aws:glue/ClassifierCsvClassifier:ClassifierCsvClassifier", + "description": "A classifier for Csv content. Defined below.\n" + }, + "grokClassifier": { + "$ref": "#/types/aws:glue/ClassifierGrokClassifier:ClassifierGrokClassifier", + "description": "A classifier that uses grok patterns. Defined below.\n" + }, + "jsonClassifier": { + "$ref": "#/types/aws:glue/ClassifierJsonClassifier:ClassifierJsonClassifier", + "description": "A classifier for JSON content. Defined below.\n" + }, + "name": { + "type": "string", + "description": "The name of the classifier.\n" + }, + "xmlClassifier": { + "$ref": "#/types/aws:glue/ClassifierXmlClassifier:ClassifierXmlClassifier", + "description": "A classifier for XML content. Defined below.\n" + } + }, + "required": [ + "name" + ], + "inputProperties": { + "csvClassifier": { + "$ref": "#/types/aws:glue/ClassifierCsvClassifier:ClassifierCsvClassifier", + "description": "A classifier for Csv content. Defined below.\n" + }, + "grokClassifier": { + "$ref": "#/types/aws:glue/ClassifierGrokClassifier:ClassifierGrokClassifier", + "description": "A classifier that uses grok patterns. Defined below.\n" + }, + "jsonClassifier": { + "$ref": "#/types/aws:glue/ClassifierJsonClassifier:ClassifierJsonClassifier", + "description": "A classifier for JSON content. Defined below.\n" + }, + "name": { + "type": "string", + "description": "The name of the classifier.\n" + }, + "xmlClassifier": { + "$ref": "#/types/aws:glue/ClassifierXmlClassifier:ClassifierXmlClassifier", + "description": "A classifier for XML content. Defined below.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Classifier resources.\n", + "properties": { + "csvClassifier": { + "$ref": "#/types/aws:glue/ClassifierCsvClassifier:ClassifierCsvClassifier", + "description": "A classifier for Csv content. Defined below.\n" + }, + "grokClassifier": { + "$ref": "#/types/aws:glue/ClassifierGrokClassifier:ClassifierGrokClassifier", + "description": "A classifier that uses grok patterns. Defined below.\n" + }, + "jsonClassifier": { + "$ref": "#/types/aws:glue/ClassifierJsonClassifier:ClassifierJsonClassifier", + "description": "A classifier for JSON content. Defined below.\n" + }, + "name": { + "type": "string", + "description": "The name of the classifier.\n" + }, + "xmlClassifier": { + "$ref": "#/types/aws:glue/ClassifierXmlClassifier:ClassifierXmlClassifier", + "description": "A classifier for XML content. Defined below.\n" + } + }, + "type": "object" + } + }, + "aws:glue/connection:Connection": { + "description": "Provides a Glue Connection resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Non-VPC Connection\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Connection(\"example\", {\n connectionProperties: {\n JDBC_CONNECTION_URL: \"jdbc:mysql://example.com/exampledatabase\",\n PASSWORD: \"examplepassword\",\n USERNAME: \"exampleusername\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Connection(\"example\", connection_properties={\n \"JDBC_CONNECTION_URL\": \"jdbc:mysql://example.com/exampledatabase\",\n \"PASSWORD\": \"examplepassword\",\n \"USERNAME\": \"exampleusername\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Connection(\"example\", new Aws.Glue.ConnectionArgs\n {\n ConnectionProperties = \n {\n { \"JDBC_CONNECTION_URL\", \"jdbc:mysql://example.com/exampledatabase\" },\n { \"PASSWORD\", \"examplepassword\" },\n { \"USERNAME\", \"exampleusername\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewConnection(ctx, \"example\", &glue.ConnectionArgs{\n\t\t\tConnectionProperties: pulumi.StringMap{\n\t\t\t\t\"JDBC_CONNECTION_URL\": pulumi.String(\"jdbc:mysql://example.com/exampledatabase\"),\n\t\t\t\t\"PASSWORD\": pulumi.String(\"examplepassword\"),\n\t\t\t\t\"USERNAME\": pulumi.String(\"exampleusername\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### VPC Connection\n\nFor more information, see the [AWS Documentation](https://docs.aws.amazon.com/glue/latest/dg/populate-add-connection.html#connection-JDBC-VPC).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Connection(\"example\", {\n connectionProperties: {\n JDBC_CONNECTION_URL: `jdbc:mysql://${aws_rds_cluster.example.endpoint}/exampledatabase`,\n PASSWORD: \"examplepassword\",\n USERNAME: \"exampleusername\",\n },\n physicalConnectionRequirements: {\n availabilityZone: aws_subnet.example.availability_zone,\n securityGroupIdLists: [aws_security_group.example.id],\n subnetId: aws_subnet.example.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Connection(\"example\",\n connection_properties={\n \"JDBC_CONNECTION_URL\": f\"jdbc:mysql://{aws_rds_cluster['example']['endpoint']}/exampledatabase\",\n \"PASSWORD\": \"examplepassword\",\n \"USERNAME\": \"exampleusername\",\n },\n physical_connection_requirements=aws.glue.ConnectionPhysicalConnectionRequirementsArgs(\n availability_zone=aws_subnet[\"example\"][\"availability_zone\"],\n security_group_id_lists=[aws_security_group[\"example\"][\"id\"]],\n subnet_id=aws_subnet[\"example\"][\"id\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Connection(\"example\", new Aws.Glue.ConnectionArgs\n {\n ConnectionProperties = \n {\n { \"JDBC_CONNECTION_URL\", $\"jdbc:mysql://{aws_rds_cluster.Example.Endpoint}/exampledatabase\" },\n { \"PASSWORD\", \"examplepassword\" },\n { \"USERNAME\", \"exampleusername\" },\n },\n PhysicalConnectionRequirements = new Aws.Glue.Inputs.ConnectionPhysicalConnectionRequirementsArgs\n {\n AvailabilityZone = aws_subnet.Example.Availability_zone,\n SecurityGroupIdLists = \n {\n aws_security_group.Example.Id,\n },\n SubnetId = aws_subnet.Example.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewConnection(ctx, \"example\", &glue.ConnectionArgs{\n\t\t\tConnectionProperties: pulumi.StringMap{\n\t\t\t\t\"JDBC_CONNECTION_URL\": pulumi.String(fmt.Sprintf(\"%v%v%v\", \"jdbc:mysql://\", aws_rds_cluster.Example.Endpoint, \"/exampledatabase\")),\n\t\t\t\t\"PASSWORD\": pulumi.String(\"examplepassword\"),\n\t\t\t\t\"USERNAME\": pulumi.String(\"exampleusername\"),\n\t\t\t},\n\t\t\tPhysicalConnectionRequirements: &glue.ConnectionPhysicalConnectionRequirementsArgs{\n\t\t\t\tAvailabilityZone: pulumi.Any(aws_subnet.Example.Availability_zone),\n\t\t\t\tSecurityGroupIdLists: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_security_group.Example.Id),\n\t\t\t\t},\n\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Connections can be imported using the `CATALOG-ID` (AWS account ID if not custom) and `NAME`, e.g.\n\n```sh\n $ pulumi import aws:glue/connection:Connection MyConnection 123456789012:MyConnection\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Glue Connection.\n" + }, + "catalogId": { + "type": "string", + "description": "The ID of the Data Catalog in which to create the connection. If none is supplied, the AWS account ID is used by default.\n" + }, + "connectionProperties": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs used as parameters for this connection.\n" + }, + "connectionType": { + "type": "string", + "description": "The type of the connection. Supported are: `JDBC`, `MONGODB`, `KAFKA`, and `NETWORK`. Defaults to `JBDC`.\n" + }, + "description": { + "type": "string", + "description": "Description of the connection.\n" + }, + "matchCriterias": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of criteria that can be used in selecting this connection.\n" + }, + "name": { + "type": "string", + "description": "The name of the connection.\n" + }, + "physicalConnectionRequirements": { + "$ref": "#/types/aws:glue/ConnectionPhysicalConnectionRequirements:ConnectionPhysicalConnectionRequirements", + "description": "A map of physical connection requirements, such as VPC and SecurityGroup. Defined below.\n" + } + }, + "required": [ + "arn", + "catalogId", + "name" + ], + "inputProperties": { + "catalogId": { + "type": "string", + "description": "The ID of the Data Catalog in which to create the connection. If none is supplied, the AWS account ID is used by default.\n" + }, + "connectionProperties": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs used as parameters for this connection.\n" + }, + "connectionType": { + "type": "string", + "description": "The type of the connection. Supported are: `JDBC`, `MONGODB`, `KAFKA`, and `NETWORK`. Defaults to `JBDC`.\n" + }, + "description": { + "type": "string", + "description": "Description of the connection.\n" + }, + "matchCriterias": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of criteria that can be used in selecting this connection.\n" + }, + "name": { + "type": "string", + "description": "The name of the connection.\n" + }, + "physicalConnectionRequirements": { + "$ref": "#/types/aws:glue/ConnectionPhysicalConnectionRequirements:ConnectionPhysicalConnectionRequirements", + "description": "A map of physical connection requirements, such as VPC and SecurityGroup. Defined below.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Connection resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Glue Connection.\n" + }, + "catalogId": { + "type": "string", + "description": "The ID of the Data Catalog in which to create the connection. If none is supplied, the AWS account ID is used by default.\n" + }, + "connectionProperties": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs used as parameters for this connection.\n" + }, + "connectionType": { + "type": "string", + "description": "The type of the connection. Supported are: `JDBC`, `MONGODB`, `KAFKA`, and `NETWORK`. Defaults to `JBDC`.\n" + }, + "description": { + "type": "string", + "description": "Description of the connection.\n" + }, + "matchCriterias": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of criteria that can be used in selecting this connection.\n" + }, + "name": { + "type": "string", + "description": "The name of the connection.\n" + }, + "physicalConnectionRequirements": { + "$ref": "#/types/aws:glue/ConnectionPhysicalConnectionRequirements:ConnectionPhysicalConnectionRequirements", + "description": "A map of physical connection requirements, such as VPC and SecurityGroup. Defined below.\n" + } + }, + "type": "object" + } + }, + "aws:glue/crawler:Crawler": { + "description": "Manages a Glue Crawler. More information can be found in the [AWS Glue Developer Guide](https://docs.aws.amazon.com/glue/latest/dg/add-crawler.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### DynamoDB Target Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Crawler(\"example\", {\n databaseName: aws_glue_catalog_database.example.name,\n role: aws_iam_role.example.arn,\n dynamodbTargets: [{\n path: \"table-name\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Crawler(\"example\",\n database_name=aws_glue_catalog_database[\"example\"][\"name\"],\n role=aws_iam_role[\"example\"][\"arn\"],\n dynamodb_targets=[aws.glue.CrawlerDynamodbTargetArgs(\n path=\"table-name\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Crawler(\"example\", new Aws.Glue.CrawlerArgs\n {\n DatabaseName = aws_glue_catalog_database.Example.Name,\n Role = aws_iam_role.Example.Arn,\n DynamodbTargets = \n {\n new Aws.Glue.Inputs.CrawlerDynamodbTargetArgs\n {\n Path = \"table-name\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCrawler(ctx, \"example\", &glue.CrawlerArgs{\n\t\t\tDatabaseName: pulumi.Any(aws_glue_catalog_database.Example.Name),\n\t\t\tRole: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tDynamodbTargets: glue.CrawlerDynamodbTargetArray{\n\t\t\t\t&glue.CrawlerDynamodbTargetArgs{\n\t\t\t\t\tPath: pulumi.String(\"table-name\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### JDBC Target Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Crawler(\"example\", {\n databaseName: aws_glue_catalog_database.example.name,\n role: aws_iam_role.example.arn,\n jdbcTargets: [{\n connectionName: aws_glue_connection.example.name,\n path: `database-name/%`,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Crawler(\"example\",\n database_name=aws_glue_catalog_database[\"example\"][\"name\"],\n role=aws_iam_role[\"example\"][\"arn\"],\n jdbc_targets=[aws.glue.CrawlerJdbcTargetArgs(\n connection_name=aws_glue_connection[\"example\"][\"name\"],\n path=\"database-name/%\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Crawler(\"example\", new Aws.Glue.CrawlerArgs\n {\n DatabaseName = aws_glue_catalog_database.Example.Name,\n Role = aws_iam_role.Example.Arn,\n JdbcTargets = \n {\n new Aws.Glue.Inputs.CrawlerJdbcTargetArgs\n {\n ConnectionName = aws_glue_connection.Example.Name,\n Path = \"database-name/%\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCrawler(ctx, \"example\", &glue.CrawlerArgs{\n\t\t\tDatabaseName: pulumi.Any(aws_glue_catalog_database.Example.Name),\n\t\t\tRole: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tJdbcTargets: glue.CrawlerJdbcTargetArray{\n\t\t\t\t&glue.CrawlerJdbcTargetArgs{\n\t\t\t\t\tConnectionName: pulumi.Any(aws_glue_connection.Example.Name),\n\t\t\t\t\tPath: pulumi.String(fmt.Sprintf(\"%v%v\", \"database-name/\", \"%\")),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### S3 Target Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Crawler(\"example\", {\n databaseName: aws_glue_catalog_database.example.name,\n role: aws_iam_role.example.arn,\n s3Targets: [{\n path: `s3://${aws_s3_bucket.example.bucket}`,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Crawler(\"example\",\n database_name=aws_glue_catalog_database[\"example\"][\"name\"],\n role=aws_iam_role[\"example\"][\"arn\"],\n s3_targets=[aws.glue.CrawlerS3TargetArgs(\n path=f\"s3://{aws_s3_bucket['example']['bucket']}\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Crawler(\"example\", new Aws.Glue.CrawlerArgs\n {\n DatabaseName = aws_glue_catalog_database.Example.Name,\n Role = aws_iam_role.Example.Arn,\n S3Targets = \n {\n new Aws.Glue.Inputs.CrawlerS3TargetArgs\n {\n Path = $\"s3://{aws_s3_bucket.Example.Bucket}\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCrawler(ctx, \"example\", &glue.CrawlerArgs{\n\t\t\tDatabaseName: pulumi.Any(aws_glue_catalog_database.Example.Name),\n\t\t\tRole: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tS3Targets: glue.CrawlerS3TargetArray{\n\t\t\t\t&glue.CrawlerS3TargetArgs{\n\t\t\t\t\tPath: pulumi.String(fmt.Sprintf(\"%v%v\", \"s3://\", aws_s3_bucket.Example.Bucket)),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### Catalog Target Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Crawler(\"example\", {\n databaseName: aws_glue_catalog_database.example.name,\n role: aws_iam_role.example.arn,\n catalogTargets: [{\n databaseName: aws_glue_catalog_database.example.name,\n tables: [aws_glue_catalog_table.example.name],\n }],\n schemaChangePolicy: {\n deleteBehavior: \"LOG\",\n },\n configuration: `{\n \"Version\":1.0,\n \"Grouping\": {\n \"TableGroupingPolicy\": \"CombineCompatibleSchemas\"\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Crawler(\"example\",\n database_name=aws_glue_catalog_database[\"example\"][\"name\"],\n role=aws_iam_role[\"example\"][\"arn\"],\n catalog_targets=[aws.glue.CrawlerCatalogTargetArgs(\n database_name=aws_glue_catalog_database[\"example\"][\"name\"],\n tables=[aws_glue_catalog_table[\"example\"][\"name\"]],\n )],\n schema_change_policy=aws.glue.CrawlerSchemaChangePolicyArgs(\n delete_behavior=\"LOG\",\n ),\n configuration=\"\"\"{\n \"Version\":1.0,\n \"Grouping\": {\n \"TableGroupingPolicy\": \"CombineCompatibleSchemas\"\n }\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Crawler(\"example\", new Aws.Glue.CrawlerArgs\n {\n DatabaseName = aws_glue_catalog_database.Example.Name,\n Role = aws_iam_role.Example.Arn,\n CatalogTargets = \n {\n new Aws.Glue.Inputs.CrawlerCatalogTargetArgs\n {\n DatabaseName = aws_glue_catalog_database.Example.Name,\n Tables = \n {\n aws_glue_catalog_table.Example.Name,\n },\n },\n },\n SchemaChangePolicy = new Aws.Glue.Inputs.CrawlerSchemaChangePolicyArgs\n {\n DeleteBehavior = \"LOG\",\n },\n Configuration = @\"{\n \"\"Version\"\":1.0,\n \"\"Grouping\"\": {\n \"\"TableGroupingPolicy\"\": \"\"CombineCompatibleSchemas\"\"\n }\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCrawler(ctx, \"example\", &glue.CrawlerArgs{\n\t\t\tDatabaseName: pulumi.Any(aws_glue_catalog_database.Example.Name),\n\t\t\tRole: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tCatalogTargets: glue.CrawlerCatalogTargetArray{\n\t\t\t\t&glue.CrawlerCatalogTargetArgs{\n\t\t\t\t\tDatabaseName: pulumi.Any(aws_glue_catalog_database.Example.Name),\n\t\t\t\t\tTables: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_glue_catalog_table.Example.Name),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSchemaChangePolicy: &glue.CrawlerSchemaChangePolicyArgs{\n\t\t\t\tDeleteBehavior: pulumi.String(\"LOG\"),\n\t\t\t},\n\t\t\tConfiguration: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\":1.0,\\n\", \" \\\"Grouping\\\": {\\n\", \" \\\"TableGroupingPolicy\\\": \\\"CombineCompatibleSchemas\\\"\\n\", \" }\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### MongoDB Target Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Crawler(\"example\", {\n databaseName: aws_glue_catalog_database.example.name,\n role: aws_iam_role.example.arn,\n mongodbTargets: [{\n connectionName: aws_glue_connection.example.name,\n path: `database-name/%`,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Crawler(\"example\",\n database_name=aws_glue_catalog_database[\"example\"][\"name\"],\n role=aws_iam_role[\"example\"][\"arn\"],\n mongodb_targets=[aws.glue.CrawlerMongodbTargetArgs(\n connection_name=aws_glue_connection[\"example\"][\"name\"],\n path=\"database-name/%\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Crawler(\"example\", new Aws.Glue.CrawlerArgs\n {\n DatabaseName = aws_glue_catalog_database.Example.Name,\n Role = aws_iam_role.Example.Arn,\n MongodbTargets = \n {\n new Aws.Glue.Inputs.CrawlerMongodbTargetArgs\n {\n ConnectionName = aws_glue_connection.Example.Name,\n Path = \"database-name/%\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewCrawler(ctx, \"example\", &glue.CrawlerArgs{\n\t\t\tDatabaseName: pulumi.Any(aws_glue_catalog_database.Example.Name),\n\t\t\tRole: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tMongodbTargets: glue.CrawlerMongodbTargetArray{\n\t\t\t\t&glue.CrawlerMongodbTargetArgs{\n\t\t\t\t\tConnectionName: pulumi.Any(aws_glue_connection.Example.Name),\n\t\t\t\t\tPath: pulumi.String(fmt.Sprintf(\"%v%v\", \"database-name/\", \"%\")),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Configuration Settings Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst eventsCrawler = new aws.glue.Crawler(\"eventsCrawler\", {\n databaseName: aws_glue_catalog_database.glue_database.name,\n schedule: \"cron(0 1 * * ? *)\",\n role: aws_iam_role.glue_role.arn,\n tags: _var.tags,\n configuration: JSON.stringify({\n Grouping: {\n TableGroupingPolicy: \"CombineCompatibleSchemas\",\n },\n CrawlerOutput: {\n Partitions: {\n AddOrUpdateBehavior: \"InheritFromTable\",\n },\n },\n Version: 1,\n }),\n s3Targets: [{\n path: `s3://${aws_s3_bucket.data_lake_bucket.bucket}`,\n }],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nevents_crawler = aws.glue.Crawler(\"eventsCrawler\",\n database_name=aws_glue_catalog_database[\"glue_database\"][\"name\"],\n schedule=\"cron(0 1 * * ? *)\",\n role=aws_iam_role[\"glue_role\"][\"arn\"],\n tags=var[\"tags\"],\n configuration=json.dumps({\n \"Grouping\": {\n \"TableGroupingPolicy\": \"CombineCompatibleSchemas\",\n },\n \"CrawlerOutput\": {\n \"Partitions\": {\n \"AddOrUpdateBehavior\": \"InheritFromTable\",\n },\n },\n \"Version\": 1,\n }),\n s3_targets=[aws.glue.CrawlerS3TargetArgs(\n path=f\"s3://{aws_s3_bucket['data_lake_bucket']['bucket']}\",\n )])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var eventsCrawler = new Aws.Glue.Crawler(\"eventsCrawler\", new Aws.Glue.CrawlerArgs\n {\n DatabaseName = aws_glue_catalog_database.Glue_database.Name,\n Schedule = \"cron(0 1 * * ? *)\",\n Role = aws_iam_role.Glue_role.Arn,\n Tags = @var.Tags,\n Configuration = JsonSerializer.Serialize(new Dictionary\n {\n { \"Grouping\", new Dictionary\n {\n { \"TableGroupingPolicy\", \"CombineCompatibleSchemas\" },\n } },\n { \"CrawlerOutput\", new Dictionary\n {\n { \"Partitions\", new Dictionary\n {\n { \"AddOrUpdateBehavior\", \"InheritFromTable\" },\n } },\n } },\n { \"Version\", 1 },\n }),\n S3Targets = \n {\n new Aws.Glue.Inputs.CrawlerS3TargetArgs\n {\n Path = $\"s3://{aws_s3_bucket.Data_lake_bucket.Bucket}\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Grouping\": map[string]interface{}{\n\t\t\t\t\"TableGroupingPolicy\": \"CombineCompatibleSchemas\",\n\t\t\t},\n\t\t\t\"CrawlerOutput\": map[string]interface{}{\n\t\t\t\t\"Partitions\": map[string]interface{}{\n\t\t\t\t\t\"AddOrUpdateBehavior\": \"InheritFromTable\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"Version\": 1,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := glue.NewCrawler(ctx, \"eventsCrawler\", &glue.CrawlerArgs{\n\t\t\tDatabaseName: pulumi.Any(aws_glue_catalog_database.Glue_database.Name),\n\t\t\tSchedule: pulumi.String(\"cron(0 1 * * ? *)\"),\n\t\t\tRole: pulumi.Any(aws_iam_role.Glue_role.Arn),\n\t\t\tTags: pulumi.Any(_var.Tags),\n\t\t\tConfiguration: pulumi.String(json0),\n\t\t\tS3Targets: glue.CrawlerS3TargetArray{\n\t\t\t\t&glue.CrawlerS3TargetArgs{\n\t\t\t\t\tPath: pulumi.String(fmt.Sprintf(\"%v%v\", \"s3://\", aws_s3_bucket.Data_lake_bucket.Bucket)),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Crawlers can be imported using `name`, e.g.\n\n```sh\n $ pulumi import aws:glue/crawler:Crawler MyJob MyJob\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the crawler\n" + }, + "catalogTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerCatalogTarget:CrawlerCatalogTarget" + } + }, + "classifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of custom classifiers. By default, all AWS classifiers are included in a crawl, but these custom classifiers always override the default classifiers for a given classification.\n" + }, + "configuration": { + "type": "string", + "description": "JSON string of configuration information. For more details see [Setting Crawler Configuration Options](https://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html).\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the Glue database to be synchronized.\n" + }, + "description": { + "type": "string", + "description": "Description of the crawler.\n" + }, + "dynamodbTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerDynamodbTarget:CrawlerDynamodbTarget" + }, + "description": "List of nested DynamoDB target arguments. See Dynamodb Target below.\n" + }, + "jdbcTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerJdbcTarget:CrawlerJdbcTarget" + }, + "description": "List of nested JBDC target arguments. See JDBC Target below.\n" + }, + "lineageConfiguration": { + "$ref": "#/types/aws:glue/CrawlerLineageConfiguration:CrawlerLineageConfiguration", + "description": "Specifies data lineage configuration settings for the crawler. See Lineage Configuration below.\n" + }, + "mongodbTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerMongodbTarget:CrawlerMongodbTarget" + }, + "description": "List nested MongoDB target arguments. See MongoDB Target below.\n" + }, + "name": { + "type": "string", + "description": "Name of the crawler.\n" + }, + "recrawlPolicy": { + "$ref": "#/types/aws:glue/CrawlerRecrawlPolicy:CrawlerRecrawlPolicy", + "description": "A policy that specifies whether to crawl the entire dataset again, or to crawl only folders that were added since the last crawler run.. See Recrawl Policy below.\n" + }, + "role": { + "type": "string", + "description": "The IAM role friendly name (including path without leading slash), or ARN of an IAM role, used by the crawler to access other resources.\n" + }, + "s3Targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerS3Target:CrawlerS3Target" + }, + "description": "List nested Amazon S3 target arguments. See S3 Target below.\n" + }, + "schedule": { + "type": "string", + "description": "A cron expression used to specify the schedule. For more information, see [Time-Based Schedules for Jobs and Crawlers](https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html). For example, to run something every day at 12:15 UTC, you would specify: `cron(15 12 * * ? *)`.\n" + }, + "schemaChangePolicy": { + "$ref": "#/types/aws:glue/CrawlerSchemaChangePolicy:CrawlerSchemaChangePolicy", + "description": "Policy for the crawler's update and deletion behavior. See Schema Change Policy below.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The name of Security Configuration to be used by the crawler\n" + }, + "tablePrefix": { + "type": "string", + "description": "The table prefix used for catalog tables that are created.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "databaseName", + "name", + "role", + "tagsAll" + ], + "inputProperties": { + "catalogTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerCatalogTarget:CrawlerCatalogTarget" + } + }, + "classifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of custom classifiers. By default, all AWS classifiers are included in a crawl, but these custom classifiers always override the default classifiers for a given classification.\n" + }, + "configuration": { + "type": "string", + "description": "JSON string of configuration information. For more details see [Setting Crawler Configuration Options](https://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html).\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the Glue database to be synchronized.\n" + }, + "description": { + "type": "string", + "description": "Description of the crawler.\n" + }, + "dynamodbTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerDynamodbTarget:CrawlerDynamodbTarget" + }, + "description": "List of nested DynamoDB target arguments. See Dynamodb Target below.\n" + }, + "jdbcTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerJdbcTarget:CrawlerJdbcTarget" + }, + "description": "List of nested JBDC target arguments. See JDBC Target below.\n" + }, + "lineageConfiguration": { + "$ref": "#/types/aws:glue/CrawlerLineageConfiguration:CrawlerLineageConfiguration", + "description": "Specifies data lineage configuration settings for the crawler. See Lineage Configuration below.\n" + }, + "mongodbTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerMongodbTarget:CrawlerMongodbTarget" + }, + "description": "List nested MongoDB target arguments. See MongoDB Target below.\n" + }, + "name": { + "type": "string", + "description": "Name of the crawler.\n" + }, + "recrawlPolicy": { + "$ref": "#/types/aws:glue/CrawlerRecrawlPolicy:CrawlerRecrawlPolicy", + "description": "A policy that specifies whether to crawl the entire dataset again, or to crawl only folders that were added since the last crawler run.. See Recrawl Policy below.\n" + }, + "role": { + "type": "string", + "description": "The IAM role friendly name (including path without leading slash), or ARN of an IAM role, used by the crawler to access other resources.\n" + }, + "s3Targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerS3Target:CrawlerS3Target" + }, + "description": "List nested Amazon S3 target arguments. See S3 Target below.\n" + }, + "schedule": { + "type": "string", + "description": "A cron expression used to specify the schedule. For more information, see [Time-Based Schedules for Jobs and Crawlers](https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html). For example, to run something every day at 12:15 UTC, you would specify: `cron(15 12 * * ? *)`.\n" + }, + "schemaChangePolicy": { + "$ref": "#/types/aws:glue/CrawlerSchemaChangePolicy:CrawlerSchemaChangePolicy", + "description": "Policy for the crawler's update and deletion behavior. See Schema Change Policy below.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The name of Security Configuration to be used by the crawler\n" + }, + "tablePrefix": { + "type": "string", + "description": "The table prefix used for catalog tables that are created.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "databaseName", + "role" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Crawler resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the crawler\n" + }, + "catalogTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerCatalogTarget:CrawlerCatalogTarget" + } + }, + "classifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of custom classifiers. By default, all AWS classifiers are included in a crawl, but these custom classifiers always override the default classifiers for a given classification.\n" + }, + "configuration": { + "type": "string", + "description": "JSON string of configuration information. For more details see [Setting Crawler Configuration Options](https://docs.aws.amazon.com/glue/latest/dg/crawler-configuration.html).\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the Glue database to be synchronized.\n" + }, + "description": { + "type": "string", + "description": "Description of the crawler.\n" + }, + "dynamodbTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerDynamodbTarget:CrawlerDynamodbTarget" + }, + "description": "List of nested DynamoDB target arguments. See Dynamodb Target below.\n" + }, + "jdbcTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerJdbcTarget:CrawlerJdbcTarget" + }, + "description": "List of nested JBDC target arguments. See JDBC Target below.\n" + }, + "lineageConfiguration": { + "$ref": "#/types/aws:glue/CrawlerLineageConfiguration:CrawlerLineageConfiguration", + "description": "Specifies data lineage configuration settings for the crawler. See Lineage Configuration below.\n" + }, + "mongodbTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerMongodbTarget:CrawlerMongodbTarget" + }, + "description": "List nested MongoDB target arguments. See MongoDB Target below.\n" + }, + "name": { + "type": "string", + "description": "Name of the crawler.\n" + }, + "recrawlPolicy": { + "$ref": "#/types/aws:glue/CrawlerRecrawlPolicy:CrawlerRecrawlPolicy", + "description": "A policy that specifies whether to crawl the entire dataset again, or to crawl only folders that were added since the last crawler run.. See Recrawl Policy below.\n" + }, + "role": { + "type": "string", + "description": "The IAM role friendly name (including path without leading slash), or ARN of an IAM role, used by the crawler to access other resources.\n" + }, + "s3Targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/CrawlerS3Target:CrawlerS3Target" + }, + "description": "List nested Amazon S3 target arguments. See S3 Target below.\n" + }, + "schedule": { + "type": "string", + "description": "A cron expression used to specify the schedule. For more information, see [Time-Based Schedules for Jobs and Crawlers](https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html). For example, to run something every day at 12:15 UTC, you would specify: `cron(15 12 * * ? *)`.\n" + }, + "schemaChangePolicy": { + "$ref": "#/types/aws:glue/CrawlerSchemaChangePolicy:CrawlerSchemaChangePolicy", + "description": "Policy for the crawler's update and deletion behavior. See Schema Change Policy below.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The name of Security Configuration to be used by the crawler\n" + }, + "tablePrefix": { + "type": "string", + "description": "The table prefix used for catalog tables that are created.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:glue/dataCatalogEncryptionSettings:DataCatalogEncryptionSettings": { + "description": "Provides a Glue Data Catalog Encryption Settings resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.DataCatalogEncryptionSettings(\"example\", {dataCatalogEncryptionSettings: {\n connectionPasswordEncryption: {\n awsKmsKeyId: aws_kms_key.test.arn,\n returnConnectionPasswordEncrypted: true,\n },\n encryptionAtRest: {\n catalogEncryptionMode: \"SSE-KMS\",\n sseAwsKmsKeyId: aws_kms_key.test.arn,\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.DataCatalogEncryptionSettings(\"example\", data_catalog_encryption_settings=aws.glue.DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsArgs(\n connection_password_encryption=aws.glue.DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsConnectionPasswordEncryptionArgs(\n aws_kms_key_id=aws_kms_key[\"test\"][\"arn\"],\n return_connection_password_encrypted=True,\n ),\n encryption_at_rest=aws.glue.DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsEncryptionAtRestArgs(\n catalog_encryption_mode=\"SSE-KMS\",\n sse_aws_kms_key_id=aws_kms_key[\"test\"][\"arn\"],\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.DataCatalogEncryptionSettings(\"example\", new Aws.Glue.DataCatalogEncryptionSettingsArgs\n {\n DataCatalogEncryptionSettings = new Aws.Glue.Inputs.DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsArgs\n {\n ConnectionPasswordEncryption = new Aws.Glue.Inputs.DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsConnectionPasswordEncryptionArgs\n {\n AwsKmsKeyId = aws_kms_key.Test.Arn,\n ReturnConnectionPasswordEncrypted = true,\n },\n EncryptionAtRest = new Aws.Glue.Inputs.DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsEncryptionAtRestArgs\n {\n CatalogEncryptionMode = \"SSE-KMS\",\n SseAwsKmsKeyId = aws_kms_key.Test.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewDataCatalogEncryptionSettings(ctx, \"example\", &glue.DataCatalogEncryptionSettingsArgs{\n\t\t\tDataCatalogEncryptionSettings: &glue.DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsArgs{\n\t\t\t\tConnectionPasswordEncryption: &glue.DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsConnectionPasswordEncryptionArgs{\n\t\t\t\t\tAwsKmsKeyId: pulumi.Any(aws_kms_key.Test.Arn),\n\t\t\t\t\tReturnConnectionPasswordEncrypted: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t\tEncryptionAtRest: &glue.DataCatalogEncryptionSettingsDataCatalogEncryptionSettingsEncryptionAtRestArgs{\n\t\t\t\t\tCatalogEncryptionMode: pulumi.String(\"SSE-KMS\"),\n\t\t\t\t\tSseAwsKmsKeyId: pulumi.Any(aws_kms_key.Test.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Data Catalog Encryption Settings can be imported using `CATALOG-ID` (AWS account ID if not custom), e.g.\n\n```sh\n $ pulumi import aws:glue/dataCatalogEncryptionSettings:DataCatalogEncryptionSettings example 123456789012\n```\n\n ", + "properties": { + "catalogId": { + "type": "string", + "description": "The ID of the Data Catalog to set the security configuration for. If none is provided, the AWS account ID is used by default.\n" + }, + "dataCatalogEncryptionSettings": { + "$ref": "#/types/aws:glue/DataCatalogEncryptionSettingsDataCatalogEncryptionSettings:DataCatalogEncryptionSettingsDataCatalogEncryptionSettings", + "description": "The security configuration to set. see Data Catalog Encryption Settings.\n", + "language": { + "csharp": { + "name": "DataCatalogEncryptionSettingsConfig" + } + } + } + }, + "required": [ + "catalogId", + "dataCatalogEncryptionSettings" + ], + "inputProperties": { + "catalogId": { + "type": "string", + "description": "The ID of the Data Catalog to set the security configuration for. If none is provided, the AWS account ID is used by default.\n" + }, + "dataCatalogEncryptionSettings": { + "$ref": "#/types/aws:glue/DataCatalogEncryptionSettingsDataCatalogEncryptionSettings:DataCatalogEncryptionSettingsDataCatalogEncryptionSettings", + "description": "The security configuration to set. see Data Catalog Encryption Settings.\n", + "language": { + "csharp": { + "name": "DataCatalogEncryptionSettingsConfig" + } + } + } + }, + "requiredInputs": [ + "dataCatalogEncryptionSettings" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DataCatalogEncryptionSettings resources.\n", + "properties": { + "catalogId": { + "type": "string", + "description": "The ID of the Data Catalog to set the security configuration for. If none is provided, the AWS account ID is used by default.\n" + }, + "dataCatalogEncryptionSettings": { + "$ref": "#/types/aws:glue/DataCatalogEncryptionSettingsDataCatalogEncryptionSettings:DataCatalogEncryptionSettingsDataCatalogEncryptionSettings", + "description": "The security configuration to set. see Data Catalog Encryption Settings.\n", + "language": { + "csharp": { + "name": "DataCatalogEncryptionSettingsConfig" + } + } + } + }, + "type": "object" + } + }, + "aws:glue/devEndpoint:DevEndpoint": { + "description": "Provides a Glue Development Endpoint resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"glue.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: examplePolicyDocument.then(examplePolicyDocument => examplePolicyDocument.json)});\nconst exampleDevEndpoint = new aws.glue.DevEndpoint(\"exampleDevEndpoint\", {roleArn: exampleRole.arn});\nconst example_AWSGlueServiceRole = new aws.iam.RolePolicyAttachment(\"example-AWSGlueServiceRole\", {\n policyArn: \"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\n role: exampleRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"glue.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=example_policy_document.json)\nexample_dev_endpoint = aws.glue.DevEndpoint(\"exampleDevEndpoint\", role_arn=example_role.arn)\nexample__aws_glue_service_role = aws.iam.RolePolicyAttachment(\"example-AWSGlueServiceRole\",\n policy_arn=\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\n role=example_role.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplePolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sts:AssumeRole\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"glue.amazonaws.com\",\n },\n },\n },\n },\n },\n }));\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = examplePolicyDocument.Apply(examplePolicyDocument => examplePolicyDocument.Json),\n });\n var exampleDevEndpoint = new Aws.Glue.DevEndpoint(\"exampleDevEndpoint\", new Aws.Glue.DevEndpointArgs\n {\n RoleArn = exampleRole.Arn,\n });\n var example_AWSGlueServiceRole = new Aws.Iam.RolePolicyAttachment(\"example-AWSGlueServiceRole\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n PolicyArn = \"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\",\n Role = exampleRole.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"glue.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewDevEndpoint(ctx, \"exampleDevEndpoint\", &glue.DevEndpointArgs{\n\t\t\tRoleArn: exampleRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"example_AWSGlueServiceRole\", &iam.RolePolicyAttachmentArgs{\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/service-role/AWSGlueServiceRole\"),\n\t\t\tRole: exampleRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nA Glue Development Endpoint can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:glue/devEndpoint:DevEndpoint example foo\n```\n\n ", + "properties": { + "arguments": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "A map of arguments used to configure the endpoint.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the endpoint.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AWS availability zone where this endpoint is located.\n" + }, + "extraJarsS3Path": { + "type": "string", + "description": "Path to one or more Java Jars in an S3 bucket that should be loaded in this endpoint.\n" + }, + "extraPythonLibsS3Path": { + "type": "string", + "description": "Path(s) to one or more Python libraries in an S3 bucket that should be loaded in this endpoint. Multiple values must be complete paths separated by a comma.\n" + }, + "failureReason": { + "type": "string", + "description": "The reason for a current failure in this endpoint.\n" + }, + "glueVersion": { + "type": "string", + "description": "- Specifies the versions of Python and Apache Spark to use. Defaults to AWS Glue version 0.9.\n" + }, + "name": { + "type": "string", + "description": "The name of this endpoint. It must be unique in your account.\n" + }, + "numberOfNodes": { + "type": "integer", + "description": "The number of AWS Glue Data Processing Units (DPUs) to allocate to this endpoint. Conflicts with `worker_type`.\n" + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined worker type that are allocated to this endpoint. This field is available only when you choose worker type G.1X or G.2X.\n" + }, + "privateAddress": { + "type": "string", + "description": "A private IP address to access the endpoint within a VPC, if this endpoint is created within one.\n" + }, + "publicAddress": { + "type": "string", + "description": "The public IP address used by this endpoint. The PublicAddress field is present only when you create a non-VPC endpoint.\n" + }, + "publicKey": { + "type": "string", + "description": "The public key to be used by this endpoint for authentication.\n" + }, + "publicKeys": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of public keys to be used by this endpoint for authentication.\n" + }, + "roleArn": { + "type": "string", + "description": "The IAM role for this endpoint.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The name of the Security Configuration structure to be used with this endpoint.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Security group IDs for the security groups to be used by this endpoint.\n" + }, + "status": { + "type": "string", + "description": "The current status of this endpoint.\n" + }, + "subnetId": { + "type": "string", + "description": "The subnet ID for the new endpoint to use.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "he ID of the VPC used by this endpoint.\n" + }, + "workerType": { + "type": "string", + "description": "The type of predefined worker that is allocated to this endpoint. Accepts a value of Standard, G.1X, or G.2X.\n" + }, + "yarnEndpointAddress": { + "type": "string", + "description": "The YARN endpoint address used by this endpoint.\n" + }, + "zeppelinRemoteSparkInterpreterPort": { + "type": "integer", + "description": "The Apache Zeppelin port for the remote Apache Spark interpreter.\n" + } + }, + "required": [ + "arn", + "availabilityZone", + "failureReason", + "name", + "privateAddress", + "publicAddress", + "roleArn", + "status", + "tagsAll", + "vpcId", + "yarnEndpointAddress", + "zeppelinRemoteSparkInterpreterPort" + ], + "inputProperties": { + "arguments": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "A map of arguments used to configure the endpoint.\n" + }, + "extraJarsS3Path": { + "type": "string", + "description": "Path to one or more Java Jars in an S3 bucket that should be loaded in this endpoint.\n" + }, + "extraPythonLibsS3Path": { + "type": "string", + "description": "Path(s) to one or more Python libraries in an S3 bucket that should be loaded in this endpoint. Multiple values must be complete paths separated by a comma.\n" + }, + "glueVersion": { + "type": "string", + "description": "- Specifies the versions of Python and Apache Spark to use. Defaults to AWS Glue version 0.9.\n" + }, + "name": { + "type": "string", + "description": "The name of this endpoint. It must be unique in your account.\n" + }, + "numberOfNodes": { + "type": "integer", + "description": "The number of AWS Glue Data Processing Units (DPUs) to allocate to this endpoint. Conflicts with `worker_type`.\n" + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined worker type that are allocated to this endpoint. This field is available only when you choose worker type G.1X or G.2X.\n" + }, + "publicKey": { + "type": "string", + "description": "The public key to be used by this endpoint for authentication.\n" + }, + "publicKeys": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of public keys to be used by this endpoint for authentication.\n" + }, + "roleArn": { + "type": "string", + "description": "The IAM role for this endpoint.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The name of the Security Configuration structure to be used with this endpoint.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Security group IDs for the security groups to be used by this endpoint.\n" + }, + "subnetId": { + "type": "string", + "description": "The subnet ID for the new endpoint to use.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "workerType": { + "type": "string", + "description": "The type of predefined worker that is allocated to this endpoint. Accepts a value of Standard, G.1X, or G.2X.\n" + } + }, + "requiredInputs": [ + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DevEndpoint resources.\n", + "properties": { + "arguments": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "A map of arguments used to configure the endpoint.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the endpoint.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AWS availability zone where this endpoint is located.\n" + }, + "extraJarsS3Path": { + "type": "string", + "description": "Path to one or more Java Jars in an S3 bucket that should be loaded in this endpoint.\n" + }, + "extraPythonLibsS3Path": { + "type": "string", + "description": "Path(s) to one or more Python libraries in an S3 bucket that should be loaded in this endpoint. Multiple values must be complete paths separated by a comma.\n" + }, + "failureReason": { + "type": "string", + "description": "The reason for a current failure in this endpoint.\n" + }, + "glueVersion": { + "type": "string", + "description": "- Specifies the versions of Python and Apache Spark to use. Defaults to AWS Glue version 0.9.\n" + }, + "name": { + "type": "string", + "description": "The name of this endpoint. It must be unique in your account.\n" + }, + "numberOfNodes": { + "type": "integer", + "description": "The number of AWS Glue Data Processing Units (DPUs) to allocate to this endpoint. Conflicts with `worker_type`.\n" + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined worker type that are allocated to this endpoint. This field is available only when you choose worker type G.1X or G.2X.\n" + }, + "privateAddress": { + "type": "string", + "description": "A private IP address to access the endpoint within a VPC, if this endpoint is created within one.\n" + }, + "publicAddress": { + "type": "string", + "description": "The public IP address used by this endpoint. The PublicAddress field is present only when you create a non-VPC endpoint.\n" + }, + "publicKey": { + "type": "string", + "description": "The public key to be used by this endpoint for authentication.\n" + }, + "publicKeys": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of public keys to be used by this endpoint for authentication.\n" + }, + "roleArn": { + "type": "string", + "description": "The IAM role for this endpoint.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The name of the Security Configuration structure to be used with this endpoint.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Security group IDs for the security groups to be used by this endpoint.\n" + }, + "status": { + "type": "string", + "description": "The current status of this endpoint.\n" + }, + "subnetId": { + "type": "string", + "description": "The subnet ID for the new endpoint to use.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string", + "description": "he ID of the VPC used by this endpoint.\n" + }, + "workerType": { + "type": "string", + "description": "The type of predefined worker that is allocated to this endpoint. Accepts a value of Standard, G.1X, or G.2X.\n" + }, + "yarnEndpointAddress": { + "type": "string", + "description": "The YARN endpoint address used by this endpoint.\n" + }, + "zeppelinRemoteSparkInterpreterPort": { + "type": "integer", + "description": "The Apache Zeppelin port for the remote Apache Spark interpreter.\n" + } + }, + "type": "object" + } + }, + "aws:glue/job:Job": { + "description": "Provides a Glue Job resource.\n\n> Glue functionality, such as monitoring and logging of jobs, is typically managed with the `default_arguments` argument. See the [Special Parameters Used by AWS Glue](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-etl-glue-arguments.html) topic in the Glue developer guide for additional information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Python Job\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Job(\"example\", {\n roleArn: aws_iam_role.example.arn,\n command: {\n scriptLocation: `s3://${aws_s3_bucket.example.bucket}/example.py`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Job(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n command=aws.glue.JobCommandArgs(\n script_location=f\"s3://{aws_s3_bucket['example']['bucket']}/example.py\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Job(\"example\", new Aws.Glue.JobArgs\n {\n RoleArn = aws_iam_role.Example.Arn,\n Command = new Aws.Glue.Inputs.JobCommandArgs\n {\n ScriptLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/example.py\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewJob(ctx, \"example\", &glue.JobArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tCommand: &glue.JobCommandArgs{\n\t\t\t\tScriptLocation: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"s3://\", aws_s3_bucket.Example.Bucket, \"/example.py\")),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Scala Job\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Job(\"example\", {\n roleArn: aws_iam_role.example.arn,\n command: {\n scriptLocation: `s3://${aws_s3_bucket.example.bucket}/example.scala`,\n },\n defaultArguments: {\n \"--job-language\": \"scala\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Job(\"example\",\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n command=aws.glue.JobCommandArgs(\n script_location=f\"s3://{aws_s3_bucket['example']['bucket']}/example.scala\",\n ),\n default_arguments={\n \"--job-language\": \"scala\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Job(\"example\", new Aws.Glue.JobArgs\n {\n RoleArn = aws_iam_role.Example.Arn,\n Command = new Aws.Glue.Inputs.JobCommandArgs\n {\n ScriptLocation = $\"s3://{aws_s3_bucket.Example.Bucket}/example.scala\",\n },\n DefaultArguments = \n {\n { \"--job-language\", \"scala\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewJob(ctx, \"example\", &glue.JobArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tCommand: &glue.JobCommandArgs{\n\t\t\t\tScriptLocation: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"s3://\", aws_s3_bucket.Example.Bucket, \"/example.scala\")),\n\t\t\t},\n\t\t\tDefaultArguments: pulumi.StringMap{\n\t\t\t\t\"--job-language\": pulumi.String(\"scala\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Enabling CloudWatch Logs and Metrics\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {retentionInDays: 14});\n// ... other configuration ...\nconst exampleJob = new aws.glue.Job(\"exampleJob\", {defaultArguments: {\n \"--continuous-log-logGroup\": exampleLogGroup.name,\n \"--enable-continuous-cloudwatch-log\": \"true\",\n \"--enable-continuous-log-filter\": \"true\",\n \"--enable-metrics\": \"\",\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\", retention_in_days=14)\n# ... other configuration ...\nexample_job = aws.glue.Job(\"exampleJob\", default_arguments={\n \"--continuous-log-logGroup\": example_log_group.name,\n \"--enable-continuous-cloudwatch-log\": \"true\",\n \"--enable-continuous-log-filter\": \"true\",\n \"--enable-metrics\": \"\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new Aws.CloudWatch.LogGroupArgs\n {\n RetentionInDays = 14,\n });\n // ... other configuration ...\n var exampleJob = new Aws.Glue.Job(\"exampleJob\", new Aws.Glue.JobArgs\n {\n DefaultArguments = \n {\n { \"--continuous-log-logGroup\", exampleLogGroup.Name },\n { \"--enable-continuous-cloudwatch-log\", \"true\" },\n { \"--enable-continuous-log-filter\", \"true\" },\n { \"--enable-metrics\", \"\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", &cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewJob(ctx, \"exampleJob\", &glue.JobArgs{\n\t\t\tDefaultArguments: pulumi.StringMap{\n\t\t\t\t\"--continuous-log-logGroup\": exampleLogGroup.Name,\n\t\t\t\t\"--enable-continuous-cloudwatch-log\": pulumi.String(\"true\"),\n\t\t\t\t\"--enable-continuous-log-filter\": pulumi.String(\"true\"),\n\t\t\t\t\"--enable-metrics\": pulumi.String(\"\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Jobs can be imported using `name`, e.g.\n\n```sh\n $ pulumi import aws:glue/job:Job MyJob MyJob\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Glue Job\n" + }, + "command": { + "$ref": "#/types/aws:glue/JobCommand:JobCommand", + "description": "The command of the job. Defined below.\n" + }, + "connections": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of connections used for this job.\n" + }, + "defaultArguments": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of default arguments for this job. You can specify arguments here that your own job-execution script consumes, as well as arguments that AWS Glue itself consumes. For information about how to specify and consume your own Job arguments, see the [Calling AWS Glue APIs in Python](http://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-python-calling.html) topic in the developer guide. For information about the key-value pairs that AWS Glue consumes to set up your job, see the [Special Parameters Used by AWS Glue](http://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-python-glue-arguments.html) topic in the developer guide.\n" + }, + "description": { + "type": "string", + "description": "Description of the job.\n" + }, + "executionProperty": { + "$ref": "#/types/aws:glue/JobExecutionProperty:JobExecutionProperty", + "description": "Execution property of the job. Defined below.\n" + }, + "glueVersion": { + "type": "string", + "description": "The version of glue to use, for example \"1.0\". For information about available versions, see the [AWS Glue Release Notes](https://docs.aws.amazon.com/glue/latest/dg/release-notes.html).\n" + }, + "maxCapacity": { + "type": "number", + "description": "The maximum number of AWS Glue data processing units (DPUs) that can be allocated when this job runs. `Required` when `pythonshell` is set, accept either `0.0625` or `1.0`. Use `number_of_workers` and `worker_type` arguments instead with `glue_version` `2.0` and above.\n" + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of times to retry this job if it fails.\n" + }, + "name": { + "type": "string", + "description": "The name you assign to this job. It must be unique in your account.\n" + }, + "nonOverridableArguments": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Non-overridable arguments for this job, specified as name-value pairs.\n" + }, + "notificationProperty": { + "$ref": "#/types/aws:glue/JobNotificationProperty:JobNotificationProperty", + "description": "Notification property of the job. Defined below.\n" + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined workerType that are allocated when a job runs.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role associated with this job.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The name of the Security Configuration to be associated with the job.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "timeout": { + "type": "integer", + "description": "The job timeout in minutes. The default is 2880 minutes (48 hours).\n" + }, + "workerType": { + "type": "string", + "description": "The type of predefined worker that is allocated when a job runs. Accepts a value of Standard, G.1X, or G.2X.\n" + } + }, + "required": [ + "arn", + "command", + "executionProperty", + "glueVersion", + "maxCapacity", + "name", + "notificationProperty", + "roleArn", + "tagsAll" + ], + "inputProperties": { + "command": { + "$ref": "#/types/aws:glue/JobCommand:JobCommand", + "description": "The command of the job. Defined below.\n" + }, + "connections": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of connections used for this job.\n" + }, + "defaultArguments": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of default arguments for this job. You can specify arguments here that your own job-execution script consumes, as well as arguments that AWS Glue itself consumes. For information about how to specify and consume your own Job arguments, see the [Calling AWS Glue APIs in Python](http://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-python-calling.html) topic in the developer guide. For information about the key-value pairs that AWS Glue consumes to set up your job, see the [Special Parameters Used by AWS Glue](http://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-python-glue-arguments.html) topic in the developer guide.\n" + }, + "description": { + "type": "string", + "description": "Description of the job.\n" + }, + "executionProperty": { + "$ref": "#/types/aws:glue/JobExecutionProperty:JobExecutionProperty", + "description": "Execution property of the job. Defined below.\n" + }, + "glueVersion": { + "type": "string", + "description": "The version of glue to use, for example \"1.0\". For information about available versions, see the [AWS Glue Release Notes](https://docs.aws.amazon.com/glue/latest/dg/release-notes.html).\n" + }, + "maxCapacity": { + "type": "number", + "description": "The maximum number of AWS Glue data processing units (DPUs) that can be allocated when this job runs. `Required` when `pythonshell` is set, accept either `0.0625` or `1.0`. Use `number_of_workers` and `worker_type` arguments instead with `glue_version` `2.0` and above.\n" + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of times to retry this job if it fails.\n" + }, + "name": { + "type": "string", + "description": "The name you assign to this job. It must be unique in your account.\n" + }, + "nonOverridableArguments": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Non-overridable arguments for this job, specified as name-value pairs.\n" + }, + "notificationProperty": { + "$ref": "#/types/aws:glue/JobNotificationProperty:JobNotificationProperty", + "description": "Notification property of the job. Defined below.\n" + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined workerType that are allocated when a job runs.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role associated with this job.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The name of the Security Configuration to be associated with the job.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "timeout": { + "type": "integer", + "description": "The job timeout in minutes. The default is 2880 minutes (48 hours).\n" + }, + "workerType": { + "type": "string", + "description": "The type of predefined worker that is allocated when a job runs. Accepts a value of Standard, G.1X, or G.2X.\n" + } + }, + "requiredInputs": [ + "command", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Job resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Glue Job\n" + }, + "command": { + "$ref": "#/types/aws:glue/JobCommand:JobCommand", + "description": "The command of the job. Defined below.\n" + }, + "connections": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of connections used for this job.\n" + }, + "defaultArguments": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The map of default arguments for this job. You can specify arguments here that your own job-execution script consumes, as well as arguments that AWS Glue itself consumes. For information about how to specify and consume your own Job arguments, see the [Calling AWS Glue APIs in Python](http://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-python-calling.html) topic in the developer guide. For information about the key-value pairs that AWS Glue consumes to set up your job, see the [Special Parameters Used by AWS Glue](http://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-python-glue-arguments.html) topic in the developer guide.\n" + }, + "description": { + "type": "string", + "description": "Description of the job.\n" + }, + "executionProperty": { + "$ref": "#/types/aws:glue/JobExecutionProperty:JobExecutionProperty", + "description": "Execution property of the job. Defined below.\n" + }, + "glueVersion": { + "type": "string", + "description": "The version of glue to use, for example \"1.0\". For information about available versions, see the [AWS Glue Release Notes](https://docs.aws.amazon.com/glue/latest/dg/release-notes.html).\n" + }, + "maxCapacity": { + "type": "number", + "description": "The maximum number of AWS Glue data processing units (DPUs) that can be allocated when this job runs. `Required` when `pythonshell` is set, accept either `0.0625` or `1.0`. Use `number_of_workers` and `worker_type` arguments instead with `glue_version` `2.0` and above.\n" + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of times to retry this job if it fails.\n" + }, + "name": { + "type": "string", + "description": "The name you assign to this job. It must be unique in your account.\n" + }, + "nonOverridableArguments": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Non-overridable arguments for this job, specified as name-value pairs.\n" + }, + "notificationProperty": { + "$ref": "#/types/aws:glue/JobNotificationProperty:JobNotificationProperty", + "description": "Notification property of the job. Defined below.\n" + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined workerType that are allocated when a job runs.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role associated with this job.\n" + }, + "securityConfiguration": { + "type": "string", + "description": "The name of the Security Configuration to be associated with the job.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "timeout": { + "type": "integer", + "description": "The job timeout in minutes. The default is 2880 minutes (48 hours).\n" + }, + "workerType": { + "type": "string", + "description": "The type of predefined worker that is allocated when a job runs. Accepts a value of Standard, G.1X, or G.2X.\n" + } + }, + "type": "object" + } + }, + "aws:glue/mLTransform:MLTransform": { + "description": "Provides a Glue ML Transform resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCatalogDatabase = new aws.glue.CatalogDatabase(\"testCatalogDatabase\", {name: \"example\"});\nconst testCatalogTable = new aws.glue.CatalogTable(\"testCatalogTable\", {\n name: \"example\",\n databaseName: testCatalogDatabase.name,\n owner: \"my_owner\",\n retention: 1,\n tableType: \"VIRTUAL_VIEW\",\n viewExpandedText: \"view_expanded_text_1\",\n viewOriginalText: \"view_original_text_1\",\n storageDescriptor: {\n bucketColumns: [\"bucket_column_1\"],\n compressed: false,\n inputFormat: \"SequenceFileInputFormat\",\n location: \"my_location\",\n numberOfBuckets: 1,\n outputFormat: \"SequenceFileInputFormat\",\n storedAsSubDirectories: false,\n parameters: {\n param1: \"param1_val\",\n },\n columns: [\n {\n name: \"my_column_1\",\n type: \"int\",\n comment: \"my_column1_comment\",\n },\n {\n name: \"my_column_2\",\n type: \"string\",\n comment: \"my_column2_comment\",\n },\n ],\n serDeInfo: {\n name: \"ser_de_name\",\n parameters: {\n param1: \"param_val_1\",\n },\n serializationLibrary: \"org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe\",\n },\n sortColumns: [{\n column: \"my_column_1\",\n sortOrder: 1,\n }],\n skewedInfo: {\n skewedColumnNames: [\"my_column_1\"],\n skewedColumnValueLocationMaps: {\n my_column_1: \"my_column_1_val_loc_map\",\n },\n skewedColumnValues: [\"skewed_val_1\"],\n },\n },\n partitionKeys: [\n {\n name: \"my_column_1\",\n type: \"int\",\n comment: \"my_column_1_comment\",\n },\n {\n name: \"my_column_2\",\n type: \"string\",\n comment: \"my_column_2_comment\",\n },\n ],\n parameters: {\n param1: \"param1_val\",\n },\n});\nconst testMLTransform = new aws.glue.MLTransform(\"testMLTransform\", {\n roleArn: aws_iam_role.test.arn,\n inputRecordTables: [{\n databaseName: testCatalogTable.databaseName,\n tableName: testCatalogTable.name,\n }],\n parameters: {\n transformType: \"FIND_MATCHES\",\n findMatchesParameters: {\n primaryKeyColumnName: \"my_column_1\",\n },\n },\n}, {\n dependsOn: [aws_iam_role_policy_attachment.test],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_catalog_database = aws.glue.CatalogDatabase(\"testCatalogDatabase\", name=\"example\")\ntest_catalog_table = aws.glue.CatalogTable(\"testCatalogTable\",\n name=\"example\",\n database_name=test_catalog_database.name,\n owner=\"my_owner\",\n retention=1,\n table_type=\"VIRTUAL_VIEW\",\n view_expanded_text=\"view_expanded_text_1\",\n view_original_text=\"view_original_text_1\",\n storage_descriptor=aws.glue.CatalogTableStorageDescriptorArgs(\n bucket_columns=[\"bucket_column_1\"],\n compressed=False,\n input_format=\"SequenceFileInputFormat\",\n location=\"my_location\",\n number_of_buckets=1,\n output_format=\"SequenceFileInputFormat\",\n stored_as_sub_directories=False,\n parameters={\n \"param1\": \"param1_val\",\n },\n columns=[\n aws.glue.CatalogTableStorageDescriptorColumnArgs(\n name=\"my_column_1\",\n type=\"int\",\n comment=\"my_column1_comment\",\n ),\n aws.glue.CatalogTableStorageDescriptorColumnArgs(\n name=\"my_column_2\",\n type=\"string\",\n comment=\"my_column2_comment\",\n ),\n ],\n ser_de_info=aws.glue.CatalogTableStorageDescriptorSerDeInfoArgs(\n name=\"ser_de_name\",\n parameters={\n \"param1\": \"param_val_1\",\n },\n serialization_library=\"org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe\",\n ),\n sort_columns=[aws.glue.CatalogTableStorageDescriptorSortColumnArgs(\n column=\"my_column_1\",\n sort_order=1,\n )],\n skewed_info=aws.glue.CatalogTableStorageDescriptorSkewedInfoArgs(\n skewed_column_names=[\"my_column_1\"],\n skewed_column_value_location_maps={\n \"my_column_1\": \"my_column_1_val_loc_map\",\n },\n skewed_column_values=[\"skewed_val_1\"],\n ),\n ),\n partition_keys=[\n aws.glue.CatalogTablePartitionKeyArgs(\n name=\"my_column_1\",\n type=\"int\",\n comment=\"my_column_1_comment\",\n ),\n aws.glue.CatalogTablePartitionKeyArgs(\n name=\"my_column_2\",\n type=\"string\",\n comment=\"my_column_2_comment\",\n ),\n ],\n parameters={\n \"param1\": \"param1_val\",\n })\ntest_ml_transform = aws.glue.MLTransform(\"testMLTransform\",\n role_arn=aws_iam_role[\"test\"][\"arn\"],\n input_record_tables=[aws.glue.MLTransformInputRecordTableArgs(\n database_name=test_catalog_table.database_name,\n table_name=test_catalog_table.name,\n )],\n parameters=aws.glue.MLTransformParametersArgs(\n transform_type=\"FIND_MATCHES\",\n find_matches_parameters=aws.glue.MLTransformParametersFindMatchesParametersArgs(\n primary_key_column_name=\"my_column_1\",\n ),\n ),\n opts=pulumi.ResourceOptions(depends_on=[aws_iam_role_policy_attachment[\"test\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testCatalogDatabase = new Aws.Glue.CatalogDatabase(\"testCatalogDatabase\", new Aws.Glue.CatalogDatabaseArgs\n {\n Name = \"example\",\n });\n var testCatalogTable = new Aws.Glue.CatalogTable(\"testCatalogTable\", new Aws.Glue.CatalogTableArgs\n {\n Name = \"example\",\n DatabaseName = testCatalogDatabase.Name,\n Owner = \"my_owner\",\n Retention = 1,\n TableType = \"VIRTUAL_VIEW\",\n ViewExpandedText = \"view_expanded_text_1\",\n ViewOriginalText = \"view_original_text_1\",\n StorageDescriptor = new Aws.Glue.Inputs.CatalogTableStorageDescriptorArgs\n {\n BucketColumns = \n {\n \"bucket_column_1\",\n },\n Compressed = false,\n InputFormat = \"SequenceFileInputFormat\",\n Location = \"my_location\",\n NumberOfBuckets = 1,\n OutputFormat = \"SequenceFileInputFormat\",\n StoredAsSubDirectories = false,\n Parameters = \n {\n { \"param1\", \"param1_val\" },\n },\n Columns = \n {\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Name = \"my_column_1\",\n Type = \"int\",\n Comment = \"my_column1_comment\",\n },\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorColumnArgs\n {\n Name = \"my_column_2\",\n Type = \"string\",\n Comment = \"my_column2_comment\",\n },\n },\n SerDeInfo = new Aws.Glue.Inputs.CatalogTableStorageDescriptorSerDeInfoArgs\n {\n Name = \"ser_de_name\",\n Parameters = \n {\n { \"param1\", \"param_val_1\" },\n },\n SerializationLibrary = \"org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe\",\n },\n SortColumns = \n {\n new Aws.Glue.Inputs.CatalogTableStorageDescriptorSortColumnArgs\n {\n Column = \"my_column_1\",\n SortOrder = 1,\n },\n },\n SkewedInfo = new Aws.Glue.Inputs.CatalogTableStorageDescriptorSkewedInfoArgs\n {\n SkewedColumnNames = \n {\n \"my_column_1\",\n },\n SkewedColumnValueLocationMaps = \n {\n { \"my_column_1\", \"my_column_1_val_loc_map\" },\n },\n SkewedColumnValues = \n {\n \"skewed_val_1\",\n },\n },\n },\n PartitionKeys = \n {\n new Aws.Glue.Inputs.CatalogTablePartitionKeyArgs\n {\n Name = \"my_column_1\",\n Type = \"int\",\n Comment = \"my_column_1_comment\",\n },\n new Aws.Glue.Inputs.CatalogTablePartitionKeyArgs\n {\n Name = \"my_column_2\",\n Type = \"string\",\n Comment = \"my_column_2_comment\",\n },\n },\n Parameters = \n {\n { \"param1\", \"param1_val\" },\n },\n });\n var testMLTransform = new Aws.Glue.MLTransform(\"testMLTransform\", new Aws.Glue.MLTransformArgs\n {\n RoleArn = aws_iam_role.Test.Arn,\n InputRecordTables = \n {\n new Aws.Glue.Inputs.MLTransformInputRecordTableArgs\n {\n DatabaseName = testCatalogTable.DatabaseName,\n TableName = testCatalogTable.Name,\n },\n },\n Parameters = new Aws.Glue.Inputs.MLTransformParametersArgs\n {\n TransformType = \"FIND_MATCHES\",\n FindMatchesParameters = new Aws.Glue.Inputs.MLTransformParametersFindMatchesParametersArgs\n {\n PrimaryKeyColumnName = \"my_column_1\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_iam_role_policy_attachment.Test,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCatalogDatabase, err := glue.NewCatalogDatabase(ctx, \"testCatalogDatabase\", &glue.CatalogDatabaseArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestCatalogTable, err := glue.NewCatalogTable(ctx, \"testCatalogTable\", &glue.CatalogTableArgs{\n\t\t\tName: pulumi.String(\"example\"),\n\t\t\tDatabaseName: testCatalogDatabase.Name,\n\t\t\tOwner: pulumi.String(\"my_owner\"),\n\t\t\tRetention: pulumi.Int(1),\n\t\t\tTableType: pulumi.String(\"VIRTUAL_VIEW\"),\n\t\t\tViewExpandedText: pulumi.String(\"view_expanded_text_1\"),\n\t\t\tViewOriginalText: pulumi.String(\"view_original_text_1\"),\n\t\t\tStorageDescriptor: &glue.CatalogTableStorageDescriptorArgs{\n\t\t\t\tBucketColumns: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"bucket_column_1\"),\n\t\t\t\t},\n\t\t\t\tCompressed: pulumi.Bool(false),\n\t\t\t\tInputFormat: pulumi.String(\"SequenceFileInputFormat\"),\n\t\t\t\tLocation: pulumi.String(\"my_location\"),\n\t\t\t\tNumberOfBuckets: pulumi.Int(1),\n\t\t\t\tOutputFormat: pulumi.String(\"SequenceFileInputFormat\"),\n\t\t\t\tStoredAsSubDirectories: pulumi.Bool(false),\n\t\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\t\"param1\": pulumi.String(\"param1_val\"),\n\t\t\t\t},\n\t\t\t\tColumns: glue.CatalogTableStorageDescriptorColumnArray{\n\t\t\t\t\t&glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tName: pulumi.String(\"my_column_1\"),\n\t\t\t\t\t\tType: pulumi.String(\"int\"),\n\t\t\t\t\t\tComment: pulumi.String(\"my_column1_comment\"),\n\t\t\t\t\t},\n\t\t\t\t\t&glue.CatalogTableStorageDescriptorColumnArgs{\n\t\t\t\t\t\tName: pulumi.String(\"my_column_2\"),\n\t\t\t\t\t\tType: pulumi.String(\"string\"),\n\t\t\t\t\t\tComment: pulumi.String(\"my_column2_comment\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSerDeInfo: &glue.CatalogTableStorageDescriptorSerDeInfoArgs{\n\t\t\t\t\tName: pulumi.String(\"ser_de_name\"),\n\t\t\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\t\t\"param1\": pulumi.String(\"param_val_1\"),\n\t\t\t\t\t},\n\t\t\t\t\tSerializationLibrary: pulumi.String(\"org.apache.hadoop.hive.serde2.columnar.ColumnarSerDe\"),\n\t\t\t\t},\n\t\t\t\tSortColumns: glue.CatalogTableStorageDescriptorSortColumnArray{\n\t\t\t\t\t&glue.CatalogTableStorageDescriptorSortColumnArgs{\n\t\t\t\t\t\tColumn: pulumi.String(\"my_column_1\"),\n\t\t\t\t\t\tSortOrder: pulumi.Int(1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tSkewedInfo: &glue.CatalogTableStorageDescriptorSkewedInfoArgs{\n\t\t\t\t\tSkewedColumnNames: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"my_column_1\"),\n\t\t\t\t\t},\n\t\t\t\t\tSkewedColumnValueLocationMaps: pulumi.StringMap{\n\t\t\t\t\t\t\"my_column_1\": pulumi.String(\"my_column_1_val_loc_map\"),\n\t\t\t\t\t},\n\t\t\t\t\tSkewedColumnValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"skewed_val_1\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tPartitionKeys: glue.CatalogTablePartitionKeyArray{\n\t\t\t\t&glue.CatalogTablePartitionKeyArgs{\n\t\t\t\t\tName: pulumi.String(\"my_column_1\"),\n\t\t\t\t\tType: pulumi.String(\"int\"),\n\t\t\t\t\tComment: pulumi.String(\"my_column_1_comment\"),\n\t\t\t\t},\n\t\t\t\t&glue.CatalogTablePartitionKeyArgs{\n\t\t\t\t\tName: pulumi.String(\"my_column_2\"),\n\t\t\t\t\tType: pulumi.String(\"string\"),\n\t\t\t\t\tComment: pulumi.String(\"my_column_2_comment\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\"param1\": pulumi.String(\"param1_val\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewMLTransform(ctx, \"testMLTransform\", &glue.MLTransformArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Test.Arn),\n\t\t\tInputRecordTables: glue.MLTransformInputRecordTableArray{\n\t\t\t\t&glue.MLTransformInputRecordTableArgs{\n\t\t\t\t\tDatabaseName: testCatalogTable.DatabaseName,\n\t\t\t\t\tTableName: testCatalogTable.Name,\n\t\t\t\t},\n\t\t\t},\n\t\t\tParameters: &glue.MLTransformParametersArgs{\n\t\t\t\tTransformType: pulumi.String(\"FIND_MATCHES\"),\n\t\t\t\tFindMatchesParameters: &glue.MLTransformParametersFindMatchesParametersArgs{\n\t\t\t\t\tPrimaryKeyColumnName: pulumi.String(\"my_column_1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_iam_role_policy_attachment.Test,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue ML Transforms can be imported using `id`, e.g.\n\n```sh\n $ pulumi import aws:glue/mLTransform:MLTransform example tfm-c2cafbe83b1c575f49eaca9939220e2fcd58e2d5\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Glue ML Transform.\n" + }, + "description": { + "type": "string", + "description": "Description of the ML Transform.\n" + }, + "glueVersion": { + "type": "string", + "description": "The version of glue to use, for example \"1.0\". For information about available versions, see the [AWS Glue Release Notes](https://docs.aws.amazon.com/glue/latest/dg/release-notes.html).\n" + }, + "inputRecordTables": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/MLTransformInputRecordTable:MLTransformInputRecordTable" + }, + "description": "A list of AWS Glue table definitions used by the transform. see Input Record Tables.\n" + }, + "labelCount": { + "type": "integer", + "description": "The number of labels available for this transform.\n" + }, + "maxCapacity": { + "type": "number", + "description": "The number of AWS Glue data processing units (DPUs) that are allocated to task runs for this transform. You can allocate from `2` to `100` DPUs; the default is `10`. `max_capacity` is a mutually exclusive option with `number_of_workers` and `worker_type`.\n" + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of times to retry this ML Transform if it fails.\n" + }, + "name": { + "type": "string", + "description": "The name you assign to this ML Transform. It must be unique in your account.\n" + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined `worker_type` that are allocated when an ML Transform runs. Required with `worker_type`.\n" + }, + "parameters": { + "$ref": "#/types/aws:glue/MLTransformParameters:MLTransformParameters", + "description": "The algorithmic parameters that are specific to the transform type used. Conditionally dependent on the transform type. see Parameters.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role associated with this ML Transform.\n" + }, + "schemas": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/MLTransformSchema:MLTransformSchema" + }, + "description": "The object that represents the schema that this transform accepts. see Schema.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "timeout": { + "type": "integer", + "description": "The ML Transform timeout in minutes. The default is 2880 minutes (48 hours).\n" + }, + "workerType": { + "type": "string", + "description": "The type of predefined worker that is allocated when an ML Transform runs. Accepts a value of `Standard`, `G.1X`, or `G.2X`. Required with `number_of_workers`.\n" + } + }, + "required": [ + "arn", + "glueVersion", + "inputRecordTables", + "labelCount", + "maxCapacity", + "name", + "parameters", + "roleArn", + "schemas", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the ML Transform.\n" + }, + "glueVersion": { + "type": "string", + "description": "The version of glue to use, for example \"1.0\". For information about available versions, see the [AWS Glue Release Notes](https://docs.aws.amazon.com/glue/latest/dg/release-notes.html).\n" + }, + "inputRecordTables": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/MLTransformInputRecordTable:MLTransformInputRecordTable" + }, + "description": "A list of AWS Glue table definitions used by the transform. see Input Record Tables.\n" + }, + "maxCapacity": { + "type": "number", + "description": "The number of AWS Glue data processing units (DPUs) that are allocated to task runs for this transform. You can allocate from `2` to `100` DPUs; the default is `10`. `max_capacity` is a mutually exclusive option with `number_of_workers` and `worker_type`.\n" + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of times to retry this ML Transform if it fails.\n" + }, + "name": { + "type": "string", + "description": "The name you assign to this ML Transform. It must be unique in your account.\n" + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined `worker_type` that are allocated when an ML Transform runs. Required with `worker_type`.\n" + }, + "parameters": { + "$ref": "#/types/aws:glue/MLTransformParameters:MLTransformParameters", + "description": "The algorithmic parameters that are specific to the transform type used. Conditionally dependent on the transform type. see Parameters.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role associated with this ML Transform.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "timeout": { + "type": "integer", + "description": "The ML Transform timeout in minutes. The default is 2880 minutes (48 hours).\n" + }, + "workerType": { + "type": "string", + "description": "The type of predefined worker that is allocated when an ML Transform runs. Accepts a value of `Standard`, `G.1X`, or `G.2X`. Required with `number_of_workers`.\n" + } + }, + "requiredInputs": [ + "inputRecordTables", + "parameters", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MLTransform resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Glue ML Transform.\n" + }, + "description": { + "type": "string", + "description": "Description of the ML Transform.\n" + }, + "glueVersion": { + "type": "string", + "description": "The version of glue to use, for example \"1.0\". For information about available versions, see the [AWS Glue Release Notes](https://docs.aws.amazon.com/glue/latest/dg/release-notes.html).\n" + }, + "inputRecordTables": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/MLTransformInputRecordTable:MLTransformInputRecordTable" + }, + "description": "A list of AWS Glue table definitions used by the transform. see Input Record Tables.\n" + }, + "labelCount": { + "type": "integer", + "description": "The number of labels available for this transform.\n" + }, + "maxCapacity": { + "type": "number", + "description": "The number of AWS Glue data processing units (DPUs) that are allocated to task runs for this transform. You can allocate from `2` to `100` DPUs; the default is `10`. `max_capacity` is a mutually exclusive option with `number_of_workers` and `worker_type`.\n" + }, + "maxRetries": { + "type": "integer", + "description": "The maximum number of times to retry this ML Transform if it fails.\n" + }, + "name": { + "type": "string", + "description": "The name you assign to this ML Transform. It must be unique in your account.\n" + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined `worker_type` that are allocated when an ML Transform runs. Required with `worker_type`.\n" + }, + "parameters": { + "$ref": "#/types/aws:glue/MLTransformParameters:MLTransformParameters", + "description": "The algorithmic parameters that are specific to the transform type used. Conditionally dependent on the transform type. see Parameters.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role associated with this ML Transform.\n" + }, + "schemas": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/MLTransformSchema:MLTransformSchema" + }, + "description": "The object that represents the schema that this transform accepts. see Schema.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "timeout": { + "type": "integer", + "description": "The ML Transform timeout in minutes. The default is 2880 minutes (48 hours).\n" + }, + "workerType": { + "type": "string", + "description": "The type of predefined worker that is allocated when an ML Transform runs. Accepts a value of `Standard`, `G.1X`, or `G.2X`. Required with `number_of_workers`.\n" + } + }, + "type": "object" + } + }, + "aws:glue/partition:Partition": { + "description": "Provides a Glue Partition Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Partition(\"example\", {\n databaseName: \"some-database\",\n tableName: \"some-table\",\n values: [\"some-value\"],\n});\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Partitions can be imported with their catalog ID (usually AWS account ID), database name, table name and partition values e.g.\n\n```sh\n $ pulumi import aws:glue/partition:Partition part 123456789012:MyDatabase:MyTable:val1#val2\n```\n\n ", + "properties": { + "catalogId": { + "type": "string", + "description": "ID of the Glue Catalog and database to create the table in. If omitted, this defaults to the AWS Account ID plus the database name.\n" + }, + "creationTime": { + "type": "string", + "description": "The time at which the partition was created.\n" + }, + "databaseName": { + "type": "string", + "description": "Name of the metadata database where the table metadata resides. For Hive compatibility, this must be all lowercase.\n" + }, + "lastAccessedTime": { + "type": "string", + "description": "The last time at which the partition was accessed.\n" + }, + "lastAnalyzedTime": { + "type": "string", + "description": "The last time at which column statistics were computed for this partition.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of initialization parameters for the SerDe, in key-value form.\n" + }, + "partitionValues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The values that define the partition.\n" + }, + "storageDescriptor": { + "$ref": "#/types/aws:glue/PartitionStorageDescriptor:PartitionStorageDescriptor", + "description": "A storage descriptor object containing information about the physical storage of this table. You can refer to the [Glue Developer Guide](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-catalog-tables.html#aws-glue-api-catalog-tables-StorageDescriptor) for a full explanation of this object.\n" + }, + "tableName": { + "type": "string" + } + }, + "required": [ + "catalogId", + "creationTime", + "databaseName", + "lastAccessedTime", + "lastAnalyzedTime", + "partitionValues", + "tableName" + ], + "inputProperties": { + "catalogId": { + "type": "string", + "description": "ID of the Glue Catalog and database to create the table in. If omitted, this defaults to the AWS Account ID plus the database name.\n" + }, + "databaseName": { + "type": "string", + "description": "Name of the metadata database where the table metadata resides. For Hive compatibility, this must be all lowercase.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of initialization parameters for the SerDe, in key-value form.\n" + }, + "partitionValues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The values that define the partition.\n" + }, + "storageDescriptor": { + "$ref": "#/types/aws:glue/PartitionStorageDescriptor:PartitionStorageDescriptor", + "description": "A storage descriptor object containing information about the physical storage of this table. You can refer to the [Glue Developer Guide](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-catalog-tables.html#aws-glue-api-catalog-tables-StorageDescriptor) for a full explanation of this object.\n" + }, + "tableName": { + "type": "string" + } + }, + "requiredInputs": [ + "databaseName", + "partitionValues", + "tableName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Partition resources.\n", + "properties": { + "catalogId": { + "type": "string", + "description": "ID of the Glue Catalog and database to create the table in. If omitted, this defaults to the AWS Account ID plus the database name.\n" + }, + "creationTime": { + "type": "string", + "description": "The time at which the partition was created.\n" + }, + "databaseName": { + "type": "string", + "description": "Name of the metadata database where the table metadata resides. For Hive compatibility, this must be all lowercase.\n" + }, + "lastAccessedTime": { + "type": "string", + "description": "The last time at which the partition was accessed.\n" + }, + "lastAnalyzedTime": { + "type": "string", + "description": "The last time at which column statistics were computed for this partition.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of initialization parameters for the SerDe, in key-value form.\n" + }, + "partitionValues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The values that define the partition.\n" + }, + "storageDescriptor": { + "$ref": "#/types/aws:glue/PartitionStorageDescriptor:PartitionStorageDescriptor", + "description": "A storage descriptor object containing information about the physical storage of this table. You can refer to the [Glue Developer Guide](https://docs.aws.amazon.com/glue/latest/dg/aws-glue-api-catalog-tables.html#aws-glue-api-catalog-tables-StorageDescriptor) for a full explanation of this object.\n" + }, + "tableName": { + "type": "string" + } + }, + "type": "object" + } + }, + "aws:glue/registry:Registry": { + "description": "Provides a Glue Registry resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Registry(\"example\", {\n registryName: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Registry(\"example\", registry_name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Registry(\"example\", new Aws.Glue.RegistryArgs\n {\n RegistryName = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewRegistry(ctx, \"example\", &glue.RegistryArgs{\n\t\t\tRegistryName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Registries can be imported using `arn`, e.g.\n\n```sh\n $ pulumi import aws:glue/registry:Registry example arn:aws:glue:us-west-2:123456789012:registry/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Glue Registry.\n" + }, + "description": { + "type": "string", + "description": "A description of the registry.\n" + }, + "registryName": { + "type": "string", + "description": "The Name of the registry.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "registryName", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the registry.\n" + }, + "registryName": { + "type": "string", + "description": "The Name of the registry.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "registryName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Registry resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Glue Registry.\n" + }, + "description": { + "type": "string", + "description": "A description of the registry.\n" + }, + "registryName": { + "type": "string", + "description": "The Name of the registry.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:glue/resourcePolicy:ResourcePolicy": { + "description": "Provides a Glue resource policy. Only one can exist per region.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst currentPartition = aws.getPartition({});\nconst currentRegion = aws.getRegion({});\nconst glue-example-policy = Promise.all([currentPartition, currentRegion, currentCallerIdentity]).then(([currentPartition, currentRegion, currentCallerIdentity]) => aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"glue:CreateTable\"],\n resources: [`arn:${currentPartition.partition}:glue:${currentRegion.name}:${currentCallerIdentity.accountId}:*`],\n principals: [{\n identifiers: [\"*\"],\n type: \"AWS\",\n }],\n }],\n}));\nconst example = new aws.glue.ResourcePolicy(\"example\", {policy: glue_example_policy.then(glue_example_policy => glue_example_policy.json)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent_caller_identity = aws.get_caller_identity()\ncurrent_partition = aws.get_partition()\ncurrent_region = aws.get_region()\nglue_example_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"glue:CreateTable\"],\n resources=[f\"arn:{current_partition.partition}:glue:{current_region.name}:{current_caller_identity.account_id}:*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"*\"],\n type=\"AWS\",\n )],\n)])\nexample = aws.glue.ResourcePolicy(\"example\", policy=glue_example_policy.json)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var currentPartition = Output.Create(Aws.GetPartition.InvokeAsync());\n var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());\n var glue_example_policy = Output.Tuple(currentPartition, currentRegion, currentCallerIdentity).Apply(values =>\n {\n var currentPartition = values.Item1;\n var currentRegion = values.Item2;\n var currentCallerIdentity = values.Item3;\n return Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"glue:CreateTable\",\n },\n Resources = \n {\n $\"arn:{currentPartition.Partition}:glue:{currentRegion.Name}:{currentCallerIdentity.AccountId}:*\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Identifiers = \n {\n \"*\",\n },\n Type = \"AWS\",\n },\n },\n },\n },\n }));\n });\n var example = new Aws.Glue.ResourcePolicy(\"example\", new Aws.Glue.ResourcePolicyArgs\n {\n Policy = glue_example_policy.Apply(glue_example_policy => glue_example_policy.Json),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentPartition, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tglue_example_policy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"glue:CreateTable\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v%v%v%v%v\", \"arn:\", currentPartition.Partition, \":glue:\", currentRegion.Name, \":\", currentCallerIdentity.AccountId, \":*\"),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewResourcePolicy(ctx, \"example\", &glue.ResourcePolicyArgs{\n\t\t\tPolicy: pulumi.String(glue_example_policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Resource Policy can be imported using the account ID\n\n```sh\n $ pulumi import aws:glue/resourcePolicy:ResourcePolicy Test 12356789012\n```\n\n ", + "properties": { + "policy": { + "type": "string", + "description": "The policy to be applied to the aws glue data catalog.\n" + } + }, + "required": [ + "policy" + ], + "inputProperties": { + "policy": { + "type": "string", + "description": "The policy to be applied to the aws glue data catalog.\n" + } + }, + "requiredInputs": [ + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResourcePolicy resources.\n", + "properties": { + "policy": { + "type": "string", + "description": "The policy to be applied to the aws glue data catalog.\n" + } + }, + "type": "object" + } + }, + "aws:glue/schema:Schema": { + "description": "Provides a Glue Schema resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Schema(\"example\", {\n schemaName: \"example\",\n registryArn: aws_glue_registry.test.arn,\n dataFormat: \"AVRO\",\n compatibility: \"NONE\",\n schemaDefinition: \"{\\\"type\\\": \\\"record\\\", \\\"name\\\": \\\"r1\\\", \\\"fields\\\": [ {\\\"name\\\": \\\"f1\\\", \\\"type\\\": \\\"int\\\"}, {\\\"name\\\": \\\"f2\\\", \\\"type\\\": \\\"string\\\"} ]}\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Schema(\"example\",\n schema_name=\"example\",\n registry_arn=aws_glue_registry[\"test\"][\"arn\"],\n data_format=\"AVRO\",\n compatibility=\"NONE\",\n schema_definition=\"{\\\"type\\\": \\\"record\\\", \\\"name\\\": \\\"r1\\\", \\\"fields\\\": [ {\\\"name\\\": \\\"f1\\\", \\\"type\\\": \\\"int\\\"}, {\\\"name\\\": \\\"f2\\\", \\\"type\\\": \\\"string\\\"} ]}\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Schema(\"example\", new Aws.Glue.SchemaArgs\n {\n SchemaName = \"example\",\n RegistryArn = aws_glue_registry.Test.Arn,\n DataFormat = \"AVRO\",\n Compatibility = \"NONE\",\n SchemaDefinition = \"{\\\"type\\\": \\\"record\\\", \\\"name\\\": \\\"r1\\\", \\\"fields\\\": [ {\\\"name\\\": \\\"f1\\\", \\\"type\\\": \\\"int\\\"}, {\\\"name\\\": \\\"f2\\\", \\\"type\\\": \\\"string\\\"} ]}\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewSchema(ctx, \"example\", &glue.SchemaArgs{\n\t\t\tSchemaName: pulumi.String(\"example\"),\n\t\t\tRegistryArn: pulumi.Any(aws_glue_registry.Test.Arn),\n\t\t\tDataFormat: pulumi.String(\"AVRO\"),\n\t\t\tCompatibility: pulumi.String(\"NONE\"),\n\t\t\tSchemaDefinition: pulumi.String(\"{\\\"type\\\": \\\"record\\\", \\\"name\\\": \\\"r1\\\", \\\"fields\\\": [ {\\\"name\\\": \\\"f1\\\", \\\"type\\\": \\\"int\\\"}, {\\\"name\\\": \\\"f2\\\", \\\"type\\\": \\\"string\\\"} ]}\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Registries can be imported using `arn`, e.g.\n\n```sh\n $ pulumi import aws:glue/schema:Schema example arn:aws:glue:us-west-2:123456789012:schema/example/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the schema.\n" + }, + "compatibility": { + "type": "string", + "description": "The compatibility mode of the schema. Values values are: `NONE`, `DISABLED`, `BACKWARD`, `BACKWARD_ALL`, `FORWARD`, `FORWARD_ALL`, `FULL`, and `FULL_ALL`.\n" + }, + "dataFormat": { + "type": "string", + "description": "The data format of the schema definition. Currently only `AVRO` is supported.\n" + }, + "description": { + "type": "string", + "description": "A description of the schema.\n" + }, + "latestSchemaVersion": { + "type": "integer", + "description": "The latest version of the schema associated with the returned schema definition.\n" + }, + "nextSchemaVersion": { + "type": "integer", + "description": "The next version of the schema associated with the returned schema definition.\n" + }, + "registryArn": { + "type": "string", + "description": "The ARN of the Glue Registry to create the schema in.\n" + }, + "registryName": { + "type": "string", + "description": "The name of the Glue Registry.\n" + }, + "schemaCheckpoint": { + "type": "integer", + "description": "The version number of the checkpoint (the last time the compatibility mode was changed).\n" + }, + "schemaDefinition": { + "type": "string", + "description": "The schema definition using the `data_format` setting for `schema_name`.\n" + }, + "schemaName": { + "type": "string", + "description": "The Name of the schema.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "compatibility", + "dataFormat", + "latestSchemaVersion", + "nextSchemaVersion", + "registryArn", + "registryName", + "schemaCheckpoint", + "schemaDefinition", + "schemaName", + "tagsAll" + ], + "inputProperties": { + "compatibility": { + "type": "string", + "description": "The compatibility mode of the schema. Values values are: `NONE`, `DISABLED`, `BACKWARD`, `BACKWARD_ALL`, `FORWARD`, `FORWARD_ALL`, `FULL`, and `FULL_ALL`.\n" + }, + "dataFormat": { + "type": "string", + "description": "The data format of the schema definition. Currently only `AVRO` is supported.\n" + }, + "description": { + "type": "string", + "description": "A description of the schema.\n" + }, + "registryArn": { + "type": "string", + "description": "The ARN of the Glue Registry to create the schema in.\n" + }, + "schemaDefinition": { + "type": "string", + "description": "The schema definition using the `data_format` setting for `schema_name`.\n" + }, + "schemaName": { + "type": "string", + "description": "The Name of the schema.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "compatibility", + "dataFormat", + "schemaDefinition", + "schemaName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Schema resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the schema.\n" + }, + "compatibility": { + "type": "string", + "description": "The compatibility mode of the schema. Values values are: `NONE`, `DISABLED`, `BACKWARD`, `BACKWARD_ALL`, `FORWARD`, `FORWARD_ALL`, `FULL`, and `FULL_ALL`.\n" + }, + "dataFormat": { + "type": "string", + "description": "The data format of the schema definition. Currently only `AVRO` is supported.\n" + }, + "description": { + "type": "string", + "description": "A description of the schema.\n" + }, + "latestSchemaVersion": { + "type": "integer", + "description": "The latest version of the schema associated with the returned schema definition.\n" + }, + "nextSchemaVersion": { + "type": "integer", + "description": "The next version of the schema associated with the returned schema definition.\n" + }, + "registryArn": { + "type": "string", + "description": "The ARN of the Glue Registry to create the schema in.\n" + }, + "registryName": { + "type": "string", + "description": "The name of the Glue Registry.\n" + }, + "schemaCheckpoint": { + "type": "integer", + "description": "The version number of the checkpoint (the last time the compatibility mode was changed).\n" + }, + "schemaDefinition": { + "type": "string", + "description": "The schema definition using the `data_format` setting for `schema_name`.\n" + }, + "schemaName": { + "type": "string", + "description": "The Name of the schema.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:glue/securityConfiguration:SecurityConfiguration": { + "description": "Manages a Glue Security Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.SecurityConfiguration(\"example\", {encryptionConfiguration: {\n cloudwatchEncryption: {\n cloudwatchEncryptionMode: \"DISABLED\",\n },\n jobBookmarksEncryption: {\n jobBookmarksEncryptionMode: \"DISABLED\",\n },\n s3Encryption: {\n kmsKeyArn: data.aws_kms_key.example.arn,\n s3EncryptionMode: \"SSE-KMS\",\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.SecurityConfiguration(\"example\", encryption_configuration=aws.glue.SecurityConfigurationEncryptionConfigurationArgs(\n cloudwatch_encryption=aws.glue.SecurityConfigurationEncryptionConfigurationCloudwatchEncryptionArgs(\n cloudwatch_encryption_mode=\"DISABLED\",\n ),\n job_bookmarks_encryption=aws.glue.SecurityConfigurationEncryptionConfigurationJobBookmarksEncryptionArgs(\n job_bookmarks_encryption_mode=\"DISABLED\",\n ),\n s3_encryption=aws.glue.SecurityConfigurationEncryptionConfigurationS3EncryptionArgs(\n kms_key_arn=data[\"aws_kms_key\"][\"example\"][\"arn\"],\n s3_encryption_mode=\"SSE-KMS\",\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.SecurityConfiguration(\"example\", new Aws.Glue.SecurityConfigurationArgs\n {\n EncryptionConfiguration = new Aws.Glue.Inputs.SecurityConfigurationEncryptionConfigurationArgs\n {\n CloudwatchEncryption = new Aws.Glue.Inputs.SecurityConfigurationEncryptionConfigurationCloudwatchEncryptionArgs\n {\n CloudwatchEncryptionMode = \"DISABLED\",\n },\n JobBookmarksEncryption = new Aws.Glue.Inputs.SecurityConfigurationEncryptionConfigurationJobBookmarksEncryptionArgs\n {\n JobBookmarksEncryptionMode = \"DISABLED\",\n },\n S3Encryption = new Aws.Glue.Inputs.SecurityConfigurationEncryptionConfigurationS3EncryptionArgs\n {\n KmsKeyArn = data.Aws_kms_key.Example.Arn,\n S3EncryptionMode = \"SSE-KMS\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewSecurityConfiguration(ctx, \"example\", &glue.SecurityConfigurationArgs{\n\t\t\tEncryptionConfiguration: &glue.SecurityConfigurationEncryptionConfigurationArgs{\n\t\t\t\tCloudwatchEncryption: &glue.SecurityConfigurationEncryptionConfigurationCloudwatchEncryptionArgs{\n\t\t\t\t\tCloudwatchEncryptionMode: pulumi.String(\"DISABLED\"),\n\t\t\t\t},\n\t\t\t\tJobBookmarksEncryption: &glue.SecurityConfigurationEncryptionConfigurationJobBookmarksEncryptionArgs{\n\t\t\t\t\tJobBookmarksEncryptionMode: pulumi.String(\"DISABLED\"),\n\t\t\t\t},\n\t\t\t\tS3Encryption: &glue.SecurityConfigurationEncryptionConfigurationS3EncryptionArgs{\n\t\t\t\t\tKmsKeyArn: pulumi.Any(data.Aws_kms_key.Example.Arn),\n\t\t\t\t\tS3EncryptionMode: pulumi.String(\"SSE-KMS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Security Configurations can be imported using `name`, e.g.\n\n```sh\n $ pulumi import aws:glue/securityConfiguration:SecurityConfiguration example example\n```\n\n ", + "properties": { + "encryptionConfiguration": { + "$ref": "#/types/aws:glue/SecurityConfigurationEncryptionConfiguration:SecurityConfigurationEncryptionConfiguration", + "description": "Configuration block containing encryption configuration. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the security configuration.\n" + } + }, + "required": [ + "encryptionConfiguration", + "name" + ], + "inputProperties": { + "encryptionConfiguration": { + "$ref": "#/types/aws:glue/SecurityConfigurationEncryptionConfiguration:SecurityConfigurationEncryptionConfiguration", + "description": "Configuration block containing encryption configuration. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the security configuration.\n" + } + }, + "requiredInputs": [ + "encryptionConfiguration" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SecurityConfiguration resources.\n", + "properties": { + "encryptionConfiguration": { + "$ref": "#/types/aws:glue/SecurityConfigurationEncryptionConfiguration:SecurityConfigurationEncryptionConfiguration", + "description": "Configuration block containing encryption configuration. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the security configuration.\n" + } + }, + "type": "object" + } + }, + "aws:glue/trigger:Trigger": { + "description": "Manages a Glue Trigger resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Conditional Trigger\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Trigger(\"example\", {\n type: \"CONDITIONAL\",\n actions: [{\n jobName: aws_glue_job.example1.name,\n }],\n predicate: {\n conditions: [{\n jobName: aws_glue_job.example2.name,\n state: \"SUCCEEDED\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Trigger(\"example\",\n type=\"CONDITIONAL\",\n actions=[aws.glue.TriggerActionArgs(\n job_name=aws_glue_job[\"example1\"][\"name\"],\n )],\n predicate=aws.glue.TriggerPredicateArgs(\n conditions=[aws.glue.TriggerPredicateConditionArgs(\n job_name=aws_glue_job[\"example2\"][\"name\"],\n state=\"SUCCEEDED\",\n )],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Trigger(\"example\", new Aws.Glue.TriggerArgs\n {\n Type = \"CONDITIONAL\",\n Actions = \n {\n new Aws.Glue.Inputs.TriggerActionArgs\n {\n JobName = aws_glue_job.Example1.Name,\n },\n },\n Predicate = new Aws.Glue.Inputs.TriggerPredicateArgs\n {\n Conditions = \n {\n new Aws.Glue.Inputs.TriggerPredicateConditionArgs\n {\n JobName = aws_glue_job.Example2.Name,\n State = \"SUCCEEDED\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewTrigger(ctx, \"example\", &glue.TriggerArgs{\n\t\t\tType: pulumi.String(\"CONDITIONAL\"),\n\t\t\tActions: glue.TriggerActionArray{\n\t\t\t\t&glue.TriggerActionArgs{\n\t\t\t\t\tJobName: pulumi.Any(aws_glue_job.Example1.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPredicate: &glue.TriggerPredicateArgs{\n\t\t\t\tConditions: glue.TriggerPredicateConditionArray{\n\t\t\t\t\t&glue.TriggerPredicateConditionArgs{\n\t\t\t\t\t\tJobName: pulumi.Any(aws_glue_job.Example2.Name),\n\t\t\t\t\t\tState: pulumi.String(\"SUCCEEDED\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### On-Demand Trigger\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Trigger(\"example\", {\n type: \"ON_DEMAND\",\n actions: [{\n jobName: aws_glue_job.example.name,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Trigger(\"example\",\n type=\"ON_DEMAND\",\n actions=[aws.glue.TriggerActionArgs(\n job_name=aws_glue_job[\"example\"][\"name\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Trigger(\"example\", new Aws.Glue.TriggerArgs\n {\n Type = \"ON_DEMAND\",\n Actions = \n {\n new Aws.Glue.Inputs.TriggerActionArgs\n {\n JobName = aws_glue_job.Example.Name,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewTrigger(ctx, \"example\", &glue.TriggerArgs{\n\t\t\tType: pulumi.String(\"ON_DEMAND\"),\n\t\t\tActions: glue.TriggerActionArray{\n\t\t\t\t&glue.TriggerActionArgs{\n\t\t\t\t\tJobName: pulumi.Any(aws_glue_job.Example.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Scheduled Trigger\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Trigger(\"example\", {\n schedule: \"cron(15 12 * * ? *)\",\n type: \"SCHEDULED\",\n actions: [{\n jobName: aws_glue_job.example.name,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Trigger(\"example\",\n schedule=\"cron(15 12 * * ? *)\",\n type=\"SCHEDULED\",\n actions=[aws.glue.TriggerActionArgs(\n job_name=aws_glue_job[\"example\"][\"name\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Trigger(\"example\", new Aws.Glue.TriggerArgs\n {\n Schedule = \"cron(15 12 * * ? *)\",\n Type = \"SCHEDULED\",\n Actions = \n {\n new Aws.Glue.Inputs.TriggerActionArgs\n {\n JobName = aws_glue_job.Example.Name,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewTrigger(ctx, \"example\", &glue.TriggerArgs{\n\t\t\tSchedule: pulumi.String(\"cron(15 12 * * ? *)\"),\n\t\t\tType: pulumi.String(\"SCHEDULED\"),\n\t\t\tActions: glue.TriggerActionArray{\n\t\t\t\t&glue.TriggerActionArgs{\n\t\t\t\t\tJobName: pulumi.Any(aws_glue_job.Example.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Conditional Trigger with Crawler Action\n\n**Note:** Triggers can have both a crawler action and a crawler condition, just no example provided.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Trigger(\"example\", {\n type: \"CONDITIONAL\",\n actions: [{\n crawlerName: aws_glue_crawler.example1.name,\n }],\n predicate: {\n conditions: [{\n jobName: aws_glue_job.example2.name,\n state: \"SUCCEEDED\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Trigger(\"example\",\n type=\"CONDITIONAL\",\n actions=[aws.glue.TriggerActionArgs(\n crawler_name=aws_glue_crawler[\"example1\"][\"name\"],\n )],\n predicate=aws.glue.TriggerPredicateArgs(\n conditions=[aws.glue.TriggerPredicateConditionArgs(\n job_name=aws_glue_job[\"example2\"][\"name\"],\n state=\"SUCCEEDED\",\n )],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Trigger(\"example\", new Aws.Glue.TriggerArgs\n {\n Type = \"CONDITIONAL\",\n Actions = \n {\n new Aws.Glue.Inputs.TriggerActionArgs\n {\n CrawlerName = aws_glue_crawler.Example1.Name,\n },\n },\n Predicate = new Aws.Glue.Inputs.TriggerPredicateArgs\n {\n Conditions = \n {\n new Aws.Glue.Inputs.TriggerPredicateConditionArgs\n {\n JobName = aws_glue_job.Example2.Name,\n State = \"SUCCEEDED\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewTrigger(ctx, \"example\", &glue.TriggerArgs{\n\t\t\tType: pulumi.String(\"CONDITIONAL\"),\n\t\t\tActions: glue.TriggerActionArray{\n\t\t\t\t&glue.TriggerActionArgs{\n\t\t\t\t\tCrawlerName: pulumi.Any(aws_glue_crawler.Example1.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPredicate: &glue.TriggerPredicateArgs{\n\t\t\t\tConditions: glue.TriggerPredicateConditionArray{\n\t\t\t\t\t&glue.TriggerPredicateConditionArgs{\n\t\t\t\t\t\tJobName: pulumi.Any(aws_glue_job.Example2.Name),\n\t\t\t\t\t\tState: pulumi.String(\"SUCCEEDED\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Conditional Trigger with Crawler Condition\n\n**Note:** Triggers can have both a crawler action and a crawler condition, just no example provided.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Trigger(\"example\", {\n type: \"CONDITIONAL\",\n actions: [{\n jobName: aws_glue_job.example1.name,\n }],\n predicate: {\n conditions: [{\n crawlerName: aws_glue_crawler.example2.name,\n crawlState: \"SUCCEEDED\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Trigger(\"example\",\n type=\"CONDITIONAL\",\n actions=[aws.glue.TriggerActionArgs(\n job_name=aws_glue_job[\"example1\"][\"name\"],\n )],\n predicate=aws.glue.TriggerPredicateArgs(\n conditions=[aws.glue.TriggerPredicateConditionArgs(\n crawler_name=aws_glue_crawler[\"example2\"][\"name\"],\n crawl_state=\"SUCCEEDED\",\n )],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Trigger(\"example\", new Aws.Glue.TriggerArgs\n {\n Type = \"CONDITIONAL\",\n Actions = \n {\n new Aws.Glue.Inputs.TriggerActionArgs\n {\n JobName = aws_glue_job.Example1.Name,\n },\n },\n Predicate = new Aws.Glue.Inputs.TriggerPredicateArgs\n {\n Conditions = \n {\n new Aws.Glue.Inputs.TriggerPredicateConditionArgs\n {\n CrawlerName = aws_glue_crawler.Example2.Name,\n CrawlState = \"SUCCEEDED\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.NewTrigger(ctx, \"example\", &glue.TriggerArgs{\n\t\t\tType: pulumi.String(\"CONDITIONAL\"),\n\t\t\tActions: glue.TriggerActionArray{\n\t\t\t\t&glue.TriggerActionArgs{\n\t\t\t\t\tJobName: pulumi.Any(aws_glue_job.Example1.Name),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPredicate: &glue.TriggerPredicateArgs{\n\t\t\t\tConditions: glue.TriggerPredicateConditionArray{\n\t\t\t\t\t&glue.TriggerPredicateConditionArgs{\n\t\t\t\t\t\tCrawlerName: pulumi.Any(aws_glue_crawler.Example2.Name),\n\t\t\t\t\t\tCrawlState: pulumi.String(\"SUCCEEDED\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Triggers can be imported using `name`, e.g.\n\n```sh\n $ pulumi import aws:glue/trigger:Trigger MyTrigger MyTrigger\n```\n\n ", + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/TriggerAction:TriggerAction" + }, + "description": "List of actions initiated by this trigger when it fires. See Actions Below.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Glue Trigger\n" + }, + "description": { + "type": "string", + "description": "A description of the new trigger.\n" + }, + "enabled": { + "type": "boolean", + "description": "Start the trigger. Defaults to `true`.\n" + }, + "name": { + "type": "string", + "description": "The name of the trigger.\n" + }, + "predicate": { + "$ref": "#/types/aws:glue/TriggerPredicate:TriggerPredicate", + "description": "A predicate to specify when the new trigger should fire. Required when trigger type is `CONDITIONAL`. See Predicate Below.\n" + }, + "schedule": { + "type": "string", + "description": "A cron expression used to specify the schedule. [Time-Based Schedules for Jobs and Crawlers](https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html)\n" + }, + "state": { + "type": "string", + "description": "The condition job state. Currently, the values supported are `SUCCEEDED`, `STOPPED`, `TIMEOUT` and `FAILED`. If this is specified, `job_name` must also be specified. Conflicts with `crawler_state`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string", + "description": "The type of trigger. Valid values are `CONDITIONAL`, `ON_DEMAND`, and `SCHEDULED`.\n" + }, + "workflowName": { + "type": "string", + "description": "A workflow to which the trigger should be associated to. Every workflow graph (DAG) needs a starting trigger (`ON_DEMAND` or `SCHEDULED` type) and can contain multiple additional `CONDITIONAL` triggers.\n" + } + }, + "required": [ + "actions", + "arn", + "name", + "state", + "tagsAll", + "type" + ], + "inputProperties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/TriggerAction:TriggerAction" + }, + "description": "List of actions initiated by this trigger when it fires. See Actions Below.\n" + }, + "description": { + "type": "string", + "description": "A description of the new trigger.\n" + }, + "enabled": { + "type": "boolean", + "description": "Start the trigger. Defaults to `true`.\n" + }, + "name": { + "type": "string", + "description": "The name of the trigger.\n" + }, + "predicate": { + "$ref": "#/types/aws:glue/TriggerPredicate:TriggerPredicate", + "description": "A predicate to specify when the new trigger should fire. Required when trigger type is `CONDITIONAL`. See Predicate Below.\n" + }, + "schedule": { + "type": "string", + "description": "A cron expression used to specify the schedule. [Time-Based Schedules for Jobs and Crawlers](https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string", + "description": "The type of trigger. Valid values are `CONDITIONAL`, `ON_DEMAND`, and `SCHEDULED`.\n" + }, + "workflowName": { + "type": "string", + "description": "A workflow to which the trigger should be associated to. Every workflow graph (DAG) needs a starting trigger (`ON_DEMAND` or `SCHEDULED` type) and can contain multiple additional `CONDITIONAL` triggers.\n" + } + }, + "requiredInputs": [ + "actions", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Trigger resources.\n", + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/TriggerAction:TriggerAction" + }, + "description": "List of actions initiated by this trigger when it fires. See Actions Below.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Glue Trigger\n" + }, + "description": { + "type": "string", + "description": "A description of the new trigger.\n" + }, + "enabled": { + "type": "boolean", + "description": "Start the trigger. Defaults to `true`.\n" + }, + "name": { + "type": "string", + "description": "The name of the trigger.\n" + }, + "predicate": { + "$ref": "#/types/aws:glue/TriggerPredicate:TriggerPredicate", + "description": "A predicate to specify when the new trigger should fire. Required when trigger type is `CONDITIONAL`. See Predicate Below.\n" + }, + "schedule": { + "type": "string", + "description": "A cron expression used to specify the schedule. [Time-Based Schedules for Jobs and Crawlers](https://docs.aws.amazon.com/glue/latest/dg/monitor-data-warehouse-schedule.html)\n" + }, + "state": { + "type": "string", + "description": "The condition job state. Currently, the values supported are `SUCCEEDED`, `STOPPED`, `TIMEOUT` and `FAILED`. If this is specified, `job_name` must also be specified. Conflicts with `crawler_state`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string", + "description": "The type of trigger. Valid values are `CONDITIONAL`, `ON_DEMAND`, and `SCHEDULED`.\n" + }, + "workflowName": { + "type": "string", + "description": "A workflow to which the trigger should be associated to. Every workflow graph (DAG) needs a starting trigger (`ON_DEMAND` or `SCHEDULED` type) and can contain multiple additional `CONDITIONAL` triggers.\n" + } + }, + "type": "object" + } + }, + "aws:glue/userDefinedFunction:UserDefinedFunction": { + "description": "Provides a Glue User Defined Function Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleCatalogDatabase = new aws.glue.CatalogDatabase(\"exampleCatalogDatabase\", {name: \"my_database\"});\nconst exampleUserDefinedFunction = new aws.glue.UserDefinedFunction(\"exampleUserDefinedFunction\", {\n catalogId: exampleCatalogDatabase.catalogId,\n databaseName: exampleCatalogDatabase.name,\n className: \"class\",\n ownerName: \"owner\",\n ownerType: \"GROUP\",\n resourceUris: [{\n resourceType: \"ARCHIVE\",\n uri: \"uri\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_catalog_database = aws.glue.CatalogDatabase(\"exampleCatalogDatabase\", name=\"my_database\")\nexample_user_defined_function = aws.glue.UserDefinedFunction(\"exampleUserDefinedFunction\",\n catalog_id=example_catalog_database.catalog_id,\n database_name=example_catalog_database.name,\n class_name=\"class\",\n owner_name=\"owner\",\n owner_type=\"GROUP\",\n resource_uris=[aws.glue.UserDefinedFunctionResourceUriArgs(\n resource_type=\"ARCHIVE\",\n uri=\"uri\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleCatalogDatabase = new Aws.Glue.CatalogDatabase(\"exampleCatalogDatabase\", new Aws.Glue.CatalogDatabaseArgs\n {\n Name = \"my_database\",\n });\n var exampleUserDefinedFunction = new Aws.Glue.UserDefinedFunction(\"exampleUserDefinedFunction\", new Aws.Glue.UserDefinedFunctionArgs\n {\n CatalogId = exampleCatalogDatabase.CatalogId,\n DatabaseName = exampleCatalogDatabase.Name,\n ClassName = \"class\",\n OwnerName = \"owner\",\n OwnerType = \"GROUP\",\n ResourceUris = \n {\n new Aws.Glue.Inputs.UserDefinedFunctionResourceUriArgs\n {\n ResourceType = \"ARCHIVE\",\n Uri = \"uri\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCatalogDatabase, err := glue.NewCatalogDatabase(ctx, \"exampleCatalogDatabase\", &glue.CatalogDatabaseArgs{\n\t\t\tName: pulumi.String(\"my_database\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewUserDefinedFunction(ctx, \"exampleUserDefinedFunction\", &glue.UserDefinedFunctionArgs{\n\t\t\tCatalogId: exampleCatalogDatabase.CatalogId,\n\t\t\tDatabaseName: exampleCatalogDatabase.Name,\n\t\t\tClassName: pulumi.String(\"class\"),\n\t\t\tOwnerName: pulumi.String(\"owner\"),\n\t\t\tOwnerType: pulumi.String(\"GROUP\"),\n\t\t\tResourceUris: glue.UserDefinedFunctionResourceUriArray{\n\t\t\t\t&glue.UserDefinedFunctionResourceUriArgs{\n\t\t\t\t\tResourceType: pulumi.String(\"ARCHIVE\"),\n\t\t\t\t\tUri: pulumi.String(\"uri\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue User Defined Functions can be imported using the `catalog_id:database_name:function_name`. If you have not set a Catalog ID specify the AWS Account ID that the database is in, e.g.\n\n```sh\n $ pulumi import aws:glue/userDefinedFunction:UserDefinedFunction func 123456789012:my_database:my_func\n```\n\n ", + "properties": { + "arn": { + "type": "string" + }, + "catalogId": { + "type": "string", + "description": "ID of the Glue Catalog to create the function in. If omitted, this defaults to the AWS Account ID.\n" + }, + "className": { + "type": "string", + "description": "The Java class that contains the function code.\n" + }, + "createTime": { + "type": "string" + }, + "databaseName": { + "type": "string", + "description": "The name of the Database to create the Function.\n" + }, + "name": { + "type": "string", + "description": "The name of the function.\n" + }, + "ownerName": { + "type": "string", + "description": "The owner of the function.\n" + }, + "ownerType": { + "type": "string", + "description": "The owner type. can be one of `USER`, `ROLE`, and `GROUP`.\n" + }, + "resourceUris": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/UserDefinedFunctionResourceUri:UserDefinedFunctionResourceUri" + }, + "description": "The configuration block for Resource URIs. See resource uris below for more details.\n" + } + }, + "required": [ + "arn", + "className", + "createTime", + "databaseName", + "name", + "ownerName", + "ownerType" + ], + "inputProperties": { + "catalogId": { + "type": "string", + "description": "ID of the Glue Catalog to create the function in. If omitted, this defaults to the AWS Account ID.\n" + }, + "className": { + "type": "string", + "description": "The Java class that contains the function code.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the Database to create the Function.\n" + }, + "name": { + "type": "string", + "description": "The name of the function.\n" + }, + "ownerName": { + "type": "string", + "description": "The owner of the function.\n" + }, + "ownerType": { + "type": "string", + "description": "The owner type. can be one of `USER`, `ROLE`, and `GROUP`.\n" + }, + "resourceUris": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/UserDefinedFunctionResourceUri:UserDefinedFunctionResourceUri" + }, + "description": "The configuration block for Resource URIs. See resource uris below for more details.\n" + } + }, + "requiredInputs": [ + "className", + "databaseName", + "ownerName", + "ownerType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserDefinedFunction resources.\n", + "properties": { + "arn": { + "type": "string" + }, + "catalogId": { + "type": "string", + "description": "ID of the Glue Catalog to create the function in. If omitted, this defaults to the AWS Account ID.\n" + }, + "className": { + "type": "string", + "description": "The Java class that contains the function code.\n" + }, + "createTime": { + "type": "string" + }, + "databaseName": { + "type": "string", + "description": "The name of the Database to create the Function.\n" + }, + "name": { + "type": "string", + "description": "The name of the function.\n" + }, + "ownerName": { + "type": "string", + "description": "The owner of the function.\n" + }, + "ownerType": { + "type": "string", + "description": "The owner type. can be one of `USER`, `ROLE`, and `GROUP`.\n" + }, + "resourceUris": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/UserDefinedFunctionResourceUri:UserDefinedFunctionResourceUri" + }, + "description": "The configuration block for Resource URIs. See resource uris below for more details.\n" + } + }, + "type": "object" + } + }, + "aws:glue/workflow:Workflow": { + "description": "Provides a Glue Workflow resource.\nThe workflow graph (DAG) can be build using the `aws.glue.Trigger` resource.\nSee the example below for creating a graph with four nodes (two triggers and two jobs).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.glue.Workflow(\"example\", {});\nconst example_start = new aws.glue.Trigger(\"example-start\", {\n type: \"ON_DEMAND\",\n workflowName: example.name,\n actions: [{\n jobName: \"example-job\",\n }],\n});\nconst example_inner = new aws.glue.Trigger(\"example-inner\", {\n type: \"CONDITIONAL\",\n workflowName: example.name,\n predicate: {\n conditions: [{\n jobName: \"example-job\",\n state: \"SUCCEEDED\",\n }],\n },\n actions: [{\n jobName: \"another-example-job\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.Workflow(\"example\")\nexample_start = aws.glue.Trigger(\"example-start\",\n type=\"ON_DEMAND\",\n workflow_name=example.name,\n actions=[aws.glue.TriggerActionArgs(\n job_name=\"example-job\",\n )])\nexample_inner = aws.glue.Trigger(\"example-inner\",\n type=\"CONDITIONAL\",\n workflow_name=example.name,\n predicate=aws.glue.TriggerPredicateArgs(\n conditions=[aws.glue.TriggerPredicateConditionArgs(\n job_name=\"example-job\",\n state=\"SUCCEEDED\",\n )],\n ),\n actions=[aws.glue.TriggerActionArgs(\n job_name=\"another-example-job\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Glue.Workflow(\"example\", new Aws.Glue.WorkflowArgs\n {\n });\n var example_start = new Aws.Glue.Trigger(\"example-start\", new Aws.Glue.TriggerArgs\n {\n Type = \"ON_DEMAND\",\n WorkflowName = example.Name,\n Actions = \n {\n new Aws.Glue.Inputs.TriggerActionArgs\n {\n JobName = \"example-job\",\n },\n },\n });\n var example_inner = new Aws.Glue.Trigger(\"example-inner\", new Aws.Glue.TriggerArgs\n {\n Type = \"CONDITIONAL\",\n WorkflowName = example.Name,\n Predicate = new Aws.Glue.Inputs.TriggerPredicateArgs\n {\n Conditions = \n {\n new Aws.Glue.Inputs.TriggerPredicateConditionArgs\n {\n JobName = \"example-job\",\n State = \"SUCCEEDED\",\n },\n },\n },\n Actions = \n {\n new Aws.Glue.Inputs.TriggerActionArgs\n {\n JobName = \"another-example-job\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := glue.NewWorkflow(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewTrigger(ctx, \"example_start\", &glue.TriggerArgs{\n\t\t\tType: pulumi.String(\"ON_DEMAND\"),\n\t\t\tWorkflowName: example.Name,\n\t\t\tActions: glue.TriggerActionArray{\n\t\t\t\t&glue.TriggerActionArgs{\n\t\t\t\t\tJobName: pulumi.String(\"example-job\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = glue.NewTrigger(ctx, \"example_inner\", &glue.TriggerArgs{\n\t\t\tType: pulumi.String(\"CONDITIONAL\"),\n\t\t\tWorkflowName: example.Name,\n\t\t\tPredicate: &glue.TriggerPredicateArgs{\n\t\t\t\tConditions: glue.TriggerPredicateConditionArray{\n\t\t\t\t\t&glue.TriggerPredicateConditionArgs{\n\t\t\t\t\t\tJobName: pulumi.String(\"example-job\"),\n\t\t\t\t\t\tState: pulumi.String(\"SUCCEEDED\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tActions: glue.TriggerActionArray{\n\t\t\t\t&glue.TriggerActionArgs{\n\t\t\t\t\tJobName: pulumi.String(\"another-example-job\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGlue Workflows can be imported using `name`, e.g.\n\n```sh\n $ pulumi import aws:glue/workflow:Workflow MyWorkflow MyWorkflow\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Glue Workflow\n" + }, + "defaultRunProperties": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "A map of default run properties for this workflow. These properties are passed to all jobs associated to the workflow.\n" + }, + "description": { + "type": "string", + "description": "Description of the workflow.\n" + }, + "maxConcurrentRuns": { + "type": "integer", + "description": "Prevents exceeding the maximum number of concurrent runs of any of the component jobs. If you leave this parameter blank, there is no limit to the number of concurrent workflow runs.\n" + }, + "name": { + "type": "string", + "description": "The name you assign to this workflow.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "defaultRunProperties": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "A map of default run properties for this workflow. These properties are passed to all jobs associated to the workflow.\n" + }, + "description": { + "type": "string", + "description": "Description of the workflow.\n" + }, + "maxConcurrentRuns": { + "type": "integer", + "description": "Prevents exceeding the maximum number of concurrent runs of any of the component jobs. If you leave this parameter blank, there is no limit to the number of concurrent workflow runs.\n" + }, + "name": { + "type": "string", + "description": "The name you assign to this workflow.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Workflow resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Glue Workflow\n" + }, + "defaultRunProperties": { + "type": "object", + "additionalProperties": { + "$ref": "pulumi.json#/Any" + }, + "description": "A map of default run properties for this workflow. These properties are passed to all jobs associated to the workflow.\n" + }, + "description": { + "type": "string", + "description": "Description of the workflow.\n" + }, + "maxConcurrentRuns": { + "type": "integer", + "description": "Prevents exceeding the maximum number of concurrent runs of any of the component jobs. If you leave this parameter blank, there is no limit to the number of concurrent workflow runs.\n" + }, + "name": { + "type": "string", + "description": "The name you assign to this workflow.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:guardduty/detector:Detector": { + "description": "Provides a resource to manage a GuardDuty detector.\n\n> **NOTE:** Deleting this resource is equivalent to \"disabling\" GuardDuty for an AWS region, which removes all existing findings. You can set the `enable` attribute to `false` to instead \"suspend\" monitoring and feedback reporting while keeping existing data. See the [Suspending or Disabling Amazon GuardDuty documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_suspend-disable.html) for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDetector = new aws.guardduty.Detector(\"MyDetector\", {\n datasources: {\n s3Logs: {\n enable: true,\n },\n },\n enable: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_detector = aws.guardduty.Detector(\"myDetector\",\n datasources=aws.guardduty.DetectorDatasourcesArgs(\n s3_logs=aws.guardduty.DetectorDatasourcesS3LogsArgs(\n enable=True,\n ),\n ),\n enable=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDetector = new Aws.GuardDuty.Detector(\"myDetector\", new Aws.GuardDuty.DetectorArgs\n {\n Datasources = new Aws.GuardDuty.Inputs.DetectorDatasourcesArgs\n {\n S3Logs = new Aws.GuardDuty.Inputs.DetectorDatasourcesS3LogsArgs\n {\n Enable = true,\n },\n },\n Enable = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := guardduty.NewDetector(ctx, \"myDetector\", &guardduty.DetectorArgs{\n\t\t\tDatasources: &guardduty.DetectorDatasourcesArgs{\n\t\t\t\tS3Logs: &guardduty.DetectorDatasourcesS3LogsArgs{\n\t\t\t\t\tEnable: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGuardDuty detectors can be imported using the detector ID, e.g.\n\n```sh\n $ pulumi import aws:guardduty/detector:Detector MyDetector 00b00fd5aecc0ab60a708659477e9617\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "The AWS account ID of the GuardDuty detector\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the GuardDuty detector\n" + }, + "datasources": { + "$ref": "#/types/aws:guardduty/DetectorDatasources:DetectorDatasources", + "description": "Describes which data sources will be enabled for the detector. See Data Sources below for more details.\n" + }, + "enable": { + "type": "boolean", + "description": "If true, enables [S3 Protection](https://docs.aws.amazon.com/guardduty/latest/ug/s3_detection.html). Defaults to `true`.\n" + }, + "findingPublishingFrequency": { + "type": "string", + "description": "Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to `SIX_HOURS`. For standalone and GuardDuty primary accounts, it must be configured in this provider to enable drift detection. Valid values for standalone and primary accounts: `FIFTEEN_MINUTES`, `ONE_HOUR`, `SIX_HOURS`. See [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency) for more information.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "accountId", + "arn", + "datasources", + "findingPublishingFrequency", + "tagsAll" + ], + "inputProperties": { + "datasources": { + "$ref": "#/types/aws:guardduty/DetectorDatasources:DetectorDatasources", + "description": "Describes which data sources will be enabled for the detector. See Data Sources below for more details.\n" + }, + "enable": { + "type": "boolean", + "description": "If true, enables [S3 Protection](https://docs.aws.amazon.com/guardduty/latest/ug/s3_detection.html). Defaults to `true`.\n" + }, + "findingPublishingFrequency": { + "type": "string", + "description": "Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to `SIX_HOURS`. For standalone and GuardDuty primary accounts, it must be configured in this provider to enable drift detection. Valid values for standalone and primary accounts: `FIFTEEN_MINUTES`, `ONE_HOUR`, `SIX_HOURS`. See [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency) for more information.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Detector resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "The AWS account ID of the GuardDuty detector\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the GuardDuty detector\n" + }, + "datasources": { + "$ref": "#/types/aws:guardduty/DetectorDatasources:DetectorDatasources", + "description": "Describes which data sources will be enabled for the detector. See Data Sources below for more details.\n" + }, + "enable": { + "type": "boolean", + "description": "If true, enables [S3 Protection](https://docs.aws.amazon.com/guardduty/latest/ug/s3_detection.html). Defaults to `true`.\n" + }, + "findingPublishingFrequency": { + "type": "string", + "description": "Specifies the frequency of notifications sent for subsequent finding occurrences. If the detector is a GuardDuty member account, the value is determined by the GuardDuty primary account and cannot be modified, otherwise defaults to `SIX_HOURS`. For standalone and GuardDuty primary accounts, it must be configured in this provider to enable drift detection. Valid values for standalone and primary accounts: `FIFTEEN_MINUTES`, `ONE_HOUR`, `SIX_HOURS`. See [AWS Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html#guardduty_findings_cloudwatch_notification_frequency) for more information.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:guardduty/filter:Filter": { + "description": "Provides a resource to manage a GuardDuty filter.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myFilter = new aws.guardduty.Filter(\"myFilter\", {\n action: \"ARCHIVE\",\n detectorId: aws_guardduty_detector.example.id,\n rank: 1,\n findingCriteria: {\n criterions: [\n {\n field: \"region\",\n equals: [\"eu-west-1\"],\n },\n {\n field: \"service.additionalInfo.threatListName\",\n notEquals: [\n \"some-threat\",\n \"another-threat\",\n ],\n },\n {\n field: \"updatedAt\",\n greaterThan: \"2020-01-01T00:00:00Z\",\n lessThan: \"2020-02-01T00:00:00Z\",\n },\n {\n field: \"severity\",\n greaterThanOrEqual: \"4\",\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_filter = aws.guardduty.Filter(\"myFilter\",\n action=\"ARCHIVE\",\n detector_id=aws_guardduty_detector[\"example\"][\"id\"],\n rank=1,\n finding_criteria=aws.guardduty.FilterFindingCriteriaArgs(\n criterions=[\n aws.guardduty.FilterFindingCriteriaCriterionArgs(\n field=\"region\",\n equals=[\"eu-west-1\"],\n ),\n aws.guardduty.FilterFindingCriteriaCriterionArgs(\n field=\"service.additionalInfo.threatListName\",\n not_equals=[\n \"some-threat\",\n \"another-threat\",\n ],\n ),\n aws.guardduty.FilterFindingCriteriaCriterionArgs(\n field=\"updatedAt\",\n greater_than=\"2020-01-01T00:00:00Z\",\n less_than=\"2020-02-01T00:00:00Z\",\n ),\n aws.guardduty.FilterFindingCriteriaCriterionArgs(\n field=\"severity\",\n greater_than_or_equal=\"4\",\n ),\n ],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myFilter = new Aws.GuardDuty.Filter(\"myFilter\", new Aws.GuardDuty.FilterArgs\n {\n Action = \"ARCHIVE\",\n DetectorId = aws_guardduty_detector.Example.Id,\n Rank = 1,\n FindingCriteria = new Aws.GuardDuty.Inputs.FilterFindingCriteriaArgs\n {\n Criterions = \n {\n new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs\n {\n Field = \"region\",\n Equals = \n {\n \"eu-west-1\",\n },\n },\n new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs\n {\n Field = \"service.additionalInfo.threatListName\",\n NotEquals = \n {\n \"some-threat\",\n \"another-threat\",\n },\n },\n new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs\n {\n Field = \"updatedAt\",\n GreaterThan = \"2020-01-01T00:00:00Z\",\n LessThan = \"2020-02-01T00:00:00Z\",\n },\n new Aws.GuardDuty.Inputs.FilterFindingCriteriaCriterionArgs\n {\n Field = \"severity\",\n GreaterThanOrEqual = \"4\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := guardduty.NewFilter(ctx, \"myFilter\", &guardduty.FilterArgs{\n\t\t\tAction: pulumi.String(\"ARCHIVE\"),\n\t\t\tDetectorId: pulumi.Any(aws_guardduty_detector.Example.Id),\n\t\t\tRank: pulumi.Int(1),\n\t\t\tFindingCriteria: &guardduty.FilterFindingCriteriaArgs{\n\t\t\t\tCriterions: guardduty.FilterFindingCriteriaCriterionArray{\n\t\t\t\t\t&guardduty.FilterFindingCriteriaCriterionArgs{\n\t\t\t\t\t\tField: pulumi.String(\"region\"),\n\t\t\t\t\t\tEquals: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"eu-west-1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t&guardduty.FilterFindingCriteriaCriterionArgs{\n\t\t\t\t\t\tField: pulumi.String(\"service.additionalInfo.threatListName\"),\n\t\t\t\t\t\tNotEquals: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"some-threat\"),\n\t\t\t\t\t\t\tpulumi.String(\"another-threat\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\t&guardduty.FilterFindingCriteriaCriterionArgs{\n\t\t\t\t\t\tField: pulumi.String(\"updatedAt\"),\n\t\t\t\t\t\tGreaterThan: pulumi.String(\"2020-01-01T00:00:00Z\"),\n\t\t\t\t\t\tLessThan: pulumi.String(\"2020-02-01T00:00:00Z\"),\n\t\t\t\t\t},\n\t\t\t\t\t&guardduty.FilterFindingCriteriaCriterionArgs{\n\t\t\t\t\t\tField: pulumi.String(\"severity\"),\n\t\t\t\t\t\tGreaterThanOrEqual: pulumi.String(\"4\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGuardDuty filters can be imported using the detector ID and filter's name separated by a colon, e.g.\n\n```sh\n $ pulumi import aws:guardduty/filter:Filter MyFilter 00b00fd5aecc0ab60a708659477e9617:MyFilter\n```\n\n ", + "properties": { + "action": { + "type": "string", + "description": "Specifies the action that is to be applied to the findings that match the filter. Can be one of `ARCHIVE` or `NOOP`.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the GuardDuty filter.\n" + }, + "description": { + "type": "string", + "description": "Description of the filter.\n" + }, + "detectorId": { + "type": "string", + "description": "ID of a GuardDuty detector, attached to your account.\n" + }, + "findingCriteria": { + "$ref": "#/types/aws:guardduty/FilterFindingCriteria:FilterFindingCriteria", + "description": "Represents the criteria to be used in the filter for querying findings. Contains one or more `criterion` blocks, documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of your filter.\n" + }, + "rank": { + "type": "integer", + "description": "Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "action", + "arn", + "detectorId", + "findingCriteria", + "name", + "rank", + "tagsAll" + ], + "inputProperties": { + "action": { + "type": "string", + "description": "Specifies the action that is to be applied to the findings that match the filter. Can be one of `ARCHIVE` or `NOOP`.\n" + }, + "description": { + "type": "string", + "description": "Description of the filter.\n" + }, + "detectorId": { + "type": "string", + "description": "ID of a GuardDuty detector, attached to your account.\n" + }, + "findingCriteria": { + "$ref": "#/types/aws:guardduty/FilterFindingCriteria:FilterFindingCriteria", + "description": "Represents the criteria to be used in the filter for querying findings. Contains one or more `criterion` blocks, documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of your filter.\n" + }, + "rank": { + "type": "integer", + "description": "Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "action", + "detectorId", + "findingCriteria", + "rank" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Filter resources.\n", + "properties": { + "action": { + "type": "string", + "description": "Specifies the action that is to be applied to the findings that match the filter. Can be one of `ARCHIVE` or `NOOP`.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the GuardDuty filter.\n" + }, + "description": { + "type": "string", + "description": "Description of the filter.\n" + }, + "detectorId": { + "type": "string", + "description": "ID of a GuardDuty detector, attached to your account.\n" + }, + "findingCriteria": { + "$ref": "#/types/aws:guardduty/FilterFindingCriteria:FilterFindingCriteria", + "description": "Represents the criteria to be used in the filter for querying findings. Contains one or more `criterion` blocks, documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of your filter.\n" + }, + "rank": { + "type": "integer", + "description": "Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags that you want to add to the Filter resource. A tag consists of a key and a value. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:guardduty/iPSet:IPSet": { + "description": "Provides a resource to manage a GuardDuty IPSet.\n\n> **Note:** Currently in GuardDuty, users from member accounts cannot upload and further manage IPSets. IPSets that are uploaded by the primary account are imposed on GuardDuty functionality in its member accounts. See the [GuardDuty API Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/create-ip-set.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.guardduty.Detector(\"primary\", {enable: true});\nconst bucket = new aws.s3.Bucket(\"bucket\", {acl: \"private\"});\nconst myIPSet = new aws.s3.BucketObject(\"myIPSet\", {\n acl: \"public-read\",\n content: \"10.0.0.0/8\\n\",\n bucket: bucket.id,\n key: \"MyIPSet\",\n});\nconst example = new aws.guardduty.IPSet(\"example\", {\n activate: true,\n detectorId: primary.id,\n format: \"TXT\",\n location: pulumi.interpolate`https://s3.amazonaws.com/${myIPSet.bucket}/${myIPSet.key}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.guardduty.Detector(\"primary\", enable=True)\nbucket = aws.s3.Bucket(\"bucket\", acl=\"private\")\nmy_ip_set = aws.s3.BucketObject(\"myIPSet\",\n acl=\"public-read\",\n content=\"10.0.0.0/8\\n\",\n bucket=bucket.id,\n key=\"MyIPSet\")\nexample = aws.guardduty.IPSet(\"example\",\n activate=True,\n detector_id=primary.id,\n format=\"TXT\",\n location=pulumi.Output.all(my_ip_set.bucket, my_ip_set.key).apply(lambda bucket, key: f\"https://s3.amazonaws.com/{bucket}/{key}\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var primary = new Aws.GuardDuty.Detector(\"primary\", new Aws.GuardDuty.DetectorArgs\n {\n Enable = true,\n });\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var myIPSet = new Aws.S3.BucketObject(\"myIPSet\", new Aws.S3.BucketObjectArgs\n {\n Acl = \"public-read\",\n Content = @\"10.0.0.0/8\n\",\n Bucket = bucket.Id,\n Key = \"MyIPSet\",\n });\n var example = new Aws.GuardDuty.IPSet(\"example\", new Aws.GuardDuty.IPSetArgs\n {\n Activate = true,\n DetectorId = primary.Id,\n Format = \"TXT\",\n Location = Output.Tuple(myIPSet.Bucket, myIPSet.Key).Apply(values =>\n {\n var bucket = values.Item1;\n var key = values.Item2;\n return $\"https://s3.amazonaws.com/{bucket}/{key}\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := guardduty.NewDetector(ctx, \"primary\", &guardduty.DetectorArgs{\n\t\t\tEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyIPSet, err := s3.NewBucketObject(ctx, \"myIPSet\", &s3.BucketObjectArgs{\n\t\t\tAcl: pulumi.String(\"public-read\"),\n\t\t\tContent: pulumi.String(\"10.0.0.0/8\\n\"),\n\t\t\tBucket: bucket.ID(),\n\t\t\tKey: pulumi.String(\"MyIPSet\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = guardduty.NewIPSet(ctx, \"example\", &guardduty.IPSetArgs{\n\t\t\tActivate: pulumi.Bool(true),\n\t\t\tDetectorId: primary.ID(),\n\t\t\tFormat: pulumi.String(\"TXT\"),\n\t\t\tLocation: pulumi.All(myIPSet.Bucket, myIPSet.Key).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tbucket := _args[0].(string)\n\t\t\t\tkey := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v\", \"https://s3.amazonaws.com/\", bucket, \"/\", key), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGuardDuty IPSet can be imported using the the primary GuardDuty detector ID and IPSet ID, e.g.\n\n```sh\n $ pulumi import aws:guardduty/iPSet:IPSet MyIPSet 00b00fd5aecc0ab60a708659477e9617:123456789012\n```\n\n ", + "properties": { + "activate": { + "type": "boolean", + "description": "Specifies whether GuardDuty is to start using the uploaded IPSet.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the GuardDuty IPSet.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty.\n" + }, + "format": { + "type": "string", + "description": "The format of the file that contains the IPSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`\n" + }, + "location": { + "type": "string", + "description": "The URI of the file that contains the IPSet.\n" + }, + "name": { + "type": "string", + "description": "The friendly name to identify the IPSet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "activate", + "arn", + "detectorId", + "format", + "location", + "name", + "tagsAll" + ], + "inputProperties": { + "activate": { + "type": "boolean", + "description": "Specifies whether GuardDuty is to start using the uploaded IPSet.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty.\n" + }, + "format": { + "type": "string", + "description": "The format of the file that contains the IPSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`\n" + }, + "location": { + "type": "string", + "description": "The URI of the file that contains the IPSet.\n" + }, + "name": { + "type": "string", + "description": "The friendly name to identify the IPSet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "activate", + "detectorId", + "format", + "location" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IPSet resources.\n", + "properties": { + "activate": { + "type": "boolean", + "description": "Specifies whether GuardDuty is to start using the uploaded IPSet.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the GuardDuty IPSet.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty.\n" + }, + "format": { + "type": "string", + "description": "The format of the file that contains the IPSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`\n" + }, + "location": { + "type": "string", + "description": "The URI of the file that contains the IPSet.\n" + }, + "name": { + "type": "string", + "description": "The friendly name to identify the IPSet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:guardduty/inviteAccepter:InviteAccepter": { + "description": "Provides a resource to accept a pending GuardDuty invite on creation, ensure the detector has the correct primary account on read, and disassociate with the primary account upon removal.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.Provider(\"primary\", {});\nconst member = new aws.Provider(\"member\", {});\nconst primaryDetector = new aws.guardduty.Detector(\"primaryDetector\", {}, {\n provider: aws.primary,\n});\nconst memberDetector = new aws.guardduty.Detector(\"memberDetector\", {}, {\n provider: aws.member,\n});\nconst memberMember = new aws.guardduty.Member(\"memberMember\", {\n accountId: memberDetector.accountId,\n detectorId: primaryDetector.id,\n email: \"required@example.com\",\n invite: true,\n}, {\n provider: aws.primary,\n});\nconst memberInviteAccepter = new aws.guardduty.InviteAccepter(\"memberInviteAccepter\", {\n detectorId: memberDetector.id,\n masterAccountId: primaryDetector.accountId,\n}, {\n provider: aws.member,\n dependsOn: [memberMember],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\nprimary = pulumi.providers.Aws(\"primary\")\nmember = pulumi.providers.Aws(\"member\")\nprimary_detector = aws.guardduty.Detector(\"primaryDetector\", opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nmember_detector = aws.guardduty.Detector(\"memberDetector\", opts=pulumi.ResourceOptions(provider=aws[\"member\"]))\nmember_member = aws.guardduty.Member(\"memberMember\",\n account_id=member_detector.account_id,\n detector_id=primary_detector.id,\n email=\"required@example.com\",\n invite=True,\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nmember_invite_accepter = aws.guardduty.InviteAccepter(\"memberInviteAccepter\",\n detector_id=member_detector.id,\n master_account_id=primary_detector.account_id,\n opts=pulumi.ResourceOptions(provider=aws[\"member\"],\n depends_on=[member_member]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var primary = new Aws.Provider(\"primary\", new Aws.ProviderArgs\n {\n });\n var member = new Aws.Provider(\"member\", new Aws.ProviderArgs\n {\n });\n var primaryDetector = new Aws.GuardDuty.Detector(\"primaryDetector\", new Aws.GuardDuty.DetectorArgs\n {\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n var memberDetector = new Aws.GuardDuty.Detector(\"memberDetector\", new Aws.GuardDuty.DetectorArgs\n {\n }, new CustomResourceOptions\n {\n Provider = aws.Member,\n });\n var memberMember = new Aws.GuardDuty.Member(\"memberMember\", new Aws.GuardDuty.MemberArgs\n {\n AccountId = memberDetector.AccountId,\n DetectorId = primaryDetector.Id,\n Email = \"required@example.com\",\n Invite = true,\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n var memberInviteAccepter = new Aws.GuardDuty.InviteAccepter(\"memberInviteAccepter\", new Aws.GuardDuty.InviteAccepterArgs\n {\n DetectorId = memberDetector.Id,\n MasterAccountId = primaryDetector.AccountId,\n }, new CustomResourceOptions\n {\n Provider = aws.Member,\n DependsOn = \n {\n memberMember,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"primary\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = providers.Newaws(ctx, \"member\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryDetector, err := guardduty.NewDetector(ctx, \"primaryDetector\", nil, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmemberDetector, err := guardduty.NewDetector(ctx, \"memberDetector\", nil, pulumi.Provider(aws.Member))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmemberMember, err := guardduty.NewMember(ctx, \"memberMember\", &guardduty.MemberArgs{\n\t\t\tAccountId: memberDetector.AccountId,\n\t\t\tDetectorId: primaryDetector.ID(),\n\t\t\tEmail: pulumi.String(\"required@example.com\"),\n\t\t\tInvite: pulumi.Bool(true),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = guardduty.NewInviteAccepter(ctx, \"memberInviteAccepter\", &guardduty.InviteAccepterArgs{\n\t\t\tDetectorId: memberDetector.ID(),\n\t\t\tMasterAccountId: primaryDetector.AccountId,\n\t\t}, pulumi.Provider(aws.Member), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tmemberMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_guardduty_invite_accepter` can be imported using the the member GuardDuty detector ID, e.g.\n\n```sh\n $ pulumi import aws:guardduty/inviteAccepter:InviteAccepter member 00b00fd5aecc0ab60a708659477e9617\n```\n\n ", + "properties": { + "detectorId": { + "type": "string", + "description": "The detector ID of the member GuardDuty account.\n" + }, + "masterAccountId": { + "type": "string", + "description": "AWS account ID for primary account.\n" + } + }, + "required": [ + "detectorId", + "masterAccountId" + ], + "inputProperties": { + "detectorId": { + "type": "string", + "description": "The detector ID of the member GuardDuty account.\n" + }, + "masterAccountId": { + "type": "string", + "description": "AWS account ID for primary account.\n" + } + }, + "requiredInputs": [ + "detectorId", + "masterAccountId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering InviteAccepter resources.\n", + "properties": { + "detectorId": { + "type": "string", + "description": "The detector ID of the member GuardDuty account.\n" + }, + "masterAccountId": { + "type": "string", + "description": "AWS account ID for primary account.\n" + } + }, + "type": "object" + } + }, + "aws:guardduty/member:Member": { + "description": "Provides a resource to manage a GuardDuty member. To accept invitations in member accounts, see the `aws.guardduty.InviteAccepter` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.guardduty.Detector(\"primary\", {enable: true});\nconst memberDetector = new aws.guardduty.Detector(\"memberDetector\", {enable: true}, {\n provider: aws.dev,\n});\nconst memberMember = new aws.guardduty.Member(\"memberMember\", {\n accountId: memberDetector.accountId,\n detectorId: primary.id,\n email: \"required@example.com\",\n invite: true,\n invitationMessage: \"please accept guardduty invitation\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.guardduty.Detector(\"primary\", enable=True)\nmember_detector = aws.guardduty.Detector(\"memberDetector\", enable=True,\nopts=pulumi.ResourceOptions(provider=aws[\"dev\"]))\nmember_member = aws.guardduty.Member(\"memberMember\",\n account_id=member_detector.account_id,\n detector_id=primary.id,\n email=\"required@example.com\",\n invite=True,\n invitation_message=\"please accept guardduty invitation\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var primary = new Aws.GuardDuty.Detector(\"primary\", new Aws.GuardDuty.DetectorArgs\n {\n Enable = true,\n });\n var memberDetector = new Aws.GuardDuty.Detector(\"memberDetector\", new Aws.GuardDuty.DetectorArgs\n {\n Enable = true,\n }, new CustomResourceOptions\n {\n Provider = aws.Dev,\n });\n var memberMember = new Aws.GuardDuty.Member(\"memberMember\", new Aws.GuardDuty.MemberArgs\n {\n AccountId = memberDetector.AccountId,\n DetectorId = primary.Id,\n Email = \"required@example.com\",\n Invite = true,\n InvitationMessage = \"please accept guardduty invitation\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := guardduty.NewDetector(ctx, \"primary\", &guardduty.DetectorArgs{\n\t\t\tEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmemberDetector, err := guardduty.NewDetector(ctx, \"memberDetector\", &guardduty.DetectorArgs{\n\t\t\tEnable: pulumi.Bool(true),\n\t\t}, pulumi.Provider(aws.Dev))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = guardduty.NewMember(ctx, \"memberMember\", &guardduty.MemberArgs{\n\t\t\tAccountId: memberDetector.AccountId,\n\t\t\tDetectorId: primary.ID(),\n\t\t\tEmail: pulumi.String(\"required@example.com\"),\n\t\t\tInvite: pulumi.Bool(true),\n\t\t\tInvitationMessage: pulumi.String(\"please accept guardduty invitation\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGuardDuty members can be imported using the the primary GuardDuty detector ID and member AWS account ID, e.g.\n\n```sh\n $ pulumi import aws:guardduty/member:Member MyMember 00b00fd5aecc0ab60a708659477e9617:123456789012\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "AWS account ID for member account.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty account where you want to create member accounts.\n" + }, + "disableEmailNotification": { + "type": "boolean", + "description": "Boolean whether an email notification is sent to the accounts. Defaults to `false`.\n" + }, + "email": { + "type": "string", + "description": "Email address for member account.\n" + }, + "invitationMessage": { + "type": "string", + "description": "Message for invitation.\n" + }, + "invite": { + "type": "boolean", + "description": "Boolean whether to invite the account to GuardDuty as a member. Defaults to `false`. To detect if an invitation needs to be (re-)sent, the this provider state value is `true` based on a `relationship_status` of `Disabled`, `Enabled`, `Invited`, or `EmailVerificationInProgress`.\n" + }, + "relationshipStatus": { + "type": "string", + "description": "The status of the relationship between the member account and its primary account. More information can be found in [Amazon GuardDuty API Reference](https://docs.aws.amazon.com/guardduty/latest/ug/get-members.html).\n" + } + }, + "required": [ + "accountId", + "detectorId", + "email", + "relationshipStatus" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "AWS account ID for member account.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty account where you want to create member accounts.\n" + }, + "disableEmailNotification": { + "type": "boolean", + "description": "Boolean whether an email notification is sent to the accounts. Defaults to `false`.\n" + }, + "email": { + "type": "string", + "description": "Email address for member account.\n" + }, + "invitationMessage": { + "type": "string", + "description": "Message for invitation.\n" + }, + "invite": { + "type": "boolean", + "description": "Boolean whether to invite the account to GuardDuty as a member. Defaults to `false`. To detect if an invitation needs to be (re-)sent, the this provider state value is `true` based on a `relationship_status` of `Disabled`, `Enabled`, `Invited`, or `EmailVerificationInProgress`.\n" + } + }, + "requiredInputs": [ + "accountId", + "detectorId", + "email" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Member resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "AWS account ID for member account.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty account where you want to create member accounts.\n" + }, + "disableEmailNotification": { + "type": "boolean", + "description": "Boolean whether an email notification is sent to the accounts. Defaults to `false`.\n" + }, + "email": { + "type": "string", + "description": "Email address for member account.\n" + }, + "invitationMessage": { + "type": "string", + "description": "Message for invitation.\n" + }, + "invite": { + "type": "boolean", + "description": "Boolean whether to invite the account to GuardDuty as a member. Defaults to `false`. To detect if an invitation needs to be (re-)sent, the this provider state value is `true` based on a `relationship_status` of `Disabled`, `Enabled`, `Invited`, or `EmailVerificationInProgress`.\n" + }, + "relationshipStatus": { + "type": "string", + "description": "The status of the relationship between the member account and its primary account. More information can be found in [Amazon GuardDuty API Reference](https://docs.aws.amazon.com/guardduty/latest/ug/get-members.html).\n" + } + }, + "type": "object" + } + }, + "aws:guardduty/organizationAdminAccount:OrganizationAdminAccount": { + "description": "Manages a GuardDuty Organization Admin Account. The AWS account utilizing this resource must be an Organizations primary account. More information about Organizations support in GuardDuty can be found in the [GuardDuty User Guide](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleOrganization = new aws.organizations.Organization(\"exampleOrganization\", {\n awsServiceAccessPrincipals: [\"guardduty.amazonaws.com\"],\n featureSet: \"ALL\",\n});\nconst exampleDetector = new aws.guardduty.Detector(\"exampleDetector\", {});\nconst exampleOrganizationAdminAccount = new aws.guardduty.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", {adminAccountId: \"123456789012\"}, {\n dependsOn: [exampleOrganization],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_organization = aws.organizations.Organization(\"exampleOrganization\",\n aws_service_access_principals=[\"guardduty.amazonaws.com\"],\n feature_set=\"ALL\")\nexample_detector = aws.guardduty.Detector(\"exampleDetector\")\nexample_organization_admin_account = aws.guardduty.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", admin_account_id=\"123456789012\",\nopts=pulumi.ResourceOptions(depends_on=[example_organization]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleOrganization = new Aws.Organizations.Organization(\"exampleOrganization\", new Aws.Organizations.OrganizationArgs\n {\n AwsServiceAccessPrincipals = \n {\n \"guardduty.amazonaws.com\",\n },\n FeatureSet = \"ALL\",\n });\n var exampleDetector = new Aws.GuardDuty.Detector(\"exampleDetector\", new Aws.GuardDuty.DetectorArgs\n {\n });\n var exampleOrganizationAdminAccount = new Aws.GuardDuty.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", new Aws.GuardDuty.OrganizationAdminAccountArgs\n {\n AdminAccountId = \"123456789012\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleOrganization,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleOrganization, err := organizations.NewOrganization(ctx, \"exampleOrganization\", &organizations.OrganizationArgs{\n\t\t\tAwsServiceAccessPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"guardduty.amazonaws.com\"),\n\t\t\t},\n\t\t\tFeatureSet: pulumi.String(\"ALL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = guardduty.NewDetector(ctx, \"exampleDetector\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = guardduty.NewOrganizationAdminAccount(ctx, \"exampleOrganizationAdminAccount\", &guardduty.OrganizationAdminAccountArgs{\n\t\t\tAdminAccountId: pulumi.String(\"123456789012\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleOrganization,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGuardDuty Organization Admin Account can be imported using the AWS account ID, e.g.\n\n```sh\n $ pulumi import aws:guardduty/organizationAdminAccount:OrganizationAdminAccount example 123456789012\n```\n\n ", + "properties": { + "adminAccountId": { + "type": "string", + "description": "AWS account identifier to designate as a delegated administrator for GuardDuty.\n" + } + }, + "required": [ + "adminAccountId" + ], + "inputProperties": { + "adminAccountId": { + "type": "string", + "description": "AWS account identifier to designate as a delegated administrator for GuardDuty.\n" + } + }, + "requiredInputs": [ + "adminAccountId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OrganizationAdminAccount resources.\n", + "properties": { + "adminAccountId": { + "type": "string", + "description": "AWS account identifier to designate as a delegated administrator for GuardDuty.\n" + } + }, + "type": "object" + } + }, + "aws:guardduty/organizationConfiguration:OrganizationConfiguration": { + "description": "Manages the GuardDuty Organization Configuration in the current AWS Region. The AWS account utilizing this resource must have been assigned as a delegated Organization administrator account, e.g. via the `aws.guardduty.OrganizationAdminAccount` resource. More information about Organizations support in GuardDuty can be found in the [GuardDuty User Guide](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_organizations.html).\n\n> **NOTE:** This is an advanced resource. The provider will automatically assume management of the GuardDuty Organization Configuration without import and perform no actions on removal from the resource configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDetector = new aws.guardduty.Detector(\"exampleDetector\", {enable: true});\nconst exampleOrganizationConfiguration = new aws.guardduty.OrganizationConfiguration(\"exampleOrganizationConfiguration\", {\n autoEnable: true,\n detectorId: exampleDetector.id,\n datasources: {\n s3Logs: {\n autoEnable: true,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_detector = aws.guardduty.Detector(\"exampleDetector\", enable=True)\nexample_organization_configuration = aws.guardduty.OrganizationConfiguration(\"exampleOrganizationConfiguration\",\n auto_enable=True,\n detector_id=example_detector.id,\n datasources=aws.guardduty.OrganizationConfigurationDatasourcesArgs(\n s3_logs=aws.guardduty.OrganizationConfigurationDatasourcesS3LogsArgs(\n auto_enable=True,\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleDetector = new Aws.GuardDuty.Detector(\"exampleDetector\", new Aws.GuardDuty.DetectorArgs\n {\n Enable = true,\n });\n var exampleOrganizationConfiguration = new Aws.GuardDuty.OrganizationConfiguration(\"exampleOrganizationConfiguration\", new Aws.GuardDuty.OrganizationConfigurationArgs\n {\n AutoEnable = true,\n DetectorId = exampleDetector.Id,\n Datasources = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesArgs\n {\n S3Logs = new Aws.GuardDuty.Inputs.OrganizationConfigurationDatasourcesS3LogsArgs\n {\n AutoEnable = true,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDetector, err := guardduty.NewDetector(ctx, \"exampleDetector\", &guardduty.DetectorArgs{\n\t\t\tEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = guardduty.NewOrganizationConfiguration(ctx, \"exampleOrganizationConfiguration\", &guardduty.OrganizationConfigurationArgs{\n\t\t\tAutoEnable: pulumi.Bool(true),\n\t\t\tDetectorId: exampleDetector.ID(),\n\t\t\tDatasources: &guardduty.OrganizationConfigurationDatasourcesArgs{\n\t\t\t\tS3Logs: &guardduty.OrganizationConfigurationDatasourcesS3LogsArgs{\n\t\t\t\t\tAutoEnable: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGuardDuty Organization Configurations can be imported using the GuardDuty Detector ID, e.g.\n\n```sh\n $ pulumi import aws:guardduty/organizationConfiguration:OrganizationConfiguration example 00b00fd5aecc0ab60a708659477e9617\n```\n\n ", + "properties": { + "autoEnable": { + "type": "boolean", + "description": "When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.\n" + }, + "datasources": { + "$ref": "#/types/aws:guardduty/OrganizationConfigurationDatasources:OrganizationConfigurationDatasources", + "description": "Configuration for the collected datasources.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty account.\n" + } + }, + "required": [ + "autoEnable", + "datasources", + "detectorId" + ], + "inputProperties": { + "autoEnable": { + "type": "boolean", + "description": "When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.\n" + }, + "datasources": { + "$ref": "#/types/aws:guardduty/OrganizationConfigurationDatasources:OrganizationConfigurationDatasources", + "description": "Configuration for the collected datasources.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty account.\n" + } + }, + "requiredInputs": [ + "autoEnable", + "detectorId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OrganizationConfiguration resources.\n", + "properties": { + "autoEnable": { + "type": "boolean", + "description": "When this setting is enabled, all new accounts that are created in, or added to, the organization are added as a member accounts of the organization’s GuardDuty delegated administrator and GuardDuty is enabled in that AWS Region.\n" + }, + "datasources": { + "$ref": "#/types/aws:guardduty/OrganizationConfigurationDatasources:OrganizationConfigurationDatasources", + "description": "Configuration for the collected datasources.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty account.\n" + } + }, + "type": "object" + } + }, + "aws:guardduty/publishingDestination:PublishingDestination": { + "description": "Provides a resource to manage a GuardDuty PublishingDestination. Requires an existing GuardDuty Detector.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst currentRegion = aws.getRegion({});\nconst gdBucket = new aws.s3.Bucket(\"gdBucket\", {\n acl: \"private\",\n forceDestroy: true,\n});\nconst bucketPol = pulumi.all([gdBucket.arn, gdBucket.arn]).apply(([gdBucketArn, gdBucketArn1]) => aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"Allow PutObject\",\n actions: [\"s3:PutObject\"],\n resources: [`${gdBucketArn}/*`],\n principals: [{\n type: \"Service\",\n identifiers: [\"guardduty.amazonaws.com\"],\n }],\n },\n {\n sid: \"Allow GetBucketLocation\",\n actions: [\"s3:GetBucketLocation\"],\n resources: [gdBucketArn1],\n principals: [{\n type: \"Service\",\n identifiers: [\"guardduty.amazonaws.com\"],\n }],\n },\n ],\n}));\nconst kmsPol = Promise.all([currentRegion, currentCallerIdentity, currentRegion, currentCallerIdentity, currentCallerIdentity]).then(([currentRegion, currentCallerIdentity, currentRegion1, currentCallerIdentity1, currentCallerIdentity2]) => aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"Allow GuardDuty to encrypt findings\",\n actions: [\"kms:GenerateDataKey\"],\n resources: [`arn:aws:kms:${currentRegion.name}:${currentCallerIdentity.accountId}:key/*`],\n principals: [{\n type: \"Service\",\n identifiers: [\"guardduty.amazonaws.com\"],\n }],\n },\n {\n sid: \"Allow all users to modify/delete key (test only)\",\n actions: [\"kms:*\"],\n resources: [`arn:aws:kms:${currentRegion1.name}:${currentCallerIdentity1.accountId}:key/*`],\n principals: [{\n type: \"AWS\",\n identifiers: [`arn:aws:iam::${currentCallerIdentity2.accountId}:root`],\n }],\n },\n ],\n}));\nconst testGd = new aws.guardduty.Detector(\"testGd\", {enable: true});\nconst gdBucketPolicy = new aws.s3.BucketPolicy(\"gdBucketPolicy\", {\n bucket: gdBucket.id,\n policy: bucketPol.apply(bucketPol => bucketPol.json),\n});\nconst gdKey = new aws.kms.Key(\"gdKey\", {\n description: \"Temporary key for AccTest of TF\",\n deletionWindowInDays: 7,\n policy: kmsPol.then(kmsPol => kmsPol.json),\n});\nconst test = new aws.guardduty.PublishingDestination(\"test\", {\n detectorId: testGd.id,\n destinationArn: gdBucket.arn,\n kmsKeyArn: gdKey.arn,\n}, {\n dependsOn: [gdBucketPolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent_caller_identity = aws.get_caller_identity()\ncurrent_region = aws.get_region()\ngd_bucket = aws.s3.Bucket(\"gdBucket\",\n acl=\"private\",\n force_destroy=True)\nbucket_pol = pulumi.Output.all(gd_bucket.arn, gd_bucket.arn).apply(lambda gdBucketArn, gdBucketArn1: aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow PutObject\",\n actions=[\"s3:PutObject\"],\n resources=[f\"{gd_bucket_arn}/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"guardduty.amazonaws.com\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow GetBucketLocation\",\n actions=[\"s3:GetBucketLocation\"],\n resources=[gd_bucket_arn1],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"guardduty.amazonaws.com\"],\n )],\n ),\n]))\nkms_pol = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow GuardDuty to encrypt findings\",\n actions=[\"kms:GenerateDataKey\"],\n resources=[f\"arn:aws:kms:{current_region.name}:{current_caller_identity.account_id}:key/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"guardduty.amazonaws.com\"],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"Allow all users to modify/delete key (test only)\",\n actions=[\"kms:*\"],\n resources=[f\"arn:aws:kms:{current_region.name}:{current_caller_identity.account_id}:key/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[f\"arn:aws:iam::{current_caller_identity.account_id}:root\"],\n )],\n ),\n])\ntest_gd = aws.guardduty.Detector(\"testGd\", enable=True)\ngd_bucket_policy = aws.s3.BucketPolicy(\"gdBucketPolicy\",\n bucket=gd_bucket.id,\n policy=bucket_pol.json)\ngd_key = aws.kms.Key(\"gdKey\",\n description=\"Temporary key for AccTest of TF\",\n deletion_window_in_days=7,\n policy=kms_pol.json)\ntest = aws.guardduty.PublishingDestination(\"test\",\n detector_id=test_gd.id,\n destination_arn=gd_bucket.arn,\n kms_key_arn=gd_key.arn,\n opts=pulumi.ResourceOptions(depends_on=[gd_bucket_policy]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());\n var gdBucket = new Aws.S3.Bucket(\"gdBucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n ForceDestroy = true,\n });\n var bucketPol = Output.Tuple(gdBucket.Arn, gdBucket.Arn).Apply(values =>\n {\n var gdBucketArn = values.Item1;\n var gdBucketArn1 = values.Item2;\n return Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"Allow PutObject\",\n Actions = \n {\n \"s3:PutObject\",\n },\n Resources = \n {\n $\"{gdBucketArn}/*\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"guardduty.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"Allow GetBucketLocation\",\n Actions = \n {\n \"s3:GetBucketLocation\",\n },\n Resources = \n {\n gdBucketArn1,\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"guardduty.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n });\n var kmsPol = Output.Tuple(currentRegion, currentCallerIdentity, currentRegion, currentCallerIdentity, currentCallerIdentity).Apply(values =>\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n var currentRegion1 = values.Item3;\n var currentCallerIdentity1 = values.Item4;\n var currentCallerIdentity2 = values.Item5;\n return Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"Allow GuardDuty to encrypt findings\",\n Actions = \n {\n \"kms:GenerateDataKey\",\n },\n Resources = \n {\n $\"arn:aws:kms:{currentRegion.Name}:{currentCallerIdentity.AccountId}:key/*\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"guardduty.amazonaws.com\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"Allow all users to modify/delete key (test only)\",\n Actions = \n {\n \"kms:*\",\n },\n Resources = \n {\n $\"arn:aws:kms:{currentRegion1.Name}:{currentCallerIdentity1.AccountId}:key/*\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n $\"arn:aws:iam::{currentCallerIdentity2.AccountId}:root\",\n },\n },\n },\n },\n },\n }));\n });\n var testGd = new Aws.GuardDuty.Detector(\"testGd\", new Aws.GuardDuty.DetectorArgs\n {\n Enable = true,\n });\n var gdBucketPolicy = new Aws.S3.BucketPolicy(\"gdBucketPolicy\", new Aws.S3.BucketPolicyArgs\n {\n Bucket = gdBucket.Id,\n Policy = bucketPol.Apply(bucketPol => bucketPol.Json),\n });\n var gdKey = new Aws.Kms.Key(\"gdKey\", new Aws.Kms.KeyArgs\n {\n Description = \"Temporary key for AccTest of TF\",\n DeletionWindowInDays = 7,\n Policy = kmsPol.Apply(kmsPol => kmsPol.Json),\n });\n var test = new Aws.GuardDuty.PublishingDestination(\"test\", new Aws.GuardDuty.PublishingDestinationArgs\n {\n DetectorId = testGd.Id,\n DestinationArn = gdBucket.Arn,\n KmsKeyArn = gdKey.Arn,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n gdBucketPolicy,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgdBucket, err := s3.NewBucket(ctx, \"gdBucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkmsPol, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"Allow GuardDuty to encrypt findings\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:GenerateDataKey\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v%v%v\", \"arn:aws:kms:\", currentRegion.Name, \":\", currentCallerIdentity.AccountId, \":key/*\"),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"guardduty.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"Allow all users to modify/delete key (test only)\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"kms:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v%v%v\", \"arn:aws:kms:\", currentRegion.Name, \":\", currentCallerIdentity.AccountId, \":key/*\"),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v\", \"arn:aws:iam::\", currentCallerIdentity.AccountId, \":root\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestGd, err := guardduty.NewDetector(ctx, \"testGd\", &guardduty.DetectorArgs{\n\t\t\tEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgdBucketPolicy, err := s3.NewBucketPolicy(ctx, \"gdBucketPolicy\", &s3.BucketPolicyArgs{\n\t\t\tBucket: gdBucket.ID(),\n\t\t\tPolicy: bucketPol.ApplyT(func(bucketPol iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn bucketPol.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgdKey, err := kms.NewKey(ctx, \"gdKey\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Temporary key for AccTest of TF\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tPolicy: pulumi.String(kmsPol.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = guardduty.NewPublishingDestination(ctx, \"test\", &guardduty.PublishingDestinationArgs{\n\t\t\tDetectorId: testGd.ID(),\n\t\t\tDestinationArn: gdBucket.Arn,\n\t\t\tKmsKeyArn: gdKey.Arn,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tgdBucketPolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n> **Note:** Please do not use this simple example for Bucket-Policy and KMS Key Policy in a production environment. It is much too open for such a use-case. Refer to the AWS documentation here: https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_exportfindings.html\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGuardDuty PublishingDestination can be imported using the the master GuardDuty detector ID and PublishingDestinationID, e.g.\n\n```sh\n $ pulumi import aws:guardduty/publishingDestination:PublishingDestination test a4b86f26fa42e7e7cf0d1c333ea77777:a4b86f27a0e464e4a7e0516d242f1234\n```\n\n ", + "properties": { + "destinationArn": { + "type": "string", + "description": "The bucket arn and prefix under which the findings get exported. Bucket-ARN is required, the prefix is optional and will be `AWSLogs/[Account-ID]/GuardDuty/[Region]/` if not provided\n" + }, + "destinationType": { + "type": "string", + "description": "Currently there is only \"S3\" available as destination type which is also the default value\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN of the KMS key used to encrypt GuardDuty findings. GuardDuty enforces this to be encrypted.\n" + } + }, + "required": [ + "destinationArn", + "detectorId", + "kmsKeyArn" + ], + "inputProperties": { + "destinationArn": { + "type": "string", + "description": "The bucket arn and prefix under which the findings get exported. Bucket-ARN is required, the prefix is optional and will be `AWSLogs/[Account-ID]/GuardDuty/[Region]/` if not provided\n" + }, + "destinationType": { + "type": "string", + "description": "Currently there is only \"S3\" available as destination type which is also the default value\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN of the KMS key used to encrypt GuardDuty findings. GuardDuty enforces this to be encrypted.\n" + } + }, + "requiredInputs": [ + "destinationArn", + "detectorId", + "kmsKeyArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PublishingDestination resources.\n", + "properties": { + "destinationArn": { + "type": "string", + "description": "The bucket arn and prefix under which the findings get exported. Bucket-ARN is required, the prefix is optional and will be `AWSLogs/[Account-ID]/GuardDuty/[Region]/` if not provided\n" + }, + "destinationType": { + "type": "string", + "description": "Currently there is only \"S3\" available as destination type which is also the default value\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN of the KMS key used to encrypt GuardDuty findings. GuardDuty enforces this to be encrypted.\n" + } + }, + "type": "object" + } + }, + "aws:guardduty/threatIntelSet:ThreatIntelSet": { + "description": "Provides a resource to manage a GuardDuty ThreatIntelSet.\n\n> **Note:** Currently in GuardDuty, users from member accounts cannot upload and further manage ThreatIntelSets. ThreatIntelSets that are uploaded by the primary account are imposed on GuardDuty functionality in its member accounts. See the [GuardDuty API Documentation](https://docs.aws.amazon.com/guardduty/latest/ug/create-threat-intel-set.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.guardduty.Detector(\"primary\", {enable: true});\nconst bucket = new aws.s3.Bucket(\"bucket\", {acl: \"private\"});\nconst myThreatIntelSetBucketObject = new aws.s3.BucketObject(\"myThreatIntelSetBucketObject\", {\n acl: \"public-read\",\n content: \"10.0.0.0/8\\n\",\n bucket: bucket.id,\n key: \"MyThreatIntelSet\",\n});\nconst myThreatIntelSetThreatIntelSet = new aws.guardduty.ThreatIntelSet(\"myThreatIntelSetThreatIntelSet\", {\n activate: true,\n detectorId: primary.id,\n format: \"TXT\",\n location: pulumi.interpolate`https://s3.amazonaws.com/${myThreatIntelSetBucketObject.bucket}/${myThreatIntelSetBucketObject.key}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.guardduty.Detector(\"primary\", enable=True)\nbucket = aws.s3.Bucket(\"bucket\", acl=\"private\")\nmy_threat_intel_set_bucket_object = aws.s3.BucketObject(\"myThreatIntelSetBucketObject\",\n acl=\"public-read\",\n content=\"10.0.0.0/8\\n\",\n bucket=bucket.id,\n key=\"MyThreatIntelSet\")\nmy_threat_intel_set_threat_intel_set = aws.guardduty.ThreatIntelSet(\"myThreatIntelSetThreatIntelSet\",\n activate=True,\n detector_id=primary.id,\n format=\"TXT\",\n location=pulumi.Output.all(my_threat_intel_set_bucket_object.bucket, my_threat_intel_set_bucket_object.key).apply(lambda bucket, key: f\"https://s3.amazonaws.com/{bucket}/{key}\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var primary = new Aws.GuardDuty.Detector(\"primary\", new Aws.GuardDuty.DetectorArgs\n {\n Enable = true,\n });\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var myThreatIntelSetBucketObject = new Aws.S3.BucketObject(\"myThreatIntelSetBucketObject\", new Aws.S3.BucketObjectArgs\n {\n Acl = \"public-read\",\n Content = @\"10.0.0.0/8\n\",\n Bucket = bucket.Id,\n Key = \"MyThreatIntelSet\",\n });\n var myThreatIntelSetThreatIntelSet = new Aws.GuardDuty.ThreatIntelSet(\"myThreatIntelSetThreatIntelSet\", new Aws.GuardDuty.ThreatIntelSetArgs\n {\n Activate = true,\n DetectorId = primary.Id,\n Format = \"TXT\",\n Location = Output.Tuple(myThreatIntelSetBucketObject.Bucket, myThreatIntelSetBucketObject.Key).Apply(values =>\n {\n var bucket = values.Item1;\n var key = values.Item2;\n return $\"https://s3.amazonaws.com/{bucket}/{key}\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := guardduty.NewDetector(ctx, \"primary\", &guardduty.DetectorArgs{\n\t\t\tEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyThreatIntelSetBucketObject, err := s3.NewBucketObject(ctx, \"myThreatIntelSetBucketObject\", &s3.BucketObjectArgs{\n\t\t\tAcl: pulumi.String(\"public-read\"),\n\t\t\tContent: pulumi.String(\"10.0.0.0/8\\n\"),\n\t\t\tBucket: bucket.ID(),\n\t\t\tKey: pulumi.String(\"MyThreatIntelSet\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = guardduty.NewThreatIntelSet(ctx, \"myThreatIntelSetThreatIntelSet\", &guardduty.ThreatIntelSetArgs{\n\t\t\tActivate: pulumi.Bool(true),\n\t\t\tDetectorId: primary.ID(),\n\t\t\tFormat: pulumi.String(\"TXT\"),\n\t\t\tLocation: pulumi.All(myThreatIntelSetBucketObject.Bucket, myThreatIntelSetBucketObject.Key).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tbucket := _args[0].(string)\n\t\t\t\tkey := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v\", \"https://s3.amazonaws.com/\", bucket, \"/\", key), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nGuardDuty ThreatIntelSet can be imported using the the primary GuardDuty detector ID and ThreatIntelSetID, e.g.\n\n```sh\n $ pulumi import aws:guardduty/threatIntelSet:ThreatIntelSet MyThreatIntelSet 00b00fd5aecc0ab60a708659477e9617:123456789012\n```\n\n ", + "properties": { + "activate": { + "type": "boolean", + "description": "Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty.\n" + }, + "format": { + "type": "string", + "description": "The format of the file that contains the ThreatIntelSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`\n" + }, + "location": { + "type": "string", + "description": "The URI of the file that contains the ThreatIntelSet.\n" + }, + "name": { + "type": "string", + "description": "The friendly name to identify the ThreatIntelSet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "activate", + "arn", + "detectorId", + "format", + "location", + "name", + "tagsAll" + ], + "inputProperties": { + "activate": { + "type": "boolean", + "description": "Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty.\n" + }, + "format": { + "type": "string", + "description": "The format of the file that contains the ThreatIntelSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`\n" + }, + "location": { + "type": "string", + "description": "The URI of the file that contains the ThreatIntelSet.\n" + }, + "name": { + "type": "string", + "description": "The friendly name to identify the ThreatIntelSet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "activate", + "detectorId", + "format", + "location" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ThreatIntelSet resources.\n", + "properties": { + "activate": { + "type": "boolean", + "description": "Specifies whether GuardDuty is to start using the uploaded ThreatIntelSet.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the GuardDuty ThreatIntelSet.\n" + }, + "detectorId": { + "type": "string", + "description": "The detector ID of the GuardDuty.\n" + }, + "format": { + "type": "string", + "description": "The format of the file that contains the ThreatIntelSet. Valid values: `TXT` | `STIX` | `OTX_CSV` | `ALIEN_VAULT` | `PROOF_POINT` | `FIRE_EYE`\n" + }, + "location": { + "type": "string", + "description": "The URI of the file that contains the ThreatIntelSet.\n" + }, + "name": { + "type": "string", + "description": "The friendly name to identify the ThreatIntelSet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:iam/accessKey:AccessKey": { + "description": "Provides an IAM access key. This is a set of credentials that allow API requests to be made as an IAM user.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lbUser = new aws.iam.User(\"lbUser\", {path: \"/system/\"});\nconst lbAccessKey = new aws.iam.AccessKey(\"lbAccessKey\", {\n user: lbUser.name,\n pgpKey: \"keybase:some_person_that_exists\",\n});\nconst lbRo = new aws.iam.UserPolicy(\"lbRo\", {\n user: lbUser.name,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n});\nexport const secret = lbAccessKey.encryptedSecret;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb_user = aws.iam.User(\"lbUser\", path=\"/system/\")\nlb_access_key = aws.iam.AccessKey(\"lbAccessKey\",\n user=lb_user.name,\n pgp_key=\"keybase:some_person_that_exists\")\nlb_ro = aws.iam.UserPolicy(\"lbRo\",\n user=lb_user.name,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\")\npulumi.export(\"secret\", lb_access_key.encrypted_secret)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lbUser = new Aws.Iam.User(\"lbUser\", new Aws.Iam.UserArgs\n {\n Path = \"/system/\",\n });\n var lbAccessKey = new Aws.Iam.AccessKey(\"lbAccessKey\", new Aws.Iam.AccessKeyArgs\n {\n User = lbUser.Name,\n PgpKey = \"keybase:some_person_that_exists\",\n });\n var lbRo = new Aws.Iam.UserPolicy(\"lbRo\", new Aws.Iam.UserPolicyArgs\n {\n User = lbUser.Name,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": [\n \"\"ec2:Describe*\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n });\n this.Secret = lbAccessKey.EncryptedSecret;\n }\n\n [Output(\"secret\")]\n public Output Secret { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlbUser, err := iam.NewUser(ctx, \"lbUser\", &iam.UserArgs{\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlbAccessKey, err := iam.NewAccessKey(ctx, \"lbAccessKey\", &iam.AccessKeyArgs{\n\t\t\tUser: lbUser.Name,\n\t\t\tPgpKey: pulumi.String(\"keybase:some_person_that_exists\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewUserPolicy(ctx, \"lbRo\", &iam.UserPolicyArgs{\n\t\t\tUser: lbUser.Name,\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:Describe*\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"secret\", lbAccessKey.EncryptedSecret)\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testUser = new aws.iam.User(\"testUser\", {path: \"/test/\"});\nconst testAccessKey = new aws.iam.AccessKey(\"testAccessKey\", {user: testUser.name});\nexport const awsIamSmtpPasswordV4 = testAccessKey.sesSmtpPasswordV4;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_user = aws.iam.User(\"testUser\", path=\"/test/\")\ntest_access_key = aws.iam.AccessKey(\"testAccessKey\", user=test_user.name)\npulumi.export(\"awsIamSmtpPasswordV4\", test_access_key.ses_smtp_password_v4)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testUser = new Aws.Iam.User(\"testUser\", new Aws.Iam.UserArgs\n {\n Path = \"/test/\",\n });\n var testAccessKey = new Aws.Iam.AccessKey(\"testAccessKey\", new Aws.Iam.AccessKeyArgs\n {\n User = testUser.Name,\n });\n this.AwsIamSmtpPasswordV4 = testAccessKey.SesSmtpPasswordV4;\n }\n\n [Output(\"awsIamSmtpPasswordV4\")]\n public Output AwsIamSmtpPasswordV4 { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestUser, err := iam.NewUser(ctx, \"testUser\", &iam.UserArgs{\n\t\t\tPath: pulumi.String(\"/test/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestAccessKey, err := iam.NewAccessKey(ctx, \"testAccessKey\", &iam.AccessKeyArgs{\n\t\t\tUser: testUser.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"awsIamSmtpPasswordV4\", testAccessKey.SesSmtpPasswordV4)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM Access Keys can be imported using the identifier, e.g.\n\n```sh\n $ pulumi import aws:iam/accessKey:AccessKey example AKIA1234567890\n```\n\n Resource attributes such as `encrypted_secret`, `key_fingerprint`, `pgp_key`, `secret`, `ses_smtp_password_v4`, and `encrypted_ses_smtp_password_v4` are not available for imported resources as this information cannot be read from the IAM API. ", + "properties": { + "createDate": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the access key was created.\n" + }, + "encryptedSecret": { + "type": "string" + }, + "encryptedSesSmtpPasswordV4": { + "type": "string" + }, + "keyFingerprint": { + "type": "string", + "description": "Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.\n" + }, + "pgpKey": { + "type": "string", + "description": "Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:some_person_that_exists`, for use in the `encrypted_secret` output attribute.\n" + }, + "secret": { + "type": "string", + "description": "Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a `pgp_key` instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.\n" + }, + "sesSmtpPasswordV4": { + "type": "string", + "description": "Secret access key converted into an SES SMTP password by applying [AWS's documented Sigv4 conversion algorithm](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html#smtp-credentials-convert). This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are `ap-south-1`, `ap-southeast-2`, `eu-central-1`, `eu-west-1`, `us-east-1` and `us-west-2`. See current [AWS SES regions](https://docs.aws.amazon.com/general/latest/gr/rande.html#ses_region).\n" + }, + "status": { + "type": "string", + "description": "Access key status to apply. Defaults to `Active`. Valid values are `Active` and `Inactive`.\n" + }, + "user": { + "type": "string", + "description": "IAM user to associate with this access key.\n" + } + }, + "required": [ + "createDate", + "encryptedSecret", + "encryptedSesSmtpPasswordV4", + "keyFingerprint", + "secret", + "sesSmtpPasswordV4", + "user" + ], + "inputProperties": { + "pgpKey": { + "type": "string", + "description": "Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:some_person_that_exists`, for use in the `encrypted_secret` output attribute.\n" + }, + "status": { + "type": "string", + "description": "Access key status to apply. Defaults to `Active`. Valid values are `Active` and `Inactive`.\n" + }, + "user": { + "type": "string", + "description": "IAM user to associate with this access key.\n" + } + }, + "requiredInputs": [ + "user" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AccessKey resources.\n", + "properties": { + "createDate": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the access key was created.\n" + }, + "encryptedSecret": { + "type": "string" + }, + "encryptedSesSmtpPasswordV4": { + "type": "string" + }, + "keyFingerprint": { + "type": "string", + "description": "Fingerprint of the PGP key used to encrypt the secret. This attribute is not available for imported resources.\n" + }, + "pgpKey": { + "type": "string", + "description": "Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:some_person_that_exists`, for use in the `encrypted_secret` output attribute.\n" + }, + "secret": { + "type": "string", + "description": "Secret access key. This attribute is not available for imported resources. Note that this will be written to the state file. If you use this, please protect your backend state file judiciously. Alternatively, you may supply a `pgp_key` instead, which will prevent the secret from being stored in plaintext, at the cost of preventing the use of the secret key in automation.\n" + }, + "sesSmtpPasswordV4": { + "type": "string", + "description": "Secret access key converted into an SES SMTP password by applying [AWS's documented Sigv4 conversion algorithm](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/smtp-credentials.html#smtp-credentials-convert). This attribute is not available for imported resources. As SigV4 is region specific, valid Provider regions are `ap-south-1`, `ap-southeast-2`, `eu-central-1`, `eu-west-1`, `us-east-1` and `us-west-2`. See current [AWS SES regions](https://docs.aws.amazon.com/general/latest/gr/rande.html#ses_region).\n" + }, + "status": { + "type": "string", + "description": "Access key status to apply. Defaults to `Active`. Valid values are `Active` and `Inactive`.\n" + }, + "user": { + "type": "string", + "description": "IAM user to associate with this access key.\n" + } + }, + "type": "object" + } + }, + "aws:iam/accountAlias:AccountAlias": { + "description": "> **Note:** There is only a single account alias per AWS account.\n\nManages the account alias for the AWS Account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst alias = new aws.iam.AccountAlias(\"alias\", {\n accountAlias: \"my-account-alias\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nalias = aws.iam.AccountAlias(\"alias\", account_alias=\"my-account-alias\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @alias = new Aws.Iam.AccountAlias(\"alias\", new Aws.Iam.AccountAliasArgs\n {\n AccountAlias = \"my-account-alias\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewAccountAlias(ctx, \"alias\", &iam.AccountAliasArgs{\n\t\t\tAccountAlias: pulumi.String(\"my-account-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe current Account Alias can be imported using the `account_alias`, e.g.\n\n```sh\n $ pulumi import aws:iam/accountAlias:AccountAlias alias my-account-alias\n```\n\n ", + "properties": { + "accountAlias": { + "type": "string", + "description": "The account alias\n", + "language": { + "csharp": { + "name": "Alias" + } + } + } + }, + "required": [ + "accountAlias" + ], + "inputProperties": { + "accountAlias": { + "type": "string", + "description": "The account alias\n", + "language": { + "csharp": { + "name": "Alias" + } + } + } + }, + "requiredInputs": [ + "accountAlias" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AccountAlias resources.\n", + "properties": { + "accountAlias": { + "type": "string", + "description": "The account alias\n", + "language": { + "csharp": { + "name": "Alias" + } + } + } + }, + "type": "object" + } + }, + "aws:iam/accountPasswordPolicy:AccountPasswordPolicy": { + "description": "> **Note:** There is only a single policy allowed per AWS account. An existing policy will be lost when using this resource as an effect of this limitation.\n\nManages Password Policy for the AWS Account.\nSee more about [Account Password Policy](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_passwords_account-policy.html)\nin the official AWS docs.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst strict = new aws.iam.AccountPasswordPolicy(\"strict\", {\n allowUsersToChangePassword: true,\n minimumPasswordLength: 8,\n requireLowercaseCharacters: true,\n requireNumbers: true,\n requireSymbols: true,\n requireUppercaseCharacters: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nstrict = aws.iam.AccountPasswordPolicy(\"strict\",\n allow_users_to_change_password=True,\n minimum_password_length=8,\n require_lowercase_characters=True,\n require_numbers=True,\n require_symbols=True,\n require_uppercase_characters=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var strict = new Aws.Iam.AccountPasswordPolicy(\"strict\", new Aws.Iam.AccountPasswordPolicyArgs\n {\n AllowUsersToChangePassword = true,\n MinimumPasswordLength = 8,\n RequireLowercaseCharacters = true,\n RequireNumbers = true,\n RequireSymbols = true,\n RequireUppercaseCharacters = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewAccountPasswordPolicy(ctx, \"strict\", &iam.AccountPasswordPolicyArgs{\n\t\t\tAllowUsersToChangePassword: pulumi.Bool(true),\n\t\t\tMinimumPasswordLength: pulumi.Int(8),\n\t\t\tRequireLowercaseCharacters: pulumi.Bool(true),\n\t\t\tRequireNumbers: pulumi.Bool(true),\n\t\t\tRequireSymbols: pulumi.Bool(true),\n\t\t\tRequireUppercaseCharacters: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM Account Password Policy can be imported using the word `iam-account-password-policy`, e.g.\n\n```sh\n $ pulumi import aws:iam/accountPasswordPolicy:AccountPasswordPolicy strict iam-account-password-policy\n```\n\n ", + "properties": { + "allowUsersToChangePassword": { + "type": "boolean", + "description": "Whether to allow users to change their own password\n" + }, + "expirePasswords": { + "type": "boolean", + "description": "Indicates whether passwords in the account expire. Returns `true` if `max_password_age` contains a value greater than `0`. Returns `false` if it is `0` or _not present_.\n" + }, + "hardExpiry": { + "type": "boolean", + "description": "Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)\n" + }, + "maxPasswordAge": { + "type": "integer", + "description": "The number of days that an user password is valid.\n" + }, + "minimumPasswordLength": { + "type": "integer", + "description": "Minimum length to require for user passwords.\n" + }, + "passwordReusePrevention": { + "type": "integer", + "description": "The number of previous passwords that users are prevented from reusing.\n" + }, + "requireLowercaseCharacters": { + "type": "boolean", + "description": "Whether to require lowercase characters for user passwords.\n" + }, + "requireNumbers": { + "type": "boolean", + "description": "Whether to require numbers for user passwords.\n" + }, + "requireSymbols": { + "type": "boolean", + "description": "Whether to require symbols for user passwords.\n" + }, + "requireUppercaseCharacters": { + "type": "boolean", + "description": "Whether to require uppercase characters for user passwords.\n" + } + }, + "required": [ + "expirePasswords", + "hardExpiry", + "maxPasswordAge", + "passwordReusePrevention", + "requireLowercaseCharacters", + "requireNumbers", + "requireSymbols", + "requireUppercaseCharacters" + ], + "inputProperties": { + "allowUsersToChangePassword": { + "type": "boolean", + "description": "Whether to allow users to change their own password\n" + }, + "hardExpiry": { + "type": "boolean", + "description": "Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)\n" + }, + "maxPasswordAge": { + "type": "integer", + "description": "The number of days that an user password is valid.\n" + }, + "minimumPasswordLength": { + "type": "integer", + "description": "Minimum length to require for user passwords.\n" + }, + "passwordReusePrevention": { + "type": "integer", + "description": "The number of previous passwords that users are prevented from reusing.\n" + }, + "requireLowercaseCharacters": { + "type": "boolean", + "description": "Whether to require lowercase characters for user passwords.\n" + }, + "requireNumbers": { + "type": "boolean", + "description": "Whether to require numbers for user passwords.\n" + }, + "requireSymbols": { + "type": "boolean", + "description": "Whether to require symbols for user passwords.\n" + }, + "requireUppercaseCharacters": { + "type": "boolean", + "description": "Whether to require uppercase characters for user passwords.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering AccountPasswordPolicy resources.\n", + "properties": { + "allowUsersToChangePassword": { + "type": "boolean", + "description": "Whether to allow users to change their own password\n" + }, + "expirePasswords": { + "type": "boolean", + "description": "Indicates whether passwords in the account expire. Returns `true` if `max_password_age` contains a value greater than `0`. Returns `false` if it is `0` or _not present_.\n" + }, + "hardExpiry": { + "type": "boolean", + "description": "Whether users are prevented from setting a new password after their password has expired (i.e. require administrator reset)\n" + }, + "maxPasswordAge": { + "type": "integer", + "description": "The number of days that an user password is valid.\n" + }, + "minimumPasswordLength": { + "type": "integer", + "description": "Minimum length to require for user passwords.\n" + }, + "passwordReusePrevention": { + "type": "integer", + "description": "The number of previous passwords that users are prevented from reusing.\n" + }, + "requireLowercaseCharacters": { + "type": "boolean", + "description": "Whether to require lowercase characters for user passwords.\n" + }, + "requireNumbers": { + "type": "boolean", + "description": "Whether to require numbers for user passwords.\n" + }, + "requireSymbols": { + "type": "boolean", + "description": "Whether to require symbols for user passwords.\n" + }, + "requireUppercaseCharacters": { + "type": "boolean", + "description": "Whether to require uppercase characters for user passwords.\n" + } + }, + "type": "object" + } + }, + "aws:iam/group:Group": { + "description": "Provides an IAM group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst developers = new aws.iam.Group(\"developers\", {\n path: \"/users/\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndevelopers = aws.iam.Group(\"developers\", path=\"/users/\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var developers = new Aws.Iam.Group(\"developers\", new Aws.Iam.GroupArgs\n {\n Path = \"/users/\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewGroup(ctx, \"developers\", &iam.GroupArgs{\n\t\t\tPath: pulumi.String(\"/users/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:iam/group:Group developers developers\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this group.\n" + }, + "name": { + "type": "string", + "description": "The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. Group names are not distinguished by case. For example, you cannot create groups named both \"ADMINS\" and \"admins\".\n" + }, + "path": { + "type": "string", + "description": "Path in which to create the group.\n" + }, + "uniqueId": { + "type": "string", + "description": "The [unique ID][1] assigned by AWS.\n" + } + }, + "required": [ + "arn", + "name", + "uniqueId" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. Group names are not distinguished by case. For example, you cannot create groups named both \"ADMINS\" and \"admins\".\n" + }, + "path": { + "type": "string", + "description": "Path in which to create the group.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Group resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this group.\n" + }, + "name": { + "type": "string", + "description": "The group's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. Group names are not distinguished by case. For example, you cannot create groups named both \"ADMINS\" and \"admins\".\n" + }, + "path": { + "type": "string", + "description": "Path in which to create the group.\n" + }, + "uniqueId": { + "type": "string", + "description": "The [unique ID][1] assigned by AWS.\n" + } + }, + "type": "object" + } + }, + "aws:iam/groupMembership:GroupMembership": { + "description": "> **WARNING:** Multiple aws.iam.GroupMembership resources with the same group name will produce inconsistent behavior!\n\nProvides a top level resource to manage IAM Group membership for IAM Users. For\nmore information on managing IAM Groups or IAM Users, see IAM Groups or\nIAM Users\n\n> **Note:** `aws.iam.GroupMembership` will conflict with itself if used more than once with the same group. To non-exclusively manage the users in a group, see the\n`aws.iam.UserGroupMembership` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst group = new aws.iam.Group(\"group\", {});\nconst userOne = new aws.iam.User(\"userOne\", {});\nconst userTwo = new aws.iam.User(\"userTwo\", {});\nconst team = new aws.iam.GroupMembership(\"team\", {\n users: [\n userOne.name,\n userTwo.name,\n ],\n group: group.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngroup = aws.iam.Group(\"group\")\nuser_one = aws.iam.User(\"userOne\")\nuser_two = aws.iam.User(\"userTwo\")\nteam = aws.iam.GroupMembership(\"team\",\n users=[\n user_one.name,\n user_two.name,\n ],\n group=group.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @group = new Aws.Iam.Group(\"group\", new Aws.Iam.GroupArgs\n {\n });\n var userOne = new Aws.Iam.User(\"userOne\", new Aws.Iam.UserArgs\n {\n });\n var userTwo = new Aws.Iam.User(\"userTwo\", new Aws.Iam.UserArgs\n {\n });\n var team = new Aws.Iam.GroupMembership(\"team\", new Aws.Iam.GroupMembershipArgs\n {\n Users = \n {\n userOne.Name,\n userTwo.Name,\n },\n Group = @group.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroup, err := iam.NewGroup(ctx, \"group\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserOne, err := iam.NewUser(ctx, \"userOne\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserTwo, err := iam.NewUser(ctx, \"userTwo\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewGroupMembership(ctx, \"team\", &iam.GroupMembershipArgs{\n\t\t\tUsers: pulumi.StringArray{\n\t\t\t\tuserOne.Name,\n\t\t\t\tuserTwo.Name,\n\t\t\t},\n\t\t\tGroup: group.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "group": { + "type": "string", + "description": "The IAM Group name to attach the list of `users` to\n" + }, + "name": { + "type": "string", + "description": "The name to identify the Group Membership\n" + }, + "users": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IAM User names to associate with the Group\n" + } + }, + "required": [ + "group", + "name", + "users" + ], + "inputProperties": { + "group": { + "type": "string", + "description": "The IAM Group name to attach the list of `users` to\n" + }, + "name": { + "type": "string", + "description": "The name to identify the Group Membership\n" + }, + "users": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IAM User names to associate with the Group\n" + } + }, + "requiredInputs": [ + "group", + "users" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GroupMembership resources.\n", + "properties": { + "group": { + "type": "string", + "description": "The IAM Group name to attach the list of `users` to\n" + }, + "name": { + "type": "string", + "description": "The name to identify the Group Membership\n" + }, + "users": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IAM User names to associate with the Group\n" + } + }, + "type": "object" + } + }, + "aws:iam/groupPolicy:GroupPolicy": { + "description": "Provides an IAM policy attached to a group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDevelopers = new aws.iam.Group(\"myDevelopers\", {path: \"/users/\"});\nconst myDeveloperPolicy = new aws.iam.GroupPolicy(\"myDeveloperPolicy\", {\n group: myDevelopers.name,\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"ec2:Describe*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nmy_developers = aws.iam.Group(\"myDevelopers\", path=\"/users/\")\nmy_developer_policy = aws.iam.GroupPolicy(\"myDeveloperPolicy\",\n group=my_developers.name,\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"ec2:Describe*\"],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDevelopers = new Aws.Iam.Group(\"myDevelopers\", new Aws.Iam.GroupArgs\n {\n Path = \"/users/\",\n });\n var myDeveloperPolicy = new Aws.Iam.GroupPolicy(\"myDeveloperPolicy\", new Aws.Iam.GroupPolicyArgs\n {\n Group = myDevelopers.Name,\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"ec2:Describe*\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Resource\", \"*\" },\n },\n }\n },\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDevelopers, err := iam.NewGroup(ctx, \"myDevelopers\", &iam.GroupArgs{\n\t\t\tPath: pulumi.String(\"/users/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewGroupPolicy(ctx, \"myDeveloperPolicy\", &iam.GroupPolicyArgs{\n\t\t\tGroup: myDevelopers.Name,\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM Group Policies can be imported using the `group_name:group_policy_name`, e.g.\n\n```sh\n $ pulumi import aws:iam/groupPolicy:GroupPolicy mypolicy group_of_mypolicy_name:mypolicy_name\n```\n\n ", + "properties": { + "group": { + "type": "string", + "description": "The IAM group to attach to the policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the policy. If omitted, this provider will\nassign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\n" + } + }, + "required": [ + "group", + "name", + "policy" + ], + "inputProperties": { + "group": { + "type": "string", + "description": "The IAM group to attach to the policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the policy. If omitted, this provider will\nassign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string.\n" + } + }, + "requiredInputs": [ + "group", + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GroupPolicy resources.\n", + "properties": { + "group": { + "type": "string", + "description": "The IAM group to attach to the policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the policy. If omitted, this provider will\nassign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string.\n" + } + }, + "type": "object" + } + }, + "aws:iam/groupPolicyAttachment:GroupPolicyAttachment": { + "description": "Attaches a Managed IAM Policy to an IAM group\n\n> **NOTE:** The usage of this resource conflicts with the `aws.iam.PolicyAttachment` resource and will permanently show a difference if both are defined.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst group = new aws.iam.Group(\"group\", {});\nconst policy = new aws.iam.Policy(\"policy\", {\n description: \"A test policy\",\n policy: \"{ ... policy JSON ... }\",\n});\nconst test_attach = new aws.iam.GroupPolicyAttachment(\"test-attach\", {\n group: group.name,\n policyArn: policy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngroup = aws.iam.Group(\"group\")\npolicy = aws.iam.Policy(\"policy\",\n description=\"A test policy\",\n policy=\"{ ... policy JSON ... }\")\ntest_attach = aws.iam.GroupPolicyAttachment(\"test-attach\",\n group=group.name,\n policy_arn=policy.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @group = new Aws.Iam.Group(\"group\", new Aws.Iam.GroupArgs\n {\n });\n var policy = new Aws.Iam.Policy(\"policy\", new Aws.Iam.PolicyArgs\n {\n Description = \"A test policy\",\n Policy = \"{ ... policy JSON ... }\",\n });\n var test_attach = new Aws.Iam.GroupPolicyAttachment(\"test-attach\", new Aws.Iam.GroupPolicyAttachmentArgs\n {\n Group = @group.Name,\n PolicyArn = policy.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroup, err := iam.NewGroup(ctx, \"group\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := iam.NewPolicy(ctx, \"policy\", &iam.PolicyArgs{\n\t\t\tDescription: pulumi.String(\"A test policy\"),\n\t\t\tPolicy: pulumi.Any(\"{ ... policy JSON ... }\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewGroupPolicyAttachment(ctx, \"test_attach\", &iam.GroupPolicyAttachmentArgs{\n\t\t\tGroup: group.Name,\n\t\t\tPolicyArn: policy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM group policy attachments can be imported using the group name and policy arn separated by `/`.\n\n```sh\n $ pulumi import aws:iam/groupPolicyAttachment:GroupPolicyAttachment test-attach test-group/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy\n```\n\n ", + "properties": { + "group": { + "type": "string", + "description": "The group the policy should be applied to\n" + }, + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + } + }, + "required": [ + "group", + "policyArn" + ], + "inputProperties": { + "group": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/group:Group" + } + ], + "description": "The group the policy should be applied to\n" + }, + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + } + }, + "requiredInputs": [ + "group", + "policyArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GroupPolicyAttachment resources.\n", + "properties": { + "group": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/group:Group" + } + ], + "description": "The group the policy should be applied to\n" + }, + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + } + }, + "type": "object" + } + }, + "aws:iam/instanceProfile:InstanceProfile": { + "description": "Provides an IAM instance profile.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst role = new aws.iam.Role(\"role\", {\n path: \"/\",\n assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`,\n});\nconst testProfile = new aws.iam.InstanceProfile(\"testProfile\", {role: role.name});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrole = aws.iam.Role(\"role\",\n path=\"/\",\n assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ntest_profile = aws.iam.InstanceProfile(\"testProfile\", role=role.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n Path = \"/\",\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"ec2.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var testProfile = new Aws.Iam.InstanceProfile(\"testProfile\", new Aws.Iam.InstanceProfileArgs\n {\n Role = role.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"ec2.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewInstanceProfile(ctx, \"testProfile\", &iam.InstanceProfileArgs{\n\t\t\tRole: role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nInstance Profiles can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:iam/instanceProfile:InstanceProfile test_profile app-instance-profile-1\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN assigned by AWS to the instance profile.\n" + }, + "createDate": { + "type": "string", + "description": "Creation timestamp of the instance profile.\n" + }, + "name": { + "type": "string", + "description": "Name of the instance profile. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`. Can be a string of characters consisting of upper and lowercase alphanumeric characters and these special characters: `_`, `+`, `=`, `,`, `.`, `@`, `-`. Spaces are not allowed.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "Path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. Can be a string of characters consisting of either a forward slash (`/`) by itself or a string that must begin and end with forward slashes. Can include any ASCII character from the ! (\\u0021) through the DEL character (\\u007F), including most punctuation characters, digits, and upper and lowercase letters.\n" + }, + "role": { + "type": "string", + "description": "Name of the role to add to the profile.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM Instance Profile. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uniqueId": { + "type": "string", + "description": "[Unique ID][1] assigned by AWS.\n" + } + }, + "required": [ + "arn", + "createDate", + "name", + "tagsAll", + "uniqueId" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "Name of the instance profile. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`. Can be a string of characters consisting of upper and lowercase alphanumeric characters and these special characters: `_`, `+`, `=`, `,`, `.`, `@`, `-`. Spaces are not allowed.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "Path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. Can be a string of characters consisting of either a forward slash (`/`) by itself or a string that must begin and end with forward slashes. Can include any ASCII character from the ! (\\u0021) through the DEL character (\\u007F), including most punctuation characters, digits, and upper and lowercase letters.\n" + }, + "role": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/role:Role" + } + ], + "description": "Name of the role to add to the profile.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM Instance Profile. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering InstanceProfile resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN assigned by AWS to the instance profile.\n" + }, + "createDate": { + "type": "string", + "description": "Creation timestamp of the instance profile.\n" + }, + "name": { + "type": "string", + "description": "Name of the instance profile. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`. Can be a string of characters consisting of upper and lowercase alphanumeric characters and these special characters: `_`, `+`, `=`, `,`, `.`, `@`, `-`. Spaces are not allowed.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "Path to the instance profile. For more information about paths, see [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) in the IAM User Guide. Can be a string of characters consisting of either a forward slash (`/`) by itself or a string that must begin and end with forward slashes. Can include any ASCII character from the ! (\\u0021) through the DEL character (\\u007F), including most punctuation characters, digits, and upper and lowercase letters.\n" + }, + "role": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/role:Role" + } + ], + "description": "Name of the role to add to the profile.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM Instance Profile. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uniqueId": { + "type": "string", + "description": "[Unique ID][1] assigned by AWS.\n" + } + }, + "type": "object" + } + }, + "aws:iam/openIdConnectProvider:OpenIdConnectProvider": { + "description": "Provides an IAM OpenID Connect provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultOpenIdConnectProvider = new aws.iam.OpenIdConnectProvider(\"default\", {\n clientIdLists: [\"266362248691-342342xasdasdasda-apps.googleusercontent.com\"],\n thumbprintLists: [],\n url: \"https://accounts.google.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.iam.OpenIdConnectProvider(\"default\",\n client_id_lists=[\"266362248691-342342xasdasdasda-apps.googleusercontent.com\"],\n thumbprint_lists=[],\n url=\"https://accounts.google.com\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Iam.OpenIdConnectProvider(\"default\", new Aws.Iam.OpenIdConnectProviderArgs\n {\n ClientIdLists = \n {\n \"266362248691-342342xasdasdasda-apps.googleusercontent.com\",\n },\n ThumbprintLists = {},\n Url = \"https://accounts.google.com\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewOpenIdConnectProvider(ctx, \"_default\", &iam.OpenIdConnectProviderArgs{\n\t\t\tClientIdLists: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"266362248691-342342xasdasdasda-apps.googleusercontent.com\"),\n\t\t\t},\n\t\t\tThumbprintLists: pulumi.StringArray{},\n\t\t\tUrl: pulumi.String(\"https://accounts.google.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM OpenID Connect Providers can be imported using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:iam/openIdConnectProvider:OpenIdConnectProvider default arn:aws:iam::123456789012:oidc-provider/accounts.google.com\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this provider.\n" + }, + "clientIdLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client_id parameter on OAuth requests.)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM OIDC provider. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "thumbprintLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s).\n" + }, + "url": { + "type": "string", + "description": "The URL of the identity provider. Corresponds to the _iss_ claim.\n" + } + }, + "required": [ + "arn", + "clientIdLists", + "tagsAll", + "thumbprintLists", + "url" + ], + "inputProperties": { + "clientIdLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client_id parameter on OAuth requests.)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM OIDC provider. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "thumbprintLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s).\n" + }, + "url": { + "type": "string", + "description": "The URL of the identity provider. Corresponds to the _iss_ claim.\n" + } + }, + "requiredInputs": [ + "clientIdLists", + "thumbprintLists", + "url" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OpenIdConnectProvider resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this provider.\n" + }, + "clientIdLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of client IDs (also known as audiences). When a mobile or web app registers with an OpenID Connect provider, they establish a value that identifies the application. (This is the value that's sent as the client_id parameter on OAuth requests.)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM OIDC provider. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "thumbprintLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of server certificate thumbprints for the OpenID Connect (OIDC) identity provider's server certificate(s).\n" + }, + "url": { + "type": "string", + "description": "The URL of the identity provider. Corresponds to the _iss_ claim.\n" + } + }, + "type": "object" + } + }, + "aws:iam/policy:Policy": { + "description": "Provides an IAM policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst policy = new aws.iam.Policy(\"policy\", {\n path: \"/\",\n description: \"My test policy\",\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"ec2:Describe*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\npolicy = aws.iam.Policy(\"policy\",\n path=\"/\",\n description=\"My test policy\",\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"ec2:Describe*\"],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var policy = new Aws.Iam.Policy(\"policy\", new Aws.Iam.PolicyArgs\n {\n Path = \"/\",\n Description = \"My test policy\",\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"ec2:Describe*\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Resource\", \"*\" },\n },\n }\n },\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := iam.NewPolicy(ctx, \"policy\", &iam.PolicyArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tDescription: pulumi.String(\"My test policy\"),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM Policies can be imported using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:iam/policy:Policy administrator arn:aws:iam::123456789012:policy/UsersManageOwnCredentials\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to this policy.\n" + }, + "description": { + "type": "string", + "description": "Description of the IAM policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the policy. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "Path in which to create the policy.\nSee [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.\n" + }, + "policy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\n", + "language": { + "csharp": { + "name": "PolicyDocument" + } + } + }, + "policyId": { + "type": "string", + "description": "The policy's ID.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM Policy\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "required": [ + "arn", + "name", + "policy", + "policyId", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the IAM policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the policy. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "Path in which to create the policy.\nSee [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string.\n", + "language": { + "csharp": { + "name": "PolicyDocument" + } + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM Policy\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "requiredInputs": [ + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Policy resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to this policy.\n" + }, + "description": { + "type": "string", + "description": "Description of the IAM policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the policy. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "Path in which to create the policy.\nSee [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string.\n", + "language": { + "csharp": { + "name": "PolicyDocument" + } + } + }, + "policyId": { + "type": "string", + "description": "The policy's ID.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM Policy\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "type": "object" + } + }, + "aws:iam/policyAttachment:PolicyAttachment": { + "description": "Attaches a Managed IAM Policy to user(s), role(s), and/or group(s)\n\n!> **WARNING:** The aws.iam.PolicyAttachment resource creates **exclusive** attachments of IAM policies. Across the entire AWS account, all of the users/roles/groups to which a single policy is attached must be declared by a single aws.iam.PolicyAttachment resource. This means that even any users/roles/groups that have the attached policy via any other mechanism (including other resources managed by this provider) will have that attached policy revoked by this resource. Consider `aws.iam.RolePolicyAttachment`, `aws.iam.UserPolicyAttachment`, or `aws.iam.GroupPolicyAttachment` instead. These resources do not enforce exclusive attachment of an IAM policy.\n\n> **NOTE:** The usage of this resource conflicts with the `aws.iam.GroupPolicyAttachment`, `aws.iam.RolePolicyAttachment`, and `aws.iam.UserPolicyAttachment` resources and will permanently show a difference if both are defined.\n\n> **NOTE:** For a given role, this resource is incompatible with using the `aws.iam.Role` resource `managed_policy_arns` argument. When using that argument and this resource, both will attempt to manage the role's managed policy attachments and the provider will show a permanent difference.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst user = new aws.iam.User(\"user\", {});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst group = new aws.iam.Group(\"group\", {});\nconst policy = new aws.iam.Policy(\"policy\", {\n description: \"A test policy\",\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n});\nconst test_attach = new aws.iam.PolicyAttachment(\"test-attach\", {\n users: [user.name],\n roles: [role.name],\n groups: [group.name],\n policyArn: policy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser = aws.iam.User(\"user\")\nrole = aws.iam.Role(\"role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ngroup = aws.iam.Group(\"group\")\npolicy = aws.iam.Policy(\"policy\",\n description=\"A test policy\",\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\")\ntest_attach = aws.iam.PolicyAttachment(\"test-attach\",\n users=[user.name],\n roles=[role.name],\n groups=[group.name],\n policy_arn=policy.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var user = new Aws.Iam.User(\"user\", new Aws.Iam.UserArgs\n {\n });\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"ec2.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var @group = new Aws.Iam.Group(\"group\", new Aws.Iam.GroupArgs\n {\n });\n var policy = new Aws.Iam.Policy(\"policy\", new Aws.Iam.PolicyArgs\n {\n Description = \"A test policy\",\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": [\n \"\"ec2:Describe*\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n });\n var test_attach = new Aws.Iam.PolicyAttachment(\"test-attach\", new Aws.Iam.PolicyAttachmentArgs\n {\n Users = \n {\n user.Name,\n },\n Roles = \n {\n role.Name,\n },\n Groups = \n {\n @group.Name,\n },\n PolicyArn = policy.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuser, err := iam.NewUser(ctx, \"user\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"ec2.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := iam.NewGroup(ctx, \"group\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := iam.NewPolicy(ctx, \"policy\", &iam.PolicyArgs{\n\t\t\tDescription: pulumi.String(\"A test policy\"),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:Describe*\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewPolicyAttachment(ctx, \"test_attach\", &iam.PolicyAttachmentArgs{\n\t\t\tUsers: pulumi.AnyArray{\n\t\t\t\tuser.Name,\n\t\t\t},\n\t\t\tRoles: pulumi.AnyArray{\n\t\t\t\trole.Name,\n\t\t\t},\n\t\t\tGroups: pulumi.AnyArray{\n\t\t\t\tgroup.Name,\n\t\t\t},\n\t\t\tPolicyArn: policy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "groups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The group(s) the policy should be applied to\n" + }, + "name": { + "type": "string", + "description": "The name of the attachment. This cannot be an empty string.\n" + }, + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + }, + "roles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The role(s) the policy should be applied to\n" + }, + "users": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The user(s) the policy should be applied to\n" + } + }, + "required": [ + "name", + "policyArn" + ], + "inputProperties": { + "groups": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/group:Group" + } + ] + }, + "description": "The group(s) the policy should be applied to\n" + }, + "name": { + "type": "string", + "description": "The name of the attachment. This cannot be an empty string.\n" + }, + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + }, + "roles": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/role:Role" + } + ] + }, + "description": "The role(s) the policy should be applied to\n" + }, + "users": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/user:User" + } + ] + }, + "description": "The user(s) the policy should be applied to\n" + } + }, + "requiredInputs": [ + "policyArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PolicyAttachment resources.\n", + "properties": { + "groups": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/group:Group" + } + ] + }, + "description": "The group(s) the policy should be applied to\n" + }, + "name": { + "type": "string", + "description": "The name of the attachment. This cannot be an empty string.\n" + }, + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + }, + "roles": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/role:Role" + } + ] + }, + "description": "The role(s) the policy should be applied to\n" + }, + "users": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/user:User" + } + ] + }, + "description": "The user(s) the policy should be applied to\n" + } + }, + "type": "object" + } + }, + "aws:iam/role:Role": { + "description": "Provides an IAM role.\n\n> **NOTE:** If policies are attached to the role via the `aws.iam.PolicyAttachment` resource and you are modifying the role `name` or `path`, the `force_detach_policies` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `aws.iam.RolePolicyAttachment` resource does not have this requirement.\n\n> **NOTE:** If you use this resource's `managed_policy_arns` argument or `inline_policy` configuration blocks, this resource will take over exclusive management of the role's respective policy types (e.g., both policy types if both arguments are used). These arguments are incompatible with other ways of managing a role's policies, such as `aws.iam.PolicyAttachment`, `aws.iam.RolePolicyAttachment`, and `aws.iam.RolePolicy`. If you attempt to manage a role's policies by multiple means, you will get resource cycling and/or errors.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testRole = new aws.iam.Role(\"testRole\", {\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Sid: \"\",\n Principal: {\n Service: \"ec2.amazonaws.com\",\n },\n }],\n }),\n tags: {\n \"tag-key\": \"tag-value\",\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest_role = aws.iam.Role(\"testRole\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": \"sts:AssumeRole\",\n \"Effect\": \"Allow\",\n \"Sid\": \"\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\",\n },\n }],\n }),\n tags={\n \"tag-key\": \"tag-value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testRole = new Aws.Iam.Role(\"testRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", \"sts:AssumeRole\" },\n { \"Effect\", \"Allow\" },\n { \"Sid\", \"\" },\n { \"Principal\", new Dictionary\n {\n { \"Service\", \"ec2.amazonaws.com\" },\n } },\n },\n }\n },\n }),\n Tags = \n {\n { \"tag-key\", \"tag-value\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Sid\": \"\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := iam.NewRole(ctx, \"testRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag-key\": pulumi.String(\"tag-value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example of Using Data Source for Assume Role Policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst instance-assume-role-policy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n }],\n});\nconst instance = new aws.iam.Role(\"instance\", {\n path: \"/system/\",\n assumeRolePolicy: instance_assume_role_policy.then(instance_assume_role_policy => instance_assume_role_policy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ninstance_assume_role_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"ec2.amazonaws.com\"],\n )],\n)])\ninstance = aws.iam.Role(\"instance\",\n path=\"/system/\",\n assume_role_policy=instance_assume_role_policy.json)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var instance_assume_role_policy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sts:AssumeRole\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n },\n },\n }));\n var instance = new Aws.Iam.Role(\"instance\", new Aws.Iam.RoleArgs\n {\n Path = \"/system/\",\n AssumeRolePolicy = instance_assume_role_policy.Apply(instance_assume_role_policy => instance_assume_role_policy.Json),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstance_assume_role_policy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"instance\", &iam.RoleArgs{\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t\tAssumeRolePolicy: pulumi.String(instance_assume_role_policy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example of Exclusive Inline Policies\n\nThis example creates an IAM role with two inline IAM policies. If someone adds another inline policy out-of-band, on the next apply, the provider will remove that policy. If someone deletes these policies out-of-band, the provider will recreate them.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst inlinePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"ec2:DescribeAccountAttributes\"],\n resources: [\"*\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n assumeRolePolicy: data.aws_iam_policy_document.instance_assume_role_policy.json,\n inlinePolicies: [\n {\n name: \"my_inline_policy\",\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"ec2:Describe*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n },\n {\n name: \"policy-8675309\",\n policy: inlinePolicy.then(inlinePolicy => inlinePolicy.json),\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ninline_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:DescribeAccountAttributes\"],\n resources=[\"*\"],\n)])\nexample = aws.iam.Role(\"example\",\n assume_role_policy=data[\"aws_iam_policy_document\"][\"instance_assume_role_policy\"][\"json\"],\n inline_policies=[\n aws.iam.RoleInlinePolicyArgs(\n name=\"my_inline_policy\",\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"ec2:Describe*\"],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n }),\n ),\n aws.iam.RoleInlinePolicyArgs(\n name=\"policy-8675309\",\n policy=inline_policy.json,\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var inlinePolicy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"ec2:DescribeAccountAttributes\",\n },\n Resources = \n {\n \"*\",\n },\n },\n },\n }));\n var example = new Aws.Iam.Role(\"example\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = data.Aws_iam_policy_document.Instance_assume_role_policy.Json,\n InlinePolicies = \n {\n new Aws.Iam.Inputs.RoleInlinePolicyArgs\n {\n Name = \"my_inline_policy\",\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"ec2:Describe*\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Resource\", \"*\" },\n },\n }\n },\n }),\n },\n new Aws.Iam.Inputs.RoleInlinePolicyArgs\n {\n Name = \"policy-8675309\",\n Policy = inlinePolicy.Apply(inlinePolicy => inlinePolicy.Json),\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinlinePolicy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:DescribeAccountAttributes\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"example\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(data.Aws_iam_policy_document.Instance_assume_role_policy.Json),\n\t\t\tInlinePolicies: iam.RoleInlinePolicyArray{\n\t\t\t\t&iam.RoleInlinePolicyArgs{\n\t\t\t\t\tName: pulumi.String(\"my_inline_policy\"),\n\t\t\t\t\tPolicy: pulumi.String(json0),\n\t\t\t\t},\n\t\t\t\t&iam.RoleInlinePolicyArgs{\n\t\t\t\t\tName: pulumi.String(\"policy-8675309\"),\n\t\t\t\t\tPolicy: pulumi.String(inlinePolicy.Json),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example of Removing Inline Policies\n\nThis example creates an IAM role with what appears to be empty IAM `inline_policy` argument instead of using `inline_policy` as a configuration block. The result is that if someone were to add an inline policy out-of-band, on the next apply, the provider will remove that policy.\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n assumeRolePolicy: data.aws_iam_policy_document.instance_assume_role_policy.json,\n inlinePolicies: [{}],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n assume_role_policy=data[\"aws_iam_policy_document\"][\"instance_assume_role_policy\"][\"json\"],\n inline_policies=[aws.iam.RoleInlinePolicyArgs()])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Iam.Role(\"example\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = data.Aws_iam_policy_document.Instance_assume_role_policy.Json,\n InlinePolicies = \n {\n ,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRole(ctx, \"example\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(data.Aws_iam_policy_document.Instance_assume_role_policy.Json),\n\t\t\tInlinePolicies: iam.RoleInlinePolicyArray{\n\t\t\t\tnil,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example of Exclusive Managed Policies\n\nThis example creates an IAM role and attaches two managed IAM policies. If someone attaches another managed policy out-of-band, on the next apply, the provider will detach that policy. If someone detaches these policies out-of-band, the provider will attach them again.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst policyOne = new aws.iam.Policy(\"policyOne\", {policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"ec2:Describe*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n})});\nconst policyTwo = new aws.iam.Policy(\"policyTwo\", {policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n ],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n})});\nconst example = new aws.iam.Role(\"example\", {\n assumeRolePolicy: data.aws_iam_policy_document.instance_assume_role_policy.json,\n managedPolicyArns: [\n policyOne.arn,\n policyTwo.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\npolicy_one = aws.iam.Policy(\"policyOne\", policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"ec2:Describe*\"],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n}))\npolicy_two = aws.iam.Policy(\"policyTwo\", policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n}))\nexample = aws.iam.Role(\"example\",\n assume_role_policy=data[\"aws_iam_policy_document\"][\"instance_assume_role_policy\"][\"json\"],\n managed_policy_arns=[\n policy_one.arn,\n policy_two.arn,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var policyOne = new Aws.Iam.Policy(\"policyOne\", new Aws.Iam.PolicyArgs\n {\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"ec2:Describe*\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Resource\", \"*\" },\n },\n }\n },\n }),\n });\n var policyTwo = new Aws.Iam.Policy(\"policyTwo\", new Aws.Iam.PolicyArgs\n {\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Resource\", \"*\" },\n },\n }\n },\n }),\n });\n var example = new Aws.Iam.Role(\"example\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = data.Aws_iam_policy_document.Instance_assume_role_policy.Json,\n ManagedPolicyArns = \n {\n policyOne.Arn,\n policyTwo.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tpolicyOne, err := iam.NewPolicy(ctx, \"policyOne\", &iam.PolicyArgs{\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"s3:ListAllMyBuckets\",\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t\t\"s3:HeadBucket\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\tpolicyTwo, err := iam.NewPolicy(ctx, \"policyTwo\", &iam.PolicyArgs{\n\t\t\tPolicy: pulumi.String(json1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"example\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(data.Aws_iam_policy_document.Instance_assume_role_policy.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{\n\t\t\t\tpolicyOne.Arn,\n\t\t\t\tpolicyTwo.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example of Removing Managed Policies\n\nThis example creates an IAM role with an empty `managed_policy_arns` argument. If someone attaches a policy out-of-band, on the next apply, the provider will detach that policy.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n assumeRolePolicy: data.aws_iam_policy_document.instance_assume_role_policy.json,\n managedPolicyArns: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n assume_role_policy=data[\"aws_iam_policy_document\"][\"instance_assume_role_policy\"][\"json\"],\n managed_policy_arns=[])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Iam.Role(\"example\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = data.Aws_iam_policy_document.Instance_assume_role_policy.Json,\n ManagedPolicyArns = {},\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRole(ctx, \"example\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(data.Aws_iam_policy_document.Instance_assume_role_policy.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM Roles can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:iam/role:Role developer developer_name\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) specifying the role.\n" + }, + "assumeRolePolicy": { + "type": "string", + "description": "Policy that grants an entity permission to assume the role.\n" + }, + "createDate": { + "type": "string", + "description": "Creation date of the IAM role.\n" + }, + "description": { + "type": "string", + "description": "Description of the role.\n" + }, + "forceDetachPolicies": { + "type": "boolean", + "description": "Whether to force detaching any policies the role has before destroying it. Defaults to `false`.\n" + }, + "inlinePolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:iam/RoleInlinePolicy:RoleInlinePolicy" + }, + "description": "Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. Defined below. If no blocks are configured, the provider will ignore any managing any inline policies in this resource. Configuring one empty block (i.e., `inline_policy {}`) will cause the provider to remove _all_ inline policies.\n" + }, + "managedPolicyArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, the provider will ignore policy attachments to this resource. When configured, the provider will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., `managed_policy_arns = []`) will cause the provider to remove _all_ managed policy attachments.\n" + }, + "maxSessionDuration": { + "type": "integer", + "description": "Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.\n" + }, + "name": { + "type": "string", + "description": "Name of the role policy.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "Path to the role. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.\n" + }, + "permissionsBoundary": { + "type": "string", + "description": "ARN of the policy that is used to set the permissions boundary for the role.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of tags for the IAM role. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uniqueId": { + "type": "string", + "description": "Stable and unique string identifying the role.\n" + } + }, + "required": [ + "arn", + "assumeRolePolicy", + "createDate", + "inlinePolicies", + "managedPolicyArns", + "name", + "tagsAll", + "uniqueId" + ], + "inputProperties": { + "assumeRolePolicy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "Policy that grants an entity permission to assume the role.\n" + }, + "description": { + "type": "string", + "description": "Description of the role.\n" + }, + "forceDetachPolicies": { + "type": "boolean", + "description": "Whether to force detaching any policies the role has before destroying it. Defaults to `false`.\n" + }, + "inlinePolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:iam/RoleInlinePolicy:RoleInlinePolicy" + }, + "description": "Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. Defined below. If no blocks are configured, the provider will ignore any managing any inline policies in this resource. Configuring one empty block (i.e., `inline_policy {}`) will cause the provider to remove _all_ inline policies.\n" + }, + "managedPolicyArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, the provider will ignore policy attachments to this resource. When configured, the provider will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., `managed_policy_arns = []`) will cause the provider to remove _all_ managed policy attachments.\n" + }, + "maxSessionDuration": { + "type": "integer", + "description": "Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.\n" + }, + "name": { + "type": "string", + "description": "Name of the role policy.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "Path to the role. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.\n" + }, + "permissionsBoundary": { + "type": "string", + "description": "ARN of the policy that is used to set the permissions boundary for the role.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of tags for the IAM role. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "assumeRolePolicy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Role resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) specifying the role.\n" + }, + "assumeRolePolicy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "Policy that grants an entity permission to assume the role.\n" + }, + "createDate": { + "type": "string", + "description": "Creation date of the IAM role.\n" + }, + "description": { + "type": "string", + "description": "Description of the role.\n" + }, + "forceDetachPolicies": { + "type": "boolean", + "description": "Whether to force detaching any policies the role has before destroying it. Defaults to `false`.\n" + }, + "inlinePolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:iam/RoleInlinePolicy:RoleInlinePolicy" + }, + "description": "Configuration block defining an exclusive set of IAM inline policies associated with the IAM role. Defined below. If no blocks are configured, the provider will ignore any managing any inline policies in this resource. Configuring one empty block (i.e., `inline_policy {}`) will cause the provider to remove _all_ inline policies.\n" + }, + "managedPolicyArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of exclusive IAM managed policy ARNs to attach to the IAM role. If this attribute is not configured, the provider will ignore policy attachments to this resource. When configured, the provider will align the role's managed policy attachments with this set by attaching or detaching managed policies. Configuring an empty set (i.e., `managed_policy_arns = []`) will cause the provider to remove _all_ managed policy attachments.\n" + }, + "maxSessionDuration": { + "type": "integer", + "description": "Maximum session duration (in seconds) that you want to set for the specified role. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 1 hour to 12 hours.\n" + }, + "name": { + "type": "string", + "description": "Name of the role policy.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique friendly name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "Path to the role. See [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more information.\n" + }, + "permissionsBoundary": { + "type": "string", + "description": "ARN of the policy that is used to set the permissions boundary for the role.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of tags for the IAM role. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uniqueId": { + "type": "string", + "description": "Stable and unique string identifying the role.\n" + } + }, + "type": "object" + } + }, + "aws:iam/rolePolicy:RolePolicy": { + "description": "Provides an IAM role inline policy.\n\n> **NOTE:** For a given role, this resource is incompatible with using the `aws.iam.Role` resource `inline_policy` argument. When using that argument and this resource, both will attempt to manage the role's inline policies and the provider will show a permanent difference.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testRole = new aws.iam.Role(\"testRole\", {assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Sid: \"\",\n Principal: {\n Service: \"ec2.amazonaws.com\",\n },\n }],\n})});\nconst testPolicy = new aws.iam.RolePolicy(\"testPolicy\", {\n role: testRole.id,\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"ec2:Describe*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest_role = aws.iam.Role(\"testRole\", assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": \"sts:AssumeRole\",\n \"Effect\": \"Allow\",\n \"Sid\": \"\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\",\n },\n }],\n}))\ntest_policy = aws.iam.RolePolicy(\"testPolicy\",\n role=test_role.id,\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"ec2:Describe*\"],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testRole = new Aws.Iam.Role(\"testRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", \"sts:AssumeRole\" },\n { \"Effect\", \"Allow\" },\n { \"Sid\", \"\" },\n { \"Principal\", new Dictionary\n {\n { \"Service\", \"ec2.amazonaws.com\" },\n } },\n },\n }\n },\n }),\n });\n var testPolicy = new Aws.Iam.RolePolicy(\"testPolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = testRole.Id,\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"ec2:Describe*\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Resource\", \"*\" },\n },\n }\n },\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Sid\": \"\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttestRole, err := iam.NewRole(ctx, \"testRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\t_, err = iam.NewRolePolicy(ctx, \"testPolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: testRole.ID(),\n\t\t\tPolicy: pulumi.String(json1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM Role Policies can be imported using the `role_name:role_policy_name`, e.g.\n\n```sh\n $ pulumi import aws:iam/rolePolicy:RolePolicy mypolicy role_of_mypolicy_name:mypolicy_name\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name of the role policy. If omitted, this provider will\nassign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\n" + }, + "role": { + "type": "string", + "description": "The IAM role to attach to the policy.\n" + } + }, + "required": [ + "name", + "policy", + "role" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the role policy. If omitted, this provider will\nassign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string.\n" + }, + "role": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/role:Role" + } + ], + "description": "The IAM role to attach to the policy.\n" + } + }, + "requiredInputs": [ + "policy", + "role" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RolePolicy resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the role policy. If omitted, this provider will\nassign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string.\n" + }, + "role": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/role:Role" + } + ], + "description": "The IAM role to attach to the policy.\n" + } + }, + "type": "object" + } + }, + "aws:iam/rolePolicyAttachment:RolePolicyAttachment": { + "description": "Attaches a Managed IAM Policy to an IAM role\n\n> **NOTE:** The usage of this resource conflicts with the `aws.iam.PolicyAttachment` resource and will permanently show a difference if both are defined.\n\n> **NOTE:** For a given role, this resource is incompatible with using the `aws.iam.Role` resource `managed_policy_arns` argument. When using that argument and this resource, both will attempt to manage the role's managed policy attachments and the provider will show a permanent difference.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst policy = new aws.iam.Policy(\"policy\", {\n description: \"A test policy\",\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n});\nconst test_attach = new aws.iam.RolePolicyAttachment(\"test-attach\", {\n role: role.name,\n policyArn: policy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrole = aws.iam.Role(\"role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\npolicy = aws.iam.Policy(\"policy\",\n description=\"A test policy\",\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\")\ntest_attach = aws.iam.RolePolicyAttachment(\"test-attach\",\n role=role.name,\n policy_arn=policy.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"ec2.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var policy = new Aws.Iam.Policy(\"policy\", new Aws.Iam.PolicyArgs\n {\n Description = \"A test policy\",\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": [\n \"\"ec2:Describe*\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n });\n var test_attach = new Aws.Iam.RolePolicyAttachment(\"test-attach\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = role.Name,\n PolicyArn = policy.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"ec2.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := iam.NewPolicy(ctx, \"policy\", &iam.PolicyArgs{\n\t\t\tDescription: pulumi.String(\"A test policy\"),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:Describe*\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"test_attach\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: role.Name,\n\t\t\tPolicyArn: policy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM role policy attachments can be imported using the role name and policy arn separated by `/`.\n\n```sh\n $ pulumi import aws:iam/rolePolicyAttachment:RolePolicyAttachment test-attach test-role/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy\n```\n\n ", + "properties": { + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + }, + "role": { + "type": "string", + "description": "The name of the IAM role to which the policy should be applied\n" + } + }, + "required": [ + "policyArn", + "role" + ], + "inputProperties": { + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + }, + "role": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/role:Role" + } + ], + "description": "The name of the IAM role to which the policy should be applied\n" + } + }, + "requiredInputs": [ + "policyArn", + "role" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RolePolicyAttachment resources.\n", + "properties": { + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + }, + "role": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/role:Role" + } + ], + "description": "The name of the IAM role to which the policy should be applied\n" + } + }, + "type": "object" + } + }, + "aws:iam/samlProvider:SamlProvider": { + "description": "Provides an IAM SAML provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst _default = new aws.iam.SamlProvider(\"default\", {samlMetadataDocument: fs.readFileSync(\"saml-metadata.xml\")});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.iam.SamlProvider(\"default\", saml_metadata_document=(lambda path: open(path).read())(\"saml-metadata.xml\"))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Iam.SamlProvider(\"default\", new Aws.Iam.SamlProviderArgs\n {\n SamlMetadataDocument = File.ReadAllText(\"saml-metadata.xml\"),\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM SAML Providers can be imported using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:iam/samlProvider:SamlProvider default arn:aws:iam::123456789012:saml-provider/SAMLADFS\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this provider.\n" + }, + "name": { + "type": "string", + "description": "The name of the provider to create.\n" + }, + "samlMetadataDocument": { + "type": "string", + "description": "An XML document generated by an identity provider that supports SAML 2.0.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM SAML provider. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "validUntil": { + "type": "string", + "description": "The expiration date and time for the SAML provider in RFC1123 format, e.g. `Mon, 02 Jan 2006 15:04:05 MST`.\n" + } + }, + "required": [ + "arn", + "name", + "samlMetadataDocument", + "tagsAll", + "validUntil" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the provider to create.\n" + }, + "samlMetadataDocument": { + "type": "string", + "description": "An XML document generated by an identity provider that supports SAML 2.0.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM SAML provider. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "samlMetadataDocument" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SamlProvider resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this provider.\n" + }, + "name": { + "type": "string", + "description": "The name of the provider to create.\n" + }, + "samlMetadataDocument": { + "type": "string", + "description": "An XML document generated by an identity provider that supports SAML 2.0.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the IAM SAML provider. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "validUntil": { + "type": "string", + "description": "The expiration date and time for the SAML provider in RFC1123 format, e.g. `Mon, 02 Jan 2006 15:04:05 MST`.\n" + } + }, + "type": "object" + } + }, + "aws:iam/serverCertificate:ServerCertificate": { + "description": "Provides an IAM Server Certificate resource to upload Server Certificates.\nCerts uploaded to IAM can easily work with other AWS services such as:\n\n- AWS Elastic Beanstalk\n- Elastic Load Balancing\n- CloudFront\n- AWS OpsWorks\n\nFor information about server certificates in IAM, see [Managing Server\nCertificates][2] in AWS Documentation.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n**Using certs on file:**\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst testCert = new aws.iam.ServerCertificate(\"testCert\", {\n certificateBody: fs.readFileSync(\"self-ca-cert.pem\"),\n privateKey: fs.readFileSync(\"test-key.pem\"),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cert = aws.iam.ServerCertificate(\"testCert\",\n certificate_body=(lambda path: open(path).read())(\"self-ca-cert.pem\"),\n private_key=(lambda path: open(path).read())(\"test-key.pem\"))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testCert = new Aws.Iam.ServerCertificate(\"testCert\", new Aws.Iam.ServerCertificateArgs\n {\n CertificateBody = File.ReadAllText(\"self-ca-cert.pem\"),\n PrivateKey = File.ReadAllText(\"test-key.pem\"),\n });\n }\n\n}\n```\n\n**Example with cert in-line:**\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCertAlt = new aws.iam.ServerCertificate(\"test_cert_alt\", {\n certificateBody: `-----BEGIN CERTIFICATE-----\n[......] # cert contents\n-----END CERTIFICATE-----\n`,\n privateKey: `-----BEGIN RSA PRIVATE KEY-----\n[......] # cert contents\n-----END RSA PRIVATE KEY-----\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cert_alt = aws.iam.ServerCertificate(\"testCertAlt\",\n certificate_body=\"\"\"-----BEGIN CERTIFICATE-----\n[......] # cert contents\n-----END CERTIFICATE-----\n\n\"\"\",\n private_key=\"\"\"-----BEGIN RSA PRIVATE KEY-----\n[......] # cert contents\n-----END RSA PRIVATE KEY-----\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testCertAlt = new Aws.Iam.ServerCertificate(\"testCertAlt\", new Aws.Iam.ServerCertificateArgs\n {\n CertificateBody = @\"-----BEGIN CERTIFICATE-----\n[......] # cert contents\n-----END CERTIFICATE-----\n\n\",\n PrivateKey = @\"-----BEGIN RSA PRIVATE KEY-----\n[......] # cert contents\n-----END RSA PRIVATE KEY-----\n\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewServerCertificate(ctx, \"testCertAlt\", &iam.ServerCertificateArgs{\n\t\t\tCertificateBody: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"-----BEGIN CERTIFICATE-----\\n\", \"[......] # cert contents\\n\", \"-----END CERTIFICATE-----\\n\", \"\\n\")),\n\t\t\tPrivateKey: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"-----BEGIN RSA PRIVATE KEY-----\\n\", \"[......] # cert contents\\n\", \"-----END RSA PRIVATE KEY-----\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n**Use in combination with an AWS ELB resource:**\n\nSome properties of an IAM Server Certificates cannot be updated while they are\nin use. In order for this provider to effectively manage a Certificate in this situation, it is\nrecommended you utilize the `name_prefix` attribute and enable the\n`create_before_destroy` [lifecycle block][lifecycle]. This will allow this provider\nto create a new, updated `aws.iam.ServerCertificate` resource and replace it in\ndependant resources before attempting to destroy the old version.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst testCert = new aws.iam.ServerCertificate(\"testCert\", {\n namePrefix: \"example-cert\",\n certificateBody: fs.readFileSync(\"self-ca-cert.pem\"),\n privateKey: fs.readFileSync(\"test-key.pem\"),\n});\nconst ourapp = new aws.elb.LoadBalancer(\"ourapp\", {\n availabilityZones: [\"us-west-2a\"],\n crossZoneLoadBalancing: true,\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: testCert.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cert = aws.iam.ServerCertificate(\"testCert\",\n name_prefix=\"example-cert\",\n certificate_body=(lambda path: open(path).read())(\"self-ca-cert.pem\"),\n private_key=(lambda path: open(path).read())(\"test-key.pem\"))\nourapp = aws.elb.LoadBalancer(\"ourapp\",\n availability_zones=[\"us-west-2a\"],\n cross_zone_load_balancing=True,\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=test_cert.arn,\n )])\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testCert = new Aws.Iam.ServerCertificate(\"testCert\", new Aws.Iam.ServerCertificateArgs\n {\n NamePrefix = \"example-cert\",\n CertificateBody = File.ReadAllText(\"self-ca-cert.pem\"),\n PrivateKey = File.ReadAllText(\"test-key.pem\"),\n });\n var ourapp = new Aws.Elb.LoadBalancer(\"ourapp\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-west-2a\",\n },\n CrossZoneLoadBalancing = true,\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = testCert.Arn,\n },\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM Server Certificates can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:iam/serverCertificate:ServerCertificate certificate example.com-certificate-until-2018\n```\n\n [1]https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html [2]https://docs.aws.amazon.com/IAM/latest/UserGuide/ManagingServerCerts.html [lifecycle]/docs/configuration/resources.html ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the server certificate.\n" + }, + "certificateBody": { + "type": "string", + "description": "The contents of the public key certificate in\nPEM-encoded format.\n" + }, + "certificateChain": { + "type": "string", + "description": "The contents of the certificate chain.\nThis is typically a concatenation of the PEM-encoded public key certificates\nof the chain.\n" + }, + "expiration": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) on which the certificate is set to expire.\n" + }, + "name": { + "type": "string", + "description": "The name of the Server Certificate. Do not include the\npath in this value. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "The IAM path for the server certificate. If it is not\nincluded, it defaults to a slash (/). If this certificate is for use with\nAWS CloudFront, the path must be in format `/cloudfront/your_path_here`.\nSee [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more details on IAM Paths.\n" + }, + "privateKey": { + "type": "string", + "description": "The contents of the private key in PEM-encoded format.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the server certificate. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uploadDate": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) when the server certificate was uploaded.\n" + } + }, + "required": [ + "arn", + "certificateBody", + "expiration", + "name", + "privateKey", + "tagsAll", + "uploadDate" + ], + "inputProperties": { + "certificateBody": { + "type": "string", + "description": "The contents of the public key certificate in\nPEM-encoded format.\n" + }, + "certificateChain": { + "type": "string", + "description": "The contents of the certificate chain.\nThis is typically a concatenation of the PEM-encoded public key certificates\nof the chain.\n" + }, + "name": { + "type": "string", + "description": "The name of the Server Certificate. Do not include the\npath in this value. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "The IAM path for the server certificate. If it is not\nincluded, it defaults to a slash (/). If this certificate is for use with\nAWS CloudFront, the path must be in format `/cloudfront/your_path_here`.\nSee [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more details on IAM Paths.\n" + }, + "privateKey": { + "type": "string", + "description": "The contents of the private key in PEM-encoded format.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the server certificate. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "certificateBody", + "privateKey" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ServerCertificate resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the server certificate.\n" + }, + "certificateBody": { + "type": "string", + "description": "The contents of the public key certificate in\nPEM-encoded format.\n" + }, + "certificateChain": { + "type": "string", + "description": "The contents of the certificate chain.\nThis is typically a concatenation of the PEM-encoded public key certificates\nof the chain.\n" + }, + "expiration": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) on which the certificate is set to expire.\n" + }, + "name": { + "type": "string", + "description": "The name of the Server Certificate. Do not include the\npath in this value. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified\nprefix. Conflicts with `name`.\n" + }, + "path": { + "type": "string", + "description": "The IAM path for the server certificate. If it is not\nincluded, it defaults to a slash (/). If this certificate is for use with\nAWS CloudFront, the path must be in format `/cloudfront/your_path_here`.\nSee [IAM Identifiers](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_Identifiers.html) for more details on IAM Paths.\n" + }, + "privateKey": { + "type": "string", + "description": "The contents of the private key in PEM-encoded format.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the server certificate. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uploadDate": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) when the server certificate was uploaded.\n" + } + }, + "type": "object" + } + }, + "aws:iam/serviceLinkedRole:ServiceLinkedRole": { + "description": "Provides an [IAM service-linked role](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst elasticbeanstalk = new aws.iam.ServiceLinkedRole(\"elasticbeanstalk\", {\n awsServiceName: \"elasticbeanstalk.amazonaws.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nelasticbeanstalk = aws.iam.ServiceLinkedRole(\"elasticbeanstalk\", aws_service_name=\"elasticbeanstalk.amazonaws.com\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var elasticbeanstalk = new Aws.Iam.ServiceLinkedRole(\"elasticbeanstalk\", new Aws.Iam.ServiceLinkedRoleArgs\n {\n AwsServiceName = \"elasticbeanstalk.amazonaws.com\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewServiceLinkedRole(ctx, \"elasticbeanstalk\", &iam.ServiceLinkedRoleArgs{\n\t\t\tAwsServiceName: pulumi.String(\"elasticbeanstalk.amazonaws.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM service-linked roles can be imported using role ARN, e.g.\n\n```sh\n $ pulumi import aws:iam/serviceLinkedRole:ServiceLinkedRole elasticbeanstalk arn:aws:iam::123456789012:role/aws-service-role/elasticbeanstalk.amazonaws.com/AWSServiceRoleForElasticBeanstalk\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the role.\n" + }, + "awsServiceName": { + "type": "string", + "description": "The AWS service to which this role is attached. You use a string similar to a URL but without the `http://` in front. For example: `elasticbeanstalk.amazonaws.com`. To find the full list of services that support service-linked roles, check [the docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html).\n" + }, + "createDate": { + "type": "string", + "description": "The creation date of the IAM role.\n" + }, + "customSuffix": { + "type": "string", + "description": "Additional string appended to the role name. Not all AWS services support custom suffixes.\n" + }, + "description": { + "type": "string", + "description": "The description of the role.\n" + }, + "name": { + "type": "string", + "description": "The name of the role.\n" + }, + "path": { + "type": "string", + "description": "The path of the role.\n" + }, + "uniqueId": { + "type": "string", + "description": "The stable and unique string identifying the role.\n" + } + }, + "required": [ + "arn", + "awsServiceName", + "createDate", + "name", + "path", + "uniqueId" + ], + "inputProperties": { + "awsServiceName": { + "type": "string", + "description": "The AWS service to which this role is attached. You use a string similar to a URL but without the `http://` in front. For example: `elasticbeanstalk.amazonaws.com`. To find the full list of services that support service-linked roles, check [the docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html).\n" + }, + "customSuffix": { + "type": "string", + "description": "Additional string appended to the role name. Not all AWS services support custom suffixes.\n" + }, + "description": { + "type": "string", + "description": "The description of the role.\n" + } + }, + "requiredInputs": [ + "awsServiceName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ServiceLinkedRole resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the role.\n" + }, + "awsServiceName": { + "type": "string", + "description": "The AWS service to which this role is attached. You use a string similar to a URL but without the `http://` in front. For example: `elasticbeanstalk.amazonaws.com`. To find the full list of services that support service-linked roles, check [the docs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html).\n" + }, + "createDate": { + "type": "string", + "description": "The creation date of the IAM role.\n" + }, + "customSuffix": { + "type": "string", + "description": "Additional string appended to the role name. Not all AWS services support custom suffixes.\n" + }, + "description": { + "type": "string", + "description": "The description of the role.\n" + }, + "name": { + "type": "string", + "description": "The name of the role.\n" + }, + "path": { + "type": "string", + "description": "The path of the role.\n" + }, + "uniqueId": { + "type": "string", + "description": "The stable and unique string identifying the role.\n" + } + }, + "type": "object" + } + }, + "aws:iam/sshKey:SshKey": { + "description": "Uploads an SSH public key and associates it with the specified IAM user.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUser = new aws.iam.User(\"userUser\", {path: \"/\"});\nconst userSshKey = new aws.iam.SshKey(\"userSshKey\", {\n username: userUser.name,\n encoding: \"SSH\",\n publicKey: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 mytest@mydomain.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_user = aws.iam.User(\"userUser\", path=\"/\")\nuser_ssh_key = aws.iam.SshKey(\"userSshKey\",\n username=user_user.name,\n encoding=\"SSH\",\n public_key=\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 mytest@mydomain.com\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var userUser = new Aws.Iam.User(\"userUser\", new Aws.Iam.UserArgs\n {\n Path = \"/\",\n });\n var userSshKey = new Aws.Iam.SshKey(\"userSshKey\", new Aws.Iam.SshKeyArgs\n {\n Username = userUser.Name,\n Encoding = \"SSH\",\n PublicKey = \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 mytest@mydomain.com\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuserUser, err := iam.NewUser(ctx, \"userUser\", &iam.UserArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewSshKey(ctx, \"userSshKey\", &iam.SshKeyArgs{\n\t\t\tUsername: userUser.Name,\n\t\t\tEncoding: pulumi.String(\"SSH\"),\n\t\t\tPublicKey: pulumi.String(\"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 mytest@mydomain.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSSH public keys can be imported using the `username`, `ssh_public_key_id`, and `encoding` e.g.\n\n```sh\n $ pulumi import aws:iam/sshKey:SshKey user user:APKAJNCNNJICVN7CFKCA:SSH\n```\n\n ", + "properties": { + "encoding": { + "type": "string", + "description": "Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the public key in PEM format, use `PEM`.\n" + }, + "fingerprint": { + "type": "string", + "description": "The MD5 message digest of the SSH public key.\n" + }, + "publicKey": { + "type": "string", + "description": "The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.\n" + }, + "sshPublicKeyId": { + "type": "string", + "description": "The unique identifier for the SSH public key.\n" + }, + "status": { + "type": "string", + "description": "The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is `active`.\n" + }, + "username": { + "type": "string", + "description": "The name of the IAM user to associate the SSH public key with.\n" + } + }, + "required": [ + "encoding", + "fingerprint", + "publicKey", + "sshPublicKeyId", + "status", + "username" + ], + "inputProperties": { + "encoding": { + "type": "string", + "description": "Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the public key in PEM format, use `PEM`.\n" + }, + "publicKey": { + "type": "string", + "description": "The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.\n" + }, + "status": { + "type": "string", + "description": "The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is `active`.\n" + }, + "username": { + "type": "string", + "description": "The name of the IAM user to associate the SSH public key with.\n" + } + }, + "requiredInputs": [ + "encoding", + "publicKey", + "username" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SshKey resources.\n", + "properties": { + "encoding": { + "type": "string", + "description": "Specifies the public key encoding format to use in the response. To retrieve the public key in ssh-rsa format, use `SSH`. To retrieve the public key in PEM format, use `PEM`.\n" + }, + "fingerprint": { + "type": "string", + "description": "The MD5 message digest of the SSH public key.\n" + }, + "publicKey": { + "type": "string", + "description": "The SSH public key. The public key must be encoded in ssh-rsa format or PEM format.\n" + }, + "sshPublicKeyId": { + "type": "string", + "description": "The unique identifier for the SSH public key.\n" + }, + "status": { + "type": "string", + "description": "The status to assign to the SSH public key. Active means the key can be used for authentication with an AWS CodeCommit repository. Inactive means the key cannot be used. Default is `active`.\n" + }, + "username": { + "type": "string", + "description": "The name of the IAM user to associate the SSH public key with.\n" + } + }, + "type": "object" + } + }, + "aws:iam/user:User": { + "description": "Provides an IAM user.\n\n> *NOTE:* If policies are attached to the user via the `aws.iam.PolicyAttachment` resource and you are modifying the user `name` or `path`, the `force_destroy` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `aws.iam.UserPolicyAttachment` resource (recommended) does not have this requirement.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lbUser = new aws.iam.User(\"lbUser\", {\n path: \"/system/\",\n tags: {\n \"tag-key\": \"tag-value\",\n },\n});\nconst lbAccessKey = new aws.iam.AccessKey(\"lbAccessKey\", {user: lbUser.name});\nconst lbRo = new aws.iam.UserPolicy(\"lbRo\", {\n user: lbUser.name,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb_user = aws.iam.User(\"lbUser\",\n path=\"/system/\",\n tags={\n \"tag-key\": \"tag-value\",\n })\nlb_access_key = aws.iam.AccessKey(\"lbAccessKey\", user=lb_user.name)\nlb_ro = aws.iam.UserPolicy(\"lbRo\",\n user=lb_user.name,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"ec2:Describe*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lbUser = new Aws.Iam.User(\"lbUser\", new Aws.Iam.UserArgs\n {\n Path = \"/system/\",\n Tags = \n {\n { \"tag-key\", \"tag-value\" },\n },\n });\n var lbAccessKey = new Aws.Iam.AccessKey(\"lbAccessKey\", new Aws.Iam.AccessKeyArgs\n {\n User = lbUser.Name,\n });\n var lbRo = new Aws.Iam.UserPolicy(\"lbRo\", new Aws.Iam.UserPolicyArgs\n {\n User = lbUser.Name,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": [\n \"\"ec2:Describe*\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlbUser, err := iam.NewUser(ctx, \"lbUser\", &iam.UserArgs{\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag-key\": pulumi.String(\"tag-value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewAccessKey(ctx, \"lbAccessKey\", &iam.AccessKeyArgs{\n\t\t\tUser: lbUser.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewUserPolicy(ctx, \"lbRo\", &iam.UserPolicyArgs{\n\t\t\tUser: lbUser.Name,\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:Describe*\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM Users can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:iam/user:User lb loadbalancer\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this user.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "When destroying this user, destroy even if it\nhas non-provider-managed IAM access keys, login profile or MFA devices. Without `force_destroy`\na user with non-provider-managed access keys and login profile will fail to be destroyed.\n" + }, + "name": { + "type": "string", + "description": "The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. User names are not distinguished by case. For example, you cannot create users named both \"TESTUSER\" and \"testuser\".\n" + }, + "path": { + "type": "string", + "description": "Path in which to create the user.\n" + }, + "permissionsBoundary": { + "type": "string", + "description": "The ARN of the policy that is used to set the permissions boundary for the user.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of tags for the IAM user\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "uniqueId": { + "type": "string", + "description": "The [unique ID][1] assigned by AWS.\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll", + "uniqueId" + ], + "inputProperties": { + "forceDestroy": { + "type": "boolean", + "description": "When destroying this user, destroy even if it\nhas non-provider-managed IAM access keys, login profile or MFA devices. Without `force_destroy`\na user with non-provider-managed access keys and login profile will fail to be destroyed.\n" + }, + "name": { + "type": "string", + "description": "The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. User names are not distinguished by case. For example, you cannot create users named both \"TESTUSER\" and \"testuser\".\n" + }, + "path": { + "type": "string", + "description": "Path in which to create the user.\n" + }, + "permissionsBoundary": { + "type": "string", + "description": "The ARN of the policy that is used to set the permissions boundary for the user.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of tags for the IAM user\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering User resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this user.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "When destroying this user, destroy even if it\nhas non-provider-managed IAM access keys, login profile or MFA devices. Without `force_destroy`\na user with non-provider-managed access keys and login profile will fail to be destroyed.\n" + }, + "name": { + "type": "string", + "description": "The user's name. The name must consist of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: `=,.@-_.`. User names are not distinguished by case. For example, you cannot create users named both \"TESTUSER\" and \"testuser\".\n" + }, + "path": { + "type": "string", + "description": "Path in which to create the user.\n" + }, + "permissionsBoundary": { + "type": "string", + "description": "The ARN of the policy that is used to set the permissions boundary for the user.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of tags for the IAM user\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "uniqueId": { + "type": "string", + "description": "The [unique ID][1] assigned by AWS.\n" + } + }, + "type": "object" + } + }, + "aws:iam/userGroupMembership:UserGroupMembership": { + "description": "Provides a resource for adding an IAM User to IAM Groups. This\nresource can be used multiple times with the same user for non-overlapping\ngroups.\n\nTo exclusively manage the users in a group, see the\n`aws.iam.GroupMembership` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst user1 = new aws.iam.User(\"user1\", {});\nconst group1 = new aws.iam.Group(\"group1\", {});\nconst group2 = new aws.iam.Group(\"group2\", {});\nconst example1 = new aws.iam.UserGroupMembership(\"example1\", {\n user: user1.name,\n groups: [\n group1.name,\n group2.name,\n ],\n});\nconst group3 = new aws.iam.Group(\"group3\", {});\nconst example2 = new aws.iam.UserGroupMembership(\"example2\", {\n user: user1.name,\n groups: [group3.name],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser1 = aws.iam.User(\"user1\")\ngroup1 = aws.iam.Group(\"group1\")\ngroup2 = aws.iam.Group(\"group2\")\nexample1 = aws.iam.UserGroupMembership(\"example1\",\n user=user1.name,\n groups=[\n group1.name,\n group2.name,\n ])\ngroup3 = aws.iam.Group(\"group3\")\nexample2 = aws.iam.UserGroupMembership(\"example2\",\n user=user1.name,\n groups=[group3.name])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var user1 = new Aws.Iam.User(\"user1\", new Aws.Iam.UserArgs\n {\n });\n var group1 = new Aws.Iam.Group(\"group1\", new Aws.Iam.GroupArgs\n {\n });\n var group2 = new Aws.Iam.Group(\"group2\", new Aws.Iam.GroupArgs\n {\n });\n var example1 = new Aws.Iam.UserGroupMembership(\"example1\", new Aws.Iam.UserGroupMembershipArgs\n {\n User = user1.Name,\n Groups = \n {\n group1.Name,\n group2.Name,\n },\n });\n var group3 = new Aws.Iam.Group(\"group3\", new Aws.Iam.GroupArgs\n {\n });\n var example2 = new Aws.Iam.UserGroupMembership(\"example2\", new Aws.Iam.UserGroupMembershipArgs\n {\n User = user1.Name,\n Groups = \n {\n group3.Name,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuser1, err := iam.NewUser(ctx, \"user1\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup1, err := iam.NewGroup(ctx, \"group1\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup2, err := iam.NewGroup(ctx, \"group2\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewUserGroupMembership(ctx, \"example1\", &iam.UserGroupMembershipArgs{\n\t\t\tUser: user1.Name,\n\t\t\tGroups: pulumi.StringArray{\n\t\t\t\tgroup1.Name,\n\t\t\t\tgroup2.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup3, err := iam.NewGroup(ctx, \"group3\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewUserGroupMembership(ctx, \"example2\", &iam.UserGroupMembershipArgs{\n\t\t\tUser: user1.Name,\n\t\t\tGroups: pulumi.StringArray{\n\t\t\t\tgroup3.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM user group membership can be imported using the user name and group names separated by `/`.\n\n```sh\n $ pulumi import aws:iam/userGroupMembership:UserGroupMembership example1 user1/group1/group2\n```\n\n ", + "properties": { + "groups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IAM Groups to add the user to\n" + }, + "user": { + "type": "string", + "description": "The name of the IAM User to add to groups\n" + } + }, + "required": [ + "groups", + "user" + ], + "inputProperties": { + "groups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IAM Groups to add the user to\n" + }, + "user": { + "type": "string", + "description": "The name of the IAM User to add to groups\n" + } + }, + "requiredInputs": [ + "groups", + "user" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserGroupMembership resources.\n", + "properties": { + "groups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IAM Groups to add the user to\n" + }, + "user": { + "type": "string", + "description": "The name of the IAM User to add to groups\n" + } + }, + "type": "object" + } + }, + "aws:iam/userLoginProfile:UserLoginProfile": { + "description": "Manages an IAM User Login Profile with limited support for password creation during this provider resource creation. Uses PGP to encrypt the password for safe transport to the user. PGP keys can be obtained from Keybase.\n\n> To reset an IAM User login password via this provider, you can use delete and recreate this resource or change any of the arguments.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleUser = new aws.iam.User(\"exampleUser\", {\n path: \"/\",\n forceDestroy: true,\n});\nconst exampleUserLoginProfile = new aws.iam.UserLoginProfile(\"exampleUserLoginProfile\", {\n user: exampleUser.name,\n pgpKey: \"keybase:some_person_that_exists\",\n});\nexport const password = exampleUserLoginProfile.encryptedPassword;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_user = aws.iam.User(\"exampleUser\",\n path=\"/\",\n force_destroy=True)\nexample_user_login_profile = aws.iam.UserLoginProfile(\"exampleUserLoginProfile\",\n user=example_user.name,\n pgp_key=\"keybase:some_person_that_exists\")\npulumi.export(\"password\", example_user_login_profile.encrypted_password)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleUser = new Aws.Iam.User(\"exampleUser\", new Aws.Iam.UserArgs\n {\n Path = \"/\",\n ForceDestroy = true,\n });\n var exampleUserLoginProfile = new Aws.Iam.UserLoginProfile(\"exampleUserLoginProfile\", new Aws.Iam.UserLoginProfileArgs\n {\n User = exampleUser.Name,\n PgpKey = \"keybase:some_person_that_exists\",\n });\n this.Password = exampleUserLoginProfile.EncryptedPassword;\n }\n\n [Output(\"password\")]\n public Output Password { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleUser, err := iam.NewUser(ctx, \"exampleUser\", &iam.UserArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleUserLoginProfile, err := iam.NewUserLoginProfile(ctx, \"exampleUserLoginProfile\", &iam.UserLoginProfileArgs{\n\t\t\tUser: exampleUser.Name,\n\t\t\tPgpKey: pulumi.String(\"keybase:some_person_that_exists\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"password\", exampleUserLoginProfile.EncryptedPassword)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM User Login Profiles can be imported without password information support via the IAM User name, e.g.\n\n```sh\n $ pulumi import aws:iam/userLoginProfile:UserLoginProfile example myusername\n```\n\n Since this provider has no method to read the PGP or password information during import, use [`ignore_changes` argument](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to ignore them unless password recreation is desired. e.g. terraform resource \"aws_iam_user_login_profile\" \"example\" {\n\n # ... other configuration ...\n\n lifecycle {\n\n\n\n ignore_changes = [\n\n\n\n\n\n password_length,\n\n\n\n\n\n password_reset_required,\n\n\n\n\n\n pgp_key,\n\n\n\n ]\n\n } } ", + "properties": { + "encryptedPassword": { + "type": "string", + "description": "The encrypted password, base64 encoded. Only available if password was handled on this provider resource creation, not import.\n" + }, + "keyFingerprint": { + "type": "string", + "description": "The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.\n" + }, + "passwordLength": { + "type": "integer", + "description": "The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.\n" + }, + "passwordResetRequired": { + "type": "boolean", + "description": "Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.\n" + }, + "pgpKey": { + "type": "string", + "description": "Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Only applies on resource creation. Drift detection is not possible with this argument.\n" + }, + "user": { + "type": "string", + "description": "The IAM user's name.\n" + } + }, + "required": [ + "encryptedPassword", + "keyFingerprint", + "pgpKey", + "user" + ], + "inputProperties": { + "passwordLength": { + "type": "integer", + "description": "The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.\n" + }, + "passwordResetRequired": { + "type": "boolean", + "description": "Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.\n" + }, + "pgpKey": { + "type": "string", + "description": "Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Only applies on resource creation. Drift detection is not possible with this argument.\n" + }, + "user": { + "type": "string", + "description": "The IAM user's name.\n" + } + }, + "requiredInputs": [ + "pgpKey", + "user" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserLoginProfile resources.\n", + "properties": { + "encryptedPassword": { + "type": "string", + "description": "The encrypted password, base64 encoded. Only available if password was handled on this provider resource creation, not import.\n" + }, + "keyFingerprint": { + "type": "string", + "description": "The fingerprint of the PGP key used to encrypt the password. Only available if password was handled on this provider resource creation, not import.\n" + }, + "passwordLength": { + "type": "integer", + "description": "The length of the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.\n" + }, + "passwordResetRequired": { + "type": "boolean", + "description": "Whether the user should be forced to reset the generated password on resource creation. Only applies on resource creation. Drift detection is not possible with this argument.\n" + }, + "pgpKey": { + "type": "string", + "description": "Either a base-64 encoded PGP public key, or a keybase username in the form `keybase:username`. Only applies on resource creation. Drift detection is not possible with this argument.\n" + }, + "user": { + "type": "string", + "description": "The IAM user's name.\n" + } + }, + "type": "object" + } + }, + "aws:iam/userPolicy:UserPolicy": { + "description": "Provides an IAM policy attached to a user.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lbUser = new aws.iam.User(\"lbUser\", {path: \"/system/\"});\nconst lbRo = new aws.iam.UserPolicy(\"lbRo\", {\n user: lbUser.name,\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"ec2:Describe*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n});\nconst lbAccessKey = new aws.iam.AccessKey(\"lbAccessKey\", {user: lbUser.name});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nlb_user = aws.iam.User(\"lbUser\", path=\"/system/\")\nlb_ro = aws.iam.UserPolicy(\"lbRo\",\n user=lb_user.name,\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"ec2:Describe*\"],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n }))\nlb_access_key = aws.iam.AccessKey(\"lbAccessKey\", user=lb_user.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lbUser = new Aws.Iam.User(\"lbUser\", new Aws.Iam.UserArgs\n {\n Path = \"/system/\",\n });\n var lbRo = new Aws.Iam.UserPolicy(\"lbRo\", new Aws.Iam.UserPolicyArgs\n {\n User = lbUser.Name,\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"ec2:Describe*\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Resource\", \"*\" },\n },\n }\n },\n }),\n });\n var lbAccessKey = new Aws.Iam.AccessKey(\"lbAccessKey\", new Aws.Iam.AccessKeyArgs\n {\n User = lbUser.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlbUser, err := iam.NewUser(ctx, \"lbUser\", &iam.UserArgs{\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewUserPolicy(ctx, \"lbRo\", &iam.UserPolicyArgs{\n\t\t\tUser: lbUser.Name,\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewAccessKey(ctx, \"lbAccessKey\", &iam.AccessKeyArgs{\n\t\t\tUser: lbUser.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM User Policies can be imported using the `user_name:user_policy_name`, e.g.\n\n```sh\n $ pulumi import aws:iam/userPolicy:UserPolicy mypolicy user_of_mypolicy_name:mypolicy_name\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name of the policy. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string.\n" + }, + "user": { + "type": "string", + "description": "IAM user to which to attach this policy.\n" + } + }, + "required": [ + "name", + "policy", + "user" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the policy. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string.\n" + }, + "user": { + "type": "string", + "description": "IAM user to which to attach this policy.\n" + } + }, + "requiredInputs": [ + "policy", + "user" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserPolicy resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the policy. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The policy document. This is a JSON formatted string.\n" + }, + "user": { + "type": "string", + "description": "IAM user to which to attach this policy.\n" + } + }, + "type": "object" + } + }, + "aws:iam/userPolicyAttachment:UserPolicyAttachment": { + "description": "Attaches a Managed IAM Policy to an IAM user\n\n> **NOTE:** The usage of this resource conflicts with the `aws.iam.PolicyAttachment` resource and will permanently show a difference if both are defined.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst user = new aws.iam.User(\"user\", {});\nconst policy = new aws.iam.Policy(\"policy\", {\n description: \"A test policy\",\n policy: \"{ ... policy JSON ... }\",\n});\nconst test_attach = new aws.iam.UserPolicyAttachment(\"test-attach\", {\n user: user.name,\n policyArn: policy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser = aws.iam.User(\"user\")\npolicy = aws.iam.Policy(\"policy\",\n description=\"A test policy\",\n policy=\"{ ... policy JSON ... }\")\ntest_attach = aws.iam.UserPolicyAttachment(\"test-attach\",\n user=user.name,\n policy_arn=policy.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var user = new Aws.Iam.User(\"user\", new Aws.Iam.UserArgs\n {\n });\n var policy = new Aws.Iam.Policy(\"policy\", new Aws.Iam.PolicyArgs\n {\n Description = \"A test policy\",\n Policy = \"{ ... policy JSON ... }\",\n });\n var test_attach = new Aws.Iam.UserPolicyAttachment(\"test-attach\", new Aws.Iam.UserPolicyAttachmentArgs\n {\n User = user.Name,\n PolicyArn = policy.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuser, err := iam.NewUser(ctx, \"user\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpolicy, err := iam.NewPolicy(ctx, \"policy\", &iam.PolicyArgs{\n\t\t\tDescription: pulumi.String(\"A test policy\"),\n\t\t\tPolicy: pulumi.Any(\"{ ... policy JSON ... }\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewUserPolicyAttachment(ctx, \"test_attach\", &iam.UserPolicyAttachmentArgs{\n\t\t\tUser: user.Name,\n\t\t\tPolicyArn: policy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIAM user policy attachments can be imported using the user name and policy arn separated by `/`.\n\n```sh\n $ pulumi import aws:iam/userPolicyAttachment:UserPolicyAttachment test-attach test-user/arn:aws:iam::xxxxxxxxxxxx:policy/test-policy\n```\n\n ", + "properties": { + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + }, + "user": { + "type": "string", + "description": "The user the policy should be applied to\n" + } + }, + "required": [ + "policyArn", + "user" + ], + "inputProperties": { + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + }, + "user": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/user:User" + } + ], + "description": "The user the policy should be applied to\n" + } + }, + "requiredInputs": [ + "policyArn", + "user" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserPolicyAttachment resources.\n", + "properties": { + "policyArn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the policy you want to apply\n" + }, + "user": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/user:User" + } + ], + "description": "The user the policy should be applied to\n" + } + }, + "type": "object" + } + }, + "aws:imagebuilder/component:Component": { + "description": "Manages an Image Builder Component.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### URI Document\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.imagebuilder.Component(\"example\", {\n platform: \"Linux\",\n uri: pulumi.interpolate`s3://${aws_s3_bucket_object_example.bucket}/${aws_s3_bucket_object_example.key}`,\n version: \"1.0.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.Component(\"example\",\n platform=\"Linux\",\n uri=f\"s3://{aws_s3_bucket_object['example']['bucket']}/{aws_s3_bucket_object['example']['key']}\",\n version=\"1.0.0\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ImageBuilder.Component(\"example\", new Aws.ImageBuilder.ComponentArgs\n {\n Platform = \"Linux\",\n Uri = $\"s3://{aws_s3_bucket_object.Example.Bucket}/{aws_s3_bucket_object.Example.Key}\",\n Version = \"1.0.0\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.NewComponent(ctx, \"example\", &imagebuilder.ComponentArgs{\n\t\t\tPlatform: pulumi.String(\"Linux\"),\n\t\t\tUri: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"s3://\", aws_s3_bucket_object.Example.Bucket, \"/\", aws_s3_bucket_object.Example.Key)),\n\t\t\tVersion: pulumi.String(\"1.0.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_imagebuilder_components` resources can be imported by using the Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:imagebuilder/component:Component example arn:aws:imagebuilder:us-east-1:123456789012:component/example/1.0.0/1\n```\n\n Certain resource arguments, such as `uri`, cannot be read via the API and imported into the provider. The provider will display a difference for these arguments the first run after import if declared in the the provider configuration for an imported resource. ", + "properties": { + "arn": { + "type": "string", + "description": "(Required) Amazon Resource Name (ARN) of the component.\n" + }, + "changeDescription": { + "type": "string", + "description": "Change description of the component.\n" + }, + "data": { + "type": "string", + "description": "Inline YAML string with data of the component. Exactly one of `data` and `uri` can be specified. the provider will only perform drift detection of its value when present in a configuration.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the component was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the component.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Encryption status of the component.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Key Management Service (KMS) Key used to encrypt the component.\n" + }, + "name": { + "type": "string", + "description": "Name of the component.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the component.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the component.\n" + }, + "supportedOsVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Operating Systems (OS) supported by the component.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the component. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Type of the component.\n" + }, + "uri": { + "type": "string", + "description": "S3 URI with data of the component. Exactly one of `data` and `uri` can be specified.\n" + }, + "version": { + "type": "string", + "description": "Version of the component.\n" + } + }, + "required": [ + "arn", + "data", + "dateCreated", + "encrypted", + "name", + "owner", + "platform", + "tagsAll", + "type", + "version" + ], + "inputProperties": { + "changeDescription": { + "type": "string", + "description": "Change description of the component.\n" + }, + "data": { + "type": "string", + "description": "Inline YAML string with data of the component. Exactly one of `data` and `uri` can be specified. the provider will only perform drift detection of its value when present in a configuration.\n" + }, + "description": { + "type": "string", + "description": "Description of the component.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Key Management Service (KMS) Key used to encrypt the component.\n" + }, + "name": { + "type": "string", + "description": "Name of the component.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the component.\n" + }, + "supportedOsVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Operating Systems (OS) supported by the component.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the component. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "uri": { + "type": "string", + "description": "S3 URI with data of the component. Exactly one of `data` and `uri` can be specified.\n" + }, + "version": { + "type": "string", + "description": "Version of the component.\n" + } + }, + "requiredInputs": [ + "platform", + "version" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Component resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "(Required) Amazon Resource Name (ARN) of the component.\n" + }, + "changeDescription": { + "type": "string", + "description": "Change description of the component.\n" + }, + "data": { + "type": "string", + "description": "Inline YAML string with data of the component. Exactly one of `data` and `uri` can be specified. the provider will only perform drift detection of its value when present in a configuration.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the component was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the component.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Encryption status of the component.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Key Management Service (KMS) Key used to encrypt the component.\n" + }, + "name": { + "type": "string", + "description": "Name of the component.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the component.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the component.\n" + }, + "supportedOsVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Operating Systems (OS) supported by the component.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the component. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Type of the component.\n" + }, + "uri": { + "type": "string", + "description": "S3 URI with data of the component. Exactly one of `data` and `uri` can be specified.\n" + }, + "version": { + "type": "string", + "description": "Version of the component.\n" + } + }, + "type": "object" + } + }, + "aws:imagebuilder/distributionConfiguration:DistributionConfiguration": { + "description": "Manages an Image Builder Distribution Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.imagebuilder.DistributionConfiguration(\"example\", {\n distributions: [{\n amiDistributionConfiguration: {\n amiTags: {\n CostCenter: \"IT\",\n },\n launchPermission: {\n userIds: [\"123456789012\"],\n },\n name: \"example-{{ imagebuilder:buildDate }}\",\n },\n region: \"us-east-1\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.DistributionConfiguration(\"example\", distributions=[aws.imagebuilder.DistributionConfigurationDistributionArgs(\n ami_distribution_configuration=aws.imagebuilder.DistributionConfigurationDistributionAmiDistributionConfigurationArgs(\n ami_tags={\n \"CostCenter\": \"IT\",\n },\n launch_permission=aws.imagebuilder.DistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermissionArgs(\n user_ids=[\"123456789012\"],\n ),\n name=\"example-{{ imagebuilder:buildDate }}\",\n ),\n region=\"us-east-1\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ImageBuilder.DistributionConfiguration(\"example\", new Aws.ImageBuilder.DistributionConfigurationArgs\n {\n Distributions = \n {\n new Aws.ImageBuilder.Inputs.DistributionConfigurationDistributionArgs\n {\n AmiDistributionConfiguration = new Aws.ImageBuilder.Inputs.DistributionConfigurationDistributionAmiDistributionConfigurationArgs\n {\n AmiTags = \n {\n { \"CostCenter\", \"IT\" },\n },\n LaunchPermission = new Aws.ImageBuilder.Inputs.DistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermissionArgs\n {\n UserIds = \n {\n \"123456789012\",\n },\n },\n Name = \"example-{{ imagebuilder:buildDate }}\",\n },\n Region = \"us-east-1\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.NewDistributionConfiguration(ctx, \"example\", &imagebuilder.DistributionConfigurationArgs{\n\t\t\tDistributions: imagebuilder.DistributionConfigurationDistributionArray{\n\t\t\t\t&imagebuilder.DistributionConfigurationDistributionArgs{\n\t\t\t\t\tAmiDistributionConfiguration: &imagebuilder.DistributionConfigurationDistributionAmiDistributionConfigurationArgs{\n\t\t\t\t\t\tAmiTags: pulumi.StringMap{\n\t\t\t\t\t\t\t\"CostCenter\": pulumi.String(\"IT\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLaunchPermission: &imagebuilder.DistributionConfigurationDistributionAmiDistributionConfigurationLaunchPermissionArgs{\n\t\t\t\t\t\t\tUserIds: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"123456789012\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tName: pulumi.String(\"example-{{ imagebuilder:buildDate }}\"),\n\t\t\t\t\t},\n\t\t\t\t\tRegion: pulumi.String(\"us-east-1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_imagebuilder_distribution_configurations` resources can be imported by using the Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:imagebuilder/distributionConfiguration:DistributionConfiguration example arn:aws:imagebuilder:us-east-1:123456789012:distribution-configuration/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "(Required) Amazon Resource Name (ARN) of the distribution configuration.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the distribution configuration was created.\n" + }, + "dateUpdated": { + "type": "string", + "description": "Date the distribution configuration was updated.\n" + }, + "description": { + "type": "string", + "description": "Description to apply to the distributed AMI.\n" + }, + "distributions": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/DistributionConfigurationDistribution:DistributionConfigurationDistribution" + }, + "description": "One or more configuration blocks with distribution settings. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name to apply to the distributed AMI.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the distribution configuration. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "dateCreated", + "dateUpdated", + "distributions", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description to apply to the distributed AMI.\n" + }, + "distributions": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/DistributionConfigurationDistribution:DistributionConfigurationDistribution" + }, + "description": "One or more configuration blocks with distribution settings. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name to apply to the distributed AMI.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the distribution configuration. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "distributions" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DistributionConfiguration resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "(Required) Amazon Resource Name (ARN) of the distribution configuration.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the distribution configuration was created.\n" + }, + "dateUpdated": { + "type": "string", + "description": "Date the distribution configuration was updated.\n" + }, + "description": { + "type": "string", + "description": "Description to apply to the distributed AMI.\n" + }, + "distributions": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/DistributionConfigurationDistribution:DistributionConfigurationDistribution" + }, + "description": "One or more configuration blocks with distribution settings. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name to apply to the distributed AMI.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the distribution configuration. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:imagebuilder/image:Image": { + "description": "Manages an Image Builder Image.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.imagebuilder.Image(\"example\", {\n distributionConfigurationArn: aws_imagebuilder_distribution_configuration.example.arn,\n imageRecipeArn: aws_imagebuilder_image_recipe.example.arn,\n infrastructureConfigurationArn: aws_imagebuilder_infrastructure_configuration.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.Image(\"example\",\n distribution_configuration_arn=aws_imagebuilder_distribution_configuration[\"example\"][\"arn\"],\n image_recipe_arn=aws_imagebuilder_image_recipe[\"example\"][\"arn\"],\n infrastructure_configuration_arn=aws_imagebuilder_infrastructure_configuration[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ImageBuilder.Image(\"example\", new Aws.ImageBuilder.ImageArgs\n {\n DistributionConfigurationArn = aws_imagebuilder_distribution_configuration.Example.Arn,\n ImageRecipeArn = aws_imagebuilder_image_recipe.Example.Arn,\n InfrastructureConfigurationArn = aws_imagebuilder_infrastructure_configuration.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.NewImage(ctx, \"example\", &imagebuilder.ImageArgs{\n\t\t\tDistributionConfigurationArn: pulumi.Any(aws_imagebuilder_distribution_configuration.Example.Arn),\n\t\t\tImageRecipeArn: pulumi.Any(aws_imagebuilder_image_recipe.Example.Arn),\n\t\t\tInfrastructureConfigurationArn: pulumi.Any(aws_imagebuilder_infrastructure_configuration.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_imagebuilder_image` resources can be imported using the Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:imagebuilder/image:Image example arn:aws:imagebuilder:us-east-1:123456789012:image/example/1.0.0/1\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the image.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the image was created.\n" + }, + "distributionConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Distribution Configuration.\n" + }, + "enhancedImageMetadataEnabled": { + "type": "boolean", + "description": "Whether additional information about the image being created is collected. Defaults to `true`.\n" + }, + "imageRecipeArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Recipe.\n" + }, + "imageTestsConfiguration": { + "$ref": "#/types/aws:imagebuilder/ImageImageTestsConfiguration:ImageImageTestsConfiguration", + "description": "Configuration block with image tests configuration. Detailed below.\n" + }, + "infrastructureConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the AMI.\n" + }, + "osVersion": { + "type": "string", + "description": "Operating System version of the image.\n" + }, + "outputResources": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/ImageOutputResource:ImageOutputResource" + }, + "description": "List of objects with resources created by the image.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the image.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the Image Builder Image. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "Version of the image.\n" + } + }, + "required": [ + "arn", + "dateCreated", + "imageRecipeArn", + "imageTestsConfiguration", + "infrastructureConfigurationArn", + "name", + "osVersion", + "outputResources", + "platform", + "tagsAll", + "version" + ], + "inputProperties": { + "distributionConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Distribution Configuration.\n" + }, + "enhancedImageMetadataEnabled": { + "type": "boolean", + "description": "Whether additional information about the image being created is collected. Defaults to `true`.\n" + }, + "imageRecipeArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Recipe.\n" + }, + "imageTestsConfiguration": { + "$ref": "#/types/aws:imagebuilder/ImageImageTestsConfiguration:ImageImageTestsConfiguration", + "description": "Configuration block with image tests configuration. Detailed below.\n" + }, + "infrastructureConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the Image Builder Image. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "imageRecipeArn", + "infrastructureConfigurationArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Image resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the image.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the image was created.\n" + }, + "distributionConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Distribution Configuration.\n" + }, + "enhancedImageMetadataEnabled": { + "type": "boolean", + "description": "Whether additional information about the image being created is collected. Defaults to `true`.\n" + }, + "imageRecipeArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Recipe.\n" + }, + "imageTestsConfiguration": { + "$ref": "#/types/aws:imagebuilder/ImageImageTestsConfiguration:ImageImageTestsConfiguration", + "description": "Configuration block with image tests configuration. Detailed below.\n" + }, + "infrastructureConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the AMI.\n" + }, + "osVersion": { + "type": "string", + "description": "Operating System version of the image.\n" + }, + "outputResources": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/ImageOutputResource:ImageOutputResource" + }, + "description": "List of objects with resources created by the image.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the image.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the Image Builder Image. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "Version of the image.\n" + } + }, + "type": "object" + } + }, + "aws:imagebuilder/imagePipeline:ImagePipeline": { + "description": "Manages an Image Builder Image Pipeline.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.imagebuilder.ImagePipeline(\"example\", {\n imageRecipeArn: aws_imagebuilder_image_recipe.example.arn,\n infrastructureConfigurationArn: aws_imagebuilder_infrastructure_configuration.example.arn,\n schedule: {\n scheduleExpression: \"cron(0 0 * * ? *)\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.ImagePipeline(\"example\",\n image_recipe_arn=aws_imagebuilder_image_recipe[\"example\"][\"arn\"],\n infrastructure_configuration_arn=aws_imagebuilder_infrastructure_configuration[\"example\"][\"arn\"],\n schedule=aws.imagebuilder.ImagePipelineScheduleArgs(\n schedule_expression=\"cron(0 0 * * ? *)\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ImageBuilder.ImagePipeline(\"example\", new Aws.ImageBuilder.ImagePipelineArgs\n {\n ImageRecipeArn = aws_imagebuilder_image_recipe.Example.Arn,\n InfrastructureConfigurationArn = aws_imagebuilder_infrastructure_configuration.Example.Arn,\n Schedule = new Aws.ImageBuilder.Inputs.ImagePipelineScheduleArgs\n {\n ScheduleExpression = \"cron(0 0 * * ? *)\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.NewImagePipeline(ctx, \"example\", &imagebuilder.ImagePipelineArgs{\n\t\t\tImageRecipeArn: pulumi.Any(aws_imagebuilder_image_recipe.Example.Arn),\n\t\t\tInfrastructureConfigurationArn: pulumi.Any(aws_imagebuilder_infrastructure_configuration.Example.Arn),\n\t\t\tSchedule: &imagebuilder.ImagePipelineScheduleArgs{\n\t\t\t\tScheduleExpression: pulumi.String(\"cron(0 0 * * ? *)\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_imagebuilder_image_pipeline` resources can be imported using the Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:imagebuilder/imagePipeline:ImagePipeline example arn:aws:imagebuilder:us-east-1:123456789012:image-pipeline/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the image pipeline.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the image pipeline was created.\n" + }, + "dateLastRun": { + "type": "string", + "description": "Date the image pipeline was last run.\n" + }, + "dateNextRun": { + "type": "string", + "description": "Date the image pipeline will run next.\n" + }, + "dateUpdated": { + "type": "string", + "description": "Date the image pipeline was updated.\n" + }, + "description": { + "type": "string", + "description": "Description of the image pipeline.\n" + }, + "distributionConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Distribution Configuration.\n" + }, + "enhancedImageMetadataEnabled": { + "type": "boolean", + "description": "Whether additional information about the image being created is collected. Defaults to `true`.\n" + }, + "imageRecipeArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Recipe.\n" + }, + "imageTestsConfiguration": { + "$ref": "#/types/aws:imagebuilder/ImagePipelineImageTestsConfiguration:ImagePipelineImageTestsConfiguration", + "description": "Configuration block with image tests configuration. Detailed below.\n" + }, + "infrastructureConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the image pipeline.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the image pipeline.\n" + }, + "schedule": { + "$ref": "#/types/aws:imagebuilder/ImagePipelineSchedule:ImagePipelineSchedule", + "description": "Configuration block with schedule settings. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the image pipeline. Valid values are `DISABLED` and `ENABLED`. Defaults to `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image pipeline. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "dateCreated", + "dateLastRun", + "dateNextRun", + "dateUpdated", + "imageRecipeArn", + "imageTestsConfiguration", + "infrastructureConfigurationArn", + "name", + "platform", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the image pipeline.\n" + }, + "distributionConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Distribution Configuration.\n" + }, + "enhancedImageMetadataEnabled": { + "type": "boolean", + "description": "Whether additional information about the image being created is collected. Defaults to `true`.\n" + }, + "imageRecipeArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Recipe.\n" + }, + "imageTestsConfiguration": { + "$ref": "#/types/aws:imagebuilder/ImagePipelineImageTestsConfiguration:ImagePipelineImageTestsConfiguration", + "description": "Configuration block with image tests configuration. Detailed below.\n" + }, + "infrastructureConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the image pipeline.\n" + }, + "schedule": { + "$ref": "#/types/aws:imagebuilder/ImagePipelineSchedule:ImagePipelineSchedule", + "description": "Configuration block with schedule settings. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the image pipeline. Valid values are `DISABLED` and `ENABLED`. Defaults to `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image pipeline. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "imageRecipeArn", + "infrastructureConfigurationArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ImagePipeline resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the image pipeline.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the image pipeline was created.\n" + }, + "dateLastRun": { + "type": "string", + "description": "Date the image pipeline was last run.\n" + }, + "dateNextRun": { + "type": "string", + "description": "Date the image pipeline will run next.\n" + }, + "dateUpdated": { + "type": "string", + "description": "Date the image pipeline was updated.\n" + }, + "description": { + "type": "string", + "description": "Description of the image pipeline.\n" + }, + "distributionConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Distribution Configuration.\n" + }, + "enhancedImageMetadataEnabled": { + "type": "boolean", + "description": "Whether additional information about the image being created is collected. Defaults to `true`.\n" + }, + "imageRecipeArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Recipe.\n" + }, + "imageTestsConfiguration": { + "$ref": "#/types/aws:imagebuilder/ImagePipelineImageTestsConfiguration:ImagePipelineImageTestsConfiguration", + "description": "Configuration block with image tests configuration. Detailed below.\n" + }, + "infrastructureConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the image pipeline.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the image pipeline.\n" + }, + "schedule": { + "$ref": "#/types/aws:imagebuilder/ImagePipelineSchedule:ImagePipelineSchedule", + "description": "Configuration block with schedule settings. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the image pipeline. Valid values are `DISABLED` and `ENABLED`. Defaults to `ENABLED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image pipeline. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:imagebuilder/imageRecipe:ImageRecipe": { + "description": "Manages an Image Builder Image Recipe.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.imagebuilder.ImageRecipe(\"example\", {\n blockDeviceMappings: [{\n deviceName: \"/dev/xvdb\",\n ebs: {\n deleteOnTermination: true,\n volumeSize: 100,\n volumeType: \"gp2\",\n },\n }],\n components: [{\n componentArn: aws_imagebuilder_component.example.arn,\n }],\n parentImage: `arn:${data.aws_partition.current.partition}:imagebuilder:${data.aws_region.current.name}:aws:image/amazon-linux-2-x86/x.x.x`,\n version: \"1.0.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.ImageRecipe(\"example\",\n block_device_mappings=[aws.imagebuilder.ImageRecipeBlockDeviceMappingArgs(\n device_name=\"/dev/xvdb\",\n ebs=aws.imagebuilder.ImageRecipeBlockDeviceMappingEbsArgs(\n delete_on_termination=\"true\",\n volume_size=100,\n volume_type=\"gp2\",\n ),\n )],\n components=[aws.imagebuilder.ImageRecipeComponentArgs(\n component_arn=aws_imagebuilder_component[\"example\"][\"arn\"],\n )],\n parent_image=f\"arn:{data['aws_partition']['current']['partition']}:imagebuilder:{data['aws_region']['current']['name']}:aws:image/amazon-linux-2-x86/x.x.x\",\n version=\"1.0.0\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ImageBuilder.ImageRecipe(\"example\", new Aws.ImageBuilder.ImageRecipeArgs\n {\n BlockDeviceMappings = \n {\n new Aws.ImageBuilder.Inputs.ImageRecipeBlockDeviceMappingArgs\n {\n DeviceName = \"/dev/xvdb\",\n Ebs = new Aws.ImageBuilder.Inputs.ImageRecipeBlockDeviceMappingEbsArgs\n {\n DeleteOnTermination = \"true\",\n VolumeSize = 100,\n VolumeType = \"gp2\",\n },\n },\n },\n Components = \n {\n new Aws.ImageBuilder.Inputs.ImageRecipeComponentArgs\n {\n ComponentArn = aws_imagebuilder_component.Example.Arn,\n },\n },\n ParentImage = $\"arn:{data.Aws_partition.Current.Partition}:imagebuilder:{data.Aws_region.Current.Name}:aws:image/amazon-linux-2-x86/x.x.x\",\n Version = \"1.0.0\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.NewImageRecipe(ctx, \"example\", &imagebuilder.ImageRecipeArgs{\n\t\t\tBlockDeviceMappings: imagebuilder.ImageRecipeBlockDeviceMappingArray{\n\t\t\t\t&imagebuilder.ImageRecipeBlockDeviceMappingArgs{\n\t\t\t\t\tDeviceName: pulumi.String(\"/dev/xvdb\"),\n\t\t\t\t\tEbs: &imagebuilder.ImageRecipeBlockDeviceMappingEbsArgs{\n\t\t\t\t\t\tDeleteOnTermination: pulumi.String(\"true\"),\n\t\t\t\t\t\tVolumeSize: pulumi.Int(100),\n\t\t\t\t\t\tVolumeType: pulumi.String(\"gp2\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tComponents: imagebuilder.ImageRecipeComponentArray{\n\t\t\t\t&imagebuilder.ImageRecipeComponentArgs{\n\t\t\t\t\tComponentArn: pulumi.Any(aws_imagebuilder_component.Example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tParentImage: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v\", \"arn:\", data.Aws_partition.Current.Partition, \":imagebuilder:\", data.Aws_region.Current.Name, \":aws:image/amazon-linux-2-x86/x.x.x\")),\n\t\t\tVersion: pulumi.String(\"1.0.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_imagebuilder_image_recipe` resources can be imported by using the Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:imagebuilder/imageRecipe:ImageRecipe example arn:aws:imagebuilder:us-east-1:123456789012:image-recipe/example/1.0.0\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "(Required) Amazon Resource Name (ARN) of the image recipe.\n" + }, + "blockDeviceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/ImageRecipeBlockDeviceMapping:ImageRecipeBlockDeviceMapping" + }, + "description": "Configuration block(s) with block device mappings for the the image recipe. Detailed below.\n" + }, + "components": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/ImageRecipeComponent:ImageRecipeComponent" + }, + "description": "Ordered configuration block(s) with components for the image recipe. Detailed below.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the image recipe was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the image recipe.\n" + }, + "name": { + "type": "string", + "description": "Name of the image recipe.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the image recipe.\n" + }, + "parentImage": { + "type": "string", + "description": "Platform of the image recipe.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the image recipe.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image recipe. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "Version of the image recipe.\n" + }, + "workingDirectory": { + "type": "string", + "description": "The working directory to be used during build and test workflows.\n" + } + }, + "required": [ + "arn", + "components", + "dateCreated", + "name", + "owner", + "parentImage", + "platform", + "tagsAll", + "version" + ], + "inputProperties": { + "blockDeviceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/ImageRecipeBlockDeviceMapping:ImageRecipeBlockDeviceMapping" + }, + "description": "Configuration block(s) with block device mappings for the the image recipe. Detailed below.\n" + }, + "components": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/ImageRecipeComponent:ImageRecipeComponent" + }, + "description": "Ordered configuration block(s) with components for the image recipe. Detailed below.\n" + }, + "description": { + "type": "string", + "description": "Description of the image recipe.\n" + }, + "name": { + "type": "string", + "description": "Name of the image recipe.\n" + }, + "parentImage": { + "type": "string", + "description": "Platform of the image recipe.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image recipe. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "Version of the image recipe.\n" + }, + "workingDirectory": { + "type": "string", + "description": "The working directory to be used during build and test workflows.\n" + } + }, + "requiredInputs": [ + "components", + "parentImage", + "version" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ImageRecipe resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "(Required) Amazon Resource Name (ARN) of the image recipe.\n" + }, + "blockDeviceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/ImageRecipeBlockDeviceMapping:ImageRecipeBlockDeviceMapping" + }, + "description": "Configuration block(s) with block device mappings for the the image recipe. Detailed below.\n" + }, + "components": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/ImageRecipeComponent:ImageRecipeComponent" + }, + "description": "Ordered configuration block(s) with components for the image recipe. Detailed below.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the image recipe was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the image recipe.\n" + }, + "name": { + "type": "string", + "description": "Name of the image recipe.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the image recipe.\n" + }, + "parentImage": { + "type": "string", + "description": "Platform of the image recipe.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the image recipe.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image recipe. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "Version of the image recipe.\n" + }, + "workingDirectory": { + "type": "string", + "description": "The working directory to be used during build and test workflows.\n" + } + }, + "type": "object" + } + }, + "aws:imagebuilder/infrastructureConfiguration:InfrastructureConfiguration": { + "description": "Manages an Image Builder Infrastructure Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.imagebuilder.InfrastructureConfiguration(\"example\", {\n description: \"example description\",\n instanceProfileName: aws_iam_instance_profile.example.name,\n instanceTypes: [\n \"t2.nano\",\n \"t3.micro\",\n ],\n keyPair: aws_key_pair.example.key_name,\n securityGroupIds: [aws_security_group.example.id],\n snsTopicArn: aws_sns_topic.example.arn,\n subnetId: aws_subnet.main.id,\n terminateInstanceOnFailure: true,\n logging: {\n s3Logs: {\n s3BucketName: aws_s3_bucket.example.bucket,\n s3KeyPrefix: \"logs\",\n },\n },\n tags: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.InfrastructureConfiguration(\"example\",\n description=\"example description\",\n instance_profile_name=aws_iam_instance_profile[\"example\"][\"name\"],\n instance_types=[\n \"t2.nano\",\n \"t3.micro\",\n ],\n key_pair=aws_key_pair[\"example\"][\"key_name\"],\n security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n sns_topic_arn=aws_sns_topic[\"example\"][\"arn\"],\n subnet_id=aws_subnet[\"main\"][\"id\"],\n terminate_instance_on_failure=True,\n logging=aws.imagebuilder.InfrastructureConfigurationLoggingArgs(\n s3_logs=aws.imagebuilder.InfrastructureConfigurationLoggingS3LogsArgs(\n s3_bucket_name=aws_s3_bucket[\"example\"][\"bucket\"],\n s3_key_prefix=\"logs\",\n ),\n ),\n tags={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ImageBuilder.InfrastructureConfiguration(\"example\", new Aws.ImageBuilder.InfrastructureConfigurationArgs\n {\n Description = \"example description\",\n InstanceProfileName = aws_iam_instance_profile.Example.Name,\n InstanceTypes = \n {\n \"t2.nano\",\n \"t3.micro\",\n },\n KeyPair = aws_key_pair.Example.Key_name,\n SecurityGroupIds = \n {\n aws_security_group.Example.Id,\n },\n SnsTopicArn = aws_sns_topic.Example.Arn,\n SubnetId = aws_subnet.Main.Id,\n TerminateInstanceOnFailure = true,\n Logging = new Aws.ImageBuilder.Inputs.InfrastructureConfigurationLoggingArgs\n {\n S3Logs = new Aws.ImageBuilder.Inputs.InfrastructureConfigurationLoggingS3LogsArgs\n {\n S3BucketName = aws_s3_bucket.Example.Bucket,\n S3KeyPrefix = \"logs\",\n },\n },\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.NewInfrastructureConfiguration(ctx, \"example\", &imagebuilder.InfrastructureConfigurationArgs{\n\t\t\tDescription: pulumi.String(\"example description\"),\n\t\t\tInstanceProfileName: pulumi.Any(aws_iam_instance_profile.Example.Name),\n\t\t\tInstanceTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"t2.nano\"),\n\t\t\t\tpulumi.String(\"t3.micro\"),\n\t\t\t},\n\t\t\tKeyPair: pulumi.Any(aws_key_pair.Example.Key_name),\n\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Example.Id),\n\t\t\t},\n\t\t\tSnsTopicArn: pulumi.Any(aws_sns_topic.Example.Arn),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Main.Id),\n\t\t\tTerminateInstanceOnFailure: pulumi.Bool(true),\n\t\t\tLogging: &imagebuilder.InfrastructureConfigurationLoggingArgs{\n\t\t\t\tS3Logs: &imagebuilder.InfrastructureConfigurationLoggingS3LogsArgs{\n\t\t\t\t\tS3BucketName: pulumi.Any(aws_s3_bucket.Example.Bucket),\n\t\t\t\t\tS3KeyPrefix: pulumi.String(\"logs\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_imagebuilder_infrastructure_configuration` can be imported using the Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:imagebuilder/infrastructureConfiguration:InfrastructureConfiguration example arn:aws:imagebuilder:us-east-1:123456789012:infrastructure-component/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the configuration.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date when the configuration was created.\n" + }, + "dateUpdated": { + "type": "string", + "description": "Date when the configuration was updated.\n" + }, + "description": { + "type": "string", + "description": "Description for the configuration.\n" + }, + "instanceProfileName": { + "type": "string", + "description": "Name of IAM Instance Profile.\n" + }, + "instanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Instance Types.\n" + }, + "keyPair": { + "type": "string", + "description": "Name of EC2 Key Pair.\n" + }, + "logging": { + "$ref": "#/types/aws:imagebuilder/InfrastructureConfigurationLogging:InfrastructureConfigurationLogging", + "description": "Configuration block with logging settings. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name for the configuration.\n" + }, + "resourceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags to assign to infrastructure created by the configuration.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Security Group identifiers.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of SNS Topic.\n" + }, + "subnetId": { + "type": "string", + "description": "EC2 Subnet identifier. Also requires `security_group_ids` argument.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags to assign to the configuration. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "terminateInstanceOnFailure": { + "type": "boolean", + "description": "Enable if the instance should be terminated when the pipeline fails. Defaults to `false`.\n" + } + }, + "required": [ + "arn", + "dateCreated", + "dateUpdated", + "instanceProfileName", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description for the configuration.\n" + }, + "instanceProfileName": { + "type": "string", + "description": "Name of IAM Instance Profile.\n" + }, + "instanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Instance Types.\n" + }, + "keyPair": { + "type": "string", + "description": "Name of EC2 Key Pair.\n" + }, + "logging": { + "$ref": "#/types/aws:imagebuilder/InfrastructureConfigurationLogging:InfrastructureConfigurationLogging", + "description": "Configuration block with logging settings. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name for the configuration.\n" + }, + "resourceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags to assign to infrastructure created by the configuration.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Security Group identifiers.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of SNS Topic.\n" + }, + "subnetId": { + "type": "string", + "description": "EC2 Subnet identifier. Also requires `security_group_ids` argument.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags to assign to the configuration. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "terminateInstanceOnFailure": { + "type": "boolean", + "description": "Enable if the instance should be terminated when the pipeline fails. Defaults to `false`.\n" + } + }, + "requiredInputs": [ + "instanceProfileName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering InfrastructureConfiguration resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the configuration.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date when the configuration was created.\n" + }, + "dateUpdated": { + "type": "string", + "description": "Date when the configuration was updated.\n" + }, + "description": { + "type": "string", + "description": "Description for the configuration.\n" + }, + "instanceProfileName": { + "type": "string", + "description": "Name of IAM Instance Profile.\n" + }, + "instanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Instance Types.\n" + }, + "keyPair": { + "type": "string", + "description": "Name of EC2 Key Pair.\n" + }, + "logging": { + "$ref": "#/types/aws:imagebuilder/InfrastructureConfigurationLogging:InfrastructureConfigurationLogging", + "description": "Configuration block with logging settings. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name for the configuration.\n" + }, + "resourceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags to assign to infrastructure created by the configuration.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Security Group identifiers.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of SNS Topic.\n" + }, + "subnetId": { + "type": "string", + "description": "EC2 Subnet identifier. Also requires `security_group_ids` argument.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags to assign to the configuration. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "terminateInstanceOnFailure": { + "type": "boolean", + "description": "Enable if the instance should be terminated when the pipeline fails. Defaults to `false`.\n" + } + }, + "type": "object" + } + }, + "aws:inspector/assessmentTarget:AssessmentTarget": { + "description": "Provides a Inspector assessment target\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.inspector.ResourceGroup(\"bar\", {tags: {\n Name: \"foo\",\n Env: \"bar\",\n}});\nconst foo = new aws.inspector.AssessmentTarget(\"foo\", {resourceGroupArn: bar.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.inspector.ResourceGroup(\"bar\", tags={\n \"Name\": \"foo\",\n \"Env\": \"bar\",\n})\nfoo = aws.inspector.AssessmentTarget(\"foo\", resource_group_arn=bar.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = new Aws.Inspector.ResourceGroup(\"bar\", new Aws.Inspector.ResourceGroupArgs\n {\n Tags = \n {\n { \"Name\", \"foo\" },\n { \"Env\", \"bar\" },\n },\n });\n var foo = new Aws.Inspector.AssessmentTarget(\"foo\", new Aws.Inspector.AssessmentTargetArgs\n {\n ResourceGroupArn = bar.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/inspector\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := inspector.NewResourceGroup(ctx, \"bar\", &inspector.ResourceGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foo\"),\n\t\t\t\t\"Env\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = inspector.NewAssessmentTarget(ctx, \"foo\", &inspector.AssessmentTargetArgs{\n\t\t\tResourceGroupArn: bar.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nInspector Assessment Targets can be imported via their Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:inspector/assessmentTarget:AssessmentTarget example arn:aws:inspector:us-east-1:123456789012:target/0-xxxxxxx\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The target assessment ARN.\n" + }, + "name": { + "type": "string", + "description": "The name of the assessment target.\n" + }, + "resourceGroupArn": { + "type": "string", + "description": "Inspector Resource Group Amazon Resource Name (ARN) stating tags for instance matching. If not specified, all EC2 instances in the current AWS account and region are included in the assessment target.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the assessment target.\n" + }, + "resourceGroupArn": { + "type": "string", + "description": "Inspector Resource Group Amazon Resource Name (ARN) stating tags for instance matching. If not specified, all EC2 instances in the current AWS account and region are included in the assessment target.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering AssessmentTarget resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The target assessment ARN.\n" + }, + "name": { + "type": "string", + "description": "The name of the assessment target.\n" + }, + "resourceGroupArn": { + "type": "string", + "description": "Inspector Resource Group Amazon Resource Name (ARN) stating tags for instance matching. If not specified, all EC2 instances in the current AWS account and region are included in the assessment target.\n" + } + }, + "type": "object" + } + }, + "aws:inspector/assessmentTemplate:AssessmentTemplate": { + "description": "Provides a Inspector assessment template\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.inspector.AssessmentTemplate(\"example\", {\n targetArn: aws_inspector_assessment_target.example.arn,\n duration: 3600,\n rulesPackageArns: [\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p\",\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc\",\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ\",\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.inspector.AssessmentTemplate(\"example\",\n target_arn=aws_inspector_assessment_target[\"example\"][\"arn\"],\n duration=3600,\n rules_package_arns=[\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p\",\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc\",\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ\",\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Inspector.AssessmentTemplate(\"example\", new Aws.Inspector.AssessmentTemplateArgs\n {\n TargetArn = aws_inspector_assessment_target.Example.Arn,\n Duration = 3600,\n RulesPackageArns = \n {\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p\",\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc\",\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ\",\n \"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/inspector\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := inspector.NewAssessmentTemplate(ctx, \"example\", &inspector.AssessmentTemplateArgs{\n\t\t\tTargetArn: pulumi.Any(aws_inspector_assessment_target.Example.Arn),\n\t\t\tDuration: pulumi.Int(3600),\n\t\t\tRulesPackageArns: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-9hgA516p\"),\n\t\t\t\tpulumi.String(\"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-H5hpSawc\"),\n\t\t\t\tpulumi.String(\"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-JJOtZiqQ\"),\n\t\t\t\tpulumi.String(\"arn:aws:inspector:us-west-2:758058086616:rulespackage/0-vg5GGHSD\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_inspector_assessment_template` can be imported by using the template assessment ARN, e.g.\n\n```sh\n $ pulumi import aws:inspector/assessmentTemplate:AssessmentTemplate example arn:aws:inspector:us-west-2:123456789012:target/0-9IaAzhGR/template/0-WEcjR8CH\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The template assessment ARN.\n" + }, + "duration": { + "type": "integer", + "description": "The duration of the inspector run.\n" + }, + "name": { + "type": "string", + "description": "The name of the assessment template.\n" + }, + "rulesPackageArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The rules to be used during the run.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags for the Inspector assessment template. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetArn": { + "type": "string", + "description": "The assessment target ARN to attach the template to.\n" + } + }, + "required": [ + "arn", + "duration", + "name", + "rulesPackageArns", + "tagsAll", + "targetArn" + ], + "inputProperties": { + "duration": { + "type": "integer", + "description": "The duration of the inspector run.\n" + }, + "name": { + "type": "string", + "description": "The name of the assessment template.\n" + }, + "rulesPackageArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The rules to be used during the run.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags for the Inspector assessment template. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetArn": { + "type": "string", + "description": "The assessment target ARN to attach the template to.\n" + } + }, + "requiredInputs": [ + "duration", + "rulesPackageArns", + "targetArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AssessmentTemplate resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The template assessment ARN.\n" + }, + "duration": { + "type": "integer", + "description": "The duration of the inspector run.\n" + }, + "name": { + "type": "string", + "description": "The name of the assessment template.\n" + }, + "rulesPackageArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The rules to be used during the run.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags for the Inspector assessment template. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetArn": { + "type": "string", + "description": "The assessment target ARN to attach the template to.\n" + } + }, + "type": "object" + } + }, + "aws:inspector/resourceGroup:ResourceGroup": { + "description": "Provides an Amazon Inspector resource group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.inspector.ResourceGroup(\"example\", {\n tags: {\n Env: \"bar\",\n Name: \"foo\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.inspector.ResourceGroup(\"example\", tags={\n \"Env\": \"bar\",\n \"Name\": \"foo\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Inspector.ResourceGroup(\"example\", new Aws.Inspector.ResourceGroupArgs\n {\n Tags = \n {\n { \"Env\", \"bar\" },\n { \"Name\", \"foo\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/inspector\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := inspector.NewResourceGroup(ctx, \"example\", &inspector.ResourceGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Env\": pulumi.String(\"bar\"),\n\t\t\t\t\"Name\": pulumi.String(\"foo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The resource group ARN.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags that are used to select the EC2 instances to be included in an `Amazon Inspector assessment target` resource.\n" + } + }, + "required": [ + "arn", + "tags" + ], + "inputProperties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags that are used to select the EC2 instances to be included in an `Amazon Inspector assessment target` resource.\n" + } + }, + "requiredInputs": [ + "tags" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResourceGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The resource group ARN.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags that are used to select the EC2 instances to be included in an `Amazon Inspector assessment target` resource.\n" + } + }, + "type": "object" + } + }, + "aws:iot/certificate:Certificate": { + "description": "Creates and manages an AWS IoT certificate.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### With CSR\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst cert = new aws.iot.Certificate(\"cert\", {\n csr: fs.readFileSync(\"/my/csr.pem\"),\n active: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncert = aws.iot.Certificate(\"cert\",\n csr=(lambda path: open(path).read())(\"/my/csr.pem\"),\n active=True)\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cert = new Aws.Iot.Certificate(\"cert\", new Aws.Iot.CertificateArgs\n {\n Csr = File.ReadAllText(\"/my/csr.pem\"),\n Active = true,\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Without CSR\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cert = new aws.iot.Certificate(\"cert\", {\n active: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncert = aws.iot.Certificate(\"cert\", active=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cert = new Aws.Iot.Certificate(\"cert\", new Aws.Iot.CertificateArgs\n {\n Active = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iot\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iot.NewCertificate(ctx, \"cert\", &iot.CertificateArgs{\n\t\t\tActive: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "active": { + "type": "boolean", + "description": "Boolean flag to indicate if the certificate should be active\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the created certificate.\n" + }, + "certificatePem": { + "type": "string", + "description": "The certificate data, in PEM format.\n" + }, + "csr": { + "type": "string", + "description": "The certificate signing request. Review\n[CreateCertificateFromCsr](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCertificateFromCsr.html)\nfor more information on generating a certificate from a certificate signing request (CSR).\nIf none is specified both the certificate and keys will be generated, review [CreateKeysAndCertificate](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateKeysAndCertificate.html)\nfor more information on generating keys and a certificate.\n" + }, + "privateKey": { + "type": "string", + "description": "When no CSR is provided, the private key.\n" + }, + "publicKey": { + "type": "string", + "description": "When no CSR is provided, the public key.\n" + } + }, + "required": [ + "active", + "arn", + "certificatePem", + "privateKey", + "publicKey" + ], + "inputProperties": { + "active": { + "type": "boolean", + "description": "Boolean flag to indicate if the certificate should be active\n" + }, + "csr": { + "type": "string", + "description": "The certificate signing request. Review\n[CreateCertificateFromCsr](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCertificateFromCsr.html)\nfor more information on generating a certificate from a certificate signing request (CSR).\nIf none is specified both the certificate and keys will be generated, review [CreateKeysAndCertificate](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateKeysAndCertificate.html)\nfor more information on generating keys and a certificate.\n" + } + }, + "requiredInputs": [ + "active" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Certificate resources.\n", + "properties": { + "active": { + "type": "boolean", + "description": "Boolean flag to indicate if the certificate should be active\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the created certificate.\n" + }, + "certificatePem": { + "type": "string", + "description": "The certificate data, in PEM format.\n" + }, + "csr": { + "type": "string", + "description": "The certificate signing request. Review\n[CreateCertificateFromCsr](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCertificateFromCsr.html)\nfor more information on generating a certificate from a certificate signing request (CSR).\nIf none is specified both the certificate and keys will be generated, review [CreateKeysAndCertificate](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateKeysAndCertificate.html)\nfor more information on generating keys and a certificate.\n" + }, + "privateKey": { + "type": "string", + "description": "When no CSR is provided, the private key.\n" + }, + "publicKey": { + "type": "string", + "description": "When no CSR is provided, the public key.\n" + } + }, + "type": "object" + } + }, + "aws:iot/policy:Policy": { + "description": "Provides an IoT policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pubsub = new aws.iot.Policy(\"pubsub\", {policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"iot:*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n})});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\npubsub = aws.iot.Policy(\"pubsub\", policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"iot:*\"],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n}))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var pubsub = new Aws.Iot.Policy(\"pubsub\", new Aws.Iot.PolicyArgs\n {\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"iot:*\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Resource\", \"*\" },\n },\n }\n },\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iot\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"iot:*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := iot.NewPolicy(ctx, \"pubsub\", &iot.PolicyArgs{\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIoT policies can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:iot/policy:Policy pubsub PubSubToAnyTopic\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to this policy.\n" + }, + "defaultVersionId": { + "type": "string", + "description": "The default version of this policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the policy.\n" + }, + "policy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string. Use the [IoT Developer Guide](http://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) for more information on IoT Policies.\n", + "language": { + "csharp": { + "name": "PolicyDocument" + } + } + } + }, + "required": [ + "arn", + "defaultVersionId", + "name", + "policy" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the policy.\n" + }, + "policy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string. Use the [IoT Developer Guide](http://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) for more information on IoT Policies.\n", + "language": { + "csharp": { + "name": "PolicyDocument" + } + } + } + }, + "requiredInputs": [ + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Policy resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to this policy.\n" + }, + "defaultVersionId": { + "type": "string", + "description": "The default version of this policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the policy.\n" + }, + "policy": { + "type": "string", + "description": "The policy document. This is a JSON formatted string. Use the [IoT Developer Guide](http://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) for more information on IoT Policies.\n", + "language": { + "csharp": { + "name": "PolicyDocument" + } + } + } + }, + "type": "object" + } + }, + "aws:iot/policyAttachment:PolicyAttachment": { + "description": "Provides an IoT policy attachment.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst pubsub = new aws.iot.Policy(\"pubsub\", {policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"iot:*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n`});\nconst cert = new aws.iot.Certificate(\"cert\", {\n csr: fs.readFileSync(\"csr.pem\"),\n active: true,\n});\nconst att = new aws.iot.PolicyAttachment(\"att\", {\n policy: pubsub.name,\n target: cert.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npubsub = aws.iot.Policy(\"pubsub\", policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"iot:*\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\")\ncert = aws.iot.Certificate(\"cert\",\n csr=(lambda path: open(path).read())(\"csr.pem\"),\n active=True)\natt = aws.iot.PolicyAttachment(\"att\",\n policy=pubsub.name,\n target=cert.arn)\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var pubsub = new Aws.Iot.Policy(\"pubsub\", new Aws.Iot.PolicyArgs\n {\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": [\n \"\"iot:*\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n });\n var cert = new Aws.Iot.Certificate(\"cert\", new Aws.Iot.CertificateArgs\n {\n Csr = File.ReadAllText(\"csr.pem\"),\n Active = true,\n });\n var att = new Aws.Iot.PolicyAttachment(\"att\", new Aws.Iot.PolicyAttachmentArgs\n {\n Policy = pubsub.Name,\n Target = cert.Arn,\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "policy": { + "type": "string", + "description": "The name of the policy to attach.\n" + }, + "target": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The identity to which the policy is attached.\n" + } + }, + "required": [ + "policy", + "target" + ], + "inputProperties": { + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iot/policy:Policy" + } + ], + "description": "The name of the policy to attach.\n" + }, + "target": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The identity to which the policy is attached.\n" + } + }, + "requiredInputs": [ + "policy", + "target" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PolicyAttachment resources.\n", + "properties": { + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iot/policy:Policy" + } + ], + "description": "The name of the policy to attach.\n" + }, + "target": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The identity to which the policy is attached.\n" + } + }, + "type": "object" + } + }, + "aws:iot/roleAlias:RoleAlias": { + "description": "Provides an IoT role alias.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\"Service\": \"credentials.iot.amazonaws.com\",\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst alias = new aws.iot.RoleAlias(\"alias\", {\n alias: \"Thermostat-dynamodb-access-role-alias\",\n roleArn: role.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrole = aws.iam.Role(\"role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\"Service\": \"credentials.iot.amazonaws.com\",\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\nalias = aws.iot.RoleAlias(\"alias\",\n alias=\"Thermostat-dynamodb-access-role-alias\",\n role_arn=role.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\"\"Service\"\": \"\"credentials.iot.amazonaws.com\"\",\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var @alias = new Aws.Iot.RoleAlias(\"alias\", new Aws.Iot.RoleAliasArgs\n {\n Alias = \"Thermostat-dynamodb-access-role-alias\",\n RoleArn = role.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iot\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\\"Service\\\": \\\"credentials.iot.amazonaws.com\\\",\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iot.NewRoleAlias(ctx, \"alias\", &iot.RoleAliasArgs{\n\t\t\tAlias: pulumi.String(\"Thermostat-dynamodb-access-role-alias\"),\n\t\t\tRoleArn: role.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIOT Role Alias can be imported via the alias, e.g.\n\n```sh\n $ pulumi import aws:iot/roleAlias:RoleAlias example myalias\n```\n\n ", + "properties": { + "alias": { + "type": "string", + "description": "The name of the role alias.\n" + }, + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to this role alias.\n" + }, + "credentialDuration": { + "type": "integer", + "description": "The duration of the credential, in seconds. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 900 seconds (15 minutes) to 3600 seconds (60 minutes).\n" + }, + "roleArn": { + "type": "string", + "description": "The identity of the role to which the alias refers.\n" + } + }, + "required": [ + "alias", + "arn", + "roleArn" + ], + "inputProperties": { + "alias": { + "type": "string", + "description": "The name of the role alias.\n" + }, + "credentialDuration": { + "type": "integer", + "description": "The duration of the credential, in seconds. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 900 seconds (15 minutes) to 3600 seconds (60 minutes).\n" + }, + "roleArn": { + "type": "string", + "description": "The identity of the role to which the alias refers.\n" + } + }, + "requiredInputs": [ + "alias", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RoleAlias resources.\n", + "properties": { + "alias": { + "type": "string", + "description": "The name of the role alias.\n" + }, + "arn": { + "type": "string", + "description": "The ARN assigned by AWS to this role alias.\n" + }, + "credentialDuration": { + "type": "integer", + "description": "The duration of the credential, in seconds. If you do not specify a value for this setting, the default maximum of one hour is applied. This setting can have a value from 900 seconds (15 minutes) to 3600 seconds (60 minutes).\n" + }, + "roleArn": { + "type": "string", + "description": "The identity of the role to which the alias refers.\n" + } + }, + "type": "object" + } + }, + "aws:iot/thing:Thing": { + "description": "Creates and manages an AWS IoT Thing.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iot.Thing(\"example\", {\n attributes: {\n First: \"examplevalue\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iot.Thing(\"example\", attributes={\n \"First\": \"examplevalue\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Iot.Thing(\"example\", new Aws.Iot.ThingArgs\n {\n Attributes = \n {\n { \"First\", \"examplevalue\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iot\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iot.NewThing(ctx, \"example\", &iot.ThingArgs{\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"First\": pulumi.String(\"examplevalue\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIOT Things can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:iot/thing:Thing example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the thing.\n" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of attributes of the thing.\n" + }, + "defaultClientId": { + "type": "string", + "description": "The default client ID.\n" + }, + "name": { + "type": "string", + "description": "The name of the thing.\n" + }, + "thingTypeName": { + "type": "string", + "description": "The thing type name.\n" + }, + "version": { + "type": "integer", + "description": "The current version of the thing record in the registry.\n" + } + }, + "required": [ + "arn", + "defaultClientId", + "name", + "version" + ], + "inputProperties": { + "attributes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of attributes of the thing.\n" + }, + "name": { + "type": "string", + "description": "The name of the thing.\n" + }, + "thingTypeName": { + "type": "string", + "description": "The thing type name.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Thing resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the thing.\n" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of attributes of the thing.\n" + }, + "defaultClientId": { + "type": "string", + "description": "The default client ID.\n" + }, + "name": { + "type": "string", + "description": "The name of the thing.\n" + }, + "thingTypeName": { + "type": "string", + "description": "The thing type name.\n" + }, + "version": { + "type": "integer", + "description": "The current version of the thing record in the registry.\n" + } + }, + "type": "object" + } + }, + "aws:iot/thingPrincipalAttachment:ThingPrincipalAttachment": { + "description": "Attaches Principal to AWS IoT Thing.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst example = new aws.iot.Thing(\"example\", {});\nconst cert = new aws.iot.Certificate(\"cert\", {\n csr: fs.readFileSync(\"csr.pem\"),\n active: true,\n});\nconst att = new aws.iot.ThingPrincipalAttachment(\"att\", {\n principal: cert.arn,\n thing: example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iot.Thing(\"example\")\ncert = aws.iot.Certificate(\"cert\",\n csr=(lambda path: open(path).read())(\"csr.pem\"),\n active=True)\natt = aws.iot.ThingPrincipalAttachment(\"att\",\n principal=cert.arn,\n thing=example.name)\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Iot.Thing(\"example\", new Aws.Iot.ThingArgs\n {\n });\n var cert = new Aws.Iot.Certificate(\"cert\", new Aws.Iot.CertificateArgs\n {\n Csr = File.ReadAllText(\"csr.pem\"),\n Active = true,\n });\n var att = new Aws.Iot.ThingPrincipalAttachment(\"att\", new Aws.Iot.ThingPrincipalAttachmentArgs\n {\n Principal = cert.Arn,\n Thing = example.Name,\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "principal": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The AWS IoT Certificate ARN or Amazon Cognito Identity ID.\n" + }, + "thing": { + "type": "string", + "description": "The name of the thing.\n" + } + }, + "required": [ + "principal", + "thing" + ], + "inputProperties": { + "principal": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The AWS IoT Certificate ARN or Amazon Cognito Identity ID.\n" + }, + "thing": { + "type": "string", + "description": "The name of the thing.\n" + } + }, + "requiredInputs": [ + "principal", + "thing" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ThingPrincipalAttachment resources.\n", + "properties": { + "principal": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The AWS IoT Certificate ARN or Amazon Cognito Identity ID.\n" + }, + "thing": { + "type": "string", + "description": "The name of the thing.\n" + } + }, + "type": "object" + } + }, + "aws:iot/thingType:ThingType": { + "description": "Creates and manages an AWS IoT Thing Type.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.iot.ThingType(\"foo\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.iot.ThingType(\"foo\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Iot.ThingType(\"foo\", new Aws.Iot.ThingTypeArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iot\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iot.NewThingType(ctx, \"foo\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIOT Thing Types can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:iot/thingType:ThingType example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the created AWS IoT Thing Type.\n" + }, + "deprecated": { + "type": "boolean", + "description": "Whether the thing type is deprecated. If true, no new things could be associated with this type.\n" + }, + "name": { + "type": "string", + "description": "The name of the thing type.\n" + }, + "properties": { + "$ref": "#/types/aws:iot/ThingTypeProperties:ThingTypeProperties", + "description": ", Configuration block that can contain the following properties of the thing type:\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "deprecated": { + "type": "boolean", + "description": "Whether the thing type is deprecated. If true, no new things could be associated with this type.\n" + }, + "name": { + "type": "string", + "description": "The name of the thing type.\n" + }, + "properties": { + "$ref": "#/types/aws:iot/ThingTypeProperties:ThingTypeProperties", + "description": ", Configuration block that can contain the following properties of the thing type:\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ThingType resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the created AWS IoT Thing Type.\n" + }, + "deprecated": { + "type": "boolean", + "description": "Whether the thing type is deprecated. If true, no new things could be associated with this type.\n" + }, + "name": { + "type": "string", + "description": "The name of the thing type.\n" + }, + "properties": { + "$ref": "#/types/aws:iot/ThingTypeProperties:ThingTypeProperties", + "description": ", Configuration block that can contain the following properties of the thing type:\n" + } + }, + "type": "object" + } + }, + "aws:iot/topicRule:TopicRule": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mytopic = new aws.sns.Topic(\"mytopic\", {});\nconst myerrortopic = new aws.sns.Topic(\"myerrortopic\", {});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"iot.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n`});\nconst rule = new aws.iot.TopicRule(\"rule\", {\n description: \"Example rule\",\n enabled: true,\n sql: \"SELECT * FROM 'topic/test'\",\n sqlVersion: \"2016-03-23\",\n sns: {\n messageFormat: \"RAW\",\n roleArn: role.arn,\n targetArn: mytopic.arn,\n },\n errorAction: {\n sns: {\n messageFormat: \"RAW\",\n roleArn: role.arn,\n targetArn: myerrortopic.arn,\n },\n },\n});\nconst iamPolicyForLambda = new aws.iam.RolePolicy(\"iamPolicyForLambda\", {\n role: role.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"sns:Publish\"\n ],\n \"Resource\": \"${mytopic.arn}\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmytopic = aws.sns.Topic(\"mytopic\")\nmyerrortopic = aws.sns.Topic(\"myerrortopic\")\nrole = aws.iam.Role(\"role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"iot.amazonaws.com\"\n },\n \"Action\": \"sts:AssumeRole\"\n }\n ]\n}\n\"\"\")\nrule = aws.iot.TopicRule(\"rule\",\n description=\"Example rule\",\n enabled=True,\n sql=\"SELECT * FROM 'topic/test'\",\n sql_version=\"2016-03-23\",\n sns=aws.iot.TopicRuleSnsArgs(\n message_format=\"RAW\",\n role_arn=role.arn,\n target_arn=mytopic.arn,\n ),\n error_action=aws.iot.TopicRuleErrorActionArgs(\n sns=aws.iot.TopicRuleErrorActionSnsArgs(\n message_format=\"RAW\",\n role_arn=role.arn,\n target_arn=myerrortopic.arn,\n ),\n ))\niam_policy_for_lambda = aws.iam.RolePolicy(\"iamPolicyForLambda\",\n role=role.id,\n policy=mytopic.arn.apply(lambda arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"sns:Publish\"\n ],\n \"Resource\": \"{arn}\"\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mytopic = new Aws.Sns.Topic(\"mytopic\", new Aws.Sns.TopicArgs\n {\n });\n var myerrortopic = new Aws.Sns.Topic(\"myerrortopic\", new Aws.Sns.TopicArgs\n {\n });\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"iot.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n ]\n}\n\",\n });\n var rule = new Aws.Iot.TopicRule(\"rule\", new Aws.Iot.TopicRuleArgs\n {\n Description = \"Example rule\",\n Enabled = true,\n Sql = \"SELECT * FROM 'topic/test'\",\n SqlVersion = \"2016-03-23\",\n Sns = new Aws.Iot.Inputs.TopicRuleSnsArgs\n {\n MessageFormat = \"RAW\",\n RoleArn = role.Arn,\n TargetArn = mytopic.Arn,\n },\n ErrorAction = new Aws.Iot.Inputs.TopicRuleErrorActionArgs\n {\n Sns = new Aws.Iot.Inputs.TopicRuleErrorActionSnsArgs\n {\n MessageFormat = \"RAW\",\n RoleArn = role.Arn,\n TargetArn = myerrortopic.Arn,\n },\n },\n });\n var iamPolicyForLambda = new Aws.Iam.RolePolicy(\"iamPolicyForLambda\", new Aws.Iam.RolePolicyArgs\n {\n Role = role.Id,\n Policy = mytopic.Arn.Apply(arn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"sns:Publish\"\"\n ],\n \"\"Resource\"\": \"\"{arn}\"\"\n }}\n ]\n}}\n\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iot\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmytopic, err := sns.NewTopic(ctx, \"mytopic\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmyerrortopic, err := sns.NewTopic(ctx, \"myerrortopic\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"iot.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iot.NewTopicRule(ctx, \"rule\", &iot.TopicRuleArgs{\n\t\t\tDescription: pulumi.String(\"Example rule\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tSql: pulumi.String(\"SELECT * FROM 'topic/test'\"),\n\t\t\tSqlVersion: pulumi.String(\"2016-03-23\"),\n\t\t\tSns: &iot.TopicRuleSnsArgs{\n\t\t\t\tMessageFormat: pulumi.String(\"RAW\"),\n\t\t\t\tRoleArn: role.Arn,\n\t\t\t\tTargetArn: mytopic.Arn,\n\t\t\t},\n\t\t\tErrorAction: &iot.TopicRuleErrorActionArgs{\n\t\t\t\tSns: &iot.TopicRuleErrorActionSnsArgs{\n\t\t\t\t\tMessageFormat: pulumi.String(\"RAW\"),\n\t\t\t\t\tRoleArn: role.Arn,\n\t\t\t\t\tTargetArn: myerrortopic.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"iamPolicyForLambda\", &iam.RolePolicyArgs{\n\t\t\tRole: role.ID(),\n\t\t\tPolicy: mytopic.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"sns:Publish\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"\", arn, \"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIoT Topic Rules can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:iot/topicRule:TopicRule rule \n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the topic rule\n" + }, + "cloudwatchAlarm": { + "$ref": "#/types/aws:iot/TopicRuleCloudwatchAlarm:TopicRuleCloudwatchAlarm" + }, + "cloudwatchMetric": { + "$ref": "#/types/aws:iot/TopicRuleCloudwatchMetric:TopicRuleCloudwatchMetric" + }, + "description": { + "type": "string", + "description": "The description of the rule.\n" + }, + "dynamodb": { + "$ref": "#/types/aws:iot/TopicRuleDynamodb:TopicRuleDynamodb" + }, + "dynamodbv2s": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleDynamodbv2:TopicRuleDynamodbv2" + } + }, + "elasticsearch": { + "$ref": "#/types/aws:iot/TopicRuleElasticsearch:TopicRuleElasticsearch" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the rule is enabled.\n" + }, + "errorAction": { + "$ref": "#/types/aws:iot/TopicRuleErrorAction:TopicRuleErrorAction", + "description": "Configuration block with error action to be associated with the rule. See the documentation for `cloudwatch_alarm`, `cloudwatch_metric`, `dynamodb`, `dynamodbv2`, `elasticsearch`, `firehose`, `iot_analytics`, `iot_events`, `kinesis`, `lambda`, `republish`, `s3`, `step_functions`, `sns`, `sqs` configuration blocks for further configuration details.\n" + }, + "firehose": { + "$ref": "#/types/aws:iot/TopicRuleFirehose:TopicRuleFirehose" + }, + "iotAnalytics": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleIotAnalytic:TopicRuleIotAnalytic" + } + }, + "iotEvents": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleIotEvent:TopicRuleIotEvent" + } + }, + "kinesis": { + "$ref": "#/types/aws:iot/TopicRuleKinesis:TopicRuleKinesis" + }, + "lambda": { + "$ref": "#/types/aws:iot/TopicRuleLambda:TopicRuleLambda" + }, + "name": { + "type": "string", + "description": "The name of the rule.\n" + }, + "republish": { + "$ref": "#/types/aws:iot/TopicRuleRepublish:TopicRuleRepublish" + }, + "s3": { + "$ref": "#/types/aws:iot/TopicRuleS3:TopicRuleS3" + }, + "sns": { + "$ref": "#/types/aws:iot/TopicRuleSns:TopicRuleSns" + }, + "sql": { + "type": "string", + "description": "The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference (http://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html#aws-iot-sql-reference) in the AWS IoT Developer Guide.\n" + }, + "sqlVersion": { + "type": "string", + "description": "The version of the SQL rules engine to use when evaluating the rule.\n" + }, + "sqs": { + "$ref": "#/types/aws:iot/TopicRuleSqs:TopicRuleSqs" + }, + "stepFunctions": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleStepFunction:TopicRuleStepFunction" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "enabled", + "name", + "sql", + "sqlVersion", + "tagsAll" + ], + "inputProperties": { + "cloudwatchAlarm": { + "$ref": "#/types/aws:iot/TopicRuleCloudwatchAlarm:TopicRuleCloudwatchAlarm" + }, + "cloudwatchMetric": { + "$ref": "#/types/aws:iot/TopicRuleCloudwatchMetric:TopicRuleCloudwatchMetric" + }, + "description": { + "type": "string", + "description": "The description of the rule.\n" + }, + "dynamodb": { + "$ref": "#/types/aws:iot/TopicRuleDynamodb:TopicRuleDynamodb" + }, + "dynamodbv2s": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleDynamodbv2:TopicRuleDynamodbv2" + } + }, + "elasticsearch": { + "$ref": "#/types/aws:iot/TopicRuleElasticsearch:TopicRuleElasticsearch" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the rule is enabled.\n" + }, + "errorAction": { + "$ref": "#/types/aws:iot/TopicRuleErrorAction:TopicRuleErrorAction", + "description": "Configuration block with error action to be associated with the rule. See the documentation for `cloudwatch_alarm`, `cloudwatch_metric`, `dynamodb`, `dynamodbv2`, `elasticsearch`, `firehose`, `iot_analytics`, `iot_events`, `kinesis`, `lambda`, `republish`, `s3`, `step_functions`, `sns`, `sqs` configuration blocks for further configuration details.\n" + }, + "firehose": { + "$ref": "#/types/aws:iot/TopicRuleFirehose:TopicRuleFirehose" + }, + "iotAnalytics": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleIotAnalytic:TopicRuleIotAnalytic" + } + }, + "iotEvents": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleIotEvent:TopicRuleIotEvent" + } + }, + "kinesis": { + "$ref": "#/types/aws:iot/TopicRuleKinesis:TopicRuleKinesis" + }, + "lambda": { + "$ref": "#/types/aws:iot/TopicRuleLambda:TopicRuleLambda" + }, + "name": { + "type": "string", + "description": "The name of the rule.\n" + }, + "republish": { + "$ref": "#/types/aws:iot/TopicRuleRepublish:TopicRuleRepublish" + }, + "s3": { + "$ref": "#/types/aws:iot/TopicRuleS3:TopicRuleS3" + }, + "sns": { + "$ref": "#/types/aws:iot/TopicRuleSns:TopicRuleSns" + }, + "sql": { + "type": "string", + "description": "The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference (http://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html#aws-iot-sql-reference) in the AWS IoT Developer Guide.\n" + }, + "sqlVersion": { + "type": "string", + "description": "The version of the SQL rules engine to use when evaluating the rule.\n" + }, + "sqs": { + "$ref": "#/types/aws:iot/TopicRuleSqs:TopicRuleSqs" + }, + "stepFunctions": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleStepFunction:TopicRuleStepFunction" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "enabled", + "sql", + "sqlVersion" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TopicRule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the topic rule\n" + }, + "cloudwatchAlarm": { + "$ref": "#/types/aws:iot/TopicRuleCloudwatchAlarm:TopicRuleCloudwatchAlarm" + }, + "cloudwatchMetric": { + "$ref": "#/types/aws:iot/TopicRuleCloudwatchMetric:TopicRuleCloudwatchMetric" + }, + "description": { + "type": "string", + "description": "The description of the rule.\n" + }, + "dynamodb": { + "$ref": "#/types/aws:iot/TopicRuleDynamodb:TopicRuleDynamodb" + }, + "dynamodbv2s": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleDynamodbv2:TopicRuleDynamodbv2" + } + }, + "elasticsearch": { + "$ref": "#/types/aws:iot/TopicRuleElasticsearch:TopicRuleElasticsearch" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the rule is enabled.\n" + }, + "errorAction": { + "$ref": "#/types/aws:iot/TopicRuleErrorAction:TopicRuleErrorAction", + "description": "Configuration block with error action to be associated with the rule. See the documentation for `cloudwatch_alarm`, `cloudwatch_metric`, `dynamodb`, `dynamodbv2`, `elasticsearch`, `firehose`, `iot_analytics`, `iot_events`, `kinesis`, `lambda`, `republish`, `s3`, `step_functions`, `sns`, `sqs` configuration blocks for further configuration details.\n" + }, + "firehose": { + "$ref": "#/types/aws:iot/TopicRuleFirehose:TopicRuleFirehose" + }, + "iotAnalytics": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleIotAnalytic:TopicRuleIotAnalytic" + } + }, + "iotEvents": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleIotEvent:TopicRuleIotEvent" + } + }, + "kinesis": { + "$ref": "#/types/aws:iot/TopicRuleKinesis:TopicRuleKinesis" + }, + "lambda": { + "$ref": "#/types/aws:iot/TopicRuleLambda:TopicRuleLambda" + }, + "name": { + "type": "string", + "description": "The name of the rule.\n" + }, + "republish": { + "$ref": "#/types/aws:iot/TopicRuleRepublish:TopicRuleRepublish" + }, + "s3": { + "$ref": "#/types/aws:iot/TopicRuleS3:TopicRuleS3" + }, + "sns": { + "$ref": "#/types/aws:iot/TopicRuleSns:TopicRuleSns" + }, + "sql": { + "type": "string", + "description": "The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference (http://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html#aws-iot-sql-reference) in the AWS IoT Developer Guide.\n" + }, + "sqlVersion": { + "type": "string", + "description": "The version of the SQL rules engine to use when evaluating the rule.\n" + }, + "sqs": { + "$ref": "#/types/aws:iot/TopicRuleSqs:TopicRuleSqs" + }, + "stepFunctions": { + "type": "array", + "items": { + "$ref": "#/types/aws:iot/TopicRuleStepFunction:TopicRuleStepFunction" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:kinesis/analyticsApplication:AnalyticsApplication": { + "description": "Provides a Kinesis Analytics Application resource. Kinesis Analytics is a managed service that\nallows processing and analyzing streaming data using standard SQL.\n\nFor more details, see the [Amazon Kinesis Analytics Documentation](https://docs.aws.amazon.com/kinesisanalytics/latest/dev/what-is.html).\n\n> **Note:** To manage Amazon Kinesis Data Analytics for Apache Flink applications, use the `aws.kinesisanalyticsv2.Application` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Kinesis Stream Input\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.Stream(\"testStream\", {shardCount: 1});\nconst testApplication = new aws.kinesis.AnalyticsApplication(\"testApplication\", {inputs: {\n namePrefix: \"test_prefix\",\n kinesisStream: {\n resourceArn: testStream.arn,\n roleArn: aws_iam_role.test.arn,\n },\n parallelism: {\n count: 1,\n },\n schema: {\n recordColumns: [{\n mapping: `$.test`,\n name: \"test\",\n sqlType: \"VARCHAR(8)\",\n }],\n recordEncoding: \"UTF-8\",\n recordFormat: {\n mappingParameters: {\n json: {\n recordRowPath: \"$\",\n },\n },\n },\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.Stream(\"testStream\", shard_count=1)\ntest_application = aws.kinesis.AnalyticsApplication(\"testApplication\", inputs=aws.kinesis.AnalyticsApplicationInputsArgs(\n name_prefix=\"test_prefix\",\n kinesis_stream=aws.kinesis.AnalyticsApplicationInputsKinesisStreamArgs(\n resource_arn=test_stream.arn,\n role_arn=aws_iam_role[\"test\"][\"arn\"],\n ),\n parallelism=aws.kinesis.AnalyticsApplicationInputsParallelismArgs(\n count=1,\n ),\n schema=aws.kinesis.AnalyticsApplicationInputsSchemaArgs(\n record_columns=[aws.kinesis.AnalyticsApplicationInputsSchemaRecordColumnArgs(\n mapping=\"$.test\",\n name=\"test\",\n sql_type=\"VARCHAR(8)\",\n )],\n record_encoding=\"UTF-8\",\n record_format=aws.kinesis.AnalyticsApplicationInputsSchemaRecordFormatArgs(\n mapping_parameters=aws.kinesis.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersArgs(\n json=aws.kinesis.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersJsonArgs(\n record_row_path=\"$\",\n ),\n ),\n ),\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testStream = new Aws.Kinesis.Stream(\"testStream\", new Aws.Kinesis.StreamArgs\n {\n ShardCount = 1,\n });\n var testApplication = new Aws.Kinesis.AnalyticsApplication(\"testApplication\", new Aws.Kinesis.AnalyticsApplicationArgs\n {\n Inputs = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsArgs\n {\n NamePrefix = \"test_prefix\",\n KinesisStream = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsKinesisStreamArgs\n {\n ResourceArn = testStream.Arn,\n RoleArn = aws_iam_role.Test.Arn,\n },\n Parallelism = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsParallelismArgs\n {\n Count = 1,\n },\n Schema = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsSchemaArgs\n {\n RecordColumns = \n {\n new Aws.Kinesis.Inputs.AnalyticsApplicationInputsSchemaRecordColumnArgs\n {\n Mapping = \"$.test\",\n Name = \"test\",\n SqlType = \"VARCHAR(8)\",\n },\n },\n RecordEncoding = \"UTF-8\",\n RecordFormat = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsSchemaRecordFormatArgs\n {\n MappingParameters = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersArgs\n {\n Json = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersJsonArgs\n {\n RecordRowPath = \"$\",\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestStream, err := kinesis.NewStream(ctx, \"testStream\", &kinesis.StreamArgs{\n\t\t\tShardCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewAnalyticsApplication(ctx, \"testApplication\", &kinesis.AnalyticsApplicationArgs{\n\t\t\tInputs: &kinesis.AnalyticsApplicationInputsArgs{\n\t\t\t\tNamePrefix: pulumi.String(\"test_prefix\"),\n\t\t\t\tKinesisStream: &kinesis.AnalyticsApplicationInputsKinesisStreamArgs{\n\t\t\t\t\tResourceArn: testStream.Arn,\n\t\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Test.Arn),\n\t\t\t\t},\n\t\t\t\tParallelism: &kinesis.AnalyticsApplicationInputsParallelismArgs{\n\t\t\t\t\tCount: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t\tSchema: &kinesis.AnalyticsApplicationInputsSchemaArgs{\n\t\t\t\t\tRecordColumns: kinesis.AnalyticsApplicationInputsSchemaRecordColumnArray{\n\t\t\t\t\t\t&kinesis.AnalyticsApplicationInputsSchemaRecordColumnArgs{\n\t\t\t\t\t\t\tMapping: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \".test\")),\n\t\t\t\t\t\t\tName: pulumi.String(\"test\"),\n\t\t\t\t\t\t\tSqlType: pulumi.String(\"VARCHAR(8)\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tRecordEncoding: pulumi.String(\"UTF-8\"),\n\t\t\t\t\tRecordFormat: &kinesis.AnalyticsApplicationInputsSchemaRecordFormatArgs{\n\t\t\t\t\t\tMappingParameters: &kinesis.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersArgs{\n\t\t\t\t\t\t\tJson: &kinesis.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersJsonArgs{\n\t\t\t\t\t\t\t\tRecordRowPath: pulumi.String(\"$\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Starting An Application\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst exampleLogStream = new aws.cloudwatch.LogStream(\"exampleLogStream\", {logGroupName: exampleLogGroup.name});\nconst exampleStream = new aws.kinesis.Stream(\"exampleStream\", {shardCount: 1});\nconst exampleFirehoseDeliveryStream = new aws.kinesis.FirehoseDeliveryStream(\"exampleFirehoseDeliveryStream\", {\n destination: \"extended_s3\",\n extendedS3Configuration: {\n bucketArn: aws_s3_bucket.example.arn,\n roleArn: aws_iam_role.example.arn,\n },\n});\nconst test = new aws.kinesis.AnalyticsApplication(\"test\", {\n cloudwatchLoggingOptions: {\n logStreamArn: exampleLogStream.arn,\n roleArn: aws_iam_role.example.arn,\n },\n inputs: {\n namePrefix: \"example_prefix\",\n schema: {\n recordColumns: [{\n name: \"COLUMN_1\",\n sqlType: \"INTEGER\",\n }],\n recordFormat: {\n mappingParameters: {\n csv: {\n recordColumnDelimiter: \",\",\n recordRowDelimiter: \"|\",\n },\n },\n },\n },\n kinesisStream: {\n resourceArn: exampleStream.arn,\n roleArn: aws_iam_role.example.arn,\n },\n startingPositionConfigurations: [{\n startingPosition: \"NOW\",\n }],\n },\n outputs: [{\n name: \"OUTPUT_1\",\n schema: {\n recordFormatType: \"CSV\",\n },\n kinesisFirehose: {\n resourceArn: exampleFirehoseDeliveryStream.arn,\n roleArn: aws_iam_role.example.arn,\n },\n }],\n startApplication: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_log_stream = aws.cloudwatch.LogStream(\"exampleLogStream\", log_group_name=example_log_group.name)\nexample_stream = aws.kinesis.Stream(\"exampleStream\", shard_count=1)\nexample_firehose_delivery_stream = aws.kinesis.FirehoseDeliveryStream(\"exampleFirehoseDeliveryStream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n bucket_arn=aws_s3_bucket[\"example\"][\"arn\"],\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n ))\ntest = aws.kinesis.AnalyticsApplication(\"test\",\n cloudwatch_logging_options=aws.kinesis.AnalyticsApplicationCloudwatchLoggingOptionsArgs(\n log_stream_arn=example_log_stream.arn,\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n ),\n inputs=aws.kinesis.AnalyticsApplicationInputsArgs(\n name_prefix=\"example_prefix\",\n schema=aws.kinesis.AnalyticsApplicationInputsSchemaArgs(\n record_columns=[aws.kinesis.AnalyticsApplicationInputsSchemaRecordColumnArgs(\n name=\"COLUMN_1\",\n sql_type=\"INTEGER\",\n )],\n record_format=aws.kinesis.AnalyticsApplicationInputsSchemaRecordFormatArgs(\n mapping_parameters=aws.kinesis.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersArgs(\n csv=aws.kinesis.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersCsvArgs(\n record_column_delimiter=\",\",\n record_row_delimiter=\"|\",\n ),\n ),\n ),\n ),\n kinesis_stream=aws.kinesis.AnalyticsApplicationInputsKinesisStreamArgs(\n resource_arn=example_stream.arn,\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n ),\n starting_position_configurations=[aws.kinesis.AnalyticsApplicationInputsStartingPositionConfigurationArgs(\n starting_position=\"NOW\",\n )],\n ),\n outputs=[aws.kinesis.AnalyticsApplicationOutputArgs(\n name=\"OUTPUT_1\",\n schema=aws.kinesis.AnalyticsApplicationOutputSchemaArgs(\n record_format_type=\"CSV\",\n ),\n kinesis_firehose=aws.kinesis.AnalyticsApplicationOutputKinesisFirehoseArgs(\n resource_arn=example_firehose_delivery_stream.arn,\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n ),\n )],\n start_application=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new Aws.CloudWatch.LogGroupArgs\n {\n });\n var exampleLogStream = new Aws.CloudWatch.LogStream(\"exampleLogStream\", new Aws.CloudWatch.LogStreamArgs\n {\n LogGroupName = exampleLogGroup.Name,\n });\n var exampleStream = new Aws.Kinesis.Stream(\"exampleStream\", new Aws.Kinesis.StreamArgs\n {\n ShardCount = 1,\n });\n var exampleFirehoseDeliveryStream = new Aws.Kinesis.FirehoseDeliveryStream(\"exampleFirehoseDeliveryStream\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n BucketArn = aws_s3_bucket.Example.Arn,\n RoleArn = aws_iam_role.Example.Arn,\n },\n });\n var test = new Aws.Kinesis.AnalyticsApplication(\"test\", new Aws.Kinesis.AnalyticsApplicationArgs\n {\n CloudwatchLoggingOptions = new Aws.Kinesis.Inputs.AnalyticsApplicationCloudwatchLoggingOptionsArgs\n {\n LogStreamArn = exampleLogStream.Arn,\n RoleArn = aws_iam_role.Example.Arn,\n },\n Inputs = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsArgs\n {\n NamePrefix = \"example_prefix\",\n Schema = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsSchemaArgs\n {\n RecordColumns = \n {\n new Aws.Kinesis.Inputs.AnalyticsApplicationInputsSchemaRecordColumnArgs\n {\n Name = \"COLUMN_1\",\n SqlType = \"INTEGER\",\n },\n },\n RecordFormat = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsSchemaRecordFormatArgs\n {\n MappingParameters = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersArgs\n {\n Csv = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersCsvArgs\n {\n RecordColumnDelimiter = \",\",\n RecordRowDelimiter = \"|\",\n },\n },\n },\n },\n KinesisStream = new Aws.Kinesis.Inputs.AnalyticsApplicationInputsKinesisStreamArgs\n {\n ResourceArn = exampleStream.Arn,\n RoleArn = aws_iam_role.Example.Arn,\n },\n StartingPositionConfigurations = \n {\n new Aws.Kinesis.Inputs.AnalyticsApplicationInputsStartingPositionConfigurationArgs\n {\n StartingPosition = \"NOW\",\n },\n },\n },\n Outputs = \n {\n new Aws.Kinesis.Inputs.AnalyticsApplicationOutputArgs\n {\n Name = \"OUTPUT_1\",\n Schema = new Aws.Kinesis.Inputs.AnalyticsApplicationOutputSchemaArgs\n {\n RecordFormatType = \"CSV\",\n },\n KinesisFirehose = new Aws.Kinesis.Inputs.AnalyticsApplicationOutputKinesisFirehoseArgs\n {\n ResourceArn = exampleFirehoseDeliveryStream.Arn,\n RoleArn = aws_iam_role.Example.Arn,\n },\n },\n },\n StartApplication = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLogStream, err := cloudwatch.NewLogStream(ctx, \"exampleLogStream\", &cloudwatch.LogStreamArgs{\n\t\t\tLogGroupName: exampleLogGroup.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleStream, err := kinesis.NewStream(ctx, \"exampleStream\", &kinesis.StreamArgs{\n\t\t\tShardCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleFirehoseDeliveryStream, err := kinesis.NewFirehoseDeliveryStream(ctx, \"exampleFirehoseDeliveryStream\", &kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tDestination: pulumi.String(\"extended_s3\"),\n\t\t\tExtendedS3Configuration: &kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs{\n\t\t\t\tBucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewAnalyticsApplication(ctx, \"test\", &kinesis.AnalyticsApplicationArgs{\n\t\t\tCloudwatchLoggingOptions: &kinesis.AnalyticsApplicationCloudwatchLoggingOptionsArgs{\n\t\t\t\tLogStreamArn: exampleLogStream.Arn,\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t},\n\t\t\tInputs: &kinesis.AnalyticsApplicationInputsArgs{\n\t\t\t\tNamePrefix: pulumi.String(\"example_prefix\"),\n\t\t\t\tSchema: &kinesis.AnalyticsApplicationInputsSchemaArgs{\n\t\t\t\t\tRecordColumns: kinesis.AnalyticsApplicationInputsSchemaRecordColumnArray{\n\t\t\t\t\t\t&kinesis.AnalyticsApplicationInputsSchemaRecordColumnArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"COLUMN_1\"),\n\t\t\t\t\t\t\tSqlType: pulumi.String(\"INTEGER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tRecordFormat: &kinesis.AnalyticsApplicationInputsSchemaRecordFormatArgs{\n\t\t\t\t\t\tMappingParameters: &kinesis.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersArgs{\n\t\t\t\t\t\t\tCsv: &kinesis.AnalyticsApplicationInputsSchemaRecordFormatMappingParametersCsvArgs{\n\t\t\t\t\t\t\t\tRecordColumnDelimiter: pulumi.String(\",\"),\n\t\t\t\t\t\t\t\tRecordRowDelimiter: pulumi.String(\"|\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tKinesisStream: &kinesis.AnalyticsApplicationInputsKinesisStreamArgs{\n\t\t\t\t\tResourceArn: exampleStream.Arn,\n\t\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t\t},\n\t\t\t\tStartingPositionConfigurations: kinesis.AnalyticsApplicationInputsStartingPositionConfigurationArray{\n\t\t\t\t\t&kinesis.AnalyticsApplicationInputsStartingPositionConfigurationArgs{\n\t\t\t\t\t\tStartingPosition: pulumi.String(\"NOW\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOutputs: kinesis.AnalyticsApplicationOutputArray{\n\t\t\t\t&kinesis.AnalyticsApplicationOutputArgs{\n\t\t\t\t\tName: pulumi.String(\"OUTPUT_1\"),\n\t\t\t\t\tSchema: &kinesis.AnalyticsApplicationOutputSchemaArgs{\n\t\t\t\t\t\tRecordFormatType: pulumi.String(\"CSV\"),\n\t\t\t\t\t},\n\t\t\t\t\tKinesisFirehose: &kinesis.AnalyticsApplicationOutputKinesisFirehoseArgs{\n\t\t\t\t\t\tResourceArn: exampleFirehoseDeliveryStream.Arn,\n\t\t\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tStartApplication: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nKinesis Analytics Application can be imported by using ARN, e.g.\n\n```sh\n $ pulumi import aws:kinesis/analyticsApplication:AnalyticsApplication example arn:aws:kinesisanalytics:us-west-2:1234567890:application/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the Kinesis Analytics Appliation.\n" + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationCloudwatchLoggingOptions:AnalyticsApplicationCloudwatchLoggingOptions", + "description": "The CloudWatch log stream options to monitor application errors.\nSee CloudWatch Logging Options below for more details.\n" + }, + "code": { + "type": "string", + "description": "SQL Code to transform input data, and generate output.\n" + }, + "createTimestamp": { + "type": "string", + "description": "The Timestamp when the application version was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the application.\n" + }, + "inputs": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputs:AnalyticsApplicationInputs", + "description": "Input configuration of the application. See Inputs below for more details.\n" + }, + "lastUpdateTimestamp": { + "type": "string", + "description": "The Timestamp when the application was last updated.\n" + }, + "name": { + "type": "string", + "description": "Name of the Kinesis Analytics Application.\n" + }, + "outputs": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationOutput:AnalyticsApplicationOutput" + }, + "description": "Output destination configuration of the application. See Outputs below for more details.\n" + }, + "referenceDataSources": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationReferenceDataSources:AnalyticsApplicationReferenceDataSources", + "description": "An S3 Reference Data Source for the application.\nSee Reference Data Sources below for more details.\n" + }, + "startApplication": { + "type": "boolean", + "description": "Whether to start or stop the Kinesis Analytics Application. To start an application, an input with a defined `starting_position` must be configured.\nTo modify an application's starting position, first stop the application by setting `start_application = false`, then update `starting_position` and set `start_application = true`.\n" + }, + "status": { + "type": "string", + "description": "The Status of the application.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "version": { + "type": "integer", + "description": "The Version of the application.\n" + } + }, + "required": [ + "arn", + "createTimestamp", + "lastUpdateTimestamp", + "name", + "status", + "tagsAll", + "version" + ], + "inputProperties": { + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationCloudwatchLoggingOptions:AnalyticsApplicationCloudwatchLoggingOptions", + "description": "The CloudWatch log stream options to monitor application errors.\nSee CloudWatch Logging Options below for more details.\n" + }, + "code": { + "type": "string", + "description": "SQL Code to transform input data, and generate output.\n" + }, + "description": { + "type": "string", + "description": "Description of the application.\n" + }, + "inputs": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputs:AnalyticsApplicationInputs", + "description": "Input configuration of the application. See Inputs below for more details.\n" + }, + "name": { + "type": "string", + "description": "Name of the Kinesis Analytics Application.\n" + }, + "outputs": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationOutput:AnalyticsApplicationOutput" + }, + "description": "Output destination configuration of the application. See Outputs below for more details.\n" + }, + "referenceDataSources": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationReferenceDataSources:AnalyticsApplicationReferenceDataSources", + "description": "An S3 Reference Data Source for the application.\nSee Reference Data Sources below for more details.\n" + }, + "startApplication": { + "type": "boolean", + "description": "Whether to start or stop the Kinesis Analytics Application. To start an application, an input with a defined `starting_position` must be configured.\nTo modify an application's starting position, first stop the application by setting `start_application = false`, then update `starting_position` and set `start_application = true`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering AnalyticsApplication resources.\n", + "properties": { + "arn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the Kinesis Analytics Appliation.\n" + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationCloudwatchLoggingOptions:AnalyticsApplicationCloudwatchLoggingOptions", + "description": "The CloudWatch log stream options to monitor application errors.\nSee CloudWatch Logging Options below for more details.\n" + }, + "code": { + "type": "string", + "description": "SQL Code to transform input data, and generate output.\n" + }, + "createTimestamp": { + "type": "string", + "description": "The Timestamp when the application version was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the application.\n" + }, + "inputs": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationInputs:AnalyticsApplicationInputs", + "description": "Input configuration of the application. See Inputs below for more details.\n" + }, + "lastUpdateTimestamp": { + "type": "string", + "description": "The Timestamp when the application was last updated.\n" + }, + "name": { + "type": "string", + "description": "Name of the Kinesis Analytics Application.\n" + }, + "outputs": { + "type": "array", + "items": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationOutput:AnalyticsApplicationOutput" + }, + "description": "Output destination configuration of the application. See Outputs below for more details.\n" + }, + "referenceDataSources": { + "$ref": "#/types/aws:kinesis/AnalyticsApplicationReferenceDataSources:AnalyticsApplicationReferenceDataSources", + "description": "An S3 Reference Data Source for the application.\nSee Reference Data Sources below for more details.\n" + }, + "startApplication": { + "type": "boolean", + "description": "Whether to start or stop the Kinesis Analytics Application. To start an application, an input with a defined `starting_position` must be configured.\nTo modify an application's starting position, first stop the application by setting `start_application = false`, then update `starting_position` and set `start_application = true`.\n" + }, + "status": { + "type": "string", + "description": "The Status of the application.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "version": { + "type": "integer", + "description": "The Version of the application.\n" + } + }, + "type": "object" + } + }, + "aws:kinesis/firehoseDeliveryStream:FirehoseDeliveryStream": { + "description": "Provides a Kinesis Firehose Delivery Stream resource. Amazon Kinesis Firehose is a fully managed, elastic service to easily deliver real-time data streams to destinations such as Amazon S3 and Amazon Redshift.\n\nFor more details, see the [Amazon Kinesis Firehose Documentation](https://aws.amazon.com/documentation/firehose/).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Extended S3 Destination\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {acl: \"private\"});\nconst firehoseRole = new aws.iam.Role(\"firehoseRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"firehose.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst lambdaIam = new aws.iam.Role(\"lambdaIam\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst lambdaProcessor = new aws.lambda.Function(\"lambdaProcessor\", {\n code: new pulumi.asset.FileArchive(\"lambda.zip\"),\n role: lambdaIam.arn,\n handler: \"exports.handler\",\n runtime: \"nodejs12.x\",\n});\nconst extendedS3Stream = new aws.kinesis.FirehoseDeliveryStream(\"extendedS3Stream\", {\n destination: \"extended_s3\",\n extendedS3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n processingConfiguration: {\n enabled: \"true\",\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: pulumi.interpolate`${lambdaProcessor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\", acl=\"private\")\nfirehose_role = aws.iam.Role(\"firehoseRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"firehose.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\nlambda_iam = aws.iam.Role(\"lambdaIam\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\nlambda_processor = aws.lambda_.Function(\"lambdaProcessor\",\n code=pulumi.FileArchive(\"lambda.zip\"),\n role=lambda_iam.arn,\n handler=\"exports.handler\",\n runtime=\"nodejs12.x\")\nextended_s3_stream = aws.kinesis.FirehoseDeliveryStream(\"extendedS3Stream\",\n destination=\"extended_s3\",\n extended_s3_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationArgs(\n role_arn=firehose_role.arn,\n bucket_arn=bucket.arn,\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs(\n type=\"Lambda\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"LambdaArn\",\n parameter_value=lambda_processor.arn.apply(lambda arn: f\"{arn}:$LATEST\"),\n )],\n )],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var firehoseRole = new Aws.Iam.Role(\"firehoseRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"firehose.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var lambdaIam = new Aws.Iam.Role(\"lambdaIam\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"lambda.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var lambdaProcessor = new Aws.Lambda.Function(\"lambdaProcessor\", new Aws.Lambda.FunctionArgs\n {\n Code = new FileArchive(\"lambda.zip\"),\n Role = lambdaIam.Arn,\n Handler = \"exports.handler\",\n Runtime = \"nodejs12.x\",\n });\n var extendedS3Stream = new Aws.Kinesis.FirehoseDeliveryStream(\"extendedS3Stream\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"extended_s3\",\n ExtendedS3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = \n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = \n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamExtendedS3ConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = lambdaProcessor.Arn.Apply(arn => $\"{arn}:$LATEST\"),\n },\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### S3 Destination\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {acl: \"private\"});\nconst firehoseRole = new aws.iam.Role(\"firehoseRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"firehose.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"testStream\", {\n destination: \"s3\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\", acl=\"private\")\nfirehose_role = aws.iam.Role(\"firehoseRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"firehose.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"testStream\",\n destination=\"s3\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamS3ConfigurationArgs(\n role_arn=firehose_role.arn,\n bucket_arn=bucket.arn,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var firehoseRole = new Aws.Iam.Role(\"firehoseRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"firehose.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"testStream\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"s3\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseRole, err := iam.NewRole(ctx, \"firehoseRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"firehose.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"testStream\", &kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tDestination: pulumi.String(\"s3\"),\n\t\t\tS3Configuration: &kinesis.FirehoseDeliveryStreamS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseRole.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Redshift Destination\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.redshift.Cluster(\"testCluster\", {\n clusterIdentifier: \"tf-redshift-cluster\",\n databaseName: \"test\",\n masterUsername: \"testuser\",\n masterPassword: \"T3stPass\",\n nodeType: \"dc1.large\",\n clusterType: \"single-node\",\n});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"testStream\", {\n destination: \"redshift\",\n s3Configuration: {\n roleArn: aws_iam_role.firehose_role.arn,\n bucketArn: aws_s3_bucket.bucket.arn,\n bufferSize: 10,\n bufferInterval: 400,\n compressionFormat: \"GZIP\",\n },\n redshiftConfiguration: {\n roleArn: aws_iam_role.firehose_role.arn,\n clusterJdbcurl: pulumi.interpolate`jdbc:redshift://${testCluster.endpoint}/${testCluster.databaseName}`,\n username: \"testuser\",\n password: \"T3stPass\",\n dataTableName: \"test-table\",\n copyOptions: \"delimiter '|'\",\n dataTableColumns: \"test-col\",\n s3BackupMode: \"Enabled\",\n s3BackupConfiguration: {\n roleArn: aws_iam_role.firehose_role.arn,\n bucketArn: aws_s3_bucket.bucket.arn,\n bufferSize: 15,\n bufferInterval: 300,\n compressionFormat: \"GZIP\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.redshift.Cluster(\"testCluster\",\n cluster_identifier=\"tf-redshift-cluster\",\n database_name=\"test\",\n master_username=\"testuser\",\n master_password=\"T3stPass\",\n node_type=\"dc1.large\",\n cluster_type=\"single-node\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"testStream\",\n destination=\"redshift\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamS3ConfigurationArgs(\n role_arn=aws_iam_role[\"firehose_role\"][\"arn\"],\n bucket_arn=aws_s3_bucket[\"bucket\"][\"arn\"],\n buffer_size=10,\n buffer_interval=400,\n compression_format=\"GZIP\",\n ),\n redshift_configuration=aws.kinesis.FirehoseDeliveryStreamRedshiftConfigurationArgs(\n role_arn=aws_iam_role[\"firehose_role\"][\"arn\"],\n cluster_jdbcurl=pulumi.Output.all(test_cluster.endpoint, test_cluster.database_name).apply(lambda endpoint, database_name: f\"jdbc:redshift://{endpoint}/{database_name}\"),\n username=\"testuser\",\n password=\"T3stPass\",\n data_table_name=\"test-table\",\n copy_options=\"delimiter '|'\",\n data_table_columns=\"test-col\",\n s3_backup_mode=\"Enabled\",\n s3_backup_configuration=aws.kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs(\n role_arn=aws_iam_role[\"firehose_role\"][\"arn\"],\n bucket_arn=aws_s3_bucket[\"bucket\"][\"arn\"],\n buffer_size=15,\n buffer_interval=300,\n compression_format=\"GZIP\",\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testCluster = new Aws.RedShift.Cluster(\"testCluster\", new Aws.RedShift.ClusterArgs\n {\n ClusterIdentifier = \"tf-redshift-cluster\",\n DatabaseName = \"test\",\n MasterUsername = \"testuser\",\n MasterPassword = \"T3stPass\",\n NodeType = \"dc1.large\",\n ClusterType = \"single-node\",\n });\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"testStream\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"redshift\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs\n {\n RoleArn = aws_iam_role.Firehose_role.Arn,\n BucketArn = aws_s3_bucket.Bucket.Arn,\n BufferSize = 10,\n BufferInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n RedshiftConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationArgs\n {\n RoleArn = aws_iam_role.Firehose_role.Arn,\n ClusterJdbcurl = Output.Tuple(testCluster.Endpoint, testCluster.DatabaseName).Apply(values =>\n {\n var endpoint = values.Item1;\n var databaseName = values.Item2;\n return $\"jdbc:redshift://{endpoint}/{databaseName}\";\n }),\n Username = \"testuser\",\n Password = \"T3stPass\",\n DataTableName = \"test-table\",\n CopyOptions = \"delimiter '|'\",\n DataTableColumns = \"test-col\",\n S3BackupMode = \"Enabled\",\n S3BackupConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs\n {\n RoleArn = aws_iam_role.Firehose_role.Arn,\n BucketArn = aws_s3_bucket.Bucket.Arn,\n BufferSize = 15,\n BufferInterval = 300,\n CompressionFormat = \"GZIP\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := redshift.NewCluster(ctx, \"testCluster\", &redshift.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift-cluster\"),\n\t\t\tDatabaseName: pulumi.String(\"test\"),\n\t\t\tMasterUsername: pulumi.String(\"testuser\"),\n\t\t\tMasterPassword: pulumi.String(\"T3stPass\"),\n\t\t\tNodeType: pulumi.String(\"dc1.large\"),\n\t\t\tClusterType: pulumi.String(\"single-node\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"testStream\", &kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tDestination: pulumi.String(\"redshift\"),\n\t\t\tS3Configuration: &kinesis.FirehoseDeliveryStreamS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose_role.Arn),\n\t\t\t\tBucketArn: pulumi.Any(aws_s3_bucket.Bucket.Arn),\n\t\t\t\tBufferSize: pulumi.Int(10),\n\t\t\t\tBufferInterval: pulumi.Int(400),\n\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t},\n\t\t\tRedshiftConfiguration: &kinesis.FirehoseDeliveryStreamRedshiftConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose_role.Arn),\n\t\t\t\tClusterJdbcurl: pulumi.All(testCluster.Endpoint, testCluster.DatabaseName).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\t\tendpoint := _args[0].(string)\n\t\t\t\t\tdatabaseName := _args[1].(string)\n\t\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v\", \"jdbc:redshift://\", endpoint, \"/\", databaseName), nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\tUsername: pulumi.String(\"testuser\"),\n\t\t\t\tPassword: pulumi.String(\"T3stPass\"),\n\t\t\t\tDataTableName: pulumi.String(\"test-table\"),\n\t\t\t\tCopyOptions: pulumi.String(\"delimiter '|'\"),\n\t\t\t\tDataTableColumns: pulumi.String(\"test-col\"),\n\t\t\t\tS3BackupMode: pulumi.String(\"Enabled\"),\n\t\t\t\tS3BackupConfiguration: &kinesis.FirehoseDeliveryStreamRedshiftConfigurationS3BackupConfigurationArgs{\n\t\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose_role.Arn),\n\t\t\t\t\tBucketArn: pulumi.Any(aws_s3_bucket.Bucket.Arn),\n\t\t\t\t\tBufferSize: pulumi.Int(15),\n\t\t\t\t\tBufferInterval: pulumi.Int(300),\n\t\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Elasticsearch Destination\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.elasticsearch.Domain(\"testCluster\", {});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"testStream\", {\n destination: \"elasticsearch\",\n s3Configuration: {\n roleArn: aws_iam_role.firehose_role.arn,\n bucketArn: aws_s3_bucket.bucket.arn,\n bufferSize: 10,\n bufferInterval: 400,\n compressionFormat: \"GZIP\",\n },\n elasticsearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: aws_iam_role.firehose_role.arn,\n indexName: \"test\",\n typeName: \"test\",\n processingConfiguration: {\n enabled: \"true\",\n processors: [{\n type: \"Lambda\",\n parameters: [{\n parameterName: \"LambdaArn\",\n parameterValue: `${aws_lambda_function.lambda_processor.arn}:$LATEST`,\n }],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.elasticsearch.Domain(\"testCluster\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"testStream\",\n destination=\"elasticsearch\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamS3ConfigurationArgs(\n role_arn=aws_iam_role[\"firehose_role\"][\"arn\"],\n bucket_arn=aws_s3_bucket[\"bucket\"][\"arn\"],\n buffer_size=10,\n buffer_interval=400,\n compression_format=\"GZIP\",\n ),\n elasticsearch_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs(\n domain_arn=test_cluster.arn,\n role_arn=aws_iam_role[\"firehose_role\"][\"arn\"],\n index_name=\"test\",\n type_name=\"test\",\n processing_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs(\n enabled=True,\n processors=[aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs(\n type=\"Lambda\",\n parameters=[aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs(\n parameter_name=\"LambdaArn\",\n parameter_value=f\"{aws_lambda_function['lambda_processor']['arn']}:$LATEST\",\n )],\n )],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testCluster = new Aws.ElasticSearch.Domain(\"testCluster\", new Aws.ElasticSearch.DomainArgs\n {\n });\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"testStream\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"elasticsearch\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs\n {\n RoleArn = aws_iam_role.Firehose_role.Arn,\n BucketArn = aws_s3_bucket.Bucket.Arn,\n BufferSize = 10,\n BufferInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n ElasticsearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = aws_iam_role.Firehose_role.Arn,\n IndexName = \"test\",\n TypeName = \"test\",\n ProcessingConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs\n {\n Enabled = true,\n Processors = \n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs\n {\n Type = \"Lambda\",\n Parameters = \n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs\n {\n ParameterName = \"LambdaArn\",\n ParameterValue = $\"{aws_lambda_function.Lambda_processor.Arn}:$LATEST\",\n },\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := elasticsearch.NewDomain(ctx, \"testCluster\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"testStream\", &kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tDestination: pulumi.String(\"elasticsearch\"),\n\t\t\tS3Configuration: &kinesis.FirehoseDeliveryStreamS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose_role.Arn),\n\t\t\t\tBucketArn: pulumi.Any(aws_s3_bucket.Bucket.Arn),\n\t\t\t\tBufferSize: pulumi.Int(10),\n\t\t\t\tBufferInterval: pulumi.Int(400),\n\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t},\n\t\t\tElasticsearchConfiguration: &kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose_role.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tTypeName: pulumi.String(\"test\"),\n\t\t\t\tProcessingConfiguration: &kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tProcessors: kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArray{\n\t\t\t\t\t\t&kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"Lambda\"),\n\t\t\t\t\t\t\tParameters: kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArray{\n\t\t\t\t\t\t\t\t&kinesis.FirehoseDeliveryStreamElasticsearchConfigurationProcessingConfigurationProcessorParameterArgs{\n\t\t\t\t\t\t\t\t\tParameterName: pulumi.String(\"LambdaArn\"),\n\t\t\t\t\t\t\t\t\tParameterValue: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", aws_lambda_function.Lambda_processor.Arn, \":\", \"$\", \"LATEST\")),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Elasticsearch Destination With VPC\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = new aws.elasticsearch.Domain(\"testCluster\", {\n clusterConfig: {\n instanceCount: 2,\n zoneAwarenessEnabled: true,\n instanceType: \"t2.small.elasticsearch\",\n },\n ebsOptions: {\n ebsEnabled: true,\n volumeSize: 10,\n },\n vpcOptions: {\n securityGroupIds: [aws_security_group.first.id],\n subnetIds: [\n aws_subnet.first.id,\n aws_subnet.second.id,\n ],\n },\n});\nconst firehose_elasticsearch = new aws.iam.RolePolicy(\"firehose-elasticsearch\", {\n role: aws_iam_role.firehose.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"${testCluster.arn}\",\n \"${testCluster.arn}/*\"\n ]\n },\n {\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }\n ]\n}\n`,\n});\nconst test = new aws.kinesis.FirehoseDeliveryStream(\"test\", {\n destination: \"elasticsearch\",\n s3Configuration: {\n roleArn: aws_iam_role.firehose.arn,\n bucketArn: aws_s3_bucket.bucket.arn,\n },\n elasticsearchConfiguration: {\n domainArn: testCluster.arn,\n roleArn: aws_iam_role.firehose.arn,\n indexName: \"test\",\n typeName: \"test\",\n vpcConfig: {\n subnetIds: [\n aws_subnet.first.id,\n aws_subnet.second.id,\n ],\n securityGroupIds: [aws_security_group.first.id],\n roleArn: aws_iam_role.firehose.arn,\n },\n },\n}, {\n dependsOn: [firehose_elasticsearch],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.elasticsearch.Domain(\"testCluster\",\n cluster_config=aws.elasticsearch.DomainClusterConfigArgs(\n instance_count=2,\n zone_awareness_enabled=True,\n instance_type=\"t2.small.elasticsearch\",\n ),\n ebs_options=aws.elasticsearch.DomainEbsOptionsArgs(\n ebs_enabled=True,\n volume_size=10,\n ),\n vpc_options=aws.elasticsearch.DomainVpcOptionsArgs(\n security_group_ids=[aws_security_group[\"first\"][\"id\"]],\n subnet_ids=[\n aws_subnet[\"first\"][\"id\"],\n aws_subnet[\"second\"][\"id\"],\n ],\n ))\nfirehose_elasticsearch = aws.iam.RolePolicy(\"firehose-elasticsearch\",\n role=aws_iam_role[\"firehose\"][\"id\"],\n policy=pulumi.Output.all(test_cluster.arn, test_cluster.arn).apply(lambda testClusterArn, testClusterArn1: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"es:*\"\n ],\n \"Resource\": [\n \"{test_cluster_arn}\",\n \"{test_cluster_arn1}/*\"\n ]\n }},\n {{\n \"Effect\": \"Allow\",\n \"Action\": [\n \"ec2:DescribeVpcs\",\n \"ec2:DescribeVpcAttribute\",\n \"ec2:DescribeSubnets\",\n \"ec2:DescribeSecurityGroups\",\n \"ec2:DescribeNetworkInterfaces\",\n \"ec2:CreateNetworkInterface\",\n \"ec2:CreateNetworkInterfacePermission\",\n \"ec2:DeleteNetworkInterface\"\n ],\n \"Resource\": [\n \"*\"\n ]\n }}\n ]\n}}\n\"\"\"))\ntest = aws.kinesis.FirehoseDeliveryStream(\"test\",\n destination=\"elasticsearch\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamS3ConfigurationArgs(\n role_arn=aws_iam_role[\"firehose\"][\"arn\"],\n bucket_arn=aws_s3_bucket[\"bucket\"][\"arn\"],\n ),\n elasticsearch_configuration=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs(\n domain_arn=test_cluster.arn,\n role_arn=aws_iam_role[\"firehose\"][\"arn\"],\n index_name=\"test\",\n type_name=\"test\",\n vpc_config=aws.kinesis.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs(\n subnet_ids=[\n aws_subnet[\"first\"][\"id\"],\n aws_subnet[\"second\"][\"id\"],\n ],\n security_group_ids=[aws_security_group[\"first\"][\"id\"]],\n role_arn=aws_iam_role[\"firehose\"][\"arn\"],\n ),\n ),\n opts=pulumi.ResourceOptions(depends_on=[firehose_elasticsearch]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testCluster = new Aws.ElasticSearch.Domain(\"testCluster\", new Aws.ElasticSearch.DomainArgs\n {\n ClusterConfig = new Aws.ElasticSearch.Inputs.DomainClusterConfigArgs\n {\n InstanceCount = 2,\n ZoneAwarenessEnabled = true,\n InstanceType = \"t2.small.elasticsearch\",\n },\n EbsOptions = new Aws.ElasticSearch.Inputs.DomainEbsOptionsArgs\n {\n EbsEnabled = true,\n VolumeSize = 10,\n },\n VpcOptions = new Aws.ElasticSearch.Inputs.DomainVpcOptionsArgs\n {\n SecurityGroupIds = \n {\n aws_security_group.First.Id,\n },\n SubnetIds = \n {\n aws_subnet.First.Id,\n aws_subnet.Second.Id,\n },\n },\n });\n var firehose_elasticsearch = new Aws.Iam.RolePolicy(\"firehose-elasticsearch\", new Aws.Iam.RolePolicyArgs\n {\n Role = aws_iam_role.Firehose.Id,\n Policy = Output.Tuple(testCluster.Arn, testCluster.Arn).Apply(values =>\n {\n var testClusterArn = values.Item1;\n var testClusterArn1 = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"es:*\"\"\n ],\n \"\"Resource\"\": [\n \"\"{testClusterArn}\"\",\n \"\"{testClusterArn1}/*\"\"\n ]\n }},\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": [\n \"\"ec2:DescribeVpcs\"\",\n \"\"ec2:DescribeVpcAttribute\"\",\n \"\"ec2:DescribeSubnets\"\",\n \"\"ec2:DescribeSecurityGroups\"\",\n \"\"ec2:DescribeNetworkInterfaces\"\",\n \"\"ec2:CreateNetworkInterface\"\",\n \"\"ec2:CreateNetworkInterfacePermission\"\",\n \"\"ec2:DeleteNetworkInterface\"\"\n ],\n \"\"Resource\"\": [\n \"\"*\"\"\n ]\n }}\n ]\n}}\n\";\n }),\n });\n var test = new Aws.Kinesis.FirehoseDeliveryStream(\"test\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"elasticsearch\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs\n {\n RoleArn = aws_iam_role.Firehose.Arn,\n BucketArn = aws_s3_bucket.Bucket.Arn,\n },\n ElasticsearchConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationArgs\n {\n DomainArn = testCluster.Arn,\n RoleArn = aws_iam_role.Firehose.Arn,\n IndexName = \"test\",\n TypeName = \"test\",\n VpcConfig = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs\n {\n SubnetIds = \n {\n aws_subnet.First.Id,\n aws_subnet.Second.Id,\n },\n SecurityGroupIds = \n {\n aws_security_group.First.Id,\n },\n RoleArn = aws_iam_role.Firehose.Arn,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n firehose_elasticsearch,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := elasticsearch.NewDomain(ctx, \"testCluster\", &elasticsearch.DomainArgs{\n\t\t\tClusterConfig: &elasticsearch.DomainClusterConfigArgs{\n\t\t\t\tInstanceCount: pulumi.Int(2),\n\t\t\t\tZoneAwarenessEnabled: pulumi.Bool(true),\n\t\t\t\tInstanceType: pulumi.String(\"t2.small.elasticsearch\"),\n\t\t\t},\n\t\t\tEbsOptions: &elasticsearch.DomainEbsOptionsArgs{\n\t\t\t\tEbsEnabled: pulumi.Bool(true),\n\t\t\t\tVolumeSize: pulumi.Int(10),\n\t\t\t},\n\t\t\tVpcOptions: &elasticsearch.DomainVpcOptionsArgs{\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_security_group.First.Id),\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_subnet.First.Id),\n\t\t\t\t\tpulumi.Any(aws_subnet.Second.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"firehose_elasticsearch\", &iam.RolePolicyArgs{\n\t\t\tRole: pulumi.Any(aws_iam_role.Firehose.Id),\n\t\t\tPolicy: pulumi.All(testCluster.Arn, testCluster.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\ttestClusterArn := _args[0].(string)\n\t\t\t\ttestClusterArn1 := _args[1].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"es:*\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"\", testClusterArn, \"\\\",\\n\", \" \\\"\", testClusterArn1, \"/*\\\"\\n\", \" ]\\n\", \" },\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": [\\n\", \" \\\"ec2:DescribeVpcs\\\",\\n\", \" \\\"ec2:DescribeVpcAttribute\\\",\\n\", \" \\\"ec2:DescribeSubnets\\\",\\n\", \" \\\"ec2:DescribeSecurityGroups\\\",\\n\", \" \\\"ec2:DescribeNetworkInterfaces\\\",\\n\", \" \\\"ec2:CreateNetworkInterface\\\",\\n\", \" \\\"ec2:CreateNetworkInterfacePermission\\\",\\n\", \" \\\"ec2:DeleteNetworkInterface\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"*\\\"\\n\", \" ]\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"test\", &kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tDestination: pulumi.String(\"elasticsearch\"),\n\t\t\tS3Configuration: &kinesis.FirehoseDeliveryStreamS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose.Arn),\n\t\t\t\tBucketArn: pulumi.Any(aws_s3_bucket.Bucket.Arn),\n\t\t\t},\n\t\t\tElasticsearchConfiguration: &kinesis.FirehoseDeliveryStreamElasticsearchConfigurationArgs{\n\t\t\t\tDomainArn: testCluster.Arn,\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose.Arn),\n\t\t\t\tIndexName: pulumi.String(\"test\"),\n\t\t\t\tTypeName: pulumi.String(\"test\"),\n\t\t\t\tVpcConfig: &kinesis.FirehoseDeliveryStreamElasticsearchConfigurationVpcConfigArgs{\n\t\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_subnet.First.Id),\n\t\t\t\t\t\tpulumi.Any(aws_subnet.Second.Id),\n\t\t\t\t\t},\n\t\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_security_group.First.Id),\n\t\t\t\t\t},\n\t\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tfirehose_elasticsearch,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Splunk Destination\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"testStream\", {\n destination: \"splunk\",\n s3Configuration: {\n roleArn: aws_iam_role.firehose.arn,\n bucketArn: aws_s3_bucket.bucket.arn,\n bufferSize: 10,\n bufferInterval: 400,\n compressionFormat: \"GZIP\",\n },\n splunkConfiguration: {\n hecEndpoint: \"https://http-inputs-mydomain.splunkcloud.com:443\",\n hecToken: \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n hecAcknowledgmentTimeout: 600,\n hecEndpointType: \"Event\",\n s3BackupMode: \"FailedEventsOnly\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"testStream\",\n destination=\"splunk\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamS3ConfigurationArgs(\n role_arn=aws_iam_role[\"firehose\"][\"arn\"],\n bucket_arn=aws_s3_bucket[\"bucket\"][\"arn\"],\n buffer_size=10,\n buffer_interval=400,\n compression_format=\"GZIP\",\n ),\n splunk_configuration=aws.kinesis.FirehoseDeliveryStreamSplunkConfigurationArgs(\n hec_endpoint=\"https://http-inputs-mydomain.splunkcloud.com:443\",\n hec_token=\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n hec_acknowledgment_timeout=600,\n hec_endpoint_type=\"Event\",\n s3_backup_mode=\"FailedEventsOnly\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"testStream\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"splunk\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs\n {\n RoleArn = aws_iam_role.Firehose.Arn,\n BucketArn = aws_s3_bucket.Bucket.Arn,\n BufferSize = 10,\n BufferInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n SplunkConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamSplunkConfigurationArgs\n {\n HecEndpoint = \"https://http-inputs-mydomain.splunkcloud.com:443\",\n HecToken = \"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\",\n HecAcknowledgmentTimeout = 600,\n HecEndpointType = \"Event\",\n S3BackupMode = \"FailedEventsOnly\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"testStream\", &kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tDestination: pulumi.String(\"splunk\"),\n\t\t\tS3Configuration: &kinesis.FirehoseDeliveryStreamS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose.Arn),\n\t\t\t\tBucketArn: pulumi.Any(aws_s3_bucket.Bucket.Arn),\n\t\t\t\tBufferSize: pulumi.Int(10),\n\t\t\t\tBufferInterval: pulumi.Int(400),\n\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t},\n\t\t\tSplunkConfiguration: &kinesis.FirehoseDeliveryStreamSplunkConfigurationArgs{\n\t\t\t\tHecEndpoint: pulumi.String(\"https://http-inputs-mydomain.splunkcloud.com:443\"),\n\t\t\t\tHecToken: pulumi.String(\"51D4DA16-C61B-4F5F-8EC7-ED4301342A4A\"),\n\t\t\t\tHecAcknowledgmentTimeout: pulumi.Int(600),\n\t\t\t\tHecEndpointType: pulumi.String(\"Event\"),\n\t\t\t\tS3BackupMode: pulumi.String(\"FailedEventsOnly\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### HTTP Endpoint (e.g. New Relic) Destination\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"testStream\", {\n destination: \"http_endpoint\",\n s3Configuration: {\n roleArn: aws_iam_role.firehose.arn,\n bucketArn: aws_s3_bucket.bucket.arn,\n bufferSize: 10,\n bufferInterval: 400,\n compressionFormat: \"GZIP\",\n },\n httpEndpointConfiguration: {\n url: \"https://aws-api.newrelic.com/firehose/v1\",\n name: \"New Relic\",\n accessKey: \"my-key\",\n bufferingSize: 15,\n bufferingInterval: 600,\n roleArn: aws_iam_role.firehose.arn,\n s3BackupMode: \"FailedDataOnly\",\n requestConfiguration: {\n contentEncoding: \"GZIP\",\n commonAttributes: [\n {\n name: \"testname\",\n value: \"testvalue\",\n },\n {\n name: \"testname2\",\n value: \"testvalue2\",\n },\n ],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"testStream\",\n destination=\"http_endpoint\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamS3ConfigurationArgs(\n role_arn=aws_iam_role[\"firehose\"][\"arn\"],\n bucket_arn=aws_s3_bucket[\"bucket\"][\"arn\"],\n buffer_size=10,\n buffer_interval=400,\n compression_format=\"GZIP\",\n ),\n http_endpoint_configuration=aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationArgs(\n url=\"https://aws-api.newrelic.com/firehose/v1\",\n name=\"New Relic\",\n access_key=\"my-key\",\n buffering_size=15,\n buffering_interval=600,\n role_arn=aws_iam_role[\"firehose\"][\"arn\"],\n s3_backup_mode=\"FailedDataOnly\",\n request_configuration=aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs(\n content_encoding=\"GZIP\",\n common_attributes=[\n aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs(\n name=\"testname\",\n value=\"testvalue\",\n ),\n aws.kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs(\n name=\"testname2\",\n value=\"testvalue2\",\n ),\n ],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"testStream\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"http_endpoint\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs\n {\n RoleArn = aws_iam_role.Firehose.Arn,\n BucketArn = aws_s3_bucket.Bucket.Arn,\n BufferSize = 10,\n BufferInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n HttpEndpointConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationArgs\n {\n Url = \"https://aws-api.newrelic.com/firehose/v1\",\n Name = \"New Relic\",\n AccessKey = \"my-key\",\n BufferingSize = 15,\n BufferingInterval = 600,\n RoleArn = aws_iam_role.Firehose.Arn,\n S3BackupMode = \"FailedDataOnly\",\n RequestConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs\n {\n ContentEncoding = \"GZIP\",\n CommonAttributes = \n {\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs\n {\n Name = \"testname\",\n Value = \"testvalue\",\n },\n new Aws.Kinesis.Inputs.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs\n {\n Name = \"testname2\",\n Value = \"testvalue2\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewFirehoseDeliveryStream(ctx, \"testStream\", &kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tDestination: pulumi.String(\"http_endpoint\"),\n\t\t\tS3Configuration: &kinesis.FirehoseDeliveryStreamS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose.Arn),\n\t\t\t\tBucketArn: pulumi.Any(aws_s3_bucket.Bucket.Arn),\n\t\t\t\tBufferSize: pulumi.Int(10),\n\t\t\t\tBufferInterval: pulumi.Int(400),\n\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t},\n\t\t\tHttpEndpointConfiguration: &kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationArgs{\n\t\t\t\tUrl: pulumi.String(\"https://aws-api.newrelic.com/firehose/v1\"),\n\t\t\t\tName: pulumi.String(\"New Relic\"),\n\t\t\t\tAccessKey: pulumi.String(\"my-key\"),\n\t\t\t\tBufferingSize: pulumi.Int(15),\n\t\t\t\tBufferingInterval: pulumi.Int(600),\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose.Arn),\n\t\t\t\tS3BackupMode: pulumi.String(\"FailedDataOnly\"),\n\t\t\t\tRequestConfiguration: &kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationArgs{\n\t\t\t\t\tContentEncoding: pulumi.String(\"GZIP\"),\n\t\t\t\t\tCommonAttributes: kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArray{\n\t\t\t\t\t\t&kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"testname\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"testvalue\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&kinesis.FirehoseDeliveryStreamHttpEndpointConfigurationRequestConfigurationCommonAttributeArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"testname2\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"testvalue2\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nKinesis Firehose Delivery streams can be imported using the stream ARN, e.g.\n\n```sh\n $ pulumi import aws:kinesis/firehoseDeliveryStream:FirehoseDeliveryStream foo arn:aws:firehose:us-east-1:XXX:deliverystream/example\n```\n\n NoteImport does not work for stream destination `s3`. Consider using `extended_s3` since `s3` destination is deprecated. ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the Stream\n" + }, + "destination": { + "type": "string", + "description": "This is the destination to where the data is delivered. The only options are `s3` (Deprecated, use `extended_s3` instead), `extended_s3`, `redshift`, `elasticsearch`, `splunk`, and `http_endpoint`.\n" + }, + "destinationId": { + "type": "string" + }, + "elasticsearchConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamElasticsearchConfiguration:FirehoseDeliveryStreamElasticsearchConfiguration", + "description": "Configuration options if elasticsearch is the destination. More details are given below.\n" + }, + "extendedS3Configuration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3Configuration:FirehoseDeliveryStreamExtendedS3Configuration", + "description": "Enhanced configuration options for the s3 destination. More details are given below.\n" + }, + "httpEndpointConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfiguration:FirehoseDeliveryStreamHttpEndpointConfiguration", + "description": "Configuration options if http_endpoint is the destination. requires the user to also specify a `s3_configuration` block. More details are given below.\n" + }, + "kinesisSourceConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamKinesisSourceConfiguration:FirehoseDeliveryStreamKinesisSourceConfiguration", + "description": "Allows the ability to specify the kinesis stream that is used as the source of the firehose delivery stream.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the stream. This is unique to the\nAWS account and region the Stream is created in.\n" + }, + "redshiftConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamRedshiftConfiguration:FirehoseDeliveryStreamRedshiftConfiguration", + "description": "Configuration options if redshift is the destination.\nUsing `redshift_configuration` requires the user to also specify a\n`s3_configuration` block. More details are given below.\n" + }, + "s3Configuration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamS3Configuration:FirehoseDeliveryStreamS3Configuration", + "description": "Required for non-S3 destinations. For S3 destination, use `extended_s3_configuration` instead. Configuration options for the s3 destination (or the intermediate bucket if the destination\nis redshift). More details are given below.\n" + }, + "serverSideEncryption": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamServerSideEncryption:FirehoseDeliveryStreamServerSideEncryption", + "description": "Encrypt at rest options.\nServer-side encryption should not be enabled when a kinesis stream is configured as the source of the firehose delivery stream.\n" + }, + "splunkConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamSplunkConfiguration:FirehoseDeliveryStreamSplunkConfiguration", + "description": "Configuration options if splunk is the destination. More details are given below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "versionId": { + "type": "string", + "description": "Specifies the table version for the output data schema. Defaults to `LATEST`.\n" + } + }, + "required": [ + "arn", + "destination", + "destinationId", + "name", + "tagsAll", + "versionId" + ], + "inputProperties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the Stream\n" + }, + "destination": { + "type": "string", + "description": "This is the destination to where the data is delivered. The only options are `s3` (Deprecated, use `extended_s3` instead), `extended_s3`, `redshift`, `elasticsearch`, `splunk`, and `http_endpoint`.\n" + }, + "destinationId": { + "type": "string" + }, + "elasticsearchConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamElasticsearchConfiguration:FirehoseDeliveryStreamElasticsearchConfiguration", + "description": "Configuration options if elasticsearch is the destination. More details are given below.\n" + }, + "extendedS3Configuration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3Configuration:FirehoseDeliveryStreamExtendedS3Configuration", + "description": "Enhanced configuration options for the s3 destination. More details are given below.\n" + }, + "httpEndpointConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfiguration:FirehoseDeliveryStreamHttpEndpointConfiguration", + "description": "Configuration options if http_endpoint is the destination. requires the user to also specify a `s3_configuration` block. More details are given below.\n" + }, + "kinesisSourceConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamKinesisSourceConfiguration:FirehoseDeliveryStreamKinesisSourceConfiguration", + "description": "Allows the ability to specify the kinesis stream that is used as the source of the firehose delivery stream.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the stream. This is unique to the\nAWS account and region the Stream is created in.\n" + }, + "redshiftConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamRedshiftConfiguration:FirehoseDeliveryStreamRedshiftConfiguration", + "description": "Configuration options if redshift is the destination.\nUsing `redshift_configuration` requires the user to also specify a\n`s3_configuration` block. More details are given below.\n" + }, + "s3Configuration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamS3Configuration:FirehoseDeliveryStreamS3Configuration", + "description": "Required for non-S3 destinations. For S3 destination, use `extended_s3_configuration` instead. Configuration options for the s3 destination (or the intermediate bucket if the destination\nis redshift). More details are given below.\n" + }, + "serverSideEncryption": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamServerSideEncryption:FirehoseDeliveryStreamServerSideEncryption", + "description": "Encrypt at rest options.\nServer-side encryption should not be enabled when a kinesis stream is configured as the source of the firehose delivery stream.\n" + }, + "splunkConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamSplunkConfiguration:FirehoseDeliveryStreamSplunkConfiguration", + "description": "Configuration options if splunk is the destination. More details are given below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "versionId": { + "type": "string", + "description": "Specifies the table version for the output data schema. Defaults to `LATEST`.\n" + } + }, + "requiredInputs": [ + "destination" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering FirehoseDeliveryStream resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the Stream\n" + }, + "destination": { + "type": "string", + "description": "This is the destination to where the data is delivered. The only options are `s3` (Deprecated, use `extended_s3` instead), `extended_s3`, `redshift`, `elasticsearch`, `splunk`, and `http_endpoint`.\n" + }, + "destinationId": { + "type": "string" + }, + "elasticsearchConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamElasticsearchConfiguration:FirehoseDeliveryStreamElasticsearchConfiguration", + "description": "Configuration options if elasticsearch is the destination. More details are given below.\n" + }, + "extendedS3Configuration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamExtendedS3Configuration:FirehoseDeliveryStreamExtendedS3Configuration", + "description": "Enhanced configuration options for the s3 destination. More details are given below.\n" + }, + "httpEndpointConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamHttpEndpointConfiguration:FirehoseDeliveryStreamHttpEndpointConfiguration", + "description": "Configuration options if http_endpoint is the destination. requires the user to also specify a `s3_configuration` block. More details are given below.\n" + }, + "kinesisSourceConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamKinesisSourceConfiguration:FirehoseDeliveryStreamKinesisSourceConfiguration", + "description": "Allows the ability to specify the kinesis stream that is used as the source of the firehose delivery stream.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the stream. This is unique to the\nAWS account and region the Stream is created in.\n" + }, + "redshiftConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamRedshiftConfiguration:FirehoseDeliveryStreamRedshiftConfiguration", + "description": "Configuration options if redshift is the destination.\nUsing `redshift_configuration` requires the user to also specify a\n`s3_configuration` block. More details are given below.\n" + }, + "s3Configuration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamS3Configuration:FirehoseDeliveryStreamS3Configuration", + "description": "Required for non-S3 destinations. For S3 destination, use `extended_s3_configuration` instead. Configuration options for the s3 destination (or the intermediate bucket if the destination\nis redshift). More details are given below.\n" + }, + "serverSideEncryption": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamServerSideEncryption:FirehoseDeliveryStreamServerSideEncryption", + "description": "Encrypt at rest options.\nServer-side encryption should not be enabled when a kinesis stream is configured as the source of the firehose delivery stream.\n" + }, + "splunkConfiguration": { + "$ref": "#/types/aws:kinesis/FirehoseDeliveryStreamSplunkConfiguration:FirehoseDeliveryStreamSplunkConfiguration", + "description": "Configuration options if splunk is the destination. More details are given below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "versionId": { + "type": "string", + "description": "Specifies the table version for the output data schema. Defaults to `LATEST`.\n" + } + }, + "type": "object" + } + }, + "aws:kinesis/stream:Stream": { + "description": "Provides a Kinesis Stream resource. Amazon Kinesis is a managed service that\nscales elastically for real-time processing of streaming big data.\n\nFor more details, see the [Amazon Kinesis Documentation](https://aws.amazon.com/documentation/kinesis/).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStream = new aws.kinesis.Stream(\"test_stream\", {\n retentionPeriod: 48,\n shardCount: 1,\n shardLevelMetrics: [\n \"IncomingBytes\",\n \"OutgoingBytes\",\n ],\n tags: {\n Environment: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_stream = aws.kinesis.Stream(\"testStream\",\n retention_period=48,\n shard_count=1,\n shard_level_metrics=[\n \"IncomingBytes\",\n \"OutgoingBytes\",\n ],\n tags={\n \"Environment\": \"test\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testStream = new Aws.Kinesis.Stream(\"testStream\", new Aws.Kinesis.StreamArgs\n {\n RetentionPeriod = 48,\n ShardCount = 1,\n ShardLevelMetrics = \n {\n \"IncomingBytes\",\n \"OutgoingBytes\",\n },\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewStream(ctx, \"testStream\", &kinesis.StreamArgs{\n\t\t\tRetentionPeriod: pulumi.Int(48),\n\t\t\tShardCount: pulumi.Int(1),\n\t\t\tShardLevelMetrics: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"IncomingBytes\"),\n\t\t\t\tpulumi.String(\"OutgoingBytes\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nKinesis Streams can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:kinesis/stream:Stream test_stream kinesis-test\n```\n\n [1]https://aws.amazon.com/documentation/kinesis/ [2]https://docs.aws.amazon.com/kinesis/latest/dev/amazon-kinesis-streams.html [3]https://docs.aws.amazon.com/streams/latest/dev/monitoring-with-cloudwatch.html ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the Stream (same as `id`)\n" + }, + "encryptionType": { + "type": "string", + "description": "The encryption type to use. The only acceptable values are `NONE` or `KMS`. The default value is `NONE`.\n" + }, + "enforceConsumerDeletion": { + "type": "boolean", + "description": "A boolean that indicates all registered consumers should be deregistered from the stream so that the stream can be destroyed without error. The default value is `false`.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The GUID for the customer-managed KMS key to use for encryption. You can also use a Kinesis-owned master key by specifying the alias `alias/aws/kinesis`.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the stream. This is unique to the AWS account and region the Stream is created in.\n" + }, + "retentionPeriod": { + "type": "integer", + "description": "Length of time data records are accessible after they are added to the stream. The maximum value of a stream's retention period is 8760 hours. Minimum value is 24. Default is 24.\n" + }, + "shardCount": { + "type": "integer", + "description": "The number of shards that the stream will use.\nAmazon has guidelines for specifying the Stream size that should be referenced when creating a Kinesis stream. See [Amazon Kinesis Streams](https://docs.aws.amazon.com/kinesis/latest/dev/amazon-kinesis-streams.html) for more.\n" + }, + "shardLevelMetrics": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of shard-level CloudWatch metrics which can be enabled for the stream. See [Monitoring with CloudWatch](https://docs.aws.amazon.com/streams/latest/dev/monitoring-with-cloudwatch.html) for more. Note that the value ALL should not be used; instead you should provide an explicit list of metrics you wish to enable.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "name", + "shardCount", + "tagsAll" + ], + "inputProperties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the Stream (same as `id`)\n" + }, + "encryptionType": { + "type": "string", + "description": "The encryption type to use. The only acceptable values are `NONE` or `KMS`. The default value is `NONE`.\n" + }, + "enforceConsumerDeletion": { + "type": "boolean", + "description": "A boolean that indicates all registered consumers should be deregistered from the stream so that the stream can be destroyed without error. The default value is `false`.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The GUID for the customer-managed KMS key to use for encryption. You can also use a Kinesis-owned master key by specifying the alias `alias/aws/kinesis`.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the stream. This is unique to the AWS account and region the Stream is created in.\n" + }, + "retentionPeriod": { + "type": "integer", + "description": "Length of time data records are accessible after they are added to the stream. The maximum value of a stream's retention period is 8760 hours. Minimum value is 24. Default is 24.\n" + }, + "shardCount": { + "type": "integer", + "description": "The number of shards that the stream will use.\nAmazon has guidelines for specifying the Stream size that should be referenced when creating a Kinesis stream. See [Amazon Kinesis Streams](https://docs.aws.amazon.com/kinesis/latest/dev/amazon-kinesis-streams.html) for more.\n" + }, + "shardLevelMetrics": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of shard-level CloudWatch metrics which can be enabled for the stream. See [Monitoring with CloudWatch](https://docs.aws.amazon.com/streams/latest/dev/monitoring-with-cloudwatch.html) for more. Note that the value ALL should not be used; instead you should provide an explicit list of metrics you wish to enable.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "shardCount" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Stream resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the Stream (same as `id`)\n" + }, + "encryptionType": { + "type": "string", + "description": "The encryption type to use. The only acceptable values are `NONE` or `KMS`. The default value is `NONE`.\n" + }, + "enforceConsumerDeletion": { + "type": "boolean", + "description": "A boolean that indicates all registered consumers should be deregistered from the stream so that the stream can be destroyed without error. The default value is `false`.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The GUID for the customer-managed KMS key to use for encryption. You can also use a Kinesis-owned master key by specifying the alias `alias/aws/kinesis`.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the stream. This is unique to the AWS account and region the Stream is created in.\n" + }, + "retentionPeriod": { + "type": "integer", + "description": "Length of time data records are accessible after they are added to the stream. The maximum value of a stream's retention period is 8760 hours. Minimum value is 24. Default is 24.\n" + }, + "shardCount": { + "type": "integer", + "description": "The number of shards that the stream will use.\nAmazon has guidelines for specifying the Stream size that should be referenced when creating a Kinesis stream. See [Amazon Kinesis Streams](https://docs.aws.amazon.com/kinesis/latest/dev/amazon-kinesis-streams.html) for more.\n" + }, + "shardLevelMetrics": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of shard-level CloudWatch metrics which can be enabled for the stream. See [Monitoring with CloudWatch](https://docs.aws.amazon.com/streams/latest/dev/monitoring-with-cloudwatch.html) for more. Note that the value ALL should not be used; instead you should provide an explicit list of metrics you wish to enable.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:kinesis/streamConsumer:StreamConsumer": { + "description": "Provides a resource to manage a Kinesis Stream Consumer.\n\n> **Note:** You can register up to 20 consumers per stream. A given consumer can only be registered with one stream at a time.\n\nFor more details, see the [Amazon Kinesis Stream Consumer Documentation](https://docs.aws.amazon.com/streams/latest/dev/amazon-kinesis-consumers.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleStream = new aws.kinesis.Stream(\"exampleStream\", {shardCount: 1});\nconst exampleStreamConsumer = new aws.kinesis.StreamConsumer(\"exampleStreamConsumer\", {streamArn: exampleStream.arn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_stream = aws.kinesis.Stream(\"exampleStream\", shard_count=1)\nexample_stream_consumer = aws.kinesis.StreamConsumer(\"exampleStreamConsumer\", stream_arn=example_stream.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleStream = new Aws.Kinesis.Stream(\"exampleStream\", new Aws.Kinesis.StreamArgs\n {\n ShardCount = 1,\n });\n var exampleStreamConsumer = new Aws.Kinesis.StreamConsumer(\"exampleStreamConsumer\", new Aws.Kinesis.StreamConsumerArgs\n {\n StreamArn = exampleStream.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleStream, err := kinesis.NewStream(ctx, \"exampleStream\", &kinesis.StreamArgs{\n\t\t\tShardCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewStreamConsumer(ctx, \"exampleStreamConsumer\", &kinesis.StreamConsumerArgs{\n\t\t\tStreamArn: exampleStream.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nKinesis Stream Consumers can be imported using the Amazon Resource Name (ARN) e.g.\n\n```sh\n $ pulumi import aws:kinesis/streamConsumer:StreamConsumer example arn:aws:kinesis:us-west-2:123456789012:stream/example/consumer/example:1616044553\n```\n\n [1]https://docs.aws.amazon.com/streams/latest/dev/amazon-kinesis-consumers.html ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the stream consumer.\n" + }, + "creationTimestamp": { + "type": "string", + "description": "Approximate timestamp in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) of when the stream consumer was created.\n" + }, + "name": { + "type": "string", + "description": "Name of the stream consumer.\n" + }, + "streamArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the data stream the consumer is registered with.\n" + } + }, + "required": [ + "arn", + "creationTimestamp", + "name", + "streamArn" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "Name of the stream consumer.\n" + }, + "streamArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the data stream the consumer is registered with.\n" + } + }, + "requiredInputs": [ + "streamArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering StreamConsumer resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the stream consumer.\n" + }, + "creationTimestamp": { + "type": "string", + "description": "Approximate timestamp in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) of when the stream consumer was created.\n" + }, + "name": { + "type": "string", + "description": "Name of the stream consumer.\n" + }, + "streamArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the data stream the consumer is registered with.\n" + } + }, + "type": "object" + } + }, + "aws:kinesis/videoStream:VideoStream": { + "description": "Provides a Kinesis Video Stream resource. Amazon Kinesis Video Streams makes it easy to securely stream video from connected devices to AWS for analytics, machine learning (ML), playback, and other processing.\n\nFor more details, see the [Amazon Kinesis Documentation](https://aws.amazon.com/documentation/kinesis/).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultVideoStream = new aws.kinesis.VideoStream(\"default\", {\n dataRetentionInHours: 1,\n deviceName: \"kinesis-video-device-name\",\n mediaType: \"video/h264\",\n tags: {\n Name: \"kinesis-video-stream\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.kinesis.VideoStream(\"default\",\n data_retention_in_hours=1,\n device_name=\"kinesis-video-device-name\",\n media_type=\"video/h264\",\n tags={\n \"Name\": \"kinesis-video-stream\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Kinesis.VideoStream(\"default\", new Aws.Kinesis.VideoStreamArgs\n {\n DataRetentionInHours = 1,\n DeviceName = \"kinesis-video-device-name\",\n MediaType = \"video/h264\",\n Tags = \n {\n { \"Name\", \"kinesis-video-stream\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.NewVideoStream(ctx, \"_default\", &kinesis.VideoStreamArgs{\n\t\t\tDataRetentionInHours: pulumi.Int(1),\n\t\t\tDeviceName: pulumi.String(\"kinesis-video-device-name\"),\n\t\t\tMediaType: pulumi.String(\"video/h264\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"kinesis-video-stream\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nKinesis Streams can be imported using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:kinesis/videoStream:VideoStream test_stream arn:aws:kinesisvideo:us-west-2:123456789012:stream/terraform-kinesis-test/1554978910975\n```\n\n [1]https://aws.amazon.com/documentation/kinesis/ [2]http://www.iana.org/assignments/media-types/media-types.xhtml [3]https://tools.ietf.org/html/rfc6838#section-4.2 ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the Stream (same as `id`)\n" + }, + "creationTime": { + "type": "string", + "description": "A time stamp that indicates when the stream was created.\n" + }, + "dataRetentionInHours": { + "type": "integer", + "description": "The number of hours that you want to retain the data in the stream. Kinesis Video Streams retains the data in a data store that is associated with the stream. The default value is `0`, indicating that the stream does not persist data.\n" + }, + "deviceName": { + "type": "string", + "description": "The name of the device that is writing to the stream. **In the current implementation, Kinesis Video Streams does not use this name.**\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ID of the AWS Key Management Service (AWS KMS) key that you want Kinesis Video Streams to use to encrypt stream data. If no key ID is specified, the default, Kinesis Video-managed key (`aws/kinesisvideo`) is used.\n" + }, + "mediaType": { + "type": "string", + "description": "The media type of the stream. Consumers of the stream can use this information when processing the stream. For more information about media types, see [Media Types](http://www.iana.org/assignments/media-types/media-types.xhtml). If you choose to specify the MediaType, see [Naming Requirements](https://tools.ietf.org/html/rfc6838#section-4.2) for guidelines.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the stream. This is unique to the\nAWS account and region the Stream is created in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "version": { + "type": "string", + "description": "The version of the stream.\n" + } + }, + "required": [ + "arn", + "creationTime", + "kmsKeyId", + "name", + "tagsAll", + "version" + ], + "inputProperties": { + "dataRetentionInHours": { + "type": "integer", + "description": "The number of hours that you want to retain the data in the stream. Kinesis Video Streams retains the data in a data store that is associated with the stream. The default value is `0`, indicating that the stream does not persist data.\n" + }, + "deviceName": { + "type": "string", + "description": "The name of the device that is writing to the stream. **In the current implementation, Kinesis Video Streams does not use this name.**\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ID of the AWS Key Management Service (AWS KMS) key that you want Kinesis Video Streams to use to encrypt stream data. If no key ID is specified, the default, Kinesis Video-managed key (`aws/kinesisvideo`) is used.\n" + }, + "mediaType": { + "type": "string", + "description": "The media type of the stream. Consumers of the stream can use this information when processing the stream. For more information about media types, see [Media Types](http://www.iana.org/assignments/media-types/media-types.xhtml). If you choose to specify the MediaType, see [Naming Requirements](https://tools.ietf.org/html/rfc6838#section-4.2) for guidelines.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the stream. This is unique to the\nAWS account and region the Stream is created in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering VideoStream resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the Stream (same as `id`)\n" + }, + "creationTime": { + "type": "string", + "description": "A time stamp that indicates when the stream was created.\n" + }, + "dataRetentionInHours": { + "type": "integer", + "description": "The number of hours that you want to retain the data in the stream. Kinesis Video Streams retains the data in a data store that is associated with the stream. The default value is `0`, indicating that the stream does not persist data.\n" + }, + "deviceName": { + "type": "string", + "description": "The name of the device that is writing to the stream. **In the current implementation, Kinesis Video Streams does not use this name.**\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ID of the AWS Key Management Service (AWS KMS) key that you want Kinesis Video Streams to use to encrypt stream data. If no key ID is specified, the default, Kinesis Video-managed key (`aws/kinesisvideo`) is used.\n" + }, + "mediaType": { + "type": "string", + "description": "The media type of the stream. Consumers of the stream can use this information when processing the stream. For more information about media types, see [Media Types](http://www.iana.org/assignments/media-types/media-types.xhtml). If you choose to specify the MediaType, see [Naming Requirements](https://tools.ietf.org/html/rfc6838#section-4.2) for guidelines.\n" + }, + "name": { + "type": "string", + "description": "A name to identify the stream. This is unique to the\nAWS account and region the Stream is created in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "version": { + "type": "string", + "description": "The version of the stream.\n" + } + }, + "type": "object" + } + }, + "aws:kinesisanalyticsv2/application:Application": { + "description": "Manages a Kinesis Analytics v2 Application.\nThis resource can be used to manage both Kinesis Data Analytics for SQL applications and Kinesis Data Analytics for Apache Flink applications.\n\n> **Note:** Kinesis Data Analytics for SQL applications created using this resource cannot currently be viewed in the AWS Console. To manage Kinesis Data Analytics for SQL applications that can also be viewed in the AWS Console, use the `aws.kinesis.AnalyticsApplication`resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Apache Flink Application\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {});\nconst exampleBucketObject = new aws.s3.BucketObject(\"exampleBucketObject\", {\n bucket: exampleBucket.bucket,\n key: \"example-flink-application\",\n source: new pulumi.asset.FileAsset(\"flink-app.jar\"),\n});\nconst exampleApplication = new aws.kinesisanalyticsv2.Application(\"exampleApplication\", {\n runtimeEnvironment: \"FLINK-1_8\",\n serviceExecutionRole: aws_iam_role.example.arn,\n applicationConfiguration: {\n applicationCodeConfiguration: {\n codeContent: {\n s3ContentLocation: {\n bucketArn: exampleBucket.arn,\n fileKey: exampleBucketObject.key,\n },\n },\n codeContentType: \"ZIPFILE\",\n },\n environmentProperties: {\n propertyGroups: [\n {\n propertyGroupId: \"PROPERTY-GROUP-1\",\n propertyMap: {\n Key1: \"Value1\",\n },\n },\n {\n propertyGroupId: \"PROPERTY-GROUP-2\",\n propertyMap: {\n KeyA: \"ValueA\",\n KeyB: \"ValueB\",\n },\n },\n ],\n },\n flinkApplicationConfiguration: {\n checkpointConfiguration: {\n configurationType: \"DEFAULT\",\n },\n monitoringConfiguration: {\n configurationType: \"CUSTOM\",\n logLevel: \"DEBUG\",\n metricsLevel: \"TASK\",\n },\n parallelismConfiguration: {\n autoScalingEnabled: true,\n configurationType: \"CUSTOM\",\n parallelism: 10,\n parallelismPerKpu: 4,\n },\n },\n },\n tags: {\n Environment: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3.Bucket(\"exampleBucket\")\nexample_bucket_object = aws.s3.BucketObject(\"exampleBucketObject\",\n bucket=example_bucket.bucket,\n key=\"example-flink-application\",\n source=pulumi.FileAsset(\"flink-app.jar\"))\nexample_application = aws.kinesisanalyticsv2.Application(\"exampleApplication\",\n runtime_environment=\"FLINK-1_8\",\n service_execution_role=aws_iam_role[\"example\"][\"arn\"],\n application_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationArgs(\n application_code_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationArgs(\n code_content=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentArgs(\n s3_content_location=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocationArgs(\n bucket_arn=example_bucket.arn,\n file_key=example_bucket_object.key,\n ),\n ),\n code_content_type=\"ZIPFILE\",\n ),\n environment_properties=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationEnvironmentPropertiesArgs(\n property_groups=[\n aws.kinesisanalyticsv2.ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroupArgs(\n property_group_id=\"PROPERTY-GROUP-1\",\n property_map={\n \"Key1\": \"Value1\",\n },\n ),\n aws.kinesisanalyticsv2.ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroupArgs(\n property_group_id=\"PROPERTY-GROUP-2\",\n property_map={\n \"KeyA\": \"ValueA\",\n \"KeyB\": \"ValueB\",\n },\n ),\n ],\n ),\n flink_application_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationFlinkApplicationConfigurationArgs(\n checkpoint_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationFlinkApplicationConfigurationCheckpointConfigurationArgs(\n configuration_type=\"DEFAULT\",\n ),\n monitoring_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationFlinkApplicationConfigurationMonitoringConfigurationArgs(\n configuration_type=\"CUSTOM\",\n log_level=\"DEBUG\",\n metrics_level=\"TASK\",\n ),\n parallelism_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationFlinkApplicationConfigurationParallelismConfigurationArgs(\n auto_scaling_enabled=True,\n configuration_type=\"CUSTOM\",\n parallelism=10,\n parallelism_per_kpu=4,\n ),\n ),\n ),\n tags={\n \"Environment\": \"test\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n });\n var exampleBucketObject = new Aws.S3.BucketObject(\"exampleBucketObject\", new Aws.S3.BucketObjectArgs\n {\n Bucket = exampleBucket.BucketName,\n Key = \"example-flink-application\",\n Source = new FileAsset(\"flink-app.jar\"),\n });\n var exampleApplication = new Aws.KinesisAnalyticsV2.Application(\"exampleApplication\", new Aws.KinesisAnalyticsV2.ApplicationArgs\n {\n RuntimeEnvironment = \"FLINK-1_8\",\n ServiceExecutionRole = aws_iam_role.Example.Arn,\n ApplicationConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationArgs\n {\n ApplicationCodeConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationApplicationCodeConfigurationArgs\n {\n CodeContent = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentArgs\n {\n S3ContentLocation = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocationArgs\n {\n BucketArn = exampleBucket.Arn,\n FileKey = exampleBucketObject.Key,\n },\n },\n CodeContentType = \"ZIPFILE\",\n },\n EnvironmentProperties = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationEnvironmentPropertiesArgs\n {\n PropertyGroups = \n {\n new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroupArgs\n {\n PropertyGroupId = \"PROPERTY-GROUP-1\",\n PropertyMap = \n {\n { \"Key1\", \"Value1\" },\n },\n },\n new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroupArgs\n {\n PropertyGroupId = \"PROPERTY-GROUP-2\",\n PropertyMap = \n {\n { \"KeyA\", \"ValueA\" },\n { \"KeyB\", \"ValueB\" },\n },\n },\n },\n },\n FlinkApplicationConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationFlinkApplicationConfigurationArgs\n {\n CheckpointConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationFlinkApplicationConfigurationCheckpointConfigurationArgs\n {\n ConfigurationType = \"DEFAULT\",\n },\n MonitoringConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationFlinkApplicationConfigurationMonitoringConfigurationArgs\n {\n ConfigurationType = \"CUSTOM\",\n LogLevel = \"DEBUG\",\n MetricsLevel = \"TASK\",\n },\n ParallelismConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationFlinkApplicationConfigurationParallelismConfigurationArgs\n {\n AutoScalingEnabled = true,\n ConfigurationType = \"CUSTOM\",\n Parallelism = 10,\n ParallelismPerKpu = 4,\n },\n },\n },\n Tags = \n {\n { \"Environment\", \"test\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesisanalyticsv2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketObject, err := s3.NewBucketObject(ctx, \"exampleBucketObject\", &s3.BucketObjectArgs{\n\t\t\tBucket: exampleBucket.Bucket,\n\t\t\tKey: pulumi.String(\"example-flink-application\"),\n\t\t\tSource: pulumi.NewFileAsset(\"flink-app.jar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesisanalyticsv2.NewApplication(ctx, \"exampleApplication\", &kinesisanalyticsv2.ApplicationArgs{\n\t\t\tRuntimeEnvironment: pulumi.String(\"FLINK-1_8\"),\n\t\t\tServiceExecutionRole: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tApplicationConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationArgs{\n\t\t\t\tApplicationCodeConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationArgs{\n\t\t\t\t\tCodeContent: &kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentArgs{\n\t\t\t\t\t\tS3ContentLocation: &kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocationArgs{\n\t\t\t\t\t\t\tBucketArn: exampleBucket.Arn,\n\t\t\t\t\t\t\tFileKey: exampleBucketObject.Key,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tCodeContentType: pulumi.String(\"ZIPFILE\"),\n\t\t\t\t},\n\t\t\t\tEnvironmentProperties: &kinesisanalyticsv2.ApplicationApplicationConfigurationEnvironmentPropertiesArgs{\n\t\t\t\t\tPropertyGroups: kinesisanalyticsv2.ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroupArray{\n\t\t\t\t\t\t&kinesisanalyticsv2.ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroupArgs{\n\t\t\t\t\t\t\tPropertyGroupId: pulumi.String(\"PROPERTY-GROUP-1\"),\n\t\t\t\t\t\t\tPropertyMap: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"Key1\": pulumi.String(\"Value1\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&kinesisanalyticsv2.ApplicationApplicationConfigurationEnvironmentPropertiesPropertyGroupArgs{\n\t\t\t\t\t\t\tPropertyGroupId: pulumi.String(\"PROPERTY-GROUP-2\"),\n\t\t\t\t\t\t\tPropertyMap: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"KeyA\": pulumi.String(\"ValueA\"),\n\t\t\t\t\t\t\t\t\"KeyB\": pulumi.String(\"ValueB\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tFlinkApplicationConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationFlinkApplicationConfigurationArgs{\n\t\t\t\t\tCheckpointConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationFlinkApplicationConfigurationCheckpointConfigurationArgs{\n\t\t\t\t\t\tConfigurationType: pulumi.String(\"DEFAULT\"),\n\t\t\t\t\t},\n\t\t\t\t\tMonitoringConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationFlinkApplicationConfigurationMonitoringConfigurationArgs{\n\t\t\t\t\t\tConfigurationType: pulumi.String(\"CUSTOM\"),\n\t\t\t\t\t\tLogLevel: pulumi.String(\"DEBUG\"),\n\t\t\t\t\t\tMetricsLevel: pulumi.String(\"TASK\"),\n\t\t\t\t\t},\n\t\t\t\t\tParallelismConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationFlinkApplicationConfigurationParallelismConfigurationArgs{\n\t\t\t\t\t\tAutoScalingEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tConfigurationType: pulumi.String(\"CUSTOM\"),\n\t\t\t\t\t\tParallelism: pulumi.Int(10),\n\t\t\t\t\t\tParallelismPerKpu: pulumi.Int(4),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### SQL Application\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLogGroup = new aws.cloudwatch.LogGroup(\"exampleLogGroup\", {});\nconst exampleLogStream = new aws.cloudwatch.LogStream(\"exampleLogStream\", {logGroupName: exampleLogGroup.name});\nconst exampleApplication = new aws.kinesisanalyticsv2.Application(\"exampleApplication\", {\n runtimeEnvironment: \"SQL-1.0\",\n serviceExecutionRole: aws_iam_role.example.arn,\n applicationConfiguration: {\n applicationCodeConfiguration: {\n codeContent: {\n textContent: \"SELECT 1;\\n\",\n },\n codeContentType: \"PLAINTEXT\",\n },\n sqlApplicationConfiguration: {\n input: {\n namePrefix: \"PREFIX_1\",\n inputParallelism: {\n count: 3,\n },\n inputSchema: {\n recordColumns: [\n {\n name: \"COLUMN_1\",\n sqlType: \"VARCHAR(8)\",\n mapping: \"MAPPING-1\",\n },\n {\n name: \"COLUMN_2\",\n sqlType: \"DOUBLE\",\n },\n ],\n recordEncoding: \"UTF-8\",\n recordFormat: {\n recordFormatType: \"CSV\",\n mappingParameters: {\n csvMappingParameters: {\n recordColumnDelimiter: \",\",\n recordRowDelimiter: \"\\n\",\n },\n },\n },\n },\n kinesisStreamsInput: {\n resourceArn: aws_kinesis_stream.example.arn,\n },\n },\n outputs: [\n {\n name: \"OUTPUT_1\",\n destinationSchema: {\n recordFormatType: \"JSON\",\n },\n lambdaOutput: {\n resourceArn: aws_lambda_function.example.arn,\n },\n },\n {\n name: \"OUTPUT_2\",\n destinationSchema: {\n recordFormatType: \"CSV\",\n },\n kinesisFirehoseOutput: {\n resourceArn: aws_kinesis_firehose_delivery_stream.example.arn,\n },\n },\n ],\n referenceDataSource: {\n tableName: \"TABLE-1\",\n referenceSchema: {\n recordColumns: [{\n name: \"COLUMN_1\",\n sqlType: \"INTEGER\",\n }],\n recordFormat: {\n recordFormatType: \"JSON\",\n mappingParameters: {\n jsonMappingParameters: {\n recordRowPath: \"$\",\n },\n },\n },\n },\n s3ReferenceDataSource: {\n bucketArn: aws_s3_bucket.example.arn,\n fileKey: \"KEY-1\",\n },\n },\n },\n },\n cloudwatchLoggingOptions: {\n logStreamArn: exampleLogStream.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_log_group = aws.cloudwatch.LogGroup(\"exampleLogGroup\")\nexample_log_stream = aws.cloudwatch.LogStream(\"exampleLogStream\", log_group_name=example_log_group.name)\nexample_application = aws.kinesisanalyticsv2.Application(\"exampleApplication\",\n runtime_environment=\"SQL-1.0\",\n service_execution_role=aws_iam_role[\"example\"][\"arn\"],\n application_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationArgs(\n application_code_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationArgs(\n code_content=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentArgs(\n text_content=\"SELECT 1;\\n\",\n ),\n code_content_type=\"PLAINTEXT\",\n ),\n sql_application_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationArgs(\n input=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputArgs(\n name_prefix=\"PREFIX_1\",\n input_parallelism=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputParallelismArgs(\n count=3,\n ),\n input_schema=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaArgs(\n record_columns=[\n aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumnArgs(\n name=\"COLUMN_1\",\n sql_type=\"VARCHAR(8)\",\n mapping=\"MAPPING-1\",\n ),\n aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumnArgs(\n name=\"COLUMN_2\",\n sql_type=\"DOUBLE\",\n ),\n ],\n record_encoding=\"UTF-8\",\n record_format=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatArgs(\n record_format_type=\"CSV\",\n mapping_parameters=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersArgs(\n csv_mapping_parameters=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersCsvMappingParametersArgs(\n record_column_delimiter=\",\",\n record_row_delimiter=\"\\n\",\n ),\n ),\n ),\n ),\n kinesis_streams_input=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisStreamsInputArgs(\n resource_arn=aws_kinesis_stream[\"example\"][\"arn\"],\n ),\n ),\n outputs=[\n aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputArgs(\n name=\"OUTPUT_1\",\n destination_schema=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchemaArgs(\n record_format_type=\"JSON\",\n ),\n lambda_output=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputLambdaOutputArgs(\n resource_arn=aws_lambda_function[\"example\"][\"arn\"],\n ),\n ),\n aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputArgs(\n name=\"OUTPUT_2\",\n destination_schema=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchemaArgs(\n record_format_type=\"CSV\",\n ),\n kinesis_firehose_output=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisFirehoseOutputArgs(\n resource_arn=aws_kinesis_firehose_delivery_stream[\"example\"][\"arn\"],\n ),\n ),\n ],\n reference_data_source=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceArgs(\n table_name=\"TABLE-1\",\n reference_schema=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaArgs(\n record_columns=[aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordColumnArgs(\n name=\"COLUMN_1\",\n sql_type=\"INTEGER\",\n )],\n record_format=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatArgs(\n record_format_type=\"JSON\",\n mapping_parameters=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersArgs(\n json_mapping_parameters=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersJsonMappingParametersArgs(\n record_row_path=\"$\",\n ),\n ),\n ),\n ),\n s3_reference_data_source=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceS3ReferenceDataSourceArgs(\n bucket_arn=aws_s3_bucket[\"example\"][\"arn\"],\n file_key=\"KEY-1\",\n ),\n ),\n ),\n ),\n cloudwatch_logging_options=aws.kinesisanalyticsv2.ApplicationCloudwatchLoggingOptionsArgs(\n log_stream_arn=example_log_stream.arn,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLogGroup = new Aws.CloudWatch.LogGroup(\"exampleLogGroup\", new Aws.CloudWatch.LogGroupArgs\n {\n });\n var exampleLogStream = new Aws.CloudWatch.LogStream(\"exampleLogStream\", new Aws.CloudWatch.LogStreamArgs\n {\n LogGroupName = exampleLogGroup.Name,\n });\n var exampleApplication = new Aws.KinesisAnalyticsV2.Application(\"exampleApplication\", new Aws.KinesisAnalyticsV2.ApplicationArgs\n {\n RuntimeEnvironment = \"SQL-1.0\",\n ServiceExecutionRole = aws_iam_role.Example.Arn,\n ApplicationConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationArgs\n {\n ApplicationCodeConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationApplicationCodeConfigurationArgs\n {\n CodeContent = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentArgs\n {\n TextContent = @\"SELECT 1;\n\",\n },\n CodeContentType = \"PLAINTEXT\",\n },\n SqlApplicationConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationArgs\n {\n Input = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationInputArgs\n {\n NamePrefix = \"PREFIX_1\",\n InputParallelism = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputParallelismArgs\n {\n Count = 3,\n },\n InputSchema = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaArgs\n {\n RecordColumns = \n {\n new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumnArgs\n {\n Name = \"COLUMN_1\",\n SqlType = \"VARCHAR(8)\",\n Mapping = \"MAPPING-1\",\n },\n new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumnArgs\n {\n Name = \"COLUMN_2\",\n SqlType = \"DOUBLE\",\n },\n },\n RecordEncoding = \"UTF-8\",\n RecordFormat = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatArgs\n {\n RecordFormatType = \"CSV\",\n MappingParameters = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersArgs\n {\n CsvMappingParameters = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersCsvMappingParametersArgs\n {\n RecordColumnDelimiter = \",\",\n RecordRowDelimiter = @\"\n\",\n },\n },\n },\n },\n KinesisStreamsInput = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisStreamsInputArgs\n {\n ResourceArn = aws_kinesis_stream.Example.Arn,\n },\n },\n Outputs = \n {\n new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputArgs\n {\n Name = \"OUTPUT_1\",\n DestinationSchema = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchemaArgs\n {\n RecordFormatType = \"JSON\",\n },\n LambdaOutput = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputLambdaOutputArgs\n {\n ResourceArn = aws_lambda_function.Example.Arn,\n },\n },\n new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputArgs\n {\n Name = \"OUTPUT_2\",\n DestinationSchema = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchemaArgs\n {\n RecordFormatType = \"CSV\",\n },\n KinesisFirehoseOutput = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisFirehoseOutputArgs\n {\n ResourceArn = aws_kinesis_firehose_delivery_stream.Example.Arn,\n },\n },\n },\n ReferenceDataSource = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceArgs\n {\n TableName = \"TABLE-1\",\n ReferenceSchema = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaArgs\n {\n RecordColumns = \n {\n new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordColumnArgs\n {\n Name = \"COLUMN_1\",\n SqlType = \"INTEGER\",\n },\n },\n RecordFormat = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatArgs\n {\n RecordFormatType = \"JSON\",\n MappingParameters = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersArgs\n {\n JsonMappingParameters = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersJsonMappingParametersArgs\n {\n RecordRowPath = \"$\",\n },\n },\n },\n },\n S3ReferenceDataSource = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceS3ReferenceDataSourceArgs\n {\n BucketArn = aws_s3_bucket.Example.Arn,\n FileKey = \"KEY-1\",\n },\n },\n },\n },\n CloudwatchLoggingOptions = new Aws.KinesisAnalyticsV2.Inputs.ApplicationCloudwatchLoggingOptionsArgs\n {\n LogStreamArn = exampleLogStream.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesisanalyticsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLogGroup, err := cloudwatch.NewLogGroup(ctx, \"exampleLogGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLogStream, err := cloudwatch.NewLogStream(ctx, \"exampleLogStream\", &cloudwatch.LogStreamArgs{\n\t\t\tLogGroupName: exampleLogGroup.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesisanalyticsv2.NewApplication(ctx, \"exampleApplication\", &kinesisanalyticsv2.ApplicationArgs{\n\t\t\tRuntimeEnvironment: pulumi.String(\"SQL-1.0\"),\n\t\t\tServiceExecutionRole: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tApplicationConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationArgs{\n\t\t\t\tApplicationCodeConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationArgs{\n\t\t\t\t\tCodeContent: &kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentArgs{\n\t\t\t\t\t\tTextContent: pulumi.String(\"SELECT 1;\\n\"),\n\t\t\t\t\t},\n\t\t\t\t\tCodeContentType: pulumi.String(\"PLAINTEXT\"),\n\t\t\t\t},\n\t\t\t\tSqlApplicationConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationArgs{\n\t\t\t\t\tInput: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputArgs{\n\t\t\t\t\t\tNamePrefix: pulumi.String(\"PREFIX_1\"),\n\t\t\t\t\t\tInputParallelism: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputParallelismArgs{\n\t\t\t\t\t\t\tCount: pulumi.Int(3),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tInputSchema: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaArgs{\n\t\t\t\t\t\t\tRecordColumns: kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumnArray{\n\t\t\t\t\t\t\t\t&kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumnArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"COLUMN_1\"),\n\t\t\t\t\t\t\t\t\tSqlType: pulumi.String(\"VARCHAR(8)\"),\n\t\t\t\t\t\t\t\t\tMapping: pulumi.String(\"MAPPING-1\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t&kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordColumnArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"COLUMN_2\"),\n\t\t\t\t\t\t\t\t\tSqlType: pulumi.String(\"DOUBLE\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRecordEncoding: pulumi.String(\"UTF-8\"),\n\t\t\t\t\t\t\tRecordFormat: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatArgs{\n\t\t\t\t\t\t\t\tRecordFormatType: pulumi.String(\"CSV\"),\n\t\t\t\t\t\t\t\tMappingParameters: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersArgs{\n\t\t\t\t\t\t\t\t\tCsvMappingParameters: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputInputSchemaRecordFormatMappingParametersCsvMappingParametersArgs{\n\t\t\t\t\t\t\t\t\t\tRecordColumnDelimiter: pulumi.String(\",\"),\n\t\t\t\t\t\t\t\t\t\tRecordRowDelimiter: pulumi.String(\"\\n\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tKinesisStreamsInput: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationInputKinesisStreamsInputArgs{\n\t\t\t\t\t\t\tResourceArn: pulumi.Any(aws_kinesis_stream.Example.Arn),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tOutputs: kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputArray{\n\t\t\t\t\t\t&kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"OUTPUT_1\"),\n\t\t\t\t\t\t\tDestinationSchema: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchemaArgs{\n\t\t\t\t\t\t\t\tRecordFormatType: pulumi.String(\"JSON\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tLambdaOutput: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputLambdaOutputArgs{\n\t\t\t\t\t\t\t\tResourceArn: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"OUTPUT_2\"),\n\t\t\t\t\t\t\tDestinationSchema: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputDestinationSchemaArgs{\n\t\t\t\t\t\t\t\tRecordFormatType: pulumi.String(\"CSV\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tKinesisFirehoseOutput: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationOutputKinesisFirehoseOutputArgs{\n\t\t\t\t\t\t\t\tResourceArn: pulumi.Any(aws_kinesis_firehose_delivery_stream.Example.Arn),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tReferenceDataSource: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceArgs{\n\t\t\t\t\t\tTableName: pulumi.String(\"TABLE-1\"),\n\t\t\t\t\t\tReferenceSchema: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaArgs{\n\t\t\t\t\t\t\tRecordColumns: kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordColumnArray{\n\t\t\t\t\t\t\t\t&kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordColumnArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"COLUMN_1\"),\n\t\t\t\t\t\t\t\t\tSqlType: pulumi.String(\"INTEGER\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tRecordFormat: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatArgs{\n\t\t\t\t\t\t\t\tRecordFormatType: pulumi.String(\"JSON\"),\n\t\t\t\t\t\t\t\tMappingParameters: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersArgs{\n\t\t\t\t\t\t\t\t\tJsonMappingParameters: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceReferenceSchemaRecordFormatMappingParametersJsonMappingParametersArgs{\n\t\t\t\t\t\t\t\t\t\tRecordRowPath: pulumi.String(\"$\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tS3ReferenceDataSource: &kinesisanalyticsv2.ApplicationApplicationConfigurationSqlApplicationConfigurationReferenceDataSourceS3ReferenceDataSourceArgs{\n\t\t\t\t\t\t\tBucketArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n\t\t\t\t\t\t\tFileKey: pulumi.String(\"KEY-1\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tCloudwatchLoggingOptions: &kinesisanalyticsv2.ApplicationCloudwatchLoggingOptionsArgs{\n\t\t\t\tLogStreamArn: exampleLogStream.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### VPC Configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {});\nconst exampleBucketObject = new aws.s3.BucketObject(\"exampleBucketObject\", {\n bucket: exampleBucket.bucket,\n key: \"example-flink-application\",\n source: new pulumi.asset.FileAsset(\"flink-app.jar\"),\n});\nconst exampleApplication = new aws.kinesisanalyticsv2.Application(\"exampleApplication\", {\n runtimeEnvironment: \"FLINK-1_8\",\n serviceExecutionRole: aws_iam_role.example.arn,\n applicationConfiguration: {\n applicationCodeConfiguration: {\n codeContent: {\n s3ContentLocation: {\n bucketArn: exampleBucket.arn,\n fileKey: exampleBucketObject.key,\n },\n },\n codeContentType: \"ZIPFILE\",\n },\n vpcConfiguration: {\n securityGroupIds: [\n aws_security_group.example[0].id,\n aws_security_group.example[1].id,\n ],\n subnetIds: [aws_subnet.example.id],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3.Bucket(\"exampleBucket\")\nexample_bucket_object = aws.s3.BucketObject(\"exampleBucketObject\",\n bucket=example_bucket.bucket,\n key=\"example-flink-application\",\n source=pulumi.FileAsset(\"flink-app.jar\"))\nexample_application = aws.kinesisanalyticsv2.Application(\"exampleApplication\",\n runtime_environment=\"FLINK-1_8\",\n service_execution_role=aws_iam_role[\"example\"][\"arn\"],\n application_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationArgs(\n application_code_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationArgs(\n code_content=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentArgs(\n s3_content_location=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocationArgs(\n bucket_arn=example_bucket.arn,\n file_key=example_bucket_object.key,\n ),\n ),\n code_content_type=\"ZIPFILE\",\n ),\n vpc_configuration=aws.kinesisanalyticsv2.ApplicationApplicationConfigurationVpcConfigurationArgs(\n security_group_ids=[\n aws_security_group[\"example\"][0][\"id\"],\n aws_security_group[\"example\"][1][\"id\"],\n ],\n subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n });\n var exampleBucketObject = new Aws.S3.BucketObject(\"exampleBucketObject\", new Aws.S3.BucketObjectArgs\n {\n Bucket = exampleBucket.BucketName,\n Key = \"example-flink-application\",\n Source = new FileAsset(\"flink-app.jar\"),\n });\n var exampleApplication = new Aws.KinesisAnalyticsV2.Application(\"exampleApplication\", new Aws.KinesisAnalyticsV2.ApplicationArgs\n {\n RuntimeEnvironment = \"FLINK-1_8\",\n ServiceExecutionRole = aws_iam_role.Example.Arn,\n ApplicationConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationArgs\n {\n ApplicationCodeConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationApplicationCodeConfigurationArgs\n {\n CodeContent = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentArgs\n {\n S3ContentLocation = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocationArgs\n {\n BucketArn = exampleBucket.Arn,\n FileKey = exampleBucketObject.Key,\n },\n },\n CodeContentType = \"ZIPFILE\",\n },\n VpcConfiguration = new Aws.KinesisAnalyticsV2.Inputs.ApplicationApplicationConfigurationVpcConfigurationArgs\n {\n SecurityGroupIds = \n {\n aws_security_group.Example[0].Id,\n aws_security_group.Example[1].Id,\n },\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesisanalyticsv2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleBucketObject, err := s3.NewBucketObject(ctx, \"exampleBucketObject\", &s3.BucketObjectArgs{\n\t\t\tBucket: exampleBucket.Bucket,\n\t\t\tKey: pulumi.String(\"example-flink-application\"),\n\t\t\tSource: pulumi.NewFileAsset(\"flink-app.jar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesisanalyticsv2.NewApplication(ctx, \"exampleApplication\", &kinesisanalyticsv2.ApplicationArgs{\n\t\t\tRuntimeEnvironment: pulumi.String(\"FLINK-1_8\"),\n\t\t\tServiceExecutionRole: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tApplicationConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationArgs{\n\t\t\t\tApplicationCodeConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationArgs{\n\t\t\t\t\tCodeContent: &kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentArgs{\n\t\t\t\t\t\tS3ContentLocation: &kinesisanalyticsv2.ApplicationApplicationConfigurationApplicationCodeConfigurationCodeContentS3ContentLocationArgs{\n\t\t\t\t\t\t\tBucketArn: exampleBucket.Arn,\n\t\t\t\t\t\t\tFileKey: exampleBucketObject.Key,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tCodeContentType: pulumi.String(\"ZIPFILE\"),\n\t\t\t\t},\n\t\t\t\tVpcConfiguration: &kinesisanalyticsv2.ApplicationApplicationConfigurationVpcConfigurationArgs{\n\t\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_security_group.Example[0].Id),\n\t\t\t\t\t\tpulumi.Any(aws_security_group.Example[1].Id),\n\t\t\t\t\t},\n\t\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_kinesisanalyticsv2_application` can be imported by using the application ARN, e.g.\n\n```sh\n $ pulumi import aws:kinesisanalyticsv2/application:Application example arn:aws:kinesisanalytics:us-west-2:123456789012:application/example-sql-application\n```\n\n ", + "properties": { + "applicationConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfiguration:ApplicationApplicationConfiguration", + "description": "The application's configuration\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the application.\n" + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationCloudwatchLoggingOptions:ApplicationCloudwatchLoggingOptions", + "description": "A CloudWatch log stream to monitor application configuration errors.\n" + }, + "createTimestamp": { + "type": "string", + "description": "The current timestamp when the application was created.\n" + }, + "description": { + "type": "string", + "description": "A summary description of the application.\n" + }, + "forceStop": { + "type": "boolean", + "description": "Whether to force stop an unresponsive Flink-based application.\n" + }, + "lastUpdateTimestamp": { + "type": "string", + "description": "The current timestamp when the application was last updated.\n" + }, + "name": { + "type": "string", + "description": "The name of the application.\n" + }, + "runtimeEnvironment": { + "type": "string", + "description": "The runtime environment for the application. Valid values: `SQL-1_0`, `FLINK-1_6`, `FLINK-1_8`, `FLINK-1_11`.\n" + }, + "serviceExecutionRole": { + "type": "string", + "description": "The ARN of the IAM role used by the application to access Kinesis data streams, Kinesis Data Firehose delivery streams, Amazon S3 objects, and other external resources.\n" + }, + "startApplication": { + "type": "boolean", + "description": "Whether to start or stop the application.\n" + }, + "status": { + "type": "string", + "description": "The status of the application.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "versionId": { + "type": "integer", + "description": "The current application version. Kinesis Data Analytics updates the `version_id` each time the application is updated.\n" + } + }, + "required": [ + "applicationConfiguration", + "arn", + "createTimestamp", + "lastUpdateTimestamp", + "name", + "runtimeEnvironment", + "serviceExecutionRole", + "status", + "tagsAll", + "versionId" + ], + "inputProperties": { + "applicationConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfiguration:ApplicationApplicationConfiguration", + "description": "The application's configuration\n" + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationCloudwatchLoggingOptions:ApplicationCloudwatchLoggingOptions", + "description": "A CloudWatch log stream to monitor application configuration errors.\n" + }, + "description": { + "type": "string", + "description": "A summary description of the application.\n" + }, + "forceStop": { + "type": "boolean", + "description": "Whether to force stop an unresponsive Flink-based application.\n" + }, + "name": { + "type": "string", + "description": "The name of the application.\n" + }, + "runtimeEnvironment": { + "type": "string", + "description": "The runtime environment for the application. Valid values: `SQL-1_0`, `FLINK-1_6`, `FLINK-1_8`, `FLINK-1_11`.\n" + }, + "serviceExecutionRole": { + "type": "string", + "description": "The ARN of the IAM role used by the application to access Kinesis data streams, Kinesis Data Firehose delivery streams, Amazon S3 objects, and other external resources.\n" + }, + "startApplication": { + "type": "boolean", + "description": "Whether to start or stop the application.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "runtimeEnvironment", + "serviceExecutionRole" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Application resources.\n", + "properties": { + "applicationConfiguration": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationApplicationConfiguration:ApplicationApplicationConfiguration", + "description": "The application's configuration\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the application.\n" + }, + "cloudwatchLoggingOptions": { + "$ref": "#/types/aws:kinesisanalyticsv2/ApplicationCloudwatchLoggingOptions:ApplicationCloudwatchLoggingOptions", + "description": "A CloudWatch log stream to monitor application configuration errors.\n" + }, + "createTimestamp": { + "type": "string", + "description": "The current timestamp when the application was created.\n" + }, + "description": { + "type": "string", + "description": "A summary description of the application.\n" + }, + "forceStop": { + "type": "boolean", + "description": "Whether to force stop an unresponsive Flink-based application.\n" + }, + "lastUpdateTimestamp": { + "type": "string", + "description": "The current timestamp when the application was last updated.\n" + }, + "name": { + "type": "string", + "description": "The name of the application.\n" + }, + "runtimeEnvironment": { + "type": "string", + "description": "The runtime environment for the application. Valid values: `SQL-1_0`, `FLINK-1_6`, `FLINK-1_8`, `FLINK-1_11`.\n" + }, + "serviceExecutionRole": { + "type": "string", + "description": "The ARN of the IAM role used by the application to access Kinesis data streams, Kinesis Data Firehose delivery streams, Amazon S3 objects, and other external resources.\n" + }, + "startApplication": { + "type": "boolean", + "description": "Whether to start or stop the application.\n" + }, + "status": { + "type": "string", + "description": "The status of the application.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "versionId": { + "type": "integer", + "description": "The current application version. Kinesis Data Analytics updates the `version_id` each time the application is updated.\n" + } + }, + "type": "object" + } + }, + "aws:kinesisanalyticsv2/applicationSnapshot:ApplicationSnapshot": { + "description": "Manages a Kinesis Analytics v2 Application Snapshot.\nSnapshots are the AWS implementation of [Flink Savepoints](https://ci.apache.org/projects/flink/flink-docs-release-1.11/ops/state/savepoints.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kinesisanalyticsv2.ApplicationSnapshot(\"example\", {\n applicationName: aws_kinesisanalyticsv2_application.example.name,\n snapshotName: \"example-snapshot\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kinesisanalyticsv2.ApplicationSnapshot(\"example\",\n application_name=aws_kinesisanalyticsv2_application[\"example\"][\"name\"],\n snapshot_name=\"example-snapshot\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.KinesisAnalyticsV2.ApplicationSnapshot(\"example\", new Aws.KinesisAnalyticsV2.ApplicationSnapshotArgs\n {\n ApplicationName = aws_kinesisanalyticsv2_application.Example.Name,\n SnapshotName = \"example-snapshot\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesisanalyticsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesisanalyticsv2.NewApplicationSnapshot(ctx, \"example\", &kinesisanalyticsv2.ApplicationSnapshotArgs{\n\t\t\tApplicationName: pulumi.Any(aws_kinesisanalyticsv2_application.Example.Name),\n\t\t\tSnapshotName: pulumi.String(\"example-snapshot\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_kinesisanalyticsv2_application` can be imported by using `application_name` together with `snapshot_name`, e.g.\n\n```sh\n $ pulumi import aws:kinesisanalyticsv2/applicationSnapshot:ApplicationSnapshot example example-application/example-snapshot\n```\n\n ", + "properties": { + "applicationName": { + "type": "string", + "description": "The name of an existing Kinesis Analytics v2 Application. Note that the application must be running for a snapshot to be created.\n" + }, + "applicationVersionId": { + "type": "integer", + "description": "The current application version ID when the snapshot was created.\n" + }, + "snapshotCreationTimestamp": { + "type": "string", + "description": "The timestamp of the application snapshot.\n" + }, + "snapshotName": { + "type": "string", + "description": "The name of the application snapshot.\n" + } + }, + "required": [ + "applicationName", + "applicationVersionId", + "snapshotCreationTimestamp", + "snapshotName" + ], + "inputProperties": { + "applicationName": { + "type": "string", + "description": "The name of an existing Kinesis Analytics v2 Application. Note that the application must be running for a snapshot to be created.\n" + }, + "snapshotName": { + "type": "string", + "description": "The name of the application snapshot.\n" + } + }, + "requiredInputs": [ + "applicationName", + "snapshotName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ApplicationSnapshot resources.\n", + "properties": { + "applicationName": { + "type": "string", + "description": "The name of an existing Kinesis Analytics v2 Application. Note that the application must be running for a snapshot to be created.\n" + }, + "applicationVersionId": { + "type": "integer", + "description": "The current application version ID when the snapshot was created.\n" + }, + "snapshotCreationTimestamp": { + "type": "string", + "description": "The timestamp of the application snapshot.\n" + }, + "snapshotName": { + "type": "string", + "description": "The name of the application snapshot.\n" + } + }, + "type": "object" + } + }, + "aws:kms/alias:Alias": { + "description": "Provides an alias for a KMS customer master key. AWS Console enforces 1-to-1 mapping between aliases & keys,\nbut API (hence this provider too) allows you to create as many aliases as\nthe [account limits](http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) allow you.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst key = new aws.kms.Key(\"key\", {});\nconst alias = new aws.kms.Alias(\"alias\", {targetKeyId: key.keyId});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nkey = aws.kms.Key(\"key\")\nalias = aws.kms.Alias(\"alias\", target_key_id=key.key_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var key = new Aws.Kms.Key(\"key\", new Aws.Kms.KeyArgs\n {\n });\n var @alias = new Aws.Kms.Alias(\"alias\", new Aws.Kms.AliasArgs\n {\n TargetKeyId = key.KeyId,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkey, err := kms.NewKey(ctx, \"key\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewAlias(ctx, \"alias\", &kms.AliasArgs{\n\t\t\tTargetKeyId: key.KeyId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nKMS aliases can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:kms/alias:Alias a alias/my-key-alias\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the key alias.\n" + }, + "name": { + "type": "string", + "description": "The display name of the alias. The name must start with the word \"alias\" followed by a forward slash (alias/)\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates an unique alias beginning with the specified prefix.\nThe name must start with the word \"alias\" followed by a forward slash (alias/). Conflicts with `name`.\n" + }, + "targetKeyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target key identifier.\n" + }, + "targetKeyId": { + "type": "string", + "description": "Identifier for the key for which the alias is for, can be either an ARN or key_id.\n" + } + }, + "required": [ + "arn", + "name", + "namePrefix", + "targetKeyArn", + "targetKeyId" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The display name of the alias. The name must start with the word \"alias\" followed by a forward slash (alias/)\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates an unique alias beginning with the specified prefix.\nThe name must start with the word \"alias\" followed by a forward slash (alias/). Conflicts with `name`.\n" + }, + "targetKeyId": { + "type": "string", + "description": "Identifier for the key for which the alias is for, can be either an ARN or key_id.\n" + } + }, + "requiredInputs": [ + "targetKeyId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Alias resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the key alias.\n" + }, + "name": { + "type": "string", + "description": "The display name of the alias. The name must start with the word \"alias\" followed by a forward slash (alias/)\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates an unique alias beginning with the specified prefix.\nThe name must start with the word \"alias\" followed by a forward slash (alias/). Conflicts with `name`.\n" + }, + "targetKeyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target key identifier.\n" + }, + "targetKeyId": { + "type": "string", + "description": "Identifier for the key for which the alias is for, can be either an ARN or key_id.\n" + } + }, + "type": "object" + } + }, + "aws:kms/ciphertext:Ciphertext": { + "description": "The KMS ciphertext resource allows you to encrypt plaintext into ciphertext\nby using an AWS KMS customer master key. The value returned by this resource\nis stable across every apply. For a changing ciphertext value each apply, see\nthe `aws.kms.Ciphertext` data source.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst oauthConfig = new aws.kms.Key(\"oauthConfig\", {\n description: \"oauth config\",\n isEnabled: true,\n});\nconst oauth = new aws.kms.Ciphertext(\"oauth\", {\n keyId: oauthConfig.keyId,\n plaintext: `{\n \"client_id\": \"e587dbae22222f55da22\",\n \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\noauth_config = aws.kms.Key(\"oauthConfig\",\n description=\"oauth config\",\n is_enabled=True)\noauth = aws.kms.Ciphertext(\"oauth\",\n key_id=oauth_config.key_id,\n plaintext=\"\"\"{\n \"client_id\": \"e587dbae22222f55da22\",\n \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var oauthConfig = new Aws.Kms.Key(\"oauthConfig\", new Aws.Kms.KeyArgs\n {\n Description = \"oauth config\",\n IsEnabled = true,\n });\n var oauth = new Aws.Kms.Ciphertext(\"oauth\", new Aws.Kms.CiphertextArgs\n {\n KeyId = oauthConfig.KeyId,\n Plaintext = @\"{\n \"\"client_id\"\": \"\"e587dbae22222f55da22\"\",\n \"\"client_secret\"\": \"\"8289575d00000ace55e1815ec13673955721b8a5\"\"\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\toauthConfig, err := kms.NewKey(ctx, \"oauthConfig\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"oauth config\"),\n\t\t\tIsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewCiphertext(ctx, \"oauth\", &kms.CiphertextArgs{\n\t\t\tKeyId: oauthConfig.KeyId,\n\t\t\tPlaintext: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"{\\n\", \" \\\"client_id\\\": \\\"e587dbae22222f55da22\\\",\\n\", \" \\\"client_secret\\\": \\\"8289575d00000ace55e1815ec13673955721b8a5\\\"\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "ciphertextBlob": { + "type": "string", + "description": "Base64 encoded ciphertext\n" + }, + "context": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An optional mapping that makes up the encryption context.\n" + }, + "keyId": { + "type": "string", + "description": "Globally unique key ID for the customer master key.\n" + }, + "plaintext": { + "type": "string", + "description": "Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.\n" + } + }, + "required": [ + "ciphertextBlob", + "keyId", + "plaintext" + ], + "inputProperties": { + "context": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An optional mapping that makes up the encryption context.\n" + }, + "keyId": { + "type": "string", + "description": "Globally unique key ID for the customer master key.\n" + }, + "plaintext": { + "type": "string", + "description": "Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.\n" + } + }, + "requiredInputs": [ + "keyId", + "plaintext" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Ciphertext resources.\n", + "properties": { + "ciphertextBlob": { + "type": "string", + "description": "Base64 encoded ciphertext\n" + }, + "context": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An optional mapping that makes up the encryption context.\n" + }, + "keyId": { + "type": "string", + "description": "Globally unique key ID for the customer master key.\n" + }, + "plaintext": { + "type": "string", + "description": "Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.\n" + } + }, + "type": "object" + } + }, + "aws:kms/externalKey:ExternalKey": { + "description": "Manages a KMS Customer Master Key that uses external key material. To instead manage a KMS Customer Master Key where AWS automatically generates and potentially rotates key material, see the `aws.kms.Key` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.kms.ExternalKey(\"example\", {\n description: \"KMS EXTERNAL for AMI encryption\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kms.ExternalKey(\"example\", description=\"KMS EXTERNAL for AMI encryption\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Kms.ExternalKey(\"example\", new Aws.Kms.ExternalKeyArgs\n {\n Description = \"KMS EXTERNAL for AMI encryption\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewExternalKey(ctx, \"example\", &kms.ExternalKeyArgs{\n\t\t\tDescription: pulumi.String(\"KMS EXTERNAL for AMI encryption\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nKMS External Keys can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:kms/externalKey:ExternalKey a arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the key.\n" + }, + "bypassPolicyLockoutSafetyCheck": { + "type": "boolean", + "description": "Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.\n" + }, + "deletionWindowInDays": { + "type": "integer", + "description": "Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.\n" + }, + "description": { + "type": "string", + "description": "Description of the key.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.\n" + }, + "expirationModel": { + "type": "string", + "description": "Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.\n" + }, + "keyMaterialBase64": { + "type": "string", + "description": "Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.\n" + }, + "keyState": { + "type": "string", + "description": "The state of the CMK.\n" + }, + "keyUsage": { + "type": "string", + "description": "The cryptographic operations for which you can use the CMK.\n" + }, + "policy": { + "type": "string", + "description": "A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A key-value map of tags to assign to the key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "validTo": { + "type": "string", + "description": "Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)\n" + } + }, + "required": [ + "arn", + "enabled", + "expirationModel", + "keyState", + "keyUsage", + "policy", + "tagsAll" + ], + "inputProperties": { + "bypassPolicyLockoutSafetyCheck": { + "type": "boolean", + "description": "Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.\n" + }, + "deletionWindowInDays": { + "type": "integer", + "description": "Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.\n" + }, + "description": { + "type": "string", + "description": "Description of the key.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.\n" + }, + "keyMaterialBase64": { + "type": "string", + "description": "Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.\n" + }, + "policy": { + "type": "string", + "description": "A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A key-value map of tags to assign to the key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "validTo": { + "type": "string", + "description": "Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ExternalKey resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the key.\n" + }, + "bypassPolicyLockoutSafetyCheck": { + "type": "boolean", + "description": "Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.\n" + }, + "deletionWindowInDays": { + "type": "integer", + "description": "Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.\n" + }, + "description": { + "type": "string", + "description": "Description of the key.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.\n" + }, + "expirationModel": { + "type": "string", + "description": "Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.\n" + }, + "keyMaterialBase64": { + "type": "string", + "description": "Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.\n" + }, + "keyState": { + "type": "string", + "description": "The state of the CMK.\n" + }, + "keyUsage": { + "type": "string", + "description": "The cryptographic operations for which you can use the CMK.\n" + }, + "policy": { + "type": "string", + "description": "A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A key-value map of tags to assign to the key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "validTo": { + "type": "string", + "description": "Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)\n" + } + }, + "type": "object" + } + }, + "aws:kms/grant:Grant": { + "description": "Provides a resource-based access control mechanism for a KMS customer master key.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst key = new aws.kms.Key(\"key\", {});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst grant = new aws.kms.Grant(\"grant\", {\n keyId: key.keyId,\n granteePrincipal: role.arn,\n operations: [\n \"Encrypt\",\n \"Decrypt\",\n \"GenerateDataKey\",\n ],\n constraints: [{\n encryptionContextEquals: {\n Department: \"Finance\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nkey = aws.kms.Key(\"key\")\nrole = aws.iam.Role(\"role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ngrant = aws.kms.Grant(\"grant\",\n key_id=key.key_id,\n grantee_principal=role.arn,\n operations=[\n \"Encrypt\",\n \"Decrypt\",\n \"GenerateDataKey\",\n ],\n constraints=[aws.kms.GrantConstraintArgs(\n encryption_context_equals={\n \"Department\": \"Finance\",\n },\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var key = new Aws.Kms.Key(\"key\", new Aws.Kms.KeyArgs\n {\n });\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"lambda.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var grant = new Aws.Kms.Grant(\"grant\", new Aws.Kms.GrantArgs\n {\n KeyId = key.KeyId,\n GranteePrincipal = role.Arn,\n Operations = \n {\n \"Encrypt\",\n \"Decrypt\",\n \"GenerateDataKey\",\n },\n Constraints = \n {\n new Aws.Kms.Inputs.GrantConstraintArgs\n {\n EncryptionContextEquals = \n {\n { \"Department\", \"Finance\" },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkey, err := kms.NewKey(ctx, \"key\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"lambda.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewGrant(ctx, \"grant\", &kms.GrantArgs{\n\t\t\tKeyId: key.KeyId,\n\t\t\tGranteePrincipal: role.Arn,\n\t\t\tOperations: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Encrypt\"),\n\t\t\t\tpulumi.String(\"Decrypt\"),\n\t\t\t\tpulumi.String(\"GenerateDataKey\"),\n\t\t\t},\n\t\t\tConstraints: kms.GrantConstraintArray{\n\t\t\t\t&kms.GrantConstraintArgs{\n\t\t\t\t\tEncryptionContextEquals: pulumi.StringMap{\n\t\t\t\t\t\t\"Department\": pulumi.String(\"Finance\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nKMS Grants can be imported using the Key ID and Grant ID separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:kms/grant:Grant test 1234abcd-12ab-34cd-56ef-1234567890ababcde1237f76e4ba7987489ac329fbfba6ad343d6f7075dbd1ef191f0120514\n```\n\n ", + "properties": { + "constraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:kms/GrantConstraint:GrantConstraint" + }, + "description": "A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).\n" + }, + "grantCreationTokens": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.\n" + }, + "grantId": { + "type": "string", + "description": "The unique identifier for the grant.\n" + }, + "grantToken": { + "type": "string", + "description": "The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).\n" + }, + "granteePrincipal": { + "type": "string", + "description": "The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.\n" + }, + "keyId": { + "type": "string", + "description": "The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.\n" + }, + "name": { + "type": "string", + "description": "A friendly name for identifying the grant.\n" + }, + "operations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.\n" + }, + "retireOnDelete": { + "type": "boolean", + "description": "-(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.\nSee [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.\n" + }, + "retiringPrincipal": { + "type": "string", + "description": "The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.\n" + } + }, + "required": [ + "grantId", + "grantToken", + "granteePrincipal", + "keyId", + "name", + "operations" + ], + "inputProperties": { + "constraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:kms/GrantConstraint:GrantConstraint" + }, + "description": "A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).\n" + }, + "grantCreationTokens": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.\n" + }, + "granteePrincipal": { + "type": "string", + "description": "The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.\n" + }, + "keyId": { + "type": "string", + "description": "The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.\n" + }, + "name": { + "type": "string", + "description": "A friendly name for identifying the grant.\n" + }, + "operations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.\n" + }, + "retireOnDelete": { + "type": "boolean", + "description": "-(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.\nSee [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.\n" + }, + "retiringPrincipal": { + "type": "string", + "description": "The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.\n" + } + }, + "requiredInputs": [ + "granteePrincipal", + "keyId", + "operations" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Grant resources.\n", + "properties": { + "constraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:kms/GrantConstraint:GrantConstraint" + }, + "description": "A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).\n" + }, + "grantCreationTokens": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.\n" + }, + "grantId": { + "type": "string", + "description": "The unique identifier for the grant.\n" + }, + "grantToken": { + "type": "string", + "description": "The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).\n" + }, + "granteePrincipal": { + "type": "string", + "description": "The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.\n" + }, + "keyId": { + "type": "string", + "description": "The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.\n" + }, + "name": { + "type": "string", + "description": "A friendly name for identifying the grant.\n" + }, + "operations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.\n" + }, + "retireOnDelete": { + "type": "boolean", + "description": "-(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.\nSee [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.\n" + }, + "retiringPrincipal": { + "type": "string", + "description": "The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.\n" + } + }, + "type": "object" + } + }, + "aws:kms/key:Key": { + "description": "Provides a KMS single-Region customer master key (CMK).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst key = new aws.kms.Key(\"a\", {\n deletionWindowInDays: 10,\n description: \"KMS key 1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nkey = aws.kms.Key(\"key\",\n deletion_window_in_days=10,\n description=\"KMS key 1\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var key = new Aws.Kms.Key(\"key\", new Aws.Kms.KeyArgs\n {\n DeletionWindowInDays = 10,\n Description = \"KMS key 1\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKey(ctx, \"key\", &kms.KeyArgs{\n\t\t\tDeletionWindowInDays: pulumi.Int(10),\n\t\t\tDescription: pulumi.String(\"KMS key 1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nKMS Keys can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:kms/key:Key a 1234abcd-12ab-34cd-56ef-1234567890ab\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the key.\n" + }, + "bypassPolicyLockoutSafetyCheck": { + "type": "boolean", + "description": "Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.\n" + }, + "customerMasterKeySpec": { + "type": "string", + "description": "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports.\nValid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).\n" + }, + "deletionWindowInDays": { + "type": "integer", + "description": "Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.\n" + }, + "description": { + "type": "string", + "description": "The description of the key as viewed in AWS console.\n" + }, + "enableKeyRotation": { + "type": "boolean", + "description": "Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false.\n" + }, + "isEnabled": { + "type": "boolean", + "description": "Specifies whether the key is enabled. Defaults to true.\n" + }, + "keyId": { + "type": "string", + "description": "The globally unique identifier for the key.\n" + }, + "keyUsage": { + "type": "string", + "description": "Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.\nDefaults to `ENCRYPT_DECRYPT`.\n" + }, + "policy": { + "type": "string", + "description": "A valid policy JSON document. Although this is a key policy, not an IAM policy, an `aws.iam.getPolicyDocument`, in the form that designates a principal, can be used.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "description", + "keyId", + "policy", + "tagsAll" + ], + "inputProperties": { + "bypassPolicyLockoutSafetyCheck": { + "type": "boolean", + "description": "Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.\n" + }, + "customerMasterKeySpec": { + "type": "string", + "description": "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports.\nValid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).\n" + }, + "deletionWindowInDays": { + "type": "integer", + "description": "Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.\n" + }, + "description": { + "type": "string", + "description": "The description of the key as viewed in AWS console.\n" + }, + "enableKeyRotation": { + "type": "boolean", + "description": "Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false.\n" + }, + "isEnabled": { + "type": "boolean", + "description": "Specifies whether the key is enabled. Defaults to true.\n" + }, + "keyUsage": { + "type": "string", + "description": "Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.\nDefaults to `ENCRYPT_DECRYPT`.\n" + }, + "policy": { + "type": "string", + "description": "A valid policy JSON document. Although this is a key policy, not an IAM policy, an `aws.iam.getPolicyDocument`, in the form that designates a principal, can be used.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Key resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the key.\n" + }, + "bypassPolicyLockoutSafetyCheck": { + "type": "boolean", + "description": "Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.\n" + }, + "customerMasterKeySpec": { + "type": "string", + "description": "Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports.\nValid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).\n" + }, + "deletionWindowInDays": { + "type": "integer", + "description": "Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.\n" + }, + "description": { + "type": "string", + "description": "The description of the key as viewed in AWS console.\n" + }, + "enableKeyRotation": { + "type": "boolean", + "description": "Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false.\n" + }, + "isEnabled": { + "type": "boolean", + "description": "Specifies whether the key is enabled. Defaults to true.\n" + }, + "keyId": { + "type": "string", + "description": "The globally unique identifier for the key.\n" + }, + "keyUsage": { + "type": "string", + "description": "Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.\nDefaults to `ENCRYPT_DECRYPT`.\n" + }, + "policy": { + "type": "string", + "description": "A valid policy JSON document. Although this is a key policy, not an IAM policy, an `aws.iam.getPolicyDocument`, in the form that designates a principal, can be used.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:lakeformation/dataLakeSettings:DataLakeSettings": { + "description": "Manages Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.\n\n> **NOTE:** Lake Formation introduces fine-grained access control for data in your data lake. Part of the changes include the `IAMAllowedPrincipals` principal in order to make Lake Formation backwards compatible with existing IAM and Glue permissions. For more information, see [Changing the Default Security Settings for Your Data Lake](https://docs.aws.amazon.com/lake-formation/latest/dg/change-settings.html) and [Upgrading AWS Glue Data Permissions to the AWS Lake Formation Model](https://docs.aws.amazon.com/lake-formation/latest/dg/upgrade-glue-lake-formation.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Data Lake Admins\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lakeformation.DataLakeSettings(\"example\", {admins: [\n aws_iam_user.test.arn,\n aws_iam_role.test.arn,\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.DataLakeSettings(\"example\", admins=[\n aws_iam_user[\"test\"][\"arn\"],\n aws_iam_role[\"test\"][\"arn\"],\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LakeFormation.DataLakeSettings(\"example\", new Aws.LakeFormation.DataLakeSettingsArgs\n {\n Admins = \n {\n aws_iam_user.Test.Arn,\n aws_iam_role.Test.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewDataLakeSettings(ctx, \"example\", &lakeformation.DataLakeSettingsArgs{\n\t\t\tAdmins: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_iam_user.Test.Arn),\n\t\t\t\tpulumi.Any(aws_iam_role.Test.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Create Default Permissions\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lakeformation.DataLakeSettings(\"example\", {\n admins: [\n aws_iam_user.test.arn,\n aws_iam_role.test.arn,\n ],\n createDatabaseDefaultPermissions: [{\n permissions: [\n \"SELECT\",\n \"ALTER\",\n \"DROP\",\n ],\n principal: aws_iam_user.test.arn,\n }],\n createTableDefaultPermissions: [{\n permissions: [\"ALL\"],\n principal: aws_iam_role.test.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.DataLakeSettings(\"example\",\n admins=[\n aws_iam_user[\"test\"][\"arn\"],\n aws_iam_role[\"test\"][\"arn\"],\n ],\n create_database_default_permissions=[aws.lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs(\n permissions=[\n \"SELECT\",\n \"ALTER\",\n \"DROP\",\n ],\n principal=aws_iam_user[\"test\"][\"arn\"],\n )],\n create_table_default_permissions=[aws.lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs(\n permissions=[\"ALL\"],\n principal=aws_iam_role[\"test\"][\"arn\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LakeFormation.DataLakeSettings(\"example\", new Aws.LakeFormation.DataLakeSettingsArgs\n {\n Admins = \n {\n aws_iam_user.Test.Arn,\n aws_iam_role.Test.Arn,\n },\n CreateDatabaseDefaultPermissions = \n {\n new Aws.LakeFormation.Inputs.DataLakeSettingsCreateDatabaseDefaultPermissionArgs\n {\n Permissions = \n {\n \"SELECT\",\n \"ALTER\",\n \"DROP\",\n },\n Principal = aws_iam_user.Test.Arn,\n },\n },\n CreateTableDefaultPermissions = \n {\n new Aws.LakeFormation.Inputs.DataLakeSettingsCreateTableDefaultPermissionArgs\n {\n Permissions = \n {\n \"ALL\",\n },\n Principal = aws_iam_role.Test.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.NewDataLakeSettings(ctx, \"example\", &lakeformation.DataLakeSettingsArgs{\n\t\t\tAdmins: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_iam_user.Test.Arn),\n\t\t\t\tpulumi.Any(aws_iam_role.Test.Arn),\n\t\t\t},\n\t\t\tCreateDatabaseDefaultPermissions: lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArray{\n\t\t\t\t&lakeformation.DataLakeSettingsCreateDatabaseDefaultPermissionArgs{\n\t\t\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"SELECT\"),\n\t\t\t\t\t\tpulumi.String(\"ALTER\"),\n\t\t\t\t\t\tpulumi.String(\"DROP\"),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipal: pulumi.Any(aws_iam_user.Test.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tCreateTableDefaultPermissions: lakeformation.DataLakeSettingsCreateTableDefaultPermissionArray{\n\t\t\t\t&lakeformation.DataLakeSettingsCreateTableDefaultPermissionArgs{\n\t\t\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ALL\"),\n\t\t\t\t\t},\n\t\t\t\t\tPrincipal: pulumi.Any(aws_iam_role.Test.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "admins": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of ARNs of AWS Lake Formation principals (IAM users or roles).\n" + }, + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, the account ID.\n" + }, + "createDatabaseDefaultPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lakeformation/DataLakeSettingsCreateDatabaseDefaultPermission:DataLakeSettingsCreateDatabaseDefaultPermission" + }, + "description": "Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.\n" + }, + "createTableDefaultPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lakeformation/DataLakeSettingsCreateTableDefaultPermission:DataLakeSettingsCreateTableDefaultPermission" + }, + "description": "Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.\n" + }, + "trustedResourceOwners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).\n" + } + }, + "required": [ + "admins", + "createDatabaseDefaultPermissions", + "createTableDefaultPermissions", + "trustedResourceOwners" + ], + "inputProperties": { + "admins": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of ARNs of AWS Lake Formation principals (IAM users or roles).\n" + }, + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, the account ID.\n" + }, + "createDatabaseDefaultPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lakeformation/DataLakeSettingsCreateDatabaseDefaultPermission:DataLakeSettingsCreateDatabaseDefaultPermission" + }, + "description": "Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.\n" + }, + "createTableDefaultPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lakeformation/DataLakeSettingsCreateTableDefaultPermission:DataLakeSettingsCreateTableDefaultPermission" + }, + "description": "Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.\n" + }, + "trustedResourceOwners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering DataLakeSettings resources.\n", + "properties": { + "admins": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of ARNs of AWS Lake Formation principals (IAM users or roles).\n" + }, + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, the account ID.\n" + }, + "createDatabaseDefaultPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lakeformation/DataLakeSettingsCreateDatabaseDefaultPermission:DataLakeSettingsCreateDatabaseDefaultPermission" + }, + "description": "Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.\n" + }, + "createTableDefaultPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lakeformation/DataLakeSettingsCreateTableDefaultPermission:DataLakeSettingsCreateTableDefaultPermission" + }, + "description": "Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.\n" + }, + "trustedResourceOwners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).\n" + } + }, + "type": "object" + } + }, + "aws:lakeformation/permissions:Permissions": { + "properties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n" + }, + "catalogResource": { + "type": "boolean", + "description": "Whether the permissions are to be granted for the Data Catalog. Defaults to `false`.\n" + }, + "dataLocation": { + "$ref": "#/types/aws:lakeformation/PermissionsDataLocation:PermissionsDataLocation", + "description": "Configuration block for a data location resource. Detailed below.\n" + }, + "database": { + "$ref": "#/types/aws:lakeformation/PermissionsDatabase:PermissionsDatabase", + "description": "Configuration block for a database resource. Detailed below.\n" + }, + "permissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of permissions granted to the principal. Valid values may include `ALL`, `ALTER`, `CREATE_DATABASE`, `CREATE_TABLE`, `DATA_LOCATION_ACCESS`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT`. For details on each permission, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html).\n", + "language": { + "csharp": { + "name": "PermissionDetails" + } + } + }, + "permissionsWithGrantOptions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Subset of `permissions` which the principal can pass.\n" + }, + "principal": { + "type": "string", + "description": "Principal to be granted the permissions on the resource. Supported principals include `IAM_ALLOWED_PRINCIPALS` (see Default Behavior and `IAMAllowedPrincipals` above), IAM roles, users, groups, SAML groups and users, QuickSight groups, OUs, and organizations as well as AWS account IDs for cross-account permissions. For more information, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html).\n" + }, + "table": { + "$ref": "#/types/aws:lakeformation/PermissionsTable:PermissionsTable", + "description": "Configuration block for a table resource. Detailed below.\n" + }, + "tableWithColumns": { + "$ref": "#/types/aws:lakeformation/PermissionsTableWithColumns:PermissionsTableWithColumns", + "description": "Configuration block for a table with columns resource. Detailed below.\n" + } + }, + "required": [ + "dataLocation", + "database", + "permissions", + "permissionsWithGrantOptions", + "principal", + "table", + "tableWithColumns" + ], + "inputProperties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n" + }, + "catalogResource": { + "type": "boolean", + "description": "Whether the permissions are to be granted for the Data Catalog. Defaults to `false`.\n" + }, + "dataLocation": { + "$ref": "#/types/aws:lakeformation/PermissionsDataLocation:PermissionsDataLocation", + "description": "Configuration block for a data location resource. Detailed below.\n" + }, + "database": { + "$ref": "#/types/aws:lakeformation/PermissionsDatabase:PermissionsDatabase", + "description": "Configuration block for a database resource. Detailed below.\n" + }, + "permissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of permissions granted to the principal. Valid values may include `ALL`, `ALTER`, `CREATE_DATABASE`, `CREATE_TABLE`, `DATA_LOCATION_ACCESS`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT`. For details on each permission, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html).\n", + "language": { + "csharp": { + "name": "PermissionDetails" + } + } + }, + "permissionsWithGrantOptions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Subset of `permissions` which the principal can pass.\n" + }, + "principal": { + "type": "string", + "description": "Principal to be granted the permissions on the resource. Supported principals include `IAM_ALLOWED_PRINCIPALS` (see Default Behavior and `IAMAllowedPrincipals` above), IAM roles, users, groups, SAML groups and users, QuickSight groups, OUs, and organizations as well as AWS account IDs for cross-account permissions. For more information, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html).\n" + }, + "table": { + "$ref": "#/types/aws:lakeformation/PermissionsTable:PermissionsTable", + "description": "Configuration block for a table resource. Detailed below.\n" + }, + "tableWithColumns": { + "$ref": "#/types/aws:lakeformation/PermissionsTableWithColumns:PermissionsTableWithColumns", + "description": "Configuration block for a table with columns resource. Detailed below.\n" + } + }, + "requiredInputs": [ + "permissions", + "principal" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Permissions resources.\n", + "properties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n" + }, + "catalogResource": { + "type": "boolean", + "description": "Whether the permissions are to be granted for the Data Catalog. Defaults to `false`.\n" + }, + "dataLocation": { + "$ref": "#/types/aws:lakeformation/PermissionsDataLocation:PermissionsDataLocation", + "description": "Configuration block for a data location resource. Detailed below.\n" + }, + "database": { + "$ref": "#/types/aws:lakeformation/PermissionsDatabase:PermissionsDatabase", + "description": "Configuration block for a database resource. Detailed below.\n" + }, + "permissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of permissions granted to the principal. Valid values may include `ALL`, `ALTER`, `CREATE_DATABASE`, `CREATE_TABLE`, `DATA_LOCATION_ACCESS`, `DELETE`, `DESCRIBE`, `DROP`, `INSERT`, and `SELECT`. For details on each permission, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html).\n", + "language": { + "csharp": { + "name": "PermissionDetails" + } + } + }, + "permissionsWithGrantOptions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Subset of `permissions` which the principal can pass.\n" + }, + "principal": { + "type": "string", + "description": "Principal to be granted the permissions on the resource. Supported principals include `IAM_ALLOWED_PRINCIPALS` (see Default Behavior and `IAMAllowedPrincipals` above), IAM roles, users, groups, SAML groups and users, QuickSight groups, OUs, and organizations as well as AWS account IDs for cross-account permissions. For more information, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html).\n" + }, + "table": { + "$ref": "#/types/aws:lakeformation/PermissionsTable:PermissionsTable", + "description": "Configuration block for a table resource. Detailed below.\n" + }, + "tableWithColumns": { + "$ref": "#/types/aws:lakeformation/PermissionsTableWithColumns:PermissionsTableWithColumns", + "description": "Configuration block for a table with columns resource. Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:lakeformation/resource:Resource": { + "description": "Registers a Lake Formation resource (e.g. S3 bucket) as managed by the Data Catalog. In other words, the S3 path is added to the data lake.\n\nChoose a role that has read/write access to the chosen Amazon S3 path or use the service-linked role. When you register the S3 path, the service-linked role and a new inline policy are created on your behalf. Lake Formation adds the first path to the inline policy and attaches it to the service-linked role. When you register subsequent paths, Lake Formation adds the path to the existing policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = aws.s3.getBucket({\n bucket: \"an-example-bucket\",\n});\nconst exampleResource = new aws.lakeformation.Resource(\"exampleResource\", {arn: exampleBucket.then(exampleBucket => exampleBucket.arn)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3.get_bucket(bucket=\"an-example-bucket\")\nexample_resource = aws.lakeformation.Resource(\"exampleResource\", arn=example_bucket.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = Output.Create(Aws.S3.GetBucket.InvokeAsync(new Aws.S3.GetBucketArgs\n {\n Bucket = \"an-example-bucket\",\n }));\n var exampleResource = new Aws.LakeFormation.Resource(\"exampleResource\", new Aws.LakeFormation.ResourceArgs\n {\n Arn = exampleBucket.Apply(exampleBucket => exampleBucket.Arn),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3.LookupBucket(ctx, &s3.LookupBucketArgs{\n\t\t\tBucket: \"an-example-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lakeformation.NewResource(ctx, \"exampleResource\", &lakeformation.ResourceArgs{\n\t\t\tArn: pulumi.String(exampleBucket.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the resource, an S3 path.\n" + }, + "lastModified": { + "type": "string", + "description": "(Optional) The date and time the resource was last modified in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "roleArn": { + "type": "string", + "description": "Role that has read/write access to the resource. If not provided, the Lake Formation service-linked role must exist and is used.\n" + } + }, + "required": [ + "arn", + "lastModified", + "roleArn" + ], + "inputProperties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the resource, an S3 path.\n" + }, + "roleArn": { + "type": "string", + "description": "Role that has read/write access to the resource. If not provided, the Lake Formation service-linked role must exist and is used.\n" + } + }, + "requiredInputs": [ + "arn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Resource resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the resource, an S3 path.\n" + }, + "lastModified": { + "type": "string", + "description": "(Optional) The date and time the resource was last modified in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "roleArn": { + "type": "string", + "description": "Role that has read/write access to the resource. If not provided, the Lake Formation service-linked role must exist and is used.\n" + } + }, + "type": "object" + } + }, + "aws:lambda/alias:Alias": { + "description": "Creates a Lambda function alias. Creates an alias that points to the specified Lambda function version.\n\nFor information about Lambda and how to use it, see [What is AWS Lambda?](http://docs.aws.amazon.com/lambda/latest/dg/welcome.html)\nFor information about function aliases, see [CreateAlias](http://docs.aws.amazon.com/lambda/latest/dg/API_CreateAlias.html) and [AliasRoutingConfiguration](https://docs.aws.amazon.com/lambda/latest/dg/API_AliasRoutingConfiguration.html) in the API docs.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testLambdaAlias = new aws.lambda.Alias(\"testLambdaAlias\", {\n description: \"a sample description\",\n functionName: aws_lambda_function.lambda_function_test.arn,\n functionVersion: \"1\",\n routingConfig: {\n additionalVersionWeights: {\n \"2\": 0.5,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_lambda_alias = aws.lambda_.Alias(\"testLambdaAlias\",\n description=\"a sample description\",\n function_name=aws_lambda_function[\"lambda_function_test\"][\"arn\"],\n function_version=\"1\",\n routing_config=aws.lambda..AliasRoutingConfigArgs(\n additional_version_weights={\n \"2\": 0.5,\n },\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testLambdaAlias = new Aws.Lambda.Alias(\"testLambdaAlias\", new Aws.Lambda.AliasArgs\n {\n Description = \"a sample description\",\n FunctionName = aws_lambda_function.Lambda_function_test.Arn,\n FunctionVersion = \"1\",\n RoutingConfig = new Aws.Lambda.Inputs.AliasRoutingConfigArgs\n {\n AdditionalVersionWeights = \n {\n { \"2\", 0.5 },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewAlias(ctx, \"testLambdaAlias\", &lambda.AliasArgs{\n\t\t\tDescription: pulumi.String(\"a sample description\"),\n\t\t\tFunctionName: pulumi.Any(aws_lambda_function.Lambda_function_test.Arn),\n\t\t\tFunctionVersion: pulumi.String(\"1\"),\n\t\t\tRoutingConfig: &lambda.AliasRoutingConfigArgs{\n\t\t\t\tAdditionalVersionWeights: pulumi.Float64Map{\n\t\t\t\t\t\"2\": pulumi.Float64(0.5),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLambda Function Aliases can be imported using the `function_name/alias`, e.g.\n\n```sh\n $ pulumi import aws:lambda/alias:Alias test_lambda_alias my_test_lambda_function/my_alias\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) identifying your Lambda function alias.\n" + }, + "description": { + "type": "string", + "description": "Description of the alias.\n" + }, + "functionName": { + "type": "string", + "description": "Lambda Function name or ARN.\n" + }, + "functionVersion": { + "type": "string", + "description": "Lambda function version for which you are creating the alias. Pattern: `(\\$LATEST|[0-9]+)`.\n" + }, + "invokeArn": { + "type": "string", + "description": "The ARN to be used for invoking Lambda Function from API Gateway - to be used in `aws.apigateway.Integration`'s `uri`\n" + }, + "name": { + "type": "string", + "description": "Name for the alias you are creating. Pattern: `(?!^[0-9]+$)([a-zA-Z0-9-_]+)`\n" + }, + "routingConfig": { + "$ref": "#/types/aws:lambda/AliasRoutingConfig:AliasRoutingConfig", + "description": "The Lambda alias' route configuration settings. Fields documented below\n" + } + }, + "required": [ + "arn", + "functionName", + "functionVersion", + "invokeArn", + "name" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the alias.\n" + }, + "functionName": { + "type": "string", + "description": "Lambda Function name or ARN.\n" + }, + "functionVersion": { + "type": "string", + "description": "Lambda function version for which you are creating the alias. Pattern: `(\\$LATEST|[0-9]+)`.\n" + }, + "name": { + "type": "string", + "description": "Name for the alias you are creating. Pattern: `(?!^[0-9]+$)([a-zA-Z0-9-_]+)`\n" + }, + "routingConfig": { + "$ref": "#/types/aws:lambda/AliasRoutingConfig:AliasRoutingConfig", + "description": "The Lambda alias' route configuration settings. Fields documented below\n" + } + }, + "requiredInputs": [ + "functionName", + "functionVersion" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Alias resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) identifying your Lambda function alias.\n" + }, + "description": { + "type": "string", + "description": "Description of the alias.\n" + }, + "functionName": { + "type": "string", + "description": "Lambda Function name or ARN.\n" + }, + "functionVersion": { + "type": "string", + "description": "Lambda function version for which you are creating the alias. Pattern: `(\\$LATEST|[0-9]+)`.\n" + }, + "invokeArn": { + "type": "string", + "description": "The ARN to be used for invoking Lambda Function from API Gateway - to be used in `aws.apigateway.Integration`'s `uri`\n" + }, + "name": { + "type": "string", + "description": "Name for the alias you are creating. Pattern: `(?!^[0-9]+$)([a-zA-Z0-9-_]+)`\n" + }, + "routingConfig": { + "$ref": "#/types/aws:lambda/AliasRoutingConfig:AliasRoutingConfig", + "description": "The Lambda alias' route configuration settings. Fields documented below\n" + } + }, + "type": "object" + } + }, + "aws:lambda/codeSigningConfig:CodeSigningConfig": { + "description": "Provides a Lambda Code Signing Config resource. A code signing configuration defines a list of allowed signing profiles and defines the code-signing validation policy (action to be taken if deployment validation checks fail).\n\nFor information about Lambda code signing configurations and how to use them, see [configuring code signing for Lambda functions](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst newCsc = new aws.lambda.CodeSigningConfig(\"newCsc\", {\n allowedPublishers: {\n signingProfileVersionArns: [\n aws_signer_signing_profile.example1.arn,\n aws_signer_signing_profile.example2.arn,\n ],\n },\n policies: {\n untrustedArtifactOnDeployment: \"Warn\",\n },\n description: \"My awesome code signing config.\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nnew_csc = aws.lambda_.CodeSigningConfig(\"newCsc\",\n allowed_publishers=aws.lambda..CodeSigningConfigAllowedPublishersArgs(\n signing_profile_version_arns=[\n aws_signer_signing_profile[\"example1\"][\"arn\"],\n aws_signer_signing_profile[\"example2\"][\"arn\"],\n ],\n ),\n policies=aws.lambda..CodeSigningConfigPoliciesArgs(\n untrusted_artifact_on_deployment=\"Warn\",\n ),\n description=\"My awesome code signing config.\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var newCsc = new Aws.Lambda.CodeSigningConfig(\"newCsc\", new Aws.Lambda.CodeSigningConfigArgs\n {\n AllowedPublishers = new Aws.Lambda.Inputs.CodeSigningConfigAllowedPublishersArgs\n {\n SigningProfileVersionArns = \n {\n aws_signer_signing_profile.Example1.Arn,\n aws_signer_signing_profile.Example2.Arn,\n },\n },\n Policies = new Aws.Lambda.Inputs.CodeSigningConfigPoliciesArgs\n {\n UntrustedArtifactOnDeployment = \"Warn\",\n },\n Description = \"My awesome code signing config.\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewCodeSigningConfig(ctx, \"newCsc\", &lambda.CodeSigningConfigArgs{\n\t\t\tAllowedPublishers: &lambda.CodeSigningConfigAllowedPublishersArgs{\n\t\t\t\tSigningProfileVersionArns: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_signer_signing_profile.Example1.Arn),\n\t\t\t\t\tpulumi.Any(aws_signer_signing_profile.Example2.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPolicies: &lambda.CodeSigningConfigPoliciesArgs{\n\t\t\t\tUntrustedArtifactOnDeployment: pulumi.String(\"Warn\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"My awesome code signing config.\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nCode Signing Configs can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:lambda/codeSigningConfig:CodeSigningConfig imported_csc arn:aws:lambda:us-west-2:123456789012:code-signing-config:csc-0f6c334abcdea4d8b\n```\n\n ", + "properties": { + "allowedPublishers": { + "$ref": "#/types/aws:lambda/CodeSigningConfigAllowedPublishers:CodeSigningConfigAllowedPublishers", + "description": "A configuration block of allowed publishers as signing profiles for this code signing configuration. Detailed below.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the code signing configuration.\n" + }, + "configId": { + "type": "string", + "description": "Unique identifier for the code signing configuration.\n" + }, + "description": { + "type": "string", + "description": "Descriptive name for this code signing configuration.\n" + }, + "lastModified": { + "type": "string", + "description": "The date and time that the code signing configuration was last modified.\n" + }, + "policies": { + "$ref": "#/types/aws:lambda/CodeSigningConfigPolicies:CodeSigningConfigPolicies", + "description": "A configuration block of code signing policies that define the actions to take if the validation checks fail. Detailed below.\n" + } + }, + "required": [ + "allowedPublishers", + "arn", + "configId", + "lastModified", + "policies" + ], + "inputProperties": { + "allowedPublishers": { + "$ref": "#/types/aws:lambda/CodeSigningConfigAllowedPublishers:CodeSigningConfigAllowedPublishers", + "description": "A configuration block of allowed publishers as signing profiles for this code signing configuration. Detailed below.\n" + }, + "description": { + "type": "string", + "description": "Descriptive name for this code signing configuration.\n" + }, + "policies": { + "$ref": "#/types/aws:lambda/CodeSigningConfigPolicies:CodeSigningConfigPolicies", + "description": "A configuration block of code signing policies that define the actions to take if the validation checks fail. Detailed below.\n" + } + }, + "requiredInputs": [ + "allowedPublishers" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CodeSigningConfig resources.\n", + "properties": { + "allowedPublishers": { + "$ref": "#/types/aws:lambda/CodeSigningConfigAllowedPublishers:CodeSigningConfigAllowedPublishers", + "description": "A configuration block of allowed publishers as signing profiles for this code signing configuration. Detailed below.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the code signing configuration.\n" + }, + "configId": { + "type": "string", + "description": "Unique identifier for the code signing configuration.\n" + }, + "description": { + "type": "string", + "description": "Descriptive name for this code signing configuration.\n" + }, + "lastModified": { + "type": "string", + "description": "The date and time that the code signing configuration was last modified.\n" + }, + "policies": { + "$ref": "#/types/aws:lambda/CodeSigningConfigPolicies:CodeSigningConfigPolicies", + "description": "A configuration block of code signing policies that define the actions to take if the validation checks fail. Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:lambda/eventSourceMapping:EventSourceMapping": { + "description": "Provides a Lambda event source mapping. This allows Lambda functions to get events from Kinesis, DynamoDB, SQS and Managed Streaming for Apache Kafka (MSK).\n\nFor information about Lambda and how to use it, see [What is AWS Lambda?](http://docs.aws.amazon.com/lambda/latest/dg/welcome.html).\nFor information about event source mappings, see [CreateEventSourceMapping](http://docs.aws.amazon.com/lambda/latest/dg/API_CreateEventSourceMapping.html) in the API docs.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### DynamoDB\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.EventSourceMapping(\"example\", {\n eventSourceArn: aws_dynamodb_table.example.stream_arn,\n functionName: aws_lambda_function.example.arn,\n startingPosition: \"LATEST\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.EventSourceMapping(\"example\",\n event_source_arn=aws_dynamodb_table[\"example\"][\"stream_arn\"],\n function_name=aws_lambda_function[\"example\"][\"arn\"],\n starting_position=\"LATEST\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.EventSourceMapping(\"example\", new Aws.Lambda.EventSourceMappingArgs\n {\n EventSourceArn = aws_dynamodb_table.Example.Stream_arn,\n FunctionName = aws_lambda_function.Example.Arn,\n StartingPosition = \"LATEST\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewEventSourceMapping(ctx, \"example\", &lambda.EventSourceMappingArgs{\n\t\t\tEventSourceArn: pulumi.Any(aws_dynamodb_table.Example.Stream_arn),\n\t\t\tFunctionName: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tStartingPosition: pulumi.String(\"LATEST\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Kinesis\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.EventSourceMapping(\"example\", {\n eventSourceArn: aws_kinesis_stream.example.arn,\n functionName: aws_lambda_function.example.arn,\n startingPosition: \"LATEST\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.EventSourceMapping(\"example\",\n event_source_arn=aws_kinesis_stream[\"example\"][\"arn\"],\n function_name=aws_lambda_function[\"example\"][\"arn\"],\n starting_position=\"LATEST\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.EventSourceMapping(\"example\", new Aws.Lambda.EventSourceMappingArgs\n {\n EventSourceArn = aws_kinesis_stream.Example.Arn,\n FunctionName = aws_lambda_function.Example.Arn,\n StartingPosition = \"LATEST\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewEventSourceMapping(ctx, \"example\", &lambda.EventSourceMappingArgs{\n\t\t\tEventSourceArn: pulumi.Any(aws_kinesis_stream.Example.Arn),\n\t\t\tFunctionName: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tStartingPosition: pulumi.String(\"LATEST\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Managed Streaming for Apache Kafka (MSK)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.EventSourceMapping(\"example\", {\n eventSourceArn: aws_msk_cluster.example.arn,\n functionName: aws_lambda_function.example.arn,\n topics: [\"Example\"],\n startingPosition: \"TRIM_HORIZON\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.EventSourceMapping(\"example\",\n event_source_arn=aws_msk_cluster[\"example\"][\"arn\"],\n function_name=aws_lambda_function[\"example\"][\"arn\"],\n topics=[\"Example\"],\n starting_position=\"TRIM_HORIZON\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.EventSourceMapping(\"example\", new Aws.Lambda.EventSourceMappingArgs\n {\n EventSourceArn = aws_msk_cluster.Example.Arn,\n FunctionName = aws_lambda_function.Example.Arn,\n Topics = \n {\n \"Example\",\n },\n StartingPosition = \"TRIM_HORIZON\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewEventSourceMapping(ctx, \"example\", &lambda.EventSourceMappingArgs{\n\t\t\tEventSourceArn: pulumi.Any(aws_msk_cluster.Example.Arn),\n\t\t\tFunctionName: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tTopics: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Example\"),\n\t\t\t},\n\t\t\tStartingPosition: pulumi.String(\"TRIM_HORIZON\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Self Managed Apache Kafka\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.EventSourceMapping(\"example\", {\n functionName: aws_lambda_function.example.arn,\n topics: [\"Example\"],\n startingPosition: \"TRIM_HORIZON\",\n selfManagedEventSource: {\n endpoints: {\n KAFKA_BOOTSTRAP_SERVERS: \"kafka1.example.com:9092,kafka2.example.com:9092\",\n },\n },\n sourceAccessConfigurations: [\n {\n type: \"VPC_SUBNET\",\n uri: \"subnet:subnet-example1\",\n },\n {\n type: \"VPC_SUBNET\",\n uri: \"subnet:subnet-example2\",\n },\n {\n type: \"VPC_SECURITY_GROUP\",\n uri: \"security_group:sg-example\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.EventSourceMapping(\"example\",\n function_name=aws_lambda_function[\"example\"][\"arn\"],\n topics=[\"Example\"],\n starting_position=\"TRIM_HORIZON\",\n self_managed_event_source=aws.lambda..EventSourceMappingSelfManagedEventSourceArgs(\n endpoints={\n \"KAFKA_BOOTSTRAP_SERVERS\": \"kafka1.example.com:9092,kafka2.example.com:9092\",\n },\n ),\n source_access_configurations=[\n aws.lambda..EventSourceMappingSourceAccessConfigurationArgs(\n type=\"VPC_SUBNET\",\n uri=\"subnet:subnet-example1\",\n ),\n aws.lambda..EventSourceMappingSourceAccessConfigurationArgs(\n type=\"VPC_SUBNET\",\n uri=\"subnet:subnet-example2\",\n ),\n aws.lambda..EventSourceMappingSourceAccessConfigurationArgs(\n type=\"VPC_SECURITY_GROUP\",\n uri=\"security_group:sg-example\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.EventSourceMapping(\"example\", new Aws.Lambda.EventSourceMappingArgs\n {\n FunctionName = aws_lambda_function.Example.Arn,\n Topics = \n {\n \"Example\",\n },\n StartingPosition = \"TRIM_HORIZON\",\n SelfManagedEventSource = new Aws.Lambda.Inputs.EventSourceMappingSelfManagedEventSourceArgs\n {\n Endpoints = \n {\n { \"KAFKA_BOOTSTRAP_SERVERS\", \"kafka1.example.com:9092,kafka2.example.com:9092\" },\n },\n },\n SourceAccessConfigurations = \n {\n new Aws.Lambda.Inputs.EventSourceMappingSourceAccessConfigurationArgs\n {\n Type = \"VPC_SUBNET\",\n Uri = \"subnet:subnet-example1\",\n },\n new Aws.Lambda.Inputs.EventSourceMappingSourceAccessConfigurationArgs\n {\n Type = \"VPC_SUBNET\",\n Uri = \"subnet:subnet-example2\",\n },\n new Aws.Lambda.Inputs.EventSourceMappingSourceAccessConfigurationArgs\n {\n Type = \"VPC_SECURITY_GROUP\",\n Uri = \"security_group:sg-example\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewEventSourceMapping(ctx, \"example\", &lambda.EventSourceMappingArgs{\n\t\t\tFunctionName: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tTopics: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Example\"),\n\t\t\t},\n\t\t\tStartingPosition: pulumi.String(\"TRIM_HORIZON\"),\n\t\t\tSelfManagedEventSource: &lambda.EventSourceMappingSelfManagedEventSourceArgs{\n\t\t\t\tEndpoints: pulumi.StringMap{\n\t\t\t\t\t\"KAFKA_BOOTSTRAP_SERVERS\": pulumi.String(\"kafka1.example.com:9092,kafka2.example.com:9092\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSourceAccessConfigurations: lambda.EventSourceMappingSourceAccessConfigurationArray{\n\t\t\t\t&lambda.EventSourceMappingSourceAccessConfigurationArgs{\n\t\t\t\t\tType: pulumi.String(\"VPC_SUBNET\"),\n\t\t\t\t\tUri: pulumi.String(\"subnet:subnet-example1\"),\n\t\t\t\t},\n\t\t\t\t&lambda.EventSourceMappingSourceAccessConfigurationArgs{\n\t\t\t\t\tType: pulumi.String(\"VPC_SUBNET\"),\n\t\t\t\t\tUri: pulumi.String(\"subnet:subnet-example2\"),\n\t\t\t\t},\n\t\t\t\t&lambda.EventSourceMappingSourceAccessConfigurationArgs{\n\t\t\t\t\tType: pulumi.String(\"VPC_SECURITY_GROUP\"),\n\t\t\t\t\tUri: pulumi.String(\"security_group:sg-example\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### SQS\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.EventSourceMapping(\"example\", {\n eventSourceArn: aws_sqs_queue.sqs_queue_test.arn,\n functionName: aws_lambda_function.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.EventSourceMapping(\"example\",\n event_source_arn=aws_sqs_queue[\"sqs_queue_test\"][\"arn\"],\n function_name=aws_lambda_function[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.EventSourceMapping(\"example\", new Aws.Lambda.EventSourceMappingArgs\n {\n EventSourceArn = aws_sqs_queue.Sqs_queue_test.Arn,\n FunctionName = aws_lambda_function.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewEventSourceMapping(ctx, \"example\", &lambda.EventSourceMappingArgs{\n\t\t\tEventSourceArn: pulumi.Any(aws_sqs_queue.Sqs_queue_test.Arn),\n\t\t\tFunctionName: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Managed Streaming for Kafka (MSK)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.EventSourceMapping(\"example\", {\n eventSourceArn: aws_msk_cluster.example.arn,\n functionName: aws_lambda_function.example.arn,\n topics: [\"Example\"],\n startingPosition: \"TRIM_HORIZON\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.EventSourceMapping(\"example\",\n event_source_arn=aws_msk_cluster[\"example\"][\"arn\"],\n function_name=aws_lambda_function[\"example\"][\"arn\"],\n topics=[\"Example\"],\n starting_position=\"TRIM_HORIZON\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.EventSourceMapping(\"example\", new Aws.Lambda.EventSourceMappingArgs\n {\n EventSourceArn = aws_msk_cluster.Example.Arn,\n FunctionName = aws_lambda_function.Example.Arn,\n Topics = \n {\n \"Example\",\n },\n StartingPosition = \"TRIM_HORIZON\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewEventSourceMapping(ctx, \"example\", &lambda.EventSourceMappingArgs{\n\t\t\tEventSourceArn: pulumi.Any(aws_msk_cluster.Example.Arn),\n\t\t\tFunctionName: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tTopics: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"Example\"),\n\t\t\t},\n\t\t\tStartingPosition: pulumi.String(\"TRIM_HORIZON\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLambda event source mappings can be imported using the `UUID` (event source mapping identifier), e.g.\n\n```sh\n $ pulumi import aws:lambda/eventSourceMapping:EventSourceMapping event_source_mapping 12345kxodurf3443\n```\n\n ", + "properties": { + "batchSize": { + "type": "integer", + "description": "The largest number of records that Lambda will retrieve from your event source at the time of invocation. Defaults to `100` for DynamoDB, Kinesis, MQ and MSK, `10` for SQS.\n* `bisect_batch_on_function_error`: - (Optional) If the function returns an error, split the batch in two and retry. Only available for stream sources (DynamoDB and Kinesis). Defaults to `false`.\n* `destination_config`: - (Optional) An Amazon SQS queue or Amazon SNS topic destination for failed records. Only available for stream sources (DynamoDB and Kinesis). Detailed below.\n" + }, + "bisectBatchOnFunctionError": { + "type": "boolean" + }, + "destinationConfig": { + "$ref": "#/types/aws:lambda/EventSourceMappingDestinationConfig:EventSourceMappingDestinationConfig" + }, + "enabled": { + "type": "boolean", + "description": "Determines if the mapping will be enabled on creation. Defaults to `true`.\n" + }, + "eventSourceArn": { + "type": "string", + "description": "The event source ARN - this is required for Kinesis stream, DynamoDB stream, SQS queue, MQ broker or MSK cluster. It is incompatible with a Self Managed Kafka source.\n" + }, + "functionArn": { + "type": "string", + "description": "The the ARN of the Lambda function the event source mapping is sending events to. (Note: this is a computed value that differs from `function_name` above.)\n" + }, + "functionName": { + "type": "string", + "description": "The name or the ARN of the Lambda function that will be subscribing to events.\n" + }, + "functionResponseTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of current response type enums applied to the event source mapping for [AWS Lambda checkpointing](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-ddb-batchfailurereporting). Only available for stream sources (DynamoDB and Kinesis). Valid values: `ReportBatchItemFailures`.\n" + }, + "lastModified": { + "type": "string", + "description": "The date this resource was last modified.\n" + }, + "lastProcessingResult": { + "type": "string", + "description": "The result of the last AWS Lambda invocation of your Lambda function.\n" + }, + "maximumBatchingWindowInSeconds": { + "type": "integer", + "description": "The maximum amount of time to gather records before invoking the function, in seconds (between 0 and 300). Records will continue to buffer (or accumulate in the case of an SQS queue event source) until either `maximum_batching_window_in_seconds` expires or `batch_size` has been met. For streaming event sources, defaults to as soon as records are available in the stream. If the batch it reads from the stream/queue only has one record in it, Lambda only sends one record to the function. Only available for stream sources (DynamoDB and Kinesis) and SQS standard queues.\n* `maximum_record_age_in_seconds`: - (Optional) The maximum age of a record that Lambda sends to a function for processing. Only available for stream sources (DynamoDB and Kinesis). Must be either -1 (forever, and the default value) or between 60 and 604800 (inclusive).\n* `maximum_retry_attempts`: - (Optional) The maximum number of times to retry when the function returns an error. Only available for stream sources (DynamoDB and Kinesis). Minimum and default of -1 (forever), maximum of 10000.\n* `parallelization_factor`: - (Optional) The number of batches to process from each shard concurrently. Only available for stream sources (DynamoDB and Kinesis). Minimum and default of 1, maximum of 10.\n" + }, + "maximumRecordAgeInSeconds": { + "type": "integer" + }, + "maximumRetryAttempts": { + "type": "integer" + }, + "parallelizationFactor": { + "type": "integer" + }, + "queues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The name of the Amazon MQ broker destination queue to consume. Only available for MQ sources. A single queue name must be specified.\n* `self_managed_event_source`: - (Optional) For Self Managed Kafka sources, the location of the self managed cluster. If set, configuration must also include `source_access_configuration`. Detailed below.\n* `source_access_configuration`: (Optional) For Self Managed Kafka sources, the access configuration for the source. If set, configuration must also include `self_managed_event_source`. Detailed below.\n" + }, + "selfManagedEventSource": { + "$ref": "#/types/aws:lambda/EventSourceMappingSelfManagedEventSource:EventSourceMappingSelfManagedEventSource" + }, + "sourceAccessConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:lambda/EventSourceMappingSourceAccessConfiguration:EventSourceMappingSourceAccessConfiguration" + } + }, + "startingPosition": { + "type": "string", + "description": "The position in the stream where AWS Lambda should start reading. Must be one of `AT_TIMESTAMP` (Kinesis only), `LATEST` or `TRIM_HORIZON` if getting events from Kinesis, DynamoDB or MSK. Must not be provided if getting events from SQS. More information about these positions can be found in the [AWS DynamoDB Streams API Reference](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_streams_GetShardIterator.html) and [AWS Kinesis API Reference](https://docs.aws.amazon.com/kinesis/latest/APIReference/API_GetShardIterator.html#Kinesis-GetShardIterator-request-ShardIteratorType).\n" + }, + "startingPositionTimestamp": { + "type": "string", + "description": "A timestamp in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) of the data record which to start reading when using `starting_position` set to `AT_TIMESTAMP`. If a record with this exact timestamp does not exist, the next later record is chosen. If the timestamp is older than the current trim horizon, the oldest available record is chosen.\n" + }, + "state": { + "type": "string", + "description": "The state of the event source mapping.\n" + }, + "stateTransitionReason": { + "type": "string", + "description": "The reason the event source mapping is in its current state.\n" + }, + "topics": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The name of the Kafka topics. Only available for MSK sources. A single topic name must be specified.\n" + }, + "tumblingWindowInSeconds": { + "type": "integer", + "description": "The duration in seconds of a processing window for [AWS Lambda streaming analytics](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-windows). The range is between 1 second up to 900 seconds. Only available for stream sources (DynamoDB and Kinesis).\n" + }, + "uuid": { + "type": "string", + "description": "The UUID of the created event source mapping.\n" + } + }, + "required": [ + "functionArn", + "functionName", + "lastModified", + "lastProcessingResult", + "maximumRecordAgeInSeconds", + "maximumRetryAttempts", + "parallelizationFactor", + "state", + "stateTransitionReason", + "uuid" + ], + "inputProperties": { + "batchSize": { + "type": "integer", + "description": "The largest number of records that Lambda will retrieve from your event source at the time of invocation. Defaults to `100` for DynamoDB, Kinesis, MQ and MSK, `10` for SQS.\n* `bisect_batch_on_function_error`: - (Optional) If the function returns an error, split the batch in two and retry. Only available for stream sources (DynamoDB and Kinesis). Defaults to `false`.\n* `destination_config`: - (Optional) An Amazon SQS queue or Amazon SNS topic destination for failed records. Only available for stream sources (DynamoDB and Kinesis). Detailed below.\n" + }, + "bisectBatchOnFunctionError": { + "type": "boolean" + }, + "destinationConfig": { + "$ref": "#/types/aws:lambda/EventSourceMappingDestinationConfig:EventSourceMappingDestinationConfig" + }, + "enabled": { + "type": "boolean", + "description": "Determines if the mapping will be enabled on creation. Defaults to `true`.\n" + }, + "eventSourceArn": { + "type": "string", + "description": "The event source ARN - this is required for Kinesis stream, DynamoDB stream, SQS queue, MQ broker or MSK cluster. It is incompatible with a Self Managed Kafka source.\n" + }, + "functionName": { + "type": "string", + "description": "The name or the ARN of the Lambda function that will be subscribing to events.\n" + }, + "functionResponseTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of current response type enums applied to the event source mapping for [AWS Lambda checkpointing](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-ddb-batchfailurereporting). Only available for stream sources (DynamoDB and Kinesis). Valid values: `ReportBatchItemFailures`.\n" + }, + "maximumBatchingWindowInSeconds": { + "type": "integer", + "description": "The maximum amount of time to gather records before invoking the function, in seconds (between 0 and 300). Records will continue to buffer (or accumulate in the case of an SQS queue event source) until either `maximum_batching_window_in_seconds` expires or `batch_size` has been met. For streaming event sources, defaults to as soon as records are available in the stream. If the batch it reads from the stream/queue only has one record in it, Lambda only sends one record to the function. Only available for stream sources (DynamoDB and Kinesis) and SQS standard queues.\n* `maximum_record_age_in_seconds`: - (Optional) The maximum age of a record that Lambda sends to a function for processing. Only available for stream sources (DynamoDB and Kinesis). Must be either -1 (forever, and the default value) or between 60 and 604800 (inclusive).\n* `maximum_retry_attempts`: - (Optional) The maximum number of times to retry when the function returns an error. Only available for stream sources (DynamoDB and Kinesis). Minimum and default of -1 (forever), maximum of 10000.\n* `parallelization_factor`: - (Optional) The number of batches to process from each shard concurrently. Only available for stream sources (DynamoDB and Kinesis). Minimum and default of 1, maximum of 10.\n" + }, + "maximumRecordAgeInSeconds": { + "type": "integer" + }, + "maximumRetryAttempts": { + "type": "integer" + }, + "parallelizationFactor": { + "type": "integer" + }, + "queues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The name of the Amazon MQ broker destination queue to consume. Only available for MQ sources. A single queue name must be specified.\n* `self_managed_event_source`: - (Optional) For Self Managed Kafka sources, the location of the self managed cluster. If set, configuration must also include `source_access_configuration`. Detailed below.\n* `source_access_configuration`: (Optional) For Self Managed Kafka sources, the access configuration for the source. If set, configuration must also include `self_managed_event_source`. Detailed below.\n" + }, + "selfManagedEventSource": { + "$ref": "#/types/aws:lambda/EventSourceMappingSelfManagedEventSource:EventSourceMappingSelfManagedEventSource" + }, + "sourceAccessConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:lambda/EventSourceMappingSourceAccessConfiguration:EventSourceMappingSourceAccessConfiguration" + } + }, + "startingPosition": { + "type": "string", + "description": "The position in the stream where AWS Lambda should start reading. Must be one of `AT_TIMESTAMP` (Kinesis only), `LATEST` or `TRIM_HORIZON` if getting events from Kinesis, DynamoDB or MSK. Must not be provided if getting events from SQS. More information about these positions can be found in the [AWS DynamoDB Streams API Reference](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_streams_GetShardIterator.html) and [AWS Kinesis API Reference](https://docs.aws.amazon.com/kinesis/latest/APIReference/API_GetShardIterator.html#Kinesis-GetShardIterator-request-ShardIteratorType).\n" + }, + "startingPositionTimestamp": { + "type": "string", + "description": "A timestamp in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) of the data record which to start reading when using `starting_position` set to `AT_TIMESTAMP`. If a record with this exact timestamp does not exist, the next later record is chosen. If the timestamp is older than the current trim horizon, the oldest available record is chosen.\n" + }, + "topics": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The name of the Kafka topics. Only available for MSK sources. A single topic name must be specified.\n" + }, + "tumblingWindowInSeconds": { + "type": "integer", + "description": "The duration in seconds of a processing window for [AWS Lambda streaming analytics](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-windows). The range is between 1 second up to 900 seconds. Only available for stream sources (DynamoDB and Kinesis).\n" + } + }, + "requiredInputs": [ + "functionName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventSourceMapping resources.\n", + "properties": { + "batchSize": { + "type": "integer", + "description": "The largest number of records that Lambda will retrieve from your event source at the time of invocation. Defaults to `100` for DynamoDB, Kinesis, MQ and MSK, `10` for SQS.\n* `bisect_batch_on_function_error`: - (Optional) If the function returns an error, split the batch in two and retry. Only available for stream sources (DynamoDB and Kinesis). Defaults to `false`.\n* `destination_config`: - (Optional) An Amazon SQS queue or Amazon SNS topic destination for failed records. Only available for stream sources (DynamoDB and Kinesis). Detailed below.\n" + }, + "bisectBatchOnFunctionError": { + "type": "boolean" + }, + "destinationConfig": { + "$ref": "#/types/aws:lambda/EventSourceMappingDestinationConfig:EventSourceMappingDestinationConfig" + }, + "enabled": { + "type": "boolean", + "description": "Determines if the mapping will be enabled on creation. Defaults to `true`.\n" + }, + "eventSourceArn": { + "type": "string", + "description": "The event source ARN - this is required for Kinesis stream, DynamoDB stream, SQS queue, MQ broker or MSK cluster. It is incompatible with a Self Managed Kafka source.\n" + }, + "functionArn": { + "type": "string", + "description": "The the ARN of the Lambda function the event source mapping is sending events to. (Note: this is a computed value that differs from `function_name` above.)\n" + }, + "functionName": { + "type": "string", + "description": "The name or the ARN of the Lambda function that will be subscribing to events.\n" + }, + "functionResponseTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of current response type enums applied to the event source mapping for [AWS Lambda checkpointing](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html#services-ddb-batchfailurereporting). Only available for stream sources (DynamoDB and Kinesis). Valid values: `ReportBatchItemFailures`.\n" + }, + "lastModified": { + "type": "string", + "description": "The date this resource was last modified.\n" + }, + "lastProcessingResult": { + "type": "string", + "description": "The result of the last AWS Lambda invocation of your Lambda function.\n" + }, + "maximumBatchingWindowInSeconds": { + "type": "integer", + "description": "The maximum amount of time to gather records before invoking the function, in seconds (between 0 and 300). Records will continue to buffer (or accumulate in the case of an SQS queue event source) until either `maximum_batching_window_in_seconds` expires or `batch_size` has been met. For streaming event sources, defaults to as soon as records are available in the stream. If the batch it reads from the stream/queue only has one record in it, Lambda only sends one record to the function. Only available for stream sources (DynamoDB and Kinesis) and SQS standard queues.\n* `maximum_record_age_in_seconds`: - (Optional) The maximum age of a record that Lambda sends to a function for processing. Only available for stream sources (DynamoDB and Kinesis). Must be either -1 (forever, and the default value) or between 60 and 604800 (inclusive).\n* `maximum_retry_attempts`: - (Optional) The maximum number of times to retry when the function returns an error. Only available for stream sources (DynamoDB and Kinesis). Minimum and default of -1 (forever), maximum of 10000.\n* `parallelization_factor`: - (Optional) The number of batches to process from each shard concurrently. Only available for stream sources (DynamoDB and Kinesis). Minimum and default of 1, maximum of 10.\n" + }, + "maximumRecordAgeInSeconds": { + "type": "integer" + }, + "maximumRetryAttempts": { + "type": "integer" + }, + "parallelizationFactor": { + "type": "integer" + }, + "queues": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The name of the Amazon MQ broker destination queue to consume. Only available for MQ sources. A single queue name must be specified.\n* `self_managed_event_source`: - (Optional) For Self Managed Kafka sources, the location of the self managed cluster. If set, configuration must also include `source_access_configuration`. Detailed below.\n* `source_access_configuration`: (Optional) For Self Managed Kafka sources, the access configuration for the source. If set, configuration must also include `self_managed_event_source`. Detailed below.\n" + }, + "selfManagedEventSource": { + "$ref": "#/types/aws:lambda/EventSourceMappingSelfManagedEventSource:EventSourceMappingSelfManagedEventSource" + }, + "sourceAccessConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:lambda/EventSourceMappingSourceAccessConfiguration:EventSourceMappingSourceAccessConfiguration" + } + }, + "startingPosition": { + "type": "string", + "description": "The position in the stream where AWS Lambda should start reading. Must be one of `AT_TIMESTAMP` (Kinesis only), `LATEST` or `TRIM_HORIZON` if getting events from Kinesis, DynamoDB or MSK. Must not be provided if getting events from SQS. More information about these positions can be found in the [AWS DynamoDB Streams API Reference](https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_streams_GetShardIterator.html) and [AWS Kinesis API Reference](https://docs.aws.amazon.com/kinesis/latest/APIReference/API_GetShardIterator.html#Kinesis-GetShardIterator-request-ShardIteratorType).\n" + }, + "startingPositionTimestamp": { + "type": "string", + "description": "A timestamp in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) of the data record which to start reading when using `starting_position` set to `AT_TIMESTAMP`. If a record with this exact timestamp does not exist, the next later record is chosen. If the timestamp is older than the current trim horizon, the oldest available record is chosen.\n" + }, + "state": { + "type": "string", + "description": "The state of the event source mapping.\n" + }, + "stateTransitionReason": { + "type": "string", + "description": "The reason the event source mapping is in its current state.\n" + }, + "topics": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The name of the Kafka topics. Only available for MSK sources. A single topic name must be specified.\n" + }, + "tumblingWindowInSeconds": { + "type": "integer", + "description": "The duration in seconds of a processing window for [AWS Lambda streaming analytics](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html#services-kinesis-windows). The range is between 1 second up to 900 seconds. Only available for stream sources (DynamoDB and Kinesis).\n" + }, + "uuid": { + "type": "string", + "description": "The UUID of the created event source mapping.\n" + } + }, + "type": "object" + } + }, + "aws:lambda/function:Function": { + "description": "Provides a Lambda Function resource. Lambda allows you to trigger execution of code in response to events in AWS, enabling serverless backend solutions. The Lambda Function itself includes source code and runtime configuration.\n\nFor information about Lambda and how to use it, see [What is AWS Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)\n\n> To give an external source (like a CloudWatch Event Rule, SNS, or S3) permission to access the Lambda function, use the `aws.lambda.Permission` resource. See [Lambda ****Permission Model][4] for more details. On the other hand, the `role` argument of this resource is the function's execution role for identity and access to AWS services and resources.\n\nAWS Lambda expects source code to be provided as a deployment package whose structure varies depending on which `runtime` is in use. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for the valid values of `runtime`. The expected structure of the deployment package can be found in [the AWS Lambda documentation for each runtime](https://docs.aws.amazon.com/lambda/latest/dg/deployment-package-v2.html).\nOnce you have created your deployment package you can specify it either directly as a local file (using the `filename` argument) or indirectly via Amazon S3 (using the `s3_bucket`, `s3_key` and `s3_object_version` arguments). When providing the deployment package via S3 it may be useful to use the `aws.s3.BucketObject` resource to upload it.\nFor larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading large files efficiently.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Lambda Layers\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLayerVersion = new aws.lambda.LayerVersion(\"exampleLayerVersion\", {});\n// ... other configuration ...\nconst exampleFunction = new aws.lambda.Function(\"exampleFunction\", {layers: [exampleLayerVersion.arn]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_layer_version = aws.lambda_.LayerVersion(\"exampleLayerVersion\")\n# ... other configuration ...\nexample_function = aws.lambda_.Function(\"exampleFunction\", layers=[example_layer_version.arn])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLayerVersion = new Aws.Lambda.LayerVersion(\"exampleLayerVersion\", new Aws.Lambda.LayerVersionArgs\n {\n });\n // ... other configuration ...\n var exampleFunction = new Aws.Lambda.Function(\"exampleFunction\", new Aws.Lambda.FunctionArgs\n {\n Layers = \n {\n exampleLayerVersion.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLayerVersion, err := lambda.NewLayerVersion(ctx, \"exampleLayerVersion\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"exampleFunction\", &lambda.FunctionArgs{\n\t\t\tLayers: pulumi.StringArray{\n\t\t\t\texampleLayerVersion.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Lambda File Systems\n\nLambda File Systems allow you to connect an Amazon Elastic File System (EFS) file system to a Lambda function to share data across function invocations, access existing data including large files, and save function state.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// EFS file system\nconst efsForLambda = new aws.efs.FileSystem(\"efsForLambda\", {tags: {\n Name: \"efs_for_lambda\",\n}});\n// Mount target connects the file system to the subnet\nconst alpha = new aws.efs.MountTarget(\"alpha\", {\n fileSystemId: efsForLambda.id,\n subnetId: aws_subnet.subnet_for_lambda.id,\n securityGroups: [aws_security_group.sg_for_lambda.id],\n});\n// EFS access point used by lambda file system\nconst accessPointForLambda = new aws.efs.AccessPoint(\"accessPointForLambda\", {\n fileSystemId: efsForLambda.id,\n rootDirectory: {\n path: \"/lambda\",\n creationInfo: {\n ownerGid: 1000,\n ownerUid: 1000,\n permissions: \"777\",\n },\n },\n posixUser: {\n gid: 1000,\n uid: 1000,\n },\n});\n// A lambda function connected to an EFS file system\n// ... other configuration ...\nconst example = new aws.lambda.Function(\"example\", {\n fileSystemConfig: {\n arn: accessPointForLambda.arn,\n localMountPath: \"/mnt/efs\",\n },\n vpcConfig: {\n subnetIds: [aws_subnet.subnet_for_lambda.id],\n securityGroupIds: [aws_security_group.sg_for_lambda.id],\n },\n}, {\n dependsOn: [alpha],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# EFS file system\nefs_for_lambda = aws.efs.FileSystem(\"efsForLambda\", tags={\n \"Name\": \"efs_for_lambda\",\n})\n# Mount target connects the file system to the subnet\nalpha = aws.efs.MountTarget(\"alpha\",\n file_system_id=efs_for_lambda.id,\n subnet_id=aws_subnet[\"subnet_for_lambda\"][\"id\"],\n security_groups=[aws_security_group[\"sg_for_lambda\"][\"id\"]])\n# EFS access point used by lambda file system\naccess_point_for_lambda = aws.efs.AccessPoint(\"accessPointForLambda\",\n file_system_id=efs_for_lambda.id,\n root_directory=aws.efs.AccessPointRootDirectoryArgs(\n path=\"/lambda\",\n creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(\n owner_gid=1000,\n owner_uid=1000,\n permissions=\"777\",\n ),\n ),\n posix_user=aws.efs.AccessPointPosixUserArgs(\n gid=1000,\n uid=1000,\n ))\n# A lambda function connected to an EFS file system\n# ... other configuration ...\nexample = aws.lambda_.Function(\"example\",\n file_system_config=aws.lambda..FunctionFileSystemConfigArgs(\n arn=access_point_for_lambda.arn,\n local_mount_path=\"/mnt/efs\",\n ),\n vpc_config=aws.lambda..FunctionVpcConfigArgs(\n subnet_ids=[aws_subnet[\"subnet_for_lambda\"][\"id\"]],\n security_group_ids=[aws_security_group[\"sg_for_lambda\"][\"id\"]],\n ),\n opts=pulumi.ResourceOptions(depends_on=[alpha]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // EFS file system\n var efsForLambda = new Aws.Efs.FileSystem(\"efsForLambda\", new Aws.Efs.FileSystemArgs\n {\n Tags = \n {\n { \"Name\", \"efs_for_lambda\" },\n },\n });\n // Mount target connects the file system to the subnet\n var alpha = new Aws.Efs.MountTarget(\"alpha\", new Aws.Efs.MountTargetArgs\n {\n FileSystemId = efsForLambda.Id,\n SubnetId = aws_subnet.Subnet_for_lambda.Id,\n SecurityGroups = \n {\n aws_security_group.Sg_for_lambda.Id,\n },\n });\n // EFS access point used by lambda file system\n var accessPointForLambda = new Aws.Efs.AccessPoint(\"accessPointForLambda\", new Aws.Efs.AccessPointArgs\n {\n FileSystemId = efsForLambda.Id,\n RootDirectory = new Aws.Efs.Inputs.AccessPointRootDirectoryArgs\n {\n Path = \"/lambda\",\n CreationInfo = new Aws.Efs.Inputs.AccessPointRootDirectoryCreationInfoArgs\n {\n OwnerGid = 1000,\n OwnerUid = 1000,\n Permissions = \"777\",\n },\n },\n PosixUser = new Aws.Efs.Inputs.AccessPointPosixUserArgs\n {\n Gid = 1000,\n Uid = 1000,\n },\n });\n // A lambda function connected to an EFS file system\n // ... other configuration ...\n var example = new Aws.Lambda.Function(\"example\", new Aws.Lambda.FunctionArgs\n {\n FileSystemConfig = new Aws.Lambda.Inputs.FunctionFileSystemConfigArgs\n {\n Arn = accessPointForLambda.Arn,\n LocalMountPath = \"/mnt/efs\",\n },\n VpcConfig = new Aws.Lambda.Inputs.FunctionVpcConfigArgs\n {\n SubnetIds = \n {\n aws_subnet.Subnet_for_lambda.Id,\n },\n SecurityGroupIds = \n {\n aws_security_group.Sg_for_lambda.Id,\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n alpha,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tefsForLambda, err := efs.NewFileSystem(ctx, \"efsForLambda\", &efs.FileSystemArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"efs_for_lambda\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\talpha, err := efs.NewMountTarget(ctx, \"alpha\", &efs.MountTargetArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Subnet_for_lambda.Id),\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Sg_for_lambda.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\taccessPointForLambda, err := efs.NewAccessPoint(ctx, \"accessPointForLambda\", &efs.AccessPointArgs{\n\t\t\tFileSystemId: efsForLambda.ID(),\n\t\t\tRootDirectory: &efs.AccessPointRootDirectoryArgs{\n\t\t\t\tPath: pulumi.String(\"/lambda\"),\n\t\t\t\tCreationInfo: &efs.AccessPointRootDirectoryCreationInfoArgs{\n\t\t\t\t\tOwnerGid: pulumi.Int(1000),\n\t\t\t\t\tOwnerUid: pulumi.Int(1000),\n\t\t\t\t\tPermissions: pulumi.String(\"777\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tPosixUser: &efs.AccessPointPosixUserArgs{\n\t\t\t\tGid: pulumi.Int(1000),\n\t\t\t\tUid: pulumi.Int(1000),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"example\", &lambda.FunctionArgs{\n\t\t\tFileSystemConfig: &lambda.FunctionFileSystemConfigArgs{\n\t\t\t\tArn: accessPointForLambda.Arn,\n\t\t\t\tLocalMountPath: pulumi.String(\"/mnt/efs\"),\n\t\t\t},\n\t\t\tVpcConfig: &lambda.FunctionVpcConfigArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_subnet.Subnet_for_lambda.Id),\n\t\t\t\t},\n\t\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_security_group.Sg_for_lambda.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\talpha,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### CloudWatch Logging and Permissions\n\nFor more information about CloudWatch Logs for Lambda, see the [Lambda User Guide](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lambdaFunctionName = config.get(\"lambdaFunctionName\") || \"lambda_function_name\";\n// This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n// If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nconst example = new aws.cloudwatch.LogGroup(\"example\", {retentionInDays: 14});\n// See also the following AWS managed policy: AWSLambdaBasicExecutionRole\nconst lambdaLogging = new aws.iam.Policy(\"lambdaLogging\", {\n path: \"/\",\n description: \"IAM policy for logging from a lambda\",\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ],\n \"Resource\": \"arn:aws:logs:*:*:*\",\n \"Effect\": \"Allow\"\n }\n ]\n}\n`,\n});\nconst lambdaLogs = new aws.iam.RolePolicyAttachment(\"lambdaLogs\", {\n role: aws_iam_role.iam_for_lambda.name,\n policyArn: lambdaLogging.arn,\n});\nconst testLambda = new aws.lambda.Function(\"testLambda\", {}, {\n dependsOn: [\n lambdaLogs,\n example,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlambda_function_name = config.get(\"lambdaFunctionName\")\nif lambda_function_name is None:\n lambda_function_name = \"lambda_function_name\"\n# This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n# If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\nexample = aws.cloudwatch.LogGroup(\"example\", retention_in_days=14)\n# See also the following AWS managed policy: AWSLambdaBasicExecutionRole\nlambda_logging = aws.iam.Policy(\"lambdaLogging\",\n path=\"/\",\n description=\"IAM policy for logging from a lambda\",\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"logs:CreateLogGroup\",\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\"\n ],\n \"Resource\": \"arn:aws:logs:*:*:*\",\n \"Effect\": \"Allow\"\n }\n ]\n}\n\"\"\")\nlambda_logs = aws.iam.RolePolicyAttachment(\"lambdaLogs\",\n role=aws_iam_role[\"iam_for_lambda\"][\"name\"],\n policy_arn=lambda_logging.arn)\ntest_lambda = aws.lambda_.Function(\"testLambda\", opts=pulumi.ResourceOptions(depends_on=[\n lambda_logs,\n example,\n ]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lambdaFunctionName = config.Get(\"lambdaFunctionName\") ?? \"lambda_function_name\";\n // This is to optionally manage the CloudWatch Log Group for the Lambda Function.\n // If skipping this resource configuration, also add \"logs:CreateLogGroup\" to the IAM policy below.\n var example = new Aws.CloudWatch.LogGroup(\"example\", new Aws.CloudWatch.LogGroupArgs\n {\n RetentionInDays = 14,\n });\n // See also the following AWS managed policy: AWSLambdaBasicExecutionRole\n var lambdaLogging = new Aws.Iam.Policy(\"lambdaLogging\", new Aws.Iam.PolicyArgs\n {\n Path = \"/\",\n Description = \"IAM policy for logging from a lambda\",\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": [\n \"\"logs:CreateLogGroup\"\",\n \"\"logs:CreateLogStream\"\",\n \"\"logs:PutLogEvents\"\"\n ],\n \"\"Resource\"\": \"\"arn:aws:logs:*:*:*\"\",\n \"\"Effect\"\": \"\"Allow\"\"\n }\n ]\n}\n\",\n });\n var lambdaLogs = new Aws.Iam.RolePolicyAttachment(\"lambdaLogs\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = aws_iam_role.Iam_for_lambda.Name,\n PolicyArn = lambdaLogging.Arn,\n });\n var testLambda = new Aws.Lambda.Function(\"testLambda\", new Aws.Lambda.FunctionArgs\n {\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n lambdaLogs,\n example,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlambdaFunctionName := \"lambda_function_name\"\n\t\tif param := cfg.Get(\"lambdaFunctionName\"); param != \"\" {\n\t\t\tlambdaFunctionName = param\n\t\t}\n\t\texample, err := cloudwatch.NewLogGroup(ctx, \"example\", &cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(14),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLogging, err := iam.NewPolicy(ctx, \"lambdaLogging\", &iam.PolicyArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tDescription: pulumi.String(\"IAM policy for logging from a lambda\"),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"logs:CreateLogGroup\\\",\\n\", \" \\\"logs:CreateLogStream\\\",\\n\", \" \\\"logs:PutLogEvents\\\"\\n\", \" ],\\n\", \" \\\"Resource\\\": \\\"arn:aws:logs:*:*:*\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tlambdaLogs, err := iam.NewRolePolicyAttachment(ctx, \"lambdaLogs\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: pulumi.Any(aws_iam_role.Iam_for_lambda.Name),\n\t\t\tPolicyArn: lambdaLogging.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"testLambda\", nil, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tlambdaLogs,\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLambda Functions can be imported using the `function_name`, e.g.\n\n```sh\n $ pulumi import aws:lambda/function:Function test_lambda my_test_lambda_function\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.\n" + }, + "code": { + "$ref": "pulumi.json#/Archive", + "description": "Path to the function's deployment package within the local filesystem. Conflicts with `image_uri`, `s3_bucket`, `s3_key`, and `s3_object_version`.\n" + }, + "codeSigningConfigArn": { + "type": "string", + "description": "To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.\n" + }, + "deadLetterConfig": { + "$ref": "#/types/aws:lambda/FunctionDeadLetterConfig:FunctionDeadLetterConfig", + "description": "Configuration block. Detailed below.\n" + }, + "description": { + "type": "string", + "description": "Description of what your Lambda Function does.\n" + }, + "environment": { + "$ref": "#/types/aws:lambda/FunctionEnvironment:FunctionEnvironment", + "description": "Configuration block. Detailed below.\n" + }, + "fileSystemConfig": { + "$ref": "#/types/aws:lambda/FunctionFileSystemConfig:FunctionFileSystemConfig", + "description": "Configuration block. Detailed below.\n" + }, + "handler": { + "type": "string", + "description": "Function [entrypoint](https://docs.aws.amazon.com/lambda/latest/dg/walkthrough-custom-events-create-test-function.html) in your code.\n" + }, + "imageConfig": { + "$ref": "#/types/aws:lambda/FunctionImageConfig:FunctionImageConfig", + "description": "Configuration block. Detailed below.\n" + }, + "imageUri": { + "type": "string", + "description": "ECR image URI containing the function's deployment package. Conflicts with `filename`, `s3_bucket`, `s3_key`, and `s3_object_version`.\n" + }, + "invokeArn": { + "type": "string", + "description": "ARN to be used for invoking Lambda Function from API Gateway - to be used in `aws.apigateway.Integration`'s `uri`.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.\n" + }, + "lastModified": { + "type": "string", + "description": "Date this resource was last modified.\n" + }, + "layers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See [Lambda Layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html)\n" + }, + "memorySize": { + "type": "integer", + "description": "Amount of memory in MB your Lambda Function can use at runtime. Defaults to `128`. See [Limits](https://docs.aws.amazon.com/lambda/latest/dg/limits.html)\n" + }, + "name": { + "type": "string", + "description": "Unique name for your Lambda Function.\n" + }, + "packageType": { + "type": "string", + "description": "Lambda deployment package type. Valid values are `Zip` and `Image`. Defaults to `Zip`.\n" + }, + "publish": { + "type": "boolean", + "description": "Whether to publish creation/change as new Lambda Function Version. Defaults to `false`.\n" + }, + "qualifiedArn": { + "type": "string", + "description": "ARN identifying your Lambda Function Version (if versioning is enabled via `publish = true`).\n" + }, + "reservedConcurrentExecutions": { + "type": "integer", + "description": "Amount of reserved concurrent executions for this lambda function. A value of `0` disables lambda from being triggered and `-1` removes any concurrency limitations. Defaults to Unreserved Concurrency Limits `-1`. See [Managing Concurrency](https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html)\n" + }, + "role": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.\n" + }, + "runtime": { + "type": "string", + "description": "Identifier of the function's runtime. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for valid values.\n" + }, + "s3Bucket": { + "type": "string", + "description": "S3 bucket location containing the function's deployment package. Conflicts with `filename` and `image_uri`. This bucket must reside in the same AWS region where you are creating the Lambda function.\n" + }, + "s3Key": { + "type": "string", + "description": "S3 key of an object containing the function's deployment package. Conflicts with `filename` and `image_uri`.\n" + }, + "s3ObjectVersion": { + "type": "string", + "description": "Object version containing the function's deployment package. Conflicts with `filename` and `image_uri`.\n" + }, + "signingJobArn": { + "type": "string", + "description": "ARN of the signing job.\n" + }, + "signingProfileVersionArn": { + "type": "string", + "description": "ARN of the signing profile version.\n" + }, + "sourceCodeHash": { + "type": "string", + "description": "Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either `filename` or `s3_key`. The usual way to set this is `filebase64sha256(\"file.zip\")`, where \"file.zip\" is the local filename of the lambda function source archive.\n" + }, + "sourceCodeSize": { + "type": "integer", + "description": "Size in bytes of the function .zip file.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the object.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timeout": { + "type": "integer", + "description": "Amount of time your Lambda Function has to run in seconds. Defaults to `3`. See [Limits](https://docs.aws.amazon.com/lambda/latest/dg/limits.html).\n" + }, + "tracingConfig": { + "$ref": "#/types/aws:lambda/FunctionTracingConfig:FunctionTracingConfig", + "description": "Configuration block. Detailed below.\n" + }, + "version": { + "type": "string", + "description": "Latest published version of your Lambda Function.\n* `vpc_config.vpc_id` - ID of the VPC.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:lambda/FunctionVpcConfig:FunctionVpcConfig", + "description": "Configuration block. Detailed below.\n" + } + }, + "required": [ + "arn", + "name", + "invokeArn", + "lastModified", + "qualifiedArn", + "role", + "signingJobArn", + "signingProfileVersionArn", + "sourceCodeHash", + "sourceCodeSize", + "tagsAll", + "tracingConfig", + "version" + ], + "inputProperties": { + "code": { + "$ref": "pulumi.json#/Archive", + "description": "Path to the function's deployment package within the local filesystem. Conflicts with `image_uri`, `s3_bucket`, `s3_key`, and `s3_object_version`.\n" + }, + "codeSigningConfigArn": { + "type": "string", + "description": "To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.\n" + }, + "deadLetterConfig": { + "$ref": "#/types/aws:lambda/FunctionDeadLetterConfig:FunctionDeadLetterConfig", + "description": "Configuration block. Detailed below.\n" + }, + "description": { + "type": "string", + "description": "Description of what your Lambda Function does.\n" + }, + "environment": { + "$ref": "#/types/aws:lambda/FunctionEnvironment:FunctionEnvironment", + "description": "Configuration block. Detailed below.\n" + }, + "fileSystemConfig": { + "$ref": "#/types/aws:lambda/FunctionFileSystemConfig:FunctionFileSystemConfig", + "description": "Configuration block. Detailed below.\n" + }, + "handler": { + "type": "string", + "description": "Function [entrypoint](https://docs.aws.amazon.com/lambda/latest/dg/walkthrough-custom-events-create-test-function.html) in your code.\n" + }, + "imageConfig": { + "$ref": "#/types/aws:lambda/FunctionImageConfig:FunctionImageConfig", + "description": "Configuration block. Detailed below.\n" + }, + "imageUri": { + "type": "string", + "description": "ECR image URI containing the function's deployment package. Conflicts with `filename`, `s3_bucket`, `s3_key`, and `s3_object_version`.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.\n" + }, + "layers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See [Lambda Layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html)\n" + }, + "memorySize": { + "type": "integer", + "description": "Amount of memory in MB your Lambda Function can use at runtime. Defaults to `128`. See [Limits](https://docs.aws.amazon.com/lambda/latest/dg/limits.html)\n" + }, + "name": { + "type": "string", + "description": "Unique name for your Lambda Function.\n" + }, + "packageType": { + "type": "string", + "description": "Lambda deployment package type. Valid values are `Zip` and `Image`. Defaults to `Zip`.\n" + }, + "publish": { + "type": "boolean", + "description": "Whether to publish creation/change as new Lambda Function Version. Defaults to `false`.\n" + }, + "reservedConcurrentExecutions": { + "type": "integer", + "description": "Amount of reserved concurrent executions for this lambda function. A value of `0` disables lambda from being triggered and `-1` removes any concurrency limitations. Defaults to Unreserved Concurrency Limits `-1`. See [Managing Concurrency](https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html)\n" + }, + "role": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.\n" + }, + "runtime": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:lambda/Runtime:Runtime" + } + ], + "description": "Identifier of the function's runtime. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for valid values.\n" + }, + "s3Bucket": { + "type": "string", + "description": "S3 bucket location containing the function's deployment package. Conflicts with `filename` and `image_uri`. This bucket must reside in the same AWS region where you are creating the Lambda function.\n" + }, + "s3Key": { + "type": "string", + "description": "S3 key of an object containing the function's deployment package. Conflicts with `filename` and `image_uri`.\n" + }, + "s3ObjectVersion": { + "type": "string", + "description": "Object version containing the function's deployment package. Conflicts with `filename` and `image_uri`.\n" + }, + "sourceCodeHash": { + "type": "string", + "description": "Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either `filename` or `s3_key`. The usual way to set this is `filebase64sha256(\"file.zip\")`, where \"file.zip\" is the local filename of the lambda function source archive.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the object.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timeout": { + "type": "integer", + "description": "Amount of time your Lambda Function has to run in seconds. Defaults to `3`. See [Limits](https://docs.aws.amazon.com/lambda/latest/dg/limits.html).\n" + }, + "tracingConfig": { + "$ref": "#/types/aws:lambda/FunctionTracingConfig:FunctionTracingConfig", + "description": "Configuration block. Detailed below.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:lambda/FunctionVpcConfig:FunctionVpcConfig", + "description": "Configuration block. Detailed below.\n" + } + }, + "requiredInputs": [ + "role" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Function resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Amazon EFS Access Point that provides access to the file system.\n" + }, + "code": { + "$ref": "pulumi.json#/Archive", + "description": "Path to the function's deployment package within the local filesystem. Conflicts with `image_uri`, `s3_bucket`, `s3_key`, and `s3_object_version`.\n" + }, + "codeSigningConfigArn": { + "type": "string", + "description": "To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.\n" + }, + "deadLetterConfig": { + "$ref": "#/types/aws:lambda/FunctionDeadLetterConfig:FunctionDeadLetterConfig", + "description": "Configuration block. Detailed below.\n" + }, + "description": { + "type": "string", + "description": "Description of what your Lambda Function does.\n" + }, + "environment": { + "$ref": "#/types/aws:lambda/FunctionEnvironment:FunctionEnvironment", + "description": "Configuration block. Detailed below.\n" + }, + "fileSystemConfig": { + "$ref": "#/types/aws:lambda/FunctionFileSystemConfig:FunctionFileSystemConfig", + "description": "Configuration block. Detailed below.\n" + }, + "handler": { + "type": "string", + "description": "Function [entrypoint](https://docs.aws.amazon.com/lambda/latest/dg/walkthrough-custom-events-create-test-function.html) in your code.\n" + }, + "imageConfig": { + "$ref": "#/types/aws:lambda/FunctionImageConfig:FunctionImageConfig", + "description": "Configuration block. Detailed below.\n" + }, + "imageUri": { + "type": "string", + "description": "ECR image URI containing the function's deployment package. Conflicts with `filename`, `s3_bucket`, `s3_key`, and `s3_object_version`.\n" + }, + "invokeArn": { + "type": "string", + "description": "ARN to be used for invoking Lambda Function from API Gateway - to be used in `aws.apigateway.Integration`'s `uri`.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the AWS Key Management Service (KMS) key that is used to encrypt environment variables. If this configuration is not provided when environment variables are in use, AWS Lambda uses a default service key. If this configuration is provided when environment variables are not in use, the AWS Lambda API does not save this configuration and the provider will show a perpetual difference of adding the key. To fix the perpetual difference, remove this configuration.\n" + }, + "lastModified": { + "type": "string", + "description": "Date this resource was last modified.\n" + }, + "layers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Lambda Layer Version ARNs (maximum of 5) to attach to your Lambda Function. See [Lambda Layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html)\n" + }, + "memorySize": { + "type": "integer", + "description": "Amount of memory in MB your Lambda Function can use at runtime. Defaults to `128`. See [Limits](https://docs.aws.amazon.com/lambda/latest/dg/limits.html)\n" + }, + "name": { + "type": "string", + "description": "Unique name for your Lambda Function.\n" + }, + "packageType": { + "type": "string", + "description": "Lambda deployment package type. Valid values are `Zip` and `Image`. Defaults to `Zip`.\n" + }, + "publish": { + "type": "boolean", + "description": "Whether to publish creation/change as new Lambda Function Version. Defaults to `false`.\n" + }, + "qualifiedArn": { + "type": "string", + "description": "ARN identifying your Lambda Function Version (if versioning is enabled via `publish = true`).\n" + }, + "reservedConcurrentExecutions": { + "type": "integer", + "description": "Amount of reserved concurrent executions for this lambda function. A value of `0` disables lambda from being triggered and `-1` removes any concurrency limitations. Defaults to Unreserved Concurrency Limits `-1`. See [Managing Concurrency](https://docs.aws.amazon.com/lambda/latest/dg/concurrent-executions.html)\n" + }, + "role": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "Amazon Resource Name (ARN) of the function's execution role. The role provides the function's identity and access to AWS services and resources.\n" + }, + "runtime": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:lambda/Runtime:Runtime" + } + ], + "description": "Identifier of the function's runtime. See [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime) for valid values.\n" + }, + "s3Bucket": { + "type": "string", + "description": "S3 bucket location containing the function's deployment package. Conflicts with `filename` and `image_uri`. This bucket must reside in the same AWS region where you are creating the Lambda function.\n" + }, + "s3Key": { + "type": "string", + "description": "S3 key of an object containing the function's deployment package. Conflicts with `filename` and `image_uri`.\n" + }, + "s3ObjectVersion": { + "type": "string", + "description": "Object version containing the function's deployment package. Conflicts with `filename` and `image_uri`.\n" + }, + "signingJobArn": { + "type": "string", + "description": "ARN of the signing job.\n" + }, + "signingProfileVersionArn": { + "type": "string", + "description": "ARN of the signing profile version.\n" + }, + "sourceCodeHash": { + "type": "string", + "description": "Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either `filename` or `s3_key`. The usual way to set this is `filebase64sha256(\"file.zip\")`, where \"file.zip\" is the local filename of the lambda function source archive.\n" + }, + "sourceCodeSize": { + "type": "integer", + "description": "Size in bytes of the function .zip file.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the object.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timeout": { + "type": "integer", + "description": "Amount of time your Lambda Function has to run in seconds. Defaults to `3`. See [Limits](https://docs.aws.amazon.com/lambda/latest/dg/limits.html).\n" + }, + "tracingConfig": { + "$ref": "#/types/aws:lambda/FunctionTracingConfig:FunctionTracingConfig", + "description": "Configuration block. Detailed below.\n" + }, + "version": { + "type": "string", + "description": "Latest published version of your Lambda Function.\n* `vpc_config.vpc_id` - ID of the VPC.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:lambda/FunctionVpcConfig:FunctionVpcConfig", + "description": "Configuration block. Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:lambda/functionEventInvokeConfig:FunctionEventInvokeConfig": { + "description": "Manages an asynchronous invocation configuration for a Lambda Function or Alias. More information about asynchronous invocations and the configurable values can be found in the [Lambda Developer Guide](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Destination Configuration\n\n> **NOTE:** Ensure the Lambda Function IAM Role has necessary permissions for the destination, such as `sqs:SendMessage` or `sns:Publish`, otherwise the API will return a generic `InvalidParameterValueException: The destination ARN arn:PARTITION:SERVICE:REGION:ACCOUNT:RESOURCE is invalid.` error.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.FunctionEventInvokeConfig(\"example\", {\n functionName: aws_lambda_alias.example.function_name,\n destinationConfig: {\n onFailure: {\n destination: aws_sqs_queue.example.arn,\n },\n onSuccess: {\n destination: aws_sns_topic.example.arn,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.FunctionEventInvokeConfig(\"example\",\n function_name=aws_lambda_alias[\"example\"][\"function_name\"],\n destination_config=aws.lambda..FunctionEventInvokeConfigDestinationConfigArgs(\n on_failure=aws.lambda..FunctionEventInvokeConfigDestinationConfigOnFailureArgs(\n destination=aws_sqs_queue[\"example\"][\"arn\"],\n ),\n on_success=aws.lambda..FunctionEventInvokeConfigDestinationConfigOnSuccessArgs(\n destination=aws_sns_topic[\"example\"][\"arn\"],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.FunctionEventInvokeConfig(\"example\", new Aws.Lambda.FunctionEventInvokeConfigArgs\n {\n FunctionName = aws_lambda_alias.Example.Function_name,\n DestinationConfig = new Aws.Lambda.Inputs.FunctionEventInvokeConfigDestinationConfigArgs\n {\n OnFailure = new Aws.Lambda.Inputs.FunctionEventInvokeConfigDestinationConfigOnFailureArgs\n {\n Destination = aws_sqs_queue.Example.Arn,\n },\n OnSuccess = new Aws.Lambda.Inputs.FunctionEventInvokeConfigDestinationConfigOnSuccessArgs\n {\n Destination = aws_sns_topic.Example.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewFunctionEventInvokeConfig(ctx, \"example\", &lambda.FunctionEventInvokeConfigArgs{\n\t\t\tFunctionName: pulumi.Any(aws_lambda_alias.Example.Function_name),\n\t\t\tDestinationConfig: &lambda.FunctionEventInvokeConfigDestinationConfigArgs{\n\t\t\t\tOnFailure: &lambda.FunctionEventInvokeConfigDestinationConfigOnFailureArgs{\n\t\t\t\t\tDestination: pulumi.Any(aws_sqs_queue.Example.Arn),\n\t\t\t\t},\n\t\t\t\tOnSuccess: &lambda.FunctionEventInvokeConfigDestinationConfigOnSuccessArgs{\n\t\t\t\t\tDestination: pulumi.Any(aws_sns_topic.Example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Error Handling Configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.FunctionEventInvokeConfig(\"example\", {\n functionName: aws_lambda_alias.example.function_name,\n maximumEventAgeInSeconds: 60,\n maximumRetryAttempts: 0,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.FunctionEventInvokeConfig(\"example\",\n function_name=aws_lambda_alias[\"example\"][\"function_name\"],\n maximum_event_age_in_seconds=60,\n maximum_retry_attempts=0)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.FunctionEventInvokeConfig(\"example\", new Aws.Lambda.FunctionEventInvokeConfigArgs\n {\n FunctionName = aws_lambda_alias.Example.Function_name,\n MaximumEventAgeInSeconds = 60,\n MaximumRetryAttempts = 0,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewFunctionEventInvokeConfig(ctx, \"example\", &lambda.FunctionEventInvokeConfigArgs{\n\t\t\tFunctionName: pulumi.Any(aws_lambda_alias.Example.Function_name),\n\t\t\tMaximumEventAgeInSeconds: pulumi.Int(60),\n\t\t\tMaximumRetryAttempts: pulumi.Int(0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Configuration for Alias Name\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.FunctionEventInvokeConfig(\"example\", {\n functionName: aws_lambda_alias.example.function_name,\n qualifier: aws_lambda_alias.example.name,\n});\n// ... other configuration ...\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.FunctionEventInvokeConfig(\"example\",\n function_name=aws_lambda_alias[\"example\"][\"function_name\"],\n qualifier=aws_lambda_alias[\"example\"][\"name\"])\n# ... other configuration ...\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.FunctionEventInvokeConfig(\"example\", new Aws.Lambda.FunctionEventInvokeConfigArgs\n {\n FunctionName = aws_lambda_alias.Example.Function_name,\n Qualifier = aws_lambda_alias.Example.Name,\n });\n // ... other configuration ...\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewFunctionEventInvokeConfig(ctx, \"example\", &lambda.FunctionEventInvokeConfigArgs{\n\t\t\tFunctionName: pulumi.Any(aws_lambda_alias.Example.Function_name),\n\t\t\tQualifier: pulumi.Any(aws_lambda_alias.Example.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Configuration for Function Latest Unpublished Version\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.FunctionEventInvokeConfig(\"example\", {\n functionName: aws_lambda_function.example.function_name,\n qualifier: `$LATEST`,\n});\n// ... other configuration ...\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.FunctionEventInvokeConfig(\"example\",\n function_name=aws_lambda_function[\"example\"][\"function_name\"],\n qualifier=\"$LATEST\")\n# ... other configuration ...\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.FunctionEventInvokeConfig(\"example\", new Aws.Lambda.FunctionEventInvokeConfigArgs\n {\n FunctionName = aws_lambda_function.Example.Function_name,\n Qualifier = \"$LATEST\",\n });\n // ... other configuration ...\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewFunctionEventInvokeConfig(ctx, \"example\", &lambda.FunctionEventInvokeConfigArgs{\n\t\t\tFunctionName: pulumi.Any(aws_lambda_function.Example.Function_name),\n\t\t\tQualifier: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"LATEST\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Configuration for Function Published Version\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.FunctionEventInvokeConfig(\"example\", {\n functionName: aws_lambda_function.example.function_name,\n qualifier: aws_lambda_function.example.version,\n});\n// ... other configuration ...\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.FunctionEventInvokeConfig(\"example\",\n function_name=aws_lambda_function[\"example\"][\"function_name\"],\n qualifier=aws_lambda_function[\"example\"][\"version\"])\n# ... other configuration ...\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.FunctionEventInvokeConfig(\"example\", new Aws.Lambda.FunctionEventInvokeConfigArgs\n {\n FunctionName = aws_lambda_function.Example.Function_name,\n Qualifier = aws_lambda_function.Example.Version,\n });\n // ... other configuration ...\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewFunctionEventInvokeConfig(ctx, \"example\", &lambda.FunctionEventInvokeConfigArgs{\n\t\t\tFunctionName: pulumi.Any(aws_lambda_function.Example.Function_name),\n\t\t\tQualifier: pulumi.Any(aws_lambda_function.Example.Version),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLambda Function Event Invoke Configs can be imported using the fully qualified Function name or Amazon Resource Name (ARN), e.g. ARN without qualifier (all versions and aliases)\n\n```sh\n $ pulumi import aws:lambda/functionEventInvokeConfig:FunctionEventInvokeConfig example arn:aws:us-east-1:123456789012:function:my_function\n```\n\n ARN with qualifier\n\n```sh\n $ pulumi import aws:lambda/functionEventInvokeConfig:FunctionEventInvokeConfig example arn:aws:us-east-1:123456789012:function:my_function:production\n```\n\n Name without qualifier (all versions and aliases)\n\n```sh\n $ pulumi import aws:lambda/functionEventInvokeConfig:FunctionEventInvokeConfig example my_function\n```\n\n Name with qualifier\n\n```sh\n $ pulumi import aws:lambda/functionEventInvokeConfig:FunctionEventInvokeConfig example my_function:production\n```\n\n ", + "properties": { + "destinationConfig": { + "$ref": "#/types/aws:lambda/FunctionEventInvokeConfigDestinationConfig:FunctionEventInvokeConfigDestinationConfig", + "description": "Configuration block with destination configuration. See below for details.\n" + }, + "functionName": { + "type": "string", + "description": "Name or Amazon Resource Name (ARN) of the Lambda Function, omitting any version or alias qualifier.\n" + }, + "maximumEventAgeInSeconds": { + "type": "integer", + "description": "Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600.\n" + }, + "maximumRetryAttempts": { + "type": "integer", + "description": "Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2.\n" + }, + "qualifier": { + "type": "string", + "description": "Lambda Function published version, `$LATEST`, or Lambda Alias name.\n" + } + }, + "required": [ + "functionName" + ], + "inputProperties": { + "destinationConfig": { + "$ref": "#/types/aws:lambda/FunctionEventInvokeConfigDestinationConfig:FunctionEventInvokeConfigDestinationConfig", + "description": "Configuration block with destination configuration. See below for details.\n" + }, + "functionName": { + "type": "string", + "description": "Name or Amazon Resource Name (ARN) of the Lambda Function, omitting any version or alias qualifier.\n" + }, + "maximumEventAgeInSeconds": { + "type": "integer", + "description": "Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600.\n" + }, + "maximumRetryAttempts": { + "type": "integer", + "description": "Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2.\n" + }, + "qualifier": { + "type": "string", + "description": "Lambda Function published version, `$LATEST`, or Lambda Alias name.\n" + } + }, + "requiredInputs": [ + "functionName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering FunctionEventInvokeConfig resources.\n", + "properties": { + "destinationConfig": { + "$ref": "#/types/aws:lambda/FunctionEventInvokeConfigDestinationConfig:FunctionEventInvokeConfigDestinationConfig", + "description": "Configuration block with destination configuration. See below for details.\n" + }, + "functionName": { + "type": "string", + "description": "Name or Amazon Resource Name (ARN) of the Lambda Function, omitting any version or alias qualifier.\n" + }, + "maximumEventAgeInSeconds": { + "type": "integer", + "description": "Maximum age of a request that Lambda sends to a function for processing in seconds. Valid values between 60 and 21600.\n" + }, + "maximumRetryAttempts": { + "type": "integer", + "description": "Maximum number of times to retry when the function returns an error. Valid values between 0 and 2. Defaults to 2.\n" + }, + "qualifier": { + "type": "string", + "description": "Lambda Function published version, `$LATEST`, or Lambda Alias name.\n" + } + }, + "type": "object" + } + }, + "aws:lambda/layerVersion:LayerVersion": { + "description": "Provides a Lambda Layer Version resource. Lambda Layers allow you to reuse shared bits of code across multiple lambda functions.\n\nFor information about Lambda Layers and how to use them, see [AWS Lambda Layers](https://docs.aws.amazon.com/lambda/latest/dg/configuration-layers.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lambdaLayer = new aws.lambda.LayerVersion(\"lambda_layer\", {\n compatibleRuntimes: [\"nodejs12.x\"],\n code: new pulumi.asset.FileArchive(\"lambda_layer_payload.zip\"),\n layerName: \"lambda_layer_name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlambda_layer = aws.lambda_.LayerVersion(\"lambdaLayer\",\n compatible_runtimes=[\"nodejs12.x\"],\n code=pulumi.FileArchive(\"lambda_layer_payload.zip\"),\n layer_name=\"lambda_layer_name\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lambdaLayer = new Aws.Lambda.LayerVersion(\"lambdaLayer\", new Aws.Lambda.LayerVersionArgs\n {\n CompatibleRuntimes = \n {\n \"nodejs12.x\",\n },\n Code = new FileArchive(\"lambda_layer_payload.zip\"),\n LayerName = \"lambda_layer_name\",\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Specifying the Deployment Package\n\nAWS Lambda Layers expect source code to be provided as a deployment package whose structure varies depending on which `compatible_runtimes` this layer specifies.\nSee [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_PublishLayerVersion.html#SSS-PublishLayerVersion-request-CompatibleRuntimes) for the valid values of `compatible_runtimes`.\n\nOnce you have created your deployment package you can specify it either directly as a local file (using the `filename` argument) or\nindirectly via Amazon S3 (using the `s3_bucket`, `s3_key` and `s3_object_version` arguments). When providing the deployment\npackage via S3 it may be useful to use the `aws.s3.BucketObject` resource to upload it.\n\nFor larger deployment packages it is recommended by Amazon to upload via S3, since the S3 API has better support for uploading\nlarge files efficiently.\n\n\n## Import\n\nLambda Layers can be imported using `arn`.\n\n```sh\n $ pulumi import aws:lambda/layerVersion:LayerVersion \\\n```\n\n\n\n\n\n aws_lambda_layer_version.test_layer \\\n\n\n\n arn:aws:lambda:_REGION_:_ACCOUNT_ID_:layer:_LAYER_NAME_:_LAYER_VERSION_ ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Lambda Layer with version.\n" + }, + "code": { + "$ref": "pulumi.json#/Archive", + "description": "The path to the function's deployment package within the local filesystem. If defined, The `s3_`-prefixed options cannot be used.\n" + }, + "compatibleRuntimes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_PublishLayerVersion.html#SSS-PublishLayerVersion-request-CompatibleRuntimes) this layer is compatible with. Up to 5 runtimes can be specified.\n" + }, + "createdDate": { + "type": "string", + "description": "The date this resource was created.\n" + }, + "description": { + "type": "string", + "description": "Description of what your Lambda Layer does.\n" + }, + "layerArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Lambda Layer without version.\n" + }, + "layerName": { + "type": "string", + "description": "A unique name for your Lambda Layer\n" + }, + "licenseInfo": { + "type": "string", + "description": "License info for your Lambda Layer. See [License Info](https://docs.aws.amazon.com/lambda/latest/dg/API_PublishLayerVersion.html#SSS-PublishLayerVersion-request-LicenseInfo).\n" + }, + "s3Bucket": { + "type": "string", + "description": "The S3 bucket location containing the function's deployment package. Conflicts with `filename`. This bucket must reside in the same AWS region where you are creating the Lambda function.\n" + }, + "s3Key": { + "type": "string", + "description": "The S3 key of an object containing the function's deployment package. Conflicts with `filename`.\n" + }, + "s3ObjectVersion": { + "type": "string", + "description": "The object version containing the function's deployment package. Conflicts with `filename`.\n" + }, + "signingJobArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of a signing job.\n" + }, + "signingProfileVersionArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for a signing profile version.\n" + }, + "sourceCodeHash": { + "type": "string", + "description": "Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either `filename` or `s3_key`. The usual way to set this is `${filebase64sha256(\"file.zip\")}` (this provider 0.11.12 or later) or `${base64sha256(file(\"file.zip\"))}` (this provider 0.11.11 and earlier), where \"file.zip\" is the local filename of the lambda layer source archive.\n" + }, + "sourceCodeSize": { + "type": "integer", + "description": "The size in bytes of the function .zip file.\n" + }, + "version": { + "type": "string", + "description": "This Lamba Layer version.\n" + } + }, + "required": [ + "arn", + "createdDate", + "layerArn", + "layerName", + "signingJobArn", + "signingProfileVersionArn", + "sourceCodeHash", + "sourceCodeSize", + "version" + ], + "inputProperties": { + "code": { + "$ref": "pulumi.json#/Archive", + "description": "The path to the function's deployment package within the local filesystem. If defined, The `s3_`-prefixed options cannot be used.\n" + }, + "compatibleRuntimes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_PublishLayerVersion.html#SSS-PublishLayerVersion-request-CompatibleRuntimes) this layer is compatible with. Up to 5 runtimes can be specified.\n" + }, + "description": { + "type": "string", + "description": "Description of what your Lambda Layer does.\n" + }, + "layerName": { + "type": "string", + "description": "A unique name for your Lambda Layer\n" + }, + "licenseInfo": { + "type": "string", + "description": "License info for your Lambda Layer. See [License Info](https://docs.aws.amazon.com/lambda/latest/dg/API_PublishLayerVersion.html#SSS-PublishLayerVersion-request-LicenseInfo).\n" + }, + "s3Bucket": { + "type": "string", + "description": "The S3 bucket location containing the function's deployment package. Conflicts with `filename`. This bucket must reside in the same AWS region where you are creating the Lambda function.\n" + }, + "s3Key": { + "type": "string", + "description": "The S3 key of an object containing the function's deployment package. Conflicts with `filename`.\n" + }, + "s3ObjectVersion": { + "type": "string", + "description": "The object version containing the function's deployment package. Conflicts with `filename`.\n" + }, + "sourceCodeHash": { + "type": "string", + "description": "Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either `filename` or `s3_key`. The usual way to set this is `${filebase64sha256(\"file.zip\")}` (this provider 0.11.12 or later) or `${base64sha256(file(\"file.zip\"))}` (this provider 0.11.11 and earlier), where \"file.zip\" is the local filename of the lambda layer source archive.\n" + } + }, + "requiredInputs": [ + "layerName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LayerVersion resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Lambda Layer with version.\n" + }, + "code": { + "$ref": "pulumi.json#/Archive", + "description": "The path to the function's deployment package within the local filesystem. If defined, The `s3_`-prefixed options cannot be used.\n" + }, + "compatibleRuntimes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_PublishLayerVersion.html#SSS-PublishLayerVersion-request-CompatibleRuntimes) this layer is compatible with. Up to 5 runtimes can be specified.\n" + }, + "createdDate": { + "type": "string", + "description": "The date this resource was created.\n" + }, + "description": { + "type": "string", + "description": "Description of what your Lambda Layer does.\n" + }, + "layerArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Lambda Layer without version.\n" + }, + "layerName": { + "type": "string", + "description": "A unique name for your Lambda Layer\n" + }, + "licenseInfo": { + "type": "string", + "description": "License info for your Lambda Layer. See [License Info](https://docs.aws.amazon.com/lambda/latest/dg/API_PublishLayerVersion.html#SSS-PublishLayerVersion-request-LicenseInfo).\n" + }, + "s3Bucket": { + "type": "string", + "description": "The S3 bucket location containing the function's deployment package. Conflicts with `filename`. This bucket must reside in the same AWS region where you are creating the Lambda function.\n" + }, + "s3Key": { + "type": "string", + "description": "The S3 key of an object containing the function's deployment package. Conflicts with `filename`.\n" + }, + "s3ObjectVersion": { + "type": "string", + "description": "The object version containing the function's deployment package. Conflicts with `filename`.\n" + }, + "signingJobArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of a signing job.\n" + }, + "signingProfileVersionArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for a signing profile version.\n" + }, + "sourceCodeHash": { + "type": "string", + "description": "Used to trigger updates. Must be set to a base64-encoded SHA256 hash of the package file specified with either `filename` or `s3_key`. The usual way to set this is `${filebase64sha256(\"file.zip\")}` (this provider 0.11.12 or later) or `${base64sha256(file(\"file.zip\"))}` (this provider 0.11.11 and earlier), where \"file.zip\" is the local filename of the lambda layer source archive.\n" + }, + "sourceCodeSize": { + "type": "integer", + "description": "The size in bytes of the function .zip file.\n" + }, + "version": { + "type": "string", + "description": "This Lamba Layer version.\n" + } + }, + "type": "object" + } + }, + "aws:lambda/permission:Permission": { + "description": "Gives an external source (like a CloudWatch Event Rule, SNS, or S3) permission to access the Lambda function.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst iamForLambda = new aws.iam.Role(\"iamForLambda\", {assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Sid: \"\",\n Principal: {\n Service: \"lambda.amazonaws.com\",\n },\n }],\n})});\nconst testLambda = new aws.lambda.Function(\"testLambda\", {\n code: new pulumi.asset.FileArchive(\"lambdatest.zip\"),\n role: iamForLambda.arn,\n handler: \"exports.handler\",\n runtime: \"nodejs12.x\",\n});\nconst testAlias = new aws.lambda.Alias(\"testAlias\", {\n description: \"a sample description\",\n functionName: testLambda.name,\n functionVersion: `$LATEST`,\n});\nconst allowCloudwatch = new aws.lambda.Permission(\"allowCloudwatch\", {\n action: \"lambda:InvokeFunction\",\n \"function\": testLambda.name,\n principal: \"events.amazonaws.com\",\n sourceArn: \"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n qualifier: testAlias.name,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\niam_for_lambda = aws.iam.Role(\"iamForLambda\", assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": \"sts:AssumeRole\",\n \"Effect\": \"Allow\",\n \"Sid\": \"\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\",\n },\n }],\n}))\ntest_lambda = aws.lambda_.Function(\"testLambda\",\n code=pulumi.FileArchive(\"lambdatest.zip\"),\n role=iam_for_lambda.arn,\n handler=\"exports.handler\",\n runtime=\"nodejs12.x\")\ntest_alias = aws.lambda_.Alias(\"testAlias\",\n description=\"a sample description\",\n function_name=test_lambda.name,\n function_version=\"$LATEST\")\nallow_cloudwatch = aws.lambda_.Permission(\"allowCloudwatch\",\n action=\"lambda:InvokeFunction\",\n function=test_lambda.name,\n principal=\"events.amazonaws.com\",\n source_arn=\"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n qualifier=test_alias.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var iamForLambda = new Aws.Iam.Role(\"iamForLambda\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", \"sts:AssumeRole\" },\n { \"Effect\", \"Allow\" },\n { \"Sid\", \"\" },\n { \"Principal\", new Dictionary\n {\n { \"Service\", \"lambda.amazonaws.com\" },\n } },\n },\n }\n },\n }),\n });\n var testLambda = new Aws.Lambda.Function(\"testLambda\", new Aws.Lambda.FunctionArgs\n {\n Code = new FileArchive(\"lambdatest.zip\"),\n Role = iamForLambda.Arn,\n Handler = \"exports.handler\",\n Runtime = \"nodejs12.x\",\n });\n var testAlias = new Aws.Lambda.Alias(\"testAlias\", new Aws.Lambda.AliasArgs\n {\n Description = \"a sample description\",\n FunctionName = testLambda.Name,\n FunctionVersion = \"$LATEST\",\n });\n var allowCloudwatch = new Aws.Lambda.Permission(\"allowCloudwatch\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = testLambda.Name,\n Principal = \"events.amazonaws.com\",\n SourceArn = \"arn:aws:events:eu-west-1:111122223333:rule/RunDaily\",\n Qualifier = testAlias.Name,\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Usage with SNS\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultTopic = new aws.sns.Topic(\"defaultTopic\", {});\nconst defaultRole = new aws.iam.Role(\"defaultRole\", {assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Sid: \"\",\n Principal: {\n Service: \"lambda.amazonaws.com\",\n },\n }],\n})});\nconst func = new aws.lambda.Function(\"func\", {\n code: new pulumi.asset.FileArchive(\"lambdatest.zip\"),\n role: defaultRole.arn,\n handler: \"exports.handler\",\n runtime: \"python2.7\",\n});\nconst withSns = new aws.lambda.Permission(\"withSns\", {\n action: \"lambda:InvokeFunction\",\n \"function\": func.name,\n principal: \"sns.amazonaws.com\",\n sourceArn: defaultTopic.arn,\n});\nconst lambda = new aws.sns.TopicSubscription(\"lambda\", {\n topic: defaultTopic.arn,\n protocol: \"lambda\",\n endpoint: func.arn,\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ndefault_topic = aws.sns.Topic(\"defaultTopic\")\ndefault_role = aws.iam.Role(\"defaultRole\", assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": \"sts:AssumeRole\",\n \"Effect\": \"Allow\",\n \"Sid\": \"\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\",\n },\n }],\n}))\nfunc = aws.lambda_.Function(\"func\",\n code=pulumi.FileArchive(\"lambdatest.zip\"),\n role=default_role.arn,\n handler=\"exports.handler\",\n runtime=\"python2.7\")\nwith_sns = aws.lambda_.Permission(\"withSns\",\n action=\"lambda:InvokeFunction\",\n function=func.name,\n principal=\"sns.amazonaws.com\",\n source_arn=default_topic.arn)\nlambda_ = aws.sns.TopicSubscription(\"lambda\",\n topic=default_topic.arn,\n protocol=\"lambda\",\n endpoint=func.arn)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var defaultTopic = new Aws.Sns.Topic(\"defaultTopic\", new Aws.Sns.TopicArgs\n {\n });\n var defaultRole = new Aws.Iam.Role(\"defaultRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", \"sts:AssumeRole\" },\n { \"Effect\", \"Allow\" },\n { \"Sid\", \"\" },\n { \"Principal\", new Dictionary\n {\n { \"Service\", \"lambda.amazonaws.com\" },\n } },\n },\n }\n },\n }),\n });\n var func = new Aws.Lambda.Function(\"func\", new Aws.Lambda.FunctionArgs\n {\n Code = new FileArchive(\"lambdatest.zip\"),\n Role = defaultRole.Arn,\n Handler = \"exports.handler\",\n Runtime = \"python2.7\",\n });\n var withSns = new Aws.Lambda.Permission(\"withSns\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = func.Name,\n Principal = \"sns.amazonaws.com\",\n SourceArn = defaultTopic.Arn,\n });\n var lambda = new Aws.Sns.TopicSubscription(\"lambda\", new Aws.Sns.TopicSubscriptionArgs\n {\n Topic = defaultTopic.Arn,\n Protocol = \"lambda\",\n Endpoint = func.Arn,\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Specify Lambda permissions for API Gateway REST API\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDemoAPI = new aws.apigateway.RestApi(\"MyDemoAPI\", {\n description: \"This is my API for demonstration purposes\",\n});\nconst lambdaPermission = new aws.lambda.Permission(\"lambda_permission\", {\n action: \"lambda:InvokeFunction\",\n function: \"MyDemoFunction\",\n principal: \"apigateway.amazonaws.com\",\n sourceArn: pulumi.interpolate`${myDemoAPI.executionArn}/*/*/*`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_demo_api = aws.apigateway.RestApi(\"myDemoAPI\", description=\"This is my API for demonstration purposes\")\nlambda_permission = aws.lambda_.Permission(\"lambdaPermission\",\n action=\"lambda:InvokeFunction\",\n function=\"MyDemoFunction\",\n principal=\"apigateway.amazonaws.com\",\n source_arn=my_demo_api.execution_arn.apply(lambda execution_arn: f\"{execution_arn}/*/*/*\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDemoAPI = new Aws.ApiGateway.RestApi(\"myDemoAPI\", new Aws.ApiGateway.RestApiArgs\n {\n Description = \"This is my API for demonstration purposes\",\n });\n var lambdaPermission = new Aws.Lambda.Permission(\"lambdaPermission\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = \"MyDemoFunction\",\n Principal = \"apigateway.amazonaws.com\",\n SourceArn = myDemoAPI.ExecutionArn.Apply(executionArn => $\"{executionArn}/*/*/*\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyDemoAPI, err := apigateway.NewRestApi(ctx, \"myDemoAPI\", &apigateway.RestApiArgs{\n\t\t\tDescription: pulumi.String(\"This is my API for demonstration purposes\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewPermission(ctx, \"lambdaPermission\", &lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: pulumi.Any(\"MyDemoFunction\"),\n\t\t\tPrincipal: pulumi.String(\"apigateway.amazonaws.com\"),\n\t\t\tSourceArn: myDemoAPI.ExecutionArn.ApplyT(func(executionArn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v\", executionArn, \"/*/*/*\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Usage with CloudWatch log group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultLogGroup = new aws.cloudwatch.LogGroup(\"defaultLogGroup\", {});\nconst defaultRole = new aws.iam.Role(\"defaultRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst loggingFunction = new aws.lambda.Function(\"loggingFunction\", {\n code: new pulumi.asset.FileArchive(\"lamba_logging.zip\"),\n handler: \"exports.handler\",\n role: defaultRole.arn,\n runtime: \"python2.7\",\n});\nconst loggingPermission = new aws.lambda.Permission(\"loggingPermission\", {\n action: \"lambda:InvokeFunction\",\n \"function\": loggingFunction.name,\n principal: \"logs.eu-west-1.amazonaws.com\",\n sourceArn: pulumi.interpolate`${defaultLogGroup.arn}:*`,\n});\nconst loggingLogSubscriptionFilter = new aws.cloudwatch.LogSubscriptionFilter(\"loggingLogSubscriptionFilter\", {\n destinationArn: loggingFunction.arn,\n filterPattern: \"\",\n logGroup: defaultLogGroup.name,\n}, {\n dependsOn: [loggingPermission],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_log_group = aws.cloudwatch.LogGroup(\"defaultLogGroup\")\ndefault_role = aws.iam.Role(\"defaultRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\nlogging_function = aws.lambda_.Function(\"loggingFunction\",\n code=pulumi.FileArchive(\"lamba_logging.zip\"),\n handler=\"exports.handler\",\n role=default_role.arn,\n runtime=\"python2.7\")\nlogging_permission = aws.lambda_.Permission(\"loggingPermission\",\n action=\"lambda:InvokeFunction\",\n function=logging_function.name,\n principal=\"logs.eu-west-1.amazonaws.com\",\n source_arn=default_log_group.arn.apply(lambda arn: f\"{arn}:*\"))\nlogging_log_subscription_filter = aws.cloudwatch.LogSubscriptionFilter(\"loggingLogSubscriptionFilter\",\n destination_arn=logging_function.arn,\n filter_pattern=\"\",\n log_group=default_log_group.name,\n opts=pulumi.ResourceOptions(depends_on=[logging_permission]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var defaultLogGroup = new Aws.CloudWatch.LogGroup(\"defaultLogGroup\", new Aws.CloudWatch.LogGroupArgs\n {\n });\n var defaultRole = new Aws.Iam.Role(\"defaultRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"lambda.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var loggingFunction = new Aws.Lambda.Function(\"loggingFunction\", new Aws.Lambda.FunctionArgs\n {\n Code = new FileArchive(\"lamba_logging.zip\"),\n Handler = \"exports.handler\",\n Role = defaultRole.Arn,\n Runtime = \"python2.7\",\n });\n var loggingPermission = new Aws.Lambda.Permission(\"loggingPermission\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = loggingFunction.Name,\n Principal = \"logs.eu-west-1.amazonaws.com\",\n SourceArn = defaultLogGroup.Arn.Apply(arn => $\"{arn}:*\"),\n });\n var loggingLogSubscriptionFilter = new Aws.CloudWatch.LogSubscriptionFilter(\"loggingLogSubscriptionFilter\", new Aws.CloudWatch.LogSubscriptionFilterArgs\n {\n DestinationArn = loggingFunction.Arn,\n FilterPattern = \"\",\n LogGroup = defaultLogGroup.Name,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n loggingPermission,\n },\n });\n }\n\n}\n```\n\n\n## Import\n\nLambda permission statements can be imported using function_name/statement_id, with an optional qualifier, e.g.\n\n```sh\n $ pulumi import aws:lambda/permission:Permission test_lambda_permission my_test_lambda_function/AllowExecutionFromCloudWatch\n```\n\n\n\n```sh\n $ pulumi import aws:lambda/permission:Permission test_lambda_permission my_test_lambda_function:qualifier_name/AllowExecutionFromCloudWatch\n```\n\n ", + "properties": { + "action": { + "type": "string", + "description": "The AWS Lambda action you want to allow in this statement. (e.g. `lambda:InvokeFunction`)\n" + }, + "eventSourceToken": { + "type": "string", + "description": "The Event Source Token to validate. Used with [Alexa Skills](https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-an-aws-lambda-function.html#use-aws-cli).\n" + }, + "function": { + "type": "string", + "description": "Name of the Lambda function whose resource policy you are updating\n" + }, + "principal": { + "type": "string", + "description": "The principal who is getting this permission. e.g. `s3.amazonaws.com`, an AWS account ID, or any valid AWS service principal such as `events.amazonaws.com` or `sns.amazonaws.com`.\n" + }, + "qualifier": { + "type": "string", + "description": "Query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. e.g. `arn:aws:lambda:aws-region:acct-id:function:function-name:2`\n" + }, + "sourceAccount": { + "type": "string", + "description": "This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner.\n" + }, + "sourceArn": { + "type": "string", + "description": "When the principal is an AWS service, the ARN of the specific resource within that service to grant permission to.\nWithout this, any resource from `principal` will be granted permission – even if that resource is from another account.\nFor S3, this should be the ARN of the S3 Bucket.\nFor CloudWatch Events, this should be the ARN of the CloudWatch Events Rule.\nFor API Gateway, this should be the ARN of the API, as described [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html).\n" + }, + "statementId": { + "type": "string", + "description": "A unique statement identifier. By default generated by this provider.\n" + }, + "statementIdPrefix": { + "type": "string", + "description": "A statement identifier prefix. This provider will generate a unique suffix. Conflicts with `statement_id`.\n" + } + }, + "required": [ + "action", + "function", + "principal", + "statementId" + ], + "inputProperties": { + "action": { + "type": "string", + "description": "The AWS Lambda action you want to allow in this statement. (e.g. `lambda:InvokeFunction`)\n" + }, + "eventSourceToken": { + "type": "string", + "description": "The Event Source Token to validate. Used with [Alexa Skills](https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-an-aws-lambda-function.html#use-aws-cli).\n" + }, + "function": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:lambda/function:Function" + } + ], + "description": "Name of the Lambda function whose resource policy you are updating\n" + }, + "principal": { + "type": "string", + "description": "The principal who is getting this permission. e.g. `s3.amazonaws.com`, an AWS account ID, or any valid AWS service principal such as `events.amazonaws.com` or `sns.amazonaws.com`.\n" + }, + "qualifier": { + "type": "string", + "description": "Query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. e.g. `arn:aws:lambda:aws-region:acct-id:function:function-name:2`\n" + }, + "sourceAccount": { + "type": "string", + "description": "This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner.\n" + }, + "sourceArn": { + "type": "string", + "description": "When the principal is an AWS service, the ARN of the specific resource within that service to grant permission to.\nWithout this, any resource from `principal` will be granted permission – even if that resource is from another account.\nFor S3, this should be the ARN of the S3 Bucket.\nFor CloudWatch Events, this should be the ARN of the CloudWatch Events Rule.\nFor API Gateway, this should be the ARN of the API, as described [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html).\n" + }, + "statementId": { + "type": "string", + "description": "A unique statement identifier. By default generated by this provider.\n" + }, + "statementIdPrefix": { + "type": "string", + "description": "A statement identifier prefix. This provider will generate a unique suffix. Conflicts with `statement_id`.\n" + } + }, + "requiredInputs": [ + "action", + "function", + "principal" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Permission resources.\n", + "properties": { + "action": { + "type": "string", + "description": "The AWS Lambda action you want to allow in this statement. (e.g. `lambda:InvokeFunction`)\n" + }, + "eventSourceToken": { + "type": "string", + "description": "The Event Source Token to validate. Used with [Alexa Skills](https://developer.amazon.com/docs/custom-skills/host-a-custom-skill-as-an-aws-lambda-function.html#use-aws-cli).\n" + }, + "function": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:lambda/function:Function" + } + ], + "description": "Name of the Lambda function whose resource policy you are updating\n" + }, + "principal": { + "type": "string", + "description": "The principal who is getting this permission. e.g. `s3.amazonaws.com`, an AWS account ID, or any valid AWS service principal such as `events.amazonaws.com` or `sns.amazonaws.com`.\n" + }, + "qualifier": { + "type": "string", + "description": "Query parameter to specify function version or alias name. The permission will then apply to the specific qualified ARN. e.g. `arn:aws:lambda:aws-region:acct-id:function:function-name:2`\n" + }, + "sourceAccount": { + "type": "string", + "description": "This parameter is used for S3 and SES. The AWS account ID (without a hyphen) of the source owner.\n" + }, + "sourceArn": { + "type": "string", + "description": "When the principal is an AWS service, the ARN of the specific resource within that service to grant permission to.\nWithout this, any resource from `principal` will be granted permission – even if that resource is from another account.\nFor S3, this should be the ARN of the S3 Bucket.\nFor CloudWatch Events, this should be the ARN of the CloudWatch Events Rule.\nFor API Gateway, this should be the ARN of the API, as described [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-control-access-using-iam-policies-to-invoke-api.html).\n" + }, + "statementId": { + "type": "string", + "description": "A unique statement identifier. By default generated by this provider.\n" + }, + "statementIdPrefix": { + "type": "string", + "description": "A statement identifier prefix. This provider will generate a unique suffix. Conflicts with `statement_id`.\n" + } + }, + "type": "object" + } + }, + "aws:lambda/provisionedConcurrencyConfig:ProvisionedConcurrencyConfig": { + "description": "Manages a Lambda Provisioned Concurrency Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Alias Name\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.ProvisionedConcurrencyConfig(\"example\", {\n functionName: aws_lambda_alias.example.function_name,\n provisionedConcurrentExecutions: 1,\n qualifier: aws_lambda_alias.example.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.ProvisionedConcurrencyConfig(\"example\",\n function_name=aws_lambda_alias[\"example\"][\"function_name\"],\n provisioned_concurrent_executions=1,\n qualifier=aws_lambda_alias[\"example\"][\"name\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.ProvisionedConcurrencyConfig(\"example\", new Aws.Lambda.ProvisionedConcurrencyConfigArgs\n {\n FunctionName = aws_lambda_alias.Example.Function_name,\n ProvisionedConcurrentExecutions = 1,\n Qualifier = aws_lambda_alias.Example.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewProvisionedConcurrencyConfig(ctx, \"example\", &lambda.ProvisionedConcurrencyConfigArgs{\n\t\t\tFunctionName: pulumi.Any(aws_lambda_alias.Example.Function_name),\n\t\t\tProvisionedConcurrentExecutions: pulumi.Int(1),\n\t\t\tQualifier: pulumi.Any(aws_lambda_alias.Example.Name),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Function Version\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lambda.ProvisionedConcurrencyConfig(\"example\", {\n functionName: aws_lambda_function.example.function_name,\n provisionedConcurrentExecutions: 1,\n qualifier: aws_lambda_function.example.version,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lambda_.ProvisionedConcurrencyConfig(\"example\",\n function_name=aws_lambda_function[\"example\"][\"function_name\"],\n provisioned_concurrent_executions=1,\n qualifier=aws_lambda_function[\"example\"][\"version\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Lambda.ProvisionedConcurrencyConfig(\"example\", new Aws.Lambda.ProvisionedConcurrencyConfigArgs\n {\n FunctionName = aws_lambda_function.Example.Function_name,\n ProvisionedConcurrentExecutions = 1,\n Qualifier = aws_lambda_function.Example.Version,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.NewProvisionedConcurrencyConfig(ctx, \"example\", &lambda.ProvisionedConcurrencyConfigArgs{\n\t\t\tFunctionName: pulumi.Any(aws_lambda_function.Example.Function_name),\n\t\t\tProvisionedConcurrentExecutions: pulumi.Int(1),\n\t\t\tQualifier: pulumi.Any(aws_lambda_function.Example.Version),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLambda Provisioned Concurrency Configs can be imported using the `function_name` and `qualifier` separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:lambda/provisionedConcurrencyConfig:ProvisionedConcurrencyConfig example my_function:production\n```\n\n ", + "properties": { + "functionName": { + "type": "string", + "description": "Name or Amazon Resource Name (ARN) of the Lambda Function.\n" + }, + "provisionedConcurrentExecutions": { + "type": "integer", + "description": "Amount of capacity to allocate. Must be greater than or equal to `1`.\n" + }, + "qualifier": { + "type": "string", + "description": "Lambda Function version or Lambda Alias name.\n" + } + }, + "required": [ + "functionName", + "provisionedConcurrentExecutions", + "qualifier" + ], + "inputProperties": { + "functionName": { + "type": "string", + "description": "Name or Amazon Resource Name (ARN) of the Lambda Function.\n" + }, + "provisionedConcurrentExecutions": { + "type": "integer", + "description": "Amount of capacity to allocate. Must be greater than or equal to `1`.\n" + }, + "qualifier": { + "type": "string", + "description": "Lambda Function version or Lambda Alias name.\n" + } + }, + "requiredInputs": [ + "functionName", + "provisionedConcurrentExecutions", + "qualifier" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ProvisionedConcurrencyConfig resources.\n", + "properties": { + "functionName": { + "type": "string", + "description": "Name or Amazon Resource Name (ARN) of the Lambda Function.\n" + }, + "provisionedConcurrentExecutions": { + "type": "integer", + "description": "Amount of capacity to allocate. Must be greater than or equal to `1`.\n" + }, + "qualifier": { + "type": "string", + "description": "Lambda Function version or Lambda Alias name.\n" + } + }, + "type": "object" + } + }, + "aws:lb/listener:Listener": { + "description": "Provides a Load Balancer Listener resource.\n\n> **Note:** `aws.alb.Listener` is known as `aws.lb.Listener`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Forward Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"443\",\n protocol: \"HTTPS\",\n sslPolicy: \"ELBSecurityPolicy-2016-08\",\n certificateArn: \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n defaultActions: [{\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=443,\n protocol=\"HTTPS\",\n ssl_policy=\"ELBSecurityPolicy-2016-08\",\n certificate_arn=\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 443,\n Protocol = \"HTTPS\",\n SslPolicy = \"ELBSecurityPolicy-2016-08\",\n CertificateArn = \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\tSslPolicy: pulumi.String(\"ELBSecurityPolicy-2016-08\"),\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nTo a NLB:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEnd = new aws.lb.Listener(\"frontEnd\", {\n loadBalancerArn: aws_lb.front_end.arn,\n port: \"443\",\n protocol: \"TLS\",\n certificateArn: \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n alpnPolicy: \"HTTP2Preferred\",\n defaultActions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.front_end.arn,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end = aws.lb.Listener(\"frontEnd\",\n load_balancer_arn=aws_lb[\"front_end\"][\"arn\"],\n port=443,\n protocol=\"TLS\",\n certificate_arn=\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n alpn_policy=\"HTTP2Preferred\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"front_end\"][\"arn\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEnd = new Aws.LB.Listener(\"frontEnd\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = aws_lb.Front_end.Arn,\n Port = 443,\n Protocol = \"TLS\",\n CertificateArn = \"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\",\n AlpnPolicy = \"HTTP2Preferred\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Front_end.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewListener(ctx, \"frontEnd\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: pulumi.Any(aws_lb.Front_end.Arn),\n\t\t\tPort: pulumi.Int(443),\n\t\t\tProtocol: pulumi.String(\"TLS\"),\n\t\t\tCertificateArn: pulumi.String(\"arn:aws:iam::187416307283:server-certificate/test_cert_rab3wuqwgja25ct3n4jdj2tzu4\"),\n\t\t\tAlpnPolicy: pulumi.String(\"HTTP2Preferred\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Front_end.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Redirect Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [{\n type: \"redirect\",\n redirect: {\n port: \"443\",\n protocol: \"HTTPS\",\n statusCode: \"HTTP_301\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"redirect\",\n redirect=aws.lb.ListenerDefaultActionRedirectArgs(\n port=\"443\",\n protocol=\"HTTPS\",\n status_code=\"HTTP_301\",\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"redirect\",\n Redirect = new Aws.LB.Inputs.ListenerDefaultActionRedirectArgs\n {\n Port = \"443\",\n Protocol = \"HTTPS\",\n StatusCode = \"HTTP_301\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"redirect\"),\n\t\t\t\t\tRedirect: &lb.ListenerDefaultActionRedirectArgs{\n\t\t\t\t\t\tPort: pulumi.String(\"443\"),\n\t\t\t\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"HTTP_301\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Fixed-response Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [{\n type: \"fixed-response\",\n fixedResponse: {\n contentType: \"text/plain\",\n messageBody: \"Fixed response content\",\n statusCode: \"200\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n type=\"fixed-response\",\n fixed_response=aws.lb.ListenerDefaultActionFixedResponseArgs(\n content_type=\"text/plain\",\n message_body=\"Fixed response content\",\n status_code=\"200\",\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"fixed-response\",\n FixedResponse = new Aws.LB.Inputs.ListenerDefaultActionFixedResponseArgs\n {\n ContentType = \"text/plain\",\n MessageBody = \"Fixed response content\",\n StatusCode = \"200\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"fixed-response\"),\n\t\t\t\t\tFixedResponse: &lb.ListenerDefaultActionFixedResponseArgs{\n\t\t\t\t\t\tContentType: pulumi.String(\"text/plain\"),\n\t\t\t\t\t\tMessageBody: pulumi.String(\"Fixed response content\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Authenticate-cognito Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n// ...\nconst client = new aws.cognito.UserPoolClient(\"client\", {});\n// ...\nconst domain = new aws.cognito.UserPoolDomain(\"domain\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [\n {\n type: \"authenticate-cognito\",\n authenticateCognito: {\n userPoolArn: pool.arn,\n userPoolClientId: client.id,\n userPoolDomain: domain.domain,\n },\n },\n {\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\npool = aws.cognito.UserPool(\"pool\")\n# ...\nclient = aws.cognito.UserPoolClient(\"client\")\n# ...\ndomain = aws.cognito.UserPoolDomain(\"domain\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[\n aws.lb.ListenerDefaultActionArgs(\n type=\"authenticate-cognito\",\n authenticate_cognito=aws.lb.ListenerDefaultActionAuthenticateCognitoArgs(\n user_pool_arn=pool.arn,\n user_pool_client_id=client.id,\n user_pool_domain=domain.domain,\n ),\n ),\n aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n // ...\n var client = new Aws.Cognito.UserPoolClient(\"client\", new Aws.Cognito.UserPoolClientArgs\n {\n });\n // ...\n var domain = new Aws.Cognito.UserPoolDomain(\"domain\", new Aws.Cognito.UserPoolDomainArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"authenticate-cognito\",\n AuthenticateCognito = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateCognitoArgs\n {\n UserPoolArn = pool.Arn,\n UserPoolClientId = client.Id,\n UserPoolDomain = domain.Domain,\n },\n },\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := cognito.NewUserPoolClient(ctx, \"client\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdomain, err := cognito.NewUserPoolDomain(ctx, \"domain\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-cognito\"),\n\t\t\t\t\tAuthenticateCognito: &lb.ListenerDefaultActionAuthenticateCognitoArgs{\n\t\t\t\t\t\tUserPoolArn: pool.Arn,\n\t\t\t\t\t\tUserPoolClientId: client.ID(),\n\t\t\t\t\t\tUserPoolDomain: domain.Domain,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Authenticate-OIDC Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndTargetGroup = new aws.lb.TargetGroup(\"frontEndTargetGroup\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {\n loadBalancerArn: frontEndLoadBalancer.arn,\n port: \"80\",\n protocol: \"HTTP\",\n defaultActions: [\n {\n type: \"authenticate-oidc\",\n authenticateOidc: {\n authorizationEndpoint: \"https://example.com/authorization_endpoint\",\n clientId: \"client_id\",\n clientSecret: \"client_secret\",\n issuer: \"https://example.com\",\n tokenEndpoint: \"https://example.com/token_endpoint\",\n userInfoEndpoint: \"https://example.com/user_info_endpoint\",\n },\n },\n {\n type: \"forward\",\n targetGroupArn: frontEndTargetGroup.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_target_group = aws.lb.TargetGroup(\"frontEndTargetGroup\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\",\n load_balancer_arn=front_end_load_balancer.arn,\n port=80,\n protocol=\"HTTP\",\n default_actions=[\n aws.lb.ListenerDefaultActionArgs(\n type=\"authenticate-oidc\",\n authenticate_oidc=aws.lb.ListenerDefaultActionAuthenticateOidcArgs(\n authorization_endpoint=\"https://example.com/authorization_endpoint\",\n client_id=\"client_id\",\n client_secret=\"client_secret\",\n issuer=\"https://example.com\",\n token_endpoint=\"https://example.com/token_endpoint\",\n user_info_endpoint=\"https://example.com/user_info_endpoint\",\n ),\n ),\n aws.lb.ListenerDefaultActionArgs(\n type=\"forward\",\n target_group_arn=front_end_target_group.arn,\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndTargetGroup = new Aws.LB.TargetGroup(\"frontEndTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = frontEndLoadBalancer.Arn,\n Port = 80,\n Protocol = \"HTTP\",\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"authenticate-oidc\",\n AuthenticateOidc = new Aws.LB.Inputs.ListenerDefaultActionAuthenticateOidcArgs\n {\n AuthorizationEndpoint = \"https://example.com/authorization_endpoint\",\n ClientId = \"client_id\",\n ClientSecret = \"client_secret\",\n Issuer = \"https://example.com\",\n TokenEndpoint = \"https://example.com/token_endpoint\",\n UserInfoEndpoint = \"https://example.com/user_info_endpoint\",\n },\n },\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = frontEndTargetGroup.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfrontEndLoadBalancer, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndTargetGroup, err := lb.NewTargetGroup(ctx, \"frontEndTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"frontEndListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: frontEndLoadBalancer.Arn,\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-oidc\"),\n\t\t\t\t\tAuthenticateOidc: &lb.ListenerDefaultActionAuthenticateOidcArgs{\n\t\t\t\t\t\tAuthorizationEndpoint: pulumi.String(\"https://example.com/authorization_endpoint\"),\n\t\t\t\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"client_secret\"),\n\t\t\t\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\t\t\t\tTokenEndpoint: pulumi.String(\"https://example.com/token_endpoint\"),\n\t\t\t\t\t\tUserInfoEndpoint: pulumi.String(\"https://example.com/user_info_endpoint\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: frontEndTargetGroup.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Gateway Load Balancer Listener\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleLoadBalancer = new aws.lb.LoadBalancer(\"exampleLoadBalancer\", {\n loadBalancerType: \"gateway\",\n subnetMappings: [{\n subnetId: aws_subnet.example.id,\n }],\n});\nconst exampleTargetGroup = new aws.lb.TargetGroup(\"exampleTargetGroup\", {\n port: 6081,\n protocol: \"GENEVE\",\n vpcId: aws_vpc.example.id,\n healthCheck: {\n port: 80,\n protocol: \"HTTP\",\n },\n});\nconst exampleListener = new aws.lb.Listener(\"exampleListener\", {\n loadBalancerArn: exampleLoadBalancer.id,\n defaultActions: [{\n targetGroupArn: exampleTargetGroup.id,\n type: \"forward\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_load_balancer = aws.lb.LoadBalancer(\"exampleLoadBalancer\",\n load_balancer_type=\"gateway\",\n subnet_mappings=[aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example\"][\"id\"],\n )])\nexample_target_group = aws.lb.TargetGroup(\"exampleTargetGroup\",\n port=6081,\n protocol=\"GENEVE\",\n vpc_id=aws_vpc[\"example\"][\"id\"],\n health_check=aws.lb.TargetGroupHealthCheckArgs(\n port=\"80\",\n protocol=\"HTTP\",\n ))\nexample_listener = aws.lb.Listener(\"exampleListener\",\n load_balancer_arn=example_load_balancer.id,\n default_actions=[aws.lb.ListenerDefaultActionArgs(\n target_group_arn=example_target_group.id,\n type=\"forward\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleLoadBalancer = new Aws.LB.LoadBalancer(\"exampleLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"gateway\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example.Id,\n },\n },\n });\n var exampleTargetGroup = new Aws.LB.TargetGroup(\"exampleTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n Port = 6081,\n Protocol = \"GENEVE\",\n VpcId = aws_vpc.Example.Id,\n HealthCheck = new Aws.LB.Inputs.TargetGroupHealthCheckArgs\n {\n Port = \"80\",\n Protocol = \"HTTP\",\n },\n });\n var exampleListener = new Aws.LB.Listener(\"exampleListener\", new Aws.LB.ListenerArgs\n {\n LoadBalancerArn = exampleLoadBalancer.Id,\n DefaultActions = \n {\n new Aws.LB.Inputs.ListenerDefaultActionArgs\n {\n TargetGroupArn = exampleTargetGroup.Id,\n Type = \"forward\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleLoadBalancer, err := lb.NewLoadBalancer(ctx, \"exampleLoadBalancer\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"gateway\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleTargetGroup, err := lb.NewTargetGroup(ctx, \"exampleTargetGroup\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(6081),\n\t\t\tProtocol: pulumi.String(\"GENEVE\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\tHealthCheck: &lb.TargetGroupHealthCheckArgs{\n\t\t\t\tPort: pulumi.String(\"80\"),\n\t\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListener(ctx, \"exampleListener\", &lb.ListenerArgs{\n\t\t\tLoadBalancerArn: exampleLoadBalancer.ID(),\n\t\t\tDefaultActions: lb.ListenerDefaultActionArray{\n\t\t\t\t&lb.ListenerDefaultActionArgs{\n\t\t\t\t\tTargetGroupArn: exampleTargetGroup.ID(),\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nListeners can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:lb/listener:Listener front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener/app/front-end-alb/8e4497da625e2d8a/9ab28ade35828f96\n```\n\n ", + "properties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the target group.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "defaultActions", + "loadBalancerArn", + "protocol", + "sslPolicy", + "tagsAll" + ], + "inputProperties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "defaultActions", + "loadBalancerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Listener resources.\n", + "properties": { + "alpnPolicy": { + "type": "string", + "description": "Name of the Application-Layer Protocol Negotiation (ALPN) policy. Can be set if `protocol` is `TLS`. Valid values are `HTTP1Only`, `HTTP2Only`, `HTTP2Optional`, `HTTP2Preferred`, and `None`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the target group.\n" + }, + "certificateArn": { + "type": "string", + "description": "ARN of the default SSL server certificate. Exactly one certificate is required if the protocol is HTTPS. For adding additional SSL certificates, see the `aws.lb.ListenerCertificate` resource.\n" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerDefaultAction:ListenerDefaultAction" + }, + "description": "Configuration block for default actions. Detailed below.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer.\n" + }, + "port": { + "type": "integer", + "description": "Port. Specify a value from `1` to `65535` or `#{port}`. Defaults to `#{port}`.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol. Valid values are `HTTP`, `HTTPS`, or `#{protocol}`. Defaults to `#{protocol}`.\n" + }, + "sslPolicy": { + "type": "string", + "description": "Name of the SSL Policy for the listener. Required if `protocol` is `HTTPS` or `TLS`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancingv2/listener:Listener" + } + ] + }, + "aws:lb/listenerCertificate:ListenerCertificate": { + "description": "Provides a Load Balancer Listener Certificate resource.\n\nThis resource is for additional certificates and does not replace the default certificate on the listener.\n\n> **Note:** `aws.alb.ListenerCertificate` is known as `aws.lb.ListenerCertificate`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleCertificate = new aws.acm.Certificate(\"exampleCertificate\", {});\n// ...\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {});\n// ...\nconst exampleListenerCertificate = new aws.lb.ListenerCertificate(\"exampleListenerCertificate\", {\n listenerArn: frontEndListener.arn,\n certificateArn: exampleCertificate.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_certificate = aws.acm.Certificate(\"exampleCertificate\")\n# ...\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\")\n# ...\nexample_listener_certificate = aws.lb.ListenerCertificate(\"exampleListenerCertificate\",\n listener_arn=front_end_listener.arn,\n certificate_arn=example_certificate.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleCertificate = new Aws.Acm.Certificate(\"exampleCertificate\", new Aws.Acm.CertificateArgs\n {\n });\n // ...\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n });\n // ...\n var exampleListenerCertificate = new Aws.LB.ListenerCertificate(\"exampleListenerCertificate\", new Aws.LB.ListenerCertificateArgs\n {\n ListenerArn = frontEndListener.Arn,\n CertificateArn = exampleCertificate.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCertificate, err := acm.NewCertificate(ctx, \"exampleCertificate\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndListener, err := lb.NewListener(ctx, \"frontEndListener\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerCertificate(ctx, \"exampleListenerCertificate\", &lb.ListenerCertificateArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tCertificateArn: exampleCertificate.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nListener Certificates can be imported using their id, e.g.\n\n```sh\n $ pulumi import aws:lb/listenerCertificate:ListenerCertificate example arn:aws:elasticloadbalancing:us-west-2:123456789012:listener/app/test/8e4497da625e2d8a/9ab28ade35828f96/67b3d2d36dd7c26b_arn:aws:iam::123456789012:server-certificate/tf-acc-test-6453083910015726063\n```\n\n ", + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "required": [ + "certificateArn", + "listenerArn" + ], + "inputProperties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "requiredInputs": [ + "certificateArn", + "listenerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ListenerCertificate resources.\n", + "properties": { + "certificateArn": { + "type": "string", + "description": "The ARN of the certificate to attach to the listener.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the certificate.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancingv2/listenerCertificate:ListenerCertificate" + } + ] + }, + "aws:lb/listenerRule:ListenerRule": { + "description": "Provides a Load Balancer Listener Rule resource.\n\n> **Note:** `aws.alb.ListenerRule` is known as `aws.lb.ListenerRule`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst frontEndLoadBalancer = new aws.lb.LoadBalancer(\"frontEndLoadBalancer\", {});\n// ...\nconst frontEndListener = new aws.lb.Listener(\"frontEndListener\", {});\n// Other parameters\nconst static = new aws.lb.ListenerRule(\"static\", {\n listenerArn: frontEndListener.arn,\n priority: 100,\n actions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n }],\n conditions: [\n {\n pathPattern: {\n values: [\"/static/*\"],\n },\n },\n {\n hostHeader: {\n values: [\"example.com\"],\n },\n },\n ],\n});\n// Forward action\nconst hostBasedWeightedRouting = new aws.lb.ListenerRule(\"hostBasedWeightedRouting\", {\n listenerArn: frontEndListener.arn,\n priority: 99,\n actions: [{\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n }],\n conditions: [{\n hostHeader: {\n values: [\"my-service.*.mycompany.io\"],\n },\n }],\n});\n// Weighted Forward action\nconst hostBasedRouting = new aws.lb.ListenerRule(\"hostBasedRouting\", {\n listenerArn: frontEndListener.arn,\n priority: 99,\n actions: [{\n type: \"forward\",\n forward: {\n targetGroups: [\n {\n arn: aws_lb_target_group.main.arn,\n weight: 80,\n },\n {\n arn: aws_lb_target_group.canary.arn,\n weight: 20,\n },\n ],\n stickiness: {\n enabled: true,\n duration: 600,\n },\n },\n }],\n conditions: [{\n hostHeader: {\n values: [\"my-service.*.mycompany.io\"],\n },\n }],\n});\n// Redirect action\nconst redirectHttpToHttps = new aws.lb.ListenerRule(\"redirectHttpToHttps\", {\n listenerArn: frontEndListener.arn,\n actions: [{\n type: \"redirect\",\n redirect: {\n port: \"443\",\n protocol: \"HTTPS\",\n statusCode: \"HTTP_301\",\n },\n }],\n conditions: [{\n httpHeader: {\n httpHeaderName: \"X-Forwarded-For\",\n values: [\"192.168.1.*\"],\n },\n }],\n});\n// Fixed-response action\nconst healthCheck = new aws.lb.ListenerRule(\"healthCheck\", {\n listenerArn: frontEndListener.arn,\n actions: [{\n type: \"fixed-response\",\n fixedResponse: {\n contentType: \"text/plain\",\n messageBody: \"HEALTHY\",\n statusCode: \"200\",\n },\n }],\n conditions: [{\n queryStrings: [\n {\n key: \"health\",\n value: \"check\",\n },\n {\n value: \"bar\",\n },\n ],\n }],\n});\n// Authenticate-cognito Action\nconst pool = new aws.cognito.UserPool(\"pool\", {});\n// ...\nconst client = new aws.cognito.UserPoolClient(\"client\", {});\n// ...\nconst domain = new aws.cognito.UserPoolDomain(\"domain\", {});\n// ...\nconst admin = new aws.lb.ListenerRule(\"admin\", {\n listenerArn: frontEndListener.arn,\n actions: [\n {\n type: \"authenticate-cognito\",\n authenticateCognito: {\n userPoolArn: pool.arn,\n userPoolClientId: client.id,\n userPoolDomain: domain.domain,\n },\n },\n {\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n },\n ],\n});\n// Authenticate-oidc Action\nconst oidc = new aws.lb.ListenerRule(\"oidc\", {\n listenerArn: frontEndListener.arn,\n actions: [\n {\n type: \"authenticate-oidc\",\n authenticateOidc: {\n authorizationEndpoint: \"https://example.com/authorization_endpoint\",\n clientId: \"client_id\",\n clientSecret: \"client_secret\",\n issuer: \"https://example.com\",\n tokenEndpoint: \"https://example.com/token_endpoint\",\n userInfoEndpoint: \"https://example.com/user_info_endpoint\",\n },\n },\n {\n type: \"forward\",\n targetGroupArn: aws_lb_target_group.static.arn,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfront_end_load_balancer = aws.lb.LoadBalancer(\"frontEndLoadBalancer\")\n# ...\nfront_end_listener = aws.lb.Listener(\"frontEndListener\")\n# Other parameters\nstatic = aws.lb.ListenerRule(\"static\",\n listener_arn=front_end_listener.arn,\n priority=100,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n )],\n conditions=[\n aws.lb.ListenerRuleConditionArgs(\n path_pattern=aws.lb.ListenerRuleConditionPathPatternArgs(\n values=[\"/static/*\"],\n ),\n ),\n aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"example.com\"],\n ),\n ),\n ])\n# Forward action\nhost_based_weighted_routing = aws.lb.ListenerRule(\"hostBasedWeightedRouting\",\n listener_arn=front_end_listener.arn,\n priority=99,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"my-service.*.mycompany.io\"],\n ),\n )])\n# Weighted Forward action\nhost_based_routing = aws.lb.ListenerRule(\"hostBasedRouting\",\n listener_arn=front_end_listener.arn,\n priority=99,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n forward=aws.lb.ListenerRuleActionForwardArgs(\n target_groups=[\n aws.lb.ListenerRuleActionForwardTargetGroupArgs(\n arn=aws_lb_target_group[\"main\"][\"arn\"],\n weight=80,\n ),\n aws.lb.ListenerRuleActionForwardTargetGroupArgs(\n arn=aws_lb_target_group[\"canary\"][\"arn\"],\n weight=20,\n ),\n ],\n stickiness=aws.lb.ListenerRuleActionForwardStickinessArgs(\n enabled=True,\n duration=600,\n ),\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n host_header=aws.lb.ListenerRuleConditionHostHeaderArgs(\n values=[\"my-service.*.mycompany.io\"],\n ),\n )])\n# Redirect action\nredirect_http_to_https = aws.lb.ListenerRule(\"redirectHttpToHttps\",\n listener_arn=front_end_listener.arn,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"redirect\",\n redirect=aws.lb.ListenerRuleActionRedirectArgs(\n port=\"443\",\n protocol=\"HTTPS\",\n status_code=\"HTTP_301\",\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n http_header=aws.lb.ListenerRuleConditionHttpHeaderArgs(\n http_header_name=\"X-Forwarded-For\",\n values=[\"192.168.1.*\"],\n ),\n )])\n# Fixed-response action\nhealth_check = aws.lb.ListenerRule(\"healthCheck\",\n listener_arn=front_end_listener.arn,\n actions=[aws.lb.ListenerRuleActionArgs(\n type=\"fixed-response\",\n fixed_response=aws.lb.ListenerRuleActionFixedResponseArgs(\n content_type=\"text/plain\",\n message_body=\"HEALTHY\",\n status_code=\"200\",\n ),\n )],\n conditions=[aws.lb.ListenerRuleConditionArgs(\n query_strings=[\n aws.lb.ListenerRuleConditionQueryStringArgs(\n key=\"health\",\n value=\"check\",\n ),\n aws.lb.ListenerRuleConditionQueryStringArgs(\n value=\"bar\",\n ),\n ],\n )])\n# Authenticate-cognito Action\npool = aws.cognito.UserPool(\"pool\")\n# ...\nclient = aws.cognito.UserPoolClient(\"client\")\n# ...\ndomain = aws.cognito.UserPoolDomain(\"domain\")\n# ...\nadmin = aws.lb.ListenerRule(\"admin\",\n listener_arn=front_end_listener.arn,\n actions=[\n aws.lb.ListenerRuleActionArgs(\n type=\"authenticate-cognito\",\n authenticate_cognito=aws.lb.ListenerRuleActionAuthenticateCognitoArgs(\n user_pool_arn=pool.arn,\n user_pool_client_id=client.id,\n user_pool_domain=domain.domain,\n ),\n ),\n aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n ),\n ])\n# Authenticate-oidc Action\noidc = aws.lb.ListenerRule(\"oidc\",\n listener_arn=front_end_listener.arn,\n actions=[\n aws.lb.ListenerRuleActionArgs(\n type=\"authenticate-oidc\",\n authenticate_oidc=aws.lb.ListenerRuleActionAuthenticateOidcArgs(\n authorization_endpoint=\"https://example.com/authorization_endpoint\",\n client_id=\"client_id\",\n client_secret=\"client_secret\",\n issuer=\"https://example.com\",\n token_endpoint=\"https://example.com/token_endpoint\",\n user_info_endpoint=\"https://example.com/user_info_endpoint\",\n ),\n ),\n aws.lb.ListenerRuleActionArgs(\n type=\"forward\",\n target_group_arn=aws_lb_target_group[\"static\"][\"arn\"],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var frontEndLoadBalancer = new Aws.LB.LoadBalancer(\"frontEndLoadBalancer\", new Aws.LB.LoadBalancerArgs\n {\n });\n // ...\n var frontEndListener = new Aws.LB.Listener(\"frontEndListener\", new Aws.LB.ListenerArgs\n {\n });\n // Other parameters\n var @static = new Aws.LB.ListenerRule(\"static\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 100,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n PathPattern = new Aws.LB.Inputs.ListenerRuleConditionPathPatternArgs\n {\n Values = \n {\n \"/static/*\",\n },\n },\n },\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"example.com\",\n },\n },\n },\n },\n });\n // Forward action\n var hostBasedWeightedRouting = new Aws.LB.ListenerRule(\"hostBasedWeightedRouting\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 99,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"my-service.*.mycompany.io\",\n },\n },\n },\n },\n });\n // Weighted Forward action\n var hostBasedRouting = new Aws.LB.ListenerRule(\"hostBasedRouting\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Priority = 99,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n Forward = new Aws.LB.Inputs.ListenerRuleActionForwardArgs\n {\n TargetGroups = \n {\n new Aws.LB.Inputs.ListenerRuleActionForwardTargetGroupArgs\n {\n Arn = aws_lb_target_group.Main.Arn,\n Weight = 80,\n },\n new Aws.LB.Inputs.ListenerRuleActionForwardTargetGroupArgs\n {\n Arn = aws_lb_target_group.Canary.Arn,\n Weight = 20,\n },\n },\n Stickiness = new Aws.LB.Inputs.ListenerRuleActionForwardStickinessArgs\n {\n Enabled = true,\n Duration = 600,\n },\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HostHeader = new Aws.LB.Inputs.ListenerRuleConditionHostHeaderArgs\n {\n Values = \n {\n \"my-service.*.mycompany.io\",\n },\n },\n },\n },\n });\n // Redirect action\n var redirectHttpToHttps = new Aws.LB.ListenerRule(\"redirectHttpToHttps\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"redirect\",\n Redirect = new Aws.LB.Inputs.ListenerRuleActionRedirectArgs\n {\n Port = \"443\",\n Protocol = \"HTTPS\",\n StatusCode = \"HTTP_301\",\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n HttpHeader = new Aws.LB.Inputs.ListenerRuleConditionHttpHeaderArgs\n {\n HttpHeaderName = \"X-Forwarded-For\",\n Values = \n {\n \"192.168.1.*\",\n },\n },\n },\n },\n });\n // Fixed-response action\n var healthCheck = new Aws.LB.ListenerRule(\"healthCheck\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"fixed-response\",\n FixedResponse = new Aws.LB.Inputs.ListenerRuleActionFixedResponseArgs\n {\n ContentType = \"text/plain\",\n MessageBody = \"HEALTHY\",\n StatusCode = \"200\",\n },\n },\n },\n Conditions = \n {\n new Aws.LB.Inputs.ListenerRuleConditionArgs\n {\n QueryStrings = \n {\n new Aws.LB.Inputs.ListenerRuleConditionQueryStringArgs\n {\n Key = \"health\",\n Value = \"check\",\n },\n new Aws.LB.Inputs.ListenerRuleConditionQueryStringArgs\n {\n Value = \"bar\",\n },\n },\n },\n },\n });\n // Authenticate-cognito Action\n var pool = new Aws.Cognito.UserPool(\"pool\", new Aws.Cognito.UserPoolArgs\n {\n });\n // ...\n var client = new Aws.Cognito.UserPoolClient(\"client\", new Aws.Cognito.UserPoolClientArgs\n {\n });\n // ...\n var domain = new Aws.Cognito.UserPoolDomain(\"domain\", new Aws.Cognito.UserPoolDomainArgs\n {\n });\n // ...\n var admin = new Aws.LB.ListenerRule(\"admin\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"authenticate-cognito\",\n AuthenticateCognito = new Aws.LB.Inputs.ListenerRuleActionAuthenticateCognitoArgs\n {\n UserPoolArn = pool.Arn,\n UserPoolClientId = client.Id,\n UserPoolDomain = domain.Domain,\n },\n },\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n });\n // Authenticate-oidc Action\n var oidc = new Aws.LB.ListenerRule(\"oidc\", new Aws.LB.ListenerRuleArgs\n {\n ListenerArn = frontEndListener.Arn,\n Actions = \n {\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"authenticate-oidc\",\n AuthenticateOidc = new Aws.LB.Inputs.ListenerRuleActionAuthenticateOidcArgs\n {\n AuthorizationEndpoint = \"https://example.com/authorization_endpoint\",\n ClientId = \"client_id\",\n ClientSecret = \"client_secret\",\n Issuer = \"https://example.com\",\n TokenEndpoint = \"https://example.com/token_endpoint\",\n UserInfoEndpoint = \"https://example.com/user_info_endpoint\",\n },\n },\n new Aws.LB.Inputs.ListenerRuleActionArgs\n {\n Type = \"forward\",\n TargetGroupArn = aws_lb_target_group.Static.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"frontEndLoadBalancer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfrontEndListener, err := lb.NewListener(ctx, \"frontEndListener\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"static\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tPathPattern: &lb.ListenerRuleConditionPathPatternArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"/static/*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"hostBasedWeightedRouting\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(99),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"my-service.*.mycompany.io\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"hostBasedRouting\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tPriority: pulumi.Int(99),\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tForward: &lb.ListenerRuleActionForwardArgs{\n\t\t\t\t\t\tTargetGroups: lb.ListenerRuleActionForwardTargetGroupArray{\n\t\t\t\t\t\t\t&lb.ListenerRuleActionForwardTargetGroupArgs{\n\t\t\t\t\t\t\t\tArn: pulumi.Any(aws_lb_target_group.Main.Arn),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(80),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t&lb.ListenerRuleActionForwardTargetGroupArgs{\n\t\t\t\t\t\t\t\tArn: pulumi.Any(aws_lb_target_group.Canary.Arn),\n\t\t\t\t\t\t\t\tWeight: pulumi.Int(20),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStickiness: &lb.ListenerRuleActionForwardStickinessArgs{\n\t\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\t\tDuration: pulumi.Int(600),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHostHeader: &lb.ListenerRuleConditionHostHeaderArgs{\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"my-service.*.mycompany.io\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"redirectHttpToHttps\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"redirect\"),\n\t\t\t\t\tRedirect: &lb.ListenerRuleActionRedirectArgs{\n\t\t\t\t\t\tPort: pulumi.String(\"443\"),\n\t\t\t\t\t\tProtocol: pulumi.String(\"HTTPS\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"HTTP_301\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tHttpHeader: &lb.ListenerRuleConditionHttpHeaderArgs{\n\t\t\t\t\t\tHttpHeaderName: pulumi.String(\"X-Forwarded-For\"),\n\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"192.168.1.*\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"healthCheck\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"fixed-response\"),\n\t\t\t\t\tFixedResponse: &lb.ListenerRuleActionFixedResponseArgs{\n\t\t\t\t\t\tContentType: pulumi.String(\"text/plain\"),\n\t\t\t\t\t\tMessageBody: pulumi.String(\"HEALTHY\"),\n\t\t\t\t\t\tStatusCode: pulumi.String(\"200\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tConditions: lb.ListenerRuleConditionArray{\n\t\t\t\t&lb.ListenerRuleConditionArgs{\n\t\t\t\t\tQueryStrings: lb.ListenerRuleConditionQueryStringArray{\n\t\t\t\t\t\t&lb.ListenerRuleConditionQueryStringArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"health\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"check\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&lb.ListenerRuleConditionQueryStringArgs{\n\t\t\t\t\t\t\tValue: pulumi.String(\"bar\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tpool, err := cognito.NewUserPool(ctx, \"pool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := cognito.NewUserPoolClient(ctx, \"client\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdomain, err := cognito.NewUserPoolDomain(ctx, \"domain\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"admin\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-cognito\"),\n\t\t\t\t\tAuthenticateCognito: &lb.ListenerRuleActionAuthenticateCognitoArgs{\n\t\t\t\t\t\tUserPoolArn: pool.Arn,\n\t\t\t\t\t\tUserPoolClientId: client.ID(),\n\t\t\t\t\t\tUserPoolDomain: domain.Domain,\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewListenerRule(ctx, \"oidc\", &lb.ListenerRuleArgs{\n\t\t\tListenerArn: frontEndListener.Arn,\n\t\t\tActions: lb.ListenerRuleActionArray{\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"authenticate-oidc\"),\n\t\t\t\t\tAuthenticateOidc: &lb.ListenerRuleActionAuthenticateOidcArgs{\n\t\t\t\t\t\tAuthorizationEndpoint: pulumi.String(\"https://example.com/authorization_endpoint\"),\n\t\t\t\t\t\tClientId: pulumi.String(\"client_id\"),\n\t\t\t\t\t\tClientSecret: pulumi.String(\"client_secret\"),\n\t\t\t\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\t\t\t\tTokenEndpoint: pulumi.String(\"https://example.com/token_endpoint\"),\n\t\t\t\t\t\tUserInfoEndpoint: pulumi.String(\"https://example.com/user_info_endpoint\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lb.ListenerRuleActionArgs{\n\t\t\t\t\tType: pulumi.String(\"forward\"),\n\t\t\t\t\tTargetGroupArn: pulumi.Any(aws_lb_target_group.Static.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRules can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:lb/listenerRule:ListenerRule front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:listener-rule/app/test/8e4497da625e2d8a/9ab28ade35828f96/67b3d2d36dd7c26b\n```\n\n ", + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "actions", + "arn", + "conditions", + "listenerArn", + "priority", + "tagsAll" + ], + "inputProperties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "actions", + "conditions", + "listenerArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ListenerRule resources.\n", + "properties": { + "actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerRuleAction:ListenerRuleAction" + }, + "description": "An Action block. Action blocks are documented below.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the target group.\n" + }, + "conditions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/ListenerRuleCondition:ListenerRuleCondition" + }, + "description": "A Condition block. Multiple condition blocks of different types can be set and all must be satisfied for the rule to match. Condition blocks are documented below.\n" + }, + "listenerArn": { + "type": "string", + "description": "The ARN of the listener to which to attach the rule.\n" + }, + "priority": { + "type": "integer", + "description": "The priority for the rule between `1` and `50000`. Leaving it unset will automatically set the rule with next available priority after currently existing highest rule. A listener can't have multiple rules with the same priority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancingv2/listenerRule:ListenerRule" + } + ] + }, + "aws:lb/loadBalancer:LoadBalancer": { + "description": "Provides a Load Balancer resource.\n\n> **Note:** `aws.alb.LoadBalancer` is known as `aws.lb.LoadBalancer`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Specifying Elastic IPs\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lb.LoadBalancer(\"example\", {\n loadBalancerType: \"network\",\n subnetMappings: [\n {\n subnetId: aws_subnet.example1.id,\n allocationId: aws_eip.example1.id,\n },\n {\n subnetId: aws_subnet.example2.id,\n allocationId: aws_eip.example2.id,\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lb.LoadBalancer(\"example\",\n load_balancer_type=\"network\",\n subnet_mappings=[\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example1\"][\"id\"],\n allocation_id=aws_eip[\"example1\"][\"id\"],\n ),\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example2\"][\"id\"],\n allocation_id=aws_eip[\"example2\"][\"id\"],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LB.LoadBalancer(\"example\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"network\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example1.Id,\n AllocationId = aws_eip.Example1.Id,\n },\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example2.Id,\n AllocationId = aws_eip.Example2.Id,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"example\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\t\tAllocationId: pulumi.Any(aws_eip.Example1.Id),\n\t\t\t\t},\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example2.Id),\n\t\t\t\t\tAllocationId: pulumi.Any(aws_eip.Example2.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Specifying private IP addresses for an internal-facing load balancer\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.lb.LoadBalancer(\"example\", {\n loadBalancerType: \"network\",\n subnetMappings: [\n {\n subnetId: aws_subnet.example1.id,\n privateIpv4Address: \"10.0.1.15\",\n },\n {\n subnetId: aws_subnet.example2.id,\n privateIpv4Address: \"10.0.2.15\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lb.LoadBalancer(\"example\",\n load_balancer_type=\"network\",\n subnet_mappings=[\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example1\"][\"id\"],\n private_ipv4_address=\"10.0.1.15\",\n ),\n aws.lb.LoadBalancerSubnetMappingArgs(\n subnet_id=aws_subnet[\"example2\"][\"id\"],\n private_ipv4_address=\"10.0.2.15\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LB.LoadBalancer(\"example\", new Aws.LB.LoadBalancerArgs\n {\n LoadBalancerType = \"network\",\n SubnetMappings = \n {\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example1.Id,\n PrivateIpv4Address = \"10.0.1.15\",\n },\n new Aws.LB.Inputs.LoadBalancerSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example2.Id,\n PrivateIpv4Address = \"10.0.2.15\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewLoadBalancer(ctx, \"example\", &lb.LoadBalancerArgs{\n\t\t\tLoadBalancerType: pulumi.String(\"network\"),\n\t\t\tSubnetMappings: lb.LoadBalancerSubnetMappingArray{\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example1.Id),\n\t\t\t\t\tPrivateIpv4Address: pulumi.String(\"10.0.1.15\"),\n\t\t\t\t},\n\t\t\t\t&lb.LoadBalancerSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example2.Id),\n\t\t\t\t\tPrivateIpv4Address: pulumi.String(\"10.0.2.15\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLBs can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:lb/loadBalancer:LoadBalancer bar arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188\n```\n\n ", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:lb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the load balancer (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "The ARN suffix for use with CloudWatch Metrics.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).\n* `subnet_mapping.*.outpost_id` - ID of the Outpost containing the load balancer.\n" + } + }, + "required": [ + "arn", + "arnSuffix", + "dnsName", + "internal", + "ipAddressType", + "name", + "securityGroups", + "subnetMappings", + "subnets", + "tagsAll", + "vpcId", + "zoneId" + ], + "inputProperties": { + "accessLogs": { + "$ref": "#/types/aws:lb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering LoadBalancer resources.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:lb/LoadBalancerAccessLogs:LoadBalancerAccessLogs", + "description": "An Access Logs block. Access Logs documented below.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the load balancer (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "The ARN suffix for use with CloudWatch Metrics.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of the customer owned ipv4 pool to use for this load balancer.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the load balancer.\n" + }, + "dropInvalidHeaderFields": { + "type": "boolean", + "description": "Indicates whether HTTP headers with header fields that are not valid are removed by the load balancer (true) or routed to targets (false). The default is false. Elastic Load Balancing requires that message header names contain only alphanumeric characters and hyphens. Only valid for Load Balancers of type `application`.\n" + }, + "enableCrossZoneLoadBalancing": { + "type": "boolean", + "description": "If true, cross-zone load balancing of the load balancer will be enabled.\nThis is a `network` load balancer feature. Defaults to `false`.\n" + }, + "enableDeletionProtection": { + "type": "boolean", + "description": "If true, deletion of the load balancer will be disabled via\nthe AWS API. This will prevent this provider from deleting the load balancer. Defaults to `false`.\n" + }, + "enableHttp2": { + "type": "boolean", + "description": "Indicates whether HTTP/2 is enabled in `application` load balancers. Defaults to `true`.\n" + }, + "idleTimeout": { + "type": "integer", + "description": "The time in seconds that the connection is allowed to be idle. Only valid for Load Balancers of type `application`. Default: 60.\n" + }, + "internal": { + "type": "boolean", + "description": "If true, the LB will be internal.\n" + }, + "ipAddressType": { + "type": "string", + "description": "The type of IP addresses used by the subnets for your load balancer. The possible values are `ipv4` and `dualstack`\n" + }, + "loadBalancerType": { + "type": "string", + "description": "The type of load balancer to create. Possible values are `application`, `gateway`, or `network`. The default value is `application`.\n" + }, + "name": { + "type": "string", + "description": "The name of the LB. This name must be unique within your AWS account, can have a maximum of 32 characters,\nmust contain only alphanumeric characters or hyphens, and must not begin or end with a hyphen. If not specified,\nthis provider will autogenerate a name beginning with `tf-lb`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to assign to the LB. Only valid for Load Balancers of type `application`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/LoadBalancerSubnetMapping:LoadBalancerSubnetMapping" + }, + "description": "A subnet mapping block as documented below.\n" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs to attach to the LB. Subnets\ncannot be updated for Load Balancers of type `network`. Changing this value\nfor load balancers of type `network` will force a recreation of the resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the load balancer (to be used in a Route 53 Alias record).\n* `subnet_mapping.*.outpost_id` - ID of the Outpost containing the load balancer.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancingv2/loadBalancer:LoadBalancer" + } + ] + }, + "aws:lb/targetGroup:TargetGroup": { + "description": "Provides a Target Group resource for use with Load Balancer resources.\n\n> **Note:** `aws.alb.TargetGroup` is known as `aws.lb.TargetGroup`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Instance Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst test = new aws.lb.TargetGroup(\"test\", {\n port: 80,\n protocol: \"HTTP\",\n vpcId: main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\ntest = aws.lb.TargetGroup(\"test\",\n port=80,\n protocol=\"HTTP\",\n vpc_id=main.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var test = new Aws.LB.TargetGroup(\"test\", new Aws.LB.TargetGroupArgs\n {\n Port = 80,\n Protocol = \"HTTP\",\n VpcId = main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroup(ctx, \"test\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tVpcId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### IP Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ec2.Vpc(\"main\", {cidrBlock: \"10.0.0.0/16\"});\nconst ip_example = new aws.lb.TargetGroup(\"ip-example\", {\n port: 80,\n protocol: \"HTTP\",\n targetType: \"ip\",\n vpcId: main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ec2.Vpc(\"main\", cidr_block=\"10.0.0.0/16\")\nip_example = aws.lb.TargetGroup(\"ip-example\",\n port=80,\n protocol=\"HTTP\",\n target_type=\"ip\",\n vpc_id=main.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ec2.Vpc(\"main\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var ip_example = new Aws.LB.TargetGroup(\"ip-example\", new Aws.LB.TargetGroupArgs\n {\n Port = 80,\n Protocol = \"HTTP\",\n TargetType = \"ip\",\n VpcId = main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := ec2.NewVpc(ctx, \"main\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroup(ctx, \"ip_example\", &lb.TargetGroupArgs{\n\t\t\tPort: pulumi.Int(80),\n\t\t\tProtocol: pulumi.String(\"HTTP\"),\n\t\t\tTargetType: pulumi.String(\"ip\"),\n\t\t\tVpcId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Lambda Target Group\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lambda_example = new aws.lb.TargetGroup(\"lambda-example\", {\n targetType: \"lambda\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlambda_example = aws.lb.TargetGroup(\"lambda-example\", target_type=\"lambda\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lambda_example = new Aws.LB.TargetGroup(\"lambda-example\", new Aws.LB.TargetGroupArgs\n {\n TargetType = \"lambda\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lb.NewTargetGroup(ctx, \"lambda_example\", &lb.TargetGroupArgs{\n\t\t\tTargetType: pulumi.String(\"lambda\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTarget Groups can be imported using their ARN, e.g.\n\n```sh\n $ pulumi import aws:lb/targetGroup:TargetGroup app_front_end arn:aws:elasticloadbalancing:us-west-2:187416307283:targetgroup/app-front-end/20cfe21448b66314\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Target Group (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "ARN suffix for use with CloudWatch Metrics.\n" + }, + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:lb/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:lb/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "required": [ + "arn", + "arnSuffix", + "healthCheck", + "loadBalancingAlgorithmType", + "name", + "preserveClientIp", + "protocolVersion", + "stickiness", + "tagsAll" + ], + "inputProperties": { + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:lb/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:lb/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering TargetGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the Target Group (matches `id`).\n" + }, + "arnSuffix": { + "type": "string", + "description": "ARN suffix for use with CloudWatch Metrics.\n" + }, + "deregistrationDelay": { + "type": "integer", + "description": "Amount time for Elastic Load Balancing to wait before changing the state of a deregistering target from draining to unused. The range is 0-3600 seconds. The default value is 300 seconds.\n" + }, + "healthCheck": { + "$ref": "#/types/aws:lb/TargetGroupHealthCheck:TargetGroupHealthCheck", + "description": "Health Check configuration block. Detailed below.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean", + "description": "Whether the request and response headers exchanged between the load balancer and the Lambda function include arrays of values or strings. Only applies when `target_type` is `lambda`. Default is `false`.\n" + }, + "loadBalancingAlgorithmType": { + "type": "string", + "description": "Determines how the load balancer selects targets when routing requests. Only applicable for Application Load Balancer Target Groups. The value is `round_robin` or `least_outstanding_requests`. The default is `round_robin`.\n" + }, + "name": { + "type": "string", + "description": "Name of the Target Group.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Cannot be longer than 6 characters.\n" + }, + "port": { + "type": "integer", + "description": "Port to use to connect with the target. Valid values are either ports 1-65535, or `traffic-port`. Defaults to `traffic-port`.\n" + }, + "preserveClientIp": { + "type": "string", + "description": "Whether client IP preservation is enabled. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#client-ip-preservation) for more information.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use to connect with the target. Defaults to `HTTP`. Not applicable when `target_type` is `lambda`.\n" + }, + "protocolVersion": { + "type": "string", + "description": "Only applicable when `protocol` is `HTTP` or `HTTPS`. The protocol version. Specify GRPC to send requests to targets using gRPC. Specify HTTP2 to send requests to targets using HTTP/2. The default is HTTP1, which sends requests to targets using HTTP/1.1\n" + }, + "proxyProtocolV2": { + "type": "boolean", + "description": "Whether to enable support for proxy protocol v2 on Network Load Balancers. See [doc](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-target-groups.html#proxy-protocol) for more information. Default is `false`.\n" + }, + "slowStart": { + "type": "integer", + "description": "Amount time for targets to warm up before the load balancer sends them a full share of requests. The range is 30-900 seconds or 0 to disable. The default value is 0 seconds.\n" + }, + "stickiness": { + "$ref": "#/types/aws:lb/TargetGroupStickiness:TargetGroupStickiness", + "description": "Stickiness configuration block. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "Type of target that you must specify when registering targets with this target group. The possible values are `instance` (targets are specified by instance ID) or `ip` (targets are specified by IP address) or `lambda` (targets are specified by lambda arn). The default is `instance`. Note that you can't specify targets for a target group using both instance IDs and IP addresses. If the target type is `ip`, specify IP addresses from the subnets of the virtual private cloud (VPC) for the target group, the RFC 1918 range (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16), and the RFC 6598 range (100.64.0.0/10). You can't specify publicly routable IP addresses.\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of the VPC in which to create the target group. Required when `target_type` is `instance` or `ip`. Does not apply when `target_type` is `lambda`.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancingv2/targetGroup:TargetGroup" + } + ] + }, + "aws:lb/targetGroupAttachment:TargetGroupAttachment": { + "description": "Provides the ability to register instances and containers with an Application Load Balancer (ALB) or Network Load Balancer (NLB) target group. For attaching resources with Elastic Load Balancer (ELB), see the `aws.elb.Attachment` resource.\n\n> **Note:** `aws.alb.TargetGroupAttachment` is known as `aws.lb.TargetGroupAttachment`. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTargetGroup = new aws.lb.TargetGroup(\"testTargetGroup\", {});\n// ... other configuration ...\nconst testInstance = new aws.ec2.Instance(\"testInstance\", {});\n// ... other configuration ...\nconst testTargetGroupAttachment = new aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\", {\n targetGroupArn: testTargetGroup.arn,\n targetId: testInstance.id,\n port: 80,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_target_group = aws.lb.TargetGroup(\"testTargetGroup\")\n# ... other configuration ...\ntest_instance = aws.ec2.Instance(\"testInstance\")\n# ... other configuration ...\ntest_target_group_attachment = aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\",\n target_group_arn=test_target_group.arn,\n target_id=test_instance.id,\n port=80)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testTargetGroup = new Aws.LB.TargetGroup(\"testTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n });\n // ... other configuration ...\n var testInstance = new Aws.Ec2.Instance(\"testInstance\", new Aws.Ec2.InstanceArgs\n {\n });\n // ... other configuration ...\n var testTargetGroupAttachment = new Aws.LB.TargetGroupAttachment(\"testTargetGroupAttachment\", new Aws.LB.TargetGroupAttachmentArgs\n {\n TargetGroupArn = testTargetGroup.Arn,\n TargetId = testInstance.Id,\n Port = 80,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTargetGroup, err := lb.NewTargetGroup(ctx, \"testTargetGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := ec2.NewInstance(ctx, \"testInstance\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroupAttachment(ctx, \"testTargetGroupAttachment\", &lb.TargetGroupAttachmentArgs{\n\t\t\tTargetGroupArn: testTargetGroup.Arn,\n\t\t\tTargetId: testInstance.ID(),\n\t\t\tPort: pulumi.Int(80),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Usage with lambda\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testTargetGroup = new aws.lb.TargetGroup(\"testTargetGroup\", {targetType: \"lambda\"});\nconst testFunction = new aws.lambda.Function(\"testFunction\", {});\n// ... other configuration ...\nconst withLb = new aws.lambda.Permission(\"withLb\", {\n action: \"lambda:InvokeFunction\",\n \"function\": testFunction.arn,\n principal: \"elasticloadbalancing.amazonaws.com\",\n sourceArn: testTargetGroup.arn,\n});\nconst testTargetGroupAttachment = new aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\", {\n targetGroupArn: testTargetGroup.arn,\n targetId: testFunction.arn,\n}, {\n dependsOn: [withLb],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_target_group = aws.lb.TargetGroup(\"testTargetGroup\", target_type=\"lambda\")\ntest_function = aws.lambda_.Function(\"testFunction\")\n# ... other configuration ...\nwith_lb = aws.lambda_.Permission(\"withLb\",\n action=\"lambda:InvokeFunction\",\n function=test_function.arn,\n principal=\"elasticloadbalancing.amazonaws.com\",\n source_arn=test_target_group.arn)\ntest_target_group_attachment = aws.lb.TargetGroupAttachment(\"testTargetGroupAttachment\",\n target_group_arn=test_target_group.arn,\n target_id=test_function.arn,\n opts=pulumi.ResourceOptions(depends_on=[with_lb]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testTargetGroup = new Aws.LB.TargetGroup(\"testTargetGroup\", new Aws.LB.TargetGroupArgs\n {\n TargetType = \"lambda\",\n });\n var testFunction = new Aws.Lambda.Function(\"testFunction\", new Aws.Lambda.FunctionArgs\n {\n });\n // ... other configuration ...\n var withLb = new Aws.Lambda.Permission(\"withLb\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = testFunction.Arn,\n Principal = \"elasticloadbalancing.amazonaws.com\",\n SourceArn = testTargetGroup.Arn,\n });\n var testTargetGroupAttachment = new Aws.LB.TargetGroupAttachment(\"testTargetGroupAttachment\", new Aws.LB.TargetGroupAttachmentArgs\n {\n TargetGroupArn = testTargetGroup.Arn,\n TargetId = testFunction.Arn,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n withLb,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestTargetGroup, err := lb.NewTargetGroup(ctx, \"testTargetGroup\", &lb.TargetGroupArgs{\n\t\t\tTargetType: pulumi.String(\"lambda\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestFunction, err := lambda.NewFunction(ctx, \"testFunction\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twithLb, err := lambda.NewPermission(ctx, \"withLb\", &lambda.PermissionArgs{\n\t\t\tAction: pulumi.String(\"lambda:InvokeFunction\"),\n\t\t\tFunction: testFunction.Arn,\n\t\t\tPrincipal: pulumi.String(\"elasticloadbalancing.amazonaws.com\"),\n\t\t\tSourceArn: testTargetGroup.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lb.NewTargetGroupAttachment(ctx, \"testTargetGroupAttachment\", &lb.TargetGroupAttachmentArgs{\n\t\t\tTargetGroupArn: testTargetGroup.Arn,\n\t\t\tTargetId: testFunction.Arn,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\twithLb,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nTarget Group Attachments cannot be imported. ", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "required": [ + "targetGroupArn", + "targetId" + ], + "inputProperties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "requiredInputs": [ + "targetGroupArn", + "targetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TargetGroupAttachment resources.\n", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone where the IP address of the target is to be registered. If the private ip address is outside of the VPC scope, this value must be set to 'all'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which targets receive traffic.\n" + }, + "targetGroupArn": { + "type": "string", + "description": "The ARN of the target group with which to register targets\n" + }, + "targetId": { + "type": "string", + "description": "The ID of the target. This is the Instance ID for an instance, or the container ID for an ECS container. If the target type is ip, specify an IP address. If the target type is lambda, specify the arn of lambda.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:elasticloadbalancingv2/targetGroupAttachment:TargetGroupAttachment" + } + ] + }, + "aws:lex/bot:Bot": { + "description": "Provides an Amazon Lex Bot resource. For more information see\n[Amazon Lex: How It Works](https://docs.aws.amazon.com/lex/latest/dg/how-it-works.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst orderFlowersBot = new aws.lex.Bot(\"order_flowers_bot\", {\n abortStatement: {\n messages: [{\n content: \"Sorry, I am not able to assist at this time\",\n contentType: \"PlainText\",\n }],\n },\n childDirected: false,\n clarificationPrompt: {\n maxAttempts: 2,\n messages: [{\n content: \"I didn't understand you, what would you like to do?\",\n contentType: \"PlainText\",\n }],\n },\n createVersion: false,\n description: \"Bot to order flowers on the behalf of a user\",\n idleSessionTtlInSeconds: 600,\n intents: [{\n intentName: \"OrderFlowers\",\n intentVersion: \"1\",\n }],\n locale: \"en-US\",\n name: \"OrderFlowers\",\n processBehavior: \"BUILD\",\n voiceId: \"Salli\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norder_flowers_bot = aws.lex.Bot(\"orderFlowersBot\",\n abort_statement=aws.lex.BotAbortStatementArgs(\n messages=[aws.lex.BotAbortStatementMessageArgs(\n content=\"Sorry, I am not able to assist at this time\",\n content_type=\"PlainText\",\n )],\n ),\n child_directed=False,\n clarification_prompt=aws.lex.BotClarificationPromptArgs(\n max_attempts=2,\n messages=[aws.lex.BotClarificationPromptMessageArgs(\n content=\"I didn't understand you, what would you like to do?\",\n content_type=\"PlainText\",\n )],\n ),\n create_version=False,\n description=\"Bot to order flowers on the behalf of a user\",\n idle_session_ttl_in_seconds=600,\n intents=[aws.lex.BotIntentArgs(\n intent_name=\"OrderFlowers\",\n intent_version=\"1\",\n )],\n locale=\"en-US\",\n name=\"OrderFlowers\",\n process_behavior=\"BUILD\",\n voice_id=\"Salli\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var orderFlowersBot = new Aws.Lex.Bot(\"orderFlowersBot\", new Aws.Lex.BotArgs\n {\n AbortStatement = new Aws.Lex.Inputs.BotAbortStatementArgs\n {\n Messages = \n {\n new Aws.Lex.Inputs.BotAbortStatementMessageArgs\n {\n Content = \"Sorry, I am not able to assist at this time\",\n ContentType = \"PlainText\",\n },\n },\n },\n ChildDirected = false,\n ClarificationPrompt = new Aws.Lex.Inputs.BotClarificationPromptArgs\n {\n MaxAttempts = 2,\n Messages = \n {\n new Aws.Lex.Inputs.BotClarificationPromptMessageArgs\n {\n Content = \"I didn't understand you, what would you like to do?\",\n ContentType = \"PlainText\",\n },\n },\n },\n CreateVersion = false,\n Description = \"Bot to order flowers on the behalf of a user\",\n IdleSessionTtlInSeconds = 600,\n Intents = \n {\n new Aws.Lex.Inputs.BotIntentArgs\n {\n IntentName = \"OrderFlowers\",\n IntentVersion = \"1\",\n },\n },\n Locale = \"en-US\",\n Name = \"OrderFlowers\",\n ProcessBehavior = \"BUILD\",\n VoiceId = \"Salli\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lex.NewBot(ctx, \"orderFlowersBot\", &lex.BotArgs{\n\t\t\tAbortStatement: &lex.BotAbortStatementArgs{\n\t\t\t\tMessages: lex.BotAbortStatementMessageArray{\n\t\t\t\t\t&lex.BotAbortStatementMessageArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"Sorry, I am not able to assist at this time\"),\n\t\t\t\t\t\tContentType: pulumi.String(\"PlainText\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tChildDirected: pulumi.Bool(false),\n\t\t\tClarificationPrompt: &lex.BotClarificationPromptArgs{\n\t\t\t\tMaxAttempts: pulumi.Int(2),\n\t\t\t\tMessages: lex.BotClarificationPromptMessageArray{\n\t\t\t\t\t&lex.BotClarificationPromptMessageArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"I didn't understand you, what would you like to do?\"),\n\t\t\t\t\t\tContentType: pulumi.String(\"PlainText\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tCreateVersion: pulumi.Bool(false),\n\t\t\tDescription: pulumi.String(\"Bot to order flowers on the behalf of a user\"),\n\t\t\tIdleSessionTtlInSeconds: pulumi.Int(600),\n\t\t\tIntents: lex.BotIntentArray{\n\t\t\t\t&lex.BotIntentArgs{\n\t\t\t\t\tIntentName: pulumi.String(\"OrderFlowers\"),\n\t\t\t\t\tIntentVersion: pulumi.String(\"1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocale: pulumi.String(\"en-US\"),\n\t\t\tName: pulumi.String(\"OrderFlowers\"),\n\t\t\tProcessBehavior: pulumi.String(\"BUILD\"),\n\t\t\tVoiceId: pulumi.String(\"Salli\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBots can be imported using their name.\n\n```sh\n $ pulumi import aws:lex/bot:Bot order_flowers_bot OrderFlowers\n```\n\n ", + "properties": { + "abortStatement": { + "$ref": "#/types/aws:lex/BotAbortStatement:BotAbortStatement", + "description": "The message that Amazon Lex uses to abort a conversation. Attributes are documented under statement.\n" + }, + "arn": { + "type": "string" + }, + "checksum": { + "type": "string", + "description": "Checksum identifying the version of the bot that was created. The checksum is not\nincluded as an argument because the resource will add it automatically when updating the bot.\n" + }, + "childDirected": { + "type": "boolean", + "description": "By specifying true, you confirm that your use of Amazon Lex is related to a website, program, or other application that is directed or targeted, in whole or in part, to children under age 13 and subject to COPPA. For more information see the [Amazon Lex FAQ](https://aws.amazon.com/lex/faqs#data-security) and the [Amazon Lex PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-childDirected).\n" + }, + "clarificationPrompt": { + "$ref": "#/types/aws:lex/BotClarificationPrompt:BotClarificationPrompt", + "description": "The message that Amazon Lex uses when it doesn't understand the user's request. Attributes are documented under prompt.\n" + }, + "createVersion": { + "type": "boolean", + "description": "Determines if a new bot version is created when the initial resource is created and on each update. Defaults to `false`.\n" + }, + "createdDate": { + "type": "string", + "description": "The date when the bot version was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the bot. Must be less than or equal to 200 characters in length.\n" + }, + "detectSentiment": { + "type": "boolean", + "description": "When set to true user utterances are sent to Amazon Comprehend for sentiment analysis. If you don't specify detectSentiment, the default is `false`.\n" + }, + "enableModelImprovements": { + "type": "boolean", + "description": "Set to `true` to enable access to natural language understanding improvements. When you set the `enable_model_improvements` parameter to true you can use the `nlu_intent_confidence_threshold` parameter to configure confidence scores. For more information, see [Confidence Scores](https://docs.aws.amazon.com/lex/latest/dg/confidence-scores.html). You can only set the `enable_model_improvements` parameter in certain Regions. If you set the parameter to true, your bot has access to accuracy improvements. For more information see the [Amazon Lex Bot PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-enableModelImprovements).\n" + }, + "failureReason": { + "type": "string", + "description": "If status is FAILED, Amazon Lex provides the reason that it failed to build the bot.\n" + }, + "idleSessionTtlInSeconds": { + "type": "integer", + "description": "The maximum time in seconds that Amazon Lex retains the data gathered in a conversation. Default is `300`. Must be a number between 60 and 86400 (inclusive).\n" + }, + "intents": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/BotIntent:BotIntent" + }, + "description": "A set of Intent objects. Each intent represents a command that a user can express. Attributes are documented under intent. Can have up to 100 Intent objects.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date when the $LATEST version of this bot was updated.\n" + }, + "locale": { + "type": "string", + "description": "Specifies the target locale for the bot. Any intent used in the bot must be compatible with the locale of the bot. For available locales, see [Amazon Lex Bot PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-locale). Default is `en-US`.\n" + }, + "name": { + "type": "string", + "description": "The name of the bot that you want to create, case sensitive. Must be between 2 and 50 characters in length.\n" + }, + "nluIntentConfidenceThreshold": { + "type": "number", + "description": "Determines the threshold where Amazon Lex will insert the AMAZON.FallbackIntent, AMAZON.KendraSearchIntent, or both when returning alternative intents in a PostContent or PostText response. AMAZON.FallbackIntent and AMAZON.KendraSearchIntent are only inserted if they are configured for the bot. For more information see [Amazon Lex Bot PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-nluIntentConfidenceThreshold) This value requires `enable_model_improvements` to be set to `true` and the default is `0`. Must be a float between 0 and 1.\n" + }, + "processBehavior": { + "type": "string", + "description": "If you set the `process_behavior` element to `BUILD`, Amazon Lex builds the bot so that it can be run. If you set the element to `SAVE` Amazon Lex saves the bot, but doesn't build it. Default is `SAVE`.\n" + }, + "status": { + "type": "string", + "description": "When you send a request to create or update a bot, Amazon Lex sets the status response\nelement to BUILDING. After Amazon Lex builds the bot, it sets status to READY. If Amazon Lex can't\nbuild the bot, it sets status to FAILED. Amazon Lex returns the reason for the failure in the\nfailure_reason response element.\n" + }, + "version": { + "type": "string", + "description": "The version of the bot.\n" + }, + "voiceId": { + "type": "string", + "description": "The Amazon Polly voice ID that you want Amazon Lex to use for voice interactions with the user. The locale configured for the voice must match the locale of the bot. For more information, see [Available Voices](http://docs.aws.amazon.com/polly/latest/dg/voicelist.html) in the Amazon Polly Developer Guide.\n" + } + }, + "required": [ + "abortStatement", + "arn", + "checksum", + "childDirected", + "createdDate", + "failureReason", + "intents", + "lastUpdatedDate", + "name", + "status", + "version", + "voiceId" + ], + "inputProperties": { + "abortStatement": { + "$ref": "#/types/aws:lex/BotAbortStatement:BotAbortStatement", + "description": "The message that Amazon Lex uses to abort a conversation. Attributes are documented under statement.\n" + }, + "childDirected": { + "type": "boolean", + "description": "By specifying true, you confirm that your use of Amazon Lex is related to a website, program, or other application that is directed or targeted, in whole or in part, to children under age 13 and subject to COPPA. For more information see the [Amazon Lex FAQ](https://aws.amazon.com/lex/faqs#data-security) and the [Amazon Lex PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-childDirected).\n" + }, + "clarificationPrompt": { + "$ref": "#/types/aws:lex/BotClarificationPrompt:BotClarificationPrompt", + "description": "The message that Amazon Lex uses when it doesn't understand the user's request. Attributes are documented under prompt.\n" + }, + "createVersion": { + "type": "boolean", + "description": "Determines if a new bot version is created when the initial resource is created and on each update. Defaults to `false`.\n" + }, + "description": { + "type": "string", + "description": "A description of the bot. Must be less than or equal to 200 characters in length.\n" + }, + "detectSentiment": { + "type": "boolean", + "description": "When set to true user utterances are sent to Amazon Comprehend for sentiment analysis. If you don't specify detectSentiment, the default is `false`.\n" + }, + "enableModelImprovements": { + "type": "boolean", + "description": "Set to `true` to enable access to natural language understanding improvements. When you set the `enable_model_improvements` parameter to true you can use the `nlu_intent_confidence_threshold` parameter to configure confidence scores. For more information, see [Confidence Scores](https://docs.aws.amazon.com/lex/latest/dg/confidence-scores.html). You can only set the `enable_model_improvements` parameter in certain Regions. If you set the parameter to true, your bot has access to accuracy improvements. For more information see the [Amazon Lex Bot PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-enableModelImprovements).\n" + }, + "idleSessionTtlInSeconds": { + "type": "integer", + "description": "The maximum time in seconds that Amazon Lex retains the data gathered in a conversation. Default is `300`. Must be a number between 60 and 86400 (inclusive).\n" + }, + "intents": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/BotIntent:BotIntent" + }, + "description": "A set of Intent objects. Each intent represents a command that a user can express. Attributes are documented under intent. Can have up to 100 Intent objects.\n" + }, + "locale": { + "type": "string", + "description": "Specifies the target locale for the bot. Any intent used in the bot must be compatible with the locale of the bot. For available locales, see [Amazon Lex Bot PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-locale). Default is `en-US`.\n" + }, + "name": { + "type": "string", + "description": "The name of the bot that you want to create, case sensitive. Must be between 2 and 50 characters in length.\n" + }, + "nluIntentConfidenceThreshold": { + "type": "number", + "description": "Determines the threshold where Amazon Lex will insert the AMAZON.FallbackIntent, AMAZON.KendraSearchIntent, or both when returning alternative intents in a PostContent or PostText response. AMAZON.FallbackIntent and AMAZON.KendraSearchIntent are only inserted if they are configured for the bot. For more information see [Amazon Lex Bot PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-nluIntentConfidenceThreshold) This value requires `enable_model_improvements` to be set to `true` and the default is `0`. Must be a float between 0 and 1.\n" + }, + "processBehavior": { + "type": "string", + "description": "If you set the `process_behavior` element to `BUILD`, Amazon Lex builds the bot so that it can be run. If you set the element to `SAVE` Amazon Lex saves the bot, but doesn't build it. Default is `SAVE`.\n" + }, + "voiceId": { + "type": "string", + "description": "The Amazon Polly voice ID that you want Amazon Lex to use for voice interactions with the user. The locale configured for the voice must match the locale of the bot. For more information, see [Available Voices](http://docs.aws.amazon.com/polly/latest/dg/voicelist.html) in the Amazon Polly Developer Guide.\n" + } + }, + "requiredInputs": [ + "abortStatement", + "childDirected", + "intents" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Bot resources.\n", + "properties": { + "abortStatement": { + "$ref": "#/types/aws:lex/BotAbortStatement:BotAbortStatement", + "description": "The message that Amazon Lex uses to abort a conversation. Attributes are documented under statement.\n" + }, + "arn": { + "type": "string" + }, + "checksum": { + "type": "string", + "description": "Checksum identifying the version of the bot that was created. The checksum is not\nincluded as an argument because the resource will add it automatically when updating the bot.\n" + }, + "childDirected": { + "type": "boolean", + "description": "By specifying true, you confirm that your use of Amazon Lex is related to a website, program, or other application that is directed or targeted, in whole or in part, to children under age 13 and subject to COPPA. For more information see the [Amazon Lex FAQ](https://aws.amazon.com/lex/faqs#data-security) and the [Amazon Lex PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-childDirected).\n" + }, + "clarificationPrompt": { + "$ref": "#/types/aws:lex/BotClarificationPrompt:BotClarificationPrompt", + "description": "The message that Amazon Lex uses when it doesn't understand the user's request. Attributes are documented under prompt.\n" + }, + "createVersion": { + "type": "boolean", + "description": "Determines if a new bot version is created when the initial resource is created and on each update. Defaults to `false`.\n" + }, + "createdDate": { + "type": "string", + "description": "The date when the bot version was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the bot. Must be less than or equal to 200 characters in length.\n" + }, + "detectSentiment": { + "type": "boolean", + "description": "When set to true user utterances are sent to Amazon Comprehend for sentiment analysis. If you don't specify detectSentiment, the default is `false`.\n" + }, + "enableModelImprovements": { + "type": "boolean", + "description": "Set to `true` to enable access to natural language understanding improvements. When you set the `enable_model_improvements` parameter to true you can use the `nlu_intent_confidence_threshold` parameter to configure confidence scores. For more information, see [Confidence Scores](https://docs.aws.amazon.com/lex/latest/dg/confidence-scores.html). You can only set the `enable_model_improvements` parameter in certain Regions. If you set the parameter to true, your bot has access to accuracy improvements. For more information see the [Amazon Lex Bot PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-enableModelImprovements).\n" + }, + "failureReason": { + "type": "string", + "description": "If status is FAILED, Amazon Lex provides the reason that it failed to build the bot.\n" + }, + "idleSessionTtlInSeconds": { + "type": "integer", + "description": "The maximum time in seconds that Amazon Lex retains the data gathered in a conversation. Default is `300`. Must be a number between 60 and 86400 (inclusive).\n" + }, + "intents": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/BotIntent:BotIntent" + }, + "description": "A set of Intent objects. Each intent represents a command that a user can express. Attributes are documented under intent. Can have up to 100 Intent objects.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date when the $LATEST version of this bot was updated.\n" + }, + "locale": { + "type": "string", + "description": "Specifies the target locale for the bot. Any intent used in the bot must be compatible with the locale of the bot. For available locales, see [Amazon Lex Bot PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-locale). Default is `en-US`.\n" + }, + "name": { + "type": "string", + "description": "The name of the bot that you want to create, case sensitive. Must be between 2 and 50 characters in length.\n" + }, + "nluIntentConfidenceThreshold": { + "type": "number", + "description": "Determines the threshold where Amazon Lex will insert the AMAZON.FallbackIntent, AMAZON.KendraSearchIntent, or both when returning alternative intents in a PostContent or PostText response. AMAZON.FallbackIntent and AMAZON.KendraSearchIntent are only inserted if they are configured for the bot. For more information see [Amazon Lex Bot PutBot API Docs](https://docs.aws.amazon.com/lex/latest/dg/API_PutBot.html#lex-PutBot-request-nluIntentConfidenceThreshold) This value requires `enable_model_improvements` to be set to `true` and the default is `0`. Must be a float between 0 and 1.\n" + }, + "processBehavior": { + "type": "string", + "description": "If you set the `process_behavior` element to `BUILD`, Amazon Lex builds the bot so that it can be run. If you set the element to `SAVE` Amazon Lex saves the bot, but doesn't build it. Default is `SAVE`.\n" + }, + "status": { + "type": "string", + "description": "When you send a request to create or update a bot, Amazon Lex sets the status response\nelement to BUILDING. After Amazon Lex builds the bot, it sets status to READY. If Amazon Lex can't\nbuild the bot, it sets status to FAILED. Amazon Lex returns the reason for the failure in the\nfailure_reason response element.\n" + }, + "version": { + "type": "string", + "description": "The version of the bot.\n" + }, + "voiceId": { + "type": "string", + "description": "The Amazon Polly voice ID that you want Amazon Lex to use for voice interactions with the user. The locale configured for the voice must match the locale of the bot. For more information, see [Available Voices](http://docs.aws.amazon.com/polly/latest/dg/voicelist.html) in the Amazon Polly Developer Guide.\n" + } + }, + "type": "object" + } + }, + "aws:lex/botAlias:BotAlias": { + "description": "Provides an Amazon Lex Bot Alias resource. For more information see\n[Amazon Lex: How It Works](https://docs.aws.amazon.com/lex/latest/dg/how-it-works.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst orderFlowersProd = new aws.lex.BotAlias(\"order_flowers_prod\", {\n botName: \"OrderFlowers\",\n botVersion: \"1\",\n description: \"Production Version of the OrderFlowers Bot.\",\n name: \"OrderFlowersProd\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norder_flowers_prod = aws.lex.BotAlias(\"orderFlowersProd\",\n bot_name=\"OrderFlowers\",\n bot_version=\"1\",\n description=\"Production Version of the OrderFlowers Bot.\",\n name=\"OrderFlowersProd\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var orderFlowersProd = new Aws.Lex.BotAlias(\"orderFlowersProd\", new Aws.Lex.BotAliasArgs\n {\n BotName = \"OrderFlowers\",\n BotVersion = \"1\",\n Description = \"Production Version of the OrderFlowers Bot.\",\n Name = \"OrderFlowersProd\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lex.NewBotAlias(ctx, \"orderFlowersProd\", &lex.BotAliasArgs{\n\t\t\tBotName: pulumi.String(\"OrderFlowers\"),\n\t\t\tBotVersion: pulumi.String(\"1\"),\n\t\t\tDescription: pulumi.String(\"Production Version of the OrderFlowers Bot.\"),\n\t\t\tName: pulumi.String(\"OrderFlowersProd\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nBot aliases can be imported using an ID with the format `bot_name:bot_alias_name`.\n\n```sh\n $ pulumi import aws:lex/botAlias:BotAlias order_flowers_prod OrderFlowers:OrderFlowersProd\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the bot alias.\n" + }, + "botName": { + "type": "string", + "description": "The name of the bot.\n" + }, + "botVersion": { + "type": "string", + "description": "The name of the bot.\n" + }, + "checksum": { + "type": "string", + "description": "Checksum of the bot alias.\n" + }, + "conversationLogs": { + "$ref": "#/types/aws:lex/BotAliasConversationLogs:BotAliasConversationLogs", + "description": "The settings that determine how Amazon Lex uses conversation logs for the alias. Attributes are documented under conversation_logs.\n" + }, + "createdDate": { + "type": "string", + "description": "The date that the bot alias was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the alias. Must be less than or equal to 200 characters in length.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date that the bot alias was updated. When you create a resource, the creation date and the last updated date are the same.\n" + }, + "name": { + "type": "string", + "description": "The name of the alias. The name is not case sensitive. Must be less than or equal to 100 characters in length.\n" + } + }, + "required": [ + "arn", + "botName", + "botVersion", + "checksum", + "createdDate", + "lastUpdatedDate", + "name" + ], + "inputProperties": { + "botName": { + "type": "string", + "description": "The name of the bot.\n" + }, + "botVersion": { + "type": "string", + "description": "The name of the bot.\n" + }, + "conversationLogs": { + "$ref": "#/types/aws:lex/BotAliasConversationLogs:BotAliasConversationLogs", + "description": "The settings that determine how Amazon Lex uses conversation logs for the alias. Attributes are documented under conversation_logs.\n" + }, + "description": { + "type": "string", + "description": "A description of the alias. Must be less than or equal to 200 characters in length.\n" + }, + "name": { + "type": "string", + "description": "The name of the alias. The name is not case sensitive. Must be less than or equal to 100 characters in length.\n" + } + }, + "requiredInputs": [ + "botName", + "botVersion" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BotAlias resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the bot alias.\n" + }, + "botName": { + "type": "string", + "description": "The name of the bot.\n" + }, + "botVersion": { + "type": "string", + "description": "The name of the bot.\n" + }, + "checksum": { + "type": "string", + "description": "Checksum of the bot alias.\n" + }, + "conversationLogs": { + "$ref": "#/types/aws:lex/BotAliasConversationLogs:BotAliasConversationLogs", + "description": "The settings that determine how Amazon Lex uses conversation logs for the alias. Attributes are documented under conversation_logs.\n" + }, + "createdDate": { + "type": "string", + "description": "The date that the bot alias was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the alias. Must be less than or equal to 200 characters in length.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date that the bot alias was updated. When you create a resource, the creation date and the last updated date are the same.\n" + }, + "name": { + "type": "string", + "description": "The name of the alias. The name is not case sensitive. Must be less than or equal to 100 characters in length.\n" + } + }, + "type": "object" + } + }, + "aws:lex/intent:Intent": { + "description": "Provides an Amazon Lex Intent resource. For more information see\n[Amazon Lex: How It Works](https://docs.aws.amazon.com/lex/latest/dg/how-it-works.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst orderFlowersIntent = new aws.lex.Intent(\"order_flowers_intent\", {\n confirmationPrompt: {\n maxAttempts: 2,\n messages: [{\n content: \"Okay, your {FlowerType} will be ready for pickup by {PickupTime} on {PickupDate}. Does this sound okay?\",\n contentType: \"PlainText\",\n }],\n },\n createVersion: false,\n description: \"Intent to order a bouquet of flowers for pick up\",\n fulfillmentActivity: {\n type: \"ReturnIntent\",\n },\n name: \"OrderFlowers\",\n rejectionStatement: {\n messages: [{\n content: \"Okay, I will not place your order.\",\n contentType: \"PlainText\",\n }],\n },\n sampleUtterances: [\n \"I would like to order some flowers\",\n \"I would like to pick up flowers\",\n ],\n slots: [\n {\n description: \"The type of flowers to pick up\",\n name: \"FlowerType\",\n priority: 1,\n sampleUtterances: [\"I would like to order {FlowerType}\"],\n slotConstraint: \"Required\",\n slotType: \"FlowerTypes\",\n slotTypeVersion: \"$LATEST\",\n valueElicitationPrompt: {\n maxAttempts: 2,\n messages: [{\n content: \"What type of flowers would you like to order?\",\n contentType: \"PlainText\",\n }],\n },\n },\n {\n description: \"The date to pick up the flowers\",\n name: \"PickupDate\",\n priority: 2,\n sampleUtterances: [\"I would like to order {FlowerType}\"],\n slotConstraint: \"Required\",\n slotType: \"AMAZON.DATE\",\n slotTypeVersion: \"$LATEST\",\n valueElicitationPrompt: {\n maxAttempts: 2,\n messages: [{\n content: \"What day do you want the {FlowerType} to be picked up?\",\n contentType: \"PlainText\",\n }],\n },\n },\n {\n description: \"The time to pick up the flowers\",\n name: \"PickupTime\",\n priority: 3,\n sampleUtterances: [\"I would like to order {FlowerType}\"],\n slotConstraint: \"Required\",\n slotType: \"AMAZON.TIME\",\n slotTypeVersion: \"$LATEST\",\n valueElicitationPrompt: {\n maxAttempts: 2,\n messages: [{\n content: \"Pick up the {FlowerType} at what time on {PickupDate}?\",\n contentType: \"PlainText\",\n }],\n },\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norder_flowers_intent = aws.lex.Intent(\"orderFlowersIntent\",\n confirmation_prompt=aws.lex.IntentConfirmationPromptArgs(\n max_attempts=2,\n messages=[aws.lex.IntentConfirmationPromptMessageArgs(\n content=\"Okay, your {FlowerType} will be ready for pickup by {PickupTime} on {PickupDate}. Does this sound okay?\",\n content_type=\"PlainText\",\n )],\n ),\n create_version=False,\n description=\"Intent to order a bouquet of flowers for pick up\",\n fulfillment_activity=aws.lex.IntentFulfillmentActivityArgs(\n type=\"ReturnIntent\",\n ),\n name=\"OrderFlowers\",\n rejection_statement=aws.lex.IntentRejectionStatementArgs(\n messages=[aws.lex.IntentRejectionStatementMessageArgs(\n content=\"Okay, I will not place your order.\",\n content_type=\"PlainText\",\n )],\n ),\n sample_utterances=[\n \"I would like to order some flowers\",\n \"I would like to pick up flowers\",\n ],\n slots=[\n aws.lex.IntentSlotArgs(\n description=\"The type of flowers to pick up\",\n name=\"FlowerType\",\n priority=1,\n sample_utterances=[\"I would like to order {FlowerType}\"],\n slot_constraint=\"Required\",\n slot_type=\"FlowerTypes\",\n slot_type_version=\"$LATEST\",\n value_elicitation_prompt=aws.lex.IntentSlotValueElicitationPromptArgs(\n max_attempts=2,\n message=[{\n \"content\": \"What type of flowers would you like to order?\",\n \"contentType\": \"PlainText\",\n }],\n ),\n ),\n aws.lex.IntentSlotArgs(\n description=\"The date to pick up the flowers\",\n name=\"PickupDate\",\n priority=2,\n sample_utterances=[\"I would like to order {FlowerType}\"],\n slot_constraint=\"Required\",\n slot_type=\"AMAZON.DATE\",\n slot_type_version=\"$LATEST\",\n value_elicitation_prompt=aws.lex.IntentSlotValueElicitationPromptArgs(\n max_attempts=2,\n message=[{\n \"content\": \"What day do you want the {FlowerType} to be picked up?\",\n \"contentType\": \"PlainText\",\n }],\n ),\n ),\n aws.lex.IntentSlotArgs(\n description=\"The time to pick up the flowers\",\n name=\"PickupTime\",\n priority=3,\n sample_utterances=[\"I would like to order {FlowerType}\"],\n slot_constraint=\"Required\",\n slot_type=\"AMAZON.TIME\",\n slot_type_version=\"$LATEST\",\n value_elicitation_prompt=aws.lex.IntentSlotValueElicitationPromptArgs(\n max_attempts=2,\n message=[{\n \"content\": \"Pick up the {FlowerType} at what time on {PickupDate}?\",\n \"contentType\": \"PlainText\",\n }],\n ),\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var orderFlowersIntent = new Aws.Lex.Intent(\"orderFlowersIntent\", new Aws.Lex.IntentArgs\n {\n ConfirmationPrompt = new Aws.Lex.Inputs.IntentConfirmationPromptArgs\n {\n MaxAttempts = 2,\n Messages = \n {\n new Aws.Lex.Inputs.IntentConfirmationPromptMessageArgs\n {\n Content = \"Okay, your {FlowerType} will be ready for pickup by {PickupTime} on {PickupDate}. Does this sound okay?\",\n ContentType = \"PlainText\",\n },\n },\n },\n CreateVersion = false,\n Description = \"Intent to order a bouquet of flowers for pick up\",\n FulfillmentActivity = new Aws.Lex.Inputs.IntentFulfillmentActivityArgs\n {\n Type = \"ReturnIntent\",\n },\n Name = \"OrderFlowers\",\n RejectionStatement = new Aws.Lex.Inputs.IntentRejectionStatementArgs\n {\n Messages = \n {\n new Aws.Lex.Inputs.IntentRejectionStatementMessageArgs\n {\n Content = \"Okay, I will not place your order.\",\n ContentType = \"PlainText\",\n },\n },\n },\n SampleUtterances = \n {\n \"I would like to order some flowers\",\n \"I would like to pick up flowers\",\n },\n Slots = \n {\n new Aws.Lex.Inputs.IntentSlotArgs\n {\n Description = \"The type of flowers to pick up\",\n Name = \"FlowerType\",\n Priority = 1,\n SampleUtterances = \n {\n \"I would like to order {FlowerType}\",\n },\n SlotConstraint = \"Required\",\n SlotType = \"FlowerTypes\",\n SlotTypeVersion = \"$LATEST\",\n ValueElicitationPrompt = new Aws.Lex.Inputs.IntentSlotValueElicitationPromptArgs\n {\n MaxAttempts = 2,\n Message = \n {\n \n {\n { \"content\", \"What type of flowers would you like to order?\" },\n { \"contentType\", \"PlainText\" },\n },\n },\n },\n },\n new Aws.Lex.Inputs.IntentSlotArgs\n {\n Description = \"The date to pick up the flowers\",\n Name = \"PickupDate\",\n Priority = 2,\n SampleUtterances = \n {\n \"I would like to order {FlowerType}\",\n },\n SlotConstraint = \"Required\",\n SlotType = \"AMAZON.DATE\",\n SlotTypeVersion = \"$LATEST\",\n ValueElicitationPrompt = new Aws.Lex.Inputs.IntentSlotValueElicitationPromptArgs\n {\n MaxAttempts = 2,\n Message = \n {\n \n {\n { \"content\", \"What day do you want the {FlowerType} to be picked up?\" },\n { \"contentType\", \"PlainText\" },\n },\n },\n },\n },\n new Aws.Lex.Inputs.IntentSlotArgs\n {\n Description = \"The time to pick up the flowers\",\n Name = \"PickupTime\",\n Priority = 3,\n SampleUtterances = \n {\n \"I would like to order {FlowerType}\",\n },\n SlotConstraint = \"Required\",\n SlotType = \"AMAZON.TIME\",\n SlotTypeVersion = \"$LATEST\",\n ValueElicitationPrompt = new Aws.Lex.Inputs.IntentSlotValueElicitationPromptArgs\n {\n MaxAttempts = 2,\n Message = \n {\n \n {\n { \"content\", \"Pick up the {FlowerType} at what time on {PickupDate}?\" },\n { \"contentType\", \"PlainText\" },\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lex.NewIntent(ctx, \"orderFlowersIntent\", &lex.IntentArgs{\n\t\t\tConfirmationPrompt: &lex.IntentConfirmationPromptArgs{\n\t\t\t\tMaxAttempts: pulumi.Int(2),\n\t\t\t\tMessages: lex.IntentConfirmationPromptMessageArray{\n\t\t\t\t\t&lex.IntentConfirmationPromptMessageArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"Okay, your {FlowerType} will be ready for pickup by {PickupTime} on {PickupDate}. Does this sound okay?\"),\n\t\t\t\t\t\tContentType: pulumi.String(\"PlainText\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tCreateVersion: pulumi.Bool(false),\n\t\t\tDescription: pulumi.String(\"Intent to order a bouquet of flowers for pick up\"),\n\t\t\tFulfillmentActivity: &lex.IntentFulfillmentActivityArgs{\n\t\t\t\tType: pulumi.String(\"ReturnIntent\"),\n\t\t\t},\n\t\t\tName: pulumi.String(\"OrderFlowers\"),\n\t\t\tRejectionStatement: &lex.IntentRejectionStatementArgs{\n\t\t\t\tMessages: lex.IntentRejectionStatementMessageArray{\n\t\t\t\t\t&lex.IntentRejectionStatementMessageArgs{\n\t\t\t\t\t\tContent: pulumi.String(\"Okay, I will not place your order.\"),\n\t\t\t\t\t\tContentType: pulumi.String(\"PlainText\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tSampleUtterances: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"I would like to order some flowers\"),\n\t\t\t\tpulumi.String(\"I would like to pick up flowers\"),\n\t\t\t},\n\t\t\tSlots: lex.IntentSlotArray{\n\t\t\t\t&lex.IntentSlotArgs{\n\t\t\t\t\tDescription: pulumi.String(\"The type of flowers to pick up\"),\n\t\t\t\t\tName: pulumi.String(\"FlowerType\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tSampleUtterances: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"I would like to order {FlowerType}\"),\n\t\t\t\t\t},\n\t\t\t\t\tSlotConstraint: pulumi.String(\"Required\"),\n\t\t\t\t\tSlotType: pulumi.String(\"FlowerTypes\"),\n\t\t\t\t\tSlotTypeVersion: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"LATEST\")),\n\t\t\t\t\tValueElicitationPrompt: &lex.IntentSlotValueElicitationPromptArgs{\n\t\t\t\t\t\tMaxAttempts: pulumi.Int(2),\n\t\t\t\t\t\tMessage: []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"content\": \"What type of flowers would you like to order?\",\n\t\t\t\t\t\t\t\t\"contentType\": \"PlainText\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lex.IntentSlotArgs{\n\t\t\t\t\tDescription: pulumi.String(\"The date to pick up the flowers\"),\n\t\t\t\t\tName: pulumi.String(\"PickupDate\"),\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tSampleUtterances: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"I would like to order {FlowerType}\"),\n\t\t\t\t\t},\n\t\t\t\t\tSlotConstraint: pulumi.String(\"Required\"),\n\t\t\t\t\tSlotType: pulumi.String(\"AMAZON.DATE\"),\n\t\t\t\t\tSlotTypeVersion: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"LATEST\")),\n\t\t\t\t\tValueElicitationPrompt: &lex.IntentSlotValueElicitationPromptArgs{\n\t\t\t\t\t\tMaxAttempts: pulumi.Int(2),\n\t\t\t\t\t\tMessage: []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"content\": \"What day do you want the {FlowerType} to be picked up?\",\n\t\t\t\t\t\t\t\t\"contentType\": \"PlainText\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&lex.IntentSlotArgs{\n\t\t\t\t\tDescription: pulumi.String(\"The time to pick up the flowers\"),\n\t\t\t\t\tName: pulumi.String(\"PickupTime\"),\n\t\t\t\t\tPriority: pulumi.Int(3),\n\t\t\t\t\tSampleUtterances: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"I would like to order {FlowerType}\"),\n\t\t\t\t\t},\n\t\t\t\t\tSlotConstraint: pulumi.String(\"Required\"),\n\t\t\t\t\tSlotType: pulumi.String(\"AMAZON.TIME\"),\n\t\t\t\t\tSlotTypeVersion: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"LATEST\")),\n\t\t\t\t\tValueElicitationPrompt: &lex.IntentSlotValueElicitationPromptArgs{\n\t\t\t\t\t\tMaxAttempts: pulumi.Int(2),\n\t\t\t\t\t\tMessage: []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"content\": \"Pick up the {FlowerType} at what time on {PickupDate}?\",\n\t\t\t\t\t\t\t\t\"contentType\": \"PlainText\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIntents can be imported using their name.\n\n```sh\n $ pulumi import aws:lex/intent:Intent order_flowers_intent OrderFlowers\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lex intent.\n" + }, + "checksum": { + "type": "string", + "description": "Checksum identifying the version of the intent that was created. The checksum is not\nincluded as an argument because the resource will add it automatically when updating the intent.\n" + }, + "conclusionStatement": { + "$ref": "#/types/aws:lex/IntentConclusionStatement:IntentConclusionStatement", + "description": "The statement that you want Amazon Lex to convey to the user\nafter the intent is successfully fulfilled by the Lambda function. This element is relevant only if\nyou provide a Lambda function in the `fulfillment_activity`. If you return the intent to the client\napplication, you can't specify this element. The `follow_up_prompt` and `conclusion_statement` are\nmutually exclusive. You can specify only one. Attributes are documented under statement.\n" + }, + "confirmationPrompt": { + "$ref": "#/types/aws:lex/IntentConfirmationPrompt:IntentConfirmationPrompt", + "description": "Prompts the user to confirm the intent. This question should\nhave a yes or no answer. You you must provide both the `rejection_statement` and `confirmation_prompt`,\nor neither. Attributes are documented under prompt.\n" + }, + "createVersion": { + "type": "boolean", + "description": "Determines if a new slot type version is created when the initial\nresource is created and on each update. Defaults to `false`.\n" + }, + "createdDate": { + "type": "string", + "description": "The date when the intent version was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the bot. Must be less than or equal to 200 characters in length.\n" + }, + "dialogCodeHook": { + "$ref": "#/types/aws:lex/IntentDialogCodeHook:IntentDialogCodeHook", + "description": "Specifies a Lambda function to invoke for each user input. You can\ninvoke this Lambda function to personalize user interaction. Attributes are documented under code_hook.\n" + }, + "followUpPrompt": { + "$ref": "#/types/aws:lex/IntentFollowUpPrompt:IntentFollowUpPrompt", + "description": "Amazon Lex uses this prompt to solicit additional activity after\nfulfilling an intent. For example, after the OrderPizza intent is fulfilled, you might prompt the\nuser to order a drink. The `follow_up_prompt` field and the `conclusion_statement` field are mutually\nexclusive. You can specify only one. Attributes are documented under follow_up_prompt.\n" + }, + "fulfillmentActivity": { + "$ref": "#/types/aws:lex/IntentFulfillmentActivity:IntentFulfillmentActivity", + "description": "Describes how the intent is fulfilled. For example, after a\nuser provides all of the information for a pizza order, `fulfillment_activity` defines how the bot\nplaces an order with a local pizza store. Attributes are documented under fulfillment_activity.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date when the $LATEST version of this intent was updated.\n" + }, + "name": { + "type": "string", + "description": "The name of the intent slot that you want to create. The name is case sensitive. Must be less than or equal to 100 characters in length.\n" + }, + "parentIntentSignature": { + "type": "string", + "description": "A unique identifier for the built-in intent to base this\nintent on. To find the signature for an intent, see\n[Standard Built-in Intents](https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/built-in-intent-ref/standard-intents)\nin the Alexa Skills Kit.\n" + }, + "rejectionStatement": { + "$ref": "#/types/aws:lex/IntentRejectionStatement:IntentRejectionStatement", + "description": "If the user answers \"no\" to the question defined in the prompt field,\nAmazon Lex responds with this statement to acknowledge that the intent was canceled. Attributes are\ndocumented below under statement.\n" + }, + "sampleUtterances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If you know a specific pattern with which users might respond to\nan Amazon Lex request for a slot value, you can provide those utterances to improve accuracy. This\nis optional. In most cases, Amazon Lex is capable of understanding user utterances. Must have between 1 and 10 items in the list, and each item must be less than or equal to 200 characters in length.\n" + }, + "slots": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/IntentSlot:IntentSlot" + }, + "description": "An list of intent slots. At runtime, Amazon Lex elicits required slot values\nfrom the user using prompts defined in the slots. Attributes are documented under slot.\n" + }, + "version": { + "type": "string", + "description": "The version of the bot.\n" + } + }, + "required": [ + "arn", + "checksum", + "createdDate", + "fulfillmentActivity", + "lastUpdatedDate", + "name", + "version" + ], + "inputProperties": { + "conclusionStatement": { + "$ref": "#/types/aws:lex/IntentConclusionStatement:IntentConclusionStatement", + "description": "The statement that you want Amazon Lex to convey to the user\nafter the intent is successfully fulfilled by the Lambda function. This element is relevant only if\nyou provide a Lambda function in the `fulfillment_activity`. If you return the intent to the client\napplication, you can't specify this element. The `follow_up_prompt` and `conclusion_statement` are\nmutually exclusive. You can specify only one. Attributes are documented under statement.\n" + }, + "confirmationPrompt": { + "$ref": "#/types/aws:lex/IntentConfirmationPrompt:IntentConfirmationPrompt", + "description": "Prompts the user to confirm the intent. This question should\nhave a yes or no answer. You you must provide both the `rejection_statement` and `confirmation_prompt`,\nor neither. Attributes are documented under prompt.\n" + }, + "createVersion": { + "type": "boolean", + "description": "Determines if a new slot type version is created when the initial\nresource is created and on each update. Defaults to `false`.\n" + }, + "description": { + "type": "string", + "description": "A description of the bot. Must be less than or equal to 200 characters in length.\n" + }, + "dialogCodeHook": { + "$ref": "#/types/aws:lex/IntentDialogCodeHook:IntentDialogCodeHook", + "description": "Specifies a Lambda function to invoke for each user input. You can\ninvoke this Lambda function to personalize user interaction. Attributes are documented under code_hook.\n" + }, + "followUpPrompt": { + "$ref": "#/types/aws:lex/IntentFollowUpPrompt:IntentFollowUpPrompt", + "description": "Amazon Lex uses this prompt to solicit additional activity after\nfulfilling an intent. For example, after the OrderPizza intent is fulfilled, you might prompt the\nuser to order a drink. The `follow_up_prompt` field and the `conclusion_statement` field are mutually\nexclusive. You can specify only one. Attributes are documented under follow_up_prompt.\n" + }, + "fulfillmentActivity": { + "$ref": "#/types/aws:lex/IntentFulfillmentActivity:IntentFulfillmentActivity", + "description": "Describes how the intent is fulfilled. For example, after a\nuser provides all of the information for a pizza order, `fulfillment_activity` defines how the bot\nplaces an order with a local pizza store. Attributes are documented under fulfillment_activity.\n" + }, + "name": { + "type": "string", + "description": "The name of the intent slot that you want to create. The name is case sensitive. Must be less than or equal to 100 characters in length.\n" + }, + "parentIntentSignature": { + "type": "string", + "description": "A unique identifier for the built-in intent to base this\nintent on. To find the signature for an intent, see\n[Standard Built-in Intents](https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/built-in-intent-ref/standard-intents)\nin the Alexa Skills Kit.\n" + }, + "rejectionStatement": { + "$ref": "#/types/aws:lex/IntentRejectionStatement:IntentRejectionStatement", + "description": "If the user answers \"no\" to the question defined in the prompt field,\nAmazon Lex responds with this statement to acknowledge that the intent was canceled. Attributes are\ndocumented below under statement.\n" + }, + "sampleUtterances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If you know a specific pattern with which users might respond to\nan Amazon Lex request for a slot value, you can provide those utterances to improve accuracy. This\nis optional. In most cases, Amazon Lex is capable of understanding user utterances. Must have between 1 and 10 items in the list, and each item must be less than or equal to 200 characters in length.\n" + }, + "slots": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/IntentSlot:IntentSlot" + }, + "description": "An list of intent slots. At runtime, Amazon Lex elicits required slot values\nfrom the user using prompts defined in the slots. Attributes are documented under slot.\n" + } + }, + "requiredInputs": [ + "fulfillmentActivity" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Intent resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lex intent.\n" + }, + "checksum": { + "type": "string", + "description": "Checksum identifying the version of the intent that was created. The checksum is not\nincluded as an argument because the resource will add it automatically when updating the intent.\n" + }, + "conclusionStatement": { + "$ref": "#/types/aws:lex/IntentConclusionStatement:IntentConclusionStatement", + "description": "The statement that you want Amazon Lex to convey to the user\nafter the intent is successfully fulfilled by the Lambda function. This element is relevant only if\nyou provide a Lambda function in the `fulfillment_activity`. If you return the intent to the client\napplication, you can't specify this element. The `follow_up_prompt` and `conclusion_statement` are\nmutually exclusive. You can specify only one. Attributes are documented under statement.\n" + }, + "confirmationPrompt": { + "$ref": "#/types/aws:lex/IntentConfirmationPrompt:IntentConfirmationPrompt", + "description": "Prompts the user to confirm the intent. This question should\nhave a yes or no answer. You you must provide both the `rejection_statement` and `confirmation_prompt`,\nor neither. Attributes are documented under prompt.\n" + }, + "createVersion": { + "type": "boolean", + "description": "Determines if a new slot type version is created when the initial\nresource is created and on each update. Defaults to `false`.\n" + }, + "createdDate": { + "type": "string", + "description": "The date when the intent version was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the bot. Must be less than or equal to 200 characters in length.\n" + }, + "dialogCodeHook": { + "$ref": "#/types/aws:lex/IntentDialogCodeHook:IntentDialogCodeHook", + "description": "Specifies a Lambda function to invoke for each user input. You can\ninvoke this Lambda function to personalize user interaction. Attributes are documented under code_hook.\n" + }, + "followUpPrompt": { + "$ref": "#/types/aws:lex/IntentFollowUpPrompt:IntentFollowUpPrompt", + "description": "Amazon Lex uses this prompt to solicit additional activity after\nfulfilling an intent. For example, after the OrderPizza intent is fulfilled, you might prompt the\nuser to order a drink. The `follow_up_prompt` field and the `conclusion_statement` field are mutually\nexclusive. You can specify only one. Attributes are documented under follow_up_prompt.\n" + }, + "fulfillmentActivity": { + "$ref": "#/types/aws:lex/IntentFulfillmentActivity:IntentFulfillmentActivity", + "description": "Describes how the intent is fulfilled. For example, after a\nuser provides all of the information for a pizza order, `fulfillment_activity` defines how the bot\nplaces an order with a local pizza store. Attributes are documented under fulfillment_activity.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date when the $LATEST version of this intent was updated.\n" + }, + "name": { + "type": "string", + "description": "The name of the intent slot that you want to create. The name is case sensitive. Must be less than or equal to 100 characters in length.\n" + }, + "parentIntentSignature": { + "type": "string", + "description": "A unique identifier for the built-in intent to base this\nintent on. To find the signature for an intent, see\n[Standard Built-in Intents](https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/built-in-intent-ref/standard-intents)\nin the Alexa Skills Kit.\n" + }, + "rejectionStatement": { + "$ref": "#/types/aws:lex/IntentRejectionStatement:IntentRejectionStatement", + "description": "If the user answers \"no\" to the question defined in the prompt field,\nAmazon Lex responds with this statement to acknowledge that the intent was canceled. Attributes are\ndocumented below under statement.\n" + }, + "sampleUtterances": { + "type": "array", + "items": { + "type": "string" + }, + "description": "If you know a specific pattern with which users might respond to\nan Amazon Lex request for a slot value, you can provide those utterances to improve accuracy. This\nis optional. In most cases, Amazon Lex is capable of understanding user utterances. Must have between 1 and 10 items in the list, and each item must be less than or equal to 200 characters in length.\n" + }, + "slots": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/IntentSlot:IntentSlot" + }, + "description": "An list of intent slots. At runtime, Amazon Lex elicits required slot values\nfrom the user using prompts defined in the slots. Attributes are documented under slot.\n" + }, + "version": { + "type": "string", + "description": "The version of the bot.\n" + } + }, + "type": "object" + } + }, + "aws:lex/slotType:SlotType": { + "description": "Provides an Amazon Lex Slot Type resource. For more information see\n[Amazon Lex: How It Works](https://docs.aws.amazon.com/lex/latest/dg/how-it-works.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst flowerTypes = new aws.lex.SlotType(\"flower_types\", {\n createVersion: true,\n description: \"Types of flowers to order\",\n enumerationValues: [\n {\n synonyms: [\n \"Lirium\",\n \"Martagon\",\n ],\n value: \"lilies\",\n },\n {\n synonyms: [\n \"Eduardoregelia\",\n \"Podonix\",\n ],\n value: \"tulips\",\n },\n ],\n name: \"FlowerTypes\",\n valueSelectionStrategy: \"ORIGINAL_VALUE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nflower_types = aws.lex.SlotType(\"flowerTypes\",\n create_version=True,\n description=\"Types of flowers to order\",\n enumeration_values=[\n aws.lex.SlotTypeEnumerationValueArgs(\n synonyms=[\n \"Lirium\",\n \"Martagon\",\n ],\n value=\"lilies\",\n ),\n aws.lex.SlotTypeEnumerationValueArgs(\n synonyms=[\n \"Eduardoregelia\",\n \"Podonix\",\n ],\n value=\"tulips\",\n ),\n ],\n name=\"FlowerTypes\",\n value_selection_strategy=\"ORIGINAL_VALUE\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var flowerTypes = new Aws.Lex.SlotType(\"flowerTypes\", new Aws.Lex.SlotTypeArgs\n {\n CreateVersion = true,\n Description = \"Types of flowers to order\",\n EnumerationValues = \n {\n new Aws.Lex.Inputs.SlotTypeEnumerationValueArgs\n {\n Synonyms = \n {\n \"Lirium\",\n \"Martagon\",\n },\n Value = \"lilies\",\n },\n new Aws.Lex.Inputs.SlotTypeEnumerationValueArgs\n {\n Synonyms = \n {\n \"Eduardoregelia\",\n \"Podonix\",\n },\n Value = \"tulips\",\n },\n },\n Name = \"FlowerTypes\",\n ValueSelectionStrategy = \"ORIGINAL_VALUE\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lex.NewSlotType(ctx, \"flowerTypes\", &lex.SlotTypeArgs{\n\t\t\tCreateVersion: pulumi.Bool(true),\n\t\t\tDescription: pulumi.String(\"Types of flowers to order\"),\n\t\t\tEnumerationValues: lex.SlotTypeEnumerationValueArray{\n\t\t\t\t&lex.SlotTypeEnumerationValueArgs{\n\t\t\t\t\tSynonyms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Lirium\"),\n\t\t\t\t\t\tpulumi.String(\"Martagon\"),\n\t\t\t\t\t},\n\t\t\t\t\tValue: pulumi.String(\"lilies\"),\n\t\t\t\t},\n\t\t\t\t&lex.SlotTypeEnumerationValueArgs{\n\t\t\t\t\tSynonyms: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Eduardoregelia\"),\n\t\t\t\t\t\tpulumi.String(\"Podonix\"),\n\t\t\t\t\t},\n\t\t\t\t\tValue: pulumi.String(\"tulips\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: pulumi.String(\"FlowerTypes\"),\n\t\t\tValueSelectionStrategy: pulumi.String(\"ORIGINAL_VALUE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSlot types can be imported using their name.\n\n```sh\n $ pulumi import aws:lex/slotType:SlotType flower_types FlowerTypes\n```\n\n ", + "properties": { + "checksum": { + "type": "string", + "description": "Checksum identifying the version of the slot type that was created. The checksum is\nnot included as an argument because the resource will add it automatically when updating the slot type.\n" + }, + "createVersion": { + "type": "boolean", + "description": "Determines if a new slot type version is created when the initial resource is created and on each\nupdate. Defaults to `false`.\n" + }, + "createdDate": { + "type": "string", + "description": "The date when the slot type version was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the slot type. Must be less than or equal to 200 characters in length.\n" + }, + "enumerationValues": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/SlotTypeEnumerationValue:SlotTypeEnumerationValue" + }, + "description": "A list of EnumerationValue objects that defines the values that\nthe slot type can take. Each value can have a list of synonyms, which are additional values that help\ntrain the machine learning model about the values that it resolves for a slot. Attributes are\ndocumented under enumeration_value.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date when the `$LATEST` version of this slot type was updated.\n" + }, + "name": { + "type": "string", + "description": "The name of the slot type. The name is not case sensitive. Must be less than or equal to 100 characters in length.\n" + }, + "valueSelectionStrategy": { + "type": "string", + "description": "Determines the slot resolution strategy that Amazon Lex\nuses to return slot type values. `ORIGINAL_VALUE` returns the value entered by the user if the user\nvalue is similar to the slot value. `TOP_RESOLUTION` returns the first value in the resolution list\nif there is a resolution list for the slot, otherwise null is returned. Defaults to `ORIGINAL_VALUE`.\n" + }, + "version": { + "type": "string", + "description": "The version of the slot type.\n" + } + }, + "required": [ + "checksum", + "createdDate", + "enumerationValues", + "lastUpdatedDate", + "name", + "version" + ], + "inputProperties": { + "createVersion": { + "type": "boolean", + "description": "Determines if a new slot type version is created when the initial resource is created and on each\nupdate. Defaults to `false`.\n" + }, + "description": { + "type": "string", + "description": "A description of the slot type. Must be less than or equal to 200 characters in length.\n" + }, + "enumerationValues": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/SlotTypeEnumerationValue:SlotTypeEnumerationValue" + }, + "description": "A list of EnumerationValue objects that defines the values that\nthe slot type can take. Each value can have a list of synonyms, which are additional values that help\ntrain the machine learning model about the values that it resolves for a slot. Attributes are\ndocumented under enumeration_value.\n" + }, + "name": { + "type": "string", + "description": "The name of the slot type. The name is not case sensitive. Must be less than or equal to 100 characters in length.\n" + }, + "valueSelectionStrategy": { + "type": "string", + "description": "Determines the slot resolution strategy that Amazon Lex\nuses to return slot type values. `ORIGINAL_VALUE` returns the value entered by the user if the user\nvalue is similar to the slot value. `TOP_RESOLUTION` returns the first value in the resolution list\nif there is a resolution list for the slot, otherwise null is returned. Defaults to `ORIGINAL_VALUE`.\n" + } + }, + "requiredInputs": [ + "enumerationValues" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SlotType resources.\n", + "properties": { + "checksum": { + "type": "string", + "description": "Checksum identifying the version of the slot type that was created. The checksum is\nnot included as an argument because the resource will add it automatically when updating the slot type.\n" + }, + "createVersion": { + "type": "boolean", + "description": "Determines if a new slot type version is created when the initial resource is created and on each\nupdate. Defaults to `false`.\n" + }, + "createdDate": { + "type": "string", + "description": "The date when the slot type version was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the slot type. Must be less than or equal to 200 characters in length.\n" + }, + "enumerationValues": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/SlotTypeEnumerationValue:SlotTypeEnumerationValue" + }, + "description": "A list of EnumerationValue objects that defines the values that\nthe slot type can take. Each value can have a list of synonyms, which are additional values that help\ntrain the machine learning model about the values that it resolves for a slot. Attributes are\ndocumented under enumeration_value.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date when the `$LATEST` version of this slot type was updated.\n" + }, + "name": { + "type": "string", + "description": "The name of the slot type. The name is not case sensitive. Must be less than or equal to 100 characters in length.\n" + }, + "valueSelectionStrategy": { + "type": "string", + "description": "Determines the slot resolution strategy that Amazon Lex\nuses to return slot type values. `ORIGINAL_VALUE` returns the value entered by the user if the user\nvalue is similar to the slot value. `TOP_RESOLUTION` returns the first value in the resolution list\nif there is a resolution list for the slot, otherwise null is returned. Defaults to `ORIGINAL_VALUE`.\n" + }, + "version": { + "type": "string", + "description": "The version of the slot type.\n" + } + }, + "type": "object" + } + }, + "aws:licensemanager/association:Association": { + "description": "Provides a License Manager association.\n\n> **Note:** License configurations can also be associated with launch templates by specifying the `license_specifications` block for an `aws.ec2.LaunchTemplate`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAmi = aws.ec2.getAmi({\n mostRecent: true,\n owners: [\"amazon\"],\n filters: [{\n name: \"name\",\n values: [\"amzn-ami-vpc-nat*\"],\n }],\n});\nconst exampleInstance = new aws.ec2.Instance(\"exampleInstance\", {\n ami: exampleAmi.then(exampleAmi => exampleAmi.id),\n instanceType: \"t2.micro\",\n});\nconst exampleLicenseConfiguration = new aws.licensemanager.LicenseConfiguration(\"exampleLicenseConfiguration\", {licenseCountingType: \"Instance\"});\nconst exampleAssociation = new aws.licensemanager.Association(\"exampleAssociation\", {\n licenseConfigurationArn: exampleLicenseConfiguration.arn,\n resourceArn: exampleInstance.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_ami = aws.ec2.get_ami(most_recent=True,\n owners=[\"amazon\"],\n filters=[aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"amzn-ami-vpc-nat*\"],\n )])\nexample_instance = aws.ec2.Instance(\"exampleInstance\",\n ami=example_ami.id,\n instance_type=\"t2.micro\")\nexample_license_configuration = aws.licensemanager.LicenseConfiguration(\"exampleLicenseConfiguration\", license_counting_type=\"Instance\")\nexample_association = aws.licensemanager.Association(\"exampleAssociation\",\n license_configuration_arn=example_license_configuration.arn,\n resource_arn=example_instance.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAmi = Output.Create(Aws.Ec2.GetAmi.InvokeAsync(new Aws.Ec2.GetAmiArgs\n {\n MostRecent = true,\n Owners = \n {\n \"amazon\",\n },\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"amzn-ami-vpc-nat*\",\n },\n },\n },\n }));\n var exampleInstance = new Aws.Ec2.Instance(\"exampleInstance\", new Aws.Ec2.InstanceArgs\n {\n Ami = exampleAmi.Apply(exampleAmi => exampleAmi.Id),\n InstanceType = \"t2.micro\",\n });\n var exampleLicenseConfiguration = new Aws.LicenseManager.LicenseConfiguration(\"exampleLicenseConfiguration\", new Aws.LicenseManager.LicenseConfigurationArgs\n {\n LicenseCountingType = \"Instance\",\n });\n var exampleAssociation = new Aws.LicenseManager.Association(\"exampleAssociation\", new Aws.LicenseManager.AssociationArgs\n {\n LicenseConfigurationArn = exampleLicenseConfiguration.Arn,\n ResourceArn = exampleInstance.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/licensemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\texampleAmi, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{\n\t\t\tMostRecent: &opt0,\n\t\t\tOwners: []string{\n\t\t\t\t\"amazon\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"amzn-ami-vpc-nat*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleInstance, err := ec2.NewInstance(ctx, \"exampleInstance\", &ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(exampleAmi.Id),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleLicenseConfiguration, err := licensemanager.NewLicenseConfiguration(ctx, \"exampleLicenseConfiguration\", &licensemanager.LicenseConfigurationArgs{\n\t\t\tLicenseCountingType: pulumi.String(\"Instance\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = licensemanager.NewAssociation(ctx, \"exampleAssociation\", &licensemanager.AssociationArgs{\n\t\t\tLicenseConfigurationArn: exampleLicenseConfiguration.Arn,\n\t\t\tResourceArn: exampleInstance.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLicense configurations can be imported in the form `resource_arn,license_configuration_arn`, e.g.\n\n```sh\n $ pulumi import aws:licensemanager/association:Association example arn:aws:ec2:eu-west-1:123456789012:image/ami-123456789abcdef01,arn:aws:license-manager:eu-west-1:123456789012:license-configuration:lic-0123456789abcdef0123456789abcdef\n```\n\n ", + "properties": { + "licenseConfigurationArn": { + "type": "string", + "description": "ARN of the license configuration.\n" + }, + "resourceArn": { + "type": "string", + "description": "ARN of the resource associated with the license configuration.\n" + } + }, + "required": [ + "licenseConfigurationArn", + "resourceArn" + ], + "inputProperties": { + "licenseConfigurationArn": { + "type": "string", + "description": "ARN of the license configuration.\n" + }, + "resourceArn": { + "type": "string", + "description": "ARN of the resource associated with the license configuration.\n" + } + }, + "requiredInputs": [ + "licenseConfigurationArn", + "resourceArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Association resources.\n", + "properties": { + "licenseConfigurationArn": { + "type": "string", + "description": "ARN of the license configuration.\n" + }, + "resourceArn": { + "type": "string", + "description": "ARN of the resource associated with the license configuration.\n" + } + }, + "type": "object" + } + }, + "aws:licensemanager/licenseConfiguration:LicenseConfiguration": { + "description": "Provides a License Manager license configuration resource.\n\n> **Note:** Removing the `license_count` attribute is not supported by the License Manager API - recreate the resource instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.licensemanager.LicenseConfiguration(\"example\", {\n description: \"Example\",\n licenseCount: 10,\n licenseCountHardLimit: true,\n licenseCountingType: \"Socket\",\n licenseRules: [\"#minimumSockets=2\"],\n tags: {\n foo: \"barr\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.licensemanager.LicenseConfiguration(\"example\",\n description=\"Example\",\n license_count=10,\n license_count_hard_limit=True,\n license_counting_type=\"Socket\",\n license_rules=[\"#minimumSockets=2\"],\n tags={\n \"foo\": \"barr\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.LicenseManager.LicenseConfiguration(\"example\", new Aws.LicenseManager.LicenseConfigurationArgs\n {\n Description = \"Example\",\n LicenseCount = 10,\n LicenseCountHardLimit = true,\n LicenseCountingType = \"Socket\",\n LicenseRules = \n {\n \"#minimumSockets=2\",\n },\n Tags = \n {\n { \"foo\", \"barr\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/licensemanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := licensemanager.NewLicenseConfiguration(ctx, \"example\", &licensemanager.LicenseConfigurationArgs{\n\t\t\tDescription: pulumi.String(\"Example\"),\n\t\t\tLicenseCount: pulumi.Int(10),\n\t\t\tLicenseCountHardLimit: pulumi.Bool(true),\n\t\t\tLicenseCountingType: pulumi.String(\"Socket\"),\n\t\t\tLicenseRules: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"#minimumSockets=2\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"barr\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Rules\n\nLicense rules should be in the format of `#RuleType=RuleValue`. Supported rule types:\n\n* `minimumVcpus` - Resource must have minimum vCPU count in order to use the license. Default: 1\n* `maximumVcpus` - Resource must have maximum vCPU count in order to use the license. Default: unbounded, limit: 10000\n* `minimumCores` - Resource must have minimum core count in order to use the license. Default: 1\n* `maximumCores` - Resource must have maximum core count in order to use the license. Default: unbounded, limit: 10000\n* `minimumSockets` - Resource must have minimum socket count in order to use the license. Default: 1\n* `maximumSockets` - Resource must have maximum socket count in order to use the license. Default: unbounded, limit: 10000\n* `allowedTenancy` - Defines where the license can be used. If set, restricts license usage to selected tenancies. Specify a comma delimited list of `EC2-Default`, `EC2-DedicatedHost`, `EC2-DedicatedInstance`\n\n\n## Import\n\nLicense configurations can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:licensemanager/licenseConfiguration:LicenseConfiguration example arn:aws:license-manager:eu-west-1:123456789012:license-configuration:lic-0123456789abcdef0123456789abcdef\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The license configuration ARN.\n" + }, + "description": { + "type": "string", + "description": "Description of the license configuration.\n" + }, + "licenseCount": { + "type": "integer", + "description": "Number of licenses managed by the license configuration.\n" + }, + "licenseCountHardLimit": { + "type": "boolean", + "description": "Sets the number of available licenses as a hard limit.\n" + }, + "licenseCountingType": { + "type": "string", + "description": "Dimension to use to track license inventory. Specify either `vCPU`, `Instance`, `Core` or `Socket`.\n" + }, + "licenseRules": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Array of configured License Manager rules.\n" + }, + "name": { + "type": "string", + "description": "Name of the license configuration.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "Account ID of the owner of the license configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "licenseCountingType", + "name", + "ownerAccountId", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the license configuration.\n" + }, + "licenseCount": { + "type": "integer", + "description": "Number of licenses managed by the license configuration.\n" + }, + "licenseCountHardLimit": { + "type": "boolean", + "description": "Sets the number of available licenses as a hard limit.\n" + }, + "licenseCountingType": { + "type": "string", + "description": "Dimension to use to track license inventory. Specify either `vCPU`, `Instance`, `Core` or `Socket`.\n" + }, + "licenseRules": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Array of configured License Manager rules.\n" + }, + "name": { + "type": "string", + "description": "Name of the license configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "licenseCountingType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LicenseConfiguration resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The license configuration ARN.\n" + }, + "description": { + "type": "string", + "description": "Description of the license configuration.\n" + }, + "licenseCount": { + "type": "integer", + "description": "Number of licenses managed by the license configuration.\n" + }, + "licenseCountHardLimit": { + "type": "boolean", + "description": "Sets the number of available licenses as a hard limit.\n" + }, + "licenseCountingType": { + "type": "string", + "description": "Dimension to use to track license inventory. Specify either `vCPU`, `Instance`, `Core` or `Socket`.\n" + }, + "licenseRules": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Array of configured License Manager rules.\n" + }, + "name": { + "type": "string", + "description": "Name of the license configuration.\n" + }, + "ownerAccountId": { + "type": "string", + "description": "Account ID of the owner of the license configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:lightsail/domain:Domain": { + "description": "Creates a domain resource for the specified domain (e.g., example.com).\nYou cannot register a new domain name using Lightsail. You must register\na domain name using Amazon Route 53 or another domain name registrar.\nIf you have already registered your domain, you can enter its name in\nthis parameter to manage the DNS records for that domain.\n\n> **Note:** Lightsail is currently only supported in a limited number of AWS Regions, please see [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail) for more details\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst domainTest = new aws.lightsail.Domain(\"domain_test\", {\n domainName: \"mydomain.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndomain_test = aws.lightsail.Domain(\"domainTest\", domain_name=\"mydomain.com\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var domainTest = new Aws.LightSail.Domain(\"domainTest\", new Aws.LightSail.DomainArgs\n {\n DomainName = \"mydomain.com\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewDomain(ctx, \"domainTest\", &lightsail.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"mydomain.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lightsail domain\n" + }, + "domainName": { + "type": "string", + "description": "The name of the Lightsail domain to manage\n" + } + }, + "required": [ + "arn", + "domainName" + ], + "inputProperties": { + "domainName": { + "type": "string", + "description": "The name of the Lightsail domain to manage\n" + } + }, + "requiredInputs": [ + "domainName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Domain resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lightsail domain\n" + }, + "domainName": { + "type": "string", + "description": "The name of the Lightsail domain to manage\n" + } + }, + "type": "object" + } + }, + "aws:lightsail/instance:Instance": { + "description": "Provides a Lightsail Instance. Amazon Lightsail is a service to provide easy virtual private servers\nwith custom software already setup. See [What is Amazon Lightsail?](https://lightsail.aws.amazon.com/ls/docs/getting-started/article/what-is-amazon-lightsail)\nfor more information.\n\n> **Note:** Lightsail is currently only supported in a limited number of AWS Regions, please see [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail) for more details\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new GitLab Lightsail Instance\nconst gitlabTest = new aws.lightsail.Instance(\"gitlab_test\", {\n availabilityZone: \"us-east-1b\",\n blueprintId: \"string\",\n bundleId: \"string\",\n keyPairName: \"some_key_name\",\n tags: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new GitLab Lightsail Instance\ngitlab_test = aws.lightsail.Instance(\"gitlabTest\",\n availability_zone=\"us-east-1b\",\n blueprint_id=\"string\",\n bundle_id=\"string\",\n key_pair_name=\"some_key_name\",\n tags={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new GitLab Lightsail Instance\n var gitlabTest = new Aws.LightSail.Instance(\"gitlabTest\", new Aws.LightSail.InstanceArgs\n {\n AvailabilityZone = \"us-east-1b\",\n BlueprintId = \"string\",\n BundleId = \"string\",\n KeyPairName = \"some_key_name\",\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewInstance(ctx, \"gitlabTest\", &lightsail.InstanceArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tBlueprintId: pulumi.String(\"string\"),\n\t\t\tBundleId: pulumi.String(\"string\"),\n\t\t\tKeyPairName: pulumi.String(\"some_key_name\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Availability Zones\n\nLightsail currently supports the following Availability Zones (e.g. `us-east-1a`):\n\n- `ap-northeast-1{a,c,d}`\n- `ap-northeast-2{a,c}`\n- `ap-south-1{a,b}`\n- `ap-southeast-1{a,b,c}`\n- `ap-southeast-2{a,b,c}`\n- `ca-central-1{a,b}`\n- `eu-central-1{a,b,c}`\n- `eu-west-1{a,b,c}`\n- `eu-west-2{a,b,c}`\n- `eu-west-3{a,b,c}`\n- `us-east-1{a,b,c,d,e,f}`\n- `us-east-2{a,b,c}`\n- `us-west-2{a,b,c}`\n\n## Bundles\n\nLightsail currently supports the following Bundle IDs (e.g. an instance in `ap-northeast-1` would use `small_2_0`):\n\n### Prefix\n\nA Bundle ID starts with one of the below size prefixes:\n\n- `nano_`\n- `micro_`\n- `small_`\n- `medium_`\n- `large_`\n- `xlarge_`\n- `2xlarge_`\n\n### Suffix\n\nA Bundle ID ends with one of the following suffixes depending on Availability Zone:\n\n- ap-northeast-1: `2_0`\n- ap-northeast-2: `2_0`\n- ap-south-1: `2_1`\n- ap-southeast-1: `2_0`\n- ap-southeast-2: `2_2`\n- ca-central-1: `2_0`\n- eu-central-1: `2_0`\n- eu-west-1: `2_0`\n- eu-west-2: `2_0`\n- eu-west-3: `2_0`\n- us-east-1: `2_0`\n- us-east-2: `2_0`\n- us-west-2: `2_0`\n\n\n## Import\n\nLightsail Instances can be imported using their name, e.g.\n\n```sh\n $ pulumi import aws:lightsail/instance:Instance gitlab_test 'custom gitlab'\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lightsail instance (matches `id`).\n" + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone in which to create your\ninstance (see list below)\n" + }, + "blueprintId": { + "type": "string", + "description": "The ID for a virtual private server image. A list of available blueprint IDs can be obtained using the AWS CLI command: `aws lightsail get-blueprints`\n" + }, + "bundleId": { + "type": "string", + "description": "The bundle of specification information (see list below)\n" + }, + "cpuCount": { + "type": "integer" + }, + "createdAt": { + "type": "string", + "description": "The timestamp when the instance was created.\n" + }, + "ipv6Address": { + "type": "string", + "description": "(**Deprecated**) The first IPv6 address of the Lightsail instance. Use `ipv6_addresses` attribute instead.\n", + "deprecationMessage": "use `ipv6_addresses` attribute instead" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv6 addresses for the Lightsail instance.\n" + }, + "isStaticIp": { + "type": "boolean" + }, + "keyPairName": { + "type": "string", + "description": "The name of your key pair. Created in the\nLightsail console (cannot use `aws.ec2.KeyPair` at this time)\n" + }, + "name": { + "type": "string", + "description": "The name of the Lightsail Instance. Names be unique within each AWS Region in your Lightsail account.\n" + }, + "privateIpAddress": { + "type": "string" + }, + "publicIpAddress": { + "type": "string" + }, + "ramSize": { + "type": "number" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. To create a key-only tag, use an empty string as the value. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userData": { + "type": "string", + "description": "launch script to configure server with additional user data\n" + }, + "username": { + "type": "string" + } + }, + "required": [ + "arn", + "availabilityZone", + "blueprintId", + "bundleId", + "cpuCount", + "createdAt", + "ipv6Address", + "ipv6Addresses", + "isStaticIp", + "name", + "privateIpAddress", + "publicIpAddress", + "ramSize", + "tagsAll", + "username" + ], + "inputProperties": { + "availabilityZone": { + "type": "string", + "description": "The Availability Zone in which to create your\ninstance (see list below)\n" + }, + "blueprintId": { + "type": "string", + "description": "The ID for a virtual private server image. A list of available blueprint IDs can be obtained using the AWS CLI command: `aws lightsail get-blueprints`\n" + }, + "bundleId": { + "type": "string", + "description": "The bundle of specification information (see list below)\n" + }, + "keyPairName": { + "type": "string", + "description": "The name of your key pair. Created in the\nLightsail console (cannot use `aws.ec2.KeyPair` at this time)\n" + }, + "name": { + "type": "string", + "description": "The name of the Lightsail Instance. Names be unique within each AWS Region in your Lightsail account.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. To create a key-only tag, use an empty string as the value. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userData": { + "type": "string", + "description": "launch script to configure server with additional user data\n" + } + }, + "requiredInputs": [ + "availabilityZone", + "blueprintId", + "bundleId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Instance resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lightsail instance (matches `id`).\n" + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone in which to create your\ninstance (see list below)\n" + }, + "blueprintId": { + "type": "string", + "description": "The ID for a virtual private server image. A list of available blueprint IDs can be obtained using the AWS CLI command: `aws lightsail get-blueprints`\n" + }, + "bundleId": { + "type": "string", + "description": "The bundle of specification information (see list below)\n" + }, + "cpuCount": { + "type": "integer" + }, + "createdAt": { + "type": "string", + "description": "The timestamp when the instance was created.\n" + }, + "ipv6Address": { + "type": "string", + "description": "(**Deprecated**) The first IPv6 address of the Lightsail instance. Use `ipv6_addresses` attribute instead.\n", + "deprecationMessage": "use `ipv6_addresses` attribute instead" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv6 addresses for the Lightsail instance.\n" + }, + "isStaticIp": { + "type": "boolean" + }, + "keyPairName": { + "type": "string", + "description": "The name of your key pair. Created in the\nLightsail console (cannot use `aws.ec2.KeyPair` at this time)\n" + }, + "name": { + "type": "string", + "description": "The name of the Lightsail Instance. Names be unique within each AWS Region in your Lightsail account.\n" + }, + "privateIpAddress": { + "type": "string" + }, + "publicIpAddress": { + "type": "string" + }, + "ramSize": { + "type": "number" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. To create a key-only tag, use an empty string as the value. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userData": { + "type": "string", + "description": "launch script to configure server with additional user data\n" + }, + "username": { + "type": "string" + } + }, + "type": "object" + } + }, + "aws:lightsail/instancePublicPorts:InstancePublicPorts": { + "description": "Opens ports for a specific Amazon Lightsail instance, and specifies the IP addresses allowed to connect to the instance through the ports, and the protocol.\n\n> See [What is Amazon Lightsail?](https://lightsail.aws.amazon.com/ls/docs/getting-started/article/what-is-amazon-lightsail) for more information.\n\n> **Note:** Lightsail is currently only supported in a limited number of AWS Regions, please see [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail) for more details.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testInstance = new aws.lightsail.Instance(\"testInstance\", {\n availabilityZone: data.aws_availability_zones.available.names[0],\n blueprintId: \"amazon_linux\",\n bundleId: \"nano_1_0\",\n});\nconst testInstancePublicPorts = new aws.lightsail.InstancePublicPorts(\"testInstancePublicPorts\", {\n instanceName: testInstance.name,\n portInfos: [{\n protocol: \"tcp\",\n fromPort: 80,\n toPort: 80,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_instance = aws.lightsail.Instance(\"testInstance\",\n availability_zone=data[\"aws_availability_zones\"][\"available\"][\"names\"],\n blueprint_id=\"amazon_linux\",\n bundle_id=\"nano_1_0\")\ntest_instance_public_ports = aws.lightsail.InstancePublicPorts(\"testInstancePublicPorts\",\n instance_name=test_instance.name,\n port_infos=[aws.lightsail.InstancePublicPortsPortInfoArgs(\n protocol=\"tcp\",\n from_port=80,\n to_port=80,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testInstance = new Aws.LightSail.Instance(\"testInstance\", new Aws.LightSail.InstanceArgs\n {\n AvailabilityZone = data.Aws_availability_zones.Available.Names[0],\n BlueprintId = \"amazon_linux\",\n BundleId = \"nano_1_0\",\n });\n var testInstancePublicPorts = new Aws.LightSail.InstancePublicPorts(\"testInstancePublicPorts\", new Aws.LightSail.InstancePublicPortsArgs\n {\n InstanceName = testInstance.Name,\n PortInfos = \n {\n new Aws.LightSail.Inputs.InstancePublicPortsPortInfoArgs\n {\n Protocol = \"tcp\",\n FromPort = 80,\n ToPort = 80,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestInstance, err := lightsail.NewInstance(ctx, \"testInstance\", &lightsail.InstanceArgs{\n\t\t\tAvailabilityZone: pulumi.Any(data.Aws_availability_zones.Available.Names[0]),\n\t\t\tBlueprintId: pulumi.String(\"amazon_linux\"),\n\t\t\tBundleId: pulumi.String(\"nano_1_0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewInstancePublicPorts(ctx, \"testInstancePublicPorts\", &lightsail.InstancePublicPortsArgs{\n\t\t\tInstanceName: testInstance.Name,\n\t\t\tPortInfos: lightsail.InstancePublicPortsPortInfoArray{\n\t\t\t\t&lightsail.InstancePublicPortsPortInfoArgs{\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tFromPort: pulumi.Int(80),\n\t\t\t\t\tToPort: pulumi.Int(80),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "instanceName": { + "type": "string", + "description": "Name of the Lightsail Instance.\n" + }, + "portInfos": { + "type": "array", + "items": { + "$ref": "#/types/aws:lightsail/InstancePublicPortsPortInfo:InstancePublicPortsPortInfo" + }, + "description": "Configuration block with port information. AWS closes all currently open ports that are not included in the `port_info`. Detailed below.\n" + } + }, + "required": [ + "instanceName", + "portInfos" + ], + "inputProperties": { + "instanceName": { + "type": "string", + "description": "Name of the Lightsail Instance.\n" + }, + "portInfos": { + "type": "array", + "items": { + "$ref": "#/types/aws:lightsail/InstancePublicPortsPortInfo:InstancePublicPortsPortInfo" + }, + "description": "Configuration block with port information. AWS closes all currently open ports that are not included in the `port_info`. Detailed below.\n" + } + }, + "requiredInputs": [ + "instanceName", + "portInfos" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering InstancePublicPorts resources.\n", + "properties": { + "instanceName": { + "type": "string", + "description": "Name of the Lightsail Instance.\n" + }, + "portInfos": { + "type": "array", + "items": { + "$ref": "#/types/aws:lightsail/InstancePublicPortsPortInfo:InstancePublicPortsPortInfo" + }, + "description": "Configuration block with port information. AWS closes all currently open ports that are not included in the `port_info`. Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:lightsail/keyPair:KeyPair": { + "description": "Provides a Lightsail Key Pair, for use with Lightsail Instances. These key pairs\nare separate from EC2 Key Pairs, and must be created or imported for use with\nLightsail.\n\n> **Note:** Lightsail is currently only supported in a limited number of AWS Regions, please see [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail) for more details\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Create New Key Pair\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Create a new Lightsail Key Pair\nconst lgKeyPair = new aws.lightsail.KeyPair(\"lg_key_pair\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Create a new Lightsail Key Pair\nlg_key_pair = aws.lightsail.KeyPair(\"lgKeyPair\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Create a new Lightsail Key Pair\n var lgKeyPair = new Aws.LightSail.KeyPair(\"lgKeyPair\", new Aws.LightSail.KeyPairArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewKeyPair(ctx, \"lgKeyPair\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Create New Key Pair with PGP Encrypted Private Key\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lgKeyPair = new aws.lightsail.KeyPair(\"lg_key_pair\", {\n pgpKey: \"keybase:keybaseusername\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlg_key_pair = aws.lightsail.KeyPair(\"lgKeyPair\", pgp_key=\"keybase:keybaseusername\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lgKeyPair = new Aws.LightSail.KeyPair(\"lgKeyPair\", new Aws.LightSail.KeyPairArgs\n {\n PgpKey = \"keybase:keybaseusername\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewKeyPair(ctx, \"lgKeyPair\", &lightsail.KeyPairArgs{\n\t\t\tPgpKey: pulumi.String(\"keybase:keybaseusername\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Existing Public Key Import\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst lgKeyPair = new aws.lightsail.KeyPair(\"lgKeyPair\", {publicKey: fs.readFileSync(\"~/.ssh/id_rsa.pub\")});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlg_key_pair = aws.lightsail.KeyPair(\"lgKeyPair\", public_key=(lambda path: open(path).read())(\"~/.ssh/id_rsa.pub\"))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lgKeyPair = new Aws.LightSail.KeyPair(\"lgKeyPair\", new Aws.LightSail.KeyPairArgs\n {\n PublicKey = File.ReadAllText(\"~/.ssh/id_rsa.pub\"),\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nLightsail Key Pairs cannot be imported, because the private and public key are only available on initial creation. ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lightsail key pair\n" + }, + "encryptedFingerprint": { + "type": "string", + "description": "The MD5 public key fingerprint for the encrypted\nprivate key\n" + }, + "encryptedPrivateKey": { + "type": "string", + "description": "the private key material, base 64 encoded and\nencrypted with the given `pgp_key`. This is only populated when creating a new\nkey and `pgp_key` is supplied\n" + }, + "fingerprint": { + "type": "string", + "description": "The MD5 public key fingerprint as specified in section 4 of RFC 4716.\n" + }, + "name": { + "type": "string", + "description": "The name of the Lightsail Key Pair. If omitted, a unique\nname will be generated by this provider\n" + }, + "namePrefix": { + "type": "string" + }, + "pgpKey": { + "type": "string", + "description": "An optional PGP key to encrypt the resulting private\nkey material. Only used when creating a new key pair\n" + }, + "privateKey": { + "type": "string", + "description": "the private key, base64 encoded. This is only populated\nwhen creating a new key, and when no `pgp_key` is provided\n" + }, + "publicKey": { + "type": "string", + "description": "The public key material. This public key will be\nimported into Lightsail\n" + } + }, + "required": [ + "arn", + "encryptedFingerprint", + "encryptedPrivateKey", + "fingerprint", + "name", + "privateKey", + "publicKey" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the Lightsail Key Pair. If omitted, a unique\nname will be generated by this provider\n" + }, + "namePrefix": { + "type": "string" + }, + "pgpKey": { + "type": "string", + "description": "An optional PGP key to encrypt the resulting private\nkey material. Only used when creating a new key pair\n" + }, + "publicKey": { + "type": "string", + "description": "The public key material. This public key will be\nimported into Lightsail\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering KeyPair resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lightsail key pair\n" + }, + "encryptedFingerprint": { + "type": "string", + "description": "The MD5 public key fingerprint for the encrypted\nprivate key\n" + }, + "encryptedPrivateKey": { + "type": "string", + "description": "the private key material, base 64 encoded and\nencrypted with the given `pgp_key`. This is only populated when creating a new\nkey and `pgp_key` is supplied\n" + }, + "fingerprint": { + "type": "string", + "description": "The MD5 public key fingerprint as specified in section 4 of RFC 4716.\n" + }, + "name": { + "type": "string", + "description": "The name of the Lightsail Key Pair. If omitted, a unique\nname will be generated by this provider\n" + }, + "namePrefix": { + "type": "string" + }, + "pgpKey": { + "type": "string", + "description": "An optional PGP key to encrypt the resulting private\nkey material. Only used when creating a new key pair\n" + }, + "privateKey": { + "type": "string", + "description": "the private key, base64 encoded. This is only populated\nwhen creating a new key, and when no `pgp_key` is provided\n" + }, + "publicKey": { + "type": "string", + "description": "The public key material. This public key will be\nimported into Lightsail\n" + } + }, + "type": "object" + } + }, + "aws:lightsail/staticIp:StaticIp": { + "description": "Allocates a static IP address.\n\n> **Note:** Lightsail is currently only supported in a limited number of AWS Regions, please see [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail) for more details\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.lightsail.StaticIp(\"test\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lightsail.StaticIp(\"test\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.LightSail.StaticIp(\"test\", new Aws.LightSail.StaticIpArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lightsail.NewStaticIp(ctx, \"test\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lightsail static IP\n" + }, + "ipAddress": { + "type": "string", + "description": "The allocated static IP address\n" + }, + "name": { + "type": "string", + "description": "The name for the allocated static IP\n" + }, + "supportCode": { + "type": "string", + "description": "The support code.\n" + } + }, + "required": [ + "arn", + "ipAddress", + "name", + "supportCode" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name for the allocated static IP\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering StaticIp resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lightsail static IP\n" + }, + "ipAddress": { + "type": "string", + "description": "The allocated static IP address\n" + }, + "name": { + "type": "string", + "description": "The name for the allocated static IP\n" + }, + "supportCode": { + "type": "string", + "description": "The support code.\n" + } + }, + "type": "object" + } + }, + "aws:lightsail/staticIpAttachment:StaticIpAttachment": { + "description": "Provides a static IP address attachment - relationship between a Lightsail static IP & Lightsail instance.\n\n> **Note:** Lightsail is currently only supported in a limited number of AWS Regions, please see [\"Regions and Availability Zones in Amazon Lightsail\"](https://lightsail.aws.amazon.com/ls/docs/overview/article/understanding-regions-and-availability-zones-in-amazon-lightsail) for more details\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testStaticIp = new aws.lightsail.StaticIp(\"testStaticIp\", {});\nconst testInstance = new aws.lightsail.Instance(\"testInstance\", {\n availabilityZone: \"us-east-1b\",\n blueprintId: \"string\",\n bundleId: \"string\",\n keyPairName: \"some_key_name\",\n});\nconst testStaticIpAttachment = new aws.lightsail.StaticIpAttachment(\"testStaticIpAttachment\", {\n staticIpName: testStaticIp.id,\n instanceName: testInstance.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_static_ip = aws.lightsail.StaticIp(\"testStaticIp\")\ntest_instance = aws.lightsail.Instance(\"testInstance\",\n availability_zone=\"us-east-1b\",\n blueprint_id=\"string\",\n bundle_id=\"string\",\n key_pair_name=\"some_key_name\")\ntest_static_ip_attachment = aws.lightsail.StaticIpAttachment(\"testStaticIpAttachment\",\n static_ip_name=test_static_ip.id,\n instance_name=test_instance.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testStaticIp = new Aws.LightSail.StaticIp(\"testStaticIp\", new Aws.LightSail.StaticIpArgs\n {\n });\n var testInstance = new Aws.LightSail.Instance(\"testInstance\", new Aws.LightSail.InstanceArgs\n {\n AvailabilityZone = \"us-east-1b\",\n BlueprintId = \"string\",\n BundleId = \"string\",\n KeyPairName = \"some_key_name\",\n });\n var testStaticIpAttachment = new Aws.LightSail.StaticIpAttachment(\"testStaticIpAttachment\", new Aws.LightSail.StaticIpAttachmentArgs\n {\n StaticIpName = testStaticIp.Id,\n InstanceName = testInstance.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lightsail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestStaticIp, err := lightsail.NewStaticIp(ctx, \"testStaticIp\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := lightsail.NewInstance(ctx, \"testInstance\", &lightsail.InstanceArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tBlueprintId: pulumi.String(\"string\"),\n\t\t\tBundleId: pulumi.String(\"string\"),\n\t\t\tKeyPairName: pulumi.String(\"some_key_name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lightsail.NewStaticIpAttachment(ctx, \"testStaticIpAttachment\", &lightsail.StaticIpAttachmentArgs{\n\t\t\tStaticIpName: testStaticIp.ID(),\n\t\t\tInstanceName: testInstance.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "instanceName": { + "type": "string", + "description": "The name of the Lightsail instance to attach the IP to\n" + }, + "ipAddress": { + "type": "string", + "description": "The allocated static IP address\n" + }, + "staticIpName": { + "type": "string", + "description": "The name of the allocated static IP\n" + } + }, + "required": [ + "instanceName", + "ipAddress", + "staticIpName" + ], + "inputProperties": { + "instanceName": { + "type": "string", + "description": "The name of the Lightsail instance to attach the IP to\n" + }, + "staticIpName": { + "type": "string", + "description": "The name of the allocated static IP\n" + } + }, + "requiredInputs": [ + "instanceName", + "staticIpName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering StaticIpAttachment resources.\n", + "properties": { + "instanceName": { + "type": "string", + "description": "The name of the Lightsail instance to attach the IP to\n" + }, + "ipAddress": { + "type": "string", + "description": "The allocated static IP address\n" + }, + "staticIpName": { + "type": "string", + "description": "The name of the allocated static IP\n" + } + }, + "type": "object" + } + }, + "aws:macie/customDataIdentifier:CustomDataIdentifier": { + "description": "Provides a resource to manage an [AWS Macie Custom Data Identifier](https://docs.aws.amazon.com/macie/latest/APIReference/custom-data-identifiers-id.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.macie2.Account(\"exampleAccount\", {});\nconst exampleCustomDataIdentifier = new aws.macie.CustomDataIdentifier(\"exampleCustomDataIdentifier\", {\n regex: \"[0-9]{3}-[0-9]{2}-[0-9]{4}\",\n description: \"DESCRIPTION\",\n maximumMatchDistance: 10,\n keywords: [\"keyword\"],\n ignoreWords: [\"ignore\"],\n}, {\n dependsOn: [aws_macie2_account.test],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.macie2.Account(\"exampleAccount\")\nexample_custom_data_identifier = aws.macie.CustomDataIdentifier(\"exampleCustomDataIdentifier\",\n regex=\"[0-9]{3}-[0-9]{2}-[0-9]{4}\",\n description=\"DESCRIPTION\",\n maximum_match_distance=10,\n keywords=[\"keyword\"],\n ignore_words=[\"ignore\"],\n opts=pulumi.ResourceOptions(depends_on=[aws_macie2_account[\"test\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.Macie2.Account(\"exampleAccount\", new Aws.Macie2.AccountArgs\n {\n });\n var exampleCustomDataIdentifier = new Aws.Macie.CustomDataIdentifier(\"exampleCustomDataIdentifier\", new Aws.Macie.CustomDataIdentifierArgs\n {\n Regex = \"[0-9]{3}-[0-9]{2}-[0-9]{4}\",\n Description = \"DESCRIPTION\",\n MaximumMatchDistance = 10,\n Keywords = \n {\n \"keyword\",\n },\n IgnoreWords = \n {\n \"ignore\",\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_macie2_account.Test,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := macie2.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = macie.NewCustomDataIdentifier(ctx, \"exampleCustomDataIdentifier\", &macie.CustomDataIdentifierArgs{\n\t\t\tRegex: pulumi.String(\"[0-9]{3}-[0-9]{2}-[0-9]{4}\"),\n\t\t\tDescription: pulumi.String(\"DESCRIPTION\"),\n\t\t\tMaximumMatchDistance: pulumi.Int(10),\n\t\t\tKeywords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"keyword\"),\n\t\t\t},\n\t\t\tIgnoreWords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"ignore\"),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_macie2_account.Test,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_macie2_custom_data_identifier` can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:macie/customDataIdentifier:CustomDataIdentifier example abcd1\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the custom data identifier.\n" + }, + "createdAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, when the Amazon Macie account was created.\n" + }, + "description": { + "type": "string", + "description": "A custom description of the custom data identifier. The description can contain as many as 512 characters.\n" + }, + "ignoreWords": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignore words are case sensitive.\n" + }, + "keywords": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array that lists specific character sequences (keywords), one of which must be within proximity (`maximum_match_distance`) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3 - 90 characters. Keywords aren't case sensitive.\n" + }, + "maximumMatchDistance": { + "type": "integer", + "description": "The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 50.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "regex": { + "type": "string", + "description": "The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the custom data identifier.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "createdAt", + "maximumMatchDistance", + "name", + "namePrefix", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A custom description of the custom data identifier. The description can contain as many as 512 characters.\n" + }, + "ignoreWords": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignore words are case sensitive.\n" + }, + "keywords": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array that lists specific character sequences (keywords), one of which must be within proximity (`maximum_match_distance`) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3 - 90 characters. Keywords aren't case sensitive.\n" + }, + "maximumMatchDistance": { + "type": "integer", + "description": "The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 50.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "regex": { + "type": "string", + "description": "The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the custom data identifier.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering CustomDataIdentifier resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the custom data identifier.\n" + }, + "createdAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, when the Amazon Macie account was created.\n" + }, + "description": { + "type": "string", + "description": "A custom description of the custom data identifier. The description can contain as many as 512 characters.\n" + }, + "ignoreWords": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignore words are case sensitive.\n" + }, + "keywords": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array that lists specific character sequences (keywords), one of which must be within proximity (`maximum_match_distance`) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 3 - 90 characters. Keywords aren't case sensitive.\n" + }, + "maximumMatchDistance": { + "type": "integer", + "description": "The maximum number of characters that can exist between text that matches the regex pattern and the character sequences specified by the keywords array. Macie includes or excludes a result based on the proximity of a keyword to text that matches the regex pattern. The distance can be 1 - 300 characters. The default value is 50.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "regex": { + "type": "string", + "description": "The regular expression (regex) that defines the pattern to match. The expression can contain as many as 512 characters.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the custom data identifier.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:macie/findingsFilter:FindingsFilter": { + "description": "Provides a resource to manage an [Amazon Macie Findings Filter](https://docs.aws.amazon.com/macie/latest/APIReference/findingsfilters-id.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.macie2.Account(\"example\", {});\nconst test = new aws.macie.FindingsFilter(\"test\", {\n description: \"DESCRIPTION\",\n position: 1,\n action: \"ARCHIVE\",\n findingCriteria: {\n criterions: [{\n field: \"region\",\n eqs: [data.aws_region.current.name],\n }],\n },\n}, {\n dependsOn: [aws_macie2_account.test],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.macie2.Account(\"example\")\ntest = aws.macie.FindingsFilter(\"test\",\n description=\"DESCRIPTION\",\n position=1,\n action=\"ARCHIVE\",\n finding_criteria=aws.macie.FindingsFilterFindingCriteriaArgs(\n criterions=[aws.macie.FindingsFilterFindingCriteriaCriterionArgs(\n field=\"region\",\n eqs=[data[\"aws_region\"][\"current\"][\"name\"]],\n )],\n ),\n opts=pulumi.ResourceOptions(depends_on=[aws_macie2_account[\"test\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Macie2.Account(\"example\", new Aws.Macie2.AccountArgs\n {\n });\n var test = new Aws.Macie.FindingsFilter(\"test\", new Aws.Macie.FindingsFilterArgs\n {\n Description = \"DESCRIPTION\",\n Position = 1,\n Action = \"ARCHIVE\",\n FindingCriteria = new Aws.Macie.Inputs.FindingsFilterFindingCriteriaArgs\n {\n Criterions = \n {\n new Aws.Macie.Inputs.FindingsFilterFindingCriteriaCriterionArgs\n {\n Field = \"region\",\n Eqs = \n {\n data.Aws_region.Current.Name,\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_macie2_account.Test,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := macie2.NewAccount(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = macie.NewFindingsFilter(ctx, \"test\", &macie.FindingsFilterArgs{\n\t\t\tDescription: pulumi.String(\"DESCRIPTION\"),\n\t\t\tPosition: pulumi.Int(1),\n\t\t\tAction: pulumi.String(\"ARCHIVE\"),\n\t\t\tFindingCriteria: &macie.FindingsFilterFindingCriteriaArgs{\n\t\t\t\tCriterions: macie.FindingsFilterFindingCriteriaCriterionArray{\n\t\t\t\t\t&macie.FindingsFilterFindingCriteriaCriterionArgs{\n\t\t\t\t\t\tField: pulumi.String(\"region\"),\n\t\t\t\t\t\tEqs: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.Any(data.Aws_region.Current.Name),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_macie2_account.Test,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_macie2_findings_filter` can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:macie/findingsFilter:FindingsFilter example abcd1\n```\n\n ", + "properties": { + "action": { + "type": "string", + "description": "The action to perform on findings that meet the filter criteria (`finding_criteria`). Valid values are: `ARCHIVE`, suppress (automatically archive) the findings; and, `NOOP`, don't perform any action on the findings.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Findings Filter.\n" + }, + "description": { + "type": "string", + "description": "A custom description of the filter. The description can contain as many as 512 characters.\n" + }, + "findingCriteria": { + "$ref": "#/types/aws:macie/FindingsFilterFindingCriteria:FindingsFilterFindingCriteria", + "description": "The criteria to use to filter findings.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "position": { + "type": "integer", + "description": "The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the filter.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "action", + "arn", + "findingCriteria", + "name", + "namePrefix", + "position", + "tagsAll" + ], + "inputProperties": { + "action": { + "type": "string", + "description": "The action to perform on findings that meet the filter criteria (`finding_criteria`). Valid values are: `ARCHIVE`, suppress (automatically archive) the findings; and, `NOOP`, don't perform any action on the findings.\n" + }, + "description": { + "type": "string", + "description": "A custom description of the filter. The description can contain as many as 512 characters.\n" + }, + "findingCriteria": { + "$ref": "#/types/aws:macie/FindingsFilterFindingCriteria:FindingsFilterFindingCriteria", + "description": "The criteria to use to filter findings.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "position": { + "type": "integer", + "description": "The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the filter.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "action", + "findingCriteria" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering FindingsFilter resources.\n", + "properties": { + "action": { + "type": "string", + "description": "The action to perform on findings that meet the filter criteria (`finding_criteria`). Valid values are: `ARCHIVE`, suppress (automatically archive) the findings; and, `NOOP`, don't perform any action on the findings.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Findings Filter.\n" + }, + "description": { + "type": "string", + "description": "A custom description of the filter. The description can contain as many as 512 characters.\n" + }, + "findingCriteria": { + "$ref": "#/types/aws:macie/FindingsFilterFindingCriteria:FindingsFilterFindingCriteria", + "description": "The criteria to use to filter findings.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "position": { + "type": "integer", + "description": "The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the filter.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:macie/memberAccountAssociation:MemberAccountAssociation": { + "description": "> **NOTE:** This resource interacts with [Amazon Macie Classic](https://docs.aws.amazon.com/macie/latest/userguide/what-is-macie.html). Macie Classic cannot be activated in new accounts. See the [FAQ](https://aws.amazon.com/macie/classic-faqs/) for more details.\n\nAssociates an AWS account with Amazon Macie as a member account.\n\n> **NOTE:** Before using Amazon Macie for the first time it must be enabled manually. Instructions are [here](https://docs.aws.amazon.com/macie/latest/userguide/macie-setting-up.html#macie-setting-up-enable).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.macie.MemberAccountAssociation(\"example\", {\n memberAccountId: \"123456789012\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.macie.MemberAccountAssociation(\"example\", member_account_id=\"123456789012\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Macie.MemberAccountAssociation(\"example\", new Aws.Macie.MemberAccountAssociationArgs\n {\n MemberAccountId = \"123456789012\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := macie.NewMemberAccountAssociation(ctx, \"example\", &macie.MemberAccountAssociationArgs{\n\t\t\tMemberAccountId: pulumi.String(\"123456789012\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "memberAccountId": { + "type": "string", + "description": "The ID of the AWS account that you want to associate with Amazon Macie as a member account.\n" + } + }, + "required": [ + "memberAccountId" + ], + "inputProperties": { + "memberAccountId": { + "type": "string", + "description": "The ID of the AWS account that you want to associate with Amazon Macie as a member account.\n" + } + }, + "requiredInputs": [ + "memberAccountId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MemberAccountAssociation resources.\n", + "properties": { + "memberAccountId": { + "type": "string", + "description": "The ID of the AWS account that you want to associate with Amazon Macie as a member account.\n" + } + }, + "type": "object" + } + }, + "aws:macie/s3BucketAssociation:S3BucketAssociation": { + "description": "> **NOTE:** This resource interacts with [Amazon Macie Classic](https://docs.aws.amazon.com/macie/latest/userguide/what-is-macie.html). Macie Classic cannot be activated in new accounts. See the [FAQ](https://aws.amazon.com/macie/classic-faqs/) for more details.\n\nAssociates an S3 resource with Amazon Macie for monitoring and data classification.\n\n> **NOTE:** Before using Amazon Macie for the first time it must be enabled manually. Instructions are [here](https://docs.aws.amazon.com/macie/latest/userguide/macie-setting-up.html#macie-setting-up-enable).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.macie.S3BucketAssociation(\"example\", {\n bucketName: \"tf-macie-example\",\n classificationType: {\n oneTime: \"FULL\",\n },\n prefix: \"data\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.macie.S3BucketAssociation(\"example\",\n bucket_name=\"tf-macie-example\",\n classification_type=aws.macie.S3BucketAssociationClassificationTypeArgs(\n one_time=\"FULL\",\n ),\n prefix=\"data\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Macie.S3BucketAssociation(\"example\", new Aws.Macie.S3BucketAssociationArgs\n {\n BucketName = \"tf-macie-example\",\n ClassificationType = new Aws.Macie.Inputs.S3BucketAssociationClassificationTypeArgs\n {\n OneTime = \"FULL\",\n },\n Prefix = \"data\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := macie.NewS3BucketAssociation(ctx, \"example\", &macie.S3BucketAssociationArgs{\n\t\t\tBucketName: pulumi.String(\"tf-macie-example\"),\n\t\t\tClassificationType: &macie.S3BucketAssociationClassificationTypeArgs{\n\t\t\t\tOneTime: pulumi.String(\"FULL\"),\n\t\t\t},\n\t\t\tPrefix: pulumi.String(\"data\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "bucketName": { + "type": "string", + "description": "The name of the S3 bucket that you want to associate with Amazon Macie.\n" + }, + "classificationType": { + "$ref": "#/types/aws:macie/S3BucketAssociationClassificationType:S3BucketAssociationClassificationType", + "description": "The configuration of how Amazon Macie classifies the S3 objects.\n" + }, + "memberAccountId": { + "type": "string", + "description": "The ID of the Amazon Macie member account whose S3 resources you want to associate with Macie. If `member_account_id` isn't specified, the action associates specified S3 resources with Macie for the current master account.\n" + }, + "prefix": { + "type": "string", + "description": "Object key prefix identifying one or more S3 objects to which the association applies.\n" + } + }, + "required": [ + "bucketName", + "classificationType" + ], + "inputProperties": { + "bucketName": { + "type": "string", + "description": "The name of the S3 bucket that you want to associate with Amazon Macie.\n" + }, + "classificationType": { + "$ref": "#/types/aws:macie/S3BucketAssociationClassificationType:S3BucketAssociationClassificationType", + "description": "The configuration of how Amazon Macie classifies the S3 objects.\n" + }, + "memberAccountId": { + "type": "string", + "description": "The ID of the Amazon Macie member account whose S3 resources you want to associate with Macie. If `member_account_id` isn't specified, the action associates specified S3 resources with Macie for the current master account.\n" + }, + "prefix": { + "type": "string", + "description": "Object key prefix identifying one or more S3 objects to which the association applies.\n" + } + }, + "requiredInputs": [ + "bucketName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering S3BucketAssociation resources.\n", + "properties": { + "bucketName": { + "type": "string", + "description": "The name of the S3 bucket that you want to associate with Amazon Macie.\n" + }, + "classificationType": { + "$ref": "#/types/aws:macie/S3BucketAssociationClassificationType:S3BucketAssociationClassificationType", + "description": "The configuration of how Amazon Macie classifies the S3 objects.\n" + }, + "memberAccountId": { + "type": "string", + "description": "The ID of the Amazon Macie member account whose S3 resources you want to associate with Macie. If `member_account_id` isn't specified, the action associates specified S3 resources with Macie for the current master account.\n" + }, + "prefix": { + "type": "string", + "description": "Object key prefix identifying one or more S3 objects to which the association applies.\n" + } + }, + "type": "object" + } + }, + "aws:macie2/account:Account": { + "description": "Provides a resource to manage an [AWS Macie Account](https://docs.aws.amazon.com/macie/latest/APIReference/macie.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.macie2.Account(\"test\", {\n findingPublishingFrequency: \"FIFTEEN_MINUTES\",\n status: \"ENABLED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.macie2.Account(\"test\",\n finding_publishing_frequency=\"FIFTEEN_MINUTES\",\n status=\"ENABLED\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Macie2.Account(\"test\", new Aws.Macie2.AccountArgs\n {\n FindingPublishingFrequency = \"FIFTEEN_MINUTES\",\n Status = \"ENABLED\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := macie2.NewAccount(ctx, \"test\", &macie2.AccountArgs{\n\t\t\tFindingPublishingFrequency: pulumi.String(\"FIFTEEN_MINUTES\"),\n\t\t\tStatus: pulumi.String(\"ENABLED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_macie2_account` can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:macie2/account:Account example abcd1\n```\n\n ", + "properties": { + "createdAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, when the Amazon Macie account was created.\n" + }, + "findingPublishingFrequency": { + "type": "string", + "description": "Specifies how often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events). Valid values are `FIFTEEN_MINUTES`, `ONE_HOUR` or `SIX_HOURS`.\n" + }, + "serviceRole": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the service-linked role that allows Macie to monitor and analyze data in AWS resources for the account.\n" + }, + "status": { + "type": "string", + "description": "Specifies the status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to `ENABLED`. Valid values are `ENABLED` or `PAUSED`.\n" + }, + "updatedAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, of the most recent change to the status of the Macie account.\n" + } + }, + "required": [ + "createdAt", + "findingPublishingFrequency", + "serviceRole", + "status", + "updatedAt" + ], + "inputProperties": { + "findingPublishingFrequency": { + "type": "string", + "description": "Specifies how often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events). Valid values are `FIFTEEN_MINUTES`, `ONE_HOUR` or `SIX_HOURS`.\n" + }, + "status": { + "type": "string", + "description": "Specifies the status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to `ENABLED`. Valid values are `ENABLED` or `PAUSED`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Account resources.\n", + "properties": { + "createdAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, when the Amazon Macie account was created.\n" + }, + "findingPublishingFrequency": { + "type": "string", + "description": "Specifies how often to publish updates to policy findings for the account. This includes publishing updates to AWS Security Hub and Amazon EventBridge (formerly called Amazon CloudWatch Events). Valid values are `FIFTEEN_MINUTES`, `ONE_HOUR` or `SIX_HOURS`.\n" + }, + "serviceRole": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the service-linked role that allows Macie to monitor and analyze data in AWS resources for the account.\n" + }, + "status": { + "type": "string", + "description": "Specifies the status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to `ENABLED`. Valid values are `ENABLED` or `PAUSED`.\n" + }, + "updatedAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, of the most recent change to the status of the Macie account.\n" + } + }, + "type": "object" + } + }, + "aws:macie2/classificationJob:ClassificationJob": { + "description": "Provides a resource to manage an [AWS Macie Classification Job](https://docs.aws.amazon.com/macie/latest/APIReference/jobs.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testAccount = new aws.macie2.Account(\"testAccount\", {});\nconst testClassificationJob = new aws.macie2.ClassificationJob(\"testClassificationJob\", {\n jobType: \"ONE_TIME\",\n s3JobDefinition: {\n bucketDefinitions: [{\n accountId: \"ACCOUNT ID\",\n buckets: [\"S3 BUCKET NAME\"],\n }],\n },\n}, {\n dependsOn: [testAccount],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_account = aws.macie2.Account(\"testAccount\")\ntest_classification_job = aws.macie2.ClassificationJob(\"testClassificationJob\",\n job_type=\"ONE_TIME\",\n s3_job_definition=aws.macie2.ClassificationJobS3JobDefinitionArgs(\n bucket_definitions=[aws.macie2.ClassificationJobS3JobDefinitionBucketDefinitionArgs(\n account_id=\"ACCOUNT ID\",\n buckets=[\"S3 BUCKET NAME\"],\n )],\n ),\n opts=pulumi.ResourceOptions(depends_on=[test_account]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testAccount = new Aws.Macie2.Account(\"testAccount\", new Aws.Macie2.AccountArgs\n {\n });\n var testClassificationJob = new Aws.Macie2.ClassificationJob(\"testClassificationJob\", new Aws.Macie2.ClassificationJobArgs\n {\n JobType = \"ONE_TIME\",\n S3JobDefinition = new Aws.Macie2.Inputs.ClassificationJobS3JobDefinitionArgs\n {\n BucketDefinitions = \n {\n new Aws.Macie2.Inputs.ClassificationJobS3JobDefinitionBucketDefinitionArgs\n {\n AccountId = \"ACCOUNT ID\",\n Buckets = \n {\n \"S3 BUCKET NAME\",\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n testAccount,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestAccount, err := macie2.NewAccount(ctx, \"testAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = macie2.NewClassificationJob(ctx, \"testClassificationJob\", &macie2.ClassificationJobArgs{\n\t\t\tJobType: pulumi.String(\"ONE_TIME\"),\n\t\t\tS3JobDefinition: &macie2.ClassificationJobS3JobDefinitionArgs{\n\t\t\t\tBucketDefinitions: macie2.ClassificationJobS3JobDefinitionBucketDefinitionArray{\n\t\t\t\t\t&macie2.ClassificationJobS3JobDefinitionBucketDefinitionArgs{\n\t\t\t\t\t\tAccountId: pulumi.String(\"ACCOUNT ID\"),\n\t\t\t\t\t\tBuckets: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"S3 BUCKET NAME\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\ttestAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_macie2_classification_job` can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:macie2/classificationJob:ClassificationJob example abcd1\n```\n\n ", + "properties": { + "createdAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, when the job was created.\n" + }, + "customDataIdentifierIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The custom data identifiers to use for data analysis and classification.\n" + }, + "description": { + "type": "string", + "description": "A custom description of the job. The description can contain as many as 200 characters.\n" + }, + "initialRun": { + "type": "boolean", + "description": "Specifies whether to analyze all existing, eligible objects immediately after the job is created.\n" + }, + "jobArn": { + "type": "string" + }, + "jobId": { + "type": "string" + }, + "jobStatus": { + "type": "string", + "description": "The status for the job. Valid values are: `CANCELLED`, `RUNNING` and `USER_PAUSED`\n" + }, + "jobType": { + "type": "string", + "description": "The schedule for running the job. Valid values are: `ONE_TIME` - Run the job only once. If you specify this value, don't specify a value for the `schedule_frequency` property. `SCHEDULED` - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the `schedule_frequency` property to define the recurrence pattern for the job.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "s3JobDefinition": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinition:ClassificationJobS3JobDefinition", + "description": "The S3 buckets that contain the objects to analyze, and the scope of that analysis. (documented below)\n" + }, + "samplingPercentage": { + "type": "integer", + "description": "The sampling depth, as a percentage, to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects the objects to analyze at random, up to the specified percentage, and analyzes all the data in those objects.\n" + }, + "scheduleFrequency": { + "$ref": "#/types/aws:macie2/ClassificationJobScheduleFrequency:ClassificationJobScheduleFrequency", + "description": "The recurrence pattern for running the job. To run the job only once, don't specify a value for this property and set the value for the `job_type` property to `ONE_TIME`. (documented below)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the job. A job can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "userPausedDetails": { + "type": "array", + "items": { + "$ref": "#/types/aws:macie2/ClassificationJobUserPausedDetail:ClassificationJobUserPausedDetail" + }, + "description": "If the current status of the job is `USER_PAUSED`, specifies when the job was paused and when the job or job run will expire and be cancelled if it isn't resumed. This value is present only if the value for `job-status` is `USER_PAUSED`.\n" + } + }, + "required": [ + "createdAt", + "customDataIdentifierIds", + "description", + "jobArn", + "jobId", + "jobStatus", + "jobType", + "name", + "namePrefix", + "s3JobDefinition", + "samplingPercentage", + "scheduleFrequency", + "tagsAll", + "userPausedDetails" + ], + "inputProperties": { + "customDataIdentifierIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The custom data identifiers to use for data analysis and classification.\n" + }, + "description": { + "type": "string", + "description": "A custom description of the job. The description can contain as many as 200 characters.\n" + }, + "initialRun": { + "type": "boolean", + "description": "Specifies whether to analyze all existing, eligible objects immediately after the job is created.\n" + }, + "jobStatus": { + "type": "string", + "description": "The status for the job. Valid values are: `CANCELLED`, `RUNNING` and `USER_PAUSED`\n" + }, + "jobType": { + "type": "string", + "description": "The schedule for running the job. Valid values are: `ONE_TIME` - Run the job only once. If you specify this value, don't specify a value for the `schedule_frequency` property. `SCHEDULED` - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the `schedule_frequency` property to define the recurrence pattern for the job.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "s3JobDefinition": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinition:ClassificationJobS3JobDefinition", + "description": "The S3 buckets that contain the objects to analyze, and the scope of that analysis. (documented below)\n" + }, + "samplingPercentage": { + "type": "integer", + "description": "The sampling depth, as a percentage, to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects the objects to analyze at random, up to the specified percentage, and analyzes all the data in those objects.\n" + }, + "scheduleFrequency": { + "$ref": "#/types/aws:macie2/ClassificationJobScheduleFrequency:ClassificationJobScheduleFrequency", + "description": "The recurrence pattern for running the job. To run the job only once, don't specify a value for this property and set the value for the `job_type` property to `ONE_TIME`. (documented below)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the job. A job can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "jobType", + "s3JobDefinition" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClassificationJob resources.\n", + "properties": { + "createdAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, when the job was created.\n" + }, + "customDataIdentifierIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The custom data identifiers to use for data analysis and classification.\n" + }, + "description": { + "type": "string", + "description": "A custom description of the job. The description can contain as many as 200 characters.\n" + }, + "initialRun": { + "type": "boolean", + "description": "Specifies whether to analyze all existing, eligible objects immediately after the job is created.\n" + }, + "jobArn": { + "type": "string" + }, + "jobId": { + "type": "string" + }, + "jobStatus": { + "type": "string", + "description": "The status for the job. Valid values are: `CANCELLED`, `RUNNING` and `USER_PAUSED`\n" + }, + "jobType": { + "type": "string", + "description": "The schedule for running the job. Valid values are: `ONE_TIME` - Run the job only once. If you specify this value, don't specify a value for the `schedule_frequency` property. `SCHEDULED` - Run the job on a daily, weekly, or monthly basis. If you specify this value, use the `schedule_frequency` property to define the recurrence pattern for the job.\n" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "s3JobDefinition": { + "$ref": "#/types/aws:macie2/ClassificationJobS3JobDefinition:ClassificationJobS3JobDefinition", + "description": "The S3 buckets that contain the objects to analyze, and the scope of that analysis. (documented below)\n" + }, + "samplingPercentage": { + "type": "integer", + "description": "The sampling depth, as a percentage, to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects the objects to analyze at random, up to the specified percentage, and analyzes all the data in those objects.\n" + }, + "scheduleFrequency": { + "$ref": "#/types/aws:macie2/ClassificationJobScheduleFrequency:ClassificationJobScheduleFrequency", + "description": "The recurrence pattern for running the job. To run the job only once, don't specify a value for this property and set the value for the `job_type` property to `ONE_TIME`. (documented below)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the job. A job can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "userPausedDetails": { + "type": "array", + "items": { + "$ref": "#/types/aws:macie2/ClassificationJobUserPausedDetail:ClassificationJobUserPausedDetail" + }, + "description": "If the current status of the job is `USER_PAUSED`, specifies when the job was paused and when the job or job run will expire and be cancelled if it isn't resumed. This value is present only if the value for `job-status` is `USER_PAUSED`.\n" + } + }, + "type": "object" + } + }, + "aws:macie2/invitationAccepter:InvitationAccepter": { + "description": "Provides a resource to manage an [Amazon Macie Invitation Accepter](https://docs.aws.amazon.com/macie/latest/APIReference/invitations-accept.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primaryAccount = new aws.macie2.Account(\"primaryAccount\", {}, {\n provider: \"awsalternate\",\n});\nconst memberAccount = new aws.macie2.Account(\"memberAccount\", {});\nconst primaryMember = new aws.macie2.Member(\"primaryMember\", {\n accountId: \"ACCOUNT ID\",\n email: \"EMAIL\",\n invite: true,\n invitationMessage: \"Message of the invite\",\n}, {\n provider: \"awsalternate\",\n dependsOn: [primaryAccount],\n});\nconst memberInvitationAccepter = new aws.macie2.InvitationAccepter(\"memberInvitationAccepter\", {administratorAccountId: \"ADMINISTRATOR ACCOUNT ID\"}, {\n dependsOn: [primaryMember],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary_account = aws.macie2.Account(\"primaryAccount\", opts=pulumi.ResourceOptions(provider=\"awsalternate\"))\nmember_account = aws.macie2.Account(\"memberAccount\")\nprimary_member = aws.macie2.Member(\"primaryMember\",\n account_id=\"ACCOUNT ID\",\n email=\"EMAIL\",\n invite=True,\n invitation_message=\"Message of the invite\",\n opts=pulumi.ResourceOptions(provider=\"awsalternate\",\n depends_on=[primary_account]))\nmember_invitation_accepter = aws.macie2.InvitationAccepter(\"memberInvitationAccepter\", administrator_account_id=\"ADMINISTRATOR ACCOUNT ID\",\nopts=pulumi.ResourceOptions(depends_on=[primary_member]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var primaryAccount = new Aws.Macie2.Account(\"primaryAccount\", new Aws.Macie2.AccountArgs\n {\n }, new CustomResourceOptions\n {\n Provider = \"awsalternate\",\n });\n var memberAccount = new Aws.Macie2.Account(\"memberAccount\", new Aws.Macie2.AccountArgs\n {\n });\n var primaryMember = new Aws.Macie2.Member(\"primaryMember\", new Aws.Macie2.MemberArgs\n {\n AccountId = \"ACCOUNT ID\",\n Email = \"EMAIL\",\n Invite = true,\n InvitationMessage = \"Message of the invite\",\n }, new CustomResourceOptions\n {\n Provider = \"awsalternate\",\n DependsOn = \n {\n primaryAccount,\n },\n });\n var memberInvitationAccepter = new Aws.Macie2.InvitationAccepter(\"memberInvitationAccepter\", new Aws.Macie2.InvitationAccepterArgs\n {\n AdministratorAccountId = \"ADMINISTRATOR ACCOUNT ID\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n primaryMember,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimaryAccount, err := macie2.NewAccount(ctx, \"primaryAccount\", nil, pulumi.Provider(\"awsalternate\"))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = macie2.NewAccount(ctx, \"memberAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryMember, err := macie2.NewMember(ctx, \"primaryMember\", &macie2.MemberArgs{\n\t\t\tAccountId: pulumi.String(\"ACCOUNT ID\"),\n\t\t\tEmail: pulumi.String(\"EMAIL\"),\n\t\t\tInvite: pulumi.Bool(true),\n\t\t\tInvitationMessage: pulumi.String(\"Message of the invite\"),\n\t\t}, pulumi.Provider(\"awsalternate\"), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = macie2.NewInvitationAccepter(ctx, \"memberInvitationAccepter\", &macie2.InvitationAccepterArgs{\n\t\t\tAdministratorAccountId: pulumi.String(\"ADMINISTRATOR ACCOUNT ID\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryMember,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_macie2_invitation_accepter` can be imported using the admin account ID, e.g.\n\n```sh\n $ pulumi import aws:macie2/invitationAccepter:InvitationAccepter example 123456789012\n```\n\n ", + "properties": { + "administratorAccountId": { + "type": "string", + "description": "The AWS account ID for the account that sent the invitation.\n" + }, + "invitationId": { + "type": "string", + "description": "The unique identifier for the invitation.\n" + } + }, + "required": [ + "administratorAccountId", + "invitationId" + ], + "inputProperties": { + "administratorAccountId": { + "type": "string", + "description": "The AWS account ID for the account that sent the invitation.\n" + } + }, + "requiredInputs": [ + "administratorAccountId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering InvitationAccepter resources.\n", + "properties": { + "administratorAccountId": { + "type": "string", + "description": "The AWS account ID for the account that sent the invitation.\n" + }, + "invitationId": { + "type": "string", + "description": "The unique identifier for the invitation.\n" + } + }, + "type": "object" + } + }, + "aws:macie2/member:Member": { + "description": "Provides a resource to manage an [Amazon Macie Member](https://docs.aws.amazon.com/macie/latest/APIReference/members-id.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.macie2.Account(\"exampleAccount\", {});\nconst exampleMember = new aws.macie2.Member(\"exampleMember\", {\n accountId: \"AWS ACCOUNT ID\",\n email: \"EMAIL\",\n invite: true,\n invitationMessage: \"Message of the invitation\",\n invitationDisableEmailNotification: true,\n}, {\n dependsOn: [exampleAccount],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.macie2.Account(\"exampleAccount\")\nexample_member = aws.macie2.Member(\"exampleMember\",\n account_id=\"AWS ACCOUNT ID\",\n email=\"EMAIL\",\n invite=True,\n invitation_message=\"Message of the invitation\",\n invitation_disable_email_notification=\"true\",\n opts=pulumi.ResourceOptions(depends_on=[example_account]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.Macie2.Account(\"exampleAccount\", new Aws.Macie2.AccountArgs\n {\n });\n var exampleMember = new Aws.Macie2.Member(\"exampleMember\", new Aws.Macie2.MemberArgs\n {\n AccountId = \"AWS ACCOUNT ID\",\n Email = \"EMAIL\",\n Invite = true,\n InvitationMessage = \"Message of the invitation\",\n InvitationDisableEmailNotification = \"true\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleAccount,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleAccount, err := macie2.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = macie2.NewMember(ctx, \"exampleMember\", &macie2.MemberArgs{\n\t\t\tAccountId: pulumi.String(\"AWS ACCOUNT ID\"),\n\t\t\tEmail: pulumi.String(\"EMAIL\"),\n\t\t\tInvite: pulumi.Bool(true),\n\t\t\tInvitationMessage: pulumi.String(\"Message of the invitation\"),\n\t\t\tInvitationDisableEmailNotification: pulumi.String(\"true\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_macie2_member` can be imported using the account ID of the member account, e.g.\n\n```sh\n $ pulumi import aws:macie2/member:Member example 123456789012\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "The AWS account ID for the account.\n" + }, + "administratorAccountId": { + "type": "string", + "description": "The AWS account ID for the administrator account.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the account.\n" + }, + "email": { + "type": "string", + "description": "The email address for the account.\n" + }, + "invitationDisableEmailNotification": { + "type": "string", + "description": "Specifies whether to send an email notification to the root user of each account that the invitation will be sent to. This notification is in addition to an alert that the root user receives in AWS Personal Health Dashboard. To send an email notification to the root user of each account, set this value to `true`.\n" + }, + "invitationMessage": { + "type": "string", + "description": "A custom message to include in the invitation. Amazon Macie adds this message to the standard content that it sends for an invitation.\n" + }, + "invite": { + "type": "boolean", + "description": "Send an invitation to a member\n" + }, + "invitedAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie invitation hasn't been sent to the account.\n" + }, + "masterAccountId": { + "type": "string" + }, + "relationshipStatus": { + "type": "string", + "description": "The current status of the relationship between the account and the administrator account.\n" + }, + "status": { + "type": "string", + "description": "Specifies the status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to `ENABLED`. Valid values are `ENABLED` or `PAUSED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "updatedAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, of the most recent change to the status of the relationship between the account and the administrator account.\n" + } + }, + "required": [ + "accountId", + "administratorAccountId", + "arn", + "email", + "invite", + "invitedAt", + "masterAccountId", + "relationshipStatus", + "status", + "tagsAll", + "updatedAt" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "The AWS account ID for the account.\n" + }, + "email": { + "type": "string", + "description": "The email address for the account.\n" + }, + "invitationDisableEmailNotification": { + "type": "string", + "description": "Specifies whether to send an email notification to the root user of each account that the invitation will be sent to. This notification is in addition to an alert that the root user receives in AWS Personal Health Dashboard. To send an email notification to the root user of each account, set this value to `true`.\n" + }, + "invitationMessage": { + "type": "string", + "description": "A custom message to include in the invitation. Amazon Macie adds this message to the standard content that it sends for an invitation.\n" + }, + "invite": { + "type": "boolean", + "description": "Send an invitation to a member\n" + }, + "status": { + "type": "string", + "description": "Specifies the status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to `ENABLED`. Valid values are `ENABLED` or `PAUSED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "accountId", + "email" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Member resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "The AWS account ID for the account.\n" + }, + "administratorAccountId": { + "type": "string", + "description": "The AWS account ID for the administrator account.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the account.\n" + }, + "email": { + "type": "string", + "description": "The email address for the account.\n" + }, + "invitationDisableEmailNotification": { + "type": "string", + "description": "Specifies whether to send an email notification to the root user of each account that the invitation will be sent to. This notification is in addition to an alert that the root user receives in AWS Personal Health Dashboard. To send an email notification to the root user of each account, set this value to `true`.\n" + }, + "invitationMessage": { + "type": "string", + "description": "A custom message to include in the invitation. Amazon Macie adds this message to the standard content that it sends for an invitation.\n" + }, + "invite": { + "type": "boolean", + "description": "Send an invitation to a member\n" + }, + "invitedAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, when an Amazon Macie membership invitation was last sent to the account. This value is null if a Macie invitation hasn't been sent to the account.\n" + }, + "masterAccountId": { + "type": "string" + }, + "relationshipStatus": { + "type": "string", + "description": "The current status of the relationship between the account and the administrator account.\n" + }, + "status": { + "type": "string", + "description": "Specifies the status for the account. To enable Amazon Macie and start all Macie activities for the account, set this value to `ENABLED`. Valid values are `ENABLED` or `PAUSED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "updatedAt": { + "type": "string", + "description": "The date and time, in UTC and extended RFC 3339 format, of the most recent change to the status of the relationship between the account and the administrator account.\n" + } + }, + "type": "object" + } + }, + "aws:macie2/organizationAdminAccount:OrganizationAdminAccount": { + "description": "Provides a resource to manage an [Amazon Macie Organization Admin Account](https://docs.aws.amazon.com/macie/latest/APIReference/admin.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.macie2.Account(\"example\", {});\nconst test = new aws.macie2.OrganizationAdminAccount(\"test\", {adminAccountId: \"ID OF THE ADMIN ACCOUNT\"}, {\n dependsOn: [aws_macie2_account.test],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.macie2.Account(\"example\")\ntest = aws.macie2.OrganizationAdminAccount(\"test\", admin_account_id=\"ID OF THE ADMIN ACCOUNT\",\nopts=pulumi.ResourceOptions(depends_on=[aws_macie2_account[\"test\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Macie2.Account(\"example\", new Aws.Macie2.AccountArgs\n {\n });\n var test = new Aws.Macie2.OrganizationAdminAccount(\"test\", new Aws.Macie2.OrganizationAdminAccountArgs\n {\n AdminAccountId = \"ID OF THE ADMIN ACCOUNT\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_macie2_account.Test,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/macie2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := macie2.NewAccount(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = macie2.NewOrganizationAdminAccount(ctx, \"test\", &macie2.OrganizationAdminAccountArgs{\n\t\t\tAdminAccountId: pulumi.String(\"ID OF THE ADMIN ACCOUNT\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_macie2_account.Test,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_macie2_organization_admin_account` can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:macie2/organizationAdminAccount:OrganizationAdminAccount example abcd1\n```\n\n ", + "properties": { + "adminAccountId": { + "type": "string", + "description": "The AWS account ID for the account to designate as the delegated Amazon Macie administrator account for the organization.\n" + } + }, + "required": [ + "adminAccountId" + ], + "inputProperties": { + "adminAccountId": { + "type": "string", + "description": "The AWS account ID for the account to designate as the delegated Amazon Macie administrator account for the organization.\n" + } + }, + "requiredInputs": [ + "adminAccountId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OrganizationAdminAccount resources.\n", + "properties": { + "adminAccountId": { + "type": "string", + "description": "The AWS account ID for the account to designate as the delegated Amazon Macie administrator account for the organization.\n" + } + }, + "type": "object" + } + }, + "aws:mediaconvert/queue:Queue": { + "description": "Provides an AWS Elemental MediaConvert Queue.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.mediaconvert.Queue(\"test\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.mediaconvert.Queue(\"test\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.MediaConvert.Queue(\"test\", new Aws.MediaConvert.QueueArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/mediaconvert\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := mediaconvert.NewQueue(ctx, \"test\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nMedia Convert Queue can be imported via the queue name, e.g.\n\n```sh\n $ pulumi import aws:mediaconvert/queue:Queue test tf-test-queue\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Arn of the queue\n" + }, + "description": { + "type": "string", + "description": "A description of the queue\n" + }, + "name": { + "type": "string", + "description": "A unique identifier describing the queue\n" + }, + "pricingPlan": { + "type": "string", + "description": "Specifies whether the pricing plan for the queue is on-demand or reserved. Valid values are `ON_DEMAND` or `RESERVED`. Default to `ON_DEMAND`.\n" + }, + "reservationPlanSettings": { + "$ref": "#/types/aws:mediaconvert/QueueReservationPlanSettings:QueueReservationPlanSettings", + "description": "A detail pricing plan of the reserved queue. See below.\n" + }, + "status": { + "type": "string", + "description": "A status of the queue. Valid values are `ACTIVE` or `RESERVED`. Default to `PAUSED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "reservationPlanSettings", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the queue\n" + }, + "name": { + "type": "string", + "description": "A unique identifier describing the queue\n" + }, + "pricingPlan": { + "type": "string", + "description": "Specifies whether the pricing plan for the queue is on-demand or reserved. Valid values are `ON_DEMAND` or `RESERVED`. Default to `ON_DEMAND`.\n" + }, + "reservationPlanSettings": { + "$ref": "#/types/aws:mediaconvert/QueueReservationPlanSettings:QueueReservationPlanSettings", + "description": "A detail pricing plan of the reserved queue. See below.\n" + }, + "status": { + "type": "string", + "description": "A status of the queue. Valid values are `ACTIVE` or `RESERVED`. Default to `PAUSED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Queue resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Arn of the queue\n" + }, + "description": { + "type": "string", + "description": "A description of the queue\n" + }, + "name": { + "type": "string", + "description": "A unique identifier describing the queue\n" + }, + "pricingPlan": { + "type": "string", + "description": "Specifies whether the pricing plan for the queue is on-demand or reserved. Valid values are `ON_DEMAND` or `RESERVED`. Default to `ON_DEMAND`.\n" + }, + "reservationPlanSettings": { + "$ref": "#/types/aws:mediaconvert/QueueReservationPlanSettings:QueueReservationPlanSettings", + "description": "A detail pricing plan of the reserved queue. See below.\n" + }, + "status": { + "type": "string", + "description": "A status of the queue. Valid values are `ACTIVE` or `RESERVED`. Default to `PAUSED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:mediapackage/channel:Channel": { + "description": "Provides an AWS Elemental MediaPackage Channel.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst kittens = new aws.mediapackage.Channel(\"kittens\", {\n channelId: \"kitten-channel\",\n description: \"A channel dedicated to amusing videos of kittens.\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nkittens = aws.mediapackage.Channel(\"kittens\",\n channel_id=\"kitten-channel\",\n description=\"A channel dedicated to amusing videos of kittens.\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var kittens = new Aws.MediaPackage.Channel(\"kittens\", new Aws.MediaPackage.ChannelArgs\n {\n ChannelId = \"kitten-channel\",\n Description = \"A channel dedicated to amusing videos of kittens.\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/mediapackage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := mediapackage.NewChannel(ctx, \"kittens\", &mediapackage.ChannelArgs{\n\t\t\tChannelId: pulumi.String(\"kitten-channel\"),\n\t\t\tDescription: pulumi.String(\"A channel dedicated to amusing videos of kittens.\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nMedia Package Channels can be imported via the channel ID, e.g.\n\n```sh\n $ pulumi import aws:mediapackage/channel:Channel kittens kittens-channel\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the channel\n" + }, + "channelId": { + "type": "string", + "description": "A unique identifier describing the channel\n" + }, + "description": { + "type": "string", + "description": "A description of the channel\n", + "default": "Managed by Pulumi" + }, + "hlsIngests": { + "type": "array", + "items": { + "$ref": "#/types/aws:mediapackage/ChannelHlsIngest:ChannelHlsIngest" + }, + "description": "A single item list of HLS ingest information\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "channelId", + "description", + "hlsIngests", + "tagsAll" + ], + "inputProperties": { + "channelId": { + "type": "string", + "description": "A unique identifier describing the channel\n" + }, + "description": { + "type": "string", + "description": "A description of the channel\n", + "default": "Managed by Pulumi" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "channelId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Channel resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the channel\n" + }, + "channelId": { + "type": "string", + "description": "A unique identifier describing the channel\n" + }, + "description": { + "type": "string", + "description": "A description of the channel\n", + "default": "Managed by Pulumi" + }, + "hlsIngests": { + "type": "array", + "items": { + "$ref": "#/types/aws:mediapackage/ChannelHlsIngest:ChannelHlsIngest" + }, + "description": "A single item list of HLS ingest information\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:mediastore/container:Container": { + "description": "Provides a MediaStore Container.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mediastore.Container(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mediastore.Container(\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.MediaStore.Container(\"example\", new Aws.MediaStore.ContainerArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/mediastore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := mediastore.NewContainer(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nMediaStore Container can be imported using the MediaStore Container Name, e.g.\n\n```sh\n $ pulumi import aws:mediastore/container:Container example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the container.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS endpoint of the container.\n" + }, + "name": { + "type": "string", + "description": "The name of the container. Must contain alphanumeric characters or underscores.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "endpoint", + "name", + "tagsAll" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the container. Must contain alphanumeric characters or underscores.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Container resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the container.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS endpoint of the container.\n" + }, + "name": { + "type": "string", + "description": "The name of the container. Must contain alphanumeric characters or underscores.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:mediastore/containerPolicy:ContainerPolicy": { + "description": "Provides a MediaStore Container Policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst currentRegion = aws.getRegion({});\nconst currentCallerIdentity = aws.getCallerIdentity({});\nconst exampleContainer = new aws.mediastore.Container(\"exampleContainer\", {});\nconst exampleContainerPolicy = new aws.mediastore.ContainerPolicy(\"exampleContainerPolicy\", {\n containerName: exampleContainer.name,\n policy: pulumi.all([currentCallerIdentity, currentRegion, currentCallerIdentity, exampleContainer.name]).apply(([currentCallerIdentity, currentRegion, currentCallerIdentity1, name]) => `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [{\n\t\t\"Sid\": \"MediaStoreFullAccess\",\n\t\t\"Action\": [ \"mediastore:*\" ],\n\t\t\"Principal\": {\"AWS\" : \"arn:aws:iam::${currentCallerIdentity.accountId}:root\"},\n\t\t\"Effect\": \"Allow\",\n\t\t\"Resource\": \"arn:aws:mediastore:${currentRegion.name}:${currentCallerIdentity1.accountId}:container/${name}/*\",\n\t\t\"Condition\": {\n\t\t\t\"Bool\": { \"aws:SecureTransport\": \"true\" }\n\t\t}\n\t}]\n}\n`),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample_container = aws.mediastore.Container(\"exampleContainer\")\nexample_container_policy = aws.mediastore.ContainerPolicy(\"exampleContainerPolicy\",\n container_name=example_container.name,\n policy=example_container.name.apply(lambda name: f\"\"\"{{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [{{\n\t\t\"Sid\": \"MediaStoreFullAccess\",\n\t\t\"Action\": [ \"mediastore:*\" ],\n\t\t\"Principal\": {{\"AWS\" : \"arn:aws:iam::{current_caller_identity.account_id}:root\"}},\n\t\t\"Effect\": \"Allow\",\n\t\t\"Resource\": \"arn:aws:mediastore:{current_region.name}:{current_caller_identity.account_id}:container/{name}/*\",\n\t\t\"Condition\": {{\n\t\t\t\"Bool\": {{ \"aws:SecureTransport\": \"true\" }}\n\t\t}}\n\t}}]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());\n var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var exampleContainer = new Aws.MediaStore.Container(\"exampleContainer\", new Aws.MediaStore.ContainerArgs\n {\n });\n var exampleContainerPolicy = new Aws.MediaStore.ContainerPolicy(\"exampleContainerPolicy\", new Aws.MediaStore.ContainerPolicyArgs\n {\n ContainerName = exampleContainer.Name,\n Policy = Output.Tuple(currentCallerIdentity, currentRegion, currentCallerIdentity, exampleContainer.Name).Apply(values =>\n {\n var currentCallerIdentity = values.Item1;\n var currentRegion = values.Item2;\n var currentCallerIdentity1 = values.Item3;\n var name = values.Item4;\n return @$\"{{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [{{\n\t\t\"\"Sid\"\": \"\"MediaStoreFullAccess\"\",\n\t\t\"\"Action\"\": [ \"\"mediastore:*\"\" ],\n\t\t\"\"Principal\"\": {{\"\"AWS\"\" : \"\"arn:aws:iam::{currentCallerIdentity.AccountId}:root\"\"}},\n\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\"\"Resource\"\": \"\"arn:aws:mediastore:{currentRegion.Name}:{currentCallerIdentity1.AccountId}:container/{name}/*\"\",\n\t\t\"\"Condition\"\": {{\n\t\t\t\"\"Bool\"\": {{ \"\"aws:SecureTransport\"\": \"\"true\"\" }}\n\t\t}}\n\t}}]\n}}\n\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/mediastore\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleContainer, err := mediastore.NewContainer(ctx, \"exampleContainer\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = mediastore.NewContainerPolicy(ctx, \"exampleContainerPolicy\", &mediastore.ContainerPolicyArgs{\n\t\t\tContainerName: exampleContainer.Name,\n\t\t\tPolicy: exampleContainer.Name.ApplyT(func(name string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \"\t\\\"Version\\\": \\\"2012-10-17\\\",\\n\", \"\t\\\"Statement\\\": [{\\n\", \"\t\t\\\"Sid\\\": \\\"MediaStoreFullAccess\\\",\\n\", \"\t\t\\\"Action\\\": [ \\\"mediastore:*\\\" ],\\n\", \"\t\t\\\"Principal\\\": {\\\"AWS\\\" : \\\"arn:aws:iam::\", currentCallerIdentity.AccountId, \":root\\\"},\\n\", \"\t\t\\\"Effect\\\": \\\"Allow\\\",\\n\", \"\t\t\\\"Resource\\\": \\\"arn:aws:mediastore:\", currentRegion.Name, \":\", currentCallerIdentity.AccountId, \":container/\", name, \"/*\\\",\\n\", \"\t\t\\\"Condition\\\": {\\n\", \"\t\t\t\\\"Bool\\\": { \\\"aws:SecureTransport\\\": \\\"true\\\" }\\n\", \"\t\t}\\n\", \"\t}]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nMediaStore Container Policy can be imported using the MediaStore Container Name, e.g.\n\n```sh\n $ pulumi import aws:mediastore/containerPolicy:ContainerPolicy example example\n```\n\n ", + "properties": { + "containerName": { + "type": "string", + "description": "The name of the container.\n" + }, + "policy": { + "type": "string", + "description": "The contents of the policy.\n" + } + }, + "required": [ + "containerName", + "policy" + ], + "inputProperties": { + "containerName": { + "type": "string", + "description": "The name of the container.\n" + }, + "policy": { + "type": "string", + "description": "The contents of the policy.\n" + } + }, + "requiredInputs": [ + "containerName", + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ContainerPolicy resources.\n", + "properties": { + "containerName": { + "type": "string", + "description": "The name of the container.\n" + }, + "policy": { + "type": "string", + "description": "The contents of the policy.\n" + } + }, + "type": "object" + } + }, + "aws:mq/broker:Broker": { + "description": "Provides an Amazon MQ broker resource. This resources also manages users for the broker.\n\n> For more information on Amazon MQ, see [Amazon MQ documentation](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/welcome.html).\n\n> **NOTE:** Amazon MQ currently places limits on **RabbitMQ** brokers. For example, a RabbitMQ broker cannot have: instances with an associated IP address of an ENI attached to the broker, an associated LDAP server to authenticate and authorize broker connections, storage type `EFS`, audit logging, or `configuration` blocks. Although this resource allows you to create RabbitMQ users, RabbitMQ users cannot have console access or groups. Also, Amazon MQ does not return information about RabbitMQ users so drift detection is not possible.\n\n> **NOTE:** Changes to an MQ Broker can occur when you change a parameter, such as `configuration` or `user`, and are reflected in the next maintenance window. Because of this, the provider may report a difference in its planning phase because a modification has not yet taken place. You can use the `apply_immediately` flag to instruct the service to apply the change immediately (see documentation below). Using `apply_immediately` can result in a brief downtime as the broker reboots.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mq.Broker(\"example\", {\n brokerName: \"example\",\n configuration: {\n id: aws_mq_configuration.test.id,\n revision: aws_mq_configuration.test.latest_revision,\n },\n engineType: \"ActiveMQ\",\n engineVersion: \"5.15.9\",\n hostInstanceType: \"mq.t2.micro\",\n securityGroups: [aws_security_group.test.id],\n users: [{\n username: \"ExampleUser\",\n password: \"MindTheGap\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mq.Broker(\"example\",\n broker_name=\"example\",\n configuration=aws.mq.BrokerConfigurationArgs(\n id=aws_mq_configuration[\"test\"][\"id\"],\n revision=aws_mq_configuration[\"test\"][\"latest_revision\"],\n ),\n engine_type=\"ActiveMQ\",\n engine_version=\"5.15.9\",\n host_instance_type=\"mq.t2.micro\",\n security_groups=[aws_security_group[\"test\"][\"id\"]],\n users=[aws.mq.BrokerUserArgs(\n username=\"ExampleUser\",\n password=\"MindTheGap\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Mq.Broker(\"example\", new Aws.Mq.BrokerArgs\n {\n BrokerName = \"example\",\n Configuration = new Aws.Mq.Inputs.BrokerConfigurationArgs\n {\n Id = aws_mq_configuration.Test.Id,\n Revision = aws_mq_configuration.Test.Latest_revision,\n },\n EngineType = \"ActiveMQ\",\n EngineVersion = \"5.15.9\",\n HostInstanceType = \"mq.t2.micro\",\n SecurityGroups = \n {\n aws_security_group.Test.Id,\n },\n Users = \n {\n new Aws.Mq.Inputs.BrokerUserArgs\n {\n Username = \"ExampleUser\",\n Password = \"MindTheGap\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/mq\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := mq.NewBroker(ctx, \"example\", &mq.BrokerArgs{\n\t\t\tBrokerName: pulumi.String(\"example\"),\n\t\t\tConfiguration: &mq.BrokerConfigurationArgs{\n\t\t\t\tId: pulumi.Any(aws_mq_configuration.Test.Id),\n\t\t\t\tRevision: pulumi.Any(aws_mq_configuration.Test.Latest_revision),\n\t\t\t},\n\t\t\tEngineType: pulumi.String(\"ActiveMQ\"),\n\t\t\tEngineVersion: pulumi.String(\"5.15.9\"),\n\t\t\tHostInstanceType: pulumi.String(\"mq.t2.micro\"),\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Test.Id),\n\t\t\t},\n\t\t\tUsers: mq.BrokerUserArray{\n\t\t\t\t&mq.BrokerUserArgs{\n\t\t\t\t\tUsername: pulumi.String(\"ExampleUser\"),\n\t\t\t\t\tPassword: pulumi.String(\"MindTheGap\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### High-throughput Optimized Example\n\nThis example shows the use of EBS storage for high-throughput optimized performance.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mq.Broker(\"example\", {\n brokerName: \"example\",\n configuration: {\n id: aws_mq_configuration.test.id,\n revision: aws_mq_configuration.test.latest_revision,\n },\n engineType: \"ActiveMQ\",\n engineVersion: \"5.15.9\",\n storageType: \"ebs\",\n hostInstanceType: \"mq.m5.large\",\n securityGroups: [aws_security_group.test.id],\n users: [{\n username: \"ExampleUser\",\n password: \"MindTheGap\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mq.Broker(\"example\",\n broker_name=\"example\",\n configuration=aws.mq.BrokerConfigurationArgs(\n id=aws_mq_configuration[\"test\"][\"id\"],\n revision=aws_mq_configuration[\"test\"][\"latest_revision\"],\n ),\n engine_type=\"ActiveMQ\",\n engine_version=\"5.15.9\",\n storage_type=\"ebs\",\n host_instance_type=\"mq.m5.large\",\n security_groups=[aws_security_group[\"test\"][\"id\"]],\n users=[aws.mq.BrokerUserArgs(\n username=\"ExampleUser\",\n password=\"MindTheGap\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Mq.Broker(\"example\", new Aws.Mq.BrokerArgs\n {\n BrokerName = \"example\",\n Configuration = new Aws.Mq.Inputs.BrokerConfigurationArgs\n {\n Id = aws_mq_configuration.Test.Id,\n Revision = aws_mq_configuration.Test.Latest_revision,\n },\n EngineType = \"ActiveMQ\",\n EngineVersion = \"5.15.9\",\n StorageType = \"ebs\",\n HostInstanceType = \"mq.m5.large\",\n SecurityGroups = \n {\n aws_security_group.Test.Id,\n },\n Users = \n {\n new Aws.Mq.Inputs.BrokerUserArgs\n {\n Username = \"ExampleUser\",\n Password = \"MindTheGap\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/mq\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := mq.NewBroker(ctx, \"example\", &mq.BrokerArgs{\n\t\t\tBrokerName: pulumi.String(\"example\"),\n\t\t\tConfiguration: &mq.BrokerConfigurationArgs{\n\t\t\t\tId: pulumi.Any(aws_mq_configuration.Test.Id),\n\t\t\t\tRevision: pulumi.Any(aws_mq_configuration.Test.Latest_revision),\n\t\t\t},\n\t\t\tEngineType: pulumi.String(\"ActiveMQ\"),\n\t\t\tEngineVersion: pulumi.String(\"5.15.9\"),\n\t\t\tStorageType: pulumi.String(\"ebs\"),\n\t\t\tHostInstanceType: pulumi.String(\"mq.m5.large\"),\n\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Test.Id),\n\t\t\t},\n\t\t\tUsers: mq.BrokerUserArray{\n\t\t\t\t&mq.BrokerUserArgs{\n\t\t\t\t\tUsername: pulumi.String(\"ExampleUser\"),\n\t\t\t\t\tPassword: pulumi.String(\"MindTheGap\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nMQ Brokers can be imported using their broker id, e.g.\n\n```sh\n $ pulumi import aws:mq/broker:Broker example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any broker modifications are applied immediately, or during the next maintenance window. Default is `false`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the broker.\n" + }, + "authenticationStrategy": { + "type": "string", + "description": "Authentication strategy used to secure the broker. Valid values are `simple` and `ldap`. `ldap` is not supported for `engine_type` `RabbitMQ`.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Whether to automatically upgrade to new minor versions of brokers as Amazon MQ makes releases available.\n" + }, + "brokerName": { + "type": "string", + "description": "Name of the broker.\n" + }, + "configuration": { + "$ref": "#/types/aws:mq/BrokerConfiguration:BrokerConfiguration", + "description": "Configuration block for broker configuration. Applies to `engine_type` of `ActiveMQ` only. Detailed below.\n" + }, + "deploymentMode": { + "type": "string", + "description": "Deployment mode of the broker. Valid values are `SINGLE_INSTANCE`, `ACTIVE_STANDBY_MULTI_AZ`, and `CLUSTER_MULTI_AZ`. Default is `SINGLE_INSTANCE`.\n" + }, + "encryptionOptions": { + "$ref": "#/types/aws:mq/BrokerEncryptionOptions:BrokerEncryptionOptions", + "description": "Configuration block containing encryption options. Detailed below.\n" + }, + "engineType": { + "type": "string", + "description": "Type of broker engine. Valid values are `ActiveMQ` and `RabbitMQ`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the broker engine. See the [AmazonMQ Broker Engine docs](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html) for supported versions. For example, `5.15.0`.\n" + }, + "hostInstanceType": { + "type": "string", + "description": "Broker's instance type. For example, `mq.t3.micro`, `mq.m5.large`.\n" + }, + "instances": { + "type": "array", + "items": { + "$ref": "#/types/aws:mq/BrokerInstance:BrokerInstance" + }, + "description": "List of information about allocated brokers (both active & standby).\n* `instances.0.console_url` - The URL of the broker's [ActiveMQ Web Console](http://activemq.apache.org/web-console.html).\n* `instances.0.ip_address` - IP Address of the broker.\n* `instances.0.endpoints` - Broker's wire-level protocol endpoints in the following order & format referenceable e.g. as `instances.0.endpoints.0` (SSL):\n* For `ActiveMQ`:\n* `ssl://broker-id.mq.us-west-2.amazonaws.com:61617`\n* `amqp+ssl://broker-id.mq.us-west-2.amazonaws.com:5671`\n* `stomp+ssl://broker-id.mq.us-west-2.amazonaws.com:61614`\n* `mqtt+ssl://broker-id.mq.us-west-2.amazonaws.com:8883`\n* `wss://broker-id.mq.us-west-2.amazonaws.com:61619`\n* For `RabbitMQ`:\n* `amqps://broker-id.mq.us-west-2.amazonaws.com:5671`\n" + }, + "ldapServerMetadata": { + "$ref": "#/types/aws:mq/BrokerLdapServerMetadata:BrokerLdapServerMetadata", + "description": "Configuration block for the LDAP server used to authenticate and authorize connections to the broker. Not supported for `engine_type` `RabbitMQ`. Detailed below. (Currently, AWS may not process changes to LDAP server metadata.)\n" + }, + "logs": { + "$ref": "#/types/aws:mq/BrokerLogs:BrokerLogs", + "description": "Configuration block for the logging configuration of the broker. Detailed below.\n" + }, + "maintenanceWindowStartTime": { + "$ref": "#/types/aws:mq/BrokerMaintenanceWindowStartTime:BrokerMaintenanceWindowStartTime", + "description": "Configuration block for the maintenance window start time. Detailed below.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Whether to enable connections from applications outside of the VPC that hosts the broker's subnets.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group IDs assigned to the broker.\n" + }, + "storageType": { + "type": "string", + "description": "Storage type of the broker. For `engine_type` `ActiveMQ`, the valid values are `efs` and `ebs`, and the AWS-default is `efs`. For `engine_type` `RabbitMQ`, only `ebs` is supported. When using `ebs`, only the `mq.m5` broker instance type family is supported.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of subnet IDs in which to launch the broker. A `SINGLE_INSTANCE` deployment requires one subnet. An `ACTIVE_STANDBY_MULTI_AZ` deployment requires multiple subnets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the broker. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "users": { + "type": "array", + "items": { + "$ref": "#/types/aws:mq/BrokerUser:BrokerUser" + }, + "description": "Configuration block for broker users. For `engine_type` of `RabbitMQ`, Amazon MQ does not return broker users preventing this resource from making user updates and drift detection. Detailed below.\n" + } + }, + "required": [ + "arn", + "authenticationStrategy", + "brokerName", + "configuration", + "engineType", + "engineVersion", + "hostInstanceType", + "instances", + "maintenanceWindowStartTime", + "storageType", + "subnetIds", + "tagsAll", + "users" + ], + "inputProperties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any broker modifications are applied immediately, or during the next maintenance window. Default is `false`.\n" + }, + "authenticationStrategy": { + "type": "string", + "description": "Authentication strategy used to secure the broker. Valid values are `simple` and `ldap`. `ldap` is not supported for `engine_type` `RabbitMQ`.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Whether to automatically upgrade to new minor versions of brokers as Amazon MQ makes releases available.\n" + }, + "brokerName": { + "type": "string", + "description": "Name of the broker.\n" + }, + "configuration": { + "$ref": "#/types/aws:mq/BrokerConfiguration:BrokerConfiguration", + "description": "Configuration block for broker configuration. Applies to `engine_type` of `ActiveMQ` only. Detailed below.\n" + }, + "deploymentMode": { + "type": "string", + "description": "Deployment mode of the broker. Valid values are `SINGLE_INSTANCE`, `ACTIVE_STANDBY_MULTI_AZ`, and `CLUSTER_MULTI_AZ`. Default is `SINGLE_INSTANCE`.\n" + }, + "encryptionOptions": { + "$ref": "#/types/aws:mq/BrokerEncryptionOptions:BrokerEncryptionOptions", + "description": "Configuration block containing encryption options. Detailed below.\n" + }, + "engineType": { + "type": "string", + "description": "Type of broker engine. Valid values are `ActiveMQ` and `RabbitMQ`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the broker engine. See the [AmazonMQ Broker Engine docs](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html) for supported versions. For example, `5.15.0`.\n" + }, + "hostInstanceType": { + "type": "string", + "description": "Broker's instance type. For example, `mq.t3.micro`, `mq.m5.large`.\n" + }, + "ldapServerMetadata": { + "$ref": "#/types/aws:mq/BrokerLdapServerMetadata:BrokerLdapServerMetadata", + "description": "Configuration block for the LDAP server used to authenticate and authorize connections to the broker. Not supported for `engine_type` `RabbitMQ`. Detailed below. (Currently, AWS may not process changes to LDAP server metadata.)\n" + }, + "logs": { + "$ref": "#/types/aws:mq/BrokerLogs:BrokerLogs", + "description": "Configuration block for the logging configuration of the broker. Detailed below.\n" + }, + "maintenanceWindowStartTime": { + "$ref": "#/types/aws:mq/BrokerMaintenanceWindowStartTime:BrokerMaintenanceWindowStartTime", + "description": "Configuration block for the maintenance window start time. Detailed below.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Whether to enable connections from applications outside of the VPC that hosts the broker's subnets.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group IDs assigned to the broker.\n" + }, + "storageType": { + "type": "string", + "description": "Storage type of the broker. For `engine_type` `ActiveMQ`, the valid values are `efs` and `ebs`, and the AWS-default is `efs`. For `engine_type` `RabbitMQ`, only `ebs` is supported. When using `ebs`, only the `mq.m5` broker instance type family is supported.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of subnet IDs in which to launch the broker. A `SINGLE_INSTANCE` deployment requires one subnet. An `ACTIVE_STANDBY_MULTI_AZ` deployment requires multiple subnets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the broker. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "users": { + "type": "array", + "items": { + "$ref": "#/types/aws:mq/BrokerUser:BrokerUser" + }, + "description": "Configuration block for broker users. For `engine_type` of `RabbitMQ`, Amazon MQ does not return broker users preventing this resource from making user updates and drift detection. Detailed below.\n" + } + }, + "requiredInputs": [ + "brokerName", + "engineType", + "engineVersion", + "hostInstanceType", + "users" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Broker resources.\n", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any broker modifications are applied immediately, or during the next maintenance window. Default is `false`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the broker.\n" + }, + "authenticationStrategy": { + "type": "string", + "description": "Authentication strategy used to secure the broker. Valid values are `simple` and `ldap`. `ldap` is not supported for `engine_type` `RabbitMQ`.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Whether to automatically upgrade to new minor versions of brokers as Amazon MQ makes releases available.\n" + }, + "brokerName": { + "type": "string", + "description": "Name of the broker.\n" + }, + "configuration": { + "$ref": "#/types/aws:mq/BrokerConfiguration:BrokerConfiguration", + "description": "Configuration block for broker configuration. Applies to `engine_type` of `ActiveMQ` only. Detailed below.\n" + }, + "deploymentMode": { + "type": "string", + "description": "Deployment mode of the broker. Valid values are `SINGLE_INSTANCE`, `ACTIVE_STANDBY_MULTI_AZ`, and `CLUSTER_MULTI_AZ`. Default is `SINGLE_INSTANCE`.\n" + }, + "encryptionOptions": { + "$ref": "#/types/aws:mq/BrokerEncryptionOptions:BrokerEncryptionOptions", + "description": "Configuration block containing encryption options. Detailed below.\n" + }, + "engineType": { + "type": "string", + "description": "Type of broker engine. Valid values are `ActiveMQ` and `RabbitMQ`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the broker engine. See the [AmazonMQ Broker Engine docs](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html) for supported versions. For example, `5.15.0`.\n" + }, + "hostInstanceType": { + "type": "string", + "description": "Broker's instance type. For example, `mq.t3.micro`, `mq.m5.large`.\n" + }, + "instances": { + "type": "array", + "items": { + "$ref": "#/types/aws:mq/BrokerInstance:BrokerInstance" + }, + "description": "List of information about allocated brokers (both active & standby).\n* `instances.0.console_url` - The URL of the broker's [ActiveMQ Web Console](http://activemq.apache.org/web-console.html).\n* `instances.0.ip_address` - IP Address of the broker.\n* `instances.0.endpoints` - Broker's wire-level protocol endpoints in the following order & format referenceable e.g. as `instances.0.endpoints.0` (SSL):\n* For `ActiveMQ`:\n* `ssl://broker-id.mq.us-west-2.amazonaws.com:61617`\n* `amqp+ssl://broker-id.mq.us-west-2.amazonaws.com:5671`\n* `stomp+ssl://broker-id.mq.us-west-2.amazonaws.com:61614`\n* `mqtt+ssl://broker-id.mq.us-west-2.amazonaws.com:8883`\n* `wss://broker-id.mq.us-west-2.amazonaws.com:61619`\n* For `RabbitMQ`:\n* `amqps://broker-id.mq.us-west-2.amazonaws.com:5671`\n" + }, + "ldapServerMetadata": { + "$ref": "#/types/aws:mq/BrokerLdapServerMetadata:BrokerLdapServerMetadata", + "description": "Configuration block for the LDAP server used to authenticate and authorize connections to the broker. Not supported for `engine_type` `RabbitMQ`. Detailed below. (Currently, AWS may not process changes to LDAP server metadata.)\n" + }, + "logs": { + "$ref": "#/types/aws:mq/BrokerLogs:BrokerLogs", + "description": "Configuration block for the logging configuration of the broker. Detailed below.\n" + }, + "maintenanceWindowStartTime": { + "$ref": "#/types/aws:mq/BrokerMaintenanceWindowStartTime:BrokerMaintenanceWindowStartTime", + "description": "Configuration block for the maintenance window start time. Detailed below.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Whether to enable connections from applications outside of the VPC that hosts the broker's subnets.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group IDs assigned to the broker.\n" + }, + "storageType": { + "type": "string", + "description": "Storage type of the broker. For `engine_type` `ActiveMQ`, the valid values are `efs` and `ebs`, and the AWS-default is `efs`. For `engine_type` `RabbitMQ`, only `ebs` is supported. When using `ebs`, only the `mq.m5` broker instance type family is supported.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of subnet IDs in which to launch the broker. A `SINGLE_INSTANCE` deployment requires one subnet. An `ACTIVE_STANDBY_MULTI_AZ` deployment requires multiple subnets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the broker. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "users": { + "type": "array", + "items": { + "$ref": "#/types/aws:mq/BrokerUser:BrokerUser" + }, + "description": "Configuration block for broker users. For `engine_type` of `RabbitMQ`, Amazon MQ does not return broker users preventing this resource from making user updates and drift detection. Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:mq/configuration:Configuration": { + "description": "Provides an MQ Configuration Resource.\n\nFor more information on Amazon MQ, see [Amazon MQ documentation](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/welcome.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.mq.Configuration(\"example\", {\n data: `\n\n \n \n \n \n \n\n`,\n description: \"Example Configuration\",\n engineType: \"ActiveMQ\",\n engineVersion: \"5.15.0\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.mq.Configuration(\"example\",\n data=\"\"\"\n\n \n \n \n \n \n\n\n\"\"\",\n description=\"Example Configuration\",\n engine_type=\"ActiveMQ\",\n engine_version=\"5.15.0\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Mq.Configuration(\"example\", new Aws.Mq.ConfigurationArgs\n {\n Data = @\"\n\n \n \n \n \n \n\n\n\",\n Description = \"Example Configuration\",\n EngineType = \"ActiveMQ\",\n EngineVersion = \"5.15.0\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/mq\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := mq.NewConfiguration(ctx, \"example\", &mq.ConfigurationArgs{\n\t\t\tData: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v\", \"\\n\", \"\\n\", \" \\n\", \" \\n\", \" \\n\", \" \\n\", \" \\n\", \"\\n\", \"\\n\")),\n\t\t\tDescription: pulumi.String(\"Example Configuration\"),\n\t\t\tEngineType: pulumi.String(\"ActiveMQ\"),\n\t\t\tEngineVersion: pulumi.String(\"5.15.0\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nMQ Configurations can be imported using the configuration ID, e.g.\n\n```sh\n $ pulumi import aws:mq/configuration:Configuration example c-0187d1eb-88c8-475a-9b79-16ef5a10c94f\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the configuration.\n" + }, + "authenticationStrategy": { + "type": "string", + "description": "Authentication strategy associated with the configuration. Valid values are `simple` and `ldap`. `ldap` is not supported for `engine_type` `RabbitMQ`.\n" + }, + "data": { + "type": "string", + "description": "Broker configuration in XML format. See [official docs](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/amazon-mq-broker-configuration-parameters.html) for supported parameters and format of the XML.\n" + }, + "description": { + "type": "string", + "description": "Description of the configuration.\n" + }, + "engineType": { + "type": "string", + "description": "Type of broker engine. Valid values are `ActiveMQ` and `RabbitMQ`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the broker engine.\n" + }, + "latestRevision": { + "type": "integer", + "description": "Latest revision of the configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "authenticationStrategy", + "data", + "engineType", + "engineVersion", + "latestRevision", + "name", + "tagsAll" + ], + "inputProperties": { + "authenticationStrategy": { + "type": "string", + "description": "Authentication strategy associated with the configuration. Valid values are `simple` and `ldap`. `ldap` is not supported for `engine_type` `RabbitMQ`.\n" + }, + "data": { + "type": "string", + "description": "Broker configuration in XML format. See [official docs](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/amazon-mq-broker-configuration-parameters.html) for supported parameters and format of the XML.\n" + }, + "description": { + "type": "string", + "description": "Description of the configuration.\n" + }, + "engineType": { + "type": "string", + "description": "Type of broker engine. Valid values are `ActiveMQ` and `RabbitMQ`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the broker engine.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "data", + "engineType", + "engineVersion" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Configuration resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the configuration.\n" + }, + "authenticationStrategy": { + "type": "string", + "description": "Authentication strategy associated with the configuration. Valid values are `simple` and `ldap`. `ldap` is not supported for `engine_type` `RabbitMQ`.\n" + }, + "data": { + "type": "string", + "description": "Broker configuration in XML format. See [official docs](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/amazon-mq-broker-configuration-parameters.html) for supported parameters and format of the XML.\n" + }, + "description": { + "type": "string", + "description": "Description of the configuration.\n" + }, + "engineType": { + "type": "string", + "description": "Type of broker engine. Valid values are `ActiveMQ` and `RabbitMQ`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the broker engine.\n" + }, + "latestRevision": { + "type": "integer", + "description": "Latest revision of the configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:msk/cluster:Cluster": { + "description": "Manages AWS Managed Streaming for Kafka cluster\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst vpc = new aws.ec2.Vpc(\"vpc\", {cidrBlock: \"192.168.0.0/22\"});\nconst azs = aws.getAvailabilityZones({\n state: \"available\",\n});\nconst subnetAz1 = new aws.ec2.Subnet(\"subnetAz1\", {\n availabilityZone: azs.then(azs => azs.names?[0]),\n cidrBlock: \"192.168.0.0/24\",\n vpcId: vpc.id,\n});\nconst subnetAz2 = new aws.ec2.Subnet(\"subnetAz2\", {\n availabilityZone: azs.then(azs => azs.names?[1]),\n cidrBlock: \"192.168.1.0/24\",\n vpcId: vpc.id,\n});\nconst subnetAz3 = new aws.ec2.Subnet(\"subnetAz3\", {\n availabilityZone: azs.then(azs => azs.names?[2]),\n cidrBlock: \"192.168.2.0/24\",\n vpcId: vpc.id,\n});\nconst sg = new aws.ec2.SecurityGroup(\"sg\", {vpcId: vpc.id});\nconst kms = new aws.kms.Key(\"kms\", {description: \"example\"});\nconst test = new aws.cloudwatch.LogGroup(\"test\", {});\nconst bucket = new aws.s3.Bucket(\"bucket\", {acl: \"private\"});\nconst firehoseRole = new aws.iam.Role(\"firehoseRole\", {assumeRolePolicy: `{\n\"Version\": \"2012-10-17\",\n\"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"firehose.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"testStream\", {\n destination: \"s3\",\n s3Configuration: {\n roleArn: firehoseRole.arn,\n bucketArn: bucket.arn,\n },\n tags: {\n LogDeliveryEnabled: \"placeholder\",\n },\n});\nconst example = new aws.msk.Cluster(\"example\", {\n kafkaVersion: \"2.4.1\",\n numberOfBrokerNodes: 3,\n brokerNodeGroupInfo: {\n instanceType: \"kafka.m5.large\",\n ebsVolumeSize: 1000,\n clientSubnets: [\n subnetAz1.id,\n subnetAz2.id,\n subnetAz3.id,\n ],\n securityGroups: [sg.id],\n },\n encryptionInfo: {\n encryptionAtRestKmsKeyArn: kms.arn,\n },\n openMonitoring: {\n prometheus: {\n jmxExporter: {\n enabledInBroker: true,\n },\n nodeExporter: {\n enabledInBroker: true,\n },\n },\n },\n loggingInfo: {\n brokerLogs: {\n cloudwatchLogs: {\n enabled: true,\n logGroup: test.name,\n },\n firehose: {\n enabled: true,\n deliveryStream: testStream.name,\n },\n s3: {\n enabled: true,\n bucket: bucket.id,\n prefix: \"logs/msk-\",\n },\n },\n },\n tags: {\n foo: \"bar\",\n },\n});\nexport const zookeeperConnectString = example.zookeeperConnectString;\nexport const bootstrapBrokersTls = example.bootstrapBrokersTls;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nvpc = aws.ec2.Vpc(\"vpc\", cidr_block=\"192.168.0.0/22\")\nazs = aws.get_availability_zones(state=\"available\")\nsubnet_az1 = aws.ec2.Subnet(\"subnetAz1\",\n availability_zone=azs.names[0],\n cidr_block=\"192.168.0.0/24\",\n vpc_id=vpc.id)\nsubnet_az2 = aws.ec2.Subnet(\"subnetAz2\",\n availability_zone=azs.names[1],\n cidr_block=\"192.168.1.0/24\",\n vpc_id=vpc.id)\nsubnet_az3 = aws.ec2.Subnet(\"subnetAz3\",\n availability_zone=azs.names[2],\n cidr_block=\"192.168.2.0/24\",\n vpc_id=vpc.id)\nsg = aws.ec2.SecurityGroup(\"sg\", vpc_id=vpc.id)\nkms = aws.kms.Key(\"kms\", description=\"example\")\ntest = aws.cloudwatch.LogGroup(\"test\")\nbucket = aws.s3.Bucket(\"bucket\", acl=\"private\")\nfirehose_role = aws.iam.Role(\"firehoseRole\", assume_role_policy=\"\"\"{\n\"Version\": \"2012-10-17\",\n\"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"firehose.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"testStream\",\n destination=\"s3\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamS3ConfigurationArgs(\n role_arn=firehose_role.arn,\n bucket_arn=bucket.arn,\n ),\n tags={\n \"LogDeliveryEnabled\": \"placeholder\",\n })\nexample = aws.msk.Cluster(\"example\",\n kafka_version=\"2.4.1\",\n number_of_broker_nodes=3,\n broker_node_group_info=aws.msk.ClusterBrokerNodeGroupInfoArgs(\n instance_type=\"kafka.m5.large\",\n ebs_volume_size=1000,\n client_subnets=[\n subnet_az1.id,\n subnet_az2.id,\n subnet_az3.id,\n ],\n security_groups=[sg.id],\n ),\n encryption_info=aws.msk.ClusterEncryptionInfoArgs(\n encryption_at_rest_kms_key_arn=kms.arn,\n ),\n open_monitoring=aws.msk.ClusterOpenMonitoringArgs(\n prometheus=aws.msk.ClusterOpenMonitoringPrometheusArgs(\n jmx_exporter=aws.msk.ClusterOpenMonitoringPrometheusJmxExporterArgs(\n enabled_in_broker=True,\n ),\n node_exporter=aws.msk.ClusterOpenMonitoringPrometheusNodeExporterArgs(\n enabled_in_broker=True,\n ),\n ),\n ),\n logging_info=aws.msk.ClusterLoggingInfoArgs(\n broker_logs=aws.msk.ClusterLoggingInfoBrokerLogsArgs(\n cloudwatch_logs=aws.msk.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs(\n enabled=True,\n log_group=test.name,\n ),\n firehose=aws.msk.ClusterLoggingInfoBrokerLogsFirehoseArgs(\n enabled=True,\n delivery_stream=test_stream.name,\n ),\n s3=aws.msk.ClusterLoggingInfoBrokerLogsS3Args(\n enabled=True,\n bucket=bucket.id,\n prefix=\"logs/msk-\",\n ),\n ),\n ),\n tags={\n \"foo\": \"bar\",\n })\npulumi.export(\"zookeeperConnectString\", example.zookeeper_connect_string)\npulumi.export(\"bootstrapBrokersTls\", example.bootstrap_brokers_tls)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var vpc = new Aws.Ec2.Vpc(\"vpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"192.168.0.0/22\",\n });\n var azs = Output.Create(Aws.GetAvailabilityZones.InvokeAsync(new Aws.GetAvailabilityZonesArgs\n {\n State = \"available\",\n }));\n var subnetAz1 = new Aws.Ec2.Subnet(\"subnetAz1\", new Aws.Ec2.SubnetArgs\n {\n AvailabilityZone = azs.Apply(azs => azs.Names?[0]),\n CidrBlock = \"192.168.0.0/24\",\n VpcId = vpc.Id,\n });\n var subnetAz2 = new Aws.Ec2.Subnet(\"subnetAz2\", new Aws.Ec2.SubnetArgs\n {\n AvailabilityZone = azs.Apply(azs => azs.Names?[1]),\n CidrBlock = \"192.168.1.0/24\",\n VpcId = vpc.Id,\n });\n var subnetAz3 = new Aws.Ec2.Subnet(\"subnetAz3\", new Aws.Ec2.SubnetArgs\n {\n AvailabilityZone = azs.Apply(azs => azs.Names?[2]),\n CidrBlock = \"192.168.2.0/24\",\n VpcId = vpc.Id,\n });\n var sg = new Aws.Ec2.SecurityGroup(\"sg\", new Aws.Ec2.SecurityGroupArgs\n {\n VpcId = vpc.Id,\n });\n var kms = new Aws.Kms.Key(\"kms\", new Aws.Kms.KeyArgs\n {\n Description = \"example\",\n });\n var test = new Aws.CloudWatch.LogGroup(\"test\", new Aws.CloudWatch.LogGroupArgs\n {\n });\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var firehoseRole = new Aws.Iam.Role(\"firehoseRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n\"\"Version\"\": \"\"2012-10-17\"\",\n\"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"firehose.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"testStream\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"s3\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs\n {\n RoleArn = firehoseRole.Arn,\n BucketArn = bucket.Arn,\n },\n Tags = \n {\n { \"LogDeliveryEnabled\", \"placeholder\" },\n },\n });\n var example = new Aws.Msk.Cluster(\"example\", new Aws.Msk.ClusterArgs\n {\n KafkaVersion = \"2.4.1\",\n NumberOfBrokerNodes = 3,\n BrokerNodeGroupInfo = new Aws.Msk.Inputs.ClusterBrokerNodeGroupInfoArgs\n {\n InstanceType = \"kafka.m5.large\",\n EbsVolumeSize = 1000,\n ClientSubnets = \n {\n subnetAz1.Id,\n subnetAz2.Id,\n subnetAz3.Id,\n },\n SecurityGroups = \n {\n sg.Id,\n },\n },\n EncryptionInfo = new Aws.Msk.Inputs.ClusterEncryptionInfoArgs\n {\n EncryptionAtRestKmsKeyArn = kms.Arn,\n },\n OpenMonitoring = new Aws.Msk.Inputs.ClusterOpenMonitoringArgs\n {\n Prometheus = new Aws.Msk.Inputs.ClusterOpenMonitoringPrometheusArgs\n {\n JmxExporter = new Aws.Msk.Inputs.ClusterOpenMonitoringPrometheusJmxExporterArgs\n {\n EnabledInBroker = true,\n },\n NodeExporter = new Aws.Msk.Inputs.ClusterOpenMonitoringPrometheusNodeExporterArgs\n {\n EnabledInBroker = true,\n },\n },\n },\n LoggingInfo = new Aws.Msk.Inputs.ClusterLoggingInfoArgs\n {\n BrokerLogs = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsArgs\n {\n CloudwatchLogs = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs\n {\n Enabled = true,\n LogGroup = test.Name,\n },\n Firehose = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsFirehoseArgs\n {\n Enabled = true,\n DeliveryStream = testStream.Name,\n },\n S3 = new Aws.Msk.Inputs.ClusterLoggingInfoBrokerLogsS3Args\n {\n Enabled = true,\n Bucket = bucket.Id,\n Prefix = \"logs/msk-\",\n },\n },\n },\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n this.ZookeeperConnectString = example.ZookeeperConnectString;\n this.BootstrapBrokersTls = example.BootstrapBrokersTls;\n }\n\n [Output(\"zookeeperConnectString\")]\n public Output ZookeeperConnectString { get; set; }\n [Output(\"bootstrapBrokersTls\")]\n public Output BootstrapBrokersTls { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/msk\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tvpc, err := ec2.NewVpc(ctx, \"vpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"192.168.0.0/22\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt0 := \"available\"\n\t\tazs, err := aws.GetAvailabilityZones(ctx, &GetAvailabilityZonesArgs{\n\t\t\tState: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetAz1, err := ec2.NewSubnet(ctx, \"subnetAz1\", &ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(azs.Names[0]),\n\t\t\tCidrBlock: pulumi.String(\"192.168.0.0/24\"),\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetAz2, err := ec2.NewSubnet(ctx, \"subnetAz2\", &ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(azs.Names[1]),\n\t\t\tCidrBlock: pulumi.String(\"192.168.1.0/24\"),\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsubnetAz3, err := ec2.NewSubnet(ctx, \"subnetAz3\", &ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(azs.Names[2]),\n\t\t\tCidrBlock: pulumi.String(\"192.168.2.0/24\"),\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsg, err := ec2.NewSecurityGroup(ctx, \"sg\", &ec2.SecurityGroupArgs{\n\t\t\tVpcId: vpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tkms, err := kms.NewKey(ctx, \"kms\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := cloudwatch.NewLogGroup(ctx, \"test\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfirehoseRole, err := iam.NewRole(ctx, \"firehoseRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \"\\\"Version\\\": \\\"2012-10-17\\\",\\n\", \"\\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"firehose.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStream, err := kinesis.NewFirehoseDeliveryStream(ctx, \"testStream\", &kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tDestination: pulumi.String(\"s3\"),\n\t\t\tS3Configuration: &kinesis.FirehoseDeliveryStreamS3ConfigurationArgs{\n\t\t\t\tRoleArn: firehoseRole.Arn,\n\t\t\t\tBucketArn: bucket.Arn,\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"LogDeliveryEnabled\": pulumi.String(\"placeholder\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := msk.NewCluster(ctx, \"example\", &msk.ClusterArgs{\n\t\t\tKafkaVersion: pulumi.String(\"2.4.1\"),\n\t\t\tNumberOfBrokerNodes: pulumi.Int(3),\n\t\t\tBrokerNodeGroupInfo: &msk.ClusterBrokerNodeGroupInfoArgs{\n\t\t\t\tInstanceType: pulumi.String(\"kafka.m5.large\"),\n\t\t\t\tEbsVolumeSize: pulumi.Int(1000),\n\t\t\t\tClientSubnets: pulumi.StringArray{\n\t\t\t\t\tsubnetAz1.ID(),\n\t\t\t\t\tsubnetAz2.ID(),\n\t\t\t\t\tsubnetAz3.ID(),\n\t\t\t\t},\n\t\t\t\tSecurityGroups: pulumi.StringArray{\n\t\t\t\t\tsg.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEncryptionInfo: &msk.ClusterEncryptionInfoArgs{\n\t\t\t\tEncryptionAtRestKmsKeyArn: kms.Arn,\n\t\t\t},\n\t\t\tOpenMonitoring: &msk.ClusterOpenMonitoringArgs{\n\t\t\t\tPrometheus: &msk.ClusterOpenMonitoringPrometheusArgs{\n\t\t\t\t\tJmxExporter: &msk.ClusterOpenMonitoringPrometheusJmxExporterArgs{\n\t\t\t\t\t\tEnabledInBroker: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t\tNodeExporter: &msk.ClusterOpenMonitoringPrometheusNodeExporterArgs{\n\t\t\t\t\t\tEnabledInBroker: pulumi.Bool(true),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLoggingInfo: &msk.ClusterLoggingInfoArgs{\n\t\t\t\tBrokerLogs: &msk.ClusterLoggingInfoBrokerLogsArgs{\n\t\t\t\t\tCloudwatchLogs: &msk.ClusterLoggingInfoBrokerLogsCloudwatchLogsArgs{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tLogGroup: test.Name,\n\t\t\t\t\t},\n\t\t\t\t\tFirehose: &msk.ClusterLoggingInfoBrokerLogsFirehoseArgs{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tDeliveryStream: testStream.Name,\n\t\t\t\t\t},\n\t\t\t\t\tS3: &msk.ClusterLoggingInfoBrokerLogsS3Args{\n\t\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\t\tBucket: bucket.ID(),\n\t\t\t\t\t\tPrefix: pulumi.String(\"logs/msk-\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"zookeeperConnectString\", example.ZookeeperConnectString)\n\t\tctx.Export(\"bootstrapBrokersTls\", example.BootstrapBrokersTls)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nMSK clusters can be imported using the cluster `arn`, e.g.\n\n```sh\n $ pulumi import aws:msk/cluster:Cluster example arn:aws:kafka:us-west-2:123456789012:cluster/example/279c0212-d057-4dba-9aa9-1c4e5a25bfc7-3\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the MSK Configuration to use in the cluster.\n" + }, + "bootstrapBrokers": { + "type": "string", + "description": "Comma separated list of one or more hostname:port pairs of kafka brokers suitable to bootstrap connectivity to the kafka cluster. Contains a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `PLAINTEXT` or `TLS_PLAINTEXT`. The resource sorts values alphabetically. AWS may not always return all endpoints so this value is not guaranteed to be stable across applies.\n" + }, + "bootstrapBrokersSaslIam": { + "type": "string", + "description": "One or more DNS names (or IP addresses) and SASL IAM port pairs. For example, `b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098`. This attribute will have a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `TLS_PLAINTEXT` or `TLS` and `client_authentication.0.sasl.0.iam` is set to `true`. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.\n" + }, + "bootstrapBrokersSaslScram": { + "type": "string", + "description": "One or more DNS names (or IP addresses) and SASL SCRAM port pairs. For example, `b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096`. This attribute will have a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `TLS_PLAINTEXT` or `TLS` and `client_authentication.0.sasl.0.scram` is set to `true`. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.\n" + }, + "bootstrapBrokersTls": { + "type": "string", + "description": "One or more DNS names (or IP addresses) and TLS port pairs. For example, `b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094`. This attribute will have a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `TLS_PLAINTEXT` or `TLS`. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.\n" + }, + "brokerNodeGroupInfo": { + "$ref": "#/types/aws:msk/ClusterBrokerNodeGroupInfo:ClusterBrokerNodeGroupInfo", + "description": "Configuration block for the broker nodes of the Kafka cluster.\n" + }, + "clientAuthentication": { + "$ref": "#/types/aws:msk/ClusterClientAuthentication:ClusterClientAuthentication", + "description": "Configuration block for specifying a client authentication. See below.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the MSK cluster.\n" + }, + "configurationInfo": { + "$ref": "#/types/aws:msk/ClusterConfigurationInfo:ClusterConfigurationInfo", + "description": "Configuration block for specifying a MSK Configuration to attach to Kafka brokers. See below.\n" + }, + "currentVersion": { + "type": "string", + "description": "Current version of the MSK Cluster used for updates, e.g. `K13V1IB3VIYZZH`\n* `encryption_info.0.encryption_at_rest_kms_key_arn` - The ARN of the KMS key used for encryption at rest of the broker data volumes.\n" + }, + "encryptionInfo": { + "$ref": "#/types/aws:msk/ClusterEncryptionInfo:ClusterEncryptionInfo", + "description": "Configuration block for specifying encryption. See below.\n" + }, + "enhancedMonitoring": { + "type": "string", + "description": "Specify the desired enhanced MSK CloudWatch monitoring level. See [Monitoring Amazon MSK with Amazon CloudWatch](https://docs.aws.amazon.com/msk/latest/developerguide/monitoring.html)\n" + }, + "kafkaVersion": { + "type": "string", + "description": "Specify the desired Kafka software version.\n" + }, + "loggingInfo": { + "$ref": "#/types/aws:msk/ClusterLoggingInfo:ClusterLoggingInfo", + "description": "Configuration block for streaming broker logs to Cloudwatch/S3/Kinesis Firehose. See below.\n" + }, + "numberOfBrokerNodes": { + "type": "integer", + "description": "The desired total number of broker nodes in the kafka cluster. It must be a multiple of the number of specified client subnets.\n" + }, + "openMonitoring": { + "$ref": "#/types/aws:msk/ClusterOpenMonitoring:ClusterOpenMonitoring", + "description": "Configuration block for JMX and Node monitoring for the MSK cluster. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "zookeeperConnectString": { + "type": "string", + "description": "A comma separated list of one or more hostname:port pairs to use to connect to the Apache Zookeeper cluster. The returned values are sorted alphbetically. The AWS API may not return all endpoints, so this value is not guaranteed to be stable across applies.\n" + } + }, + "required": [ + "arn", + "bootstrapBrokers", + "bootstrapBrokersSaslIam", + "bootstrapBrokersSaslScram", + "bootstrapBrokersTls", + "brokerNodeGroupInfo", + "clusterName", + "currentVersion", + "kafkaVersion", + "numberOfBrokerNodes", + "tagsAll", + "zookeeperConnectString" + ], + "inputProperties": { + "brokerNodeGroupInfo": { + "$ref": "#/types/aws:msk/ClusterBrokerNodeGroupInfo:ClusterBrokerNodeGroupInfo", + "description": "Configuration block for the broker nodes of the Kafka cluster.\n" + }, + "clientAuthentication": { + "$ref": "#/types/aws:msk/ClusterClientAuthentication:ClusterClientAuthentication", + "description": "Configuration block for specifying a client authentication. See below.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the MSK cluster.\n" + }, + "configurationInfo": { + "$ref": "#/types/aws:msk/ClusterConfigurationInfo:ClusterConfigurationInfo", + "description": "Configuration block for specifying a MSK Configuration to attach to Kafka brokers. See below.\n" + }, + "encryptionInfo": { + "$ref": "#/types/aws:msk/ClusterEncryptionInfo:ClusterEncryptionInfo", + "description": "Configuration block for specifying encryption. See below.\n" + }, + "enhancedMonitoring": { + "type": "string", + "description": "Specify the desired enhanced MSK CloudWatch monitoring level. See [Monitoring Amazon MSK with Amazon CloudWatch](https://docs.aws.amazon.com/msk/latest/developerguide/monitoring.html)\n" + }, + "kafkaVersion": { + "type": "string", + "description": "Specify the desired Kafka software version.\n" + }, + "loggingInfo": { + "$ref": "#/types/aws:msk/ClusterLoggingInfo:ClusterLoggingInfo", + "description": "Configuration block for streaming broker logs to Cloudwatch/S3/Kinesis Firehose. See below.\n" + }, + "numberOfBrokerNodes": { + "type": "integer", + "description": "The desired total number of broker nodes in the kafka cluster. It must be a multiple of the number of specified client subnets.\n" + }, + "openMonitoring": { + "$ref": "#/types/aws:msk/ClusterOpenMonitoring:ClusterOpenMonitoring", + "description": "Configuration block for JMX and Node monitoring for the MSK cluster. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "brokerNodeGroupInfo", + "kafkaVersion", + "numberOfBrokerNodes" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the MSK Configuration to use in the cluster.\n" + }, + "bootstrapBrokers": { + "type": "string", + "description": "Comma separated list of one or more hostname:port pairs of kafka brokers suitable to bootstrap connectivity to the kafka cluster. Contains a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `PLAINTEXT` or `TLS_PLAINTEXT`. The resource sorts values alphabetically. AWS may not always return all endpoints so this value is not guaranteed to be stable across applies.\n" + }, + "bootstrapBrokersSaslIam": { + "type": "string", + "description": "One or more DNS names (or IP addresses) and SASL IAM port pairs. For example, `b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098`. This attribute will have a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `TLS_PLAINTEXT` or `TLS` and `client_authentication.0.sasl.0.iam` is set to `true`. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.\n" + }, + "bootstrapBrokersSaslScram": { + "type": "string", + "description": "One or more DNS names (or IP addresses) and SASL SCRAM port pairs. For example, `b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096`. This attribute will have a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `TLS_PLAINTEXT` or `TLS` and `client_authentication.0.sasl.0.scram` is set to `true`. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.\n" + }, + "bootstrapBrokersTls": { + "type": "string", + "description": "One or more DNS names (or IP addresses) and TLS port pairs. For example, `b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094`. This attribute will have a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `TLS_PLAINTEXT` or `TLS`. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.\n" + }, + "brokerNodeGroupInfo": { + "$ref": "#/types/aws:msk/ClusterBrokerNodeGroupInfo:ClusterBrokerNodeGroupInfo", + "description": "Configuration block for the broker nodes of the Kafka cluster.\n" + }, + "clientAuthentication": { + "$ref": "#/types/aws:msk/ClusterClientAuthentication:ClusterClientAuthentication", + "description": "Configuration block for specifying a client authentication. See below.\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the MSK cluster.\n" + }, + "configurationInfo": { + "$ref": "#/types/aws:msk/ClusterConfigurationInfo:ClusterConfigurationInfo", + "description": "Configuration block for specifying a MSK Configuration to attach to Kafka brokers. See below.\n" + }, + "currentVersion": { + "type": "string", + "description": "Current version of the MSK Cluster used for updates, e.g. `K13V1IB3VIYZZH`\n* `encryption_info.0.encryption_at_rest_kms_key_arn` - The ARN of the KMS key used for encryption at rest of the broker data volumes.\n" + }, + "encryptionInfo": { + "$ref": "#/types/aws:msk/ClusterEncryptionInfo:ClusterEncryptionInfo", + "description": "Configuration block for specifying encryption. See below.\n" + }, + "enhancedMonitoring": { + "type": "string", + "description": "Specify the desired enhanced MSK CloudWatch monitoring level. See [Monitoring Amazon MSK with Amazon CloudWatch](https://docs.aws.amazon.com/msk/latest/developerguide/monitoring.html)\n" + }, + "kafkaVersion": { + "type": "string", + "description": "Specify the desired Kafka software version.\n" + }, + "loggingInfo": { + "$ref": "#/types/aws:msk/ClusterLoggingInfo:ClusterLoggingInfo", + "description": "Configuration block for streaming broker logs to Cloudwatch/S3/Kinesis Firehose. See below.\n" + }, + "numberOfBrokerNodes": { + "type": "integer", + "description": "The desired total number of broker nodes in the kafka cluster. It must be a multiple of the number of specified client subnets.\n" + }, + "openMonitoring": { + "$ref": "#/types/aws:msk/ClusterOpenMonitoring:ClusterOpenMonitoring", + "description": "Configuration block for JMX and Node monitoring for the MSK cluster. See below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "zookeeperConnectString": { + "type": "string", + "description": "A comma separated list of one or more hostname:port pairs to use to connect to the Apache Zookeeper cluster. The returned values are sorted alphbetically. The AWS API may not return all endpoints, so this value is not guaranteed to be stable across applies.\n" + } + }, + "type": "object" + } + }, + "aws:msk/configuration:Configuration": { + "description": "Manages an Amazon Managed Streaming for Kafka configuration. More information can be found on the [MSK Developer Guide](https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.msk.Configuration(\"example\", {\n kafkaVersions: [\"2.1.0\"],\n serverProperties: `auto.create.topics.enable = true\ndelete.topic.enable = true\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.msk.Configuration(\"example\",\n kafka_versions=[\"2.1.0\"],\n server_properties=\"\"\"auto.create.topics.enable = true\ndelete.topic.enable = true\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Msk.Configuration(\"example\", new Aws.Msk.ConfigurationArgs\n {\n KafkaVersions = \n {\n \"2.1.0\",\n },\n ServerProperties = @\"auto.create.topics.enable = true\ndelete.topic.enable = true\n\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/msk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := msk.NewConfiguration(ctx, \"example\", &msk.ConfigurationArgs{\n\t\t\tKafkaVersions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"2.1.0\"),\n\t\t\t},\n\t\t\tServerProperties: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"auto.create.topics.enable = true\\n\", \"delete.topic.enable = true\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nMSK configurations can be imported using the configuration ARN, e.g.\n\n```sh\n $ pulumi import aws:msk/configuration:Configuration example arn:aws:kafka:us-west-2:123456789012:configuration/example/279c0212-d057-4dba-9aa9-1c4e5a25bfc7-3\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the configuration.\n" + }, + "description": { + "type": "string", + "description": "Description of the configuration.\n" + }, + "kafkaVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Apache Kafka versions which can use this configuration.\n" + }, + "latestRevision": { + "type": "integer", + "description": "Latest revision of the configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration.\n" + }, + "serverProperties": { + "type": "string", + "description": "Contents of the server.properties file. Supported properties are documented in the [MSK Developer Guide](https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-properties.html).\n" + } + }, + "required": [ + "arn", + "latestRevision", + "name", + "serverProperties" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the configuration.\n" + }, + "kafkaVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Apache Kafka versions which can use this configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration.\n" + }, + "serverProperties": { + "type": "string", + "description": "Contents of the server.properties file. Supported properties are documented in the [MSK Developer Guide](https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-properties.html).\n" + } + }, + "requiredInputs": [ + "serverProperties" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Configuration resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the configuration.\n" + }, + "description": { + "type": "string", + "description": "Description of the configuration.\n" + }, + "kafkaVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Apache Kafka versions which can use this configuration.\n" + }, + "latestRevision": { + "type": "integer", + "description": "Latest revision of the configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration.\n" + }, + "serverProperties": { + "type": "string", + "description": "Contents of the server.properties file. Supported properties are documented in the [MSK Developer Guide](https://docs.aws.amazon.com/msk/latest/developerguide/msk-configuration-properties.html).\n" + } + }, + "type": "object" + } + }, + "aws:msk/scramSecretAssociation:ScramSecretAssociation": { + "description": "\n\n\n## Import\n\nMSK SCRAM Secret Associations can be imported using the `id` e.g.\n\n```sh\n $ pulumi import aws:msk/scramSecretAssociation:ScramSecretAssociation example arn:aws:kafka:us-west-2:123456789012:cluster/example/279c0212-d057-4dba-9aa9-1c4e5a25bfc7-3\n```\n\n ", + "properties": { + "clusterArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the MSK cluster.\n" + }, + "secretArnLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS Secrets Manager secret ARNs.\n" + } + }, + "required": [ + "clusterArn", + "secretArnLists" + ], + "inputProperties": { + "clusterArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the MSK cluster.\n" + }, + "secretArnLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS Secrets Manager secret ARNs.\n" + } + }, + "requiredInputs": [ + "clusterArn", + "secretArnLists" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ScramSecretAssociation resources.\n", + "properties": { + "clusterArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the MSK cluster.\n" + }, + "secretArnLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS Secrets Manager secret ARNs.\n" + } + }, + "type": "object" + } + }, + "aws:mwaa/environment:Environment": { + "description": "Creates a MWAA Environment resource.\n\n{{% examples %}}\n## Example Usage\n\nA MWAA Environment requires an IAM role (`aws.iam.Role`), two subnets in the private zone (`aws.ec2.Subnet`) and a versioned S3 bucket (`aws.s3.Bucket`).\n{{% /examples %}}\n\n## Import\n\nMWAA Environment can be imported using `Name` e.g.\n\n```sh\n $ pulumi import aws:mwaa/environment:Environment example MyAirflowEnvironment\n```\n\n ", + "properties": { + "airflowConfigurationOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The `airflow_configuration_options` parameter specifies airflow override options. Check the [Official documentation](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-env-variables.html#configuring-env-variables-reference) for all possible configuration options.\n" + }, + "airflowVersion": { + "type": "string", + "description": "Airflow version of your environment, will be set by default to the latest version that MWAA supports.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the MWAA Environment\n" + }, + "createdAt": { + "type": "string", + "description": "The Created At date of the MWAA Environment\n* `logging_configuration[0].[0].cloud_watch_log_group_arn` - Provides the ARN for the CloudWatch group where the logs will be published\n" + }, + "dagS3Path": { + "type": "string", + "description": "The relative path to the DAG folder on your Amazon S3 storage bucket. For example, dags. For more information, see [Importing DAGs on Amazon MWAA](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import.html).\n" + }, + "environmentClass": { + "type": "string", + "description": "Environment class for the cluster. Possible options are `mw1.small`, `mw1.medium`, `mw1.large`. Will be set by default to `mw1.small`. Please check the [AWS Pricing](https://aws.amazon.com/de/managed-workflows-for-apache-airflow/pricing/) for more information about the environment classes.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the task execution role that the Amazon MWAA and its environment can assume. Check the [official AWS documentation](https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html) for the detailed role specification.\n" + }, + "kmsKey": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of your KMS key that you want to use for encryption. Will be set to the ARN of the managed KMS key `aws/airflow` by default. Please check the [Official Documentation](https://docs.aws.amazon.com/mwaa/latest/userguide/custom-keys-certs.html) for more information.\n" + }, + "lastUpdateds": { + "type": "array", + "items": { + "$ref": "#/types/aws:mwaa/EnvironmentLastUpdated:EnvironmentLastUpdated" + } + }, + "loggingConfiguration": { + "$ref": "#/types/aws:mwaa/EnvironmentLoggingConfiguration:EnvironmentLoggingConfiguration", + "description": "The Apache Airflow logs you want to send to Amazon CloudWatch Logs.\n" + }, + "maxWorkers": { + "type": "integer", + "description": "The maximum number of workers that can be automatically scaled up. Value need to be between `1` and `25`. Will be `10` by default.\n" + }, + "minWorkers": { + "type": "integer", + "description": "The minimum number of workers that you want to run in your environment. Will be `1` by default.\n" + }, + "name": { + "type": "string", + "description": "The name of the Apache Airflow Environment\n" + }, + "networkConfiguration": { + "$ref": "#/types/aws:mwaa/EnvironmentNetworkConfiguration:EnvironmentNetworkConfiguration", + "description": "Specifies the network configuration for your Apache Airflow Environment. This includes two private subnets as well as security groups for the Airflow environment. Each subnet requires internet connection, otherwise the deployment will fail. See Network configuration below for details.\n" + }, + "pluginsS3ObjectVersion": { + "type": "string", + "description": "The plugins.zip file version you want to use.\n" + }, + "pluginsS3Path": { + "type": "string", + "description": "The relative path to the plugins.zip file on your Amazon S3 storage bucket. For example, plugins.zip. If a relative path is provided in the request, then plugins_s3_object_version is required. For more information, see [Importing DAGs on Amazon MWAA](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import.html).\n" + }, + "requirementsS3ObjectVersion": { + "type": "string", + "description": "The requirements.txt file version you want to use.\n" + }, + "requirementsS3Path": { + "type": "string", + "description": "The relative path to the requirements.txt file on your Amazon S3 storage bucket. For example, requirements.txt. If a relative path is provided in the request, then requirements_s3_object_version is required. For more information, see [Importing DAGs on Amazon MWAA](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import.html).\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The Service Role ARN of the Amazon MWAA Environment\n" + }, + "sourceBucketArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of your Amazon S3 storage bucket. For example, arn:aws:s3:::airflow-mybucketname.\n" + }, + "status": { + "type": "string", + "description": "The status of the Amazon MWAA Environment\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "webserverAccessMode": { + "type": "string", + "description": "Specifies whether the webserver should be accessible over the internet or via your specified VPC. Possible options: `PRIVATE_ONLY` (default) and `PUBLIC_ONLY`.\n" + }, + "webserverUrl": { + "type": "string", + "description": "The webserver URL of the MWAA Environment\n" + }, + "weeklyMaintenanceWindowStart": { + "type": "string", + "description": "Specifies the start date for the weekly maintenance window.\n" + } + }, + "required": [ + "airflowVersion", + "arn", + "createdAt", + "dagS3Path", + "environmentClass", + "executionRoleArn", + "lastUpdateds", + "loggingConfiguration", + "maxWorkers", + "minWorkers", + "name", + "networkConfiguration", + "pluginsS3ObjectVersion", + "requirementsS3ObjectVersion", + "serviceRoleArn", + "sourceBucketArn", + "status", + "tagsAll", + "webserverAccessMode", + "webserverUrl", + "weeklyMaintenanceWindowStart" + ], + "inputProperties": { + "airflowConfigurationOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The `airflow_configuration_options` parameter specifies airflow override options. Check the [Official documentation](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-env-variables.html#configuring-env-variables-reference) for all possible configuration options.\n" + }, + "airflowVersion": { + "type": "string", + "description": "Airflow version of your environment, will be set by default to the latest version that MWAA supports.\n" + }, + "dagS3Path": { + "type": "string", + "description": "The relative path to the DAG folder on your Amazon S3 storage bucket. For example, dags. For more information, see [Importing DAGs on Amazon MWAA](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import.html).\n" + }, + "environmentClass": { + "type": "string", + "description": "Environment class for the cluster. Possible options are `mw1.small`, `mw1.medium`, `mw1.large`. Will be set by default to `mw1.small`. Please check the [AWS Pricing](https://aws.amazon.com/de/managed-workflows-for-apache-airflow/pricing/) for more information about the environment classes.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the task execution role that the Amazon MWAA and its environment can assume. Check the [official AWS documentation](https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html) for the detailed role specification.\n" + }, + "kmsKey": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of your KMS key that you want to use for encryption. Will be set to the ARN of the managed KMS key `aws/airflow` by default. Please check the [Official Documentation](https://docs.aws.amazon.com/mwaa/latest/userguide/custom-keys-certs.html) for more information.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:mwaa/EnvironmentLoggingConfiguration:EnvironmentLoggingConfiguration", + "description": "The Apache Airflow logs you want to send to Amazon CloudWatch Logs.\n" + }, + "maxWorkers": { + "type": "integer", + "description": "The maximum number of workers that can be automatically scaled up. Value need to be between `1` and `25`. Will be `10` by default.\n" + }, + "minWorkers": { + "type": "integer", + "description": "The minimum number of workers that you want to run in your environment. Will be `1` by default.\n" + }, + "name": { + "type": "string", + "description": "The name of the Apache Airflow Environment\n" + }, + "networkConfiguration": { + "$ref": "#/types/aws:mwaa/EnvironmentNetworkConfiguration:EnvironmentNetworkConfiguration", + "description": "Specifies the network configuration for your Apache Airflow Environment. This includes two private subnets as well as security groups for the Airflow environment. Each subnet requires internet connection, otherwise the deployment will fail. See Network configuration below for details.\n" + }, + "pluginsS3ObjectVersion": { + "type": "string", + "description": "The plugins.zip file version you want to use.\n" + }, + "pluginsS3Path": { + "type": "string", + "description": "The relative path to the plugins.zip file on your Amazon S3 storage bucket. For example, plugins.zip. If a relative path is provided in the request, then plugins_s3_object_version is required. For more information, see [Importing DAGs on Amazon MWAA](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import.html).\n" + }, + "requirementsS3ObjectVersion": { + "type": "string", + "description": "The requirements.txt file version you want to use.\n" + }, + "requirementsS3Path": { + "type": "string", + "description": "The relative path to the requirements.txt file on your Amazon S3 storage bucket. For example, requirements.txt. If a relative path is provided in the request, then requirements_s3_object_version is required. For more information, see [Importing DAGs on Amazon MWAA](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import.html).\n" + }, + "sourceBucketArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of your Amazon S3 storage bucket. For example, arn:aws:s3:::airflow-mybucketname.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "webserverAccessMode": { + "type": "string", + "description": "Specifies whether the webserver should be accessible over the internet or via your specified VPC. Possible options: `PRIVATE_ONLY` (default) and `PUBLIC_ONLY`.\n" + }, + "weeklyMaintenanceWindowStart": { + "type": "string", + "description": "Specifies the start date for the weekly maintenance window.\n" + } + }, + "requiredInputs": [ + "dagS3Path", + "executionRoleArn", + "networkConfiguration", + "sourceBucketArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Environment resources.\n", + "properties": { + "airflowConfigurationOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The `airflow_configuration_options` parameter specifies airflow override options. Check the [Official documentation](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-env-variables.html#configuring-env-variables-reference) for all possible configuration options.\n" + }, + "airflowVersion": { + "type": "string", + "description": "Airflow version of your environment, will be set by default to the latest version that MWAA supports.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the MWAA Environment\n" + }, + "createdAt": { + "type": "string", + "description": "The Created At date of the MWAA Environment\n* `logging_configuration[0].[0].cloud_watch_log_group_arn` - Provides the ARN for the CloudWatch group where the logs will be published\n" + }, + "dagS3Path": { + "type": "string", + "description": "The relative path to the DAG folder on your Amazon S3 storage bucket. For example, dags. For more information, see [Importing DAGs on Amazon MWAA](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import.html).\n" + }, + "environmentClass": { + "type": "string", + "description": "Environment class for the cluster. Possible options are `mw1.small`, `mw1.medium`, `mw1.large`. Will be set by default to `mw1.small`. Please check the [AWS Pricing](https://aws.amazon.com/de/managed-workflows-for-apache-airflow/pricing/) for more information about the environment classes.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the task execution role that the Amazon MWAA and its environment can assume. Check the [official AWS documentation](https://docs.aws.amazon.com/mwaa/latest/userguide/mwaa-create-role.html) for the detailed role specification.\n" + }, + "kmsKey": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of your KMS key that you want to use for encryption. Will be set to the ARN of the managed KMS key `aws/airflow` by default. Please check the [Official Documentation](https://docs.aws.amazon.com/mwaa/latest/userguide/custom-keys-certs.html) for more information.\n" + }, + "lastUpdateds": { + "type": "array", + "items": { + "$ref": "#/types/aws:mwaa/EnvironmentLastUpdated:EnvironmentLastUpdated" + } + }, + "loggingConfiguration": { + "$ref": "#/types/aws:mwaa/EnvironmentLoggingConfiguration:EnvironmentLoggingConfiguration", + "description": "The Apache Airflow logs you want to send to Amazon CloudWatch Logs.\n" + }, + "maxWorkers": { + "type": "integer", + "description": "The maximum number of workers that can be automatically scaled up. Value need to be between `1` and `25`. Will be `10` by default.\n" + }, + "minWorkers": { + "type": "integer", + "description": "The minimum number of workers that you want to run in your environment. Will be `1` by default.\n" + }, + "name": { + "type": "string", + "description": "The name of the Apache Airflow Environment\n" + }, + "networkConfiguration": { + "$ref": "#/types/aws:mwaa/EnvironmentNetworkConfiguration:EnvironmentNetworkConfiguration", + "description": "Specifies the network configuration for your Apache Airflow Environment. This includes two private subnets as well as security groups for the Airflow environment. Each subnet requires internet connection, otherwise the deployment will fail. See Network configuration below for details.\n" + }, + "pluginsS3ObjectVersion": { + "type": "string", + "description": "The plugins.zip file version you want to use.\n" + }, + "pluginsS3Path": { + "type": "string", + "description": "The relative path to the plugins.zip file on your Amazon S3 storage bucket. For example, plugins.zip. If a relative path is provided in the request, then plugins_s3_object_version is required. For more information, see [Importing DAGs on Amazon MWAA](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import.html).\n" + }, + "requirementsS3ObjectVersion": { + "type": "string", + "description": "The requirements.txt file version you want to use.\n" + }, + "requirementsS3Path": { + "type": "string", + "description": "The relative path to the requirements.txt file on your Amazon S3 storage bucket. For example, requirements.txt. If a relative path is provided in the request, then requirements_s3_object_version is required. For more information, see [Importing DAGs on Amazon MWAA](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-import.html).\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The Service Role ARN of the Amazon MWAA Environment\n" + }, + "sourceBucketArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of your Amazon S3 storage bucket. For example, arn:aws:s3:::airflow-mybucketname.\n" + }, + "status": { + "type": "string", + "description": "The status of the Amazon MWAA Environment\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "webserverAccessMode": { + "type": "string", + "description": "Specifies whether the webserver should be accessible over the internet or via your specified VPC. Possible options: `PRIVATE_ONLY` (default) and `PUBLIC_ONLY`.\n" + }, + "webserverUrl": { + "type": "string", + "description": "The webserver URL of the MWAA Environment\n" + }, + "weeklyMaintenanceWindowStart": { + "type": "string", + "description": "Specifies the start date for the weekly maintenance window.\n" + } + }, + "type": "object" + } + }, + "aws:neptune/cluster:Cluster": { + "description": "Provides an Neptune Cluster Resource. A Cluster Resource defines attributes that are\napplied to the entire cluster of Neptune Cluster Instances.\n\nChanges to a Neptune Cluster can occur when you manually change a\nparameter, such as `backup_retention_period`, and are reflected in the next maintenance\nwindow. Because of this, this provider may report a difference in its planning\nphase because a modification has not yet taken place. You can use the\n`apply_immediately` flag to instruct the service to apply the change immediately\n(see documentation below).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultCluster = new aws.neptune.Cluster(\"default\", {\n applyImmediately: true,\n backupRetentionPeriod: 5,\n clusterIdentifier: \"neptune-cluster-demo\",\n engine: \"neptune\",\n iamDatabaseAuthenticationEnabled: true,\n preferredBackupWindow: \"07:00-09:00\",\n skipFinalSnapshot: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.neptune.Cluster(\"default\",\n apply_immediately=True,\n backup_retention_period=5,\n cluster_identifier=\"neptune-cluster-demo\",\n engine=\"neptune\",\n iam_database_authentication_enabled=True,\n preferred_backup_window=\"07:00-09:00\",\n skip_final_snapshot=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Neptune.Cluster(\"default\", new Aws.Neptune.ClusterArgs\n {\n ApplyImmediately = true,\n BackupRetentionPeriod = 5,\n ClusterIdentifier = \"neptune-cluster-demo\",\n Engine = \"neptune\",\n IamDatabaseAuthenticationEnabled = true,\n PreferredBackupWindow = \"07:00-09:00\",\n SkipFinalSnapshot = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := neptune.NewCluster(ctx, \"_default\", &neptune.ClusterArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tClusterIdentifier: pulumi.String(\"neptune-cluster-demo\"),\n\t\t\tEngine: pulumi.String(\"neptune\"),\n\t\t\tIamDatabaseAuthenticationEnabled: pulumi.Bool(true),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n> **Note:** AWS Neptune does not support user name/password–based access control.\nSee the AWS [Docs](https://docs.aws.amazon.com/neptune/latest/userguide/limits.html) for more information.\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_neptune_cluster` can be imported by using the cluster identifier, e.g.\n\n```sh\n $ pulumi import aws:neptune/cluster:Cluster example my-cluster\n```\n\n ", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false`.\n" + }, + "arn": { + "type": "string", + "description": "The Neptune Cluster Amazon Resource Name (ARN)\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 Availability Zones that instances in the Neptune cluster can be created in.\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Default `1`\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "clusterIdentifierPrefix": { + "type": "string", + "description": "Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifier`.\n" + }, + "clusterMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Neptune Instances that are a part of this cluster\n" + }, + "clusterResourceId": { + "type": "string", + "description": "The Neptune Cluster Resource ID\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "If set to true, tags are copied to any snapshot of the DB cluster that is created.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "A value that indicates whether the DB cluster has deletion protection enabled.The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled.\n" + }, + "enableCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports `audit`.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address of the Neptune instance\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for this Neptune cluster. Defaults to `neptune`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final Neptune snapshot when this Neptune cluster is deleted. If omitted, no final snapshot will be made.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The Route53 Hosted Zone ID of the endpoint\n" + }, + "iamDatabaseAuthenticationEnabled": { + "type": "boolean", + "description": "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled.\n" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A List of ARNs for the IAM roles to associate to the Neptune Cluster.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_arn`, `storage_encrypted` needs to be set to true.\n" + }, + "neptuneClusterParameterGroupName": { + "type": "string", + "description": "A cluster parameter group to associate with the cluster.\n" + }, + "neptuneSubnetGroupName": { + "type": "string", + "description": "A Neptune subnet group to associate with this Neptune instance.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the Neptune accepts connections. Default is `8182`.\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter. Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30\n" + }, + "readerEndpoint": { + "type": "string", + "description": "A read-only endpoint for the Neptune cluster, automatically load-balanced across replicas\n" + }, + "replicationSourceIdentifier": { + "type": "string", + "description": "ARN of a source Neptune cluster or Neptune instance if this Neptune cluster is to be created as a Read Replica.\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final Neptune snapshot is created before the Neptune cluster is deleted. If true is specified, no Neptune snapshot is created. If false is specified, a Neptune snapshot is created before the Neptune cluster is deleted, using the value from `final_snapshot_identifier`. Default is `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a Neptune cluster snapshot, or the ARN when specifying a Neptune snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the Neptune cluster is encrypted. The default is `false` if not specified.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the Neptune cluster. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to associate with the Cluster\n" + } + }, + "required": [ + "applyImmediately", + "arn", + "availabilityZones", + "clusterIdentifier", + "clusterIdentifierPrefix", + "clusterMembers", + "clusterResourceId", + "endpoint", + "engineVersion", + "hostedZoneId", + "kmsKeyArn", + "neptuneSubnetGroupName", + "preferredBackupWindow", + "preferredMaintenanceWindow", + "readerEndpoint", + "tagsAll", + "vpcSecurityGroupIds" + ], + "inputProperties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false`.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 Availability Zones that instances in the Neptune cluster can be created in.\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Default `1`\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "clusterIdentifierPrefix": { + "type": "string", + "description": "Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifier`.\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "If set to true, tags are copied to any snapshot of the DB cluster that is created.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "A value that indicates whether the DB cluster has deletion protection enabled.The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled.\n" + }, + "enableCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports `audit`.\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for this Neptune cluster. Defaults to `neptune`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final Neptune snapshot when this Neptune cluster is deleted. If omitted, no final snapshot will be made.\n" + }, + "iamDatabaseAuthenticationEnabled": { + "type": "boolean", + "description": "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled.\n" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A List of ARNs for the IAM roles to associate to the Neptune Cluster.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_arn`, `storage_encrypted` needs to be set to true.\n" + }, + "neptuneClusterParameterGroupName": { + "type": "string", + "description": "A cluster parameter group to associate with the cluster.\n" + }, + "neptuneSubnetGroupName": { + "type": "string", + "description": "A Neptune subnet group to associate with this Neptune instance.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the Neptune accepts connections. Default is `8182`.\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter. Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30\n" + }, + "replicationSourceIdentifier": { + "type": "string", + "description": "ARN of a source Neptune cluster or Neptune instance if this Neptune cluster is to be created as a Read Replica.\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final Neptune snapshot is created before the Neptune cluster is deleted. If true is specified, no Neptune snapshot is created. If false is specified, a Neptune snapshot is created before the Neptune cluster is deleted, using the value from `final_snapshot_identifier`. Default is `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a Neptune cluster snapshot, or the ARN when specifying a Neptune snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the Neptune cluster is encrypted. The default is `false` if not specified.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the Neptune cluster. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to associate with the Cluster\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false`.\n" + }, + "arn": { + "type": "string", + "description": "The Neptune Cluster Amazon Resource Name (ARN)\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 Availability Zones that instances in the Neptune cluster can be created in.\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Default `1`\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "clusterIdentifierPrefix": { + "type": "string", + "description": "Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifier`.\n" + }, + "clusterMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Neptune Instances that are a part of this cluster\n" + }, + "clusterResourceId": { + "type": "string", + "description": "The Neptune Cluster Resource ID\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "If set to true, tags are copied to any snapshot of the DB cluster that is created.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "A value that indicates whether the DB cluster has deletion protection enabled.The database can't be deleted when deletion protection is enabled. By default, deletion protection is disabled.\n" + }, + "enableCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the log types this DB cluster is configured to export to Cloudwatch Logs. Currently only supports `audit`.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address of the Neptune instance\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for this Neptune cluster. Defaults to `neptune`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final Neptune snapshot when this Neptune cluster is deleted. If omitted, no final snapshot will be made.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The Route53 Hosted Zone ID of the endpoint\n" + }, + "iamDatabaseAuthenticationEnabled": { + "type": "boolean", + "description": "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled.\n" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A List of ARNs for the IAM roles to associate to the Neptune Cluster.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_arn`, `storage_encrypted` needs to be set to true.\n" + }, + "neptuneClusterParameterGroupName": { + "type": "string", + "description": "A cluster parameter group to associate with the cluster.\n" + }, + "neptuneSubnetGroupName": { + "type": "string", + "description": "A Neptune subnet group to associate with this Neptune instance.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the Neptune accepts connections. Default is `8182`.\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter. Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30\n" + }, + "readerEndpoint": { + "type": "string", + "description": "A read-only endpoint for the Neptune cluster, automatically load-balanced across replicas\n" + }, + "replicationSourceIdentifier": { + "type": "string", + "description": "ARN of a source Neptune cluster or Neptune instance if this Neptune cluster is to be created as a Read Replica.\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final Neptune snapshot is created before the Neptune cluster is deleted. If true is specified, no Neptune snapshot is created. If false is specified, a Neptune snapshot is created before the Neptune cluster is deleted, using the value from `final_snapshot_identifier`. Default is `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a Neptune cluster snapshot, or the ARN when specifying a Neptune snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the Neptune cluster is encrypted. The default is `false` if not specified.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the Neptune cluster. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to associate with the Cluster\n" + } + }, + "type": "object" + } + }, + "aws:neptune/clusterEndpoint:ClusterEndpoint": { + "description": "Provides an Neptune Cluster Endpoint Resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.neptune.ClusterEndpoint(\"example\", {\n clusterIdentifier: aws_neptune_cluster.test.cluster_identifier,\n clusterEndpointIdentifier: \"example\",\n endpointType: \"READER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.neptune.ClusterEndpoint(\"example\",\n cluster_identifier=aws_neptune_cluster[\"test\"][\"cluster_identifier\"],\n cluster_endpoint_identifier=\"example\",\n endpoint_type=\"READER\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Neptune.ClusterEndpoint(\"example\", new Aws.Neptune.ClusterEndpointArgs\n {\n ClusterIdentifier = aws_neptune_cluster.Test.Cluster_identifier,\n ClusterEndpointIdentifier = \"example\",\n EndpointType = \"READER\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := neptune.NewClusterEndpoint(ctx, \"example\", &neptune.ClusterEndpointArgs{\n\t\t\tClusterIdentifier: pulumi.Any(aws_neptune_cluster.Test.Cluster_identifier),\n\t\t\tClusterEndpointIdentifier: pulumi.String(\"example\"),\n\t\t\tEndpointType: pulumi.String(\"READER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_neptune_cluster_endpoint` can be imported by using the `cluster-identifier:endpoint-identfier`, e.g.\n\n```sh\n $ pulumi import aws:neptune/clusterEndpoint:ClusterEndpoint example my-cluster:my-endpoint\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Neptune Cluster Endpoint Amazon Resource Name (ARN).\n" + }, + "clusterEndpointIdentifier": { + "type": "string" + }, + "clusterIdentifier": { + "type": "string", + "description": "The DB cluster identifier of the DB cluster associated with the endpoint.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address of the endpoint.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of the endpoint. One of: `READER`, `WRITER`, `ANY`.\n" + }, + "excludedMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that aren't part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. Only relevant if the list of static members is empty.\n" + }, + "staticMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that are part of the custom endpoint group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the Neptune cluster. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "clusterEndpointIdentifier", + "clusterIdentifier", + "endpoint", + "endpointType", + "tagsAll" + ], + "inputProperties": { + "clusterEndpointIdentifier": { + "type": "string" + }, + "clusterIdentifier": { + "type": "string", + "description": "The DB cluster identifier of the DB cluster associated with the endpoint.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of the endpoint. One of: `READER`, `WRITER`, `ANY`.\n" + }, + "excludedMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that aren't part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. Only relevant if the list of static members is empty.\n" + }, + "staticMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that are part of the custom endpoint group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the Neptune cluster. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "clusterEndpointIdentifier", + "clusterIdentifier", + "endpointType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterEndpoint resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Neptune Cluster Endpoint Amazon Resource Name (ARN).\n" + }, + "clusterEndpointIdentifier": { + "type": "string" + }, + "clusterIdentifier": { + "type": "string", + "description": "The DB cluster identifier of the DB cluster associated with the endpoint.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address of the endpoint.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of the endpoint. One of: `READER`, `WRITER`, `ANY`.\n" + }, + "excludedMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that aren't part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. Only relevant if the list of static members is empty.\n" + }, + "staticMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that are part of the custom endpoint group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the Neptune cluster. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:neptune/clusterInstance:ClusterInstance": { + "description": "A Cluster Instance Resource defines attributes that are specific to a single instance in a Neptune Cluster.\n\nYou can simply add neptune instances and Neptune manages the replication. You can use the [count](https://www.terraform.io/docs/configuration/meta-arguments/count.html)\nmeta-parameter to make multiple instances and join them all to the same Neptune Cluster, or you may specify different Cluster Instance resources with various `instance_class` sizes.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example will create a neptune cluster with two neptune instances(one writer and one reader).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.neptune.Cluster(\"default\", {\n clusterIdentifier: \"neptune-cluster-demo\",\n engine: \"neptune\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n skipFinalSnapshot: true,\n iamDatabaseAuthenticationEnabled: true,\n applyImmediately: true,\n});\nconst example: aws.neptune.ClusterInstance[];\nfor (const range = {value: 0}; range.value < 2; range.value++) {\n example.push(new aws.neptune.ClusterInstance(`example-${range.value}`, {\n clusterIdentifier: _default.id,\n engine: \"neptune\",\n instanceClass: \"db.r4.large\",\n applyImmediately: true,\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.neptune.Cluster(\"default\",\n cluster_identifier=\"neptune-cluster-demo\",\n engine=\"neptune\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\",\n skip_final_snapshot=True,\n iam_database_authentication_enabled=True,\n apply_immediately=True)\nexample = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n example.append(aws.neptune.ClusterInstance(f\"example-{range['value']}\",\n cluster_identifier=default.id,\n engine=\"neptune\",\n instance_class=\"db.r4.large\",\n apply_immediately=True))\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Neptune.Cluster(\"default\", new Aws.Neptune.ClusterArgs\n {\n ClusterIdentifier = \"neptune-cluster-demo\",\n Engine = \"neptune\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n SkipFinalSnapshot = true,\n IamDatabaseAuthenticationEnabled = true,\n ApplyImmediately = true,\n });\n var example = new List();\n for (var rangeIndex = 0; rangeIndex < 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n example.Add(new Aws.Neptune.ClusterInstance($\"example-{range.Value}\", new Aws.Neptune.ClusterInstanceArgs\n {\n ClusterIdentifier = @default.Id,\n Engine = \"neptune\",\n InstanceClass = \"db.r4.large\",\n ApplyImmediately = true,\n }));\n }\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := neptune.NewCluster(ctx, \"_default\", &neptune.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"neptune-cluster-demo\"),\n\t\t\tEngine: pulumi.String(\"neptune\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tIamDatabaseAuthenticationEnabled: pulumi.Bool(true),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar example []*neptune.ClusterInstance\n\t\tfor key0, _ := range 2 {\n\t\t\t__res, err := neptune.NewClusterInstance(ctx, fmt.Sprintf(\"example-%v\", key0), &neptune.ClusterInstanceArgs{\n\t\t\t\tClusterIdentifier: _default.ID(),\n\t\t\t\tEngine: pulumi.String(\"neptune\"),\n\t\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\texample = append(example, __res)\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_neptune_cluster_instance` can be imported by using the instance identifier, e.g.\n\n```sh\n $ pulumi import aws:neptune/clusterInstance:ClusterInstance example my-instance\n```\n\n ", + "properties": { + "address": { + "type": "string", + "description": "The hostname of the instance. See also `endpoint` and `port`.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any instance modifications\nare applied immediately, or during the next maintenance window. Default is`false`.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of neptune instance\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the instance during the maintenance window. Default is `true`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the neptune instance is created in.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The identifier of the `aws.neptune.Cluster` in which to launch this instance.\n" + }, + "dbiResourceId": { + "type": "string", + "description": "The region-unique, immutable identifier for the neptune instance.\n" + }, + "endpoint": { + "type": "string", + "description": "The connection endpoint in `address:port` format.\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for the neptune instance. Defaults to `neptune`. Valid Values: `neptune`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The neptune engine version.\n" + }, + "identifier": { + "type": "string", + "description": "The identifier for the neptune instance, if omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "description": "The instance class to use.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN for the KMS encryption key if one is set to the neptune cluster.\n" + }, + "neptuneParameterGroupName": { + "type": "string", + "description": "The name of the neptune parameter group to associate with this instance.\n" + }, + "neptuneSubnetGroupName": { + "type": "string", + "description": "A subnet group to associate with this neptune instance. **NOTE:** This must match the `neptune_subnet_group_name` of the attached `aws.neptune.Cluster`.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections. Defaults to `8182`.\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled. Eg: \"04:00-09:00\"\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\".\n" + }, + "promotionTier": { + "type": "integer", + "description": "Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Bool to control if instance is publicly accessible. Default is `false`.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the neptune cluster is encrypted.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the instance. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "writer": { + "type": "boolean", + "description": "Boolean indicating if this instance is writable. `False` indicates this instance is a read replica.\n" + } + }, + "required": [ + "address", + "applyImmediately", + "arn", + "availabilityZone", + "clusterIdentifier", + "dbiResourceId", + "endpoint", + "engineVersion", + "identifier", + "identifierPrefix", + "instanceClass", + "kmsKeyArn", + "neptuneSubnetGroupName", + "preferredBackupWindow", + "preferredMaintenanceWindow", + "storageEncrypted", + "tagsAll", + "writer" + ], + "inputProperties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any instance modifications\nare applied immediately, or during the next maintenance window. Default is`false`.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the instance during the maintenance window. Default is `true`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the neptune instance is created in.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The identifier of the `aws.neptune.Cluster` in which to launch this instance.\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for the neptune instance. Defaults to `neptune`. Valid Values: `neptune`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The neptune engine version.\n" + }, + "identifier": { + "type": "string", + "description": "The identifier for the neptune instance, if omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "description": "The instance class to use.\n" + }, + "neptuneParameterGroupName": { + "type": "string", + "description": "The name of the neptune parameter group to associate with this instance.\n" + }, + "neptuneSubnetGroupName": { + "type": "string", + "description": "A subnet group to associate with this neptune instance. **NOTE:** This must match the `neptune_subnet_group_name` of the attached `aws.neptune.Cluster`.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections. Defaults to `8182`.\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled. Eg: \"04:00-09:00\"\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\".\n" + }, + "promotionTier": { + "type": "integer", + "description": "Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Bool to control if instance is publicly accessible. Default is `false`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the instance. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "clusterIdentifier", + "instanceClass" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterInstance resources.\n", + "properties": { + "address": { + "type": "string", + "description": "The hostname of the instance. See also `endpoint` and `port`.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any instance modifications\nare applied immediately, or during the next maintenance window. Default is`false`.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of neptune instance\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the instance during the maintenance window. Default is `true`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the neptune instance is created in.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The identifier of the `aws.neptune.Cluster` in which to launch this instance.\n" + }, + "dbiResourceId": { + "type": "string", + "description": "The region-unique, immutable identifier for the neptune instance.\n" + }, + "endpoint": { + "type": "string", + "description": "The connection endpoint in `address:port` format.\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for the neptune instance. Defaults to `neptune`. Valid Values: `neptune`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The neptune engine version.\n" + }, + "identifier": { + "type": "string", + "description": "The identifier for the neptune instance, if omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "description": "The instance class to use.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN for the KMS encryption key if one is set to the neptune cluster.\n" + }, + "neptuneParameterGroupName": { + "type": "string", + "description": "The name of the neptune parameter group to associate with this instance.\n" + }, + "neptuneSubnetGroupName": { + "type": "string", + "description": "A subnet group to associate with this neptune instance. **NOTE:** This must match the `neptune_subnet_group_name` of the attached `aws.neptune.Cluster`.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections. Defaults to `8182`.\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled. Eg: \"04:00-09:00\"\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\".\n" + }, + "promotionTier": { + "type": "integer", + "description": "Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoter to writer.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Bool to control if instance is publicly accessible. Default is `false`.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the neptune cluster is encrypted.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the instance. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "writer": { + "type": "boolean", + "description": "Boolean indicating if this instance is writable. `False` indicates this instance is a read replica.\n" + } + }, + "type": "object" + } + }, + "aws:neptune/clusterParameterGroup:ClusterParameterGroup": { + "description": "Manages a Neptune Cluster Parameter Group\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.neptune.ClusterParameterGroup(\"example\", {\n description: \"neptune cluster parameter group\",\n family: \"neptune1\",\n parameters: [{\n name: \"neptune_enable_audit_log\",\n value: \"1\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.neptune.ClusterParameterGroup(\"example\",\n description=\"neptune cluster parameter group\",\n family=\"neptune1\",\n parameters=[aws.neptune.ClusterParameterGroupParameterArgs(\n name=\"neptune_enable_audit_log\",\n value=\"1\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Neptune.ClusterParameterGroup(\"example\", new Aws.Neptune.ClusterParameterGroupArgs\n {\n Description = \"neptune cluster parameter group\",\n Family = \"neptune1\",\n Parameters = \n {\n new Aws.Neptune.Inputs.ClusterParameterGroupParameterArgs\n {\n Name = \"neptune_enable_audit_log\",\n Value = \"1\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := neptune.NewClusterParameterGroup(ctx, \"example\", &neptune.ClusterParameterGroupArgs{\n\t\t\tDescription: pulumi.String(\"neptune cluster parameter group\"),\n\t\t\tFamily: pulumi.String(\"neptune1\"),\n\t\t\tParameters: neptune.ClusterParameterGroupParameterArray{\n\t\t\t\t&neptune.ClusterParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"neptune_enable_audit_log\"),\n\t\t\t\t\tValue: pulumi.String(\"1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nNeptune Cluster Parameter Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:neptune/clusterParameterGroup:ClusterParameterGroup cluster_pg production-pg-1\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the neptune cluster parameter group.\n" + }, + "description": { + "type": "string", + "description": "The description of the neptune cluster parameter group. Defaults to \"Managed by Pulumi\".\n" + }, + "family": { + "type": "string", + "description": "The family of the neptune cluster parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the neptune parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:neptune/ClusterParameterGroupParameter:ClusterParameterGroupParameter" + }, + "description": "A list of neptune parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "family", + "name", + "namePrefix", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the neptune cluster parameter group. Defaults to \"Managed by Pulumi\".\n" + }, + "family": { + "type": "string", + "description": "The family of the neptune cluster parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the neptune parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:neptune/ClusterParameterGroupParameter:ClusterParameterGroupParameter" + }, + "description": "A list of neptune parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "family" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterParameterGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the neptune cluster parameter group.\n" + }, + "description": { + "type": "string", + "description": "The description of the neptune cluster parameter group. Defaults to \"Managed by Pulumi\".\n" + }, + "family": { + "type": "string", + "description": "The family of the neptune cluster parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the neptune parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:neptune/ClusterParameterGroupParameter:ClusterParameterGroupParameter" + }, + "description": "A list of neptune parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:neptune/clusterSnapshot:ClusterSnapshot": { + "description": "Manages a Neptune database cluster snapshot.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.neptune.ClusterSnapshot(\"example\", {\n dbClusterIdentifier: aws_neptune_cluster.example.id,\n dbClusterSnapshotIdentifier: \"resourcetestsnapshot1234\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.neptune.ClusterSnapshot(\"example\",\n db_cluster_identifier=aws_neptune_cluster[\"example\"][\"id\"],\n db_cluster_snapshot_identifier=\"resourcetestsnapshot1234\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Neptune.ClusterSnapshot(\"example\", new Aws.Neptune.ClusterSnapshotArgs\n {\n DbClusterIdentifier = aws_neptune_cluster.Example.Id,\n DbClusterSnapshotIdentifier = \"resourcetestsnapshot1234\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := neptune.NewClusterSnapshot(ctx, \"example\", &neptune.ClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: pulumi.Any(aws_neptune_cluster.Example.Id),\n\t\t\tDbClusterSnapshotIdentifier: pulumi.String(\"resourcetestsnapshot1234\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_neptune_cluster_snapshot` can be imported by using the cluster snapshot identifier, e.g.\n\n```sh\n $ pulumi import aws:neptune/clusterSnapshot:ClusterSnapshot example my-cluster-snapshot\n```\n\n ", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size in gigabytes (GB).\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 Availability Zones that instances in the DB cluster snapshot can be restored in.\n" + }, + "dbClusterIdentifier": { + "type": "string", + "description": "The DB Cluster Identifier from which to take the snapshot.\n" + }, + "dbClusterSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB Cluster Snapshot.\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the database engine for this DB cluster snapshot.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "If storage_encrypted is true, the AWS KMS key identifier for the encrypted DB cluster snapshot.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for the restored DB cluster.\n" + }, + "port": { + "type": "integer", + "description": "Port that the DB cluster was listening on at the time of the snapshot.\n" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbClusterSnapshotArn": { + "type": "string" + }, + "status": { + "type": "string", + "description": "The status of this DB Cluster Snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster snapshot is encrypted.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID associated with the DB cluster snapshot.\n" + } + }, + "required": [ + "allocatedStorage", + "availabilityZones", + "dbClusterIdentifier", + "dbClusterSnapshotArn", + "dbClusterSnapshotIdentifier", + "engine", + "engineVersion", + "kmsKeyId", + "licenseModel", + "port", + "snapshotType", + "sourceDbClusterSnapshotArn", + "status", + "storageEncrypted", + "vpcId" + ], + "inputProperties": { + "dbClusterIdentifier": { + "type": "string", + "description": "The DB Cluster Identifier from which to take the snapshot.\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + } + }, + "requiredInputs": [ + "dbClusterIdentifier", + "dbClusterSnapshotIdentifier" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterSnapshot resources.\n", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size in gigabytes (GB).\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 Availability Zones that instances in the DB cluster snapshot can be restored in.\n" + }, + "dbClusterIdentifier": { + "type": "string", + "description": "The DB Cluster Identifier from which to take the snapshot.\n" + }, + "dbClusterSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB Cluster Snapshot.\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the database engine for this DB cluster snapshot.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "If storage_encrypted is true, the AWS KMS key identifier for the encrypted DB cluster snapshot.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for the restored DB cluster.\n" + }, + "port": { + "type": "integer", + "description": "Port that the DB cluster was listening on at the time of the snapshot.\n" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbClusterSnapshotArn": { + "type": "string" + }, + "status": { + "type": "string", + "description": "The status of this DB Cluster Snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster snapshot is encrypted.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID associated with the DB cluster snapshot.\n" + } + }, + "type": "object" + } + }, + "aws:neptune/eventSubscription:EventSubscription": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultCluster = new aws.neptune.Cluster(\"defaultCluster\", {\n clusterIdentifier: \"neptune-cluster-demo\",\n engine: \"neptune\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n skipFinalSnapshot: true,\n iamDatabaseAuthenticationEnabled: \"true\",\n applyImmediately: \"true\",\n});\nconst example = new aws.neptune.ClusterInstance(\"example\", {\n clusterIdentifier: defaultCluster.id,\n engine: \"neptune\",\n instanceClass: \"db.r4.large\",\n applyImmediately: \"true\",\n});\nconst defaultTopic = new aws.sns.Topic(\"defaultTopic\", {});\nconst defaultEventSubscription = new aws.neptune.EventSubscription(\"defaultEventSubscription\", {\n snsTopicArn: defaultTopic.arn,\n sourceType: \"db-instance\",\n sourceIds: [example.id],\n eventCategories: [\n \"maintenance\",\n \"availability\",\n \"creation\",\n \"backup\",\n \"restoration\",\n \"recovery\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"notification\",\n \"configuration change\",\n \"read replica\",\n ],\n tags: {\n env: \"test\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_cluster = aws.neptune.Cluster(\"defaultCluster\",\n cluster_identifier=\"neptune-cluster-demo\",\n engine=\"neptune\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\",\n skip_final_snapshot=True,\n iam_database_authentication_enabled=True,\n apply_immediately=True)\nexample = aws.neptune.ClusterInstance(\"example\",\n cluster_identifier=default_cluster.id,\n engine=\"neptune\",\n instance_class=\"db.r4.large\",\n apply_immediately=True)\ndefault_topic = aws.sns.Topic(\"defaultTopic\")\ndefault_event_subscription = aws.neptune.EventSubscription(\"defaultEventSubscription\",\n sns_topic_arn=default_topic.arn,\n source_type=\"db-instance\",\n source_ids=[example.id],\n event_categories=[\n \"maintenance\",\n \"availability\",\n \"creation\",\n \"backup\",\n \"restoration\",\n \"recovery\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"notification\",\n \"configuration change\",\n \"read replica\",\n ],\n tags={\n \"env\": \"test\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var defaultCluster = new Aws.Neptune.Cluster(\"defaultCluster\", new Aws.Neptune.ClusterArgs\n {\n ClusterIdentifier = \"neptune-cluster-demo\",\n Engine = \"neptune\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n SkipFinalSnapshot = true,\n IamDatabaseAuthenticationEnabled = true,\n ApplyImmediately = true,\n });\n var example = new Aws.Neptune.ClusterInstance(\"example\", new Aws.Neptune.ClusterInstanceArgs\n {\n ClusterIdentifier = defaultCluster.Id,\n Engine = \"neptune\",\n InstanceClass = \"db.r4.large\",\n ApplyImmediately = true,\n });\n var defaultTopic = new Aws.Sns.Topic(\"defaultTopic\", new Aws.Sns.TopicArgs\n {\n });\n var defaultEventSubscription = new Aws.Neptune.EventSubscription(\"defaultEventSubscription\", new Aws.Neptune.EventSubscriptionArgs\n {\n SnsTopicArn = defaultTopic.Arn,\n SourceType = \"db-instance\",\n SourceIds = \n {\n example.Id,\n },\n EventCategories = \n {\n \"maintenance\",\n \"availability\",\n \"creation\",\n \"backup\",\n \"restoration\",\n \"recovery\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"notification\",\n \"configuration change\",\n \"read replica\",\n },\n Tags = \n {\n { \"env\", \"test\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultCluster, err := neptune.NewCluster(ctx, \"defaultCluster\", &neptune.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"neptune-cluster-demo\"),\n\t\t\tEngine: pulumi.String(\"neptune\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tIamDatabaseAuthenticationEnabled: pulumi.Bool(true),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := neptune.NewClusterInstance(ctx, \"example\", &neptune.ClusterInstanceArgs{\n\t\t\tClusterIdentifier: defaultCluster.ID(),\n\t\t\tEngine: pulumi.String(\"neptune\"),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTopic, err := sns.NewTopic(ctx, \"defaultTopic\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = neptune.NewEventSubscription(ctx, \"defaultEventSubscription\", &neptune.EventSubscriptionArgs{\n\t\t\tSnsTopicArn: defaultTopic.Arn,\n\t\t\tSourceType: pulumi.String(\"db-instance\"),\n\t\t\tSourceIds: pulumi.StringArray{\n\t\t\t\texample.ID(),\n\t\t\t},\n\t\t\tEventCategories: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"maintenance\"),\n\t\t\t\tpulumi.String(\"availability\"),\n\t\t\t\tpulumi.String(\"creation\"),\n\t\t\t\tpulumi.String(\"backup\"),\n\t\t\t\tpulumi.String(\"restoration\"),\n\t\t\t\tpulumi.String(\"recovery\"),\n\t\t\t\tpulumi.String(\"deletion\"),\n\t\t\t\tpulumi.String(\"failover\"),\n\t\t\t\tpulumi.String(\"failure\"),\n\t\t\t\tpulumi.String(\"notification\"),\n\t\t\t\tpulumi.String(\"configuration change\"),\n\t\t\t\tpulumi.String(\"read replica\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"env\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_neptune_event_subscription` can be imported by using the event subscription name, e.g.\n\n```sh\n $ pulumi import aws:neptune/eventSubscription:EventSubscription example my-event-subscription\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the Neptune event notification subscription.\n" + }, + "customerAwsId": { + "type": "string", + "description": "The AWS customer account associated with the Neptune event notification subscription.\n" + }, + "enabled": { + "type": "boolean", + "description": "A boolean flag to enable/disable the subscription. Defaults to true.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event categories for a `source_type` that you want to subscribe to. Run `aws neptune describe-event-categories` to find all the event categories.\n" + }, + "name": { + "type": "string", + "description": "The name of the Neptune event subscription. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "The name of the Neptune event subscription. Conflicts with `name`.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The ARN of the SNS topic to send events to.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a `source_type` must also be specified.\n" + }, + "sourceType": { + "type": "string", + "description": "The type of source that will be generating the events. Valid options are `db-instance`, `db-security-group`, `db-parameter-group`, `db-snapshot`, `db-cluster` or `db-cluster-snapshot`. If not set, all sources will be subscribed to.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "customerAwsId", + "name", + "namePrefix", + "snsTopicArn", + "tagsAll" + ], + "inputProperties": { + "enabled": { + "type": "boolean", + "description": "A boolean flag to enable/disable the subscription. Defaults to true.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event categories for a `source_type` that you want to subscribe to. Run `aws neptune describe-event-categories` to find all the event categories.\n" + }, + "name": { + "type": "string", + "description": "The name of the Neptune event subscription. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "The name of the Neptune event subscription. Conflicts with `name`.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The ARN of the SNS topic to send events to.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a `source_type` must also be specified.\n" + }, + "sourceType": { + "type": "string", + "description": "The type of source that will be generating the events. Valid options are `db-instance`, `db-security-group`, `db-parameter-group`, `db-snapshot`, `db-cluster` or `db-cluster-snapshot`. If not set, all sources will be subscribed to.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "snsTopicArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventSubscription resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the Neptune event notification subscription.\n" + }, + "customerAwsId": { + "type": "string", + "description": "The AWS customer account associated with the Neptune event notification subscription.\n" + }, + "enabled": { + "type": "boolean", + "description": "A boolean flag to enable/disable the subscription. Defaults to true.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event categories for a `source_type` that you want to subscribe to. Run `aws neptune describe-event-categories` to find all the event categories.\n" + }, + "name": { + "type": "string", + "description": "The name of the Neptune event subscription. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "The name of the Neptune event subscription. Conflicts with `name`.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The ARN of the SNS topic to send events to.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a `source_type` must also be specified.\n" + }, + "sourceType": { + "type": "string", + "description": "The type of source that will be generating the events. Valid options are `db-instance`, `db-security-group`, `db-parameter-group`, `db-snapshot`, `db-cluster` or `db-cluster-snapshot`. If not set, all sources will be subscribed to.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:neptune/parameterGroup:ParameterGroup": { + "description": "Manages a Neptune Parameter Group\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.neptune.ParameterGroup(\"example\", {\n family: \"neptune1\",\n parameters: [{\n name: \"neptune_query_timeout\",\n value: \"25\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.neptune.ParameterGroup(\"example\",\n family=\"neptune1\",\n parameters=[aws.neptune.ParameterGroupParameterArgs(\n name=\"neptune_query_timeout\",\n value=\"25\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Neptune.ParameterGroup(\"example\", new Aws.Neptune.ParameterGroupArgs\n {\n Family = \"neptune1\",\n Parameters = \n {\n new Aws.Neptune.Inputs.ParameterGroupParameterArgs\n {\n Name = \"neptune_query_timeout\",\n Value = \"25\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := neptune.NewParameterGroup(ctx, \"example\", &neptune.ParameterGroupArgs{\n\t\t\tFamily: pulumi.String(\"neptune1\"),\n\t\t\tParameters: neptune.ParameterGroupParameterArray{\n\t\t\t\t&neptune.ParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"neptune_query_timeout\"),\n\t\t\t\t\tValue: pulumi.String(\"25\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nNeptune Parameter Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:neptune/parameterGroup:ParameterGroup some_pg some-pg\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Neptune parameter group Amazon Resource Name (ARN).\n" + }, + "description": { + "type": "string", + "description": "The description of the Neptune parameter group. Defaults to \"Managed by Pulumi\".\n" + }, + "family": { + "type": "string", + "description": "The family of the Neptune parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the Neptune parameter.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:neptune/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of Neptune parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "family", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the Neptune parameter group. Defaults to \"Managed by Pulumi\".\n" + }, + "family": { + "type": "string", + "description": "The family of the Neptune parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the Neptune parameter.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:neptune/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of Neptune parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "family" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ParameterGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Neptune parameter group Amazon Resource Name (ARN).\n" + }, + "description": { + "type": "string", + "description": "The description of the Neptune parameter group. Defaults to \"Managed by Pulumi\".\n" + }, + "family": { + "type": "string", + "description": "The family of the Neptune parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the Neptune parameter.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:neptune/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of Neptune parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:neptune/subnetGroup:SubnetGroup": { + "description": "Provides an Neptune subnet group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.neptune.SubnetGroup(\"default\", {\n subnetIds: [\n aws_subnet.frontend.id,\n aws_subnet.backend.id,\n ],\n tags: {\n Name: \"My neptune subnet group\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.neptune.SubnetGroup(\"default\",\n subnet_ids=[\n aws_subnet[\"frontend\"][\"id\"],\n aws_subnet[\"backend\"][\"id\"],\n ],\n tags={\n \"Name\": \"My neptune subnet group\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Neptune.SubnetGroup(\"default\", new Aws.Neptune.SubnetGroupArgs\n {\n SubnetIds = \n {\n aws_subnet.Frontend.Id,\n aws_subnet.Backend.Id,\n },\n Tags = \n {\n { \"Name\", \"My neptune subnet group\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := neptune.NewSubnetGroup(ctx, \"_default\", &neptune.SubnetGroupArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Frontend.Id),\n\t\t\t\tpulumi.Any(aws_subnet.Backend.Id),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"My neptune subnet group\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nNeptune Subnet groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:neptune/subnetGroup:SubnetGroup default production-subnet-group\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the neptune subnet group.\n" + }, + "description": { + "type": "string", + "description": "The description of the neptune subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the neptune subnet group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "description", + "name", + "namePrefix", + "subnetIds", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the neptune subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the neptune subnet group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SubnetGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the neptune subnet group.\n" + }, + "description": { + "type": "string", + "description": "The description of the neptune subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the neptune subnet group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:networkfirewall/firewall:Firewall": { + "description": "Provides an AWS Network Firewall Firewall Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkfirewall.Firewall(\"example\", {\n firewallPolicyArn: aws_networkfirewall_firewall_policy.example.arn,\n vpcId: aws_vpc.example.id,\n subnetMappings: [{\n subnetId: aws_subnet.example.id,\n }],\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.Firewall(\"example\",\n firewall_policy_arn=aws_networkfirewall_firewall_policy[\"example\"][\"arn\"],\n vpc_id=aws_vpc[\"example\"][\"id\"],\n subnet_mappings=[aws.networkfirewall.FirewallSubnetMappingArgs(\n subnet_id=aws_subnet[\"example\"][\"id\"],\n )],\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.Firewall(\"example\", new Aws.NetworkFirewall.FirewallArgs\n {\n FirewallPolicyArn = aws_networkfirewall_firewall_policy.Example.Arn,\n VpcId = aws_vpc.Example.Id,\n SubnetMappings = \n {\n new Aws.NetworkFirewall.Inputs.FirewallSubnetMappingArgs\n {\n SubnetId = aws_subnet.Example.Id,\n },\n },\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkfirewall.NewFirewall(ctx, \"example\", &networkfirewall.FirewallArgs{\n\t\t\tFirewallPolicyArn: pulumi.Any(aws_networkfirewall_firewall_policy.Example.Arn),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\tSubnetMappings: networkfirewall.FirewallSubnetMappingArray{\n\t\t\t\t&networkfirewall.FirewallSubnetMappingArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nNetwork Firewall Firewalls can be imported using their `ARN`.\n\n```sh\n $ pulumi import aws:networkfirewall/firewall:Firewall example arn:aws:network-firewall:us-west-1:123456789012:firewall/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the firewall.\n" + }, + "deleteProtection": { + "type": "boolean", + "description": "A boolean flag indicating whether it is possible to delete the firewall. Defaults to `false`.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the firewall.\n" + }, + "firewallPolicyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the VPC Firewall policy.\n" + }, + "firewallPolicyChangeProtection": { + "type": "boolean", + "description": "A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to `false`.\n" + }, + "firewallStatuses": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallFirewallStatus:FirewallFirewallStatus" + }, + "description": "Nested list of information about the current status of the firewall.\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the firewall.\n" + }, + "subnetChangeProtection": { + "type": "boolean", + "description": "A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to `false`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallSubnetMapping:FirewallSubnetMapping" + }, + "description": "Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "updateToken": { + "type": "string", + "description": "A string token used when updating a firewall.\n" + }, + "vpcId": { + "type": "string", + "description": "The unique identifier of the VPC where AWS Network Firewall should create the firewall.\n" + } + }, + "required": [ + "arn", + "firewallPolicyArn", + "firewallStatuses", + "name", + "subnetMappings", + "tagsAll", + "updateToken", + "vpcId" + ], + "inputProperties": { + "deleteProtection": { + "type": "boolean", + "description": "A boolean flag indicating whether it is possible to delete the firewall. Defaults to `false`.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the firewall.\n" + }, + "firewallPolicyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the VPC Firewall policy.\n" + }, + "firewallPolicyChangeProtection": { + "type": "boolean", + "description": "A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to `false`.\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the firewall.\n" + }, + "subnetChangeProtection": { + "type": "boolean", + "description": "A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to `false`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallSubnetMapping:FirewallSubnetMapping" + }, + "description": "Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The unique identifier of the VPC where AWS Network Firewall should create the firewall.\n" + } + }, + "requiredInputs": [ + "firewallPolicyArn", + "subnetMappings", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Firewall resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the firewall.\n" + }, + "deleteProtection": { + "type": "boolean", + "description": "A boolean flag indicating whether it is possible to delete the firewall. Defaults to `false`.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the firewall.\n" + }, + "firewallPolicyArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the VPC Firewall policy.\n" + }, + "firewallPolicyChangeProtection": { + "type": "boolean", + "description": "A boolean flag indicating whether it is possible to change the associated firewall policy. Defaults to `false`.\n" + }, + "firewallStatuses": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallFirewallStatus:FirewallFirewallStatus" + }, + "description": "Nested list of information about the current status of the firewall.\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the firewall.\n" + }, + "subnetChangeProtection": { + "type": "boolean", + "description": "A boolean flag indicating whether it is possible to change the associated subnet(s). Defaults to `false`.\n" + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:networkfirewall/FirewallSubnetMapping:FirewallSubnetMapping" + }, + "description": "Set of configuration blocks describing the public subnets. Each subnet must belong to a different Availability Zone in the VPC. AWS Network Firewall creates a firewall endpoint in each subnet. See Subnet Mapping below for details.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "updateToken": { + "type": "string", + "description": "A string token used when updating a firewall.\n" + }, + "vpcId": { + "type": "string", + "description": "The unique identifier of the VPC where AWS Network Firewall should create the firewall.\n" + } + }, + "type": "object" + } + }, + "aws:networkfirewall/firewallPolicy:FirewallPolicy": { + "description": "Provides an AWS Network Firewall Firewall Policy Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkfirewall.FirewallPolicy(\"example\", {\n firewallPolicy: {\n statelessDefaultActions: [\"aws:pass\"],\n statelessFragmentDefaultActions: [\"aws:drop\"],\n statelessRuleGroupReferences: [{\n priority: 1,\n resourceArn: aws_networkfirewall_rule_group.example.arn,\n }],\n },\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.FirewallPolicy(\"example\",\n firewall_policy=aws.networkfirewall.FirewallPolicyFirewallPolicyArgs(\n stateless_default_actions=[\"aws:pass\"],\n stateless_fragment_default_actions=[\"aws:drop\"],\n stateless_rule_group_references=[aws.networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs(\n priority=1,\n resource_arn=aws_networkfirewall_rule_group[\"example\"][\"arn\"],\n )],\n ),\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.FirewallPolicy(\"example\", new Aws.NetworkFirewall.FirewallPolicyArgs\n {\n FirewallPolicy = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyArgs\n {\n StatelessDefaultActions = \n {\n \"aws:pass\",\n },\n StatelessFragmentDefaultActions = \n {\n \"aws:drop\",\n },\n StatelessRuleGroupReferences = \n {\n new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs\n {\n Priority = 1,\n ResourceArn = aws_networkfirewall_rule_group.Example.Arn,\n },\n },\n },\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkfirewall.NewFirewallPolicy(ctx, \"example\", &networkfirewall.FirewallPolicyArgs{\n\t\t\tFirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{\n\t\t\t\tStatelessDefaultActions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"aws:pass\"),\n\t\t\t\t},\n\t\t\t\tStatelessFragmentDefaultActions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"aws:drop\"),\n\t\t\t\t},\n\t\t\t\tStatelessRuleGroupReferences: networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArray{\n\t\t\t\t\t&networkfirewall.FirewallPolicyFirewallPolicyStatelessRuleGroupReferenceArgs{\n\t\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\t\tResourceArn: pulumi.Any(aws_networkfirewall_rule_group.Example.Arn),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Policy with a Custom Action for Stateless Inspection\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.networkfirewall.FirewallPolicy(\"test\", {\n firewallPolicy: {\n statelessCustomActions: [{\n actionDefinition: {\n publishMetricAction: {\n dimensions: [{\n value: \"1\",\n }],\n },\n },\n actionName: \"ExampleCustomAction\",\n }],\n statelessDefaultActions: [\n \"aws:pass\",\n \"ExampleCustomAction\",\n ],\n statelessFragmentDefaultActions: [\"aws:drop\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.networkfirewall.FirewallPolicy(\"test\", firewall_policy=aws.networkfirewall.FirewallPolicyFirewallPolicyArgs(\n stateless_custom_actions=[aws.networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArgs(\n action_definition=aws.networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs(\n publish_metric_action=aws.networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs(\n dimension=[{\n \"value\": \"1\",\n }],\n ),\n ),\n action_name=\"ExampleCustomAction\",\n )],\n stateless_default_actions=[\n \"aws:pass\",\n \"ExampleCustomAction\",\n ],\n stateless_fragment_default_actions=[\"aws:drop\"],\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.NetworkFirewall.FirewallPolicy(\"test\", new Aws.NetworkFirewall.FirewallPolicyArgs\n {\n FirewallPolicy = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyArgs\n {\n StatelessCustomActions = \n {\n new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionArgs\n {\n ActionDefinition = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs\n {\n PublishMetricAction = new Aws.NetworkFirewall.Inputs.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs\n {\n Dimension = \n {\n \n {\n { \"value\", \"1\" },\n },\n },\n },\n },\n ActionName = \"ExampleCustomAction\",\n },\n },\n StatelessDefaultActions = \n {\n \"aws:pass\",\n \"ExampleCustomAction\",\n },\n StatelessFragmentDefaultActions = \n {\n \"aws:drop\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkfirewall.NewFirewallPolicy(ctx, \"test\", &networkfirewall.FirewallPolicyArgs{\n\t\t\tFirewallPolicy: &networkfirewall.FirewallPolicyFirewallPolicyArgs{\n\t\t\t\tStatelessCustomActions: networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArray{\n\t\t\t\t\t&networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionArgs{\n\t\t\t\t\t\tActionDefinition: &networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionArgs{\n\t\t\t\t\t\t\tPublishMetricAction: &networkfirewall.FirewallPolicyFirewallPolicyStatelessCustomActionActionDefinitionPublishMetricActionArgs{\n\t\t\t\t\t\t\t\tDimension: []map[string]interface{}{\n\t\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\"value\": \"1\",\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tActionName: pulumi.String(\"ExampleCustomAction\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tStatelessDefaultActions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"aws:pass\"),\n\t\t\t\t\tpulumi.String(\"ExampleCustomAction\"),\n\t\t\t\t},\n\t\t\t\tStatelessFragmentDefaultActions: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"aws:drop\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nNetwork Firewall Policies can be imported using their `ARN`.\n\n```sh\n $ pulumi import aws:networkfirewall/firewallPolicy:FirewallPolicy example arn:aws:network-firewall:us-west-1:123456789012:firewall-policy/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the firewall policy.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the firewall policy.\n" + }, + "firewallPolicy": { + "$ref": "#/types/aws:networkfirewall/FirewallPolicyFirewallPolicy:FirewallPolicyFirewallPolicy", + "description": "A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.\n", + "language": { + "csharp": { + "name": "FirewallPolicyConfiguration" + } + } + }, + "name": { + "type": "string", + "description": "A friendly name of the firewall policy.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "updateToken": { + "type": "string", + "description": "A string token used when updating a firewall policy.\n" + } + }, + "required": [ + "arn", + "firewallPolicy", + "name", + "tagsAll", + "updateToken" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A friendly description of the firewall policy.\n" + }, + "firewallPolicy": { + "$ref": "#/types/aws:networkfirewall/FirewallPolicyFirewallPolicy:FirewallPolicyFirewallPolicy", + "description": "A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.\n", + "language": { + "csharp": { + "name": "FirewallPolicyConfiguration" + } + } + }, + "name": { + "type": "string", + "description": "A friendly name of the firewall policy.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "firewallPolicy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering FirewallPolicy resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the firewall policy.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the firewall policy.\n" + }, + "firewallPolicy": { + "$ref": "#/types/aws:networkfirewall/FirewallPolicyFirewallPolicy:FirewallPolicyFirewallPolicy", + "description": "A configuration block describing the rule groups and policy actions to use in the firewall policy. See Firewall Policy below for details.\n", + "language": { + "csharp": { + "name": "FirewallPolicyConfiguration" + } + } + }, + "name": { + "type": "string", + "description": "A friendly name of the firewall policy.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "updateToken": { + "type": "string", + "description": "A string token used when updating a firewall policy.\n" + } + }, + "type": "object" + } + }, + "aws:networkfirewall/loggingConfiguration:LoggingConfiguration": { + "description": "Provides an AWS Network Firewall Logging Configuration Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Logging to S3\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkfirewall.LoggingConfiguration(\"example\", {\n firewallArn: aws_networkfirewall_firewall.example.arn,\n loggingConfiguration: {\n logDestinationConfigs: [{\n logDestination: {\n bucketName: aws_s3_bucket.example.bucket,\n prefix: \"/example\",\n },\n logDestinationType: \"S3\",\n logType: \"FLOW\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.LoggingConfiguration(\"example\",\n firewall_arn=aws_networkfirewall_firewall[\"example\"][\"arn\"],\n logging_configuration=aws.networkfirewall.LoggingConfigurationLoggingConfigurationArgs(\n log_destination_configs=[aws.networkfirewall.LoggingConfigurationLoggingConfigurationLogDestinationConfigArgs(\n log_destination={\n \"bucketName\": aws_s3_bucket[\"example\"][\"bucket\"],\n \"prefix\": \"/example\",\n },\n log_destination_type=\"S3\",\n log_type=\"FLOW\",\n )],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.LoggingConfiguration(\"example\", new Aws.NetworkFirewall.LoggingConfigurationArgs\n {\n FirewallArn = aws_networkfirewall_firewall.Example.Arn,\n LoggingConfiguration = new Aws.NetworkFirewall.Inputs.LoggingConfigurationLoggingConfigurationArgs\n {\n LogDestinationConfigs = \n {\n new Aws.NetworkFirewall.Inputs.LoggingConfigurationLoggingConfigurationLogDestinationConfigArgs\n {\n LogDestination = \n {\n { \"bucketName\", aws_s3_bucket.Example.Bucket },\n { \"prefix\", \"/example\" },\n },\n LogDestinationType = \"S3\",\n LogType = \"FLOW\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkfirewall.NewLoggingConfiguration(ctx, \"example\", &networkfirewall.LoggingConfigurationArgs{\n\t\t\tFirewallArn: pulumi.Any(aws_networkfirewall_firewall.Example.Arn),\n\t\t\tLoggingConfiguration: &networkfirewall.LoggingConfigurationLoggingConfigurationArgs{\n\t\t\t\tLogDestinationConfigs: networkfirewall.LoggingConfigurationLoggingConfigurationLogDestinationConfigArray{\n\t\t\t\t\t&networkfirewall.LoggingConfigurationLoggingConfigurationLogDestinationConfigArgs{\n\t\t\t\t\t\tLogDestination: pulumi.StringMap{\n\t\t\t\t\t\t\t\"bucketName\": pulumi.Any(aws_s3_bucket.Example.Bucket),\n\t\t\t\t\t\t\t\"prefix\": pulumi.String(\"/example\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLogDestinationType: pulumi.String(\"S3\"),\n\t\t\t\t\t\tLogType: pulumi.String(\"FLOW\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Logging to CloudWatch\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkfirewall.LoggingConfiguration(\"example\", {\n firewallArn: aws_networkfirewall_firewall.example.arn,\n loggingConfiguration: {\n logDestinationConfigs: [{\n logDestination: {\n logGroup: aws_cloudwatch_log_group.example.name,\n },\n logDestinationType: \"CloudWatchLogs\",\n logType: \"ALERT\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.LoggingConfiguration(\"example\",\n firewall_arn=aws_networkfirewall_firewall[\"example\"][\"arn\"],\n logging_configuration=aws.networkfirewall.LoggingConfigurationLoggingConfigurationArgs(\n log_destination_configs=[aws.networkfirewall.LoggingConfigurationLoggingConfigurationLogDestinationConfigArgs(\n log_destination={\n \"logGroup\": aws_cloudwatch_log_group[\"example\"][\"name\"],\n },\n log_destination_type=\"CloudWatchLogs\",\n log_type=\"ALERT\",\n )],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.LoggingConfiguration(\"example\", new Aws.NetworkFirewall.LoggingConfigurationArgs\n {\n FirewallArn = aws_networkfirewall_firewall.Example.Arn,\n LoggingConfiguration = new Aws.NetworkFirewall.Inputs.LoggingConfigurationLoggingConfigurationArgs\n {\n LogDestinationConfigs = \n {\n new Aws.NetworkFirewall.Inputs.LoggingConfigurationLoggingConfigurationLogDestinationConfigArgs\n {\n LogDestination = \n {\n { \"logGroup\", aws_cloudwatch_log_group.Example.Name },\n },\n LogDestinationType = \"CloudWatchLogs\",\n LogType = \"ALERT\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkfirewall.NewLoggingConfiguration(ctx, \"example\", &networkfirewall.LoggingConfigurationArgs{\n\t\t\tFirewallArn: pulumi.Any(aws_networkfirewall_firewall.Example.Arn),\n\t\t\tLoggingConfiguration: &networkfirewall.LoggingConfigurationLoggingConfigurationArgs{\n\t\t\t\tLogDestinationConfigs: networkfirewall.LoggingConfigurationLoggingConfigurationLogDestinationConfigArray{\n\t\t\t\t\t&networkfirewall.LoggingConfigurationLoggingConfigurationLogDestinationConfigArgs{\n\t\t\t\t\t\tLogDestination: pulumi.StringMap{\n\t\t\t\t\t\t\t\"logGroup\": pulumi.Any(aws_cloudwatch_log_group.Example.Name),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLogDestinationType: pulumi.String(\"CloudWatchLogs\"),\n\t\t\t\t\t\tLogType: pulumi.String(\"ALERT\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Logging to Kinesis Data Firehose\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkfirewall.LoggingConfiguration(\"example\", {\n firewallArn: aws_networkfirewall_firewall.example.arn,\n loggingConfiguration: {\n logDestinationConfigs: [{\n logDestination: {\n deliveryStream: aws_kinesis_firehose_delivery_stream.example.name,\n },\n logDestinationType: \"KinesisDataFirehose\",\n logType: \"ALERT\",\n }],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.LoggingConfiguration(\"example\",\n firewall_arn=aws_networkfirewall_firewall[\"example\"][\"arn\"],\n logging_configuration=aws.networkfirewall.LoggingConfigurationLoggingConfigurationArgs(\n log_destination_configs=[aws.networkfirewall.LoggingConfigurationLoggingConfigurationLogDestinationConfigArgs(\n log_destination={\n \"deliveryStream\": aws_kinesis_firehose_delivery_stream[\"example\"][\"name\"],\n },\n log_destination_type=\"KinesisDataFirehose\",\n log_type=\"ALERT\",\n )],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.LoggingConfiguration(\"example\", new Aws.NetworkFirewall.LoggingConfigurationArgs\n {\n FirewallArn = aws_networkfirewall_firewall.Example.Arn,\n LoggingConfiguration = new Aws.NetworkFirewall.Inputs.LoggingConfigurationLoggingConfigurationArgs\n {\n LogDestinationConfigs = \n {\n new Aws.NetworkFirewall.Inputs.LoggingConfigurationLoggingConfigurationLogDestinationConfigArgs\n {\n LogDestination = \n {\n { \"deliveryStream\", aws_kinesis_firehose_delivery_stream.Example.Name },\n },\n LogDestinationType = \"KinesisDataFirehose\",\n LogType = \"ALERT\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkfirewall.NewLoggingConfiguration(ctx, \"example\", &networkfirewall.LoggingConfigurationArgs{\n\t\t\tFirewallArn: pulumi.Any(aws_networkfirewall_firewall.Example.Arn),\n\t\t\tLoggingConfiguration: &networkfirewall.LoggingConfigurationLoggingConfigurationArgs{\n\t\t\t\tLogDestinationConfigs: networkfirewall.LoggingConfigurationLoggingConfigurationLogDestinationConfigArray{\n\t\t\t\t\t&networkfirewall.LoggingConfigurationLoggingConfigurationLogDestinationConfigArgs{\n\t\t\t\t\t\tLogDestination: pulumi.StringMap{\n\t\t\t\t\t\t\t\"deliveryStream\": pulumi.Any(aws_kinesis_firehose_delivery_stream.Example.Name),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tLogDestinationType: pulumi.String(\"KinesisDataFirehose\"),\n\t\t\t\t\t\tLogType: pulumi.String(\"ALERT\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nNetwork Firewall Logging Configurations can be imported using the `firewall_arn` e.g\n\n```sh\n $ pulumi import aws:networkfirewall/loggingConfiguration:LoggingConfiguration example arn:aws:network-firewall:us-west-1:123456789012:firewall/example\n```\n\n ", + "properties": { + "firewallArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Network Firewall firewall.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:networkfirewall/LoggingConfigurationLoggingConfiguration:LoggingConfigurationLoggingConfiguration", + "description": "A configuration block describing how AWS Network Firewall performs logging for a firewall. See Logging Configuration below for details.\n", + "language": { + "csharp": { + "name": "LoggingConfig" + } + } + } + }, + "required": [ + "firewallArn", + "loggingConfiguration" + ], + "inputProperties": { + "firewallArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Network Firewall firewall.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:networkfirewall/LoggingConfigurationLoggingConfiguration:LoggingConfigurationLoggingConfiguration", + "description": "A configuration block describing how AWS Network Firewall performs logging for a firewall. See Logging Configuration below for details.\n", + "language": { + "csharp": { + "name": "LoggingConfig" + } + } + } + }, + "requiredInputs": [ + "firewallArn", + "loggingConfiguration" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering LoggingConfiguration resources.\n", + "properties": { + "firewallArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Network Firewall firewall.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:networkfirewall/LoggingConfigurationLoggingConfiguration:LoggingConfigurationLoggingConfiguration", + "description": "A configuration block describing how AWS Network Firewall performs logging for a firewall. See Logging Configuration below for details.\n", + "language": { + "csharp": { + "name": "LoggingConfig" + } + } + } + }, + "type": "object" + } + }, + "aws:networkfirewall/resourcePolicy:ResourcePolicy": { + "description": "Provides an AWS Network Firewall Resource Policy Resource for a rule group or firewall policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### For a Firewall Policy resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkfirewall.ResourcePolicy(\"example\", {\n resourceArn: aws_networkfirewall_firewall_policy.example.arn,\n policy: JSON.stringify({\n Statement: [{\n Action: [\n \"network-firewall:ListFirewallPolicies\",\n \"network-firewall:CreateFirewall\",\n \"network-firewall:UpdateFirewall\",\n \"network-firewall:AssociateFirewallPolicy\",\n ],\n Effect: \"Allow\",\n Resource: aws_networkfirewall_firewall_policy.example.arn,\n Principal: {\n AWS: \"arn:aws:iam::123456789012:root\",\n },\n }],\n Version: \"2012-10-17\",\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.ResourcePolicy(\"example\",\n resource_arn=aws_networkfirewall_firewall_policy[\"example\"][\"arn\"],\n policy=json.dumps({\n \"Statement\": [{\n \"Action\": [\n \"network-firewall:ListFirewallPolicies\",\n \"network-firewall:CreateFirewall\",\n \"network-firewall:UpdateFirewall\",\n \"network-firewall:AssociateFirewallPolicy\",\n ],\n \"Effect\": \"Allow\",\n \"Resource\": aws_networkfirewall_firewall_policy[\"example\"][\"arn\"],\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::123456789012:root\",\n },\n }],\n \"Version\": \"2012-10-17\",\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.ResourcePolicy(\"example\", new Aws.NetworkFirewall.ResourcePolicyArgs\n {\n ResourceArn = aws_networkfirewall_firewall_policy.Example.Arn,\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"network-firewall:ListFirewallPolicies\",\n \"network-firewall:CreateFirewall\",\n \"network-firewall:UpdateFirewall\",\n \"network-firewall:AssociateFirewallPolicy\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Resource\", aws_networkfirewall_firewall_policy.Example.Arn },\n { \"Principal\", new Dictionary\n {\n { \"AWS\", \"arn:aws:iam::123456789012:root\" },\n } },\n },\n }\n },\n { \"Version\", \"2012-10-17\" },\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"network-firewall:ListFirewallPolicies\",\n\t\t\t\t\t\t\"network-firewall:CreateFirewall\",\n\t\t\t\t\t\t\"network-firewall:UpdateFirewall\",\n\t\t\t\t\t\t\"network-firewall:AssociateFirewallPolicy\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": aws_networkfirewall_firewall_policy.Example.Arn,\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"AWS\": \"arn:aws:iam::123456789012:root\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := networkfirewall.NewResourcePolicy(ctx, \"example\", &networkfirewall.ResourcePolicyArgs{\n\t\t\tResourceArn: pulumi.Any(aws_networkfirewall_firewall_policy.Example.Arn),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### For a Rule Group resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkfirewall.ResourcePolicy(\"example\", {\n resourceArn: aws_networkfirewall_rule_group.example.arn,\n policy: JSON.stringify({\n Statement: [{\n Action: [\n \"network-firewall:ListRuleGroups\",\n \"network-firewall:CreateFirewallPolicy\",\n \"network-firewall:UpdateFirewallPolicy\",\n ],\n Effect: \"Allow\",\n Resource: aws_networkfirewall_rule_group.example.arn,\n Principal: {\n AWS: \"arn:aws:iam::123456789012:root\",\n },\n }],\n Version: \"2012-10-17\",\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.ResourcePolicy(\"example\",\n resource_arn=aws_networkfirewall_rule_group[\"example\"][\"arn\"],\n policy=json.dumps({\n \"Statement\": [{\n \"Action\": [\n \"network-firewall:ListRuleGroups\",\n \"network-firewall:CreateFirewallPolicy\",\n \"network-firewall:UpdateFirewallPolicy\",\n ],\n \"Effect\": \"Allow\",\n \"Resource\": aws_networkfirewall_rule_group[\"example\"][\"arn\"],\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::123456789012:root\",\n },\n }],\n \"Version\": \"2012-10-17\",\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.ResourcePolicy(\"example\", new Aws.NetworkFirewall.ResourcePolicyArgs\n {\n ResourceArn = aws_networkfirewall_rule_group.Example.Arn,\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"network-firewall:ListRuleGroups\",\n \"network-firewall:CreateFirewallPolicy\",\n \"network-firewall:UpdateFirewallPolicy\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Resource\", aws_networkfirewall_rule_group.Example.Arn },\n { \"Principal\", new Dictionary\n {\n { \"AWS\", \"arn:aws:iam::123456789012:root\" },\n } },\n },\n }\n },\n { \"Version\", \"2012-10-17\" },\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"network-firewall:ListRuleGroups\",\n\t\t\t\t\t\t\"network-firewall:CreateFirewallPolicy\",\n\t\t\t\t\t\t\"network-firewall:UpdateFirewallPolicy\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": aws_networkfirewall_rule_group.Example.Arn,\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"AWS\": \"arn:aws:iam::123456789012:root\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := networkfirewall.NewResourcePolicy(ctx, \"example\", &networkfirewall.ResourcePolicyArgs{\n\t\t\tResourceArn: pulumi.Any(aws_networkfirewall_rule_group.Example.Arn),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nNetwork Firewall Resource Policies can be imported using the `resource_arn` e.g.\n\n```sh\n $ pulumi import aws:networkfirewall/resourcePolicy:ResourcePolicy example aws_networkfirewall_rule_group.example arn:aws:network-firewall:us-west-1:123456789012:stateful-rulegroup/example\n```\n\n ", + "properties": { + "policy": { + "type": "string" + }, + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the rule group or firewall policy.\n" + } + }, + "required": [ + "policy", + "resourceArn" + ], + "inputProperties": { + "policy": { + "type": "string" + }, + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the rule group or firewall policy.\n" + } + }, + "requiredInputs": [ + "policy", + "resourceArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResourcePolicy resources.\n", + "properties": { + "policy": { + "type": "string" + }, + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the rule group or firewall policy.\n" + } + }, + "type": "object" + } + }, + "aws:networkfirewall/ruleGroup:RuleGroup": { + "description": "Provides an AWS Network Firewall Rule Group Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Stateful Inspection for denying access to a domain\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkfirewall.RuleGroup(\"example\", {\n capacity: 100,\n ruleGroup: {\n rulesSource: {\n rulesSourceList: {\n generatedRulesType: \"DENYLIST\",\n targetTypes: [\"HTTP_HOST\"],\n targets: [\"test.example.com\"],\n },\n },\n },\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n type: \"STATEFUL\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.RuleGroup(\"example\",\n capacity=100,\n rule_group=aws.networkfirewall.RuleGroupRuleGroupArgs(\n rules_source=aws.networkfirewall.RuleGroupRuleGroupRulesSourceArgs(\n rules_source_list=aws.networkfirewall.RuleGroupRuleGroupRulesSourceRulesSourceListArgs(\n generated_rules_type=\"DENYLIST\",\n target_types=[\"HTTP_HOST\"],\n targets=[\"test.example.com\"],\n ),\n ),\n ),\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n type=\"STATEFUL\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.RuleGroup(\"example\", new Aws.NetworkFirewall.RuleGroupArgs\n {\n Capacity = 100,\n RuleGroup = new Aws.NetworkFirewall.Inputs.RuleGroupRuleGroupArgs\n {\n RulesSource = new Aws.NetworkFirewall.Inputs.RuleGroupRuleGroupRulesSourceArgs\n {\n RulesSourceList = new Aws.NetworkFirewall.Inputs.RuleGroupRuleGroupRulesSourceRulesSourceListArgs\n {\n GeneratedRulesType = \"DENYLIST\",\n TargetTypes = \n {\n \"HTTP_HOST\",\n },\n Targets = \n {\n \"test.example.com\",\n },\n },\n },\n },\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n Type = \"STATEFUL\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkfirewall.NewRuleGroup(ctx, \"example\", &networkfirewall.RuleGroupArgs{\n\t\t\tCapacity: pulumi.Int(100),\n\t\t\tRuleGroup: &networkfirewall.RuleGroupRuleGroupArgs{\n\t\t\t\tRulesSource: &networkfirewall.RuleGroupRuleGroupRulesSourceArgs{\n\t\t\t\t\tRulesSourceList: &networkfirewall.RuleGroupRuleGroupRulesSourceRulesSourceListArgs{\n\t\t\t\t\t\tGeneratedRulesType: pulumi.String(\"DENYLIST\"),\n\t\t\t\t\t\tTargetTypes: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"HTTP_HOST\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tTargets: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"test.example.com\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"STATEFUL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Stateful Inspection for permitting packets from a source IP address\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ips = [\n \"1.1.1.1/32\",\n \"1.0.0.1/32\",\n];\nconst example = new aws.networkfirewall.RuleGroup(\"example\", {\n capacity: 50,\n description: \"Permits http traffic from source\",\n type: \"STATEFUL\",\n ruleGroup: {\n rulesSource: {\n dynamic: [{\n forEach: ips,\n content: [{\n action: \"PASS\",\n header: [{\n destination: \"ANY\",\n destinationPort: \"ANY\",\n protocol: \"HTTP\",\n direction: \"ANY\",\n sourcePort: \"ANY\",\n source: stateful_rule.value,\n }],\n ruleOption: [{\n keyword: \"sid:1\",\n }],\n }],\n }],\n },\n },\n tags: {\n Name: \"permit HTTP from source\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nips = [\n \"1.1.1.1/32\",\n \"1.0.0.1/32\",\n]\nexample = aws.networkfirewall.RuleGroup(\"example\",\n capacity=50,\n description=\"Permits http traffic from source\",\n type=\"STATEFUL\",\n rule_group=aws.networkfirewall.RuleGroupRuleGroupArgs(\n rules_source=aws.networkfirewall.RuleGroupRuleGroupRulesSourceArgs(\n dynamic=[{\n \"forEach\": ips,\n \"content\": [{\n \"action\": \"PASS\",\n \"header\": [{\n \"destination\": \"ANY\",\n \"destinationPort\": \"ANY\",\n \"protocol\": \"HTTP\",\n \"direction\": \"ANY\",\n \"sourcePort\": \"ANY\",\n \"source\": stateful_rule[\"value\"],\n }],\n \"ruleOption\": [{\n \"keyword\": \"sid:1\",\n }],\n }],\n }],\n ),\n ),\n tags={\n \"Name\": \"permit HTTP from source\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ips = \n {\n \"1.1.1.1/32\",\n \"1.0.0.1/32\",\n };\n var example = new Aws.NetworkFirewall.RuleGroup(\"example\", new Aws.NetworkFirewall.RuleGroupArgs\n {\n Capacity = 50,\n Description = \"Permits http traffic from source\",\n Type = \"STATEFUL\",\n RuleGroup = new Aws.NetworkFirewall.Inputs.RuleGroupRuleGroupArgs\n {\n RulesSource = new Aws.NetworkFirewall.Inputs.RuleGroupRuleGroupRulesSourceArgs\n {\n Dynamic = \n {\n \n {\n { \"forEach\", ips },\n { \"content\", \n {\n \n {\n { \"action\", \"PASS\" },\n { \"header\", \n {\n \n {\n { \"destination\", \"ANY\" },\n { \"destinationPort\", \"ANY\" },\n { \"protocol\", \"HTTP\" },\n { \"direction\", \"ANY\" },\n { \"sourcePort\", \"ANY\" },\n { \"source\", stateful_rule.Value },\n },\n } },\n { \"ruleOption\", \n {\n \n {\n { \"keyword\", \"sid:1\" },\n },\n } },\n },\n } },\n },\n },\n },\n },\n Tags = \n {\n { \"Name\", \"permit HTTP from source\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tips := []string{\n\t\t\t\"1.1.1.1/32\",\n\t\t\t\"1.0.0.1/32\",\n\t\t}\n\t\t_, err := networkfirewall.NewRuleGroup(ctx, \"example\", &networkfirewall.RuleGroupArgs{\n\t\t\tCapacity: pulumi.Int(50),\n\t\t\tDescription: pulumi.String(\"Permits http traffic from source\"),\n\t\t\tType: pulumi.String(\"STATEFUL\"),\n\t\t\tRuleGroup: &networkfirewall.RuleGroupRuleGroupArgs{\n\t\t\t\tRulesSource: &networkfirewall.RuleGroupRuleGroupRulesSourceArgs{\n\t\t\t\t\tDynamic: []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"forEach\": ips,\n\t\t\t\t\t\t\t\"content\": []map[string]interface{}{\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"action\": \"PASS\",\n\t\t\t\t\t\t\t\t\t\"header\": []map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\t\"destination\": \"ANY\",\n\t\t\t\t\t\t\t\t\t\t\t\"destinationPort\": \"ANY\",\n\t\t\t\t\t\t\t\t\t\t\t\"protocol\": \"HTTP\",\n\t\t\t\t\t\t\t\t\t\t\t\"direction\": \"ANY\",\n\t\t\t\t\t\t\t\t\t\t\t\"sourcePort\": \"ANY\",\n\t\t\t\t\t\t\t\t\t\t\t\"source\": stateful_rule.Value,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\"ruleOption\": []map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\t\"keyword\": \"sid:1\",\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"permit HTTP from source\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Stateful Inspection for blocking packets from going to an intended destination\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkfirewall.RuleGroup(\"example\", {\n capacity: 100,\n ruleGroup: {\n rulesSource: {\n statefulRules: [{\n action: \"DROP\",\n header: {\n destination: \"124.1.1.24/32\",\n destinationPort: \"53\",\n direction: \"ANY\",\n protocol: \"TCP\",\n source: \"1.2.3.4/32\",\n sourcePort: \"53\",\n },\n ruleOptions: [{\n keyword: \"sid:1\",\n }],\n }],\n },\n },\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n type: \"STATEFUL\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.RuleGroup(\"example\",\n capacity=100,\n rule_group=aws.networkfirewall.RuleGroupRuleGroupArgs(\n rules_source=aws.networkfirewall.RuleGroupRuleGroupRulesSourceArgs(\n stateful_rule=[{\n \"action\": \"DROP\",\n \"header\": {\n \"destination\": \"124.1.1.24/32\",\n \"destinationPort\": 53,\n \"direction\": \"ANY\",\n \"protocol\": \"TCP\",\n \"source\": \"1.2.3.4/32\",\n \"sourcePort\": 53,\n },\n \"ruleOption\": [{\n \"keyword\": \"sid:1\",\n }],\n }],\n ),\n ),\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n type=\"STATEFUL\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.RuleGroup(\"example\", new Aws.NetworkFirewall.RuleGroupArgs\n {\n Capacity = 100,\n RuleGroup = new Aws.NetworkFirewall.Inputs.RuleGroupRuleGroupArgs\n {\n RulesSource = new Aws.NetworkFirewall.Inputs.RuleGroupRuleGroupRulesSourceArgs\n {\n StatefulRule = \n {\n \n {\n { \"action\", \"DROP\" },\n { \"header\", \n {\n { \"destination\", \"124.1.1.24/32\" },\n { \"destinationPort\", 53 },\n { \"direction\", \"ANY\" },\n { \"protocol\", \"TCP\" },\n { \"source\", \"1.2.3.4/32\" },\n { \"sourcePort\", 53 },\n } },\n { \"ruleOption\", \n {\n \n {\n { \"keyword\", \"sid:1\" },\n },\n } },\n },\n },\n },\n },\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n Type = \"STATEFUL\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkfirewall.NewRuleGroup(ctx, \"example\", &networkfirewall.RuleGroupArgs{\n\t\t\tCapacity: pulumi.Int(100),\n\t\t\tRuleGroup: &networkfirewall.RuleGroupRuleGroupArgs{\n\t\t\t\tRulesSource: &networkfirewall.RuleGroupRuleGroupRulesSourceArgs{\n\t\t\t\t\tStatefulRule: []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"action\": \"DROP\",\n\t\t\t\t\t\t\t\"header\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\"destination\": \"124.1.1.24/32\",\n\t\t\t\t\t\t\t\t\"destinationPort\": 53,\n\t\t\t\t\t\t\t\t\"direction\": \"ANY\",\n\t\t\t\t\t\t\t\t\"protocol\": \"TCP\",\n\t\t\t\t\t\t\t\t\"source\": \"1.2.3.4/32\",\n\t\t\t\t\t\t\t\t\"sourcePort\": 53,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"ruleOption\": []map[string]interface{}{\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"keyword\": \"sid:1\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"STATEFUL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Stateful Inspection from rules specifications defined in Suricata flat format\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst example = new aws.networkfirewall.RuleGroup(\"example\", {\n capacity: 100,\n type: \"STATEFUL\",\n rules: fs.readFileSync(\"example.rules\"),\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.RuleGroup(\"example\",\n capacity=100,\n type=\"STATEFUL\",\n rules=(lambda path: open(path).read())(\"example.rules\"),\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n })\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.RuleGroup(\"example\", new Aws.NetworkFirewall.RuleGroupArgs\n {\n Capacity = 100,\n Type = \"STATEFUL\",\n Rules = File.ReadAllText(\"example.rules\"),\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Stateless Inspection with a Custom Action\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.networkfirewall.RuleGroup(\"example\", {\n capacity: 100,\n description: \"Stateless Rate Limiting Rule\",\n ruleGroup: {\n rulesSource: {\n statelessRulesAndCustomActions: {\n customActions: [{\n actionDefinition: {\n publishMetricAction: {\n dimensions: [{\n value: \"2\",\n }],\n },\n },\n actionName: \"ExampleMetricsAction\",\n }],\n statelessRules: [{\n priority: 1,\n ruleDefinition: {\n actions: [\n \"aws:pass\",\n \"ExampleMetricsAction\",\n ],\n matchAttributes: {\n destinations: [{\n addressDefinition: \"124.1.1.5/32\",\n }],\n destinationPorts: [{\n fromPort: 443,\n toPort: 443,\n }],\n protocols: [6],\n sources: [{\n addressDefinition: \"1.2.3.4/32\",\n }],\n sourcePorts: [{\n fromPort: 443,\n toPort: 443,\n }],\n tcpFlags: [{\n flags: [\"SYN\"],\n masks: [\n \"SYN\",\n \"ACK\",\n ],\n }],\n },\n },\n }],\n },\n },\n },\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n type: \"STATELESS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.networkfirewall.RuleGroup(\"example\",\n capacity=100,\n description=\"Stateless Rate Limiting Rule\",\n rule_group=aws.networkfirewall.RuleGroupRuleGroupArgs(\n rules_source=aws.networkfirewall.RuleGroupRuleGroupRulesSourceArgs(\n stateless_rules_and_custom_actions=aws.networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsArgs(\n custom_action=[{\n \"actionDefinition\": {\n \"publishMetricAction\": {\n \"dimension\": [{\n \"value\": \"2\",\n }],\n },\n },\n \"actionName\": \"ExampleMetricsAction\",\n }],\n stateless_rule=[{\n \"priority\": 1,\n \"ruleDefinition\": {\n \"actions\": [\n \"aws:pass\",\n \"ExampleMetricsAction\",\n ],\n \"matchAttributes\": {\n \"destination\": [{\n \"addressDefinition\": \"124.1.1.5/32\",\n }],\n \"destinationPort\": [{\n \"fromPort\": 443,\n \"toPort\": 443,\n }],\n \"protocols\": [6],\n \"source\": [{\n \"addressDefinition\": \"1.2.3.4/32\",\n }],\n \"sourcePort\": [{\n \"fromPort\": 443,\n \"toPort\": 443,\n }],\n \"tcpFlag\": [{\n \"flags\": [\"SYN\"],\n \"masks\": [\n \"SYN\",\n \"ACK\",\n ],\n }],\n },\n },\n }],\n ),\n ),\n ),\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n type=\"STATELESS\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.NetworkFirewall.RuleGroup(\"example\", new Aws.NetworkFirewall.RuleGroupArgs\n {\n Capacity = 100,\n Description = \"Stateless Rate Limiting Rule\",\n RuleGroup = new Aws.NetworkFirewall.Inputs.RuleGroupRuleGroupArgs\n {\n RulesSource = new Aws.NetworkFirewall.Inputs.RuleGroupRuleGroupRulesSourceArgs\n {\n StatelessRulesAndCustomActions = new Aws.NetworkFirewall.Inputs.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsArgs\n {\n CustomAction = \n {\n \n {\n { \"actionDefinition\", \n {\n { \"publishMetricAction\", \n {\n { \"dimension\", \n {\n \n {\n { \"value\", \"2\" },\n },\n } },\n } },\n } },\n { \"actionName\", \"ExampleMetricsAction\" },\n },\n },\n StatelessRule = \n {\n \n {\n { \"priority\", 1 },\n { \"ruleDefinition\", \n {\n { \"actions\", \n {\n \"aws:pass\",\n \"ExampleMetricsAction\",\n } },\n { \"matchAttributes\", \n {\n { \"destination\", \n {\n \n {\n { \"addressDefinition\", \"124.1.1.5/32\" },\n },\n } },\n { \"destinationPort\", \n {\n \n {\n { \"fromPort\", 443 },\n { \"toPort\", 443 },\n },\n } },\n { \"protocols\", \n {\n 6,\n } },\n { \"source\", \n {\n \n {\n { \"addressDefinition\", \"1.2.3.4/32\" },\n },\n } },\n { \"sourcePort\", \n {\n \n {\n { \"fromPort\", 443 },\n { \"toPort\", 443 },\n },\n } },\n { \"tcpFlag\", \n {\n \n {\n { \"flags\", \n {\n \"SYN\",\n } },\n { \"masks\", \n {\n \"SYN\",\n \"ACK\",\n } },\n },\n } },\n } },\n } },\n },\n },\n },\n },\n },\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n Type = \"STATELESS\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/networkfirewall\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := networkfirewall.NewRuleGroup(ctx, \"example\", &networkfirewall.RuleGroupArgs{\n\t\t\tCapacity: pulumi.Int(100),\n\t\t\tDescription: pulumi.String(\"Stateless Rate Limiting Rule\"),\n\t\t\tRuleGroup: &networkfirewall.RuleGroupRuleGroupArgs{\n\t\t\t\tRulesSource: &networkfirewall.RuleGroupRuleGroupRulesSourceArgs{\n\t\t\t\t\tStatelessRulesAndCustomActions: &networkfirewall.RuleGroupRuleGroupRulesSourceStatelessRulesAndCustomActionsArgs{\n\t\t\t\t\t\tCustomAction: []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"actionDefinition\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"publishMetricAction\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\"dimension\": []map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\t\t\"value\": \"2\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\"actionName\": \"ExampleMetricsAction\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tStatelessRule: []map[string]interface{}{\n\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\"priority\": 1,\n\t\t\t\t\t\t\t\t\"ruleDefinition\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"actions\": []string{\n\t\t\t\t\t\t\t\t\t\t\"aws:pass\",\n\t\t\t\t\t\t\t\t\t\t\"ExampleMetricsAction\",\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\"matchAttributes\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\"destination\": []map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\t\t\"addressDefinition\": \"124.1.1.5/32\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\"destinationPort\": []map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\t\t\"fromPort\": 443,\n\t\t\t\t\t\t\t\t\t\t\t\t\"toPort\": 443,\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\"protocols\": []float64{\n\t\t\t\t\t\t\t\t\t\t\t6,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\"source\": []map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\t\t\"addressDefinition\": \"1.2.3.4/32\",\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\"sourcePort\": []map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\t\t\"fromPort\": 443,\n\t\t\t\t\t\t\t\t\t\t\t\t\"toPort\": 443,\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\"tcpFlag\": []map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\t\t\t\"flags\": []string{\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"SYN\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\"masks\": []string{\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"SYN\",\n\t\t\t\t\t\t\t\t\t\t\t\t\t\"ACK\",\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"STATELESS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nNetwork Firewall Rule Groups can be imported using their `ARN`.\n\n```sh\n $ pulumi import aws:networkfirewall/ruleGroup:RuleGroup example arn:aws:network-firewall:us-west-1:123456789012:stateful-rulegroup/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the rule group.\n" + }, + "capacity": { + "type": "integer", + "description": "The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the rule group.\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the rule group.\n" + }, + "ruleGroup": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroup:RuleGroupRuleGroup", + "description": "A configuration block that defines the rule group rules. Required unless `rules` is specified. See Rule Group below for details.\n", + "language": { + "csharp": { + "name": "RuleGroupConfiguration" + } + } + }, + "rules": { + "type": "string", + "description": "The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless `rule_group` is specified.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`.\n" + }, + "updateToken": { + "type": "string", + "description": "A string token used when updating the rule group.\n" + } + }, + "required": [ + "arn", + "capacity", + "name", + "ruleGroup", + "tagsAll", + "type", + "updateToken" + ], + "inputProperties": { + "capacity": { + "type": "integer", + "description": "The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the rule group.\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the rule group.\n" + }, + "ruleGroup": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroup:RuleGroupRuleGroup", + "description": "A configuration block that defines the rule group rules. Required unless `rules` is specified. See Rule Group below for details.\n", + "language": { + "csharp": { + "name": "RuleGroupConfiguration" + } + } + }, + "rules": { + "type": "string", + "description": "The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless `rule_group` is specified.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`.\n" + } + }, + "requiredInputs": [ + "capacity", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RuleGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the rule group.\n" + }, + "capacity": { + "type": "integer", + "description": "The maximum number of operating resources that this rule group can use. For a stateless rule group, the capacity required is the sum of the capacity requirements of the individual rules. For a stateful rule group, the minimum capacity required is the number of individual rules.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the rule group.\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the rule group.\n" + }, + "ruleGroup": { + "$ref": "#/types/aws:networkfirewall/RuleGroupRuleGroup:RuleGroupRuleGroup", + "description": "A configuration block that defines the rule group rules. Required unless `rules` is specified. See Rule Group below for details.\n", + "language": { + "csharp": { + "name": "RuleGroupConfiguration" + } + } + }, + "rules": { + "type": "string", + "description": "The stateful rule group rules specifications in Suricata file format, with one rule per line. Use this to import your existing Suricata compatible rule groups. Required unless `rule_group` is specified.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Whether the rule group is stateless (containing stateless rules) or stateful (containing stateful rules). Valid values include: `STATEFUL` or `STATELESS`.\n" + }, + "updateToken": { + "type": "string", + "description": "A string token used when updating the rule group.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/application:Application": { + "description": "Provides an OpsWorks application resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst foo_app = new aws.opsworks.Application(\"foo-app\", {\n shortName: \"foobar\",\n stackId: aws_opsworks_stack.main.id,\n type: \"rails\",\n description: \"This is a Rails application\",\n domains: [\n \"example.com\",\n \"sub.example.com\",\n ],\n environments: [{\n key: \"key\",\n value: \"value\",\n secure: false,\n }],\n appSources: [{\n type: \"git\",\n revision: \"master\",\n url: \"https://github.com/example.git\",\n }],\n enableSsl: true,\n sslConfigurations: [{\n privateKey: fs.readFileSync(\"./foobar.key\"),\n certificate: fs.readFileSync(\"./foobar.crt\"),\n }],\n documentRoot: \"public\",\n autoBundleOnDeploy: true,\n railsEnv: \"staging\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_app = aws.opsworks.Application(\"foo-app\",\n short_name=\"foobar\",\n stack_id=aws_opsworks_stack[\"main\"][\"id\"],\n type=\"rails\",\n description=\"This is a Rails application\",\n domains=[\n \"example.com\",\n \"sub.example.com\",\n ],\n environments=[aws.opsworks.ApplicationEnvironmentArgs(\n key=\"key\",\n value=\"value\",\n secure=False,\n )],\n app_sources=[aws.opsworks.ApplicationAppSourceArgs(\n type=\"git\",\n revision=\"master\",\n url=\"https://github.com/example.git\",\n )],\n enable_ssl=True,\n ssl_configurations=[aws.opsworks.ApplicationSslConfigurationArgs(\n private_key=(lambda path: open(path).read())(\"./foobar.key\"),\n certificate=(lambda path: open(path).read())(\"./foobar.crt\"),\n )],\n document_root=\"public\",\n auto_bundle_on_deploy=\"true\",\n rails_env=\"staging\")\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo_app = new Aws.OpsWorks.Application(\"foo-app\", new Aws.OpsWorks.ApplicationArgs\n {\n ShortName = \"foobar\",\n StackId = aws_opsworks_stack.Main.Id,\n Type = \"rails\",\n Description = \"This is a Rails application\",\n Domains = \n {\n \"example.com\",\n \"sub.example.com\",\n },\n Environments = \n {\n new Aws.OpsWorks.Inputs.ApplicationEnvironmentArgs\n {\n Key = \"key\",\n Value = \"value\",\n Secure = false,\n },\n },\n AppSources = \n {\n new Aws.OpsWorks.Inputs.ApplicationAppSourceArgs\n {\n Type = \"git\",\n Revision = \"master\",\n Url = \"https://github.com/example.git\",\n },\n },\n EnableSsl = true,\n SslConfigurations = \n {\n new Aws.OpsWorks.Inputs.ApplicationSslConfigurationArgs\n {\n PrivateKey = File.ReadAllText(\"./foobar.key\"),\n Certificate = File.ReadAllText(\"./foobar.crt\"),\n },\n },\n DocumentRoot = \"public\",\n AutoBundleOnDeploy = \"true\",\n RailsEnv = \"staging\",\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nOpsworks Application can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:opsworks/application:Application test \n```\n\n ", + "properties": { + "appSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/ApplicationAppSource:ApplicationAppSource" + }, + "description": "SCM configuration of the app as described below.\n" + }, + "autoBundleOnDeploy": { + "type": "string", + "description": "Run bundle install when deploying for application of type `rails`.\n" + }, + "awsFlowRubySettings": { + "type": "string", + "description": "Specify activity and workflow workers for your app using the aws-flow gem.\n" + }, + "dataSourceArn": { + "type": "string", + "description": "The data source's ARN.\n" + }, + "dataSourceDatabaseName": { + "type": "string", + "description": "The database name.\n" + }, + "dataSourceType": { + "type": "string", + "description": "The data source's type one of `AutoSelectOpsworksMysqlInstance`, `OpsworksMysqlInstance`, or `RdsDbInstance`.\n" + }, + "description": { + "type": "string", + "description": "A description of the app.\n" + }, + "documentRoot": { + "type": "string", + "description": "Subfolder for the document root for application of type `rails`.\n" + }, + "domains": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of virtual host alias.\n" + }, + "enableSsl": { + "type": "boolean", + "description": "Whether to enable SSL for the app. This must be set in order to let `ssl_configuration.private_key`, `ssl_configuration.certificate` and `ssl_configuration.chain` take effect.\n" + }, + "environments": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/ApplicationEnvironment:ApplicationEnvironment" + }, + "description": "Object to define environment variables. Object is described below.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the application.\n" + }, + "railsEnv": { + "type": "string", + "description": "The name of the Rails environment for application of type `rails`.\n" + }, + "shortName": { + "type": "string", + "description": "A short, machine-readable name for the application. This can only be defined on resource creation and ignored on resource update.\n" + }, + "sslConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/ApplicationSslConfiguration:ApplicationSslConfiguration" + }, + "description": "The SSL configuration of the app. Object is described below.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the application will belong to.\n" + }, + "type": { + "type": "string", + "description": "Opsworks application type. One of `aws-flow-ruby`, `java`, `rails`, `php`, `nodejs`, `static` or `other`.\n" + } + }, + "required": [ + "appSources", + "name", + "shortName", + "stackId", + "type" + ], + "inputProperties": { + "appSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/ApplicationAppSource:ApplicationAppSource" + }, + "description": "SCM configuration of the app as described below.\n" + }, + "autoBundleOnDeploy": { + "type": "string", + "description": "Run bundle install when deploying for application of type `rails`.\n" + }, + "awsFlowRubySettings": { + "type": "string", + "description": "Specify activity and workflow workers for your app using the aws-flow gem.\n" + }, + "dataSourceArn": { + "type": "string", + "description": "The data source's ARN.\n" + }, + "dataSourceDatabaseName": { + "type": "string", + "description": "The database name.\n" + }, + "dataSourceType": { + "type": "string", + "description": "The data source's type one of `AutoSelectOpsworksMysqlInstance`, `OpsworksMysqlInstance`, or `RdsDbInstance`.\n" + }, + "description": { + "type": "string", + "description": "A description of the app.\n" + }, + "documentRoot": { + "type": "string", + "description": "Subfolder for the document root for application of type `rails`.\n" + }, + "domains": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of virtual host alias.\n" + }, + "enableSsl": { + "type": "boolean", + "description": "Whether to enable SSL for the app. This must be set in order to let `ssl_configuration.private_key`, `ssl_configuration.certificate` and `ssl_configuration.chain` take effect.\n" + }, + "environments": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/ApplicationEnvironment:ApplicationEnvironment" + }, + "description": "Object to define environment variables. Object is described below.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the application.\n" + }, + "railsEnv": { + "type": "string", + "description": "The name of the Rails environment for application of type `rails`.\n" + }, + "shortName": { + "type": "string", + "description": "A short, machine-readable name for the application. This can only be defined on resource creation and ignored on resource update.\n" + }, + "sslConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/ApplicationSslConfiguration:ApplicationSslConfiguration" + }, + "description": "The SSL configuration of the app. Object is described below.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the application will belong to.\n" + }, + "type": { + "type": "string", + "description": "Opsworks application type. One of `aws-flow-ruby`, `java`, `rails`, `php`, `nodejs`, `static` or `other`.\n" + } + }, + "requiredInputs": [ + "stackId", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Application resources.\n", + "properties": { + "appSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/ApplicationAppSource:ApplicationAppSource" + }, + "description": "SCM configuration of the app as described below.\n" + }, + "autoBundleOnDeploy": { + "type": "string", + "description": "Run bundle install when deploying for application of type `rails`.\n" + }, + "awsFlowRubySettings": { + "type": "string", + "description": "Specify activity and workflow workers for your app using the aws-flow gem.\n" + }, + "dataSourceArn": { + "type": "string", + "description": "The data source's ARN.\n" + }, + "dataSourceDatabaseName": { + "type": "string", + "description": "The database name.\n" + }, + "dataSourceType": { + "type": "string", + "description": "The data source's type one of `AutoSelectOpsworksMysqlInstance`, `OpsworksMysqlInstance`, or `RdsDbInstance`.\n" + }, + "description": { + "type": "string", + "description": "A description of the app.\n" + }, + "documentRoot": { + "type": "string", + "description": "Subfolder for the document root for application of type `rails`.\n" + }, + "domains": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of virtual host alias.\n" + }, + "enableSsl": { + "type": "boolean", + "description": "Whether to enable SSL for the app. This must be set in order to let `ssl_configuration.private_key`, `ssl_configuration.certificate` and `ssl_configuration.chain` take effect.\n" + }, + "environments": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/ApplicationEnvironment:ApplicationEnvironment" + }, + "description": "Object to define environment variables. Object is described below.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the application.\n" + }, + "railsEnv": { + "type": "string", + "description": "The name of the Rails environment for application of type `rails`.\n" + }, + "shortName": { + "type": "string", + "description": "A short, machine-readable name for the application. This can only be defined on resource creation and ignored on resource update.\n" + }, + "sslConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/ApplicationSslConfiguration:ApplicationSslConfiguration" + }, + "description": "The SSL configuration of the app. Object is described below.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the application will belong to.\n" + }, + "type": { + "type": "string", + "description": "Opsworks application type. One of `aws-flow-ruby`, `java`, `rails`, `php`, `nodejs`, `static` or `other`.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/customLayer:CustomLayer": { + "description": "Provides an OpsWorks custom layer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst custlayer = new aws.opsworks.CustomLayer(\"custlayer\", {\n shortName: \"awesome\",\n stackId: aws_opsworks_stack.main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncustlayer = aws.opsworks.CustomLayer(\"custlayer\",\n short_name=\"awesome\",\n stack_id=aws_opsworks_stack[\"main\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var custlayer = new Aws.OpsWorks.CustomLayer(\"custlayer\", new Aws.OpsWorks.CustomLayerArgs\n {\n ShortName = \"awesome\",\n StackId = aws_opsworks_stack.Main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewCustomLayer(ctx, \"custlayer\", &opsworks.CustomLayerArgs{\n\t\t\tShortName: pulumi.String(\"awesome\"),\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nOpsWorks Custom Layers can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:opsworks/customLayer:CustomLayer bar 00000000-0000-0000-0000-000000000000\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/CustomLayerEbsVolume:CustomLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "shortName": { + "type": "string", + "description": "A short, machine-readable name for the layer, which will be used to identify it in the Chef node JSON.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "required": [ + "arn", + "name", + "shortName", + "stackId", + "tagsAll" + ], + "inputProperties": { + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/CustomLayerEbsVolume:CustomLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "shortName": { + "type": "string", + "description": "A short, machine-readable name for the layer, which will be used to identify it in the Chef node JSON.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "requiredInputs": [ + "shortName", + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CustomLayer resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/CustomLayerEbsVolume:CustomLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "shortName": { + "type": "string", + "description": "A short, machine-readable name for the layer, which will be used to identify it in the Chef node JSON.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/gangliaLayer:GangliaLayer": { + "description": "Provides an OpsWorks Ganglia layer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst monitor = new aws.opsworks.GangliaLayer(\"monitor\", {\n stackId: aws_opsworks_stack.main.id,\n password: \"foobarbaz\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmonitor = aws.opsworks.GangliaLayer(\"monitor\",\n stack_id=aws_opsworks_stack[\"main\"][\"id\"],\n password=\"foobarbaz\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var monitor = new Aws.OpsWorks.GangliaLayer(\"monitor\", new Aws.OpsWorks.GangliaLayerArgs\n {\n StackId = aws_opsworks_stack.Main.Id,\n Password = \"foobarbaz\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewGangliaLayer(ctx, \"monitor\", &opsworks.GangliaLayerArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t\tPassword: pulumi.String(\"foobarbaz\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/GangliaLayerEbsVolume:GangliaLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "password": { + "type": "string", + "description": "The password to use for Ganglia.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "url": { + "type": "string", + "description": "The URL path to use for Ganglia. Defaults to \"/ganglia\".\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + }, + "username": { + "type": "string", + "description": "The username to use for Ganglia. Defaults to \"opsworks\".\n" + } + }, + "required": [ + "arn", + "name", + "password", + "stackId", + "tagsAll" + ], + "inputProperties": { + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/GangliaLayerEbsVolume:GangliaLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "password": { + "type": "string", + "description": "The password to use for Ganglia.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "url": { + "type": "string", + "description": "The URL path to use for Ganglia. Defaults to \"/ganglia\".\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + }, + "username": { + "type": "string", + "description": "The username to use for Ganglia. Defaults to \"opsworks\".\n" + } + }, + "requiredInputs": [ + "password", + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GangliaLayer resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/GangliaLayerEbsVolume:GangliaLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "password": { + "type": "string", + "description": "The password to use for Ganglia.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "url": { + "type": "string", + "description": "The URL path to use for Ganglia. Defaults to \"/ganglia\".\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + }, + "username": { + "type": "string", + "description": "The username to use for Ganglia. Defaults to \"opsworks\".\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/haproxyLayer:HaproxyLayer": { + "description": "Provides an OpsWorks haproxy layer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lb = new aws.opsworks.HaproxyLayer(\"lb\", {\n stackId: aws_opsworks_stack.main.id,\n statsPassword: \"foobarbaz\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlb = aws.opsworks.HaproxyLayer(\"lb\",\n stack_id=aws_opsworks_stack[\"main\"][\"id\"],\n stats_password=\"foobarbaz\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lb = new Aws.OpsWorks.HaproxyLayer(\"lb\", new Aws.OpsWorks.HaproxyLayerArgs\n {\n StackId = aws_opsworks_stack.Main.Id,\n StatsPassword = \"foobarbaz\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewHaproxyLayer(ctx, \"lb\", &opsworks.HaproxyLayerArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t\tStatsPassword: pulumi.String(\"foobarbaz\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/HaproxyLayerEbsVolume:HaproxyLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "healthcheckMethod": { + "type": "string", + "description": "HTTP method to use for instance healthchecks. Defaults to \"OPTIONS\".\n" + }, + "healthcheckUrl": { + "type": "string", + "description": "URL path to use for instance healthchecks. Defaults to \"/\".\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "statsEnabled": { + "type": "boolean", + "description": "Whether to enable HAProxy stats.\n" + }, + "statsPassword": { + "type": "string", + "description": "The password to use for HAProxy stats.\n" + }, + "statsUrl": { + "type": "string", + "description": "The HAProxy stats URL. Defaults to \"/haproxy?stats\".\n" + }, + "statsUser": { + "type": "string", + "description": "The username for HAProxy stats. Defaults to \"opsworks\".\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "required": [ + "arn", + "name", + "stackId", + "statsPassword", + "tagsAll" + ], + "inputProperties": { + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/HaproxyLayerEbsVolume:HaproxyLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "healthcheckMethod": { + "type": "string", + "description": "HTTP method to use for instance healthchecks. Defaults to \"OPTIONS\".\n" + }, + "healthcheckUrl": { + "type": "string", + "description": "URL path to use for instance healthchecks. Defaults to \"/\".\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "statsEnabled": { + "type": "boolean", + "description": "Whether to enable HAProxy stats.\n" + }, + "statsPassword": { + "type": "string", + "description": "The password to use for HAProxy stats.\n" + }, + "statsUrl": { + "type": "string", + "description": "The HAProxy stats URL. Defaults to \"/haproxy?stats\".\n" + }, + "statsUser": { + "type": "string", + "description": "The username for HAProxy stats. Defaults to \"opsworks\".\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "requiredInputs": [ + "stackId", + "statsPassword" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering HaproxyLayer resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/HaproxyLayerEbsVolume:HaproxyLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "healthcheckMethod": { + "type": "string", + "description": "HTTP method to use for instance healthchecks. Defaults to \"OPTIONS\".\n" + }, + "healthcheckUrl": { + "type": "string", + "description": "URL path to use for instance healthchecks. Defaults to \"/\".\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "statsEnabled": { + "type": "boolean", + "description": "Whether to enable HAProxy stats.\n" + }, + "statsPassword": { + "type": "string", + "description": "The password to use for HAProxy stats.\n" + }, + "statsUrl": { + "type": "string", + "description": "The HAProxy stats URL. Defaults to \"/haproxy?stats\".\n" + }, + "statsUser": { + "type": "string", + "description": "The username for HAProxy stats. Defaults to \"opsworks\".\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/instance:Instance": { + "description": "Provides an OpsWorks instance resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst my_instance = new aws.opsworks.Instance(\"my-instance\", {\n stackId: aws_opsworks_stack.main.id,\n layerIds: [aws_opsworks_custom_layer[\"my-layer\"].id],\n instanceType: \"t2.micro\",\n os: \"Amazon Linux 2015.09\",\n state: \"stopped\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_instance = aws.opsworks.Instance(\"my-instance\",\n stack_id=aws_opsworks_stack[\"main\"][\"id\"],\n layer_ids=[aws_opsworks_custom_layer[\"my-layer\"][\"id\"]],\n instance_type=\"t2.micro\",\n os=\"Amazon Linux 2015.09\",\n state=\"stopped\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var my_instance = new Aws.OpsWorks.Instance(\"my-instance\", new Aws.OpsWorks.InstanceArgs\n {\n StackId = aws_opsworks_stack.Main.Id,\n LayerIds = \n {\n aws_opsworks_custom_layer.My_layer.Id,\n },\n InstanceType = \"t2.micro\",\n Os = \"Amazon Linux 2015.09\",\n State = \"stopped\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewInstance(ctx, \"my_instance\", &opsworks.InstanceArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t\tLayerIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_opsworks_custom_layer.My - layer.Id),\n\t\t\t},\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tOs: pulumi.String(\"Amazon Linux 2015.09\"),\n\t\t\tState: pulumi.String(\"stopped\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Block devices\n\nEach of the `*_block_device` attributes controls a portion of the AWS\nInstance's \"Block Device Mapping\". It's a good idea to familiarize yourself with [AWS's Block Device\nMapping docs](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/block-device-mapping-concepts.html)\nto understand the implications of using these attributes.\n\nThe `root_block_device` mapping supports the following:\n\n* `volume_type` - (Optional) The type of volume. Can be `\"standard\"`, `\"gp2\"`,\n or `\"io1\"`. (Default: `\"standard\"`).\n* `volume_size` - (Optional) The size of the volume in gigabytes.\n* `iops` - (Optional) The amount of provisioned\n [IOPS](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html).\n This must be set with a `volume_type` of `\"io1\"`.\n* `delete_on_termination` - (Optional) Whether the volume should be destroyed\n on instance termination (Default: `true`).\n\nModifying any of the `root_block_device` settings requires resource\nreplacement.\n\nEach `ebs_block_device` supports the following:\n\n* `device_name` - The name of the device to mount.\n* `snapshot_id` - (Optional) The Snapshot ID to mount.\n* `volume_type` - (Optional) The type of volume. Can be `\"standard\"`, `\"gp2\"`,\n or `\"io1\"`. (Default: `\"standard\"`).\n* `volume_size` - (Optional) The size of the volume in gigabytes.\n* `iops` - (Optional) The amount of provisioned\n [IOPS](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-io-characteristics.html).\n This must be set with a `volume_type` of `\"io1\"`.\n* `delete_on_termination` - (Optional) Whether the volume should be destroyed\n on instance termination (Default: `true`).\n\nModifying any `ebs_block_device` currently requires resource replacement.\n\nEach `ephemeral_block_device` supports the following:\n\n* `device_name` - The name of the block device to mount on the instance.\n* `virtual_name` - The [Instance Store Device\n Name](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#InstanceStoreDeviceNames)\n (e.g. `\"ephemeral0\"`)\n\nEach AWS Instance type has a different set of Instance Store block devices\navailable for attachment. AWS [publishes a\nlist](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html#StorageOnInstanceTypes)\nof which ephemeral devices are available on each type. The devices are always\nidentified by the `virtual_name` in the format `\"ephemeral{0..N}\"`.\n\n> **NOTE:** Currently, changes to `*_block_device` configuration of _existing_\nresources cannot be automatically detected by this provider. After making updates\nto block device configuration, resource recreation can be manually triggered by\nusing the [`up` command with the --replace argument](https://www.pulumi.com/docs/reference/cli/pulumi_up/).\n\n\n## Import\n\nOpsworks Instances can be imported using the `instance id`, e.g.\n\n```sh\n $ pulumi import aws:opsworks/instance:Instance my_instance 4d6d1710-ded9-42a1-b08e-b043ad7af1e2\n```\n\n ", + "properties": { + "agentVersion": { + "type": "string", + "description": "The AWS OpsWorks agent to install. Defaults to `\"INHERIT\"`.\n" + }, + "amiId": { + "type": "string", + "description": "The AMI to use for the instance. If an AMI is specified, `os` must be `\"Custom\"`.\n" + }, + "architecture": { + "type": "string", + "description": "Machine architecture for created instances. Can be either `\"x86_64\"` (the default) or `\"i386\"`\n" + }, + "autoScalingType": { + "type": "string", + "description": "Creates load-based or time-based instances. If set, can be either: `\"load\"` or `\"timer\"`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "Name of the availability zone where instances will be created\nby default.\n" + }, + "createdAt": { + "type": "string" + }, + "deleteEbs": { + "type": "boolean" + }, + "deleteEip": { + "type": "boolean" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/InstanceEbsBlockDevice:InstanceEbsBlockDevice" + }, + "description": "Additional EBS block devices to attach to the\ninstance. See Block Devices below for details.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized.\n" + }, + "ec2InstanceId": { + "type": "string", + "description": "EC2 instance ID\n" + }, + "ecsClusterArn": { + "type": "string" + }, + "elasticIp": { + "type": "string" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/InstanceEphemeralBlockDevice:InstanceEphemeralBlockDevice" + }, + "description": "Customize Ephemeral (also known as\n\"Instance Store\") volumes on the instance. See Block Devices below for details.\n" + }, + "hostname": { + "type": "string", + "description": "The instance's host name.\n" + }, + "infrastructureClass": { + "type": "string" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Controls where to install OS and package updates when the instance boots. Defaults to `true`.\n" + }, + "instanceProfileArn": { + "type": "string" + }, + "instanceType": { + "type": "string", + "description": "The type of instance to start\n" + }, + "lastServiceErrorId": { + "type": "string" + }, + "layerIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ids of the layers the instance will belong to.\n" + }, + "os": { + "type": "string", + "description": "Name of operating system that will be installed.\n" + }, + "platform": { + "type": "string" + }, + "privateDns": { + "type": "string", + "description": "The private DNS name assigned to the instance. Can only be\nused inside the Amazon EC2, and only available if you've enabled DNS hostnames\nfor your VPC\n" + }, + "privateIp": { + "type": "string", + "description": "The private IP address assigned to the instance\n" + }, + "publicDns": { + "type": "string", + "description": "The public DNS name assigned to the instance. For EC2-VPC, this\nis only available if you've enabled DNS hostnames for your VPC\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP address assigned to the instance, if applicable.\n" + }, + "registeredBy": { + "type": "string" + }, + "reportedAgentVersion": { + "type": "string" + }, + "reportedOsFamily": { + "type": "string" + }, + "reportedOsName": { + "type": "string" + }, + "reportedOsVersion": { + "type": "string" + }, + "rootBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/InstanceRootBlockDevice:InstanceRootBlockDevice" + }, + "description": "Customize details about the root block\ndevice of the instance. See Block Devices below for details.\n" + }, + "rootDeviceType": { + "type": "string", + "description": "Name of the type of root device instances will have by default. Can be either `\"ebs\"` or `\"instance-store\"`\n" + }, + "rootDeviceVolumeId": { + "type": "string" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The associated security groups.\n" + }, + "sshHostDsaKeyFingerprint": { + "type": "string" + }, + "sshHostRsaKeyFingerprint": { + "type": "string" + }, + "sshKeyName": { + "type": "string", + "description": "Name of the SSH keypair that instances will have by default.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the instance will belong to.\n" + }, + "state": { + "type": "string", + "description": "The desired state of the instance. Can be either `\"running\"` or `\"stopped\"`.\n" + }, + "status": { + "type": "string" + }, + "subnetId": { + "type": "string", + "description": "Subnet ID to attach to\n" + }, + "tenancy": { + "type": "string", + "description": "Instance tenancy to use. Can be one of `\"default\"`, `\"dedicated\"` or `\"host\"`\n" + }, + "virtualizationType": { + "type": "string", + "description": "Keyword to choose what virtualization mode created instances\nwill use. Can be either `\"paravirtual\"` or `\"hvm\"`.\n" + } + }, + "required": [ + "amiId", + "availabilityZone", + "createdAt", + "ebsBlockDevices", + "ec2InstanceId", + "ecsClusterArn", + "elasticIp", + "ephemeralBlockDevices", + "hostname", + "infrastructureClass", + "instanceProfileArn", + "lastServiceErrorId", + "layerIds", + "os", + "platform", + "privateDns", + "privateIp", + "publicDns", + "publicIp", + "registeredBy", + "reportedAgentVersion", + "reportedOsFamily", + "reportedOsName", + "reportedOsVersion", + "rootBlockDevices", + "rootDeviceType", + "rootDeviceVolumeId", + "securityGroupIds", + "sshHostDsaKeyFingerprint", + "sshHostRsaKeyFingerprint", + "sshKeyName", + "stackId", + "status", + "subnetId", + "tenancy", + "virtualizationType" + ], + "inputProperties": { + "agentVersion": { + "type": "string", + "description": "The AWS OpsWorks agent to install. Defaults to `\"INHERIT\"`.\n" + }, + "amiId": { + "type": "string", + "description": "The AMI to use for the instance. If an AMI is specified, `os` must be `\"Custom\"`.\n" + }, + "architecture": { + "type": "string", + "description": "Machine architecture for created instances. Can be either `\"x86_64\"` (the default) or `\"i386\"`\n" + }, + "autoScalingType": { + "type": "string", + "description": "Creates load-based or time-based instances. If set, can be either: `\"load\"` or `\"timer\"`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "Name of the availability zone where instances will be created\nby default.\n" + }, + "createdAt": { + "type": "string" + }, + "deleteEbs": { + "type": "boolean" + }, + "deleteEip": { + "type": "boolean" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/InstanceEbsBlockDevice:InstanceEbsBlockDevice" + }, + "description": "Additional EBS block devices to attach to the\ninstance. See Block Devices below for details.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized.\n" + }, + "ecsClusterArn": { + "type": "string" + }, + "elasticIp": { + "type": "string" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/InstanceEphemeralBlockDevice:InstanceEphemeralBlockDevice" + }, + "description": "Customize Ephemeral (also known as\n\"Instance Store\") volumes on the instance. See Block Devices below for details.\n" + }, + "hostname": { + "type": "string", + "description": "The instance's host name.\n" + }, + "infrastructureClass": { + "type": "string" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Controls where to install OS and package updates when the instance boots. Defaults to `true`.\n" + }, + "instanceProfileArn": { + "type": "string" + }, + "instanceType": { + "type": "string", + "description": "The type of instance to start\n" + }, + "lastServiceErrorId": { + "type": "string" + }, + "layerIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ids of the layers the instance will belong to.\n" + }, + "os": { + "type": "string", + "description": "Name of operating system that will be installed.\n" + }, + "platform": { + "type": "string" + }, + "privateDns": { + "type": "string", + "description": "The private DNS name assigned to the instance. Can only be\nused inside the Amazon EC2, and only available if you've enabled DNS hostnames\nfor your VPC\n" + }, + "privateIp": { + "type": "string", + "description": "The private IP address assigned to the instance\n" + }, + "publicDns": { + "type": "string", + "description": "The public DNS name assigned to the instance. For EC2-VPC, this\nis only available if you've enabled DNS hostnames for your VPC\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP address assigned to the instance, if applicable.\n" + }, + "registeredBy": { + "type": "string" + }, + "reportedAgentVersion": { + "type": "string" + }, + "reportedOsFamily": { + "type": "string" + }, + "reportedOsName": { + "type": "string" + }, + "reportedOsVersion": { + "type": "string" + }, + "rootBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/InstanceRootBlockDevice:InstanceRootBlockDevice" + }, + "description": "Customize details about the root block\ndevice of the instance. See Block Devices below for details.\n" + }, + "rootDeviceType": { + "type": "string", + "description": "Name of the type of root device instances will have by default. Can be either `\"ebs\"` or `\"instance-store\"`\n" + }, + "rootDeviceVolumeId": { + "type": "string" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The associated security groups.\n" + }, + "sshHostDsaKeyFingerprint": { + "type": "string" + }, + "sshHostRsaKeyFingerprint": { + "type": "string" + }, + "sshKeyName": { + "type": "string", + "description": "Name of the SSH keypair that instances will have by default.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the instance will belong to.\n" + }, + "state": { + "type": "string", + "description": "The desired state of the instance. Can be either `\"running\"` or `\"stopped\"`.\n" + }, + "status": { + "type": "string" + }, + "subnetId": { + "type": "string", + "description": "Subnet ID to attach to\n" + }, + "tenancy": { + "type": "string", + "description": "Instance tenancy to use. Can be one of `\"default\"`, `\"dedicated\"` or `\"host\"`\n" + }, + "virtualizationType": { + "type": "string", + "description": "Keyword to choose what virtualization mode created instances\nwill use. Can be either `\"paravirtual\"` or `\"hvm\"`.\n" + } + }, + "requiredInputs": [ + "layerIds", + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Instance resources.\n", + "properties": { + "agentVersion": { + "type": "string", + "description": "The AWS OpsWorks agent to install. Defaults to `\"INHERIT\"`.\n" + }, + "amiId": { + "type": "string", + "description": "The AMI to use for the instance. If an AMI is specified, `os` must be `\"Custom\"`.\n" + }, + "architecture": { + "type": "string", + "description": "Machine architecture for created instances. Can be either `\"x86_64\"` (the default) or `\"i386\"`\n" + }, + "autoScalingType": { + "type": "string", + "description": "Creates load-based or time-based instances. If set, can be either: `\"load\"` or `\"timer\"`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "Name of the availability zone where instances will be created\nby default.\n" + }, + "createdAt": { + "type": "string" + }, + "deleteEbs": { + "type": "boolean" + }, + "deleteEip": { + "type": "boolean" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/InstanceEbsBlockDevice:InstanceEbsBlockDevice" + }, + "description": "Additional EBS block devices to attach to the\ninstance. See Block Devices below for details.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "If true, the launched EC2 instance will be EBS-optimized.\n" + }, + "ec2InstanceId": { + "type": "string", + "description": "EC2 instance ID\n" + }, + "ecsClusterArn": { + "type": "string" + }, + "elasticIp": { + "type": "string" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/InstanceEphemeralBlockDevice:InstanceEphemeralBlockDevice" + }, + "description": "Customize Ephemeral (also known as\n\"Instance Store\") volumes on the instance. See Block Devices below for details.\n" + }, + "hostname": { + "type": "string", + "description": "The instance's host name.\n" + }, + "infrastructureClass": { + "type": "string" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Controls where to install OS and package updates when the instance boots. Defaults to `true`.\n" + }, + "instanceProfileArn": { + "type": "string" + }, + "instanceType": { + "type": "string", + "description": "The type of instance to start\n" + }, + "lastServiceErrorId": { + "type": "string" + }, + "layerIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ids of the layers the instance will belong to.\n" + }, + "os": { + "type": "string", + "description": "Name of operating system that will be installed.\n" + }, + "platform": { + "type": "string" + }, + "privateDns": { + "type": "string", + "description": "The private DNS name assigned to the instance. Can only be\nused inside the Amazon EC2, and only available if you've enabled DNS hostnames\nfor your VPC\n" + }, + "privateIp": { + "type": "string", + "description": "The private IP address assigned to the instance\n" + }, + "publicDns": { + "type": "string", + "description": "The public DNS name assigned to the instance. For EC2-VPC, this\nis only available if you've enabled DNS hostnames for your VPC\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP address assigned to the instance, if applicable.\n" + }, + "registeredBy": { + "type": "string" + }, + "reportedAgentVersion": { + "type": "string" + }, + "reportedOsFamily": { + "type": "string" + }, + "reportedOsName": { + "type": "string" + }, + "reportedOsVersion": { + "type": "string" + }, + "rootBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/InstanceRootBlockDevice:InstanceRootBlockDevice" + }, + "description": "Customize details about the root block\ndevice of the instance. See Block Devices below for details.\n" + }, + "rootDeviceType": { + "type": "string", + "description": "Name of the type of root device instances will have by default. Can be either `\"ebs\"` or `\"instance-store\"`\n" + }, + "rootDeviceVolumeId": { + "type": "string" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The associated security groups.\n" + }, + "sshHostDsaKeyFingerprint": { + "type": "string" + }, + "sshHostRsaKeyFingerprint": { + "type": "string" + }, + "sshKeyName": { + "type": "string", + "description": "Name of the SSH keypair that instances will have by default.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the instance will belong to.\n" + }, + "state": { + "type": "string", + "description": "The desired state of the instance. Can be either `\"running\"` or `\"stopped\"`.\n" + }, + "status": { + "type": "string" + }, + "subnetId": { + "type": "string", + "description": "Subnet ID to attach to\n" + }, + "tenancy": { + "type": "string", + "description": "Instance tenancy to use. Can be one of `\"default\"`, `\"dedicated\"` or `\"host\"`\n" + }, + "virtualizationType": { + "type": "string", + "description": "Keyword to choose what virtualization mode created instances\nwill use. Can be either `\"paravirtual\"` or `\"hvm\"`.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/javaAppLayer:JavaAppLayer": { + "description": "Provides an OpsWorks Java application layer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.opsworks.JavaAppLayer(\"app\", {stackId: aws_opsworks_stack.main.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.opsworks.JavaAppLayer(\"app\", stack_id=aws_opsworks_stack[\"main\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.OpsWorks.JavaAppLayer(\"app\", new Aws.OpsWorks.JavaAppLayerArgs\n {\n StackId = aws_opsworks_stack.Main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewJavaAppLayer(ctx, \"app\", &opsworks.JavaAppLayerArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "appServer": { + "type": "string", + "description": "Keyword for the application container to use. Defaults to \"tomcat\".\n" + }, + "appServerVersion": { + "type": "string", + "description": "Version of the selected application container to use. Defaults to \"7\".\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/JavaAppLayerEbsVolume:JavaAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "jvmOptions": { + "type": "string", + "description": "Options to set for the JVM.\n" + }, + "jvmType": { + "type": "string", + "description": "Keyword for the type of JVM to use. Defaults to `openjdk`.\n" + }, + "jvmVersion": { + "type": "string", + "description": "Version of JVM to use. Defaults to \"7\".\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "required": [ + "arn", + "name", + "stackId", + "tagsAll" + ], + "inputProperties": { + "appServer": { + "type": "string", + "description": "Keyword for the application container to use. Defaults to \"tomcat\".\n" + }, + "appServerVersion": { + "type": "string", + "description": "Version of the selected application container to use. Defaults to \"7\".\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/JavaAppLayerEbsVolume:JavaAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "jvmOptions": { + "type": "string", + "description": "Options to set for the JVM.\n" + }, + "jvmType": { + "type": "string", + "description": "Keyword for the type of JVM to use. Defaults to `openjdk`.\n" + }, + "jvmVersion": { + "type": "string", + "description": "Version of JVM to use. Defaults to \"7\".\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "requiredInputs": [ + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering JavaAppLayer resources.\n", + "properties": { + "appServer": { + "type": "string", + "description": "Keyword for the application container to use. Defaults to \"tomcat\".\n" + }, + "appServerVersion": { + "type": "string", + "description": "Version of the selected application container to use. Defaults to \"7\".\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/JavaAppLayerEbsVolume:JavaAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "jvmOptions": { + "type": "string", + "description": "Options to set for the JVM.\n" + }, + "jvmType": { + "type": "string", + "description": "Keyword for the type of JVM to use. Defaults to `openjdk`.\n" + }, + "jvmVersion": { + "type": "string", + "description": "Version of JVM to use. Defaults to \"7\".\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/memcachedLayer:MemcachedLayer": { + "description": "Provides an OpsWorks memcached layer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cache = new aws.opsworks.MemcachedLayer(\"cache\", {stackId: aws_opsworks_stack.main.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncache = aws.opsworks.MemcachedLayer(\"cache\", stack_id=aws_opsworks_stack[\"main\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cache = new Aws.OpsWorks.MemcachedLayer(\"cache\", new Aws.OpsWorks.MemcachedLayerArgs\n {\n StackId = aws_opsworks_stack.Main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewMemcachedLayer(ctx, \"cache\", &opsworks.MemcachedLayerArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "allocatedMemory": { + "type": "integer", + "description": "Amount of memory to allocate for the cache on each instance, in megabytes. Defaults to 512MB.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/MemcachedLayerEbsVolume:MemcachedLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "required": [ + "arn", + "name", + "stackId", + "tagsAll" + ], + "inputProperties": { + "allocatedMemory": { + "type": "integer", + "description": "Amount of memory to allocate for the cache on each instance, in megabytes. Defaults to 512MB.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/MemcachedLayerEbsVolume:MemcachedLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "requiredInputs": [ + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MemcachedLayer resources.\n", + "properties": { + "allocatedMemory": { + "type": "integer", + "description": "Amount of memory to allocate for the cache on each instance, in megabytes. Defaults to 512MB.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/MemcachedLayerEbsVolume:MemcachedLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/mysqlLayer:MysqlLayer": { + "description": "Provides an OpsWorks MySQL layer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst db = new aws.opsworks.MysqlLayer(\"db\", {stackId: aws_opsworks_stack.main.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndb = aws.opsworks.MysqlLayer(\"db\", stack_id=aws_opsworks_stack[\"main\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var db = new Aws.OpsWorks.MysqlLayer(\"db\", new Aws.OpsWorks.MysqlLayerArgs\n {\n StackId = aws_opsworks_stack.Main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewMysqlLayer(ctx, \"db\", &opsworks.MysqlLayerArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/MysqlLayerEbsVolume:MysqlLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "rootPassword": { + "type": "string", + "description": "Root password to use for MySQL.\n" + }, + "rootPasswordOnAllInstances": { + "type": "boolean", + "description": "Whether to set the root user password to all instances in the stack so they can access the instances in this layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "required": [ + "arn", + "name", + "stackId", + "tagsAll" + ], + "inputProperties": { + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/MysqlLayerEbsVolume:MysqlLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "rootPassword": { + "type": "string", + "description": "Root password to use for MySQL.\n" + }, + "rootPasswordOnAllInstances": { + "type": "boolean", + "description": "Whether to set the root user password to all instances in the stack so they can access the instances in this layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "requiredInputs": [ + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MysqlLayer resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/MysqlLayerEbsVolume:MysqlLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "rootPassword": { + "type": "string", + "description": "Root password to use for MySQL.\n" + }, + "rootPasswordOnAllInstances": { + "type": "boolean", + "description": "Whether to set the root user password to all instances in the stack so they can access the instances in this layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/nodejsAppLayer:NodejsAppLayer": { + "description": "Provides an OpsWorks NodeJS application layer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.opsworks.NodejsAppLayer(\"app\", {stackId: aws_opsworks_stack.main.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.opsworks.NodejsAppLayer(\"app\", stack_id=aws_opsworks_stack[\"main\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.OpsWorks.NodejsAppLayer(\"app\", new Aws.OpsWorks.NodejsAppLayerArgs\n {\n StackId = aws_opsworks_stack.Main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewNodejsAppLayer(ctx, \"app\", &opsworks.NodejsAppLayerArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/NodejsAppLayerEbsVolume:NodejsAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "nodejsVersion": { + "type": "string", + "description": "The version of NodeJS to use. Defaults to \"0.10.38\".\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "required": [ + "arn", + "name", + "stackId", + "tagsAll" + ], + "inputProperties": { + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/NodejsAppLayerEbsVolume:NodejsAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "nodejsVersion": { + "type": "string", + "description": "The version of NodeJS to use. Defaults to \"0.10.38\".\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "requiredInputs": [ + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NodejsAppLayer resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/NodejsAppLayerEbsVolume:NodejsAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "nodejsVersion": { + "type": "string", + "description": "The version of NodeJS to use. Defaults to \"0.10.38\".\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/permission:Permission": { + "description": "Provides an OpsWorks permission resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myStackPermission = new aws.opsworks.Permission(\"myStackPermission\", {\n allowSsh: true,\n allowSudo: true,\n level: \"iam_only\",\n userArn: aws_iam_user.user.arn,\n stackId: aws_opsworks_stack.stack.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_stack_permission = aws.opsworks.Permission(\"myStackPermission\",\n allow_ssh=True,\n allow_sudo=True,\n level=\"iam_only\",\n user_arn=aws_iam_user[\"user\"][\"arn\"],\n stack_id=aws_opsworks_stack[\"stack\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myStackPermission = new Aws.OpsWorks.Permission(\"myStackPermission\", new Aws.OpsWorks.PermissionArgs\n {\n AllowSsh = true,\n AllowSudo = true,\n Level = \"iam_only\",\n UserArn = aws_iam_user.User.Arn,\n StackId = aws_opsworks_stack.Stack.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewPermission(ctx, \"myStackPermission\", &opsworks.PermissionArgs{\n\t\t\tAllowSsh: pulumi.Bool(true),\n\t\t\tAllowSudo: pulumi.Bool(true),\n\t\t\tLevel: pulumi.String(\"iam_only\"),\n\t\t\tUserArn: pulumi.Any(aws_iam_user.User.Arn),\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Stack.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "allowSsh": { + "type": "boolean", + "description": "Whether the user is allowed to use SSH to communicate with the instance\n" + }, + "allowSudo": { + "type": "boolean", + "description": "Whether the user is allowed to use sudo to elevate privileges\n" + }, + "level": { + "type": "string", + "description": "The users permission level. Mus be one of `deny`, `show`, `deploy`, `manage`, `iam_only`\n" + }, + "stackId": { + "type": "string", + "description": "The stack to set the permissions for\n" + }, + "userArn": { + "type": "string", + "description": "The user's IAM ARN to set permissions for\n" + } + }, + "required": [ + "allowSsh", + "allowSudo", + "level", + "stackId", + "userArn" + ], + "inputProperties": { + "allowSsh": { + "type": "boolean", + "description": "Whether the user is allowed to use SSH to communicate with the instance\n" + }, + "allowSudo": { + "type": "boolean", + "description": "Whether the user is allowed to use sudo to elevate privileges\n" + }, + "level": { + "type": "string", + "description": "The users permission level. Mus be one of `deny`, `show`, `deploy`, `manage`, `iam_only`\n" + }, + "stackId": { + "type": "string", + "description": "The stack to set the permissions for\n" + }, + "userArn": { + "type": "string", + "description": "The user's IAM ARN to set permissions for\n" + } + }, + "requiredInputs": [ + "userArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Permission resources.\n", + "properties": { + "allowSsh": { + "type": "boolean", + "description": "Whether the user is allowed to use SSH to communicate with the instance\n" + }, + "allowSudo": { + "type": "boolean", + "description": "Whether the user is allowed to use sudo to elevate privileges\n" + }, + "level": { + "type": "string", + "description": "The users permission level. Mus be one of `deny`, `show`, `deploy`, `manage`, `iam_only`\n" + }, + "stackId": { + "type": "string", + "description": "The stack to set the permissions for\n" + }, + "userArn": { + "type": "string", + "description": "The user's IAM ARN to set permissions for\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/phpAppLayer:PhpAppLayer": { + "description": "Provides an OpsWorks PHP application layer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.opsworks.PhpAppLayer(\"app\", {stackId: aws_opsworks_stack.main.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.opsworks.PhpAppLayer(\"app\", stack_id=aws_opsworks_stack[\"main\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.OpsWorks.PhpAppLayer(\"app\", new Aws.OpsWorks.PhpAppLayerArgs\n {\n StackId = aws_opsworks_stack.Main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewPhpAppLayer(ctx, \"app\", &opsworks.PhpAppLayerArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nOpsWorks PHP Application Layers can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:opsworks/phpAppLayer:PhpAppLayer bar 00000000-0000-0000-0000-000000000000\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/PhpAppLayerEbsVolume:PhpAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "required": [ + "arn", + "name", + "stackId", + "tagsAll" + ], + "inputProperties": { + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/PhpAppLayerEbsVolume:PhpAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "requiredInputs": [ + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PhpAppLayer resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/PhpAppLayerEbsVolume:PhpAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/railsAppLayer:RailsAppLayer": { + "description": "Provides an OpsWorks Ruby on Rails application layer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.opsworks.RailsAppLayer(\"app\", {stackId: aws_opsworks_stack.main.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.opsworks.RailsAppLayer(\"app\", stack_id=aws_opsworks_stack[\"main\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.OpsWorks.RailsAppLayer(\"app\", new Aws.OpsWorks.RailsAppLayerArgs\n {\n StackId = aws_opsworks_stack.Main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewRailsAppLayer(ctx, \"app\", &opsworks.RailsAppLayerArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "appServer": { + "type": "string", + "description": "Keyword for the app server to use. Defaults to \"apache_passenger\".\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "bundlerVersion": { + "type": "string", + "description": "When OpsWorks is managing Bundler, which version to use. Defaults to \"1.5.3\".\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/RailsAppLayerEbsVolume:RailsAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "manageBundler": { + "type": "boolean", + "description": "Whether OpsWorks should manage bundler. On by default.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "passengerVersion": { + "type": "string", + "description": "The version of Passenger to use. Defaults to \"4.0.46\".\n" + }, + "rubyVersion": { + "type": "string", + "description": "The version of Ruby to use. Defaults to \"2.0.0\".\n" + }, + "rubygemsVersion": { + "type": "string", + "description": "The version of RubyGems to use. Defaults to \"2.2.2\".\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "required": [ + "arn", + "name", + "stackId", + "tagsAll" + ], + "inputProperties": { + "appServer": { + "type": "string", + "description": "Keyword for the app server to use. Defaults to \"apache_passenger\".\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "bundlerVersion": { + "type": "string", + "description": "When OpsWorks is managing Bundler, which version to use. Defaults to \"1.5.3\".\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/RailsAppLayerEbsVolume:RailsAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "manageBundler": { + "type": "boolean", + "description": "Whether OpsWorks should manage bundler. On by default.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "passengerVersion": { + "type": "string", + "description": "The version of Passenger to use. Defaults to \"4.0.46\".\n" + }, + "rubyVersion": { + "type": "string", + "description": "The version of Ruby to use. Defaults to \"2.0.0\".\n" + }, + "rubygemsVersion": { + "type": "string", + "description": "The version of RubyGems to use. Defaults to \"2.2.2\".\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "requiredInputs": [ + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RailsAppLayer resources.\n", + "properties": { + "appServer": { + "type": "string", + "description": "Keyword for the app server to use. Defaults to \"apache_passenger\".\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "bundlerVersion": { + "type": "string", + "description": "When OpsWorks is managing Bundler, which version to use. Defaults to \"1.5.3\".\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the layer.\n" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/RailsAppLayerEbsVolume:RailsAppLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "manageBundler": { + "type": "boolean", + "description": "Whether OpsWorks should manage bundler. On by default.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "passengerVersion": { + "type": "string", + "description": "The version of Passenger to use. Defaults to \"4.0.46\".\n" + }, + "rubyVersion": { + "type": "string", + "description": "The version of Ruby to use. Defaults to \"2.0.0\".\n" + }, + "rubygemsVersion": { + "type": "string", + "description": "The version of RubyGems to use. Defaults to \"2.2.2\".\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/rdsDbInstance:RdsDbInstance": { + "description": "Provides an OpsWorks RDS DB Instance resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myInstance = new aws.opsworks.RdsDbInstance(\"myInstance\", {\n stackId: aws_opsworks_stack.my_stack.id,\n rdsDbInstanceArn: aws_db_instance.my_instance.arn,\n dbUser: \"someUser\",\n dbPassword: \"somePass\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_instance = aws.opsworks.RdsDbInstance(\"myInstance\",\n stack_id=aws_opsworks_stack[\"my_stack\"][\"id\"],\n rds_db_instance_arn=aws_db_instance[\"my_instance\"][\"arn\"],\n db_user=\"someUser\",\n db_password=\"somePass\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myInstance = new Aws.OpsWorks.RdsDbInstance(\"myInstance\", new Aws.OpsWorks.RdsDbInstanceArgs\n {\n StackId = aws_opsworks_stack.My_stack.Id,\n RdsDbInstanceArn = aws_db_instance.My_instance.Arn,\n DbUser = \"someUser\",\n DbPassword = \"somePass\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewRdsDbInstance(ctx, \"myInstance\", &opsworks.RdsDbInstanceArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.My_stack.Id),\n\t\t\tRdsDbInstanceArn: pulumi.Any(aws_db_instance.My_instance.Arn),\n\t\t\tDbUser: pulumi.String(\"someUser\"),\n\t\t\tDbPassword: pulumi.String(\"somePass\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "dbPassword": { + "type": "string", + "description": "A db password\n" + }, + "dbUser": { + "type": "string", + "description": "A db username\n" + }, + "rdsDbInstanceArn": { + "type": "string", + "description": "The db instance to register for this stack. Changing this will force a new resource.\n" + }, + "stackId": { + "type": "string", + "description": "The stack to register a db instance for. Changing this will force a new resource.\n" + } + }, + "required": [ + "dbPassword", + "dbUser", + "rdsDbInstanceArn", + "stackId" + ], + "inputProperties": { + "dbPassword": { + "type": "string", + "description": "A db password\n" + }, + "dbUser": { + "type": "string", + "description": "A db username\n" + }, + "rdsDbInstanceArn": { + "type": "string", + "description": "The db instance to register for this stack. Changing this will force a new resource.\n" + }, + "stackId": { + "type": "string", + "description": "The stack to register a db instance for. Changing this will force a new resource.\n" + } + }, + "requiredInputs": [ + "dbPassword", + "dbUser", + "rdsDbInstanceArn", + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RdsDbInstance resources.\n", + "properties": { + "dbPassword": { + "type": "string", + "description": "A db password\n" + }, + "dbUser": { + "type": "string", + "description": "A db username\n" + }, + "rdsDbInstanceArn": { + "type": "string", + "description": "The db instance to register for this stack. Changing this will force a new resource.\n" + }, + "stackId": { + "type": "string", + "description": "The stack to register a db instance for. Changing this will force a new resource.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/stack:Stack": { + "description": "Provides an OpsWorks stack resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.opsworks.Stack(\"main\", {\n region: \"us-west-1\",\n serviceRoleArn: aws_iam_role.opsworks.arn,\n defaultInstanceProfileArn: aws_iam_instance_profile.opsworks.arn,\n tags: {\n Name: \"foobar-stack\",\n },\n customJson: `{\n \"foobar\": {\n \"version\": \"1.0.0\"\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.opsworks.Stack(\"main\",\n region=\"us-west-1\",\n service_role_arn=aws_iam_role[\"opsworks\"][\"arn\"],\n default_instance_profile_arn=aws_iam_instance_profile[\"opsworks\"][\"arn\"],\n tags={\n \"Name\": \"foobar-stack\",\n },\n custom_json=\"\"\"{\n \"foobar\": {\n \"version\": \"1.0.0\"\n }\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.OpsWorks.Stack(\"main\", new Aws.OpsWorks.StackArgs\n {\n Region = \"us-west-1\",\n ServiceRoleArn = aws_iam_role.Opsworks.Arn,\n DefaultInstanceProfileArn = aws_iam_instance_profile.Opsworks.Arn,\n Tags = \n {\n { \"Name\", \"foobar-stack\" },\n },\n CustomJson = @\"{\n \"\"foobar\"\": {\n \"\"version\"\": \"\"1.0.0\"\"\n }\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewStack(ctx, \"main\", &opsworks.StackArgs{\n\t\t\tRegion: pulumi.String(\"us-west-1\"),\n\t\t\tServiceRoleArn: pulumi.Any(aws_iam_role.Opsworks.Arn),\n\t\t\tDefaultInstanceProfileArn: pulumi.Any(aws_iam_instance_profile.Opsworks.Arn),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foobar-stack\"),\n\t\t\t},\n\t\t\tCustomJson: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v\", \"{\\n\", \" \\\"foobar\\\": {\\n\", \" \\\"version\\\": \\\"1.0.0\\\"\\n\", \" }\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nOpsWorks stacks can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:opsworks/stack:Stack bar 00000000-0000-0000-0000-000000000000\n```\n\n ", + "properties": { + "agentVersion": { + "type": "string", + "description": "If set to `\"LATEST\"`, OpsWorks will automatically install the latest version.\n" + }, + "arn": { + "type": "string" + }, + "berkshelfVersion": { + "type": "string", + "description": "If `manage_berkshelf` is enabled, the version of Berkshelf to use.\n" + }, + "color": { + "type": "string", + "description": "Color to paint next to the stack's resources in the OpsWorks console.\n" + }, + "configurationManagerName": { + "type": "string", + "description": "Name of the configuration manager to use. Defaults to \"Chef\".\n" + }, + "configurationManagerVersion": { + "type": "string", + "description": "Version of the configuration manager to use. Defaults to \"11.4\".\n" + }, + "customCookbooksSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/StackCustomCookbooksSource:StackCustomCookbooksSource" + }, + "description": "When `use_custom_cookbooks` is set, provide this sub-object as\ndescribed below.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the entire stack.\n" + }, + "defaultAvailabilityZone": { + "type": "string", + "description": "Name of the availability zone where instances will be created\nby default. This is required unless you set `vpc_id`.\n" + }, + "defaultInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM Instance Profile that created instances\nwill have by default.\n" + }, + "defaultOs": { + "type": "string", + "description": "Name of OS that will be installed on instances by default.\n" + }, + "defaultRootDeviceType": { + "type": "string", + "description": "Name of the type of root device instances will have by default.\n" + }, + "defaultSshKeyName": { + "type": "string", + "description": "Name of the SSH keypair that instances will have by default.\n" + }, + "defaultSubnetId": { + "type": "string", + "description": "Id of the subnet in which instances will be created by default. Mandatory\nif `vpc_id` is set, and forbidden if it isn't.\n" + }, + "hostnameTheme": { + "type": "string", + "description": "Keyword representing the naming scheme that will be used for instance hostnames\nwithin this stack.\n" + }, + "manageBerkshelf": { + "type": "boolean", + "description": "Boolean value controlling whether Opsworks will run Berkshelf for this stack.\n" + }, + "name": { + "type": "string", + "description": "The name of the stack.\n" + }, + "region": { + "type": "string", + "description": "The name of the region where the stack will exist.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The ARN of an IAM role that the OpsWorks service will act as.\n" + }, + "stackEndpoint": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useCustomCookbooks": { + "type": "boolean", + "description": "Boolean value controlling whether the custom cookbook settings are\nenabled.\n" + }, + "useOpsworksSecurityGroups": { + "type": "boolean", + "description": "Boolean value controlling whether the standard OpsWorks\nsecurity groups apply to created instances.\n" + }, + "vpcId": { + "type": "string", + "description": "The id of the VPC that this stack belongs to.\n" + } + }, + "required": [ + "agentVersion", + "arn", + "customCookbooksSources", + "defaultAvailabilityZone", + "defaultInstanceProfileArn", + "defaultSubnetId", + "name", + "region", + "serviceRoleArn", + "stackEndpoint", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "agentVersion": { + "type": "string", + "description": "If set to `\"LATEST\"`, OpsWorks will automatically install the latest version.\n" + }, + "berkshelfVersion": { + "type": "string", + "description": "If `manage_berkshelf` is enabled, the version of Berkshelf to use.\n" + }, + "color": { + "type": "string", + "description": "Color to paint next to the stack's resources in the OpsWorks console.\n" + }, + "configurationManagerName": { + "type": "string", + "description": "Name of the configuration manager to use. Defaults to \"Chef\".\n" + }, + "configurationManagerVersion": { + "type": "string", + "description": "Version of the configuration manager to use. Defaults to \"11.4\".\n" + }, + "customCookbooksSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/StackCustomCookbooksSource:StackCustomCookbooksSource" + }, + "description": "When `use_custom_cookbooks` is set, provide this sub-object as\ndescribed below.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the entire stack.\n" + }, + "defaultAvailabilityZone": { + "type": "string", + "description": "Name of the availability zone where instances will be created\nby default. This is required unless you set `vpc_id`.\n" + }, + "defaultInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM Instance Profile that created instances\nwill have by default.\n" + }, + "defaultOs": { + "type": "string", + "description": "Name of OS that will be installed on instances by default.\n" + }, + "defaultRootDeviceType": { + "type": "string", + "description": "Name of the type of root device instances will have by default.\n" + }, + "defaultSshKeyName": { + "type": "string", + "description": "Name of the SSH keypair that instances will have by default.\n" + }, + "defaultSubnetId": { + "type": "string", + "description": "Id of the subnet in which instances will be created by default. Mandatory\nif `vpc_id` is set, and forbidden if it isn't.\n" + }, + "hostnameTheme": { + "type": "string", + "description": "Keyword representing the naming scheme that will be used for instance hostnames\nwithin this stack.\n" + }, + "manageBerkshelf": { + "type": "boolean", + "description": "Boolean value controlling whether Opsworks will run Berkshelf for this stack.\n" + }, + "name": { + "type": "string", + "description": "The name of the stack.\n" + }, + "region": { + "type": "string", + "description": "The name of the region where the stack will exist.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The ARN of an IAM role that the OpsWorks service will act as.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useCustomCookbooks": { + "type": "boolean", + "description": "Boolean value controlling whether the custom cookbook settings are\nenabled.\n" + }, + "useOpsworksSecurityGroups": { + "type": "boolean", + "description": "Boolean value controlling whether the standard OpsWorks\nsecurity groups apply to created instances.\n" + }, + "vpcId": { + "type": "string", + "description": "The id of the VPC that this stack belongs to.\n" + } + }, + "requiredInputs": [ + "defaultInstanceProfileArn", + "region", + "serviceRoleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Stack resources.\n", + "properties": { + "agentVersion": { + "type": "string", + "description": "If set to `\"LATEST\"`, OpsWorks will automatically install the latest version.\n" + }, + "arn": { + "type": "string" + }, + "berkshelfVersion": { + "type": "string", + "description": "If `manage_berkshelf` is enabled, the version of Berkshelf to use.\n" + }, + "color": { + "type": "string", + "description": "Color to paint next to the stack's resources in the OpsWorks console.\n" + }, + "configurationManagerName": { + "type": "string", + "description": "Name of the configuration manager to use. Defaults to \"Chef\".\n" + }, + "configurationManagerVersion": { + "type": "string", + "description": "Version of the configuration manager to use. Defaults to \"11.4\".\n" + }, + "customCookbooksSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/StackCustomCookbooksSource:StackCustomCookbooksSource" + }, + "description": "When `use_custom_cookbooks` is set, provide this sub-object as\ndescribed below.\n" + }, + "customJson": { + "type": "string", + "description": "Custom JSON attributes to apply to the entire stack.\n" + }, + "defaultAvailabilityZone": { + "type": "string", + "description": "Name of the availability zone where instances will be created\nby default. This is required unless you set `vpc_id`.\n" + }, + "defaultInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM Instance Profile that created instances\nwill have by default.\n" + }, + "defaultOs": { + "type": "string", + "description": "Name of OS that will be installed on instances by default.\n" + }, + "defaultRootDeviceType": { + "type": "string", + "description": "Name of the type of root device instances will have by default.\n" + }, + "defaultSshKeyName": { + "type": "string", + "description": "Name of the SSH keypair that instances will have by default.\n" + }, + "defaultSubnetId": { + "type": "string", + "description": "Id of the subnet in which instances will be created by default. Mandatory\nif `vpc_id` is set, and forbidden if it isn't.\n" + }, + "hostnameTheme": { + "type": "string", + "description": "Keyword representing the naming scheme that will be used for instance hostnames\nwithin this stack.\n" + }, + "manageBerkshelf": { + "type": "boolean", + "description": "Boolean value controlling whether Opsworks will run Berkshelf for this stack.\n" + }, + "name": { + "type": "string", + "description": "The name of the stack.\n" + }, + "region": { + "type": "string", + "description": "The name of the region where the stack will exist.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The ARN of an IAM role that the OpsWorks service will act as.\n" + }, + "stackEndpoint": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useCustomCookbooks": { + "type": "boolean", + "description": "Boolean value controlling whether the custom cookbook settings are\nenabled.\n" + }, + "useOpsworksSecurityGroups": { + "type": "boolean", + "description": "Boolean value controlling whether the standard OpsWorks\nsecurity groups apply to created instances.\n" + }, + "vpcId": { + "type": "string", + "description": "The id of the VPC that this stack belongs to.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/staticWebLayer:StaticWebLayer": { + "description": "Provides an OpsWorks static web server layer resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst web = new aws.opsworks.StaticWebLayer(\"web\", {stackId: aws_opsworks_stack.main.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nweb = aws.opsworks.StaticWebLayer(\"web\", stack_id=aws_opsworks_stack[\"main\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var web = new Aws.OpsWorks.StaticWebLayer(\"web\", new Aws.OpsWorks.StaticWebLayerArgs\n {\n StackId = aws_opsworks_stack.Main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewStaticWebLayer(ctx, \"web\", &opsworks.StaticWebLayerArgs{\n\t\t\tStackId: pulumi.Any(aws_opsworks_stack.Main.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nOpsWorks static web server Layers can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:opsworks/staticWebLayer:StaticWebLayer bar 00000000-0000-0000-0000-000000000000\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/StaticWebLayerEbsVolume:StaticWebLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "required": [ + "arn", + "name", + "stackId", + "tagsAll" + ], + "inputProperties": { + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/StaticWebLayerEbsVolume:StaticWebLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "requiredInputs": [ + "stackId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering StaticWebLayer resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the layer.\n" + }, + "autoAssignElasticIps": { + "type": "boolean", + "description": "Whether to automatically assign an elastic IP address to the layer's instances.\n" + }, + "autoAssignPublicIps": { + "type": "boolean", + "description": "For stacks belonging to a VPC, whether to automatically assign a public IP address to each of the layer's instances.\n" + }, + "autoHealing": { + "type": "boolean", + "description": "Whether to enable auto-healing for the layer.\n" + }, + "customConfigureRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customDeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customInstanceProfileArn": { + "type": "string", + "description": "The ARN of an IAM profile that will be used for the layer's instances.\n" + }, + "customJson": { + "type": "string" + }, + "customSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ids for a set of security groups to apply to the layer's instances.\n" + }, + "customSetupRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customShutdownRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "customUndeployRecipes": { + "type": "array", + "items": { + "type": "string" + } + }, + "drainElbOnShutdown": { + "type": "boolean", + "description": "Whether to enable Elastic Load Balancing connection draining.\n" + }, + "ebsVolumes": { + "type": "array", + "items": { + "$ref": "#/types/aws:opsworks/StaticWebLayerEbsVolume:StaticWebLayerEbsVolume" + }, + "description": "`ebs_volume` blocks, as described below, will each create an EBS volume and connect it to the layer's instances.\n" + }, + "elasticLoadBalancer": { + "type": "string", + "description": "Name of an Elastic Load Balancer to attach to this layer\n" + }, + "installUpdatesOnBoot": { + "type": "boolean", + "description": "Whether to install OS and package updates on each instance when it boots.\n" + }, + "instanceShutdownTimeout": { + "type": "integer", + "description": "The time, in seconds, that OpsWorks will wait for Chef to complete after triggering the Shutdown event.\n" + }, + "name": { + "type": "string", + "description": "A human-readable name for the layer.\n" + }, + "stackId": { + "type": "string", + "description": "The id of the stack the layer will belong to.\n" + }, + "systemPackages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of a set of system packages to install on the layer's instances.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "useEbsOptimizedInstances": { + "type": "boolean", + "description": "Whether to use EBS-optimized instances.\n" + } + }, + "type": "object" + } + }, + "aws:opsworks/userProfile:UserProfile": { + "description": "Provides an OpsWorks User Profile resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myProfile = new aws.opsworks.UserProfile(\"myProfile\", {\n userArn: aws_iam_user.user.arn,\n sshUsername: \"my_user\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_profile = aws.opsworks.UserProfile(\"myProfile\",\n user_arn=aws_iam_user[\"user\"][\"arn\"],\n ssh_username=\"my_user\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myProfile = new Aws.OpsWorks.UserProfile(\"myProfile\", new Aws.OpsWorks.UserProfileArgs\n {\n UserArn = aws_iam_user.User.Arn,\n SshUsername = \"my_user\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/opsworks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := opsworks.NewUserProfile(ctx, \"myProfile\", &opsworks.UserProfileArgs{\n\t\t\tUserArn: pulumi.Any(aws_iam_user.User.Arn),\n\t\t\tSshUsername: pulumi.String(\"my_user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "allowSelfManagement": { + "type": "boolean", + "description": "Whether users can specify their own SSH public key through the My Settings page\n" + }, + "sshPublicKey": { + "type": "string", + "description": "The users public key\n" + }, + "sshUsername": { + "type": "string", + "description": "The ssh username, with witch this user wants to log in\n" + }, + "userArn": { + "type": "string", + "description": "The user's IAM ARN\n" + } + }, + "required": [ + "sshUsername", + "userArn" + ], + "inputProperties": { + "allowSelfManagement": { + "type": "boolean", + "description": "Whether users can specify their own SSH public key through the My Settings page\n" + }, + "sshPublicKey": { + "type": "string", + "description": "The users public key\n" + }, + "sshUsername": { + "type": "string", + "description": "The ssh username, with witch this user wants to log in\n" + }, + "userArn": { + "type": "string", + "description": "The user's IAM ARN\n" + } + }, + "requiredInputs": [ + "sshUsername", + "userArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserProfile resources.\n", + "properties": { + "allowSelfManagement": { + "type": "boolean", + "description": "Whether users can specify their own SSH public key through the My Settings page\n" + }, + "sshPublicKey": { + "type": "string", + "description": "The users public key\n" + }, + "sshUsername": { + "type": "string", + "description": "The ssh username, with witch this user wants to log in\n" + }, + "userArn": { + "type": "string", + "description": "The user's IAM ARN\n" + } + }, + "type": "object" + } + }, + "aws:organizations/account:Account": { + "description": "Provides a resource to create a member account in the current organization.\n\n> **Note:** Account management must be done from the organization's master account.\n\n!> **WARNING:** Deleting this resource will only remove an AWS account from an organization. This provider will not close the account. The member account must be prepared to be a standalone account beforehand. See the [AWS Organizations documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html) for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst account = new aws.organizations.Account(\"account\", {\n email: \"john@doe.org\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccount = aws.organizations.Account(\"account\", email=\"john@doe.org\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var account = new Aws.Organizations.Account(\"account\", new Aws.Organizations.AccountArgs\n {\n Email = \"john@doe.org\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewAccount(ctx, \"account\", &organizations.AccountArgs{\n\t\t\tEmail: pulumi.String(\"john@doe.org\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe AWS member account can be imported by using the `account_id`, e.g.\n\n```sh\n $ pulumi import aws:organizations/account:Account my_org 111111111111\n```\n\n Certain resource arguments, like `role_name`, do not have an Organizations API method for reading the information after account creation. If the argument is set in the this provider configuration on an imported resource, this provider will always show a difference. To workaround this behavior, either omit the argument from the this provider configuration or use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to hide the difference, e.g. terraform resource \"aws_organizations_account\" \"account\" {\n\n name\n\n\n\n\n\n= \"my_new_account\"\n\n email\n\n\n\n = \"john@doe.org\"\n\n role_name = \"myOrganizationRole\"\n\n # There is no AWS Organizations API for reading role_name\n\n lifecycle {\n\n\n\n ignore_changes = [role_name]\n\n } } ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN for this account.\n" + }, + "email": { + "type": "string", + "description": "The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.\n" + }, + "iamUserAccessToBilling": { + "type": "string", + "description": "If set to `ALLOW`, the new account enables IAM users to access account billing information if they have the required permissions. If set to `DENY`, then only the root user of the new account can access account billing information.\n" + }, + "joinedMethod": { + "type": "string" + }, + "joinedTimestamp": { + "type": "string" + }, + "name": { + "type": "string", + "description": "A friendly name for the member account.\n" + }, + "parentId": { + "type": "string", + "description": "Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.\n" + }, + "roleName": { + "type": "string", + "description": "The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) is used.\n" + }, + "status": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "required": [ + "arn", + "email", + "joinedMethod", + "joinedTimestamp", + "name", + "parentId", + "status", + "tagsAll" + ], + "inputProperties": { + "email": { + "type": "string", + "description": "The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.\n" + }, + "iamUserAccessToBilling": { + "type": "string", + "description": "If set to `ALLOW`, the new account enables IAM users to access account billing information if they have the required permissions. If set to `DENY`, then only the root user of the new account can access account billing information.\n" + }, + "name": { + "type": "string", + "description": "A friendly name for the member account.\n" + }, + "parentId": { + "type": "string", + "description": "Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.\n" + }, + "roleName": { + "type": "string", + "description": "The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) is used.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "requiredInputs": [ + "email" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Account resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN for this account.\n" + }, + "email": { + "type": "string", + "description": "The email address of the owner to assign to the new member account. This email address must not already be associated with another AWS account.\n" + }, + "iamUserAccessToBilling": { + "type": "string", + "description": "If set to `ALLOW`, the new account enables IAM users to access account billing information if they have the required permissions. If set to `DENY`, then only the root user of the new account can access account billing information.\n" + }, + "joinedMethod": { + "type": "string" + }, + "joinedTimestamp": { + "type": "string" + }, + "name": { + "type": "string", + "description": "A friendly name for the member account.\n" + }, + "parentId": { + "type": "string", + "description": "Parent Organizational Unit ID or Root ID for the account. Defaults to the Organization default Root ID. A configuration must be present for this argument to perform drift detection.\n" + }, + "roleName": { + "type": "string", + "description": "The name of an IAM role that Organizations automatically preconfigures in the new member account. This role trusts the master account, allowing users in the master account to assume the role, as permitted by the master account administrator. The role has administrator permissions in the new member account. The Organizations API provides no method for reading this information after account creation, so this provider cannot perform drift detection on its value and will always show a difference for a configured value after import unless [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) is used.\n" + }, + "status": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "type": "object" + } + }, + "aws:organizations/delegatedAdministrator:DelegatedAdministrator": { + "description": "Provides a resource to manage an [AWS Organizations Delegated Administrator](https://docs.aws.amazon.com/organizations/latest/APIReference/API_RegisterDelegatedAdministrator.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.organizations.DelegatedAdministrator(\"example\", {\n accountId: \"AWS ACCOUNT ID\",\n servicePrincipal: \"Service principal\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.organizations.DelegatedAdministrator(\"example\",\n account_id=\"AWS ACCOUNT ID\",\n service_principal=\"Service principal\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Organizations.DelegatedAdministrator(\"example\", new Aws.Organizations.DelegatedAdministratorArgs\n {\n AccountId = \"AWS ACCOUNT ID\",\n ServicePrincipal = \"Service principal\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewDelegatedAdministrator(ctx, \"example\", &organizations.DelegatedAdministratorArgs{\n\t\t\tAccountId: pulumi.String(\"AWS ACCOUNT ID\"),\n\t\t\tServicePrincipal: pulumi.String(\"Service principal\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_organizations_delegated_administrator` can be imported by using the account ID and its service principal, e.g.\n\n```sh\n $ pulumi import aws:organizations/delegatedAdministrator:DelegatedAdministrator example 123456789012/config.amazonaws.com\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "The account ID number of the member account in the organization to register as a delegated administrator.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the delegated administrator's account.\n" + }, + "delegationEnabledDate": { + "type": "string", + "description": "The date when the account was made a delegated administrator.\n" + }, + "email": { + "type": "string", + "description": "The email address that is associated with the delegated administrator's AWS account.\n" + }, + "joinedMethod": { + "type": "string", + "description": "The method by which the delegated administrator's account joined the organization.\n" + }, + "joinedTimestamp": { + "type": "string", + "description": "The date when the delegated administrator's account became a part of the organization.\n" + }, + "name": { + "type": "string", + "description": "The friendly name of the delegated administrator's account.\n" + }, + "servicePrincipal": { + "type": "string", + "description": "The service principal of the AWS service for which you want to make the member account a delegated administrator.\n" + }, + "status": { + "type": "string", + "description": "The status of the delegated administrator's account in the organization.\n" + } + }, + "required": [ + "accountId", + "arn", + "delegationEnabledDate", + "email", + "joinedMethod", + "joinedTimestamp", + "name", + "servicePrincipal", + "status" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "The account ID number of the member account in the organization to register as a delegated administrator.\n" + }, + "servicePrincipal": { + "type": "string", + "description": "The service principal of the AWS service for which you want to make the member account a delegated administrator.\n" + } + }, + "requiredInputs": [ + "accountId", + "servicePrincipal" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DelegatedAdministrator resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "The account ID number of the member account in the organization to register as a delegated administrator.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the delegated administrator's account.\n" + }, + "delegationEnabledDate": { + "type": "string", + "description": "The date when the account was made a delegated administrator.\n" + }, + "email": { + "type": "string", + "description": "The email address that is associated with the delegated administrator's AWS account.\n" + }, + "joinedMethod": { + "type": "string", + "description": "The method by which the delegated administrator's account joined the organization.\n" + }, + "joinedTimestamp": { + "type": "string", + "description": "The date when the delegated administrator's account became a part of the organization.\n" + }, + "name": { + "type": "string", + "description": "The friendly name of the delegated administrator's account.\n" + }, + "servicePrincipal": { + "type": "string", + "description": "The service principal of the AWS service for which you want to make the member account a delegated administrator.\n" + }, + "status": { + "type": "string", + "description": "The status of the delegated administrator's account in the organization.\n" + } + }, + "type": "object" + } + }, + "aws:organizations/organization:Organization": { + "description": "Provides a resource to create an organization.\n\n!> **WARNING:** When migrating from a `feature_set` of `CONSOLIDATED_BILLING` to `ALL`, the Organization account owner will received an email stating the following: \"You started the process to enable all features for your AWS organization. As part of that process, all member accounts that joined your organization by invitation must approve the change. You don’t need approval from member accounts that you directly created from within your AWS organization.\" After all member accounts have accepted the invitation, the Organization account owner must then finalize the changes via the [AWS Console](https://console.aws.amazon.com/organizations/home#/organization/settings/migration-progress). Until these steps are performed, the provider will perpetually show a difference, and the `DescribeOrganization` API will continue to show the `FeatureSet` as `CONSOLIDATED_BILLING`. See the [AWS Organizations documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.html) for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst org = new aws.organizations.Organization(\"org\", {\n awsServiceAccessPrincipals: [\n \"cloudtrail.amazonaws.com\",\n \"config.amazonaws.com\",\n ],\n featureSet: \"ALL\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norg = aws.organizations.Organization(\"org\",\n aws_service_access_principals=[\n \"cloudtrail.amazonaws.com\",\n \"config.amazonaws.com\",\n ],\n feature_set=\"ALL\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var org = new Aws.Organizations.Organization(\"org\", new Aws.Organizations.OrganizationArgs\n {\n AwsServiceAccessPrincipals = \n {\n \"cloudtrail.amazonaws.com\",\n \"config.amazonaws.com\",\n },\n FeatureSet = \"ALL\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewOrganization(ctx, \"org\", &organizations.OrganizationArgs{\n\t\t\tAwsServiceAccessPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"cloudtrail.amazonaws.com\"),\n\t\t\t\tpulumi.String(\"config.amazonaws.com\"),\n\t\t\t},\n\t\t\tFeatureSet: pulumi.String(\"ALL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nThe AWS organization can be imported by using the `id`, e.g.\n\n```sh\n $ pulumi import aws:organizations/organization:Organization my_org o-1234567\n```\n\n ", + "properties": { + "accounts": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/OrganizationAccount:OrganizationAccount" + }, + "description": "List of organization accounts including the master account. For a list excluding the master account, see the `non_master_accounts` attribute. All elements have these attributes:\n" + }, + "arn": { + "type": "string", + "description": "ARN of the root\n" + }, + "awsServiceAccessPrincipals": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have `feature_set` set to `ALL`. For additional information, see the [AWS Organizations User Guide](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html).\n" + }, + "enabledPolicyTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Organizations policy types to enable in the Organization Root. Organization must have `feature_set` set to `ALL`. For additional information about valid policy types (e.g. `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html).\n" + }, + "featureSet": { + "type": "string", + "description": "Specify \"ALL\" (default) or \"CONSOLIDATED_BILLING\".\n" + }, + "masterAccountArn": { + "type": "string", + "description": "ARN of the master account\n" + }, + "masterAccountEmail": { + "type": "string", + "description": "Email address of the master account\n" + }, + "masterAccountId": { + "type": "string", + "description": "Identifier of the master account\n" + }, + "nonMasterAccounts": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/OrganizationNonMasterAccount:OrganizationNonMasterAccount" + }, + "description": "List of organization accounts excluding the master account. For a list including the master account, see the `accounts` attribute. All elements have these attributes:\n" + }, + "roots": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/OrganizationRoot:OrganizationRoot" + }, + "description": "List of organization roots. All elements have these attributes:\n" + } + }, + "required": [ + "accounts", + "arn", + "masterAccountArn", + "masterAccountEmail", + "masterAccountId", + "nonMasterAccounts", + "roots" + ], + "inputProperties": { + "awsServiceAccessPrincipals": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have `feature_set` set to `ALL`. For additional information, see the [AWS Organizations User Guide](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html).\n" + }, + "enabledPolicyTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Organizations policy types to enable in the Organization Root. Organization must have `feature_set` set to `ALL`. For additional information about valid policy types (e.g. `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html).\n" + }, + "featureSet": { + "type": "string", + "description": "Specify \"ALL\" (default) or \"CONSOLIDATED_BILLING\".\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Organization resources.\n", + "properties": { + "accounts": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/OrganizationAccount:OrganizationAccount" + }, + "description": "List of organization accounts including the master account. For a list excluding the master account, see the `non_master_accounts` attribute. All elements have these attributes:\n" + }, + "arn": { + "type": "string", + "description": "ARN of the root\n" + }, + "awsServiceAccessPrincipals": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AWS service principal names for which you want to enable integration with your organization. This is typically in the form of a URL, such as service-abbreviation.amazonaws.com. Organization must have `feature_set` set to `ALL`. For additional information, see the [AWS Organizations User Guide](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html).\n" + }, + "enabledPolicyTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Organizations policy types to enable in the Organization Root. Organization must have `feature_set` set to `ALL`. For additional information about valid policy types (e.g. `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY`, and `TAG_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html).\n" + }, + "featureSet": { + "type": "string", + "description": "Specify \"ALL\" (default) or \"CONSOLIDATED_BILLING\".\n" + }, + "masterAccountArn": { + "type": "string", + "description": "ARN of the master account\n" + }, + "masterAccountEmail": { + "type": "string", + "description": "Email address of the master account\n" + }, + "masterAccountId": { + "type": "string", + "description": "Identifier of the master account\n" + }, + "nonMasterAccounts": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/OrganizationNonMasterAccount:OrganizationNonMasterAccount" + }, + "description": "List of organization accounts excluding the master account. For a list including the master account, see the `accounts` attribute. All elements have these attributes:\n" + }, + "roots": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/OrganizationRoot:OrganizationRoot" + }, + "description": "List of organization roots. All elements have these attributes:\n" + } + }, + "type": "object" + } + }, + "aws:organizations/organizationalUnit:OrganizationalUnit": { + "description": "Provides a resource to create an organizational unit.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.organizations.OrganizationalUnit(\"example\", {parentId: aws_organizations_organization.example.roots[0].id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.organizations.OrganizationalUnit(\"example\", parent_id=aws_organizations_organization[\"example\"][\"roots\"][0][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Organizations.OrganizationalUnit(\"example\", new Aws.Organizations.OrganizationalUnitArgs\n {\n ParentId = aws_organizations_organization.Example.Roots[0].Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewOrganizationalUnit(ctx, \"example\", &organizations.OrganizationalUnitArgs{\n\t\t\tParentId: pulumi.Any(aws_organizations_organization.Example.Roots[0].Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS Organizations Organizational Units can be imported by using the `id`, e.g.\n\n```sh\n $ pulumi import aws:organizations/organizationalUnit:OrganizationalUnit example ou-1234567\n```\n\n ", + "properties": { + "accounts": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/OrganizationalUnitAccount:OrganizationalUnitAccount" + }, + "description": "List of child accounts for this Organizational Unit. Does not return account information for child Organizational Units. All elements have these attributes:\n" + }, + "arn": { + "type": "string", + "description": "ARN of the organizational unit\n" + }, + "name": { + "type": "string", + "description": "The name for the organizational unit\n" + }, + "parentId": { + "type": "string", + "description": "ID of the parent organizational unit, which may be the root\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "accounts", + "arn", + "name", + "parentId", + "tagsAll" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name for the organizational unit\n" + }, + "parentId": { + "type": "string", + "description": "ID of the parent organizational unit, which may be the root\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "parentId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OrganizationalUnit resources.\n", + "properties": { + "accounts": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/OrganizationalUnitAccount:OrganizationalUnitAccount" + }, + "description": "List of child accounts for this Organizational Unit. Does not return account information for child Organizational Units. All elements have these attributes:\n" + }, + "arn": { + "type": "string", + "description": "ARN of the organizational unit\n" + }, + "name": { + "type": "string", + "description": "The name for the organizational unit\n" + }, + "parentId": { + "type": "string", + "description": "ID of the parent organizational unit, which may be the root\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:organizations/policy:Policy": { + "description": "Provides a resource to manage an [AWS Organizations policy](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.organizations.Policy(\"example\", {\n content: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": {\n \"Effect\": \"Allow\",\n \"Action\": \"*\",\n \"Resource\": \"*\"\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.organizations.Policy(\"example\", content=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": {\n \"Effect\": \"Allow\",\n \"Action\": \"*\",\n \"Resource\": \"*\"\n }\n}\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Organizations.Policy(\"example\", new Aws.Organizations.PolicyArgs\n {\n Content = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Action\"\": \"\"*\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n}\n\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewPolicy(ctx, \"example\", &organizations.PolicyArgs{\n\t\t\tContent: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Action\\\": \\\"*\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \"}\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_organizations_policy` can be imported by using the policy ID, e.g.\n\n```sh\n $ pulumi import aws:organizations/policy:Policy example p-12345678\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the policy.\n" + }, + "content": { + "type": "string", + "description": "The policy content to add to the new policy. For example, if you create a [service control policy (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the [Service Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) and for more information on the Tag Policy syntax, see the [Tag Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-tag-policies.html).\n" + }, + "description": { + "type": "string", + "description": "A description to assign to the policy.\n" + }, + "name": { + "type": "string", + "description": "The friendly name to assign to the policy.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of policy to create. Valid values are `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY` (SCP), and `TAG_POLICY`. Defaults to `SERVICE_CONTROL_POLICY`.\n" + } + }, + "required": [ + "arn", + "content", + "name", + "tagsAll" + ], + "inputProperties": { + "content": { + "type": "string", + "description": "The policy content to add to the new policy. For example, if you create a [service control policy (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the [Service Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) and for more information on the Tag Policy syntax, see the [Tag Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-tag-policies.html).\n" + }, + "description": { + "type": "string", + "description": "A description to assign to the policy.\n" + }, + "name": { + "type": "string", + "description": "The friendly name to assign to the policy.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of policy to create. Valid values are `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY` (SCP), and `TAG_POLICY`. Defaults to `SERVICE_CONTROL_POLICY`.\n" + } + }, + "requiredInputs": [ + "content" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Policy resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the policy.\n" + }, + "content": { + "type": "string", + "description": "The policy content to add to the new policy. For example, if you create a [service control policy (SCP)](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html), this string must be JSON text that specifies the permissions that admins in attached accounts can delegate to their users, groups, and roles. For more information about the SCP syntax, see the [Service Control Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_reference_scp-syntax.html) and for more information on the Tag Policy syntax, see the [Tag Policy Syntax documentation](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_example-tag-policies.html).\n" + }, + "description": { + "type": "string", + "description": "A description to assign to the policy.\n" + }, + "name": { + "type": "string", + "description": "The friendly name to assign to the policy.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The type of policy to create. Valid values are `AISERVICES_OPT_OUT_POLICY`, `BACKUP_POLICY`, `SERVICE_CONTROL_POLICY` (SCP), and `TAG_POLICY`. Defaults to `SERVICE_CONTROL_POLICY`.\n" + } + }, + "type": "object" + } + }, + "aws:organizations/policyAttachment:PolicyAttachment": { + "description": "Provides a resource to attach an AWS Organizations policy to an organization account, root, or unit.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Organization Account\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst account = new aws.organizations.PolicyAttachment(\"account\", {\n policyId: aws_organizations_policy.example.id,\n targetId: \"123456789012\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naccount = aws.organizations.PolicyAttachment(\"account\",\n policy_id=aws_organizations_policy[\"example\"][\"id\"],\n target_id=\"123456789012\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var account = new Aws.Organizations.PolicyAttachment(\"account\", new Aws.Organizations.PolicyAttachmentArgs\n {\n PolicyId = aws_organizations_policy.Example.Id,\n TargetId = \"123456789012\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewPolicyAttachment(ctx, \"account\", &organizations.PolicyAttachmentArgs{\n\t\t\tPolicyId: pulumi.Any(aws_organizations_policy.Example.Id),\n\t\t\tTargetId: pulumi.String(\"123456789012\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Organization Root\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst root = new aws.organizations.PolicyAttachment(\"root\", {\n policyId: aws_organizations_policy.example.id,\n targetId: aws_organizations_organization.example.roots[0].id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nroot = aws.organizations.PolicyAttachment(\"root\",\n policy_id=aws_organizations_policy[\"example\"][\"id\"],\n target_id=aws_organizations_organization[\"example\"][\"roots\"][0][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var root = new Aws.Organizations.PolicyAttachment(\"root\", new Aws.Organizations.PolicyAttachmentArgs\n {\n PolicyId = aws_organizations_policy.Example.Id,\n TargetId = aws_organizations_organization.Example.Roots[0].Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewPolicyAttachment(ctx, \"root\", &organizations.PolicyAttachmentArgs{\n\t\t\tPolicyId: pulumi.Any(aws_organizations_policy.Example.Id),\n\t\t\tTargetId: pulumi.Any(aws_organizations_organization.Example.Roots[0].Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Organization Unit\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst unit = new aws.organizations.PolicyAttachment(\"unit\", {\n policyId: aws_organizations_policy.example.id,\n targetId: aws_organizations_organizational_unit.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nunit = aws.organizations.PolicyAttachment(\"unit\",\n policy_id=aws_organizations_policy[\"example\"][\"id\"],\n target_id=aws_organizations_organizational_unit[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var unit = new Aws.Organizations.PolicyAttachment(\"unit\", new Aws.Organizations.PolicyAttachmentArgs\n {\n PolicyId = aws_organizations_policy.Example.Id,\n TargetId = aws_organizations_organizational_unit.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewPolicyAttachment(ctx, \"unit\", &organizations.PolicyAttachmentArgs{\n\t\t\tPolicyId: pulumi.Any(aws_organizations_policy.Example.Id),\n\t\t\tTargetId: pulumi.Any(aws_organizations_organizational_unit.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_organizations_policy_attachment` can be imported by using the target ID and policy ID, e.g. with an account target\n\n```sh\n $ pulumi import aws:organizations/policyAttachment:PolicyAttachment account 123456789012:p-12345678\n```\n\n ", + "properties": { + "policyId": { + "type": "string", + "description": "The unique identifier (ID) of the policy that you want to attach to the target.\n" + }, + "targetId": { + "type": "string", + "description": "The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.\n" + } + }, + "required": [ + "policyId", + "targetId" + ], + "inputProperties": { + "policyId": { + "type": "string", + "description": "The unique identifier (ID) of the policy that you want to attach to the target.\n" + }, + "targetId": { + "type": "string", + "description": "The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.\n" + } + }, + "requiredInputs": [ + "policyId", + "targetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PolicyAttachment resources.\n", + "properties": { + "policyId": { + "type": "string", + "description": "The unique identifier (ID) of the policy that you want to attach to the target.\n" + }, + "targetId": { + "type": "string", + "description": "The unique identifier (ID) of the root, organizational unit, or account number that you want to attach the policy to.\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/admChannel:AdmChannel": { + "description": "Provides a Pinpoint ADM (Amazon Device Messaging) Channel resource.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst channel = new aws.pinpoint.AdmChannel(\"channel\", {\n applicationId: app.applicationId,\n clientId: \"\",\n clientSecret: \"\",\n enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\nchannel = aws.pinpoint.AdmChannel(\"channel\",\n application_id=app.application_id,\n client_id=\"\",\n client_secret=\"\",\n enabled=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.Pinpoint.App(\"app\", new Aws.Pinpoint.AppArgs\n {\n });\n var channel = new Aws.Pinpoint.AdmChannel(\"channel\", new Aws.Pinpoint.AdmChannelArgs\n {\n ApplicationId = app.ApplicationId,\n ClientId = \"\",\n ClientSecret = \"\",\n Enabled = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapp, err := pinpoint.NewApp(ctx, \"app\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pinpoint.NewAdmChannel(ctx, \"channel\", &pinpoint.AdmChannelArgs{\n\t\t\tApplicationId: app.ApplicationId,\n\t\t\tClientId: pulumi.String(\"\"),\n\t\t\tClientSecret: pulumi.String(\"\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint ADM Channel can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/admChannel:AdmChannel channel application-id\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "clientId": { + "type": "string", + "description": "Client ID (part of OAuth Credentials) obtained via Amazon Developer Account.\n" + }, + "clientSecret": { + "type": "string", + "description": "Client Secret (part of OAuth Credentials) obtained via Amazon Developer Account.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether to enable the channel. Defaults to `true`.\n" + } + }, + "required": [ + "applicationId", + "clientId", + "clientSecret" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "clientId": { + "type": "string", + "description": "Client ID (part of OAuth Credentials) obtained via Amazon Developer Account.\n" + }, + "clientSecret": { + "type": "string", + "description": "Client Secret (part of OAuth Credentials) obtained via Amazon Developer Account.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether to enable the channel. Defaults to `true`.\n" + } + }, + "requiredInputs": [ + "applicationId", + "clientId", + "clientSecret" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AdmChannel resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "clientId": { + "type": "string", + "description": "Client ID (part of OAuth Credentials) obtained via Amazon Developer Account.\n" + }, + "clientSecret": { + "type": "string", + "description": "Client Secret (part of OAuth Credentials) obtained via Amazon Developer Account.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether to enable the channel. Defaults to `true`.\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/apnsChannel:ApnsChannel": { + "description": "Provides a Pinpoint APNs Channel resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst apns = new aws.pinpoint.ApnsChannel(\"apns\", {\n applicationId: app.applicationId,\n certificate: fs.readFileSync(\"./certificate.pem\"),\n privateKey: fs.readFileSync(\"./private_key.key\"),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\napns = aws.pinpoint.ApnsChannel(\"apns\",\n application_id=app.application_id,\n certificate=(lambda path: open(path).read())(\"./certificate.pem\"),\n private_key=(lambda path: open(path).read())(\"./private_key.key\"))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.Pinpoint.App(\"app\", new Aws.Pinpoint.AppArgs\n {\n });\n var apns = new Aws.Pinpoint.ApnsChannel(\"apns\", new Aws.Pinpoint.ApnsChannelArgs\n {\n ApplicationId = app.ApplicationId,\n Certificate = File.ReadAllText(\"./certificate.pem\"),\n PrivateKey = File.ReadAllText(\"./private_key.key\"),\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint APNs Channel can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/apnsChannel:ApnsChannel apns application-id\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "required": [ + "applicationId" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "requiredInputs": [ + "applicationId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ApnsChannel resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/apnsSandboxChannel:ApnsSandboxChannel": { + "description": "Provides a Pinpoint APNs Sandbox Channel resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst apnsSandbox = new aws.pinpoint.ApnsSandboxChannel(\"apnsSandbox\", {\n applicationId: app.applicationId,\n certificate: fs.readFileSync(\"./certificate.pem\"),\n privateKey: fs.readFileSync(\"./private_key.key\"),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\napns_sandbox = aws.pinpoint.ApnsSandboxChannel(\"apnsSandbox\",\n application_id=app.application_id,\n certificate=(lambda path: open(path).read())(\"./certificate.pem\"),\n private_key=(lambda path: open(path).read())(\"./private_key.key\"))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.Pinpoint.App(\"app\", new Aws.Pinpoint.AppArgs\n {\n });\n var apnsSandbox = new Aws.Pinpoint.ApnsSandboxChannel(\"apnsSandbox\", new Aws.Pinpoint.ApnsSandboxChannelArgs\n {\n ApplicationId = app.ApplicationId,\n Certificate = File.ReadAllText(\"./certificate.pem\"),\n PrivateKey = File.ReadAllText(\"./private_key.key\"),\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint APNs Sandbox Channel can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/apnsSandboxChannel:ApnsSandboxChannel apns_sandbox application-id\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs Sandbox.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "required": [ + "applicationId" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs Sandbox.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "requiredInputs": [ + "applicationId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ApnsSandboxChannel resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs Sandbox.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/apnsVoipChannel:ApnsVoipChannel": { + "description": "Provides a Pinpoint APNs VoIP Channel resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst apnsVoip = new aws.pinpoint.ApnsVoipChannel(\"apnsVoip\", {\n applicationId: app.applicationId,\n certificate: fs.readFileSync(\"./certificate.pem\"),\n privateKey: fs.readFileSync(\"./private_key.key\"),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\napns_voip = aws.pinpoint.ApnsVoipChannel(\"apnsVoip\",\n application_id=app.application_id,\n certificate=(lambda path: open(path).read())(\"./certificate.pem\"),\n private_key=(lambda path: open(path).read())(\"./private_key.key\"))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.Pinpoint.App(\"app\", new Aws.Pinpoint.AppArgs\n {\n });\n var apnsVoip = new Aws.Pinpoint.ApnsVoipChannel(\"apnsVoip\", new Aws.Pinpoint.ApnsVoipChannelArgs\n {\n ApplicationId = app.ApplicationId,\n Certificate = File.ReadAllText(\"./certificate.pem\"),\n PrivateKey = File.ReadAllText(\"./private_key.key\"),\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint APNs VoIP Channel can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/apnsVoipChannel:ApnsVoipChannel apns_voip application-id\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "required": [ + "applicationId" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "requiredInputs": [ + "applicationId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ApnsVoipChannel resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/apnsVoipSandboxChannel:ApnsVoipSandboxChannel": { + "description": "Provides a Pinpoint APNs VoIP Sandbox Channel resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst apnsVoipSandbox = new aws.pinpoint.ApnsVoipSandboxChannel(\"apnsVoipSandbox\", {\n applicationId: app.applicationId,\n certificate: fs.readFileSync(\"./certificate.pem\"),\n privateKey: fs.readFileSync(\"./private_key.key\"),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\napns_voip_sandbox = aws.pinpoint.ApnsVoipSandboxChannel(\"apnsVoipSandbox\",\n application_id=app.application_id,\n certificate=(lambda path: open(path).read())(\"./certificate.pem\"),\n private_key=(lambda path: open(path).read())(\"./private_key.key\"))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.Pinpoint.App(\"app\", new Aws.Pinpoint.AppArgs\n {\n });\n var apnsVoipSandbox = new Aws.Pinpoint.ApnsVoipSandboxChannel(\"apnsVoipSandbox\", new Aws.Pinpoint.ApnsVoipSandboxChannelArgs\n {\n ApplicationId = app.ApplicationId,\n Certificate = File.ReadAllText(\"./certificate.pem\"),\n PrivateKey = File.ReadAllText(\"./private_key.key\"),\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint APNs VoIP Sandbox Channel can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/apnsVoipSandboxChannel:ApnsVoipSandboxChannel apns_voip_sandbox application-id\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "required": [ + "applicationId" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "requiredInputs": [ + "applicationId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ApnsVoipSandboxChannel resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "bundleId": { + "type": "string", + "description": "The ID assigned to your iOS app. To find this value, choose Certificates, IDs & Profiles, choose App IDs in the Identifiers section, and choose your app.\n" + }, + "certificate": { + "type": "string", + "description": "The pem encoded TLS Certificate from Apple.\n" + }, + "defaultAuthenticationMethod": { + "type": "string", + "description": "The default authentication method used for APNs.\n__NOTE__: Amazon Pinpoint uses this default for every APNs push notification that you send using the console.\nYou can override the default when you send a message programmatically using the Amazon Pinpoint API, the AWS CLI, or an AWS SDK.\nIf your default authentication type fails, Amazon Pinpoint doesn't attempt to use the other authentication type.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "privateKey": { + "type": "string", + "description": "The Certificate Private Key file (ie. `.key` file).\n" + }, + "teamId": { + "type": "string", + "description": "The ID assigned to your Apple developer account team. This value is provided on the Membership page.\n" + }, + "tokenKey": { + "type": "string", + "description": "The `.p8` file that you download from your Apple developer account when you create an authentication key.\n" + }, + "tokenKeyId": { + "type": "string", + "description": "The ID assigned to your signing key. To find this value, choose Certificates, IDs & Profiles, and choose your key in the Keys section.\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/app:App": { + "description": "Provides a Pinpoint App resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.pinpoint.App(\"example\", {\n limits: {\n maximumDuration: 600,\n },\n quietTime: {\n end: \"06:00\",\n start: \"00:00\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.pinpoint.App(\"example\",\n limits=aws.pinpoint.AppLimitsArgs(\n maximum_duration=600,\n ),\n quiet_time=aws.pinpoint.AppQuietTimeArgs(\n end=\"06:00\",\n start=\"00:00\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Pinpoint.App(\"example\", new Aws.Pinpoint.AppArgs\n {\n Limits = new Aws.Pinpoint.Inputs.AppLimitsArgs\n {\n MaximumDuration = 600,\n },\n QuietTime = new Aws.Pinpoint.Inputs.AppQuietTimeArgs\n {\n End = \"06:00\",\n Start = \"00:00\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pinpoint.NewApp(ctx, \"example\", &pinpoint.AppArgs{\n\t\t\tLimits: &pinpoint.AppLimitsArgs{\n\t\t\t\tMaximumDuration: pulumi.Int(600),\n\t\t\t},\n\t\t\tQuietTime: &pinpoint.AppQuietTimeArgs{\n\t\t\t\tEnd: pulumi.String(\"06:00\"),\n\t\t\t\tStart: pulumi.String(\"00:00\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint App can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/app:App name application-id\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The Application ID of the Pinpoint App.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the PinPoint Application\n" + }, + "campaignHook": { + "$ref": "#/types/aws:pinpoint/AppCampaignHook:AppCampaignHook", + "description": "Specifies settings for invoking an AWS Lambda function that customizes a segment for a campaign\n" + }, + "limits": { + "$ref": "#/types/aws:pinpoint/AppLimits:AppLimits", + "description": "The default campaign limits for the app. These limits apply to each campaign for the app, unless the campaign overrides the default with limits of its own\n" + }, + "name": { + "type": "string", + "description": "The application name. By default generated by this provider\n" + }, + "namePrefix": { + "type": "string", + "description": "The name of the Pinpoint application. Conflicts with `name`\n" + }, + "quietTime": { + "$ref": "#/types/aws:pinpoint/AppQuietTime:AppQuietTime", + "description": "The default quiet time for the app. Each campaign for this app sends no messages during this time unless the campaign overrides the default with a quiet time of its own\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "applicationId", + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "campaignHook": { + "$ref": "#/types/aws:pinpoint/AppCampaignHook:AppCampaignHook", + "description": "Specifies settings for invoking an AWS Lambda function that customizes a segment for a campaign\n" + }, + "limits": { + "$ref": "#/types/aws:pinpoint/AppLimits:AppLimits", + "description": "The default campaign limits for the app. These limits apply to each campaign for the app, unless the campaign overrides the default with limits of its own\n" + }, + "name": { + "type": "string", + "description": "The application name. By default generated by this provider\n" + }, + "namePrefix": { + "type": "string", + "description": "The name of the Pinpoint application. Conflicts with `name`\n" + }, + "quietTime": { + "$ref": "#/types/aws:pinpoint/AppQuietTime:AppQuietTime", + "description": "The default quiet time for the app. Each campaign for this app sends no messages during this time unless the campaign overrides the default with a quiet time of its own\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering App resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The Application ID of the Pinpoint App.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the PinPoint Application\n" + }, + "campaignHook": { + "$ref": "#/types/aws:pinpoint/AppCampaignHook:AppCampaignHook", + "description": "Specifies settings for invoking an AWS Lambda function that customizes a segment for a campaign\n" + }, + "limits": { + "$ref": "#/types/aws:pinpoint/AppLimits:AppLimits", + "description": "The default campaign limits for the app. These limits apply to each campaign for the app, unless the campaign overrides the default with limits of its own\n" + }, + "name": { + "type": "string", + "description": "The application name. By default generated by this provider\n" + }, + "namePrefix": { + "type": "string", + "description": "The name of the Pinpoint application. Conflicts with `name`\n" + }, + "quietTime": { + "$ref": "#/types/aws:pinpoint/AppQuietTime:AppQuietTime", + "description": "The default quiet time for the app. Each campaign for this app sends no messages during this time unless the campaign overrides the default with a quiet time of its own\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/baiduChannel:BaiduChannel": { + "description": "Provides a Pinpoint Baidu Channel resource.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst channel = new aws.pinpoint.BaiduChannel(\"channel\", {\n applicationId: app.applicationId,\n apiKey: \"\",\n secretKey: \"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\nchannel = aws.pinpoint.BaiduChannel(\"channel\",\n application_id=app.application_id,\n api_key=\"\",\n secret_key=\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.Pinpoint.App(\"app\", new Aws.Pinpoint.AppArgs\n {\n });\n var channel = new Aws.Pinpoint.BaiduChannel(\"channel\", new Aws.Pinpoint.BaiduChannelArgs\n {\n ApplicationId = app.ApplicationId,\n ApiKey = \"\",\n SecretKey = \"\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapp, err := pinpoint.NewApp(ctx, \"app\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pinpoint.NewBaiduChannel(ctx, \"channel\", &pinpoint.BaiduChannelArgs{\n\t\t\tApplicationId: app.ApplicationId,\n\t\t\tApiKey: pulumi.String(\"\"),\n\t\t\tSecretKey: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint Baidu Channel can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/baiduChannel:BaiduChannel channel application-id\n```\n\n ", + "properties": { + "apiKey": { + "type": "string", + "description": "Platform credential API key from Baidu.\n" + }, + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether to enable the channel. Defaults to `true`.\n" + }, + "secretKey": { + "type": "string", + "description": "Platform credential Secret key from Baidu.\n" + } + }, + "required": [ + "apiKey", + "applicationId", + "secretKey" + ], + "inputProperties": { + "apiKey": { + "type": "string", + "description": "Platform credential API key from Baidu.\n" + }, + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether to enable the channel. Defaults to `true`.\n" + }, + "secretKey": { + "type": "string", + "description": "Platform credential Secret key from Baidu.\n" + } + }, + "requiredInputs": [ + "apiKey", + "applicationId", + "secretKey" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BaiduChannel resources.\n", + "properties": { + "apiKey": { + "type": "string", + "description": "Platform credential API key from Baidu.\n" + }, + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether to enable the channel. Defaults to `true`.\n" + }, + "secretKey": { + "type": "string", + "description": "Platform credential Secret key from Baidu.\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/emailChannel:EmailChannel": { + "description": "Provides a Pinpoint Email Channel resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst role = new aws.iam.Role(\"role\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"pinpoint.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst email = new aws.pinpoint.EmailChannel(\"email\", {\n applicationId: app.applicationId,\n fromAddress: \"user@example.com\",\n roleArn: role.arn,\n});\nconst identity = new aws.ses.DomainIdentity(\"identity\", {domain: \"example.com\"});\nconst rolePolicy = new aws.iam.RolePolicy(\"rolePolicy\", {\n role: role.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": {\n \"Action\": [\n \"mobileanalytics:PutEvents\",\n \"mobileanalytics:PutItems\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ]\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\nrole = aws.iam.Role(\"role\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"pinpoint.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\nemail = aws.pinpoint.EmailChannel(\"email\",\n application_id=app.application_id,\n from_address=\"user@example.com\",\n role_arn=role.arn)\nidentity = aws.ses.DomainIdentity(\"identity\", domain=\"example.com\")\nrole_policy = aws.iam.RolePolicy(\"rolePolicy\",\n role=role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": {\n \"Action\": [\n \"mobileanalytics:PutEvents\",\n \"mobileanalytics:PutItems\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"*\"\n ]\n }\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.Pinpoint.App(\"app\", new Aws.Pinpoint.AppArgs\n {\n });\n var role = new Aws.Iam.Role(\"role\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"pinpoint.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var email = new Aws.Pinpoint.EmailChannel(\"email\", new Aws.Pinpoint.EmailChannelArgs\n {\n ApplicationId = app.ApplicationId,\n FromAddress = \"user@example.com\",\n RoleArn = role.Arn,\n });\n var identity = new Aws.Ses.DomainIdentity(\"identity\", new Aws.Ses.DomainIdentityArgs\n {\n Domain = \"example.com\",\n });\n var rolePolicy = new Aws.Iam.RolePolicy(\"rolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = role.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": {\n \"\"Action\"\": [\n \"\"mobileanalytics:PutEvents\"\",\n \"\"mobileanalytics:PutItems\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"*\"\"\n ]\n }\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapp, err := pinpoint.NewApp(ctx, \"app\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := iam.NewRole(ctx, \"role\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"pinpoint.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pinpoint.NewEmailChannel(ctx, \"email\", &pinpoint.EmailChannelArgs{\n\t\t\tApplicationId: app.ApplicationId,\n\t\t\tFromAddress: pulumi.String(\"user@example.com\"),\n\t\t\tRoleArn: role.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewDomainIdentity(ctx, \"identity\", &ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"rolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: role.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"mobileanalytics:PutEvents\\\",\\n\", \" \\\"mobileanalytics:PutItems\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"*\\\"\\n\", \" ]\\n\", \" }\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint Email Channel can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/emailChannel:EmailChannel email application-id\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "configurationSet": { + "type": "string", + "description": "The ARN of the Amazon SES configuration set that you want to apply to messages that you send through the channel.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "fromAddress": { + "type": "string", + "description": "The email address used to send emails from. You can use email only (`user@example.com`) or friendly address (`User `). This field comply with [RFC 5322](https://www.ietf.org/rfc/rfc5322.txt).\n" + }, + "identity": { + "type": "string", + "description": "The ARN of an identity verified with SES.\n" + }, + "messagesPerSecond": { + "type": "integer", + "description": "Messages per second that can be sent.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of an IAM Role used to submit events to Mobile Analytics' event ingestion service.\n" + } + }, + "required": [ + "applicationId", + "fromAddress", + "identity", + "messagesPerSecond" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "configurationSet": { + "type": "string", + "description": "The ARN of the Amazon SES configuration set that you want to apply to messages that you send through the channel.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "fromAddress": { + "type": "string", + "description": "The email address used to send emails from. You can use email only (`user@example.com`) or friendly address (`User `). This field comply with [RFC 5322](https://www.ietf.org/rfc/rfc5322.txt).\n" + }, + "identity": { + "type": "string", + "description": "The ARN of an identity verified with SES.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of an IAM Role used to submit events to Mobile Analytics' event ingestion service.\n" + } + }, + "requiredInputs": [ + "applicationId", + "fromAddress", + "identity" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EmailChannel resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "configurationSet": { + "type": "string", + "description": "The ARN of the Amazon SES configuration set that you want to apply to messages that you send through the channel.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "fromAddress": { + "type": "string", + "description": "The email address used to send emails from. You can use email only (`user@example.com`) or friendly address (`User `). This field comply with [RFC 5322](https://www.ietf.org/rfc/rfc5322.txt).\n" + }, + "identity": { + "type": "string", + "description": "The ARN of an identity verified with SES.\n" + }, + "messagesPerSecond": { + "type": "integer", + "description": "Messages per second that can be sent.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of an IAM Role used to submit events to Mobile Analytics' event ingestion service.\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/eventStream:EventStream": { + "description": "Provides a Pinpoint Event Stream resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst testStream = new aws.kinesis.Stream(\"testStream\", {shardCount: 1});\nconst testRole = new aws.iam.Role(\"testRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"pinpoint.us-east-1.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst stream = new aws.pinpoint.EventStream(\"stream\", {\n applicationId: app.applicationId,\n destinationStreamArn: testStream.arn,\n roleArn: testRole.arn,\n});\nconst testRolePolicy = new aws.iam.RolePolicy(\"testRolePolicy\", {\n role: testRole.id,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": {\n \"Action\": [\n \"kinesis:PutRecords\",\n \"kinesis:DescribeStream\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:kinesis:us-east-1:*:*/*\"\n ]\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\ntest_stream = aws.kinesis.Stream(\"testStream\", shard_count=1)\ntest_role = aws.iam.Role(\"testRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"pinpoint.us-east-1.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\nstream = aws.pinpoint.EventStream(\"stream\",\n application_id=app.application_id,\n destination_stream_arn=test_stream.arn,\n role_arn=test_role.arn)\ntest_role_policy = aws.iam.RolePolicy(\"testRolePolicy\",\n role=test_role.id,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": {\n \"Action\": [\n \"kinesis:PutRecords\",\n \"kinesis:DescribeStream\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"arn:aws:kinesis:us-east-1:*:*/*\"\n ]\n }\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.Pinpoint.App(\"app\", new Aws.Pinpoint.AppArgs\n {\n });\n var testStream = new Aws.Kinesis.Stream(\"testStream\", new Aws.Kinesis.StreamArgs\n {\n ShardCount = 1,\n });\n var testRole = new Aws.Iam.Role(\"testRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"pinpoint.us-east-1.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var stream = new Aws.Pinpoint.EventStream(\"stream\", new Aws.Pinpoint.EventStreamArgs\n {\n ApplicationId = app.ApplicationId,\n DestinationStreamArn = testStream.Arn,\n RoleArn = testRole.Arn,\n });\n var testRolePolicy = new Aws.Iam.RolePolicy(\"testRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = testRole.Id,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": {\n \"\"Action\"\": [\n \"\"kinesis:PutRecords\"\",\n \"\"kinesis:DescribeStream\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"arn:aws:kinesis:us-east-1:*:*/*\"\"\n ]\n }\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapp, err := pinpoint.NewApp(ctx, \"app\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestStream, err := kinesis.NewStream(ctx, \"testStream\", &kinesis.StreamArgs{\n\t\t\tShardCount: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRole, err := iam.NewRole(ctx, \"testRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"pinpoint.us-east-1.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pinpoint.NewEventStream(ctx, \"stream\", &pinpoint.EventStreamArgs{\n\t\t\tApplicationId: app.ApplicationId,\n\t\t\tDestinationStreamArn: testStream.Arn,\n\t\t\tRoleArn: testRole.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"testRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: testRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"kinesis:PutRecords\\\",\\n\", \" \\\"kinesis:DescribeStream\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"arn:aws:kinesis:us-east-1:*:*/*\\\"\\n\", \" ]\\n\", \" }\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint Event Stream can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/eventStream:EventStream stream application-id\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "destinationStreamArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon Kinesis stream or Firehose delivery stream to which you want to publish events.\n" + }, + "roleArn": { + "type": "string", + "description": "The IAM role that authorizes Amazon Pinpoint to publish events to the stream in your account.\n" + } + }, + "required": [ + "applicationId", + "destinationStreamArn", + "roleArn" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "destinationStreamArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon Kinesis stream or Firehose delivery stream to which you want to publish events.\n" + }, + "roleArn": { + "type": "string", + "description": "The IAM role that authorizes Amazon Pinpoint to publish events to the stream in your account.\n" + } + }, + "requiredInputs": [ + "applicationId", + "destinationStreamArn", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventStream resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "destinationStreamArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon Kinesis stream or Firehose delivery stream to which you want to publish events.\n" + }, + "roleArn": { + "type": "string", + "description": "The IAM role that authorizes Amazon Pinpoint to publish events to the stream in your account.\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/gcmChannel:GcmChannel": { + "description": "Provides a Pinpoint GCM Channel resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst gcm = new aws.pinpoint.GcmChannel(\"gcm\", {\n applicationId: app.applicationId,\n apiKey: \"api_key\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\ngcm = aws.pinpoint.GcmChannel(\"gcm\",\n application_id=app.application_id,\n api_key=\"api_key\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.Pinpoint.App(\"app\", new Aws.Pinpoint.AppArgs\n {\n });\n var gcm = new Aws.Pinpoint.GcmChannel(\"gcm\", new Aws.Pinpoint.GcmChannelArgs\n {\n ApplicationId = app.ApplicationId,\n ApiKey = \"api_key\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapp, err := pinpoint.NewApp(ctx, \"app\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pinpoint.NewGcmChannel(ctx, \"gcm\", &pinpoint.GcmChannelArgs{\n\t\t\tApplicationId: app.ApplicationId,\n\t\t\tApiKey: pulumi.String(\"api_key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint GCM Channel can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/gcmChannel:GcmChannel gcm application-id\n```\n\n ", + "properties": { + "apiKey": { + "type": "string", + "description": "Platform credential API key from Google.\n" + }, + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + } + }, + "required": [ + "apiKey", + "applicationId" + ], + "inputProperties": { + "apiKey": { + "type": "string", + "description": "Platform credential API key from Google.\n" + }, + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + } + }, + "requiredInputs": [ + "apiKey", + "applicationId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GcmChannel resources.\n", + "properties": { + "apiKey": { + "type": "string", + "description": "Platform credential API key from Google.\n" + }, + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + } + }, + "type": "object" + } + }, + "aws:pinpoint/smsChannel:SmsChannel": { + "description": "Provides a Pinpoint SMS Channel resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst app = new aws.pinpoint.App(\"app\", {});\nconst sms = new aws.pinpoint.SmsChannel(\"sms\", {applicationId: app.applicationId});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napp = aws.pinpoint.App(\"app\")\nsms = aws.pinpoint.SmsChannel(\"sms\", application_id=app.application_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var app = new Aws.Pinpoint.App(\"app\", new Aws.Pinpoint.AppArgs\n {\n });\n var sms = new Aws.Pinpoint.SmsChannel(\"sms\", new Aws.Pinpoint.SmsChannelArgs\n {\n ApplicationId = app.ApplicationId,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/pinpoint\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tapp, err := pinpoint.NewApp(ctx, \"app\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pinpoint.NewSmsChannel(ctx, \"sms\", &pinpoint.SmsChannelArgs{\n\t\t\tApplicationId: app.ApplicationId,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nPinpoint SMS Channel can be imported using the `application-id`, e.g.\n\n```sh\n $ pulumi import aws:pinpoint/smsChannel:SmsChannel sms application-id\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "promotionalMessagesPerSecond": { + "type": "integer", + "description": "Promotional messages per second that can be sent.\n" + }, + "senderId": { + "type": "string", + "description": "Sender identifier of your messages.\n" + }, + "shortCode": { + "type": "string", + "description": "The Short Code registered with the phone provider.\n" + }, + "transactionalMessagesPerSecond": { + "type": "integer", + "description": "Transactional messages per second that can be sent.\n" + } + }, + "required": [ + "applicationId", + "promotionalMessagesPerSecond", + "transactionalMessagesPerSecond" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "senderId": { + "type": "string", + "description": "Sender identifier of your messages.\n" + }, + "shortCode": { + "type": "string", + "description": "The Short Code registered with the phone provider.\n" + } + }, + "requiredInputs": [ + "applicationId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SmsChannel resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The application ID.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the channel is enabled or disabled. Defaults to `true`.\n" + }, + "promotionalMessagesPerSecond": { + "type": "integer", + "description": "Promotional messages per second that can be sent.\n" + }, + "senderId": { + "type": "string", + "description": "Sender identifier of your messages.\n" + }, + "shortCode": { + "type": "string", + "description": "The Short Code registered with the phone provider.\n" + }, + "transactionalMessagesPerSecond": { + "type": "integer", + "description": "Transactional messages per second that can be sent.\n" + } + }, + "type": "object" + } + }, + "aws:qldb/ledger:Ledger": { + "description": "Provides an AWS Quantum Ledger Database (QLDB) resource\n\n> **NOTE:** Deletion protection is enabled by default. To successfully delete this resource via this provider, `deletion_protection = false` must be applied before attempting deletion.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sample_ledger = new aws.qldb.Ledger(\"sample-ledger\", {\n permissionsMode: \"STANDARD\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsample_ledger = aws.qldb.Ledger(\"sample-ledger\", permissions_mode=\"STANDARD\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sample_ledger = new Aws.Qldb.Ledger(\"sample-ledger\", new Aws.Qldb.LedgerArgs\n {\n PermissionsMode = \"STANDARD\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/qldb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := qldb.NewLedger(ctx, \"sample_ledger\", &qldb.LedgerArgs{\n\t\t\tPermissionsMode: pulumi.String(\"STANDARD\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nQLDB Ledgers can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:qldb/ledger:Ledger sample-ledger sample-ledger\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the QLDB Ledger\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "The deletion protection for the QLDB Ledger instance. By default it is `true`. To delete this resource via this provider, this value must be configured to `false` and applied first before attempting deletion.\n" + }, + "name": { + "type": "string", + "description": "The friendly name for the QLDB Ledger instance. By default generated by this provider.\n" + }, + "permissionsMode": { + "type": "string", + "description": "The permissions mode for the QLDB ledger instance. Specify either `ALLOW_ALL` or `STANDARD`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "required": [ + "arn", + "name", + "permissionsMode", + "tagsAll" + ], + "inputProperties": { + "deletionProtection": { + "type": "boolean", + "description": "The deletion protection for the QLDB Ledger instance. By default it is `true`. To delete this resource via this provider, this value must be configured to `false` and applied first before attempting deletion.\n" + }, + "name": { + "type": "string", + "description": "The friendly name for the QLDB Ledger instance. By default generated by this provider.\n" + }, + "permissionsMode": { + "type": "string", + "description": "The permissions mode for the QLDB ledger instance. Specify either `ALLOW_ALL` or `STANDARD`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "requiredInputs": [ + "permissionsMode" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Ledger resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the QLDB Ledger\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "The deletion protection for the QLDB Ledger instance. By default it is `true`. To delete this resource via this provider, this value must be configured to `false` and applied first before attempting deletion.\n" + }, + "name": { + "type": "string", + "description": "The friendly name for the QLDB Ledger instance. By default generated by this provider.\n" + }, + "permissionsMode": { + "type": "string", + "description": "The permissions mode for the QLDB ledger instance. Specify either `ALLOW_ALL` or `STANDARD`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + } + }, + "type": "object" + } + }, + "aws:quicksight/group:Group": { + "description": "Resource for managing QuickSight Group\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.quicksight.Group(\"example\", {\n groupName: \"tf-example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.quicksight.Group(\"example\", group_name=\"tf-example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Quicksight.Group(\"example\", new Aws.Quicksight.GroupArgs\n {\n GroupName = \"tf-example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/quicksight\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := quicksight.NewGroup(ctx, \"example\", &quicksight.GroupArgs{\n\t\t\tGroupName: pulumi.String(\"tf-example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nQuickSight Group can be imported using the aws account id, namespace and group name separated by `/`.\n\n```sh\n $ pulumi import aws:quicksight/group:Group example 123456789123/default/tf-example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of group\n" + }, + "awsAccountId": { + "type": "string", + "description": "The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.\n" + }, + "description": { + "type": "string", + "description": "A description for the group.\n" + }, + "groupName": { + "type": "string", + "description": "A name for the group.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace. Currently, you should set this to `default`.\n" + } + }, + "required": [ + "arn", + "awsAccountId", + "groupName" + ], + "inputProperties": { + "awsAccountId": { + "type": "string", + "description": "The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.\n" + }, + "description": { + "type": "string", + "description": "A description for the group.\n" + }, + "groupName": { + "type": "string", + "description": "A name for the group.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace. Currently, you should set this to `default`.\n" + } + }, + "requiredInputs": [ + "groupName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Group resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of group\n" + }, + "awsAccountId": { + "type": "string", + "description": "The ID for the AWS account that the group is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.\n" + }, + "description": { + "type": "string", + "description": "A description for the group.\n" + }, + "groupName": { + "type": "string", + "description": "A name for the group.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace. Currently, you should set this to `default`.\n" + } + }, + "type": "object" + } + }, + "aws:quicksight/user:User": { + "description": "Resource for managing QuickSight User\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.quicksight.User(\"example\", {\n email: \"author@example.com\",\n identityType: \"IAM\",\n userName: \"an-author\",\n userRole: \"AUTHOR\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.quicksight.User(\"example\",\n email=\"author@example.com\",\n identity_type=\"IAM\",\n user_name=\"an-author\",\n user_role=\"AUTHOR\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Quicksight.User(\"example\", new Aws.Quicksight.UserArgs\n {\n Email = \"author@example.com\",\n IdentityType = \"IAM\",\n UserName = \"an-author\",\n UserRole = \"AUTHOR\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/quicksight\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := quicksight.NewUser(ctx, \"example\", &quicksight.UserArgs{\n\t\t\tEmail: pulumi.String(\"author@example.com\"),\n\t\t\tIdentityType: pulumi.String(\"IAM\"),\n\t\t\tUserName: pulumi.String(\"an-author\"),\n\t\t\tUserRole: pulumi.String(\"AUTHOR\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nImporting is currently not supported on this resource. ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the user\n" + }, + "awsAccountId": { + "type": "string", + "description": "The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.\n" + }, + "email": { + "type": "string", + "description": "The email address of the user that you want to register.\n" + }, + "iamArn": { + "type": "string", + "description": "The ARN of the IAM user or role that you are registering with Amazon QuickSight.\n" + }, + "identityType": { + "type": "string", + "description": "Amazon QuickSight supports several ways of managing the identity of users. This parameter accepts either `IAM` or `QUICKSIGHT`.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace. Currently, you should set this to `default`.\n" + }, + "sessionName": { + "type": "string", + "description": "The name of the IAM session to use when assuming roles that can embed QuickSight dashboards.\n" + }, + "userName": { + "type": "string", + "description": "The Amazon QuickSight user name that you want to create for the user you are registering.\n" + }, + "userRole": { + "type": "string", + "description": "The Amazon QuickSight role of the user. The user role can be one of the following: `READER`, `AUTHOR`, or `ADMIN`\n" + } + }, + "required": [ + "arn", + "awsAccountId", + "email", + "identityType", + "userRole" + ], + "inputProperties": { + "awsAccountId": { + "type": "string", + "description": "The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.\n" + }, + "email": { + "type": "string", + "description": "The email address of the user that you want to register.\n" + }, + "iamArn": { + "type": "string", + "description": "The ARN of the IAM user or role that you are registering with Amazon QuickSight.\n" + }, + "identityType": { + "type": "string", + "description": "Amazon QuickSight supports several ways of managing the identity of users. This parameter accepts either `IAM` or `QUICKSIGHT`.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace. Currently, you should set this to `default`.\n" + }, + "sessionName": { + "type": "string", + "description": "The name of the IAM session to use when assuming roles that can embed QuickSight dashboards.\n" + }, + "userName": { + "type": "string", + "description": "The Amazon QuickSight user name that you want to create for the user you are registering.\n" + }, + "userRole": { + "type": "string", + "description": "The Amazon QuickSight role of the user. The user role can be one of the following: `READER`, `AUTHOR`, or `ADMIN`\n" + } + }, + "requiredInputs": [ + "email", + "identityType", + "userRole" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering User resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the user\n" + }, + "awsAccountId": { + "type": "string", + "description": "The ID for the AWS account that the user is in. Currently, you use the ID for the AWS account that contains your Amazon QuickSight account.\n" + }, + "email": { + "type": "string", + "description": "The email address of the user that you want to register.\n" + }, + "iamArn": { + "type": "string", + "description": "The ARN of the IAM user or role that you are registering with Amazon QuickSight.\n" + }, + "identityType": { + "type": "string", + "description": "Amazon QuickSight supports several ways of managing the identity of users. This parameter accepts either `IAM` or `QUICKSIGHT`.\n" + }, + "namespace": { + "type": "string", + "description": "The namespace. Currently, you should set this to `default`.\n" + }, + "sessionName": { + "type": "string", + "description": "The name of the IAM session to use when assuming roles that can embed QuickSight dashboards.\n" + }, + "userName": { + "type": "string", + "description": "The Amazon QuickSight user name that you want to create for the user you are registering.\n" + }, + "userRole": { + "type": "string", + "description": "The Amazon QuickSight role of the user. The user role can be one of the following: `READER`, `AUTHOR`, or `ADMIN`\n" + } + }, + "type": "object" + } + }, + "aws:ram/principalAssociation:PrincipalAssociation": { + "description": "Provides a Resource Access Manager (RAM) principal association. Depending if [RAM Sharing with AWS Organizations is enabled](https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html#getting-started-sharing-orgs), the RAM behavior with different principal types changes.\n\nWhen RAM Sharing with AWS Organizations is enabled:\n\n- For AWS Account ID, Organization, and Organizational Unit principals within the same AWS Organization, no resource share invitation is sent and resources become available automatically after creating the association.\n- For AWS Account ID principals outside the AWS Organization, a resource share invitation is sent and must be accepted before resources become available. See the `aws.ram.ResourceShareAccepter` resource to accept these invitations.\n\nWhen RAM Sharing with AWS Organizations is not enabled:\n\n- Organization and Organizational Unit principals cannot be used.\n- For AWS Account ID principals, a resource share invitation is sent and must be accepted before resources become available. See the `aws.ram.ResourceShareAccepter` resource to accept these invitations.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### AWS Account ID\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleResourceShare = new aws.ram.ResourceShare(\"exampleResourceShare\", {allowExternalPrincipals: true});\nconst examplePrincipalAssociation = new aws.ram.PrincipalAssociation(\"examplePrincipalAssociation\", {\n principal: \"111111111111\",\n resourceShareArn: exampleResourceShare.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_resource_share = aws.ram.ResourceShare(\"exampleResourceShare\", allow_external_principals=True)\nexample_principal_association = aws.ram.PrincipalAssociation(\"examplePrincipalAssociation\",\n principal=\"111111111111\",\n resource_share_arn=example_resource_share.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleResourceShare = new Aws.Ram.ResourceShare(\"exampleResourceShare\", new Aws.Ram.ResourceShareArgs\n {\n AllowExternalPrincipals = true,\n });\n var examplePrincipalAssociation = new Aws.Ram.PrincipalAssociation(\"examplePrincipalAssociation\", new Aws.Ram.PrincipalAssociationArgs\n {\n Principal = \"111111111111\",\n ResourceShareArn = exampleResourceShare.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ram\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleResourceShare, err := ram.NewResourceShare(ctx, \"exampleResourceShare\", &ram.ResourceShareArgs{\n\t\t\tAllowExternalPrincipals: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ram.NewPrincipalAssociation(ctx, \"examplePrincipalAssociation\", &ram.PrincipalAssociationArgs{\n\t\t\tPrincipal: pulumi.String(\"111111111111\"),\n\t\t\tResourceShareArn: exampleResourceShare.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### AWS Organization\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ram.PrincipalAssociation(\"example\", {\n principal: aws_organizations_organization.example.arn,\n resourceShareArn: aws_ram_resource_share.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ram.PrincipalAssociation(\"example\",\n principal=aws_organizations_organization[\"example\"][\"arn\"],\n resource_share_arn=aws_ram_resource_share[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ram.PrincipalAssociation(\"example\", new Aws.Ram.PrincipalAssociationArgs\n {\n Principal = aws_organizations_organization.Example.Arn,\n ResourceShareArn = aws_ram_resource_share.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ram\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ram.NewPrincipalAssociation(ctx, \"example\", &ram.PrincipalAssociationArgs{\n\t\t\tPrincipal: pulumi.Any(aws_organizations_organization.Example.Arn),\n\t\t\tResourceShareArn: pulumi.Any(aws_ram_resource_share.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRAM Principal Associations can be imported using their Resource Share ARN and the `principal` separated by a comma, e.g.\n\n```sh\n $ pulumi import aws:ram/principalAssociation:PrincipalAssociation example arn:aws:ram:eu-west-1:123456789012:resource-share/73da1ab9-b94a-4ba3-8eb4-45917f7f4b12,123456789012\n```\n\n ", + "properties": { + "principal": { + "type": "string", + "description": "The principal to associate with the resource share. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN.\n" + }, + "resourceShareArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the resource share.\n" + } + }, + "required": [ + "principal", + "resourceShareArn" + ], + "inputProperties": { + "principal": { + "type": "string", + "description": "The principal to associate with the resource share. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN.\n" + }, + "resourceShareArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the resource share.\n" + } + }, + "requiredInputs": [ + "principal", + "resourceShareArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PrincipalAssociation resources.\n", + "properties": { + "principal": { + "type": "string", + "description": "The principal to associate with the resource share. Possible values are an AWS account ID, an AWS Organizations Organization ARN, or an AWS Organizations Organization Unit ARN.\n" + }, + "resourceShareArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the resource share.\n" + } + }, + "type": "object" + } + }, + "aws:ram/resourceAssociation:ResourceAssociation": { + "description": "Manages a Resource Access Manager (RAM) Resource Association.\n\n> *NOTE:* Certain AWS resources (e.g. EC2 Subnets) can only be shared in an AWS account that is a member of an AWS Organizations organization with organization-wide Resource Access Manager functionality enabled. See the [Resource Access Manager User Guide](https://docs.aws.amazon.com/ram/latest/userguide/what-is.html) and AWS service specific documentation for additional information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ram.ResourceAssociation(\"example\", {\n resourceArn: aws_subnet.example.arn,\n resourceShareArn: aws_ram_resource_share.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ram.ResourceAssociation(\"example\",\n resource_arn=aws_subnet[\"example\"][\"arn\"],\n resource_share_arn=aws_ram_resource_share[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ram.ResourceAssociation(\"example\", new Aws.Ram.ResourceAssociationArgs\n {\n ResourceArn = aws_subnet.Example.Arn,\n ResourceShareArn = aws_ram_resource_share.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ram\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ram.NewResourceAssociation(ctx, \"example\", &ram.ResourceAssociationArgs{\n\t\t\tResourceArn: pulumi.Any(aws_subnet.Example.Arn),\n\t\t\tResourceShareArn: pulumi.Any(aws_ram_resource_share.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRAM Resource Associations can be imported using their Resource Share ARN and Resource ARN separated by a comma, e.g.\n\n```sh\n $ pulumi import aws:ram/resourceAssociation:ResourceAssociation example arn:aws:ram:eu-west-1:123456789012:resource-share/73da1ab9-b94a-4ba3-8eb4-45917f7f4b12,arn:aws:ec2:eu-west-1:123456789012:subnet/subnet-12345678\n```\n\n ", + "properties": { + "resourceArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the resource to associate with the RAM Resource Share.\n" + }, + "resourceShareArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the RAM Resource Share.\n" + } + }, + "required": [ + "resourceArn", + "resourceShareArn" + ], + "inputProperties": { + "resourceArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the resource to associate with the RAM Resource Share.\n" + }, + "resourceShareArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the RAM Resource Share.\n" + } + }, + "requiredInputs": [ + "resourceArn", + "resourceShareArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResourceAssociation resources.\n", + "properties": { + "resourceArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the resource to associate with the RAM Resource Share.\n" + }, + "resourceShareArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the RAM Resource Share.\n" + } + }, + "type": "object" + } + }, + "aws:ram/resourceShare:ResourceShare": { + "description": "Manages a Resource Access Manager (RAM) Resource Share. To associate principals with the share, see the `aws.ram.PrincipalAssociation` resource. To associate resources with the share, see the `aws.ram.ResourceAssociation` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ram.ResourceShare(\"example\", {\n allowExternalPrincipals: true,\n tags: {\n Environment: \"Production\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ram.ResourceShare(\"example\",\n allow_external_principals=True,\n tags={\n \"Environment\": \"Production\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ram.ResourceShare(\"example\", new Aws.Ram.ResourceShareArgs\n {\n AllowExternalPrincipals = true,\n Tags = \n {\n { \"Environment\", \"Production\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ram\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ram.NewResourceShare(ctx, \"example\", &ram.ResourceShareArgs{\n\t\t\tAllowExternalPrincipals: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"Production\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nResource shares can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ram/resourceShare:ResourceShare example arn:aws:ram:eu-west-1:123456789012:resource-share/73da1ab9-b94a-4ba3-8eb4-45917f7f4b12\n```\n\n ", + "properties": { + "allowExternalPrincipals": { + "type": "boolean", + "description": "Indicates whether principals outside your organization can be associated with a resource share.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the resource share.\n" + }, + "name": { + "type": "string", + "description": "The name of the resource share.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource share. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "allowExternalPrincipals": { + "type": "boolean", + "description": "Indicates whether principals outside your organization can be associated with a resource share.\n" + }, + "name": { + "type": "string", + "description": "The name of the resource share.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource share. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ResourceShare resources.\n", + "properties": { + "allowExternalPrincipals": { + "type": "boolean", + "description": "Indicates whether principals outside your organization can be associated with a resource share.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the resource share.\n" + }, + "name": { + "type": "string", + "description": "The name of the resource share.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource share. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ram/resourceShareAccepter:ResourceShareAccepter": { + "description": "Manage accepting a Resource Access Manager (RAM) Resource Share invitation. From a _receiver_ AWS account, accept an invitation to share resources that were shared by a _sender_ AWS account. To create a resource share in the _sender_, see the `aws.ram.ResourceShare` resource.\n\n> **Note:** If both AWS accounts are in the same Organization and [RAM Sharing with AWS Organizations is enabled](https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html#getting-started-sharing-orgs), this resource is not necessary as RAM Resource Share invitations are not used.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThis configuration provides an example of using multiple AWS providers to configure two different AWS accounts. In the _sender_ account, the configuration creates a `aws.ram.ResourceShare` and uses a data source in the _receiver_ account to create a `aws.ram.PrincipalAssociation` resource with the _receiver's_ account ID. In the _receiver_ account, the configuration accepts the invitation to share resources with the `aws.ram.ResourceShareAccepter`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst alternate = new aws.Provider(\"alternate\", {profile: \"profile1\"});\nconst senderShare = new aws.ram.ResourceShare(\"senderShare\", {\n allowExternalPrincipals: true,\n tags: {\n Name: \"tf-test-resource-share\",\n },\n}, {\n provider: aws.alternate,\n});\nconst receiver = aws.getCallerIdentity({});\nconst senderInvite = new aws.ram.PrincipalAssociation(\"senderInvite\", {\n principal: receiver.then(receiver => receiver.accountId),\n resourceShareArn: senderShare.arn,\n}, {\n provider: aws.alternate,\n});\nconst receiverAccept = new aws.ram.ResourceShareAccepter(\"receiverAccept\", {shareArn: senderInvite.resourceShareArn});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\nalternate = pulumi.providers.Aws(\"alternate\", profile=\"profile1\")\nsender_share = aws.ram.ResourceShare(\"senderShare\",\n allow_external_principals=True,\n tags={\n \"Name\": \"tf-test-resource-share\",\n },\n opts=pulumi.ResourceOptions(provider=aws[\"alternate\"]))\nreceiver = aws.get_caller_identity()\nsender_invite = aws.ram.PrincipalAssociation(\"senderInvite\",\n principal=receiver.account_id,\n resource_share_arn=sender_share.arn,\n opts=pulumi.ResourceOptions(provider=aws[\"alternate\"]))\nreceiver_accept = aws.ram.ResourceShareAccepter(\"receiverAccept\", share_arn=sender_invite.resource_share_arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var alternate = new Aws.Provider(\"alternate\", new Aws.ProviderArgs\n {\n Profile = \"profile1\",\n });\n var senderShare = new Aws.Ram.ResourceShare(\"senderShare\", new Aws.Ram.ResourceShareArgs\n {\n AllowExternalPrincipals = true,\n Tags = \n {\n { \"Name\", \"tf-test-resource-share\" },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Alternate,\n });\n var receiver = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var senderInvite = new Aws.Ram.PrincipalAssociation(\"senderInvite\", new Aws.Ram.PrincipalAssociationArgs\n {\n Principal = receiver.Apply(receiver => receiver.AccountId),\n ResourceShareArn = senderShare.Arn,\n }, new CustomResourceOptions\n {\n Provider = aws.Alternate,\n });\n var receiverAccept = new Aws.Ram.ResourceShareAccepter(\"receiverAccept\", new Aws.Ram.ResourceShareAccepterArgs\n {\n ShareArn = senderInvite.ResourceShareArn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ram\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"alternate\", &providers.awsArgs{\n\t\t\tProfile: \"profile1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsenderShare, err := ram.NewResourceShare(ctx, \"senderShare\", &ram.ResourceShareArgs{\n\t\t\tAllowExternalPrincipals: pulumi.Bool(true),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-test-resource-share\"),\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Alternate))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treceiver, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsenderInvite, err := ram.NewPrincipalAssociation(ctx, \"senderInvite\", &ram.PrincipalAssociationArgs{\n\t\t\tPrincipal: pulumi.String(receiver.AccountId),\n\t\t\tResourceShareArn: senderShare.Arn,\n\t\t}, pulumi.Provider(aws.Alternate))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ram.NewResourceShareAccepter(ctx, \"receiverAccept\", &ram.ResourceShareAccepterArgs{\n\t\t\tShareArn: senderInvite.ResourceShareArn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nResource share accepters can be imported using the resource share ARN, e.g.\n\n```sh\n $ pulumi import aws:ram/resourceShareAccepter:ResourceShareAccepter example arn:aws:ram:us-east-1:123456789012:resource-share/c4b56393-e8d9-89d9-6dc9-883752de4767\n```\n\n ", + "properties": { + "invitationArn": { + "type": "string", + "description": "The ARN of the resource share invitation.\n" + }, + "receiverAccountId": { + "type": "string", + "description": "The account ID of the receiver account which accepts the invitation.\n" + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the resource ARNs shared via the resource share.\n" + }, + "senderAccountId": { + "type": "string", + "description": "The account ID of the sender account which submits the invitation.\n" + }, + "shareArn": { + "type": "string", + "description": "The ARN of the resource share.\n" + }, + "shareId": { + "type": "string", + "description": "The ID of the resource share as displayed in the console.\n" + }, + "shareName": { + "type": "string", + "description": "The name of the resource share.\n" + }, + "status": { + "type": "string", + "description": "The status of the resource share (ACTIVE, PENDING, FAILED, DELETING, DELETED).\n" + } + }, + "required": [ + "invitationArn", + "receiverAccountId", + "resources", + "senderAccountId", + "shareArn", + "shareId", + "shareName", + "status" + ], + "inputProperties": { + "shareArn": { + "type": "string", + "description": "The ARN of the resource share.\n" + } + }, + "requiredInputs": [ + "shareArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResourceShareAccepter resources.\n", + "properties": { + "invitationArn": { + "type": "string", + "description": "The ARN of the resource share invitation.\n" + }, + "receiverAccountId": { + "type": "string", + "description": "The account ID of the receiver account which accepts the invitation.\n" + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the resource ARNs shared via the resource share.\n" + }, + "senderAccountId": { + "type": "string", + "description": "The account ID of the sender account which submits the invitation.\n" + }, + "shareArn": { + "type": "string", + "description": "The ARN of the resource share.\n" + }, + "shareId": { + "type": "string", + "description": "The ID of the resource share as displayed in the console.\n" + }, + "shareName": { + "type": "string", + "description": "The name of the resource share.\n" + }, + "status": { + "type": "string", + "description": "The status of the resource share (ACTIVE, PENDING, FAILED, DELETING, DELETED).\n" + } + }, + "type": "object" + } + }, + "aws:rds/cluster:Cluster": { + "description": "Manages a [RDS Aurora Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Aurora.html). To manage cluster instances that inherit configuration from the cluster (when not running the cluster in `serverless` engine mode), see the `aws.rds.ClusterInstance` resource. To manage non-Aurora databases (e.g. MySQL, PostgreSQL, SQL Server, etc.), see the `aws.rds.Instance` resource.\n\nFor information on the difference between the available Aurora MySQL engines\nsee [Comparison between Aurora MySQL 1 and Aurora MySQL 2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Updates.20180206.html)\nin the Amazon RDS User Guide.\n\nChanges to an RDS Cluster can occur when you manually change a\nparameter, such as `port`, and are reflected in the next maintenance\nwindow. Because of this, this provider may report a difference in its planning\nphase because a modification has not yet taken place. You can use the\n`apply_immediately` flag to instruct the service to apply the change immediately\n(see documentation below).\n\n> **Note:** using `apply_immediately` can result in a\nbrief downtime as the server reboots. See the AWS Docs on [RDS Maintenance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html)\nfor more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Aurora MySQL 2.x (MySQL 5.7)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultCluster = new aws.rds.Cluster(\"default\", {\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n backupRetentionPeriod: 5,\n clusterIdentifier: \"aurora-cluster-demo\",\n databaseName: \"mydb\",\n engine: \"aurora-mysql\",\n engineVersion: \"5.7.mysql_aurora.2.03.2\",\n masterPassword: \"bar\",\n masterUsername: \"foo\",\n preferredBackupWindow: \"07:00-09:00\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n backup_retention_period=5,\n cluster_identifier=\"aurora-cluster-demo\",\n database_name=\"mydb\",\n engine=\"aurora-mysql\",\n engine_version=\"5.7.mysql_aurora.2.03.2\",\n master_password=\"bar\",\n master_username=\"foo\",\n preferred_backup_window=\"07:00-09:00\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Rds.Cluster(\"default\", new Aws.Rds.ClusterArgs\n {\n AvailabilityZones = \n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n BackupRetentionPeriod = 5,\n ClusterIdentifier = \"aurora-cluster-demo\",\n DatabaseName = \"mydb\",\n Engine = \"aurora-mysql\",\n EngineVersion = \"5.7.mysql_aurora.2.03.2\",\n MasterPassword = \"bar\",\n MasterUsername = \"foo\",\n PreferredBackupWindow = \"07:00-09:00\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"_default\", &rds.ClusterArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"aurora-mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7.mysql_aurora.2.03.2\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Aurora MySQL 1.x (MySQL 5.6)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultCluster = new aws.rds.Cluster(\"default\", {\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n backupRetentionPeriod: 5,\n clusterIdentifier: \"aurora-cluster-demo\",\n databaseName: \"mydb\",\n masterPassword: \"bar\",\n masterUsername: \"foo\",\n preferredBackupWindow: \"07:00-09:00\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n backup_retention_period=5,\n cluster_identifier=\"aurora-cluster-demo\",\n database_name=\"mydb\",\n master_password=\"bar\",\n master_username=\"foo\",\n preferred_backup_window=\"07:00-09:00\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Rds.Cluster(\"default\", new Aws.Rds.ClusterArgs\n {\n AvailabilityZones = \n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n BackupRetentionPeriod = 5,\n ClusterIdentifier = \"aurora-cluster-demo\",\n DatabaseName = \"mydb\",\n MasterPassword = \"bar\",\n MasterUsername = \"foo\",\n PreferredBackupWindow = \"07:00-09:00\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"_default\", &rds.ClusterArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Aurora with PostgreSQL engine\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst postgresql = new aws.rds.Cluster(\"postgresql\", {\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n backupRetentionPeriod: 5,\n clusterIdentifier: \"aurora-cluster-demo\",\n databaseName: \"mydb\",\n engine: \"aurora-postgresql\",\n masterPassword: \"bar\",\n masterUsername: \"foo\",\n preferredBackupWindow: \"07:00-09:00\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npostgresql = aws.rds.Cluster(\"postgresql\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n backup_retention_period=5,\n cluster_identifier=\"aurora-cluster-demo\",\n database_name=\"mydb\",\n engine=\"aurora-postgresql\",\n master_password=\"bar\",\n master_username=\"foo\",\n preferred_backup_window=\"07:00-09:00\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var postgresql = new Aws.Rds.Cluster(\"postgresql\", new Aws.Rds.ClusterArgs\n {\n AvailabilityZones = \n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n BackupRetentionPeriod = 5,\n ClusterIdentifier = \"aurora-cluster-demo\",\n DatabaseName = \"mydb\",\n Engine = \"aurora-postgresql\",\n MasterPassword = \"bar\",\n MasterUsername = \"foo\",\n PreferredBackupWindow = \"07:00-09:00\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"postgresql\", &rds.ClusterArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tEngine: pulumi.String(\"aurora-postgresql\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Aurora Multi-Master Cluster\n\n> More information about Aurora Multi-Master Clusters can be found in the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-multi-master.html).\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Cluster(\"example\", {\n clusterIdentifier: \"example\",\n dbSubnetGroupName: aws_db_subnet_group.example.name,\n engineMode: \"multimaster\",\n masterPassword: \"barbarbarbar\",\n masterUsername: \"foo\",\n skipFinalSnapshot: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Cluster(\"example\",\n cluster_identifier=\"example\",\n db_subnet_group_name=aws_db_subnet_group[\"example\"][\"name\"],\n engine_mode=\"multimaster\",\n master_password=\"barbarbarbar\",\n master_username=\"foo\",\n skip_final_snapshot=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Rds.Cluster(\"example\", new Aws.Rds.ClusterArgs\n {\n ClusterIdentifier = \"example\",\n DbSubnetGroupName = aws_db_subnet_group.Example.Name,\n EngineMode = \"multimaster\",\n MasterPassword = \"barbarbarbar\",\n MasterUsername = \"foo\",\n SkipFinalSnapshot = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"example\", &rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tDbSubnetGroupName: pulumi.Any(aws_db_subnet_group.Example.Name),\n\t\t\tEngineMode: pulumi.String(\"multimaster\"),\n\t\t\tMasterPassword: pulumi.String(\"barbarbarbar\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRDS Clusters can be imported using the `cluster_identifier`, e.g.\n\n```sh\n $ pulumi import aws:rds/cluster:Cluster aurora_cluster aurora-prod-cluster\n```\n\n ", + "properties": { + "allowMajorVersionUpgrade": { + "type": "boolean", + "description": "Enable to allow major engine version upgrades when changing engine versions. Defaults to `false`.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false`. See [Amazon RDS Documentation for more information.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html)\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created. RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next provider update. It is recommended to specify 3 AZs or use [the `ignoreChanges` argument](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) if necessary.\n" + }, + "backtrackWindow": { + "type": "integer", + "description": "The target backtrack window, in seconds. Only available for `aurora` engine currently. To disable backtracking, set this value to `0`. Defaults to `0`. Must be between `0` and `259200` (72 hours)\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Default `1`\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "clusterIdentifierPrefix": { + "type": "string", + "description": "Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifier`.\n" + }, + "clusterMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of RDS Instances that are a part of this cluster\n" + }, + "clusterResourceId": { + "type": "string", + "description": "The RDS Cluster Resource ID\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "Copy all Cluster `tags` to snapshots. Default is `false`.\n" + }, + "databaseName": { + "type": "string", + "description": "Name for an automatically created database on cluster creation. There are different naming restrictions per database engine: [RDS Naming Constraints](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints)\n" + }, + "dbClusterParameterGroupName": { + "type": "string", + "description": "A cluster parameter group to associate with the cluster.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "A DB subnet group to associate with this DB instance. **NOTE:** This must match the `db_subnet_group_name` specified on every `aws.rds.ClusterInstance` in the cluster.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" + }, + "enableHttpEndpoint": { + "type": "boolean", + "description": "Enable HTTP endpoint (data API). Only valid when `engine_mode` is set to `serverless`.\n" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: `audit`, `error`, `general`, `slowquery`, `postgresql` (PostgreSQL).\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address of the RDS instance\n" + }, + "engine": { + "type": "string", + "description": "The name of the database engine to be used for this DB cluster. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql`\n" + }, + "engineMode": { + "type": "string", + "description": "The database engine mode. Valid values: `global` (only valid for Aurora MySQL 1.21 and earlier), `multimaster`, `parallelquery`, `provisioned`, `serverless`. Defaults to: `provisioned`. See the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/aurora-serverless.html) for limitations when using `serverless`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version. Updating this argument results in an outage. See the [Aurora MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) and [Aurora Postgres](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.html) documentation for your configured engine to determine this value. For example with Aurora MySQL 2, a potential value for this argument is `5.7.mysql_aurora.2.03.2`. The value can contain a partial version where supported by the API. The actual engine version used is returned in the attribute `engine_version_actual`, defined below.\n" + }, + "engineVersionActual": { + "type": "string", + "description": "The running version of the database.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made.\n" + }, + "globalClusterIdentifier": { + "type": "string", + "description": "The global cluster identifier specified on `aws.rds.GlobalCluster`.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The Route53 Hosted Zone ID of the endpoint\n" + }, + "iamDatabaseAuthenticationEnabled": { + "type": "boolean", + "description": "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. Please see [AWS Documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) for availability and limitations.\n" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A List of ARNs for the IAM roles to associate to the RDS Cluster.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to true.\n" + }, + "masterPassword": { + "type": "string", + "description": "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the [RDS Naming Constraints](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints)\n" + }, + "masterUsername": { + "type": "string", + "description": "Username for the master DB user. Please refer to the [RDS Naming Constraints](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints). This argument does not support in-place updates and cannot be changed during a restore from snapshot.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30\n" + }, + "readerEndpoint": { + "type": "string", + "description": "A read-only endpoint for the Aurora cluster, automatically\nload-balanced across replicas\n" + }, + "replicationSourceIdentifier": { + "type": "string", + "description": "ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica. If DB Cluster is part of a Global Cluster, use `ignore_changes`.\n" + }, + "restoreToPointInTime": { + "$ref": "#/types/aws:rds/ClusterRestoreToPointInTime:ClusterRestoreToPointInTime", + "description": "Nested attribute for [point in time restore](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PIT.html). More details below.\n" + }, + "s3Import": { + "$ref": "#/types/aws:rds/ClusterS3Import:ClusterS3Import" + }, + "scalingConfiguration": { + "$ref": "#/types/aws:rds/ClusterScalingConfiguration:ClusterScalingConfiguration", + "description": "Nested attribute with scaling properties. Only valid when `engine_mode` is set to `serverless`. More details below.\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from `final_snapshot_identifier`. Default is `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.\n" + }, + "sourceRegion": { + "type": "string", + "description": "The source region for an encrypted replica DB cluster.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted. The default is `false` for `provisioned` `engine_mode` and `true` for `serverless` `engine_mode`. When restoring an unencrypted `snapshot_identifier`, the `kms_key_id` argument must be provided to encrypt the restored cluster. The provider will only perform drift detection if a configuration value is provided.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the DB cluster.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to associate with the Cluster\n" + } + }, + "required": [ + "applyImmediately", + "arn", + "availabilityZones", + "clusterIdentifier", + "clusterIdentifierPrefix", + "clusterMembers", + "clusterResourceId", + "databaseName", + "dbClusterParameterGroupName", + "dbSubnetGroupName", + "endpoint", + "engineVersion", + "engineVersionActual", + "hostedZoneId", + "iamRoles", + "kmsKeyId", + "masterUsername", + "port", + "preferredBackupWindow", + "preferredMaintenanceWindow", + "readerEndpoint", + "storageEncrypted", + "tagsAll", + "vpcSecurityGroupIds" + ], + "inputProperties": { + "allowMajorVersionUpgrade": { + "type": "boolean", + "description": "Enable to allow major engine version upgrades when changing engine versions. Defaults to `false`.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false`. See [Amazon RDS Documentation for more information.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html)\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created. RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next provider update. It is recommended to specify 3 AZs or use [the `ignoreChanges` argument](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) if necessary.\n" + }, + "backtrackWindow": { + "type": "integer", + "description": "The target backtrack window, in seconds. Only available for `aurora` engine currently. To disable backtracking, set this value to `0`. Defaults to `0`. Must be between `0` and `259200` (72 hours)\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Default `1`\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "clusterIdentifierPrefix": { + "type": "string", + "description": "Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifier`.\n" + }, + "clusterMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of RDS Instances that are a part of this cluster\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "Copy all Cluster `tags` to snapshots. Default is `false`.\n" + }, + "databaseName": { + "type": "string", + "description": "Name for an automatically created database on cluster creation. There are different naming restrictions per database engine: [RDS Naming Constraints](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints)\n" + }, + "dbClusterParameterGroupName": { + "type": "string", + "description": "A cluster parameter group to associate with the cluster.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "A DB subnet group to associate with this DB instance. **NOTE:** This must match the `db_subnet_group_name` specified on every `aws.rds.ClusterInstance` in the cluster.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" + }, + "enableHttpEndpoint": { + "type": "boolean", + "description": "Enable HTTP endpoint (data API). Only valid when `engine_mode` is set to `serverless`.\n" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: `audit`, `error`, `general`, `slowquery`, `postgresql` (PostgreSQL).\n" + }, + "engine": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:rds/EngineType:EngineType" + } + ], + "description": "The name of the database engine to be used for this DB cluster. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql`\n" + }, + "engineMode": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:rds/EngineMode:EngineMode" + } + ], + "description": "The database engine mode. Valid values: `global` (only valid for Aurora MySQL 1.21 and earlier), `multimaster`, `parallelquery`, `provisioned`, `serverless`. Defaults to: `provisioned`. See the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/aurora-serverless.html) for limitations when using `serverless`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version. Updating this argument results in an outage. See the [Aurora MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) and [Aurora Postgres](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.html) documentation for your configured engine to determine this value. For example with Aurora MySQL 2, a potential value for this argument is `5.7.mysql_aurora.2.03.2`. The value can contain a partial version where supported by the API. The actual engine version used is returned in the attribute `engine_version_actual`, defined below.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made.\n" + }, + "globalClusterIdentifier": { + "type": "string", + "description": "The global cluster identifier specified on `aws.rds.GlobalCluster`.\n" + }, + "iamDatabaseAuthenticationEnabled": { + "type": "boolean", + "description": "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. Please see [AWS Documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) for availability and limitations.\n" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A List of ARNs for the IAM roles to associate to the RDS Cluster.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to true.\n" + }, + "masterPassword": { + "type": "string", + "description": "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the [RDS Naming Constraints](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints)\n" + }, + "masterUsername": { + "type": "string", + "description": "Username for the master DB user. Please refer to the [RDS Naming Constraints](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints). This argument does not support in-place updates and cannot be changed during a restore from snapshot.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30\n" + }, + "replicationSourceIdentifier": { + "type": "string", + "description": "ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica. If DB Cluster is part of a Global Cluster, use `ignore_changes`.\n" + }, + "restoreToPointInTime": { + "$ref": "#/types/aws:rds/ClusterRestoreToPointInTime:ClusterRestoreToPointInTime", + "description": "Nested attribute for [point in time restore](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PIT.html). More details below.\n" + }, + "s3Import": { + "$ref": "#/types/aws:rds/ClusterS3Import:ClusterS3Import" + }, + "scalingConfiguration": { + "$ref": "#/types/aws:rds/ClusterScalingConfiguration:ClusterScalingConfiguration", + "description": "Nested attribute with scaling properties. Only valid when `engine_mode` is set to `serverless`. More details below.\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from `final_snapshot_identifier`. Default is `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.\n" + }, + "sourceRegion": { + "type": "string", + "description": "The source region for an encrypted replica DB cluster.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted. The default is `false` for `provisioned` `engine_mode` and `true` for `serverless` `engine_mode`. When restoring an unencrypted `snapshot_identifier`, the `kms_key_id` argument must be provided to encrypt the restored cluster. The provider will only perform drift detection if a configuration value is provided.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the DB cluster.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to associate with the Cluster\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "allowMajorVersionUpgrade": { + "type": "boolean", + "description": "Enable to allow major engine version upgrades when changing engine versions. Defaults to `false`.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any cluster modifications are applied immediately, or during the next maintenance window. Default is `false`. See [Amazon RDS Documentation for more information.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html)\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of EC2 Availability Zones for the DB cluster storage where DB cluster instances can be created. RDS automatically assigns 3 AZs if less than 3 AZs are configured, which will show as a difference requiring resource recreation next provider update. It is recommended to specify 3 AZs or use [the `ignoreChanges` argument](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) if necessary.\n" + }, + "backtrackWindow": { + "type": "integer", + "description": "The target backtrack window, in seconds. Only available for `aurora` engine currently. To disable backtracking, set this value to `0`. Defaults to `0`. Must be between `0` and `259200` (72 hours)\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Default `1`\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "clusterIdentifierPrefix": { + "type": "string", + "description": "Creates a unique cluster identifier beginning with the specified prefix. Conflicts with `cluster_identifier`.\n" + }, + "clusterMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of RDS Instances that are a part of this cluster\n" + }, + "clusterResourceId": { + "type": "string", + "description": "The RDS Cluster Resource ID\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "Copy all Cluster `tags` to snapshots. Default is `false`.\n" + }, + "databaseName": { + "type": "string", + "description": "Name for an automatically created database on cluster creation. There are different naming restrictions per database engine: [RDS Naming Constraints](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints)\n" + }, + "dbClusterParameterGroupName": { + "type": "string", + "description": "A cluster parameter group to associate with the cluster.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "A DB subnet group to associate with this DB instance. **NOTE:** This must match the `db_subnet_group_name` specified on every `aws.rds.ClusterInstance` in the cluster.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" + }, + "enableHttpEndpoint": { + "type": "boolean", + "description": "Enable HTTP endpoint (data API). Only valid when `engine_mode` is set to `serverless`.\n" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of log types to export to cloudwatch. If omitted, no logs will be exported. The following log types are supported: `audit`, `error`, `general`, `slowquery`, `postgresql` (PostgreSQL).\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address of the RDS instance\n" + }, + "engine": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:rds/EngineType:EngineType" + } + ], + "description": "The name of the database engine to be used for this DB cluster. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql`\n" + }, + "engineMode": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:rds/EngineMode:EngineMode" + } + ], + "description": "The database engine mode. Valid values: `global` (only valid for Aurora MySQL 1.21 and earlier), `multimaster`, `parallelquery`, `provisioned`, `serverless`. Defaults to: `provisioned`. See the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/aurora-serverless.html) for limitations when using `serverless`.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version. Updating this argument results in an outage. See the [Aurora MySQL](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Updates.html) and [Aurora Postgres](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraPostgreSQL.Updates.html) documentation for your configured engine to determine this value. For example with Aurora MySQL 2, a potential value for this argument is `5.7.mysql_aurora.2.03.2`. The value can contain a partial version where supported by the API. The actual engine version used is returned in the attribute `engine_version_actual`, defined below.\n" + }, + "engineVersionActual": { + "type": "string", + "description": "The running version of the database.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final DB snapshot when this DB cluster is deleted. If omitted, no final snapshot will be made.\n" + }, + "globalClusterIdentifier": { + "type": "string", + "description": "The global cluster identifier specified on `aws.rds.GlobalCluster`.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The Route53 Hosted Zone ID of the endpoint\n" + }, + "iamDatabaseAuthenticationEnabled": { + "type": "boolean", + "description": "Specifies whether or mappings of AWS Identity and Access Management (IAM) accounts to database accounts is enabled. Please see [AWS Documentation](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) for availability and limitations.\n" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A List of ARNs for the IAM roles to associate to the RDS Cluster.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_id`, `storage_encrypted` needs to be set to true.\n" + }, + "masterPassword": { + "type": "string", + "description": "Password for the master DB user. Note that this may show up in logs, and it will be stored in the state file. Please refer to the [RDS Naming Constraints](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints)\n" + }, + "masterUsername": { + "type": "string", + "description": "Username for the master DB user. Please refer to the [RDS Naming Constraints](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Limits.html#RDS_Limits.Constraints). This argument does not support in-place updates and cannot be changed during a restore from snapshot.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.Time in UTC. Default: A 30-minute window selected at random from an 8-hour block of time per region. e.g. 04:00-09:00\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range during which system maintenance can occur, in (UTC) e.g. wed:04:00-wed:04:30\n" + }, + "readerEndpoint": { + "type": "string", + "description": "A read-only endpoint for the Aurora cluster, automatically\nload-balanced across replicas\n" + }, + "replicationSourceIdentifier": { + "type": "string", + "description": "ARN of a source DB cluster or DB instance if this DB cluster is to be created as a Read Replica. If DB Cluster is part of a Global Cluster, use `ignore_changes`.\n" + }, + "restoreToPointInTime": { + "$ref": "#/types/aws:rds/ClusterRestoreToPointInTime:ClusterRestoreToPointInTime", + "description": "Nested attribute for [point in time restore](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_PIT.html). More details below.\n" + }, + "s3Import": { + "$ref": "#/types/aws:rds/ClusterS3Import:ClusterS3Import" + }, + "scalingConfiguration": { + "$ref": "#/types/aws:rds/ClusterScalingConfiguration:ClusterScalingConfiguration", + "description": "Nested attribute with scaling properties. Only valid when `engine_mode` is set to `serverless`. More details below.\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final DB snapshot is created before the DB cluster is deleted. If true is specified, no DB snapshot is created. If false is specified, a DB snapshot is created before the DB cluster is deleted, using the value from `final_snapshot_identifier`. Default is `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this cluster from a snapshot. You can use either the name or ARN when specifying a DB cluster snapshot, or the ARN when specifying a DB snapshot.\n" + }, + "sourceRegion": { + "type": "string", + "description": "The source region for an encrypted replica DB cluster.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted. The default is `false` for `provisioned` `engine_mode` and `true` for `serverless` `engine_mode`. When restoring an unencrypted `snapshot_identifier`, the `kms_key_id` argument must be provided to encrypt the restored cluster. The provider will only perform drift detection if a configuration value is provided.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the DB cluster.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to associate with the Cluster\n" + } + }, + "type": "object" + } + }, + "aws:rds/clusterEndpoint:ClusterEndpoint": { + "description": "Manages an RDS Aurora Cluster Endpoint.\nYou can refer to the [User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Endpoints.html#Aurora.Endpoints.Cluster).\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"bar\",\n backupRetentionPeriod: 5,\n preferredBackupWindow: \"07:00-09:00\",\n});\nconst test1 = new aws.rds.ClusterInstance(\"test1\", {\n applyImmediately: true,\n clusterIdentifier: _default.id,\n identifier: \"test1\",\n instanceClass: \"db.t2.small\",\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n});\nconst test2 = new aws.rds.ClusterInstance(\"test2\", {\n applyImmediately: true,\n clusterIdentifier: _default.id,\n identifier: \"test2\",\n instanceClass: \"db.t2.small\",\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n});\nconst test3 = new aws.rds.ClusterInstance(\"test3\", {\n applyImmediately: true,\n clusterIdentifier: _default.id,\n identifier: \"test3\",\n instanceClass: \"db.t2.small\",\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n});\nconst eligible = new aws.rds.ClusterEndpoint(\"eligible\", {\n clusterIdentifier: _default.id,\n clusterEndpointIdentifier: \"reader\",\n customEndpointType: \"READER\",\n excludedMembers: [\n test1.id,\n test2.id,\n ],\n});\nconst static = new aws.rds.ClusterEndpoint(\"static\", {\n clusterIdentifier: _default.id,\n clusterEndpointIdentifier: \"static\",\n customEndpointType: \"READER\",\n staticMembers: [\n test1.id,\n test3.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"bar\",\n backup_retention_period=5,\n preferred_backup_window=\"07:00-09:00\")\ntest1 = aws.rds.ClusterInstance(\"test1\",\n apply_immediately=True,\n cluster_identifier=default.id,\n identifier=\"test1\",\n instance_class=\"db.t2.small\",\n engine=default.engine,\n engine_version=default.engine_version)\ntest2 = aws.rds.ClusterInstance(\"test2\",\n apply_immediately=True,\n cluster_identifier=default.id,\n identifier=\"test2\",\n instance_class=\"db.t2.small\",\n engine=default.engine,\n engine_version=default.engine_version)\ntest3 = aws.rds.ClusterInstance(\"test3\",\n apply_immediately=True,\n cluster_identifier=default.id,\n identifier=\"test3\",\n instance_class=\"db.t2.small\",\n engine=default.engine,\n engine_version=default.engine_version)\neligible = aws.rds.ClusterEndpoint(\"eligible\",\n cluster_identifier=default.id,\n cluster_endpoint_identifier=\"reader\",\n custom_endpoint_type=\"READER\",\n excluded_members=[\n test1.id,\n test2.id,\n ])\nstatic = aws.rds.ClusterEndpoint(\"static\",\n cluster_identifier=default.id,\n cluster_endpoint_identifier=\"static\",\n custom_endpoint_type=\"READER\",\n static_members=[\n test1.id,\n test3.id,\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Rds.Cluster(\"default\", new Aws.Rds.ClusterArgs\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n AvailabilityZones = \n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"bar\",\n BackupRetentionPeriod = 5,\n PreferredBackupWindow = \"07:00-09:00\",\n });\n var test1 = new Aws.Rds.ClusterInstance(\"test1\", new Aws.Rds.ClusterInstanceArgs\n {\n ApplyImmediately = true,\n ClusterIdentifier = @default.Id,\n Identifier = \"test1\",\n InstanceClass = \"db.t2.small\",\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n });\n var test2 = new Aws.Rds.ClusterInstance(\"test2\", new Aws.Rds.ClusterInstanceArgs\n {\n ApplyImmediately = true,\n ClusterIdentifier = @default.Id,\n Identifier = \"test2\",\n InstanceClass = \"db.t2.small\",\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n });\n var test3 = new Aws.Rds.ClusterInstance(\"test3\", new Aws.Rds.ClusterInstanceArgs\n {\n ApplyImmediately = true,\n ClusterIdentifier = @default.Id,\n Identifier = \"test3\",\n InstanceClass = \"db.t2.small\",\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n });\n var eligible = new Aws.Rds.ClusterEndpoint(\"eligible\", new Aws.Rds.ClusterEndpointArgs\n {\n ClusterIdentifier = @default.Id,\n ClusterEndpointIdentifier = \"reader\",\n CustomEndpointType = \"READER\",\n ExcludedMembers = \n {\n test1.Id,\n test2.Id,\n },\n });\n var @static = new Aws.Rds.ClusterEndpoint(\"static\", new Aws.Rds.ClusterEndpointArgs\n {\n ClusterIdentifier = @default.Id,\n ClusterEndpointIdentifier = \"static\",\n CustomEndpointType = \"READER\",\n StaticMembers = \n {\n test1.Id,\n test3.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"_default\", &rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"bar\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(5),\n\t\t\tPreferredBackupWindow: pulumi.String(\"07:00-09:00\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest1, err := rds.NewClusterInstance(ctx, \"test1\", &rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tIdentifier: pulumi.String(\"test1\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.small\"),\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: _default.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest2, err := rds.NewClusterInstance(ctx, \"test2\", &rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tIdentifier: pulumi.String(\"test2\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.small\"),\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: _default.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest3, err := rds.NewClusterInstance(ctx, \"test3\", &rds.ClusterInstanceArgs{\n\t\t\tApplyImmediately: pulumi.Bool(true),\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tIdentifier: pulumi.String(\"test3\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.small\"),\n\t\t\tEngine: _default.Engine,\n\t\t\tEngineVersion: _default.EngineVersion,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterEndpoint(ctx, \"eligible\", &rds.ClusterEndpointArgs{\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tClusterEndpointIdentifier: pulumi.String(\"reader\"),\n\t\t\tCustomEndpointType: pulumi.String(\"READER\"),\n\t\t\tExcludedMembers: pulumi.StringArray{\n\t\t\t\ttest1.ID(),\n\t\t\t\ttest2.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterEndpoint(ctx, \"static\", &rds.ClusterEndpointArgs{\n\t\t\tClusterIdentifier: _default.ID(),\n\t\t\tClusterEndpointIdentifier: pulumi.String(\"static\"),\n\t\t\tCustomEndpointType: pulumi.String(\"READER\"),\n\t\t\tStaticMembers: pulumi.StringArray{\n\t\t\t\ttest1.ID(),\n\t\t\t\ttest3.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRDS Clusters Endpoint can be imported using the `cluster_endpoint_identifier`, e.g.\n\n```sh\n $ pulumi import aws:rds/clusterEndpoint:ClusterEndpoint custom_reader aurora-prod-cluster-custom-reader\n```\n\n [1]https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Overview.Endpoints.html#Aurora.Endpoints.Cluster ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster\n" + }, + "clusterEndpointIdentifier": { + "type": "string", + "description": "The identifier to use for the new endpoint. This parameter is stored as a lowercase string.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier.\n" + }, + "customEndpointType": { + "type": "string", + "description": "The type of the endpoint. One of: READER , ANY .\n" + }, + "endpoint": { + "type": "string", + "description": "A custom endpoint for the Aurora cluster\n" + }, + "excludedMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that aren't part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. Only relevant if the list of static members is empty. Conflicts with `static_members`.\n" + }, + "staticMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that are part of the custom endpoint group. Conflicts with `excluded_members`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "clusterEndpointIdentifier", + "clusterIdentifier", + "customEndpointType", + "endpoint", + "tagsAll" + ], + "inputProperties": { + "clusterEndpointIdentifier": { + "type": "string", + "description": "The identifier to use for the new endpoint. This parameter is stored as a lowercase string.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier.\n" + }, + "customEndpointType": { + "type": "string", + "description": "The type of the endpoint. One of: READER , ANY .\n" + }, + "excludedMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that aren't part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. Only relevant if the list of static members is empty. Conflicts with `static_members`.\n" + }, + "staticMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that are part of the custom endpoint group. Conflicts with `excluded_members`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "clusterEndpointIdentifier", + "clusterIdentifier", + "customEndpointType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterEndpoint resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster\n" + }, + "clusterEndpointIdentifier": { + "type": "string", + "description": "The identifier to use for the new endpoint. This parameter is stored as a lowercase string.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier.\n" + }, + "customEndpointType": { + "type": "string", + "description": "The type of the endpoint. One of: READER , ANY .\n" + }, + "endpoint": { + "type": "string", + "description": "A custom endpoint for the Aurora cluster\n" + }, + "excludedMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that aren't part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. Only relevant if the list of static members is empty. Conflicts with `static_members`.\n" + }, + "staticMembers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB instance identifiers that are part of the custom endpoint group. Conflicts with `excluded_members`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:rds/clusterInstance:ClusterInstance": { + "description": "Provides an RDS Cluster Instance Resource. A Cluster Instance Resource defines\nattributes that are specific to a single instance in a [RDS Cluster](https://www.terraform.io/docs/providers/aws/r/rds_cluster.html),\nspecifically running Amazon Aurora.\n\nUnlike other RDS resources that support replication, with Amazon Aurora you do\nnot designate a primary and subsequent replicas. Instead, you simply add RDS\nInstances and Aurora manages the replication. You can use the [count](https://www.terraform.io/docs/configuration/meta-arguments/count.html)\nmeta-parameter to make multiple instances and join them all to the same RDS\nCluster, or you may specify different Cluster Instance resources with various\n`instance_class` sizes.\n\nFor more information on Amazon Aurora, see [Aurora on Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Aurora.html) in the Amazon RDS User Guide.\n\n> **NOTE:** Deletion Protection from the RDS service can only be enabled at the cluster level, not for individual cluster instances. You can still add the [`protect` CustomResourceOption](https://www.pulumi.com/docs/intro/concepts/programming-model/#protect) to this resource configuration if you desire protection from accidental deletion.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Cluster(\"default\", {\n clusterIdentifier: \"aurora-cluster-demo\",\n availabilityZones: [\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"barbut8chars\",\n});\nconst clusterInstances: aws.rds.ClusterInstance[];\nfor (const range = {value: 0}; range.value < 2; range.value++) {\n clusterInstances.push(new aws.rds.ClusterInstance(`clusterInstances-${range.value}`, {\n identifier: `aurora-cluster-demo-${range.value}`,\n clusterIdentifier: _default.id,\n instanceClass: \"db.r4.large\",\n engine: _default.engine,\n engineVersion: _default.engineVersion,\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Cluster(\"default\",\n cluster_identifier=\"aurora-cluster-demo\",\n availability_zones=[\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n ],\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"barbut8chars\")\ncluster_instances = []\nfor range in [{\"value\": i} for i in range(0, 2)]:\n cluster_instances.append(aws.rds.ClusterInstance(f\"clusterInstances-{range['value']}\",\n identifier=f\"aurora-cluster-demo-{range['value']}\",\n cluster_identifier=default.id,\n instance_class=\"db.r4.large\",\n engine=default.engine,\n engine_version=default.engine_version))\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Rds.Cluster(\"default\", new Aws.Rds.ClusterArgs\n {\n ClusterIdentifier = \"aurora-cluster-demo\",\n AvailabilityZones = \n {\n \"us-west-2a\",\n \"us-west-2b\",\n \"us-west-2c\",\n },\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"barbut8chars\",\n });\n var clusterInstances = new List();\n for (var rangeIndex = 0; rangeIndex < 2; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n clusterInstances.Add(new Aws.Rds.ClusterInstance($\"clusterInstances-{range.Value}\", new Aws.Rds.ClusterInstanceArgs\n {\n Identifier = $\"aurora-cluster-demo-{range.Value}\",\n ClusterIdentifier = @default.Id,\n InstanceClass = \"db.r4.large\",\n Engine = @default.Engine,\n EngineVersion = @default.EngineVersion,\n }));\n }\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewCluster(ctx, \"_default\", &rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"aurora-cluster-demo\"),\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t\tpulumi.String(\"us-west-2b\"),\n\t\t\t\tpulumi.String(\"us-west-2c\"),\n\t\t\t},\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"barbut8chars\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tvar clusterInstances []*rds.ClusterInstance\n\t\tfor key0, val0 := range 2 {\n\t\t\t__res, err := rds.NewClusterInstance(ctx, fmt.Sprintf(\"clusterInstances-%v\", key0), &rds.ClusterInstanceArgs{\n\t\t\t\tIdentifier: pulumi.String(fmt.Sprintf(\"%v%v\", \"aurora-cluster-demo-\", val0)),\n\t\t\t\tClusterIdentifier: _default.ID(),\n\t\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\t\tEngine: _default.Engine,\n\t\t\t\tEngineVersion: _default.EngineVersion,\n\t\t\t})\n\t\t\tif err != nil {\n\t\t\t\treturn err\n\t\t\t}\n\t\t\tclusterInstances = append(clusterInstances, __res)\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRDS Cluster Instances can be imported using the `identifier`, e.g.\n\n```sh\n $ pulumi import aws:rds/clusterInstance:ClusterInstance prod_instance_1 aurora-cluster-instance-1\n```\n\n ", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is`false`.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster instance\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the DB instance is created in. See [docs](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) about the details.\n" + }, + "caCertIdentifier": { + "type": "string", + "description": "The identifier of the CA certificate for the DB instance.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The identifier of the `aws.rds.Cluster` in which to launch this instance.\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance. Default `false`.\n" + }, + "dbParameterGroupName": { + "type": "string", + "description": "The name of the DB parameter group to associate with this instance.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "A DB subnet group to associate with this DB instance. **NOTE:** This must match the `db_subnet_group_name` of the attached `aws.rds.Cluster`.\n" + }, + "dbiResourceId": { + "type": "string", + "description": "The region-unique, immutable identifier for the DB instance.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address for this instance. May not be writable\n" + }, + "engine": { + "type": "string", + "$ref": "#/types/aws:rds/engineType:EngineType", + "description": "The name of the database engine to be used for the RDS instance. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql`.\nFor information on the difference between the available Aurora MySQL engines\nsee [Comparison between Aurora MySQL 1 and Aurora MySQL 2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Updates.20180206.html)\nin the Amazon RDS User Guide.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version. When managing the engine version in the cluster, it is recommended to add the `ignore_changes` for this argument to prevent the provider from proposing changes to the instance engine version directly.\n" + }, + "engineVersionActual": { + "type": "string", + "description": "The database engine version\n" + }, + "identifier": { + "type": "string", + "description": "The indentifier for the RDS instance, if omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "description": "The instance class to use. For details on CPU\nand memory, see [Scaling Aurora DB Instances](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Managing.html). Aurora uses `db.*` instance classes/types. Please see [AWS Documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) for currently available instance classes and complete details.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key if one is set to the cluster.\n" + }, + "monitoringInterval": { + "type": "integer", + "description": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60.\n" + }, + "monitoringRoleArn": { + "type": "string", + "description": "The ARN for the IAM role that permits RDS to send\nenhanced monitoring metrics to CloudWatch Logs. You can find more information on the [AWS Documentation](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html)\nwhat IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.\n" + }, + "performanceInsightsEnabled": { + "type": "boolean", + "description": "Specifies whether Performance Insights is enabled or not.\n" + }, + "performanceInsightsKmsKeyId": { + "type": "string", + "description": "The ARN for the KMS key to encrypt Performance Insights data. When specifying `performance_insights_kms_key_id`, `performance_insights_enabled` needs to be set to true.\n" + }, + "port": { + "type": "integer", + "description": "The database port\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled.\nEg: \"04:00-09:00\"\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\".\n" + }, + "promotionTier": { + "type": "integer", + "description": "Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoted to writer.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Bool to control if instance is publicly accessible.\nDefault `false`. See the documentation on [Creating DB Instances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) for more\ndetails on controlling this property.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the instance. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "writer": { + "type": "boolean", + "description": "Boolean indicating if this instance is writable. `False` indicates this instance is a read replica.\n" + } + }, + "required": [ + "applyImmediately", + "arn", + "availabilityZone", + "caCertIdentifier", + "clusterIdentifier", + "dbParameterGroupName", + "dbSubnetGroupName", + "dbiResourceId", + "endpoint", + "engineVersion", + "engineVersionActual", + "identifier", + "identifierPrefix", + "instanceClass", + "kmsKeyId", + "monitoringRoleArn", + "performanceInsightsEnabled", + "performanceInsightsKmsKeyId", + "port", + "preferredBackupWindow", + "preferredMaintenanceWindow", + "storageEncrypted", + "tagsAll", + "writer" + ], + "inputProperties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is`false`.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the DB instance is created in. See [docs](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) about the details.\n" + }, + "caCertIdentifier": { + "type": "string", + "description": "The identifier of the CA certificate for the DB instance.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The identifier of the `aws.rds.Cluster` in which to launch this instance.\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance. Default `false`.\n" + }, + "dbParameterGroupName": { + "type": "string", + "description": "The name of the DB parameter group to associate with this instance.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "A DB subnet group to associate with this DB instance. **NOTE:** This must match the `db_subnet_group_name` of the attached `aws.rds.Cluster`.\n" + }, + "engine": { + "type": "string", + "$ref": "#/types/aws:rds/engineType:EngineType", + "description": "The name of the database engine to be used for the RDS instance. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql`.\nFor information on the difference between the available Aurora MySQL engines\nsee [Comparison between Aurora MySQL 1 and Aurora MySQL 2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Updates.20180206.html)\nin the Amazon RDS User Guide.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version. When managing the engine version in the cluster, it is recommended to add the `ignore_changes` for this argument to prevent the provider from proposing changes to the instance engine version directly.\n" + }, + "identifier": { + "type": "string", + "description": "The indentifier for the RDS instance, if omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:rds/InstanceType:InstanceType" + } + ], + "description": "The instance class to use. For details on CPU\nand memory, see [Scaling Aurora DB Instances](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Managing.html). Aurora uses `db.*` instance classes/types. Please see [AWS Documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) for currently available instance classes and complete details.\n" + }, + "monitoringInterval": { + "type": "integer", + "description": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60.\n" + }, + "monitoringRoleArn": { + "type": "string", + "description": "The ARN for the IAM role that permits RDS to send\nenhanced monitoring metrics to CloudWatch Logs. You can find more information on the [AWS Documentation](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html)\nwhat IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.\n" + }, + "performanceInsightsEnabled": { + "type": "boolean", + "description": "Specifies whether Performance Insights is enabled or not.\n" + }, + "performanceInsightsKmsKeyId": { + "type": "string", + "description": "The ARN for the KMS key to encrypt Performance Insights data. When specifying `performance_insights_kms_key_id`, `performance_insights_enabled` needs to be set to true.\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled.\nEg: \"04:00-09:00\"\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\".\n" + }, + "promotionTier": { + "type": "integer", + "description": "Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoted to writer.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Bool to control if instance is publicly accessible.\nDefault `false`. See the documentation on [Creating DB Instances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) for more\ndetails on controlling this property.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the instance. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "clusterIdentifier", + "instanceClass" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterInstance resources.\n", + "properties": { + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is`false`.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster instance\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades will be applied automatically to the DB instance during the maintenance window. Default `true`.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone that the DB instance is created in. See [docs](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) about the details.\n" + }, + "caCertIdentifier": { + "type": "string", + "description": "The identifier of the CA certificate for the DB instance.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The identifier of the `aws.rds.Cluster` in which to launch this instance.\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "Indicates whether to copy all of the user-defined tags from the DB instance to snapshots of the DB instance. Default `false`.\n" + }, + "dbParameterGroupName": { + "type": "string", + "description": "The name of the DB parameter group to associate with this instance.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "A DB subnet group to associate with this DB instance. **NOTE:** This must match the `db_subnet_group_name` of the attached `aws.rds.Cluster`.\n" + }, + "dbiResourceId": { + "type": "string", + "description": "The region-unique, immutable identifier for the DB instance.\n" + }, + "endpoint": { + "type": "string", + "description": "The DNS address for this instance. May not be writable\n" + }, + "engine": { + "type": "string", + "$ref": "#/types/aws:rds/engineType:EngineType", + "description": "The name of the database engine to be used for the RDS instance. Defaults to `aurora`. Valid Values: `aurora`, `aurora-mysql`, `aurora-postgresql`.\nFor information on the difference between the available Aurora MySQL engines\nsee [Comparison between Aurora MySQL 1 and Aurora MySQL 2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Updates.20180206.html)\nin the Amazon RDS User Guide.\n" + }, + "engineVersion": { + "type": "string", + "description": "The database engine version. When managing the engine version in the cluster, it is recommended to add the `ignore_changes` for this argument to prevent the provider from proposing changes to the instance engine version directly.\n" + }, + "engineVersionActual": { + "type": "string", + "description": "The database engine version\n" + }, + "identifier": { + "type": "string", + "description": "The indentifier for the RDS instance, if omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique identifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:rds/InstanceType:InstanceType" + } + ], + "description": "The instance class to use. For details on CPU\nand memory, see [Scaling Aurora DB Instances](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Aurora.Managing.html). Aurora uses `db.*` instance classes/types. Please see [AWS Documentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) for currently available instance classes and complete details.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key if one is set to the cluster.\n" + }, + "monitoringInterval": { + "type": "integer", + "description": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid Values: 0, 1, 5, 10, 15, 30, 60.\n" + }, + "monitoringRoleArn": { + "type": "string", + "description": "The ARN for the IAM role that permits RDS to send\nenhanced monitoring metrics to CloudWatch Logs. You can find more information on the [AWS Documentation](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html)\nwhat IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.\n" + }, + "performanceInsightsEnabled": { + "type": "boolean", + "description": "Specifies whether Performance Insights is enabled or not.\n" + }, + "performanceInsightsKmsKeyId": { + "type": "string", + "description": "The ARN for the KMS key to encrypt Performance Insights data. When specifying `performance_insights_kms_key_id`, `performance_insights_enabled` needs to be set to true.\n" + }, + "port": { + "type": "integer", + "description": "The database port\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "The daily time range during which automated backups are created if automated backups are enabled.\nEg: \"04:00-09:00\"\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\".\n" + }, + "promotionTier": { + "type": "integer", + "description": "Default 0. Failover Priority setting on instance level. The reader who has lower tier has higher priority to get promoted to writer.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Bool to control if instance is publicly accessible.\nDefault `false`. See the documentation on [Creating DB Instances](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html) for more\ndetails on controlling this property.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the instance. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "writer": { + "type": "boolean", + "description": "Boolean indicating if this instance is writable. `False` indicates this instance is a read replica.\n" + } + }, + "type": "object" + } + }, + "aws:rds/clusterParameterGroup:ClusterParameterGroup": { + "description": "Provides an RDS DB cluster parameter group resource. Documentation of the available parameters for various Aurora engines can be found at:\n\n* [Aurora MySQL Parameters](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Reference.html)\n* [Aurora PostgreSQL Parameters](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraPostgreSQL.Reference.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultClusterParameterGroup = new aws.rds.ClusterParameterGroup(\"default\", {\n description: \"RDS default cluster parameter group\",\n family: \"aurora5.6\",\n parameters: [\n {\n name: \"character_set_server\",\n value: \"utf8\",\n },\n {\n name: \"character_set_client\",\n value: \"utf8\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.ClusterParameterGroup(\"default\",\n description=\"RDS default cluster parameter group\",\n family=\"aurora5.6\",\n parameters=[\n aws.rds.ClusterParameterGroupParameterArgs(\n name=\"character_set_server\",\n value=\"utf8\",\n ),\n aws.rds.ClusterParameterGroupParameterArgs(\n name=\"character_set_client\",\n value=\"utf8\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Rds.ClusterParameterGroup(\"default\", new Aws.Rds.ClusterParameterGroupArgs\n {\n Description = \"RDS default cluster parameter group\",\n Family = \"aurora5.6\",\n Parameters = \n {\n new Aws.Rds.Inputs.ClusterParameterGroupParameterArgs\n {\n Name = \"character_set_server\",\n Value = \"utf8\",\n },\n new Aws.Rds.Inputs.ClusterParameterGroupParameterArgs\n {\n Name = \"character_set_client\",\n Value = \"utf8\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewClusterParameterGroup(ctx, \"_default\", &rds.ClusterParameterGroupArgs{\n\t\t\tDescription: pulumi.String(\"RDS default cluster parameter group\"),\n\t\t\tFamily: pulumi.String(\"aurora5.6\"),\n\t\t\tParameters: rds.ClusterParameterGroupParameterArray{\n\t\t\t\t&rds.ClusterParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"character_set_server\"),\n\t\t\t\t\tValue: pulumi.String(\"utf8\"),\n\t\t\t\t},\n\t\t\t\t&rds.ClusterParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"character_set_client\"),\n\t\t\t\t\tValue: pulumi.String(\"utf8\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRDS Cluster Parameter Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:rds/clusterParameterGroup:ClusterParameterGroup cluster_pg production-pg-1\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the db cluster parameter group.\n" + }, + "description": { + "type": "string", + "description": "The description of the DB cluster parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the DB cluster parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/ClusterParameterGroupParameter:ClusterParameterGroupParameter" + }, + "description": "A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via [`aws rds describe-db-cluster-parameters`](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-cluster-parameters.html) after initial creation of the group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "description", + "family", + "name", + "namePrefix", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the DB cluster parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the DB cluster parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/ClusterParameterGroupParameter:ClusterParameterGroupParameter" + }, + "description": "A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via [`aws rds describe-db-cluster-parameters`](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-cluster-parameters.html) after initial creation of the group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "family" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterParameterGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the db cluster parameter group.\n" + }, + "description": { + "type": "string", + "description": "The description of the DB cluster parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the DB cluster parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/ClusterParameterGroupParameter:ClusterParameterGroupParameter" + }, + "description": "A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via [`aws rds describe-db-cluster-parameters`](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-cluster-parameters.html) after initial creation of the group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:rds/clusterRoleAssociation:ClusterRoleAssociation": { + "description": "Manages a RDS DB Cluster association with an IAM Role. Example use cases:\n\n* [Creating an IAM Role to Allow Amazon Aurora to Access AWS Services](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Integrating.Authorizing.IAM.CreateRole.html)\n* [Importing Amazon S3 Data into an RDS PostgreSQL DB Cluster](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PostgreSQL.S3Import.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.ClusterRoleAssociation(\"example\", {\n dbClusterIdentifier: aws_rds_cluster.example.id,\n featureName: \"S3_INTEGRATION\",\n roleArn: aws_iam_role.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.ClusterRoleAssociation(\"example\",\n db_cluster_identifier=aws_rds_cluster[\"example\"][\"id\"],\n feature_name=\"S3_INTEGRATION\",\n role_arn=aws_iam_role[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Rds.ClusterRoleAssociation(\"example\", new Aws.Rds.ClusterRoleAssociationArgs\n {\n DbClusterIdentifier = aws_rds_cluster.Example.Id,\n FeatureName = \"S3_INTEGRATION\",\n RoleArn = aws_iam_role.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewClusterRoleAssociation(ctx, \"example\", &rds.ClusterRoleAssociationArgs{\n\t\t\tDbClusterIdentifier: pulumi.Any(aws_rds_cluster.Example.Id),\n\t\t\tFeatureName: pulumi.String(\"S3_INTEGRATION\"),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_rds_cluster_role_association` can be imported using the DB Cluster Identifier and IAM Role ARN separated by a comma (`,`), e.g.\n\n```sh\n $ pulumi import aws:rds/clusterRoleAssociation:ClusterRoleAssociation example my-db-cluster,arn:aws:iam::123456789012:role/my-role\n```\n\n ", + "properties": { + "dbClusterIdentifier": { + "type": "string", + "description": "DB Cluster Identifier to associate with the IAM Role.\n" + }, + "featureName": { + "type": "string", + "description": "Name of the feature for association. This can be found in the AWS documentation relevant to the integration or a full list is available in the `SupportedFeatureNames` list returned by [AWS CLI rds describe-db-engine-versions](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-engine-versions.html).\n" + }, + "roleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role to associate with the DB Cluster.\n" + } + }, + "required": [ + "dbClusterIdentifier", + "featureName", + "roleArn" + ], + "inputProperties": { + "dbClusterIdentifier": { + "type": "string", + "description": "DB Cluster Identifier to associate with the IAM Role.\n" + }, + "featureName": { + "type": "string", + "description": "Name of the feature for association. This can be found in the AWS documentation relevant to the integration or a full list is available in the `SupportedFeatureNames` list returned by [AWS CLI rds describe-db-engine-versions](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-engine-versions.html).\n" + }, + "roleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role to associate with the DB Cluster.\n" + } + }, + "requiredInputs": [ + "dbClusterIdentifier", + "featureName", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterRoleAssociation resources.\n", + "properties": { + "dbClusterIdentifier": { + "type": "string", + "description": "DB Cluster Identifier to associate with the IAM Role.\n" + }, + "featureName": { + "type": "string", + "description": "Name of the feature for association. This can be found in the AWS documentation relevant to the integration or a full list is available in the `SupportedFeatureNames` list returned by [AWS CLI rds describe-db-engine-versions](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-engine-versions.html).\n" + }, + "roleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role to associate with the DB Cluster.\n" + } + }, + "type": "object" + } + }, + "aws:rds/clusterSnapshot:ClusterSnapshot": { + "description": "Manages an RDS database cluster snapshot for Aurora clusters. For managing RDS database instance snapshots, see the `aws.rds.Snapshot` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.ClusterSnapshot(\"example\", {\n dbClusterIdentifier: aws_rds_cluster.example.id,\n dbClusterSnapshotIdentifier: \"resourcetestsnapshot1234\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.ClusterSnapshot(\"example\",\n db_cluster_identifier=aws_rds_cluster[\"example\"][\"id\"],\n db_cluster_snapshot_identifier=\"resourcetestsnapshot1234\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Rds.ClusterSnapshot(\"example\", new Aws.Rds.ClusterSnapshotArgs\n {\n DbClusterIdentifier = aws_rds_cluster.Example.Id,\n DbClusterSnapshotIdentifier = \"resourcetestsnapshot1234\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewClusterSnapshot(ctx, \"example\", &rds.ClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: pulumi.Any(aws_rds_cluster.Example.Id),\n\t\t\tDbClusterSnapshotIdentifier: pulumi.String(\"resourcetestsnapshot1234\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_db_cluster_snapshot` can be imported by using the cluster snapshot identifier, e.g.\n\n```sh\n $ pulumi import aws:rds/clusterSnapshot:ClusterSnapshot example my-cluster-snapshot\n```\n\n ", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size in gigabytes (GB).\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 Availability Zones that instances in the DB cluster snapshot can be restored in.\n" + }, + "dbClusterIdentifier": { + "type": "string", + "description": "The DB Cluster Identifier from which to take the snapshot.\n" + }, + "dbClusterSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB Cluster Snapshot.\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the database engine for this DB cluster snapshot.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "If storage_encrypted is true, the AWS KMS key identifier for the encrypted DB cluster snapshot.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for the restored DB cluster.\n" + }, + "port": { + "type": "integer", + "description": "Port that the DB cluster was listening on at the time of the snapshot.\n" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbClusterSnapshotArn": { + "type": "string" + }, + "status": { + "type": "string", + "description": "The status of this DB Cluster Snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster snapshot is encrypted.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the DB cluster. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID associated with the DB cluster snapshot.\n" + } + }, + "required": [ + "allocatedStorage", + "availabilityZones", + "dbClusterIdentifier", + "dbClusterSnapshotArn", + "dbClusterSnapshotIdentifier", + "engine", + "engineVersion", + "kmsKeyId", + "licenseModel", + "port", + "snapshotType", + "sourceDbClusterSnapshotArn", + "status", + "storageEncrypted", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "dbClusterIdentifier": { + "type": "string", + "description": "The DB Cluster Identifier from which to take the snapshot.\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the DB cluster. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "dbClusterIdentifier", + "dbClusterSnapshotIdentifier" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ClusterSnapshot resources.\n", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size in gigabytes (GB).\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 Availability Zones that instances in the DB cluster snapshot can be restored in.\n" + }, + "dbClusterIdentifier": { + "type": "string", + "description": "The DB Cluster Identifier from which to take the snapshot.\n" + }, + "dbClusterSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB Cluster Snapshot.\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the database engine for this DB cluster snapshot.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "If storage_encrypted is true, the AWS KMS key identifier for the encrypted DB cluster snapshot.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for the restored DB cluster.\n" + }, + "port": { + "type": "integer", + "description": "Port that the DB cluster was listening on at the time of the snapshot.\n" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbClusterSnapshotArn": { + "type": "string" + }, + "status": { + "type": "string", + "description": "The status of this DB Cluster Snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster snapshot is encrypted.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the DB cluster. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID associated with the DB cluster snapshot.\n" + } + }, + "type": "object" + } + }, + "aws:rds/eventSubscription:EventSubscription": { + "description": "Provides a DB event subscription resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultInstance = new aws.rds.Instance(\"defaultInstance\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.17\",\n instanceClass: \"db.t2.micro\",\n name: \"mydb\",\n username: \"foo\",\n password: \"bar\",\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.6\",\n});\nconst defaultTopic = new aws.sns.Topic(\"defaultTopic\", {});\nconst defaultEventSubscription = new aws.rds.EventSubscription(\"defaultEventSubscription\", {\n snsTopic: defaultTopic.arn,\n sourceType: \"db-instance\",\n sourceIds: [defaultInstance.id],\n eventCategories: [\n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_instance = aws.rds.Instance(\"defaultInstance\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.17\",\n instance_class=\"db.t2.micro\",\n name=\"mydb\",\n username=\"foo\",\n password=\"bar\",\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.6\")\ndefault_topic = aws.sns.Topic(\"defaultTopic\")\ndefault_event_subscription = aws.rds.EventSubscription(\"defaultEventSubscription\",\n sns_topic=default_topic.arn,\n source_type=\"db-instance\",\n source_ids=[default_instance.id],\n event_categories=[\n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var defaultInstance = new Aws.Rds.Instance(\"defaultInstance\", new Aws.Rds.InstanceArgs\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.17\",\n InstanceClass = \"db.t2.micro\",\n Name = \"mydb\",\n Username = \"foo\",\n Password = \"bar\",\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.6\",\n });\n var defaultTopic = new Aws.Sns.Topic(\"defaultTopic\", new Aws.Sns.TopicArgs\n {\n });\n var defaultEventSubscription = new Aws.Rds.EventSubscription(\"defaultEventSubscription\", new Aws.Rds.EventSubscriptionArgs\n {\n SnsTopic = defaultTopic.Arn,\n SourceType = \"db-instance\",\n SourceIds = \n {\n defaultInstance.Id,\n },\n EventCategories = \n {\n \"availability\",\n \"deletion\",\n \"failover\",\n \"failure\",\n \"low storage\",\n \"maintenance\",\n \"notification\",\n \"read replica\",\n \"recovery\",\n \"restoration\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultInstance, err := rds.NewInstance(ctx, \"defaultInstance\", &rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.17\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"bar\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTopic, err := sns.NewTopic(ctx, \"defaultTopic\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewEventSubscription(ctx, \"defaultEventSubscription\", &rds.EventSubscriptionArgs{\n\t\t\tSnsTopic: defaultTopic.Arn,\n\t\t\tSourceType: pulumi.String(\"db-instance\"),\n\t\t\tSourceIds: pulumi.StringArray{\n\t\t\t\tdefaultInstance.ID(),\n\t\t\t},\n\t\t\tEventCategories: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"availability\"),\n\t\t\t\tpulumi.String(\"deletion\"),\n\t\t\t\tpulumi.String(\"failover\"),\n\t\t\t\tpulumi.String(\"failure\"),\n\t\t\t\tpulumi.String(\"low storage\"),\n\t\t\t\tpulumi.String(\"maintenance\"),\n\t\t\t\tpulumi.String(\"notification\"),\n\t\t\t\tpulumi.String(\"read replica\"),\n\t\t\t\tpulumi.String(\"recovery\"),\n\t\t\t\tpulumi.String(\"restoration\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDB Event Subscriptions can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:rds/eventSubscription:EventSubscription default rds-event-sub\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the RDS event notification subscription\n" + }, + "customerAwsId": { + "type": "string", + "description": "The AWS customer account associated with the RDS event notification subscription\n" + }, + "enabled": { + "type": "boolean", + "description": "A boolean flag to enable/disable the subscription. Defaults to true.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event categories for a SourceType that you want to subscribe to. See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html or run `aws rds describe-event-categories`.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB event subscription. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "The name of the DB event subscription. Conflicts with `name`.\n" + }, + "snsTopic": { + "type": "string", + "description": "The SNS topic to send events to.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a source_type must also be specified.\n" + }, + "sourceType": { + "type": "string", + "description": "The type of source that will be generating the events. Valid options are `db-instance`, `db-security-group`, `db-parameter-group`, `db-snapshot`, `db-cluster` or `db-cluster-snapshot`. If not set, all sources will be subscribed to.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "customerAwsId", + "name", + "snsTopic", + "tagsAll" + ], + "inputProperties": { + "enabled": { + "type": "boolean", + "description": "A boolean flag to enable/disable the subscription. Defaults to true.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event categories for a SourceType that you want to subscribe to. See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html or run `aws rds describe-event-categories`.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB event subscription. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "The name of the DB event subscription. Conflicts with `name`.\n" + }, + "snsTopic": { + "type": "string", + "description": "The SNS topic to send events to.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a source_type must also be specified.\n" + }, + "sourceType": { + "type": "string", + "description": "The type of source that will be generating the events. Valid options are `db-instance`, `db-security-group`, `db-parameter-group`, `db-snapshot`, `db-cluster` or `db-cluster-snapshot`. If not set, all sources will be subscribed to.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "snsTopic" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventSubscription resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the RDS event notification subscription\n" + }, + "customerAwsId": { + "type": "string", + "description": "The AWS customer account associated with the RDS event notification subscription\n" + }, + "enabled": { + "type": "boolean", + "description": "A boolean flag to enable/disable the subscription. Defaults to true.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event categories for a SourceType that you want to subscribe to. See http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.html or run `aws rds describe-event-categories`.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB event subscription. By default generated by this provider.\n" + }, + "namePrefix": { + "type": "string", + "description": "The name of the DB event subscription. Conflicts with `name`.\n" + }, + "snsTopic": { + "type": "string", + "description": "The SNS topic to send events to.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a source_type must also be specified.\n" + }, + "sourceType": { + "type": "string", + "description": "The type of source that will be generating the events. Valid options are `db-instance`, `db-security-group`, `db-parameter-group`, `db-snapshot`, `db-cluster` or `db-cluster-snapshot`. If not set, all sources will be subscribed to.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:rds/globalCluster:GlobalCluster": { + "description": "Manages an RDS Global Cluster, which is an Aurora global database spread across multiple regions. The global database contains a single primary cluster with read-write capability, and a read-only secondary cluster that receives data from the primary cluster through high-speed replication performed by the Aurora storage subsystem.\n\nMore information about Aurora global databases can be found in the [Aurora User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database-creating).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### New MySQL Global Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"aurora\",\n engineVersion: \"5.6.mysql_aurora.1.22.2\",\n databaseName: \"example_db\",\n});\nconst primaryCluster = new aws.rds.Cluster(\"primaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n databaseName: \"example_db\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst secondaryCluster = new aws.rds.Cluster(\"secondaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n});\nconst secondaryClusterInstance = new aws.rds.ClusterInstance(\"secondaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryClusterInstance],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"aurora\",\n engine_version=\"5.6.mysql_aurora.1.22.2\",\n database_name=\"example_db\")\nprimary_cluster = aws.rds.Cluster(\"primaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n database_name=\"example_db\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nsecondary_cluster = aws.rds.Cluster(\"secondaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"]))\nsecondary_cluster_instance = aws.rds.ClusterInstance(\"secondaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster_instance]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Rds.GlobalCluster(\"example\", new Aws.Rds.GlobalClusterArgs\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"aurora\",\n EngineVersion = \"5.6.mysql_aurora.1.22.2\",\n DatabaseName = \"example_db\",\n });\n var primaryCluster = new Aws.Rds.Cluster(\"primaryCluster\", new Aws.Rds.ClusterArgs\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n DatabaseName = \"example_db\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primaryClusterInstance\", new Aws.Rds.ClusterInstanceArgs\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n var secondaryCluster = new Aws.Rds.Cluster(\"secondaryCluster\", new Aws.Rds.ClusterArgs\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n });\n var secondaryClusterInstance = new Aws.Rds.ClusterInstance(\"secondaryClusterInstance\", new Aws.Rds.ClusterInstanceArgs\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = \n {\n primaryClusterInstance,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", &rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"aurora\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.mysql_aurora.1.22.2\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := rds.NewCluster(ctx, \"primaryCluster\", &rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryClusterInstance, err := rds.NewClusterInstance(ctx, \"primaryClusterInstance\", &rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryCluster, err := rds.NewCluster(ctx, \"secondaryCluster\", &rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"secondaryClusterInstance\", &rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryClusterInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### New PostgreSQL Global Cluster\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.Provider(\"primary\", {region: \"us-east-2\"});\nconst secondary = new aws.Provider(\"secondary\", {region: \"us-east-1\"});\nconst example = new aws.rds.GlobalCluster(\"example\", {\n globalClusterIdentifier: \"global-test\",\n engine: \"aurora-postgresql\",\n engineVersion: \"11.9\",\n databaseName: \"example_db\",\n});\nconst primaryCluster = new aws.rds.Cluster(\"primaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-primary-cluster\",\n masterUsername: \"username\",\n masterPassword: \"somepass123\",\n databaseName: \"example_db\",\n globalClusterIdentifier: example.id,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst primaryClusterInstance = new aws.rds.ClusterInstance(\"primaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-primary-cluster-instance\",\n clusterIdentifier: primaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.primary,\n});\nconst secondaryCluster = new aws.rds.Cluster(\"secondaryCluster\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n clusterIdentifier: \"test-secondary-cluster\",\n globalClusterIdentifier: example.id,\n skipFinalSnapshot: true,\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n dependsOn: [primaryClusterInstance],\n});\nconst secondaryClusterInstance = new aws.rds.ClusterInstance(\"secondaryClusterInstance\", {\n engine: example.engine,\n engineVersion: example.engineVersion,\n identifier: \"test-secondary-cluster-instance\",\n clusterIdentifier: secondaryCluster.id,\n instanceClass: \"db.r4.large\",\n dbSubnetGroupName: \"default\",\n}, {\n provider: aws.secondary,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\nprimary = pulumi.providers.Aws(\"primary\", region=\"us-east-2\")\nsecondary = pulumi.providers.Aws(\"secondary\", region=\"us-east-1\")\nexample = aws.rds.GlobalCluster(\"example\",\n global_cluster_identifier=\"global-test\",\n engine=\"aurora-postgresql\",\n engine_version=\"11.9\",\n database_name=\"example_db\")\nprimary_cluster = aws.rds.Cluster(\"primaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-primary-cluster\",\n master_username=\"username\",\n master_password=\"somepass123\",\n database_name=\"example_db\",\n global_cluster_identifier=example.id,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nprimary_cluster_instance = aws.rds.ClusterInstance(\"primaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-primary-cluster-instance\",\n cluster_identifier=primary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"primary\"]))\nsecondary_cluster = aws.rds.Cluster(\"secondaryCluster\",\n engine=example.engine,\n engine_version=example.engine_version,\n cluster_identifier=\"test-secondary-cluster\",\n global_cluster_identifier=example.id,\n skip_final_snapshot=True,\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"],\n depends_on=[primary_cluster_instance]))\nsecondary_cluster_instance = aws.rds.ClusterInstance(\"secondaryClusterInstance\",\n engine=example.engine,\n engine_version=example.engine_version,\n identifier=\"test-secondary-cluster-instance\",\n cluster_identifier=secondary_cluster.id,\n instance_class=\"db.r4.large\",\n db_subnet_group_name=\"default\",\n opts=pulumi.ResourceOptions(provider=aws[\"secondary\"]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var primary = new Aws.Provider(\"primary\", new Aws.ProviderArgs\n {\n Region = \"us-east-2\",\n });\n var secondary = new Aws.Provider(\"secondary\", new Aws.ProviderArgs\n {\n Region = \"us-east-1\",\n });\n var example = new Aws.Rds.GlobalCluster(\"example\", new Aws.Rds.GlobalClusterArgs\n {\n GlobalClusterIdentifier = \"global-test\",\n Engine = \"aurora-postgresql\",\n EngineVersion = \"11.9\",\n DatabaseName = \"example_db\",\n });\n var primaryCluster = new Aws.Rds.Cluster(\"primaryCluster\", new Aws.Rds.ClusterArgs\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-primary-cluster\",\n MasterUsername = \"username\",\n MasterPassword = \"somepass123\",\n DatabaseName = \"example_db\",\n GlobalClusterIdentifier = example.Id,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n var primaryClusterInstance = new Aws.Rds.ClusterInstance(\"primaryClusterInstance\", new Aws.Rds.ClusterInstanceArgs\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-primary-cluster-instance\",\n ClusterIdentifier = primaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Primary,\n });\n var secondaryCluster = new Aws.Rds.Cluster(\"secondaryCluster\", new Aws.Rds.ClusterArgs\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n ClusterIdentifier = \"test-secondary-cluster\",\n GlobalClusterIdentifier = example.Id,\n SkipFinalSnapshot = true,\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n DependsOn = \n {\n primaryClusterInstance,\n },\n });\n var secondaryClusterInstance = new Aws.Rds.ClusterInstance(\"secondaryClusterInstance\", new Aws.Rds.ClusterInstanceArgs\n {\n Engine = example.Engine,\n EngineVersion = example.EngineVersion,\n Identifier = \"test-secondary-cluster-instance\",\n ClusterIdentifier = secondaryCluster.Id,\n InstanceClass = \"db.r4.large\",\n DbSubnetGroupName = \"default\",\n }, new CustomResourceOptions\n {\n Provider = aws.Secondary,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"primary\", &providers.awsArgs{\n\t\t\tRegion: \"us-east-2\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = providers.Newaws(ctx, \"secondary\", &providers.awsArgs{\n\t\t\tRegion: \"us-east-1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := rds.NewGlobalCluster(ctx, \"example\", &rds.GlobalClusterArgs{\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"global-test\"),\n\t\t\tEngine: pulumi.String(\"aurora-postgresql\"),\n\t\t\tEngineVersion: pulumi.String(\"11.9\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryCluster, err := rds.NewCluster(ctx, \"primaryCluster\", &rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-primary-cluster\"),\n\t\t\tMasterUsername: pulumi.String(\"username\"),\n\t\t\tMasterPassword: pulumi.String(\"somepass123\"),\n\t\t\tDatabaseName: pulumi.String(\"example_db\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tprimaryClusterInstance, err := rds.NewClusterInstance(ctx, \"primaryClusterInstance\", &rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-primary-cluster-instance\"),\n\t\t\tClusterIdentifier: primaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Primary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryCluster, err := rds.NewCluster(ctx, \"secondaryCluster\", &rds.ClusterArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tClusterIdentifier: pulumi.String(\"test-secondary-cluster\"),\n\t\t\tGlobalClusterIdentifier: example.ID(),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary), pulumi.DependsOn([]pulumi.Resource{\n\t\t\tprimaryClusterInstance,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"secondaryClusterInstance\", &rds.ClusterInstanceArgs{\n\t\t\tEngine: example.Engine,\n\t\t\tEngineVersion: example.EngineVersion,\n\t\t\tIdentifier: pulumi.String(\"test-secondary-cluster-instance\"),\n\t\t\tClusterIdentifier: secondaryCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.r4.large\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"default\"),\n\t\t}, pulumi.Provider(aws.Secondary))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### New Global Cluster From Existing DB Cluster\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst exampleCluster = new aws.rds.Cluster(\"exampleCluster\", {});\nconst exampleGlobalCluster = new aws.rds.GlobalCluster(\"exampleGlobalCluster\", {\n forceDestroy: true,\n globalClusterIdentifier: \"example\",\n sourceDbClusterIdentifier: exampleCluster.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample_cluster = aws.rds.Cluster(\"exampleCluster\")\nexample_global_cluster = aws.rds.GlobalCluster(\"exampleGlobalCluster\",\n force_destroy=True,\n global_cluster_identifier=\"example\",\n source_db_cluster_identifier=example_cluster.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configuration ...\n var exampleCluster = new Aws.Rds.Cluster(\"exampleCluster\", new Aws.Rds.ClusterArgs\n {\n });\n var exampleGlobalCluster = new Aws.Rds.GlobalCluster(\"exampleGlobalCluster\", new Aws.Rds.GlobalClusterArgs\n {\n ForceDestroy = true,\n GlobalClusterIdentifier = \"example\",\n SourceDbClusterIdentifier = exampleCluster.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleCluster, err := rds.NewCluster(ctx, \"exampleCluster\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewGlobalCluster(ctx, \"exampleGlobalCluster\", &rds.GlobalClusterArgs{\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tGlobalClusterIdentifier: pulumi.String(\"example\"),\n\t\t\tSourceDbClusterIdentifier: exampleCluster.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_rds_global_cluster` can be imported by using the RDS Global Cluster identifier, e.g.\n\n```sh\n $ pulumi import aws:rds/globalCluster:GlobalCluster example example\n```\n\n Certain resource arguments, like `source_db_cluster_identifier`, do not have an API method for reading the information after creation. If the argument is set in the provider configuration on an imported resource, the provider will always show a difference. To workaround this behavior, either omit the argument from the the provider configuration or use `ignore_changes` to hide the difference, e.g. terraform resource \"aws_rds_global_cluster\" \"example\" {\n\n # ... other configuration ...\n\n # There is no API for reading source_db_cluster_identifier\n\n lifecycle {\n\n\n\n ignore_changes = [source_db_cluster_identifier]\n\n } } ", + "properties": { + "arn": { + "type": "string", + "description": "RDS Global Cluster Amazon Resource Name (ARN)\n" + }, + "databaseName": { + "type": "string", + "description": "Name for an automatically created database on cluster creation.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "If the Global Cluster should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" + }, + "engine": { + "type": "string", + "description": "Name of the database engine to be used for this DB cluster. The provider will only perform drift detection if a configuration value is provided. Valid values: `aurora`, `aurora-mysql`, `aurora-postgresql`. Defaults to `aurora`. Conflicts with `source_db_cluster_identifier`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Engine version of the Aurora global database.\n* **NOTE:** When the engine is set to `aurora-mysql`, an engine version compatible with global database is required. The earliest available version is `5.7.mysql_aurora.2.06.0`.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Enable to remove DB Cluster members from Global Cluster on destroy. Required with `source_db_cluster_identifier`.\n" + }, + "globalClusterIdentifier": { + "type": "string", + "description": "The global cluster identifier.\n" + }, + "globalClusterMembers": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/GlobalClusterGlobalClusterMember:GlobalClusterGlobalClusterMember" + }, + "description": "Set of objects containing Global Cluster members.\n" + }, + "globalClusterResourceId": { + "type": "string", + "description": "AWS Region-unique, immutable identifier for the global database cluster. This identifier is found in AWS CloudTrail log entries whenever the AWS KMS key for the DB cluster is accessed\n" + }, + "sourceDbClusterIdentifier": { + "type": "string", + "description": "Amazon Resource Name (ARN) to use as the primary DB Cluster of the Global Cluster on creation. The provider cannot perform drift detection of this value.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted. The default is `false` unless `source_db_cluster_identifier` is specified and encrypted. The provider will only perform drift detection if a configuration value is provided.\n" + } + }, + "required": [ + "arn", + "engine", + "engineVersion", + "globalClusterIdentifier", + "globalClusterMembers", + "globalClusterResourceId", + "sourceDbClusterIdentifier", + "storageEncrypted" + ], + "inputProperties": { + "databaseName": { + "type": "string", + "description": "Name for an automatically created database on cluster creation.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "If the Global Cluster should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" + }, + "engine": { + "type": "string", + "description": "Name of the database engine to be used for this DB cluster. The provider will only perform drift detection if a configuration value is provided. Valid values: `aurora`, `aurora-mysql`, `aurora-postgresql`. Defaults to `aurora`. Conflicts with `source_db_cluster_identifier`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Engine version of the Aurora global database.\n* **NOTE:** When the engine is set to `aurora-mysql`, an engine version compatible with global database is required. The earliest available version is `5.7.mysql_aurora.2.06.0`.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Enable to remove DB Cluster members from Global Cluster on destroy. Required with `source_db_cluster_identifier`.\n" + }, + "globalClusterIdentifier": { + "type": "string", + "description": "The global cluster identifier.\n" + }, + "sourceDbClusterIdentifier": { + "type": "string", + "description": "Amazon Resource Name (ARN) to use as the primary DB Cluster of the Global Cluster on creation. The provider cannot perform drift detection of this value.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted. The default is `false` unless `source_db_cluster_identifier` is specified and encrypted. The provider will only perform drift detection if a configuration value is provided.\n" + } + }, + "requiredInputs": [ + "globalClusterIdentifier" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering GlobalCluster resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "RDS Global Cluster Amazon Resource Name (ARN)\n" + }, + "databaseName": { + "type": "string", + "description": "Name for an automatically created database on cluster creation.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "If the Global Cluster should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" + }, + "engine": { + "type": "string", + "description": "Name of the database engine to be used for this DB cluster. The provider will only perform drift detection if a configuration value is provided. Valid values: `aurora`, `aurora-mysql`, `aurora-postgresql`. Defaults to `aurora`. Conflicts with `source_db_cluster_identifier`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Engine version of the Aurora global database.\n* **NOTE:** When the engine is set to `aurora-mysql`, an engine version compatible with global database is required. The earliest available version is `5.7.mysql_aurora.2.06.0`.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Enable to remove DB Cluster members from Global Cluster on destroy. Required with `source_db_cluster_identifier`.\n" + }, + "globalClusterIdentifier": { + "type": "string", + "description": "The global cluster identifier.\n" + }, + "globalClusterMembers": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/GlobalClusterGlobalClusterMember:GlobalClusterGlobalClusterMember" + }, + "description": "Set of objects containing Global Cluster members.\n" + }, + "globalClusterResourceId": { + "type": "string", + "description": "AWS Region-unique, immutable identifier for the global database cluster. This identifier is found in AWS CloudTrail log entries whenever the AWS KMS key for the DB cluster is accessed\n" + }, + "sourceDbClusterIdentifier": { + "type": "string", + "description": "Amazon Resource Name (ARN) to use as the primary DB Cluster of the Global Cluster on creation. The provider cannot perform drift detection of this value.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster is encrypted. The default is `false` unless `source_db_cluster_identifier` is specified and encrypted. The provider will only perform drift detection if a configuration value is provided.\n" + } + }, + "type": "object" + } + }, + "aws:rds/instance:Instance": { + "description": "Provides an RDS instance resource. A DB instance is an isolated database\nenvironment in the cloud. A DB instance can contain multiple user-created\ndatabases.\n\nChanges to a DB instance can occur when you manually change a parameter, such as\n`allocated_storage`, and are reflected in the next maintenance window. Because\nof this, this provider may report a difference in its planning phase because a\nmodification has not yet taken place. You can use the `apply_immediately` flag\nto instruct the service to apply the change immediately (see documentation\nbelow).\n\nWhen upgrading the major version of an engine, `allow_major_version_upgrade`\nmust be set to `true`.\n\n> **Note:** using `apply_immediately` can result in a brief downtime as the\nserver reboots. See the AWS Docs on [RDS Maintenance][2] for more information.\n\n## RDS Instance Class Types\n\nAmazon RDS supports three types of instance classes: Standard, Memory Optimized,\nand Burstable Performance. For more information please read the AWS RDS documentation\nabout [DB Instance Class Types](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultInstance = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.7\",\n instanceClass: \"db.t3.micro\",\n name: \"mydb\",\n parameterGroupName: \"default.mysql5.7\",\n password: \"foobarbaz\",\n skipFinalSnapshot: true,\n username: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.7\",\n instance_class=\"db.t3.micro\",\n name=\"mydb\",\n parameter_group_name=\"default.mysql5.7\",\n password=\"foobarbaz\",\n skip_final_snapshot=True,\n username=\"foo\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Rds.Instance(\"default\", new Aws.Rds.InstanceArgs\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.7\",\n InstanceClass = \"db.t3.micro\",\n Name = \"mydb\",\n ParameterGroupName = \"default.mysql5.7\",\n Password = \"foobarbaz\",\n SkipFinalSnapshot = true,\n Username = \"foo\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"_default\", &rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t3.micro\"),\n\t\t\tName: pulumi.String(\"mydb\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t\tPassword: pulumi.String(\"foobarbaz\"),\n\t\t\tSkipFinalSnapshot: pulumi.Bool(true),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Storage Autoscaling\n\nTo enable Storage Autoscaling with instances that support the feature, define the `max_allocated_storage` argument higher than the `allocated_storage` argument. This provider will automatically hide differences with the `allocated_storage` argument value if autoscaling occurs.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Instance(\"example\", {\n allocatedStorage: 50,\n maxAllocatedStorage: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Instance(\"example\",\n allocated_storage=50,\n max_allocated_storage=100)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Rds.Instance(\"example\", new Aws.Rds.InstanceArgs\n {\n AllocatedStorage = 50,\n MaxAllocatedStorage = 100,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"example\", &rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(50),\n\t\t\tMaxAllocatedStorage: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDB Instances can be imported using the `identifier`, e.g.\n\n```sh\n $ pulumi import aws:rds/instance:Instance default mydb-rds-instance\n```\n\n ", + "properties": { + "address": { + "type": "string", + "description": "The hostname of the RDS instance. See also `endpoint` and `port`.\n" + }, + "allocatedStorage": { + "type": "integer", + "description": "The allocated storage in gibibytes. If `max_allocated_storage` is configured, this argument represents the initial storage allocation and differences from the configuration will be ignored automatically when Storage Autoscaling occurs. If `replicate_source_db` is set, the value is ignored during the creation of the instance.\n" + }, + "allowMajorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that major version\nupgrades are allowed. Changing this parameter does not result in an outage and\nthe change is asynchronously applied as soon as possible.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is\n`false`. See [Amazon RDS Documentation for more\ninformation.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html)\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the RDS instance.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades\nwill be applied automatically to the DB instance during the maintenance window.\nDefaults to true.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ for the RDS instance.\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Must be\nbetween `0` and `35`. Must be greater than `0` if the database is used as a source for a Read Replica. [See Read Replica][1].\n" + }, + "backupWindow": { + "type": "string", + "description": "The daily time range (in UTC) during which\nautomated backups are created if they are enabled. Example: \"09:46-10:16\". Must\nnot overlap with `maintenance_window`.\n" + }, + "caCertIdentifier": { + "type": "string", + "description": "The identifier of the CA certificate for the DB instance.\n" + }, + "characterSetName": { + "type": "string", + "description": "The character set name to use for DB\nencoding in Oracle and Microsoft SQL instances (collation). This can't be changed. See [Oracle Character Sets\nSupported in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html)\nor [Server-Level Collation for Microsoft SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.SQLServer.CommonDBATasks.Collation.html) for more information.\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "Copy all Instance `tags` to snapshots. Default is `false`.\n" + }, + "customerOwnedIpEnabled": { + "type": "boolean", + "description": "Indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance. See [CoIP for RDS on Outposts](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html#rds-on-outposts.coip) for more information.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "Name of `DB subnet group`. DB instance will\nbe created in the VPC associated with the DB subnet group. If unspecified, will\nbe created in the `default` VPC, or in EC2 Classic, if available. When working\nwith read replicas, it should be specified only if the source database\nspecifies an instance in another AWS Region. See [DBSubnetGroupName in API\naction CreateDBInstanceReadReplica](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstanceReadReplica.html)\nfor additional read replica contraints.\n" + }, + "deleteAutomatedBackups": { + "type": "boolean", + "description": "Specifies whether to remove automated backups immediately after the DB instance is deleted. Default is `true`.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" + }, + "domain": { + "type": "string", + "description": "The ID of the Directory Service Active Directory domain to create the instance in.\n" + }, + "domainIamRoleName": { + "type": "string", + "description": "The name of the IAM role to be used when making API calls to the Directory Service.\n" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on `engine`). MySQL and MariaDB: `audit`, `error`, `general`, `slowquery`. PostgreSQL: `postgresql`, `upgrade`. MSSQL: `agent` , `error`. Oracle: `alert`, `audit`, `listener`, `trace`.\n" + }, + "endpoint": { + "type": "string", + "description": "The connection endpoint in `address:port` format.\n" + }, + "engine": { + "type": "string", + "description": "(Required unless a `snapshot_identifier` or `replicate_source_db`\nis provided) The database engine to use. For supported values, see the Engine parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html).\nNote that for Amazon Aurora instances the engine must match the `DB cluster`'s engine'.\nFor information on the difference between the available Aurora MySQL engines\nsee [Comparison between Aurora MySQL 1 and Aurora MySQL 2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Updates.20180206.html)\nin the Amazon RDS User Guide.\n" + }, + "engineVersion": { + "type": "string", + "description": "The engine version to use. If `auto_minor_version_upgrade`\nis enabled, you can provide a prefix of the version such as `5.7` (for `5.7.10`) and\nthis attribute will ignore differences in the patch version automatically (e.g. `5.7.17`).\nFor supported values, see the EngineVersion parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html).\nNote that for Amazon Aurora instances the engine version must match the `DB cluster`'s engine version'.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final DB snapshot\nwhen this DB instance is deleted. Must be provided if `skip_final_snapshot` is\nset to `false`. The value must begin with a letter, only contain alphanumeric characters and hyphens, and not end with a hyphen or contain two consecutive hyphens. Must not be provided when deleting a read replica.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the DB instance (to be used\nin a Route 53 Alias record).\n" + }, + "iamDatabaseAuthenticationEnabled": { + "type": "boolean", + "description": "Specifies whether or\nmappings of AWS Identity and Access Management (IAM) accounts to database\naccounts is enabled.\n" + }, + "identifier": { + "type": "string", + "description": "The name of the RDS instance,\nif omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique\nidentifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "description": "The instance type of the RDS instance.\n" + }, + "iops": { + "type": "integer", + "description": "The amount of provisioned IOPS. Setting this implies a\nstorage_type of \"io1\".\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. If creating an\nencrypted replica, set this to the destination KMS ARN.\n" + }, + "latestRestorableTime": { + "type": "string", + "description": "The latest time, in UTC [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), to which a database can be restored with point-in-time restore.\n" + }, + "licenseModel": { + "type": "string", + "description": "(Optional, but required for some DB engines, i.e. Oracle\nSE1) License model information for this DB instance.\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\". See [RDS\nMaintenance Window\ndocs](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow)\nfor more information.\n" + }, + "maxAllocatedStorage": { + "type": "integer", + "description": "When configured, the upper limit to which Amazon RDS can automatically scale the storage of the DB instance. Configuring this will automatically ignore differences to `allocated_storage`. Must be greater than or equal to `allocated_storage` or `0` to disable Storage Autoscaling.\n" + }, + "monitoringInterval": { + "type": "integer", + "description": "The interval, in seconds, between points\nwhen Enhanced Monitoring metrics are collected for the DB instance. To disable\ncollecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid\nValues: 0, 1, 5, 10, 15, 30, 60.\n" + }, + "monitoringRoleArn": { + "type": "string", + "description": "The ARN for the IAM role that permits RDS\nto send enhanced monitoring metrics to CloudWatch Logs. You can find more\ninformation on the [AWS\nDocumentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html)\nwhat IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.\n" + }, + "multiAz": { + "type": "boolean", + "description": "Specifies if the RDS instance is multi-AZ\n" + }, + "name": { + "type": "string", + "description": "The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Note that this does not apply for Oracle or SQL Server engines. See the [AWS documentation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/create-db-instance.html) for more details on what applies for those engines. If you are providing an Oracle db name, it needs to be in all upper case.\n" + }, + "ncharCharacterSetName": { + "type": "string", + "description": "The national character set is used in the NCHAR, NVARCHAR2, and NCLOB data types for Oracle instances. This can't be changed. See [Oracle Character Sets\nSupported in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html).\n" + }, + "optionGroupName": { + "type": "string", + "description": "Name of the DB option group to associate.\n" + }, + "parameterGroupName": { + "type": "string", + "description": "Name of the DB parameter group to\nassociate.\n" + }, + "password": { + "type": "string", + "description": "(Required unless a `snapshot_identifier` or `replicate_source_db`\nis provided) Password for the master DB user. Note that this may show up in\nlogs, and it will be stored in the state file.\n" + }, + "performanceInsightsEnabled": { + "type": "boolean", + "description": "Specifies whether Performance Insights are enabled. Defaults to false.\n" + }, + "performanceInsightsKmsKeyId": { + "type": "string", + "description": "The ARN for the KMS key to encrypt Performance Insights data. When specifying `performance_insights_kms_key_id`, `performance_insights_enabled` needs to be set to true. Once KMS key is set, it can never be changed.\n" + }, + "performanceInsightsRetentionPeriod": { + "type": "integer", + "description": "The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). When specifying `performance_insights_retention_period`, `performance_insights_enabled` needs to be set to true. Defaults to '7'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Bool to control if instance is publicly\naccessible. Default is `false`.\n" + }, + "replicas": { + "type": "array", + "items": { + "type": "string" + } + }, + "replicateSourceDb": { + "type": "string", + "description": "Specifies that this resource is a Replicate\ndatabase, and to use this value as the source database. This correlates to the\n`identifier` of another Amazon RDS Database to replicate (if replicating within\na single region) or ARN of the Amazon RDS Database to replicate (if replicating\ncross-region). Note that if you are\ncreating a cross-region replica of an encrypted database you will also need to\nspecify a `kms_key_id`. See [DB Instance Replication][1] and [Working with\nPostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html)\nfor more information on using Replication.\n" + }, + "resourceId": { + "type": "string", + "description": "The RDS Resource ID of this instance.\n" + }, + "restoreToPointInTime": { + "$ref": "#/types/aws:rds/InstanceRestoreToPointInTime:InstanceRestoreToPointInTime", + "description": "A configuration block for restoring a DB instance to an arbitrary point in time. Requires the `identifier` argument to be set with the name of the new DB instance to be created. See Restore To Point In Time below for details.\n" + }, + "s3Import": { + "$ref": "#/types/aws:rds/InstanceS3Import:InstanceS3Import", + "description": "Restore from a Percona Xtrabackup in S3. See [Importing Data into an Amazon RDS MySQL DB Instance](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html)\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB Security Groups to\nassociate. Only used for [DB Instances on the _EC2-Classic_\nPlatform](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html#USER_VPC.FindDefaultVPC).\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final DB snapshot is\ncreated before the DB instance is deleted. If true is specified, no DBSnapshot\nis created. If false is specified, a DB snapshot is created before the DB\ninstance is deleted, using the value from `final_snapshot_identifier`. Default\nis `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this\ndatabase from a snapshot. This correlates to the snapshot ID you'd find in the\nRDS console, e.g: rds:production-2015-06-26-06-05.\n" + }, + "status": { + "type": "string", + "description": "The RDS instance status.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB instance is\nencrypted. Note that if you are creating a cross-region read replica this field\nis ignored and you should instead declare `kms_key_id` with a valid ARN. The\ndefault is `false` if not specified.\n" + }, + "storageType": { + "type": "string", + "description": "One of \"standard\" (magnetic), \"gp2\" (general\npurpose SSD), or \"io1\" (provisioned IOPS SSD). The default is \"io1\" if `iops` is\nspecified, \"gp2\" if not.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timezone": { + "type": "string", + "description": "Time zone of the DB instance. `timezone` is currently\nonly supported by Microsoft SQL Server. The `timezone` can only be set on\ncreation. See [MSSQL User\nGuide](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone)\nfor more information.\n" + }, + "username": { + "type": "string", + "description": "(Required unless a `snapshot_identifier` or `replicate_source_db`\nis provided) Username for the master DB user.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to\nassociate.\n" + } + }, + "required": [ + "address", + "allocatedStorage", + "applyImmediately", + "arn", + "availabilityZone", + "backupRetentionPeriod", + "backupWindow", + "caCertIdentifier", + "characterSetName", + "dbSubnetGroupName", + "endpoint", + "engine", + "engineVersion", + "hostedZoneId", + "identifier", + "identifierPrefix", + "instanceClass", + "kmsKeyId", + "latestRestorableTime", + "licenseModel", + "maintenanceWindow", + "monitoringRoleArn", + "multiAz", + "name", + "ncharCharacterSetName", + "optionGroupName", + "parameterGroupName", + "performanceInsightsKmsKeyId", + "performanceInsightsRetentionPeriod", + "port", + "replicas", + "resourceId", + "snapshotIdentifier", + "status", + "storageType", + "tagsAll", + "timezone", + "username", + "vpcSecurityGroupIds" + ], + "inputProperties": { + "allocatedStorage": { + "type": "integer", + "description": "The allocated storage in gibibytes. If `max_allocated_storage` is configured, this argument represents the initial storage allocation and differences from the configuration will be ignored automatically when Storage Autoscaling occurs. If `replicate_source_db` is set, the value is ignored during the creation of the instance.\n" + }, + "allowMajorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that major version\nupgrades are allowed. Changing this parameter does not result in an outage and\nthe change is asynchronously applied as soon as possible.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is\n`false`. See [Amazon RDS Documentation for more\ninformation.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html)\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades\nwill be applied automatically to the DB instance during the maintenance window.\nDefaults to true.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ for the RDS instance.\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Must be\nbetween `0` and `35`. Must be greater than `0` if the database is used as a source for a Read Replica. [See Read Replica][1].\n" + }, + "backupWindow": { + "type": "string", + "description": "The daily time range (in UTC) during which\nautomated backups are created if they are enabled. Example: \"09:46-10:16\". Must\nnot overlap with `maintenance_window`.\n" + }, + "caCertIdentifier": { + "type": "string", + "description": "The identifier of the CA certificate for the DB instance.\n" + }, + "characterSetName": { + "type": "string", + "description": "The character set name to use for DB\nencoding in Oracle and Microsoft SQL instances (collation). This can't be changed. See [Oracle Character Sets\nSupported in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html)\nor [Server-Level Collation for Microsoft SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.SQLServer.CommonDBATasks.Collation.html) for more information.\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "Copy all Instance `tags` to snapshots. Default is `false`.\n" + }, + "customerOwnedIpEnabled": { + "type": "boolean", + "description": "Indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance. See [CoIP for RDS on Outposts](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html#rds-on-outposts.coip) for more information.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "Name of `DB subnet group`. DB instance will\nbe created in the VPC associated with the DB subnet group. If unspecified, will\nbe created in the `default` VPC, or in EC2 Classic, if available. When working\nwith read replicas, it should be specified only if the source database\nspecifies an instance in another AWS Region. See [DBSubnetGroupName in API\naction CreateDBInstanceReadReplica](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstanceReadReplica.html)\nfor additional read replica contraints.\n" + }, + "deleteAutomatedBackups": { + "type": "boolean", + "description": "Specifies whether to remove automated backups immediately after the DB instance is deleted. Default is `true`.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" + }, + "domain": { + "type": "string", + "description": "The ID of the Directory Service Active Directory domain to create the instance in.\n" + }, + "domainIamRoleName": { + "type": "string", + "description": "The name of the IAM role to be used when making API calls to the Directory Service.\n" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on `engine`). MySQL and MariaDB: `audit`, `error`, `general`, `slowquery`. PostgreSQL: `postgresql`, `upgrade`. MSSQL: `agent` , `error`. Oracle: `alert`, `audit`, `listener`, `trace`.\n" + }, + "engine": { + "type": "string", + "description": "(Required unless a `snapshot_identifier` or `replicate_source_db`\nis provided) The database engine to use. For supported values, see the Engine parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html).\nNote that for Amazon Aurora instances the engine must match the `DB cluster`'s engine'.\nFor information on the difference between the available Aurora MySQL engines\nsee [Comparison between Aurora MySQL 1 and Aurora MySQL 2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Updates.20180206.html)\nin the Amazon RDS User Guide.\n" + }, + "engineVersion": { + "type": "string", + "description": "The engine version to use. If `auto_minor_version_upgrade`\nis enabled, you can provide a prefix of the version such as `5.7` (for `5.7.10`) and\nthis attribute will ignore differences in the patch version automatically (e.g. `5.7.17`).\nFor supported values, see the EngineVersion parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html).\nNote that for Amazon Aurora instances the engine version must match the `DB cluster`'s engine version'.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final DB snapshot\nwhen this DB instance is deleted. Must be provided if `skip_final_snapshot` is\nset to `false`. The value must begin with a letter, only contain alphanumeric characters and hyphens, and not end with a hyphen or contain two consecutive hyphens. Must not be provided when deleting a read replica.\n" + }, + "iamDatabaseAuthenticationEnabled": { + "type": "boolean", + "description": "Specifies whether or\nmappings of AWS Identity and Access Management (IAM) accounts to database\naccounts is enabled.\n" + }, + "identifier": { + "type": "string", + "description": "The name of the RDS instance,\nif omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique\nidentifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:rds/InstanceType:InstanceType" + } + ], + "description": "The instance type of the RDS instance.\n" + }, + "iops": { + "type": "integer", + "description": "The amount of provisioned IOPS. Setting this implies a\nstorage_type of \"io1\".\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. If creating an\nencrypted replica, set this to the destination KMS ARN.\n" + }, + "licenseModel": { + "type": "string", + "description": "(Optional, but required for some DB engines, i.e. Oracle\nSE1) License model information for this DB instance.\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\". See [RDS\nMaintenance Window\ndocs](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow)\nfor more information.\n" + }, + "maxAllocatedStorage": { + "type": "integer", + "description": "When configured, the upper limit to which Amazon RDS can automatically scale the storage of the DB instance. Configuring this will automatically ignore differences to `allocated_storage`. Must be greater than or equal to `allocated_storage` or `0` to disable Storage Autoscaling.\n" + }, + "monitoringInterval": { + "type": "integer", + "description": "The interval, in seconds, between points\nwhen Enhanced Monitoring metrics are collected for the DB instance. To disable\ncollecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid\nValues: 0, 1, 5, 10, 15, 30, 60.\n" + }, + "monitoringRoleArn": { + "type": "string", + "description": "The ARN for the IAM role that permits RDS\nto send enhanced monitoring metrics to CloudWatch Logs. You can find more\ninformation on the [AWS\nDocumentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html)\nwhat IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.\n" + }, + "multiAz": { + "type": "boolean", + "description": "Specifies if the RDS instance is multi-AZ\n" + }, + "name": { + "type": "string", + "description": "The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Note that this does not apply for Oracle or SQL Server engines. See the [AWS documentation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/create-db-instance.html) for more details on what applies for those engines. If you are providing an Oracle db name, it needs to be in all upper case.\n" + }, + "ncharCharacterSetName": { + "type": "string", + "description": "The national character set is used in the NCHAR, NVARCHAR2, and NCLOB data types for Oracle instances. This can't be changed. See [Oracle Character Sets\nSupported in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html).\n" + }, + "optionGroupName": { + "type": "string", + "description": "Name of the DB option group to associate.\n" + }, + "parameterGroupName": { + "type": "string", + "description": "Name of the DB parameter group to\nassociate.\n" + }, + "password": { + "type": "string", + "description": "(Required unless a `snapshot_identifier` or `replicate_source_db`\nis provided) Password for the master DB user. Note that this may show up in\nlogs, and it will be stored in the state file.\n" + }, + "performanceInsightsEnabled": { + "type": "boolean", + "description": "Specifies whether Performance Insights are enabled. Defaults to false.\n" + }, + "performanceInsightsKmsKeyId": { + "type": "string", + "description": "The ARN for the KMS key to encrypt Performance Insights data. When specifying `performance_insights_kms_key_id`, `performance_insights_enabled` needs to be set to true. Once KMS key is set, it can never be changed.\n" + }, + "performanceInsightsRetentionPeriod": { + "type": "integer", + "description": "The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). When specifying `performance_insights_retention_period`, `performance_insights_enabled` needs to be set to true. Defaults to '7'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Bool to control if instance is publicly\naccessible. Default is `false`.\n" + }, + "replicateSourceDb": { + "type": "string", + "description": "Specifies that this resource is a Replicate\ndatabase, and to use this value as the source database. This correlates to the\n`identifier` of another Amazon RDS Database to replicate (if replicating within\na single region) or ARN of the Amazon RDS Database to replicate (if replicating\ncross-region). Note that if you are\ncreating a cross-region replica of an encrypted database you will also need to\nspecify a `kms_key_id`. See [DB Instance Replication][1] and [Working with\nPostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html)\nfor more information on using Replication.\n" + }, + "restoreToPointInTime": { + "$ref": "#/types/aws:rds/InstanceRestoreToPointInTime:InstanceRestoreToPointInTime", + "description": "A configuration block for restoring a DB instance to an arbitrary point in time. Requires the `identifier` argument to be set with the name of the new DB instance to be created. See Restore To Point In Time below for details.\n" + }, + "s3Import": { + "$ref": "#/types/aws:rds/InstanceS3Import:InstanceS3Import", + "description": "Restore from a Percona Xtrabackup in S3. See [Importing Data into an Amazon RDS MySQL DB Instance](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html)\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB Security Groups to\nassociate. Only used for [DB Instances on the _EC2-Classic_\nPlatform](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html#USER_VPC.FindDefaultVPC).\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final DB snapshot is\ncreated before the DB instance is deleted. If true is specified, no DBSnapshot\nis created. If false is specified, a DB snapshot is created before the DB\ninstance is deleted, using the value from `final_snapshot_identifier`. Default\nis `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this\ndatabase from a snapshot. This correlates to the snapshot ID you'd find in the\nRDS console, e.g: rds:production-2015-06-26-06-05.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB instance is\nencrypted. Note that if you are creating a cross-region read replica this field\nis ignored and you should instead declare `kms_key_id` with a valid ARN. The\ndefault is `false` if not specified.\n" + }, + "storageType": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:rds/StorageType:StorageType" + } + ], + "description": "One of \"standard\" (magnetic), \"gp2\" (general\npurpose SSD), or \"io1\" (provisioned IOPS SSD). The default is \"io1\" if `iops` is\nspecified, \"gp2\" if not.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timezone": { + "type": "string", + "description": "Time zone of the DB instance. `timezone` is currently\nonly supported by Microsoft SQL Server. The `timezone` can only be set on\ncreation. See [MSSQL User\nGuide](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone)\nfor more information.\n" + }, + "username": { + "type": "string", + "description": "(Required unless a `snapshot_identifier` or `replicate_source_db`\nis provided) Username for the master DB user.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to\nassociate.\n" + } + }, + "requiredInputs": [ + "instanceClass" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Instance resources.\n", + "properties": { + "address": { + "type": "string", + "description": "The hostname of the RDS instance. See also `endpoint` and `port`.\n" + }, + "allocatedStorage": { + "type": "integer", + "description": "The allocated storage in gibibytes. If `max_allocated_storage` is configured, this argument represents the initial storage allocation and differences from the configuration will be ignored automatically when Storage Autoscaling occurs. If `replicate_source_db` is set, the value is ignored during the creation of the instance.\n" + }, + "allowMajorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that major version\nupgrades are allowed. Changing this parameter does not result in an outage and\nthe change is asynchronously applied as soon as possible.\n" + }, + "applyImmediately": { + "type": "boolean", + "description": "Specifies whether any database modifications\nare applied immediately, or during the next maintenance window. Default is\n`false`. See [Amazon RDS Documentation for more\ninformation.](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.DBInstance.Modifying.html)\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the RDS instance.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor engine upgrades\nwill be applied automatically to the DB instance during the maintenance window.\nDefaults to true.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ for the RDS instance.\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "The days to retain backups for. Must be\nbetween `0` and `35`. Must be greater than `0` if the database is used as a source for a Read Replica. [See Read Replica][1].\n" + }, + "backupWindow": { + "type": "string", + "description": "The daily time range (in UTC) during which\nautomated backups are created if they are enabled. Example: \"09:46-10:16\". Must\nnot overlap with `maintenance_window`.\n" + }, + "caCertIdentifier": { + "type": "string", + "description": "The identifier of the CA certificate for the DB instance.\n" + }, + "characterSetName": { + "type": "string", + "description": "The character set name to use for DB\nencoding in Oracle and Microsoft SQL instances (collation). This can't be changed. See [Oracle Character Sets\nSupported in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html)\nor [Server-Level Collation for Microsoft SQL Server](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.SQLServer.CommonDBATasks.Collation.html) for more information.\n" + }, + "copyTagsToSnapshot": { + "type": "boolean", + "description": "Copy all Instance `tags` to snapshots. Default is `false`.\n" + }, + "customerOwnedIpEnabled": { + "type": "boolean", + "description": "Indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance. See [CoIP for RDS on Outposts](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-on-outposts.html#rds-on-outposts.coip) for more information.\n" + }, + "dbSubnetGroupName": { + "type": "string", + "description": "Name of `DB subnet group`. DB instance will\nbe created in the VPC associated with the DB subnet group. If unspecified, will\nbe created in the `default` VPC, or in EC2 Classic, if available. When working\nwith read replicas, it should be specified only if the source database\nspecifies an instance in another AWS Region. See [DBSubnetGroupName in API\naction CreateDBInstanceReadReplica](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstanceReadReplica.html)\nfor additional read replica contraints.\n" + }, + "deleteAutomatedBackups": { + "type": "boolean", + "description": "Specifies whether to remove automated backups immediately after the DB instance is deleted. Default is `true`.\n" + }, + "deletionProtection": { + "type": "boolean", + "description": "If the DB instance should have deletion protection enabled. The database can't be deleted when this value is set to `true`. The default is `false`.\n" + }, + "domain": { + "type": "string", + "description": "The ID of the Directory Service Active Directory domain to create the instance in.\n" + }, + "domainIamRoleName": { + "type": "string", + "description": "The name of the IAM role to be used when making API calls to the Directory Service.\n" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of log types to enable for exporting to CloudWatch logs. If omitted, no logs will be exported. Valid values (depending on `engine`). MySQL and MariaDB: `audit`, `error`, `general`, `slowquery`. PostgreSQL: `postgresql`, `upgrade`. MSSQL: `agent` , `error`. Oracle: `alert`, `audit`, `listener`, `trace`.\n" + }, + "endpoint": { + "type": "string", + "description": "The connection endpoint in `address:port` format.\n" + }, + "engine": { + "type": "string", + "description": "(Required unless a `snapshot_identifier` or `replicate_source_db`\nis provided) The database engine to use. For supported values, see the Engine parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html).\nNote that for Amazon Aurora instances the engine must match the `DB cluster`'s engine'.\nFor information on the difference between the available Aurora MySQL engines\nsee [Comparison between Aurora MySQL 1 and Aurora MySQL 2](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AuroraMySQL.Updates.20180206.html)\nin the Amazon RDS User Guide.\n" + }, + "engineVersion": { + "type": "string", + "description": "The engine version to use. If `auto_minor_version_upgrade`\nis enabled, you can provide a prefix of the version such as `5.7` (for `5.7.10`) and\nthis attribute will ignore differences in the patch version automatically (e.g. `5.7.17`).\nFor supported values, see the EngineVersion parameter in [API action CreateDBInstance](https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBInstance.html).\nNote that for Amazon Aurora instances the engine version must match the `DB cluster`'s engine version'.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The name of your final DB snapshot\nwhen this DB instance is deleted. Must be provided if `skip_final_snapshot` is\nset to `false`. The value must begin with a letter, only contain alphanumeric characters and hyphens, and not end with a hyphen or contain two consecutive hyphens. Must not be provided when deleting a read replica.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the DB instance (to be used\nin a Route 53 Alias record).\n" + }, + "iamDatabaseAuthenticationEnabled": { + "type": "boolean", + "description": "Specifies whether or\nmappings of AWS Identity and Access Management (IAM) accounts to database\naccounts is enabled.\n" + }, + "identifier": { + "type": "string", + "description": "The name of the RDS instance,\nif omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique\nidentifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "instanceClass": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:rds/InstanceType:InstanceType" + } + ], + "description": "The instance type of the RDS instance.\n" + }, + "iops": { + "type": "integer", + "description": "The amount of provisioned IOPS. Setting this implies a\nstorage_type of \"io1\".\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. If creating an\nencrypted replica, set this to the destination KMS ARN.\n" + }, + "latestRestorableTime": { + "type": "string", + "description": "The latest time, in UTC [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), to which a database can be restored with point-in-time restore.\n" + }, + "licenseModel": { + "type": "string", + "description": "(Optional, but required for some DB engines, i.e. Oracle\nSE1) License model information for this DB instance.\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "The window to perform maintenance in.\nSyntax: \"ddd:hh24:mi-ddd:hh24:mi\". Eg: \"Mon:00:00-Mon:03:00\". See [RDS\nMaintenance Window\ndocs](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow)\nfor more information.\n" + }, + "maxAllocatedStorage": { + "type": "integer", + "description": "When configured, the upper limit to which Amazon RDS can automatically scale the storage of the DB instance. Configuring this will automatically ignore differences to `allocated_storage`. Must be greater than or equal to `allocated_storage` or `0` to disable Storage Autoscaling.\n" + }, + "monitoringInterval": { + "type": "integer", + "description": "The interval, in seconds, between points\nwhen Enhanced Monitoring metrics are collected for the DB instance. To disable\ncollecting Enhanced Monitoring metrics, specify 0. The default is 0. Valid\nValues: 0, 1, 5, 10, 15, 30, 60.\n" + }, + "monitoringRoleArn": { + "type": "string", + "description": "The ARN for the IAM role that permits RDS\nto send enhanced monitoring metrics to CloudWatch Logs. You can find more\ninformation on the [AWS\nDocumentation](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.html)\nwhat IAM permissions are needed to allow Enhanced Monitoring for RDS Instances.\n" + }, + "multiAz": { + "type": "boolean", + "description": "Specifies if the RDS instance is multi-AZ\n" + }, + "name": { + "type": "string", + "description": "The name of the database to create when the DB instance is created. If this parameter is not specified, no database is created in the DB instance. Note that this does not apply for Oracle or SQL Server engines. See the [AWS documentation](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/create-db-instance.html) for more details on what applies for those engines. If you are providing an Oracle db name, it needs to be in all upper case.\n" + }, + "ncharCharacterSetName": { + "type": "string", + "description": "The national character set is used in the NCHAR, NVARCHAR2, and NCLOB data types for Oracle instances. This can't be changed. See [Oracle Character Sets\nSupported in Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.OracleCharacterSets.html).\n" + }, + "optionGroupName": { + "type": "string", + "description": "Name of the DB option group to associate.\n" + }, + "parameterGroupName": { + "type": "string", + "description": "Name of the DB parameter group to\nassociate.\n" + }, + "password": { + "type": "string", + "description": "(Required unless a `snapshot_identifier` or `replicate_source_db`\nis provided) Password for the master DB user. Note that this may show up in\nlogs, and it will be stored in the state file.\n" + }, + "performanceInsightsEnabled": { + "type": "boolean", + "description": "Specifies whether Performance Insights are enabled. Defaults to false.\n" + }, + "performanceInsightsKmsKeyId": { + "type": "string", + "description": "The ARN for the KMS key to encrypt Performance Insights data. When specifying `performance_insights_kms_key_id`, `performance_insights_enabled` needs to be set to true. Once KMS key is set, it can never be changed.\n" + }, + "performanceInsightsRetentionPeriod": { + "type": "integer", + "description": "The amount of time in days to retain Performance Insights data. Either 7 (7 days) or 731 (2 years). When specifying `performance_insights_retention_period`, `performance_insights_enabled` needs to be set to true. Defaults to '7'.\n" + }, + "port": { + "type": "integer", + "description": "The port on which the DB accepts connections.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Bool to control if instance is publicly\naccessible. Default is `false`.\n" + }, + "replicas": { + "type": "array", + "items": { + "type": "string" + } + }, + "replicateSourceDb": { + "type": "string", + "description": "Specifies that this resource is a Replicate\ndatabase, and to use this value as the source database. This correlates to the\n`identifier` of another Amazon RDS Database to replicate (if replicating within\na single region) or ARN of the Amazon RDS Database to replicate (if replicating\ncross-region). Note that if you are\ncreating a cross-region replica of an encrypted database you will also need to\nspecify a `kms_key_id`. See [DB Instance Replication][1] and [Working with\nPostgreSQL and MySQL Read Replicas](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html)\nfor more information on using Replication.\n" + }, + "resourceId": { + "type": "string", + "description": "The RDS Resource ID of this instance.\n" + }, + "restoreToPointInTime": { + "$ref": "#/types/aws:rds/InstanceRestoreToPointInTime:InstanceRestoreToPointInTime", + "description": "A configuration block for restoring a DB instance to an arbitrary point in time. Requires the `identifier` argument to be set with the name of the new DB instance to be created. See Restore To Point In Time below for details.\n" + }, + "s3Import": { + "$ref": "#/types/aws:rds/InstanceS3Import:InstanceS3Import", + "description": "Restore from a Percona Xtrabackup in S3. See [Importing Data into an Amazon RDS MySQL DB Instance](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MySQL.Procedural.Importing.html)\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of DB Security Groups to\nassociate. Only used for [DB Instances on the _EC2-Classic_\nPlatform](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html#USER_VPC.FindDefaultVPC).\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final DB snapshot is\ncreated before the DB instance is deleted. If true is specified, no DBSnapshot\nis created. If false is specified, a DB snapshot is created before the DB\ninstance is deleted, using the value from `final_snapshot_identifier`. Default\nis `false`.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "Specifies whether or not to create this\ndatabase from a snapshot. This correlates to the snapshot ID you'd find in the\nRDS console, e.g: rds:production-2015-06-26-06-05.\n" + }, + "status": { + "type": "string", + "description": "The RDS instance status.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB instance is\nencrypted. Note that if you are creating a cross-region read replica this field\nis ignored and you should instead declare `kms_key_id` with a valid ARN. The\ndefault is `false` if not specified.\n" + }, + "storageType": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:rds/StorageType:StorageType" + } + ], + "description": "One of \"standard\" (magnetic), \"gp2\" (general\npurpose SSD), or \"io1\" (provisioned IOPS SSD). The default is \"io1\" if `iops` is\nspecified, \"gp2\" if not.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timezone": { + "type": "string", + "description": "Time zone of the DB instance. `timezone` is currently\nonly supported by Microsoft SQL Server. The `timezone` can only be set on\ncreation. See [MSSQL User\nGuide](http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_SQLServer.html#SQLServer.Concepts.General.TimeZone)\nfor more information.\n" + }, + "username": { + "type": "string", + "description": "(Required unless a `snapshot_identifier` or `replicate_source_db`\nis provided) Username for the master DB user.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security groups to\nassociate.\n" + } + }, + "type": "object" + } + }, + "aws:rds/optionGroup:OptionGroup": { + "description": "Provides an RDS DB option group resource. Documentation of the available options for various RDS engines can be found at:\n\n* [MariaDB Options](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.MariaDB.Options.html)\n* [Microsoft SQL Server Options](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.SQLServer.Options.html)\n* [MySQL Options](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.MySQL.Options.html)\n* [Oracle Options](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Appendix.Oracle.Options.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.OptionGroup(\"example\", {\n optionGroupDescription: \"Option Group\",\n engineName: \"sqlserver-ee\",\n majorEngineVersion: \"11.00\",\n options: [\n {\n optionName: \"Timezone\",\n optionSettings: [{\n name: \"TIME_ZONE\",\n value: \"UTC\",\n }],\n },\n {\n optionName: \"SQLSERVER_BACKUP_RESTORE\",\n optionSettings: [{\n name: \"IAM_ROLE_ARN\",\n value: aws_iam_role.example.arn,\n }],\n },\n {\n optionName: \"TDE\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.OptionGroup(\"example\",\n option_group_description=\"Option Group\",\n engine_name=\"sqlserver-ee\",\n major_engine_version=\"11.00\",\n options=[\n aws.rds.OptionGroupOptionArgs(\n option_name=\"Timezone\",\n option_settings=[aws.rds.OptionGroupOptionOptionSettingArgs(\n name=\"TIME_ZONE\",\n value=\"UTC\",\n )],\n ),\n aws.rds.OptionGroupOptionArgs(\n option_name=\"SQLSERVER_BACKUP_RESTORE\",\n option_settings=[aws.rds.OptionGroupOptionOptionSettingArgs(\n name=\"IAM_ROLE_ARN\",\n value=aws_iam_role[\"example\"][\"arn\"],\n )],\n ),\n aws.rds.OptionGroupOptionArgs(\n option_name=\"TDE\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Rds.OptionGroup(\"example\", new Aws.Rds.OptionGroupArgs\n {\n OptionGroupDescription = \"Option Group\",\n EngineName = \"sqlserver-ee\",\n MajorEngineVersion = \"11.00\",\n Options = \n {\n new Aws.Rds.Inputs.OptionGroupOptionArgs\n {\n OptionName = \"Timezone\",\n OptionSettings = \n {\n new Aws.Rds.Inputs.OptionGroupOptionOptionSettingArgs\n {\n Name = \"TIME_ZONE\",\n Value = \"UTC\",\n },\n },\n },\n new Aws.Rds.Inputs.OptionGroupOptionArgs\n {\n OptionName = \"SQLSERVER_BACKUP_RESTORE\",\n OptionSettings = \n {\n new Aws.Rds.Inputs.OptionGroupOptionOptionSettingArgs\n {\n Name = \"IAM_ROLE_ARN\",\n Value = aws_iam_role.Example.Arn,\n },\n },\n },\n new Aws.Rds.Inputs.OptionGroupOptionArgs\n {\n OptionName = \"TDE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewOptionGroup(ctx, \"example\", &rds.OptionGroupArgs{\n\t\t\tOptionGroupDescription: pulumi.String(\"Option Group\"),\n\t\t\tEngineName: pulumi.String(\"sqlserver-ee\"),\n\t\t\tMajorEngineVersion: pulumi.String(\"11.00\"),\n\t\t\tOptions: rds.OptionGroupOptionArray{\n\t\t\t\t&rds.OptionGroupOptionArgs{\n\t\t\t\t\tOptionName: pulumi.String(\"Timezone\"),\n\t\t\t\t\tOptionSettings: rds.OptionGroupOptionOptionSettingArray{\n\t\t\t\t\t\t&rds.OptionGroupOptionOptionSettingArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"TIME_ZONE\"),\n\t\t\t\t\t\t\tValue: pulumi.String(\"UTC\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&rds.OptionGroupOptionArgs{\n\t\t\t\t\tOptionName: pulumi.String(\"SQLSERVER_BACKUP_RESTORE\"),\n\t\t\t\t\tOptionSettings: rds.OptionGroupOptionOptionSettingArray{\n\t\t\t\t\t\t&rds.OptionGroupOptionOptionSettingArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"IAM_ROLE_ARN\"),\n\t\t\t\t\t\t\tValue: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&rds.OptionGroupOptionArgs{\n\t\t\t\t\tOptionName: pulumi.String(\"TDE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n> **Note**: Any modifications to the `db_option_group` are set to happen immediately as we default to applying immediately.\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDB Option groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:rds/optionGroup:OptionGroup bar mysql-option-group\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the db option group.\n" + }, + "engineName": { + "type": "string", + "description": "Specifies the name of the engine that this option group should be associated with.\n" + }, + "majorEngineVersion": { + "type": "string", + "description": "Specifies the major version of the engine that this option group should be associated with.\n" + }, + "name": { + "type": "string", + "description": "The Name of the setting.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Must be lowercase, to match as it is stored in AWS.\n" + }, + "optionGroupDescription": { + "type": "string", + "description": "The description of the option group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "options": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/OptionGroupOption:OptionGroupOption" + }, + "description": "A list of Options to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "engineName", + "majorEngineVersion", + "name", + "namePrefix", + "optionGroupDescription", + "tagsAll" + ], + "inputProperties": { + "engineName": { + "type": "string", + "description": "Specifies the name of the engine that this option group should be associated with.\n" + }, + "majorEngineVersion": { + "type": "string", + "description": "Specifies the major version of the engine that this option group should be associated with.\n" + }, + "name": { + "type": "string", + "description": "The Name of the setting.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Must be lowercase, to match as it is stored in AWS.\n" + }, + "optionGroupDescription": { + "type": "string", + "description": "The description of the option group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "options": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/OptionGroupOption:OptionGroupOption" + }, + "description": "A list of Options to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "engineName", + "majorEngineVersion" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OptionGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the db option group.\n" + }, + "engineName": { + "type": "string", + "description": "Specifies the name of the engine that this option group should be associated with.\n" + }, + "majorEngineVersion": { + "type": "string", + "description": "Specifies the major version of the engine that this option group should be associated with.\n" + }, + "name": { + "type": "string", + "description": "The Name of the setting.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`. Must be lowercase, to match as it is stored in AWS.\n" + }, + "optionGroupDescription": { + "type": "string", + "description": "The description of the option group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "options": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/OptionGroupOption:OptionGroupOption" + }, + "description": "A list of Options to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:rds/parameterGroup:ParameterGroup": { + "description": "\n\n\n## Import\n\nDB Parameter groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:rds/parameterGroup:ParameterGroup rds_pg rds-pg\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the db parameter group.\n" + }, + "description": { + "type": "string", + "description": "The description of the DB parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the DB parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via [`aws rds describe-db-parameters`](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-parameters.html) after initial creation of the group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "description", + "family", + "name", + "namePrefix", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the DB parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the DB parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via [`aws rds describe-db-parameters`](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-parameters.html) after initial creation of the group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "family" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ParameterGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the db parameter group.\n" + }, + "description": { + "type": "string", + "description": "The description of the DB parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the DB parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB parameter.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of DB parameters to apply. Note that parameters may differ from a family to an other. Full list of all parameters can be discovered via [`aws rds describe-db-parameters`](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-parameters.html) after initial creation of the group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:rds/proxy:Proxy": { + "description": "Provides an RDS DB proxy resource. For additional information, see the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.Proxy(\"example\", {\n debugLogging: false,\n engineFamily: \"MYSQL\",\n idleClientTimeout: 1800,\n requireTls: true,\n roleArn: aws_iam_role.example.arn,\n vpcSecurityGroupIds: [aws_security_group.example.id],\n vpcSubnetIds: [aws_subnet.example.id],\n auths: [{\n authScheme: \"SECRETS\",\n description: \"example\",\n iamAuth: \"DISABLED\",\n secretArn: aws_secretsmanager_secret.example.arn,\n }],\n tags: {\n Name: \"example\",\n Key: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.Proxy(\"example\",\n debug_logging=False,\n engine_family=\"MYSQL\",\n idle_client_timeout=1800,\n require_tls=True,\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n vpc_security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n vpc_subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n auths=[aws.rds.ProxyAuthArgs(\n auth_scheme=\"SECRETS\",\n description=\"example\",\n iam_auth=\"DISABLED\",\n secret_arn=aws_secretsmanager_secret[\"example\"][\"arn\"],\n )],\n tags={\n \"Name\": \"example\",\n \"Key\": \"value\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Rds.Proxy(\"example\", new Aws.Rds.ProxyArgs\n {\n DebugLogging = false,\n EngineFamily = \"MYSQL\",\n IdleClientTimeout = 1800,\n RequireTls = true,\n RoleArn = aws_iam_role.Example.Arn,\n VpcSecurityGroupIds = \n {\n aws_security_group.Example.Id,\n },\n VpcSubnetIds = \n {\n aws_subnet.Example.Id,\n },\n Auths = \n {\n new Aws.Rds.Inputs.ProxyAuthArgs\n {\n AuthScheme = \"SECRETS\",\n Description = \"example\",\n IamAuth = \"DISABLED\",\n SecretArn = aws_secretsmanager_secret.Example.Arn,\n },\n },\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Key\", \"value\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewProxy(ctx, \"example\", &rds.ProxyArgs{\n\t\t\tDebugLogging: pulumi.Bool(false),\n\t\t\tEngineFamily: pulumi.String(\"MYSQL\"),\n\t\t\tIdleClientTimeout: pulumi.Int(1800),\n\t\t\tRequireTls: pulumi.Bool(true),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Example.Id),\n\t\t\t},\n\t\t\tVpcSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t},\n\t\t\tAuths: rds.ProxyAuthArray{\n\t\t\t\t&rds.ProxyAuthArgs{\n\t\t\t\t\tAuthScheme: pulumi.String(\"SECRETS\"),\n\t\t\t\t\tDescription: pulumi.String(\"example\"),\n\t\t\t\t\tIamAuth: pulumi.String(\"DISABLED\"),\n\t\t\t\t\tSecretArn: pulumi.Any(aws_secretsmanager_secret.Example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t\t\"Key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDB proxies can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:rds/proxy:Proxy example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the proxy.\n" + }, + "auths": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/ProxyAuth:ProxyAuth" + }, + "description": "Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters. Described below.\n" + }, + "debugLogging": { + "type": "boolean", + "description": "Whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.\n" + }, + "endpoint": { + "type": "string", + "description": "The endpoint that you can use to connect to the proxy. You include the endpoint value in the connection string for a database client application.\n" + }, + "engineFamily": { + "type": "string", + "description": "The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. The engine family applies to MySQL and PostgreSQL for both RDS and Aurora. Valid values are `MYSQL` and `POSTGRESQL`.\n" + }, + "idleClientTimeout": { + "type": "integer", + "description": "The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.\n" + }, + "name": { + "type": "string", + "description": "The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.\n" + }, + "requireTls": { + "type": "boolean", + "description": "A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy. By enabling this setting, you can enforce encrypted TLS connections to the proxy.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security group IDs to associate with the new proxy.\n" + }, + "vpcSubnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC subnet IDs to associate with the new proxy.\n" + } + }, + "required": [ + "arn", + "auths", + "endpoint", + "engineFamily", + "idleClientTimeout", + "name", + "roleArn", + "tagsAll", + "vpcSecurityGroupIds", + "vpcSubnetIds" + ], + "inputProperties": { + "auths": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/ProxyAuth:ProxyAuth" + }, + "description": "Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters. Described below.\n" + }, + "debugLogging": { + "type": "boolean", + "description": "Whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.\n" + }, + "engineFamily": { + "type": "string", + "description": "The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. The engine family applies to MySQL and PostgreSQL for both RDS and Aurora. Valid values are `MYSQL` and `POSTGRESQL`.\n" + }, + "idleClientTimeout": { + "type": "integer", + "description": "The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.\n" + }, + "name": { + "type": "string", + "description": "The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.\n" + }, + "requireTls": { + "type": "boolean", + "description": "A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy. By enabling this setting, you can enforce encrypted TLS connections to the proxy.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security group IDs to associate with the new proxy.\n" + }, + "vpcSubnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC subnet IDs to associate with the new proxy.\n" + } + }, + "requiredInputs": [ + "auths", + "engineFamily", + "roleArn", + "vpcSubnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Proxy resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the proxy.\n" + }, + "auths": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/ProxyAuth:ProxyAuth" + }, + "description": "Configuration block(s) with authorization mechanisms to connect to the associated instances or clusters. Described below.\n" + }, + "debugLogging": { + "type": "boolean", + "description": "Whether the proxy includes detailed information about SQL statements in its logs. This information helps you to debug issues involving SQL behavior or the performance and scalability of the proxy connections. The debug information includes the text of SQL statements that you submit through the proxy. Thus, only enable this setting when needed for debugging, and only when you have security measures in place to safeguard any sensitive information that appears in the logs.\n" + }, + "endpoint": { + "type": "string", + "description": "The endpoint that you can use to connect to the proxy. You include the endpoint value in the connection string for a database client application.\n" + }, + "engineFamily": { + "type": "string", + "description": "The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. The engine family applies to MySQL and PostgreSQL for both RDS and Aurora. Valid values are `MYSQL` and `POSTGRESQL`.\n" + }, + "idleClientTimeout": { + "type": "integer", + "description": "The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.\n" + }, + "name": { + "type": "string", + "description": "The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.\n" + }, + "requireTls": { + "type": "boolean", + "description": "A Boolean parameter that specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy. By enabling this setting, you can enforce encrypted TLS connections to the proxy.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security group IDs to associate with the new proxy.\n" + }, + "vpcSubnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC subnet IDs to associate with the new proxy.\n" + } + }, + "type": "object" + } + }, + "aws:rds/proxyDefaultTargetGroup:ProxyDefaultTargetGroup": { + "description": "Provides a resource to manage an RDS DB proxy default target group resource.\n\nThe `aws.rds.ProxyDefaultTargetGroup` behaves differently from normal resources, in that the provider does not _create_ or _destroy_ this resource, since it implicitly exists as part of an RDS DB Proxy. On the provider resource creation it is automatically imported and on resource destruction, the provider performs no actions in RDS.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleProxy = new aws.rds.Proxy(\"exampleProxy\", {\n debugLogging: false,\n engineFamily: \"MYSQL\",\n idleClientTimeout: 1800,\n requireTls: true,\n roleArn: aws_iam_role.example.arn,\n vpcSecurityGroupIds: [aws_security_group.example.id],\n vpcSubnetIds: [aws_subnet.example.id],\n auths: [{\n authScheme: \"SECRETS\",\n description: \"example\",\n iamAuth: \"DISABLED\",\n secretArn: aws_secretsmanager_secret.example.arn,\n }],\n tags: {\n Name: \"example\",\n Key: \"value\",\n },\n});\nconst exampleProxyDefaultTargetGroup = new aws.rds.ProxyDefaultTargetGroup(\"exampleProxyDefaultTargetGroup\", {\n dbProxyName: exampleProxy.name,\n connectionPoolConfig: {\n connectionBorrowTimeout: 120,\n initQuery: \"SET x=1, y=2\",\n maxConnectionsPercent: 100,\n maxIdleConnectionsPercent: 50,\n sessionPinningFilters: [\"EXCLUDE_VARIABLE_SETS\"],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_proxy = aws.rds.Proxy(\"exampleProxy\",\n debug_logging=False,\n engine_family=\"MYSQL\",\n idle_client_timeout=1800,\n require_tls=True,\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n vpc_security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n vpc_subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n auths=[aws.rds.ProxyAuthArgs(\n auth_scheme=\"SECRETS\",\n description=\"example\",\n iam_auth=\"DISABLED\",\n secret_arn=aws_secretsmanager_secret[\"example\"][\"arn\"],\n )],\n tags={\n \"Name\": \"example\",\n \"Key\": \"value\",\n })\nexample_proxy_default_target_group = aws.rds.ProxyDefaultTargetGroup(\"exampleProxyDefaultTargetGroup\",\n db_proxy_name=example_proxy.name,\n connection_pool_config=aws.rds.ProxyDefaultTargetGroupConnectionPoolConfigArgs(\n connection_borrow_timeout=120,\n init_query=\"SET x=1, y=2\",\n max_connections_percent=100,\n max_idle_connections_percent=50,\n session_pinning_filters=[\"EXCLUDE_VARIABLE_SETS\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleProxy = new Aws.Rds.Proxy(\"exampleProxy\", new Aws.Rds.ProxyArgs\n {\n DebugLogging = false,\n EngineFamily = \"MYSQL\",\n IdleClientTimeout = 1800,\n RequireTls = true,\n RoleArn = aws_iam_role.Example.Arn,\n VpcSecurityGroupIds = \n {\n aws_security_group.Example.Id,\n },\n VpcSubnetIds = \n {\n aws_subnet.Example.Id,\n },\n Auths = \n {\n new Aws.Rds.Inputs.ProxyAuthArgs\n {\n AuthScheme = \"SECRETS\",\n Description = \"example\",\n IamAuth = \"DISABLED\",\n SecretArn = aws_secretsmanager_secret.Example.Arn,\n },\n },\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Key\", \"value\" },\n },\n });\n var exampleProxyDefaultTargetGroup = new Aws.Rds.ProxyDefaultTargetGroup(\"exampleProxyDefaultTargetGroup\", new Aws.Rds.ProxyDefaultTargetGroupArgs\n {\n DbProxyName = exampleProxy.Name,\n ConnectionPoolConfig = new Aws.Rds.Inputs.ProxyDefaultTargetGroupConnectionPoolConfigArgs\n {\n ConnectionBorrowTimeout = 120,\n InitQuery = \"SET x=1, y=2\",\n MaxConnectionsPercent = 100,\n MaxIdleConnectionsPercent = 50,\n SessionPinningFilters = \n {\n \"EXCLUDE_VARIABLE_SETS\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleProxy, err := rds.NewProxy(ctx, \"exampleProxy\", &rds.ProxyArgs{\n\t\t\tDebugLogging: pulumi.Bool(false),\n\t\t\tEngineFamily: pulumi.String(\"MYSQL\"),\n\t\t\tIdleClientTimeout: pulumi.Int(1800),\n\t\t\tRequireTls: pulumi.Bool(true),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Example.Id),\n\t\t\t},\n\t\t\tVpcSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t},\n\t\t\tAuths: rds.ProxyAuthArray{\n\t\t\t\t&rds.ProxyAuthArgs{\n\t\t\t\t\tAuthScheme: pulumi.String(\"SECRETS\"),\n\t\t\t\t\tDescription: pulumi.String(\"example\"),\n\t\t\t\t\tIamAuth: pulumi.String(\"DISABLED\"),\n\t\t\t\t\tSecretArn: pulumi.Any(aws_secretsmanager_secret.Example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t\t\"Key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewProxyDefaultTargetGroup(ctx, \"exampleProxyDefaultTargetGroup\", &rds.ProxyDefaultTargetGroupArgs{\n\t\t\tDbProxyName: exampleProxy.Name,\n\t\t\tConnectionPoolConfig: &rds.ProxyDefaultTargetGroupConnectionPoolConfigArgs{\n\t\t\t\tConnectionBorrowTimeout: pulumi.Int(120),\n\t\t\t\tInitQuery: pulumi.String(\"SET x=1, y=2\"),\n\t\t\t\tMaxConnectionsPercent: pulumi.Int(100),\n\t\t\t\tMaxIdleConnectionsPercent: pulumi.Int(50),\n\t\t\t\tSessionPinningFilters: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"EXCLUDE_VARIABLE_SETS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDB proxy default target groups can be imported using the `db_proxy_name`, e.g.\n\n```sh\n $ pulumi import aws:rds/proxyDefaultTargetGroup:ProxyDefaultTargetGroup example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) representing the target group.\n" + }, + "connectionPoolConfig": { + "$ref": "#/types/aws:rds/ProxyDefaultTargetGroupConnectionPoolConfig:ProxyDefaultTargetGroupConnectionPoolConfig", + "description": "The settings that determine the size and behavior of the connection pool for the target group.\n" + }, + "dbProxyName": { + "type": "string", + "description": "Name of the RDS DB Proxy.\n" + }, + "name": { + "type": "string", + "description": "The name of the default target group.\n" + } + }, + "required": [ + "arn", + "connectionPoolConfig", + "dbProxyName", + "name" + ], + "inputProperties": { + "connectionPoolConfig": { + "$ref": "#/types/aws:rds/ProxyDefaultTargetGroupConnectionPoolConfig:ProxyDefaultTargetGroupConnectionPoolConfig", + "description": "The settings that determine the size and behavior of the connection pool for the target group.\n" + }, + "dbProxyName": { + "type": "string", + "description": "Name of the RDS DB Proxy.\n" + } + }, + "requiredInputs": [ + "dbProxyName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ProxyDefaultTargetGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) representing the target group.\n" + }, + "connectionPoolConfig": { + "$ref": "#/types/aws:rds/ProxyDefaultTargetGroupConnectionPoolConfig:ProxyDefaultTargetGroupConnectionPoolConfig", + "description": "The settings that determine the size and behavior of the connection pool for the target group.\n" + }, + "dbProxyName": { + "type": "string", + "description": "Name of the RDS DB Proxy.\n" + }, + "name": { + "type": "string", + "description": "The name of the default target group.\n" + } + }, + "type": "object" + } + }, + "aws:rds/proxyEndpoint:ProxyEndpoint": { + "description": "Provides an RDS DB proxy endpoint resource. For additional information, see the [RDS User Guide](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-proxy.html#rds-proxy-endpoints).\n\n\n## Import\n\nDB proxy endpoints can be imported using the `DB-PROXY-NAME/DB-PROXY-ENDPOINT-NAME`, e.g.\n\n```sh\n $ pulumi import aws:rds/proxyEndpoint:ProxyEndpoint example example/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the proxy endpoint.\n" + }, + "dbProxyEndpointName": { + "type": "string", + "description": "The identifier for the proxy endpoint. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.\n" + }, + "dbProxyName": { + "type": "string", + "description": "The name of the DB proxy associated with the DB proxy endpoint that you create.\n" + }, + "endpoint": { + "type": "string", + "description": "The endpoint that you can use to connect to the proxy. You include the endpoint value in the connection string for a database client application.\n" + }, + "isDefault": { + "type": "boolean", + "description": "Indicates whether this endpoint is the default endpoint for the associated DB proxy.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetRole": { + "type": "string", + "description": "Indicates whether the DB proxy endpoint can be used for read/write or read-only operations. The default is `READ_WRITE`. Valid values are `READ_WRITE` and `READ_ONLY`.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID of the DB proxy endpoint.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security group IDs to associate with the new proxy.\n" + }, + "vpcSubnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC subnet IDs to associate with the new proxy.\n" + } + }, + "required": [ + "arn", + "dbProxyEndpointName", + "dbProxyName", + "endpoint", + "isDefault", + "tagsAll", + "vpcId", + "vpcSecurityGroupIds", + "vpcSubnetIds" + ], + "inputProperties": { + "dbProxyEndpointName": { + "type": "string", + "description": "The identifier for the proxy endpoint. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.\n" + }, + "dbProxyName": { + "type": "string", + "description": "The name of the DB proxy associated with the DB proxy endpoint that you create.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetRole": { + "type": "string", + "description": "Indicates whether the DB proxy endpoint can be used for read/write or read-only operations. The default is `READ_WRITE`. Valid values are `READ_WRITE` and `READ_ONLY`.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security group IDs to associate with the new proxy.\n" + }, + "vpcSubnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC subnet IDs to associate with the new proxy.\n" + } + }, + "requiredInputs": [ + "dbProxyEndpointName", + "dbProxyName", + "vpcSubnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ProxyEndpoint resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the proxy endpoint.\n" + }, + "dbProxyEndpointName": { + "type": "string", + "description": "The identifier for the proxy endpoint. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.\n" + }, + "dbProxyName": { + "type": "string", + "description": "The name of the DB proxy associated with the DB proxy endpoint that you create.\n" + }, + "endpoint": { + "type": "string", + "description": "The endpoint that you can use to connect to the proxy. You include the endpoint value in the connection string for a database client application.\n" + }, + "isDefault": { + "type": "boolean", + "description": "Indicates whether this endpoint is the default endpoint for the associated DB proxy.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetRole": { + "type": "string", + "description": "Indicates whether the DB proxy endpoint can be used for read/write or read-only operations. The default is `READ_WRITE`. Valid values are `READ_WRITE` and `READ_ONLY`.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID of the DB proxy endpoint.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC security group IDs to associate with the new proxy.\n" + }, + "vpcSubnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more VPC subnet IDs to associate with the new proxy.\n" + } + }, + "type": "object" + } + }, + "aws:rds/proxyTarget:ProxyTarget": { + "description": "Provides an RDS DB proxy target resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleProxy = new aws.rds.Proxy(\"exampleProxy\", {\n debugLogging: false,\n engineFamily: \"MYSQL\",\n idleClientTimeout: 1800,\n requireTls: true,\n roleArn: aws_iam_role.example.arn,\n vpcSecurityGroupIds: [aws_security_group.example.id],\n vpcSubnetIds: [aws_subnet.example.id],\n auths: [{\n authScheme: \"SECRETS\",\n description: \"example\",\n iamAuth: \"DISABLED\",\n secretArn: aws_secretsmanager_secret.example.arn,\n }],\n tags: {\n Name: \"example\",\n Key: \"value\",\n },\n});\nconst exampleProxyDefaultTargetGroup = new aws.rds.ProxyDefaultTargetGroup(\"exampleProxyDefaultTargetGroup\", {\n dbProxyName: exampleProxy.name,\n connectionPoolConfig: {\n connectionBorrowTimeout: 120,\n initQuery: \"SET x=1, y=2\",\n maxConnectionsPercent: 100,\n maxIdleConnectionsPercent: 50,\n sessionPinningFilters: [\"EXCLUDE_VARIABLE_SETS\"],\n },\n});\nconst exampleProxyTarget = new aws.rds.ProxyTarget(\"exampleProxyTarget\", {\n dbInstanceIdentifier: aws_db_instance.example.id,\n dbProxyName: exampleProxy.name,\n targetGroupName: exampleProxyDefaultTargetGroup.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_proxy = aws.rds.Proxy(\"exampleProxy\",\n debug_logging=False,\n engine_family=\"MYSQL\",\n idle_client_timeout=1800,\n require_tls=True,\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n vpc_security_group_ids=[aws_security_group[\"example\"][\"id\"]],\n vpc_subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n auths=[aws.rds.ProxyAuthArgs(\n auth_scheme=\"SECRETS\",\n description=\"example\",\n iam_auth=\"DISABLED\",\n secret_arn=aws_secretsmanager_secret[\"example\"][\"arn\"],\n )],\n tags={\n \"Name\": \"example\",\n \"Key\": \"value\",\n })\nexample_proxy_default_target_group = aws.rds.ProxyDefaultTargetGroup(\"exampleProxyDefaultTargetGroup\",\n db_proxy_name=example_proxy.name,\n connection_pool_config=aws.rds.ProxyDefaultTargetGroupConnectionPoolConfigArgs(\n connection_borrow_timeout=120,\n init_query=\"SET x=1, y=2\",\n max_connections_percent=100,\n max_idle_connections_percent=50,\n session_pinning_filters=[\"EXCLUDE_VARIABLE_SETS\"],\n ))\nexample_proxy_target = aws.rds.ProxyTarget(\"exampleProxyTarget\",\n db_instance_identifier=aws_db_instance[\"example\"][\"id\"],\n db_proxy_name=example_proxy.name,\n target_group_name=example_proxy_default_target_group.name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleProxy = new Aws.Rds.Proxy(\"exampleProxy\", new Aws.Rds.ProxyArgs\n {\n DebugLogging = false,\n EngineFamily = \"MYSQL\",\n IdleClientTimeout = 1800,\n RequireTls = true,\n RoleArn = aws_iam_role.Example.Arn,\n VpcSecurityGroupIds = \n {\n aws_security_group.Example.Id,\n },\n VpcSubnetIds = \n {\n aws_subnet.Example.Id,\n },\n Auths = \n {\n new Aws.Rds.Inputs.ProxyAuthArgs\n {\n AuthScheme = \"SECRETS\",\n Description = \"example\",\n IamAuth = \"DISABLED\",\n SecretArn = aws_secretsmanager_secret.Example.Arn,\n },\n },\n Tags = \n {\n { \"Name\", \"example\" },\n { \"Key\", \"value\" },\n },\n });\n var exampleProxyDefaultTargetGroup = new Aws.Rds.ProxyDefaultTargetGroup(\"exampleProxyDefaultTargetGroup\", new Aws.Rds.ProxyDefaultTargetGroupArgs\n {\n DbProxyName = exampleProxy.Name,\n ConnectionPoolConfig = new Aws.Rds.Inputs.ProxyDefaultTargetGroupConnectionPoolConfigArgs\n {\n ConnectionBorrowTimeout = 120,\n InitQuery = \"SET x=1, y=2\",\n MaxConnectionsPercent = 100,\n MaxIdleConnectionsPercent = 50,\n SessionPinningFilters = \n {\n \"EXCLUDE_VARIABLE_SETS\",\n },\n },\n });\n var exampleProxyTarget = new Aws.Rds.ProxyTarget(\"exampleProxyTarget\", new Aws.Rds.ProxyTargetArgs\n {\n DbInstanceIdentifier = aws_db_instance.Example.Id,\n DbProxyName = exampleProxy.Name,\n TargetGroupName = exampleProxyDefaultTargetGroup.Name,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleProxy, err := rds.NewProxy(ctx, \"exampleProxy\", &rds.ProxyArgs{\n\t\t\tDebugLogging: pulumi.Bool(false),\n\t\t\tEngineFamily: pulumi.String(\"MYSQL\"),\n\t\t\tIdleClientTimeout: pulumi.Int(1800),\n\t\t\tRequireTls: pulumi.Bool(true),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Example.Id),\n\t\t\t},\n\t\t\tVpcSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t},\n\t\t\tAuths: rds.ProxyAuthArray{\n\t\t\t\t&rds.ProxyAuthArgs{\n\t\t\t\t\tAuthScheme: pulumi.String(\"SECRETS\"),\n\t\t\t\t\tDescription: pulumi.String(\"example\"),\n\t\t\t\t\tIamAuth: pulumi.String(\"DISABLED\"),\n\t\t\t\t\tSecretArn: pulumi.Any(aws_secretsmanager_secret.Example.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example\"),\n\t\t\t\t\"Key\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleProxyDefaultTargetGroup, err := rds.NewProxyDefaultTargetGroup(ctx, \"exampleProxyDefaultTargetGroup\", &rds.ProxyDefaultTargetGroupArgs{\n\t\t\tDbProxyName: exampleProxy.Name,\n\t\t\tConnectionPoolConfig: &rds.ProxyDefaultTargetGroupConnectionPoolConfigArgs{\n\t\t\t\tConnectionBorrowTimeout: pulumi.Int(120),\n\t\t\t\tInitQuery: pulumi.String(\"SET x=1, y=2\"),\n\t\t\t\tMaxConnectionsPercent: pulumi.Int(100),\n\t\t\t\tMaxIdleConnectionsPercent: pulumi.Int(50),\n\t\t\t\tSessionPinningFilters: pulumi.StringArray{\n\t\t\t\t\tpulumi.String(\"EXCLUDE_VARIABLE_SETS\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewProxyTarget(ctx, \"exampleProxyTarget\", &rds.ProxyTargetArgs{\n\t\t\tDbInstanceIdentifier: pulumi.Any(aws_db_instance.Example.Id),\n\t\t\tDbProxyName: exampleProxy.Name,\n\t\t\tTargetGroupName: exampleProxyDefaultTargetGroup.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRDS DB Proxy Targets can be imported using the `db_proxy_name`, `target_group_name`, target type (e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER`), and resource identifier separated by forward slashes (`/`), e.g. Instances\n\n```sh\n $ pulumi import aws:rds/proxyTarget:ProxyTarget example example-proxy/default/RDS_INSTANCE/example-instance\n```\n\n Provisioned Clusters\n\n```sh\n $ pulumi import aws:rds/proxyTarget:ProxyTarget example example-proxy/default/TRACKED_CLUSTER/example-cluster\n```\n\n ", + "properties": { + "dbClusterIdentifier": { + "type": "string", + "description": "DB cluster identifier.\n" + }, + "dbInstanceIdentifier": { + "type": "string", + "description": "DB instance identifier.\n" + }, + "dbProxyName": { + "type": "string", + "description": "The name of the DB proxy.\n" + }, + "endpoint": { + "type": "string", + "description": "Hostname for the target RDS DB Instance. Only returned for `RDS_INSTANCE` type.\n" + }, + "port": { + "type": "integer", + "description": "Port for the target RDS DB Instance or Aurora DB Cluster.\n" + }, + "rdsResourceId": { + "type": "string", + "description": "Identifier representing the DB Instance or DB Cluster target.\n" + }, + "targetArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API.\n" + }, + "targetGroupName": { + "type": "string", + "description": "The name of the target group.\n" + }, + "trackedClusterId": { + "type": "string", + "description": "DB Cluster identifier for the DB Instance target. Not returned unless manually importing an `RDS_INSTANCE` target that is part of a DB Cluster.\n" + }, + "type": { + "type": "string", + "description": "Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER`\n" + } + }, + "required": [ + "dbProxyName", + "endpoint", + "port", + "rdsResourceId", + "targetArn", + "targetGroupName", + "trackedClusterId", + "type" + ], + "inputProperties": { + "dbClusterIdentifier": { + "type": "string", + "description": "DB cluster identifier.\n" + }, + "dbInstanceIdentifier": { + "type": "string", + "description": "DB instance identifier.\n" + }, + "dbProxyName": { + "type": "string", + "description": "The name of the DB proxy.\n" + }, + "targetGroupName": { + "type": "string", + "description": "The name of the target group.\n" + } + }, + "requiredInputs": [ + "dbProxyName", + "targetGroupName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ProxyTarget resources.\n", + "properties": { + "dbClusterIdentifier": { + "type": "string", + "description": "DB cluster identifier.\n" + }, + "dbInstanceIdentifier": { + "type": "string", + "description": "DB instance identifier.\n" + }, + "dbProxyName": { + "type": "string", + "description": "The name of the DB proxy.\n" + }, + "endpoint": { + "type": "string", + "description": "Hostname for the target RDS DB Instance. Only returned for `RDS_INSTANCE` type.\n" + }, + "port": { + "type": "integer", + "description": "Port for the target RDS DB Instance or Aurora DB Cluster.\n" + }, + "rdsResourceId": { + "type": "string", + "description": "Identifier representing the DB Instance or DB Cluster target.\n" + }, + "targetArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) for the DB instance or DB cluster. Currently not returned by the RDS API.\n" + }, + "targetGroupName": { + "type": "string", + "description": "The name of the target group.\n" + }, + "trackedClusterId": { + "type": "string", + "description": "DB Cluster identifier for the DB Instance target. Not returned unless manually importing an `RDS_INSTANCE` target that is part of a DB Cluster.\n" + }, + "type": { + "type": "string", + "description": "Type of target. e.g. `RDS_INSTANCE` or `TRACKED_CLUSTER`\n" + } + }, + "type": "object" + } + }, + "aws:rds/roleAssociation:RoleAssociation": { + "description": "Manages an RDS DB Instance association with an IAM Role. Example use cases:\n\n* [Amazon RDS Oracle integration with Amazon S3](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/oracle-s3-integration.html)\n* [Importing Amazon S3 Data into an RDS PostgreSQL DB Instance](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PostgreSQL.S3Import.html)\n\n> To manage the RDS DB Instance IAM Role for [Enhanced Monitoring](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Monitoring.OS.html), see the `aws.rds.Instance` resource `monitoring_role_arn` argument instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.rds.RoleAssociation(\"example\", {\n dbInstanceIdentifier: aws_db_instance.example.id,\n featureName: \"S3_INTEGRATION\",\n roleArn: aws_iam_role.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.RoleAssociation(\"example\",\n db_instance_identifier=aws_db_instance[\"example\"][\"id\"],\n feature_name=\"S3_INTEGRATION\",\n role_arn=aws_iam_role[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Rds.RoleAssociation(\"example\", new Aws.Rds.RoleAssociationArgs\n {\n DbInstanceIdentifier = aws_db_instance.Example.Id,\n FeatureName = \"S3_INTEGRATION\",\n RoleArn = aws_iam_role.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewRoleAssociation(ctx, \"example\", &rds.RoleAssociationArgs{\n\t\t\tDbInstanceIdentifier: pulumi.Any(aws_db_instance.Example.Id),\n\t\t\tFeatureName: pulumi.String(\"S3_INTEGRATION\"),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_db_instance_role_association` can be imported using the DB Instance Identifier and IAM Role ARN separated by a comma (`,`), e.g.\n\n```sh\n $ pulumi import aws:rds/roleAssociation:RoleAssociation example my-db-instance,arn:aws:iam::123456789012:role/my-role\n```\n\n ", + "properties": { + "dbInstanceIdentifier": { + "type": "string", + "description": "DB Instance Identifier to associate with the IAM Role.\n" + }, + "featureName": { + "type": "string", + "description": "Name of the feature for association. This can be found in the AWS documentation relevant to the integration or a full list is available in the `SupportedFeatureNames` list returned by [AWS CLI rds describe-db-engine-versions](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-engine-versions.html).\n" + }, + "roleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role to associate with the DB Instance.\n" + } + }, + "required": [ + "dbInstanceIdentifier", + "featureName", + "roleArn" + ], + "inputProperties": { + "dbInstanceIdentifier": { + "type": "string", + "description": "DB Instance Identifier to associate with the IAM Role.\n" + }, + "featureName": { + "type": "string", + "description": "Name of the feature for association. This can be found in the AWS documentation relevant to the integration or a full list is available in the `SupportedFeatureNames` list returned by [AWS CLI rds describe-db-engine-versions](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-engine-versions.html).\n" + }, + "roleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role to associate with the DB Instance.\n" + } + }, + "requiredInputs": [ + "dbInstanceIdentifier", + "featureName", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RoleAssociation resources.\n", + "properties": { + "dbInstanceIdentifier": { + "type": "string", + "description": "DB Instance Identifier to associate with the IAM Role.\n" + }, + "featureName": { + "type": "string", + "description": "Name of the feature for association. This can be found in the AWS documentation relevant to the integration or a full list is available in the `SupportedFeatureNames` list returned by [AWS CLI rds describe-db-engine-versions](https://docs.aws.amazon.com/cli/latest/reference/rds/describe-db-engine-versions.html).\n" + }, + "roleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role to associate with the DB Instance.\n" + } + }, + "type": "object" + } + }, + "aws:rds/securityGroup:SecurityGroup": { + "description": "Provides an RDS security group resource. This is only for DB instances in the\nEC2-Classic Platform. For instances inside a VPC, use the\n`aws_db_instance.vpc_security_group_ids`\nattribute instead.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultSecurityGroup = new aws.rds.SecurityGroup(\"default\", {\n ingress: [{\n cidr: \"10.0.0.0/24\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.SecurityGroup(\"default\", ingress=[aws.rds.SecurityGroupIngressArgs(\n cidr=\"10.0.0.0/24\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Rds.SecurityGroup(\"default\", new Aws.Rds.SecurityGroupArgs\n {\n Ingress = \n {\n new Aws.Rds.Inputs.SecurityGroupIngressArgs\n {\n Cidr = \"10.0.0.0/24\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewSecurityGroup(ctx, \"_default\", &rds.SecurityGroupArgs{\n\t\t\tIngress: rds.SecurityGroupIngressArray{\n\t\t\t\t&rds.SecurityGroupIngressArgs{\n\t\t\t\t\tCidr: pulumi.String(\"10.0.0.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDB Security groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:rds/securityGroup:SecurityGroup default aws_rds_sg-1\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The arn of the DB security group.\n" + }, + "description": { + "type": "string", + "description": "The description of the DB security group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/SecurityGroupIngress:SecurityGroupIngress" + }, + "description": "A list of ingress rules.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB security group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "description", + "ingress", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the DB security group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/SecurityGroupIngress:SecurityGroupIngress" + }, + "description": "A list of ingress rules.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB security group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "ingress" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SecurityGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The arn of the DB security group.\n" + }, + "description": { + "type": "string", + "description": "The description of the DB security group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:rds/SecurityGroupIngress:SecurityGroupIngress" + }, + "description": "A list of ingress rules.\n" + }, + "name": { + "type": "string", + "description": "The name of the DB security group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:rds/snapshot:Snapshot": { + "description": "Manages an RDS database instance snapshot. For managing RDS database cluster snapshots, see the `aws.rds.ClusterSnapshot` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.rds.Instance(\"bar\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.21\",\n instanceClass: \"db.t2.micro\",\n name: \"baz\",\n password: \"barbarbarbar\",\n username: \"foo\",\n maintenanceWindow: \"Fri:09:00-Fri:09:30\",\n backupRetentionPeriod: 0,\n parameterGroupName: \"default.mysql5.6\",\n});\nconst test = new aws.rds.Snapshot(\"test\", {\n dbInstanceIdentifier: bar.id,\n dbSnapshotIdentifier: \"testsnapshot1234\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.rds.Instance(\"bar\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.21\",\n instance_class=\"db.t2.micro\",\n name=\"baz\",\n password=\"barbarbarbar\",\n username=\"foo\",\n maintenance_window=\"Fri:09:00-Fri:09:30\",\n backup_retention_period=0,\n parameter_group_name=\"default.mysql5.6\")\ntest = aws.rds.Snapshot(\"test\",\n db_instance_identifier=bar.id,\n db_snapshot_identifier=\"testsnapshot1234\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = new Aws.Rds.Instance(\"bar\", new Aws.Rds.InstanceArgs\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.21\",\n InstanceClass = \"db.t2.micro\",\n Name = \"baz\",\n Password = \"barbarbarbar\",\n Username = \"foo\",\n MaintenanceWindow = \"Fri:09:00-Fri:09:30\",\n BackupRetentionPeriod = 0,\n ParameterGroupName = \"default.mysql5.6\",\n });\n var test = new Aws.Rds.Snapshot(\"test\", new Aws.Rds.SnapshotArgs\n {\n DbInstanceIdentifier = bar.Id,\n DbSnapshotIdentifier = \"testsnapshot1234\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbar, err := rds.NewInstance(ctx, \"bar\", &rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.21\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tName: pulumi.String(\"baz\"),\n\t\t\tPassword: pulumi.String(\"barbarbarbar\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tMaintenanceWindow: pulumi.String(\"Fri:09:00-Fri:09:30\"),\n\t\t\tBackupRetentionPeriod: pulumi.Int(0),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewSnapshot(ctx, \"test\", &rds.SnapshotArgs{\n\t\t\tDbInstanceIdentifier: bar.ID(),\n\t\t\tDbSnapshotIdentifier: pulumi.String(\"testsnapshot1234\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_db_snapshot` can be imported by using the snapshot identifier, e.g.\n\n```sh\n $ pulumi import aws:rds/snapshot:Snapshot example my-snapshot\n```\n\n ", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size in gigabytes (GB).\n" + }, + "availabilityZone": { + "type": "string", + "description": "Specifies the name of the Availability Zone the DB instance was located in at the time of the DB snapshot.\n" + }, + "dbInstanceIdentifier": { + "type": "string", + "description": "The DB Instance Identifier from which to take the snapshot.\n" + }, + "dbSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB snapshot.\n" + }, + "dbSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Specifies whether the DB snapshot is encrypted.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Specifies the version of the database engine.\n" + }, + "iops": { + "type": "integer", + "description": "Specifies the Provisioned IOPS (I/O operations per second) value of the DB instance at the time of the snapshot.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for the restored DB instance.\n" + }, + "optionGroupName": { + "type": "string", + "description": "Provides the option group name for the DB snapshot.\n" + }, + "port": { + "type": "integer" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbSnapshotIdentifier": { + "type": "string", + "description": "The DB snapshot Arn that the DB snapshot was copied from. It only has value in case of cross customer or cross region copy.\n" + }, + "sourceRegion": { + "type": "string", + "description": "The region that the DB snapshot was created in or copied from.\n" + }, + "status": { + "type": "string", + "description": "Specifies the status of this DB snapshot.\n" + }, + "storageType": { + "type": "string", + "description": "Specifies the storage type associated with DB snapshot.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "Specifies the storage type associated with DB snapshot.\n" + } + }, + "required": [ + "allocatedStorage", + "availabilityZone", + "dbInstanceIdentifier", + "dbSnapshotArn", + "dbSnapshotIdentifier", + "encrypted", + "engine", + "engineVersion", + "iops", + "kmsKeyId", + "licenseModel", + "optionGroupName", + "port", + "snapshotType", + "sourceDbSnapshotIdentifier", + "sourceRegion", + "status", + "storageType", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "dbInstanceIdentifier": { + "type": "string", + "description": "The DB Instance Identifier from which to take the snapshot.\n" + }, + "dbSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "dbInstanceIdentifier", + "dbSnapshotIdentifier" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Snapshot resources.\n", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size in gigabytes (GB).\n" + }, + "availabilityZone": { + "type": "string", + "description": "Specifies the name of the Availability Zone the DB instance was located in at the time of the DB snapshot.\n" + }, + "dbInstanceIdentifier": { + "type": "string", + "description": "The DB Instance Identifier from which to take the snapshot.\n" + }, + "dbSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB snapshot.\n" + }, + "dbSnapshotIdentifier": { + "type": "string", + "description": "The Identifier for the snapshot.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Specifies whether the DB snapshot is encrypted.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Specifies the version of the database engine.\n" + }, + "iops": { + "type": "integer", + "description": "Specifies the Provisioned IOPS (I/O operations per second) value of the DB instance at the time of the snapshot.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for the restored DB instance.\n" + }, + "optionGroupName": { + "type": "string", + "description": "Provides the option group name for the DB snapshot.\n" + }, + "port": { + "type": "integer" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbSnapshotIdentifier": { + "type": "string", + "description": "The DB snapshot Arn that the DB snapshot was copied from. It only has value in case of cross customer or cross region copy.\n" + }, + "sourceRegion": { + "type": "string", + "description": "The region that the DB snapshot was created in or copied from.\n" + }, + "status": { + "type": "string", + "description": "Specifies the status of this DB snapshot.\n" + }, + "storageType": { + "type": "string", + "description": "Specifies the storage type associated with DB snapshot.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "Specifies the storage type associated with DB snapshot.\n" + } + }, + "type": "object" + } + }, + "aws:rds/subnetGroup:SubnetGroup": { + "description": "Provides an RDS DB subnet group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.SubnetGroup(\"default\", {\n subnetIds: [\n aws_subnet.frontend.id,\n aws_subnet.backend.id,\n ],\n tags: {\n Name: \"My DB subnet group\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.SubnetGroup(\"default\",\n subnet_ids=[\n aws_subnet[\"frontend\"][\"id\"],\n aws_subnet[\"backend\"][\"id\"],\n ],\n tags={\n \"Name\": \"My DB subnet group\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Rds.SubnetGroup(\"default\", new Aws.Rds.SubnetGroupArgs\n {\n SubnetIds = \n {\n aws_subnet.Frontend.Id,\n aws_subnet.Backend.Id,\n },\n Tags = \n {\n { \"Name\", \"My DB subnet group\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewSubnetGroup(ctx, \"_default\", &rds.SubnetGroupArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Frontend.Id),\n\t\t\t\tpulumi.Any(aws_subnet.Backend.Id),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"My DB subnet group\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDB Subnet groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:rds/subnetGroup:SubnetGroup default production-subnet-group\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the db subnet group.\n" + }, + "description": { + "type": "string", + "description": "The description of the DB subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the DB subnet group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "description", + "name", + "namePrefix", + "subnetIds", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the DB subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the DB subnet group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SubnetGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the db subnet group.\n" + }, + "description": { + "type": "string", + "description": "The description of the DB subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the DB subnet group. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:redshift/cluster:Cluster": { + "description": "Provides a Redshift Cluster Resource.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultCluster = new aws.redshift.Cluster(\"default\", {\n clusterIdentifier: \"tf-redshift-cluster\",\n clusterType: \"single-node\",\n databaseName: \"mydb\",\n masterPassword: \"Mustbe8characters\",\n masterUsername: \"foo\",\n nodeType: \"dc1.large\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.redshift.Cluster(\"default\",\n cluster_identifier=\"tf-redshift-cluster\",\n cluster_type=\"single-node\",\n database_name=\"mydb\",\n master_password=\"Mustbe8characters\",\n master_username=\"foo\",\n node_type=\"dc1.large\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.RedShift.Cluster(\"default\", new Aws.RedShift.ClusterArgs\n {\n ClusterIdentifier = \"tf-redshift-cluster\",\n ClusterType = \"single-node\",\n DatabaseName = \"mydb\",\n MasterPassword = \"Mustbe8characters\",\n MasterUsername = \"foo\",\n NodeType = \"dc1.large\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := redshift.NewCluster(ctx, \"_default\", &redshift.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift-cluster\"),\n\t\t\tClusterType: pulumi.String(\"single-node\"),\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterPassword: pulumi.String(\"Mustbe8characters\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tNodeType: pulumi.String(\"dc1.large\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRedshift Clusters can be imported using the `cluster_identifier`, e.g.\n\n```sh\n $ pulumi import aws:redshift/cluster:Cluster myprodcluster tf-redshift-cluster-12345\n```\n\n ", + "properties": { + "allowVersionUpgrade": { + "type": "boolean", + "description": "If true , major version upgrades can be applied during the maintenance window to the Amazon Redshift engine that is running on the cluster. Default is true\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster\n" + }, + "automatedSnapshotRetentionPeriod": { + "type": "integer", + "description": "The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Even if automated snapshots are disabled, you can still create manual snapshots when you want with create-cluster-snapshot. Default is 1.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone (AZ) in which you want Amazon Redshift to provision the cluster. For example, if you have several EC2 instances running in a specific Availability Zone, then you might want the cluster to be provisioned in the same zone in order to decrease network latency.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The Cluster Identifier. Must be a lower case\nstring.\n" + }, + "clusterParameterGroupName": { + "type": "string", + "description": "The name of the parameter group to be associated with this cluster.\n" + }, + "clusterPublicKey": { + "type": "string", + "description": "The public key for the cluster\n" + }, + "clusterRevisionNumber": { + "type": "string", + "description": "The specific revision number of the database in the cluster\n" + }, + "clusterSecurityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security groups to be associated with this cluster.\n" + }, + "clusterSubnetGroupName": { + "type": "string", + "description": "The name of a cluster subnet group to be associated with this cluster. If this parameter is not provided the resulting cluster will be deployed outside virtual private cloud (VPC).\n" + }, + "clusterType": { + "type": "string", + "description": "The cluster type to use. Either `single-node` or `multi-node`.\n" + }, + "clusterVersion": { + "type": "string", + "description": "The version of the Amazon Redshift engine software that you want to deploy on the cluster.\nThe version selected runs on all the nodes in the cluster.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the first database to be created when the cluster is created.\nIf you do not provide a name, Amazon Redshift will create a default database called `dev`.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the cluster\n" + }, + "elasticIp": { + "type": "string", + "description": "The Elastic IP (EIP) address for the cluster.\n" + }, + "encrypted": { + "type": "boolean", + "description": "If true , the data in the cluster is encrypted at rest.\n" + }, + "endpoint": { + "type": "string", + "description": "The connection endpoint\n" + }, + "enhancedVpcRouting": { + "type": "boolean", + "description": "If true , enhanced VPC routing is enabled.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The identifier of the final snapshot that is to be created immediately before deleting the cluster. If this parameter is provided, `skip_final_snapshot` must be false.\n" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IAM Role ARNs to associate with the cluster. A Maximum of 10 can be associated to the cluster at any time.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_id`, `encrypted` needs to be set to true.\n" + }, + "logging": { + "$ref": "#/types/aws:redshift/ClusterLogging:ClusterLogging", + "description": "Logging, documented below.\n" + }, + "masterPassword": { + "type": "string", + "description": "Password for the master DB user.\nNote that this may show up in logs, and it will be stored in the state file. Password must contain at least 8 chars and\ncontain at least one uppercase letter, one lowercase letter, and one number.\n" + }, + "masterUsername": { + "type": "string", + "description": "Username for the master DB user.\n" + }, + "nodeType": { + "type": "string", + "description": "The node type to be provisioned for the cluster.\n" + }, + "numberOfNodes": { + "type": "integer", + "description": "The number of compute nodes in the cluster. This parameter is required when the ClusterType parameter is specified as multi-node. Default is 1.\n" + }, + "ownerAccount": { + "type": "string", + "description": "The AWS customer account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which the cluster accepts incoming connections.\nThe cluster is accessible only via the JDBC and ODBC connection strings. Part of the connection string requires the port on which the cluster will listen for incoming connections. Default port is 5439.\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range (in UTC) during which automated cluster maintenance can occur.\nFormat: ddd:hh24:mi-ddd:hh24:mi\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "If true, the cluster can be accessed from a public network. Default is `true`.\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final snapshot of the cluster is created before Amazon Redshift deletes the cluster. If true , a final cluster snapshot is not created. If false , a final cluster snapshot is created before the cluster is deleted. Default is false.\n" + }, + "snapshotClusterIdentifier": { + "type": "string", + "description": "The name of the cluster the source snapshot was created from.\n" + }, + "snapshotCopy": { + "$ref": "#/types/aws:redshift/ClusterSnapshotCopy:ClusterSnapshotCopy", + "description": "Configuration of automatic copy of snapshots from one region to another. Documented below.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "The name of the snapshot from which to create the new cluster.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Virtual Private Cloud (VPC) security groups to be associated with the cluster.\n" + } + }, + "required": [ + "arn", + "availabilityZone", + "clusterIdentifier", + "clusterParameterGroupName", + "clusterPublicKey", + "clusterRevisionNumber", + "clusterSecurityGroups", + "clusterSubnetGroupName", + "clusterType", + "databaseName", + "dnsName", + "endpoint", + "enhancedVpcRouting", + "iamRoles", + "kmsKeyId", + "nodeType", + "preferredMaintenanceWindow", + "tagsAll", + "vpcSecurityGroupIds" + ], + "inputProperties": { + "allowVersionUpgrade": { + "type": "boolean", + "description": "If true , major version upgrades can be applied during the maintenance window to the Amazon Redshift engine that is running on the cluster. Default is true\n" + }, + "automatedSnapshotRetentionPeriod": { + "type": "integer", + "description": "The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Even if automated snapshots are disabled, you can still create manual snapshots when you want with create-cluster-snapshot. Default is 1.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone (AZ) in which you want Amazon Redshift to provision the cluster. For example, if you have several EC2 instances running in a specific Availability Zone, then you might want the cluster to be provisioned in the same zone in order to decrease network latency.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The Cluster Identifier. Must be a lower case\nstring.\n" + }, + "clusterParameterGroupName": { + "type": "string", + "description": "The name of the parameter group to be associated with this cluster.\n" + }, + "clusterPublicKey": { + "type": "string", + "description": "The public key for the cluster\n" + }, + "clusterRevisionNumber": { + "type": "string", + "description": "The specific revision number of the database in the cluster\n" + }, + "clusterSecurityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security groups to be associated with this cluster.\n" + }, + "clusterSubnetGroupName": { + "type": "string", + "description": "The name of a cluster subnet group to be associated with this cluster. If this parameter is not provided the resulting cluster will be deployed outside virtual private cloud (VPC).\n" + }, + "clusterType": { + "type": "string", + "description": "The cluster type to use. Either `single-node` or `multi-node`.\n" + }, + "clusterVersion": { + "type": "string", + "description": "The version of the Amazon Redshift engine software that you want to deploy on the cluster.\nThe version selected runs on all the nodes in the cluster.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the first database to be created when the cluster is created.\nIf you do not provide a name, Amazon Redshift will create a default database called `dev`.\n" + }, + "elasticIp": { + "type": "string", + "description": "The Elastic IP (EIP) address for the cluster.\n" + }, + "encrypted": { + "type": "boolean", + "description": "If true , the data in the cluster is encrypted at rest.\n" + }, + "endpoint": { + "type": "string", + "description": "The connection endpoint\n" + }, + "enhancedVpcRouting": { + "type": "boolean", + "description": "If true , enhanced VPC routing is enabled.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The identifier of the final snapshot that is to be created immediately before deleting the cluster. If this parameter is provided, `skip_final_snapshot` must be false.\n" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IAM Role ARNs to associate with the cluster. A Maximum of 10 can be associated to the cluster at any time.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_id`, `encrypted` needs to be set to true.\n" + }, + "logging": { + "$ref": "#/types/aws:redshift/ClusterLogging:ClusterLogging", + "description": "Logging, documented below.\n" + }, + "masterPassword": { + "type": "string", + "description": "Password for the master DB user.\nNote that this may show up in logs, and it will be stored in the state file. Password must contain at least 8 chars and\ncontain at least one uppercase letter, one lowercase letter, and one number.\n" + }, + "masterUsername": { + "type": "string", + "description": "Username for the master DB user.\n" + }, + "nodeType": { + "type": "string", + "description": "The node type to be provisioned for the cluster.\n" + }, + "numberOfNodes": { + "type": "integer", + "description": "The number of compute nodes in the cluster. This parameter is required when the ClusterType parameter is specified as multi-node. Default is 1.\n" + }, + "ownerAccount": { + "type": "string", + "description": "The AWS customer account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which the cluster accepts incoming connections.\nThe cluster is accessible only via the JDBC and ODBC connection strings. Part of the connection string requires the port on which the cluster will listen for incoming connections. Default port is 5439.\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range (in UTC) during which automated cluster maintenance can occur.\nFormat: ddd:hh24:mi-ddd:hh24:mi\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "If true, the cluster can be accessed from a public network. Default is `true`.\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final snapshot of the cluster is created before Amazon Redshift deletes the cluster. If true , a final cluster snapshot is not created. If false , a final cluster snapshot is created before the cluster is deleted. Default is false.\n" + }, + "snapshotClusterIdentifier": { + "type": "string", + "description": "The name of the cluster the source snapshot was created from.\n" + }, + "snapshotCopy": { + "$ref": "#/types/aws:redshift/ClusterSnapshotCopy:ClusterSnapshotCopy", + "description": "Configuration of automatic copy of snapshots from one region to another. Documented below.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "The name of the snapshot from which to create the new cluster.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Virtual Private Cloud (VPC) security groups to be associated with the cluster.\n" + } + }, + "requiredInputs": [ + "clusterIdentifier", + "nodeType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Cluster resources.\n", + "properties": { + "allowVersionUpgrade": { + "type": "boolean", + "description": "If true , major version upgrades can be applied during the maintenance window to the Amazon Redshift engine that is running on the cluster. Default is true\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of cluster\n" + }, + "automatedSnapshotRetentionPeriod": { + "type": "integer", + "description": "The number of days that automated snapshots are retained. If the value is 0, automated snapshots are disabled. Even if automated snapshots are disabled, you can still create manual snapshots when you want with create-cluster-snapshot. Default is 1.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The EC2 Availability Zone (AZ) in which you want Amazon Redshift to provision the cluster. For example, if you have several EC2 instances running in a specific Availability Zone, then you might want the cluster to be provisioned in the same zone in order to decrease network latency.\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The Cluster Identifier. Must be a lower case\nstring.\n" + }, + "clusterParameterGroupName": { + "type": "string", + "description": "The name of the parameter group to be associated with this cluster.\n" + }, + "clusterPublicKey": { + "type": "string", + "description": "The public key for the cluster\n" + }, + "clusterRevisionNumber": { + "type": "string", + "description": "The specific revision number of the database in the cluster\n" + }, + "clusterSecurityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security groups to be associated with this cluster.\n" + }, + "clusterSubnetGroupName": { + "type": "string", + "description": "The name of a cluster subnet group to be associated with this cluster. If this parameter is not provided the resulting cluster will be deployed outside virtual private cloud (VPC).\n" + }, + "clusterType": { + "type": "string", + "description": "The cluster type to use. Either `single-node` or `multi-node`.\n" + }, + "clusterVersion": { + "type": "string", + "description": "The version of the Amazon Redshift engine software that you want to deploy on the cluster.\nThe version selected runs on all the nodes in the cluster.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the first database to be created when the cluster is created.\nIf you do not provide a name, Amazon Redshift will create a default database called `dev`.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name of the cluster\n" + }, + "elasticIp": { + "type": "string", + "description": "The Elastic IP (EIP) address for the cluster.\n" + }, + "encrypted": { + "type": "boolean", + "description": "If true , the data in the cluster is encrypted at rest.\n" + }, + "endpoint": { + "type": "string", + "description": "The connection endpoint\n" + }, + "enhancedVpcRouting": { + "type": "boolean", + "description": "If true , enhanced VPC routing is enabled.\n" + }, + "finalSnapshotIdentifier": { + "type": "string", + "description": "The identifier of the final snapshot that is to be created immediately before deleting the cluster. If this parameter is provided, `skip_final_snapshot` must be false.\n" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IAM Role ARNs to associate with the cluster. A Maximum of 10 can be associated to the cluster at any time.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key. When specifying `kms_key_id`, `encrypted` needs to be set to true.\n" + }, + "logging": { + "$ref": "#/types/aws:redshift/ClusterLogging:ClusterLogging", + "description": "Logging, documented below.\n" + }, + "masterPassword": { + "type": "string", + "description": "Password for the master DB user.\nNote that this may show up in logs, and it will be stored in the state file. Password must contain at least 8 chars and\ncontain at least one uppercase letter, one lowercase letter, and one number.\n" + }, + "masterUsername": { + "type": "string", + "description": "Username for the master DB user.\n" + }, + "nodeType": { + "type": "string", + "description": "The node type to be provisioned for the cluster.\n" + }, + "numberOfNodes": { + "type": "integer", + "description": "The number of compute nodes in the cluster. This parameter is required when the ClusterType parameter is specified as multi-node. Default is 1.\n" + }, + "ownerAccount": { + "type": "string", + "description": "The AWS customer account used to create or copy the snapshot. Required if you are restoring a snapshot you do not own, optional if you own the snapshot.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which the cluster accepts incoming connections.\nThe cluster is accessible only via the JDBC and ODBC connection strings. Part of the connection string requires the port on which the cluster will listen for incoming connections. Default port is 5439.\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The weekly time range (in UTC) during which automated cluster maintenance can occur.\nFormat: ddd:hh24:mi-ddd:hh24:mi\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "If true, the cluster can be accessed from a public network. Default is `true`.\n" + }, + "skipFinalSnapshot": { + "type": "boolean", + "description": "Determines whether a final snapshot of the cluster is created before Amazon Redshift deletes the cluster. If true , a final cluster snapshot is not created. If false , a final cluster snapshot is created before the cluster is deleted. Default is false.\n" + }, + "snapshotClusterIdentifier": { + "type": "string", + "description": "The name of the cluster the source snapshot was created from.\n" + }, + "snapshotCopy": { + "$ref": "#/types/aws:redshift/ClusterSnapshotCopy:ClusterSnapshotCopy", + "description": "Configuration of automatic copy of snapshots from one region to another. Documented below.\n" + }, + "snapshotIdentifier": { + "type": "string", + "description": "The name of the snapshot from which to create the new cluster.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Virtual Private Cloud (VPC) security groups to be associated with the cluster.\n" + } + }, + "type": "object" + } + }, + "aws:redshift/eventSubscription:EventSubscription": { + "description": "Provides a Redshift event subscription resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultCluster = new aws.redshift.Cluster(\"defaultCluster\", {\n clusterIdentifier: \"default\",\n databaseName: \"default\",\n});\n// ...\nconst defaultTopic = new aws.sns.Topic(\"defaultTopic\", {});\nconst defaultEventSubscription = new aws.redshift.EventSubscription(\"defaultEventSubscription\", {\n snsTopicArn: defaultTopic.arn,\n sourceType: \"cluster\",\n sourceIds: [defaultCluster.id],\n severity: \"INFO\",\n eventCategories: [\n \"configuration\",\n \"management\",\n \"monitoring\",\n \"security\",\n ],\n tags: {\n Name: \"default\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_cluster = aws.redshift.Cluster(\"defaultCluster\",\n cluster_identifier=\"default\",\n database_name=\"default\")\n# ...\ndefault_topic = aws.sns.Topic(\"defaultTopic\")\ndefault_event_subscription = aws.redshift.EventSubscription(\"defaultEventSubscription\",\n sns_topic_arn=default_topic.arn,\n source_type=\"cluster\",\n source_ids=[default_cluster.id],\n severity=\"INFO\",\n event_categories=[\n \"configuration\",\n \"management\",\n \"monitoring\",\n \"security\",\n ],\n tags={\n \"Name\": \"default\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var defaultCluster = new Aws.RedShift.Cluster(\"defaultCluster\", new Aws.RedShift.ClusterArgs\n {\n ClusterIdentifier = \"default\",\n DatabaseName = \"default\",\n });\n // ...\n var defaultTopic = new Aws.Sns.Topic(\"defaultTopic\", new Aws.Sns.TopicArgs\n {\n });\n var defaultEventSubscription = new Aws.RedShift.EventSubscription(\"defaultEventSubscription\", new Aws.RedShift.EventSubscriptionArgs\n {\n SnsTopicArn = defaultTopic.Arn,\n SourceType = \"cluster\",\n SourceIds = \n {\n defaultCluster.Id,\n },\n Severity = \"INFO\",\n EventCategories = \n {\n \"configuration\",\n \"management\",\n \"monitoring\",\n \"security\",\n },\n Tags = \n {\n { \"Name\", \"default\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultCluster, err := redshift.NewCluster(ctx, \"defaultCluster\", &redshift.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"default\"),\n\t\t\tDatabaseName: pulumi.String(\"default\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultTopic, err := sns.NewTopic(ctx, \"defaultTopic\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redshift.NewEventSubscription(ctx, \"defaultEventSubscription\", &redshift.EventSubscriptionArgs{\n\t\t\tSnsTopicArn: defaultTopic.Arn,\n\t\t\tSourceType: pulumi.String(\"cluster\"),\n\t\t\tSourceIds: pulumi.StringArray{\n\t\t\t\tdefaultCluster.ID(),\n\t\t\t},\n\t\t\tSeverity: pulumi.String(\"INFO\"),\n\t\t\tEventCategories: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"configuration\"),\n\t\t\t\tpulumi.String(\"management\"),\n\t\t\t\tpulumi.String(\"monitoring\"),\n\t\t\t\tpulumi.String(\"security\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"default\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRedshift Event Subscriptions can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:redshift/eventSubscription:EventSubscription default redshift-event-sub\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Redshift event notification subscription\n" + }, + "customerAwsId": { + "type": "string", + "description": "The AWS customer account associated with the Redshift event notification subscription\n" + }, + "enabled": { + "type": "boolean", + "description": "A boolean flag to enable/disable the subscription. Defaults to true.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event categories for a SourceType that you want to subscribe to. See https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-event-notifications.html or run `aws redshift describe-event-categories`.\n" + }, + "name": { + "type": "string", + "description": "The name of the Redshift event subscription.\n" + }, + "severity": { + "type": "string", + "description": "The event severity to be published by the notification subscription. Valid options are `INFO` or `ERROR`.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The ARN of the SNS topic to send events to.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a source_type must also be specified.\n" + }, + "sourceType": { + "type": "string", + "description": "The type of source that will be generating the events. Valid options are `cluster`, `cluster-parameter-group`, `cluster-security-group`, or `cluster-snapshot`. If not set, all sources will be subscribed to.\n" + }, + "status": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "customerAwsId", + "name", + "snsTopicArn", + "status", + "tagsAll" + ], + "inputProperties": { + "enabled": { + "type": "boolean", + "description": "A boolean flag to enable/disable the subscription. Defaults to true.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event categories for a SourceType that you want to subscribe to. See https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-event-notifications.html or run `aws redshift describe-event-categories`.\n" + }, + "name": { + "type": "string", + "description": "The name of the Redshift event subscription.\n" + }, + "severity": { + "type": "string", + "description": "The event severity to be published by the notification subscription. Valid options are `INFO` or `ERROR`.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The ARN of the SNS topic to send events to.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a source_type must also be specified.\n" + }, + "sourceType": { + "type": "string", + "description": "The type of source that will be generating the events. Valid options are `cluster`, `cluster-parameter-group`, `cluster-security-group`, or `cluster-snapshot`. If not set, all sources will be subscribed to.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "snsTopicArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventSubscription resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Redshift event notification subscription\n" + }, + "customerAwsId": { + "type": "string", + "description": "The AWS customer account associated with the Redshift event notification subscription\n" + }, + "enabled": { + "type": "boolean", + "description": "A boolean flag to enable/disable the subscription. Defaults to true.\n" + }, + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of event categories for a SourceType that you want to subscribe to. See https://docs.aws.amazon.com/redshift/latest/mgmt/working-with-event-notifications.html or run `aws redshift describe-event-categories`.\n" + }, + "name": { + "type": "string", + "description": "The name of the Redshift event subscription.\n" + }, + "severity": { + "type": "string", + "description": "The event severity to be published by the notification subscription. Valid options are `INFO` or `ERROR`.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "The ARN of the SNS topic to send events to.\n" + }, + "sourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of identifiers of the event sources for which events will be returned. If not specified, then all sources are included in the response. If specified, a source_type must also be specified.\n" + }, + "sourceType": { + "type": "string", + "description": "The type of source that will be generating the events. Valid options are `cluster`, `cluster-parameter-group`, `cluster-security-group`, or `cluster-snapshot`. If not set, all sources will be subscribed to.\n" + }, + "status": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:redshift/parameterGroup:ParameterGroup": { + "description": "Provides a Redshift Cluster parameter group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = new aws.redshift.ParameterGroup(\"bar\", {\n family: \"redshift-1.0\",\n parameters: [\n {\n name: \"require_ssl\",\n value: \"true\",\n },\n {\n name: \"query_group\",\n value: \"example\",\n },\n {\n name: \"enable_user_activity_logging\",\n value: \"true\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.redshift.ParameterGroup(\"bar\",\n family=\"redshift-1.0\",\n parameters=[\n aws.redshift.ParameterGroupParameterArgs(\n name=\"require_ssl\",\n value=\"true\",\n ),\n aws.redshift.ParameterGroupParameterArgs(\n name=\"query_group\",\n value=\"example\",\n ),\n aws.redshift.ParameterGroupParameterArgs(\n name=\"enable_user_activity_logging\",\n value=\"true\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = new Aws.RedShift.ParameterGroup(\"bar\", new Aws.RedShift.ParameterGroupArgs\n {\n Family = \"redshift-1.0\",\n Parameters = \n {\n new Aws.RedShift.Inputs.ParameterGroupParameterArgs\n {\n Name = \"require_ssl\",\n Value = \"true\",\n },\n new Aws.RedShift.Inputs.ParameterGroupParameterArgs\n {\n Name = \"query_group\",\n Value = \"example\",\n },\n new Aws.RedShift.Inputs.ParameterGroupParameterArgs\n {\n Name = \"enable_user_activity_logging\",\n Value = \"true\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := redshift.NewParameterGroup(ctx, \"bar\", &redshift.ParameterGroupArgs{\n\t\t\tFamily: pulumi.String(\"redshift-1.0\"),\n\t\t\tParameters: redshift.ParameterGroupParameterArray{\n\t\t\t\t&redshift.ParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"require_ssl\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t\t&redshift.ParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"query_group\"),\n\t\t\t\t\tValue: pulumi.String(\"example\"),\n\t\t\t\t},\n\t\t\t\t&redshift.ParameterGroupParameterArgs{\n\t\t\t\t\tName: pulumi.String(\"enable_user_activity_logging\"),\n\t\t\t\t\tValue: pulumi.String(\"true\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRedshift Parameter Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:redshift/parameterGroup:ParameterGroup paramgroup1 parameter-group-test\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of parameter group\n" + }, + "description": { + "type": "string", + "description": "The description of the Redshift parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the Redshift parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the Redshift parameter.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:redshift/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of Redshift parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "description", + "family", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the Redshift parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the Redshift parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the Redshift parameter.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:redshift/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of Redshift parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "family" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ParameterGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of parameter group\n" + }, + "description": { + "type": "string", + "description": "The description of the Redshift parameter group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "family": { + "type": "string", + "description": "The family of the Redshift parameter group.\n" + }, + "name": { + "type": "string", + "description": "The name of the Redshift parameter.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:redshift/ParameterGroupParameter:ParameterGroupParameter" + }, + "description": "A list of Redshift parameters to apply.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:redshift/securityGroup:SecurityGroup": { + "description": "Creates a new Amazon Redshift security group. You use security groups to control access to non-VPC clusters\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultSecurityGroup = new aws.redshift.SecurityGroup(\"default\", {\n ingress: [{\n cidr: \"10.0.0.0/24\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.redshift.SecurityGroup(\"default\", ingress=[aws.redshift.SecurityGroupIngressArgs(\n cidr=\"10.0.0.0/24\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.RedShift.SecurityGroup(\"default\", new Aws.RedShift.SecurityGroupArgs\n {\n Ingress = \n {\n new Aws.RedShift.Inputs.SecurityGroupIngressArgs\n {\n Cidr = \"10.0.0.0/24\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := redshift.NewSecurityGroup(ctx, \"_default\", &redshift.SecurityGroupArgs{\n\t\t\tIngress: redshift.SecurityGroupIngressArray{\n\t\t\t\t&redshift.SecurityGroupIngressArgs{\n\t\t\t\t\tCidr: pulumi.String(\"10.0.0.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRedshift security groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:redshift/securityGroup:SecurityGroup testgroup1 redshift_test_group\n```\n\n ", + "properties": { + "description": { + "type": "string", + "description": "The description of the Redshift security group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:redshift/SecurityGroupIngress:SecurityGroupIngress" + }, + "description": "A list of ingress rules.\n" + }, + "name": { + "type": "string", + "description": "The name of the Redshift security group.\n" + } + }, + "required": [ + "description", + "ingress", + "name" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the Redshift security group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:redshift/SecurityGroupIngress:SecurityGroupIngress" + }, + "description": "A list of ingress rules.\n" + }, + "name": { + "type": "string", + "description": "The name of the Redshift security group.\n" + } + }, + "requiredInputs": [ + "ingress" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SecurityGroup resources.\n", + "properties": { + "description": { + "type": "string", + "description": "The description of the Redshift security group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "ingress": { + "type": "array", + "items": { + "$ref": "#/types/aws:redshift/SecurityGroupIngress:SecurityGroupIngress" + }, + "description": "A list of ingress rules.\n" + }, + "name": { + "type": "string", + "description": "The name of the Redshift security group.\n" + } + }, + "type": "object" + } + }, + "aws:redshift/snapshotCopyGrant:SnapshotCopyGrant": { + "description": "Creates a snapshot copy grant that allows AWS Redshift to encrypt copied snapshots with a customer master key from AWS KMS in a destination region.\n\nNote that the grant must exist in the destination region, and not in the region of the cluster.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testSnapshotCopyGrant = new aws.redshift.SnapshotCopyGrant(\"testSnapshotCopyGrant\", {snapshotCopyGrantName: \"my-grant\"});\nconst testCluster = new aws.redshift.Cluster(\"testCluster\", {snapshotCopy: {\n destinationRegion: \"us-east-2\",\n grantName: testSnapshotCopyGrant.snapshotCopyGrantName,\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_snapshot_copy_grant = aws.redshift.SnapshotCopyGrant(\"testSnapshotCopyGrant\", snapshot_copy_grant_name=\"my-grant\")\ntest_cluster = aws.redshift.Cluster(\"testCluster\", snapshot_copy=aws.redshift.ClusterSnapshotCopyArgs(\n destination_region=\"us-east-2\",\n grant_name=test_snapshot_copy_grant.snapshot_copy_grant_name,\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testSnapshotCopyGrant = new Aws.RedShift.SnapshotCopyGrant(\"testSnapshotCopyGrant\", new Aws.RedShift.SnapshotCopyGrantArgs\n {\n SnapshotCopyGrantName = \"my-grant\",\n });\n var testCluster = new Aws.RedShift.Cluster(\"testCluster\", new Aws.RedShift.ClusterArgs\n {\n SnapshotCopy = new Aws.RedShift.Inputs.ClusterSnapshotCopyArgs\n {\n DestinationRegion = \"us-east-2\",\n GrantName = testSnapshotCopyGrant.SnapshotCopyGrantName,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestSnapshotCopyGrant, err := redshift.NewSnapshotCopyGrant(ctx, \"testSnapshotCopyGrant\", &redshift.SnapshotCopyGrantArgs{\n\t\t\tSnapshotCopyGrantName: pulumi.String(\"my-grant\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redshift.NewCluster(ctx, \"testCluster\", &redshift.ClusterArgs{\n\t\t\tSnapshotCopy: &redshift.ClusterSnapshotCopyArgs{\n\t\t\t\tDestinationRegion: pulumi.String(\"us-east-2\"),\n\t\t\t\tGrantName: testSnapshotCopyGrant.SnapshotCopyGrantName,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRedshift Snapshot Copy Grants support import by name, e.g. console\n\n```sh\n $ pulumi import aws:redshift/snapshotCopyGrant:SnapshotCopyGrant test my-grant\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of snapshot copy grant\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. If not specified, the default key is used.\n" + }, + "snapshotCopyGrantName": { + "type": "string", + "description": "A friendly name for identifying the grant.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "kmsKeyId", + "snapshotCopyGrantName", + "tagsAll" + ], + "inputProperties": { + "kmsKeyId": { + "type": "string", + "description": "The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. If not specified, the default key is used.\n" + }, + "snapshotCopyGrantName": { + "type": "string", + "description": "A friendly name for identifying the grant.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "snapshotCopyGrantName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SnapshotCopyGrant resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of snapshot copy grant\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. If not specified, the default key is used.\n" + }, + "snapshotCopyGrantName": { + "type": "string", + "description": "A friendly name for identifying the grant.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:redshift/snapshotSchedule:SnapshotSchedule": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultSnapshotSchedule = new aws.redshift.SnapshotSchedule(\"default\", {\n definitions: [\"rate(12 hours)\"],\n identifier: \"tf-redshift-snapshot-schedule\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.redshift.SnapshotSchedule(\"default\",\n definitions=[\"rate(12 hours)\"],\n identifier=\"tf-redshift-snapshot-schedule\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.RedShift.SnapshotSchedule(\"default\", new Aws.RedShift.SnapshotScheduleArgs\n {\n Definitions = \n {\n \"rate(12 hours)\",\n },\n Identifier = \"tf-redshift-snapshot-schedule\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := redshift.NewSnapshotSchedule(ctx, \"_default\", &redshift.SnapshotScheduleArgs{\n\t\t\tDefinitions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"rate(12 hours)\"),\n\t\t\t},\n\t\t\tIdentifier: pulumi.String(\"tf-redshift-snapshot-schedule\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRedshift Snapshot Schedule can be imported using the `identifier`, e.g.\n\n```sh\n $ pulumi import aws:redshift/snapshotSchedule:SnapshotSchedule default tf-redshift-snapshot-schedule\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Redshift Snapshot Schedule.\n" + }, + "definitions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The definition of the snapshot schedule. The definition is made up of schedule expressions, for example `cron(30 12 *)` or `rate(12 hours)`.\n" + }, + "description": { + "type": "string", + "description": "The description of the snapshot schedule.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Whether to destroy all associated clusters with this snapshot schedule on deletion. Must be enabled and applied before attempting deletion.\n" + }, + "identifier": { + "type": "string", + "description": "The snapshot schedule identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique\nidentifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "definitions", + "identifier", + "identifierPrefix", + "tagsAll" + ], + "inputProperties": { + "definitions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The definition of the snapshot schedule. The definition is made up of schedule expressions, for example `cron(30 12 *)` or `rate(12 hours)`.\n" + }, + "description": { + "type": "string", + "description": "The description of the snapshot schedule.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Whether to destroy all associated clusters with this snapshot schedule on deletion. Must be enabled and applied before attempting deletion.\n" + }, + "identifier": { + "type": "string", + "description": "The snapshot schedule identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique\nidentifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "definitions" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SnapshotSchedule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Redshift Snapshot Schedule.\n" + }, + "definitions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The definition of the snapshot schedule. The definition is made up of schedule expressions, for example `cron(30 12 *)` or `rate(12 hours)`.\n" + }, + "description": { + "type": "string", + "description": "The description of the snapshot schedule.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Whether to destroy all associated clusters with this snapshot schedule on deletion. Must be enabled and applied before attempting deletion.\n" + }, + "identifier": { + "type": "string", + "description": "The snapshot schedule identifier. If omitted, this provider will assign a random, unique identifier.\n" + }, + "identifierPrefix": { + "type": "string", + "description": "Creates a unique\nidentifier beginning with the specified prefix. Conflicts with `identifier`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:redshift/snapshotScheduleAssociation:SnapshotScheduleAssociation": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultCluster = new aws.redshift.Cluster(\"defaultCluster\", {\n clusterIdentifier: \"tf-redshift-cluster\",\n databaseName: \"mydb\",\n masterUsername: \"foo\",\n masterPassword: \"Mustbe8characters\",\n nodeType: \"dc1.large\",\n clusterType: \"single-node\",\n});\nconst defaultSnapshotSchedule = new aws.redshift.SnapshotSchedule(\"defaultSnapshotSchedule\", {\n identifier: \"tf-redshift-snapshot-schedule\",\n definitions: [\"rate(12 hours)\"],\n});\nconst defaultSnapshotScheduleAssociation = new aws.redshift.SnapshotScheduleAssociation(\"defaultSnapshotScheduleAssociation\", {\n clusterIdentifier: defaultCluster.id,\n scheduleIdentifier: defaultSnapshotSchedule.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_cluster = aws.redshift.Cluster(\"defaultCluster\",\n cluster_identifier=\"tf-redshift-cluster\",\n database_name=\"mydb\",\n master_username=\"foo\",\n master_password=\"Mustbe8characters\",\n node_type=\"dc1.large\",\n cluster_type=\"single-node\")\ndefault_snapshot_schedule = aws.redshift.SnapshotSchedule(\"defaultSnapshotSchedule\",\n identifier=\"tf-redshift-snapshot-schedule\",\n definitions=[\"rate(12 hours)\"])\ndefault_snapshot_schedule_association = aws.redshift.SnapshotScheduleAssociation(\"defaultSnapshotScheduleAssociation\",\n cluster_identifier=default_cluster.id,\n schedule_identifier=default_snapshot_schedule.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var defaultCluster = new Aws.RedShift.Cluster(\"defaultCluster\", new Aws.RedShift.ClusterArgs\n {\n ClusterIdentifier = \"tf-redshift-cluster\",\n DatabaseName = \"mydb\",\n MasterUsername = \"foo\",\n MasterPassword = \"Mustbe8characters\",\n NodeType = \"dc1.large\",\n ClusterType = \"single-node\",\n });\n var defaultSnapshotSchedule = new Aws.RedShift.SnapshotSchedule(\"defaultSnapshotSchedule\", new Aws.RedShift.SnapshotScheduleArgs\n {\n Identifier = \"tf-redshift-snapshot-schedule\",\n Definitions = \n {\n \"rate(12 hours)\",\n },\n });\n var defaultSnapshotScheduleAssociation = new Aws.RedShift.SnapshotScheduleAssociation(\"defaultSnapshotScheduleAssociation\", new Aws.RedShift.SnapshotScheduleAssociationArgs\n {\n ClusterIdentifier = defaultCluster.Id,\n ScheduleIdentifier = defaultSnapshotSchedule.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdefaultCluster, err := redshift.NewCluster(ctx, \"defaultCluster\", &redshift.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"tf-redshift-cluster\"),\n\t\t\tDatabaseName: pulumi.String(\"mydb\"),\n\t\t\tMasterUsername: pulumi.String(\"foo\"),\n\t\t\tMasterPassword: pulumi.String(\"Mustbe8characters\"),\n\t\t\tNodeType: pulumi.String(\"dc1.large\"),\n\t\t\tClusterType: pulumi.String(\"single-node\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultSnapshotSchedule, err := redshift.NewSnapshotSchedule(ctx, \"defaultSnapshotSchedule\", &redshift.SnapshotScheduleArgs{\n\t\t\tIdentifier: pulumi.String(\"tf-redshift-snapshot-schedule\"),\n\t\t\tDefinitions: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"rate(12 hours)\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redshift.NewSnapshotScheduleAssociation(ctx, \"defaultSnapshotScheduleAssociation\", &redshift.SnapshotScheduleAssociationArgs{\n\t\t\tClusterIdentifier: defaultCluster.ID(),\n\t\t\tScheduleIdentifier: defaultSnapshotSchedule.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRedshift Snapshot Schedule Association can be imported using the `/`, e.g.\n\n```sh\n $ pulumi import aws:redshift/snapshotScheduleAssociation:SnapshotScheduleAssociation default tf-redshift-cluster/tf-redshift-snapshot-schedule\n```\n\n ", + "properties": { + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier.\n" + }, + "scheduleIdentifier": { + "type": "string", + "description": "The snapshot schedule identifier.\n" + } + }, + "required": [ + "clusterIdentifier", + "scheduleIdentifier" + ], + "inputProperties": { + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier.\n" + }, + "scheduleIdentifier": { + "type": "string", + "description": "The snapshot schedule identifier.\n" + } + }, + "requiredInputs": [ + "clusterIdentifier", + "scheduleIdentifier" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SnapshotScheduleAssociation resources.\n", + "properties": { + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier.\n" + }, + "scheduleIdentifier": { + "type": "string", + "description": "The snapshot schedule identifier.\n" + } + }, + "type": "object" + } + }, + "aws:redshift/subnetGroup:SubnetGroup": { + "description": "Creates a new Amazon Redshift subnet group. You must provide a list of one or more subnets in your existing Amazon Virtual Private Cloud (Amazon VPC) when creating Amazon Redshift subnet group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooVpc = new aws.ec2.Vpc(\"fooVpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst fooSubnet = new aws.ec2.Subnet(\"fooSubnet\", {\n cidrBlock: \"10.1.1.0/24\",\n availabilityZone: \"us-west-2a\",\n vpcId: fooVpc.id,\n tags: {\n Name: \"tf-dbsubnet-test-1\",\n },\n});\nconst bar = new aws.ec2.Subnet(\"bar\", {\n cidrBlock: \"10.1.2.0/24\",\n availabilityZone: \"us-west-2b\",\n vpcId: fooVpc.id,\n tags: {\n Name: \"tf-dbsubnet-test-2\",\n },\n});\nconst fooSubnetGroup = new aws.redshift.SubnetGroup(\"fooSubnetGroup\", {\n subnetIds: [\n fooSubnet.id,\n bar.id,\n ],\n tags: {\n environment: \"Production\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_vpc = aws.ec2.Vpc(\"fooVpc\", cidr_block=\"10.1.0.0/16\")\nfoo_subnet = aws.ec2.Subnet(\"fooSubnet\",\n cidr_block=\"10.1.1.0/24\",\n availability_zone=\"us-west-2a\",\n vpc_id=foo_vpc.id,\n tags={\n \"Name\": \"tf-dbsubnet-test-1\",\n })\nbar = aws.ec2.Subnet(\"bar\",\n cidr_block=\"10.1.2.0/24\",\n availability_zone=\"us-west-2b\",\n vpc_id=foo_vpc.id,\n tags={\n \"Name\": \"tf-dbsubnet-test-2\",\n })\nfoo_subnet_group = aws.redshift.SubnetGroup(\"fooSubnetGroup\",\n subnet_ids=[\n foo_subnet.id,\n bar.id,\n ],\n tags={\n \"environment\": \"Production\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooVpc = new Aws.Ec2.Vpc(\"fooVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n var fooSubnet = new Aws.Ec2.Subnet(\"fooSubnet\", new Aws.Ec2.SubnetArgs\n {\n CidrBlock = \"10.1.1.0/24\",\n AvailabilityZone = \"us-west-2a\",\n VpcId = fooVpc.Id,\n Tags = \n {\n { \"Name\", \"tf-dbsubnet-test-1\" },\n },\n });\n var bar = new Aws.Ec2.Subnet(\"bar\", new Aws.Ec2.SubnetArgs\n {\n CidrBlock = \"10.1.2.0/24\",\n AvailabilityZone = \"us-west-2b\",\n VpcId = fooVpc.Id,\n Tags = \n {\n { \"Name\", \"tf-dbsubnet-test-2\" },\n },\n });\n var fooSubnetGroup = new Aws.RedShift.SubnetGroup(\"fooSubnetGroup\", new Aws.RedShift.SubnetGroupArgs\n {\n SubnetIds = \n {\n fooSubnet.Id,\n bar.Id,\n },\n Tags = \n {\n { \"environment\", \"Production\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooVpc, err := ec2.NewVpc(ctx, \"fooVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooSubnet, err := ec2.NewSubnet(ctx, \"fooSubnet\", &ec2.SubnetArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.1.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-dbsubnet-test-1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewSubnet(ctx, \"bar\", &ec2.SubnetArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2b\"),\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-dbsubnet-test-2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = redshift.NewSubnetGroup(ctx, \"fooSubnetGroup\", &redshift.SubnetGroupArgs{\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tfooSubnet.ID(),\n\t\t\t\tbar.ID(),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"Production\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRedshift subnet groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:redshift/subnetGroup:SubnetGroup testgroup1 test-cluster-subnet-group\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Redshift Subnet group name\n" + }, + "description": { + "type": "string", + "description": "The description of the Redshift Subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the Redshift Subnet group.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "description", + "name", + "subnetIds", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the Redshift Subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the Redshift Subnet group.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "subnetIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SubnetGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Redshift Subnet group name\n" + }, + "description": { + "type": "string", + "description": "The description of the Redshift Subnet group. Defaults to \"Managed by Pulumi\".\n", + "default": "Managed by Pulumi" + }, + "name": { + "type": "string", + "description": "The name of the Redshift Subnet group.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of VPC subnet IDs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:resourcegroups/group:Group": { + "description": "Provides a Resource Group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.resourcegroups.Group(\"test\", {\n resourceQuery: {\n query: `{\n \"ResourceTypeFilters\": [\n \"AWS::EC2::Instance\"\n ],\n \"TagFilters\": [\n {\n \"Key\": \"Stage\",\n \"Values\": [\"Test\"]\n }\n ]\n}\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.resourcegroups.Group(\"test\", resource_query=aws.resourcegroups.GroupResourceQueryArgs(\n query=\"\"\"{\n \"ResourceTypeFilters\": [\n \"AWS::EC2::Instance\"\n ],\n \"TagFilters\": [\n {\n \"Key\": \"Stage\",\n \"Values\": [\"Test\"]\n }\n ]\n}\n\n\"\"\",\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.ResourceGroups.Group(\"test\", new Aws.ResourceGroups.GroupArgs\n {\n ResourceQuery = new Aws.ResourceGroups.Inputs.GroupResourceQueryArgs\n {\n Query = @\"{\n \"\"ResourceTypeFilters\"\": [\n \"\"AWS::EC2::Instance\"\"\n ],\n \"\"TagFilters\"\": [\n {\n \"\"Key\"\": \"\"Stage\"\",\n \"\"Values\"\": [\"\"Test\"\"]\n }\n ]\n}\n\n\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/resourcegroups\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := resourcegroups.NewGroup(ctx, \"test\", &resourcegroups.GroupArgs{\n\t\t\tResourceQuery: &resourcegroups.GroupResourceQueryArgs{\n\t\t\t\tQuery: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"ResourceTypeFilters\\\": [\\n\", \" \\\"AWS::EC2::Instance\\\"\\n\", \" ],\\n\", \" \\\"TagFilters\\\": [\\n\", \" {\\n\", \" \\\"Key\\\": \\\"Stage\\\",\\n\", \" \\\"Values\\\": [\\\"Test\\\"]\\n\", \" }\\n\", \" ]\\n\", \"}\\n\", \"\\n\")),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nResource groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:resourcegroups/group:Group foo resource-group-name\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this resource group.\n" + }, + "description": { + "type": "string", + "description": "A description of the resource group.\n" + }, + "name": { + "type": "string", + "description": "The resource group's name. A resource group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`.\n" + }, + "resourceQuery": { + "$ref": "#/types/aws:resourcegroups/GroupResourceQuery:GroupResourceQuery", + "description": "A `resource_query` block. Resource queries are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "resourceQuery", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the resource group.\n" + }, + "name": { + "type": "string", + "description": "The resource group's name. A resource group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`.\n" + }, + "resourceQuery": { + "$ref": "#/types/aws:resourcegroups/GroupResourceQuery:GroupResourceQuery", + "description": "A `resource_query` block. Resource queries are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "resourceQuery" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Group resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN assigned by AWS for this resource group.\n" + }, + "description": { + "type": "string", + "description": "A description of the resource group.\n" + }, + "name": { + "type": "string", + "description": "The resource group's name. A resource group name can have a maximum of 127 characters, including letters, numbers, hyphens, dots, and underscores. The name cannot start with `AWS` or `aws`.\n" + }, + "resourceQuery": { + "$ref": "#/types/aws:resourcegroups/GroupResourceQuery:GroupResourceQuery", + "description": "A `resource_query` block. Resource queries are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:route53/delegationSet:DelegationSet": { + "description": "Provides a [Route53 Delegation Set](https://docs.aws.amazon.com/Route53/latest/APIReference/API-actions-by-function.html#actions-by-function-reusable-delegation-sets) resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.route53.DelegationSet(\"main\", {referenceName: \"DynDNS\"});\nconst primary = new aws.route53.Zone(\"primary\", {delegationSetId: main.id});\nconst secondary = new aws.route53.Zone(\"secondary\", {delegationSetId: main.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.route53.DelegationSet(\"main\", reference_name=\"DynDNS\")\nprimary = aws.route53.Zone(\"primary\", delegation_set_id=main.id)\nsecondary = aws.route53.Zone(\"secondary\", delegation_set_id=main.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Route53.DelegationSet(\"main\", new Aws.Route53.DelegationSetArgs\n {\n ReferenceName = \"DynDNS\",\n });\n var primary = new Aws.Route53.Zone(\"primary\", new Aws.Route53.ZoneArgs\n {\n DelegationSetId = main.Id,\n });\n var secondary = new Aws.Route53.Zone(\"secondary\", new Aws.Route53.ZoneArgs\n {\n DelegationSetId = main.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := route53.NewDelegationSet(ctx, \"main\", &route53.DelegationSetArgs{\n\t\t\tReferenceName: pulumi.String(\"DynDNS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewZone(ctx, \"primary\", &route53.ZoneArgs{\n\t\t\tDelegationSetId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewZone(ctx, \"secondary\", &route53.ZoneArgs{\n\t\t\tDelegationSetId: main.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute53 Delegation Sets can be imported using the `delegation set id`, e.g.\n\n```sh\n $ pulumi import aws:route53/delegationSet:DelegationSet set1 N1PA6795SAMPLE\n```\n\n ", + "properties": { + "nameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of authoritative name servers for the hosted zone\n(effectively a list of NS records).\n" + }, + "referenceName": { + "type": "string", + "description": "This is a reference name used in Caller Reference\n(helpful for identifying single delegation set amongst others)\n" + } + }, + "required": [ + "nameServers" + ], + "inputProperties": { + "referenceName": { + "type": "string", + "description": "This is a reference name used in Caller Reference\n(helpful for identifying single delegation set amongst others)\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering DelegationSet resources.\n", + "properties": { + "nameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of authoritative name servers for the hosted zone\n(effectively a list of NS records).\n" + }, + "referenceName": { + "type": "string", + "description": "This is a reference name used in Caller Reference\n(helpful for identifying single delegation set amongst others)\n" + } + }, + "type": "object" + } + }, + "aws:route53/healthCheck:HealthCheck": { + "description": "Provides a Route53 health check.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Connectivity and HTTP Status Code Check\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.route53.HealthCheck(\"example\", {\n failureThreshold: 5,\n fqdn: \"example.com\",\n port: 80,\n requestInterval: 30,\n resourcePath: \"/\",\n tags: {\n Name: \"tf-test-health-check\",\n },\n type: \"HTTP\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.HealthCheck(\"example\",\n failure_threshold=5,\n fqdn=\"example.com\",\n port=80,\n request_interval=30,\n resource_path=\"/\",\n tags={\n \"Name\": \"tf-test-health-check\",\n },\n type=\"HTTP\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Route53.HealthCheck(\"example\", new Aws.Route53.HealthCheckArgs\n {\n FailureThreshold = 5,\n Fqdn = \"example.com\",\n Port = 80,\n RequestInterval = 30,\n ResourcePath = \"/\",\n Tags = \n {\n { \"Name\", \"tf-test-health-check\" },\n },\n Type = \"HTTP\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewHealthCheck(ctx, \"example\", &route53.HealthCheckArgs{\n\t\t\tFailureThreshold: pulumi.Int(5),\n\t\t\tFqdn: pulumi.String(\"example.com\"),\n\t\t\tPort: pulumi.Int(80),\n\t\t\tRequestInterval: pulumi.Int(30),\n\t\t\tResourcePath: pulumi.String(\"/\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-test-health-check\"),\n\t\t\t},\n\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Connectivity and String Matching Check\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.route53.HealthCheck(\"example\", {\n failureThreshold: 5,\n fqdn: \"example.com\",\n port: 443,\n requestInterval: 30,\n resourcePath: \"/\",\n searchString: \"example\",\n type: \"HTTPS_STR_MATCH\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.HealthCheck(\"example\",\n failure_threshold=5,\n fqdn=\"example.com\",\n port=443,\n request_interval=30,\n resource_path=\"/\",\n search_string=\"example\",\n type=\"HTTPS_STR_MATCH\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Route53.HealthCheck(\"example\", new Aws.Route53.HealthCheckArgs\n {\n FailureThreshold = 5,\n Fqdn = \"example.com\",\n Port = 443,\n RequestInterval = 30,\n ResourcePath = \"/\",\n SearchString = \"example\",\n Type = \"HTTPS_STR_MATCH\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewHealthCheck(ctx, \"example\", &route53.HealthCheckArgs{\n\t\t\tFailureThreshold: pulumi.Int(5),\n\t\t\tFqdn: pulumi.String(\"example.com\"),\n\t\t\tPort: pulumi.Int(443),\n\t\t\tRequestInterval: pulumi.Int(30),\n\t\t\tResourcePath: pulumi.String(\"/\"),\n\t\t\tSearchString: pulumi.String(\"example\"),\n\t\t\tType: pulumi.String(\"HTTPS_STR_MATCH\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Aggregate Check\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst parent = new aws.route53.HealthCheck(\"parent\", {\n type: \"CALCULATED\",\n childHealthThreshold: 1,\n childHealthchecks: [aws_route53_health_check.child.id],\n tags: {\n Name: \"tf-test-calculated-health-check\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nparent = aws.route53.HealthCheck(\"parent\",\n type=\"CALCULATED\",\n child_health_threshold=1,\n child_healthchecks=[aws_route53_health_check[\"child\"][\"id\"]],\n tags={\n \"Name\": \"tf-test-calculated-health-check\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var parent = new Aws.Route53.HealthCheck(\"parent\", new Aws.Route53.HealthCheckArgs\n {\n Type = \"CALCULATED\",\n ChildHealthThreshold = 1,\n ChildHealthchecks = \n {\n aws_route53_health_check.Child.Id,\n },\n Tags = \n {\n { \"Name\", \"tf-test-calculated-health-check\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewHealthCheck(ctx, \"parent\", &route53.HealthCheckArgs{\n\t\t\tType: pulumi.String(\"CALCULATED\"),\n\t\t\tChildHealthThreshold: pulumi.Int(1),\n\t\t\tChildHealthchecks: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_route53_health_check.Child.Id),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"tf-test-calculated-health-check\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### CloudWatch Alarm Check\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foobar = new aws.cloudwatch.MetricAlarm(\"foobar\", {\n comparisonOperator: \"GreaterThanOrEqualToThreshold\",\n evaluationPeriods: \"2\",\n metricName: \"CPUUtilization\",\n namespace: \"AWS/EC2\",\n period: \"120\",\n statistic: \"Average\",\n threshold: \"80\",\n alarmDescription: \"This metric monitors ec2 cpu utilization\",\n});\nconst foo = new aws.route53.HealthCheck(\"foo\", {\n type: \"CLOUDWATCH_METRIC\",\n cloudwatchAlarmName: foobar.name,\n cloudwatchAlarmRegion: \"us-west-2\",\n insufficientDataHealthStatus: \"Healthy\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoobar = aws.cloudwatch.MetricAlarm(\"foobar\",\n comparison_operator=\"GreaterThanOrEqualToThreshold\",\n evaluation_periods=2,\n metric_name=\"CPUUtilization\",\n namespace=\"AWS/EC2\",\n period=120,\n statistic=\"Average\",\n threshold=80,\n alarm_description=\"This metric monitors ec2 cpu utilization\")\nfoo = aws.route53.HealthCheck(\"foo\",\n type=\"CLOUDWATCH_METRIC\",\n cloudwatch_alarm_name=foobar.name,\n cloudwatch_alarm_region=\"us-west-2\",\n insufficient_data_health_status=\"Healthy\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foobar = new Aws.CloudWatch.MetricAlarm(\"foobar\", new Aws.CloudWatch.MetricAlarmArgs\n {\n ComparisonOperator = \"GreaterThanOrEqualToThreshold\",\n EvaluationPeriods = 2,\n MetricName = \"CPUUtilization\",\n Namespace = \"AWS/EC2\",\n Period = 120,\n Statistic = \"Average\",\n Threshold = 80,\n AlarmDescription = \"This metric monitors ec2 cpu utilization\",\n });\n var foo = new Aws.Route53.HealthCheck(\"foo\", new Aws.Route53.HealthCheckArgs\n {\n Type = \"CLOUDWATCH_METRIC\",\n CloudwatchAlarmName = foobar.Name,\n CloudwatchAlarmRegion = \"us-west-2\",\n InsufficientDataHealthStatus = \"Healthy\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoobar, err := cloudwatch.NewMetricAlarm(ctx, \"foobar\", &cloudwatch.MetricAlarmArgs{\n\t\t\tComparisonOperator: pulumi.String(\"GreaterThanOrEqualToThreshold\"),\n\t\t\tEvaluationPeriods: pulumi.Int(2),\n\t\t\tMetricName: pulumi.String(\"CPUUtilization\"),\n\t\t\tNamespace: pulumi.String(\"AWS/EC2\"),\n\t\t\tPeriod: pulumi.Int(120),\n\t\t\tStatistic: pulumi.String(\"Average\"),\n\t\t\tThreshold: pulumi.Float64(80),\n\t\t\tAlarmDescription: pulumi.String(\"This metric monitors ec2 cpu utilization\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewHealthCheck(ctx, \"foo\", &route53.HealthCheckArgs{\n\t\t\tType: pulumi.String(\"CLOUDWATCH_METRIC\"),\n\t\t\tCloudwatchAlarmName: foobar.Name,\n\t\t\tCloudwatchAlarmRegion: pulumi.String(\"us-west-2\"),\n\t\t\tInsufficientDataHealthStatus: pulumi.String(\"Healthy\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute53 Health Checks can be imported using the `health check id`, e.g.\n\n```sh\n $ pulumi import aws:route53/healthCheck:HealthCheck http_check abcdef11-2222-3333-4444-555555fedcba\n```\n\n ", + "properties": { + "childHealthThreshold": { + "type": "integer", + "description": "The minimum number of child health checks that must be healthy for Route 53 to consider the parent health check to be healthy. Valid values are integers between 0 and 256, inclusive\n" + }, + "childHealthchecks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "For a specified parent health check, a list of HealthCheckId values for the associated child health checks.\n" + }, + "cloudwatchAlarmName": { + "type": "string", + "description": "The name of the CloudWatch alarm.\n" + }, + "cloudwatchAlarmRegion": { + "type": "string", + "description": "The CloudWatchRegion that the CloudWatch alarm was created in.\n" + }, + "disabled": { + "type": "boolean", + "description": "A boolean value that stops Route 53 from performing health checks. When set to true, Route 53 will do the following depending on the type of health check:\n* For health checks that check the health of endpoints, Route5 53 stops submitting requests to your application, server, or other resource.\n* For calculated health checks, Route 53 stops aggregating the status of the referenced health checks.\n* For health checks that monitor CloudWatch alarms, Route 53 stops monitoring the corresponding CloudWatch metrics.\n" + }, + "enableSni": { + "type": "boolean", + "description": "A boolean value that indicates whether Route53 should send the `fqdn` to the endpoint when performing the health check. This defaults to AWS' defaults: when the `type` is \"HTTPS\" `enable_sni` defaults to `true`, when `type` is anything else `enable_sni` defaults to `false`.\n" + }, + "failureThreshold": { + "type": "integer", + "description": "The number of consecutive health checks that an endpoint must pass or fail.\n" + }, + "fqdn": { + "type": "string", + "description": "The fully qualified domain name of the endpoint to be checked.\n" + }, + "insufficientDataHealthStatus": { + "type": "string", + "description": "The status of the health check when CloudWatch has insufficient data about the state of associated alarm. Valid values are `Healthy` , `Unhealthy` and `LastKnownStatus`.\n" + }, + "invertHealthcheck": { + "type": "boolean", + "description": "A boolean value that indicates whether the status of health check should be inverted. For example, if a health check is healthy but Inverted is True , then Route 53 considers the health check to be unhealthy.\n" + }, + "ipAddress": { + "type": "string", + "description": "The IP address of the endpoint to be checked.\n" + }, + "measureLatency": { + "type": "boolean", + "description": "A Boolean value that indicates whether you want Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint and to display CloudWatch latency graphs in the Route 53 console.\n" + }, + "port": { + "type": "integer", + "description": "The port of the endpoint to be checked.\n" + }, + "referenceName": { + "type": "string", + "description": "This is a reference name used in Caller Reference\n(helpful for identifying single health_check set amongst others)\n" + }, + "regions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of AWS regions that you want Amazon Route 53 health checkers to check the specified endpoint from.\n" + }, + "requestInterval": { + "type": "integer", + "description": "The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health-check request.\n" + }, + "resourcePath": { + "type": "string", + "description": "The path that you want Amazon Route 53 to request when performing health checks.\n" + }, + "searchString": { + "type": "string", + "description": "String searched in the first 5120 bytes of the response body for check to be considered healthy. Only valid with `HTTP_STR_MATCH` and `HTTPS_STR_MATCH`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the health check. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The protocol to use when performing health checks. Valid values are `HTTP`, `HTTPS`, `HTTP_STR_MATCH`, `HTTPS_STR_MATCH`, `TCP`, `CALCULATED` and `CLOUDWATCH_METRIC`.\n" + } + }, + "required": [ + "enableSni", + "tagsAll", + "type" + ], + "inputProperties": { + "childHealthThreshold": { + "type": "integer", + "description": "The minimum number of child health checks that must be healthy for Route 53 to consider the parent health check to be healthy. Valid values are integers between 0 and 256, inclusive\n" + }, + "childHealthchecks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "For a specified parent health check, a list of HealthCheckId values for the associated child health checks.\n" + }, + "cloudwatchAlarmName": { + "type": "string", + "description": "The name of the CloudWatch alarm.\n" + }, + "cloudwatchAlarmRegion": { + "type": "string", + "description": "The CloudWatchRegion that the CloudWatch alarm was created in.\n" + }, + "disabled": { + "type": "boolean", + "description": "A boolean value that stops Route 53 from performing health checks. When set to true, Route 53 will do the following depending on the type of health check:\n* For health checks that check the health of endpoints, Route5 53 stops submitting requests to your application, server, or other resource.\n* For calculated health checks, Route 53 stops aggregating the status of the referenced health checks.\n* For health checks that monitor CloudWatch alarms, Route 53 stops monitoring the corresponding CloudWatch metrics.\n" + }, + "enableSni": { + "type": "boolean", + "description": "A boolean value that indicates whether Route53 should send the `fqdn` to the endpoint when performing the health check. This defaults to AWS' defaults: when the `type` is \"HTTPS\" `enable_sni` defaults to `true`, when `type` is anything else `enable_sni` defaults to `false`.\n" + }, + "failureThreshold": { + "type": "integer", + "description": "The number of consecutive health checks that an endpoint must pass or fail.\n" + }, + "fqdn": { + "type": "string", + "description": "The fully qualified domain name of the endpoint to be checked.\n" + }, + "insufficientDataHealthStatus": { + "type": "string", + "description": "The status of the health check when CloudWatch has insufficient data about the state of associated alarm. Valid values are `Healthy` , `Unhealthy` and `LastKnownStatus`.\n" + }, + "invertHealthcheck": { + "type": "boolean", + "description": "A boolean value that indicates whether the status of health check should be inverted. For example, if a health check is healthy but Inverted is True , then Route 53 considers the health check to be unhealthy.\n" + }, + "ipAddress": { + "type": "string", + "description": "The IP address of the endpoint to be checked.\n" + }, + "measureLatency": { + "type": "boolean", + "description": "A Boolean value that indicates whether you want Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint and to display CloudWatch latency graphs in the Route 53 console.\n" + }, + "port": { + "type": "integer", + "description": "The port of the endpoint to be checked.\n" + }, + "referenceName": { + "type": "string", + "description": "This is a reference name used in Caller Reference\n(helpful for identifying single health_check set amongst others)\n" + }, + "regions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of AWS regions that you want Amazon Route 53 health checkers to check the specified endpoint from.\n" + }, + "requestInterval": { + "type": "integer", + "description": "The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health-check request.\n" + }, + "resourcePath": { + "type": "string", + "description": "The path that you want Amazon Route 53 to request when performing health checks.\n" + }, + "searchString": { + "type": "string", + "description": "String searched in the first 5120 bytes of the response body for check to be considered healthy. Only valid with `HTTP_STR_MATCH` and `HTTPS_STR_MATCH`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the health check. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The protocol to use when performing health checks. Valid values are `HTTP`, `HTTPS`, `HTTP_STR_MATCH`, `HTTPS_STR_MATCH`, `TCP`, `CALCULATED` and `CLOUDWATCH_METRIC`.\n" + } + }, + "requiredInputs": [ + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering HealthCheck resources.\n", + "properties": { + "childHealthThreshold": { + "type": "integer", + "description": "The minimum number of child health checks that must be healthy for Route 53 to consider the parent health check to be healthy. Valid values are integers between 0 and 256, inclusive\n" + }, + "childHealthchecks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "For a specified parent health check, a list of HealthCheckId values for the associated child health checks.\n" + }, + "cloudwatchAlarmName": { + "type": "string", + "description": "The name of the CloudWatch alarm.\n" + }, + "cloudwatchAlarmRegion": { + "type": "string", + "description": "The CloudWatchRegion that the CloudWatch alarm was created in.\n" + }, + "disabled": { + "type": "boolean", + "description": "A boolean value that stops Route 53 from performing health checks. When set to true, Route 53 will do the following depending on the type of health check:\n* For health checks that check the health of endpoints, Route5 53 stops submitting requests to your application, server, or other resource.\n* For calculated health checks, Route 53 stops aggregating the status of the referenced health checks.\n* For health checks that monitor CloudWatch alarms, Route 53 stops monitoring the corresponding CloudWatch metrics.\n" + }, + "enableSni": { + "type": "boolean", + "description": "A boolean value that indicates whether Route53 should send the `fqdn` to the endpoint when performing the health check. This defaults to AWS' defaults: when the `type` is \"HTTPS\" `enable_sni` defaults to `true`, when `type` is anything else `enable_sni` defaults to `false`.\n" + }, + "failureThreshold": { + "type": "integer", + "description": "The number of consecutive health checks that an endpoint must pass or fail.\n" + }, + "fqdn": { + "type": "string", + "description": "The fully qualified domain name of the endpoint to be checked.\n" + }, + "insufficientDataHealthStatus": { + "type": "string", + "description": "The status of the health check when CloudWatch has insufficient data about the state of associated alarm. Valid values are `Healthy` , `Unhealthy` and `LastKnownStatus`.\n" + }, + "invertHealthcheck": { + "type": "boolean", + "description": "A boolean value that indicates whether the status of health check should be inverted. For example, if a health check is healthy but Inverted is True , then Route 53 considers the health check to be unhealthy.\n" + }, + "ipAddress": { + "type": "string", + "description": "The IP address of the endpoint to be checked.\n" + }, + "measureLatency": { + "type": "boolean", + "description": "A Boolean value that indicates whether you want Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint and to display CloudWatch latency graphs in the Route 53 console.\n" + }, + "port": { + "type": "integer", + "description": "The port of the endpoint to be checked.\n" + }, + "referenceName": { + "type": "string", + "description": "This is a reference name used in Caller Reference\n(helpful for identifying single health_check set amongst others)\n" + }, + "regions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of AWS regions that you want Amazon Route 53 health checkers to check the specified endpoint from.\n" + }, + "requestInterval": { + "type": "integer", + "description": "The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health-check request.\n" + }, + "resourcePath": { + "type": "string", + "description": "The path that you want Amazon Route 53 to request when performing health checks.\n" + }, + "searchString": { + "type": "string", + "description": "String searched in the first 5120 bytes of the response body for check to be considered healthy. Only valid with `HTTP_STR_MATCH` and `HTTPS_STR_MATCH`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the health check. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "The protocol to use when performing health checks. Valid values are `HTTP`, `HTTPS`, `HTTP_STR_MATCH`, `HTTPS_STR_MATCH`, `TCP`, `CALCULATED` and `CLOUDWATCH_METRIC`.\n" + } + }, + "type": "object" + } + }, + "aws:route53/hostedZoneDnsSec:HostedZoneDnsSec": { + "description": "Manages Route 53 Hosted Zone Domain Name System Security Extensions (DNSSEC). For more information about managing DNSSEC in Route 53, see the [Route 53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {\n customerMasterKeySpec: \"ECC_NIST_P256\",\n deletionWindowInDays: 7,\n keyUsage: \"SIGN_VERIFY\",\n policy: JSON.stringify({\n Statement: [\n {\n Action: [\n \"kms:DescribeKey\",\n \"kms:GetPublicKey\",\n \"kms:Sign\",\n ],\n Effect: \"Allow\",\n Principal: {\n Service: \"dnssec-route53.amazonaws.com\",\n },\n Sid: \"Allow Route 53 DNSSEC Service\",\n Resource: \"*\",\n },\n {\n Action: \"kms:CreateGrant\",\n Effect: \"Allow\",\n Principal: {\n Service: \"dnssec-route53.amazonaws.com\",\n },\n Sid: \"Allow Route 53 DNSSEC Service to CreateGrant\",\n Resource: \"*\",\n Condition: {\n Bool: {\n \"kms:GrantIsForAWSResource\": \"true\",\n },\n },\n },\n {\n Action: \"kms:*\",\n Effect: \"Allow\",\n Principal: {\n AWS: \"*\",\n },\n Resource: \"*\",\n Sid: \"IAM User Permissions\",\n },\n ],\n Version: \"2012-10-17\",\n }),\n});\nconst exampleZone = new aws.route53.Zone(\"exampleZone\", {});\nconst exampleKeySigningKey = new aws.route53.KeySigningKey(\"exampleKeySigningKey\", {\n hostedZoneId: exampleZone.id,\n keyManagementServiceArn: exampleKey.arn,\n});\nconst exampleHostedZoneDnsSec = new aws.route53.HostedZoneDnsSec(\"exampleHostedZoneDnsSec\", {hostedZoneId: exampleKeySigningKey.hostedZoneId}, {\n dependsOn: [exampleKeySigningKey],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample_key = aws.kms.Key(\"exampleKey\",\n customer_master_key_spec=\"ECC_NIST_P256\",\n deletion_window_in_days=7,\n key_usage=\"SIGN_VERIFY\",\n policy=json.dumps({\n \"Statement\": [\n {\n \"Action\": [\n \"kms:DescribeKey\",\n \"kms:GetPublicKey\",\n \"kms:Sign\",\n ],\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"dnssec-route53.amazonaws.com\",\n },\n \"Sid\": \"Allow Route 53 DNSSEC Service\",\n \"Resource\": \"*\",\n },\n {\n \"Action\": \"kms:CreateGrant\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"dnssec-route53.amazonaws.com\",\n },\n \"Sid\": \"Allow Route 53 DNSSEC Service to CreateGrant\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"kms:GrantIsForAWSResource\": \"true\",\n },\n },\n },\n {\n \"Action\": \"kms:*\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\",\n },\n \"Resource\": \"*\",\n \"Sid\": \"IAM User Permissions\",\n },\n ],\n \"Version\": \"2012-10-17\",\n }))\nexample_zone = aws.route53.Zone(\"exampleZone\")\nexample_key_signing_key = aws.route53.KeySigningKey(\"exampleKeySigningKey\",\n hosted_zone_id=example_zone.id,\n key_management_service_arn=example_key.arn)\nexample_hosted_zone_dns_sec = aws.route53.HostedZoneDnsSec(\"exampleHostedZoneDnsSec\", hosted_zone_id=example_key_signing_key.hosted_zone_id,\nopts=pulumi.ResourceOptions(depends_on=[example_key_signing_key]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new Aws.Kms.KeyArgs\n {\n CustomerMasterKeySpec = \"ECC_NIST_P256\",\n DeletionWindowInDays = 7,\n KeyUsage = \"SIGN_VERIFY\",\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"kms:DescribeKey\",\n \"kms:GetPublicKey\",\n \"kms:Sign\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Principal\", new Dictionary\n {\n { \"Service\", \"dnssec-route53.amazonaws.com\" },\n } },\n { \"Sid\", \"Allow Route 53 DNSSEC Service\" },\n { \"Resource\", \"*\" },\n },\n new Dictionary\n {\n { \"Action\", \"kms:CreateGrant\" },\n { \"Effect\", \"Allow\" },\n { \"Principal\", new Dictionary\n {\n { \"Service\", \"dnssec-route53.amazonaws.com\" },\n } },\n { \"Sid\", \"Allow Route 53 DNSSEC Service to CreateGrant\" },\n { \"Resource\", \"*\" },\n { \"Condition\", new Dictionary\n {\n { \"Bool\", new Dictionary\n {\n { \"kms:GrantIsForAWSResource\", \"true\" },\n } },\n } },\n },\n new Dictionary\n {\n { \"Action\", \"kms:*\" },\n { \"Effect\", \"Allow\" },\n { \"Principal\", new Dictionary\n {\n { \"AWS\", \"*\" },\n } },\n { \"Resource\", \"*\" },\n { \"Sid\", \"IAM User Permissions\" },\n },\n }\n },\n { \"Version\", \"2012-10-17\" },\n }),\n });\n var exampleZone = new Aws.Route53.Zone(\"exampleZone\", new Aws.Route53.ZoneArgs\n {\n });\n var exampleKeySigningKey = new Aws.Route53.KeySigningKey(\"exampleKeySigningKey\", new Aws.Route53.KeySigningKeyArgs\n {\n HostedZoneId = exampleZone.Id,\n KeyManagementServiceArn = exampleKey.Arn,\n });\n var exampleHostedZoneDnsSec = new Aws.Route53.HostedZoneDnsSec(\"exampleHostedZoneDnsSec\", new Aws.Route53.HostedZoneDnsSecArgs\n {\n HostedZoneId = exampleKeySigningKey.HostedZoneId,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleKeySigningKey,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Statement\": []interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"kms:DescribeKey\",\n\t\t\t\t\t\t\"kms:GetPublicKey\",\n\t\t\t\t\t\t\"kms:Sign\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"dnssec-route53.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Sid\": \"Allow Route 53 DNSSEC Service\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"kms:CreateGrant\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"dnssec-route53.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Sid\": \"Allow Route 53 DNSSEC Service to CreateGrant\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t\t\"Condition\": map[string]interface{}{\n\t\t\t\t\t\t\"Bool\": map[string]interface{}{\n\t\t\t\t\t\t\t\"kms:GrantIsForAWSResource\": \"true\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"kms:*\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"AWS\": \"*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t\t\"Sid\": \"IAM User Permissions\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", &kms.KeyArgs{\n\t\t\tCustomerMasterKeySpec: pulumi.String(\"ECC_NIST_P256\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tKeyUsage: pulumi.String(\"SIGN_VERIFY\"),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleZone, err := route53.NewZone(ctx, \"exampleZone\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKeySigningKey, err := route53.NewKeySigningKey(ctx, \"exampleKeySigningKey\", &route53.KeySigningKeyArgs{\n\t\t\tHostedZoneId: exampleZone.ID(),\n\t\t\tKeyManagementServiceArn: exampleKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewHostedZoneDnsSec(ctx, \"exampleHostedZoneDnsSec\", &route53.HostedZoneDnsSecArgs{\n\t\t\tHostedZoneId: exampleKeySigningKey.HostedZoneId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleKeySigningKey,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_route53_hosted_zone_dnssec` resources can be imported by using the Route 53 Hosted Zone identifier, e.g.\n\n```sh\n $ pulumi import aws:route53/hostedZoneDnsSec:HostedZoneDnsSec example Z1D633PJN98FT9\n```\n\n ", + "properties": { + "hostedZoneId": { + "type": "string", + "description": "Identifier of the Route 53 Hosted Zone.\n" + }, + "signingStatus": { + "type": "string", + "description": "Hosted Zone signing status. Valid values: `SIGNING`, `NOT_SIGNING`. Defaults to `SIGNING`.\n" + } + }, + "required": [ + "hostedZoneId" + ], + "inputProperties": { + "hostedZoneId": { + "type": "string", + "description": "Identifier of the Route 53 Hosted Zone.\n" + }, + "signingStatus": { + "type": "string", + "description": "Hosted Zone signing status. Valid values: `SIGNING`, `NOT_SIGNING`. Defaults to `SIGNING`.\n" + } + }, + "requiredInputs": [ + "hostedZoneId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering HostedZoneDnsSec resources.\n", + "properties": { + "hostedZoneId": { + "type": "string", + "description": "Identifier of the Route 53 Hosted Zone.\n" + }, + "signingStatus": { + "type": "string", + "description": "Hosted Zone signing status. Valid values: `SIGNING`, `NOT_SIGNING`. Defaults to `SIGNING`.\n" + } + }, + "type": "object" + } + }, + "aws:route53/keySigningKey:KeySigningKey": { + "description": "Manages a Route 53 Key Signing Key. To manage Domain Name System Security Extensions (DNSSEC) for a Hosted Zone, see the `aws.route53.HostedZoneDnsSec` resource. For more information about managing DNSSEC in Route 53, see the [Route 53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {\n customerMasterKeySpec: \"ECC_NIST_P256\",\n deletionWindowInDays: 7,\n keyUsage: \"SIGN_VERIFY\",\n policy: JSON.stringify({\n Statement: [\n {\n Action: [\n \"kms:DescribeKey\",\n \"kms:GetPublicKey\",\n \"kms:Sign\",\n ],\n Effect: \"Allow\",\n Principal: {\n Service: \"dnssec-route53.amazonaws.com\",\n },\n Sid: \"Allow Route 53 DNSSEC Service\",\n Resource: \"*\",\n },\n {\n Action: \"kms:CreateGrant\",\n Effect: \"Allow\",\n Principal: {\n Service: \"dnssec-route53.amazonaws.com\",\n },\n Sid: \"Allow Route 53 DNSSEC Service to CreateGrant\",\n Resource: \"*\",\n Condition: {\n Bool: {\n \"kms:GrantIsForAWSResource\": \"true\",\n },\n },\n },\n {\n Action: \"kms:*\",\n Effect: \"Allow\",\n Principal: {\n AWS: \"*\",\n },\n Resource: \"*\",\n Sid: \"IAM User Permissions\",\n },\n ],\n Version: \"2012-10-17\",\n }),\n});\nconst exampleZone = new aws.route53.Zone(\"exampleZone\", {});\nconst exampleKeySigningKey = new aws.route53.KeySigningKey(\"exampleKeySigningKey\", {\n hostedZoneId: aws_route53_zone.test.id,\n keyManagementServiceArn: aws_kms_key.test.arn,\n});\nconst exampleHostedZoneDnsSec = new aws.route53.HostedZoneDnsSec(\"exampleHostedZoneDnsSec\", {hostedZoneId: exampleKeySigningKey.hostedZoneId}, {\n dependsOn: [exampleKeySigningKey],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample_key = aws.kms.Key(\"exampleKey\",\n customer_master_key_spec=\"ECC_NIST_P256\",\n deletion_window_in_days=7,\n key_usage=\"SIGN_VERIFY\",\n policy=json.dumps({\n \"Statement\": [\n {\n \"Action\": [\n \"kms:DescribeKey\",\n \"kms:GetPublicKey\",\n \"kms:Sign\",\n ],\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"dnssec-route53.amazonaws.com\",\n },\n \"Sid\": \"Allow Route 53 DNSSEC Service\",\n \"Resource\": \"*\",\n },\n {\n \"Action\": \"kms:CreateGrant\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"dnssec-route53.amazonaws.com\",\n },\n \"Sid\": \"Allow Route 53 DNSSEC Service to CreateGrant\",\n \"Resource\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"kms:GrantIsForAWSResource\": \"true\",\n },\n },\n },\n {\n \"Action\": \"kms:*\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\",\n },\n \"Resource\": \"*\",\n \"Sid\": \"IAM User Permissions\",\n },\n ],\n \"Version\": \"2012-10-17\",\n }))\nexample_zone = aws.route53.Zone(\"exampleZone\")\nexample_key_signing_key = aws.route53.KeySigningKey(\"exampleKeySigningKey\",\n hosted_zone_id=aws_route53_zone[\"test\"][\"id\"],\n key_management_service_arn=aws_kms_key[\"test\"][\"arn\"])\nexample_hosted_zone_dns_sec = aws.route53.HostedZoneDnsSec(\"exampleHostedZoneDnsSec\", hosted_zone_id=example_key_signing_key.hosted_zone_id,\nopts=pulumi.ResourceOptions(depends_on=[example_key_signing_key]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new Aws.Kms.KeyArgs\n {\n CustomerMasterKeySpec = \"ECC_NIST_P256\",\n DeletionWindowInDays = 7,\n KeyUsage = \"SIGN_VERIFY\",\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", new[]\n {\n \"kms:DescribeKey\",\n \"kms:GetPublicKey\",\n \"kms:Sign\",\n }\n },\n { \"Effect\", \"Allow\" },\n { \"Principal\", new Dictionary\n {\n { \"Service\", \"dnssec-route53.amazonaws.com\" },\n } },\n { \"Sid\", \"Allow Route 53 DNSSEC Service\" },\n { \"Resource\", \"*\" },\n },\n new Dictionary\n {\n { \"Action\", \"kms:CreateGrant\" },\n { \"Effect\", \"Allow\" },\n { \"Principal\", new Dictionary\n {\n { \"Service\", \"dnssec-route53.amazonaws.com\" },\n } },\n { \"Sid\", \"Allow Route 53 DNSSEC Service to CreateGrant\" },\n { \"Resource\", \"*\" },\n { \"Condition\", new Dictionary\n {\n { \"Bool\", new Dictionary\n {\n { \"kms:GrantIsForAWSResource\", \"true\" },\n } },\n } },\n },\n new Dictionary\n {\n { \"Action\", \"kms:*\" },\n { \"Effect\", \"Allow\" },\n { \"Principal\", new Dictionary\n {\n { \"AWS\", \"*\" },\n } },\n { \"Resource\", \"*\" },\n { \"Sid\", \"IAM User Permissions\" },\n },\n }\n },\n { \"Version\", \"2012-10-17\" },\n }),\n });\n var exampleZone = new Aws.Route53.Zone(\"exampleZone\", new Aws.Route53.ZoneArgs\n {\n });\n var exampleKeySigningKey = new Aws.Route53.KeySigningKey(\"exampleKeySigningKey\", new Aws.Route53.KeySigningKeyArgs\n {\n HostedZoneId = aws_route53_zone.Test.Id,\n KeyManagementServiceArn = aws_kms_key.Test.Arn,\n });\n var exampleHostedZoneDnsSec = new Aws.Route53.HostedZoneDnsSec(\"exampleHostedZoneDnsSec\", new Aws.Route53.HostedZoneDnsSecArgs\n {\n HostedZoneId = exampleKeySigningKey.HostedZoneId,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleKeySigningKey,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Statement\": []interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"kms:DescribeKey\",\n\t\t\t\t\t\t\"kms:GetPublicKey\",\n\t\t\t\t\t\t\"kms:Sign\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"dnssec-route53.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Sid\": \"Allow Route 53 DNSSEC Service\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"kms:CreateGrant\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"dnssec-route53.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Sid\": \"Allow Route 53 DNSSEC Service to CreateGrant\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t\t\"Condition\": map[string]interface{}{\n\t\t\t\t\t\t\"Bool\": map[string]interface{}{\n\t\t\t\t\t\t\t\"kms:GrantIsForAWSResource\": \"true\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"kms:*\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"AWS\": \"*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t\t\"Sid\": \"IAM User Permissions\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := kms.NewKey(ctx, \"exampleKey\", &kms.KeyArgs{\n\t\t\tCustomerMasterKeySpec: pulumi.String(\"ECC_NIST_P256\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tKeyUsage: pulumi.String(\"SIGN_VERIFY\"),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewZone(ctx, \"exampleZone\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleKeySigningKey, err := route53.NewKeySigningKey(ctx, \"exampleKeySigningKey\", &route53.KeySigningKeyArgs{\n\t\t\tHostedZoneId: pulumi.Any(aws_route53_zone.Test.Id),\n\t\t\tKeyManagementServiceArn: pulumi.Any(aws_kms_key.Test.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewHostedZoneDnsSec(ctx, \"exampleHostedZoneDnsSec\", &route53.HostedZoneDnsSecArgs{\n\t\t\tHostedZoneId: exampleKeySigningKey.HostedZoneId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleKeySigningKey,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_route53_key_signing_key` resources can be imported by using the Route 53 Hosted Zone identifier and KMS Key identifier, separated by a comma (`,`), e.g.\n\n```sh\n $ pulumi import aws:route53/keySigningKey:KeySigningKey example Z1D633PJN98FT9,example\n```\n\n ", + "properties": { + "digestAlgorithmMnemonic": { + "type": "string", + "description": "A string used to represent the delegation signer digest algorithm. This value must follow the guidelines provided by [RFC-8624 Section 3.3](https://tools.ietf.org/html/rfc8624#section-3.3).\n" + }, + "digestAlgorithmType": { + "type": "integer", + "description": "An integer used to represent the delegation signer digest algorithm. This value must follow the guidelines provided by [RFC-8624 Section 3.3](https://tools.ietf.org/html/rfc8624#section-3.3).\n" + }, + "digestValue": { + "type": "string", + "description": "A cryptographic digest of a DNSKEY resource record (RR). DNSKEY records are used to publish the public key that resolvers can use to verify DNSSEC signatures that are used to secure certain kinds of information provided by the DNS system.\n" + }, + "dnskeyRecord": { + "type": "string", + "description": "A string that represents a DNSKEY record.\n" + }, + "dsRecord": { + "type": "string", + "description": "A string that represents a delegation signer (DS) record.\n" + }, + "flag": { + "type": "integer", + "description": "An integer that specifies how the key is used. For key-signing key (KSK), this value is always 257.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "Identifier of the Route 53 Hosted Zone.\n" + }, + "keyManagementServiceArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Key Management Service (KMS) Key. This must be unique for each key-signing key (KSK) in a single hosted zone. This key must be in the `us-east-1` Region and meet certain requirements, which are described in the [Route 53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec-cmk-requirements.html) and [Route 53 API Reference](https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateKeySigningKey.html).\n" + }, + "keyTag": { + "type": "integer", + "description": "An integer used to identify the DNSSEC record for the domain name. The process used to calculate the value is described in [RFC-4034 Appendix B](https://tools.ietf.org/rfc/rfc4034.txt).\n" + }, + "name": { + "type": "string", + "description": "Name of the key-signing key (KSK). Must be unique for each key-singing key in the same hosted zone.\n" + }, + "publicKey": { + "type": "string", + "description": "The public key, represented as a Base64 encoding, as required by [RFC-4034 Page 5](https://tools.ietf.org/rfc/rfc4034.txt).\n" + }, + "signingAlgorithmMnemonic": { + "type": "string", + "description": "A string used to represent the signing algorithm. This value must follow the guidelines provided by [RFC-8624 Section 3.1](https://tools.ietf.org/html/rfc8624#section-3.1).\n" + }, + "signingAlgorithmType": { + "type": "integer", + "description": "An integer used to represent the signing algorithm. This value must follow the guidelines provided by [RFC-8624 Section 3.1](https://tools.ietf.org/html/rfc8624#section-3.1).\n" + }, + "status": { + "type": "string", + "description": "Status of the key-signing key (KSK). Valid values: `ACTIVE`, `INACTIVE`. Defaults to `ACTIVE`.\n" + } + }, + "required": [ + "digestAlgorithmMnemonic", + "digestAlgorithmType", + "digestValue", + "dnskeyRecord", + "dsRecord", + "flag", + "hostedZoneId", + "keyManagementServiceArn", + "keyTag", + "name", + "publicKey", + "signingAlgorithmMnemonic", + "signingAlgorithmType" + ], + "inputProperties": { + "hostedZoneId": { + "type": "string", + "description": "Identifier of the Route 53 Hosted Zone.\n" + }, + "keyManagementServiceArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Key Management Service (KMS) Key. This must be unique for each key-signing key (KSK) in a single hosted zone. This key must be in the `us-east-1` Region and meet certain requirements, which are described in the [Route 53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec-cmk-requirements.html) and [Route 53 API Reference](https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateKeySigningKey.html).\n" + }, + "name": { + "type": "string", + "description": "Name of the key-signing key (KSK). Must be unique for each key-singing key in the same hosted zone.\n" + }, + "status": { + "type": "string", + "description": "Status of the key-signing key (KSK). Valid values: `ACTIVE`, `INACTIVE`. Defaults to `ACTIVE`.\n" + } + }, + "requiredInputs": [ + "hostedZoneId", + "keyManagementServiceArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering KeySigningKey resources.\n", + "properties": { + "digestAlgorithmMnemonic": { + "type": "string", + "description": "A string used to represent the delegation signer digest algorithm. This value must follow the guidelines provided by [RFC-8624 Section 3.3](https://tools.ietf.org/html/rfc8624#section-3.3).\n" + }, + "digestAlgorithmType": { + "type": "integer", + "description": "An integer used to represent the delegation signer digest algorithm. This value must follow the guidelines provided by [RFC-8624 Section 3.3](https://tools.ietf.org/html/rfc8624#section-3.3).\n" + }, + "digestValue": { + "type": "string", + "description": "A cryptographic digest of a DNSKEY resource record (RR). DNSKEY records are used to publish the public key that resolvers can use to verify DNSSEC signatures that are used to secure certain kinds of information provided by the DNS system.\n" + }, + "dnskeyRecord": { + "type": "string", + "description": "A string that represents a DNSKEY record.\n" + }, + "dsRecord": { + "type": "string", + "description": "A string that represents a delegation signer (DS) record.\n" + }, + "flag": { + "type": "integer", + "description": "An integer that specifies how the key is used. For key-signing key (KSK), this value is always 257.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "Identifier of the Route 53 Hosted Zone.\n" + }, + "keyManagementServiceArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Key Management Service (KMS) Key. This must be unique for each key-signing key (KSK) in a single hosted zone. This key must be in the `us-east-1` Region and meet certain requirements, which are described in the [Route 53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-configuring-dnssec-cmk-requirements.html) and [Route 53 API Reference](https://docs.aws.amazon.com/Route53/latest/APIReference/API_CreateKeySigningKey.html).\n" + }, + "keyTag": { + "type": "integer", + "description": "An integer used to identify the DNSSEC record for the domain name. The process used to calculate the value is described in [RFC-4034 Appendix B](https://tools.ietf.org/rfc/rfc4034.txt).\n" + }, + "name": { + "type": "string", + "description": "Name of the key-signing key (KSK). Must be unique for each key-singing key in the same hosted zone.\n" + }, + "publicKey": { + "type": "string", + "description": "The public key, represented as a Base64 encoding, as required by [RFC-4034 Page 5](https://tools.ietf.org/rfc/rfc4034.txt).\n" + }, + "signingAlgorithmMnemonic": { + "type": "string", + "description": "A string used to represent the signing algorithm. This value must follow the guidelines provided by [RFC-8624 Section 3.1](https://tools.ietf.org/html/rfc8624#section-3.1).\n" + }, + "signingAlgorithmType": { + "type": "integer", + "description": "An integer used to represent the signing algorithm. This value must follow the guidelines provided by [RFC-8624 Section 3.1](https://tools.ietf.org/html/rfc8624#section-3.1).\n" + }, + "status": { + "type": "string", + "description": "Status of the key-signing key (KSK). Valid values: `ACTIVE`, `INACTIVE`. Defaults to `ACTIVE`.\n" + } + }, + "type": "object" + } + }, + "aws:route53/queryLog:QueryLog": { + "description": "Provides a Route53 query logging configuration resource.\n\n> **NOTE:** There are restrictions on the configuration of query logging. Notably,\nthe CloudWatch log group must be in the `us-east-1` region,\na permissive CloudWatch log resource policy must be in place, and\nthe Route53 hosted zone must be public.\nSee [Configuring Logging for DNS Queries](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/query-logs.html?console_help=true#query-logs-configuring) for additional details.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example CloudWatch log group in us-east-1\nconst us_east_1 = new aws.Provider(\"us-east-1\", {region: \"us-east-1\"});\nconst awsRoute53ExampleCom = new aws.cloudwatch.LogGroup(\"awsRoute53ExampleCom\", {retentionInDays: 30}, {\n provider: aws[\"us-east-1\"],\n});\n// Example CloudWatch log resource policy to allow Route53 to write logs\n// to any log group under /aws/route53/*\nconst route53-query-logging-policyPolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources: [\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals: [{\n identifiers: [\"route53.amazonaws.com\"],\n type: \"Service\",\n }],\n }],\n});\nconst route53_query_logging_policyLogResourcePolicy = new aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", {\n policyDocument: route53_query_logging_policyPolicyDocument.then(route53_query_logging_policyPolicyDocument => route53_query_logging_policyPolicyDocument.json),\n policyName: \"route53-query-logging-policy\",\n}, {\n provider: aws[\"us-east-1\"],\n});\n// Example Route53 zone with query logging\nconst exampleComZone = new aws.route53.Zone(\"exampleComZone\", {});\nconst exampleComQueryLog = new aws.route53.QueryLog(\"exampleComQueryLog\", {\n cloudwatchLogGroupArn: awsRoute53ExampleCom.arn,\n zoneId: exampleComZone.zoneId,\n}, {\n dependsOn: [route53_query_logging_policyLogResourcePolicy],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\n# Example CloudWatch log group in us-east-1\nus_east_1 = pulumi.providers.Aws(\"us-east-1\", region=\"us-east-1\")\naws_route53_example_com = aws.cloudwatch.LogGroup(\"awsRoute53ExampleCom\", retention_in_days=30,\nopts=pulumi.ResourceOptions(provider=aws[\"us-east-1\"]))\n# Example CloudWatch log resource policy to allow Route53 to write logs\n# to any log group under /aws/route53/*\nroute53_query_logging_policy_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n ],\n resources=[\"arn:aws:logs:*:*:log-group:/aws/route53/*\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"route53.amazonaws.com\"],\n type=\"Service\",\n )],\n)])\nroute53_query_logging_policy_log_resource_policy = aws.cloudwatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\",\n policy_document=route53_query_logging_policy_policy_document.json,\n policy_name=\"route53-query-logging-policy\",\n opts=pulumi.ResourceOptions(provider=aws[\"us-east-1\"]))\n# Example Route53 zone with query logging\nexample_com_zone = aws.route53.Zone(\"exampleComZone\")\nexample_com_query_log = aws.route53.QueryLog(\"exampleComQueryLog\",\n cloudwatch_log_group_arn=aws_route53_example_com.arn,\n zone_id=example_com_zone.zone_id,\n opts=pulumi.ResourceOptions(depends_on=[route53_query_logging_policy_log_resource_policy]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Example CloudWatch log group in us-east-1\n var us_east_1 = new Aws.Provider(\"us-east-1\", new Aws.ProviderArgs\n {\n Region = \"us-east-1\",\n });\n var awsRoute53ExampleCom = new Aws.CloudWatch.LogGroup(\"awsRoute53ExampleCom\", new Aws.CloudWatch.LogGroupArgs\n {\n RetentionInDays = 30,\n }, new CustomResourceOptions\n {\n Provider = aws.Us_east_1,\n });\n // Example CloudWatch log resource policy to allow Route53 to write logs\n // to any log group under /aws/route53/*\n var route53_query_logging_policyPolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"logs:CreateLogStream\",\n \"logs:PutLogEvents\",\n },\n Resources = \n {\n \"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Identifiers = \n {\n \"route53.amazonaws.com\",\n },\n Type = \"Service\",\n },\n },\n },\n },\n }));\n var route53_query_logging_policyLogResourcePolicy = new Aws.CloudWatch.LogResourcePolicy(\"route53-query-logging-policyLogResourcePolicy\", new Aws.CloudWatch.LogResourcePolicyArgs\n {\n PolicyDocument = route53_query_logging_policyPolicyDocument.Apply(route53_query_logging_policyPolicyDocument => route53_query_logging_policyPolicyDocument.Json),\n PolicyName = \"route53-query-logging-policy\",\n }, new CustomResourceOptions\n {\n Provider = aws.Us_east_1,\n });\n // Example Route53 zone with query logging\n var exampleComZone = new Aws.Route53.Zone(\"exampleComZone\", new Aws.Route53.ZoneArgs\n {\n });\n var exampleComQueryLog = new Aws.Route53.QueryLog(\"exampleComQueryLog\", new Aws.Route53.QueryLogArgs\n {\n CloudwatchLogGroupArn = awsRoute53ExampleCom.Arn,\n ZoneId = exampleComZone.ZoneId,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n route53_query_logging_policyLogResourcePolicy,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"us_east_1\", &providers.awsArgs{\n\t\t\tRegion: \"us-east-1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tawsRoute53ExampleCom, err := cloudwatch.NewLogGroup(ctx, \"awsRoute53ExampleCom\", &cloudwatch.LogGroupArgs{\n\t\t\tRetentionInDays: pulumi.Int(30),\n\t\t}, pulumi.Provider(aws.Us-east-1))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\troute53_query_logging_policyPolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"logs:CreateLogStream\",\n\t\t\t\t\t\t\"logs:PutLogEvents\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:logs:*:*:log-group:/aws/route53/*\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"route53.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudwatch.NewLogResourcePolicy(ctx, \"route53_query_logging_policyLogResourcePolicy\", &cloudwatch.LogResourcePolicyArgs{\n\t\t\tPolicyDocument: pulumi.String(route53_query_logging_policyPolicyDocument.Json),\n\t\t\tPolicyName: pulumi.String(\"route53-query-logging-policy\"),\n\t\t}, pulumi.Provider(aws.Us-east-1))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleComZone, err := route53.NewZone(ctx, \"exampleComZone\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewQueryLog(ctx, \"exampleComQueryLog\", &route53.QueryLogArgs{\n\t\t\tCloudwatchLogGroupArn: awsRoute53ExampleCom.Arn,\n\t\t\tZoneId: exampleComZone.ZoneId,\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\troute53_query_logging_policyLogResourcePolicy,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute53 query logging configurations can be imported using their ID, e.g.\n\n```sh\n $ pulumi import aws:route53/queryLog:QueryLog example_com xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx\n```\n\n ", + "properties": { + "cloudwatchLogGroupArn": { + "type": "string", + "description": "CloudWatch log group ARN to send query logs.\n" + }, + "zoneId": { + "type": "string", + "description": "Route53 hosted zone ID to enable query logs.\n" + } + }, + "required": [ + "cloudwatchLogGroupArn", + "zoneId" + ], + "inputProperties": { + "cloudwatchLogGroupArn": { + "type": "string", + "description": "CloudWatch log group ARN to send query logs.\n" + }, + "zoneId": { + "type": "string", + "description": "Route53 hosted zone ID to enable query logs.\n" + } + }, + "requiredInputs": [ + "cloudwatchLogGroupArn", + "zoneId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering QueryLog resources.\n", + "properties": { + "cloudwatchLogGroupArn": { + "type": "string", + "description": "CloudWatch log group ARN to send query logs.\n" + }, + "zoneId": { + "type": "string", + "description": "Route53 hosted zone ID to enable query logs.\n" + } + }, + "type": "object" + } + }, + "aws:route53/record:Record": { + "description": "Provides a Route53 record resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Simple routing policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst www = new aws.route53.Record(\"www\", {\n zoneId: aws_route53_zone.primary.zone_id,\n name: \"www.example.com\",\n type: \"A\",\n ttl: \"300\",\n records: [aws_eip.lb.public_ip],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwww = aws.route53.Record(\"www\",\n zone_id=aws_route53_zone[\"primary\"][\"zone_id\"],\n name=\"www.example.com\",\n type=\"A\",\n ttl=300,\n records=[aws_eip[\"lb\"][\"public_ip\"]])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var www = new Aws.Route53.Record(\"www\", new Aws.Route53.RecordArgs\n {\n ZoneId = aws_route53_zone.Primary.Zone_id,\n Name = \"www.example.com\",\n Type = \"A\",\n Ttl = 300,\n Records = \n {\n aws_eip.Lb.Public_ip,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewRecord(ctx, \"www\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Primary.Zone_id),\n\t\t\tName: pulumi.String(\"www.example.com\"),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_eip.Lb.Public_ip),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Weighted routing policy\nOther routing policies are configured similarly. See [AWS Route53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) for details.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst www_dev = new aws.route53.Record(\"www-dev\", {\n zoneId: aws_route53_zone.primary.zone_id,\n name: \"www\",\n type: \"CNAME\",\n ttl: \"5\",\n weightedRoutingPolicies: [{\n weight: 10,\n }],\n setIdentifier: \"dev\",\n records: [\"dev.example.com\"],\n});\nconst www_live = new aws.route53.Record(\"www-live\", {\n zoneId: aws_route53_zone.primary.zone_id,\n name: \"www\",\n type: \"CNAME\",\n ttl: \"5\",\n weightedRoutingPolicies: [{\n weight: 90,\n }],\n setIdentifier: \"live\",\n records: [\"live.example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwww_dev = aws.route53.Record(\"www-dev\",\n zone_id=aws_route53_zone[\"primary\"][\"zone_id\"],\n name=\"www\",\n type=\"CNAME\",\n ttl=5,\n weighted_routing_policies=[aws.route53.RecordWeightedRoutingPolicyArgs(\n weight=10,\n )],\n set_identifier=\"dev\",\n records=[\"dev.example.com\"])\nwww_live = aws.route53.Record(\"www-live\",\n zone_id=aws_route53_zone[\"primary\"][\"zone_id\"],\n name=\"www\",\n type=\"CNAME\",\n ttl=5,\n weighted_routing_policies=[aws.route53.RecordWeightedRoutingPolicyArgs(\n weight=90,\n )],\n set_identifier=\"live\",\n records=[\"live.example.com\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var www_dev = new Aws.Route53.Record(\"www-dev\", new Aws.Route53.RecordArgs\n {\n ZoneId = aws_route53_zone.Primary.Zone_id,\n Name = \"www\",\n Type = \"CNAME\",\n Ttl = 5,\n WeightedRoutingPolicies = \n {\n new Aws.Route53.Inputs.RecordWeightedRoutingPolicyArgs\n {\n Weight = 10,\n },\n },\n SetIdentifier = \"dev\",\n Records = \n {\n \"dev.example.com\",\n },\n });\n var www_live = new Aws.Route53.Record(\"www-live\", new Aws.Route53.RecordArgs\n {\n ZoneId = aws_route53_zone.Primary.Zone_id,\n Name = \"www\",\n Type = \"CNAME\",\n Ttl = 5,\n WeightedRoutingPolicies = \n {\n new Aws.Route53.Inputs.RecordWeightedRoutingPolicyArgs\n {\n Weight = 90,\n },\n },\n SetIdentifier = \"live\",\n Records = \n {\n \"live.example.com\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewRecord(ctx, \"www_dev\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Primary.Zone_id),\n\t\t\tName: pulumi.String(\"www\"),\n\t\t\tType: pulumi.String(\"CNAME\"),\n\t\t\tTtl: pulumi.Int(5),\n\t\t\tWeightedRoutingPolicies: route53.RecordWeightedRoutingPolicyArray{\n\t\t\t\t&route53.RecordWeightedRoutingPolicyArgs{\n\t\t\t\t\tWeight: pulumi.Int(10),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSetIdentifier: pulumi.String(\"dev\"),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"dev.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www_live\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Primary.Zone_id),\n\t\t\tName: pulumi.String(\"www\"),\n\t\t\tType: pulumi.String(\"CNAME\"),\n\t\t\tTtl: pulumi.Int(5),\n\t\t\tWeightedRoutingPolicies: route53.RecordWeightedRoutingPolicyArray{\n\t\t\t\t&route53.RecordWeightedRoutingPolicyArgs{\n\t\t\t\t\tWeight: pulumi.Int(90),\n\t\t\t\t},\n\t\t\t},\n\t\t\tSetIdentifier: pulumi.String(\"live\"),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"live.example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Alias record\nSee [related part of AWS Route53 Developer Guide](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html)\nto understand differences between alias and non-alias records.\n\nTTL for all alias records is [60 seconds](https://aws.amazon.com/route53/faqs/#dns_failover_do_i_need_to_adjust),\nyou cannot change this, therefore `ttl` has to be omitted in alias records.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.elb.LoadBalancer(\"main\", {\n availabilityZones: [\"us-east-1c\"],\n listeners: [{\n instancePort: 80,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: aws_route53_zone.primary.zone_id,\n name: \"example.com\",\n type: \"A\",\n aliases: [{\n name: main.dnsName,\n zoneId: main.zoneId,\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.LoadBalancer(\"main\",\n availability_zones=[\"us-east-1c\"],\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=80,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\nwww = aws.route53.Record(\"www\",\n zone_id=aws_route53_zone[\"primary\"][\"zone_id\"],\n name=\"example.com\",\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=main.dns_name,\n zone_id=main.zone_id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Elb.LoadBalancer(\"main\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-east-1c\",\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 80,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n var www = new Aws.Route53.Record(\"www\", new Aws.Route53.RecordArgs\n {\n ZoneId = aws_route53_zone.Primary.Zone_id,\n Name = \"example.com\",\n Type = \"A\",\n Aliases = \n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = main.DnsName,\n ZoneId = main.ZoneId,\n EvaluateTargetHealth = true,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := elb.NewLoadBalancer(ctx, \"main\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-east-1c\"),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(80),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Primary.Zone_id),\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t&route53.RecordAliasArgs{\n\t\t\t\t\tName: main.DnsName,\n\t\t\t\t\tZoneId: main.ZoneId,\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### NS and SOA Record Management\n\nWhen creating Route 53 zones, the `NS` and `SOA` records for the zone are automatically created. Enabling the `allow_overwrite` argument will allow managing these records in a single deployment without the requirement for `import`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleZone = new aws.route53.Zone(\"exampleZone\", {});\nconst exampleRecord = new aws.route53.Record(\"exampleRecord\", {\n allowOverwrite: true,\n name: \"test.example.com\",\n ttl: 172800,\n type: \"NS\",\n zoneId: exampleZone.zoneId,\n records: [\n exampleZone.nameServers[0],\n exampleZone.nameServers[1],\n exampleZone.nameServers[2],\n exampleZone.nameServers[3],\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_zone = aws.route53.Zone(\"exampleZone\")\nexample_record = aws.route53.Record(\"exampleRecord\",\n allow_overwrite=True,\n name=\"test.example.com\",\n ttl=172800,\n type=\"NS\",\n zone_id=example_zone.zone_id,\n records=[\n example_zone.name_servers[0],\n example_zone.name_servers[1],\n example_zone.name_servers[2],\n example_zone.name_servers[3],\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleZone = new Aws.Route53.Zone(\"exampleZone\", new Aws.Route53.ZoneArgs\n {\n });\n var exampleRecord = new Aws.Route53.Record(\"exampleRecord\", new Aws.Route53.RecordArgs\n {\n AllowOverwrite = true,\n Name = \"test.example.com\",\n Ttl = 172800,\n Type = \"NS\",\n ZoneId = exampleZone.ZoneId,\n Records = \n {\n exampleZone.NameServers.Apply(nameServers => nameServers[0]),\n exampleZone.NameServers.Apply(nameServers => nameServers[1]),\n exampleZone.NameServers.Apply(nameServers => nameServers[2]),\n exampleZone.NameServers.Apply(nameServers => nameServers[3]),\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleZone, err := route53.NewZone(ctx, \"exampleZone\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"exampleRecord\", &route53.RecordArgs{\n\t\t\tAllowOverwrite: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"test.example.com\"),\n\t\t\tTtl: pulumi.Int(172800),\n\t\t\tType: pulumi.String(\"NS\"),\n\t\t\tZoneId: exampleZone.ZoneId,\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\texampleZone.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[0], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\texampleZone.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[1], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\texampleZone.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[2], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t\texampleZone.NameServers.ApplyT(func(nameServers []string) (string, error) {\n\t\t\t\t\treturn nameServers[3], nil\n\t\t\t\t}).(pulumi.StringOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute53 Records can be imported using ID of the record, which is the zone identifier, record name, and record type, separated by underscores (`_`). e.g.\n\n```sh\n $ pulumi import aws:route53/record:Record myrecord Z4KAPRWWNC7JR_dev.example.com_NS\n```\n\n If the record also contains a delegated set identifier, it can be appended\n\n```sh\n $ pulumi import aws:route53/record:Record myrecord Z4KAPRWWNC7JR_dev.example.com_NS_dev\n```\n\n ", + "properties": { + "aliases": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordAlias:RecordAlias" + }, + "description": "An alias block. Conflicts with `ttl` & `records`.\nAlias record documented below.\n" + }, + "allowOverwrite": { + "type": "boolean", + "description": "Allow creation of this record to overwrite an existing record, if any. This does not affect the ability to update the record using this provider and does not prevent other resources within this provider or manual Route 53 changes outside this provider from overwriting this record. `false` by default. This configuration is not recommended for most environments.\n" + }, + "failoverRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordFailoverRoutingPolicy:RecordFailoverRoutingPolicy" + }, + "description": "A block indicating the routing behavior when associated health check fails. Conflicts with any other routing policy. Documented below.\n" + }, + "fqdn": { + "type": "string", + "description": "[FQDN](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) built using the zone domain and `name`.\n" + }, + "geolocationRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordGeolocationRoutingPolicy:RecordGeolocationRoutingPolicy" + }, + "description": "A block indicating a routing policy based on the geolocation of the requestor. Conflicts with any other routing policy. Documented below.\n" + }, + "healthCheckId": { + "type": "string", + "description": "The health check the record should be associated with.\n" + }, + "latencyRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordLatencyRoutingPolicy:RecordLatencyRoutingPolicy" + }, + "description": "A block indicating a routing policy based on the latency between the requestor and an AWS region. Conflicts with any other routing policy. Documented below.\n" + }, + "multivalueAnswerRoutingPolicy": { + "type": "boolean", + "description": "Set to `true` to indicate a multivalue answer routing policy. Conflicts with any other routing policy.\n" + }, + "name": { + "type": "string", + "description": "DNS domain name for a CloudFront distribution, S3 bucket, ELB, or another resource record set in this hosted zone.\n" + }, + "records": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A string list of records. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add `\\\"\\\"` inside the configuration string (e.g. `\"first255characters\\\"\\\"morecharacters\"`).\n" + }, + "setIdentifier": { + "type": "string", + "description": "Unique identifier to differentiate records with routing policies from one another. Required if using `failover`, `geolocation`, `latency`, or `weighted` routing policies documented below.\n" + }, + "ttl": { + "type": "integer", + "description": "The TTL of the record.\n" + }, + "type": { + "type": "string", + "description": "`PRIMARY` or `SECONDARY`. A `PRIMARY` record will be served if its healthcheck is passing, otherwise the `SECONDARY` will be served. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html#dns-failover-failover-rrsets\n" + }, + "weightedRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordWeightedRoutingPolicy:RecordWeightedRoutingPolicy" + }, + "description": "A block indicating a weighted routing policy. Conflicts with any other routing policy. Documented below.\n" + }, + "zoneId": { + "type": "string", + "description": "Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone. See `resource_elb.zone_id` for example.\n" + } + }, + "required": [ + "allowOverwrite", + "fqdn", + "name", + "type", + "zoneId" + ], + "inputProperties": { + "aliases": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordAlias:RecordAlias" + }, + "description": "An alias block. Conflicts with `ttl` & `records`.\nAlias record documented below.\n" + }, + "allowOverwrite": { + "type": "boolean", + "description": "Allow creation of this record to overwrite an existing record, if any. This does not affect the ability to update the record using this provider and does not prevent other resources within this provider or manual Route 53 changes outside this provider from overwriting this record. `false` by default. This configuration is not recommended for most environments.\n" + }, + "failoverRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordFailoverRoutingPolicy:RecordFailoverRoutingPolicy" + }, + "description": "A block indicating the routing behavior when associated health check fails. Conflicts with any other routing policy. Documented below.\n" + }, + "geolocationRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordGeolocationRoutingPolicy:RecordGeolocationRoutingPolicy" + }, + "description": "A block indicating a routing policy based on the geolocation of the requestor. Conflicts with any other routing policy. Documented below.\n" + }, + "healthCheckId": { + "type": "string", + "description": "The health check the record should be associated with.\n" + }, + "latencyRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordLatencyRoutingPolicy:RecordLatencyRoutingPolicy" + }, + "description": "A block indicating a routing policy based on the latency between the requestor and an AWS region. Conflicts with any other routing policy. Documented below.\n" + }, + "multivalueAnswerRoutingPolicy": { + "type": "boolean", + "description": "Set to `true` to indicate a multivalue answer routing policy. Conflicts with any other routing policy.\n" + }, + "name": { + "type": "string", + "description": "DNS domain name for a CloudFront distribution, S3 bucket, ELB, or another resource record set in this hosted zone.\n" + }, + "records": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A string list of records. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add `\\\"\\\"` inside the configuration string (e.g. `\"first255characters\\\"\\\"morecharacters\"`).\n" + }, + "setIdentifier": { + "type": "string", + "description": "Unique identifier to differentiate records with routing policies from one another. Required if using `failover`, `geolocation`, `latency`, or `weighted` routing policies documented below.\n" + }, + "ttl": { + "type": "integer", + "description": "The TTL of the record.\n" + }, + "type": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:route53/RecordType:RecordType" + } + ], + "description": "`PRIMARY` or `SECONDARY`. A `PRIMARY` record will be served if its healthcheck is passing, otherwise the `SECONDARY` will be served. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html#dns-failover-failover-rrsets\n" + }, + "weightedRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordWeightedRoutingPolicy:RecordWeightedRoutingPolicy" + }, + "description": "A block indicating a weighted routing policy. Conflicts with any other routing policy. Documented below.\n" + }, + "zoneId": { + "type": "string", + "description": "Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone. See `resource_elb.zone_id` for example.\n" + } + }, + "requiredInputs": [ + "name", + "type", + "zoneId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Record resources.\n", + "properties": { + "aliases": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordAlias:RecordAlias" + }, + "description": "An alias block. Conflicts with `ttl` & `records`.\nAlias record documented below.\n" + }, + "allowOverwrite": { + "type": "boolean", + "description": "Allow creation of this record to overwrite an existing record, if any. This does not affect the ability to update the record using this provider and does not prevent other resources within this provider or manual Route 53 changes outside this provider from overwriting this record. `false` by default. This configuration is not recommended for most environments.\n" + }, + "failoverRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordFailoverRoutingPolicy:RecordFailoverRoutingPolicy" + }, + "description": "A block indicating the routing behavior when associated health check fails. Conflicts with any other routing policy. Documented below.\n" + }, + "fqdn": { + "type": "string", + "description": "[FQDN](https://en.wikipedia.org/wiki/Fully_qualified_domain_name) built using the zone domain and `name`.\n" + }, + "geolocationRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordGeolocationRoutingPolicy:RecordGeolocationRoutingPolicy" + }, + "description": "A block indicating a routing policy based on the geolocation of the requestor. Conflicts with any other routing policy. Documented below.\n" + }, + "healthCheckId": { + "type": "string", + "description": "The health check the record should be associated with.\n" + }, + "latencyRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordLatencyRoutingPolicy:RecordLatencyRoutingPolicy" + }, + "description": "A block indicating a routing policy based on the latency between the requestor and an AWS region. Conflicts with any other routing policy. Documented below.\n" + }, + "multivalueAnswerRoutingPolicy": { + "type": "boolean", + "description": "Set to `true` to indicate a multivalue answer routing policy. Conflicts with any other routing policy.\n" + }, + "name": { + "type": "string", + "description": "DNS domain name for a CloudFront distribution, S3 bucket, ELB, or another resource record set in this hosted zone.\n" + }, + "records": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A string list of records. To specify a single record value longer than 255 characters such as a TXT record for DKIM, add `\\\"\\\"` inside the configuration string (e.g. `\"first255characters\\\"\\\"morecharacters\"`).\n" + }, + "setIdentifier": { + "type": "string", + "description": "Unique identifier to differentiate records with routing policies from one another. Required if using `failover`, `geolocation`, `latency`, or `weighted` routing policies documented below.\n" + }, + "ttl": { + "type": "integer", + "description": "The TTL of the record.\n" + }, + "type": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:route53/RecordType:RecordType" + } + ], + "description": "`PRIMARY` or `SECONDARY`. A `PRIMARY` record will be served if its healthcheck is passing, otherwise the `SECONDARY` will be served. See http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-configuring-options.html#dns-failover-failover-rrsets\n" + }, + "weightedRoutingPolicies": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/RecordWeightedRoutingPolicy:RecordWeightedRoutingPolicy" + }, + "description": "A block indicating a weighted routing policy. Conflicts with any other routing policy. Documented below.\n" + }, + "zoneId": { + "type": "string", + "description": "Hosted zone ID for a CloudFront distribution, S3 bucket, ELB, or Route 53 hosted zone. See `resource_elb.zone_id` for example.\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverDnsSecConfig:ResolverDnsSecConfig": { + "description": "Provides a Route 53 Resolver DNSSEC config resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n});\nconst exampleResolverDnsSecConfig = new aws.route53.ResolverDnsSecConfig(\"exampleResolverDnsSecConfig\", {resourceId: exampleVpc.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True)\nexample_resolver_dns_sec_config = aws.route53.ResolverDnsSecConfig(\"exampleResolverDnsSecConfig\", resource_id=example_vpc.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n });\n var exampleResolverDnsSecConfig = new Aws.Route53.ResolverDnsSecConfig(\"exampleResolverDnsSecConfig\", new Aws.Route53.ResolverDnsSecConfigArgs\n {\n ResourceId = exampleVpc.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewResolverDnsSecConfig(ctx, \"exampleResolverDnsSecConfig\", &route53.ResolverDnsSecConfigArgs{\n\t\t\tResourceId: exampleVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n Route 53 Resolver DNSSEC configs can be imported using the Route 53 Resolver DNSSEC config ID, e.g.\n\n```sh\n $ pulumi import aws:route53/resolverDnsSecConfig:ResolverDnsSecConfig example rdsc-be1866ecc1683e95\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN for a configuration for DNSSEC validation.\n" + }, + "ownerId": { + "type": "string", + "description": "The owner account ID of the virtual private cloud (VPC) for a configuration for DNSSEC validation.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of the virtual private cloud (VPC) that you're updating the DNSSEC validation status for.\n" + }, + "validationStatus": { + "type": "string", + "description": "The validation status for a DNSSEC configuration. The status can be one of the following: `ENABLING`, `ENABLED`, `DISABLING` and `DISABLED`.\n" + } + }, + "required": [ + "arn", + "ownerId", + "resourceId", + "validationStatus" + ], + "inputProperties": { + "resourceId": { + "type": "string", + "description": "The ID of the virtual private cloud (VPC) that you're updating the DNSSEC validation status for.\n" + } + }, + "requiredInputs": [ + "resourceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverDnsSecConfig resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN for a configuration for DNSSEC validation.\n" + }, + "ownerId": { + "type": "string", + "description": "The owner account ID of the virtual private cloud (VPC) for a configuration for DNSSEC validation.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of the virtual private cloud (VPC) that you're updating the DNSSEC validation status for.\n" + }, + "validationStatus": { + "type": "string", + "description": "The validation status for a DNSSEC configuration. The status can be one of the following: `ENABLING`, `ENABLED`, `DISABLING` and `DISABLED`.\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverEndpoint:ResolverEndpoint": { + "description": "Provides a Route 53 Resolver endpoint resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.route53.ResolverEndpoint(\"foo\", {\n direction: \"INBOUND\",\n securityGroupIds: [\n aws_security_group.sg1.id,\n aws_security_group.sg2.id,\n ],\n ipAddresses: [\n {\n subnetId: aws_subnet.sn1.id,\n },\n {\n subnetId: aws_subnet.sn2.id,\n ip: \"10.0.64.4\",\n },\n ],\n tags: {\n Environment: \"Prod\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.route53.ResolverEndpoint(\"foo\",\n direction=\"INBOUND\",\n security_group_ids=[\n aws_security_group[\"sg1\"][\"id\"],\n aws_security_group[\"sg2\"][\"id\"],\n ],\n ip_addresses=[\n aws.route53.ResolverEndpointIpAddressArgs(\n subnet_id=aws_subnet[\"sn1\"][\"id\"],\n ),\n aws.route53.ResolverEndpointIpAddressArgs(\n subnet_id=aws_subnet[\"sn2\"][\"id\"],\n ip=\"10.0.64.4\",\n ),\n ],\n tags={\n \"Environment\": \"Prod\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Route53.ResolverEndpoint(\"foo\", new Aws.Route53.ResolverEndpointArgs\n {\n Direction = \"INBOUND\",\n SecurityGroupIds = \n {\n aws_security_group.Sg1.Id,\n aws_security_group.Sg2.Id,\n },\n IpAddresses = \n {\n new Aws.Route53.Inputs.ResolverEndpointIpAddressArgs\n {\n SubnetId = aws_subnet.Sn1.Id,\n },\n new Aws.Route53.Inputs.ResolverEndpointIpAddressArgs\n {\n SubnetId = aws_subnet.Sn2.Id,\n Ip = \"10.0.64.4\",\n },\n },\n Tags = \n {\n { \"Environment\", \"Prod\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewResolverEndpoint(ctx, \"foo\", &route53.ResolverEndpointArgs{\n\t\t\tDirection: pulumi.String(\"INBOUND\"),\n\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Sg1.Id),\n\t\t\t\tpulumi.Any(aws_security_group.Sg2.Id),\n\t\t\t},\n\t\t\tIpAddresses: route53.ResolverEndpointIpAddressArray{\n\t\t\t\t&route53.ResolverEndpointIpAddressArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Sn1.Id),\n\t\t\t\t},\n\t\t\t\t&route53.ResolverEndpointIpAddressArgs{\n\t\t\t\t\tSubnetId: pulumi.Any(aws_subnet.Sn2.Id),\n\t\t\t\t\tIp: pulumi.String(\"10.0.64.4\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"Prod\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n Route 53 Resolver endpoints can be imported using the Route 53 Resolver endpoint ID, e.g.\n\n```sh\n $ pulumi import aws:route53/resolverEndpoint:ResolverEndpoint foo rslvr-in-abcdef01234567890\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Route 53 Resolver endpoint.\n" + }, + "direction": { + "type": "string", + "description": "The direction of DNS queries to or from the Route 53 Resolver endpoint.\nValid values are `INBOUND` (resolver forwards DNS queries to the DNS service for a VPC from your network or another VPC)\nor `OUTBOUND` (resolver forwards DNS queries from the DNS service for a VPC to your network or another VPC).\n" + }, + "hostVpcId": { + "type": "string", + "description": "The ID of the VPC that you want to create the resolver endpoint in.\n" + }, + "ipAddresses": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/ResolverEndpointIpAddress:ResolverEndpointIpAddress" + }, + "description": "The subnets and IP addresses in your VPC that you want DNS queries to pass through on the way from your VPCs\nto your network (for outbound endpoints) or on the way from your network to your VPCs (for inbound endpoints). Described below.\n" + }, + "name": { + "type": "string", + "description": "The friendly name of the Route 53 Resolver endpoint.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of one or more security groups that you want to use to control access to this VPC.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "direction", + "hostVpcId", + "ipAddresses", + "name", + "securityGroupIds", + "tagsAll" + ], + "inputProperties": { + "direction": { + "type": "string", + "description": "The direction of DNS queries to or from the Route 53 Resolver endpoint.\nValid values are `INBOUND` (resolver forwards DNS queries to the DNS service for a VPC from your network or another VPC)\nor `OUTBOUND` (resolver forwards DNS queries from the DNS service for a VPC to your network or another VPC).\n" + }, + "ipAddresses": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/ResolverEndpointIpAddress:ResolverEndpointIpAddress" + }, + "description": "The subnets and IP addresses in your VPC that you want DNS queries to pass through on the way from your VPCs\nto your network (for outbound endpoints) or on the way from your network to your VPCs (for inbound endpoints). Described below.\n" + }, + "name": { + "type": "string", + "description": "The friendly name of the Route 53 Resolver endpoint.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of one or more security groups that you want to use to control access to this VPC.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "direction", + "ipAddresses", + "securityGroupIds" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverEndpoint resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Route 53 Resolver endpoint.\n" + }, + "direction": { + "type": "string", + "description": "The direction of DNS queries to or from the Route 53 Resolver endpoint.\nValid values are `INBOUND` (resolver forwards DNS queries to the DNS service for a VPC from your network or another VPC)\nor `OUTBOUND` (resolver forwards DNS queries from the DNS service for a VPC to your network or another VPC).\n" + }, + "hostVpcId": { + "type": "string", + "description": "The ID of the VPC that you want to create the resolver endpoint in.\n" + }, + "ipAddresses": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/ResolverEndpointIpAddress:ResolverEndpointIpAddress" + }, + "description": "The subnets and IP addresses in your VPC that you want DNS queries to pass through on the way from your VPCs\nto your network (for outbound endpoints) or on the way from your network to your VPCs (for inbound endpoints). Described below.\n" + }, + "name": { + "type": "string", + "description": "The friendly name of the Route 53 Resolver endpoint.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of one or more security groups that you want to use to control access to this VPC.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverFirewallConfig:ResolverFirewallConfig": { + "description": "Provides a Route 53 Resolver DNS Firewall config resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n});\nconst exampleResolverFirewallConfig = new aws.route53.ResolverFirewallConfig(\"exampleResolverFirewallConfig\", {\n resourceId: exampleVpc.id,\n firewallFailOpen: \"ENABLED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True)\nexample_resolver_firewall_config = aws.route53.ResolverFirewallConfig(\"exampleResolverFirewallConfig\",\n resource_id=example_vpc.id,\n firewall_fail_open=\"ENABLED\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n });\n var exampleResolverFirewallConfig = new Aws.Route53.ResolverFirewallConfig(\"exampleResolverFirewallConfig\", new Aws.Route53.ResolverFirewallConfigArgs\n {\n ResourceId = exampleVpc.Id,\n FirewallFailOpen = \"ENABLED\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewResolverFirewallConfig(ctx, \"exampleResolverFirewallConfig\", &route53.ResolverFirewallConfigArgs{\n\t\t\tResourceId: exampleVpc.ID(),\n\t\t\tFirewallFailOpen: pulumi.String(\"ENABLED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute 53 Resolver DNS Firewall configs can be imported using the Route 53 Resolver DNS Firewall config ID, e.g.\n\n```sh\n $ pulumi import aws:route53/resolverFirewallConfig:ResolverFirewallConfig example rdsc-be1866ecc1683e95\n```\n\n ", + "properties": { + "firewallFailOpen": { + "type": "string", + "description": "Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. Valid values: `ENABLED`, `DISABLED`.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the owner of the VPC that this firewall configuration applies to.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of the VPC that the configuration is for.\n" + } + }, + "required": [ + "firewallFailOpen", + "ownerId", + "resourceId" + ], + "inputProperties": { + "firewallFailOpen": { + "type": "string", + "description": "Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. Valid values: `ENABLED`, `DISABLED`.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of the VPC that the configuration is for.\n" + } + }, + "requiredInputs": [ + "resourceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverFirewallConfig resources.\n", + "properties": { + "firewallFailOpen": { + "type": "string", + "description": "Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply. By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly. If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them. Valid values: `ENABLED`, `DISABLED`.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the owner of the VPC that this firewall configuration applies to.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of the VPC that the configuration is for.\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverFirewallDomainList:ResolverFirewallDomainList": { + "description": "Provides a Route 53 Resolver DNS Firewall domain list resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.route53.ResolverFirewallDomainList(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.ResolverFirewallDomainList(\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Route53.ResolverFirewallDomainList(\"example\", new Aws.Route53.ResolverFirewallDomainListArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewResolverFirewallDomainList(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n Route 53 Resolver DNS Firewall domain lists can be imported using the Route 53 Resolver DNS Firewall domain list ID, e.g.\n\n```sh\n $ pulumi import aws:route53/resolverFirewallDomainList:ResolverFirewallDomainList example rslvr-fdl-0123456789abcdef\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the domain list.\n" + }, + "domains": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A array of domains for the firewall domain list.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the domain list, to manage and use it.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "domains": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A array of domains for the firewall domain list.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the domain list, to manage and use it.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverFirewallDomainList resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the domain list.\n" + }, + "domains": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A array of domains for the firewall domain list.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the domain list, to manage and use it.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverFirewallRule:ResolverFirewallRule": { + "description": "Provides a Route 53 Resolver DNS Firewall rule resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleResolverFirewallDomainList = new aws.route53.ResolverFirewallDomainList(\"exampleResolverFirewallDomainList\", {\n domains: [\"example.com\"],\n tags: {},\n});\nconst exampleResolverFirewallRuleGroup = new aws.route53.ResolverFirewallRuleGroup(\"exampleResolverFirewallRuleGroup\", {tags: {}});\nconst exampleResolverFirewallRule = new aws.route53.ResolverFirewallRule(\"exampleResolverFirewallRule\", {\n action: \"BLOCK\",\n blockOverrideDnsType: \"CNAME\",\n blockOverrideDomain: \"example.com\",\n blockOverrideTtl: 1,\n blockResponse: \"OVERRIDE\",\n firewallDomainListId: exampleResolverFirewallDomainList.id,\n firewallRuleGroupId: exampleResolverFirewallRuleGroup.id,\n priority: 100,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_resolver_firewall_domain_list = aws.route53.ResolverFirewallDomainList(\"exampleResolverFirewallDomainList\",\n domains=[\"example.com\"],\n tags={})\nexample_resolver_firewall_rule_group = aws.route53.ResolverFirewallRuleGroup(\"exampleResolverFirewallRuleGroup\", tags={})\nexample_resolver_firewall_rule = aws.route53.ResolverFirewallRule(\"exampleResolverFirewallRule\",\n action=\"BLOCK\",\n block_override_dns_type=\"CNAME\",\n block_override_domain=\"example.com\",\n block_override_ttl=1,\n block_response=\"OVERRIDE\",\n firewall_domain_list_id=example_resolver_firewall_domain_list.id,\n firewall_rule_group_id=example_resolver_firewall_rule_group.id,\n priority=100)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleResolverFirewallDomainList = new Aws.Route53.ResolverFirewallDomainList(\"exampleResolverFirewallDomainList\", new Aws.Route53.ResolverFirewallDomainListArgs\n {\n Domains = \n {\n \"example.com\",\n },\n Tags = ,\n });\n var exampleResolverFirewallRuleGroup = new Aws.Route53.ResolverFirewallRuleGroup(\"exampleResolverFirewallRuleGroup\", new Aws.Route53.ResolverFirewallRuleGroupArgs\n {\n Tags = ,\n });\n var exampleResolverFirewallRule = new Aws.Route53.ResolverFirewallRule(\"exampleResolverFirewallRule\", new Aws.Route53.ResolverFirewallRuleArgs\n {\n Action = \"BLOCK\",\n BlockOverrideDnsType = \"CNAME\",\n BlockOverrideDomain = \"example.com\",\n BlockOverrideTtl = 1,\n BlockResponse = \"OVERRIDE\",\n FirewallDomainListId = exampleResolverFirewallDomainList.Id,\n FirewallRuleGroupId = exampleResolverFirewallRuleGroup.Id,\n Priority = 100,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleResolverFirewallDomainList, err := route53.NewResolverFirewallDomainList(ctx, \"exampleResolverFirewallDomainList\", &route53.ResolverFirewallDomainListArgs{\n\t\t\tDomains: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"example.com\"),\n\t\t\t},\n\t\t\tTags: nil,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleResolverFirewallRuleGroup, err := route53.NewResolverFirewallRuleGroup(ctx, \"exampleResolverFirewallRuleGroup\", &route53.ResolverFirewallRuleGroupArgs{\n\t\t\tTags: nil,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewResolverFirewallRule(ctx, \"exampleResolverFirewallRule\", &route53.ResolverFirewallRuleArgs{\n\t\t\tAction: pulumi.String(\"BLOCK\"),\n\t\t\tBlockOverrideDnsType: pulumi.String(\"CNAME\"),\n\t\t\tBlockOverrideDomain: pulumi.String(\"example.com\"),\n\t\t\tBlockOverrideTtl: pulumi.Int(1),\n\t\t\tBlockResponse: pulumi.String(\"OVERRIDE\"),\n\t\t\tFirewallDomainListId: exampleResolverFirewallDomainList.ID(),\n\t\t\tFirewallRuleGroupId: exampleResolverFirewallRuleGroup.ID(),\n\t\t\tPriority: pulumi.Int(100),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n Route 53 Resolver DNS Firewall rules can be imported using the Route 53 Resolver DNS Firewall rule group ID and domain list ID separated by ':', e.g.\n\n```sh\n $ pulumi import aws:route53/resolverFirewallRule:ResolverFirewallRule example rslvr-frg-0123456789abcdef:rslvr-fdl-0123456789abcdef\n```\n\n ", + "properties": { + "action": { + "type": "string", + "description": "The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: `ALLOW`, `BLOCK`, `ALERT`.\n" + }, + "blockOverrideDnsType": { + "type": "string", + "description": "The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: `CNAME`.\n" + }, + "blockOverrideDomain": { + "type": "string", + "description": "The custom DNS record to send back in response to the query.\n" + }, + "blockOverrideTtl": { + "type": "integer", + "description": "The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.\n" + }, + "blockResponse": { + "type": "string", + "description": "The way that you want DNS Firewall to block the request. Valid values: `NODATA`, `NXDOMAIN`, `OVERRIDE`.\n" + }, + "firewallDomainListId": { + "type": "string", + "description": "The ID of the domain list that you want to use in the rule.\n" + }, + "firewallRuleGroupId": { + "type": "string", + "description": "The unique identifier of the firewall rule group where you want to create the rule.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the rule, to manage and use it.\n" + }, + "priority": { + "type": "integer", + "description": "The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.\n" + } + }, + "required": [ + "action", + "firewallDomainListId", + "firewallRuleGroupId", + "name", + "priority" + ], + "inputProperties": { + "action": { + "type": "string", + "description": "The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: `ALLOW`, `BLOCK`, `ALERT`.\n" + }, + "blockOverrideDnsType": { + "type": "string", + "description": "The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: `CNAME`.\n" + }, + "blockOverrideDomain": { + "type": "string", + "description": "The custom DNS record to send back in response to the query.\n" + }, + "blockOverrideTtl": { + "type": "integer", + "description": "The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.\n" + }, + "blockResponse": { + "type": "string", + "description": "The way that you want DNS Firewall to block the request. Valid values: `NODATA`, `NXDOMAIN`, `OVERRIDE`.\n" + }, + "firewallDomainListId": { + "type": "string", + "description": "The ID of the domain list that you want to use in the rule.\n" + }, + "firewallRuleGroupId": { + "type": "string", + "description": "The unique identifier of the firewall rule group where you want to create the rule.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the rule, to manage and use it.\n" + }, + "priority": { + "type": "integer", + "description": "The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.\n" + } + }, + "requiredInputs": [ + "action", + "firewallDomainListId", + "firewallRuleGroupId", + "priority" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverFirewallRule resources.\n", + "properties": { + "action": { + "type": "string", + "description": "The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list. Valid values: `ALLOW`, `BLOCK`, `ALERT`.\n" + }, + "blockOverrideDnsType": { + "type": "string", + "description": "The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Value values: `CNAME`.\n" + }, + "blockOverrideDomain": { + "type": "string", + "description": "The custom DNS record to send back in response to the query.\n" + }, + "blockOverrideTtl": { + "type": "integer", + "description": "The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Minimum value of 0. Maximum value of 604800.\n" + }, + "blockResponse": { + "type": "string", + "description": "The way that you want DNS Firewall to block the request. Valid values: `NODATA`, `NXDOMAIN`, `OVERRIDE`.\n" + }, + "firewallDomainListId": { + "type": "string", + "description": "The ID of the domain list that you want to use in the rule.\n" + }, + "firewallRuleGroupId": { + "type": "string", + "description": "The unique identifier of the firewall rule group where you want to create the rule.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the rule, to manage and use it.\n" + }, + "priority": { + "type": "integer", + "description": "The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverFirewallRuleGroup:ResolverFirewallRuleGroup": { + "description": "Provides a Route 53 Resolver DNS Firewall rule group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.route53.ResolverFirewallRuleGroup(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.ResolverFirewallRuleGroup(\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Route53.ResolverFirewallRuleGroup(\"example\", new Aws.Route53.ResolverFirewallRuleGroupArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewResolverFirewallRuleGroup(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n Route 53 Resolver DNS Firewall rule groups can be imported using the Route 53 Resolver DNS Firewall rule group ID, e.g.\n\n```sh\n $ pulumi import aws:route53/resolverFirewallRuleGroup:ResolverFirewallRuleGroup example rslvr-frg-0123456789abcdef\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the rule group.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the rule group, to manage and use it.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.\n" + }, + "shareStatus": { + "type": "string", + "description": "Whether the rule group is shared with other AWS accounts, or was shared with the current account by another AWS account. Sharing is configured through AWS Resource Access Manager (AWS RAM). Valid values: `NOT_SHARED`, `SHARED_BY_ME`, `SHARED_WITH_ME`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "ownerId", + "shareStatus", + "tagsAll" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "A name that lets you identify the rule group, to manage and use it.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverFirewallRuleGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the rule group.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the rule group, to manage and use it.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.\n" + }, + "shareStatus": { + "type": "string", + "description": "Whether the rule group is shared with other AWS accounts, or was shared with the current account by another AWS account. Sharing is configured through AWS Resource Access Manager (AWS RAM). Valid values: `NOT_SHARED`, `SHARED_BY_ME`, `SHARED_WITH_ME`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverFirewallRuleGroupAssociation:ResolverFirewallRuleGroupAssociation": { + "description": "Provides a Route 53 Resolver DNS Firewall rule group association resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleResolverFirewallRuleGroup = new aws.route53.ResolverFirewallRuleGroup(\"exampleResolverFirewallRuleGroup\", {});\nconst exampleResolverFirewallRuleGroupAssociation = new aws.route53.ResolverFirewallRuleGroupAssociation(\"exampleResolverFirewallRuleGroupAssociation\", {\n firewallRuleGroupId: exampleResolverFirewallRuleGroup.id,\n priority: 100,\n vpcId: aws_vpc.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_resolver_firewall_rule_group = aws.route53.ResolverFirewallRuleGroup(\"exampleResolverFirewallRuleGroup\")\nexample_resolver_firewall_rule_group_association = aws.route53.ResolverFirewallRuleGroupAssociation(\"exampleResolverFirewallRuleGroupAssociation\",\n firewall_rule_group_id=example_resolver_firewall_rule_group.id,\n priority=100,\n vpc_id=aws_vpc[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleResolverFirewallRuleGroup = new Aws.Route53.ResolverFirewallRuleGroup(\"exampleResolverFirewallRuleGroup\", new Aws.Route53.ResolverFirewallRuleGroupArgs\n {\n });\n var exampleResolverFirewallRuleGroupAssociation = new Aws.Route53.ResolverFirewallRuleGroupAssociation(\"exampleResolverFirewallRuleGroupAssociation\", new Aws.Route53.ResolverFirewallRuleGroupAssociationArgs\n {\n FirewallRuleGroupId = exampleResolverFirewallRuleGroup.Id,\n Priority = 100,\n VpcId = aws_vpc.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleResolverFirewallRuleGroup, err := route53.NewResolverFirewallRuleGroup(ctx, \"exampleResolverFirewallRuleGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewResolverFirewallRuleGroupAssociation(ctx, \"exampleResolverFirewallRuleGroupAssociation\", &route53.ResolverFirewallRuleGroupAssociationArgs{\n\t\t\tFirewallRuleGroupId: exampleResolverFirewallRuleGroup.ID(),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute 53 Resolver DNS Firewall rule group associations can be imported using the Route 53 Resolver DNS Firewall rule group association ID, e.g.\n\n```sh\n $ pulumi import aws:route53/resolverFirewallRuleGroupAssociation:ResolverFirewallRuleGroupAssociation example rslvr-frgassoc-0123456789abcdef\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the firewall rule group association.\n" + }, + "firewallRuleGroupId": { + "type": "string", + "description": "The unique identifier of the firewall rule group.\n" + }, + "mutationProtection": { + "type": "string", + "description": "If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. Valid values: `ENABLED`, `DISABLED`.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the rule group association, to manage and use it.\n" + }, + "priority": { + "type": "integer", + "description": "The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The unique identifier of the VPC that you want to associate with the rule group.\n" + } + }, + "required": [ + "arn", + "firewallRuleGroupId", + "mutationProtection", + "name", + "priority", + "tagsAll", + "vpcId" + ], + "inputProperties": { + "firewallRuleGroupId": { + "type": "string", + "description": "The unique identifier of the firewall rule group.\n" + }, + "mutationProtection": { + "type": "string", + "description": "If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. Valid values: `ENABLED`, `DISABLED`.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the rule group association, to manage and use it.\n" + }, + "priority": { + "type": "integer", + "description": "The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The unique identifier of the VPC that you want to associate with the rule group.\n" + } + }, + "requiredInputs": [ + "firewallRuleGroupId", + "priority", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverFirewallRuleGroupAssociation resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the firewall rule group association.\n" + }, + "firewallRuleGroupId": { + "type": "string", + "description": "The unique identifier of the firewall rule group.\n" + }, + "mutationProtection": { + "type": "string", + "description": "If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. Valid values: `ENABLED`, `DISABLED`.\n" + }, + "name": { + "type": "string", + "description": "A name that lets you identify the rule group association, to manage and use it.\n" + }, + "priority": { + "type": "integer", + "description": "The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from the rule group with the lowest numeric priority setting.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The unique identifier of the VPC that you want to associate with the rule group.\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverQueryLogConfig:ResolverQueryLogConfig": { + "description": "Provides a Route 53 Resolver query logging configuration resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.route53.ResolverQueryLogConfig(\"example\", {\n destinationArn: aws_s3_bucket.example.arn,\n tags: {\n Environment: \"Prod\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.ResolverQueryLogConfig(\"example\",\n destination_arn=aws_s3_bucket[\"example\"][\"arn\"],\n tags={\n \"Environment\": \"Prod\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Route53.ResolverQueryLogConfig(\"example\", new Aws.Route53.ResolverQueryLogConfigArgs\n {\n DestinationArn = aws_s3_bucket.Example.Arn,\n Tags = \n {\n { \"Environment\", \"Prod\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewResolverQueryLogConfig(ctx, \"example\", &route53.ResolverQueryLogConfigArgs{\n\t\t\tDestinationArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"Prod\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n Route 53 Resolver query logging configurations can be imported using the Route 53 Resolver query logging configuration ID, e.g.\n\n```sh\n $ pulumi import aws:route53/resolverQueryLogConfig:ResolverQueryLogConfig example rqlc-92edc3b1838248bf\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the Route 53 Resolver query logging configuration.\n" + }, + "destinationArn": { + "type": "string", + "description": "The ARN of the resource that you want Route 53 Resolver to send query logs.\nYou can send query logs to an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.\n" + }, + "name": { + "type": "string", + "description": "The name of the Route 53 Resolver query logging configuration.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the account that created the query logging configuration.\n" + }, + "shareStatus": { + "type": "string", + "description": "An indication of whether the query logging configuration is shared with other AWS accounts, or was shared with the current account by another AWS account.\nSharing is configured through AWS Resource Access Manager (AWS RAM).\nValues are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "destinationArn", + "name", + "ownerId", + "shareStatus", + "tagsAll" + ], + "inputProperties": { + "destinationArn": { + "type": "string", + "description": "The ARN of the resource that you want Route 53 Resolver to send query logs.\nYou can send query logs to an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.\n" + }, + "name": { + "type": "string", + "description": "The name of the Route 53 Resolver query logging configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "destinationArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverQueryLogConfig resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the Route 53 Resolver query logging configuration.\n" + }, + "destinationArn": { + "type": "string", + "description": "The ARN of the resource that you want Route 53 Resolver to send query logs.\nYou can send query logs to an S3 bucket, a CloudWatch Logs log group, or a Kinesis Data Firehose delivery stream.\n" + }, + "name": { + "type": "string", + "description": "The name of the Route 53 Resolver query logging configuration.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the account that created the query logging configuration.\n" + }, + "shareStatus": { + "type": "string", + "description": "An indication of whether the query logging configuration is shared with other AWS accounts, or was shared with the current account by another AWS account.\nSharing is configured through AWS Resource Access Manager (AWS RAM).\nValues are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverQueryLogConfigAssociation:ResolverQueryLogConfigAssociation": { + "description": "Provides a Route 53 Resolver query logging configuration association resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.route53.ResolverQueryLogConfigAssociation(\"example\", {\n resolverQueryLogConfigId: aws_route53_resolver_query_log_config.example.id,\n resourceId: aws_vpc.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.ResolverQueryLogConfigAssociation(\"example\",\n resolver_query_log_config_id=aws_route53_resolver_query_log_config[\"example\"][\"id\"],\n resource_id=aws_vpc[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Route53.ResolverQueryLogConfigAssociation(\"example\", new Aws.Route53.ResolverQueryLogConfigAssociationArgs\n {\n ResolverQueryLogConfigId = aws_route53_resolver_query_log_config.Example.Id,\n ResourceId = aws_vpc.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewResolverQueryLogConfigAssociation(ctx, \"example\", &route53.ResolverQueryLogConfigAssociationArgs{\n\t\t\tResolverQueryLogConfigId: pulumi.Any(aws_route53_resolver_query_log_config.Example.Id),\n\t\t\tResourceId: pulumi.Any(aws_vpc.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n Route 53 Resolver query logging configuration associations can be imported using the Route 53 Resolver query logging configuration association ID, e.g.\n\n```sh\n $ pulumi import aws:route53/resolverQueryLogConfigAssociation:ResolverQueryLogConfigAssociation example rqlca-b320624fef3c4d70\n```\n\n ", + "properties": { + "resolverQueryLogConfigId": { + "type": "string", + "description": "The ID of the Route 53 Resolver query logging configuration that you want to associate a VPC with.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of a VPC that you want this query logging configuration to log queries for.\n" + } + }, + "required": [ + "resolverQueryLogConfigId", + "resourceId" + ], + "inputProperties": { + "resolverQueryLogConfigId": { + "type": "string", + "description": "The ID of the Route 53 Resolver query logging configuration that you want to associate a VPC with.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of a VPC that you want this query logging configuration to log queries for.\n" + } + }, + "requiredInputs": [ + "resolverQueryLogConfigId", + "resourceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverQueryLogConfigAssociation resources.\n", + "properties": { + "resolverQueryLogConfigId": { + "type": "string", + "description": "The ID of the Route 53 Resolver query logging configuration that you want to associate a VPC with.\n" + }, + "resourceId": { + "type": "string", + "description": "The ID of a VPC that you want this query logging configuration to log queries for.\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverRule:ResolverRule": { + "description": "Provides a Route53 Resolver rule.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### System rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sys = new aws.route53.ResolverRule(\"sys\", {\n domainName: \"subdomain.example.com\",\n ruleType: \"SYSTEM\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsys = aws.route53.ResolverRule(\"sys\",\n domain_name=\"subdomain.example.com\",\n rule_type=\"SYSTEM\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sys = new Aws.Route53.ResolverRule(\"sys\", new Aws.Route53.ResolverRuleArgs\n {\n DomainName = \"subdomain.example.com\",\n RuleType = \"SYSTEM\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewResolverRule(ctx, \"sys\", &route53.ResolverRuleArgs{\n\t\t\tDomainName: pulumi.String(\"subdomain.example.com\"),\n\t\t\tRuleType: pulumi.String(\"SYSTEM\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Forward rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fwd = new aws.route53.ResolverRule(\"fwd\", {\n domainName: \"example.com\",\n ruleType: \"FORWARD\",\n resolverEndpointId: aws_route53_resolver_endpoint.foo.id,\n targetIps: [{\n ip: \"123.45.67.89\",\n }],\n tags: {\n Environment: \"Prod\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfwd = aws.route53.ResolverRule(\"fwd\",\n domain_name=\"example.com\",\n rule_type=\"FORWARD\",\n resolver_endpoint_id=aws_route53_resolver_endpoint[\"foo\"][\"id\"],\n target_ips=[aws.route53.ResolverRuleTargetIpArgs(\n ip=\"123.45.67.89\",\n )],\n tags={\n \"Environment\": \"Prod\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fwd = new Aws.Route53.ResolverRule(\"fwd\", new Aws.Route53.ResolverRuleArgs\n {\n DomainName = \"example.com\",\n RuleType = \"FORWARD\",\n ResolverEndpointId = aws_route53_resolver_endpoint.Foo.Id,\n TargetIps = \n {\n new Aws.Route53.Inputs.ResolverRuleTargetIpArgs\n {\n Ip = \"123.45.67.89\",\n },\n },\n Tags = \n {\n { \"Environment\", \"Prod\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewResolverRule(ctx, \"fwd\", &route53.ResolverRuleArgs{\n\t\t\tDomainName: pulumi.String(\"example.com\"),\n\t\t\tRuleType: pulumi.String(\"FORWARD\"),\n\t\t\tResolverEndpointId: pulumi.Any(aws_route53_resolver_endpoint.Foo.Id),\n\t\t\tTargetIps: route53.ResolverRuleTargetIpArray{\n\t\t\t\t&route53.ResolverRuleTargetIpArgs{\n\t\t\t\t\tIp: pulumi.String(\"123.45.67.89\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"Prod\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute53 Resolver rules can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:route53/resolverRule:ResolverRule sys rslvr-rr-0123456789abcdef0\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) for the resolver rule.\n" + }, + "domainName": { + "type": "string", + "description": "DNS queries for this domain name are forwarded to the IP addresses that are specified using `target_ip`.\n" + }, + "name": { + "type": "string", + "description": "A friendly name that lets you easily find a rule in the Resolver dashboard in the Route 53 console.\n" + }, + "ownerId": { + "type": "string", + "description": "When a rule is shared with another AWS account, the account ID of the account that the rule is shared with.\n" + }, + "resolverEndpointId": { + "type": "string", + "description": "The ID of the outbound resolver endpoint that you want to use to route DNS queries to the IP addresses that you specify using `target_ip`.\nThis argument should only be specified for `FORWARD` type rules.\n" + }, + "ruleType": { + "type": "string", + "description": "The rule type. Valid values are `FORWARD`, `SYSTEM` and `RECURSIVE`.\n" + }, + "shareStatus": { + "type": "string", + "description": "Whether the rules is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account.\nValues are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetIps": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/ResolverRuleTargetIp:ResolverRuleTargetIp" + }, + "description": "Configuration block(s) indicating the IPs that you want Resolver to forward DNS queries to (documented below).\nThis argument should only be specified for `FORWARD` type rules.\n" + } + }, + "required": [ + "arn", + "domainName", + "name", + "ownerId", + "ruleType", + "shareStatus", + "tagsAll" + ], + "inputProperties": { + "domainName": { + "type": "string", + "description": "DNS queries for this domain name are forwarded to the IP addresses that are specified using `target_ip`.\n" + }, + "name": { + "type": "string", + "description": "A friendly name that lets you easily find a rule in the Resolver dashboard in the Route 53 console.\n" + }, + "resolverEndpointId": { + "type": "string", + "description": "The ID of the outbound resolver endpoint that you want to use to route DNS queries to the IP addresses that you specify using `target_ip`.\nThis argument should only be specified for `FORWARD` type rules.\n" + }, + "ruleType": { + "type": "string", + "description": "The rule type. Valid values are `FORWARD`, `SYSTEM` and `RECURSIVE`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetIps": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/ResolverRuleTargetIp:ResolverRuleTargetIp" + }, + "description": "Configuration block(s) indicating the IPs that you want Resolver to forward DNS queries to (documented below).\nThis argument should only be specified for `FORWARD` type rules.\n" + } + }, + "requiredInputs": [ + "domainName", + "ruleType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverRule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) for the resolver rule.\n" + }, + "domainName": { + "type": "string", + "description": "DNS queries for this domain name are forwarded to the IP addresses that are specified using `target_ip`.\n" + }, + "name": { + "type": "string", + "description": "A friendly name that lets you easily find a rule in the Resolver dashboard in the Route 53 console.\n" + }, + "ownerId": { + "type": "string", + "description": "When a rule is shared with another AWS account, the account ID of the account that the rule is shared with.\n" + }, + "resolverEndpointId": { + "type": "string", + "description": "The ID of the outbound resolver endpoint that you want to use to route DNS queries to the IP addresses that you specify using `target_ip`.\nThis argument should only be specified for `FORWARD` type rules.\n" + }, + "ruleType": { + "type": "string", + "description": "The rule type. Valid values are `FORWARD`, `SYSTEM` and `RECURSIVE`.\n" + }, + "shareStatus": { + "type": "string", + "description": "Whether the rules is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account.\nValues are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetIps": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/ResolverRuleTargetIp:ResolverRuleTargetIp" + }, + "description": "Configuration block(s) indicating the IPs that you want Resolver to forward DNS queries to (documented below).\nThis argument should only be specified for `FORWARD` type rules.\n" + } + }, + "type": "object" + } + }, + "aws:route53/resolverRuleAssociation:ResolverRuleAssociation": { + "description": "Provides a Route53 Resolver rule association.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.route53.ResolverRuleAssociation(\"example\", {\n resolverRuleId: aws_route53_resolver_rule.sys.id,\n vpcId: aws_vpc.foo.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.ResolverRuleAssociation(\"example\",\n resolver_rule_id=aws_route53_resolver_rule[\"sys\"][\"id\"],\n vpc_id=aws_vpc[\"foo\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Route53.ResolverRuleAssociation(\"example\", new Aws.Route53.ResolverRuleAssociationArgs\n {\n ResolverRuleId = aws_route53_resolver_rule.Sys.Id,\n VpcId = aws_vpc.Foo.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewResolverRuleAssociation(ctx, \"example\", &route53.ResolverRuleAssociationArgs{\n\t\t\tResolverRuleId: pulumi.Any(aws_route53_resolver_rule.Sys.Id),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute53 Resolver rule associations can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:route53/resolverRuleAssociation:ResolverRuleAssociation example rslvr-rrassoc-97242eaf88example\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "A name for the association that you're creating between a resolver rule and a VPC.\n" + }, + "resolverRuleId": { + "type": "string", + "description": "The ID of the resolver rule that you want to associate with the VPC.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC that you want to associate the resolver rule with.\n" + } + }, + "required": [ + "name", + "resolverRuleId", + "vpcId" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "A name for the association that you're creating between a resolver rule and a VPC.\n" + }, + "resolverRuleId": { + "type": "string", + "description": "The ID of the resolver rule that you want to associate with the VPC.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC that you want to associate the resolver rule with.\n" + } + }, + "requiredInputs": [ + "resolverRuleId", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResolverRuleAssociation resources.\n", + "properties": { + "name": { + "type": "string", + "description": "A name for the association that you're creating between a resolver rule and a VPC.\n" + }, + "resolverRuleId": { + "type": "string", + "description": "The ID of the resolver rule that you want to associate with the VPC.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC that you want to associate the resolver rule with.\n" + } + }, + "type": "object" + } + }, + "aws:route53/vpcAssociationAuthorization:VpcAssociationAuthorization": { + "description": "Authorizes a VPC in a different account to be associated with a local Route53 Hosted Zone.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst alternate = new aws.Provider(\"alternate\", {});\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {\n cidrBlock: \"10.6.0.0/16\",\n enableDnsHostnames: true,\n enableDnsSupport: true,\n});\nconst exampleZone = new aws.route53.Zone(\"exampleZone\", {vpcs: [{\n vpcId: exampleVpc.id,\n}]});\nconst alternateVpc = new aws.ec2.Vpc(\"alternateVpc\", {\n cidrBlock: \"10.7.0.0/16\",\n enableDnsHostnames: true,\n enableDnsSupport: true,\n}, {\n provider: \"aws.alternate\",\n});\nconst exampleVpcAssociationAuthorization = new aws.route53.VpcAssociationAuthorization(\"exampleVpcAssociationAuthorization\", {\n vpcId: alternateVpc.id,\n zoneId: exampleZone.id,\n});\nconst exampleZoneAssociation = new aws.route53.ZoneAssociation(\"exampleZoneAssociation\", {\n vpcId: exampleVpcAssociationAuthorization.vpcId,\n zoneId: exampleVpcAssociationAuthorization.zoneId,\n}, {\n provider: \"aws.alternate\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\nalternate = pulumi.providers.Aws(\"alternate\")\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\",\n cidr_block=\"10.6.0.0/16\",\n enable_dns_hostnames=True,\n enable_dns_support=True)\nexample_zone = aws.route53.Zone(\"exampleZone\", vpcs=[aws.route53.ZoneVpcArgs(\n vpc_id=example_vpc.id,\n)])\nalternate_vpc = aws.ec2.Vpc(\"alternateVpc\",\n cidr_block=\"10.7.0.0/16\",\n enable_dns_hostnames=True,\n enable_dns_support=True,\n opts=pulumi.ResourceOptions(provider=\"aws.alternate\"))\nexample_vpc_association_authorization = aws.route53.VpcAssociationAuthorization(\"exampleVpcAssociationAuthorization\",\n vpc_id=alternate_vpc.id,\n zone_id=example_zone.id)\nexample_zone_association = aws.route53.ZoneAssociation(\"exampleZoneAssociation\",\n vpc_id=example_vpc_association_authorization.vpc_id,\n zone_id=example_vpc_association_authorization.zone_id,\n opts=pulumi.ResourceOptions(provider=\"aws.alternate\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var alternate = new Aws.Provider(\"alternate\", new Aws.ProviderArgs\n {\n });\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.6.0.0/16\",\n EnableDnsHostnames = true,\n EnableDnsSupport = true,\n });\n var exampleZone = new Aws.Route53.Zone(\"exampleZone\", new Aws.Route53.ZoneArgs\n {\n Vpcs = \n {\n new Aws.Route53.Inputs.ZoneVpcArgs\n {\n VpcId = exampleVpc.Id,\n },\n },\n });\n var alternateVpc = new Aws.Ec2.Vpc(\"alternateVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.7.0.0/16\",\n EnableDnsHostnames = true,\n EnableDnsSupport = true,\n }, new CustomResourceOptions\n {\n Provider = \"aws.alternate\",\n });\n var exampleVpcAssociationAuthorization = new Aws.Route53.VpcAssociationAuthorization(\"exampleVpcAssociationAuthorization\", new Aws.Route53.VpcAssociationAuthorizationArgs\n {\n VpcId = alternateVpc.Id,\n ZoneId = exampleZone.Id,\n });\n var exampleZoneAssociation = new Aws.Route53.ZoneAssociation(\"exampleZoneAssociation\", new Aws.Route53.ZoneAssociationArgs\n {\n VpcId = exampleVpcAssociationAuthorization.VpcId,\n ZoneId = exampleVpcAssociationAuthorization.ZoneId,\n }, new CustomResourceOptions\n {\n Provider = \"aws.alternate\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"alternate\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.6.0.0/16\"),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleZone, err := route53.NewZone(ctx, \"exampleZone\", &route53.ZoneArgs{\n\t\t\tVpcs: route53.ZoneVpcArray{\n\t\t\t\t&route53.ZoneVpcArgs{\n\t\t\t\t\tVpcId: exampleVpc.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\talternateVpc, err := ec2.NewVpc(ctx, \"alternateVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.7.0.0/16\"),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t}, pulumi.Provider(\"aws.alternate\"))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpcAssociationAuthorization, err := route53.NewVpcAssociationAuthorization(ctx, \"exampleVpcAssociationAuthorization\", &route53.VpcAssociationAuthorizationArgs{\n\t\t\tVpcId: alternateVpc.ID(),\n\t\t\tZoneId: exampleZone.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewZoneAssociation(ctx, \"exampleZoneAssociation\", &route53.ZoneAssociationArgs{\n\t\t\tVpcId: exampleVpcAssociationAuthorization.VpcId,\n\t\t\tZoneId: exampleVpcAssociationAuthorization.ZoneId,\n\t\t}, pulumi.Provider(\"aws.alternate\"))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute 53 VPC Association Authorizations can be imported via the Hosted Zone ID and VPC ID, separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:route53/vpcAssociationAuthorization:VpcAssociationAuthorization example Z123456ABCDEFG:vpc-12345678\n```\n\n ", + "properties": { + "vpcId": { + "type": "string", + "description": "The VPC to authorize for association with the private hosted zone.\n" + }, + "vpcRegion": { + "type": "string", + "description": "The VPC's region. Defaults to the region of the AWS provider.\n" + }, + "zoneId": { + "type": "string", + "description": "The ID of the private hosted zone that you want to authorize associating a VPC with.\n" + } + }, + "required": [ + "vpcId", + "vpcRegion", + "zoneId" + ], + "inputProperties": { + "vpcId": { + "type": "string", + "description": "The VPC to authorize for association with the private hosted zone.\n" + }, + "vpcRegion": { + "type": "string", + "description": "The VPC's region. Defaults to the region of the AWS provider.\n" + }, + "zoneId": { + "type": "string", + "description": "The ID of the private hosted zone that you want to authorize associating a VPC with.\n" + } + }, + "requiredInputs": [ + "vpcId", + "zoneId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering VpcAssociationAuthorization resources.\n", + "properties": { + "vpcId": { + "type": "string", + "description": "The VPC to authorize for association with the private hosted zone.\n" + }, + "vpcRegion": { + "type": "string", + "description": "The VPC's region. Defaults to the region of the AWS provider.\n" + }, + "zoneId": { + "type": "string", + "description": "The ID of the private hosted zone that you want to authorize associating a VPC with.\n" + } + }, + "type": "object" + } + }, + "aws:route53/zone:Zone": { + "description": "Manages a Route53 Hosted Zone. For managing Domain Name System Security Extensions (DNSSEC), see the `aws.route53.KeySigningKey` and `aws.route53.HostedZoneDnsSec` resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Public Zone\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.route53.Zone(\"primary\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.route53.Zone(\"primary\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var primary = new Aws.Route53.Zone(\"primary\", new Aws.Route53.ZoneArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewZone(ctx, \"primary\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Public Subdomain Zone\n\nFor use in subdomains, note that you need to create a\n`aws.route53.Record` of type `NS` as well as the subdomain\nzone.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.route53.Zone(\"main\", {});\nconst dev = new aws.route53.Zone(\"dev\", {tags: {\n Environment: \"dev\",\n}});\nconst dev_ns = new aws.route53.Record(\"dev-ns\", {\n zoneId: main.zoneId,\n name: \"dev.example.com\",\n type: \"NS\",\n ttl: \"30\",\n records: dev.nameServers,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.route53.Zone(\"main\")\ndev = aws.route53.Zone(\"dev\", tags={\n \"Environment\": \"dev\",\n})\ndev_ns = aws.route53.Record(\"dev-ns\",\n zone_id=main.zone_id,\n name=\"dev.example.com\",\n type=\"NS\",\n ttl=30,\n records=dev.name_servers)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Route53.Zone(\"main\", new Aws.Route53.ZoneArgs\n {\n });\n var dev = new Aws.Route53.Zone(\"dev\", new Aws.Route53.ZoneArgs\n {\n Tags = \n {\n { \"Environment\", \"dev\" },\n },\n });\n var dev_ns = new Aws.Route53.Record(\"dev-ns\", new Aws.Route53.RecordArgs\n {\n ZoneId = main.ZoneId,\n Name = \"dev.example.com\",\n Type = \"NS\",\n Ttl = 30,\n Records = dev.NameServers,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := route53.NewZone(ctx, \"main\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdev, err := route53.NewZone(ctx, \"dev\", &route53.ZoneArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"dev_ns\", &route53.RecordArgs{\n\t\t\tZoneId: main.ZoneId,\n\t\t\tName: pulumi.String(\"dev.example.com\"),\n\t\t\tType: pulumi.String(\"NS\"),\n\t\t\tTtl: pulumi.Int(30),\n\t\t\tRecords: dev.NameServers,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Private Zone\n\n> **NOTE:** This provider provides both exclusive VPC associations defined in-line in this resource via `vpc` configuration blocks and a separate `Zone VPC Association resource. At this time, you cannot use in-line VPC associations in conjunction with any `aws.route53.ZoneAssociation` resources with the same zone ID otherwise it will cause a perpetual difference in plan output. You can optionally use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to manage additional associations via the `aws.route53.ZoneAssociation` resource.\n\n> **NOTE:** Private zones require at least one VPC association at all times.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _private = new aws.route53.Zone(\"private\", {vpcs: [{\n vpcId: aws_vpc.example.id,\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprivate = aws.route53.Zone(\"private\", vpcs=[aws.route53.ZoneVpcArgs(\n vpc_id=aws_vpc[\"example\"][\"id\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @private = new Aws.Route53.Zone(\"private\", new Aws.Route53.ZoneArgs\n {\n Vpcs = \n {\n new Aws.Route53.Inputs.ZoneVpcArgs\n {\n VpcId = aws_vpc.Example.Id,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.NewZone(ctx, \"private\", &route53.ZoneArgs{\n\t\t\tVpcs: route53.ZoneVpcArray{\n\t\t\t\t&route53.ZoneVpcArgs{\n\t\t\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute53 Zones can be imported using the `zone id`, e.g.\n\n```sh\n $ pulumi import aws:route53/zone:Zone myzone Z1D633PJN98FT9\n```\n\n ", + "properties": { + "comment": { + "type": "string", + "description": "A comment for the hosted zone. Defaults to 'Managed by Pulumi'.\n", + "default": "Managed by Pulumi" + }, + "delegationSetId": { + "type": "string", + "description": "The ID of the reusable delegation set whose NS records you want to assign to the hosted zone. Conflicts with `vpc` as delegation sets can only be used for public zones.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Whether to destroy all records (possibly managed outside of this provider) in the zone when destroying the zone.\n" + }, + "name": { + "type": "string", + "description": "This is the name of the hosted zone.\n" + }, + "nameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of name servers in associated (or default) delegation set.\nFind more about delegation sets in [AWS docs](https://docs.aws.amazon.com/Route53/latest/APIReference/actions-on-reusable-delegation-sets.html).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the zone.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcs": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/ZoneVpc:ZoneVpc" + }, + "description": "Configuration block(s) specifying VPC(s) to associate with a private hosted zone. Conflicts with the `delegation_set_id` argument in this resource and any `aws.route53.ZoneAssociation` resource specifying the same zone ID. Detailed below.\n" + }, + "zoneId": { + "type": "string", + "description": "The Hosted Zone ID. This can be referenced by zone records.\n" + } + }, + "required": [ + "comment", + "name", + "nameServers", + "tagsAll", + "zoneId" + ], + "inputProperties": { + "comment": { + "type": "string", + "description": "A comment for the hosted zone. Defaults to 'Managed by Pulumi'.\n", + "default": "Managed by Pulumi" + }, + "delegationSetId": { + "type": "string", + "description": "The ID of the reusable delegation set whose NS records you want to assign to the hosted zone. Conflicts with `vpc` as delegation sets can only be used for public zones.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Whether to destroy all records (possibly managed outside of this provider) in the zone when destroying the zone.\n" + }, + "name": { + "type": "string", + "description": "This is the name of the hosted zone.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the zone.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcs": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/ZoneVpc:ZoneVpc" + }, + "description": "Configuration block(s) specifying VPC(s) to associate with a private hosted zone. Conflicts with the `delegation_set_id` argument in this resource and any `aws.route53.ZoneAssociation` resource specifying the same zone ID. Detailed below.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Zone resources.\n", + "properties": { + "comment": { + "type": "string", + "description": "A comment for the hosted zone. Defaults to 'Managed by Pulumi'.\n", + "default": "Managed by Pulumi" + }, + "delegationSetId": { + "type": "string", + "description": "The ID of the reusable delegation set whose NS records you want to assign to the hosted zone. Conflicts with `vpc` as delegation sets can only be used for public zones.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Whether to destroy all records (possibly managed outside of this provider) in the zone when destroying the zone.\n" + }, + "name": { + "type": "string", + "description": "This is the name of the hosted zone.\n" + }, + "nameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of name servers in associated (or default) delegation set.\nFind more about delegation sets in [AWS docs](https://docs.aws.amazon.com/Route53/latest/APIReference/actions-on-reusable-delegation-sets.html).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the zone.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcs": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/ZoneVpc:ZoneVpc" + }, + "description": "Configuration block(s) specifying VPC(s) to associate with a private hosted zone. Conflicts with the `delegation_set_id` argument in this resource and any `aws.route53.ZoneAssociation` resource specifying the same zone ID. Detailed below.\n" + }, + "zoneId": { + "type": "string", + "description": "The Hosted Zone ID. This can be referenced by zone records.\n" + } + }, + "type": "object" + } + }, + "aws:route53/zoneAssociation:ZoneAssociation": { + "description": "Manages a Route53 Hosted Zone VPC association. VPC associations can only be made on private zones. See the `aws.route53.VpcAssociationAuthorization` resource for setting up cross-account associations.\n\n> **NOTE:** Unless explicit association ordering is required (e.g. a separate cross-account association authorization), usage of this resource is not recommended. Use the `vpc` configuration blocks available within the `aws.route53.Zone` resource instead.\n\n> **NOTE:** This provider provides both this standalone Zone VPC Association resource and exclusive VPC associations defined in-line in the `aws.route53.Zone` resource via `vpc` configuration blocks. At this time, you cannot use those in-line VPC associations in conjunction with this resource and the same zone ID otherwise it will cause a perpetual difference in plan output. You can optionally use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) in the `aws.route53.Zone` resource to manage additional associations via this resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst primary = new aws.ec2.Vpc(\"primary\", {\n cidrBlock: \"10.6.0.0/16\",\n enableDnsHostnames: true,\n enableDnsSupport: true,\n});\nconst secondaryVpc = new aws.ec2.Vpc(\"secondaryVpc\", {\n cidrBlock: \"10.7.0.0/16\",\n enableDnsHostnames: true,\n enableDnsSupport: true,\n});\nconst example = new aws.route53.Zone(\"example\", {vpcs: [{\n vpcId: primary.id,\n}]});\nconst secondaryZoneAssociation = new aws.route53.ZoneAssociation(\"secondaryZoneAssociation\", {\n zoneId: example.zoneId,\n vpcId: secondaryVpc.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprimary = aws.ec2.Vpc(\"primary\",\n cidr_block=\"10.6.0.0/16\",\n enable_dns_hostnames=True,\n enable_dns_support=True)\nsecondary_vpc = aws.ec2.Vpc(\"secondaryVpc\",\n cidr_block=\"10.7.0.0/16\",\n enable_dns_hostnames=True,\n enable_dns_support=True)\nexample = aws.route53.Zone(\"example\", vpcs=[aws.route53.ZoneVpcArgs(\n vpc_id=primary.id,\n)])\nsecondary_zone_association = aws.route53.ZoneAssociation(\"secondaryZoneAssociation\",\n zone_id=example.zone_id,\n vpc_id=secondary_vpc.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var primary = new Aws.Ec2.Vpc(\"primary\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.6.0.0/16\",\n EnableDnsHostnames = true,\n EnableDnsSupport = true,\n });\n var secondaryVpc = new Aws.Ec2.Vpc(\"secondaryVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.7.0.0/16\",\n EnableDnsHostnames = true,\n EnableDnsSupport = true,\n });\n var example = new Aws.Route53.Zone(\"example\", new Aws.Route53.ZoneArgs\n {\n Vpcs = \n {\n new Aws.Route53.Inputs.ZoneVpcArgs\n {\n VpcId = primary.Id,\n },\n },\n });\n var secondaryZoneAssociation = new Aws.Route53.ZoneAssociation(\"secondaryZoneAssociation\", new Aws.Route53.ZoneAssociationArgs\n {\n ZoneId = example.ZoneId,\n VpcId = secondaryVpc.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprimary, err := ec2.NewVpc(ctx, \"primary\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.6.0.0/16\"),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsecondaryVpc, err := ec2.NewVpc(ctx, \"secondaryVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.7.0.0/16\"),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texample, err := route53.NewZone(ctx, \"example\", &route53.ZoneArgs{\n\t\t\tVpcs: route53.ZoneVpcArray{\n\t\t\t\t&route53.ZoneVpcArgs{\n\t\t\t\t\tVpcId: primary.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewZoneAssociation(ctx, \"secondaryZoneAssociation\", &route53.ZoneAssociationArgs{\n\t\t\tZoneId: example.ZoneId,\n\t\t\tVpcId: secondaryVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nRoute 53 Hosted Zone Associations can be imported via the Hosted Zone ID and VPC ID, separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:route53/zoneAssociation:ZoneAssociation example Z123456ABCDEFG:vpc-12345678\n```\n\n If the VPC is in a different region than the provider region configuration, the VPC Region can be added to the end. e.g.\n\n```sh\n $ pulumi import aws:route53/zoneAssociation:ZoneAssociation example Z123456ABCDEFG:vpc-12345678:us-east-2\n```\n\n ", + "properties": { + "owningAccount": { + "type": "string", + "description": "The account ID of the account that created the hosted zone.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC to associate with the private hosted zone.\n" + }, + "vpcRegion": { + "type": "string", + "description": "The VPC's region. Defaults to the region of the AWS provider.\n" + }, + "zoneId": { + "type": "string", + "description": "The private hosted zone to associate.\n" + } + }, + "required": [ + "owningAccount", + "vpcId", + "vpcRegion", + "zoneId" + ], + "inputProperties": { + "vpcId": { + "type": "string", + "description": "The VPC to associate with the private hosted zone.\n" + }, + "vpcRegion": { + "type": "string", + "description": "The VPC's region. Defaults to the region of the AWS provider.\n" + }, + "zoneId": { + "type": "string", + "description": "The private hosted zone to associate.\n" + } + }, + "requiredInputs": [ + "vpcId", + "zoneId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ZoneAssociation resources.\n", + "properties": { + "owningAccount": { + "type": "string", + "description": "The account ID of the account that created the hosted zone.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC to associate with the private hosted zone.\n" + }, + "vpcRegion": { + "type": "string", + "description": "The VPC's region. Defaults to the region of the AWS provider.\n" + }, + "zoneId": { + "type": "string", + "description": "The private hosted zone to associate.\n" + } + }, + "type": "object" + } + }, + "aws:s3/accessPoint:AccessPoint": { + "description": "Provides a resource to manage an S3 Access Point.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### AWS Partition Bucket\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {});\nconst exampleAccessPoint = new aws.s3.AccessPoint(\"exampleAccessPoint\", {bucket: exampleBucket.id});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3.Bucket(\"exampleBucket\")\nexample_access_point = aws.s3.AccessPoint(\"exampleAccessPoint\", bucket=example_bucket.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n });\n var exampleAccessPoint = new Aws.S3.AccessPoint(\"exampleAccessPoint\", new Aws.S3.AccessPointArgs\n {\n Bucket = exampleBucket.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewAccessPoint(ctx, \"exampleAccessPoint\", &s3.AccessPointArgs{\n\t\t\tBucket: exampleBucket.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### S3 on Outposts Bucket\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = new aws.s3control.Bucket(\"exampleBucket\", {bucket: \"example\"});\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {cidrBlock: \"10.0.0.0/16\"});\nconst exampleAccessPoint = new aws.s3.AccessPoint(\"exampleAccessPoint\", {\n bucket: exampleBucket.arn,\n vpcConfiguration: {\n vpcId: exampleVpc.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3control.Bucket(\"exampleBucket\", bucket=\"example\")\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\", cidr_block=\"10.0.0.0/16\")\nexample_access_point = aws.s3.AccessPoint(\"exampleAccessPoint\",\n bucket=example_bucket.arn,\n vpc_configuration=aws.s3.AccessPointVpcConfigurationArgs(\n vpc_id=example_vpc.id,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = new Aws.S3Control.Bucket(\"exampleBucket\", new Aws.S3Control.BucketArgs\n {\n Bucket = \"example\",\n });\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var exampleAccessPoint = new Aws.S3.AccessPoint(\"exampleAccessPoint\", new Aws.S3.AccessPointArgs\n {\n Bucket = exampleBucket.Arn,\n VpcConfiguration = new Aws.S3.Inputs.AccessPointVpcConfigurationArgs\n {\n VpcId = exampleVpc.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3control\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3control.NewBucket(ctx, \"exampleBucket\", &s3control.BucketArgs{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewAccessPoint(ctx, \"exampleAccessPoint\", &s3.AccessPointArgs{\n\t\t\tBucket: exampleBucket.Arn,\n\t\t\tVpcConfiguration: &s3.AccessPointVpcConfigurationArgs{\n\t\t\t\tVpcId: exampleVpc.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nFor Access Points associated with an AWS Partition S3 Bucket, this resource can be imported using the `account_id` and `name` separated by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:s3/accessPoint:AccessPoint example 123456789012:example\n```\n\n For Access Points associated with an S3 on Outposts Bucket, this resource can be imported using the Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:s3/accessPoint:AccessPoint example arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-1234567890123456/accesspoint/example\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the S3 Access Point.\n" + }, + "bucket": { + "type": "string", + "description": "The name of an AWS Partition S3 Bucket or the Amazon Resource Name (ARN) of S3 on Outposts Bucket that you want to associate this access point with.\n" + }, + "domainName": { + "type": "string", + "description": "The DNS domain name of the S3 Access Point in the format _`name`_-_`account_id`_.s3-accesspoint._region_.amazonaws.com.\nNote: S3 access points only support secure access by HTTPS. HTTP isn't supported.\n" + }, + "hasPublicAccessPolicy": { + "type": "boolean", + "description": "Indicates whether this access point currently has a policy that allows public access.\n" + }, + "name": { + "type": "string", + "description": "The name you want to assign to this access point.\n" + }, + "networkOrigin": { + "type": "string", + "description": "Indicates whether this access point allows access from the public Internet. Values are `VPC` (the access point doesn't allow access from the public Internet) and `Internet` (the access point allows access from the public Internet, subject to the access point and bucket access policies).\n" + }, + "policy": { + "type": "string", + "description": "A valid JSON document that specifies the policy that you want to apply to this access point.\n" + }, + "publicAccessBlockConfiguration": { + "$ref": "#/types/aws:s3/AccessPointPublicAccessBlockConfiguration:AccessPointPublicAccessBlockConfiguration", + "description": "Configuration block to manage the `PublicAccessBlock` configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.\n" + }, + "vpcConfiguration": { + "$ref": "#/types/aws:s3/AccessPointVpcConfiguration:AccessPointVpcConfiguration", + "description": "Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.\n" + } + }, + "required": [ + "accountId", + "arn", + "bucket", + "domainName", + "hasPublicAccessPolicy", + "name", + "networkOrigin" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.\n" + }, + "bucket": { + "type": "string", + "description": "The name of an AWS Partition S3 Bucket or the Amazon Resource Name (ARN) of S3 on Outposts Bucket that you want to associate this access point with.\n" + }, + "name": { + "type": "string", + "description": "The name you want to assign to this access point.\n" + }, + "policy": { + "type": "string", + "description": "A valid JSON document that specifies the policy that you want to apply to this access point.\n" + }, + "publicAccessBlockConfiguration": { + "$ref": "#/types/aws:s3/AccessPointPublicAccessBlockConfiguration:AccessPointPublicAccessBlockConfiguration", + "description": "Configuration block to manage the `PublicAccessBlock` configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.\n" + }, + "vpcConfiguration": { + "$ref": "#/types/aws:s3/AccessPointVpcConfiguration:AccessPointVpcConfiguration", + "description": "Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.\n" + } + }, + "requiredInputs": [ + "bucket" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AccessPoint resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "The AWS account ID for the owner of the bucket for which you want to create an access point. Defaults to automatically determined account ID of the provider.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the S3 Access Point.\n" + }, + "bucket": { + "type": "string", + "description": "The name of an AWS Partition S3 Bucket or the Amazon Resource Name (ARN) of S3 on Outposts Bucket that you want to associate this access point with.\n" + }, + "domainName": { + "type": "string", + "description": "The DNS domain name of the S3 Access Point in the format _`name`_-_`account_id`_.s3-accesspoint._region_.amazonaws.com.\nNote: S3 access points only support secure access by HTTPS. HTTP isn't supported.\n" + }, + "hasPublicAccessPolicy": { + "type": "boolean", + "description": "Indicates whether this access point currently has a policy that allows public access.\n" + }, + "name": { + "type": "string", + "description": "The name you want to assign to this access point.\n" + }, + "networkOrigin": { + "type": "string", + "description": "Indicates whether this access point allows access from the public Internet. Values are `VPC` (the access point doesn't allow access from the public Internet) and `Internet` (the access point allows access from the public Internet, subject to the access point and bucket access policies).\n" + }, + "policy": { + "type": "string", + "description": "A valid JSON document that specifies the policy that you want to apply to this access point.\n" + }, + "publicAccessBlockConfiguration": { + "$ref": "#/types/aws:s3/AccessPointPublicAccessBlockConfiguration:AccessPointPublicAccessBlockConfiguration", + "description": "Configuration block to manage the `PublicAccessBlock` configuration that you want to apply to this Amazon S3 bucket. You can enable the configuration options in any combination. Detailed below.\n" + }, + "vpcConfiguration": { + "$ref": "#/types/aws:s3/AccessPointVpcConfiguration:AccessPointVpcConfiguration", + "description": "Configuration block to restrict access to this access point to requests from the specified Virtual Private Cloud (VPC). Required for S3 on Outposts. Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:s3/accountPublicAccessBlock:AccountPublicAccessBlock": { + "description": "Manages S3 account-level Public Access Block configuration. For more information about these settings, see the [AWS S3 Block Public Access documentation](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html).\n\n> **NOTE:** Each AWS account may only have one S3 Public Access Block configuration. Multiple configurations of the resource against the same AWS account will cause a perpetual difference.\n\n> Advanced usage: To use a custom API endpoint for this resource, use the `s3control` endpoint provider configuration, not the `s3` endpoint provider configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3.AccountPublicAccessBlock(\"example\", {\n blockPublicAcls: true,\n blockPublicPolicy: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.AccountPublicAccessBlock(\"example\",\n block_public_acls=True,\n block_public_policy=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.S3.AccountPublicAccessBlock(\"example\", new Aws.S3.AccountPublicAccessBlockArgs\n {\n BlockPublicAcls = true,\n BlockPublicPolicy = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewAccountPublicAccessBlock(ctx, \"example\", &s3.AccountPublicAccessBlockArgs{\n\t\t\tBlockPublicAcls: pulumi.Bool(true),\n\t\t\tBlockPublicPolicy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_s3_account_public_access_block` can be imported by using the AWS account ID, e.g.\n\n```sh\n $ pulumi import aws:s3/accountPublicAccessBlock:AccountPublicAccessBlock example 123456789012\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.\n" + }, + "blockPublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to `false`. Enabling this setting does not affect existing policies or ACLs. When set to `true` causes the following behavior:\n* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.\n* PUT Object calls will fail if the request includes an object ACL.\n" + }, + "blockPublicPolicy": { + "type": "boolean", + "description": "Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to `false`. Enabling this setting does not affect existing bucket policies. When set to `true` causes Amazon S3 to:\n* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.\n" + }, + "ignorePublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to `false`. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to `true` causes Amazon S3 to:\n* Ignore all public ACLs on buckets in this account and any objects that they contain.\n" + }, + "restrictPublicBuckets": { + "type": "boolean", + "description": "Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to `false`. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to `true`:\n* Only the bucket owner and AWS Services can access buckets with public policies.\n" + } + }, + "required": [ + "accountId" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.\n" + }, + "blockPublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to `false`. Enabling this setting does not affect existing policies or ACLs. When set to `true` causes the following behavior:\n* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.\n* PUT Object calls will fail if the request includes an object ACL.\n" + }, + "blockPublicPolicy": { + "type": "boolean", + "description": "Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to `false`. Enabling this setting does not affect existing bucket policies. When set to `true` causes Amazon S3 to:\n* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.\n" + }, + "ignorePublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to `false`. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to `true` causes Amazon S3 to:\n* Ignore all public ACLs on buckets in this account and any objects that they contain.\n" + }, + "restrictPublicBuckets": { + "type": "boolean", + "description": "Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to `false`. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to `true`:\n* Only the bucket owner and AWS Services can access buckets with public policies.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering AccountPublicAccessBlock resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "AWS account ID to configure. Defaults to automatically determined account ID of the this provider AWS provider.\n" + }, + "blockPublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should block public ACLs for buckets in this account. Defaults to `false`. Enabling this setting does not affect existing policies or ACLs. When set to `true` causes the following behavior:\n* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.\n* PUT Object calls will fail if the request includes an object ACL.\n" + }, + "blockPublicPolicy": { + "type": "boolean", + "description": "Whether Amazon S3 should block public bucket policies for buckets in this account. Defaults to `false`. Enabling this setting does not affect existing bucket policies. When set to `true` causes Amazon S3 to:\n* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.\n" + }, + "ignorePublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should ignore public ACLs for buckets in this account. Defaults to `false`. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to `true` causes Amazon S3 to:\n* Ignore all public ACLs on buckets in this account and any objects that they contain.\n" + }, + "restrictPublicBuckets": { + "type": "boolean", + "description": "Whether Amazon S3 should restrict public bucket policies for buckets in this account. Defaults to `false`. Enabling this setting does not affect previously stored bucket policies, except that public and cross-account access within any public bucket policy, including non-public delegation to specific accounts, is blocked. When set to `true`:\n* Only the bucket owner and AWS Services can access buckets with public policies.\n" + } + }, + "type": "object" + } + }, + "aws:s3/analyticsConfiguration:AnalyticsConfiguration": { + "description": "Provides a S3 bucket [analytics configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html) resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Add analytics configuration for entire S3 bucket and export results to a second S3 bucket\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3.Bucket(\"example\", {});\nconst analytics = new aws.s3.Bucket(\"analytics\", {});\nconst example_entire_bucket = new aws.s3.AnalyticsConfiguration(\"example-entire-bucket\", {\n bucket: example.bucket,\n storageClassAnalysis: {\n dataExport: {\n destination: {\n s3BucketDestination: {\n bucketArn: analytics.arn,\n },\n },\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.Bucket(\"example\")\nanalytics = aws.s3.Bucket(\"analytics\")\nexample_entire_bucket = aws.s3.AnalyticsConfiguration(\"example-entire-bucket\",\n bucket=example.bucket,\n storage_class_analysis=aws.s3.AnalyticsConfigurationStorageClassAnalysisArgs(\n data_export=aws.s3.AnalyticsConfigurationStorageClassAnalysisDataExportArgs(\n destination=aws.s3.AnalyticsConfigurationStorageClassAnalysisDataExportDestinationArgs(\n s3_bucket_destination=aws.s3.AnalyticsConfigurationStorageClassAnalysisDataExportDestinationS3BucketDestinationArgs(\n bucket_arn=analytics.arn,\n ),\n ),\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.S3.Bucket(\"example\", new Aws.S3.BucketArgs\n {\n });\n var analytics = new Aws.S3.Bucket(\"analytics\", new Aws.S3.BucketArgs\n {\n });\n var example_entire_bucket = new Aws.S3.AnalyticsConfiguration(\"example-entire-bucket\", new Aws.S3.AnalyticsConfigurationArgs\n {\n Bucket = example.BucketName,\n StorageClassAnalysis = new Aws.S3.Inputs.AnalyticsConfigurationStorageClassAnalysisArgs\n {\n DataExport = new Aws.S3.Inputs.AnalyticsConfigurationStorageClassAnalysisDataExportArgs\n {\n Destination = new Aws.S3.Inputs.AnalyticsConfigurationStorageClassAnalysisDataExportDestinationArgs\n {\n S3BucketDestination = new Aws.S3.Inputs.AnalyticsConfigurationStorageClassAnalysisDataExportDestinationS3BucketDestinationArgs\n {\n BucketArn = analytics.Arn,\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := s3.NewBucket(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tanalytics, err := s3.NewBucket(ctx, \"analytics\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewAnalyticsConfiguration(ctx, \"example_entire_bucket\", &s3.AnalyticsConfigurationArgs{\n\t\t\tBucket: example.Bucket,\n\t\t\tStorageClassAnalysis: &s3.AnalyticsConfigurationStorageClassAnalysisArgs{\n\t\t\t\tDataExport: &s3.AnalyticsConfigurationStorageClassAnalysisDataExportArgs{\n\t\t\t\t\tDestination: &s3.AnalyticsConfigurationStorageClassAnalysisDataExportDestinationArgs{\n\t\t\t\t\t\tS3BucketDestination: &s3.AnalyticsConfigurationStorageClassAnalysisDataExportDestinationS3BucketDestinationArgs{\n\t\t\t\t\t\t\tBucketArn: analytics.Arn,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Add analytics configuration with S3 bucket object filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3.Bucket(\"example\", {});\nconst example_filtered = new aws.s3.AnalyticsConfiguration(\"example-filtered\", {\n bucket: example.bucket,\n filter: {\n prefix: \"documents/\",\n tags: {\n priority: \"high\",\n \"class\": \"blue\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.Bucket(\"example\")\nexample_filtered = aws.s3.AnalyticsConfiguration(\"example-filtered\",\n bucket=example.bucket,\n filter=aws.s3.AnalyticsConfigurationFilterArgs(\n prefix=\"documents/\",\n tags={\n \"priority\": \"high\",\n \"class\": \"blue\",\n },\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.S3.Bucket(\"example\", new Aws.S3.BucketArgs\n {\n });\n var example_filtered = new Aws.S3.AnalyticsConfiguration(\"example-filtered\", new Aws.S3.AnalyticsConfigurationArgs\n {\n Bucket = example.BucketName,\n Filter = new Aws.S3.Inputs.AnalyticsConfigurationFilterArgs\n {\n Prefix = \"documents/\",\n Tags = \n {\n { \"priority\", \"high\" },\n { \"class\", \"blue\" },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := s3.NewBucket(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewAnalyticsConfiguration(ctx, \"example_filtered\", &s3.AnalyticsConfigurationArgs{\n\t\t\tBucket: example.Bucket,\n\t\t\tFilter: &s3.AnalyticsConfigurationFilterArgs{\n\t\t\t\tPrefix: pulumi.String(\"documents/\"),\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"priority\": pulumi.String(\"high\"),\n\t\t\t\t\t\"class\": pulumi.String(\"blue\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 bucket analytics configurations can be imported using `bucket:analytics`, e.g.\n\n```sh\n $ pulumi import aws:s3/analyticsConfiguration:AnalyticsConfiguration my-bucket-entire-bucket my-bucket:EntireBucket\n```\n\n ", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket this analytics configuration is associated with.\n" + }, + "filter": { + "$ref": "#/types/aws:s3/AnalyticsConfigurationFilter:AnalyticsConfigurationFilter", + "description": "Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).\n" + }, + "name": { + "type": "string", + "description": "Unique identifier of the analytics configuration for the bucket.\n" + }, + "storageClassAnalysis": { + "$ref": "#/types/aws:s3/AnalyticsConfigurationStorageClassAnalysis:AnalyticsConfigurationStorageClassAnalysis", + "description": "Configuration for the analytics data export (documented below).\n" + } + }, + "required": [ + "bucket", + "name" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "The name of the bucket this analytics configuration is associated with.\n" + }, + "filter": { + "$ref": "#/types/aws:s3/AnalyticsConfigurationFilter:AnalyticsConfigurationFilter", + "description": "Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).\n" + }, + "name": { + "type": "string", + "description": "Unique identifier of the analytics configuration for the bucket.\n" + }, + "storageClassAnalysis": { + "$ref": "#/types/aws:s3/AnalyticsConfigurationStorageClassAnalysis:AnalyticsConfigurationStorageClassAnalysis", + "description": "Configuration for the analytics data export (documented below).\n" + } + }, + "requiredInputs": [ + "bucket" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AnalyticsConfiguration resources.\n", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket this analytics configuration is associated with.\n" + }, + "filter": { + "$ref": "#/types/aws:s3/AnalyticsConfigurationFilter:AnalyticsConfigurationFilter", + "description": "Object filtering that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).\n" + }, + "name": { + "type": "string", + "description": "Unique identifier of the analytics configuration for the bucket.\n" + }, + "storageClassAnalysis": { + "$ref": "#/types/aws:s3/AnalyticsConfigurationStorageClassAnalysis:AnalyticsConfigurationStorageClassAnalysis", + "description": "Configuration for the analytics data export (documented below).\n" + } + }, + "type": "object" + } + }, + "aws:s3/bucket:Bucket": { + "description": "Provides a S3 bucket resource.\n\n> This functionality is for managing S3 in an AWS Partition. To manage [S3 on Outposts](https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html), see the `aws.s3control.Bucket` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Private Bucket w/ Tags\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"b\", {\n acl: \"private\",\n tags: {\n Environment: \"Dev\",\n Name: \"My bucket\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\",\n acl=\"private\",\n tags={\n \"Environment\": \"Dev\",\n \"Name\": \"My bucket\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n Tags = \n {\n { \"Environment\", \"Dev\" },\n { \"Name\", \"My bucket\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"Dev\"),\n\t\t\t\t\"Name\": pulumi.String(\"My bucket\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Static Website Hosting\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {\n acl: \"public-read\",\n policy: fs.readFileSync(\"policy.json\"),\n website: {\n indexDocument: \"index.html\",\n errorDocument: \"error.html\",\n routingRules: `[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n`,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\",\n acl=\"public-read\",\n policy=(lambda path: open(path).read())(\"policy.json\"),\n website=aws.s3.BucketWebsiteArgs(\n index_document=\"index.html\",\n error_document=\"error.html\",\n routing_rules=\"\"\"[{\n \"Condition\": {\n \"KeyPrefixEquals\": \"docs/\"\n },\n \"Redirect\": {\n \"ReplaceKeyPrefixWith\": \"documents/\"\n }\n}]\n\"\"\",\n ))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"public-read\",\n Policy = File.ReadAllText(\"policy.json\"),\n Website = new Aws.S3.Inputs.BucketWebsiteArgs\n {\n IndexDocument = \"index.html\",\n ErrorDocument = \"error.html\",\n RoutingRules = @\"[{\n \"\"Condition\"\": {\n \"\"KeyPrefixEquals\"\": \"\"docs/\"\"\n },\n \"\"Redirect\"\": {\n \"\"ReplaceKeyPrefixWith\"\": \"\"documents/\"\"\n }\n}]\n\",\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using CORS\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"b\", {\n acl: \"public-read\",\n corsRules: [{\n allowedHeaders: [\"*\"],\n allowedMethods: [\n \"PUT\",\n \"POST\",\n ],\n allowedOrigins: [\"https://s3-website-test.mydomain.com\"],\n exposeHeaders: [\"ETag\"],\n maxAgeSeconds: 3000,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\",\n acl=\"public-read\",\n cors_rules=[aws.s3.BucketCorsRuleArgs(\n allowed_headers=[\"*\"],\n allowed_methods=[\n \"PUT\",\n \"POST\",\n ],\n allowed_origins=[\"https://s3-website-test.mydomain.com\"],\n expose_headers=[\"ETag\"],\n max_age_seconds=3000,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"public-read\",\n CorsRules = \n {\n new Aws.S3.Inputs.BucketCorsRuleArgs\n {\n AllowedHeaders = \n {\n \"*\",\n },\n AllowedMethods = \n {\n \"PUT\",\n \"POST\",\n },\n AllowedOrigins = \n {\n \"https://s3-website-test.mydomain.com\",\n },\n ExposeHeaders = \n {\n \"ETag\",\n },\n MaxAgeSeconds = 3000,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"public-read\"),\n\t\t\tCorsRules: s3.BucketCorsRuleArray{\n\t\t\t\t&s3.BucketCorsRuleArgs{\n\t\t\t\t\tAllowedHeaders: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"*\"),\n\t\t\t\t\t},\n\t\t\t\t\tAllowedMethods: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"PUT\"),\n\t\t\t\t\t\tpulumi.String(\"POST\"),\n\t\t\t\t\t},\n\t\t\t\t\tAllowedOrigins: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"https://s3-website-test.mydomain.com\"),\n\t\t\t\t\t},\n\t\t\t\t\tExposeHeaders: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ETag\"),\n\t\t\t\t\t},\n\t\t\t\t\tMaxAgeSeconds: pulumi.Int(3000),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using versioning\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"b\", {\n acl: \"private\",\n versioning: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\",\n acl=\"private\",\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tVersioning: &s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Enable Logging\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst logBucket = new aws.s3.Bucket(\"logBucket\", {acl: \"log-delivery-write\"});\nconst bucket = new aws.s3.Bucket(\"bucket\", {\n acl: \"private\",\n loggings: [{\n targetBucket: logBucket.id,\n targetPrefix: \"log/\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlog_bucket = aws.s3.Bucket(\"logBucket\", acl=\"log-delivery-write\")\nbucket = aws.s3.Bucket(\"bucket\",\n acl=\"private\",\n loggings=[aws.s3.BucketLoggingArgs(\n target_bucket=log_bucket.id,\n target_prefix=\"log/\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var logBucket = new Aws.S3.Bucket(\"logBucket\", new Aws.S3.BucketArgs\n {\n Acl = \"log-delivery-write\",\n });\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n Loggings = \n {\n new Aws.S3.Inputs.BucketLoggingArgs\n {\n TargetBucket = logBucket.Id,\n TargetPrefix = \"log/\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlogBucket, err := s3.NewBucket(ctx, \"logBucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"log-delivery-write\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tLoggings: s3.BucketLoggingArray{\n\t\t\t\t&s3.BucketLoggingArgs{\n\t\t\t\t\tTargetBucket: logBucket.ID(),\n\t\t\t\t\tTargetPrefix: pulumi.String(\"log/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using object lifecycle\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {\n acl: \"private\",\n lifecycleRules: [\n {\n enabled: true,\n expiration: {\n days: 90,\n },\n id: \"log\",\n prefix: \"log/\",\n tags: {\n autoclean: \"true\",\n rule: \"log\",\n },\n transitions: [\n {\n days: 30,\n storageClass: \"STANDARD_IA\", // or \"ONEZONE_IA\"\n },\n {\n days: 60,\n storageClass: \"GLACIER\",\n },\n ],\n },\n {\n enabled: true,\n expiration: {\n date: \"2016-01-12\",\n },\n id: \"tmp\",\n prefix: \"tmp/\",\n },\n ],\n});\nconst versioningBucket = new aws.s3.Bucket(\"versioning_bucket\", {\n acl: \"private\",\n lifecycleRules: [{\n enabled: true,\n noncurrentVersionExpiration: {\n days: 90,\n },\n noncurrentVersionTransitions: [\n {\n days: 30,\n storageClass: \"STANDARD_IA\",\n },\n {\n days: 60,\n storageClass: \"GLACIER\",\n },\n ],\n prefix: \"config/\",\n }],\n versioning: {\n enabled: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\",\n acl=\"private\",\n lifecycle_rules=[\n aws.s3.BucketLifecycleRuleArgs(\n enabled=True,\n expiration=aws.s3.BucketLifecycleRuleExpirationArgs(\n days=90,\n ),\n id=\"log\",\n prefix=\"log/\",\n tags={\n \"autoclean\": \"true\",\n \"rule\": \"log\",\n },\n transitions=[\n aws.s3.BucketLifecycleRuleTransitionArgs(\n days=30,\n storage_class=\"STANDARD_IA\",\n ),\n aws.s3.BucketLifecycleRuleTransitionArgs(\n days=60,\n storage_class=\"GLACIER\",\n ),\n ],\n ),\n aws.s3.BucketLifecycleRuleArgs(\n enabled=True,\n expiration=aws.s3.BucketLifecycleRuleExpirationArgs(\n date=\"2016-01-12\",\n ),\n id=\"tmp\",\n prefix=\"tmp/\",\n ),\n ])\nversioning_bucket = aws.s3.Bucket(\"versioningBucket\",\n acl=\"private\",\n lifecycle_rules=[aws.s3.BucketLifecycleRuleArgs(\n enabled=True,\n noncurrent_version_expiration=aws.s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs(\n days=90,\n ),\n noncurrent_version_transitions=[\n aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(\n days=30,\n storage_class=\"STANDARD_IA\",\n ),\n aws.s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs(\n days=60,\n storage_class=\"GLACIER\",\n ),\n ],\n prefix=\"config/\",\n )],\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n LifecycleRules = \n {\n new Aws.S3.Inputs.BucketLifecycleRuleArgs\n {\n Enabled = true,\n Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs\n {\n Days = 90,\n },\n Id = \"log\",\n Prefix = \"log/\",\n Tags = \n {\n { \"autoclean\", \"true\" },\n { \"rule\", \"log\" },\n },\n Transitions = \n {\n new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs\n {\n Days = 30,\n StorageClass = \"STANDARD_IA\",\n },\n new Aws.S3.Inputs.BucketLifecycleRuleTransitionArgs\n {\n Days = 60,\n StorageClass = \"GLACIER\",\n },\n },\n },\n new Aws.S3.Inputs.BucketLifecycleRuleArgs\n {\n Enabled = true,\n Expiration = new Aws.S3.Inputs.BucketLifecycleRuleExpirationArgs\n {\n Date = \"2016-01-12\",\n },\n Id = \"tmp\",\n Prefix = \"tmp/\",\n },\n },\n });\n var versioningBucket = new Aws.S3.Bucket(\"versioningBucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n LifecycleRules = \n {\n new Aws.S3.Inputs.BucketLifecycleRuleArgs\n {\n Enabled = true,\n NoncurrentVersionExpiration = new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionExpirationArgs\n {\n Days = 90,\n },\n NoncurrentVersionTransitions = \n {\n new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs\n {\n Days = 30,\n StorageClass = \"STANDARD_IA\",\n },\n new Aws.S3.Inputs.BucketLifecycleRuleNoncurrentVersionTransitionArgs\n {\n Days = 60,\n StorageClass = \"GLACIER\",\n },\n },\n Prefix = \"config/\",\n },\n },\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tLifecycleRules: s3.BucketLifecycleRuleArray{\n\t\t\t\t&s3.BucketLifecycleRuleArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tExpiration: &s3.BucketLifecycleRuleExpirationArgs{\n\t\t\t\t\t\tDays: pulumi.Int(90),\n\t\t\t\t\t},\n\t\t\t\t\tId: pulumi.String(\"log\"),\n\t\t\t\t\tPrefix: pulumi.String(\"log/\"),\n\t\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\t\"autoclean\": pulumi.String(\"true\"),\n\t\t\t\t\t\t\"rule\": pulumi.String(\"log\"),\n\t\t\t\t\t},\n\t\t\t\t\tTransitions: s3.BucketLifecycleRuleTransitionArray{\n\t\t\t\t\t\t&s3.BucketLifecycleRuleTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(30),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD_IA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&s3.BucketLifecycleRuleTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(60),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"GLACIER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&s3.BucketLifecycleRuleArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tExpiration: &s3.BucketLifecycleRuleExpirationArgs{\n\t\t\t\t\t\tDate: pulumi.String(\"2016-01-12\"),\n\t\t\t\t\t},\n\t\t\t\t\tId: pulumi.String(\"tmp\"),\n\t\t\t\t\tPrefix: pulumi.String(\"tmp/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"versioningBucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tLifecycleRules: s3.BucketLifecycleRuleArray{\n\t\t\t\t&s3.BucketLifecycleRuleArgs{\n\t\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t\t\tNoncurrentVersionExpiration: &s3.BucketLifecycleRuleNoncurrentVersionExpirationArgs{\n\t\t\t\t\t\tDays: pulumi.Int(90),\n\t\t\t\t\t},\n\t\t\t\t\tNoncurrentVersionTransitions: s3.BucketLifecycleRuleNoncurrentVersionTransitionArray{\n\t\t\t\t\t\t&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(30),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD_IA\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&s3.BucketLifecycleRuleNoncurrentVersionTransitionArgs{\n\t\t\t\t\t\t\tDays: pulumi.Int(60),\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"GLACIER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tPrefix: pulumi.String(\"config/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tVersioning: &s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using replication configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst central = new aws.Provider(\"central\", {region: \"eu-central-1\"});\nconst replicationRole = new aws.iam.Role(\"replicationRole\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n`});\nconst destination = new aws.s3.Bucket(\"destination\", {versioning: {\n enabled: true,\n}});\nconst source = new aws.s3.Bucket(\"source\", {\n acl: \"private\",\n versioning: {\n enabled: true,\n },\n replicationConfiguration: {\n role: replicationRole.arn,\n rules: [{\n id: \"foobar\",\n prefix: \"foo\",\n status: \"Enabled\",\n destination: {\n bucket: destination.arn,\n storageClass: \"STANDARD\",\n },\n }],\n },\n}, {\n provider: aws.central,\n});\nconst replicationPolicy = new aws.iam.Policy(\"replicationPolicy\", {policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${source.arn}\"\n ]\n },\n {\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"${source.arn}/*\"\n ]\n },\n {\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"${destination.arn}/*\"\n }\n ]\n}\n`});\nconst replicationRolePolicyAttachment = new aws.iam.RolePolicyAttachment(\"replicationRolePolicyAttachment\", {\n role: replicationRole.name,\n policyArn: replicationPolicy.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\ncentral = pulumi.providers.Aws(\"central\", region=\"eu-central-1\")\nreplication_role = aws.iam.Role(\"replicationRole\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"s3.amazonaws.com\"\n },\n \"Effect\": \"Allow\",\n \"Sid\": \"\"\n }\n ]\n}\n\"\"\")\ndestination = aws.s3.Bucket(\"destination\", versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n))\nsource = aws.s3.Bucket(\"source\",\n acl=\"private\",\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ),\n replication_configuration=aws.s3.BucketReplicationConfigurationArgs(\n role=replication_role.arn,\n rules=[aws.s3.BucketReplicationConfigurationRuleArgs(\n id=\"foobar\",\n prefix=\"foo\",\n status=\"Enabled\",\n destination=aws.s3.BucketReplicationConfigurationRuleDestinationArgs(\n bucket=destination.arn,\n storage_class=\"STANDARD\",\n ),\n )],\n ),\n opts=pulumi.ResourceOptions(provider=aws[\"central\"]))\nreplication_policy = aws.iam.Policy(\"replicationPolicy\", policy=pulumi.Output.all(source.arn, source.arn, destination.arn).apply(lambda sourceArn, sourceArn1, destinationArn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": [\n \"s3:GetReplicationConfiguration\",\n \"s3:ListBucket\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"{source_arn}\"\n ]\n }},\n {{\n \"Action\": [\n \"s3:GetObjectVersionForReplication\",\n \"s3:GetObjectVersionAcl\",\n \"s3:GetObjectVersionTagging\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": [\n \"{source_arn1}/*\"\n ]\n }},\n {{\n \"Action\": [\n \"s3:ReplicateObject\",\n \"s3:ReplicateDelete\",\n \"s3:ReplicateTags\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"{destination_arn}/*\"\n }}\n ]\n}}\n\"\"\"))\nreplication_role_policy_attachment = aws.iam.RolePolicyAttachment(\"replicationRolePolicyAttachment\",\n role=replication_role.name,\n policy_arn=replication_policy.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var central = new Aws.Provider(\"central\", new Aws.ProviderArgs\n {\n Region = \"eu-central-1\",\n });\n var replicationRole = new Aws.Iam.Role(\"replicationRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"s3.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Sid\"\": \"\"\"\"\n }\n ]\n}\n\",\n });\n var destination = new Aws.S3.Bucket(\"destination\", new Aws.S3.BucketArgs\n {\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n });\n var source = new Aws.S3.Bucket(\"source\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n ReplicationConfiguration = new Aws.S3.Inputs.BucketReplicationConfigurationArgs\n {\n Role = replicationRole.Arn,\n Rules = \n {\n new Aws.S3.Inputs.BucketReplicationConfigurationRuleArgs\n {\n Id = \"foobar\",\n Prefix = \"foo\",\n Status = \"Enabled\",\n Destination = new Aws.S3.Inputs.BucketReplicationConfigurationRuleDestinationArgs\n {\n Bucket = destination.Arn,\n StorageClass = \"STANDARD\",\n },\n },\n },\n },\n }, new CustomResourceOptions\n {\n Provider = aws.Central,\n });\n var replicationPolicy = new Aws.Iam.Policy(\"replicationPolicy\", new Aws.Iam.PolicyArgs\n {\n Policy = Output.Tuple(source.Arn, source.Arn, destination.Arn).Apply(values =>\n {\n var sourceArn = values.Item1;\n var sourceArn1 = values.Item2;\n var destinationArn = values.Item3;\n return @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": [\n \"\"s3:GetReplicationConfiguration\"\",\n \"\"s3:ListBucket\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"{sourceArn}\"\"\n ]\n }},\n {{\n \"\"Action\"\": [\n \"\"s3:GetObjectVersionForReplication\"\",\n \"\"s3:GetObjectVersionAcl\"\",\n \"\"s3:GetObjectVersionTagging\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": [\n \"\"{sourceArn1}/*\"\"\n ]\n }},\n {{\n \"\"Action\"\": [\n \"\"s3:ReplicateObject\"\",\n \"\"s3:ReplicateDelete\"\",\n \"\"s3:ReplicateTags\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"{destinationArn}/*\"\"\n }}\n ]\n}}\n\";\n }),\n });\n var replicationRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment(\"replicationRolePolicyAttachment\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = replicationRole.Name,\n PolicyArn = replicationPolicy.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := providers.Newaws(ctx, \"central\", &providers.awsArgs{\n\t\t\tRegion: \"eu-central-1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplicationRole, err := iam.NewRole(ctx, \"replicationRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"s3.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Sid\\\": \\\"\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdestination, err := s3.NewBucket(ctx, \"destination\", &s3.BucketArgs{\n\t\t\tVersioning: &s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsource, err := s3.NewBucket(ctx, \"source\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tVersioning: &s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tReplicationConfiguration: &s3.BucketReplicationConfigurationArgs{\n\t\t\t\tRole: replicationRole.Arn,\n\t\t\t\tRules: s3.BucketReplicationConfigurationRuleArray{\n\t\t\t\t\t&s3.BucketReplicationConfigurationRuleArgs{\n\t\t\t\t\t\tId: pulumi.String(\"foobar\"),\n\t\t\t\t\t\tPrefix: pulumi.String(\"foo\"),\n\t\t\t\t\t\tStatus: pulumi.String(\"Enabled\"),\n\t\t\t\t\t\tDestination: &s3.BucketReplicationConfigurationRuleDestinationArgs{\n\t\t\t\t\t\t\tBucket: destination.Arn,\n\t\t\t\t\t\t\tStorageClass: pulumi.String(\"STANDARD\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.Provider(aws.Central))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treplicationPolicy, err := iam.NewPolicy(ctx, \"replicationPolicy\", &iam.PolicyArgs{\n\t\t\tPolicy: pulumi.All(source.Arn, source.Arn, destination.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tsourceArn := _args[0].(string)\n\t\t\t\tsourceArn1 := _args[1].(string)\n\t\t\t\tdestinationArn := _args[2].(string)\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:GetReplicationConfiguration\\\",\\n\", \" \\\"s3:ListBucket\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"\", sourceArn, \"\\\"\\n\", \" ]\\n\", \" },\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:GetObjectVersionForReplication\\\",\\n\", \" \\\"s3:GetObjectVersionAcl\\\",\\n\", \" \\\"s3:GetObjectVersionTagging\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": [\\n\", \" \\\"\", sourceArn1, \"/*\\\"\\n\", \" ]\\n\", \" },\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:ReplicateObject\\\",\\n\", \" \\\"s3:ReplicateDelete\\\",\\n\", \" \\\"s3:ReplicateTags\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"\", destinationArn, \"/*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicyAttachment(ctx, \"replicationRolePolicyAttachment\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: replicationRole.Name,\n\t\t\tPolicyArn: replicationPolicy.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Enable Default Server Side Encryption\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst mykey = new aws.kms.Key(\"mykey\", {\n description: \"This key is used to encrypt bucket objects\",\n deletionWindowInDays: 10,\n});\nconst mybucket = new aws.s3.Bucket(\"mybucket\", {serverSideEncryptionConfiguration: {\n rule: {\n applyServerSideEncryptionByDefault: {\n kmsMasterKeyId: mykey.arn,\n sseAlgorithm: \"aws:kms\",\n },\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmykey = aws.kms.Key(\"mykey\",\n description=\"This key is used to encrypt bucket objects\",\n deletion_window_in_days=10)\nmybucket = aws.s3.Bucket(\"mybucket\", server_side_encryption_configuration=aws.s3.BucketServerSideEncryptionConfigurationArgs(\n rule=aws.s3.BucketServerSideEncryptionConfigurationRuleArgs(\n apply_server_side_encryption_by_default=aws.s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs(\n kms_master_key_id=mykey.arn,\n sse_algorithm=\"aws:kms\",\n ),\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var mykey = new Aws.Kms.Key(\"mykey\", new Aws.Kms.KeyArgs\n {\n Description = \"This key is used to encrypt bucket objects\",\n DeletionWindowInDays = 10,\n });\n var mybucket = new Aws.S3.Bucket(\"mybucket\", new Aws.S3.BucketArgs\n {\n ServerSideEncryptionConfiguration = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationArgs\n {\n Rule = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleArgs\n {\n ApplyServerSideEncryptionByDefault = new Aws.S3.Inputs.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs\n {\n KmsMasterKeyId = mykey.Arn,\n SseAlgorithm = \"aws:kms\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmykey, err := kms.NewKey(ctx, \"mykey\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"This key is used to encrypt bucket objects\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(10),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"mybucket\", &s3.BucketArgs{\n\t\t\tServerSideEncryptionConfiguration: &s3.BucketServerSideEncryptionConfigurationArgs{\n\t\t\t\tRule: &s3.BucketServerSideEncryptionConfigurationRuleArgs{\n\t\t\t\t\tApplyServerSideEncryptionByDefault: &s3.BucketServerSideEncryptionConfigurationRuleApplyServerSideEncryptionByDefaultArgs{\n\t\t\t\t\t\tKmsMasterKeyId: mykey.Arn,\n\t\t\t\t\t\tSseAlgorithm: pulumi.String(\"aws:kms\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using ACL policy grants\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst currentUser = aws.s3.getCanonicalUserId({});\nconst bucket = new aws.s3.Bucket(\"bucket\", {grants: [\n {\n id: currentUser.then(currentUser => currentUser.id),\n type: \"CanonicalUser\",\n permissions: [\"FULL_CONTROL\"],\n },\n {\n type: \"Group\",\n permissions: [\n \"READ_ACP\",\n \"WRITE\",\n ],\n uri: \"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n },\n]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent_user = aws.s3.get_canonical_user_id()\nbucket = aws.s3.Bucket(\"bucket\", grants=[\n aws.s3.BucketGrantArgs(\n id=current_user.id,\n type=\"CanonicalUser\",\n permissions=[\"FULL_CONTROL\"],\n ),\n aws.s3.BucketGrantArgs(\n type=\"Group\",\n permissions=[\n \"READ_ACP\",\n \"WRITE\",\n ],\n uri=\"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var currentUser = Output.Create(Aws.S3.GetCanonicalUserId.InvokeAsync());\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n Grants = \n {\n new Aws.S3.Inputs.BucketGrantArgs\n {\n Id = currentUser.Apply(currentUser => currentUser.Id),\n Type = \"CanonicalUser\",\n Permissions = \n {\n \"FULL_CONTROL\",\n },\n },\n new Aws.S3.Inputs.BucketGrantArgs\n {\n Type = \"Group\",\n Permissions = \n {\n \"READ_ACP\",\n \"WRITE\",\n },\n Uri = \"http://acs.amazonaws.com/groups/s3/LogDelivery\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrentUser, err := s3.GetCanonicalUserId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tGrants: s3.BucketGrantArray{\n\t\t\t\t&s3.BucketGrantArgs{\n\t\t\t\t\tId: pulumi.String(currentUser.Id),\n\t\t\t\t\tType: pulumi.String(\"CanonicalUser\"),\n\t\t\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"FULL_CONTROL\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&s3.BucketGrantArgs{\n\t\t\t\t\tType: pulumi.String(\"Group\"),\n\t\t\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"READ_ACP\"),\n\t\t\t\t\t\tpulumi.String(\"WRITE\"),\n\t\t\t\t\t},\n\t\t\t\t\tUri: pulumi.String(\"http://acs.amazonaws.com/groups/s3/LogDelivery\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 bucket can be imported using the `bucket`, e.g.\n\n```sh\n $ pulumi import aws:s3/bucket:Bucket bucket bucket-name\n```\n\n The `policy` argument is not imported and will be deprecated in a future version of the provider. Use the `aws_s3_bucket_policy` resource to manage the S3 Bucket Policy instead. ", + "properties": { + "accelerationStatus": { + "type": "string", + "description": "Sets the accelerate configuration of an existing bucket. Can be `Enabled` or `Suspended`.\n" + }, + "acl": { + "type": "string", + "description": "The [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, and `log-delivery-write`. Defaults to `private`. Conflicts with `grant`.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the bucket. Will be of format `arn:aws:s3:::bucketname`.\n" + }, + "bucket": { + "type": "string", + "description": "The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.\n", + "language": { + "csharp": { + "name": "BucketName" + } + } + }, + "bucketDomainName": { + "type": "string", + "description": "The bucket domain name. Will be of format `bucketname.s3.amazonaws.com`.\n" + }, + "bucketPrefix": { + "type": "string", + "description": "Creates a unique bucket name beginning with the specified prefix. Conflicts with `bucket`. Must be less than or equal to 37 characters in length.\n" + }, + "bucketRegionalDomainName": { + "type": "string", + "description": "The bucket region-specific domain name. The bucket domain name including the region name, please refer [here](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent [redirect issues](https://forums.aws.amazon.com/thread.jspa?threadID=216814) from CloudFront to S3 Origin URL.\n" + }, + "corsRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketCorsRule:BucketCorsRule" + }, + "description": "A rule of [Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) (documented below).\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all objects (including any [locked objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html)) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are *not* recoverable.\n" + }, + "grants": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketGrant:BucketGrant" + }, + "description": "An [ACL policy grant](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#sample-acl) (documented below). Conflicts with `acl`.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The [Route 53 Hosted Zone ID](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_website_region_endpoints) for this bucket's region.\n" + }, + "lifecycleRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketLifecycleRule:BucketLifecycleRule" + }, + "description": "A configuration of [object lifecycle management](http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) (documented below).\n" + }, + "loggings": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketLogging:BucketLogging" + }, + "description": "A settings of [bucket logging](https://docs.aws.amazon.com/AmazonS3/latest/UG/ManagingBucketLogging.html) (documented below).\n" + }, + "objectLockConfiguration": { + "$ref": "#/types/aws:s3/BucketObjectLockConfiguration:BucketObjectLockConfiguration", + "description": "A configuration of [S3 object locking](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) (documented below)\n" + }, + "policy": { + "type": "string", + "description": "A valid [bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html) JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a `pulumi up / preview / update`. In this case, please make sure you use the verbose/specific version of the policy.\n" + }, + "region": { + "type": "string", + "description": "The AWS region this bucket resides in.\n" + }, + "replicationConfiguration": { + "$ref": "#/types/aws:s3/BucketReplicationConfiguration:BucketReplicationConfiguration", + "description": "A configuration of [replication configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) (documented below).\n" + }, + "requestPayer": { + "type": "string", + "description": "Specifies who should bear the cost of Amazon S3 data transfer.\nCan be either `BucketOwner` or `Requester`. By default, the owner of the S3 bucket would incur\nthe costs of any data transfer. See [Requester Pays Buckets](http://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html)\ndeveloper guide for more information.\n" + }, + "serverSideEncryptionConfiguration": { + "$ref": "#/types/aws:s3/BucketServerSideEncryptionConfiguration:BucketServerSideEncryptionConfiguration", + "description": "A configuration of [server-side encryption configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) (documented below)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the bucket.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "versioning": { + "$ref": "#/types/aws:s3/BucketVersioning:BucketVersioning", + "description": "A state of [versioning](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html) (documented below)\n" + }, + "website": { + "$ref": "#/types/aws:s3/BucketWebsite:BucketWebsite", + "description": "A website object (documented below).\n" + }, + "websiteDomain": { + "type": "string", + "description": "The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.\n" + }, + "websiteEndpoint": { + "type": "string", + "description": "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.\n" + } + }, + "required": [ + "accelerationStatus", + "arn", + "bucket", + "bucketDomainName", + "bucketRegionalDomainName", + "hostedZoneId", + "region", + "requestPayer", + "tagsAll", + "versioning", + "websiteDomain", + "websiteEndpoint" + ], + "inputProperties": { + "accelerationStatus": { + "type": "string", + "description": "Sets the accelerate configuration of an existing bucket. Can be `Enabled` or `Suspended`.\n" + }, + "acl": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:s3/CannedAcl:CannedAcl" + } + ], + "description": "The [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, and `log-delivery-write`. Defaults to `private`. Conflicts with `grant`.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the bucket. Will be of format `arn:aws:s3:::bucketname`.\n" + }, + "bucket": { + "type": "string", + "description": "The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.\n", + "language": { + "csharp": { + "name": "BucketName" + } + } + }, + "bucketPrefix": { + "type": "string", + "description": "Creates a unique bucket name beginning with the specified prefix. Conflicts with `bucket`. Must be less than or equal to 37 characters in length.\n" + }, + "corsRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketCorsRule:BucketCorsRule" + }, + "description": "A rule of [Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) (documented below).\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all objects (including any [locked objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html)) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are *not* recoverable.\n" + }, + "grants": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketGrant:BucketGrant" + }, + "description": "An [ACL policy grant](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#sample-acl) (documented below). Conflicts with `acl`.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The [Route 53 Hosted Zone ID](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_website_region_endpoints) for this bucket's region.\n" + }, + "lifecycleRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketLifecycleRule:BucketLifecycleRule" + }, + "description": "A configuration of [object lifecycle management](http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) (documented below).\n" + }, + "loggings": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketLogging:BucketLogging" + }, + "description": "A settings of [bucket logging](https://docs.aws.amazon.com/AmazonS3/latest/UG/ManagingBucketLogging.html) (documented below).\n" + }, + "objectLockConfiguration": { + "$ref": "#/types/aws:s3/BucketObjectLockConfiguration:BucketObjectLockConfiguration", + "description": "A configuration of [S3 object locking](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) (documented below)\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "A valid [bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html) JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a `pulumi up / preview / update`. In this case, please make sure you use the verbose/specific version of the policy.\n" + }, + "replicationConfiguration": { + "$ref": "#/types/aws:s3/BucketReplicationConfiguration:BucketReplicationConfiguration", + "description": "A configuration of [replication configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) (documented below).\n" + }, + "requestPayer": { + "type": "string", + "description": "Specifies who should bear the cost of Amazon S3 data transfer.\nCan be either `BucketOwner` or `Requester`. By default, the owner of the S3 bucket would incur\nthe costs of any data transfer. See [Requester Pays Buckets](http://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html)\ndeveloper guide for more information.\n" + }, + "serverSideEncryptionConfiguration": { + "$ref": "#/types/aws:s3/BucketServerSideEncryptionConfiguration:BucketServerSideEncryptionConfiguration", + "description": "A configuration of [server-side encryption configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) (documented below)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the bucket.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "versioning": { + "$ref": "#/types/aws:s3/BucketVersioning:BucketVersioning", + "description": "A state of [versioning](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html) (documented below)\n" + }, + "website": { + "$ref": "#/types/aws:s3/BucketWebsite:BucketWebsite", + "description": "A website object (documented below).\n" + }, + "websiteDomain": { + "type": "string", + "description": "The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.\n" + }, + "websiteEndpoint": { + "type": "string", + "description": "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Bucket resources.\n", + "properties": { + "accelerationStatus": { + "type": "string", + "description": "Sets the accelerate configuration of an existing bucket. Can be `Enabled` or `Suspended`.\n" + }, + "acl": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:s3/CannedAcl:CannedAcl" + } + ], + "description": "The [canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, and `log-delivery-write`. Defaults to `private`. Conflicts with `grant`.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the bucket. Will be of format `arn:aws:s3:::bucketname`.\n" + }, + "bucket": { + "type": "string", + "description": "The name of the bucket. If omitted, this provider will assign a random, unique name. Must be less than or equal to 63 characters in length.\n", + "language": { + "csharp": { + "name": "BucketName" + } + } + }, + "bucketDomainName": { + "type": "string", + "description": "The bucket domain name. Will be of format `bucketname.s3.amazonaws.com`.\n" + }, + "bucketPrefix": { + "type": "string", + "description": "Creates a unique bucket name beginning with the specified prefix. Conflicts with `bucket`. Must be less than or equal to 37 characters in length.\n" + }, + "bucketRegionalDomainName": { + "type": "string", + "description": "The bucket region-specific domain name. The bucket domain name including the region name, please refer [here](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent [redirect issues](https://forums.aws.amazon.com/thread.jspa?threadID=216814) from CloudFront to S3 Origin URL.\n" + }, + "corsRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketCorsRule:BucketCorsRule" + }, + "description": "A rule of [Cross-Origin Resource Sharing](https://docs.aws.amazon.com/AmazonS3/latest/dev/cors.html) (documented below).\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all objects (including any [locked objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html)) should be deleted from the bucket so that the bucket can be destroyed without error. These objects are *not* recoverable.\n" + }, + "grants": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketGrant:BucketGrant" + }, + "description": "An [ACL policy grant](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#sample-acl) (documented below). Conflicts with `acl`.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The [Route 53 Hosted Zone ID](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_website_region_endpoints) for this bucket's region.\n" + }, + "lifecycleRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketLifecycleRule:BucketLifecycleRule" + }, + "description": "A configuration of [object lifecycle management](http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html) (documented below).\n" + }, + "loggings": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketLogging:BucketLogging" + }, + "description": "A settings of [bucket logging](https://docs.aws.amazon.com/AmazonS3/latest/UG/ManagingBucketLogging.html) (documented below).\n" + }, + "objectLockConfiguration": { + "$ref": "#/types/aws:s3/BucketObjectLockConfiguration:BucketObjectLockConfiguration", + "description": "A configuration of [S3 object locking](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html) (documented below)\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "A valid [bucket policy](https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html) JSON document. Note that if the policy document is not specific enough (but still valid), the provider may view the policy as constantly changing in a `pulumi up / preview / update`. In this case, please make sure you use the verbose/specific version of the policy.\n" + }, + "region": { + "type": "string", + "description": "The AWS region this bucket resides in.\n" + }, + "replicationConfiguration": { + "$ref": "#/types/aws:s3/BucketReplicationConfiguration:BucketReplicationConfiguration", + "description": "A configuration of [replication configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/crr.html) (documented below).\n" + }, + "requestPayer": { + "type": "string", + "description": "Specifies who should bear the cost of Amazon S3 data transfer.\nCan be either `BucketOwner` or `Requester`. By default, the owner of the S3 bucket would incur\nthe costs of any data transfer. See [Requester Pays Buckets](http://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html)\ndeveloper guide for more information.\n" + }, + "serverSideEncryptionConfiguration": { + "$ref": "#/types/aws:s3/BucketServerSideEncryptionConfiguration:BucketServerSideEncryptionConfiguration", + "description": "A configuration of [server-side encryption configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html) (documented below)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the bucket.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "versioning": { + "$ref": "#/types/aws:s3/BucketVersioning:BucketVersioning", + "description": "A state of [versioning](https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html) (documented below)\n" + }, + "website": { + "$ref": "#/types/aws:s3/BucketWebsite:BucketWebsite", + "description": "A website object (documented below).\n" + }, + "websiteDomain": { + "type": "string", + "description": "The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.\n" + }, + "websiteEndpoint": { + "type": "string", + "description": "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.\n" + } + }, + "type": "object" + } + }, + "aws:s3/bucketMetric:BucketMetric": { + "description": "Provides a S3 bucket [metrics configuration](http://docs.aws.amazon.com/AmazonS3/latest/dev/metrics-configurations.html) resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Add metrics configuration for entire S3 bucket\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3.Bucket(\"example\", {});\nconst example_entire_bucket = new aws.s3.BucketMetric(\"example-entire-bucket\", {bucket: example.bucket});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.Bucket(\"example\")\nexample_entire_bucket = aws.s3.BucketMetric(\"example-entire-bucket\", bucket=example.bucket)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.S3.Bucket(\"example\", new Aws.S3.BucketArgs\n {\n });\n var example_entire_bucket = new Aws.S3.BucketMetric(\"example-entire-bucket\", new Aws.S3.BucketMetricArgs\n {\n Bucket = example.BucketName,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := s3.NewBucket(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketMetric(ctx, \"example_entire_bucket\", &s3.BucketMetricArgs{\n\t\t\tBucket: example.Bucket,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Add metrics configuration with S3 bucket object filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3.Bucket(\"example\", {});\nconst example_filtered = new aws.s3.BucketMetric(\"example-filtered\", {\n bucket: example.bucket,\n filter: {\n prefix: \"documents/\",\n tags: {\n priority: \"high\",\n \"class\": \"blue\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3.Bucket(\"example\")\nexample_filtered = aws.s3.BucketMetric(\"example-filtered\",\n bucket=example.bucket,\n filter=aws.s3.BucketMetricFilterArgs(\n prefix=\"documents/\",\n tags={\n \"priority\": \"high\",\n \"class\": \"blue\",\n },\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.S3.Bucket(\"example\", new Aws.S3.BucketArgs\n {\n });\n var example_filtered = new Aws.S3.BucketMetric(\"example-filtered\", new Aws.S3.BucketMetricArgs\n {\n Bucket = example.BucketName,\n Filter = new Aws.S3.Inputs.BucketMetricFilterArgs\n {\n Prefix = \"documents/\",\n Tags = \n {\n { \"priority\", \"high\" },\n { \"class\", \"blue\" },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := s3.NewBucket(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketMetric(ctx, \"example_filtered\", &s3.BucketMetricArgs{\n\t\t\tBucket: example.Bucket,\n\t\t\tFilter: &s3.BucketMetricFilterArgs{\n\t\t\t\tPrefix: pulumi.String(\"documents/\"),\n\t\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\t\"priority\": pulumi.String(\"high\"),\n\t\t\t\t\t\"class\": pulumi.String(\"blue\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 bucket metric configurations can be imported using `bucket:metric`, e.g.\n\n```sh\n $ pulumi import aws:s3/bucketMetric:BucketMetric my-bucket-entire-bucket my-bucket:EntireBucket\n```\n\n ", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket to put metric configuration.\n" + }, + "filter": { + "$ref": "#/types/aws:s3/BucketMetricFilter:BucketMetricFilter", + "description": "[Object filtering](http://docs.aws.amazon.com/AmazonS3/latest/dev/metrics-configurations.html#metrics-configurations-filter) that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).\n" + }, + "name": { + "type": "string", + "description": "Unique identifier of the metrics configuration for the bucket.\n" + } + }, + "required": [ + "bucket", + "name" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "The name of the bucket to put metric configuration.\n" + }, + "filter": { + "$ref": "#/types/aws:s3/BucketMetricFilter:BucketMetricFilter", + "description": "[Object filtering](http://docs.aws.amazon.com/AmazonS3/latest/dev/metrics-configurations.html#metrics-configurations-filter) that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).\n" + }, + "name": { + "type": "string", + "description": "Unique identifier of the metrics configuration for the bucket.\n" + } + }, + "requiredInputs": [ + "bucket" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BucketMetric resources.\n", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket to put metric configuration.\n" + }, + "filter": { + "$ref": "#/types/aws:s3/BucketMetricFilter:BucketMetricFilter", + "description": "[Object filtering](http://docs.aws.amazon.com/AmazonS3/latest/dev/metrics-configurations.html#metrics-configurations-filter) that accepts a prefix, tags, or a logical AND of prefix and tags (documented below).\n" + }, + "name": { + "type": "string", + "description": "Unique identifier of the metrics configuration for the bucket.\n" + } + }, + "type": "object" + } + }, + "aws:s3/bucketNotification:BucketNotification": { + "description": "Manages a S3 Bucket Notification Configuration. For additional information, see the [Configuring S3 Event Notifications section in the Amazon S3 Developer Guide](https://docs.aws.amazon.com/AmazonS3/latest/dev/NotificationHowTo.html).\n\n> **NOTE:** S3 Buckets only support a single notification configuration. Declaring multiple `aws.s3.BucketNotification` resources to the same S3 Bucket will cause a perpetual difference in configuration. See the example \"Trigger multiple Lambda functions\" for an option.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Add notification configuration to SNS Topic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst topic = new aws.sns.Topic(\"topic\", {policy: pulumi.interpolate`{\n \"Version\":\"2012-10-17\",\n \"Statement\":[{\n \"Effect\": \"Allow\",\n \"Principal\": { \"Service\": \"s3.amazonaws.com\" },\n \"Action\": \"SNS:Publish\",\n \"Resource\": \"arn:aws:sns:*:*:s3-event-notification-topic\",\n \"Condition\":{\n \"ArnLike\":{\"aws:SourceArn\":\"${bucket.arn}\"}\n }\n }]\n}\n`});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucketNotification\", {\n bucket: bucket.id,\n topics: [{\n topicArn: topic.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterSuffix: \".log\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\")\ntopic = aws.sns.Topic(\"topic\", policy=bucket.arn.apply(lambda arn: f\"\"\"{{\n \"Version\":\"2012-10-17\",\n \"Statement\":[{{\n \"Effect\": \"Allow\",\n \"Principal\": {{ \"Service\": \"s3.amazonaws.com\" }},\n \"Action\": \"SNS:Publish\",\n \"Resource\": \"arn:aws:sns:*:*:s3-event-notification-topic\",\n \"Condition\":{{\n \"ArnLike\":{{\"aws:SourceArn\":\"{arn}\"}}\n }}\n }}]\n}}\n\"\"\"))\nbucket_notification = aws.s3.BucketNotification(\"bucketNotification\",\n bucket=bucket.id,\n topics=[aws.s3.BucketNotificationTopicArgs(\n topic_arn=topic.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_suffix=\".log\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var topic = new Aws.Sns.Topic(\"topic\", new Aws.Sns.TopicArgs\n {\n Policy = bucket.Arn.Apply(arn => @$\"{{\n \"\"Version\"\":\"\"2012-10-17\"\",\n \"\"Statement\"\":[{{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{ \"\"Service\"\": \"\"s3.amazonaws.com\"\" }},\n \"\"Action\"\": \"\"SNS:Publish\"\",\n \"\"Resource\"\": \"\"arn:aws:sns:*:*:s3-event-notification-topic\"\",\n \"\"Condition\"\":{{\n \"\"ArnLike\"\":{{\"\"aws:SourceArn\"\":\"\"{arn}\"\"}}\n }}\n }}]\n}}\n\"),\n });\n var bucketNotification = new Aws.S3.BucketNotification(\"bucketNotification\", new Aws.S3.BucketNotificationArgs\n {\n Bucket = bucket.Id,\n Topics = \n {\n new Aws.S3.Inputs.BucketNotificationTopicArgs\n {\n TopicArn = topic.Arn,\n Events = \n {\n \"s3:ObjectCreated:*\",\n },\n FilterSuffix = \".log\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttopic, err := sns.NewTopic(ctx, \"topic\", &sns.TopicArgs{\n\t\t\tPolicy: bucket.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\":\\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\":[{\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": { \\\"Service\\\": \\\"s3.amazonaws.com\\\" },\\n\", \" \\\"Action\\\": \\\"SNS:Publish\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:sns:*:*:s3-event-notification-topic\\\",\\n\", \" \\\"Condition\\\":{\\n\", \" \\\"ArnLike\\\":{\\\"aws:SourceArn\\\":\\\"\", arn, \"\\\"}\\n\", \" }\\n\", \" }]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucketNotification\", &s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tTopics: s3.BucketNotificationTopicArray{\n\t\t\t\t&s3.BucketNotificationTopicArgs{\n\t\t\t\t\tTopicArn: topic.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Add notification configuration to SQS Queue\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst queue = new aws.sqs.Queue(\"queue\", {policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"sqs:SendMessage\",\n\t \"Resource\": \"arn:aws:sqs:*:*:s3-event-notification-queue\",\n \"Condition\": {\n \"ArnEquals\": { \"aws:SourceArn\": \"${bucket.arn}\" }\n }\n }\n ]\n}\n`});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucketNotification\", {\n bucket: bucket.id,\n queues: [{\n queueArn: queue.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterSuffix: \".log\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\")\nqueue = aws.sqs.Queue(\"queue\", policy=bucket.arn.apply(lambda arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"sqs:SendMessage\",\n\t \"Resource\": \"arn:aws:sqs:*:*:s3-event-notification-queue\",\n \"Condition\": {{\n \"ArnEquals\": {{ \"aws:SourceArn\": \"{arn}\" }}\n }}\n }}\n ]\n}}\n\"\"\"))\nbucket_notification = aws.s3.BucketNotification(\"bucketNotification\",\n bucket=bucket.id,\n queues=[aws.s3.BucketNotificationQueueArgs(\n queue_arn=queue.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_suffix=\".log\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var queue = new Aws.Sqs.Queue(\"queue\", new Aws.Sqs.QueueArgs\n {\n Policy = bucket.Arn.Apply(arn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Action\"\": \"\"sqs:SendMessage\"\",\n\t \"\"Resource\"\": \"\"arn:aws:sqs:*:*:s3-event-notification-queue\"\",\n \"\"Condition\"\": {{\n \"\"ArnEquals\"\": {{ \"\"aws:SourceArn\"\": \"\"{arn}\"\" }}\n }}\n }}\n ]\n}}\n\"),\n });\n var bucketNotification = new Aws.S3.BucketNotification(\"bucketNotification\", new Aws.S3.BucketNotificationArgs\n {\n Bucket = bucket.Id,\n Queues = \n {\n new Aws.S3.Inputs.BucketNotificationQueueArgs\n {\n QueueArn = queue.Arn,\n Events = \n {\n \"s3:ObjectCreated:*\",\n },\n FilterSuffix = \".log\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tqueue, err := sqs.NewQueue(ctx, \"queue\", &sqs.QueueArgs{\n\t\t\tPolicy: bucket.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": \\\"*\\\",\\n\", \" \\\"Action\\\": \\\"sqs:SendMessage\\\",\\n\", \"\t \\\"Resource\\\": \\\"arn:aws:sqs:*:*:s3-event-notification-queue\\\",\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"ArnEquals\\\": { \\\"aws:SourceArn\\\": \\\"\", arn, \"\\\" }\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucketNotification\", &s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tQueues: s3.BucketNotificationQueueArray{\n\t\t\t\t&s3.BucketNotificationQueueArgs{\n\t\t\t\t\tQueueArn: queue.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterSuffix: pulumi.String(\".log\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Add notification configuration to Lambda Function\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst iamForLambda = new aws.iam.Role(\"iamForLambda\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\"\n }\n ]\n}\n`});\nconst func = new aws.lambda.Function(\"func\", {\n code: new pulumi.asset.FileArchive(\"your-function.zip\"),\n role: iamForLambda.arn,\n handler: \"exports.example\",\n runtime: \"go1.x\",\n});\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst allowBucket = new aws.lambda.Permission(\"allowBucket\", {\n action: \"lambda:InvokeFunction\",\n \"function\": func.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: bucket.arn,\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucketNotification\", {\n bucket: bucket.id,\n lambdaFunctions: [{\n lambdaFunctionArn: func.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"AWSLogs/\",\n filterSuffix: \".log\",\n }],\n}, {\n dependsOn: [allowBucket],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\niam_for_lambda = aws.iam.Role(\"iamForLambda\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\"\n }\n ]\n}\n\"\"\")\nfunc = aws.lambda_.Function(\"func\",\n code=pulumi.FileArchive(\"your-function.zip\"),\n role=iam_for_lambda.arn,\n handler=\"exports.example\",\n runtime=\"go1.x\")\nbucket = aws.s3.Bucket(\"bucket\")\nallow_bucket = aws.lambda_.Permission(\"allowBucket\",\n action=\"lambda:InvokeFunction\",\n function=func.arn,\n principal=\"s3.amazonaws.com\",\n source_arn=bucket.arn)\nbucket_notification = aws.s3.BucketNotification(\"bucketNotification\",\n bucket=bucket.id,\n lambda_functions=[aws.s3.BucketNotificationLambdaFunctionArgs(\n lambda_function_arn=func.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"AWSLogs/\",\n filter_suffix=\".log\",\n )],\n opts=pulumi.ResourceOptions(depends_on=[allow_bucket]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var iamForLambda = new Aws.Iam.Role(\"iamForLambda\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"lambda.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\"\n }\n ]\n}\n\",\n });\n var func = new Aws.Lambda.Function(\"func\", new Aws.Lambda.FunctionArgs\n {\n Code = new FileArchive(\"your-function.zip\"),\n Role = iamForLambda.Arn,\n Handler = \"exports.example\",\n Runtime = \"go1.x\",\n });\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var allowBucket = new Aws.Lambda.Permission(\"allowBucket\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = func.Arn,\n Principal = \"s3.amazonaws.com\",\n SourceArn = bucket.Arn,\n });\n var bucketNotification = new Aws.S3.BucketNotification(\"bucketNotification\", new Aws.S3.BucketNotificationArgs\n {\n Bucket = bucket.Id,\n LambdaFunctions = \n {\n new Aws.S3.Inputs.BucketNotificationLambdaFunctionArgs\n {\n LambdaFunctionArn = func.Arn,\n Events = \n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"AWSLogs/\",\n FilterSuffix = \".log\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n allowBucket,\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Trigger multiple Lambda functions\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst iamForLambda = new aws.iam.Role(\"iamForLambda\", {assumeRolePolicy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\"\n }\n ]\n}\n`});\nconst func1 = new aws.lambda.Function(\"func1\", {\n code: new pulumi.asset.FileArchive(\"your-function1.zip\"),\n role: iamForLambda.arn,\n handler: \"exports.example\",\n runtime: \"go1.x\",\n});\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst allowBucket1 = new aws.lambda.Permission(\"allowBucket1\", {\n action: \"lambda:InvokeFunction\",\n \"function\": func1.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: bucket.arn,\n});\nconst func2 = new aws.lambda.Function(\"func2\", {\n code: new pulumi.asset.FileArchive(\"your-function2.zip\"),\n role: iamForLambda.arn,\n handler: \"exports.example\",\n});\nconst allowBucket2 = new aws.lambda.Permission(\"allowBucket2\", {\n action: \"lambda:InvokeFunction\",\n \"function\": func2.arn,\n principal: \"s3.amazonaws.com\",\n sourceArn: bucket.arn,\n});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucketNotification\", {\n bucket: bucket.id,\n lambdaFunctions: [\n {\n lambdaFunctionArn: func1.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"AWSLogs/\",\n filterSuffix: \".log\",\n },\n {\n lambdaFunctionArn: func2.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"OtherLogs/\",\n filterSuffix: \".log\",\n },\n ],\n}, {\n dependsOn: [\n allowBucket1,\n allowBucket2,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\niam_for_lambda = aws.iam.Role(\"iamForLambda\", assume_role_policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": \"sts:AssumeRole\",\n \"Principal\": {\n \"Service\": \"lambda.amazonaws.com\"\n },\n \"Effect\": \"Allow\"\n }\n ]\n}\n\"\"\")\nfunc1 = aws.lambda_.Function(\"func1\",\n code=pulumi.FileArchive(\"your-function1.zip\"),\n role=iam_for_lambda.arn,\n handler=\"exports.example\",\n runtime=\"go1.x\")\nbucket = aws.s3.Bucket(\"bucket\")\nallow_bucket1 = aws.lambda_.Permission(\"allowBucket1\",\n action=\"lambda:InvokeFunction\",\n function=func1.arn,\n principal=\"s3.amazonaws.com\",\n source_arn=bucket.arn)\nfunc2 = aws.lambda_.Function(\"func2\",\n code=pulumi.FileArchive(\"your-function2.zip\"),\n role=iam_for_lambda.arn,\n handler=\"exports.example\")\nallow_bucket2 = aws.lambda_.Permission(\"allowBucket2\",\n action=\"lambda:InvokeFunction\",\n function=func2.arn,\n principal=\"s3.amazonaws.com\",\n source_arn=bucket.arn)\nbucket_notification = aws.s3.BucketNotification(\"bucketNotification\",\n bucket=bucket.id,\n lambda_functions=[\n aws.s3.BucketNotificationLambdaFunctionArgs(\n lambda_function_arn=func1.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"AWSLogs/\",\n filter_suffix=\".log\",\n ),\n aws.s3.BucketNotificationLambdaFunctionArgs(\n lambda_function_arn=func2.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"OtherLogs/\",\n filter_suffix=\".log\",\n ),\n ],\n opts=pulumi.ResourceOptions(depends_on=[\n allow_bucket1,\n allow_bucket2,\n ]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var iamForLambda = new Aws.Iam.Role(\"iamForLambda\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Action\"\": \"\"sts:AssumeRole\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"lambda.amazonaws.com\"\"\n },\n \"\"Effect\"\": \"\"Allow\"\"\n }\n ]\n}\n\",\n });\n var func1 = new Aws.Lambda.Function(\"func1\", new Aws.Lambda.FunctionArgs\n {\n Code = new FileArchive(\"your-function1.zip\"),\n Role = iamForLambda.Arn,\n Handler = \"exports.example\",\n Runtime = \"go1.x\",\n });\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var allowBucket1 = new Aws.Lambda.Permission(\"allowBucket1\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = func1.Arn,\n Principal = \"s3.amazonaws.com\",\n SourceArn = bucket.Arn,\n });\n var func2 = new Aws.Lambda.Function(\"func2\", new Aws.Lambda.FunctionArgs\n {\n Code = new FileArchive(\"your-function2.zip\"),\n Role = iamForLambda.Arn,\n Handler = \"exports.example\",\n });\n var allowBucket2 = new Aws.Lambda.Permission(\"allowBucket2\", new Aws.Lambda.PermissionArgs\n {\n Action = \"lambda:InvokeFunction\",\n Function = func2.Arn,\n Principal = \"s3.amazonaws.com\",\n SourceArn = bucket.Arn,\n });\n var bucketNotification = new Aws.S3.BucketNotification(\"bucketNotification\", new Aws.S3.BucketNotificationArgs\n {\n Bucket = bucket.Id,\n LambdaFunctions = \n {\n new Aws.S3.Inputs.BucketNotificationLambdaFunctionArgs\n {\n LambdaFunctionArn = func1.Arn,\n Events = \n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"AWSLogs/\",\n FilterSuffix = \".log\",\n },\n new Aws.S3.Inputs.BucketNotificationLambdaFunctionArgs\n {\n LambdaFunctionArn = func2.Arn,\n Events = \n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"OtherLogs/\",\n FilterSuffix = \".log\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n allowBucket1,\n allowBucket2,\n },\n });\n }\n\n}\n```\n{{% /example %}}\n{{% example %}}\n### Add multiple notification configurations to SQS Queue\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst queue = new aws.sqs.Queue(\"queue\", {policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"sqs:SendMessage\",\n\t \"Resource\": \"arn:aws:sqs:*:*:s3-event-notification-queue\",\n \"Condition\": {\n \"ArnEquals\": { \"aws:SourceArn\": \"${bucket.arn}\" }\n }\n }\n ]\n}\n`});\nconst bucketNotification = new aws.s3.BucketNotification(\"bucketNotification\", {\n bucket: bucket.id,\n queues: [\n {\n id: \"image-upload-event\",\n queueArn: queue.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"images/\",\n },\n {\n id: \"video-upload-event\",\n queueArn: queue.arn,\n events: [\"s3:ObjectCreated:*\"],\n filterPrefix: \"videos/\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\")\nqueue = aws.sqs.Queue(\"queue\", policy=bucket.arn.apply(lambda arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"sqs:SendMessage\",\n\t \"Resource\": \"arn:aws:sqs:*:*:s3-event-notification-queue\",\n \"Condition\": {{\n \"ArnEquals\": {{ \"aws:SourceArn\": \"{arn}\" }}\n }}\n }}\n ]\n}}\n\"\"\"))\nbucket_notification = aws.s3.BucketNotification(\"bucketNotification\",\n bucket=bucket.id,\n queues=[\n aws.s3.BucketNotificationQueueArgs(\n id=\"image-upload-event\",\n queue_arn=queue.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"images/\",\n ),\n aws.s3.BucketNotificationQueueArgs(\n id=\"video-upload-event\",\n queue_arn=queue.arn,\n events=[\"s3:ObjectCreated:*\"],\n filter_prefix=\"videos/\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var queue = new Aws.Sqs.Queue(\"queue\", new Aws.Sqs.QueueArgs\n {\n Policy = bucket.Arn.Apply(arn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Action\"\": \"\"sqs:SendMessage\"\",\n\t \"\"Resource\"\": \"\"arn:aws:sqs:*:*:s3-event-notification-queue\"\",\n \"\"Condition\"\": {{\n \"\"ArnEquals\"\": {{ \"\"aws:SourceArn\"\": \"\"{arn}\"\" }}\n }}\n }}\n ]\n}}\n\"),\n });\n var bucketNotification = new Aws.S3.BucketNotification(\"bucketNotification\", new Aws.S3.BucketNotificationArgs\n {\n Bucket = bucket.Id,\n Queues = \n {\n new Aws.S3.Inputs.BucketNotificationQueueArgs\n {\n Id = \"image-upload-event\",\n QueueArn = queue.Arn,\n Events = \n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"images/\",\n },\n new Aws.S3.Inputs.BucketNotificationQueueArgs\n {\n Id = \"video-upload-event\",\n QueueArn = queue.Arn,\n Events = \n {\n \"s3:ObjectCreated:*\",\n },\n FilterPrefix = \"videos/\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tqueue, err := sqs.NewQueue(ctx, \"queue\", &sqs.QueueArgs{\n\t\t\tPolicy: bucket.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": \\\"*\\\",\\n\", \" \\\"Action\\\": \\\"sqs:SendMessage\\\",\\n\", \"\t \\\"Resource\\\": \\\"arn:aws:sqs:*:*:s3-event-notification-queue\\\",\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"ArnEquals\\\": { \\\"aws:SourceArn\\\": \\\"\", arn, \"\\\" }\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketNotification(ctx, \"bucketNotification\", &s3.BucketNotificationArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tQueues: s3.BucketNotificationQueueArray{\n\t\t\t\t&s3.BucketNotificationQueueArgs{\n\t\t\t\t\tId: pulumi.String(\"image-upload-event\"),\n\t\t\t\t\tQueueArn: queue.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"images/\"),\n\t\t\t\t},\n\t\t\t\t&s3.BucketNotificationQueueArgs{\n\t\t\t\t\tId: pulumi.String(\"video-upload-event\"),\n\t\t\t\t\tQueueArn: queue.Arn,\n\t\t\t\t\tEvents: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"s3:ObjectCreated:*\"),\n\t\t\t\t\t},\n\t\t\t\t\tFilterPrefix: pulumi.String(\"videos/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 bucket notification can be imported using the `bucket`, e.g.\n\n```sh\n $ pulumi import aws:s3/bucketNotification:BucketNotification bucket_notification bucket-name\n```\n\n ", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket to put notification configuration.\n" + }, + "lambdaFunctions": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketNotificationLambdaFunction:BucketNotificationLambdaFunction" + }, + "description": "Used to configure notifications to a Lambda Function (documented below).\n" + }, + "queues": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketNotificationQueue:BucketNotificationQueue" + }, + "description": "The notification configuration to SQS Queue (documented below).\n" + }, + "topics": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketNotificationTopic:BucketNotificationTopic" + }, + "description": "The notification configuration to SNS Topic (documented below).\n" + } + }, + "required": [ + "bucket" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "The name of the bucket to put notification configuration.\n" + }, + "lambdaFunctions": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketNotificationLambdaFunction:BucketNotificationLambdaFunction" + }, + "description": "Used to configure notifications to a Lambda Function (documented below).\n" + }, + "queues": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketNotificationQueue:BucketNotificationQueue" + }, + "description": "The notification configuration to SQS Queue (documented below).\n" + }, + "topics": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketNotificationTopic:BucketNotificationTopic" + }, + "description": "The notification configuration to SNS Topic (documented below).\n" + } + }, + "requiredInputs": [ + "bucket" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BucketNotification resources.\n", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket to put notification configuration.\n" + }, + "lambdaFunctions": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketNotificationLambdaFunction:BucketNotificationLambdaFunction" + }, + "description": "Used to configure notifications to a Lambda Function (documented below).\n" + }, + "queues": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketNotificationQueue:BucketNotificationQueue" + }, + "description": "The notification configuration to SQS Queue (documented below).\n" + }, + "topics": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/BucketNotificationTopic:BucketNotificationTopic" + }, + "description": "The notification configuration to SNS Topic (documented below).\n" + } + }, + "type": "object" + } + }, + "aws:s3/bucketObject:BucketObject": { + "description": "Provides a S3 bucket object resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Encrypting with KMS Key\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplekms = new aws.kms.Key(\"examplekms\", {\n description: \"KMS key 1\",\n deletionWindowInDays: 7,\n});\nconst examplebucket = new aws.s3.Bucket(\"examplebucket\", {acl: \"private\"});\nconst examplebucketObject = new aws.s3.BucketObject(\"examplebucketObject\", {\n key: \"someobject\",\n bucket: examplebucket.id,\n source: new pulumi.asset.FileAsset(\"index.html\"),\n kmsKeyId: examplekms.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexamplekms = aws.kms.Key(\"examplekms\",\n description=\"KMS key 1\",\n deletion_window_in_days=7)\nexamplebucket = aws.s3.Bucket(\"examplebucket\", acl=\"private\")\nexamplebucket_object = aws.s3.BucketObject(\"examplebucketObject\",\n key=\"someobject\",\n bucket=examplebucket.id,\n source=pulumi.FileAsset(\"index.html\"),\n kms_key_id=examplekms.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplekms = new Aws.Kms.Key(\"examplekms\", new Aws.Kms.KeyArgs\n {\n Description = \"KMS key 1\",\n DeletionWindowInDays = 7,\n });\n var examplebucket = new Aws.S3.Bucket(\"examplebucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var examplebucketObject = new Aws.S3.BucketObject(\"examplebucketObject\", new Aws.S3.BucketObjectArgs\n {\n Key = \"someobject\",\n Bucket = examplebucket.Id,\n Source = new FileAsset(\"index.html\"),\n KmsKeyId = examplekms.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplekms, err := kms.NewKey(ctx, \"examplekms\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"KMS key 1\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplebucket, err := s3.NewBucket(ctx, \"examplebucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketObject(ctx, \"examplebucketObject\", &s3.BucketObjectArgs{\n\t\t\tKey: pulumi.String(\"someobject\"),\n\t\t\tBucket: examplebucket.ID(),\n\t\t\tSource: pulumi.NewFileAsset(\"index.html\"),\n\t\t\tKmsKeyId: examplekms.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Server Side Encryption with S3 Default Master Key\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplebucket = new aws.s3.Bucket(\"examplebucket\", {acl: \"private\"});\nconst examplebucketObject = new aws.s3.BucketObject(\"examplebucketObject\", {\n key: \"someobject\",\n bucket: examplebucket.id,\n source: new pulumi.asset.FileAsset(\"index.html\"),\n serverSideEncryption: \"aws:kms\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexamplebucket = aws.s3.Bucket(\"examplebucket\", acl=\"private\")\nexamplebucket_object = aws.s3.BucketObject(\"examplebucketObject\",\n key=\"someobject\",\n bucket=examplebucket.id,\n source=pulumi.FileAsset(\"index.html\"),\n server_side_encryption=\"aws:kms\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplebucket = new Aws.S3.Bucket(\"examplebucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var examplebucketObject = new Aws.S3.BucketObject(\"examplebucketObject\", new Aws.S3.BucketObjectArgs\n {\n Key = \"someobject\",\n Bucket = examplebucket.Id,\n Source = new FileAsset(\"index.html\"),\n ServerSideEncryption = \"aws:kms\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplebucket, err := s3.NewBucket(ctx, \"examplebucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketObject(ctx, \"examplebucketObject\", &s3.BucketObjectArgs{\n\t\t\tKey: pulumi.String(\"someobject\"),\n\t\t\tBucket: examplebucket.ID(),\n\t\t\tSource: pulumi.NewFileAsset(\"index.html\"),\n\t\t\tServerSideEncryption: pulumi.String(\"aws:kms\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Server Side Encryption with AWS-Managed Key\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplebucket = new aws.s3.Bucket(\"examplebucket\", {acl: \"private\"});\nconst examplebucketObject = new aws.s3.BucketObject(\"examplebucketObject\", {\n key: \"someobject\",\n bucket: examplebucket.id,\n source: new pulumi.asset.FileAsset(\"index.html\"),\n serverSideEncryption: \"AES256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexamplebucket = aws.s3.Bucket(\"examplebucket\", acl=\"private\")\nexamplebucket_object = aws.s3.BucketObject(\"examplebucketObject\",\n key=\"someobject\",\n bucket=examplebucket.id,\n source=pulumi.FileAsset(\"index.html\"),\n server_side_encryption=\"AES256\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplebucket = new Aws.S3.Bucket(\"examplebucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n });\n var examplebucketObject = new Aws.S3.BucketObject(\"examplebucketObject\", new Aws.S3.BucketObjectArgs\n {\n Key = \"someobject\",\n Bucket = examplebucket.Id,\n Source = new FileAsset(\"index.html\"),\n ServerSideEncryption = \"AES256\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplebucket, err := s3.NewBucket(ctx, \"examplebucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketObject(ctx, \"examplebucketObject\", &s3.BucketObjectArgs{\n\t\t\tKey: pulumi.String(\"someobject\"),\n\t\t\tBucket: examplebucket.ID(),\n\t\t\tSource: pulumi.NewFileAsset(\"index.html\"),\n\t\t\tServerSideEncryption: pulumi.String(\"AES256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### S3 Object Lock\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplebucket = new aws.s3.Bucket(\"examplebucket\", {\n acl: \"private\",\n versioning: {\n enabled: true,\n },\n objectLockConfiguration: {\n objectLockEnabled: \"Enabled\",\n },\n});\nconst examplebucketObject = new aws.s3.BucketObject(\"examplebucketObject\", {\n key: \"someobject\",\n bucket: examplebucket.id,\n source: new pulumi.asset.FileAsset(\"important.txt\"),\n objectLockLegalHoldStatus: \"ON\",\n objectLockMode: \"GOVERNANCE\",\n objectLockRetainUntilDate: \"2021-12-31T23:59:60Z\",\n forceDestroy: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexamplebucket = aws.s3.Bucket(\"examplebucket\",\n acl=\"private\",\n versioning=aws.s3.BucketVersioningArgs(\n enabled=True,\n ),\n object_lock_configuration=aws.s3.BucketObjectLockConfigurationArgs(\n object_lock_enabled=\"Enabled\",\n ))\nexamplebucket_object = aws.s3.BucketObject(\"examplebucketObject\",\n key=\"someobject\",\n bucket=examplebucket.id,\n source=pulumi.FileAsset(\"important.txt\"),\n object_lock_legal_hold_status=\"ON\",\n object_lock_mode=\"GOVERNANCE\",\n object_lock_retain_until_date=\"2021-12-31T23:59:60Z\",\n force_destroy=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplebucket = new Aws.S3.Bucket(\"examplebucket\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n Versioning = new Aws.S3.Inputs.BucketVersioningArgs\n {\n Enabled = true,\n },\n ObjectLockConfiguration = new Aws.S3.Inputs.BucketObjectLockConfigurationArgs\n {\n ObjectLockEnabled = \"Enabled\",\n },\n });\n var examplebucketObject = new Aws.S3.BucketObject(\"examplebucketObject\", new Aws.S3.BucketObjectArgs\n {\n Key = \"someobject\",\n Bucket = examplebucket.Id,\n Source = new FileAsset(\"important.txt\"),\n ObjectLockLegalHoldStatus = \"ON\",\n ObjectLockMode = \"GOVERNANCE\",\n ObjectLockRetainUntilDate = \"2021-12-31T23:59:60Z\",\n ForceDestroy = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplebucket, err := s3.NewBucket(ctx, \"examplebucket\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tVersioning: &s3.BucketVersioningArgs{\n\t\t\t\tEnabled: pulumi.Bool(true),\n\t\t\t},\n\t\t\tObjectLockConfiguration: &s3.BucketObjectLockConfigurationArgs{\n\t\t\t\tObjectLockEnabled: pulumi.String(\"Enabled\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketObject(ctx, \"examplebucketObject\", &s3.BucketObjectArgs{\n\t\t\tKey: pulumi.String(\"someobject\"),\n\t\t\tBucket: examplebucket.ID(),\n\t\t\tSource: pulumi.NewFileAsset(\"important.txt\"),\n\t\t\tObjectLockLegalHoldStatus: pulumi.String(\"ON\"),\n\t\t\tObjectLockMode: pulumi.String(\"GOVERNANCE\"),\n\t\t\tObjectLockRetainUntilDate: pulumi.String(\"2021-12-31T23:59:60Z\"),\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nObjects can be imported using the `id`. The `id` is the bucket name and the key together e.g.\n\n```sh\n $ pulumi import aws:s3/bucketObject:BucketObject object some-bucket-name/some/key.txt\n```\n\n Additionally, s3 url syntax can be used, e.g.\n\n```sh\n $ pulumi import aws:s3/bucketObject:BucketObject object s3://some-bucket-name/some/key.txt\n```\n\n ", + "properties": { + "acl": { + "type": "string", + "description": "[Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Defaults to `private`.\n" + }, + "bucket": { + "type": "string", + "description": "Name of the bucket to put the file in. Alternatively, an [S3 access point](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) ARN can be specified.\n" + }, + "bucketKeyEnabled": { + "type": "boolean", + "description": "Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.\n" + }, + "cacheControl": { + "type": "string", + "description": "Caching behavior along the request/reply chain Read [w3c cache_control](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details.\n" + }, + "content": { + "type": "string", + "description": "Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.\n" + }, + "contentBase64": { + "type": "string", + "description": "Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the `gzipbase64` function with small text strings. For larger objects, use `source` to stream the content from a disk file.\n" + }, + "contentDisposition": { + "type": "string", + "description": "Presentational information for the object. Read [w3c content_disposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information.\n" + }, + "contentEncoding": { + "type": "string", + "description": "Content encodings that have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.\n" + }, + "contentLanguage": { + "type": "string", + "description": "Language the content is in e.g. en-US or en-GB.\n" + }, + "contentType": { + "type": "string", + "description": "Standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.\n" + }, + "etag": { + "type": "string", + "description": "Triggers updates when the value changes. The only meaningful value is `filemd5(\"path/to/file\")`. This attribute is not compatible with KMS encryption, `kms_key_id` or `server_side_encryption = \"aws:kms\"` (see `source_hash` instead).\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Whether to allow the object to be deleted by removing any legal hold on any object version. Default is `false`. This value should be set to `true` only if the bucket has S3 object lock enabled.\n" + }, + "key": { + "type": "string", + "description": "Name of the object once it is in the bucket.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN of the KMS Key to use for object encryption. If the S3 Bucket has server-side encryption enabled, that value will automatically be used. If referencing the `aws.kms.Key` resource, use the `arn` attribute. If referencing the `aws.kms.Alias` data source or resource, use the `target_key_arn` attribute. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-`, note that only lowercase label are currently supported by the AWS Go API).\n" + }, + "objectLockLegalHoldStatus": { + "type": "string", + "description": "[Legal hold](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-legal-holds) status that you want to apply to the specified object. Valid values are `ON` and `OFF`.\n" + }, + "objectLockMode": { + "type": "string", + "description": "Object lock [retention mode](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes) that you want to apply to this object. Valid values are `GOVERNANCE` and `COMPLIANCE`.\n" + }, + "objectLockRetainUntilDate": { + "type": "string", + "description": "Date and time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), when this object's object lock will [expire](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-periods).\n" + }, + "serverSideEncryption": { + "type": "string", + "description": "Server-side encryption of the object in S3. Valid values are \"`AES256`\" and \"`aws:kms`\".\n" + }, + "source": { + "$ref": "pulumi.json#/Asset", + "description": "Path to a file that will be read and uploaded as raw bytes for the object content.\n" + }, + "sourceHash": { + "type": "string", + "description": "Triggers updates like `etag` but useful to address `etag` encryption limitations. Set using `filemd5(\"path/to/source\")`. (The value is only stored in state and not saved by AWS.)\n" + }, + "storageClass": { + "type": "string", + "description": "[Storage Class](http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) for the object. Can be either \"`STANDARD`\", \"`REDUCED_REDUNDANCY`\", \"`ONEZONE_IA`\", \"`INTELLIGENT_TIERING`\", \"`GLACIER`\", \"`DEEP_ARCHIVE`\", or \"`STANDARD_IA`\". Defaults to \"`STANDARD`\".\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the object. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "versionId": { + "type": "string", + "description": "Unique version ID value for the object, if bucket versioning is enabled.\n" + }, + "websiteRedirect": { + "type": "string", + "description": "Target URL for [website redirect](http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).\n" + } + }, + "required": [ + "bucket", + "bucketKeyEnabled", + "contentType", + "etag", + "key", + "kmsKeyId", + "serverSideEncryption", + "storageClass", + "tagsAll", + "versionId" + ], + "inputProperties": { + "acl": { + "type": "string", + "description": "[Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Defaults to `private`.\n" + }, + "bucket": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:s3/bucket:Bucket" + } + ], + "description": "Name of the bucket to put the file in. Alternatively, an [S3 access point](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) ARN can be specified.\n" + }, + "bucketKeyEnabled": { + "type": "boolean", + "description": "Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.\n" + }, + "cacheControl": { + "type": "string", + "description": "Caching behavior along the request/reply chain Read [w3c cache_control](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details.\n" + }, + "content": { + "type": "string", + "description": "Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.\n" + }, + "contentBase64": { + "type": "string", + "description": "Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the `gzipbase64` function with small text strings. For larger objects, use `source` to stream the content from a disk file.\n" + }, + "contentDisposition": { + "type": "string", + "description": "Presentational information for the object. Read [w3c content_disposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information.\n" + }, + "contentEncoding": { + "type": "string", + "description": "Content encodings that have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.\n" + }, + "contentLanguage": { + "type": "string", + "description": "Language the content is in e.g. en-US or en-GB.\n" + }, + "contentType": { + "type": "string", + "description": "Standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.\n" + }, + "etag": { + "type": "string", + "description": "Triggers updates when the value changes. The only meaningful value is `filemd5(\"path/to/file\")`. This attribute is not compatible with KMS encryption, `kms_key_id` or `server_side_encryption = \"aws:kms\"` (see `source_hash` instead).\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Whether to allow the object to be deleted by removing any legal hold on any object version. Default is `false`. This value should be set to `true` only if the bucket has S3 object lock enabled.\n" + }, + "key": { + "type": "string", + "description": "Name of the object once it is in the bucket.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN of the KMS Key to use for object encryption. If the S3 Bucket has server-side encryption enabled, that value will automatically be used. If referencing the `aws.kms.Key` resource, use the `arn` attribute. If referencing the `aws.kms.Alias` data source or resource, use the `target_key_arn` attribute. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-`, note that only lowercase label are currently supported by the AWS Go API).\n" + }, + "objectLockLegalHoldStatus": { + "type": "string", + "description": "[Legal hold](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-legal-holds) status that you want to apply to the specified object. Valid values are `ON` and `OFF`.\n" + }, + "objectLockMode": { + "type": "string", + "description": "Object lock [retention mode](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes) that you want to apply to this object. Valid values are `GOVERNANCE` and `COMPLIANCE`.\n" + }, + "objectLockRetainUntilDate": { + "type": "string", + "description": "Date and time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), when this object's object lock will [expire](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-periods).\n" + }, + "serverSideEncryption": { + "type": "string", + "description": "Server-side encryption of the object in S3. Valid values are \"`AES256`\" and \"`aws:kms`\".\n" + }, + "source": { + "$ref": "pulumi.json#/Asset", + "description": "Path to a file that will be read and uploaded as raw bytes for the object content.\n" + }, + "sourceHash": { + "type": "string", + "description": "Triggers updates like `etag` but useful to address `etag` encryption limitations. Set using `filemd5(\"path/to/source\")`. (The value is only stored in state and not saved by AWS.)\n" + }, + "storageClass": { + "type": "string", + "description": "[Storage Class](http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) for the object. Can be either \"`STANDARD`\", \"`REDUCED_REDUNDANCY`\", \"`ONEZONE_IA`\", \"`INTELLIGENT_TIERING`\", \"`GLACIER`\", \"`DEEP_ARCHIVE`\", or \"`STANDARD_IA`\". Defaults to \"`STANDARD`\".\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the object. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "websiteRedirect": { + "type": "string", + "description": "Target URL for [website redirect](http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).\n" + } + }, + "requiredInputs": [ + "bucket" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BucketObject resources.\n", + "properties": { + "acl": { + "type": "string", + "description": "[Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Valid values are `private`, `public-read`, `public-read-write`, `aws-exec-read`, `authenticated-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Defaults to `private`.\n" + }, + "bucket": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:s3/bucket:Bucket" + } + ], + "description": "Name of the bucket to put the file in. Alternatively, an [S3 access point](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) ARN can be specified.\n" + }, + "bucketKeyEnabled": { + "type": "boolean", + "description": "Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.\n" + }, + "cacheControl": { + "type": "string", + "description": "Caching behavior along the request/reply chain Read [w3c cache_control](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details.\n" + }, + "content": { + "type": "string", + "description": "Literal string value to use as the object content, which will be uploaded as UTF-8-encoded text.\n" + }, + "contentBase64": { + "type": "string", + "description": "Base64-encoded data that will be decoded and uploaded as raw bytes for the object content. This allows safely uploading non-UTF8 binary data, but is recommended only for small content such as the result of the `gzipbase64` function with small text strings. For larger objects, use `source` to stream the content from a disk file.\n" + }, + "contentDisposition": { + "type": "string", + "description": "Presentational information for the object. Read [w3c content_disposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information.\n" + }, + "contentEncoding": { + "type": "string", + "description": "Content encodings that have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.\n" + }, + "contentLanguage": { + "type": "string", + "description": "Language the content is in e.g. en-US or en-GB.\n" + }, + "contentType": { + "type": "string", + "description": "Standard MIME type describing the format of the object data, e.g. application/octet-stream. All Valid MIME Types are valid for this input.\n" + }, + "etag": { + "type": "string", + "description": "Triggers updates when the value changes. The only meaningful value is `filemd5(\"path/to/file\")`. This attribute is not compatible with KMS encryption, `kms_key_id` or `server_side_encryption = \"aws:kms\"` (see `source_hash` instead).\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Whether to allow the object to be deleted by removing any legal hold on any object version. Default is `false`. This value should be set to `true` only if the bucket has S3 object lock enabled.\n" + }, + "key": { + "type": "string", + "description": "Name of the object once it is in the bucket.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN of the KMS Key to use for object encryption. If the S3 Bucket has server-side encryption enabled, that value will automatically be used. If referencing the `aws.kms.Key` resource, use the `arn` attribute. If referencing the `aws.kms.Alias` data source or resource, use the `target_key_arn` attribute. This provider will only perform drift detection if a configuration value is provided.\n" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-`, note that only lowercase label are currently supported by the AWS Go API).\n" + }, + "objectLockLegalHoldStatus": { + "type": "string", + "description": "[Legal hold](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-legal-holds) status that you want to apply to the specified object. Valid values are `ON` and `OFF`.\n" + }, + "objectLockMode": { + "type": "string", + "description": "Object lock [retention mode](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes) that you want to apply to this object. Valid values are `GOVERNANCE` and `COMPLIANCE`.\n" + }, + "objectLockRetainUntilDate": { + "type": "string", + "description": "Date and time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), when this object's object lock will [expire](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-periods).\n" + }, + "serverSideEncryption": { + "type": "string", + "description": "Server-side encryption of the object in S3. Valid values are \"`AES256`\" and \"`aws:kms`\".\n" + }, + "source": { + "$ref": "pulumi.json#/Asset", + "description": "Path to a file that will be read and uploaded as raw bytes for the object content.\n" + }, + "sourceHash": { + "type": "string", + "description": "Triggers updates like `etag` but useful to address `etag` encryption limitations. Set using `filemd5(\"path/to/source\")`. (The value is only stored in state and not saved by AWS.)\n" + }, + "storageClass": { + "type": "string", + "description": "[Storage Class](http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) for the object. Can be either \"`STANDARD`\", \"`REDUCED_REDUNDANCY`\", \"`ONEZONE_IA`\", \"`INTELLIGENT_TIERING`\", \"`GLACIER`\", \"`DEEP_ARCHIVE`\", or \"`STANDARD_IA`\". Defaults to \"`STANDARD`\".\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags to assign to the object. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "versionId": { + "type": "string", + "description": "Unique version ID value for the object, if bucket versioning is enabled.\n" + }, + "websiteRedirect": { + "type": "string", + "description": "Target URL for [website redirect](http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).\n" + } + }, + "type": "object" + } + }, + "aws:s3/bucketOwnershipControls:BucketOwnershipControls": { + "description": "Provides a resource to manage S3 Bucket Ownership Controls. For more information, see the [S3 Developer Guide](https://docs.aws.amazon.com/AmazonS3/latest/dev/about-object-ownership.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {});\nconst exampleBucketOwnershipControls = new aws.s3.BucketOwnershipControls(\"exampleBucketOwnershipControls\", {\n bucket: exampleBucket.id,\n rule: {\n objectOwnership: \"BucketOwnerPreferred\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3.Bucket(\"exampleBucket\")\nexample_bucket_ownership_controls = aws.s3.BucketOwnershipControls(\"exampleBucketOwnershipControls\",\n bucket=example_bucket.id,\n rule=aws.s3.BucketOwnershipControlsRuleArgs(\n object_ownership=\"BucketOwnerPreferred\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n });\n var exampleBucketOwnershipControls = new Aws.S3.BucketOwnershipControls(\"exampleBucketOwnershipControls\", new Aws.S3.BucketOwnershipControlsArgs\n {\n Bucket = exampleBucket.Id,\n Rule = new Aws.S3.Inputs.BucketOwnershipControlsRuleArgs\n {\n ObjectOwnership = \"BucketOwnerPreferred\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketOwnershipControls(ctx, \"exampleBucketOwnershipControls\", &s3.BucketOwnershipControlsArgs{\n\t\t\tBucket: exampleBucket.ID(),\n\t\t\tRule: &s3.BucketOwnershipControlsRuleArgs{\n\t\t\t\tObjectOwnership: pulumi.String(\"BucketOwnerPreferred\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 Bucket Ownership Controls can be imported using S3 Bucket name, e.g.\n\n```sh\n $ pulumi import aws:s3/bucketOwnershipControls:BucketOwnershipControls example my-bucket\n```\n\n ", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket that you want to associate this access point with.\n" + }, + "rule": { + "$ref": "#/types/aws:s3/BucketOwnershipControlsRule:BucketOwnershipControlsRule", + "description": "Configuration block(s) with Ownership Controls rules. Detailed below.\n" + } + }, + "required": [ + "bucket", + "rule" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "The name of the bucket that you want to associate this access point with.\n" + }, + "rule": { + "$ref": "#/types/aws:s3/BucketOwnershipControlsRule:BucketOwnershipControlsRule", + "description": "Configuration block(s) with Ownership Controls rules. Detailed below.\n" + } + }, + "requiredInputs": [ + "bucket", + "rule" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BucketOwnershipControls resources.\n", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket that you want to associate this access point with.\n" + }, + "rule": { + "$ref": "#/types/aws:s3/BucketOwnershipControlsRule:BucketOwnershipControlsRule", + "description": "Configuration block(s) with Ownership Controls rules. Detailed below.\n" + } + }, + "type": "object" + } + }, + "aws:s3/bucketPolicy:BucketPolicy": { + "description": "Attaches a policy to an S3 bucket resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bucket = new aws.s3.Bucket(\"bucket\", {});\nconst bucketPolicy = new aws.s3.BucketPolicy(\"bucketPolicy\", {\n bucket: bucket.id,\n policy: pulumi.all([bucket.arn, bucket.arn]).apply(([bucketArn, bucketArn1]) => JSON.stringify({\n Version: \"2012-10-17\",\n Id: \"MYBUCKETPOLICY\",\n Statement: [{\n Sid: \"IPAllow\",\n Effect: \"Deny\",\n Principal: \"*\",\n Action: \"s3:*\",\n Resource: [\n bucketArn,\n `${bucketArn1}/*`,\n ],\n Condition: {\n IpAddress: {\n \"aws:SourceIp\": \"8.8.8.8/32\",\n },\n },\n }],\n })),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nbucket = aws.s3.Bucket(\"bucket\")\nbucket_policy = aws.s3.BucketPolicy(\"bucketPolicy\",\n bucket=bucket.id,\n policy=pulumi.Output.all(bucket.arn, bucket.arn).apply(lambda bucketArn, bucketArn1: json.dumps({\n \"Version\": \"2012-10-17\",\n \"Id\": \"MYBUCKETPOLICY\",\n \"Statement\": [{\n \"Sid\": \"IPAllow\",\n \"Effect\": \"Deny\",\n \"Principal\": \"*\",\n \"Action\": \"s3:*\",\n \"Resource\": [\n bucket_arn,\n f\"{bucket_arn1}/*\",\n ],\n \"Condition\": {\n \"IpAddress\": {\n \"aws:SourceIp\": \"8.8.8.8/32\",\n },\n },\n }],\n })))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n });\n var bucketPolicy = new Aws.S3.BucketPolicy(\"bucketPolicy\", new Aws.S3.BucketPolicyArgs\n {\n Bucket = bucket.Id,\n Policy = Output.Tuple(bucket.Arn, bucket.Arn).Apply(values =>\n {\n var bucketArn = values.Item1;\n var bucketArn1 = values.Item2;\n return JsonSerializer.Serialize(new Dictionary\n {\n { \"Version\", \"2012-10-17\" },\n { \"Id\", \"MYBUCKETPOLICY\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Sid\", \"IPAllow\" },\n { \"Effect\", \"Deny\" },\n { \"Principal\", \"*\" },\n { \"Action\", \"s3:*\" },\n { \"Resource\", new[]\n {\n bucketArn,\n $\"{bucketArn1}/*\",\n }\n },\n { \"Condition\", new Dictionary\n {\n { \"IpAddress\", new Dictionary\n {\n { \"aws:SourceIp\", \"8.8.8.8/32\" },\n } },\n } },\n },\n }\n },\n });\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbucket, err := s3.NewBucket(ctx, \"bucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPolicy(ctx, \"bucketPolicy\", &s3.BucketPolicyArgs{\n\t\t\tBucket: bucket.ID(),\n\t\t\tPolicy: pulumi.All(bucket.Arn, bucket.Arn).ApplyT(func(_args []interface{}) (string, error) {\n\t\t\t\tbucketArn := _args[0].(string)\n\t\t\t\tbucketArn1 := _args[1].(string)\n\t\t\t\tvar _zero string\n\t\t\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\t\t\"Id\": \"MYBUCKETPOLICY\",\n\t\t\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\"Sid\": \"IPAllow\",\n\t\t\t\t\t\t\t\"Effect\": \"Deny\",\n\t\t\t\t\t\t\t\"Principal\": \"*\",\n\t\t\t\t\t\t\t\"Action\": \"s3:*\",\n\t\t\t\t\t\t\t\"Resource\": []string{\n\t\t\t\t\t\t\t\tbucketArn,\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"%v%v\", bucketArn1, \"/*\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\"Condition\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\"IpAddress\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"aws:SourceIp\": \"8.8.8.8/32\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t})\n\t\t\t\tif err != nil {\n\t\t\t\t\treturn _zero, err\n\t\t\t\t}\n\t\t\t\tjson0 := string(tmpJSON0)\n\t\t\t\treturn json0, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 bucket policies can be imported using the bucket name, e.g.\n\n```sh\n $ pulumi import aws:s3/bucketPolicy:BucketPolicy example my-bucket-name\n```\n\n ", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket to which to apply the policy.\n" + }, + "policy": { + "type": "string", + "description": "The text of the policy. Note: Bucket policies are limited to 20 KB in size.\n" + } + }, + "required": [ + "bucket", + "policy" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "The name of the bucket to which to apply the policy.\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The text of the policy. Note: Bucket policies are limited to 20 KB in size.\n" + } + }, + "requiredInputs": [ + "bucket", + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BucketPolicy resources.\n", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket to which to apply the policy.\n" + }, + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The text of the policy. Note: Bucket policies are limited to 20 KB in size.\n" + } + }, + "type": "object" + } + }, + "aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock": { + "description": "Manages S3 bucket-level Public Access Block configuration. For more information about these settings, see the [AWS S3 Block Public Access documentation](https://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-block-public-access.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleBucket = new aws.s3.Bucket(\"exampleBucket\", {});\nconst exampleBucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(\"exampleBucketPublicAccessBlock\", {\n bucket: exampleBucket.id,\n blockPublicAcls: true,\n blockPublicPolicy: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_bucket = aws.s3.Bucket(\"exampleBucket\")\nexample_bucket_public_access_block = aws.s3.BucketPublicAccessBlock(\"exampleBucketPublicAccessBlock\",\n bucket=example_bucket.id,\n block_public_acls=True,\n block_public_policy=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleBucket = new Aws.S3.Bucket(\"exampleBucket\", new Aws.S3.BucketArgs\n {\n });\n var exampleBucketPublicAccessBlock = new Aws.S3.BucketPublicAccessBlock(\"exampleBucketPublicAccessBlock\", new Aws.S3.BucketPublicAccessBlockArgs\n {\n Bucket = exampleBucket.Id,\n BlockPublicAcls = true,\n BlockPublicPolicy = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleBucket, err := s3.NewBucket(ctx, \"exampleBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPublicAccessBlock(ctx, \"exampleBucketPublicAccessBlock\", &s3.BucketPublicAccessBlockArgs{\n\t\t\tBucket: exampleBucket.ID(),\n\t\t\tBlockPublicAcls: pulumi.Bool(true),\n\t\t\tBlockPublicPolicy: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_s3_bucket_public_access_block` can be imported by using the bucket name, e.g.\n\n```sh\n $ pulumi import aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock example my-bucket\n```\n\n ", + "properties": { + "blockPublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should block public ACLs for this bucket. Defaults to `false`. Enabling this setting does not affect existing policies or ACLs. When set to `true` causes the following behavior:\n* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.\n* PUT Object calls will fail if the request includes an object ACL.\n" + }, + "blockPublicPolicy": { + "type": "boolean", + "description": "Whether Amazon S3 should block public bucket policies for this bucket. Defaults to `false`. Enabling this setting does not affect the existing bucket policy. When set to `true` causes Amazon S3 to:\n* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.\n" + }, + "bucket": { + "type": "string", + "description": "S3 Bucket to which this Public Access Block configuration should be applied.\n" + }, + "ignorePublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to `false`. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to `true` causes Amazon S3 to:\n* Ignore public ACLs on this bucket and any objects that it contains.\n" + }, + "restrictPublicBuckets": { + "type": "boolean", + "description": "Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to `false`. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to `true`:\n* Only the bucket owner and AWS Services can access this buckets if it has a public policy.\n" + } + }, + "required": [ + "bucket" + ], + "inputProperties": { + "blockPublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should block public ACLs for this bucket. Defaults to `false`. Enabling this setting does not affect existing policies or ACLs. When set to `true` causes the following behavior:\n* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.\n* PUT Object calls will fail if the request includes an object ACL.\n" + }, + "blockPublicPolicy": { + "type": "boolean", + "description": "Whether Amazon S3 should block public bucket policies for this bucket. Defaults to `false`. Enabling this setting does not affect the existing bucket policy. When set to `true` causes Amazon S3 to:\n* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.\n" + }, + "bucket": { + "type": "string", + "description": "S3 Bucket to which this Public Access Block configuration should be applied.\n" + }, + "ignorePublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to `false`. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to `true` causes Amazon S3 to:\n* Ignore public ACLs on this bucket and any objects that it contains.\n" + }, + "restrictPublicBuckets": { + "type": "boolean", + "description": "Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to `false`. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to `true`:\n* Only the bucket owner and AWS Services can access this buckets if it has a public policy.\n" + } + }, + "requiredInputs": [ + "bucket" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BucketPublicAccessBlock resources.\n", + "properties": { + "blockPublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should block public ACLs for this bucket. Defaults to `false`. Enabling this setting does not affect existing policies or ACLs. When set to `true` causes the following behavior:\n* PUT Bucket acl and PUT Object acl calls will fail if the specified ACL allows public access.\n* PUT Object calls will fail if the request includes an object ACL.\n" + }, + "blockPublicPolicy": { + "type": "boolean", + "description": "Whether Amazon S3 should block public bucket policies for this bucket. Defaults to `false`. Enabling this setting does not affect the existing bucket policy. When set to `true` causes Amazon S3 to:\n* Reject calls to PUT Bucket policy if the specified bucket policy allows public access.\n" + }, + "bucket": { + "type": "string", + "description": "S3 Bucket to which this Public Access Block configuration should be applied.\n" + }, + "ignorePublicAcls": { + "type": "boolean", + "description": "Whether Amazon S3 should ignore public ACLs for this bucket. Defaults to `false`. Enabling this setting does not affect the persistence of any existing ACLs and doesn't prevent new public ACLs from being set. When set to `true` causes Amazon S3 to:\n* Ignore public ACLs on this bucket and any objects that it contains.\n" + }, + "restrictPublicBuckets": { + "type": "boolean", + "description": "Whether Amazon S3 should restrict public bucket policies for this bucket. Defaults to `false`. Enabling this setting does not affect the previously stored bucket policy, except that public and cross-account access within the public bucket policy, including non-public delegation to specific accounts, is blocked. When set to `true`:\n* Only the bucket owner and AWS Services can access this buckets if it has a public policy.\n" + } + }, + "type": "object" + } + }, + "aws:s3/inventory:Inventory": { + "description": "Provides a S3 bucket [inventory configuration](https://docs.aws.amazon.com/AmazonS3/latest/dev/storage-inventory.html) resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Add inventory configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testBucket = new aws.s3.Bucket(\"testBucket\", {});\nconst inventory = new aws.s3.Bucket(\"inventory\", {});\nconst testInventory = new aws.s3.Inventory(\"testInventory\", {\n bucket: testBucket.id,\n includedObjectVersions: \"All\",\n schedule: {\n frequency: \"Daily\",\n },\n destination: {\n bucket: {\n format: \"ORC\",\n bucketArn: inventory.arn,\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_bucket = aws.s3.Bucket(\"testBucket\")\ninventory = aws.s3.Bucket(\"inventory\")\ntest_inventory = aws.s3.Inventory(\"testInventory\",\n bucket=test_bucket.id,\n included_object_versions=\"All\",\n schedule=aws.s3.InventoryScheduleArgs(\n frequency=\"Daily\",\n ),\n destination=aws.s3.InventoryDestinationArgs(\n bucket=aws.s3.InventoryDestinationBucketArgs(\n format=\"ORC\",\n bucket_arn=inventory.arn,\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testBucket = new Aws.S3.Bucket(\"testBucket\", new Aws.S3.BucketArgs\n {\n });\n var inventory = new Aws.S3.Bucket(\"inventory\", new Aws.S3.BucketArgs\n {\n });\n var testInventory = new Aws.S3.Inventory(\"testInventory\", new Aws.S3.InventoryArgs\n {\n Bucket = testBucket.Id,\n IncludedObjectVersions = \"All\",\n Schedule = new Aws.S3.Inputs.InventoryScheduleArgs\n {\n Frequency = \"Daily\",\n },\n Destination = new Aws.S3.Inputs.InventoryDestinationArgs\n {\n Bucket = new Aws.S3.Inputs.InventoryDestinationBucketArgs\n {\n Format = \"ORC\",\n BucketArn = inventory.Arn,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestBucket, err := s3.NewBucket(ctx, \"testBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinventory, err := s3.NewBucket(ctx, \"inventory\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewInventory(ctx, \"testInventory\", &s3.InventoryArgs{\n\t\t\tBucket: testBucket.ID(),\n\t\t\tIncludedObjectVersions: pulumi.String(\"All\"),\n\t\t\tSchedule: &s3.InventoryScheduleArgs{\n\t\t\t\tFrequency: pulumi.String(\"Daily\"),\n\t\t\t},\n\t\t\tDestination: &s3.InventoryDestinationArgs{\n\t\t\t\tBucket: &s3.InventoryDestinationBucketArgs{\n\t\t\t\t\tFormat: pulumi.String(\"ORC\"),\n\t\t\t\t\tBucketArn: inventory.Arn,\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Add inventory configuration with S3 bucket object prefix\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.s3.Bucket(\"test\", {});\nconst inventory = new aws.s3.Bucket(\"inventory\", {});\nconst test_prefix = new aws.s3.Inventory(\"test-prefix\", {\n bucket: test.id,\n includedObjectVersions: \"All\",\n schedule: {\n frequency: \"Daily\",\n },\n filter: {\n prefix: \"documents/\",\n },\n destination: {\n bucket: {\n format: \"ORC\",\n bucketArn: inventory.arn,\n prefix: \"inventory\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.s3.Bucket(\"test\")\ninventory = aws.s3.Bucket(\"inventory\")\ntest_prefix = aws.s3.Inventory(\"test-prefix\",\n bucket=test.id,\n included_object_versions=\"All\",\n schedule=aws.s3.InventoryScheduleArgs(\n frequency=\"Daily\",\n ),\n filter=aws.s3.InventoryFilterArgs(\n prefix=\"documents/\",\n ),\n destination=aws.s3.InventoryDestinationArgs(\n bucket=aws.s3.InventoryDestinationBucketArgs(\n format=\"ORC\",\n bucket_arn=inventory.arn,\n prefix=\"inventory\",\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.S3.Bucket(\"test\", new Aws.S3.BucketArgs\n {\n });\n var inventory = new Aws.S3.Bucket(\"inventory\", new Aws.S3.BucketArgs\n {\n });\n var test_prefix = new Aws.S3.Inventory(\"test-prefix\", new Aws.S3.InventoryArgs\n {\n Bucket = test.Id,\n IncludedObjectVersions = \"All\",\n Schedule = new Aws.S3.Inputs.InventoryScheduleArgs\n {\n Frequency = \"Daily\",\n },\n Filter = new Aws.S3.Inputs.InventoryFilterArgs\n {\n Prefix = \"documents/\",\n },\n Destination = new Aws.S3.Inputs.InventoryDestinationArgs\n {\n Bucket = new Aws.S3.Inputs.InventoryDestinationBucketArgs\n {\n Format = \"ORC\",\n BucketArn = inventory.Arn,\n Prefix = \"inventory\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := s3.NewBucket(ctx, \"test\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tinventory, err := s3.NewBucket(ctx, \"inventory\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewInventory(ctx, \"test_prefix\", &s3.InventoryArgs{\n\t\t\tBucket: test.ID(),\n\t\t\tIncludedObjectVersions: pulumi.String(\"All\"),\n\t\t\tSchedule: &s3.InventoryScheduleArgs{\n\t\t\t\tFrequency: pulumi.String(\"Daily\"),\n\t\t\t},\n\t\t\tFilter: &s3.InventoryFilterArgs{\n\t\t\t\tPrefix: pulumi.String(\"documents/\"),\n\t\t\t},\n\t\t\tDestination: &s3.InventoryDestinationArgs{\n\t\t\t\tBucket: &s3.InventoryDestinationBucketArgs{\n\t\t\t\t\tFormat: pulumi.String(\"ORC\"),\n\t\t\t\t\tBucketArn: inventory.Arn,\n\t\t\t\t\tPrefix: pulumi.String(\"inventory\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 bucket inventory configurations can be imported using `bucket:inventory`, e.g.\n\n```sh\n $ pulumi import aws:s3/inventory:Inventory my-bucket-entire-bucket my-bucket:EntireBucket\n```\n\n ", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the source bucket that inventory lists the objects for.\n" + }, + "destination": { + "$ref": "#/types/aws:s3/InventoryDestination:InventoryDestination", + "description": "Contains information about where to publish the inventory results (documented below).\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the inventory is enabled or disabled.\n" + }, + "filter": { + "$ref": "#/types/aws:s3/InventoryFilter:InventoryFilter", + "description": "Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria (documented below).\n" + }, + "includedObjectVersions": { + "type": "string", + "description": "Object versions to include in the inventory list. Valid values: `All`, `Current`.\n" + }, + "name": { + "type": "string", + "description": "Unique identifier of the inventory configuration for the bucket.\n" + }, + "optionalFields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of optional fields that are included in the inventory results.\nValid values: `Size`, `LastModifiedDate`, `StorageClass`, `ETag`, `IsMultipartUploaded`, `ReplicationStatus`, `EncryptionStatus`, `ObjectLockRetainUntilDate`, `ObjectLockMode`, `ObjectLockLegalHoldStatus`, `IntelligentTieringAccessTier`.\n" + }, + "schedule": { + "$ref": "#/types/aws:s3/InventorySchedule:InventorySchedule", + "description": "Specifies the schedule for generating inventory results (documented below).\n" + } + }, + "required": [ + "bucket", + "destination", + "includedObjectVersions", + "name", + "schedule" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "The name of the source bucket that inventory lists the objects for.\n" + }, + "destination": { + "$ref": "#/types/aws:s3/InventoryDestination:InventoryDestination", + "description": "Contains information about where to publish the inventory results (documented below).\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the inventory is enabled or disabled.\n" + }, + "filter": { + "$ref": "#/types/aws:s3/InventoryFilter:InventoryFilter", + "description": "Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria (documented below).\n" + }, + "includedObjectVersions": { + "type": "string", + "description": "Object versions to include in the inventory list. Valid values: `All`, `Current`.\n" + }, + "name": { + "type": "string", + "description": "Unique identifier of the inventory configuration for the bucket.\n" + }, + "optionalFields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of optional fields that are included in the inventory results.\nValid values: `Size`, `LastModifiedDate`, `StorageClass`, `ETag`, `IsMultipartUploaded`, `ReplicationStatus`, `EncryptionStatus`, `ObjectLockRetainUntilDate`, `ObjectLockMode`, `ObjectLockLegalHoldStatus`, `IntelligentTieringAccessTier`.\n" + }, + "schedule": { + "$ref": "#/types/aws:s3/InventorySchedule:InventorySchedule", + "description": "Specifies the schedule for generating inventory results (documented below).\n" + } + }, + "requiredInputs": [ + "bucket", + "destination", + "includedObjectVersions", + "schedule" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Inventory resources.\n", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the source bucket that inventory lists the objects for.\n" + }, + "destination": { + "$ref": "#/types/aws:s3/InventoryDestination:InventoryDestination", + "description": "Contains information about where to publish the inventory results (documented below).\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the inventory is enabled or disabled.\n" + }, + "filter": { + "$ref": "#/types/aws:s3/InventoryFilter:InventoryFilter", + "description": "Specifies an inventory filter. The inventory only includes objects that meet the filter's criteria (documented below).\n" + }, + "includedObjectVersions": { + "type": "string", + "description": "Object versions to include in the inventory list. Valid values: `All`, `Current`.\n" + }, + "name": { + "type": "string", + "description": "Unique identifier of the inventory configuration for the bucket.\n" + }, + "optionalFields": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of optional fields that are included in the inventory results.\nValid values: `Size`, `LastModifiedDate`, `StorageClass`, `ETag`, `IsMultipartUploaded`, `ReplicationStatus`, `EncryptionStatus`, `ObjectLockRetainUntilDate`, `ObjectLockMode`, `ObjectLockLegalHoldStatus`, `IntelligentTieringAccessTier`.\n" + }, + "schedule": { + "$ref": "#/types/aws:s3/InventorySchedule:InventorySchedule", + "description": "Specifies the schedule for generating inventory results (documented below).\n" + } + }, + "type": "object" + } + }, + "aws:s3/objectCopy:ObjectCopy": { + "description": "Provides a resource for copying an S3 object.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.s3.ObjectCopy(\"test\", {\n bucket: \"destination_bucket\",\n grants: [{\n permissions: [\"READ\"],\n type: \"Group\",\n uri: \"http://acs.amazonaws.com/groups/global/AllUsers\",\n }],\n key: \"destination_key\",\n source: \"source_bucket/source_key\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.s3.ObjectCopy(\"test\",\n bucket=\"destination_bucket\",\n grants=[aws.s3.ObjectCopyGrantArgs(\n permissions=[\"READ\"],\n type=\"Group\",\n uri=\"http://acs.amazonaws.com/groups/global/AllUsers\",\n )],\n key=\"destination_key\",\n source=\"source_bucket/source_key\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.S3.ObjectCopy(\"test\", new Aws.S3.ObjectCopyArgs\n {\n Bucket = \"destination_bucket\",\n Grants = \n {\n new Aws.S3.Inputs.ObjectCopyGrantArgs\n {\n Permissions = \n {\n \"READ\",\n },\n Type = \"Group\",\n Uri = \"http://acs.amazonaws.com/groups/global/AllUsers\",\n },\n },\n Key = \"destination_key\",\n Source = \"source_bucket/source_key\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3.NewObjectCopy(ctx, \"test\", &s3.ObjectCopyArgs{\n\t\t\tBucket: pulumi.String(\"destination_bucket\"),\n\t\t\tGrants: s3.ObjectCopyGrantArray{\n\t\t\t\t&s3.ObjectCopyGrantArgs{\n\t\t\t\t\tPermissions: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"READ\"),\n\t\t\t\t\t},\n\t\t\t\t\tType: pulumi.String(\"Group\"),\n\t\t\t\t\tUri: pulumi.String(\"http://acs.amazonaws.com/groups/global/AllUsers\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tKey: pulumi.String(\"destination_key\"),\n\t\t\tSource: pulumi.String(\"source_bucket/source_key\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "acl": { + "type": "string", + "description": "[Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Defaults to `private`. Valid values are `private`, `public-read`, `public-read-write`, `authenticated-read`, `aws-exec-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Conflicts with `grant`.\n" + }, + "bucket": { + "type": "string", + "description": "Name of the bucket to put the file in.\n" + }, + "bucketKeyEnabled": { + "type": "boolean" + }, + "cacheControl": { + "type": "string", + "description": "Specifies caching behavior along the request/reply chain Read [w3c cache_control](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details.\n" + }, + "contentDisposition": { + "type": "string", + "description": "Specifies presentational information for the object. Read [w3c content_disposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information.\n" + }, + "contentEncoding": { + "type": "string", + "description": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.\n" + }, + "contentLanguage": { + "type": "string", + "description": "Language the content is in e.g. en-US or en-GB.\n" + }, + "contentType": { + "type": "string", + "description": "Standard MIME type describing the format of the object data, e.g. `application/octet-stream`. All Valid MIME Types are valid for this input.\n" + }, + "copyIfMatch": { + "type": "string", + "description": "Copies the object if its entity tag (ETag) matches the specified tag.\n" + }, + "copyIfModifiedSince": { + "type": "string", + "description": "Copies the object if it has been modified since the specified time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "copyIfNoneMatch": { + "type": "string", + "description": "Copies the object if its entity tag (ETag) is different than the specified ETag.\n" + }, + "copyIfUnmodifiedSince": { + "type": "string", + "description": "Copies the object if it hasn't been modified since the specified time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "customerAlgorithm": { + "type": "string", + "description": "Specifies the algorithm to use to when encrypting the object (for example, AES256).\n" + }, + "customerKey": { + "type": "string", + "description": "Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.\n" + }, + "customerKeyMd5": { + "type": "string", + "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.\n" + }, + "etag": { + "type": "string", + "description": "The ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on [Common Response Headers](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html).\n" + }, + "expectedBucketOwner": { + "type": "string", + "description": "Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.\n" + }, + "expectedSourceBucketOwner": { + "type": "string", + "description": "Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.\n" + }, + "expiration": { + "type": "string", + "description": "If the object expiration is configured, this attribute will be set.\n" + }, + "expires": { + "type": "string", + "description": "Date and time at which the object is no longer cacheable, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Allow the object to be deleted by removing any legal hold on any object version. Default is `false`. This value should be set to `true` only if the bucket has S3 object lock enabled.\n" + }, + "grants": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/ObjectCopyGrant:ObjectCopyGrant" + }, + "description": "Configuration block for header grants. Documented below. Conflicts with `acl`.\n" + }, + "key": { + "type": "string", + "description": "Name of the object once it is in the bucket.\n" + }, + "kmsEncryptionContext": { + "type": "string", + "description": "Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified **ARN** of the KMS Key. If using `aws.kms.Key`, use the exported `arn` attribute: `kms_key_id = aws_kms_key.foo.arn`\n" + }, + "lastModified": { + "type": "string", + "description": "Returns the date that the object was last modified, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-`, note that only lowercase label are currently supported by the AWS Go API).\n" + }, + "metadataDirective": { + "type": "string", + "description": "Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are `COPY` and `REPLACE`.\n" + }, + "objectLockLegalHoldStatus": { + "type": "string", + "description": "The [legal hold](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-legal-holds) status that you want to apply to the specified object. Valid values are `ON` and `OFF`.\n" + }, + "objectLockMode": { + "type": "string", + "description": "The object lock [retention mode](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes) that you want to apply to this object. Valid values are `GOVERNANCE` and `COMPLIANCE`.\n" + }, + "objectLockRetainUntilDate": { + "type": "string", + "description": "The date and time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), when this object's object lock will [expire](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-periods).\n" + }, + "requestCharged": { + "type": "boolean", + "description": "If present, indicates that the requester was successfully charged for the request.\n" + }, + "requestPayer": { + "type": "string", + "description": "Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is `requester`.\n" + }, + "serverSideEncryption": { + "type": "string", + "description": "Specifies server-side encryption of the object in S3. Valid values are `AES256` and `aws:kms`.\n" + }, + "source": { + "type": "string", + "description": "Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (`/`). For example, `testbucket/test1.json`. For objects accessed through access points, specify the Amazon Resource Name (ARN) of the object as accessed through the access point, in the format `arn:aws:s3:::accesspoint//object/`. For example, `arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json`.\n" + }, + "sourceCustomerAlgorithm": { + "type": "string", + "description": "Specifies the algorithm to use when decrypting the source object (for example, AES256).\n" + }, + "sourceCustomerKey": { + "type": "string", + "description": "Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.\n" + }, + "sourceCustomerKeyMd5": { + "type": "string", + "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.\n" + }, + "sourceVersionId": { + "type": "string", + "description": "Version of the copied object in the source bucket.\n" + }, + "storageClass": { + "type": "string", + "description": "Specifies the desired [Storage Class](http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)\nfor the object. Can be either `STANDARD`, `REDUCED_REDUNDANCY`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `GLACIER`, `DEEP_ARCHIVE`, or `STANDARD_IA`. Defaults to `STANDARD`.\n" + }, + "taggingDirective": { + "type": "string", + "description": "Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are `COPY` and `REPLACE`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "versionId": { + "type": "string", + "description": "Version ID of the newly created copy.\n" + }, + "websiteRedirect": { + "type": "string", + "description": "Specifies a target URL for [website redirect](http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).\n" + } + }, + "required": [ + "bucket", + "bucketKeyEnabled", + "cacheControl", + "contentDisposition", + "contentEncoding", + "contentLanguage", + "contentType", + "customerAlgorithm", + "customerKeyMd5", + "etag", + "expiration", + "key", + "kmsEncryptionContext", + "kmsKeyId", + "lastModified", + "metadata", + "objectLockLegalHoldStatus", + "objectLockMode", + "objectLockRetainUntilDate", + "requestCharged", + "serverSideEncryption", + "source", + "sourceVersionId", + "storageClass", + "tagsAll", + "versionId", + "websiteRedirect" + ], + "inputProperties": { + "acl": { + "type": "string", + "description": "[Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Defaults to `private`. Valid values are `private`, `public-read`, `public-read-write`, `authenticated-read`, `aws-exec-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Conflicts with `grant`.\n" + }, + "bucket": { + "type": "string", + "description": "Name of the bucket to put the file in.\n" + }, + "bucketKeyEnabled": { + "type": "boolean" + }, + "cacheControl": { + "type": "string", + "description": "Specifies caching behavior along the request/reply chain Read [w3c cache_control](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details.\n" + }, + "contentDisposition": { + "type": "string", + "description": "Specifies presentational information for the object. Read [w3c content_disposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information.\n" + }, + "contentEncoding": { + "type": "string", + "description": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.\n" + }, + "contentLanguage": { + "type": "string", + "description": "Language the content is in e.g. en-US or en-GB.\n" + }, + "contentType": { + "type": "string", + "description": "Standard MIME type describing the format of the object data, e.g. `application/octet-stream`. All Valid MIME Types are valid for this input.\n" + }, + "copyIfMatch": { + "type": "string", + "description": "Copies the object if its entity tag (ETag) matches the specified tag.\n" + }, + "copyIfModifiedSince": { + "type": "string", + "description": "Copies the object if it has been modified since the specified time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "copyIfNoneMatch": { + "type": "string", + "description": "Copies the object if its entity tag (ETag) is different than the specified ETag.\n" + }, + "copyIfUnmodifiedSince": { + "type": "string", + "description": "Copies the object if it hasn't been modified since the specified time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "customerAlgorithm": { + "type": "string", + "description": "Specifies the algorithm to use to when encrypting the object (for example, AES256).\n" + }, + "customerKey": { + "type": "string", + "description": "Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.\n" + }, + "customerKeyMd5": { + "type": "string", + "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.\n" + }, + "expectedBucketOwner": { + "type": "string", + "description": "Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.\n" + }, + "expectedSourceBucketOwner": { + "type": "string", + "description": "Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.\n" + }, + "expires": { + "type": "string", + "description": "Date and time at which the object is no longer cacheable, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Allow the object to be deleted by removing any legal hold on any object version. Default is `false`. This value should be set to `true` only if the bucket has S3 object lock enabled.\n" + }, + "grants": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/ObjectCopyGrant:ObjectCopyGrant" + }, + "description": "Configuration block for header grants. Documented below. Conflicts with `acl`.\n" + }, + "key": { + "type": "string", + "description": "Name of the object once it is in the bucket.\n" + }, + "kmsEncryptionContext": { + "type": "string", + "description": "Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified **ARN** of the KMS Key. If using `aws.kms.Key`, use the exported `arn` attribute: `kms_key_id = aws_kms_key.foo.arn`\n" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-`, note that only lowercase label are currently supported by the AWS Go API).\n" + }, + "metadataDirective": { + "type": "string", + "description": "Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are `COPY` and `REPLACE`.\n" + }, + "objectLockLegalHoldStatus": { + "type": "string", + "description": "The [legal hold](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-legal-holds) status that you want to apply to the specified object. Valid values are `ON` and `OFF`.\n" + }, + "objectLockMode": { + "type": "string", + "description": "The object lock [retention mode](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes) that you want to apply to this object. Valid values are `GOVERNANCE` and `COMPLIANCE`.\n" + }, + "objectLockRetainUntilDate": { + "type": "string", + "description": "The date and time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), when this object's object lock will [expire](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-periods).\n" + }, + "requestPayer": { + "type": "string", + "description": "Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is `requester`.\n" + }, + "serverSideEncryption": { + "type": "string", + "description": "Specifies server-side encryption of the object in S3. Valid values are `AES256` and `aws:kms`.\n" + }, + "source": { + "type": "string", + "description": "Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (`/`). For example, `testbucket/test1.json`. For objects accessed through access points, specify the Amazon Resource Name (ARN) of the object as accessed through the access point, in the format `arn:aws:s3:::accesspoint//object/`. For example, `arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json`.\n" + }, + "sourceCustomerAlgorithm": { + "type": "string", + "description": "Specifies the algorithm to use when decrypting the source object (for example, AES256).\n" + }, + "sourceCustomerKey": { + "type": "string", + "description": "Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.\n" + }, + "sourceCustomerKeyMd5": { + "type": "string", + "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.\n" + }, + "storageClass": { + "type": "string", + "description": "Specifies the desired [Storage Class](http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)\nfor the object. Can be either `STANDARD`, `REDUCED_REDUNDANCY`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `GLACIER`, `DEEP_ARCHIVE`, or `STANDARD_IA`. Defaults to `STANDARD`.\n" + }, + "taggingDirective": { + "type": "string", + "description": "Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are `COPY` and `REPLACE`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "websiteRedirect": { + "type": "string", + "description": "Specifies a target URL for [website redirect](http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).\n" + } + }, + "requiredInputs": [ + "bucket", + "key", + "source" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ObjectCopy resources.\n", + "properties": { + "acl": { + "type": "string", + "description": "[Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#canned-acl) to apply. Defaults to `private`. Valid values are `private`, `public-read`, `public-read-write`, `authenticated-read`, `aws-exec-read`, `bucket-owner-read`, and `bucket-owner-full-control`. Conflicts with `grant`.\n" + }, + "bucket": { + "type": "string", + "description": "Name of the bucket to put the file in.\n" + }, + "bucketKeyEnabled": { + "type": "boolean" + }, + "cacheControl": { + "type": "string", + "description": "Specifies caching behavior along the request/reply chain Read [w3c cache_control](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9) for further details.\n" + }, + "contentDisposition": { + "type": "string", + "description": "Specifies presentational information for the object. Read [w3c content_disposition](http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1) for further information.\n" + }, + "contentEncoding": { + "type": "string", + "description": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field. Read [w3c content encoding](http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11) for further information.\n" + }, + "contentLanguage": { + "type": "string", + "description": "Language the content is in e.g. en-US or en-GB.\n" + }, + "contentType": { + "type": "string", + "description": "Standard MIME type describing the format of the object data, e.g. `application/octet-stream`. All Valid MIME Types are valid for this input.\n" + }, + "copyIfMatch": { + "type": "string", + "description": "Copies the object if its entity tag (ETag) matches the specified tag.\n" + }, + "copyIfModifiedSince": { + "type": "string", + "description": "Copies the object if it has been modified since the specified time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "copyIfNoneMatch": { + "type": "string", + "description": "Copies the object if its entity tag (ETag) is different than the specified ETag.\n" + }, + "copyIfUnmodifiedSince": { + "type": "string", + "description": "Copies the object if it hasn't been modified since the specified time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "customerAlgorithm": { + "type": "string", + "description": "Specifies the algorithm to use to when encrypting the object (for example, AES256).\n" + }, + "customerKey": { + "type": "string", + "description": "Specifies the customer-provided encryption key for Amazon S3 to use in encrypting data. This value is used to store the object and then it is discarded; Amazon S3 does not store the encryption key. The key must be appropriate for use with the algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.\n" + }, + "customerKeyMd5": { + "type": "string", + "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.\n" + }, + "etag": { + "type": "string", + "description": "The ETag generated for the object (an MD5 sum of the object content). For plaintext objects or objects encrypted with an AWS-managed key, the hash is an MD5 digest of the object data. For objects encrypted with a KMS key or objects created by either the Multipart Upload or Part Copy operation, the hash is not an MD5 digest, regardless of the method of encryption. More information on possible values can be found on [Common Response Headers](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTCommonResponseHeaders.html).\n" + }, + "expectedBucketOwner": { + "type": "string", + "description": "Account id of the expected destination bucket owner. If the destination bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.\n" + }, + "expectedSourceBucketOwner": { + "type": "string", + "description": "Account id of the expected source bucket owner. If the source bucket is owned by a different account, the request will fail with an HTTP 403 (Access Denied) error.\n" + }, + "expiration": { + "type": "string", + "description": "If the object expiration is configured, this attribute will be set.\n" + }, + "expires": { + "type": "string", + "description": "Date and time at which the object is no longer cacheable, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "Allow the object to be deleted by removing any legal hold on any object version. Default is `false`. This value should be set to `true` only if the bucket has S3 object lock enabled.\n" + }, + "grants": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3/ObjectCopyGrant:ObjectCopyGrant" + }, + "description": "Configuration block for header grants. Documented below. Conflicts with `acl`.\n" + }, + "key": { + "type": "string", + "description": "Name of the object once it is in the bucket.\n" + }, + "kmsEncryptionContext": { + "type": "string", + "description": "Specifies the AWS KMS Encryption Context to use for object encryption. The value is a base64-encoded UTF-8 string holding JSON with the encryption context key-value pairs.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "Specifies the AWS KMS Key ARN to use for object encryption. This value is a fully qualified **ARN** of the KMS Key. If using `aws.kms.Key`, use the exported `arn` attribute: `kms_key_id = aws_kms_key.foo.arn`\n" + }, + "lastModified": { + "type": "string", + "description": "Returns the date that the object was last modified, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of keys/values to provision metadata (will be automatically prefixed by `x-amz-meta-`, note that only lowercase label are currently supported by the AWS Go API).\n" + }, + "metadataDirective": { + "type": "string", + "description": "Specifies whether the metadata is copied from the source object or replaced with metadata provided in the request. Valid values are `COPY` and `REPLACE`.\n" + }, + "objectLockLegalHoldStatus": { + "type": "string", + "description": "The [legal hold](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-legal-holds) status that you want to apply to the specified object. Valid values are `ON` and `OFF`.\n" + }, + "objectLockMode": { + "type": "string", + "description": "The object lock [retention mode](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes) that you want to apply to this object. Valid values are `GOVERNANCE` and `COMPLIANCE`.\n" + }, + "objectLockRetainUntilDate": { + "type": "string", + "description": "The date and time, in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8), when this object's object lock will [expire](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-periods).\n" + }, + "requestCharged": { + "type": "boolean", + "description": "If present, indicates that the requester was successfully charged for the request.\n" + }, + "requestPayer": { + "type": "string", + "description": "Confirms that the requester knows that they will be charged for the request. Bucket owners need not specify this parameter in their requests. For information about downloading objects from requester pays buckets, see Downloading Objects in Requestor Pays Buckets (https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html) in the Amazon S3 Developer Guide. If included, the only valid value is `requester`.\n" + }, + "serverSideEncryption": { + "type": "string", + "description": "Specifies server-side encryption of the object in S3. Valid values are `AES256` and `aws:kms`.\n" + }, + "source": { + "type": "string", + "description": "Specifies the source object for the copy operation. You specify the value in one of two formats. For objects not accessed through an access point, specify the name of the source bucket and the key of the source object, separated by a slash (`/`). For example, `testbucket/test1.json`. For objects accessed through access points, specify the Amazon Resource Name (ARN) of the object as accessed through the access point, in the format `arn:aws:s3:::accesspoint//object/`. For example, `arn:aws:s3:us-west-2:9999912999:accesspoint/my-access-point/object/testbucket/test1.json`.\n" + }, + "sourceCustomerAlgorithm": { + "type": "string", + "description": "Specifies the algorithm to use when decrypting the source object (for example, AES256).\n" + }, + "sourceCustomerKey": { + "type": "string", + "description": "Specifies the customer-provided encryption key for Amazon S3 to use to decrypt the source object. The encryption key provided in this header must be one that was used when the source object was created.\n" + }, + "sourceCustomerKeyMd5": { + "type": "string", + "description": "Specifies the 128-bit MD5 digest of the encryption key according to RFC 1321. Amazon S3 uses this header for a message integrity check to ensure that the encryption key was transmitted without error.\n" + }, + "sourceVersionId": { + "type": "string", + "description": "Version of the copied object in the source bucket.\n" + }, + "storageClass": { + "type": "string", + "description": "Specifies the desired [Storage Class](http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html)\nfor the object. Can be either `STANDARD`, `REDUCED_REDUNDANCY`, `ONEZONE_IA`, `INTELLIGENT_TIERING`, `GLACIER`, `DEEP_ARCHIVE`, or `STANDARD_IA`. Defaults to `STANDARD`.\n" + }, + "taggingDirective": { + "type": "string", + "description": "Specifies whether the object tag-set are copied from the source object or replaced with tag-set provided in the request. Valid values are `COPY` and `REPLACE`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "versionId": { + "type": "string", + "description": "Version ID of the newly created copy.\n" + }, + "websiteRedirect": { + "type": "string", + "description": "Specifies a target URL for [website redirect](http://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html).\n" + } + }, + "type": "object" + } + }, + "aws:s3control/bucket:Bucket": { + "description": "Provides a resource to manage an S3 Control Bucket.\n\n> This functionality is for managing [S3 on Outposts](https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html). To manage S3 Buckets in an AWS Partition, see the `aws.s3.Bucket` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3control.Bucket(\"example\", {\n bucket: \"example\",\n outpostId: data.aws_outposts_outpost.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3control.Bucket(\"example\",\n bucket=\"example\",\n outpost_id=data[\"aws_outposts_outpost\"][\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.S3Control.Bucket(\"example\", new Aws.S3Control.BucketArgs\n {\n Bucket = \"example\",\n OutpostId = data.Aws_outposts_outpost.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3control\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3control.NewBucket(ctx, \"example\", &s3control.BucketArgs{\n\t\t\tBucket: pulumi.String(\"example\"),\n\t\t\tOutpostId: pulumi.Any(data.Aws_outposts_outpost.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 Control Buckets can be imported using Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:s3control/bucket:Bucket example arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-12345678/bucket/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the bucket.\n" + }, + "bucket": { + "type": "string", + "description": "Name of the bucket.\n", + "language": { + "csharp": { + "name": "BucketName" + } + } + }, + "creationDate": { + "type": "string", + "description": "UTC creation date in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "outpostId": { + "type": "string", + "description": "Identifier of the Outpost to contain this bucket.\n" + }, + "publicAccessBlockEnabled": { + "type": "boolean", + "description": "Boolean whether Public Access Block is enabled.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "bucket", + "creationDate", + "outpostId", + "publicAccessBlockEnabled", + "tagsAll" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "Name of the bucket.\n", + "language": { + "csharp": { + "name": "BucketName" + } + } + }, + "outpostId": { + "type": "string", + "description": "Identifier of the Outpost to contain this bucket.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "bucket", + "outpostId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Bucket resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the bucket.\n" + }, + "bucket": { + "type": "string", + "description": "Name of the bucket.\n", + "language": { + "csharp": { + "name": "BucketName" + } + } + }, + "creationDate": { + "type": "string", + "description": "UTC creation date in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "outpostId": { + "type": "string", + "description": "Identifier of the Outpost to contain this bucket.\n" + }, + "publicAccessBlockEnabled": { + "type": "boolean", + "description": "Boolean whether Public Access Block is enabled.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:s3control/bucketLifecycleConfiguration:BucketLifecycleConfiguration": { + "description": "Provides a resource to manage an S3 Control Bucket Lifecycle Configuration.\n\n> **NOTE:** Each S3 Control Bucket can only have one Lifecycle Configuration. Using multiple of this resource against the same S3 Control Bucket will result in perpetual differences each provider run.\n\n> This functionality is for managing [S3 on Outposts](https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html). To manage S3 Bucket Lifecycle Configurations in an AWS Partition, see the `aws.s3.Bucket` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3control.BucketLifecycleConfiguration(\"example\", {\n bucket: aws_s3control_bucket.example.arn,\n rules: [\n {\n expiration: {\n days: 365,\n },\n filter: {\n prefix: \"logs/\",\n },\n id: \"logs\",\n },\n {\n expiration: {\n days: 7,\n },\n filter: {\n prefix: \"temp/\",\n },\n id: \"temp\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3control.BucketLifecycleConfiguration(\"example\",\n bucket=aws_s3control_bucket[\"example\"][\"arn\"],\n rules=[\n aws.s3control.BucketLifecycleConfigurationRuleArgs(\n expiration=aws.s3control.BucketLifecycleConfigurationRuleExpirationArgs(\n days=365,\n ),\n filter=aws.s3control.BucketLifecycleConfigurationRuleFilterArgs(\n prefix=\"logs/\",\n ),\n id=\"logs\",\n ),\n aws.s3control.BucketLifecycleConfigurationRuleArgs(\n expiration=aws.s3control.BucketLifecycleConfigurationRuleExpirationArgs(\n days=7,\n ),\n filter=aws.s3control.BucketLifecycleConfigurationRuleFilterArgs(\n prefix=\"temp/\",\n ),\n id=\"temp\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.S3Control.BucketLifecycleConfiguration(\"example\", new Aws.S3Control.BucketLifecycleConfigurationArgs\n {\n Bucket = aws_s3control_bucket.Example.Arn,\n Rules = \n {\n new Aws.S3Control.Inputs.BucketLifecycleConfigurationRuleArgs\n {\n Expiration = new Aws.S3Control.Inputs.BucketLifecycleConfigurationRuleExpirationArgs\n {\n Days = 365,\n },\n Filter = new Aws.S3Control.Inputs.BucketLifecycleConfigurationRuleFilterArgs\n {\n Prefix = \"logs/\",\n },\n Id = \"logs\",\n },\n new Aws.S3Control.Inputs.BucketLifecycleConfigurationRuleArgs\n {\n Expiration = new Aws.S3Control.Inputs.BucketLifecycleConfigurationRuleExpirationArgs\n {\n Days = 7,\n },\n Filter = new Aws.S3Control.Inputs.BucketLifecycleConfigurationRuleFilterArgs\n {\n Prefix = \"temp/\",\n },\n Id = \"temp\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3control\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3control.NewBucketLifecycleConfiguration(ctx, \"example\", &s3control.BucketLifecycleConfigurationArgs{\n\t\t\tBucket: pulumi.Any(aws_s3control_bucket.Example.Arn),\n\t\t\tRules: s3control.BucketLifecycleConfigurationRuleArray{\n\t\t\t\t&s3control.BucketLifecycleConfigurationRuleArgs{\n\t\t\t\t\tExpiration: &s3control.BucketLifecycleConfigurationRuleExpirationArgs{\n\t\t\t\t\t\tDays: pulumi.Int(365),\n\t\t\t\t\t},\n\t\t\t\t\tFilter: &s3control.BucketLifecycleConfigurationRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"logs/\"),\n\t\t\t\t\t},\n\t\t\t\t\tId: pulumi.String(\"logs\"),\n\t\t\t\t},\n\t\t\t\t&s3control.BucketLifecycleConfigurationRuleArgs{\n\t\t\t\t\tExpiration: &s3control.BucketLifecycleConfigurationRuleExpirationArgs{\n\t\t\t\t\t\tDays: pulumi.Int(7),\n\t\t\t\t\t},\n\t\t\t\t\tFilter: &s3control.BucketLifecycleConfigurationRuleFilterArgs{\n\t\t\t\t\t\tPrefix: pulumi.String(\"temp/\"),\n\t\t\t\t\t},\n\t\t\t\t\tId: pulumi.String(\"temp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 Control Bucket Lifecycle Configurations can be imported using the Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:s3control/bucketLifecycleConfiguration:BucketLifecycleConfiguration example arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-12345678/bucket/example\n```\n\n ", + "properties": { + "bucket": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the bucket.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3control/BucketLifecycleConfigurationRule:BucketLifecycleConfigurationRule" + }, + "description": "Configuration block(s) containing lifecycle rules for the bucket.\n" + } + }, + "required": [ + "bucket", + "rules" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the bucket.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3control/BucketLifecycleConfigurationRule:BucketLifecycleConfigurationRule" + }, + "description": "Configuration block(s) containing lifecycle rules for the bucket.\n" + } + }, + "requiredInputs": [ + "bucket", + "rules" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BucketLifecycleConfiguration resources.\n", + "properties": { + "bucket": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the bucket.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3control/BucketLifecycleConfigurationRule:BucketLifecycleConfigurationRule" + }, + "description": "Configuration block(s) containing lifecycle rules for the bucket.\n" + } + }, + "type": "object" + } + }, + "aws:s3control/bucketPolicy:BucketPolicy": { + "description": "Provides a resource to manage an S3 Control Bucket Policy.\n\n> This functionality is for managing [S3 on Outposts](https://docs.aws.amazon.com/AmazonS3/latest/dev/S3onOutposts.html). To manage S3 Bucket Policies in an AWS Partition, see the `aws.s3.BucketPolicy` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3control.BucketPolicy(\"example\", {\n bucket: aws_s3control_bucket.example.arn,\n policy: JSON.stringify({\n Id: \"testBucketPolicy\",\n Statement: [{\n Action: \"s3-outposts:PutBucketLifecycleConfiguration\",\n Effect: \"Deny\",\n Principal: {\n AWS: \"*\",\n },\n Resource: aws_s3control_bucket.example.arn,\n Sid: \"statement1\",\n }],\n Version: \"2012-10-17\",\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.s3control.BucketPolicy(\"example\",\n bucket=aws_s3control_bucket[\"example\"][\"arn\"],\n policy=json.dumps({\n \"Id\": \"testBucketPolicy\",\n \"Statement\": [{\n \"Action\": \"s3-outposts:PutBucketLifecycleConfiguration\",\n \"Effect\": \"Deny\",\n \"Principal\": {\n \"AWS\": \"*\",\n },\n \"Resource\": aws_s3control_bucket[\"example\"][\"arn\"],\n \"Sid\": \"statement1\",\n }],\n \"Version\": \"2012-10-17\",\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.S3Control.BucketPolicy(\"example\", new Aws.S3Control.BucketPolicyArgs\n {\n Bucket = aws_s3control_bucket.Example.Arn,\n Policy = JsonSerializer.Serialize(new Dictionary\n {\n { \"Id\", \"testBucketPolicy\" },\n { \"Statement\", new[]\n {\n new Dictionary\n {\n { \"Action\", \"s3-outposts:PutBucketLifecycleConfiguration\" },\n { \"Effect\", \"Deny\" },\n { \"Principal\", new Dictionary\n {\n { \"AWS\", \"*\" },\n } },\n { \"Resource\", aws_s3control_bucket.Example.Arn },\n { \"Sid\", \"statement1\" },\n },\n }\n },\n { \"Version\", \"2012-10-17\" },\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3control\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Id\": \"testBucketPolicy\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"s3-outposts:PutBucketLifecycleConfiguration\",\n\t\t\t\t\t\"Effect\": \"Deny\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"AWS\": \"*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Resource\": aws_s3control_bucket.Example.Arn,\n\t\t\t\t\t\"Sid\": \"statement1\",\n\t\t\t\t},\n\t\t\t},\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := s3control.NewBucketPolicy(ctx, \"example\", &s3control.BucketPolicyArgs{\n\t\t\tBucket: pulumi.Any(aws_s3control_bucket.Example.Arn),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 Control Bucket Policies can be imported using the Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:s3control/bucketPolicy:BucketPolicy example arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-12345678/bucket/example\n```\n\n ", + "properties": { + "bucket": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the bucket.\n" + }, + "policy": { + "type": "string", + "description": "JSON string of the resource policy.\n" + } + }, + "required": [ + "bucket", + "policy" + ], + "inputProperties": { + "bucket": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the bucket.\n" + }, + "policy": { + "type": "string", + "description": "JSON string of the resource policy.\n" + } + }, + "requiredInputs": [ + "bucket", + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BucketPolicy resources.\n", + "properties": { + "bucket": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the bucket.\n" + }, + "policy": { + "type": "string", + "description": "JSON string of the resource policy.\n" + } + }, + "type": "object" + } + }, + "aws:s3outposts/endpoint:Endpoint": { + "description": "Provides a resource to manage an S3 Outposts Endpoint.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.s3outposts.Endpoint(\"example\", {\n outpostId: data.aws_outposts_outpost.example.id,\n securityGroupId: aws_security_group.example.id,\n subnetId: aws_subnet.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.s3outposts.Endpoint(\"example\",\n outpost_id=data[\"aws_outposts_outpost\"][\"example\"][\"id\"],\n security_group_id=aws_security_group[\"example\"][\"id\"],\n subnet_id=aws_subnet[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.S3Outposts.Endpoint(\"example\", new Aws.S3Outposts.EndpointArgs\n {\n OutpostId = data.Aws_outposts_outpost.Example.Id,\n SecurityGroupId = aws_security_group.Example.Id,\n SubnetId = aws_subnet.Example.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3outposts\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := s3outposts.NewEndpoint(ctx, \"example\", &s3outposts.EndpointArgs{\n\t\t\tOutpostId: pulumi.Any(data.Aws_outposts_outpost.Example.Id),\n\t\t\tSecurityGroupId: pulumi.Any(aws_security_group.Example.Id),\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Example.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nS3 Outposts Endpoints can be imported using Amazon Resource Name (ARN), EC2 Security Group identifier, and EC2 Subnet identifier, separated by commas (`,`) e.g.\n\n```sh\n $ pulumi import aws:s3outposts/endpoint:Endpoint example arn:aws:s3-outposts:us-east-1:123456789012:outpost/op-12345678/endpoint/0123456789abcdef,sg-12345678,subnet-12345678\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the endpoint.\n" + }, + "cidrBlock": { + "type": "string", + "description": "VPC CIDR block of the endpoint.\n" + }, + "creationTime": { + "type": "string", + "description": "UTC creation time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3outposts/EndpointNetworkInterface:EndpointNetworkInterface" + }, + "description": "Set of nested attributes for associated Elastic Network Interfaces (ENIs).\n" + }, + "outpostId": { + "type": "string", + "description": "Identifier of the Outpost to contain this endpoint.\n" + }, + "securityGroupId": { + "type": "string", + "description": "Identifier of the EC2 Security Group.\n" + }, + "subnetId": { + "type": "string", + "description": "Identifier of the EC2 Subnet.\n" + } + }, + "required": [ + "arn", + "cidrBlock", + "creationTime", + "networkInterfaces", + "outpostId", + "securityGroupId", + "subnetId" + ], + "inputProperties": { + "outpostId": { + "type": "string", + "description": "Identifier of the Outpost to contain this endpoint.\n" + }, + "securityGroupId": { + "type": "string", + "description": "Identifier of the EC2 Security Group.\n" + }, + "subnetId": { + "type": "string", + "description": "Identifier of the EC2 Subnet.\n" + } + }, + "requiredInputs": [ + "outpostId", + "securityGroupId", + "subnetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Endpoint resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the endpoint.\n" + }, + "cidrBlock": { + "type": "string", + "description": "VPC CIDR block of the endpoint.\n" + }, + "creationTime": { + "type": "string", + "description": "UTC creation time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:s3outposts/EndpointNetworkInterface:EndpointNetworkInterface" + }, + "description": "Set of nested attributes for associated Elastic Network Interfaces (ENIs).\n" + }, + "outpostId": { + "type": "string", + "description": "Identifier of the Outpost to contain this endpoint.\n" + }, + "securityGroupId": { + "type": "string", + "description": "Identifier of the EC2 Security Group.\n" + }, + "subnetId": { + "type": "string", + "description": "Identifier of the EC2 Subnet.\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/app:App": { + "description": "Provides a Sagemaker App resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.App(\"example\", {\n domainId: aws_sagemaker_domain.example.id,\n userProfileName: aws_sagemaker_user_profile.example.user_profile_name,\n appName: \"example\",\n appType: \"JupyterServer\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.App(\"example\",\n domain_id=aws_sagemaker_domain[\"example\"][\"id\"],\n user_profile_name=aws_sagemaker_user_profile[\"example\"][\"user_profile_name\"],\n app_name=\"example\",\n app_type=\"JupyterServer\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sagemaker.App(\"example\", new Aws.Sagemaker.AppArgs\n {\n DomainId = aws_sagemaker_domain.Example.Id,\n UserProfileName = aws_sagemaker_user_profile.Example.User_profile_name,\n AppName = \"example\",\n AppType = \"JupyterServer\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewApp(ctx, \"example\", &sagemaker.AppArgs{\n\t\t\tDomainId: pulumi.Any(aws_sagemaker_domain.Example.Id),\n\t\t\tUserProfileName: pulumi.Any(aws_sagemaker_user_profile.Example.User_profile_name),\n\t\t\tAppName: pulumi.String(\"example\"),\n\t\t\tAppType: pulumi.String(\"JupyterServer\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker Code Apps can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/app:App example arn:aws:sagemaker:us-west-2:012345678912:app/domain-id/user-profile-name/app-type/app-name\n```\n\n ", + "properties": { + "appName": { + "type": "string", + "description": "The name of the app.\n" + }, + "appType": { + "type": "string", + "description": "The type of app. Valid values are `JupyterServer`, `KernelGateway` and `TensorBoard`.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the app.\n" + }, + "domainId": { + "type": "string", + "description": "The domain ID.\n" + }, + "resourceSpec": { + "$ref": "#/types/aws:sagemaker/AppResourceSpec:AppResourceSpec", + "description": "The instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.See Resource Spec below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userProfileName": { + "type": "string", + "description": "The user profile name.\n" + } + }, + "required": [ + "appName", + "appType", + "arn", + "domainId", + "resourceSpec", + "tagsAll", + "userProfileName" + ], + "inputProperties": { + "appName": { + "type": "string", + "description": "The name of the app.\n" + }, + "appType": { + "type": "string", + "description": "The type of app. Valid values are `JupyterServer`, `KernelGateway` and `TensorBoard`.\n" + }, + "domainId": { + "type": "string", + "description": "The domain ID.\n" + }, + "resourceSpec": { + "$ref": "#/types/aws:sagemaker/AppResourceSpec:AppResourceSpec", + "description": "The instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.See Resource Spec below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userProfileName": { + "type": "string", + "description": "The user profile name.\n" + } + }, + "requiredInputs": [ + "appName", + "appType", + "domainId", + "userProfileName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering App resources.\n", + "properties": { + "appName": { + "type": "string", + "description": "The name of the app.\n" + }, + "appType": { + "type": "string", + "description": "The type of app. Valid values are `JupyterServer`, `KernelGateway` and `TensorBoard`.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the app.\n" + }, + "domainId": { + "type": "string", + "description": "The domain ID.\n" + }, + "resourceSpec": { + "$ref": "#/types/aws:sagemaker/AppResourceSpec:AppResourceSpec", + "description": "The instance type and the Amazon Resource Name (ARN) of the SageMaker image created on the instance.See Resource Spec below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userProfileName": { + "type": "string", + "description": "The user profile name.\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/appImageConfig:AppImageConfig": { + "description": "Provides a Sagemaker App Image Config resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.sagemaker.AppImageConfig(\"test\", {\n appImageConfigName: \"example\",\n kernelGatewayImageConfig: {\n kernelSpec: {\n name: \"example\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.sagemaker.AppImageConfig(\"test\",\n app_image_config_name=\"example\",\n kernel_gateway_image_config=aws.sagemaker.AppImageConfigKernelGatewayImageConfigArgs(\n kernel_spec=aws.sagemaker.AppImageConfigKernelGatewayImageConfigKernelSpecArgs(\n name=\"example\",\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Sagemaker.AppImageConfig(\"test\", new Aws.Sagemaker.AppImageConfigArgs\n {\n AppImageConfigName = \"example\",\n KernelGatewayImageConfig = new Aws.Sagemaker.Inputs.AppImageConfigKernelGatewayImageConfigArgs\n {\n KernelSpec = new Aws.Sagemaker.Inputs.AppImageConfigKernelGatewayImageConfigKernelSpecArgs\n {\n Name = \"example\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewAppImageConfig(ctx, \"test\", &sagemaker.AppImageConfigArgs{\n\t\t\tAppImageConfigName: pulumi.String(\"example\"),\n\t\t\tKernelGatewayImageConfig: &sagemaker.AppImageConfigKernelGatewayImageConfigArgs{\n\t\t\t\tKernelSpec: &sagemaker.AppImageConfigKernelGatewayImageConfigKernelSpecArgs{\n\t\t\t\t\tName: pulumi.String(\"example\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Default File System Config\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.sagemaker.AppImageConfig(\"test\", {\n appImageConfigName: \"example\",\n kernelGatewayImageConfig: {\n fileSystemConfig: {},\n kernelSpec: {\n name: \"example\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.sagemaker.AppImageConfig(\"test\",\n app_image_config_name=\"example\",\n kernel_gateway_image_config=aws.sagemaker.AppImageConfigKernelGatewayImageConfigArgs(\n file_system_config=aws.sagemaker.AppImageConfigKernelGatewayImageConfigFileSystemConfigArgs(),\n kernel_spec=aws.sagemaker.AppImageConfigKernelGatewayImageConfigKernelSpecArgs(\n name=\"example\",\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Sagemaker.AppImageConfig(\"test\", new Aws.Sagemaker.AppImageConfigArgs\n {\n AppImageConfigName = \"example\",\n KernelGatewayImageConfig = new Aws.Sagemaker.Inputs.AppImageConfigKernelGatewayImageConfigArgs\n {\n FileSystemConfig = ,\n KernelSpec = new Aws.Sagemaker.Inputs.AppImageConfigKernelGatewayImageConfigKernelSpecArgs\n {\n Name = \"example\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewAppImageConfig(ctx, \"test\", &sagemaker.AppImageConfigArgs{\n\t\t\tAppImageConfigName: pulumi.String(\"example\"),\n\t\t\tKernelGatewayImageConfig: &sagemaker.AppImageConfigKernelGatewayImageConfigArgs{\n\t\t\t\tFileSystemConfig: nil,\n\t\t\t\tKernelSpec: &sagemaker.AppImageConfigKernelGatewayImageConfigKernelSpecArgs{\n\t\t\t\t\tName: pulumi.String(\"example\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker App Image Configs can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/appImageConfig:AppImageConfig example example\n```\n\n ", + "properties": { + "appImageConfigName": { + "type": "string", + "description": "The name of the App Image Config.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this App Image Config.\n" + }, + "kernelGatewayImageConfig": { + "$ref": "#/types/aws:sagemaker/AppImageConfigKernelGatewayImageConfig:AppImageConfigKernelGatewayImageConfig", + "description": "The configuration for the file system and kernels in a SageMaker image running as a KernelGateway app. See Kernel Gateway Image Config details below.\n" + } + }, + "required": [ + "appImageConfigName", + "arn" + ], + "inputProperties": { + "appImageConfigName": { + "type": "string", + "description": "The name of the App Image Config.\n" + }, + "kernelGatewayImageConfig": { + "$ref": "#/types/aws:sagemaker/AppImageConfigKernelGatewayImageConfig:AppImageConfigKernelGatewayImageConfig", + "description": "The configuration for the file system and kernels in a SageMaker image running as a KernelGateway app. See Kernel Gateway Image Config details below.\n" + } + }, + "requiredInputs": [ + "appImageConfigName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AppImageConfig resources.\n", + "properties": { + "appImageConfigName": { + "type": "string", + "description": "The name of the App Image Config.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this App Image Config.\n" + }, + "kernelGatewayImageConfig": { + "$ref": "#/types/aws:sagemaker/AppImageConfigKernelGatewayImageConfig:AppImageConfigKernelGatewayImageConfig", + "description": "The configuration for the file system and kernels in a SageMaker image running as a KernelGateway app. See Kernel Gateway Image Config details below.\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/codeRepository:CodeRepository": { + "description": "Provides a Sagemaker Code Repository resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.CodeRepository(\"example\", {\n codeRepositoryName: \"example\",\n gitConfig: {\n repositoryUrl: \"https://github.com/hashicorp/terraform-provider-aws.git\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.CodeRepository(\"example\",\n code_repository_name=\"example\",\n git_config=aws.sagemaker.CodeRepositoryGitConfigArgs(\n repository_url=\"https://github.com/hashicorp/terraform-provider-aws.git\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sagemaker.CodeRepository(\"example\", new Aws.Sagemaker.CodeRepositoryArgs\n {\n CodeRepositoryName = \"example\",\n GitConfig = new Aws.Sagemaker.Inputs.CodeRepositoryGitConfigArgs\n {\n RepositoryUrl = \"https://github.com/hashicorp/terraform-provider-aws.git\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewCodeRepository(ctx, \"example\", &sagemaker.CodeRepositoryArgs{\n\t\t\tCodeRepositoryName: pulumi.String(\"example\"),\n\t\t\tGitConfig: &sagemaker.CodeRepositoryGitConfigArgs{\n\t\t\t\tRepositoryUrl: pulumi.String(\"https://github.com/hashicorp/terraform-provider-aws.git\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example with Secret\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleSecret = new aws.secretsmanager.Secret(\"exampleSecret\", {});\nconst exampleSecretVersion = new aws.secretsmanager.SecretVersion(\"exampleSecretVersion\", {\n secretId: exampleSecret.id,\n secretString: JSON.stringify({\n username: \"example\",\n password: \"example\",\n }),\n});\nconst exampleCodeRepository = new aws.sagemaker.CodeRepository(\"exampleCodeRepository\", {\n codeRepositoryName: \"example\",\n gitConfig: {\n repositoryUrl: \"https://github.com/hashicorp/terraform-provider-aws.git\",\n secretArn: exampleSecret.arn,\n },\n}, {\n dependsOn: [exampleSecretVersion],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample_secret = aws.secretsmanager.Secret(\"exampleSecret\")\nexample_secret_version = aws.secretsmanager.SecretVersion(\"exampleSecretVersion\",\n secret_id=example_secret.id,\n secret_string=json.dumps({\n \"username\": \"example\",\n \"password\": \"example\",\n }))\nexample_code_repository = aws.sagemaker.CodeRepository(\"exampleCodeRepository\",\n code_repository_name=\"example\",\n git_config=aws.sagemaker.CodeRepositoryGitConfigArgs(\n repository_url=\"https://github.com/hashicorp/terraform-provider-aws.git\",\n secret_arn=example_secret.arn,\n ),\n opts=pulumi.ResourceOptions(depends_on=[example_secret_version]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleSecret = new Aws.SecretsManager.Secret(\"exampleSecret\", new Aws.SecretsManager.SecretArgs\n {\n });\n var exampleSecretVersion = new Aws.SecretsManager.SecretVersion(\"exampleSecretVersion\", new Aws.SecretsManager.SecretVersionArgs\n {\n SecretId = exampleSecret.Id,\n SecretString = JsonSerializer.Serialize(new Dictionary\n {\n { \"username\", \"example\" },\n { \"password\", \"example\" },\n }),\n });\n var exampleCodeRepository = new Aws.Sagemaker.CodeRepository(\"exampleCodeRepository\", new Aws.Sagemaker.CodeRepositoryArgs\n {\n CodeRepositoryName = \"example\",\n GitConfig = new Aws.Sagemaker.Inputs.CodeRepositoryGitConfigArgs\n {\n RepositoryUrl = \"https://github.com/hashicorp/terraform-provider-aws.git\",\n SecretArn = exampleSecret.Arn,\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleSecretVersion,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleSecret, err := secretsmanager.NewSecret(ctx, \"exampleSecret\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"username\": \"example\",\n\t\t\t\"password\": \"example\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\texampleSecretVersion, err := secretsmanager.NewSecretVersion(ctx, \"exampleSecretVersion\", &secretsmanager.SecretVersionArgs{\n\t\t\tSecretId: exampleSecret.ID(),\n\t\t\tSecretString: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewCodeRepository(ctx, \"exampleCodeRepository\", &sagemaker.CodeRepositoryArgs{\n\t\t\tCodeRepositoryName: pulumi.String(\"example\"),\n\t\t\tGitConfig: &sagemaker.CodeRepositoryGitConfigArgs{\n\t\t\t\tRepositoryUrl: pulumi.String(\"https://github.com/hashicorp/terraform-provider-aws.git\"),\n\t\t\t\tSecretArn: exampleSecret.Arn,\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleSecretVersion,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker Code Repositories can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/codeRepository:CodeRepository test_code_repository my-code-repo\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Code Repository.\n" + }, + "codeRepositoryName": { + "type": "string", + "description": "The name of the Code Repository (must be unique).\n" + }, + "gitConfig": { + "$ref": "#/types/aws:sagemaker/CodeRepositoryGitConfig:CodeRepositoryGitConfig", + "description": "Specifies details about the repository. see Git Config details below.\n" + } + }, + "required": [ + "arn", + "codeRepositoryName", + "gitConfig" + ], + "inputProperties": { + "codeRepositoryName": { + "type": "string", + "description": "The name of the Code Repository (must be unique).\n" + }, + "gitConfig": { + "$ref": "#/types/aws:sagemaker/CodeRepositoryGitConfig:CodeRepositoryGitConfig", + "description": "Specifies details about the repository. see Git Config details below.\n" + } + }, + "requiredInputs": [ + "codeRepositoryName", + "gitConfig" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CodeRepository resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Code Repository.\n" + }, + "codeRepositoryName": { + "type": "string", + "description": "The name of the Code Repository (must be unique).\n" + }, + "gitConfig": { + "$ref": "#/types/aws:sagemaker/CodeRepositoryGitConfig:CodeRepositoryGitConfig", + "description": "Specifies details about the repository. see Git Config details below.\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/domain:Domain": { + "description": "Provides a Sagemaker Domain resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDomain = new aws.sagemaker.Domain(\"exampleDomain\", {\n domainName: \"example\",\n authMode: \"IAM\",\n vpcId: aws_vpc.test.id,\n subnetIds: [aws_subnet.test.id],\n defaultUserSettings: {\n executionRole: aws_iam_role.test.arn,\n },\n});\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"sagemaker.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {\n path: \"/\",\n assumeRolePolicy: examplePolicyDocument.then(examplePolicyDocument => examplePolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain = aws.sagemaker.Domain(\"exampleDomain\",\n domain_name=\"example\",\n auth_mode=\"IAM\",\n vpc_id=aws_vpc[\"test\"][\"id\"],\n subnet_ids=[aws_subnet[\"test\"][\"id\"]],\n default_user_settings=aws.sagemaker.DomainDefaultUserSettingsArgs(\n execution_role=aws_iam_role[\"test\"][\"arn\"],\n ))\nexample_policy_document = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"sagemaker.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"exampleRole\",\n path=\"/\",\n assume_role_policy=example_policy_document.json)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleDomain = new Aws.Sagemaker.Domain(\"exampleDomain\", new Aws.Sagemaker.DomainArgs\n {\n DomainName = \"example\",\n AuthMode = \"IAM\",\n VpcId = aws_vpc.Test.Id,\n SubnetIds = \n {\n aws_subnet.Test.Id,\n },\n DefaultUserSettings = new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsArgs\n {\n ExecutionRole = aws_iam_role.Test.Arn,\n },\n });\n var examplePolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sts:AssumeRole\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"sagemaker.amazonaws.com\",\n },\n },\n },\n },\n },\n }));\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n Path = \"/\",\n AssumeRolePolicy = examplePolicyDocument.Apply(examplePolicyDocument => examplePolicyDocument.Json),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewDomain(ctx, \"exampleDomain\", &sagemaker.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tAuthMode: pulumi.String(\"IAM\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Test.Id),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Test.Id),\n\t\t\t},\n\t\t\tDefaultUserSettings: &sagemaker.DomainDefaultUserSettingsArgs{\n\t\t\t\tExecutionRole: pulumi.Any(aws_iam_role.Test.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"sagemaker.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tAssumeRolePolicy: pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Using Custom Images\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testImage = new aws.sagemaker.Image(\"testImage\", {\n imageName: \"example\",\n roleArn: aws_iam_role.test.arn,\n});\nconst testAppImageConfig = new aws.sagemaker.AppImageConfig(\"testAppImageConfig\", {\n appImageConfigName: \"example\",\n kernelGatewayImageConfig: {\n kernelSpec: {\n name: \"example\",\n },\n },\n});\nconst testImageVersion = new aws.sagemaker.ImageVersion(\"testImageVersion\", {\n imageName: testImage.id,\n baseImage: \"base-image\",\n});\nconst testDomain = new aws.sagemaker.Domain(\"testDomain\", {\n domainName: \"example\",\n authMode: \"IAM\",\n vpcId: aws_vpc.test.id,\n subnetIds: [aws_subnet.test.id],\n defaultUserSettings: {\n executionRole: aws_iam_role.test.arn,\n kernelGatewayAppSettings: {\n customImages: [{\n appImageConfigName: testAppImageConfig.appImageConfigName,\n imageName: testImageVersion.imageName,\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_image = aws.sagemaker.Image(\"testImage\",\n image_name=\"example\",\n role_arn=aws_iam_role[\"test\"][\"arn\"])\ntest_app_image_config = aws.sagemaker.AppImageConfig(\"testAppImageConfig\",\n app_image_config_name=\"example\",\n kernel_gateway_image_config=aws.sagemaker.AppImageConfigKernelGatewayImageConfigArgs(\n kernel_spec=aws.sagemaker.AppImageConfigKernelGatewayImageConfigKernelSpecArgs(\n name=\"example\",\n ),\n ))\ntest_image_version = aws.sagemaker.ImageVersion(\"testImageVersion\",\n image_name=test_image.id,\n base_image=\"base-image\")\ntest_domain = aws.sagemaker.Domain(\"testDomain\",\n domain_name=\"example\",\n auth_mode=\"IAM\",\n vpc_id=aws_vpc[\"test\"][\"id\"],\n subnet_ids=[aws_subnet[\"test\"][\"id\"]],\n default_user_settings=aws.sagemaker.DomainDefaultUserSettingsArgs(\n execution_role=aws_iam_role[\"test\"][\"arn\"],\n kernel_gateway_app_settings=aws.sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs(\n custom_images=[aws.sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs(\n app_image_config_name=test_app_image_config.app_image_config_name,\n image_name=test_image_version.image_name,\n )],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testImage = new Aws.Sagemaker.Image(\"testImage\", new Aws.Sagemaker.ImageArgs\n {\n ImageName = \"example\",\n RoleArn = aws_iam_role.Test.Arn,\n });\n var testAppImageConfig = new Aws.Sagemaker.AppImageConfig(\"testAppImageConfig\", new Aws.Sagemaker.AppImageConfigArgs\n {\n AppImageConfigName = \"example\",\n KernelGatewayImageConfig = new Aws.Sagemaker.Inputs.AppImageConfigKernelGatewayImageConfigArgs\n {\n KernelSpec = new Aws.Sagemaker.Inputs.AppImageConfigKernelGatewayImageConfigKernelSpecArgs\n {\n Name = \"example\",\n },\n },\n });\n var testImageVersion = new Aws.Sagemaker.ImageVersion(\"testImageVersion\", new Aws.Sagemaker.ImageVersionArgs\n {\n ImageName = testImage.Id,\n BaseImage = \"base-image\",\n });\n var testDomain = new Aws.Sagemaker.Domain(\"testDomain\", new Aws.Sagemaker.DomainArgs\n {\n DomainName = \"example\",\n AuthMode = \"IAM\",\n VpcId = aws_vpc.Test.Id,\n SubnetIds = \n {\n aws_subnet.Test.Id,\n },\n DefaultUserSettings = new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsArgs\n {\n ExecutionRole = aws_iam_role.Test.Arn,\n KernelGatewayAppSettings = new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs\n {\n CustomImages = \n {\n new Aws.Sagemaker.Inputs.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs\n {\n AppImageConfigName = testAppImageConfig.AppImageConfigName,\n ImageName = testImageVersion.ImageName,\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestImage, err := sagemaker.NewImage(ctx, \"testImage\", &sagemaker.ImageArgs{\n\t\t\tImageName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Test.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestAppImageConfig, err := sagemaker.NewAppImageConfig(ctx, \"testAppImageConfig\", &sagemaker.AppImageConfigArgs{\n\t\t\tAppImageConfigName: pulumi.String(\"example\"),\n\t\t\tKernelGatewayImageConfig: &sagemaker.AppImageConfigKernelGatewayImageConfigArgs{\n\t\t\t\tKernelSpec: &sagemaker.AppImageConfigKernelGatewayImageConfigKernelSpecArgs{\n\t\t\t\t\tName: pulumi.String(\"example\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestImageVersion, err := sagemaker.NewImageVersion(ctx, \"testImageVersion\", &sagemaker.ImageVersionArgs{\n\t\t\tImageName: testImage.ID(),\n\t\t\tBaseImage: pulumi.String(\"base-image\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewDomain(ctx, \"testDomain\", &sagemaker.DomainArgs{\n\t\t\tDomainName: pulumi.String(\"example\"),\n\t\t\tAuthMode: pulumi.String(\"IAM\"),\n\t\t\tVpcId: pulumi.Any(aws_vpc.Test.Id),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Test.Id),\n\t\t\t},\n\t\t\tDefaultUserSettings: &sagemaker.DomainDefaultUserSettingsArgs{\n\t\t\t\tExecutionRole: pulumi.Any(aws_iam_role.Test.Arn),\n\t\t\t\tKernelGatewayAppSettings: &sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsArgs{\n\t\t\t\t\tCustomImages: sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArray{\n\t\t\t\t\t\t&sagemaker.DomainDefaultUserSettingsKernelGatewayAppSettingsCustomImageArgs{\n\t\t\t\t\t\t\tAppImageConfigName: testAppImageConfig.AppImageConfigName,\n\t\t\t\t\t\t\tImageName: testImageVersion.ImageName,\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker Code Domains can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/domain:Domain test_domain d-8jgsjtilstu8\n```\n\n ", + "properties": { + "appNetworkAccessType": { + "type": "string", + "description": "Specifies the VPC used for non-EFS traffic. The default value is `PublicInternetOnly`. Valid values are `PublicInternetOnly` and `VpcOnly`.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Domain.\n" + }, + "authMode": { + "type": "string", + "description": "The mode of authentication that members use to access the domain. Valid values are `IAM` and `SSO`.\n" + }, + "defaultUserSettings": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettings:DomainDefaultUserSettings", + "description": "The default user settings. See Default User Settings below.\n" + }, + "domainName": { + "type": "string", + "description": "The domain name.\n" + }, + "homeEfsFileSystemId": { + "type": "string", + "description": "The ID of the Amazon Elastic File System (EFS) managed by this Domain.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The AWS KMS customer managed CMK used to encrypt the EFS volume attached to the domain.\n" + }, + "retentionPolicy": { + "$ref": "#/types/aws:sagemaker/DomainRetentionPolicy:DomainRetentionPolicy", + "description": "The retention policy for this domain, which specifies whether resources will be retained after the Domain is deleted. By default, all resources are retained. See Retention Policy below.\n" + }, + "singleSignOnManagedApplicationInstanceId": { + "type": "string", + "description": "The SSO managed application instance ID.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The VPC subnets that Studio uses for communication.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "url": { + "type": "string", + "description": "The domain's URL.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.\n" + } + }, + "required": [ + "arn", + "authMode", + "defaultUserSettings", + "domainName", + "homeEfsFileSystemId", + "singleSignOnManagedApplicationInstanceId", + "subnetIds", + "tagsAll", + "url", + "vpcId" + ], + "inputProperties": { + "appNetworkAccessType": { + "type": "string", + "description": "Specifies the VPC used for non-EFS traffic. The default value is `PublicInternetOnly`. Valid values are `PublicInternetOnly` and `VpcOnly`.\n" + }, + "authMode": { + "type": "string", + "description": "The mode of authentication that members use to access the domain. Valid values are `IAM` and `SSO`.\n" + }, + "defaultUserSettings": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettings:DomainDefaultUserSettings", + "description": "The default user settings. See Default User Settings below.\n" + }, + "domainName": { + "type": "string", + "description": "The domain name.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The AWS KMS customer managed CMK used to encrypt the EFS volume attached to the domain.\n" + }, + "retentionPolicy": { + "$ref": "#/types/aws:sagemaker/DomainRetentionPolicy:DomainRetentionPolicy", + "description": "The retention policy for this domain, which specifies whether resources will be retained after the Domain is deleted. By default, all resources are retained. See Retention Policy below.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The VPC subnets that Studio uses for communication.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.\n" + } + }, + "requiredInputs": [ + "authMode", + "defaultUserSettings", + "domainName", + "subnetIds", + "vpcId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Domain resources.\n", + "properties": { + "appNetworkAccessType": { + "type": "string", + "description": "Specifies the VPC used for non-EFS traffic. The default value is `PublicInternetOnly`. Valid values are `PublicInternetOnly` and `VpcOnly`.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Domain.\n" + }, + "authMode": { + "type": "string", + "description": "The mode of authentication that members use to access the domain. Valid values are `IAM` and `SSO`.\n" + }, + "defaultUserSettings": { + "$ref": "#/types/aws:sagemaker/DomainDefaultUserSettings:DomainDefaultUserSettings", + "description": "The default user settings. See Default User Settings below.\n" + }, + "domainName": { + "type": "string", + "description": "The domain name.\n" + }, + "homeEfsFileSystemId": { + "type": "string", + "description": "The ID of the Amazon Elastic File System (EFS) managed by this Domain.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The AWS KMS customer managed CMK used to encrypt the EFS volume attached to the domain.\n" + }, + "retentionPolicy": { + "$ref": "#/types/aws:sagemaker/DomainRetentionPolicy:DomainRetentionPolicy", + "description": "The retention policy for this domain, which specifies whether resources will be retained after the Domain is deleted. By default, all resources are retained. See Retention Policy below.\n" + }, + "singleSignOnManagedApplicationInstanceId": { + "type": "string", + "description": "The SSO managed application instance ID.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The VPC subnets that Studio uses for communication.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "url": { + "type": "string", + "description": "The domain's URL.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the Amazon Virtual Private Cloud (VPC) that Studio uses for communication.\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/endpoint:Endpoint": { + "description": "Provides a SageMaker Endpoint resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst endpoint = new aws.sagemaker.Endpoint(\"endpoint\", {\n endpointConfigName: aws_sagemaker_endpoint_configuration.ec.name,\n tags: {\n Name: \"foo\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nendpoint = aws.sagemaker.Endpoint(\"endpoint\",\n endpoint_config_name=aws_sagemaker_endpoint_configuration[\"ec\"][\"name\"],\n tags={\n \"Name\": \"foo\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var endpoint = new Aws.Sagemaker.Endpoint(\"endpoint\", new Aws.Sagemaker.EndpointArgs\n {\n EndpointConfigName = aws_sagemaker_endpoint_configuration.Ec.Name,\n Tags = \n {\n { \"Name\", \"foo\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewEndpoint(ctx, \"endpoint\", &sagemaker.EndpointArgs{\n\t\t\tEndpointConfigName: pulumi.Any(aws_sagemaker_endpoint_configuration.Ec.Name),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEndpoints can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/endpoint:Endpoint test_endpoint my-endpoint\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this endpoint.\n" + }, + "endpointConfigName": { + "type": "string", + "description": "The name of the endpoint configuration to use.\n" + }, + "name": { + "type": "string", + "description": "The name of the endpoint. If omitted, this provider will assign a random, unique name.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "endpointConfigName", + "name", + "tagsAll" + ], + "inputProperties": { + "endpointConfigName": { + "type": "string", + "description": "The name of the endpoint configuration to use.\n" + }, + "name": { + "type": "string", + "description": "The name of the endpoint. If omitted, this provider will assign a random, unique name.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "endpointConfigName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Endpoint resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this endpoint.\n" + }, + "endpointConfigName": { + "type": "string", + "description": "The name of the endpoint configuration to use.\n" + }, + "name": { + "type": "string", + "description": "The name of the endpoint. If omitted, this provider will assign a random, unique name.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/endpointConfiguration:EndpointConfiguration": { + "description": "Provides a SageMaker endpoint configuration resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ec = new aws.sagemaker.EndpointConfiguration(\"ec\", {\n productionVariants: [{\n variantName: \"variant-1\",\n modelName: aws_sagemaker_model.m.name,\n initialInstanceCount: 1,\n instanceType: \"ml.t2.medium\",\n }],\n tags: {\n Name: \"foo\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nec = aws.sagemaker.EndpointConfiguration(\"ec\",\n production_variants=[aws.sagemaker.EndpointConfigurationProductionVariantArgs(\n variant_name=\"variant-1\",\n model_name=aws_sagemaker_model[\"m\"][\"name\"],\n initial_instance_count=1,\n instance_type=\"ml.t2.medium\",\n )],\n tags={\n \"Name\": \"foo\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ec = new Aws.Sagemaker.EndpointConfiguration(\"ec\", new Aws.Sagemaker.EndpointConfigurationArgs\n {\n ProductionVariants = \n {\n new Aws.Sagemaker.Inputs.EndpointConfigurationProductionVariantArgs\n {\n VariantName = \"variant-1\",\n ModelName = aws_sagemaker_model.M.Name,\n InitialInstanceCount = 1,\n InstanceType = \"ml.t2.medium\",\n },\n },\n Tags = \n {\n { \"Name\", \"foo\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewEndpointConfiguration(ctx, \"ec\", &sagemaker.EndpointConfigurationArgs{\n\t\t\tProductionVariants: sagemaker.EndpointConfigurationProductionVariantArray{\n\t\t\t\t&sagemaker.EndpointConfigurationProductionVariantArgs{\n\t\t\t\t\tVariantName: pulumi.String(\"variant-1\"),\n\t\t\t\t\tModelName: pulumi.Any(aws_sagemaker_model.M.Name),\n\t\t\t\t\tInitialInstanceCount: pulumi.Int(1),\n\t\t\t\t\tInstanceType: pulumi.String(\"ml.t2.medium\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEndpoint configurations can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/endpointConfiguration:EndpointConfiguration test_endpoint_config endpoint-config-foo\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this endpoint configuration.\n" + }, + "dataCaptureConfig": { + "$ref": "#/types/aws:sagemaker/EndpointConfigurationDataCaptureConfig:EndpointConfigurationDataCaptureConfig", + "description": "Specifies the parameters to capture input/output of Sagemaker models endpoints. Fields are documented below.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of a AWS Key Management Service key that Amazon SageMaker uses to encrypt data on the storage volume attached to the ML compute instance that hosts the endpoint.\n" + }, + "name": { + "type": "string", + "description": "The name of the endpoint configuration. If omitted, this provider will assign a random, unique name.\n" + }, + "productionVariants": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/EndpointConfigurationProductionVariant:EndpointConfigurationProductionVariant" + }, + "description": "Fields are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "productionVariants", + "tagsAll" + ], + "inputProperties": { + "dataCaptureConfig": { + "$ref": "#/types/aws:sagemaker/EndpointConfigurationDataCaptureConfig:EndpointConfigurationDataCaptureConfig", + "description": "Specifies the parameters to capture input/output of Sagemaker models endpoints. Fields are documented below.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of a AWS Key Management Service key that Amazon SageMaker uses to encrypt data on the storage volume attached to the ML compute instance that hosts the endpoint.\n" + }, + "name": { + "type": "string", + "description": "The name of the endpoint configuration. If omitted, this provider will assign a random, unique name.\n" + }, + "productionVariants": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/EndpointConfigurationProductionVariant:EndpointConfigurationProductionVariant" + }, + "description": "Fields are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "productionVariants" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EndpointConfiguration resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this endpoint configuration.\n" + }, + "dataCaptureConfig": { + "$ref": "#/types/aws:sagemaker/EndpointConfigurationDataCaptureConfig:EndpointConfigurationDataCaptureConfig", + "description": "Specifies the parameters to capture input/output of Sagemaker models endpoints. Fields are documented below.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of a AWS Key Management Service key that Amazon SageMaker uses to encrypt data on the storage volume attached to the ML compute instance that hosts the endpoint.\n" + }, + "name": { + "type": "string", + "description": "The name of the endpoint configuration. If omitted, this provider will assign a random, unique name.\n" + }, + "productionVariants": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/EndpointConfigurationProductionVariant:EndpointConfigurationProductionVariant" + }, + "description": "Fields are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags to assign to the resource.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/featureGroup:FeatureGroup": { + "description": "Provides a SageMaker Feature Group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.FeatureGroup(\"example\", {\n featureGroupName: \"example\",\n recordIdentifierFeatureName: \"example\",\n eventTimeFeatureName: \"example\",\n roleArn: aws_iam_role.test.arn,\n featureDefinitions: [{\n featureName: \"example\",\n featureType: \"String\",\n }],\n onlineStoreConfig: {\n enableOnlineStore: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.FeatureGroup(\"example\",\n feature_group_name=\"example\",\n record_identifier_feature_name=\"example\",\n event_time_feature_name=\"example\",\n role_arn=aws_iam_role[\"test\"][\"arn\"],\n feature_definitions=[aws.sagemaker.FeatureGroupFeatureDefinitionArgs(\n feature_name=\"example\",\n feature_type=\"String\",\n )],\n online_store_config=aws.sagemaker.FeatureGroupOnlineStoreConfigArgs(\n enable_online_store=True,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sagemaker.FeatureGroup(\"example\", new Aws.Sagemaker.FeatureGroupArgs\n {\n FeatureGroupName = \"example\",\n RecordIdentifierFeatureName = \"example\",\n EventTimeFeatureName = \"example\",\n RoleArn = aws_iam_role.Test.Arn,\n FeatureDefinitions = \n {\n new Aws.Sagemaker.Inputs.FeatureGroupFeatureDefinitionArgs\n {\n FeatureName = \"example\",\n FeatureType = \"String\",\n },\n },\n OnlineStoreConfig = new Aws.Sagemaker.Inputs.FeatureGroupOnlineStoreConfigArgs\n {\n EnableOnlineStore = true,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewFeatureGroup(ctx, \"example\", &sagemaker.FeatureGroupArgs{\n\t\t\tFeatureGroupName: pulumi.String(\"example\"),\n\t\t\tRecordIdentifierFeatureName: pulumi.String(\"example\"),\n\t\t\tEventTimeFeatureName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Test.Arn),\n\t\t\tFeatureDefinitions: sagemaker.FeatureGroupFeatureDefinitionArray{\n\t\t\t\t&sagemaker.FeatureGroupFeatureDefinitionArgs{\n\t\t\t\t\tFeatureName: pulumi.String(\"example\"),\n\t\t\t\t\tFeatureType: pulumi.String(\"String\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tOnlineStoreConfig: &sagemaker.FeatureGroupOnlineStoreConfigArgs{\n\t\t\t\tEnableOnlineStore: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nFeature Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/featureGroup:FeatureGroup test_feature_group feature_group-foo\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this feature_group.\n" + }, + "description": { + "type": "string", + "description": "A free-form description of a Feature Group.\n" + }, + "eventTimeFeatureName": { + "type": "string", + "description": "The name of the feature that stores the EventTime of a Record in a Feature Group.\n" + }, + "featureDefinitions": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/FeatureGroupFeatureDefinition:FeatureGroupFeatureDefinition" + }, + "description": "A list of Feature names and types. See Feature Definition Below.\n" + }, + "featureGroupName": { + "type": "string", + "description": "The name of the Feature Group. The name must be unique within an AWS Region in an AWS account.\n" + }, + "offlineStoreConfig": { + "$ref": "#/types/aws:sagemaker/FeatureGroupOfflineStoreConfig:FeatureGroupOfflineStoreConfig", + "description": "The Offline Feature Store Configuration. See Offline Store Config Below.\n" + }, + "onlineStoreConfig": { + "$ref": "#/types/aws:sagemaker/FeatureGroupOnlineStoreConfig:FeatureGroupOnlineStoreConfig", + "description": "The Online Feature Store Configuration. See Online Store Config Below.\n" + }, + "recordIdentifierFeatureName": { + "type": "string", + "description": "The name of the Feature whose value uniquely identifies a Record defined in the Feature Store. Only the latest record per identifier value will be stored in the Online Store.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM execution role used to persist data into the Offline Store if an `offline_store_config` is provided.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "eventTimeFeatureName", + "featureDefinitions", + "featureGroupName", + "recordIdentifierFeatureName", + "roleArn", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A free-form description of a Feature Group.\n" + }, + "eventTimeFeatureName": { + "type": "string", + "description": "The name of the feature that stores the EventTime of a Record in a Feature Group.\n" + }, + "featureDefinitions": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/FeatureGroupFeatureDefinition:FeatureGroupFeatureDefinition" + }, + "description": "A list of Feature names and types. See Feature Definition Below.\n" + }, + "featureGroupName": { + "type": "string", + "description": "The name of the Feature Group. The name must be unique within an AWS Region in an AWS account.\n" + }, + "offlineStoreConfig": { + "$ref": "#/types/aws:sagemaker/FeatureGroupOfflineStoreConfig:FeatureGroupOfflineStoreConfig", + "description": "The Offline Feature Store Configuration. See Offline Store Config Below.\n" + }, + "onlineStoreConfig": { + "$ref": "#/types/aws:sagemaker/FeatureGroupOnlineStoreConfig:FeatureGroupOnlineStoreConfig", + "description": "The Online Feature Store Configuration. See Online Store Config Below.\n" + }, + "recordIdentifierFeatureName": { + "type": "string", + "description": "The name of the Feature whose value uniquely identifies a Record defined in the Feature Store. Only the latest record per identifier value will be stored in the Online Store.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM execution role used to persist data into the Offline Store if an `offline_store_config` is provided.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "eventTimeFeatureName", + "featureDefinitions", + "featureGroupName", + "recordIdentifierFeatureName", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering FeatureGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this feature_group.\n" + }, + "description": { + "type": "string", + "description": "A free-form description of a Feature Group.\n" + }, + "eventTimeFeatureName": { + "type": "string", + "description": "The name of the feature that stores the EventTime of a Record in a Feature Group.\n" + }, + "featureDefinitions": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/FeatureGroupFeatureDefinition:FeatureGroupFeatureDefinition" + }, + "description": "A list of Feature names and types. See Feature Definition Below.\n" + }, + "featureGroupName": { + "type": "string", + "description": "The name of the Feature Group. The name must be unique within an AWS Region in an AWS account.\n" + }, + "offlineStoreConfig": { + "$ref": "#/types/aws:sagemaker/FeatureGroupOfflineStoreConfig:FeatureGroupOfflineStoreConfig", + "description": "The Offline Feature Store Configuration. See Offline Store Config Below.\n" + }, + "onlineStoreConfig": { + "$ref": "#/types/aws:sagemaker/FeatureGroupOnlineStoreConfig:FeatureGroupOnlineStoreConfig", + "description": "The Online Feature Store Configuration. See Online Store Config Below.\n" + }, + "recordIdentifierFeatureName": { + "type": "string", + "description": "The name of the Feature whose value uniquely identifies a Record defined in the Feature Store. Only the latest record per identifier value will be stored in the Online Store.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM execution role used to persist data into the Offline Store if an `offline_store_config` is provided.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of resource tags for the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/image:Image": { + "description": "Provides a Sagemaker Image resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.Image(\"example\", {\n imageName: \"example\",\n roleArn: aws_iam_role.test.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.Image(\"example\",\n image_name=\"example\",\n role_arn=aws_iam_role[\"test\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sagemaker.Image(\"example\", new Aws.Sagemaker.ImageArgs\n {\n ImageName = \"example\",\n RoleArn = aws_iam_role.Test.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewImage(ctx, \"example\", &sagemaker.ImageArgs{\n\t\t\tImageName: pulumi.String(\"example\"),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Test.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker Code Images can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/image:Image test_image my-code-repo\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Image.\n" + }, + "description": { + "type": "string", + "description": "The description of the image.\n" + }, + "displayName": { + "type": "string", + "description": "The display name of the image. When the image is added to a domain (must be unique to the domain).\n" + }, + "imageName": { + "type": "string", + "description": "The name of the image. Must be unique to your account.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of an IAM role that enables Amazon SageMaker to perform tasks on your behalf.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "imageName", + "roleArn", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the image.\n" + }, + "displayName": { + "type": "string", + "description": "The display name of the image. When the image is added to a domain (must be unique to the domain).\n" + }, + "imageName": { + "type": "string", + "description": "The name of the image. Must be unique to your account.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of an IAM role that enables Amazon SageMaker to perform tasks on your behalf.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "imageName", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Image resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Image.\n" + }, + "description": { + "type": "string", + "description": "The description of the image.\n" + }, + "displayName": { + "type": "string", + "description": "The display name of the image. When the image is added to a domain (must be unique to the domain).\n" + }, + "imageName": { + "type": "string", + "description": "The name of the image. Must be unique to your account.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of an IAM role that enables Amazon SageMaker to perform tasks on your behalf.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/imageVersion:ImageVersion": { + "description": "Provides a Sagemaker Image Version resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.sagemaker.ImageVersion(\"test\", {\n imageName: aws_sagemaker_image.test.id,\n baseImage: \"012345678912.dkr.ecr.us-west-2.amazonaws.com/image:latest\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.sagemaker.ImageVersion(\"test\",\n image_name=aws_sagemaker_image[\"test\"][\"id\"],\n base_image=\"012345678912.dkr.ecr.us-west-2.amazonaws.com/image:latest\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Sagemaker.ImageVersion(\"test\", new Aws.Sagemaker.ImageVersionArgs\n {\n ImageName = aws_sagemaker_image.Test.Id,\n BaseImage = \"012345678912.dkr.ecr.us-west-2.amazonaws.com/image:latest\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewImageVersion(ctx, \"test\", &sagemaker.ImageVersionArgs{\n\t\t\tImageName: pulumi.Any(aws_sagemaker_image.Test.Id),\n\t\t\tBaseImage: pulumi.String(\"012345678912.dkr.ecr.us-west-2.amazonaws.com/image:latest\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker Image Versions can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/imageVersion:ImageVersion test_image my-code-repo\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Image Version.\n* `image_arn`- The Amazon Resource Name (ARN) of the image the version is based on.\n" + }, + "baseImage": { + "type": "string", + "description": "The registry path of the container image on which this image version is based.\n" + }, + "containerImage": { + "type": "string", + "description": "The registry path of the container image that contains this image version.\n" + }, + "imageArn": { + "type": "string" + }, + "imageName": { + "type": "string", + "description": "The name of the image. Must be unique to your account.\n" + }, + "version": { + "type": "integer" + } + }, + "required": [ + "arn", + "baseImage", + "containerImage", + "imageArn", + "imageName", + "version" + ], + "inputProperties": { + "baseImage": { + "type": "string", + "description": "The registry path of the container image on which this image version is based.\n" + }, + "imageName": { + "type": "string", + "description": "The name of the image. Must be unique to your account.\n" + } + }, + "requiredInputs": [ + "baseImage", + "imageName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ImageVersion resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Image Version.\n* `image_arn`- The Amazon Resource Name (ARN) of the image the version is based on.\n" + }, + "baseImage": { + "type": "string", + "description": "The registry path of the container image on which this image version is based.\n" + }, + "containerImage": { + "type": "string", + "description": "The registry path of the container image that contains this image version.\n" + }, + "imageArn": { + "type": "string" + }, + "imageName": { + "type": "string", + "description": "The name of the image. Must be unique to your account.\n" + }, + "version": { + "type": "integer" + } + }, + "type": "object" + } + }, + "aws:sagemaker/model:Model": { + "description": "Provides a SageMaker model resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst assumeRole = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"sagemaker.amazonaws.com\"],\n }],\n }],\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: assumeRole.then(assumeRole => assumeRole.json)});\nconst test = aws.sagemaker.getPrebuiltEcrImage({\n repositoryName: \"kmeans\",\n});\nconst exampleModel = new aws.sagemaker.Model(\"exampleModel\", {\n executionRoleArn: exampleRole.arn,\n primaryContainer: {\n image: test.then(test => test.registryPath),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nassume_role = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"sagemaker.amazonaws.com\"],\n )],\n)])\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=assume_role.json)\ntest = aws.sagemaker.get_prebuilt_ecr_image(repository_name=\"kmeans\")\nexample_model = aws.sagemaker.Model(\"exampleModel\",\n execution_role_arn=example_role.arn,\n primary_container=aws.sagemaker.ModelPrimaryContainerArgs(\n image=test.registry_path,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var assumeRole = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sts:AssumeRole\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"sagemaker.amazonaws.com\",\n },\n },\n },\n },\n },\n }));\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = assumeRole.Apply(assumeRole => assumeRole.Json),\n });\n var test = Output.Create(Aws.Sagemaker.GetPrebuiltEcrImage.InvokeAsync(new Aws.Sagemaker.GetPrebuiltEcrImageArgs\n {\n RepositoryName = \"kmeans\",\n }));\n var exampleModel = new Aws.Sagemaker.Model(\"exampleModel\", new Aws.Sagemaker.ModelArgs\n {\n ExecutionRoleArn = exampleRole.Arn,\n PrimaryContainer = new Aws.Sagemaker.Inputs.ModelPrimaryContainerArgs\n {\n Image = test.Apply(test => test.RegistryPath),\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tassumeRole, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"sagemaker.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(assumeRole.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttest, err := sagemaker.GetPrebuiltEcrImage(ctx, &sagemaker.GetPrebuiltEcrImageArgs{\n\t\t\tRepositoryName: \"kmeans\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewModel(ctx, \"exampleModel\", &sagemaker.ModelArgs{\n\t\t\tExecutionRoleArn: exampleRole.Arn,\n\t\t\tPrimaryContainer: &sagemaker.ModelPrimaryContainerArgs{\n\t\t\t\tImage: pulumi.String(test.RegistryPath),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Inference Execution Config\n\n* `mode` - (Required) How containers in a multi-container are run. The following values are valid `Serial` and `Direct`.\n\n\n## Import\n\nModels can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/model:Model test_model model-foo\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this model.\n" + }, + "containers": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/ModelContainer:ModelContainer" + }, + "description": "Specifies containers in the inference pipeline. If not specified, the `primary_container` argument is required. Fields are documented below.\n" + }, + "enableNetworkIsolation": { + "type": "boolean", + "description": "Isolates the model container. No inbound or outbound network calls can be made to or from the model container.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "A role that SageMaker can assume to access model artifacts and docker images for deployment.\n" + }, + "inferenceExecutionConfig": { + "$ref": "#/types/aws:sagemaker/ModelInferenceExecutionConfig:ModelInferenceExecutionConfig", + "description": "Specifies details of how containers in a multi-container endpoint are called. see Inference Execution Config.\n" + }, + "name": { + "type": "string", + "description": "The name of the model (must be unique). If omitted, this provider will assign a random, unique name.\n" + }, + "primaryContainer": { + "$ref": "#/types/aws:sagemaker/ModelPrimaryContainer:ModelPrimaryContainer", + "description": "The primary docker image containing inference code that is used when the model is deployed for predictions. If not specified, the `container` argument is required. Fields are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:sagemaker/ModelVpcConfig:ModelVpcConfig", + "description": "Specifies the VPC that you want your model to connect to. VpcConfig is used in hosting services and in batch transform.\n" + } + }, + "required": [ + "arn", + "executionRoleArn", + "inferenceExecutionConfig", + "name", + "tagsAll" + ], + "inputProperties": { + "containers": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/ModelContainer:ModelContainer" + }, + "description": "Specifies containers in the inference pipeline. If not specified, the `primary_container` argument is required. Fields are documented below.\n" + }, + "enableNetworkIsolation": { + "type": "boolean", + "description": "Isolates the model container. No inbound or outbound network calls can be made to or from the model container.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "A role that SageMaker can assume to access model artifacts and docker images for deployment.\n" + }, + "inferenceExecutionConfig": { + "$ref": "#/types/aws:sagemaker/ModelInferenceExecutionConfig:ModelInferenceExecutionConfig", + "description": "Specifies details of how containers in a multi-container endpoint are called. see Inference Execution Config.\n" + }, + "name": { + "type": "string", + "description": "The name of the model (must be unique). If omitted, this provider will assign a random, unique name.\n" + }, + "primaryContainer": { + "$ref": "#/types/aws:sagemaker/ModelPrimaryContainer:ModelPrimaryContainer", + "description": "The primary docker image containing inference code that is used when the model is deployed for predictions. If not specified, the `container` argument is required. Fields are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:sagemaker/ModelVpcConfig:ModelVpcConfig", + "description": "Specifies the VPC that you want your model to connect to. VpcConfig is used in hosting services and in batch transform.\n" + } + }, + "requiredInputs": [ + "executionRoleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Model resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this model.\n" + }, + "containers": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/ModelContainer:ModelContainer" + }, + "description": "Specifies containers in the inference pipeline. If not specified, the `primary_container` argument is required. Fields are documented below.\n" + }, + "enableNetworkIsolation": { + "type": "boolean", + "description": "Isolates the model container. No inbound or outbound network calls can be made to or from the model container.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "A role that SageMaker can assume to access model artifacts and docker images for deployment.\n" + }, + "inferenceExecutionConfig": { + "$ref": "#/types/aws:sagemaker/ModelInferenceExecutionConfig:ModelInferenceExecutionConfig", + "description": "Specifies details of how containers in a multi-container endpoint are called. see Inference Execution Config.\n" + }, + "name": { + "type": "string", + "description": "The name of the model (must be unique). If omitted, this provider will assign a random, unique name.\n" + }, + "primaryContainer": { + "$ref": "#/types/aws:sagemaker/ModelPrimaryContainer:ModelPrimaryContainer", + "description": "The primary docker image containing inference code that is used when the model is deployed for predictions. If not specified, the `container` argument is required. Fields are documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:sagemaker/ModelVpcConfig:ModelVpcConfig", + "description": "Specifies the VPC that you want your model to connect to. VpcConfig is used in hosting services and in batch transform.\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/modelPackageGroup:ModelPackageGroup": { + "description": "Provides a Sagemaker Model Package Group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.ModelPackageGroup(\"example\", {\n modelPackageGroupName: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.ModelPackageGroup(\"example\", model_package_group_name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sagemaker.ModelPackageGroup(\"example\", new Aws.Sagemaker.ModelPackageGroupArgs\n {\n ModelPackageGroupName = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewModelPackageGroup(ctx, \"example\", &sagemaker.ModelPackageGroupArgs{\n\t\t\tModelPackageGroupName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker Code Model Package Groups can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/modelPackageGroup:ModelPackageGroup test_model_package_group my-code-repo\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Model Package Group.\n" + }, + "modelPackageGroupDescription": { + "type": "string", + "description": "A description for the model group.\n" + }, + "modelPackageGroupName": { + "type": "string", + "description": "The name of the model group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "modelPackageGroupName", + "tagsAll" + ], + "inputProperties": { + "modelPackageGroupDescription": { + "type": "string", + "description": "A description for the model group.\n" + }, + "modelPackageGroupName": { + "type": "string", + "description": "The name of the model group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "modelPackageGroupName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ModelPackageGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Model Package Group.\n" + }, + "modelPackageGroupDescription": { + "type": "string", + "description": "A description for the model group.\n" + }, + "modelPackageGroupName": { + "type": "string", + "description": "The name of the model group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/notebookInstance:NotebookInstance": { + "description": "Provides a Sagemaker Notebook Instance resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ni = new aws.sagemaker.NotebookInstance(\"ni\", {\n roleArn: aws_iam_role.role.arn,\n instanceType: \"ml.t2.medium\",\n tags: {\n Name: \"foo\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nni = aws.sagemaker.NotebookInstance(\"ni\",\n role_arn=aws_iam_role[\"role\"][\"arn\"],\n instance_type=\"ml.t2.medium\",\n tags={\n \"Name\": \"foo\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ni = new Aws.Sagemaker.NotebookInstance(\"ni\", new Aws.Sagemaker.NotebookInstanceArgs\n {\n RoleArn = aws_iam_role.Role.Arn,\n InstanceType = \"ml.t2.medium\",\n Tags = \n {\n { \"Name\", \"foo\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewNotebookInstance(ctx, \"ni\", &sagemaker.NotebookInstanceArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Role.Arn),\n\t\t\tInstanceType: pulumi.String(\"ml.t2.medium\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Code repository usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.CodeRepository(\"example\", {\n codeRepositoryName: \"my-notebook-instance-code-repo\",\n gitConfig: {\n repositoryUrl: \"https://github.com/hashicorp/terraform-provider-aws.git\",\n },\n});\nconst ni = new aws.sagemaker.NotebookInstance(\"ni\", {\n roleArn: aws_iam_role.role.arn,\n instanceType: \"ml.t2.medium\",\n defaultCodeRepository: example.codeRepositoryName,\n tags: {\n Name: \"foo\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.CodeRepository(\"example\",\n code_repository_name=\"my-notebook-instance-code-repo\",\n git_config=aws.sagemaker.CodeRepositoryGitConfigArgs(\n repository_url=\"https://github.com/hashicorp/terraform-provider-aws.git\",\n ))\nni = aws.sagemaker.NotebookInstance(\"ni\",\n role_arn=aws_iam_role[\"role\"][\"arn\"],\n instance_type=\"ml.t2.medium\",\n default_code_repository=example.code_repository_name,\n tags={\n \"Name\": \"foo\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sagemaker.CodeRepository(\"example\", new Aws.Sagemaker.CodeRepositoryArgs\n {\n CodeRepositoryName = \"my-notebook-instance-code-repo\",\n GitConfig = new Aws.Sagemaker.Inputs.CodeRepositoryGitConfigArgs\n {\n RepositoryUrl = \"https://github.com/hashicorp/terraform-provider-aws.git\",\n },\n });\n var ni = new Aws.Sagemaker.NotebookInstance(\"ni\", new Aws.Sagemaker.NotebookInstanceArgs\n {\n RoleArn = aws_iam_role.Role.Arn,\n InstanceType = \"ml.t2.medium\",\n DefaultCodeRepository = example.CodeRepositoryName,\n Tags = \n {\n { \"Name\", \"foo\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := sagemaker.NewCodeRepository(ctx, \"example\", &sagemaker.CodeRepositoryArgs{\n\t\t\tCodeRepositoryName: pulumi.String(\"my-notebook-instance-code-repo\"),\n\t\t\tGitConfig: &sagemaker.CodeRepositoryGitConfigArgs{\n\t\t\t\tRepositoryUrl: pulumi.String(\"https://github.com/hashicorp/terraform-provider-aws.git\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewNotebookInstance(ctx, \"ni\", &sagemaker.NotebookInstanceArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Role.Arn),\n\t\t\tInstanceType: pulumi.String(\"ml.t2.medium\"),\n\t\t\tDefaultCodeRepository: example.CodeRepositoryName,\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"foo\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker Notebook Instances can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/notebookInstance:NotebookInstance test_notebook_instance my-notebook-instance\n```\n\n ", + "properties": { + "additionalCodeRepositories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of up to three Git repositories to associate with the notebook instance.\nThese can be either the names of Git repositories stored as resources in your account, or the URL of Git repositories in [AWS CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html) or in any other Git repository. These repositories are cloned at the same level as the default repository of your notebook instance.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this notebook instance.\n" + }, + "defaultCodeRepository": { + "type": "string", + "description": "The Git repository associated with the notebook instance as its default code repository. This can be either the name of a Git repository stored as a resource in your account, or the URL of a Git repository in [AWS CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html) or in any other Git repository.\n" + }, + "directInternetAccess": { + "type": "string", + "description": "Set to `Disabled` to disable internet access to notebook. Requires `security_groups` and `subnet_id` to be set. Supported values: `Enabled` (Default) or `Disabled`. If set to `Disabled`, the notebook instance will be able to access resources only in your VPC, and will not be able to connect to Amazon SageMaker training and endpoint services unless your configure a NAT Gateway in your VPC.\n" + }, + "instanceType": { + "type": "string", + "description": "The name of ML compute instance type.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt the model artifacts at rest using Amazon S3 server-side encryption.\n" + }, + "lifecycleConfigName": { + "type": "string", + "description": "The name of a lifecycle configuration to associate with the notebook instance.\n" + }, + "name": { + "type": "string", + "description": "The name of the notebook instance (must be unique).\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface ID that Amazon SageMaker created at the time of creating the instance. Only available when setting `subnet_id`.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role to be used by the notebook instance which allows SageMaker to call other services on your behalf.\n" + }, + "rootAccess": { + "type": "string", + "description": "Whether root access is `Enabled` or `Disabled` for users of the notebook instance. The default value is `Enabled`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The associated security groups.\n" + }, + "subnetId": { + "type": "string", + "description": "The VPC subnet ID.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "url": { + "type": "string", + "description": "The URL that you use to connect to the Jupyter notebook that is running in your notebook instance.\n" + }, + "volumeSize": { + "type": "integer", + "description": "The size, in GB, of the ML storage volume to attach to the notebook instance. The default value is 5 GB.\n" + } + }, + "required": [ + "arn", + "instanceType", + "name", + "networkInterfaceId", + "roleArn", + "securityGroups", + "tagsAll", + "url" + ], + "inputProperties": { + "additionalCodeRepositories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of up to three Git repositories to associate with the notebook instance.\nThese can be either the names of Git repositories stored as resources in your account, or the URL of Git repositories in [AWS CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html) or in any other Git repository. These repositories are cloned at the same level as the default repository of your notebook instance.\n" + }, + "defaultCodeRepository": { + "type": "string", + "description": "The Git repository associated with the notebook instance as its default code repository. This can be either the name of a Git repository stored as a resource in your account, or the URL of a Git repository in [AWS CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html) or in any other Git repository.\n" + }, + "directInternetAccess": { + "type": "string", + "description": "Set to `Disabled` to disable internet access to notebook. Requires `security_groups` and `subnet_id` to be set. Supported values: `Enabled` (Default) or `Disabled`. If set to `Disabled`, the notebook instance will be able to access resources only in your VPC, and will not be able to connect to Amazon SageMaker training and endpoint services unless your configure a NAT Gateway in your VPC.\n" + }, + "instanceType": { + "type": "string", + "description": "The name of ML compute instance type.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt the model artifacts at rest using Amazon S3 server-side encryption.\n" + }, + "lifecycleConfigName": { + "type": "string", + "description": "The name of a lifecycle configuration to associate with the notebook instance.\n" + }, + "name": { + "type": "string", + "description": "The name of the notebook instance (must be unique).\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role to be used by the notebook instance which allows SageMaker to call other services on your behalf.\n" + }, + "rootAccess": { + "type": "string", + "description": "Whether root access is `Enabled` or `Disabled` for users of the notebook instance. The default value is `Enabled`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The associated security groups.\n" + }, + "subnetId": { + "type": "string", + "description": "The VPC subnet ID.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "volumeSize": { + "type": "integer", + "description": "The size, in GB, of the ML storage volume to attach to the notebook instance. The default value is 5 GB.\n" + } + }, + "requiredInputs": [ + "instanceType", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NotebookInstance resources.\n", + "properties": { + "additionalCodeRepositories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of up to three Git repositories to associate with the notebook instance.\nThese can be either the names of Git repositories stored as resources in your account, or the URL of Git repositories in [AWS CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html) or in any other Git repository. These repositories are cloned at the same level as the default repository of your notebook instance.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this notebook instance.\n" + }, + "defaultCodeRepository": { + "type": "string", + "description": "The Git repository associated with the notebook instance as its default code repository. This can be either the name of a Git repository stored as a resource in your account, or the URL of a Git repository in [AWS CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html) or in any other Git repository.\n" + }, + "directInternetAccess": { + "type": "string", + "description": "Set to `Disabled` to disable internet access to notebook. Requires `security_groups` and `subnet_id` to be set. Supported values: `Enabled` (Default) or `Disabled`. If set to `Disabled`, the notebook instance will be able to access resources only in your VPC, and will not be able to connect to Amazon SageMaker training and endpoint services unless your configure a NAT Gateway in your VPC.\n" + }, + "instanceType": { + "type": "string", + "description": "The name of ML compute instance type.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The AWS Key Management Service (AWS KMS) key that Amazon SageMaker uses to encrypt the model artifacts at rest using Amazon S3 server-side encryption.\n" + }, + "lifecycleConfigName": { + "type": "string", + "description": "The name of a lifecycle configuration to associate with the notebook instance.\n" + }, + "name": { + "type": "string", + "description": "The name of the notebook instance (must be unique).\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface ID that Amazon SageMaker created at the time of creating the instance. Only available when setting `subnet_id`.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the IAM role to be used by the notebook instance which allows SageMaker to call other services on your behalf.\n" + }, + "rootAccess": { + "type": "string", + "description": "Whether root access is `Enabled` or `Disabled` for users of the notebook instance. The default value is `Enabled`.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The associated security groups.\n" + }, + "subnetId": { + "type": "string", + "description": "The VPC subnet ID.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "url": { + "type": "string", + "description": "The URL that you use to connect to the Jupyter notebook that is running in your notebook instance.\n" + }, + "volumeSize": { + "type": "integer", + "description": "The size, in GB, of the ML storage volume to attach to the notebook instance. The default value is 5 GB.\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/notebookInstanceLifecycleConfiguration:NotebookInstanceLifecycleConfiguration": { + "description": "Provides a lifecycle configuration for SageMaker Notebook Instances.\n\n\n## Import\n\nModels can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/notebookInstanceLifecycleConfiguration:NotebookInstanceLifecycleConfiguration lc foo\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this lifecycle configuration.\n" + }, + "name": { + "type": "string", + "description": "The name of the lifecycle configuration (must be unique). If omitted, this provider will assign a random, unique name.\n" + }, + "onCreate": { + "type": "string", + "description": "A shell script (base64-encoded) that runs only once when the SageMaker Notebook Instance is created.\n" + }, + "onStart": { + "type": "string", + "description": "A shell script (base64-encoded) that runs every time the SageMaker Notebook Instance is started including the time it's created.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the lifecycle configuration (must be unique). If omitted, this provider will assign a random, unique name.\n" + }, + "onCreate": { + "type": "string", + "description": "A shell script (base64-encoded) that runs only once when the SageMaker Notebook Instance is created.\n" + }, + "onStart": { + "type": "string", + "description": "A shell script (base64-encoded) that runs every time the SageMaker Notebook Instance is started including the time it's created.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering NotebookInstanceLifecycleConfiguration resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this lifecycle configuration.\n" + }, + "name": { + "type": "string", + "description": "The name of the lifecycle configuration (must be unique). If omitted, this provider will assign a random, unique name.\n" + }, + "onCreate": { + "type": "string", + "description": "A shell script (base64-encoded) that runs only once when the SageMaker Notebook Instance is created.\n" + }, + "onStart": { + "type": "string", + "description": "A shell script (base64-encoded) that runs every time the SageMaker Notebook Instance is started including the time it's created.\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/userProfile:UserProfile": { + "description": "Provides a Sagemaker User Profile resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.UserProfile(\"example\", {\n domainId: aws_sagemaker_domain.test.id,\n userProfileName: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.UserProfile(\"example\",\n domain_id=aws_sagemaker_domain[\"test\"][\"id\"],\n user_profile_name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sagemaker.UserProfile(\"example\", new Aws.Sagemaker.UserProfileArgs\n {\n DomainId = aws_sagemaker_domain.Test.Id,\n UserProfileName = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewUserProfile(ctx, \"example\", &sagemaker.UserProfileArgs{\n\t\t\tDomainId: pulumi.Any(aws_sagemaker_domain.Test.Id),\n\t\t\tUserProfileName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker Code User Profiles can be imported using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/userProfile:UserProfile test_user_profile arn:aws:sagemaker:us-west-2:123456789012:user-profile/domain-id/profile-name\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The user profile Amazon Resource Name (ARN).\n" + }, + "domainId": { + "type": "string", + "description": "The ID of the associated Domain.\n" + }, + "homeEfsFileSystemUid": { + "type": "string", + "description": "The ID of the user's profile in the Amazon Elastic File System (EFS) volume.\n" + }, + "singleSignOnUserIdentifier": { + "type": "string", + "description": "A specifier for the type of value specified in `single_sign_on_user_value`. Currently, the only supported value is `UserName`. If the Domain's AuthMode is SSO, this field is required. If the Domain's AuthMode is not SSO, this field cannot be specified.\n" + }, + "singleSignOnUserValue": { + "type": "string", + "description": "The username of the associated AWS Single Sign-On User for this User Profile. If the Domain's AuthMode is SSO, this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not SSO, this field cannot be specified.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userProfileName": { + "type": "string", + "description": "The name for the User Profile.\n" + }, + "userSettings": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettings:UserProfileUserSettings", + "description": "The user settings. See User Settings below.\n" + } + }, + "required": [ + "arn", + "domainId", + "homeEfsFileSystemUid", + "tagsAll", + "userProfileName" + ], + "inputProperties": { + "domainId": { + "type": "string", + "description": "The ID of the associated Domain.\n" + }, + "singleSignOnUserIdentifier": { + "type": "string", + "description": "A specifier for the type of value specified in `single_sign_on_user_value`. Currently, the only supported value is `UserName`. If the Domain's AuthMode is SSO, this field is required. If the Domain's AuthMode is not SSO, this field cannot be specified.\n" + }, + "singleSignOnUserValue": { + "type": "string", + "description": "The username of the associated AWS Single Sign-On User for this User Profile. If the Domain's AuthMode is SSO, this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not SSO, this field cannot be specified.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userProfileName": { + "type": "string", + "description": "The name for the User Profile.\n" + }, + "userSettings": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettings:UserProfileUserSettings", + "description": "The user settings. See User Settings below.\n" + } + }, + "requiredInputs": [ + "domainId", + "userProfileName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UserProfile resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The user profile Amazon Resource Name (ARN).\n" + }, + "domainId": { + "type": "string", + "description": "The ID of the associated Domain.\n" + }, + "homeEfsFileSystemUid": { + "type": "string", + "description": "The ID of the user's profile in the Amazon Elastic File System (EFS) volume.\n" + }, + "singleSignOnUserIdentifier": { + "type": "string", + "description": "A specifier for the type of value specified in `single_sign_on_user_value`. Currently, the only supported value is `UserName`. If the Domain's AuthMode is SSO, this field is required. If the Domain's AuthMode is not SSO, this field cannot be specified.\n" + }, + "singleSignOnUserValue": { + "type": "string", + "description": "The username of the associated AWS Single Sign-On User for this User Profile. If the Domain's AuthMode is SSO, this field is required, and must match a valid username of a user in your directory. If the Domain's AuthMode is not SSO, this field cannot be specified.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userProfileName": { + "type": "string", + "description": "The name for the User Profile.\n" + }, + "userSettings": { + "$ref": "#/types/aws:sagemaker/UserProfileUserSettings:UserProfileUserSettings", + "description": "The user settings. See User Settings below.\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/workforce:Workforce": { + "description": "Provides a Sagemaker Workforce resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Cognito Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleUserPool = new aws.cognito.UserPool(\"exampleUserPool\", {});\nconst exampleUserPoolClient = new aws.cognito.UserPoolClient(\"exampleUserPoolClient\", {\n generateSecret: true,\n userPoolId: exampleUserPool.id,\n});\nconst exampleUserPoolDomain = new aws.cognito.UserPoolDomain(\"exampleUserPoolDomain\", {\n domain: \"example\",\n userPoolId: exampleUserPool.id,\n});\nconst exampleWorkforce = new aws.sagemaker.Workforce(\"exampleWorkforce\", {\n workforceName: \"example\",\n cognitoConfig: {\n clientId: exampleUserPoolClient.id,\n userPool: exampleUserPoolDomain.userPoolId,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_user_pool = aws.cognito.UserPool(\"exampleUserPool\")\nexample_user_pool_client = aws.cognito.UserPoolClient(\"exampleUserPoolClient\",\n generate_secret=True,\n user_pool_id=example_user_pool.id)\nexample_user_pool_domain = aws.cognito.UserPoolDomain(\"exampleUserPoolDomain\",\n domain=\"example\",\n user_pool_id=example_user_pool.id)\nexample_workforce = aws.sagemaker.Workforce(\"exampleWorkforce\",\n workforce_name=\"example\",\n cognito_config=aws.sagemaker.WorkforceCognitoConfigArgs(\n client_id=example_user_pool_client.id,\n user_pool=example_user_pool_domain.user_pool_id,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleUserPool = new Aws.Cognito.UserPool(\"exampleUserPool\", new Aws.Cognito.UserPoolArgs\n {\n });\n var exampleUserPoolClient = new Aws.Cognito.UserPoolClient(\"exampleUserPoolClient\", new Aws.Cognito.UserPoolClientArgs\n {\n GenerateSecret = true,\n UserPoolId = exampleUserPool.Id,\n });\n var exampleUserPoolDomain = new Aws.Cognito.UserPoolDomain(\"exampleUserPoolDomain\", new Aws.Cognito.UserPoolDomainArgs\n {\n Domain = \"example\",\n UserPoolId = exampleUserPool.Id,\n });\n var exampleWorkforce = new Aws.Sagemaker.Workforce(\"exampleWorkforce\", new Aws.Sagemaker.WorkforceArgs\n {\n WorkforceName = \"example\",\n CognitoConfig = new Aws.Sagemaker.Inputs.WorkforceCognitoConfigArgs\n {\n ClientId = exampleUserPoolClient.Id,\n UserPool = exampleUserPoolDomain.UserPoolId,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleUserPool, err := cognito.NewUserPool(ctx, \"exampleUserPool\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleUserPoolClient, err := cognito.NewUserPoolClient(ctx, \"exampleUserPoolClient\", &cognito.UserPoolClientArgs{\n\t\t\tGenerateSecret: pulumi.Bool(true),\n\t\t\tUserPoolId: exampleUserPool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleUserPoolDomain, err := cognito.NewUserPoolDomain(ctx, \"exampleUserPoolDomain\", &cognito.UserPoolDomainArgs{\n\t\t\tDomain: pulumi.String(\"example\"),\n\t\t\tUserPoolId: exampleUserPool.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sagemaker.NewWorkforce(ctx, \"exampleWorkforce\", &sagemaker.WorkforceArgs{\n\t\t\tWorkforceName: pulumi.String(\"example\"),\n\t\t\tCognitoConfig: &sagemaker.WorkforceCognitoConfigArgs{\n\t\t\t\tClientId: exampleUserPoolClient.ID(),\n\t\t\t\tUserPool: exampleUserPoolDomain.UserPoolId,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Oidc Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.Workforce(\"example\", {\n oidcConfig: {\n authorizationEndpoint: \"https://example.com\",\n clientId: \"example\",\n clientSecret: \"example\",\n issuer: \"https://example.com\",\n jwksUri: \"https://example.com\",\n logoutEndpoint: \"https://example.com\",\n tokenEndpoint: \"https://example.com\",\n userInfoEndpoint: \"https://example.com\",\n },\n workforceName: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.Workforce(\"example\",\n oidc_config=aws.sagemaker.WorkforceOidcConfigArgs(\n authorization_endpoint=\"https://example.com\",\n client_id=\"example\",\n client_secret=\"example\",\n issuer=\"https://example.com\",\n jwks_uri=\"https://example.com\",\n logout_endpoint=\"https://example.com\",\n token_endpoint=\"https://example.com\",\n user_info_endpoint=\"https://example.com\",\n ),\n workforce_name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sagemaker.Workforce(\"example\", new Aws.Sagemaker.WorkforceArgs\n {\n OidcConfig = new Aws.Sagemaker.Inputs.WorkforceOidcConfigArgs\n {\n AuthorizationEndpoint = \"https://example.com\",\n ClientId = \"example\",\n ClientSecret = \"example\",\n Issuer = \"https://example.com\",\n JwksUri = \"https://example.com\",\n LogoutEndpoint = \"https://example.com\",\n TokenEndpoint = \"https://example.com\",\n UserInfoEndpoint = \"https://example.com\",\n },\n WorkforceName = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewWorkforce(ctx, \"example\", &sagemaker.WorkforceArgs{\n\t\t\tOidcConfig: &sagemaker.WorkforceOidcConfigArgs{\n\t\t\t\tAuthorizationEndpoint: pulumi.String(\"https://example.com\"),\n\t\t\t\tClientId: pulumi.String(\"example\"),\n\t\t\t\tClientSecret: pulumi.String(\"example\"),\n\t\t\t\tIssuer: pulumi.String(\"https://example.com\"),\n\t\t\t\tJwksUri: pulumi.String(\"https://example.com\"),\n\t\t\t\tLogoutEndpoint: pulumi.String(\"https://example.com\"),\n\t\t\t\tTokenEndpoint: pulumi.String(\"https://example.com\"),\n\t\t\t\tUserInfoEndpoint: pulumi.String(\"https://example.com\"),\n\t\t\t},\n\t\t\tWorkforceName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker Workforces can be imported using the `workforce_name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/workforce:Workforce example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Workforce.\n" + }, + "cognitoConfig": { + "$ref": "#/types/aws:sagemaker/WorkforceCognitoConfig:WorkforceCognitoConfig", + "description": "Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with `oidc_config`. see Cognito Config details below.\n" + }, + "oidcConfig": { + "$ref": "#/types/aws:sagemaker/WorkforceOidcConfig:WorkforceOidcConfig", + "description": "Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with `cognito_config`. see OIDC Config details below.\n" + }, + "sourceIpConfig": { + "$ref": "#/types/aws:sagemaker/WorkforceSourceIpConfig:WorkforceSourceIpConfig", + "description": "A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.\n" + }, + "subdomain": { + "type": "string", + "description": "The subdomain for your OIDC Identity Provider.\n" + }, + "workforceName": { + "type": "string", + "description": "The name of the Workforce (must be unique).\n" + } + }, + "required": [ + "arn", + "sourceIpConfig", + "subdomain", + "workforceName" + ], + "inputProperties": { + "cognitoConfig": { + "$ref": "#/types/aws:sagemaker/WorkforceCognitoConfig:WorkforceCognitoConfig", + "description": "Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with `oidc_config`. see Cognito Config details below.\n" + }, + "oidcConfig": { + "$ref": "#/types/aws:sagemaker/WorkforceOidcConfig:WorkforceOidcConfig", + "description": "Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with `cognito_config`. see OIDC Config details below.\n" + }, + "sourceIpConfig": { + "$ref": "#/types/aws:sagemaker/WorkforceSourceIpConfig:WorkforceSourceIpConfig", + "description": "A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.\n" + }, + "workforceName": { + "type": "string", + "description": "The name of the Workforce (must be unique).\n" + } + }, + "requiredInputs": [ + "workforceName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Workforce resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Workforce.\n" + }, + "cognitoConfig": { + "$ref": "#/types/aws:sagemaker/WorkforceCognitoConfig:WorkforceCognitoConfig", + "description": "Use this parameter to configure an Amazon Cognito private workforce. A single Cognito workforce is created using and corresponds to a single Amazon Cognito user pool. Conflicts with `oidc_config`. see Cognito Config details below.\n" + }, + "oidcConfig": { + "$ref": "#/types/aws:sagemaker/WorkforceOidcConfig:WorkforceOidcConfig", + "description": "Use this parameter to configure a private workforce using your own OIDC Identity Provider. Conflicts with `cognito_config`. see OIDC Config details below.\n" + }, + "sourceIpConfig": { + "$ref": "#/types/aws:sagemaker/WorkforceSourceIpConfig:WorkforceSourceIpConfig", + "description": "A list of IP address ranges Used to create an allow list of IP addresses for a private workforce. By default, a workforce isn't restricted to specific IP addresses. see Source Ip Config details below.\n" + }, + "subdomain": { + "type": "string", + "description": "The subdomain for your OIDC Identity Provider.\n" + }, + "workforceName": { + "type": "string", + "description": "The name of the Workforce (must be unique).\n" + } + }, + "type": "object" + } + }, + "aws:sagemaker/workteam:Workteam": { + "description": "Provides a Sagemaker Workteam resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Cognito Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.Workteam(\"example\", {\n workteamName: \"example\",\n workforceName: aws_sagemaker_workforce.example.id,\n description: \"example\",\n memberDefinitions: [{\n cognitoMemberDefinition: {\n clientId: aws_cognito_user_pool_client.example.id,\n userPool: aws_cognito_user_pool_domain.example.user_pool_id,\n userGroup: aws_cognito_user_group.example.id,\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.Workteam(\"example\",\n workteam_name=\"example\",\n workforce_name=aws_sagemaker_workforce[\"example\"][\"id\"],\n description=\"example\",\n member_definitions=[aws.sagemaker.WorkteamMemberDefinitionArgs(\n cognito_member_definition=aws.sagemaker.WorkteamMemberDefinitionCognitoMemberDefinitionArgs(\n client_id=aws_cognito_user_pool_client[\"example\"][\"id\"],\n user_pool=aws_cognito_user_pool_domain[\"example\"][\"user_pool_id\"],\n user_group=aws_cognito_user_group[\"example\"][\"id\"],\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sagemaker.Workteam(\"example\", new Aws.Sagemaker.WorkteamArgs\n {\n WorkteamName = \"example\",\n WorkforceName = aws_sagemaker_workforce.Example.Id,\n Description = \"example\",\n MemberDefinitions = \n {\n new Aws.Sagemaker.Inputs.WorkteamMemberDefinitionArgs\n {\n CognitoMemberDefinition = new Aws.Sagemaker.Inputs.WorkteamMemberDefinitionCognitoMemberDefinitionArgs\n {\n ClientId = aws_cognito_user_pool_client.Example.Id,\n UserPool = aws_cognito_user_pool_domain.Example.User_pool_id,\n UserGroup = aws_cognito_user_group.Example.Id,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewWorkteam(ctx, \"example\", &sagemaker.WorkteamArgs{\n\t\t\tWorkteamName: pulumi.String(\"example\"),\n\t\t\tWorkforceName: pulumi.Any(aws_sagemaker_workforce.Example.Id),\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t\tMemberDefinitions: sagemaker.WorkteamMemberDefinitionArray{\n\t\t\t\t&sagemaker.WorkteamMemberDefinitionArgs{\n\t\t\t\t\tCognitoMemberDefinition: &sagemaker.WorkteamMemberDefinitionCognitoMemberDefinitionArgs{\n\t\t\t\t\t\tClientId: pulumi.Any(aws_cognito_user_pool_client.Example.Id),\n\t\t\t\t\t\tUserPool: pulumi.Any(aws_cognito_user_pool_domain.Example.User_pool_id),\n\t\t\t\t\t\tUserGroup: pulumi.Any(aws_cognito_user_group.Example.Id),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Oidc Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.sagemaker.Workteam(\"example\", {\n workteamName: \"example\",\n workforceName: aws_sagemaker_workforce.example.id,\n description: \"example\",\n memberDefinitions: [{\n oidcMemberDefinition: {\n groups: [\"example\"],\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sagemaker.Workteam(\"example\",\n workteam_name=\"example\",\n workforce_name=aws_sagemaker_workforce[\"example\"][\"id\"],\n description=\"example\",\n member_definitions=[aws.sagemaker.WorkteamMemberDefinitionArgs(\n oidc_member_definition=aws.sagemaker.WorkteamMemberDefinitionOidcMemberDefinitionArgs(\n groups=[\"example\"],\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Sagemaker.Workteam(\"example\", new Aws.Sagemaker.WorkteamArgs\n {\n WorkteamName = \"example\",\n WorkforceName = aws_sagemaker_workforce.Example.Id,\n Description = \"example\",\n MemberDefinitions = \n {\n new Aws.Sagemaker.Inputs.WorkteamMemberDefinitionArgs\n {\n OidcMemberDefinition = new Aws.Sagemaker.Inputs.WorkteamMemberDefinitionOidcMemberDefinitionArgs\n {\n Groups = \n {\n \"example\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sagemaker.NewWorkteam(ctx, \"example\", &sagemaker.WorkteamArgs{\n\t\t\tWorkteamName: pulumi.String(\"example\"),\n\t\t\tWorkforceName: pulumi.Any(aws_sagemaker_workforce.Example.Id),\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t\tMemberDefinitions: sagemaker.WorkteamMemberDefinitionArray{\n\t\t\t\t&sagemaker.WorkteamMemberDefinitionArgs{\n\t\t\t\t\tOidcMemberDefinition: &sagemaker.WorkteamMemberDefinitionOidcMemberDefinitionArgs{\n\t\t\t\t\t\tGroups: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"example\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSagemaker Workteams can be imported using the `workteam_name`, e.g.\n\n```sh\n $ pulumi import aws:sagemaker/workteam:Workteam example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Workteam.\n" + }, + "description": { + "type": "string", + "description": "A description of the work team.\n" + }, + "memberDefinitions": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/WorkteamMemberDefinition:WorkteamMemberDefinition" + }, + "description": "A list of Member Definitions that contains objects that identify the workers that make up the work team. Workforces can be created using Amazon Cognito or your own OIDC Identity Provider (IdP). For private workforces created using Amazon Cognito use `cognito_member_definition`. For workforces created using your own OIDC identity provider (IdP) use `oidc_member_definition`. Do not provide input for both of these parameters in a single request. see Member Definition details below.\n" + }, + "notificationConfiguration": { + "$ref": "#/types/aws:sagemaker/WorkteamNotificationConfiguration:WorkteamNotificationConfiguration", + "description": "Configures notification of workers regarding available or expiring work items. see Notification Configuration details below.\n" + }, + "subdomain": { + "type": "string", + "description": "The subdomain for your OIDC Identity Provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "workforceName": { + "type": "string", + "description": "The name of the Workteam (must be unique).\n" + }, + "workteamName": { + "type": "string", + "description": "The name of the workforce.\n" + } + }, + "required": [ + "arn", + "description", + "memberDefinitions", + "subdomain", + "tagsAll", + "workforceName", + "workteamName" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A description of the work team.\n" + }, + "memberDefinitions": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/WorkteamMemberDefinition:WorkteamMemberDefinition" + }, + "description": "A list of Member Definitions that contains objects that identify the workers that make up the work team. Workforces can be created using Amazon Cognito or your own OIDC Identity Provider (IdP). For private workforces created using Amazon Cognito use `cognito_member_definition`. For workforces created using your own OIDC identity provider (IdP) use `oidc_member_definition`. Do not provide input for both of these parameters in a single request. see Member Definition details below.\n" + }, + "notificationConfiguration": { + "$ref": "#/types/aws:sagemaker/WorkteamNotificationConfiguration:WorkteamNotificationConfiguration", + "description": "Configures notification of workers regarding available or expiring work items. see Notification Configuration details below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "workforceName": { + "type": "string", + "description": "The name of the Workteam (must be unique).\n" + }, + "workteamName": { + "type": "string", + "description": "The name of the workforce.\n" + } + }, + "requiredInputs": [ + "description", + "memberDefinitions", + "workforceName", + "workteamName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Workteam resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS to this Workteam.\n" + }, + "description": { + "type": "string", + "description": "A description of the work team.\n" + }, + "memberDefinitions": { + "type": "array", + "items": { + "$ref": "#/types/aws:sagemaker/WorkteamMemberDefinition:WorkteamMemberDefinition" + }, + "description": "A list of Member Definitions that contains objects that identify the workers that make up the work team. Workforces can be created using Amazon Cognito or your own OIDC Identity Provider (IdP). For private workforces created using Amazon Cognito use `cognito_member_definition`. For workforces created using your own OIDC identity provider (IdP) use `oidc_member_definition`. Do not provide input for both of these parameters in a single request. see Member Definition details below.\n" + }, + "notificationConfiguration": { + "$ref": "#/types/aws:sagemaker/WorkteamNotificationConfiguration:WorkteamNotificationConfiguration", + "description": "Configures notification of workers regarding available or expiring work items. see Notification Configuration details below.\n" + }, + "subdomain": { + "type": "string", + "description": "The subdomain for your OIDC Identity Provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "workforceName": { + "type": "string", + "description": "The name of the Workteam (must be unique).\n" + }, + "workteamName": { + "type": "string", + "description": "The name of the workforce.\n" + } + }, + "type": "object" + } + }, + "aws:schemas/discoverer:Discoverer": { + "description": "Provides an EventBridge Schema Discoverer resource.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst messenger = new aws.cloudwatch.EventBus(\"messenger\", {});\nconst test = new aws.schemas.Discoverer(\"test\", {\n sourceArn: messenger.arn,\n description: \"Auto discover event schemas\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmessenger = aws.cloudwatch.EventBus(\"messenger\")\ntest = aws.schemas.Discoverer(\"test\",\n source_arn=messenger.arn,\n description=\"Auto discover event schemas\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var messenger = new Aws.CloudWatch.EventBus(\"messenger\", new Aws.CloudWatch.EventBusArgs\n {\n });\n var test = new Aws.Schemas.Discoverer(\"test\", new Aws.Schemas.DiscovererArgs\n {\n SourceArn = messenger.Arn,\n Description = \"Auto discover event schemas\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/schemas\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmessenger, err := cloudwatch.NewEventBus(ctx, \"messenger\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = schemas.NewDiscoverer(ctx, \"test\", &schemas.DiscovererArgs{\n\t\t\tSourceArn: messenger.Arn,\n\t\t\tDescription: pulumi.String(\"Auto discover event schemas\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEventBridge discoverers can be imported using the `id`, e.g. console\n\n```sh\n $ pulumi import aws:schemas/discoverer:Discoverer test 123\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the discoverer.\n" + }, + "description": { + "type": "string", + "description": "The description of the discoverer. Maximum of 256 characters.\n" + }, + "sourceArn": { + "type": "string", + "description": "The ARN of the event bus to discover event schemas on.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "sourceArn", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the discoverer. Maximum of 256 characters.\n" + }, + "sourceArn": { + "type": "string", + "description": "The ARN of the event bus to discover event schemas on.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "sourceArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Discoverer resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the discoverer.\n" + }, + "description": { + "type": "string", + "description": "The description of the discoverer. Maximum of 256 characters.\n" + }, + "sourceArn": { + "type": "string", + "description": "The ARN of the event bus to discover event schemas on.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:schemas/registry:Registry": { + "description": "Provides an EventBridge Custom Schema Registry resource.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.schemas.Registry(\"test\", {\n description: \"A custom schema registry\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.schemas.Registry(\"test\", description=\"A custom schema registry\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Schemas.Registry(\"test\", new Aws.Schemas.RegistryArgs\n {\n Description = \"A custom schema registry\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/schemas\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := schemas.NewRegistry(ctx, \"test\", &schemas.RegistryArgs{\n\t\t\tDescription: pulumi.String(\"A custom schema registry\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEventBridge schema registries can be imported using the `name`, e.g. console\n\n```sh\n $ pulumi import aws:schemas/registry:Registry test my_own_registry\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the discoverer.\n" + }, + "description": { + "type": "string", + "description": "The description of the discoverer. Maximum of 256 characters.\n" + }, + "name": { + "type": "string", + "description": "The name of the custom event schema registry. Maximum of 64 characters consisting of lower case letters, upper case letters, 0-9, ., -, _.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the discoverer. Maximum of 256 characters.\n" + }, + "name": { + "type": "string", + "description": "The name of the custom event schema registry. Maximum of 64 characters consisting of lower case letters, upper case letters, 0-9, ., -, _.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Registry resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the discoverer.\n" + }, + "description": { + "type": "string", + "description": "The description of the discoverer. Maximum of 256 characters.\n" + }, + "name": { + "type": "string", + "description": "The name of the custom event schema registry. Maximum of 64 characters consisting of lower case letters, upper case letters, 0-9, ., -, _.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:schemas/schema:Schema": { + "description": "Provides an EventBridge Schema resource.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testRegistry = new aws.schemas.Registry(\"testRegistry\", {});\nconst testSchema = new aws.schemas.Schema(\"testSchema\", {\n registryName: testRegistry.name,\n type: \"OpenApi3\",\n description: \"The schema definition for my event\",\n content: JSON.stringify({\n openapi: \"3.0.0\",\n info: {\n version: \"1.0.0\",\n title: \"Event\",\n },\n paths: {},\n components: {\n schemas: {\n Event: {\n type: \"object\",\n properties: {\n name: {\n type: \"string\",\n },\n },\n },\n },\n },\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest_registry = aws.schemas.Registry(\"testRegistry\")\ntest_schema = aws.schemas.Schema(\"testSchema\",\n registry_name=test_registry.name,\n type=\"OpenApi3\",\n description=\"The schema definition for my event\",\n content=json.dumps({\n \"openapi\": \"3.0.0\",\n \"info\": {\n \"version\": \"1.0.0\",\n \"title\": \"Event\",\n },\n \"paths\": {},\n \"components\": {\n \"schemas\": {\n \"Event\": {\n \"type\": \"object\",\n \"properties\": {\n \"name\": {\n \"type\": \"string\",\n },\n },\n },\n },\n },\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testRegistry = new Aws.Schemas.Registry(\"testRegistry\", new Aws.Schemas.RegistryArgs\n {\n });\n var testSchema = new Aws.Schemas.Schema(\"testSchema\", new Aws.Schemas.SchemaArgs\n {\n RegistryName = testRegistry.Name,\n Type = \"OpenApi3\",\n Description = \"The schema definition for my event\",\n Content = JsonSerializer.Serialize(new Dictionary\n {\n { \"openapi\", \"3.0.0\" },\n { \"info\", new Dictionary\n {\n { \"version\", \"1.0.0\" },\n { \"title\", \"Event\" },\n } },\n { \"paths\", new Dictionary\n {\n } },\n { \"components\", new Dictionary\n {\n { \"schemas\", new Dictionary\n {\n { \"Event\", new Dictionary\n {\n { \"type\", \"object\" },\n { \"properties\", new Dictionary\n {\n { \"name\", new Dictionary\n {\n { \"type\", \"string\" },\n } },\n } },\n } },\n } },\n } },\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/schemas\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestRegistry, err := schemas.NewRegistry(ctx, \"testRegistry\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"openapi\": \"3.0.0\",\n\t\t\t\"info\": map[string]interface{}{\n\t\t\t\t\"version\": \"1.0.0\",\n\t\t\t\t\"title\": \"Event\",\n\t\t\t},\n\t\t\t\"paths\": nil,\n\t\t\t\"components\": map[string]interface{}{\n\t\t\t\t\"schemas\": map[string]interface{}{\n\t\t\t\t\t\"Event\": map[string]interface{}{\n\t\t\t\t\t\t\"type\": \"object\",\n\t\t\t\t\t\t\"properties\": map[string]interface{}{\n\t\t\t\t\t\t\t\"name\": map[string]interface{}{\n\t\t\t\t\t\t\t\t\"type\": \"string\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = schemas.NewSchema(ctx, \"testSchema\", &schemas.SchemaArgs{\n\t\t\tRegistryName: testRegistry.Name,\n\t\t\tType: pulumi.String(\"OpenApi3\"),\n\t\t\tDescription: pulumi.String(\"The schema definition for my event\"),\n\t\t\tContent: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nEventBridge schema can be imported using the `name` and `registry_name`, e.g. console\n\n```sh\n $ pulumi import aws:schemas/schema:Schema test name/registry\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the discoverer.\n" + }, + "content": { + "type": "string", + "description": "The schema specification. Must be a valid Open API 3.0 spec.\n" + }, + "description": { + "type": "string", + "description": "The description of the schema. Maximum of 256 characters.\n" + }, + "lastModified": { + "type": "string", + "description": "The last modified date of the schema.\n" + }, + "name": { + "type": "string", + "description": "The name of the schema. Maximum of 385 characters consisting of lower case letters, upper case letters, ., -, _, @.\n" + }, + "registryName": { + "type": "string", + "description": "The name of the registry in which this schema belongs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string", + "description": "The type of the schema. Valid values: `OpenApi3`.\n" + }, + "version": { + "type": "string", + "description": "The version of the schema.\n" + }, + "versionCreatedDate": { + "type": "string", + "description": "The created date of the version of the schema.\n" + } + }, + "required": [ + "arn", + "content", + "lastModified", + "name", + "registryName", + "tagsAll", + "type", + "version", + "versionCreatedDate" + ], + "inputProperties": { + "content": { + "type": "string", + "description": "The schema specification. Must be a valid Open API 3.0 spec.\n" + }, + "description": { + "type": "string", + "description": "The description of the schema. Maximum of 256 characters.\n" + }, + "name": { + "type": "string", + "description": "The name of the schema. Maximum of 385 characters consisting of lower case letters, upper case letters, ., -, _, @.\n" + }, + "registryName": { + "type": "string", + "description": "The name of the registry in which this schema belongs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string", + "description": "The type of the schema. Valid values: `OpenApi3`.\n" + } + }, + "requiredInputs": [ + "content", + "registryName", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Schema resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the discoverer.\n" + }, + "content": { + "type": "string", + "description": "The schema specification. Must be a valid Open API 3.0 spec.\n" + }, + "description": { + "type": "string", + "description": "The description of the schema. Maximum of 256 characters.\n" + }, + "lastModified": { + "type": "string", + "description": "The last modified date of the schema.\n" + }, + "name": { + "type": "string", + "description": "The name of the schema. Maximum of 385 characters consisting of lower case letters, upper case letters, ., -, _, @.\n" + }, + "registryName": { + "type": "string", + "description": "The name of the registry in which this schema belongs.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "type": "string", + "description": "The type of the schema. Valid values: `OpenApi3`.\n" + }, + "version": { + "type": "string", + "description": "The version of the schema.\n" + }, + "versionCreatedDate": { + "type": "string", + "description": "The created date of the version of the schema.\n" + } + }, + "type": "object" + } + }, + "aws:secretsmanager/secret:Secret": { + "description": "Provides a resource to manage AWS Secrets Manager secret metadata. To manage secret rotation, see the `aws.secretsmanager.SecretRotation` resource. To manage a secret value, see the `aws.secretsmanager.SecretVersion` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.secretsmanager.Secret(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.secretsmanager.Secret(\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.SecretsManager.Secret(\"example\", new Aws.SecretsManager.SecretArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.NewSecret(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Rotation Configuration\n\nTo enable automatic secret rotation, the Secrets Manager service requires usage of a Lambda function. The [Rotate Secrets section in the Secrets Manager User Guide](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) provides additional information about deploying a prebuilt Lambda functions for supported credential rotation (e.g. RDS) or deploying a custom Lambda function.\n\n> **NOTE:** Configuring rotation causes the secret to rotate once as soon as you store the secret. Before you do this, you must ensure that all of your applications that use the credentials stored in the secret are updated to retrieve the secret from AWS Secrets Manager. The old credentials might no longer be usable after the initial rotation and any applications that you fail to update will break as soon as the old credentials are no longer valid.\n\n> **NOTE:** If you cancel a rotation that is in progress (by removing the `rotation` configuration), it can leave the VersionStage labels in an unexpected state. Depending on what step of the rotation was in progress, you might need to remove the staging label AWSPENDING from the partially created version, specified by the SecretVersionId response value. You should also evaluate the partially rotated new version to see if it should be deleted, which you can do by removing all staging labels from the new version's VersionStage field.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst rotation_example = new aws.secretsmanager.Secret(\"rotation-example\", {\n rotationLambdaArn: aws_lambda_function.example.arn,\n rotationRules: {\n automaticallyAfterDays: 7,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrotation_example = aws.secretsmanager.Secret(\"rotation-example\",\n rotation_lambda_arn=aws_lambda_function[\"example\"][\"arn\"],\n rotation_rules=aws.secretsmanager.SecretRotationRulesArgs(\n automatically_after_days=7,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var rotation_example = new Aws.SecretsManager.Secret(\"rotation-example\", new Aws.SecretsManager.SecretArgs\n {\n RotationLambdaArn = aws_lambda_function.Example.Arn,\n RotationRules = new Aws.SecretsManager.Inputs.SecretRotationRulesArgs\n {\n AutomaticallyAfterDays = 7,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.NewSecret(ctx, \"rotation_example\", &secretsmanager.SecretArgs{\n\t\t\tRotationLambdaArn: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tRotationRules: &secretsmanager.SecretRotationRulesArgs{\n\t\t\t\tAutomaticallyAfterDays: pulumi.Int(7),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_secretsmanager_secret` can be imported by using the secret Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:secretsmanager/secret:Secret example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the secret.\n" + }, + "description": { + "type": "string", + "description": "Description of the secret.\n" + }, + "forceOverwriteReplicaSecret": { + "type": "boolean" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN, Key ID, or Alias.\n" + }, + "name": { + "type": "string", + "description": "Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "description": "Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html).\n" + }, + "recoveryWindowInDays": { + "type": "integer", + "description": "Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.\n" + }, + "replicas": { + "type": "array", + "items": { + "$ref": "#/types/aws:secretsmanager/SecretReplica:SecretReplica" + }, + "description": "Configuration block to support secret replication. See details below.\n" + }, + "rotationEnabled": { + "type": "boolean", + "description": "Whether automatic rotation is enabled for this secret.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation resource instead" + }, + "rotationLambdaArn": { + "type": "string", + "description": "ARN of the Lambda function that can rotate the secret. Use the `aws.secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation resource instead" + }, + "rotationRules": { + "$ref": "#/types/aws:secretsmanager/SecretRotationRules:SecretRotationRules", + "description": "Configuration block for the rotation configuration of this secret. Defined below. Use the `aws.secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation resource instead" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of user-defined tags that are attached to the secret. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "name", + "namePrefix", + "policy", + "replicas", + "rotationEnabled", + "rotationLambdaArn", + "rotationRules", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the secret.\n" + }, + "forceOverwriteReplicaSecret": { + "type": "boolean" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN, Key ID, or Alias.\n" + }, + "name": { + "type": "string", + "description": "Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "description": "Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html).\n" + }, + "recoveryWindowInDays": { + "type": "integer", + "description": "Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.\n" + }, + "replicas": { + "type": "array", + "items": { + "$ref": "#/types/aws:secretsmanager/SecretReplica:SecretReplica" + }, + "description": "Configuration block to support secret replication. See details below.\n" + }, + "rotationLambdaArn": { + "type": "string", + "description": "ARN of the Lambda function that can rotate the secret. Use the `aws.secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation resource instead" + }, + "rotationRules": { + "$ref": "#/types/aws:secretsmanager/SecretRotationRules:SecretRotationRules", + "description": "Configuration block for the rotation configuration of this secret. Defined below. Use the `aws.secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation resource instead" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of user-defined tags that are attached to the secret. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Secret resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the secret.\n" + }, + "description": { + "type": "string", + "description": "Description of the secret.\n" + }, + "forceOverwriteReplicaSecret": { + "type": "boolean" + }, + "kmsKeyId": { + "type": "string", + "description": "ARN, Key ID, or Alias.\n" + }, + "name": { + "type": "string", + "description": "Friendly name of the new secret. The secret name can consist of uppercase letters, lowercase letters, digits, and any of the following characters: `/_+=.@-` Conflicts with `name_prefix`.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "policy": { + "type": "string", + "description": "Valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html).\n" + }, + "recoveryWindowInDays": { + "type": "integer", + "description": "Number of days that AWS Secrets Manager waits before it can delete the secret. This value can be `0` to force deletion without recovery or range from `7` to `30` days. The default value is `30`.\n" + }, + "replicas": { + "type": "array", + "items": { + "$ref": "#/types/aws:secretsmanager/SecretReplica:SecretReplica" + }, + "description": "Configuration block to support secret replication. See details below.\n" + }, + "rotationEnabled": { + "type": "boolean", + "description": "Whether automatic rotation is enabled for this secret.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation resource instead" + }, + "rotationLambdaArn": { + "type": "string", + "description": "ARN of the Lambda function that can rotate the secret. Use the `aws.secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation resource instead" + }, + "rotationRules": { + "$ref": "#/types/aws:secretsmanager/SecretRotationRules:SecretRotationRules", + "description": "Configuration block for the rotation configuration of this secret. Defined below. Use the `aws.secretsmanager.SecretRotation` resource to manage this configuration instead. As of version 2.67.0, removal of this configuration will no longer remove rotation due to supporting the new resource. Either import the new resource and remove the configuration or manually remove rotation.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation resource instead" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of user-defined tags that are attached to the secret. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:secretsmanager/secretPolicy:SecretPolicy": { + "description": "Provides a resource to manage AWS Secrets Manager secret policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleSecret = new aws.secretsmanager.Secret(\"exampleSecret\", {});\nconst exampleSecretPolicy = new aws.secretsmanager.SecretPolicy(\"exampleSecretPolicy\", {\n secretArn: exampleSecret.arn,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n\t{\n\t \"Sid\": \"EnableAllPermissions\",\n\t \"Effect\": \"Allow\",\n\t \"Principal\": {\n\t\t\"AWS\": \"*\"\n\t },\n\t \"Action\": \"secretsmanager:GetSecretValue\",\n\t \"Resource\": \"*\"\n\t}\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_secret = aws.secretsmanager.Secret(\"exampleSecret\")\nexample_secret_policy = aws.secretsmanager.SecretPolicy(\"exampleSecretPolicy\",\n secret_arn=example_secret.arn,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n\t{\n\t \"Sid\": \"EnableAllPermissions\",\n\t \"Effect\": \"Allow\",\n\t \"Principal\": {\n\t\t\"AWS\": \"*\"\n\t },\n\t \"Action\": \"secretsmanager:GetSecretValue\",\n\t \"Resource\": \"*\"\n\t}\n ]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleSecret = new Aws.SecretsManager.Secret(\"exampleSecret\", new Aws.SecretsManager.SecretArgs\n {\n });\n var exampleSecretPolicy = new Aws.SecretsManager.SecretPolicy(\"exampleSecretPolicy\", new Aws.SecretsManager.SecretPolicyArgs\n {\n SecretArn = exampleSecret.Arn,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n\t{\n\t \"\"Sid\"\": \"\"EnableAllPermissions\"\",\n\t \"\"Effect\"\": \"\"Allow\"\",\n\t \"\"Principal\"\": {\n\t\t\"\"AWS\"\": \"\"*\"\"\n\t },\n\t \"\"Action\"\": \"\"secretsmanager:GetSecretValue\"\",\n\t \"\"Resource\"\": \"\"*\"\"\n\t}\n ]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleSecret, err := secretsmanager.NewSecret(ctx, \"exampleSecret\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretsmanager.NewSecretPolicy(ctx, \"exampleSecretPolicy\", &secretsmanager.SecretPolicyArgs{\n\t\t\tSecretArn: exampleSecret.Arn,\n\t\t\tPolicy: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \"\t{\\n\", \"\t \\\"Sid\\\": \\\"EnableAllPermissions\\\",\\n\", \"\t \\\"Effect\\\": \\\"Allow\\\",\\n\", \"\t \\\"Principal\\\": {\\n\", \"\t\t\\\"AWS\\\": \\\"*\\\"\\n\", \"\t },\\n\", \"\t \\\"Action\\\": \\\"secretsmanager:GetSecretValue\\\",\\n\", \"\t \\\"Resource\\\": \\\"*\\\"\\n\", \"\t}\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_secretsmanager_secret_policy` can be imported by using the secret Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:secretsmanager/secretPolicy:SecretPolicy example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\n```\n\n ", + "properties": { + "blockPublicPolicy": { + "type": "boolean", + "description": "Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.\n" + }, + "policy": { + "type": "string", + "description": "A valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html).\n" + }, + "secretArn": { + "type": "string", + "description": "Secret ARN.\n" + } + }, + "required": [ + "policy", + "secretArn" + ], + "inputProperties": { + "blockPublicPolicy": { + "type": "boolean", + "description": "Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.\n" + }, + "policy": { + "type": "string", + "description": "A valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html).\n" + }, + "secretArn": { + "type": "string", + "description": "Secret ARN.\n" + } + }, + "requiredInputs": [ + "policy", + "secretArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SecretPolicy resources.\n", + "properties": { + "blockPublicPolicy": { + "type": "boolean", + "description": "Makes an optional API call to Zelkova to validate the Resource Policy to prevent broad access to your secret.\n" + }, + "policy": { + "type": "string", + "description": "A valid JSON document representing a [resource policy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html).\n" + }, + "secretArn": { + "type": "string", + "description": "Secret ARN.\n" + } + }, + "type": "object" + } + }, + "aws:secretsmanager/secretRotation:SecretRotation": { + "description": "Provides a resource to manage AWS Secrets Manager secret rotation. To manage a secret, see the `aws.secretsmanager.Secret` resource. To manage a secret value, see the `aws.secretsmanager.SecretVersion` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.secretsmanager.SecretRotation(\"example\", {\n secretId: aws_secretsmanager_secret.example.id,\n rotationLambdaArn: aws_lambda_function.example.arn,\n rotationRules: {\n automaticallyAfterDays: 30,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.secretsmanager.SecretRotation(\"example\",\n secret_id=aws_secretsmanager_secret[\"example\"][\"id\"],\n rotation_lambda_arn=aws_lambda_function[\"example\"][\"arn\"],\n rotation_rules=aws.secretsmanager.SecretRotationRotationRulesArgs(\n automatically_after_days=30,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.SecretsManager.SecretRotation(\"example\", new Aws.SecretsManager.SecretRotationArgs\n {\n SecretId = aws_secretsmanager_secret.Example.Id,\n RotationLambdaArn = aws_lambda_function.Example.Arn,\n RotationRules = new Aws.SecretsManager.Inputs.SecretRotationRotationRulesArgs\n {\n AutomaticallyAfterDays = 30,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.NewSecretRotation(ctx, \"example\", &secretsmanager.SecretRotationArgs{\n\t\t\tSecretId: pulumi.Any(aws_secretsmanager_secret.Example.Id),\n\t\t\tRotationLambdaArn: pulumi.Any(aws_lambda_function.Example.Arn),\n\t\t\tRotationRules: &secretsmanager.SecretRotationRotationRulesArgs{\n\t\t\t\tAutomaticallyAfterDays: pulumi.Int(30),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n### Rotation Configuration\n\nTo enable automatic secret rotation, the Secrets Manager service requires usage of a Lambda function. The [Rotate Secrets section in the Secrets Manager User Guide](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html) provides additional information about deploying a prebuilt Lambda functions for supported credential rotation (e.g. RDS) or deploying a custom Lambda function.\n\n> **NOTE:** Configuring rotation causes the secret to rotate once as soon as you enable rotation. Before you do this, you must ensure that all of your applications that use the credentials stored in the secret are updated to retrieve the secret from AWS Secrets Manager. The old credentials might no longer be usable after the initial rotation and any applications that you fail to update will break as soon as the old credentials are no longer valid.\n\n> **NOTE:** If you cancel a rotation that is in progress (by removing the `rotation` configuration), it can leave the VersionStage labels in an unexpected state. Depending on what step of the rotation was in progress, you might need to remove the staging label AWSPENDING from the partially created version, specified by the SecretVersionId response value. You should also evaluate the partially rotated new version to see if it should be deleted, which you can do by removing all staging labels from the new version's VersionStage field.\n{{% /examples %}}\n\n## Import\n\n`aws_secretsmanager_secret_rotation` can be imported by using the secret Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:secretsmanager/secretRotation:SecretRotation example arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\n```\n\n ", + "properties": { + "rotationEnabled": { + "type": "boolean", + "description": "Specifies whether automatic rotation is enabled for this secret.\n" + }, + "rotationLambdaArn": { + "type": "string", + "description": "Specifies the ARN of the Lambda function that can rotate the secret.\n" + }, + "rotationRules": { + "$ref": "#/types/aws:secretsmanager/SecretRotationRotationRules:SecretRotationRotationRules", + "description": "A structure that defines the rotation configuration for this secret. Defined below.\n" + }, + "secretId": { + "type": "string", + "description": "Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "rotationEnabled", + "rotationLambdaArn", + "rotationRules", + "secretId" + ], + "inputProperties": { + "rotationLambdaArn": { + "type": "string", + "description": "Specifies the ARN of the Lambda function that can rotate the secret.\n" + }, + "rotationRules": { + "$ref": "#/types/aws:secretsmanager/SecretRotationRotationRules:SecretRotationRotationRules", + "description": "A structure that defines the rotation configuration for this secret. Defined below.\n" + }, + "secretId": { + "type": "string", + "description": "Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "rotationLambdaArn", + "rotationRules", + "secretId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SecretRotation resources.\n", + "properties": { + "rotationEnabled": { + "type": "boolean", + "description": "Specifies whether automatic rotation is enabled for this secret.\n" + }, + "rotationLambdaArn": { + "type": "string", + "description": "Specifies the ARN of the Lambda function that can rotate the secret.\n" + }, + "rotationRules": { + "$ref": "#/types/aws:secretsmanager/SecretRotationRotationRules:SecretRotationRotationRules", + "description": "A structure that defines the rotation configuration for this secret. Defined below.\n" + }, + "secretId": { + "type": "string", + "description": "Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:secretsmanager/secretVersion:SecretVersion": { + "description": "Provides a resource to manage AWS Secrets Manager secret version including its secret value. To manage secret metadata, see the `aws.secretsmanager.Secret` resource.\n\n> **NOTE:** If the `AWSCURRENT` staging label is present on this version during resource deletion, that label cannot be removed and will be skipped to prevent errors when fully deleting the secret. That label will leave this secret version active even after the resource is deleted from this provider unless the secret itself is deleted. Move the `AWSCURRENT` staging label before or after deleting this resource from this provider to fully trigger version deprecation if necessary.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Simple String Value\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.secretsmanager.SecretVersion(\"example\", {\n secretId: aws_secretsmanager_secret.example.id,\n secretString: \"example-string-to-protect\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.secretsmanager.SecretVersion(\"example\",\n secret_id=aws_secretsmanager_secret[\"example\"][\"id\"],\n secret_string=\"example-string-to-protect\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.SecretsManager.SecretVersion(\"example\", new Aws.SecretsManager.SecretVersionArgs\n {\n SecretId = aws_secretsmanager_secret.Example.Id,\n SecretString = \"example-string-to-protect\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.NewSecretVersion(ctx, \"example\", &secretsmanager.SecretVersionArgs{\n\t\t\tSecretId: pulumi.Any(aws_secretsmanager_secret.Example.Id),\n\t\t\tSecretString: pulumi.String(\"example-string-to-protect\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Key-Value Pairs\n\nSecrets Manager also accepts key-value pairs in JSON.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst example = config.getObject(\"example\") || {\n key1: \"value1\",\n key2: \"value2\",\n};\nconst exampleSecretVersion = new aws.secretsmanager.SecretVersion(\"exampleSecretVersion\", {\n secretId: aws_secretsmanager_secret.example.id,\n secretString: JSON.stringify(example),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nexample = config.get_object(\"example\")\nif example is None:\n example = {\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n }\nexample_secret_version = aws.secretsmanager.SecretVersion(\"exampleSecretVersion\",\n secret_id=aws_secretsmanager_secret[\"example\"][\"id\"],\n secret_string=json.dumps(example))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var example = config.GetObject(\"example\") ?? \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n };\n var exampleSecretVersion = new Aws.SecretsManager.SecretVersion(\"exampleSecretVersion\", new Aws.SecretsManager.SecretVersionArgs\n {\n SecretId = aws_secretsmanager_secret.Example.Id,\n SecretString = JsonSerializer.Serialize(example),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\texample := map[string]interface{}{\n\t\t\t\"key1\": \"value1\",\n\t\t\t\"key2\": \"value2\",\n\t\t}\n\t\tif param := cfg.GetBool(\"example\"); param != nil {\n\t\t\texample = param\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(example)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := secretsmanager.NewSecretVersion(ctx, \"exampleSecretVersion\", &secretsmanager.SecretVersionArgs{\n\t\t\tSecretId: pulumi.Any(aws_secretsmanager_secret.Example.Id),\n\t\t\tSecretString: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_secretsmanager_secret_version` can be imported by using the secret ID and version ID, e.g.\n\n```sh\n $ pulumi import aws:secretsmanager/secretVersion:SecretVersion example 'arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456|xxxxx-xxxxxxx-xxxxxxx-xxxxx'\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the secret.\n" + }, + "secretBinary": { + "type": "string", + "description": "Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secret_string is not set. Needs to be encoded to base64.\n" + }, + "secretId": { + "type": "string", + "description": "Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.\n" + }, + "secretString": { + "type": "string", + "description": "Specifies text data that you want to encrypt and store in this version of the secret. This is required if secret_binary is not set.\n" + }, + "versionId": { + "type": "string", + "description": "The unique identifier of the version of the secret.\n" + }, + "versionStages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.\n" + } + }, + "required": [ + "arn", + "secretId", + "versionId", + "versionStages" + ], + "inputProperties": { + "secretBinary": { + "type": "string", + "description": "Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secret_string is not set. Needs to be encoded to base64.\n" + }, + "secretId": { + "type": "string", + "description": "Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.\n" + }, + "secretString": { + "type": "string", + "description": "Specifies text data that you want to encrypt and store in this version of the secret. This is required if secret_binary is not set.\n" + }, + "versionStages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.\n" + } + }, + "requiredInputs": [ + "secretId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SecretVersion resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the secret.\n" + }, + "secretBinary": { + "type": "string", + "description": "Specifies binary data that you want to encrypt and store in this version of the secret. This is required if secret_string is not set. Needs to be encoded to base64.\n" + }, + "secretId": { + "type": "string", + "description": "Specifies the secret to which you want to add a new version. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret. The secret must already exist.\n" + }, + "secretString": { + "type": "string", + "description": "Specifies text data that you want to encrypt and store in this version of the secret. This is required if secret_binary is not set.\n" + }, + "versionId": { + "type": "string", + "description": "The unique identifier of the version of the secret.\n" + }, + "versionStages": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies a list of staging labels that are attached to this version of the secret. A staging label must be unique to a single version of the secret. If you specify a staging label that's already associated with a different version of the same secret then that staging label is automatically removed from the other version and attached to this version. If you do not specify a value, then AWS Secrets Manager automatically moves the staging label `AWSCURRENT` to this new version on creation.\n" + } + }, + "type": "object" + } + }, + "aws:securityhub/account:Account": { + "description": "Enables Security Hub for this AWS account.\n\n> **NOTE:** Destroying this resource will disable Security Hub for this AWS account.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.securityhub.Account(\"example\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.securityhub.Account(\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.SecurityHub.Account(\"example\", new Aws.SecurityHub.AccountArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securityhub.NewAccount(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAn existing Security Hub enabled account can be imported using the AWS account ID, e.g.\n\n```sh\n $ pulumi import aws:securityhub/account:Account example 123456789012\n```\n\n ", + "stateInputs": { + "description": "Input properties used for looking up and filtering Account resources.\n", + "type": "object" + } + }, + "aws:securityhub/actionTarget:ActionTarget": { + "description": "Creates Security Hub custom action.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleActionTarget = new aws.securityhub.ActionTarget(\"exampleActionTarget\", {\n identifier: \"SendToChat\",\n description: \"This is custom action sends selected findings to chat\",\n}, {\n dependsOn: [exampleAccount],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_action_target = aws.securityhub.ActionTarget(\"exampleActionTarget\",\n identifier=\"SendToChat\",\n description=\"This is custom action sends selected findings to chat\",\n opts=pulumi.ResourceOptions(depends_on=[example_account]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\", new Aws.SecurityHub.AccountArgs\n {\n });\n var exampleActionTarget = new Aws.SecurityHub.ActionTarget(\"exampleActionTarget\", new Aws.SecurityHub.ActionTargetArgs\n {\n Identifier = \"SendToChat\",\n Description = \"This is custom action sends selected findings to chat\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleAccount,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleAccount, err := securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewActionTarget(ctx, \"exampleActionTarget\", &securityhub.ActionTargetArgs{\n\t\t\tIdentifier: pulumi.String(\"SendToChat\"),\n\t\t\tDescription: pulumi.String(\"This is custom action sends selected findings to chat\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSecurity Hub custom action can be imported using the action target ARN e.g.\n\n```sh\n $ pulumi import aws:securityhub/actionTarget:ActionTarget example arn:aws:securityhub:eu-west-1:312940875350:action/custom/a\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Security Hub custom action target.\n" + }, + "description": { + "type": "string", + "description": "The name of the custom action target.\n" + }, + "identifier": { + "type": "string", + "description": "The ID for the custom action target.\n" + }, + "name": { + "type": "string", + "description": "The description for the custom action target.\n" + } + }, + "required": [ + "arn", + "description", + "identifier", + "name" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The name of the custom action target.\n" + }, + "identifier": { + "type": "string", + "description": "The ID for the custom action target.\n" + }, + "name": { + "type": "string", + "description": "The description for the custom action target.\n" + } + }, + "requiredInputs": [ + "description", + "identifier" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ActionTarget resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Security Hub custom action target.\n" + }, + "description": { + "type": "string", + "description": "The name of the custom action target.\n" + }, + "identifier": { + "type": "string", + "description": "The ID for the custom action target.\n" + }, + "name": { + "type": "string", + "description": "The description for the custom action target.\n" + } + }, + "type": "object" + } + }, + "aws:securityhub/insight:Insight": { + "description": "Provides a Security Hub custom insight resource. See the [Managing custom insights section](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-custom-insights.html) of the AWS User Guide for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Filter by AWS account ID\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleInsight = new aws.securityhub.Insight(\"exampleInsight\", {\n filters: {\n awsAccountIds: [\n {\n comparison: \"EQUALS\",\n value: \"1234567890\",\n },\n {\n comparison: \"EQUALS\",\n value: \"09876543210\",\n },\n ],\n },\n groupByAttribute: \"AwsAccountId\",\n}, {\n dependsOn: [exampleAccount],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_insight = aws.securityhub.Insight(\"exampleInsight\",\n filters=aws.securityhub.InsightFiltersArgs(\n aws_account_ids=[\n aws.securityhub.InsightFiltersAwsAccountIdArgs(\n comparison=\"EQUALS\",\n value=\"1234567890\",\n ),\n aws.securityhub.InsightFiltersAwsAccountIdArgs(\n comparison=\"EQUALS\",\n value=\"09876543210\",\n ),\n ],\n ),\n group_by_attribute=\"AwsAccountId\",\n opts=pulumi.ResourceOptions(depends_on=[example_account]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\", new Aws.SecurityHub.AccountArgs\n {\n });\n var exampleInsight = new Aws.SecurityHub.Insight(\"exampleInsight\", new Aws.SecurityHub.InsightArgs\n {\n Filters = new Aws.SecurityHub.Inputs.InsightFiltersArgs\n {\n AwsAccountIds = \n {\n new Aws.SecurityHub.Inputs.InsightFiltersAwsAccountIdArgs\n {\n Comparison = \"EQUALS\",\n Value = \"1234567890\",\n },\n new Aws.SecurityHub.Inputs.InsightFiltersAwsAccountIdArgs\n {\n Comparison = \"EQUALS\",\n Value = \"09876543210\",\n },\n },\n },\n GroupByAttribute = \"AwsAccountId\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleAccount,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleAccount, err := securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewInsight(ctx, \"exampleInsight\", &securityhub.InsightArgs{\n\t\t\tFilters: &securityhub.InsightFiltersArgs{\n\t\t\t\tAwsAccountIds: securityhub.InsightFiltersAwsAccountIdArray{\n\t\t\t\t\t&securityhub.InsightFiltersAwsAccountIdArgs{\n\t\t\t\t\t\tComparison: pulumi.String(\"EQUALS\"),\n\t\t\t\t\t\tValue: pulumi.String(\"1234567890\"),\n\t\t\t\t\t},\n\t\t\t\t\t&securityhub.InsightFiltersAwsAccountIdArgs{\n\t\t\t\t\t\tComparison: pulumi.String(\"EQUALS\"),\n\t\t\t\t\t\tValue: pulumi.String(\"09876543210\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroupByAttribute: pulumi.String(\"AwsAccountId\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter by date range\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleInsight = new aws.securityhub.Insight(\"exampleInsight\", {\n filters: {\n createdAts: [{\n dateRange: {\n unit: \"DAYS\",\n value: 5,\n },\n }],\n },\n groupByAttribute: \"CreatedAt\",\n}, {\n dependsOn: [exampleAccount],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_insight = aws.securityhub.Insight(\"exampleInsight\",\n filters=aws.securityhub.InsightFiltersArgs(\n created_ats=[aws.securityhub.InsightFiltersCreatedAtArgs(\n date_range=aws.securityhub.InsightFiltersCreatedAtDateRangeArgs(\n unit=\"DAYS\",\n value=5,\n ),\n )],\n ),\n group_by_attribute=\"CreatedAt\",\n opts=pulumi.ResourceOptions(depends_on=[example_account]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\", new Aws.SecurityHub.AccountArgs\n {\n });\n var exampleInsight = new Aws.SecurityHub.Insight(\"exampleInsight\", new Aws.SecurityHub.InsightArgs\n {\n Filters = new Aws.SecurityHub.Inputs.InsightFiltersArgs\n {\n CreatedAts = \n {\n new Aws.SecurityHub.Inputs.InsightFiltersCreatedAtArgs\n {\n DateRange = new Aws.SecurityHub.Inputs.InsightFiltersCreatedAtDateRangeArgs\n {\n Unit = \"DAYS\",\n Value = 5,\n },\n },\n },\n },\n GroupByAttribute = \"CreatedAt\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleAccount,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleAccount, err := securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewInsight(ctx, \"exampleInsight\", &securityhub.InsightArgs{\n\t\t\tFilters: &securityhub.InsightFiltersArgs{\n\t\t\t\tCreatedAts: securityhub.InsightFiltersCreatedAtArray{\n\t\t\t\t\t&securityhub.InsightFiltersCreatedAtArgs{\n\t\t\t\t\t\tDateRange: &securityhub.InsightFiltersCreatedAtDateRangeArgs{\n\t\t\t\t\t\t\tUnit: pulumi.String(\"DAYS\"),\n\t\t\t\t\t\t\tValue: pulumi.Int(5),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroupByAttribute: pulumi.String(\"CreatedAt\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter by destination IPv4 address\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleInsight = new aws.securityhub.Insight(\"exampleInsight\", {\n filters: {\n networkDestinationIpv4s: [{\n cidr: \"10.0.0.0/16\",\n }],\n },\n groupByAttribute: \"NetworkDestinationIpV4\",\n}, {\n dependsOn: [exampleAccount],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_insight = aws.securityhub.Insight(\"exampleInsight\",\n filters=aws.securityhub.InsightFiltersArgs(\n network_destination_ipv4s=[aws.securityhub.InsightFiltersNetworkDestinationIpv4Args(\n cidr=\"10.0.0.0/16\",\n )],\n ),\n group_by_attribute=\"NetworkDestinationIpV4\",\n opts=pulumi.ResourceOptions(depends_on=[example_account]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\", new Aws.SecurityHub.AccountArgs\n {\n });\n var exampleInsight = new Aws.SecurityHub.Insight(\"exampleInsight\", new Aws.SecurityHub.InsightArgs\n {\n Filters = new Aws.SecurityHub.Inputs.InsightFiltersArgs\n {\n NetworkDestinationIpv4s = \n {\n new Aws.SecurityHub.Inputs.InsightFiltersNetworkDestinationIpv4Args\n {\n Cidr = \"10.0.0.0/16\",\n },\n },\n },\n GroupByAttribute = \"NetworkDestinationIpV4\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleAccount,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleAccount, err := securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewInsight(ctx, \"exampleInsight\", &securityhub.InsightArgs{\n\t\t\tFilters: &securityhub.InsightFiltersArgs{\n\t\t\t\tNetworkDestinationIpv4s: securityhub.InsightFiltersNetworkDestinationIpv4Array{\n\t\t\t\t\t&securityhub.InsightFiltersNetworkDestinationIpv4Args{\n\t\t\t\t\t\tCidr: pulumi.String(\"10.0.0.0/16\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroupByAttribute: pulumi.String(\"NetworkDestinationIpV4\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter by finding's confidence\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleInsight = new aws.securityhub.Insight(\"exampleInsight\", {\n filters: {\n confidences: [{\n gte: \"80\",\n }],\n },\n groupByAttribute: \"Confidence\",\n}, {\n dependsOn: [exampleAccount],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_insight = aws.securityhub.Insight(\"exampleInsight\",\n filters=aws.securityhub.InsightFiltersArgs(\n confidences=[aws.securityhub.InsightFiltersConfidenceArgs(\n gte=\"80\",\n )],\n ),\n group_by_attribute=\"Confidence\",\n opts=pulumi.ResourceOptions(depends_on=[example_account]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\", new Aws.SecurityHub.AccountArgs\n {\n });\n var exampleInsight = new Aws.SecurityHub.Insight(\"exampleInsight\", new Aws.SecurityHub.InsightArgs\n {\n Filters = new Aws.SecurityHub.Inputs.InsightFiltersArgs\n {\n Confidences = \n {\n new Aws.SecurityHub.Inputs.InsightFiltersConfidenceArgs\n {\n Gte = \"80\",\n },\n },\n },\n GroupByAttribute = \"Confidence\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleAccount,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleAccount, err := securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewInsight(ctx, \"exampleInsight\", &securityhub.InsightArgs{\n\t\t\tFilters: &securityhub.InsightFiltersArgs{\n\t\t\t\tConfidences: securityhub.InsightFiltersConfidenceArray{\n\t\t\t\t\t&securityhub.InsightFiltersConfidenceArgs{\n\t\t\t\t\t\tGte: pulumi.String(\"80\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroupByAttribute: pulumi.String(\"Confidence\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter by resource tags\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleInsight = new aws.securityhub.Insight(\"exampleInsight\", {\n filters: {\n resourceTags: [{\n comparison: \"EQUALS\",\n key: \"Environment\",\n value: \"Production\",\n }],\n },\n groupByAttribute: \"ResourceTags\",\n}, {\n dependsOn: [exampleAccount],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_insight = aws.securityhub.Insight(\"exampleInsight\",\n filters=aws.securityhub.InsightFiltersArgs(\n resource_tags=[aws.securityhub.InsightFiltersResourceTagArgs(\n comparison=\"EQUALS\",\n key=\"Environment\",\n value=\"Production\",\n )],\n ),\n group_by_attribute=\"ResourceTags\",\n opts=pulumi.ResourceOptions(depends_on=[example_account]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\", new Aws.SecurityHub.AccountArgs\n {\n });\n var exampleInsight = new Aws.SecurityHub.Insight(\"exampleInsight\", new Aws.SecurityHub.InsightArgs\n {\n Filters = new Aws.SecurityHub.Inputs.InsightFiltersArgs\n {\n ResourceTags = \n {\n new Aws.SecurityHub.Inputs.InsightFiltersResourceTagArgs\n {\n Comparison = \"EQUALS\",\n Key = \"Environment\",\n Value = \"Production\",\n },\n },\n },\n GroupByAttribute = \"ResourceTags\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleAccount,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleAccount, err := securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewInsight(ctx, \"exampleInsight\", &securityhub.InsightArgs{\n\t\t\tFilters: &securityhub.InsightFiltersArgs{\n\t\t\t\tResourceTags: securityhub.InsightFiltersResourceTagArray{\n\t\t\t\t\t&securityhub.InsightFiltersResourceTagArgs{\n\t\t\t\t\t\tComparison: pulumi.String(\"EQUALS\"),\n\t\t\t\t\t\tKey: pulumi.String(\"Environment\"),\n\t\t\t\t\t\tValue: pulumi.String(\"Production\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroupByAttribute: pulumi.String(\"ResourceTags\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSecurity Hub insights can be imported using the ARN, e.g.\n\n```sh\n $ pulumi import aws:securityhub/insight:Insight example arn:aws:securityhub:us-west-2:1234567890:insight/1234567890/custom/91299ed7-abd0-4e44-a858-d0b15e37141a\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the insight.\n" + }, + "filters": { + "$ref": "#/types/aws:securityhub/InsightFilters:InsightFilters", + "description": "A configuration block including one or more (up to 10 distinct) attributes used to filter the findings included in the insight. The insight only includes findings that match criteria defined in the filters. See filters below for more details.\n" + }, + "groupByAttribute": { + "type": "string", + "description": "The attribute used to group the findings for the insight e.g. if an insight is grouped by `ResourceId`, then the insight produces a list of resource identifiers.\n" + }, + "name": { + "type": "string", + "description": "The name of the custom insight.\n" + } + }, + "required": [ + "arn", + "filters", + "groupByAttribute", + "name" + ], + "inputProperties": { + "filters": { + "$ref": "#/types/aws:securityhub/InsightFilters:InsightFilters", + "description": "A configuration block including one or more (up to 10 distinct) attributes used to filter the findings included in the insight. The insight only includes findings that match criteria defined in the filters. See filters below for more details.\n" + }, + "groupByAttribute": { + "type": "string", + "description": "The attribute used to group the findings for the insight e.g. if an insight is grouped by `ResourceId`, then the insight produces a list of resource identifiers.\n" + }, + "name": { + "type": "string", + "description": "The name of the custom insight.\n" + } + }, + "requiredInputs": [ + "filters", + "groupByAttribute" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Insight resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the insight.\n" + }, + "filters": { + "$ref": "#/types/aws:securityhub/InsightFilters:InsightFilters", + "description": "A configuration block including one or more (up to 10 distinct) attributes used to filter the findings included in the insight. The insight only includes findings that match criteria defined in the filters. See filters below for more details.\n" + }, + "groupByAttribute": { + "type": "string", + "description": "The attribute used to group the findings for the insight e.g. if an insight is grouped by `ResourceId`, then the insight produces a list of resource identifiers.\n" + }, + "name": { + "type": "string", + "description": "The name of the custom insight.\n" + } + }, + "type": "object" + } + }, + "aws:securityhub/inviteAccepter:InviteAccepter": { + "description": "> **Note:** AWS accounts can only be associated with a single Security Hub master account. Destroying this resource will disassociate the member account from the master account.\n\nAccepts a Security Hub invitation.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleMember = new aws.securityhub.Member(\"exampleMember\", {\n accountId: \"123456789012\",\n email: \"example@example.com\",\n invite: true,\n});\nconst inviteeAccount = new aws.securityhub.Account(\"inviteeAccount\", {}, {\n provider: \"aws.invitee\",\n});\nconst inviteeInviteAccepter = new aws.securityhub.InviteAccepter(\"inviteeInviteAccepter\", {masterId: exampleMember.masterId}, {\n provider: \"aws.invitee\",\n dependsOn: [aws_securityhub_account.accepter],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_member = aws.securityhub.Member(\"exampleMember\",\n account_id=\"123456789012\",\n email=\"example@example.com\",\n invite=True)\ninvitee_account = aws.securityhub.Account(\"inviteeAccount\", opts=pulumi.ResourceOptions(provider=\"aws.invitee\"))\ninvitee_invite_accepter = aws.securityhub.InviteAccepter(\"inviteeInviteAccepter\", master_id=example_member.master_id,\nopts=pulumi.ResourceOptions(provider=\"aws.invitee\",\n depends_on=[aws_securityhub_account[\"accepter\"]]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\", new Aws.SecurityHub.AccountArgs\n {\n });\n var exampleMember = new Aws.SecurityHub.Member(\"exampleMember\", new Aws.SecurityHub.MemberArgs\n {\n AccountId = \"123456789012\",\n Email = \"example@example.com\",\n Invite = true,\n });\n var inviteeAccount = new Aws.SecurityHub.Account(\"inviteeAccount\", new Aws.SecurityHub.AccountArgs\n {\n }, new CustomResourceOptions\n {\n Provider = \"aws.invitee\",\n });\n var inviteeInviteAccepter = new Aws.SecurityHub.InviteAccepter(\"inviteeInviteAccepter\", new Aws.SecurityHub.InviteAccepterArgs\n {\n MasterId = exampleMember.MasterId,\n }, new CustomResourceOptions\n {\n Provider = \"aws.invitee\",\n DependsOn = \n {\n aws_securityhub_account.Accepter,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMember, err := securityhub.NewMember(ctx, \"exampleMember\", &securityhub.MemberArgs{\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t\tEmail: pulumi.String(\"example@example.com\"),\n\t\t\tInvite: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewAccount(ctx, \"inviteeAccount\", nil, pulumi.Provider(\"aws.invitee\"))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewInviteAccepter(ctx, \"inviteeInviteAccepter\", &securityhub.InviteAccepterArgs{\n\t\t\tMasterId: exampleMember.MasterId,\n\t\t}, pulumi.Provider(\"aws.invitee\"), pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_securityhub_account.Accepter,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSecurity Hub invite acceptance can be imported using the account ID, e.g.\n\n```sh\n $ pulumi import aws:securityhub/inviteAccepter:InviteAccepter example 123456789012\n```\n\n ", + "properties": { + "invitationId": { + "type": "string", + "description": "The ID of the invitation.\n" + }, + "masterId": { + "type": "string", + "description": "The account ID of the master Security Hub account whose invitation you're accepting.\n" + } + }, + "required": [ + "invitationId", + "masterId" + ], + "inputProperties": { + "masterId": { + "type": "string", + "description": "The account ID of the master Security Hub account whose invitation you're accepting.\n" + } + }, + "requiredInputs": [ + "masterId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering InviteAccepter resources.\n", + "properties": { + "invitationId": { + "type": "string", + "description": "The ID of the invitation.\n" + }, + "masterId": { + "type": "string", + "description": "The account ID of the master Security Hub account whose invitation you're accepting.\n" + } + }, + "type": "object" + } + }, + "aws:securityhub/member:Member": { + "description": "Provides a Security Hub member resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleMember = new aws.securityhub.Member(\"exampleMember\", {\n accountId: \"123456789012\",\n email: \"example@example.com\",\n invite: true,\n}, {\n dependsOn: [exampleAccount],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_member = aws.securityhub.Member(\"exampleMember\",\n account_id=\"123456789012\",\n email=\"example@example.com\",\n invite=True,\n opts=pulumi.ResourceOptions(depends_on=[example_account]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\", new Aws.SecurityHub.AccountArgs\n {\n });\n var exampleMember = new Aws.SecurityHub.Member(\"exampleMember\", new Aws.SecurityHub.MemberArgs\n {\n AccountId = \"123456789012\",\n Email = \"example@example.com\",\n Invite = true,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleAccount,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleAccount, err := securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewMember(ctx, \"exampleMember\", &securityhub.MemberArgs{\n\t\t\tAccountId: pulumi.String(\"123456789012\"),\n\t\t\tEmail: pulumi.String(\"example@example.com\"),\n\t\t\tInvite: pulumi.Bool(true),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSecurity Hub members can be imported using their account ID, e.g.\n\n```sh\n $ pulumi import aws:securityhub/member:Member example 123456789012\n```\n\n ", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the member AWS account.\n" + }, + "email": { + "type": "string", + "description": "The email of the member AWS account.\n" + }, + "invite": { + "type": "boolean", + "description": "Boolean whether to invite the account to Security Hub as a member. Defaults to `false`.\n" + }, + "masterId": { + "type": "string", + "description": "The ID of the master Security Hub AWS account.\n" + }, + "memberStatus": { + "type": "string", + "description": "The status of the member account relationship.\n" + } + }, + "required": [ + "accountId", + "email", + "masterId", + "memberStatus" + ], + "inputProperties": { + "accountId": { + "type": "string", + "description": "The ID of the member AWS account.\n" + }, + "email": { + "type": "string", + "description": "The email of the member AWS account.\n" + }, + "invite": { + "type": "boolean", + "description": "Boolean whether to invite the account to Security Hub as a member. Defaults to `false`.\n" + } + }, + "requiredInputs": [ + "accountId", + "email" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Member resources.\n", + "properties": { + "accountId": { + "type": "string", + "description": "The ID of the member AWS account.\n" + }, + "email": { + "type": "string", + "description": "The email of the member AWS account.\n" + }, + "invite": { + "type": "boolean", + "description": "Boolean whether to invite the account to Security Hub as a member. Defaults to `false`.\n" + }, + "masterId": { + "type": "string", + "description": "The ID of the master Security Hub AWS account.\n" + }, + "memberStatus": { + "type": "string", + "description": "The status of the member account relationship.\n" + } + }, + "type": "object" + } + }, + "aws:securityhub/organizationAdminAccount:OrganizationAdminAccount": { + "description": "Manages a Security Hub administrator account for an organization. The AWS account utilizing this resource must be an Organizations primary account. More information about Organizations support in Security Hub can be found in the [Security Hub User Guide](https://docs.aws.amazon.com/securityhub/latest/userguide/designate-orgs-admin-account.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleOrganization = new aws.organizations.Organization(\"exampleOrganization\", {\n awsServiceAccessPrincipals: [\"securityhub.amazonaws.com\"],\n featureSet: \"ALL\",\n});\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst exampleOrganizationAdminAccount = new aws.securityhub.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", {adminAccountId: \"123456789012\"}, {\n dependsOn: [exampleOrganization],\n});\n// Auto enable security hub in organization member accounts\nconst exampleOrganizationConfiguration = new aws.securityhub.OrganizationConfiguration(\"exampleOrganizationConfiguration\", {autoEnable: true});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_organization = aws.organizations.Organization(\"exampleOrganization\",\n aws_service_access_principals=[\"securityhub.amazonaws.com\"],\n feature_set=\"ALL\")\nexample_account = aws.securityhub.Account(\"exampleAccount\")\nexample_organization_admin_account = aws.securityhub.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", admin_account_id=\"123456789012\",\nopts=pulumi.ResourceOptions(depends_on=[example_organization]))\n# Auto enable security hub in organization member accounts\nexample_organization_configuration = aws.securityhub.OrganizationConfiguration(\"exampleOrganizationConfiguration\", auto_enable=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleOrganization = new Aws.Organizations.Organization(\"exampleOrganization\", new Aws.Organizations.OrganizationArgs\n {\n AwsServiceAccessPrincipals = \n {\n \"securityhub.amazonaws.com\",\n },\n FeatureSet = \"ALL\",\n });\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\", new Aws.SecurityHub.AccountArgs\n {\n });\n var exampleOrganizationAdminAccount = new Aws.SecurityHub.OrganizationAdminAccount(\"exampleOrganizationAdminAccount\", new Aws.SecurityHub.OrganizationAdminAccountArgs\n {\n AdminAccountId = \"123456789012\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleOrganization,\n },\n });\n // Auto enable security hub in organization member accounts\n var exampleOrganizationConfiguration = new Aws.SecurityHub.OrganizationConfiguration(\"exampleOrganizationConfiguration\", new Aws.SecurityHub.OrganizationConfigurationArgs\n {\n AutoEnable = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleOrganization, err := organizations.NewOrganization(ctx, \"exampleOrganization\", &organizations.OrganizationArgs{\n\t\t\tAwsServiceAccessPrincipals: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"securityhub.amazonaws.com\"),\n\t\t\t},\n\t\t\tFeatureSet: pulumi.String(\"ALL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewOrganizationAdminAccount(ctx, \"exampleOrganizationAdminAccount\", &securityhub.OrganizationAdminAccountArgs{\n\t\t\tAdminAccountId: pulumi.String(\"123456789012\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleOrganization,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewOrganizationConfiguration(ctx, \"exampleOrganizationConfiguration\", &securityhub.OrganizationConfigurationArgs{\n\t\t\tAutoEnable: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSecurity Hub Organization Admin Accounts can be imported using the AWS account ID, e.g.\n\n```sh\n $ pulumi import aws:securityhub/organizationAdminAccount:OrganizationAdminAccount example 123456789012\n```\n\n ", + "properties": { + "adminAccountId": { + "type": "string", + "description": "The AWS account identifier of the account to designate as the Security Hub administrator account.\n" + } + }, + "required": [ + "adminAccountId" + ], + "inputProperties": { + "adminAccountId": { + "type": "string", + "description": "The AWS account identifier of the account to designate as the Security Hub administrator account.\n" + } + }, + "requiredInputs": [ + "adminAccountId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OrganizationAdminAccount resources.\n", + "properties": { + "adminAccountId": { + "type": "string", + "description": "The AWS account identifier of the account to designate as the Security Hub administrator account.\n" + } + }, + "type": "object" + } + }, + "aws:securityhub/organizationConfiguration:OrganizationConfiguration": { + "description": "\n\n\n## Import\n\nAn existing Security Hub enabled account can be imported using the AWS account ID, e.g.\n\n```sh\n $ pulumi import aws:securityhub/organizationConfiguration:OrganizationConfiguration example 123456789012\n```\n\n ", + "properties": { + "autoEnable": { + "type": "boolean", + "description": "Whether to automatically enable Security Hub for new accounts in the organization.\n" + } + }, + "required": [ + "autoEnable" + ], + "inputProperties": { + "autoEnable": { + "type": "boolean", + "description": "Whether to automatically enable Security Hub for new accounts in the organization.\n" + } + }, + "requiredInputs": [ + "autoEnable" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OrganizationConfiguration resources.\n", + "properties": { + "autoEnable": { + "type": "boolean", + "description": "Whether to automatically enable Security Hub for new accounts in the organization.\n" + } + }, + "type": "object" + } + }, + "aws:securityhub/productSubscription:ProductSubscription": { + "description": "Subscribes to a Security Hub product.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleAccount = new aws.securityhub.Account(\"exampleAccount\", {});\nconst current = aws.getRegion({});\nconst exampleProductSubscription = new aws.securityhub.ProductSubscription(\"exampleProductSubscription\", {productArn: current.then(current => `arn:aws:securityhub:${current.name}:733251395267:product/alertlogic/althreatmanagement`)}, {\n dependsOn: [exampleAccount],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_account = aws.securityhub.Account(\"exampleAccount\")\ncurrent = aws.get_region()\nexample_product_subscription = aws.securityhub.ProductSubscription(\"exampleProductSubscription\", product_arn=f\"arn:aws:securityhub:{current.name}:733251395267:product/alertlogic/althreatmanagement\",\nopts=pulumi.ResourceOptions(depends_on=[example_account]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleAccount = new Aws.SecurityHub.Account(\"exampleAccount\", new Aws.SecurityHub.AccountArgs\n {\n });\n var current = Output.Create(Aws.GetRegion.InvokeAsync());\n var exampleProductSubscription = new Aws.SecurityHub.ProductSubscription(\"exampleProductSubscription\", new Aws.SecurityHub.ProductSubscriptionArgs\n {\n ProductArn = current.Apply(current => $\"arn:aws:securityhub:{current.Name}:733251395267:product/alertlogic/althreatmanagement\"),\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleAccount,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleAccount, err := securityhub.NewAccount(ctx, \"exampleAccount\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewProductSubscription(ctx, \"exampleProductSubscription\", &securityhub.ProductSubscriptionArgs{\n\t\t\tProductArn: pulumi.String(fmt.Sprintf(\"%v%v%v\", \"arn:aws:securityhub:\", current.Name, \":733251395267:product/alertlogic/althreatmanagement\")),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleAccount,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSecurity Hub product subscriptions can be imported in the form `product_arn,arn`, e.g.\n\n```sh\n $ pulumi import aws:securityhub/productSubscription:ProductSubscription example arn:aws:securityhub:eu-west-1:733251395267:product/alertlogic/althreatmanagement,arn:aws:securityhub:eu-west-1:123456789012:product-subscription/alertlogic/althreatmanagement\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of a resource that represents your subscription to the product that generates the findings that you want to import into Security Hub.\n" + }, + "productArn": { + "type": "string", + "description": "The ARN of the product that generates findings that you want to import into Security Hub - see below.\n" + } + }, + "required": [ + "arn", + "productArn" + ], + "inputProperties": { + "productArn": { + "type": "string", + "description": "The ARN of the product that generates findings that you want to import into Security Hub - see below.\n" + } + }, + "requiredInputs": [ + "productArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ProductSubscription resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of a resource that represents your subscription to the product that generates the findings that you want to import into Security Hub.\n" + }, + "productArn": { + "type": "string", + "description": "The ARN of the product that generates findings that you want to import into Security Hub - see below.\n" + } + }, + "type": "object" + } + }, + "aws:securityhub/standardsControl:StandardsControl": { + "properties": { + "controlId": { + "type": "string", + "description": "The identifier of the security standard control.\n" + }, + "controlStatus": { + "type": "string", + "description": "The control status could be `ENABLED` or `DISABLED`. You have to specify `disabled_reason` argument for `DISABLED` control status.\n" + }, + "controlStatusUpdatedAt": { + "type": "string", + "description": "The date and time that the status of the security standard control was most recently updated.\n" + }, + "description": { + "type": "string", + "description": "The standard control longer description. Provides information about what the control is checking for.\n" + }, + "disabledReason": { + "type": "string", + "description": "A description of the reason why you are disabling a security standard control. If you specify this attribute, `control_status` will be set to `DISABLED` automatically.\n" + }, + "relatedRequirements": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of requirements that are related to this control.\n" + }, + "remediationUrl": { + "type": "string", + "description": "A link to remediation information for the control in the Security Hub user documentation.\n" + }, + "severityRating": { + "type": "string", + "description": "The severity of findings generated from this security standard control.\n" + }, + "standardsControlArn": { + "type": "string", + "description": "The standards control ARN.\n" + }, + "title": { + "type": "string", + "description": "The standard control title.\n" + } + }, + "required": [ + "controlId", + "controlStatus", + "controlStatusUpdatedAt", + "description", + "disabledReason", + "relatedRequirements", + "remediationUrl", + "severityRating", + "standardsControlArn", + "title" + ], + "inputProperties": { + "controlStatus": { + "type": "string", + "description": "The control status could be `ENABLED` or `DISABLED`. You have to specify `disabled_reason` argument for `DISABLED` control status.\n" + }, + "disabledReason": { + "type": "string", + "description": "A description of the reason why you are disabling a security standard control. If you specify this attribute, `control_status` will be set to `DISABLED` automatically.\n" + }, + "standardsControlArn": { + "type": "string", + "description": "The standards control ARN.\n" + } + }, + "requiredInputs": [ + "controlStatus", + "standardsControlArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering StandardsControl resources.\n", + "properties": { + "controlId": { + "type": "string", + "description": "The identifier of the security standard control.\n" + }, + "controlStatus": { + "type": "string", + "description": "The control status could be `ENABLED` or `DISABLED`. You have to specify `disabled_reason` argument for `DISABLED` control status.\n" + }, + "controlStatusUpdatedAt": { + "type": "string", + "description": "The date and time that the status of the security standard control was most recently updated.\n" + }, + "description": { + "type": "string", + "description": "The standard control longer description. Provides information about what the control is checking for.\n" + }, + "disabledReason": { + "type": "string", + "description": "A description of the reason why you are disabling a security standard control. If you specify this attribute, `control_status` will be set to `DISABLED` automatically.\n" + }, + "relatedRequirements": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of requirements that are related to this control.\n" + }, + "remediationUrl": { + "type": "string", + "description": "A link to remediation information for the control in the Security Hub user documentation.\n" + }, + "severityRating": { + "type": "string", + "description": "The severity of findings generated from this security standard control.\n" + }, + "standardsControlArn": { + "type": "string", + "description": "The standards control ARN.\n" + }, + "title": { + "type": "string", + "description": "The standard control title.\n" + } + }, + "type": "object" + } + }, + "aws:securityhub/standardsSubscription:StandardsSubscription": { + "description": "Subscribes to a Security Hub standard.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.securityhub.Account(\"example\", {});\nconst cis = new aws.securityhub.StandardsSubscription(\"cis\", {standardsArn: \"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0\"}, {\n dependsOn: [example],\n});\nconst pci321 = new aws.securityhub.StandardsSubscription(\"pci321\", {standardsArn: \"arn:aws:securityhub:us-east-1::standards/pci-dss/v/3.2.1\"}, {\n dependsOn: [example],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.securityhub.Account(\"example\")\ncis = aws.securityhub.StandardsSubscription(\"cis\", standards_arn=\"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0\",\nopts=pulumi.ResourceOptions(depends_on=[example]))\npci321 = aws.securityhub.StandardsSubscription(\"pci321\", standards_arn=\"arn:aws:securityhub:us-east-1::standards/pci-dss/v/3.2.1\",\nopts=pulumi.ResourceOptions(depends_on=[example]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.SecurityHub.Account(\"example\", new Aws.SecurityHub.AccountArgs\n {\n });\n var cis = new Aws.SecurityHub.StandardsSubscription(\"cis\", new Aws.SecurityHub.StandardsSubscriptionArgs\n {\n StandardsArn = \"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n example,\n },\n });\n var pci321 = new Aws.SecurityHub.StandardsSubscription(\"pci321\", new Aws.SecurityHub.StandardsSubscriptionArgs\n {\n StandardsArn = \"arn:aws:securityhub:us-east-1::standards/pci-dss/v/3.2.1\",\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n example,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/securityhub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := securityhub.NewAccount(ctx, \"example\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewStandardsSubscription(ctx, \"cis\", &securityhub.StandardsSubscriptionArgs{\n\t\t\tStandardsArn: pulumi.String(\"arn:aws:securityhub:::ruleset/cis-aws-foundations-benchmark/v/1.2.0\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = securityhub.NewStandardsSubscription(ctx, \"pci321\", &securityhub.StandardsSubscriptionArgs{\n\t\t\tStandardsArn: pulumi.String(\"arn:aws:securityhub:us-east-1::standards/pci-dss/v/3.2.1\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texample,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSecurity Hub standards subscriptions can be imported using the standards subscription ARN, e.g.\n\n```sh\n $ pulumi import aws:securityhub/standardsSubscription:StandardsSubscription cis arn:aws:securityhub:eu-west-1:123456789012:subscription/cis-aws-foundations-benchmark/v/1.2.0\n```\n\n\n\n```sh\n $ pulumi import aws:securityhub/standardsSubscription:StandardsSubscription pci_321 arn:aws:securityhub:eu-west-1:123456789012:subscription/pci-dss/v/3.2.1\n```\n\n ", + "properties": { + "standardsArn": { + "type": "string", + "description": "The ARN of a standard - see below.\n" + } + }, + "required": [ + "standardsArn" + ], + "inputProperties": { + "standardsArn": { + "type": "string", + "description": "The ARN of a standard - see below.\n" + } + }, + "requiredInputs": [ + "standardsArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering StandardsSubscription resources.\n", + "properties": { + "standardsArn": { + "type": "string", + "description": "The ARN of a standard - see below.\n" + } + }, + "type": "object" + } + }, + "aws:serverlessrepository/cloudFormationStack:CloudFormationStack": { + "description": "Deploys an Application CloudFormation Stack from the Serverless Application Repository.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst currentPartition = pulumi.output(aws.getPartition());\nconst currentRegion = pulumi.output(aws.getRegion());\nconst postgres_rotator = new aws.serverlessrepository.CloudFormationStack(\"postgres-rotator\", {\n applicationId: \"arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSPostgreSQLRotationSingleUser\",\n capabilities: [\n \"CAPABILITY_IAM\",\n \"CAPABILITY_RESOURCE_POLICY\",\n ],\n parameters: {\n endpoint: pulumi.interpolate`secretsmanager.${currentRegion.name!}.${currentPartition.dnsSuffix}`,\n functionName: \"func-postgres-rotator\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent_partition = aws.get_partition()\ncurrent_region = aws.get_region()\npostgres_rotator = aws.serverlessrepository.CloudFormationStack(\"postgres-rotator\",\n application_id=\"arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSPostgreSQLRotationSingleUser\",\n capabilities=[\n \"CAPABILITY_IAM\",\n \"CAPABILITY_RESOURCE_POLICY\",\n ],\n parameters={\n \"endpoint\": f\"secretsmanager.{current_region.name}.{current_partition.dns_suffix}\",\n \"functionName\": \"func-postgres-rotator\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var currentPartition = Output.Create(Aws.GetPartition.InvokeAsync());\n var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());\n var postgres_rotator = new Aws.ServerlessRepository.CloudFormationStack(\"postgres-rotator\", new Aws.ServerlessRepository.CloudFormationStackArgs\n {\n ApplicationId = \"arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSPostgreSQLRotationSingleUser\",\n Capabilities = \n {\n \"CAPABILITY_IAM\",\n \"CAPABILITY_RESOURCE_POLICY\",\n },\n Parameters = \n {\n { \"endpoint\", Output.Tuple(currentRegion, currentPartition).Apply(values =>\n {\n var currentRegion = values.Item1;\n var currentPartition = values.Item2;\n return $\"secretsmanager.{currentRegion.Name}.{currentPartition.DnsSuffix}\";\n }) },\n { \"functionName\", \"func-postgres-rotator\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/serverlessrepository\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrentPartition, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serverlessrepository.NewCloudFormationStack(ctx, \"postgres_rotator\", &serverlessrepository.CloudFormationStackArgs{\n\t\t\tApplicationId: pulumi.String(\"arn:aws:serverlessrepo:us-east-1:297356227824:applications/SecretsManagerRDSPostgreSQLRotationSingleUser\"),\n\t\t\tCapabilities: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"CAPABILITY_IAM\"),\n\t\t\t\tpulumi.String(\"CAPABILITY_RESOURCE_POLICY\"),\n\t\t\t},\n\t\t\tParameters: pulumi.StringMap{\n\t\t\t\t\"endpoint\": pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"secretsmanager.\", currentRegion.Name, \".\", currentPartition.DnsSuffix)),\n\t\t\t\t\"functionName\": pulumi.String(\"func-postgres-rotator\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nServerless Application Repository Stack can be imported using the CloudFormation Stack name (with or without the `serverlessrepo-` prefix) or the CloudFormation Stack ID, e.g.\n\n```sh\n $ pulumi import aws:serverlessrepository/cloudFormationStack:CloudFormationStack example serverlessrepo-postgres-rotator\n```\n\n ", + "properties": { + "applicationId": { + "type": "string", + "description": "The ARN of the application from the Serverless Application Repository.\n" + }, + "capabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities. Valid values are `CAPABILITY_IAM`, `CAPABILITY_NAMED_IAM`, `CAPABILITY_RESOURCE_POLICY`, or `CAPABILITY_AUTO_EXPAND`\n" + }, + "name": { + "type": "string", + "description": "The name of the stack to create. The resource deployed in AWS will be prefixed with `serverlessrepo-`\n" + }, + "outputs": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of outputs from the stack.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of Parameter structures that specify input parameters for the stack.\n" + }, + "semanticVersion": { + "type": "string", + "description": "The version of the application to deploy. If not supplied, deploys the latest version.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags to associate with this stack. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "applicationId", + "capabilities", + "name", + "outputs", + "parameters", + "semanticVersion", + "tagsAll" + ], + "inputProperties": { + "applicationId": { + "type": "string", + "description": "The ARN of the application from the Serverless Application Repository.\n" + }, + "capabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities. Valid values are `CAPABILITY_IAM`, `CAPABILITY_NAMED_IAM`, `CAPABILITY_RESOURCE_POLICY`, or `CAPABILITY_AUTO_EXPAND`\n" + }, + "name": { + "type": "string", + "description": "The name of the stack to create. The resource deployed in AWS will be prefixed with `serverlessrepo-`\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of Parameter structures that specify input parameters for the stack.\n" + }, + "semanticVersion": { + "type": "string", + "description": "The version of the application to deploy. If not supplied, deploys the latest version.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags to associate with this stack. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "applicationId", + "capabilities" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CloudFormationStack resources.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The ARN of the application from the Serverless Application Repository.\n" + }, + "capabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities. Valid values are `CAPABILITY_IAM`, `CAPABILITY_NAMED_IAM`, `CAPABILITY_RESOURCE_POLICY`, or `CAPABILITY_AUTO_EXPAND`\n" + }, + "name": { + "type": "string", + "description": "The name of the stack to create. The resource deployed in AWS will be prefixed with `serverlessrepo-`\n" + }, + "outputs": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of outputs from the stack.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of Parameter structures that specify input parameters for the stack.\n" + }, + "semanticVersion": { + "type": "string", + "description": "The version of the application to deploy. If not supplied, deploys the latest version.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags to associate with this stack. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/budgetResourceAssociation:BudgetResourceAssociation": { + "description": "Manages a Service Catalog Budget Resource Association.\n\n> **Tip:** A \"resource\" is either a Service Catalog portfolio or product.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.BudgetResourceAssociation(\"example\", {\n budgetName: \"budget-pjtvyakdlyo3m\",\n resourceId: \"prod-dnigbtea24ste\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.BudgetResourceAssociation(\"example\",\n budget_name=\"budget-pjtvyakdlyo3m\",\n resource_id=\"prod-dnigbtea24ste\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.BudgetResourceAssociation(\"example\", new Aws.ServiceCatalog.BudgetResourceAssociationArgs\n {\n BudgetName = \"budget-pjtvyakdlyo3m\",\n ResourceId = \"prod-dnigbtea24ste\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewBudgetResourceAssociation(ctx, \"example\", &servicecatalog.BudgetResourceAssociationArgs{\n\t\t\tBudgetName: pulumi.String(\"budget-pjtvyakdlyo3m\"),\n\t\t\tResourceId: pulumi.String(\"prod-dnigbtea24ste\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_budget_resource_association` can be imported using the budget name and resource ID, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/budgetResourceAssociation:BudgetResourceAssociation example budget-pjtvyakdlyo3m:prod-dnigbtea24ste\n```\n\n ", + "properties": { + "budgetName": { + "type": "string", + "description": "Budget name.\n" + }, + "resourceId": { + "type": "string", + "description": "Resource identifier.\n" + } + }, + "required": [ + "budgetName", + "resourceId" + ], + "inputProperties": { + "budgetName": { + "type": "string", + "description": "Budget name.\n" + }, + "resourceId": { + "type": "string", + "description": "Resource identifier.\n" + } + }, + "requiredInputs": [ + "budgetName", + "resourceId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering BudgetResourceAssociation resources.\n", + "properties": { + "budgetName": { + "type": "string", + "description": "Budget name.\n" + }, + "resourceId": { + "type": "string", + "description": "Resource identifier.\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/constraint:Constraint": { + "description": "Manages a Service Catalog Constraint.\n\n> **NOTE:** This resource does not associate a Service Catalog product and portfolio. However, the product and portfolio must be associated (see the `aws.servicecatalog.ProductPortfolioAssociation` resource) prior to creating a constraint or you will receive an error.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.Constraint(\"example\", {\n description: \"Back off, man. I'm a scientist.\",\n portfolioId: aws_servicecatalog_portfolio.example.id,\n productId: aws_servicecatalog_product.example.id,\n type: \"LAUNCH\",\n parameters: JSON.stringify({\n RoleArn: \"arn:aws:iam::123456789012:role/LaunchRole\",\n }),\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.Constraint(\"example\",\n description=\"Back off, man. I'm a scientist.\",\n portfolio_id=aws_servicecatalog_portfolio[\"example\"][\"id\"],\n product_id=aws_servicecatalog_product[\"example\"][\"id\"],\n type=\"LAUNCH\",\n parameters=json.dumps({\n \"RoleArn\": \"arn:aws:iam::123456789012:role/LaunchRole\",\n }))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.Constraint(\"example\", new Aws.ServiceCatalog.ConstraintArgs\n {\n Description = \"Back off, man. I'm a scientist.\",\n PortfolioId = aws_servicecatalog_portfolio.Example.Id,\n ProductId = aws_servicecatalog_product.Example.Id,\n Type = \"LAUNCH\",\n Parameters = JsonSerializer.Serialize(new Dictionary\n {\n { \"RoleArn\", \"arn:aws:iam::123456789012:role/LaunchRole\" },\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"RoleArn\": \"arn:aws:iam::123456789012:role/LaunchRole\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := servicecatalog.NewConstraint(ctx, \"example\", &servicecatalog.ConstraintArgs{\n\t\t\tDescription: pulumi.String(\"Back off, man. I'm a scientist.\"),\n\t\t\tPortfolioId: pulumi.Any(aws_servicecatalog_portfolio.Example.Id),\n\t\t\tProductId: pulumi.Any(aws_servicecatalog_product.Example.Id),\n\t\t\tType: pulumi.String(\"LAUNCH\"),\n\t\t\tParameters: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_constraint` can be imported using the constraint ID, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/constraint:Constraint example cons-nmdkb6cgxfcrs\n```\n\n ", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "description": { + "type": "string", + "description": "Description of the constraint.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the constraint.\n" + }, + "parameters": { + "type": "string", + "description": "Constraint parameters in JSON format. The syntax depends on the constraint type. See details below.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier.\n" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string", + "description": "Type of constraint. Valid values are `LAUNCH`, `NOTIFICATION`, `RESOURCE_UPDATE`, `STACKSET`, and `TEMPLATE`.\n" + } + }, + "required": [ + "description", + "owner", + "parameters", + "portfolioId", + "productId", + "status", + "type" + ], + "inputProperties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "description": { + "type": "string", + "description": "Description of the constraint.\n" + }, + "parameters": { + "type": "string", + "description": "Constraint parameters in JSON format. The syntax depends on the constraint type. See details below.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier.\n" + }, + "type": { + "type": "string", + "description": "Type of constraint. Valid values are `LAUNCH`, `NOTIFICATION`, `RESOURCE_UPDATE`, `STACKSET`, and `TEMPLATE`.\n" + } + }, + "requiredInputs": [ + "parameters", + "portfolioId", + "productId", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Constraint resources.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "description": { + "type": "string", + "description": "Description of the constraint.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the constraint.\n" + }, + "parameters": { + "type": "string", + "description": "Constraint parameters in JSON format. The syntax depends on the constraint type. See details below.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier.\n" + }, + "status": { + "type": "string" + }, + "type": { + "type": "string", + "description": "Type of constraint. Valid values are `LAUNCH`, `NOTIFICATION`, `RESOURCE_UPDATE`, `STACKSET`, and `TEMPLATE`.\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/organizationsAccess:OrganizationsAccess": { + "description": "Manages Service Catalog AWS Organizations Access, a portfolio sharing feature through AWS Organizations. This allows Service Catalog to receive updates on your organization in order to sync your shares with the current structure. This resource will prompt AWS to set `organizations:EnableAWSServiceAccess` on your behalf so that your shares can be in sync with any changes in your AWS Organizations structure.\n\n> **NOTE:** This resource can only be used by the management account in the organization. In other words, a delegated administrator is not authorized to use the resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.OrganizationsAccess(\"example\", {\n enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.OrganizationsAccess(\"example\", enabled=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.OrganizationsAccess(\"example\", new Aws.ServiceCatalog.OrganizationsAccessArgs\n {\n Enabled = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewOrganizationsAccess(ctx, \"example\", &servicecatalog.OrganizationsAccessArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable AWS Organizations access.\n" + } + }, + "required": [ + "enabled" + ], + "inputProperties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable AWS Organizations access.\n" + } + }, + "requiredInputs": [ + "enabled" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering OrganizationsAccess resources.\n", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to enable AWS Organizations access.\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/portfolio:Portfolio": { + "description": "Provides a resource to create a Service Catalog Portfolio.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst portfolio = new aws.servicecatalog.Portfolio(\"portfolio\", {\n description: \"List of my organizations apps\",\n providerName: \"Brett\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nportfolio = aws.servicecatalog.Portfolio(\"portfolio\",\n description=\"List of my organizations apps\",\n provider_name=\"Brett\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var portfolio = new Aws.ServiceCatalog.Portfolio(\"portfolio\", new Aws.ServiceCatalog.PortfolioArgs\n {\n Description = \"List of my organizations apps\",\n ProviderName = \"Brett\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewPortfolio(ctx, \"portfolio\", &servicecatalog.PortfolioArgs{\n\t\t\tDescription: pulumi.String(\"List of my organizations apps\"),\n\t\t\tProviderName: pulumi.String(\"Brett\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nService Catalog Portfolios can be imported using the `service catalog portfolio id`, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/portfolio:Portfolio testfolio port-12344321\n```\n\n ", + "properties": { + "arn": { + "type": "string" + }, + "createdTime": { + "type": "string" + }, + "description": { + "type": "string", + "description": "Description of the portfolio\n" + }, + "name": { + "type": "string", + "description": "The name of the portfolio.\n" + }, + "providerName": { + "type": "string", + "description": "Name of the person or organization who owns the portfolio.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the connection. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "createdTime", + "description", + "name", + "providerName", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "Description of the portfolio\n" + }, + "name": { + "type": "string", + "description": "The name of the portfolio.\n" + }, + "providerName": { + "type": "string", + "description": "Name of the person or organization who owns the portfolio.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the connection. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "providerName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Portfolio resources.\n", + "properties": { + "arn": { + "type": "string" + }, + "createdTime": { + "type": "string" + }, + "description": { + "type": "string", + "description": "Description of the portfolio\n" + }, + "name": { + "type": "string", + "description": "The name of the portfolio.\n" + }, + "providerName": { + "type": "string", + "description": "Name of the person or organization who owns the portfolio.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the connection. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/portfolioShare:PortfolioShare": { + "description": "Manages a Service Catalog Portfolio Share. Shares the specified portfolio with the specified account or organization node. You can share portfolios to an organization, an organizational unit, or a specific account.\n\nIf the portfolio share with the specified account or organization node already exists, using this resource to re-create the share will have no effect and will not return an error. You can then use this resource to update the share.\n\n> **NOTE:** Shares to an organization node can only be created by the management account of an organization or by a delegated administrator. If a delegated admin is de-registered, they can no longer create portfolio shares.\n\n> **NOTE:** AWSOrganizationsAccess must be enabled in order to create a portfolio share to an organization node.\n\n> **NOTE:** You can't share a shared resource, including portfolios that contain a shared product.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.PortfolioShare(\"example\", {\n principalId: \"012128675309\",\n portfolioId: aws_servicecatalog_portfolio.example.id,\n type: \"ACCOUNT\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.PortfolioShare(\"example\",\n principal_id=\"012128675309\",\n portfolio_id=aws_servicecatalog_portfolio[\"example\"][\"id\"],\n type=\"ACCOUNT\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.PortfolioShare(\"example\", new Aws.ServiceCatalog.PortfolioShareArgs\n {\n PrincipalId = \"012128675309\",\n PortfolioId = aws_servicecatalog_portfolio.Example.Id,\n Type = \"ACCOUNT\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewPortfolioShare(ctx, \"example\", &servicecatalog.PortfolioShareArgs{\n\t\t\tPrincipalId: pulumi.String(\"012128675309\"),\n\t\t\tPortfolioId: pulumi.Any(aws_servicecatalog_portfolio.Example.Id),\n\t\t\tType: pulumi.String(\"ACCOUNT\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_portfolio_share` can be imported using the portfolio share ID, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/portfolioShare:PortfolioShare example port-12344321:ACCOUNT:123456789012\n```\n\n ", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "accepted": { + "type": "boolean", + "description": "Whether the shared portfolio is imported by the recipient account. If the recipient is organizational, the share is automatically imported, and the field is always set to true.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "principalId": { + "type": "string", + "description": "Identifier of the principal with whom you will share the portfolio. Valid values AWS account IDs and ARNs of AWS Organizations and organizational units.\n" + }, + "shareTagOptions": { + "type": "boolean", + "description": "Whether to enable sharing of `aws.servicecatalog.TagOption` resources when creating the portfolio share.\n" + }, + "type": { + "type": "string", + "description": "Type of portfolio share. Valid values are `ACCOUNT` (an external account), `ORGANIZATION` (a share to every account in an organization), `ORGANIZATIONAL_UNIT`, `ORGANIZATION_MEMBER_ACCOUNT` (a share to an account in an organization).\n" + }, + "waitForAcceptance": { + "type": "boolean", + "description": "Whether to wait (up to the timeout) for the share to be accepted. Organizational shares are automatically accepted.\n" + } + }, + "required": [ + "accepted", + "portfolioId", + "principalId", + "type" + ], + "inputProperties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "principalId": { + "type": "string", + "description": "Identifier of the principal with whom you will share the portfolio. Valid values AWS account IDs and ARNs of AWS Organizations and organizational units.\n" + }, + "shareTagOptions": { + "type": "boolean", + "description": "Whether to enable sharing of `aws.servicecatalog.TagOption` resources when creating the portfolio share.\n" + }, + "type": { + "type": "string", + "description": "Type of portfolio share. Valid values are `ACCOUNT` (an external account), `ORGANIZATION` (a share to every account in an organization), `ORGANIZATIONAL_UNIT`, `ORGANIZATION_MEMBER_ACCOUNT` (a share to an account in an organization).\n" + }, + "waitForAcceptance": { + "type": "boolean", + "description": "Whether to wait (up to the timeout) for the share to be accepted. Organizational shares are automatically accepted.\n" + } + }, + "requiredInputs": [ + "portfolioId", + "principalId", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PortfolioShare resources.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "accepted": { + "type": "boolean", + "description": "Whether the shared portfolio is imported by the recipient account. If the recipient is organizational, the share is automatically imported, and the field is always set to true.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "principalId": { + "type": "string", + "description": "Identifier of the principal with whom you will share the portfolio. Valid values AWS account IDs and ARNs of AWS Organizations and organizational units.\n" + }, + "shareTagOptions": { + "type": "boolean", + "description": "Whether to enable sharing of `aws.servicecatalog.TagOption` resources when creating the portfolio share.\n" + }, + "type": { + "type": "string", + "description": "Type of portfolio share. Valid values are `ACCOUNT` (an external account), `ORGANIZATION` (a share to every account in an organization), `ORGANIZATIONAL_UNIT`, `ORGANIZATION_MEMBER_ACCOUNT` (a share to an account in an organization).\n" + }, + "waitForAcceptance": { + "type": "boolean", + "description": "Whether to wait (up to the timeout) for the share to be accepted. Organizational shares are automatically accepted.\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/principalPortfolioAssociation:PrincipalPortfolioAssociation": { + "description": "Manages a Service Catalog Principal Portfolio Association.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.PrincipalPortfolioAssociation(\"example\", {\n portfolioId: \"port-68656c6c6f\",\n principalArn: \"arn:aws:iam::123456789012:user/Eleanor\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.PrincipalPortfolioAssociation(\"example\",\n portfolio_id=\"port-68656c6c6f\",\n principal_arn=\"arn:aws:iam::123456789012:user/Eleanor\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.PrincipalPortfolioAssociation(\"example\", new Aws.ServiceCatalog.PrincipalPortfolioAssociationArgs\n {\n PortfolioId = \"port-68656c6c6f\",\n PrincipalArn = \"arn:aws:iam::123456789012:user/Eleanor\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewPrincipalPortfolioAssociation(ctx, \"example\", &servicecatalog.PrincipalPortfolioAssociationArgs{\n\t\t\tPortfolioId: pulumi.String(\"port-68656c6c6f\"),\n\t\t\tPrincipalArn: pulumi.String(\"arn:aws:iam::123456789012:user/Eleanor\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_principal_portfolio_association` can be imported using the accept language, principal ARN, and portfolio ID, separated by a comma, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/principalPortfolioAssociation:PrincipalPortfolioAssociation example en,arn:aws:iam::123456789012:user/Eleanor,port-68656c6c6f\n```\n\n ", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "principalArn": { + "type": "string", + "description": "Principal ARN.\n" + }, + "principalType": { + "type": "string", + "description": "Principal type. Setting this argument empty (e.g., `principal_type = \"\"`) will result in an error. Valid value is `IAM`. Default is `IAM`.\n" + } + }, + "required": [ + "portfolioId", + "principalArn" + ], + "inputProperties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "principalArn": { + "type": "string", + "description": "Principal ARN.\n" + }, + "principalType": { + "type": "string", + "description": "Principal type. Setting this argument empty (e.g., `principal_type = \"\"`) will result in an error. Valid value is `IAM`. Default is `IAM`.\n" + } + }, + "requiredInputs": [ + "portfolioId", + "principalArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PrincipalPortfolioAssociation resources.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "principalArn": { + "type": "string", + "description": "Principal ARN.\n" + }, + "principalType": { + "type": "string", + "description": "Principal type. Setting this argument empty (e.g., `principal_type = \"\"`) will result in an error. Valid value is `IAM`. Default is `IAM`.\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/product:Product": { + "description": "Manages a Service Catalog Product.\n\n> **NOTE:** The user or role that uses this resources must have the `cloudformation:GetTemplate` IAM policy permission. This policy permission is required when using the `template_physical_id` argument.\n\n> A \"provisioning artifact\" is also referred to as a \"version.\" A \"distributor\" is also referred to as a \"vendor.\"\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.Product(\"example\", {\n owner: [aws_security_group.example.id],\n type: aws_subnet.main.id,\n provisioningArtifactParameters: {\n templateUrl: \"https://s3.amazonaws.com/cf-templates-ozkq9d3hgiq2-us-east-1/temp1.json\",\n },\n tags: {\n foo: \"bar\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.Product(\"example\",\n owner=[aws_security_group[\"example\"][\"id\"]],\n type=aws_subnet[\"main\"][\"id\"],\n provisioning_artifact_parameters=aws.servicecatalog.ProductProvisioningArtifactParametersArgs(\n template_url=\"https://s3.amazonaws.com/cf-templates-ozkq9d3hgiq2-us-east-1/temp1.json\",\n ),\n tags={\n \"foo\": \"bar\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.Product(\"example\", new Aws.ServiceCatalog.ProductArgs\n {\n Owner = \n {\n aws_security_group.Example.Id,\n },\n Type = aws_subnet.Main.Id,\n ProvisioningArtifactParameters = new Aws.ServiceCatalog.Inputs.ProductProvisioningArtifactParametersArgs\n {\n TemplateUrl = \"https://s3.amazonaws.com/cf-templates-ozkq9d3hgiq2-us-east-1/temp1.json\",\n },\n Tags = \n {\n { \"foo\", \"bar\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewProduct(ctx, \"example\", &servicecatalog.ProductArgs{\n\t\t\tOwner: pulumi.String{\n\t\t\t\taws_security_group.Example.Id,\n\t\t\t},\n\t\t\tType: pulumi.Any(aws_subnet.Main.Id),\n\t\t\tProvisioningArtifactParameters: &servicecatalog.ProductProvisioningArtifactParametersArgs{\n\t\t\t\tTemplateUrl: pulumi.String(\"https://s3.amazonaws.com/cf-templates-ozkq9d3hgiq2-us-east-1/temp1.json\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_product` can be imported using the product ID, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/product:Product example prod-dnigbtea24ste\n```\n\n ", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the product.\n" + }, + "createdTime": { + "type": "string", + "description": "Time when the product was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact.\n" + }, + "distributor": { + "type": "string", + "description": "Distributor (i.e., vendor) of the product.\n" + }, + "hasDefaultPath": { + "type": "boolean", + "description": "Whether the product has a default path. If the product does not have a default path, call `ListLaunchPaths` to disambiguate between paths. Otherwise, `ListLaunchPaths` is not required, and the output of ProductViewSummary can be used directly with `DescribeProvisioningParameters`.\n" + }, + "name": { + "type": "string", + "description": "Name of the provisioning artifact (for example, `v1`, `v2beta`). No spaces are allowed.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the product.\n" + }, + "provisioningArtifactParameters": { + "$ref": "#/types/aws:servicecatalog/ProductProvisioningArtifactParameters:ProductProvisioningArtifactParameters", + "description": "Configuration block for provisioning artifact (i.e., version) parameters. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the product.\n" + }, + "supportDescription": { + "type": "string", + "description": "Support information about the product.\n" + }, + "supportEmail": { + "type": "string", + "description": "Contact email for product support.\n" + }, + "supportUrl": { + "type": "string", + "description": "Contact URL for product support.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the product. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Type of provisioning artifact. Valid values: `CLOUD_FORMATION_TEMPLATE`, `MARKETPLACE_AMI`, `MARKETPLACE_CAR` (Marketplace Clusters and AWS Resources).\n" + } + }, + "required": [ + "arn", + "createdTime", + "description", + "distributor", + "hasDefaultPath", + "name", + "owner", + "provisioningArtifactParameters", + "status", + "supportDescription", + "supportEmail", + "supportUrl", + "tagsAll", + "type" + ], + "inputProperties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "description": { + "type": "string", + "description": "Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact.\n" + }, + "distributor": { + "type": "string", + "description": "Distributor (i.e., vendor) of the product.\n" + }, + "name": { + "type": "string", + "description": "Name of the provisioning artifact (for example, `v1`, `v2beta`). No spaces are allowed.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the product.\n" + }, + "provisioningArtifactParameters": { + "$ref": "#/types/aws:servicecatalog/ProductProvisioningArtifactParameters:ProductProvisioningArtifactParameters", + "description": "Configuration block for provisioning artifact (i.e., version) parameters. Detailed below.\n" + }, + "supportDescription": { + "type": "string", + "description": "Support information about the product.\n" + }, + "supportEmail": { + "type": "string", + "description": "Contact email for product support.\n" + }, + "supportUrl": { + "type": "string", + "description": "Contact URL for product support.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the product. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Type of provisioning artifact. Valid values: `CLOUD_FORMATION_TEMPLATE`, `MARKETPLACE_AMI`, `MARKETPLACE_CAR` (Marketplace Clusters and AWS Resources).\n" + } + }, + "requiredInputs": [ + "owner", + "provisioningArtifactParameters", + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Product resources.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the product.\n" + }, + "createdTime": { + "type": "string", + "description": "Time when the product was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact.\n" + }, + "distributor": { + "type": "string", + "description": "Distributor (i.e., vendor) of the product.\n" + }, + "hasDefaultPath": { + "type": "boolean", + "description": "Whether the product has a default path. If the product does not have a default path, call `ListLaunchPaths` to disambiguate between paths. Otherwise, `ListLaunchPaths` is not required, and the output of ProductViewSummary can be used directly with `DescribeProvisioningParameters`.\n" + }, + "name": { + "type": "string", + "description": "Name of the provisioning artifact (for example, `v1`, `v2beta`). No spaces are allowed.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the product.\n" + }, + "provisioningArtifactParameters": { + "$ref": "#/types/aws:servicecatalog/ProductProvisioningArtifactParameters:ProductProvisioningArtifactParameters", + "description": "Configuration block for provisioning artifact (i.e., version) parameters. Detailed below.\n" + }, + "status": { + "type": "string", + "description": "Status of the product.\n" + }, + "supportDescription": { + "type": "string", + "description": "Support information about the product.\n" + }, + "supportEmail": { + "type": "string", + "description": "Contact email for product support.\n" + }, + "supportUrl": { + "type": "string", + "description": "Contact URL for product support.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the product. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "type": { + "type": "string", + "description": "Type of provisioning artifact. Valid values: `CLOUD_FORMATION_TEMPLATE`, `MARKETPLACE_AMI`, `MARKETPLACE_CAR` (Marketplace Clusters and AWS Resources).\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/productPortfolioAssociation:ProductPortfolioAssociation": { + "description": "Manages a Service Catalog Product Portfolio Association.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.ProductPortfolioAssociation(\"example\", {\n portfolioId: \"port-68656c6c6f\",\n productId: \"prod-dnigbtea24ste\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.ProductPortfolioAssociation(\"example\",\n portfolio_id=\"port-68656c6c6f\",\n product_id=\"prod-dnigbtea24ste\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.ProductPortfolioAssociation(\"example\", new Aws.ServiceCatalog.ProductPortfolioAssociationArgs\n {\n PortfolioId = \"port-68656c6c6f\",\n ProductId = \"prod-dnigbtea24ste\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewProductPortfolioAssociation(ctx, \"example\", &servicecatalog.ProductPortfolioAssociationArgs{\n\t\t\tPortfolioId: pulumi.String(\"port-68656c6c6f\"),\n\t\t\tProductId: pulumi.String(\"prod-dnigbtea24ste\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_product_portfolio_association` can be imported using the accept language, portfolio ID, and product ID, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/productPortfolioAssociation:ProductPortfolioAssociation example en:port-68656c6c6f:prod-dnigbtea24ste\n```\n\n ", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier.\n" + }, + "sourcePortfolioId": { + "type": "string", + "description": "Identifier of the source portfolio.\n" + } + }, + "required": [ + "portfolioId", + "productId" + ], + "inputProperties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier.\n" + }, + "sourcePortfolioId": { + "type": "string", + "description": "Identifier of the source portfolio.\n" + } + }, + "requiredInputs": [ + "portfolioId", + "productId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ProductPortfolioAssociation resources.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier.\n" + }, + "sourcePortfolioId": { + "type": "string", + "description": "Identifier of the source portfolio.\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/provisionedProduct:ProvisionedProduct": { + "description": "This resource provisions and manages a Service Catalog provisioned product.\n\nA provisioned product is a resourced instance of a product. For example, provisioning a product based on a CloudFormation template launches a CloudFormation stack and its underlying resources.\n\nLike this resource, the `aws_servicecatalog_record` data source also provides information about a provisioned product. Although a Service Catalog record provides some overlapping information with this resource, a record is tied to a provisioned product event, such as provisioning, termination, and updating.\n\n> **Tip:** If you include conflicted keys as tags, AWS will report an error, \"Parameter validation failed: Missing required parameter in Tags[N]:Value\".\n\n> **Tip:** A \"provisioning artifact\" is also referred to as a \"version.\" A \"distributor\" is also referred to as a \"vendor.\"\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.ProvisionedProduct(\"example\", {\n owner: [aws_security_group.example.id],\n type: aws_subnet.main.id,\n provisioningArtifactParameters: [{\n templateUrl: \"https://s3.amazonaws.com/cf-templates-ozkq9d3hgiq2-us-east-1/temp1.json\",\n }],\n tags: {\n foo: \"bar\",\n },\n});\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_provisioned_product` can be imported using the provisioned product ID, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/provisionedProduct:ProvisionedProduct example pp-dnigbtea24ste\n```\n\n ", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the provisioned product.\n" + }, + "cloudwatchDashboardNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of CloudWatch dashboards that were created when provisioning the product.\n" + }, + "createdTime": { + "type": "string", + "description": "Time when the provisioned product was created.\n" + }, + "ignoreErrors": { + "type": "boolean", + "description": "_Only applies to deleting._ If set to `true`, AWS Service Catalog stops managing the specified provisioned product even if it cannot delete the underlying resources. The default value is `false`.\n" + }, + "lastProvisioningRecordId": { + "type": "string", + "description": "Record identifier of the last request performed on this provisioned product of the following types: `ProvisionedProduct`, `UpdateProvisionedProduct`, `ExecuteProvisionedProductPlan`, `TerminateProvisionedProduct`.\n" + }, + "lastRecordId": { + "type": "string", + "description": "Record identifier of the last request performed on this provisioned product.\n" + }, + "lastSuccessfulProvisioningRecordId": { + "type": "string", + "description": "Record identifier of the last successful request performed on this provisioned product of the following types: `ProvisionedProduct`, `UpdateProvisionedProduct`, `ExecuteProvisionedProductPlan`, `TerminateProvisionedProduct`.\n" + }, + "launchRoleArn": { + "type": "string", + "description": "ARN of the launch role associated with the provisioned product.\n" + }, + "name": { + "type": "string", + "description": "User-friendly name of the provisioned product.\n" + }, + "notificationArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Passed to CloudFormation. The SNS topic ARNs to which to publish stack-related events.\n" + }, + "pathId": { + "type": "string", + "description": "Path identifier of the product. This value is optional if the product has a default path, and required if the product has more than one path. To list the paths for a product, use `aws.servicecatalog.getLaunchPaths`. When required, you must provide `path_id` or `path_name`, but not both.\n" + }, + "pathName": { + "type": "string", + "description": "Name of the path. You must provide `path_id` or `path_name`, but not both.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier. For example, `prod-abcdzk7xy33qa`. You must provide `product_id` or `product_name`, but not both.\n" + }, + "productName": { + "type": "string", + "description": "Name of the product. You must provide `product_id` or `product_name`, but not both.\n" + }, + "provisioningArtifactId": { + "type": "string", + "description": "Identifier of the provisioning artifact. For example, `pa-4abcdjnxjj6ne`. You must provide the `provisioning_artifact_id` or `provisioning_artifact_name`, but not both.\n" + }, + "provisioningArtifactName": { + "type": "string", + "description": "Name of the provisioning artifact. You must provide the `provisioning_artifact_id` or `provisioning_artifact_name`, but not both.\n" + }, + "provisioningParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:servicecatalog/ProvisionedProductProvisioningParameter:ProvisionedProductProvisioningParameter" + }, + "description": "Configuration block with parameters specified by the administrator that are required for provisioning the product. See details below.\n" + }, + "retainPhysicalResources": { + "type": "boolean", + "description": "_Only applies to deleting._ Whether to delete the Service Catalog provisioned product but leave the CloudFormation stack, stack set, or the underlying resources of the deleted provisioned product. The default value is `false`.\n" + }, + "stackSetProvisioningPreferences": { + "$ref": "#/types/aws:servicecatalog/ProvisionedProductStackSetProvisioningPreferences:ProvisionedProductStackSetProvisioningPreferences", + "description": "Configuration block with information about the provisioning preferences for a stack set. See details below.\n" + }, + "status": { + "type": "string", + "description": "Current status of the provisioned product. See meanings below.\n" + }, + "statusMessage": { + "type": "string", + "description": "Current status message of the provisioned product.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the provisioned product. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "type": { + "type": "string", + "description": "Type of provisioned product. Valid values are `CFN_STACK` and `CFN_STACKSET`.\n" + } + }, + "required": [ + "arn", + "cloudwatchDashboardNames", + "createdTime", + "lastProvisioningRecordId", + "lastRecordId", + "lastSuccessfulProvisioningRecordId", + "launchRoleArn", + "name", + "pathId", + "productId", + "provisioningArtifactId", + "status", + "statusMessage", + "tagsAll", + "type" + ], + "inputProperties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "ignoreErrors": { + "type": "boolean", + "description": "_Only applies to deleting._ If set to `true`, AWS Service Catalog stops managing the specified provisioned product even if it cannot delete the underlying resources. The default value is `false`.\n" + }, + "name": { + "type": "string", + "description": "User-friendly name of the provisioned product.\n" + }, + "notificationArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Passed to CloudFormation. The SNS topic ARNs to which to publish stack-related events.\n" + }, + "pathId": { + "type": "string", + "description": "Path identifier of the product. This value is optional if the product has a default path, and required if the product has more than one path. To list the paths for a product, use `aws.servicecatalog.getLaunchPaths`. When required, you must provide `path_id` or `path_name`, but not both.\n" + }, + "pathName": { + "type": "string", + "description": "Name of the path. You must provide `path_id` or `path_name`, but not both.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier. For example, `prod-abcdzk7xy33qa`. You must provide `product_id` or `product_name`, but not both.\n" + }, + "productName": { + "type": "string", + "description": "Name of the product. You must provide `product_id` or `product_name`, but not both.\n" + }, + "provisioningArtifactId": { + "type": "string", + "description": "Identifier of the provisioning artifact. For example, `pa-4abcdjnxjj6ne`. You must provide the `provisioning_artifact_id` or `provisioning_artifact_name`, but not both.\n" + }, + "provisioningArtifactName": { + "type": "string", + "description": "Name of the provisioning artifact. You must provide the `provisioning_artifact_id` or `provisioning_artifact_name`, but not both.\n" + }, + "provisioningParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:servicecatalog/ProvisionedProductProvisioningParameter:ProvisionedProductProvisioningParameter" + }, + "description": "Configuration block with parameters specified by the administrator that are required for provisioning the product. See details below.\n" + }, + "retainPhysicalResources": { + "type": "boolean", + "description": "_Only applies to deleting._ Whether to delete the Service Catalog provisioned product but leave the CloudFormation stack, stack set, or the underlying resources of the deleted provisioned product. The default value is `false`.\n" + }, + "stackSetProvisioningPreferences": { + "$ref": "#/types/aws:servicecatalog/ProvisionedProductStackSetProvisioningPreferences:ProvisionedProductStackSetProvisioningPreferences", + "description": "Configuration block with information about the provisioning preferences for a stack set. See details below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the provisioned product. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ProvisionedProduct resources.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "arn": { + "type": "string", + "description": "ARN of the provisioned product.\n" + }, + "cloudwatchDashboardNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of CloudWatch dashboards that were created when provisioning the product.\n" + }, + "createdTime": { + "type": "string", + "description": "Time when the provisioned product was created.\n" + }, + "ignoreErrors": { + "type": "boolean", + "description": "_Only applies to deleting._ If set to `true`, AWS Service Catalog stops managing the specified provisioned product even if it cannot delete the underlying resources. The default value is `false`.\n" + }, + "lastProvisioningRecordId": { + "type": "string", + "description": "Record identifier of the last request performed on this provisioned product of the following types: `ProvisionedProduct`, `UpdateProvisionedProduct`, `ExecuteProvisionedProductPlan`, `TerminateProvisionedProduct`.\n" + }, + "lastRecordId": { + "type": "string", + "description": "Record identifier of the last request performed on this provisioned product.\n" + }, + "lastSuccessfulProvisioningRecordId": { + "type": "string", + "description": "Record identifier of the last successful request performed on this provisioned product of the following types: `ProvisionedProduct`, `UpdateProvisionedProduct`, `ExecuteProvisionedProductPlan`, `TerminateProvisionedProduct`.\n" + }, + "launchRoleArn": { + "type": "string", + "description": "ARN of the launch role associated with the provisioned product.\n" + }, + "name": { + "type": "string", + "description": "User-friendly name of the provisioned product.\n" + }, + "notificationArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Passed to CloudFormation. The SNS topic ARNs to which to publish stack-related events.\n" + }, + "pathId": { + "type": "string", + "description": "Path identifier of the product. This value is optional if the product has a default path, and required if the product has more than one path. To list the paths for a product, use `aws.servicecatalog.getLaunchPaths`. When required, you must provide `path_id` or `path_name`, but not both.\n" + }, + "pathName": { + "type": "string", + "description": "Name of the path. You must provide `path_id` or `path_name`, but not both.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier. For example, `prod-abcdzk7xy33qa`. You must provide `product_id` or `product_name`, but not both.\n" + }, + "productName": { + "type": "string", + "description": "Name of the product. You must provide `product_id` or `product_name`, but not both.\n" + }, + "provisioningArtifactId": { + "type": "string", + "description": "Identifier of the provisioning artifact. For example, `pa-4abcdjnxjj6ne`. You must provide the `provisioning_artifact_id` or `provisioning_artifact_name`, but not both.\n" + }, + "provisioningArtifactName": { + "type": "string", + "description": "Name of the provisioning artifact. You must provide the `provisioning_artifact_id` or `provisioning_artifact_name`, but not both.\n" + }, + "provisioningParameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:servicecatalog/ProvisionedProductProvisioningParameter:ProvisionedProductProvisioningParameter" + }, + "description": "Configuration block with parameters specified by the administrator that are required for provisioning the product. See details below.\n" + }, + "retainPhysicalResources": { + "type": "boolean", + "description": "_Only applies to deleting._ Whether to delete the Service Catalog provisioned product but leave the CloudFormation stack, stack set, or the underlying resources of the deleted provisioned product. The default value is `false`.\n" + }, + "stackSetProvisioningPreferences": { + "$ref": "#/types/aws:servicecatalog/ProvisionedProductStackSetProvisioningPreferences:ProvisionedProductStackSetProvisioningPreferences", + "description": "Configuration block with information about the provisioning preferences for a stack set. See details below.\n" + }, + "status": { + "type": "string", + "description": "Current status of the provisioned product. See meanings below.\n" + }, + "statusMessage": { + "type": "string", + "description": "Current status message of the provisioned product.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the provisioned product. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "type": { + "type": "string", + "description": "Type of provisioned product. Valid values are `CFN_STACK` and `CFN_STACKSET`.\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/provisioningArtifact:ProvisioningArtifact": { + "description": "Manages a Service Catalog Provisioning Artifact for a specified product.\n\n> A \"provisioning artifact\" is also referred to as a \"version.\"\n\n> **NOTE:** You cannot create a provisioning artifact for a product that was shared with you.\n\n> **NOTE:** The user or role that use this resource must have the `cloudformation:GetTemplate` IAM policy permission. This policy permission is required when using the `template_physical_id` argument.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.ProvisioningArtifact(\"example\", {\n productId: aws_servicecatalog_product.example.id,\n type: \"CLOUD_FORMATION_TEMPLATE\",\n templateUrl: `https://${aws_s3_bucket.example.bucket_regional_domain_name}/${aws_s3_bucket_object.example.key}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.ProvisioningArtifact(\"example\",\n product_id=aws_servicecatalog_product[\"example\"][\"id\"],\n type=\"CLOUD_FORMATION_TEMPLATE\",\n template_url=f\"https://{aws_s3_bucket['example']['bucket_regional_domain_name']}/{aws_s3_bucket_object['example']['key']}\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.ProvisioningArtifact(\"example\", new Aws.ServiceCatalog.ProvisioningArtifactArgs\n {\n ProductId = aws_servicecatalog_product.Example.Id,\n Type = \"CLOUD_FORMATION_TEMPLATE\",\n TemplateUrl = $\"https://{aws_s3_bucket.Example.Bucket_regional_domain_name}/{aws_s3_bucket_object.Example.Key}\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewProvisioningArtifact(ctx, \"example\", &servicecatalog.ProvisioningArtifactArgs{\n\t\t\tProductId: pulumi.Any(aws_servicecatalog_product.Example.Id),\n\t\t\tType: pulumi.String(\"CLOUD_FORMATION_TEMPLATE\"),\n\t\t\tTemplateUrl: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"https://\", aws_s3_bucket.Example.Bucket_regional_domain_name, \"/\", aws_s3_bucket_object.Example.Key)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_provisioning_artifact` can be imported using the provisioning artifact ID and product ID separated by a colon, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/provisioningArtifact:ProvisioningArtifact example pa-ij2b6lusy6dec:prod-el3an0rma3\n```\n\n ", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). The default value is `en`.\n" + }, + "active": { + "type": "boolean", + "description": "Whether the product version is active. Inactive provisioning artifacts are invisible to end users. End users cannot launch or update a provisioned product from an inactive provisioning artifact. Default is `true`.\n" + }, + "createdTime": { + "type": "string", + "description": "Time when the provisioning artifact was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact.\n" + }, + "disableTemplateValidation": { + "type": "boolean", + "description": "Whether AWS Service Catalog stops validating the specified provisioning artifact template even if it is invalid.\n" + }, + "guidance": { + "type": "string", + "description": "Information set by the administrator to provide guidance to end users about which provisioning artifacts to use. Valid values are `DEFAULT` and `DEPRECATED`. The default is `DEFAULT`. Users are able to make updates to a provisioned product of a deprecated version but cannot launch new provisioned products using a deprecated version.\n" + }, + "name": { + "type": "string", + "description": "Name of the provisioning artifact (for example, `v1`, `v2beta`). No spaces are allowed.\n" + }, + "productId": { + "type": "string", + "description": "Identifier of the product.\n" + }, + "templatePhysicalId": { + "type": "string", + "description": "Template source as the physical ID of the resource that contains the template. Currently only supports CloudFormation stack ARN. Specify the physical ID as `arn:[partition]:cloudformation:[region]:[account ID]:stack/[stack name]/[resource ID]`.\n" + }, + "templateUrl": { + "type": "string", + "description": "Template source as URL of the CloudFormation template in Amazon S3.\n" + }, + "type": { + "type": "string", + "description": "Type of provisioning artifact. Valid values: `CLOUD_FORMATION_TEMPLATE`, `MARKETPLACE_AMI`, `MARKETPLACE_CAR` (Marketplace Clusters and AWS Resources).\n" + } + }, + "required": [ + "createdTime", + "description", + "name", + "productId" + ], + "inputProperties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). The default value is `en`.\n" + }, + "active": { + "type": "boolean", + "description": "Whether the product version is active. Inactive provisioning artifacts are invisible to end users. End users cannot launch or update a provisioned product from an inactive provisioning artifact. Default is `true`.\n" + }, + "description": { + "type": "string", + "description": "Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact.\n" + }, + "disableTemplateValidation": { + "type": "boolean", + "description": "Whether AWS Service Catalog stops validating the specified provisioning artifact template even if it is invalid.\n" + }, + "guidance": { + "type": "string", + "description": "Information set by the administrator to provide guidance to end users about which provisioning artifacts to use. Valid values are `DEFAULT` and `DEPRECATED`. The default is `DEFAULT`. Users are able to make updates to a provisioned product of a deprecated version but cannot launch new provisioned products using a deprecated version.\n" + }, + "name": { + "type": "string", + "description": "Name of the provisioning artifact (for example, `v1`, `v2beta`). No spaces are allowed.\n" + }, + "productId": { + "type": "string", + "description": "Identifier of the product.\n" + }, + "templatePhysicalId": { + "type": "string", + "description": "Template source as the physical ID of the resource that contains the template. Currently only supports CloudFormation stack ARN. Specify the physical ID as `arn:[partition]:cloudformation:[region]:[account ID]:stack/[stack name]/[resource ID]`.\n" + }, + "templateUrl": { + "type": "string", + "description": "Template source as URL of the CloudFormation template in Amazon S3.\n" + }, + "type": { + "type": "string", + "description": "Type of provisioning artifact. Valid values: `CLOUD_FORMATION_TEMPLATE`, `MARKETPLACE_AMI`, `MARKETPLACE_CAR` (Marketplace Clusters and AWS Resources).\n" + } + }, + "requiredInputs": [ + "productId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ProvisioningArtifact resources.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). The default value is `en`.\n" + }, + "active": { + "type": "boolean", + "description": "Whether the product version is active. Inactive provisioning artifacts are invisible to end users. End users cannot launch or update a provisioned product from an inactive provisioning artifact. Default is `true`.\n" + }, + "createdTime": { + "type": "string", + "description": "Time when the provisioning artifact was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the provisioning artifact (i.e., version), including how it differs from the previous provisioning artifact.\n" + }, + "disableTemplateValidation": { + "type": "boolean", + "description": "Whether AWS Service Catalog stops validating the specified provisioning artifact template even if it is invalid.\n" + }, + "guidance": { + "type": "string", + "description": "Information set by the administrator to provide guidance to end users about which provisioning artifacts to use. Valid values are `DEFAULT` and `DEPRECATED`. The default is `DEFAULT`. Users are able to make updates to a provisioned product of a deprecated version but cannot launch new provisioned products using a deprecated version.\n" + }, + "name": { + "type": "string", + "description": "Name of the provisioning artifact (for example, `v1`, `v2beta`). No spaces are allowed.\n" + }, + "productId": { + "type": "string", + "description": "Identifier of the product.\n" + }, + "templatePhysicalId": { + "type": "string", + "description": "Template source as the physical ID of the resource that contains the template. Currently only supports CloudFormation stack ARN. Specify the physical ID as `arn:[partition]:cloudformation:[region]:[account ID]:stack/[stack name]/[resource ID]`.\n" + }, + "templateUrl": { + "type": "string", + "description": "Template source as URL of the CloudFormation template in Amazon S3.\n" + }, + "type": { + "type": "string", + "description": "Type of provisioning artifact. Valid values: `CLOUD_FORMATION_TEMPLATE`, `MARKETPLACE_AMI`, `MARKETPLACE_CAR` (Marketplace Clusters and AWS Resources).\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/serviceAction:ServiceAction": { + "description": "Manages a Service Catalog self-service action.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.ServiceAction(\"example\", {\n definition: {\n name: \"AWS-RestartEC2Instance\",\n },\n description: \"Motor generator unit\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.ServiceAction(\"example\",\n definition=aws.servicecatalog.ServiceActionDefinitionArgs(\n name=\"AWS-RestartEC2Instance\",\n ),\n description=\"Motor generator unit\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.ServiceAction(\"example\", new Aws.ServiceCatalog.ServiceActionArgs\n {\n Definition = new Aws.ServiceCatalog.Inputs.ServiceActionDefinitionArgs\n {\n Name = \"AWS-RestartEC2Instance\",\n },\n Description = \"Motor generator unit\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewServiceAction(ctx, \"example\", &servicecatalog.ServiceActionArgs{\n\t\t\tDefinition: &servicecatalog.ServiceActionDefinitionArgs{\n\t\t\t\tName: pulumi.String(\"AWS-RestartEC2Instance\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Motor generator unit\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_service_action` can be imported using the service action ID, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/serviceAction:ServiceAction example act-f1w12eperfslh\n```\n\n ", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values are `en` (English), `jp` (Japanese), and `zh` (Chinese). Default is `en`.\n" + }, + "definition": { + "$ref": "#/types/aws:servicecatalog/ServiceActionDefinition:ServiceActionDefinition", + "description": "Self-service action definition configuration block. Detailed below.\n" + }, + "description": { + "type": "string", + "description": "Self-service action description.\n" + }, + "name": { + "type": "string", + "description": "Self-service action name.\n" + } + }, + "required": [ + "definition", + "description", + "name" + ], + "inputProperties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values are `en` (English), `jp` (Japanese), and `zh` (Chinese). Default is `en`.\n" + }, + "definition": { + "$ref": "#/types/aws:servicecatalog/ServiceActionDefinition:ServiceActionDefinition", + "description": "Self-service action definition configuration block. Detailed below.\n" + }, + "description": { + "type": "string", + "description": "Self-service action description.\n" + }, + "name": { + "type": "string", + "description": "Self-service action name.\n" + } + }, + "requiredInputs": [ + "definition" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ServiceAction resources.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values are `en` (English), `jp` (Japanese), and `zh` (Chinese). Default is `en`.\n" + }, + "definition": { + "$ref": "#/types/aws:servicecatalog/ServiceActionDefinition:ServiceActionDefinition", + "description": "Self-service action definition configuration block. Detailed below.\n" + }, + "description": { + "type": "string", + "description": "Self-service action description.\n" + }, + "name": { + "type": "string", + "description": "Self-service action name.\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/tagOption:TagOption": { + "description": "Manages a Service Catalog Tag Option.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.TagOption(\"example\", {\n key: \"nyckel\",\n value: \"värde\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.TagOption(\"example\",\n key=\"nyckel\",\n value=\"värde\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.TagOption(\"example\", new Aws.ServiceCatalog.TagOptionArgs\n {\n Key = \"nyckel\",\n Value = \"värde\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewTagOption(ctx, \"example\", &servicecatalog.TagOptionArgs{\n\t\t\tKey: pulumi.String(\"nyckel\"),\n\t\t\tValue: pulumi.String(\"värde\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_tag_option` can be imported using the tag option ID, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/tagOption:TagOption example tag-pjtvagohlyo3m\n```\n\n ", + "properties": { + "active": { + "type": "boolean", + "description": "Whether tag option is active. Default is `true`.\n" + }, + "key": { + "type": "string", + "description": "Tag option key.\n" + }, + "owner": { + "type": "string" + }, + "value": { + "type": "string", + "description": "Tag option value.\n" + } + }, + "required": [ + "key", + "owner", + "value" + ], + "inputProperties": { + "active": { + "type": "boolean", + "description": "Whether tag option is active. Default is `true`.\n" + }, + "key": { + "type": "string", + "description": "Tag option key.\n" + }, + "value": { + "type": "string", + "description": "Tag option value.\n" + } + }, + "requiredInputs": [ + "key", + "value" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TagOption resources.\n", + "properties": { + "active": { + "type": "boolean", + "description": "Whether tag option is active. Default is `true`.\n" + }, + "key": { + "type": "string", + "description": "Tag option key.\n" + }, + "owner": { + "type": "string" + }, + "value": { + "type": "string", + "description": "Tag option value.\n" + } + }, + "type": "object" + } + }, + "aws:servicecatalog/tagOptionResourceAssociation:TagOptionResourceAssociation": { + "description": "Manages a Service Catalog Tag Option Resource Association.\n\n> **Tip:** A \"resource\" is either a Service Catalog portfolio or product.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicecatalog.TagOptionResourceAssociation(\"example\", {\n resourceId: \"prod-dnigbtea24ste\",\n tagOptionId: \"tag-pjtvyakdlyo3m\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.TagOptionResourceAssociation(\"example\",\n resource_id=\"prod-dnigbtea24ste\",\n tag_option_id=\"tag-pjtvyakdlyo3m\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceCatalog.TagOptionResourceAssociation(\"example\", new Aws.ServiceCatalog.TagOptionResourceAssociationArgs\n {\n ResourceId = \"prod-dnigbtea24ste\",\n TagOptionId = \"tag-pjtvyakdlyo3m\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.NewTagOptionResourceAssociation(ctx, \"example\", &servicecatalog.TagOptionResourceAssociationArgs{\n\t\t\tResourceId: pulumi.String(\"prod-dnigbtea24ste\"),\n\t\t\tTagOptionId: pulumi.String(\"tag-pjtvyakdlyo3m\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_servicecatalog_tag_option_resource_association` can be imported using the tag option ID and resource ID, e.g.\n\n```sh\n $ pulumi import aws:servicecatalog/tagOptionResourceAssociation:TagOptionResourceAssociation example tag-pjtvyakdlyo3m:prod-dnigbtea24ste\n```\n\n ", + "properties": { + "resourceArn": { + "type": "string", + "description": "ARN of the resource.\n" + }, + "resourceCreatedTime": { + "type": "string", + "description": "Creation time of the resource.\n" + }, + "resourceDescription": { + "type": "string", + "description": "Description of the resource.\n" + }, + "resourceId": { + "type": "string", + "description": "Resource identifier.\n" + }, + "resourceName": { + "type": "string", + "description": "Description of the resource.\n" + }, + "tagOptionId": { + "type": "string", + "description": "Tag Option identifier.\n" + } + }, + "required": [ + "resourceArn", + "resourceCreatedTime", + "resourceDescription", + "resourceId", + "resourceName", + "tagOptionId" + ], + "inputProperties": { + "resourceId": { + "type": "string", + "description": "Resource identifier.\n" + }, + "tagOptionId": { + "type": "string", + "description": "Tag Option identifier.\n" + } + }, + "requiredInputs": [ + "resourceId", + "tagOptionId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TagOptionResourceAssociation resources.\n", + "properties": { + "resourceArn": { + "type": "string", + "description": "ARN of the resource.\n" + }, + "resourceCreatedTime": { + "type": "string", + "description": "Creation time of the resource.\n" + }, + "resourceDescription": { + "type": "string", + "description": "Description of the resource.\n" + }, + "resourceId": { + "type": "string", + "description": "Resource identifier.\n" + }, + "resourceName": { + "type": "string", + "description": "Description of the resource.\n" + }, + "tagOptionId": { + "type": "string", + "description": "Tag Option identifier.\n" + } + }, + "type": "object" + } + }, + "aws:servicediscovery/httpNamespace:HttpNamespace": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicediscovery.HttpNamespace(\"example\", {\n description: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicediscovery.HttpNamespace(\"example\", description=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceDiscovery.HttpNamespace(\"example\", new Aws.ServiceDiscovery.HttpNamespaceArgs\n {\n Description = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicediscovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicediscovery.NewHttpNamespace(ctx, \"example\", &servicediscovery.HttpNamespaceArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nService Discovery HTTP Namespace can be imported using the namespace ID, e.g.\n\n```sh\n $ pulumi import aws:servicediscovery/httpNamespace:HttpNamespace example ns-1234567890\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN that Amazon Route 53 assigns to the namespace when you create it.\n" + }, + "description": { + "type": "string", + "description": "The description that you specify for the namespace when you create it.\n" + }, + "name": { + "type": "string", + "description": "The name of the http namespace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the namespace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description that you specify for the namespace when you create it.\n" + }, + "name": { + "type": "string", + "description": "The name of the http namespace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the namespace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering HttpNamespace resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN that Amazon Route 53 assigns to the namespace when you create it.\n" + }, + "description": { + "type": "string", + "description": "The description that you specify for the namespace when you create it.\n" + }, + "name": { + "type": "string", + "description": "The name of the http namespace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the namespace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:servicediscovery/privateDnsNamespace:PrivateDnsNamespace": { + "description": "Provides a Service Discovery Private DNS Namespace resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {cidrBlock: \"10.0.0.0/16\"});\nconst examplePrivateDnsNamespace = new aws.servicediscovery.PrivateDnsNamespace(\"examplePrivateDnsNamespace\", {\n description: \"example\",\n vpc: exampleVpc.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\", cidr_block=\"10.0.0.0/16\")\nexample_private_dns_namespace = aws.servicediscovery.PrivateDnsNamespace(\"examplePrivateDnsNamespace\",\n description=\"example\",\n vpc=example_vpc.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var examplePrivateDnsNamespace = new Aws.ServiceDiscovery.PrivateDnsNamespace(\"examplePrivateDnsNamespace\", new Aws.ServiceDiscovery.PrivateDnsNamespaceArgs\n {\n Description = \"example\",\n Vpc = exampleVpc.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicediscovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicediscovery.NewPrivateDnsNamespace(ctx, \"examplePrivateDnsNamespace\", &servicediscovery.PrivateDnsNamespaceArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t\tVpc: exampleVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nService Discovery Private DNS Namespace can be imported using the namespace ID and VPC ID, e.g.\n\n```sh\n $ pulumi import aws:servicediscovery/privateDnsNamespace:PrivateDnsNamespace example 0123456789:vpc-123345\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN that Amazon Route 53 assigns to the namespace when you create it.\n" + }, + "description": { + "type": "string", + "description": "The description that you specify for the namespace when you create it.\n" + }, + "hostedZone": { + "type": "string", + "description": "The ID for the hosted zone that Amazon Route 53 creates when you create a namespace.\n" + }, + "name": { + "type": "string", + "description": "The name of the namespace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the namespace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpc": { + "type": "string", + "description": "The ID of VPC that you want to associate the namespace with.\n" + } + }, + "required": [ + "arn", + "hostedZone", + "name", + "tagsAll", + "vpc" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description that you specify for the namespace when you create it.\n" + }, + "name": { + "type": "string", + "description": "The name of the namespace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the namespace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpc": { + "type": "string", + "description": "The ID of VPC that you want to associate the namespace with.\n" + } + }, + "requiredInputs": [ + "vpc" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PrivateDnsNamespace resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN that Amazon Route 53 assigns to the namespace when you create it.\n" + }, + "description": { + "type": "string", + "description": "The description that you specify for the namespace when you create it.\n" + }, + "hostedZone": { + "type": "string", + "description": "The ID for the hosted zone that Amazon Route 53 creates when you create a namespace.\n" + }, + "name": { + "type": "string", + "description": "The name of the namespace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the namespace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpc": { + "type": "string", + "description": "The ID of VPC that you want to associate the namespace with.\n" + } + }, + "type": "object" + } + }, + "aws:servicediscovery/publicDnsNamespace:PublicDnsNamespace": { + "description": "Provides a Service Discovery Public DNS Namespace resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicediscovery.PublicDnsNamespace(\"example\", {\n description: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicediscovery.PublicDnsNamespace(\"example\", description=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceDiscovery.PublicDnsNamespace(\"example\", new Aws.ServiceDiscovery.PublicDnsNamespaceArgs\n {\n Description = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicediscovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicediscovery.NewPublicDnsNamespace(ctx, \"example\", &servicediscovery.PublicDnsNamespaceArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nService Discovery Public DNS Namespace can be imported using the namespace ID, e.g.\n\n```sh\n $ pulumi import aws:servicediscovery/publicDnsNamespace:PublicDnsNamespace example 0123456789\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN that Amazon Route 53 assigns to the namespace when you create it.\n" + }, + "description": { + "type": "string", + "description": "The description that you specify for the namespace when you create it.\n" + }, + "hostedZone": { + "type": "string", + "description": "The ID for the hosted zone that Amazon Route 53 creates when you create a namespace.\n" + }, + "name": { + "type": "string", + "description": "The name of the namespace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the namespace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "hostedZone", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description that you specify for the namespace when you create it.\n" + }, + "name": { + "type": "string", + "description": "The name of the namespace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the namespace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering PublicDnsNamespace resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN that Amazon Route 53 assigns to the namespace when you create it.\n" + }, + "description": { + "type": "string", + "description": "The description that you specify for the namespace when you create it.\n" + }, + "hostedZone": { + "type": "string", + "description": "The ID for the hosted zone that Amazon Route 53 creates when you create a namespace.\n" + }, + "name": { + "type": "string", + "description": "The name of the namespace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the namespace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:servicediscovery/service:Service": { + "description": "Provides a Service Discovery Service resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {\n cidrBlock: \"10.0.0.0/16\",\n enableDnsSupport: true,\n enableDnsHostnames: true,\n});\nconst examplePrivateDnsNamespace = new aws.servicediscovery.PrivateDnsNamespace(\"examplePrivateDnsNamespace\", {\n description: \"example\",\n vpc: exampleVpc.id,\n});\nconst exampleService = new aws.servicediscovery.Service(\"exampleService\", {\n dnsConfig: {\n namespaceId: examplePrivateDnsNamespace.id,\n dnsRecords: [{\n ttl: 10,\n type: \"A\",\n }],\n routingPolicy: \"MULTIVALUE\",\n },\n healthCheckCustomConfig: {\n failureThreshold: 1,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\",\n cidr_block=\"10.0.0.0/16\",\n enable_dns_support=True,\n enable_dns_hostnames=True)\nexample_private_dns_namespace = aws.servicediscovery.PrivateDnsNamespace(\"examplePrivateDnsNamespace\",\n description=\"example\",\n vpc=example_vpc.id)\nexample_service = aws.servicediscovery.Service(\"exampleService\",\n dns_config=aws.servicediscovery.ServiceDnsConfigArgs(\n namespace_id=example_private_dns_namespace.id,\n dns_records=[aws.servicediscovery.ServiceDnsConfigDnsRecordArgs(\n ttl=10,\n type=\"A\",\n )],\n routing_policy=\"MULTIVALUE\",\n ),\n health_check_custom_config=aws.servicediscovery.ServiceHealthCheckCustomConfigArgs(\n failure_threshold=1,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n EnableDnsSupport = true,\n EnableDnsHostnames = true,\n });\n var examplePrivateDnsNamespace = new Aws.ServiceDiscovery.PrivateDnsNamespace(\"examplePrivateDnsNamespace\", new Aws.ServiceDiscovery.PrivateDnsNamespaceArgs\n {\n Description = \"example\",\n Vpc = exampleVpc.Id,\n });\n var exampleService = new Aws.ServiceDiscovery.Service(\"exampleService\", new Aws.ServiceDiscovery.ServiceArgs\n {\n DnsConfig = new Aws.ServiceDiscovery.Inputs.ServiceDnsConfigArgs\n {\n NamespaceId = examplePrivateDnsNamespace.Id,\n DnsRecords = \n {\n new Aws.ServiceDiscovery.Inputs.ServiceDnsConfigDnsRecordArgs\n {\n Ttl = 10,\n Type = \"A\",\n },\n },\n RoutingPolicy = \"MULTIVALUE\",\n },\n HealthCheckCustomConfig = new Aws.ServiceDiscovery.Inputs.ServiceHealthCheckCustomConfigArgs\n {\n FailureThreshold = 1,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicediscovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t\tEnableDnsSupport: pulumi.Bool(true),\n\t\t\tEnableDnsHostnames: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texamplePrivateDnsNamespace, err := servicediscovery.NewPrivateDnsNamespace(ctx, \"examplePrivateDnsNamespace\", &servicediscovery.PrivateDnsNamespaceArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t\tVpc: exampleVpc.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicediscovery.NewService(ctx, \"exampleService\", &servicediscovery.ServiceArgs{\n\t\t\tDnsConfig: &servicediscovery.ServiceDnsConfigArgs{\n\t\t\t\tNamespaceId: examplePrivateDnsNamespace.ID(),\n\t\t\t\tDnsRecords: servicediscovery.ServiceDnsConfigDnsRecordArray{\n\t\t\t\t\t&servicediscovery.ServiceDnsConfigDnsRecordArgs{\n\t\t\t\t\t\tTtl: pulumi.Int(10),\n\t\t\t\t\t\tType: pulumi.String(\"A\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tRoutingPolicy: pulumi.String(\"MULTIVALUE\"),\n\t\t\t},\n\t\t\tHealthCheckCustomConfig: &servicediscovery.ServiceHealthCheckCustomConfigArgs{\n\t\t\t\tFailureThreshold: pulumi.Int(1),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplePublicDnsNamespace = new aws.servicediscovery.PublicDnsNamespace(\"examplePublicDnsNamespace\", {description: \"example\"});\nconst exampleService = new aws.servicediscovery.Service(\"exampleService\", {\n dnsConfig: {\n namespaceId: examplePublicDnsNamespace.id,\n dnsRecords: [{\n ttl: 10,\n type: \"A\",\n }],\n },\n healthCheckConfig: {\n failureThreshold: 10,\n resourcePath: \"path\",\n type: \"HTTP\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_public_dns_namespace = aws.servicediscovery.PublicDnsNamespace(\"examplePublicDnsNamespace\", description=\"example\")\nexample_service = aws.servicediscovery.Service(\"exampleService\",\n dns_config=aws.servicediscovery.ServiceDnsConfigArgs(\n namespace_id=example_public_dns_namespace.id,\n dns_records=[aws.servicediscovery.ServiceDnsConfigDnsRecordArgs(\n ttl=10,\n type=\"A\",\n )],\n ),\n health_check_config=aws.servicediscovery.ServiceHealthCheckConfigArgs(\n failure_threshold=10,\n resource_path=\"path\",\n type=\"HTTP\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplePublicDnsNamespace = new Aws.ServiceDiscovery.PublicDnsNamespace(\"examplePublicDnsNamespace\", new Aws.ServiceDiscovery.PublicDnsNamespaceArgs\n {\n Description = \"example\",\n });\n var exampleService = new Aws.ServiceDiscovery.Service(\"exampleService\", new Aws.ServiceDiscovery.ServiceArgs\n {\n DnsConfig = new Aws.ServiceDiscovery.Inputs.ServiceDnsConfigArgs\n {\n NamespaceId = examplePublicDnsNamespace.Id,\n DnsRecords = \n {\n new Aws.ServiceDiscovery.Inputs.ServiceDnsConfigDnsRecordArgs\n {\n Ttl = 10,\n Type = \"A\",\n },\n },\n },\n HealthCheckConfig = new Aws.ServiceDiscovery.Inputs.ServiceHealthCheckConfigArgs\n {\n FailureThreshold = 10,\n ResourcePath = \"path\",\n Type = \"HTTP\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicediscovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplePublicDnsNamespace, err := servicediscovery.NewPublicDnsNamespace(ctx, \"examplePublicDnsNamespace\", &servicediscovery.PublicDnsNamespaceArgs{\n\t\t\tDescription: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicediscovery.NewService(ctx, \"exampleService\", &servicediscovery.ServiceArgs{\n\t\t\tDnsConfig: &servicediscovery.ServiceDnsConfigArgs{\n\t\t\t\tNamespaceId: examplePublicDnsNamespace.ID(),\n\t\t\t\tDnsRecords: servicediscovery.ServiceDnsConfigDnsRecordArray{\n\t\t\t\t\t&servicediscovery.ServiceDnsConfigDnsRecordArgs{\n\t\t\t\t\t\tTtl: pulumi.Int(10),\n\t\t\t\t\t\tType: pulumi.String(\"A\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tHealthCheckConfig: &servicediscovery.ServiceHealthCheckConfigArgs{\n\t\t\t\tFailureThreshold: pulumi.Int(10),\n\t\t\t\tResourcePath: pulumi.String(\"path\"),\n\t\t\t\tType: pulumi.String(\"HTTP\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nService Discovery Service can be imported using the service ID, e.g.\n\n```sh\n $ pulumi import aws:servicediscovery/service:Service example 0123456789\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the service.\n" + }, + "description": { + "type": "string", + "description": "The description of the service.\n" + }, + "dnsConfig": { + "$ref": "#/types/aws:servicediscovery/ServiceDnsConfig:ServiceDnsConfig", + "description": "A complex type that contains information about the resource record sets that you want Amazon Route 53 to create when you register an instance.\n" + }, + "healthCheckConfig": { + "$ref": "#/types/aws:servicediscovery/ServiceHealthCheckConfig:ServiceHealthCheckConfig", + "description": "A complex type that contains settings for an optional health check. Only for Public DNS namespaces.\n" + }, + "healthCheckCustomConfig": { + "$ref": "#/types/aws:servicediscovery/ServiceHealthCheckCustomConfig:ServiceHealthCheckCustomConfig", + "description": "A complex type that contains settings for ECS managed health checks.\n" + }, + "name": { + "type": "string", + "description": "The name of the service.\n" + }, + "namespaceId": { + "type": "string", + "description": "The ID of the namespace to use for DNS configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the service. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "namespaceId", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the service.\n" + }, + "dnsConfig": { + "$ref": "#/types/aws:servicediscovery/ServiceDnsConfig:ServiceDnsConfig", + "description": "A complex type that contains information about the resource record sets that you want Amazon Route 53 to create when you register an instance.\n" + }, + "healthCheckConfig": { + "$ref": "#/types/aws:servicediscovery/ServiceHealthCheckConfig:ServiceHealthCheckConfig", + "description": "A complex type that contains settings for an optional health check. Only for Public DNS namespaces.\n" + }, + "healthCheckCustomConfig": { + "$ref": "#/types/aws:servicediscovery/ServiceHealthCheckCustomConfig:ServiceHealthCheckCustomConfig", + "description": "A complex type that contains settings for ECS managed health checks.\n" + }, + "name": { + "type": "string", + "description": "The name of the service.\n" + }, + "namespaceId": { + "type": "string", + "description": "The ID of the namespace to use for DNS configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the service. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Service resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the service.\n" + }, + "description": { + "type": "string", + "description": "The description of the service.\n" + }, + "dnsConfig": { + "$ref": "#/types/aws:servicediscovery/ServiceDnsConfig:ServiceDnsConfig", + "description": "A complex type that contains information about the resource record sets that you want Amazon Route 53 to create when you register an instance.\n" + }, + "healthCheckConfig": { + "$ref": "#/types/aws:servicediscovery/ServiceHealthCheckConfig:ServiceHealthCheckConfig", + "description": "A complex type that contains settings for an optional health check. Only for Public DNS namespaces.\n" + }, + "healthCheckCustomConfig": { + "$ref": "#/types/aws:servicediscovery/ServiceHealthCheckCustomConfig:ServiceHealthCheckCustomConfig", + "description": "A complex type that contains settings for ECS managed health checks.\n" + }, + "name": { + "type": "string", + "description": "The name of the service.\n" + }, + "namespaceId": { + "type": "string", + "description": "The ID of the namespace to use for DNS configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the service. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:servicequotas/serviceQuota:ServiceQuota": { + "description": "Manages an individual Service Quota.\n\n> **NOTE:** Global quotas apply to all AWS regions, but can only be accessed in `us-east-1` in the Commercial partition or `us-gov-west-1` in the GovCloud partition. In other regions, the AWS API will return the error `The request failed because the specified service does not exist.`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.servicequotas.ServiceQuota(\"example\", {\n quotaCode: \"L-F678F1CE\",\n serviceCode: \"vpc\",\n value: 75,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicequotas.ServiceQuota(\"example\",\n quota_code=\"L-F678F1CE\",\n service_code=\"vpc\",\n value=75)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.ServiceQuotas.ServiceQuota(\"example\", new Aws.ServiceQuotas.ServiceQuotaArgs\n {\n QuotaCode = \"L-F678F1CE\",\n ServiceCode = \"vpc\",\n Value = 75,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicequotas\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicequotas.NewServiceQuota(ctx, \"example\", &servicequotas.ServiceQuotaArgs{\n\t\t\tQuotaCode: pulumi.String(\"L-F678F1CE\"),\n\t\t\tServiceCode: pulumi.String(\"vpc\"),\n\t\t\tValue: pulumi.Float64(75),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n~> *NOTE* This resource does not require explicit import and will assume management of an existing service quota on resource creation. `aws_servicequotas_service_quota` can be imported by using the service code and quota code, separated by a front slash (`/`), e.g.\n\n```sh\n $ pulumi import aws:servicequotas/serviceQuota:ServiceQuota example vpc/L-F678F1CE\n```\n\n ", + "properties": { + "adjustable": { + "type": "boolean", + "description": "Whether the service quota can be increased.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the service quota.\n" + }, + "defaultValue": { + "type": "number", + "description": "Default value of the service quota.\n" + }, + "quotaCode": { + "type": "string", + "description": "Code of the service quota to track. For example: `L-F678F1CE`. Available values can be found with the [AWS CLI service-quotas list-service-quotas command](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-service-quotas.html).\n" + }, + "quotaName": { + "type": "string", + "description": "Name of the quota.\n" + }, + "requestId": { + "type": "string" + }, + "requestStatus": { + "type": "string" + }, + "serviceCode": { + "type": "string", + "description": "Code of the service to track. For example: `vpc`. Available values can be found with the [AWS CLI service-quotas list-services command](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-services.html).\n" + }, + "serviceName": { + "type": "string", + "description": "Name of the service.\n" + }, + "value": { + "type": "number", + "description": "Float specifying the desired value for the service quota. If the desired value is higher than the current value, a quota increase request is submitted. When a known request is submitted and pending, the value reflects the desired value of the pending request.\n" + } + }, + "required": [ + "adjustable", + "arn", + "defaultValue", + "quotaCode", + "quotaName", + "requestId", + "requestStatus", + "serviceCode", + "serviceName", + "value" + ], + "inputProperties": { + "quotaCode": { + "type": "string", + "description": "Code of the service quota to track. For example: `L-F678F1CE`. Available values can be found with the [AWS CLI service-quotas list-service-quotas command](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-service-quotas.html).\n" + }, + "serviceCode": { + "type": "string", + "description": "Code of the service to track. For example: `vpc`. Available values can be found with the [AWS CLI service-quotas list-services command](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-services.html).\n" + }, + "value": { + "type": "number", + "description": "Float specifying the desired value for the service quota. If the desired value is higher than the current value, a quota increase request is submitted. When a known request is submitted and pending, the value reflects the desired value of the pending request.\n" + } + }, + "requiredInputs": [ + "quotaCode", + "serviceCode", + "value" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ServiceQuota resources.\n", + "properties": { + "adjustable": { + "type": "boolean", + "description": "Whether the service quota can be increased.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the service quota.\n" + }, + "defaultValue": { + "type": "number", + "description": "Default value of the service quota.\n" + }, + "quotaCode": { + "type": "string", + "description": "Code of the service quota to track. For example: `L-F678F1CE`. Available values can be found with the [AWS CLI service-quotas list-service-quotas command](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-service-quotas.html).\n" + }, + "quotaName": { + "type": "string", + "description": "Name of the quota.\n" + }, + "requestId": { + "type": "string" + }, + "requestStatus": { + "type": "string" + }, + "serviceCode": { + "type": "string", + "description": "Code of the service to track. For example: `vpc`. Available values can be found with the [AWS CLI service-quotas list-services command](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-services.html).\n" + }, + "serviceName": { + "type": "string", + "description": "Name of the service.\n" + }, + "value": { + "type": "number", + "description": "Float specifying the desired value for the service quota. If the desired value is higher than the current value, a quota increase request is submitted. When a known request is submitted and pending, the value reflects the desired value of the pending request.\n" + } + }, + "type": "object" + } + }, + "aws:ses/activeReceiptRuleSet:ActiveReceiptRuleSet": { + "description": "Provides a resource to designate the active SES receipt rule set\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ses.ActiveReceiptRuleSet(\"main\", {\n ruleSetName: \"primary-rules\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ses.ActiveReceiptRuleSet(\"main\", rule_set_name=\"primary-rules\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ses.ActiveReceiptRuleSet(\"main\", new Aws.Ses.ActiveReceiptRuleSetArgs\n {\n RuleSetName = \"primary-rules\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewActiveReceiptRuleSet(ctx, \"main\", &ses.ActiveReceiptRuleSetArgs{\n\t\t\tRuleSetName: pulumi.String(\"primary-rules\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The SES receipt rule set ARN.\n" + }, + "ruleSetName": { + "type": "string", + "description": "The name of the rule set\n" + } + }, + "required": [ + "arn", + "ruleSetName" + ], + "inputProperties": { + "ruleSetName": { + "type": "string", + "description": "The name of the rule set\n" + } + }, + "requiredInputs": [ + "ruleSetName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ActiveReceiptRuleSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The SES receipt rule set ARN.\n" + }, + "ruleSetName": { + "type": "string", + "description": "The name of the rule set\n" + } + }, + "type": "object" + } + }, + "aws:ses/confgurationSet:ConfgurationSet": { + "description": "Provides an SES configuration set resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ses.ConfigurationSet(\"test\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ses.ConfigurationSet(\"test\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Ses.ConfigurationSet(\"test\", new Aws.Ses.ConfigurationSetArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewConfigurationSet(ctx, \"test\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Require TLS Connections\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ses.ConfigurationSet(\"test\", {\n deliveryOptions: {\n tlsPolicy: \"Require\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ses.ConfigurationSet(\"test\", delivery_options=aws.ses.ConfigurationSetDeliveryOptionsArgs(\n tls_policy=\"Require\",\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Ses.ConfigurationSet(\"test\", new Aws.Ses.ConfigurationSetArgs\n {\n DeliveryOptions = new Aws.Ses.Inputs.ConfigurationSetDeliveryOptionsArgs\n {\n TlsPolicy = \"Require\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewConfigurationSet(ctx, \"test\", &ses.ConfigurationSetArgs{\n\t\t\tDeliveryOptions: &ses.ConfigurationSetDeliveryOptionsArgs{\n\t\t\t\tTlsPolicy: pulumi.String(\"Require\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSES Configuration Sets can be imported using their `name`, e.g.\n\n```sh\n $ pulumi import aws:ses/confgurationSet:ConfgurationSet test some-configuration-set-test\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "SES configuration set ARN.\n" + }, + "deliveryOptions": { + "$ref": "#/types/aws:ses/ConfgurationSetDeliveryOptions:ConfgurationSetDeliveryOptions", + "description": "Configuration block. Detailed below.\n" + }, + "lastFreshStart": { + "type": "string", + "description": "The date and time at which the reputation metrics for the configuration set were last reset. Resetting these metrics is known as a fresh start.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration set.\n" + }, + "reputationMetricsEnabled": { + "type": "boolean", + "description": "Whether or not Amazon SES publishes reputation metrics for the configuration set, such as bounce and complaint rates, to Amazon CloudWatch. The default value is `false`.\n" + }, + "sendingEnabled": { + "type": "boolean", + "description": "Whether email sending is enabled or disabled for the configuration set. The default value is `true`.\n" + } + }, + "required": [ + "arn", + "lastFreshStart", + "name" + ], + "inputProperties": { + "deliveryOptions": { + "$ref": "#/types/aws:ses/ConfgurationSetDeliveryOptions:ConfgurationSetDeliveryOptions", + "description": "Configuration block. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration set.\n" + }, + "reputationMetricsEnabled": { + "type": "boolean", + "description": "Whether or not Amazon SES publishes reputation metrics for the configuration set, such as bounce and complaint rates, to Amazon CloudWatch. The default value is `false`.\n" + }, + "sendingEnabled": { + "type": "boolean", + "description": "Whether email sending is enabled or disabled for the configuration set. The default value is `true`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ConfgurationSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "SES configuration set ARN.\n" + }, + "deliveryOptions": { + "$ref": "#/types/aws:ses/ConfgurationSetDeliveryOptions:ConfgurationSetDeliveryOptions", + "description": "Configuration block. Detailed below.\n" + }, + "lastFreshStart": { + "type": "string", + "description": "The date and time at which the reputation metrics for the configuration set were last reset. Resetting these metrics is known as a fresh start.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration set.\n" + }, + "reputationMetricsEnabled": { + "type": "boolean", + "description": "Whether or not Amazon SES publishes reputation metrics for the configuration set, such as bounce and complaint rates, to Amazon CloudWatch. The default value is `false`.\n" + }, + "sendingEnabled": { + "type": "boolean", + "description": "Whether email sending is enabled or disabled for the configuration set. The default value is `true`.\n" + } + }, + "type": "object" + }, + "deprecationMessage": "aws.ses.ConfgurationSet has been deprecated in favor of aws.ses.ConfigurationSet" + }, + "aws:ses/configurationSet:ConfigurationSet": { + "description": "Provides an SES configuration set resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ses.ConfigurationSet(\"test\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ses.ConfigurationSet(\"test\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Ses.ConfigurationSet(\"test\", new Aws.Ses.ConfigurationSetArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewConfigurationSet(ctx, \"test\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Require TLS Connections\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ses.ConfigurationSet(\"test\", {\n deliveryOptions: {\n tlsPolicy: \"Require\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ses.ConfigurationSet(\"test\", delivery_options=aws.ses.ConfigurationSetDeliveryOptionsArgs(\n tls_policy=\"Require\",\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Ses.ConfigurationSet(\"test\", new Aws.Ses.ConfigurationSetArgs\n {\n DeliveryOptions = new Aws.Ses.Inputs.ConfigurationSetDeliveryOptionsArgs\n {\n TlsPolicy = \"Require\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewConfigurationSet(ctx, \"test\", &ses.ConfigurationSetArgs{\n\t\t\tDeliveryOptions: &ses.ConfigurationSetDeliveryOptionsArgs{\n\t\t\t\tTlsPolicy: pulumi.String(\"Require\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSES Configuration Sets can be imported using their `name`, e.g.\n\n```sh\n $ pulumi import aws:ses/configurationSet:ConfigurationSet test some-configuration-set-test\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "SES configuration set ARN.\n" + }, + "deliveryOptions": { + "$ref": "#/types/aws:ses/ConfigurationSetDeliveryOptions:ConfigurationSetDeliveryOptions", + "description": "Configuration block. Detailed below.\n" + }, + "lastFreshStart": { + "type": "string", + "description": "The date and time at which the reputation metrics for the configuration set were last reset. Resetting these metrics is known as a fresh start.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration set.\n" + }, + "reputationMetricsEnabled": { + "type": "boolean", + "description": "Whether or not Amazon SES publishes reputation metrics for the configuration set, such as bounce and complaint rates, to Amazon CloudWatch. The default value is `false`.\n" + }, + "sendingEnabled": { + "type": "boolean", + "description": "Whether email sending is enabled or disabled for the configuration set. The default value is `true`.\n" + } + }, + "required": [ + "arn", + "lastFreshStart", + "name" + ], + "inputProperties": { + "deliveryOptions": { + "$ref": "#/types/aws:ses/ConfigurationSetDeliveryOptions:ConfigurationSetDeliveryOptions", + "description": "Configuration block. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration set.\n" + }, + "reputationMetricsEnabled": { + "type": "boolean", + "description": "Whether or not Amazon SES publishes reputation metrics for the configuration set, such as bounce and complaint rates, to Amazon CloudWatch. The default value is `false`.\n" + }, + "sendingEnabled": { + "type": "boolean", + "description": "Whether email sending is enabled or disabled for the configuration set. The default value is `true`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ConfigurationSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "SES configuration set ARN.\n" + }, + "deliveryOptions": { + "$ref": "#/types/aws:ses/ConfigurationSetDeliveryOptions:ConfigurationSetDeliveryOptions", + "description": "Configuration block. Detailed below.\n" + }, + "lastFreshStart": { + "type": "string", + "description": "The date and time at which the reputation metrics for the configuration set were last reset. Resetting these metrics is known as a fresh start.\n" + }, + "name": { + "type": "string", + "description": "Name of the configuration set.\n" + }, + "reputationMetricsEnabled": { + "type": "boolean", + "description": "Whether or not Amazon SES publishes reputation metrics for the configuration set, such as bounce and complaint rates, to Amazon CloudWatch. The default value is `false`.\n" + }, + "sendingEnabled": { + "type": "boolean", + "description": "Whether email sending is enabled or disabled for the configuration set. The default value is `true`.\n" + } + }, + "type": "object" + }, + "aliases": [ + { + "type": "aws:ses/confgurationSet:ConfgurationSet" + } + ] + }, + "aws:ses/domainDkim:DomainDkim": { + "description": "Provides an SES domain DKIM generation resource.\n\nDomain ownership needs to be confirmed first using `aws.ses.DomainIdentity` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDomainIdentity = new aws.ses.DomainIdentity(\"exampleDomainIdentity\", {domain: \"example.com\"});\nconst exampleDomainDkim = new aws.ses.DomainDkim(\"exampleDomainDkim\", {domain: exampleDomainIdentity.domain});\nconst exampleAmazonsesDkimRecord: aws.route53.Record[];\nfor (const range = {value: 0}; range.value < 3; range.value++) {\n exampleAmazonsesDkimRecord.push(new aws.route53.Record(`exampleAmazonsesDkimRecord-${range.value}`, {\n zoneId: \"ABCDEFGHIJ123\",\n name: exampleDomainDkim.dkimTokens[range.value].apply(dkimTokens => `${dkimTokens}._domainkey`),\n type: \"CNAME\",\n ttl: \"600\",\n records: [exampleDomainDkim.dkimTokens[range.value].apply(dkimTokens => `${dkimTokens}.dkim.amazonses.com`)],\n }));\n}\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain_identity = aws.ses.DomainIdentity(\"exampleDomainIdentity\", domain=\"example.com\")\nexample_domain_dkim = aws.ses.DomainDkim(\"exampleDomainDkim\", domain=example_domain_identity.domain)\nexample_amazonses_dkim_record = []\nfor range in [{\"value\": i} for i in range(0, 3)]:\n example_amazonses_dkim_record.append(aws.route53.Record(f\"exampleAmazonsesDkimRecord-{range['value']}\",\n zone_id=\"ABCDEFGHIJ123\",\n name=example_domain_dkim.dkim_tokens[range[\"value\"]].apply(lambda dkim_tokens: f\"{dkim_tokens}._domainkey\"),\n type=\"CNAME\",\n ttl=600,\n records=[example_domain_dkim.dkim_tokens[range[\"value\"]].apply(lambda dkim_tokens: f\"{dkim_tokens}.dkim.amazonses.com\")]))\n```\n```csharp\nusing System.Collections.Generic;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleDomainIdentity = new Aws.Ses.DomainIdentity(\"exampleDomainIdentity\", new Aws.Ses.DomainIdentityArgs\n {\n Domain = \"example.com\",\n });\n var exampleDomainDkim = new Aws.Ses.DomainDkim(\"exampleDomainDkim\", new Aws.Ses.DomainDkimArgs\n {\n Domain = exampleDomainIdentity.Domain,\n });\n var exampleAmazonsesDkimRecord = new List();\n for (var rangeIndex = 0; rangeIndex < 3; rangeIndex++)\n {\n var range = new { Value = rangeIndex };\n exampleAmazonsesDkimRecord.Add(new Aws.Route53.Record($\"exampleAmazonsesDkimRecord-{range.Value}\", new Aws.Route53.RecordArgs\n {\n ZoneId = \"ABCDEFGHIJ123\",\n Name = exampleDomainDkim.DkimTokens[range.Value].Apply(dkimTokens => $\"{dkimTokens}._domainkey\"),\n Type = \"CNAME\",\n Ttl = 600,\n Records = \n {\n exampleDomainDkim.DkimTokens[range.Value].Apply(dkimTokens => $\"{dkimTokens}.dkim.amazonses.com\"),\n },\n }));\n }\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nDKIM tokens can be imported using the `domain` attribute, e.g.\n\n```sh\n $ pulumi import aws:ses/domainDkim:DomainDkim example example.com\n```\n\n ", + "properties": { + "dkimTokens": { + "type": "array", + "items": { + "type": "string" + }, + "description": "DKIM tokens generated by SES.\nThese tokens should be used to create CNAME records used to verify SES Easy DKIM.\nSee below for an example of how this might be achieved\nwhen the domain is hosted in Route 53 and managed by this provider.\nFind out more about verifying domains in Amazon SES\nin the [AWS SES docs](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/easy-dkim-dns-records.html).\n" + }, + "domain": { + "type": "string", + "description": "Verified domain name to generate DKIM tokens for.\n" + } + }, + "required": [ + "dkimTokens", + "domain" + ], + "inputProperties": { + "domain": { + "type": "string", + "description": "Verified domain name to generate DKIM tokens for.\n" + } + }, + "requiredInputs": [ + "domain" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DomainDkim resources.\n", + "properties": { + "dkimTokens": { + "type": "array", + "items": { + "type": "string" + }, + "description": "DKIM tokens generated by SES.\nThese tokens should be used to create CNAME records used to verify SES Easy DKIM.\nSee below for an example of how this might be achieved\nwhen the domain is hosted in Route 53 and managed by this provider.\nFind out more about verifying domains in Amazon SES\nin the [AWS SES docs](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/easy-dkim-dns-records.html).\n" + }, + "domain": { + "type": "string", + "description": "Verified domain name to generate DKIM tokens for.\n" + } + }, + "type": "object" + } + }, + "aws:ses/domainIdentity:DomainIdentity": { + "description": "Provides an SES domain identity resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\nconst exampleAmazonsesVerificationRecord = new aws.route53.Record(\"exampleAmazonsesVerificationRecord\", {\n zoneId: \"ABCDEFGHIJ123\",\n name: \"_amazonses.example.com\",\n type: \"TXT\",\n ttl: \"600\",\n records: [example.verificationToken],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\nexample_amazonses_verification_record = aws.route53.Record(\"exampleAmazonsesVerificationRecord\",\n zone_id=\"ABCDEFGHIJ123\",\n name=\"_amazonses.example.com\",\n type=\"TXT\",\n ttl=600,\n records=[example.verification_token])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ses.DomainIdentity(\"example\", new Aws.Ses.DomainIdentityArgs\n {\n Domain = \"example.com\",\n });\n var exampleAmazonsesVerificationRecord = new Aws.Route53.Record(\"exampleAmazonsesVerificationRecord\", new Aws.Route53.RecordArgs\n {\n ZoneId = \"ABCDEFGHIJ123\",\n Name = \"_amazonses.example.com\",\n Type = \"TXT\",\n Ttl = 600,\n Records = \n {\n example.VerificationToken,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ses.NewDomainIdentity(ctx, \"example\", &ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"exampleAmazonsesVerificationRecord\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.String(\"ABCDEFGHIJ123\"),\n\t\t\tName: pulumi.String(\"_amazonses.example.com\"),\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\texample.VerificationToken,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSES domain identities can be imported using the domain name.\n\n```sh\n $ pulumi import aws:ses/domainIdentity:DomainIdentity example example.com\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the domain identity.\n" + }, + "domain": { + "type": "string", + "description": "The domain name to assign to SES\n" + }, + "verificationToken": { + "type": "string", + "description": "A code which when added to the domain as a TXT record\nwill signal to SES that the owner of the domain has authorised SES to act on\ntheir behalf. The domain identity will be in state \"verification pending\"\nuntil this is done. See below for an example of how this might be achieved\nwhen the domain is hosted in Route 53 and managed by this provider. Find out\nmore about verifying domains in Amazon SES in the [AWS SES\ndocs](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domains.html).\n" + } + }, + "required": [ + "arn", + "domain", + "verificationToken" + ], + "inputProperties": { + "domain": { + "type": "string", + "description": "The domain name to assign to SES\n" + } + }, + "requiredInputs": [ + "domain" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DomainIdentity resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the domain identity.\n" + }, + "domain": { + "type": "string", + "description": "The domain name to assign to SES\n" + }, + "verificationToken": { + "type": "string", + "description": "A code which when added to the domain as a TXT record\nwill signal to SES that the owner of the domain has authorised SES to act on\ntheir behalf. The domain identity will be in state \"verification pending\"\nuntil this is done. See below for an example of how this might be achieved\nwhen the domain is hosted in Route 53 and managed by this provider. Find out\nmore about verifying domains in Amazon SES in the [AWS SES\ndocs](http://docs.aws.amazon.com/ses/latest/DeveloperGuide/verify-domains.html).\n" + } + }, + "type": "object" + } + }, + "aws:ses/domainIdentityVerification:DomainIdentityVerification": { + "description": "Represents a successful verification of an SES domain identity.\n\nMost commonly, this resource is used together with `aws.route53.Record` and\n`aws.ses.DomainIdentity` to request an SES domain identity,\ndeploy the required DNS verification records, and wait for verification to complete.\n\n> **WARNING:** This resource implements a part of the verification workflow. It does not represent a real-world entity in AWS, therefore changing or deleting this resource on its own has no immediate effect.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.DomainIdentity(\"example\", {domain: \"example.com\"});\nconst exampleAmazonsesVerificationRecord = new aws.route53.Record(\"exampleAmazonsesVerificationRecord\", {\n zoneId: aws_route53_zone.example.zone_id,\n name: pulumi.interpolate`_amazonses.${example.id}`,\n type: \"TXT\",\n ttl: \"600\",\n records: [example.verificationToken],\n});\nconst exampleVerification = new aws.ses.DomainIdentityVerification(\"exampleVerification\", {domain: example.id}, {\n dependsOn: [exampleAmazonsesVerificationRecord],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.DomainIdentity(\"example\", domain=\"example.com\")\nexample_amazonses_verification_record = aws.route53.Record(\"exampleAmazonsesVerificationRecord\",\n zone_id=aws_route53_zone[\"example\"][\"zone_id\"],\n name=example.id.apply(lambda id: f\"_amazonses.{id}\"),\n type=\"TXT\",\n ttl=600,\n records=[example.verification_token])\nexample_verification = aws.ses.DomainIdentityVerification(\"exampleVerification\", domain=example.id,\nopts=pulumi.ResourceOptions(depends_on=[example_amazonses_verification_record]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ses.DomainIdentity(\"example\", new Aws.Ses.DomainIdentityArgs\n {\n Domain = \"example.com\",\n });\n var exampleAmazonsesVerificationRecord = new Aws.Route53.Record(\"exampleAmazonsesVerificationRecord\", new Aws.Route53.RecordArgs\n {\n ZoneId = aws_route53_zone.Example.Zone_id,\n Name = example.Id.Apply(id => $\"_amazonses.{id}\"),\n Type = \"TXT\",\n Ttl = 600,\n Records = \n {\n example.VerificationToken,\n },\n });\n var exampleVerification = new Aws.Ses.DomainIdentityVerification(\"exampleVerification\", new Aws.Ses.DomainIdentityVerificationArgs\n {\n Domain = example.Id,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n exampleAmazonsesVerificationRecord,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := ses.NewDomainIdentity(ctx, \"example\", &ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleAmazonsesVerificationRecord, err := route53.NewRecord(ctx, \"exampleAmazonsesVerificationRecord\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Zone_id),\n\t\t\tName: example.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v\", \"_amazonses.\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\texample.VerificationToken,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewDomainIdentityVerification(ctx, \"exampleVerification\", &ses.DomainIdentityVerificationArgs{\n\t\t\tDomain: example.ID(),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texampleAmazonsesVerificationRecord,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the domain identity.\n" + }, + "domain": { + "type": "string", + "description": "The domain name of the SES domain identity to verify.\n" + } + }, + "required": [ + "arn", + "domain" + ], + "inputProperties": { + "domain": { + "type": "string", + "description": "The domain name of the SES domain identity to verify.\n" + } + }, + "requiredInputs": [ + "domain" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering DomainIdentityVerification resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the domain identity.\n" + }, + "domain": { + "type": "string", + "description": "The domain name of the SES domain identity to verify.\n" + } + }, + "type": "object" + } + }, + "aws:ses/emailIdentity:EmailIdentity": { + "description": "Provides an SES email identity resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ses.EmailIdentity(\"example\", {\n email: \"email@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ses.EmailIdentity(\"example\", email=\"email@example.com\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ses.EmailIdentity(\"example\", new Aws.Ses.EmailIdentityArgs\n {\n Email = \"email@example.com\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewEmailIdentity(ctx, \"example\", &ses.EmailIdentityArgs{\n\t\t\tEmail: pulumi.String(\"email@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSES email identities can be imported using the email address.\n\n```sh\n $ pulumi import aws:ses/emailIdentity:EmailIdentity example email@example.com\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the email identity.\n" + }, + "email": { + "type": "string", + "description": "The email address to assign to SES\n" + } + }, + "required": [ + "arn", + "email" + ], + "inputProperties": { + "email": { + "type": "string", + "description": "The email address to assign to SES\n" + } + }, + "requiredInputs": [ + "email" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EmailIdentity resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the email identity.\n" + }, + "email": { + "type": "string", + "description": "The email address to assign to SES\n" + } + }, + "type": "object" + } + }, + "aws:ses/eventDestination:EventDestination": { + "description": "Provides an SES event destination\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### CloudWatch Destination\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cloudwatch = new aws.ses.EventDestination(\"cloudwatch\", {\n configurationSetName: aws_ses_configuration_set.example.name,\n enabled: true,\n matchingTypes: [\n \"bounce\",\n \"send\",\n ],\n cloudwatchDestinations: [{\n defaultValue: \"default\",\n dimensionName: \"dimension\",\n valueSource: \"emailHeader\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncloudwatch = aws.ses.EventDestination(\"cloudwatch\",\n configuration_set_name=aws_ses_configuration_set[\"example\"][\"name\"],\n enabled=True,\n matching_types=[\n \"bounce\",\n \"send\",\n ],\n cloudwatch_destinations=[aws.ses.EventDestinationCloudwatchDestinationArgs(\n default_value=\"default\",\n dimension_name=\"dimension\",\n value_source=\"emailHeader\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cloudwatch = new Aws.Ses.EventDestination(\"cloudwatch\", new Aws.Ses.EventDestinationArgs\n {\n ConfigurationSetName = aws_ses_configuration_set.Example.Name,\n Enabled = true,\n MatchingTypes = \n {\n \"bounce\",\n \"send\",\n },\n CloudwatchDestinations = \n {\n new Aws.Ses.Inputs.EventDestinationCloudwatchDestinationArgs\n {\n DefaultValue = \"default\",\n DimensionName = \"dimension\",\n ValueSource = \"emailHeader\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewEventDestination(ctx, \"cloudwatch\", &ses.EventDestinationArgs{\n\t\t\tConfigurationSetName: pulumi.Any(aws_ses_configuration_set.Example.Name),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tMatchingTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"bounce\"),\n\t\t\t\tpulumi.String(\"send\"),\n\t\t\t},\n\t\t\tCloudwatchDestinations: ses.EventDestinationCloudwatchDestinationArray{\n\t\t\t\t&ses.EventDestinationCloudwatchDestinationArgs{\n\t\t\t\t\tDefaultValue: pulumi.String(\"default\"),\n\t\t\t\t\tDimensionName: pulumi.String(\"dimension\"),\n\t\t\t\t\tValueSource: pulumi.String(\"emailHeader\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Kinesis Destination\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst kinesis = new aws.ses.EventDestination(\"kinesis\", {\n configurationSetName: aws_ses_configuration_set.example.name,\n enabled: true,\n matchingTypes: [\n \"bounce\",\n \"send\",\n ],\n kinesisDestination: {\n streamArn: aws_kinesis_firehose_delivery_stream.example.arn,\n roleArn: aws_iam_role.example.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nkinesis = aws.ses.EventDestination(\"kinesis\",\n configuration_set_name=aws_ses_configuration_set[\"example\"][\"name\"],\n enabled=True,\n matching_types=[\n \"bounce\",\n \"send\",\n ],\n kinesis_destination=aws.ses.EventDestinationKinesisDestinationArgs(\n stream_arn=aws_kinesis_firehose_delivery_stream[\"example\"][\"arn\"],\n role_arn=aws_iam_role[\"example\"][\"arn\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var kinesis = new Aws.Ses.EventDestination(\"kinesis\", new Aws.Ses.EventDestinationArgs\n {\n ConfigurationSetName = aws_ses_configuration_set.Example.Name,\n Enabled = true,\n MatchingTypes = \n {\n \"bounce\",\n \"send\",\n },\n KinesisDestination = new Aws.Ses.Inputs.EventDestinationKinesisDestinationArgs\n {\n StreamArn = aws_kinesis_firehose_delivery_stream.Example.Arn,\n RoleArn = aws_iam_role.Example.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewEventDestination(ctx, \"kinesis\", &ses.EventDestinationArgs{\n\t\t\tConfigurationSetName: pulumi.Any(aws_ses_configuration_set.Example.Name),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tMatchingTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"bounce\"),\n\t\t\t\tpulumi.String(\"send\"),\n\t\t\t},\n\t\t\tKinesisDestination: &ses.EventDestinationKinesisDestinationArgs{\n\t\t\t\tStreamArn: pulumi.Any(aws_kinesis_firehose_delivery_stream.Example.Arn),\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### SNS Destination\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sns = new aws.ses.EventDestination(\"sns\", {\n configurationSetName: aws_ses_configuration_set.example.name,\n enabled: true,\n matchingTypes: [\n \"bounce\",\n \"send\",\n ],\n snsDestination: {\n topicArn: aws_sns_topic.example.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsns = aws.ses.EventDestination(\"sns\",\n configuration_set_name=aws_ses_configuration_set[\"example\"][\"name\"],\n enabled=True,\n matching_types=[\n \"bounce\",\n \"send\",\n ],\n sns_destination=aws.ses.EventDestinationSnsDestinationArgs(\n topic_arn=aws_sns_topic[\"example\"][\"arn\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sns = new Aws.Ses.EventDestination(\"sns\", new Aws.Ses.EventDestinationArgs\n {\n ConfigurationSetName = aws_ses_configuration_set.Example.Name,\n Enabled = true,\n MatchingTypes = \n {\n \"bounce\",\n \"send\",\n },\n SnsDestination = new Aws.Ses.Inputs.EventDestinationSnsDestinationArgs\n {\n TopicArn = aws_sns_topic.Example.Arn,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewEventDestination(ctx, \"sns\", &ses.EventDestinationArgs{\n\t\t\tConfigurationSetName: pulumi.Any(aws_ses_configuration_set.Example.Name),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tMatchingTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"bounce\"),\n\t\t\t\tpulumi.String(\"send\"),\n\t\t\t},\n\t\t\tSnsDestination: &ses.EventDestinationSnsDestinationArgs{\n\t\t\t\tTopicArn: pulumi.Any(aws_sns_topic.Example.Arn),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSES event destinations can be imported using `configuration_set_name` together with the event destination's `name`, e.g.\n\n```sh\n $ pulumi import aws:ses/eventDestination:EventDestination sns some-configuration-set-test/event-destination-sns\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The SES event destination ARN.\n" + }, + "cloudwatchDestinations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/EventDestinationCloudwatchDestination:EventDestinationCloudwatchDestination" + }, + "description": "CloudWatch destination for the events\n" + }, + "configurationSetName": { + "type": "string", + "description": "The name of the configuration set\n" + }, + "enabled": { + "type": "boolean", + "description": "If true, the event destination will be enabled\n" + }, + "kinesisDestination": { + "$ref": "#/types/aws:ses/EventDestinationKinesisDestination:EventDestinationKinesisDestination", + "description": "Send the events to a kinesis firehose destination\n" + }, + "matchingTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of matching types. May be any of `\"send\"`, `\"reject\"`, `\"bounce\"`, `\"complaint\"`, `\"delivery\"`, `\"open\"`, `\"click\"`, or `\"renderingFailure\"`.\n" + }, + "name": { + "type": "string", + "description": "The name of the event destination\n" + }, + "snsDestination": { + "$ref": "#/types/aws:ses/EventDestinationSnsDestination:EventDestinationSnsDestination", + "description": "Send the events to an SNS Topic destination\n" + } + }, + "required": [ + "arn", + "configurationSetName", + "matchingTypes", + "name" + ], + "inputProperties": { + "cloudwatchDestinations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/EventDestinationCloudwatchDestination:EventDestinationCloudwatchDestination" + }, + "description": "CloudWatch destination for the events\n" + }, + "configurationSetName": { + "type": "string", + "description": "The name of the configuration set\n" + }, + "enabled": { + "type": "boolean", + "description": "If true, the event destination will be enabled\n" + }, + "kinesisDestination": { + "$ref": "#/types/aws:ses/EventDestinationKinesisDestination:EventDestinationKinesisDestination", + "description": "Send the events to a kinesis firehose destination\n" + }, + "matchingTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of matching types. May be any of `\"send\"`, `\"reject\"`, `\"bounce\"`, `\"complaint\"`, `\"delivery\"`, `\"open\"`, `\"click\"`, or `\"renderingFailure\"`.\n" + }, + "name": { + "type": "string", + "description": "The name of the event destination\n" + }, + "snsDestination": { + "$ref": "#/types/aws:ses/EventDestinationSnsDestination:EventDestinationSnsDestination", + "description": "Send the events to an SNS Topic destination\n" + } + }, + "requiredInputs": [ + "configurationSetName", + "matchingTypes" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EventDestination resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The SES event destination ARN.\n" + }, + "cloudwatchDestinations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/EventDestinationCloudwatchDestination:EventDestinationCloudwatchDestination" + }, + "description": "CloudWatch destination for the events\n" + }, + "configurationSetName": { + "type": "string", + "description": "The name of the configuration set\n" + }, + "enabled": { + "type": "boolean", + "description": "If true, the event destination will be enabled\n" + }, + "kinesisDestination": { + "$ref": "#/types/aws:ses/EventDestinationKinesisDestination:EventDestinationKinesisDestination", + "description": "Send the events to a kinesis firehose destination\n" + }, + "matchingTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of matching types. May be any of `\"send\"`, `\"reject\"`, `\"bounce\"`, `\"complaint\"`, `\"delivery\"`, `\"open\"`, `\"click\"`, or `\"renderingFailure\"`.\n" + }, + "name": { + "type": "string", + "description": "The name of the event destination\n" + }, + "snsDestination": { + "$ref": "#/types/aws:ses/EventDestinationSnsDestination:EventDestinationSnsDestination", + "description": "Send the events to an SNS Topic destination\n" + } + }, + "type": "object" + } + }, + "aws:ses/identityNotificationTopic:IdentityNotificationTopic": { + "description": "Resource for managing SES Identity Notification Topics\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ses.IdentityNotificationTopic(\"test\", {\n topicArn: aws_sns_topic.example.arn,\n notificationType: \"Bounce\",\n identity: aws_ses_domain_identity.example.domain,\n includeOriginalHeaders: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ses.IdentityNotificationTopic(\"test\",\n topic_arn=aws_sns_topic[\"example\"][\"arn\"],\n notification_type=\"Bounce\",\n identity=aws_ses_domain_identity[\"example\"][\"domain\"],\n include_original_headers=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Ses.IdentityNotificationTopic(\"test\", new Aws.Ses.IdentityNotificationTopicArgs\n {\n TopicArn = aws_sns_topic.Example.Arn,\n NotificationType = \"Bounce\",\n Identity = aws_ses_domain_identity.Example.Domain,\n IncludeOriginalHeaders = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewIdentityNotificationTopic(ctx, \"test\", &ses.IdentityNotificationTopicArgs{\n\t\t\tTopicArn: pulumi.Any(aws_sns_topic.Example.Arn),\n\t\t\tNotificationType: pulumi.String(\"Bounce\"),\n\t\t\tIdentity: pulumi.Any(aws_ses_domain_identity.Example.Domain),\n\t\t\tIncludeOriginalHeaders: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nIdentity Notification Topics can be imported using ID of the record. The ID is made up as IDENTITY|TYPE where IDENTITY is the SES Identity and TYPE is the Notification Type.\n\n```sh\n $ pulumi import aws:ses/identityNotificationTopic:IdentityNotificationTopic test 'example.com|Bounce'\n```\n\n ", + "properties": { + "identity": { + "type": "string", + "description": "The identity for which the Amazon SNS topic will be set. You can specify an identity by using its name or by using its Amazon Resource Name (ARN).\n" + }, + "includeOriginalHeaders": { + "type": "boolean", + "description": "Whether SES should include original email headers in SNS notifications of this type. *false* by default.\n" + }, + "notificationType": { + "type": "string", + "description": "The type of notifications that will be published to the specified Amazon SNS topic. Valid Values: *Bounce*, *Complaint* or *Delivery*.\n" + }, + "topicArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon SNS topic. Can be set to \"\" (an empty string) to disable publishing.\n" + } + }, + "required": [ + "identity", + "notificationType" + ], + "inputProperties": { + "identity": { + "type": "string", + "description": "The identity for which the Amazon SNS topic will be set. You can specify an identity by using its name or by using its Amazon Resource Name (ARN).\n" + }, + "includeOriginalHeaders": { + "type": "boolean", + "description": "Whether SES should include original email headers in SNS notifications of this type. *false* by default.\n" + }, + "notificationType": { + "type": "string", + "description": "The type of notifications that will be published to the specified Amazon SNS topic. Valid Values: *Bounce*, *Complaint* or *Delivery*.\n" + }, + "topicArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon SNS topic. Can be set to \"\" (an empty string) to disable publishing.\n" + } + }, + "requiredInputs": [ + "identity", + "notificationType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IdentityNotificationTopic resources.\n", + "properties": { + "identity": { + "type": "string", + "description": "The identity for which the Amazon SNS topic will be set. You can specify an identity by using its name or by using its Amazon Resource Name (ARN).\n" + }, + "includeOriginalHeaders": { + "type": "boolean", + "description": "Whether SES should include original email headers in SNS notifications of this type. *false* by default.\n" + }, + "notificationType": { + "type": "string", + "description": "The type of notifications that will be published to the specified Amazon SNS topic. Valid Values: *Bounce*, *Complaint* or *Delivery*.\n" + }, + "topicArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon SNS topic. Can be set to \"\" (an empty string) to disable publishing.\n" + } + }, + "type": "object" + } + }, + "aws:ses/identityPolicy:IdentityPolicy": { + "description": "Manages a SES Identity Policy. More information about SES Sending Authorization Policies can be found in the [SES Developer Guide](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/sending-authorization-policies.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleDomainIdentity = new aws.ses.DomainIdentity(\"exampleDomainIdentity\", {domain: \"example.com\"});\nconst examplePolicyDocument = exampleDomainIdentity.arn.apply(arn => aws.iam.getPolicyDocument({\n statements: [{\n actions: [\n \"SES:SendEmail\",\n \"SES:SendRawEmail\",\n ],\n resources: [arn],\n principals: [{\n identifiers: [\"*\"],\n type: \"AWS\",\n }],\n }],\n}));\nconst exampleIdentityPolicy = new aws.ses.IdentityPolicy(\"exampleIdentityPolicy\", {\n identity: exampleDomainIdentity.arn,\n policy: examplePolicyDocument.apply(examplePolicyDocument => examplePolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_domain_identity = aws.ses.DomainIdentity(\"exampleDomainIdentity\", domain=\"example.com\")\nexample_policy_document = example_domain_identity.arn.apply(lambda arn: aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SES:SendEmail\",\n \"SES:SendRawEmail\",\n ],\n resources=[arn],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n identifiers=[\"*\"],\n type=\"AWS\",\n )],\n)]))\nexample_identity_policy = aws.ses.IdentityPolicy(\"exampleIdentityPolicy\",\n identity=example_domain_identity.arn,\n policy=example_policy_document.json)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleDomainIdentity = new Aws.Ses.DomainIdentity(\"exampleDomainIdentity\", new Aws.Ses.DomainIdentityArgs\n {\n Domain = \"example.com\",\n });\n var examplePolicyDocument = exampleDomainIdentity.Arn.Apply(arn => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"SES:SendEmail\",\n \"SES:SendRawEmail\",\n },\n Resources = \n {\n arn,\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Identifiers = \n {\n \"*\",\n },\n Type = \"AWS\",\n },\n },\n },\n },\n }));\n var exampleIdentityPolicy = new Aws.Ses.IdentityPolicy(\"exampleIdentityPolicy\", new Aws.Ses.IdentityPolicyArgs\n {\n Identity = exampleDomainIdentity.Arn,\n Policy = examplePolicyDocument.Apply(examplePolicyDocument => examplePolicyDocument.Json),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomainIdentity, err := ses.NewDomainIdentity(ctx, \"exampleDomainIdentity\", &ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ses.NewIdentityPolicy(ctx, \"exampleIdentityPolicy\", &ses.IdentityPolicyArgs{\n\t\t\tIdentity: exampleDomainIdentity.Arn,\n\t\t\tPolicy: examplePolicyDocument.ApplyT(func(examplePolicyDocument iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn examplePolicyDocument.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSES Identity Policies can be imported using the identity and policy name, separated by a pipe character (`|`), e.g.\n\n```sh\n $ pulumi import aws:ses/identityPolicy:IdentityPolicy example 'example.com|example'\n```\n\n ", + "properties": { + "identity": { + "type": "string", + "description": "Name or Amazon Resource Name (ARN) of the SES Identity.\n" + }, + "name": { + "type": "string", + "description": "Name of the policy.\n" + }, + "policy": { + "type": "string", + "description": "JSON string of the policy.\n" + } + }, + "required": [ + "identity", + "name", + "policy" + ], + "inputProperties": { + "identity": { + "type": "string", + "description": "Name or Amazon Resource Name (ARN) of the SES Identity.\n" + }, + "name": { + "type": "string", + "description": "Name of the policy.\n" + }, + "policy": { + "type": "string", + "description": "JSON string of the policy.\n" + } + }, + "requiredInputs": [ + "identity", + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IdentityPolicy resources.\n", + "properties": { + "identity": { + "type": "string", + "description": "Name or Amazon Resource Name (ARN) of the SES Identity.\n" + }, + "name": { + "type": "string", + "description": "Name of the policy.\n" + }, + "policy": { + "type": "string", + "description": "JSON string of the policy.\n" + } + }, + "type": "object" + } + }, + "aws:ses/mailFrom:MailFrom": { + "description": "Provides an SES domain MAIL FROM resource.\n\n> **NOTE:** For the MAIL FROM domain to be fully usable, this resource should be paired with the `aws.ses.DomainIdentity` resource. To validate the MAIL FROM domain, a DNS MX record is required. To pass SPF checks, a DNS TXT record may also be required. See the [Amazon SES MAIL FROM documentation](https://docs.aws.amazon.com/ses/latest/DeveloperGuide/mail-from-set.html) for more information.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Example SES Domain Identity\nconst exampleDomainIdentity = new aws.ses.DomainIdentity(\"exampleDomainIdentity\", {domain: \"example.com\"});\nconst exampleMailFrom = new aws.ses.MailFrom(\"exampleMailFrom\", {\n domain: exampleDomainIdentity.domain,\n mailFromDomain: pulumi.interpolate`bounce.${exampleDomainIdentity.domain}`,\n});\n// Example Route53 MX record\nconst exampleSesDomainMailFromMx = new aws.route53.Record(\"exampleSesDomainMailFromMx\", {\n zoneId: aws_route53_zone.example.id,\n name: exampleMailFrom.mailFromDomain,\n type: \"MX\",\n ttl: \"600\",\n records: [\"10 feedback-smtp.us-east-1.amazonses.com\"],\n});\n// Change to the region in which `aws_ses_domain_identity.example` is created\n// Example Route53 TXT record for SPF\nconst exampleSesDomainMailFromTxt = new aws.route53.Record(\"exampleSesDomainMailFromTxt\", {\n zoneId: aws_route53_zone.example.id,\n name: exampleMailFrom.mailFromDomain,\n type: \"TXT\",\n ttl: \"600\",\n records: [\"v=spf1 include:amazonses.com -all\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Example SES Domain Identity\nexample_domain_identity = aws.ses.DomainIdentity(\"exampleDomainIdentity\", domain=\"example.com\")\nexample_mail_from = aws.ses.MailFrom(\"exampleMailFrom\",\n domain=example_domain_identity.domain,\n mail_from_domain=example_domain_identity.domain.apply(lambda domain: f\"bounce.{domain}\"))\n# Example Route53 MX record\nexample_ses_domain_mail_from_mx = aws.route53.Record(\"exampleSesDomainMailFromMx\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n name=example_mail_from.mail_from_domain,\n type=\"MX\",\n ttl=600,\n records=[\"10 feedback-smtp.us-east-1.amazonses.com\"])\n# Change to the region in which `aws_ses_domain_identity.example` is created\n# Example Route53 TXT record for SPF\nexample_ses_domain_mail_from_txt = aws.route53.Record(\"exampleSesDomainMailFromTxt\",\n zone_id=aws_route53_zone[\"example\"][\"id\"],\n name=example_mail_from.mail_from_domain,\n type=\"TXT\",\n ttl=600,\n records=[\"v=spf1 include:amazonses.com -all\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Example SES Domain Identity\n var exampleDomainIdentity = new Aws.Ses.DomainIdentity(\"exampleDomainIdentity\", new Aws.Ses.DomainIdentityArgs\n {\n Domain = \"example.com\",\n });\n var exampleMailFrom = new Aws.Ses.MailFrom(\"exampleMailFrom\", new Aws.Ses.MailFromArgs\n {\n Domain = exampleDomainIdentity.Domain,\n MailFromDomain = exampleDomainIdentity.Domain.Apply(domain => $\"bounce.{domain}\"),\n });\n // Example Route53 MX record\n var exampleSesDomainMailFromMx = new Aws.Route53.Record(\"exampleSesDomainMailFromMx\", new Aws.Route53.RecordArgs\n {\n ZoneId = aws_route53_zone.Example.Id,\n Name = exampleMailFrom.MailFromDomain,\n Type = \"MX\",\n Ttl = 600,\n Records = \n {\n \"10 feedback-smtp.us-east-1.amazonses.com\",\n },\n });\n // Change to the region in which `aws_ses_domain_identity.example` is created\n // Example Route53 TXT record for SPF\n var exampleSesDomainMailFromTxt = new Aws.Route53.Record(\"exampleSesDomainMailFromTxt\", new Aws.Route53.RecordArgs\n {\n ZoneId = aws_route53_zone.Example.Id,\n Name = exampleMailFrom.MailFromDomain,\n Type = \"TXT\",\n Ttl = 600,\n Records = \n {\n \"v=spf1 include:amazonses.com -all\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleDomainIdentity, err := ses.NewDomainIdentity(ctx, \"exampleDomainIdentity\", &ses.DomainIdentityArgs{\n\t\t\tDomain: pulumi.String(\"example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleMailFrom, err := ses.NewMailFrom(ctx, \"exampleMailFrom\", &ses.MailFromArgs{\n\t\t\tDomain: exampleDomainIdentity.Domain,\n\t\t\tMailFromDomain: exampleDomainIdentity.Domain.ApplyT(func(domain string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v\", \"bounce.\", domain), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"exampleSesDomainMailFromMx\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tName: exampleMailFrom.MailFromDomain,\n\t\t\tType: pulumi.String(\"MX\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10 feedback-smtp.us-east-1.amazonses.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"exampleSesDomainMailFromTxt\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Example.Id),\n\t\t\tName: exampleMailFrom.MailFromDomain,\n\t\t\tType: pulumi.String(\"TXT\"),\n\t\t\tTtl: pulumi.Int(600),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"v=spf1 include:amazonses.com -all\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nMAIL FROM domain can be imported using the `domain` attribute, e.g.\n\n```sh\n $ pulumi import aws:ses/mailFrom:MailFrom example example.com\n```\n\n ", + "properties": { + "behaviorOnMxFailure": { + "type": "string", + "description": "The action that you want Amazon SES to take if it cannot successfully read the required MX record when you send an email. Defaults to `UseDefaultValue`. See the [SES API documentation](https://docs.aws.amazon.com/ses/latest/APIReference/API_SetIdentityMailFromDomain.html) for more information.\n" + }, + "domain": { + "type": "string", + "description": "Verified domain name to generate DKIM tokens for.\n" + }, + "mailFromDomain": { + "type": "string", + "description": "Subdomain (of above domain) which is to be used as MAIL FROM address (Required for DMARC validation)\n" + } + }, + "required": [ + "domain", + "mailFromDomain" + ], + "inputProperties": { + "behaviorOnMxFailure": { + "type": "string", + "description": "The action that you want Amazon SES to take if it cannot successfully read the required MX record when you send an email. Defaults to `UseDefaultValue`. See the [SES API documentation](https://docs.aws.amazon.com/ses/latest/APIReference/API_SetIdentityMailFromDomain.html) for more information.\n" + }, + "domain": { + "type": "string", + "description": "Verified domain name to generate DKIM tokens for.\n" + }, + "mailFromDomain": { + "type": "string", + "description": "Subdomain (of above domain) which is to be used as MAIL FROM address (Required for DMARC validation)\n" + } + }, + "requiredInputs": [ + "domain", + "mailFromDomain" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MailFrom resources.\n", + "properties": { + "behaviorOnMxFailure": { + "type": "string", + "description": "The action that you want Amazon SES to take if it cannot successfully read the required MX record when you send an email. Defaults to `UseDefaultValue`. See the [SES API documentation](https://docs.aws.amazon.com/ses/latest/APIReference/API_SetIdentityMailFromDomain.html) for more information.\n" + }, + "domain": { + "type": "string", + "description": "Verified domain name to generate DKIM tokens for.\n" + }, + "mailFromDomain": { + "type": "string", + "description": "Subdomain (of above domain) which is to be used as MAIL FROM address (Required for DMARC validation)\n" + } + }, + "type": "object" + } + }, + "aws:ses/receiptFilter:ReceiptFilter": { + "description": "Provides an SES receipt filter resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst filter = new aws.ses.ReceiptFilter(\"filter\", {\n cidr: \"10.10.10.10\",\n policy: \"Block\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfilter = aws.ses.ReceiptFilter(\"filter\",\n cidr=\"10.10.10.10\",\n policy=\"Block\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var filter = new Aws.Ses.ReceiptFilter(\"filter\", new Aws.Ses.ReceiptFilterArgs\n {\n Cidr = \"10.10.10.10\",\n Policy = \"Block\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewReceiptFilter(ctx, \"filter\", &ses.ReceiptFilterArgs{\n\t\t\tCidr: pulumi.String(\"10.10.10.10\"),\n\t\t\tPolicy: pulumi.String(\"Block\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSES Receipt Filter can be imported using their `name`, e.g.\n\n```sh\n $ pulumi import aws:ses/receiptFilter:ReceiptFilter test some-filter\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The SES receipt filter ARN.\n" + }, + "cidr": { + "type": "string", + "description": "The IP address or address range to filter, in CIDR notation\n" + }, + "name": { + "type": "string", + "description": "The name of the filter\n" + }, + "policy": { + "type": "string", + "description": "Block or Allow\n" + } + }, + "required": [ + "arn", + "cidr", + "name", + "policy" + ], + "inputProperties": { + "cidr": { + "type": "string", + "description": "The IP address or address range to filter, in CIDR notation\n" + }, + "name": { + "type": "string", + "description": "The name of the filter\n" + }, + "policy": { + "type": "string", + "description": "Block or Allow\n" + } + }, + "requiredInputs": [ + "cidr", + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ReceiptFilter resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The SES receipt filter ARN.\n" + }, + "cidr": { + "type": "string", + "description": "The IP address or address range to filter, in CIDR notation\n" + }, + "name": { + "type": "string", + "description": "The name of the filter\n" + }, + "policy": { + "type": "string", + "description": "Block or Allow\n" + } + }, + "type": "object" + } + }, + "aws:ses/receiptRule:ReceiptRule": { + "description": "Provides an SES receipt rule resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Add a header to the email and store it in S3\nconst store = new aws.ses.ReceiptRule(\"store\", {\n addHeaderActions: [{\n headerName: \"Custom-Header\",\n headerValue: \"Added by SES\",\n position: 1,\n }],\n enabled: true,\n recipients: [\"karen@example.com\"],\n ruleSetName: \"default-rule-set\",\n s3Actions: [{\n bucketName: \"emails\",\n position: 2,\n }],\n scanEnabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# Add a header to the email and store it in S3\nstore = aws.ses.ReceiptRule(\"store\",\n add_header_actions=[aws.ses.ReceiptRuleAddHeaderActionArgs(\n header_name=\"Custom-Header\",\n header_value=\"Added by SES\",\n position=1,\n )],\n enabled=True,\n recipients=[\"karen@example.com\"],\n rule_set_name=\"default-rule-set\",\n s3_actions=[aws.ses.ReceiptRuleS3ActionArgs(\n bucket_name=\"emails\",\n position=2,\n )],\n scan_enabled=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // Add a header to the email and store it in S3\n var store = new Aws.Ses.ReceiptRule(\"store\", new Aws.Ses.ReceiptRuleArgs\n {\n AddHeaderActions = \n {\n new Aws.Ses.Inputs.ReceiptRuleAddHeaderActionArgs\n {\n HeaderName = \"Custom-Header\",\n HeaderValue = \"Added by SES\",\n Position = 1,\n },\n },\n Enabled = true,\n Recipients = \n {\n \"karen@example.com\",\n },\n RuleSetName = \"default-rule-set\",\n S3Actions = \n {\n new Aws.Ses.Inputs.ReceiptRuleS3ActionArgs\n {\n BucketName = \"emails\",\n Position = 2,\n },\n },\n ScanEnabled = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewReceiptRule(ctx, \"store\", &ses.ReceiptRuleArgs{\n\t\t\tAddHeaderActions: ses.ReceiptRuleAddHeaderActionArray{\n\t\t\t\t&ses.ReceiptRuleAddHeaderActionArgs{\n\t\t\t\t\tHeaderName: pulumi.String(\"Custom-Header\"),\n\t\t\t\t\tHeaderValue: pulumi.String(\"Added by SES\"),\n\t\t\t\t\tPosition: pulumi.Int(1),\n\t\t\t\t},\n\t\t\t},\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRecipients: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"karen@example.com\"),\n\t\t\t},\n\t\t\tRuleSetName: pulumi.String(\"default-rule-set\"),\n\t\t\tS3Actions: ses.ReceiptRuleS3ActionArray{\n\t\t\t\t&ses.ReceiptRuleS3ActionArgs{\n\t\t\t\t\tBucketName: pulumi.String(\"emails\"),\n\t\t\t\t\tPosition: pulumi.Int(2),\n\t\t\t\t},\n\t\t\t},\n\t\t\tScanEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSES receipt rules can be imported using the ruleset name and rule name separated by `:`.\n\n```sh\n $ pulumi import aws:ses/receiptRule:ReceiptRule my_rule my_rule_set:my_rule\n```\n\n ", + "properties": { + "addHeaderActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleAddHeaderAction:ReceiptRuleAddHeaderAction" + }, + "description": "A list of Add Header Action blocks. Documented below.\n" + }, + "after": { + "type": "string", + "description": "The name of the rule to place this rule after\n" + }, + "arn": { + "type": "string", + "description": "The SES receipt rule ARN.\n" + }, + "bounceActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleBounceAction:ReceiptRuleBounceAction" + }, + "description": "A list of Bounce Action blocks. Documented below.\n" + }, + "enabled": { + "type": "boolean", + "description": "If true, the rule will be enabled\n" + }, + "lambdaActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleLambdaAction:ReceiptRuleLambdaAction" + }, + "description": "A list of Lambda Action blocks. Documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "recipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of email addresses\n" + }, + "ruleSetName": { + "type": "string", + "description": "The name of the rule set\n" + }, + "s3Actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleS3Action:ReceiptRuleS3Action" + }, + "description": "A list of S3 Action blocks. Documented below.\n" + }, + "scanEnabled": { + "type": "boolean", + "description": "If true, incoming emails will be scanned for spam and viruses\n" + }, + "snsActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleSnsAction:ReceiptRuleSnsAction" + }, + "description": "A list of SNS Action blocks. Documented below.\n" + }, + "stopActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleStopAction:ReceiptRuleStopAction" + }, + "description": "A list of Stop Action blocks. Documented below.\n" + }, + "tlsPolicy": { + "type": "string", + "description": "`Require` or `Optional`\n" + }, + "workmailActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleWorkmailAction:ReceiptRuleWorkmailAction" + }, + "description": "A list of WorkMail Action blocks. Documented below.\n" + } + }, + "required": [ + "arn", + "name", + "ruleSetName", + "tlsPolicy" + ], + "inputProperties": { + "addHeaderActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleAddHeaderAction:ReceiptRuleAddHeaderAction" + }, + "description": "A list of Add Header Action blocks. Documented below.\n" + }, + "after": { + "type": "string", + "description": "The name of the rule to place this rule after\n" + }, + "bounceActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleBounceAction:ReceiptRuleBounceAction" + }, + "description": "A list of Bounce Action blocks. Documented below.\n" + }, + "enabled": { + "type": "boolean", + "description": "If true, the rule will be enabled\n" + }, + "lambdaActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleLambdaAction:ReceiptRuleLambdaAction" + }, + "description": "A list of Lambda Action blocks. Documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "recipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of email addresses\n" + }, + "ruleSetName": { + "type": "string", + "description": "The name of the rule set\n" + }, + "s3Actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleS3Action:ReceiptRuleS3Action" + }, + "description": "A list of S3 Action blocks. Documented below.\n" + }, + "scanEnabled": { + "type": "boolean", + "description": "If true, incoming emails will be scanned for spam and viruses\n" + }, + "snsActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleSnsAction:ReceiptRuleSnsAction" + }, + "description": "A list of SNS Action blocks. Documented below.\n" + }, + "stopActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleStopAction:ReceiptRuleStopAction" + }, + "description": "A list of Stop Action blocks. Documented below.\n" + }, + "tlsPolicy": { + "type": "string", + "description": "`Require` or `Optional`\n" + }, + "workmailActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleWorkmailAction:ReceiptRuleWorkmailAction" + }, + "description": "A list of WorkMail Action blocks. Documented below.\n" + } + }, + "requiredInputs": [ + "ruleSetName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ReceiptRule resources.\n", + "properties": { + "addHeaderActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleAddHeaderAction:ReceiptRuleAddHeaderAction" + }, + "description": "A list of Add Header Action blocks. Documented below.\n" + }, + "after": { + "type": "string", + "description": "The name of the rule to place this rule after\n" + }, + "arn": { + "type": "string", + "description": "The SES receipt rule ARN.\n" + }, + "bounceActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleBounceAction:ReceiptRuleBounceAction" + }, + "description": "A list of Bounce Action blocks. Documented below.\n" + }, + "enabled": { + "type": "boolean", + "description": "If true, the rule will be enabled\n" + }, + "lambdaActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleLambdaAction:ReceiptRuleLambdaAction" + }, + "description": "A list of Lambda Action blocks. Documented below.\n" + }, + "name": { + "type": "string", + "description": "The name of the rule\n" + }, + "recipients": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of email addresses\n" + }, + "ruleSetName": { + "type": "string", + "description": "The name of the rule set\n" + }, + "s3Actions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleS3Action:ReceiptRuleS3Action" + }, + "description": "A list of S3 Action blocks. Documented below.\n" + }, + "scanEnabled": { + "type": "boolean", + "description": "If true, incoming emails will be scanned for spam and viruses\n" + }, + "snsActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleSnsAction:ReceiptRuleSnsAction" + }, + "description": "A list of SNS Action blocks. Documented below.\n" + }, + "stopActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleStopAction:ReceiptRuleStopAction" + }, + "description": "A list of Stop Action blocks. Documented below.\n" + }, + "tlsPolicy": { + "type": "string", + "description": "`Require` or `Optional`\n" + }, + "workmailActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ses/ReceiptRuleWorkmailAction:ReceiptRuleWorkmailAction" + }, + "description": "A list of WorkMail Action blocks. Documented below.\n" + } + }, + "type": "object" + } + }, + "aws:ses/receiptRuleSet:ReceiptRuleSet": { + "description": "Provides an SES receipt rule set resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = new aws.ses.ReceiptRuleSet(\"main\", {\n ruleSetName: \"primary-rules\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.ses.ReceiptRuleSet(\"main\", rule_set_name=\"primary-rules\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = new Aws.Ses.ReceiptRuleSet(\"main\", new Aws.Ses.ReceiptRuleSetArgs\n {\n RuleSetName = \"primary-rules\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewReceiptRuleSet(ctx, \"main\", &ses.ReceiptRuleSetArgs{\n\t\t\tRuleSetName: pulumi.String(\"primary-rules\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSES receipt rule sets can be imported using the rule set name.\n\n```sh\n $ pulumi import aws:ses/receiptRuleSet:ReceiptRuleSet my_rule_set my_rule_set_name\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "SES receipt rule set ARN.\n" + }, + "ruleSetName": { + "type": "string", + "description": "Name of the rule set.\n" + } + }, + "required": [ + "arn", + "ruleSetName" + ], + "inputProperties": { + "ruleSetName": { + "type": "string", + "description": "Name of the rule set.\n" + } + }, + "requiredInputs": [ + "ruleSetName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ReceiptRuleSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "SES receipt rule set ARN.\n" + }, + "ruleSetName": { + "type": "string", + "description": "Name of the rule set.\n" + } + }, + "type": "object" + } + }, + "aws:ses/template:Template": { + "description": "Provides a resource to create a SES template.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myTemplate = new aws.ses.Template(\"MyTemplate\", {\n html: \"

Hello {{name}},

Your favorite animal is {{favoriteanimal}}.

\",\n subject: \"Greetings, {{name}}!\",\n text: `Hello {{name}},\r\nYour favorite animal is {{favoriteanimal}}.`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_template = aws.ses.Template(\"myTemplate\",\n html=\"

Hello {{name}},

Your favorite animal is {{favoriteanimal}}.

\",\n subject=\"Greetings, {{name}}!\",\n text=\"\"\"Hello {{name}},\r\nYour favorite animal is {{favoriteanimal}}.\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myTemplate = new Aws.Ses.Template(\"myTemplate\", new Aws.Ses.TemplateArgs\n {\n Html = \"

Hello {{name}},

Your favorite animal is {{favoriteanimal}}.

\",\n Subject = \"Greetings, {{name}}!\",\n Text = @\"Hello {{name}},\r\nYour favorite animal is {{favoriteanimal}}.\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ses\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ses.NewTemplate(ctx, \"myTemplate\", &ses.TemplateArgs{\n\t\t\tHtml: pulumi.String(\"

Hello {{name}},

Your favorite animal is {{favoriteanimal}}.

\"),\n\t\t\tSubject: pulumi.String(\"Greetings, {{name}}!\"),\n\t\t\tText: pulumi.String(fmt.Sprintf(\"%v%v\", \"Hello {{name}},\r\\n\", \"Your favorite animal is {{favoriteanimal}}.\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSES templates can be imported using the template name, e.g.\n\n```sh\n $ pulumi import aws:ses/template:Template MyTemplate MyTemplate\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the SES template\n" + }, + "html": { + "type": "string", + "description": "The HTML body of the email. Must be less than 500KB in size, including both the text and HTML parts.\n" + }, + "name": { + "type": "string", + "description": "The name of the template. Cannot exceed 64 characters. You will refer to this name when you send email.\n" + }, + "subject": { + "type": "string", + "description": "The subject line of the email.\n" + }, + "text": { + "type": "string", + "description": "The email body that will be visible to recipients whose email clients do not display HTML. Must be less than 500KB in size, including both the text and HTML parts.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "html": { + "type": "string", + "description": "The HTML body of the email. Must be less than 500KB in size, including both the text and HTML parts.\n" + }, + "name": { + "type": "string", + "description": "The name of the template. Cannot exceed 64 characters. You will refer to this name when you send email.\n" + }, + "subject": { + "type": "string", + "description": "The subject line of the email.\n" + }, + "text": { + "type": "string", + "description": "The email body that will be visible to recipients whose email clients do not display HTML. Must be less than 500KB in size, including both the text and HTML parts.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Template resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the SES template\n" + }, + "html": { + "type": "string", + "description": "The HTML body of the email. Must be less than 500KB in size, including both the text and HTML parts.\n" + }, + "name": { + "type": "string", + "description": "The name of the template. Cannot exceed 64 characters. You will refer to this name when you send email.\n" + }, + "subject": { + "type": "string", + "description": "The subject line of the email.\n" + }, + "text": { + "type": "string", + "description": "The email body that will be visible to recipients whose email clients do not display HTML. Must be less than 500KB in size, including both the text and HTML parts.\n" + } + }, + "type": "object" + } + }, + "aws:sfn/activity:Activity": { + "description": "Provides a Step Function Activity resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sfnActivity = new aws.sfn.Activity(\"sfn_activity\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsfn_activity = aws.sfn.Activity(\"sfnActivity\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sfnActivity = new Aws.Sfn.Activity(\"sfnActivity\", new Aws.Sfn.ActivityArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sfn.NewActivity(ctx, \"sfnActivity\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nActivities can be imported using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:sfn/activity:Activity foo arn:aws:states:eu-west-1:123456789098:activity:bar\n```\n\n ", + "properties": { + "creationDate": { + "type": "string", + "description": "The date the activity was created.\n" + }, + "name": { + "type": "string", + "description": "The name of the activity to create.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "creationDate", + "name", + "tagsAll" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the activity to create.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Activity resources.\n", + "properties": { + "creationDate": { + "type": "string", + "description": "The date the activity was created.\n" + }, + "name": { + "type": "string", + "description": "The name of the activity to create.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:sfn/stateMachine:StateMachine": { + "description": "Provides a Step Function State Machine resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic (Standard Workflow)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new Aws.Sfn.StateMachineArgs\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", &sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Comment\\\": \\\"A Hello World example of the Amazon States Language using an AWS Lambda Function\\\",\\n\", \" \\\"StartAt\\\": \\\"HelloWorld\\\",\\n\", \" \\\"States\\\": {\\n\", \" \\\"HelloWorld\\\": {\\n\", \" \\\"Type\\\": \\\"Task\\\",\\n\", \" \\\"Resource\\\": \\\"\", aws_lambda_function.Lambda.Arn, \"\\\",\\n\", \" \\\"End\\\": true\\n\", \" }\\n\", \" }\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Basic (Express Workflow)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n type: \"EXPRESS\",\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n type=\"EXPRESS\",\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new Aws.Sfn.StateMachineArgs\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Type = \"EXPRESS\",\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", &sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tType: pulumi.String(\"EXPRESS\"),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Comment\\\": \\\"A Hello World example of the Amazon States Language using an AWS Lambda Function\\\",\\n\", \" \\\"StartAt\\\": \\\"HelloWorld\\\",\\n\", \" \\\"States\\\": {\\n\", \" \\\"HelloWorld\\\": {\\n\", \" \\\"Type\\\": \\\"Task\\\",\\n\", \" \\\"Resource\\\": \\\"\", aws_lambda_function.Lambda.Arn, \"\\\",\\n\", \" \\\"End\\\": true\\n\", \" }\\n\", \" }\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Logging\n\n> *NOTE:* See the [AWS Step Functions Developer Guide](https://docs.aws.amazon.com/step-functions/latest/dg/welcome.html) for more information about enabling Step Function logging.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ...\nconst sfnStateMachine = new aws.sfn.StateMachine(\"sfnStateMachine\", {\n roleArn: aws_iam_role.iam_for_sfn.arn,\n definition: `{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {\n \"HelloWorld\": {\n \"Type\": \"Task\",\n \"Resource\": \"${aws_lambda_function.lambda.arn}\",\n \"End\": true\n }\n }\n}\n`,\n loggingConfiguration: {\n logDestination: `${aws_cloudwatch_log_group.log_group_for_sfn.arn}:*`,\n includeExecutionData: true,\n level: \"ERROR\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ...\nsfn_state_machine = aws.sfn.StateMachine(\"sfnStateMachine\",\n role_arn=aws_iam_role[\"iam_for_sfn\"][\"arn\"],\n definition=f\"\"\"{{\n \"Comment\": \"A Hello World example of the Amazon States Language using an AWS Lambda Function\",\n \"StartAt\": \"HelloWorld\",\n \"States\": {{\n \"HelloWorld\": {{\n \"Type\": \"Task\",\n \"Resource\": \"{aws_lambda_function[\"lambda\"][\"arn\"]}\",\n \"End\": true\n }}\n }}\n}}\n\"\"\",\n logging_configuration=aws.sfn.StateMachineLoggingConfigurationArgs(\n log_destination=f\"{aws_cloudwatch_log_group['log_group_for_sfn']['arn']}:*\",\n include_execution_data=True,\n level=\"ERROR\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ...\n var sfnStateMachine = new Aws.Sfn.StateMachine(\"sfnStateMachine\", new Aws.Sfn.StateMachineArgs\n {\n RoleArn = aws_iam_role.Iam_for_sfn.Arn,\n Definition = @$\"{{\n \"\"Comment\"\": \"\"A Hello World example of the Amazon States Language using an AWS Lambda Function\"\",\n \"\"StartAt\"\": \"\"HelloWorld\"\",\n \"\"States\"\": {{\n \"\"HelloWorld\"\": {{\n \"\"Type\"\": \"\"Task\"\",\n \"\"Resource\"\": \"\"{aws_lambda_function.Lambda.Arn}\"\",\n \"\"End\"\": true\n }}\n }}\n}}\n\",\n LoggingConfiguration = new Aws.Sfn.Inputs.StateMachineLoggingConfigurationArgs\n {\n LogDestination = $\"{aws_cloudwatch_log_group.Log_group_for_sfn.Arn}:*\",\n IncludeExecutionData = true,\n Level = \"ERROR\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sfn.NewStateMachine(ctx, \"sfnStateMachine\", &sfn.StateMachineArgs{\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Iam_for_sfn.Arn),\n\t\t\tDefinition: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Comment\\\": \\\"A Hello World example of the Amazon States Language using an AWS Lambda Function\\\",\\n\", \" \\\"StartAt\\\": \\\"HelloWorld\\\",\\n\", \" \\\"States\\\": {\\n\", \" \\\"HelloWorld\\\": {\\n\", \" \\\"Type\\\": \\\"Task\\\",\\n\", \" \\\"Resource\\\": \\\"\", aws_lambda_function.Lambda.Arn, \"\\\",\\n\", \" \\\"End\\\": true\\n\", \" }\\n\", \" }\\n\", \"}\\n\")),\n\t\t\tLoggingConfiguration: &sfn.StateMachineLoggingConfigurationArgs{\n\t\t\t\tLogDestination: pulumi.String(fmt.Sprintf(\"%v%v\", aws_cloudwatch_log_group.Log_group_for_sfn.Arn, \":*\")),\n\t\t\t\tIncludeExecutionData: pulumi.Bool(true),\n\t\t\t\tLevel: pulumi.String(\"ERROR\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nState Machines can be imported using the `arn`, e.g.\n\n```sh\n $ pulumi import aws:sfn/stateMachine:StateMachine foo arn:aws:states:eu-west-1:123456789098:stateMachine:bar\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the state machine.\n" + }, + "creationDate": { + "type": "string", + "description": "The date the state machine was created.\n" + }, + "definition": { + "type": "string", + "description": "The [Amazon States Language](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html) definition of the state machine.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:sfn/StateMachineLoggingConfiguration:StateMachineLoggingConfiguration", + "description": "Defines what execution history events are logged and where they are logged. The `logging_configuration` parameter is only valid when `type` is set to `EXPRESS`. Defaults to `OFF`. For more information see [Logging Express Workflows](https://docs.aws.amazon.com/step-functions/latest/dg/cw-logs.html) and [Log Levels](https://docs.aws.amazon.com/step-functions/latest/dg/cloudwatch-log-level.html) in the AWS Step Functions User Guide.\n" + }, + "name": { + "type": "string", + "description": "The name of the state machine. To enable logging with CloudWatch Logs, the name should only contain `0`-`9`, `A`-`Z`, `a`-`z`, `-` and `_`.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role to use for this state machine.\n" + }, + "status": { + "type": "string", + "description": "The current status of the state machine. Either `ACTIVE` or `DELETING`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "tracingConfiguration": { + "$ref": "#/types/aws:sfn/StateMachineTracingConfiguration:StateMachineTracingConfiguration", + "description": "Selects whether AWS X-Ray tracing is enabled.\n" + }, + "type": { + "type": "string", + "description": "Determines whether a Standard or Express state machine is created. The default is `STANDARD`. You cannot update the type of a state machine once it has been created. Valid values: `STANDARD`, `EXPRESS`.\n" + } + }, + "required": [ + "arn", + "creationDate", + "definition", + "loggingConfiguration", + "name", + "roleArn", + "status", + "tagsAll", + "tracingConfiguration" + ], + "inputProperties": { + "definition": { + "type": "string", + "description": "The [Amazon States Language](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html) definition of the state machine.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:sfn/StateMachineLoggingConfiguration:StateMachineLoggingConfiguration", + "description": "Defines what execution history events are logged and where they are logged. The `logging_configuration` parameter is only valid when `type` is set to `EXPRESS`. Defaults to `OFF`. For more information see [Logging Express Workflows](https://docs.aws.amazon.com/step-functions/latest/dg/cw-logs.html) and [Log Levels](https://docs.aws.amazon.com/step-functions/latest/dg/cloudwatch-log-level.html) in the AWS Step Functions User Guide.\n" + }, + "name": { + "type": "string", + "description": "The name of the state machine. To enable logging with CloudWatch Logs, the name should only contain `0`-`9`, `A`-`Z`, `a`-`z`, `-` and `_`.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role to use for this state machine.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "tracingConfiguration": { + "$ref": "#/types/aws:sfn/StateMachineTracingConfiguration:StateMachineTracingConfiguration", + "description": "Selects whether AWS X-Ray tracing is enabled.\n" + }, + "type": { + "type": "string", + "description": "Determines whether a Standard or Express state machine is created. The default is `STANDARD`. You cannot update the type of a state machine once it has been created. Valid values: `STANDARD`, `EXPRESS`.\n" + } + }, + "requiredInputs": [ + "definition", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering StateMachine resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the state machine.\n" + }, + "creationDate": { + "type": "string", + "description": "The date the state machine was created.\n" + }, + "definition": { + "type": "string", + "description": "The [Amazon States Language](https://docs.aws.amazon.com/step-functions/latest/dg/concepts-amazon-states-language.html) definition of the state machine.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:sfn/StateMachineLoggingConfiguration:StateMachineLoggingConfiguration", + "description": "Defines what execution history events are logged and where they are logged. The `logging_configuration` parameter is only valid when `type` is set to `EXPRESS`. Defaults to `OFF`. For more information see [Logging Express Workflows](https://docs.aws.amazon.com/step-functions/latest/dg/cw-logs.html) and [Log Levels](https://docs.aws.amazon.com/step-functions/latest/dg/cloudwatch-log-level.html) in the AWS Step Functions User Guide.\n" + }, + "name": { + "type": "string", + "description": "The name of the state machine. To enable logging with CloudWatch Logs, the name should only contain `0`-`9`, `A`-`Z`, `a`-`z`, `-` and `_`.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role to use for this state machine.\n" + }, + "status": { + "type": "string", + "description": "The current status of the state machine. Either `ACTIVE` or `DELETING`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "tracingConfiguration": { + "$ref": "#/types/aws:sfn/StateMachineTracingConfiguration:StateMachineTracingConfiguration", + "description": "Selects whether AWS X-Ray tracing is enabled.\n" + }, + "type": { + "type": "string", + "description": "Determines whether a Standard or Express state machine is created. The default is `STANDARD`. You cannot update the type of a state machine once it has been created. Valid values: `STANDARD`, `EXPRESS`.\n" + } + }, + "type": "object" + } + }, + "aws:shield/protection:Protection": { + "description": "Enables AWS Shield Advanced for a specific AWS resource.\nThe resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, AWS Global Accelerator accelerator, Elastic IP Address, or an Amazon Route 53 hosted zone.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Create protection\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = pulumi.output(aws.getAvailabilityZones());\nconst currentRegion = pulumi.output(aws.getRegion());\nconst currentCallerIdentity = pulumi.output(aws.getCallerIdentity());\nconst exampleEip = new aws.ec2.Eip(\"example\", {\n vpc: true,\n});\nconst exampleProtection = new aws.shield.Protection(\"example\", {\n resourceArn: pulumi.interpolate`arn:aws:ec2:${currentRegion.name!}:${currentCallerIdentity.accountId}:eip-allocation/${exampleEip.id}`,\n tags: {\n Environment: \"Dev\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones()\ncurrent_region = aws.get_region()\ncurrent_caller_identity = aws.get_caller_identity()\nexample_eip = aws.ec2.Eip(\"exampleEip\", vpc=True)\nexample_protection = aws.shield.Protection(\"exampleProtection\",\n resource_arn=example_eip.id.apply(lambda id: f\"arn:aws:ec2:{current_region.name}:{current_caller_identity.account_id}:eip-allocation/{id}\"),\n tags={\n \"Environment\": \"Dev\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var available = Output.Create(Aws.GetAvailabilityZones.InvokeAsync());\n var currentRegion = Output.Create(Aws.GetRegion.InvokeAsync());\n var currentCallerIdentity = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var exampleEip = new Aws.Ec2.Eip(\"exampleEip\", new Aws.Ec2.EipArgs\n {\n Vpc = true,\n });\n var exampleProtection = new Aws.Shield.Protection(\"exampleProtection\", new Aws.Shield.ProtectionArgs\n {\n ResourceArn = Output.Tuple(currentRegion, currentCallerIdentity, exampleEip.Id).Apply(values =>\n {\n var currentRegion = values.Item1;\n var currentCallerIdentity = values.Item2;\n var id = values.Item3;\n return $\"arn:aws:ec2:{currentRegion.Name}:{currentCallerIdentity.AccountId}:eip-allocation/{id}\";\n }),\n Tags = \n {\n { \"Environment\", \"Dev\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/shield\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.GetAvailabilityZones(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentRegion, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tcurrentCallerIdentity, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleEip, err := ec2.NewEip(ctx, \"exampleEip\", &ec2.EipArgs{\n\t\t\tVpc: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = shield.NewProtection(ctx, \"exampleProtection\", &shield.ProtectionArgs{\n\t\t\tResourceArn: exampleEip.ID().ApplyT(func(id string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v\", \"arn:aws:ec2:\", currentRegion.Name, \":\", currentCallerIdentity.AccountId, \":eip-allocation/\", id), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"Dev\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nShield protection resources can be imported by specifying their ID e.g.\n\n```sh\n $ pulumi import aws:shield/protection:Protection example ff9592dc-22f3-4e88-afa1-7b29fde9669a\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Protection.\n" + }, + "name": { + "type": "string", + "description": "A friendly name for the Protection you are creating.\n" + }, + "resourceArn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the resource to be protected.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "name", + "resourceArn", + "tagsAll" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "A friendly name for the Protection you are creating.\n" + }, + "resourceArn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the resource to be protected.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "resourceArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Protection resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Protection.\n" + }, + "name": { + "type": "string", + "description": "A friendly name for the Protection you are creating.\n" + }, + "resourceArn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) of the resource to be protected.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:signer/signingJob:SigningJob": { + "description": "Creates a Signer Signing Job.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testSp = new aws.signer.SigningProfile(\"testSp\", {platformId: \"AWSLambda-SHA384-ECDSA\"});\nconst buildSigningJob = new aws.signer.SigningJob(\"buildSigningJob\", {\n profileName: testSp.name,\n source: {\n s3: {\n bucket: \"s3-bucket-name\",\n key: \"object-to-be-signed.zip\",\n version: \"jADjFYYYEXAMPLETszPjOmCMFDzd9dN1\",\n },\n },\n destination: {\n s3: {\n bucket: \"s3-bucket-name\",\n prefix: \"signed/\",\n },\n },\n ignoreSigningJobFailure: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_sp = aws.signer.SigningProfile(\"testSp\", platform_id=\"AWSLambda-SHA384-ECDSA\")\nbuild_signing_job = aws.signer.SigningJob(\"buildSigningJob\",\n profile_name=test_sp.name,\n source=aws.signer.SigningJobSourceArgs(\n s3=aws.signer.SigningJobSourceS3Args(\n bucket=\"s3-bucket-name\",\n key=\"object-to-be-signed.zip\",\n version=\"jADjFYYYEXAMPLETszPjOmCMFDzd9dN1\",\n ),\n ),\n destination=aws.signer.SigningJobDestinationArgs(\n s3=aws.signer.SigningJobDestinationS3Args(\n bucket=\"s3-bucket-name\",\n prefix=\"signed/\",\n ),\n ),\n ignore_signing_job_failure=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testSp = new Aws.Signer.SigningProfile(\"testSp\", new Aws.Signer.SigningProfileArgs\n {\n PlatformId = \"AWSLambda-SHA384-ECDSA\",\n });\n var buildSigningJob = new Aws.Signer.SigningJob(\"buildSigningJob\", new Aws.Signer.SigningJobArgs\n {\n ProfileName = testSp.Name,\n Source = new Aws.Signer.Inputs.SigningJobSourceArgs\n {\n S3 = new Aws.Signer.Inputs.SigningJobSourceS3Args\n {\n Bucket = \"s3-bucket-name\",\n Key = \"object-to-be-signed.zip\",\n Version = \"jADjFYYYEXAMPLETszPjOmCMFDzd9dN1\",\n },\n },\n Destination = new Aws.Signer.Inputs.SigningJobDestinationArgs\n {\n S3 = new Aws.Signer.Inputs.SigningJobDestinationS3Args\n {\n Bucket = \"s3-bucket-name\",\n Prefix = \"signed/\",\n },\n },\n IgnoreSigningJobFailure = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/signer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestSp, err := signer.NewSigningProfile(ctx, \"testSp\", &signer.SigningProfileArgs{\n\t\t\tPlatformId: pulumi.String(\"AWSLambda-SHA384-ECDSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = signer.NewSigningJob(ctx, \"buildSigningJob\", &signer.SigningJobArgs{\n\t\t\tProfileName: testSp.Name,\n\t\t\tSource: &signer.SigningJobSourceArgs{\n\t\t\t\tS3: &signer.SigningJobSourceS3Args{\n\t\t\t\t\tBucket: pulumi.String(\"s3-bucket-name\"),\n\t\t\t\t\tKey: pulumi.String(\"object-to-be-signed.zip\"),\n\t\t\t\t\tVersion: pulumi.String(\"jADjFYYYEXAMPLETszPjOmCMFDzd9dN1\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tDestination: &signer.SigningJobDestinationArgs{\n\t\t\t\tS3: &signer.SigningJobDestinationS3Args{\n\t\t\t\t\tBucket: pulumi.String(\"s3-bucket-name\"),\n\t\t\t\t\tPrefix: pulumi.String(\"signed/\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tIgnoreSigningJobFailure: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSigner signing jobs can be imported using the `job_id`, e.g.\n\n```sh\n $ pulumi import aws:signer/signingJob:SigningJob test_signer_signing_job 9ed7e5c3-b8d4-4da0-8459-44e0b068f7ee\n```\n\n ", + "properties": { + "completedAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the signing job was completed.\n" + }, + "createdAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the signing job was created.\n" + }, + "destination": { + "$ref": "#/types/aws:signer/SigningJobDestination:SigningJobDestination", + "description": "The S3 bucket in which to save your signed object. See Destination below for details.\n" + }, + "ignoreSigningJobFailure": { + "type": "boolean", + "description": "Set this argument to `true` to ignore signing job failures and retrieve failed status and reason. Default `false`.\n" + }, + "jobId": { + "type": "string", + "description": "The ID of the signing job on output.\n" + }, + "jobInvoker": { + "type": "string", + "description": "The IAM entity that initiated the signing job.\n" + }, + "jobOwner": { + "type": "string", + "description": "The AWS account ID of the job owner.\n" + }, + "platformDisplayName": { + "type": "string", + "description": "A human-readable name for the signing platform associated with the signing job.\n" + }, + "platformId": { + "type": "string", + "description": "The platform to which your signed code image will be distributed.\n" + }, + "profileName": { + "type": "string", + "description": "The name of the profile to initiate the signing operation.\n" + }, + "profileVersion": { + "type": "string", + "description": "The version of the signing profile used to initiate the signing job.\n" + }, + "requestedBy": { + "type": "string", + "description": "The IAM principal that requested the signing job.\n" + }, + "revocationRecords": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/SigningJobRevocationRecord:SigningJobRevocationRecord" + }, + "description": "A revocation record if the signature generated by the signing job has been revoked. Contains a timestamp and the ID of the IAM entity that revoked the signature.\n" + }, + "signatureExpiresAt": { + "type": "string", + "description": "The time when the signature of a signing job expires.\n" + }, + "signedObjects": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/SigningJobSignedObject:SigningJobSignedObject" + }, + "description": "Name of the S3 bucket where the signed code image is saved by code signing.\n" + }, + "source": { + "$ref": "#/types/aws:signer/SigningJobSource:SigningJobSource", + "description": "The S3 bucket that contains the object to sign. See Source below for details.\n" + }, + "status": { + "type": "string", + "description": "Status of the signing job.\n" + }, + "statusReason": { + "type": "string", + "description": "String value that contains the status reason.\n" + } + }, + "required": [ + "completedAt", + "createdAt", + "destination", + "jobId", + "jobInvoker", + "jobOwner", + "platformDisplayName", + "platformId", + "profileName", + "profileVersion", + "requestedBy", + "revocationRecords", + "signatureExpiresAt", + "signedObjects", + "source", + "status", + "statusReason" + ], + "inputProperties": { + "destination": { + "$ref": "#/types/aws:signer/SigningJobDestination:SigningJobDestination", + "description": "The S3 bucket in which to save your signed object. See Destination below for details.\n" + }, + "ignoreSigningJobFailure": { + "type": "boolean", + "description": "Set this argument to `true` to ignore signing job failures and retrieve failed status and reason. Default `false`.\n" + }, + "profileName": { + "type": "string", + "description": "The name of the profile to initiate the signing operation.\n" + }, + "source": { + "$ref": "#/types/aws:signer/SigningJobSource:SigningJobSource", + "description": "The S3 bucket that contains the object to sign. See Source below for details.\n" + } + }, + "requiredInputs": [ + "destination", + "profileName", + "source" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SigningJob resources.\n", + "properties": { + "completedAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the signing job was completed.\n" + }, + "createdAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the signing job was created.\n" + }, + "destination": { + "$ref": "#/types/aws:signer/SigningJobDestination:SigningJobDestination", + "description": "The S3 bucket in which to save your signed object. See Destination below for details.\n" + }, + "ignoreSigningJobFailure": { + "type": "boolean", + "description": "Set this argument to `true` to ignore signing job failures and retrieve failed status and reason. Default `false`.\n" + }, + "jobId": { + "type": "string", + "description": "The ID of the signing job on output.\n" + }, + "jobInvoker": { + "type": "string", + "description": "The IAM entity that initiated the signing job.\n" + }, + "jobOwner": { + "type": "string", + "description": "The AWS account ID of the job owner.\n" + }, + "platformDisplayName": { + "type": "string", + "description": "A human-readable name for the signing platform associated with the signing job.\n" + }, + "platformId": { + "type": "string", + "description": "The platform to which your signed code image will be distributed.\n" + }, + "profileName": { + "type": "string", + "description": "The name of the profile to initiate the signing operation.\n" + }, + "profileVersion": { + "type": "string", + "description": "The version of the signing profile used to initiate the signing job.\n" + }, + "requestedBy": { + "type": "string", + "description": "The IAM principal that requested the signing job.\n" + }, + "revocationRecords": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/SigningJobRevocationRecord:SigningJobRevocationRecord" + }, + "description": "A revocation record if the signature generated by the signing job has been revoked. Contains a timestamp and the ID of the IAM entity that revoked the signature.\n" + }, + "signatureExpiresAt": { + "type": "string", + "description": "The time when the signature of a signing job expires.\n" + }, + "signedObjects": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/SigningJobSignedObject:SigningJobSignedObject" + }, + "description": "Name of the S3 bucket where the signed code image is saved by code signing.\n" + }, + "source": { + "$ref": "#/types/aws:signer/SigningJobSource:SigningJobSource", + "description": "The S3 bucket that contains the object to sign. See Source below for details.\n" + }, + "status": { + "type": "string", + "description": "Status of the signing job.\n" + }, + "statusReason": { + "type": "string", + "description": "String value that contains the status reason.\n" + } + }, + "type": "object" + } + }, + "aws:signer/signingProfile:SigningProfile": { + "description": "Creates a Signer Signing Profile. A signing profile contains information about the code signing configuration parameters that can be used by a given code signing user.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testSp = new aws.signer.SigningProfile(\"test_sp\", {\n platformId: \"AWSLambda-SHA384-ECDSA\",\n});\nconst prodSp = new aws.signer.SigningProfile(\"prod_sp\", {\n namePrefix: \"prod_sp_\",\n platformId: \"AWSLambda-SHA384-ECDSA\",\n signatureValidityPeriod: {\n type: \"YEARS\",\n value: 5,\n },\n tags: {\n tag1: \"value1\",\n tag2: \"value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_sp = aws.signer.SigningProfile(\"testSp\", platform_id=\"AWSLambda-SHA384-ECDSA\")\nprod_sp = aws.signer.SigningProfile(\"prodSp\",\n name_prefix=\"prod_sp_\",\n platform_id=\"AWSLambda-SHA384-ECDSA\",\n signature_validity_period=aws.signer.SigningProfileSignatureValidityPeriodArgs(\n type=\"YEARS\",\n value=5,\n ),\n tags={\n \"tag1\": \"value1\",\n \"tag2\": \"value2\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testSp = new Aws.Signer.SigningProfile(\"testSp\", new Aws.Signer.SigningProfileArgs\n {\n PlatformId = \"AWSLambda-SHA384-ECDSA\",\n });\n var prodSp = new Aws.Signer.SigningProfile(\"prodSp\", new Aws.Signer.SigningProfileArgs\n {\n NamePrefix = \"prod_sp_\",\n PlatformId = \"AWSLambda-SHA384-ECDSA\",\n SignatureValidityPeriod = new Aws.Signer.Inputs.SigningProfileSignatureValidityPeriodArgs\n {\n Type = \"YEARS\",\n Value = 5,\n },\n Tags = \n {\n { \"tag1\", \"value1\" },\n { \"tag2\", \"value2\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/signer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := signer.NewSigningProfile(ctx, \"testSp\", &signer.SigningProfileArgs{\n\t\t\tPlatformId: pulumi.String(\"AWSLambda-SHA384-ECDSA\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = signer.NewSigningProfile(ctx, \"prodSp\", &signer.SigningProfileArgs{\n\t\t\tNamePrefix: pulumi.String(\"prod_sp_\"),\n\t\t\tPlatformId: pulumi.String(\"AWSLambda-SHA384-ECDSA\"),\n\t\t\tSignatureValidityPeriod: &signer.SigningProfileSignatureValidityPeriodArgs{\n\t\t\t\tType: pulumi.String(\"YEARS\"),\n\t\t\t\tValue: pulumi.Int(5),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag1\": pulumi.String(\"value1\"),\n\t\t\t\t\"tag2\": pulumi.String(\"value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSigner signing profiles can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:signer/signingProfile:SigningProfile test_signer_signing_profile test_sp_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the signing profile.\n" + }, + "name": { + "type": "string", + "description": "A unique signing profile name. By default generated by the provider. Signing profile names are immutable and cannot be reused after canceled.\n" + }, + "namePrefix": { + "type": "string", + "description": "A signing profile name prefix. The provider will generate a unique suffix. Conflicts with `name`.\n" + }, + "platformDisplayName": { + "type": "string", + "description": "A human-readable name for the signing platform associated with the signing profile.\n" + }, + "platformId": { + "type": "string", + "description": "The ID of the platform that is used by the target signing profile.\n" + }, + "revocationRecords": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/SigningProfileRevocationRecord:SigningProfileRevocationRecord" + }, + "description": "Revocation information for a signing profile.\n" + }, + "signatureValidityPeriod": { + "$ref": "#/types/aws:signer/SigningProfileSignatureValidityPeriod:SigningProfileSignatureValidityPeriod", + "description": "The validity period for a signing job.\n" + }, + "status": { + "type": "string", + "description": "The status of the target signing profile.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags associated with the signing profile. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "The current version of the signing profile.\n" + }, + "versionArn": { + "type": "string", + "description": "The signing profile ARN, including the profile version.\n" + } + }, + "required": [ + "arn", + "name", + "platformDisplayName", + "platformId", + "revocationRecords", + "signatureValidityPeriod", + "status", + "tagsAll", + "version", + "versionArn" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "A unique signing profile name. By default generated by the provider. Signing profile names are immutable and cannot be reused after canceled.\n" + }, + "namePrefix": { + "type": "string", + "description": "A signing profile name prefix. The provider will generate a unique suffix. Conflicts with `name`.\n" + }, + "platformId": { + "type": "string", + "description": "The ID of the platform that is used by the target signing profile.\n" + }, + "signatureValidityPeriod": { + "$ref": "#/types/aws:signer/SigningProfileSignatureValidityPeriod:SigningProfileSignatureValidityPeriod", + "description": "The validity period for a signing job.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags associated with the signing profile. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "platformId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SigningProfile resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the signing profile.\n" + }, + "name": { + "type": "string", + "description": "A unique signing profile name. By default generated by the provider. Signing profile names are immutable and cannot be reused after canceled.\n" + }, + "namePrefix": { + "type": "string", + "description": "A signing profile name prefix. The provider will generate a unique suffix. Conflicts with `name`.\n" + }, + "platformDisplayName": { + "type": "string", + "description": "A human-readable name for the signing platform associated with the signing profile.\n" + }, + "platformId": { + "type": "string", + "description": "The ID of the platform that is used by the target signing profile.\n" + }, + "revocationRecords": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/SigningProfileRevocationRecord:SigningProfileRevocationRecord" + }, + "description": "Revocation information for a signing profile.\n" + }, + "signatureValidityPeriod": { + "$ref": "#/types/aws:signer/SigningProfileSignatureValidityPeriod:SigningProfileSignatureValidityPeriod", + "description": "The validity period for a signing job.\n" + }, + "status": { + "type": "string", + "description": "The status of the target signing profile.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags associated with the signing profile. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "version": { + "type": "string", + "description": "The current version of the signing profile.\n" + }, + "versionArn": { + "type": "string", + "description": "The signing profile ARN, including the profile version.\n" + } + }, + "type": "object" + } + }, + "aws:signer/signingProfilePermission:SigningProfilePermission": { + "description": "Creates a Signer Signing Profile Permission. That is, a cross-account permission for a signing profile.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst prodSp = new aws.signer.SigningProfile(\"prodSp\", {\n platformId: \"AWSLambda-SHA384-ECDSA\",\n namePrefix: \"prod_sp_\",\n signatureValidityPeriod: {\n value: 5,\n type: \"YEARS\",\n },\n tags: {\n tag1: \"value1\",\n tag2: \"value2\",\n },\n});\nconst spPermission1 = new aws.signer.SigningProfilePermission(\"spPermission1\", {\n profileName: prodSp.name,\n action: \"signer:StartSigningJob\",\n principal: _var.aws_account,\n});\nconst spPermission2 = new aws.signer.SigningProfilePermission(\"spPermission2\", {\n profileName: prodSp.name,\n action: \"signer:GetSigningProfile\",\n principal: _var.aws_team_role_arn,\n statementId: \"ProdAccountStartSigningJob_StatementId\",\n});\nconst spPermission3 = new aws.signer.SigningProfilePermission(\"spPermission3\", {\n profileName: prodSp.name,\n action: \"signer:RevokeSignature\",\n principal: \"123456789012\",\n profileVersion: prodSp.version,\n statementIdPrefix: \"version-permission-\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprod_sp = aws.signer.SigningProfile(\"prodSp\",\n platform_id=\"AWSLambda-SHA384-ECDSA\",\n name_prefix=\"prod_sp_\",\n signature_validity_period=aws.signer.SigningProfileSignatureValidityPeriodArgs(\n value=5,\n type=\"YEARS\",\n ),\n tags={\n \"tag1\": \"value1\",\n \"tag2\": \"value2\",\n })\nsp_permission1 = aws.signer.SigningProfilePermission(\"spPermission1\",\n profile_name=prod_sp.name,\n action=\"signer:StartSigningJob\",\n principal=var[\"aws_account\"])\nsp_permission2 = aws.signer.SigningProfilePermission(\"spPermission2\",\n profile_name=prod_sp.name,\n action=\"signer:GetSigningProfile\",\n principal=var[\"aws_team_role_arn\"],\n statement_id=\"ProdAccountStartSigningJob_StatementId\")\nsp_permission3 = aws.signer.SigningProfilePermission(\"spPermission3\",\n profile_name=prod_sp.name,\n action=\"signer:RevokeSignature\",\n principal=\"123456789012\",\n profile_version=prod_sp.version,\n statement_id_prefix=\"version-permission-\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var prodSp = new Aws.Signer.SigningProfile(\"prodSp\", new Aws.Signer.SigningProfileArgs\n {\n PlatformId = \"AWSLambda-SHA384-ECDSA\",\n NamePrefix = \"prod_sp_\",\n SignatureValidityPeriod = new Aws.Signer.Inputs.SigningProfileSignatureValidityPeriodArgs\n {\n Value = 5,\n Type = \"YEARS\",\n },\n Tags = \n {\n { \"tag1\", \"value1\" },\n { \"tag2\", \"value2\" },\n },\n });\n var spPermission1 = new Aws.Signer.SigningProfilePermission(\"spPermission1\", new Aws.Signer.SigningProfilePermissionArgs\n {\n ProfileName = prodSp.Name,\n Action = \"signer:StartSigningJob\",\n Principal = @var.Aws_account,\n });\n var spPermission2 = new Aws.Signer.SigningProfilePermission(\"spPermission2\", new Aws.Signer.SigningProfilePermissionArgs\n {\n ProfileName = prodSp.Name,\n Action = \"signer:GetSigningProfile\",\n Principal = @var.Aws_team_role_arn,\n StatementId = \"ProdAccountStartSigningJob_StatementId\",\n });\n var spPermission3 = new Aws.Signer.SigningProfilePermission(\"spPermission3\", new Aws.Signer.SigningProfilePermissionArgs\n {\n ProfileName = prodSp.Name,\n Action = \"signer:RevokeSignature\",\n Principal = \"123456789012\",\n ProfileVersion = prodSp.Version,\n StatementIdPrefix = \"version-permission-\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/signer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprodSp, err := signer.NewSigningProfile(ctx, \"prodSp\", &signer.SigningProfileArgs{\n\t\t\tPlatformId: pulumi.String(\"AWSLambda-SHA384-ECDSA\"),\n\t\t\tNamePrefix: pulumi.String(\"prod_sp_\"),\n\t\t\tSignatureValidityPeriod: &signer.SigningProfileSignatureValidityPeriodArgs{\n\t\t\t\tValue: pulumi.Int(5),\n\t\t\t\tType: pulumi.String(\"YEARS\"),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag1\": pulumi.String(\"value1\"),\n\t\t\t\t\"tag2\": pulumi.String(\"value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = signer.NewSigningProfilePermission(ctx, \"spPermission1\", &signer.SigningProfilePermissionArgs{\n\t\t\tProfileName: prodSp.Name,\n\t\t\tAction: pulumi.String(\"signer:StartSigningJob\"),\n\t\t\tPrincipal: pulumi.Any(_var.Aws_account),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = signer.NewSigningProfilePermission(ctx, \"spPermission2\", &signer.SigningProfilePermissionArgs{\n\t\t\tProfileName: prodSp.Name,\n\t\t\tAction: pulumi.String(\"signer:GetSigningProfile\"),\n\t\t\tPrincipal: pulumi.Any(_var.Aws_team_role_arn),\n\t\t\tStatementId: pulumi.String(\"ProdAccountStartSigningJob_StatementId\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = signer.NewSigningProfilePermission(ctx, \"spPermission3\", &signer.SigningProfilePermissionArgs{\n\t\t\tProfileName: prodSp.Name,\n\t\t\tAction: pulumi.String(\"signer:RevokeSignature\"),\n\t\t\tPrincipal: pulumi.String(\"123456789012\"),\n\t\t\tProfileVersion: prodSp.Version,\n\t\t\tStatementIdPrefix: pulumi.String(\"version-permission-\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSigner signing profile permission statements can be imported using profile_name/statement_id, e.g.\n\n```sh\n $ pulumi import aws:signer/signingProfilePermission:SigningProfilePermission test_signer_signing_profile_permission prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK/ProdAccountStartSigningJobStatementId\n```\n\n ", + "properties": { + "action": { + "type": "string", + "description": "An AWS Signer action permitted as part of cross-account permissions. Valid values: `signer:StartSigningJob`, `signer:GetSigningProfile`, or `signer:RevokeSignature`.\n" + }, + "principal": { + "type": "string", + "description": "The AWS principal to be granted a cross-account permission.\n" + }, + "profileName": { + "type": "string", + "description": "Name of the signing profile to add the cross-account permissions.\n" + }, + "profileVersion": { + "type": "string", + "description": "The signing profile version that a permission applies to.\n" + }, + "statementId": { + "type": "string", + "description": "A unique statement identifier. By default generated by the provider.\n" + }, + "statementIdPrefix": { + "type": "string", + "description": "A statement identifier prefix. The provider will generate a unique suffix. Conflicts with `statement_id`.\n" + } + }, + "required": [ + "action", + "principal", + "profileName", + "profileVersion", + "statementId" + ], + "inputProperties": { + "action": { + "type": "string", + "description": "An AWS Signer action permitted as part of cross-account permissions. Valid values: `signer:StartSigningJob`, `signer:GetSigningProfile`, or `signer:RevokeSignature`.\n" + }, + "principal": { + "type": "string", + "description": "The AWS principal to be granted a cross-account permission.\n" + }, + "profileName": { + "type": "string", + "description": "Name of the signing profile to add the cross-account permissions.\n" + }, + "profileVersion": { + "type": "string", + "description": "The signing profile version that a permission applies to.\n" + }, + "statementId": { + "type": "string", + "description": "A unique statement identifier. By default generated by the provider.\n" + }, + "statementIdPrefix": { + "type": "string", + "description": "A statement identifier prefix. The provider will generate a unique suffix. Conflicts with `statement_id`.\n" + } + }, + "requiredInputs": [ + "action", + "principal", + "profileName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SigningProfilePermission resources.\n", + "properties": { + "action": { + "type": "string", + "description": "An AWS Signer action permitted as part of cross-account permissions. Valid values: `signer:StartSigningJob`, `signer:GetSigningProfile`, or `signer:RevokeSignature`.\n" + }, + "principal": { + "type": "string", + "description": "The AWS principal to be granted a cross-account permission.\n" + }, + "profileName": { + "type": "string", + "description": "Name of the signing profile to add the cross-account permissions.\n" + }, + "profileVersion": { + "type": "string", + "description": "The signing profile version that a permission applies to.\n" + }, + "statementId": { + "type": "string", + "description": "A unique statement identifier. By default generated by the provider.\n" + }, + "statementIdPrefix": { + "type": "string", + "description": "A statement identifier prefix. The provider will generate a unique suffix. Conflicts with `statement_id`.\n" + } + }, + "type": "object" + } + }, + "aws:simpledb/domain:Domain": { + "description": "Provides a SimpleDB domain resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst users = new aws.simpledb.Domain(\"users\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nusers = aws.simpledb.Domain(\"users\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var users = new Aws.SimpleDB.Domain(\"users\", new Aws.SimpleDB.DomainArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/simpledb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := simpledb.NewDomain(ctx, \"users\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSimpleDB Domains can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:simpledb/domain:Domain users users\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name of the SimpleDB domain\n" + } + }, + "required": [ + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the SimpleDB domain\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Domain resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the SimpleDB domain\n" + } + }, + "type": "object" + } + }, + "aws:sns/platformApplication:PlatformApplication": { + "description": "Provides an SNS platform application resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Apple Push Notification Service (APNS)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst apnsApplication = new aws.sns.PlatformApplication(\"apns_application\", {\n platform: \"APNS\",\n platformCredential: \"\",\n platformPrincipal: \"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\napns_application = aws.sns.PlatformApplication(\"apnsApplication\",\n platform=\"APNS\",\n platform_credential=\"\",\n platform_principal=\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var apnsApplication = new Aws.Sns.PlatformApplication(\"apnsApplication\", new Aws.Sns.PlatformApplicationArgs\n {\n Platform = \"APNS\",\n PlatformCredential = \"\",\n PlatformPrincipal = \"\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewPlatformApplication(ctx, \"apnsApplication\", &sns.PlatformApplicationArgs{\n\t\t\tPlatform: pulumi.String(\"APNS\"),\n\t\t\tPlatformCredential: pulumi.String(\"\"),\n\t\t\tPlatformPrincipal: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Google Cloud Messaging (GCM)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst gcmApplication = new aws.sns.PlatformApplication(\"gcm_application\", {\n platform: \"GCM\",\n platformCredential: \"\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngcm_application = aws.sns.PlatformApplication(\"gcmApplication\",\n platform=\"GCM\",\n platform_credential=\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var gcmApplication = new Aws.Sns.PlatformApplication(\"gcmApplication\", new Aws.Sns.PlatformApplicationArgs\n {\n Platform = \"GCM\",\n PlatformCredential = \"\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewPlatformApplication(ctx, \"gcmApplication\", &sns.PlatformApplicationArgs{\n\t\t\tPlatform: pulumi.String(\"GCM\"),\n\t\t\tPlatformCredential: pulumi.String(\"\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSNS platform applications can be imported using the ARN, e.g.\n\n```sh\n $ pulumi import aws:sns/platformApplication:PlatformApplication gcm_application arn:aws:sns:us-west-2:0123456789012:app/GCM/gcm_application\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the SNS platform application\n" + }, + "eventDeliveryFailureTopicArn": { + "type": "string", + "description": "SNS Topic triggered when a delivery to any of the platform endpoints associated with your platform application encounters a permanent failure.\n" + }, + "eventEndpointCreatedTopicArn": { + "type": "string", + "description": "SNS Topic triggered when a new platform endpoint is added to your platform application.\n" + }, + "eventEndpointDeletedTopicArn": { + "type": "string", + "description": "SNS Topic triggered when an existing platform endpoint is deleted from your platform application.\n" + }, + "eventEndpointUpdatedTopicArn": { + "type": "string", + "description": "SNS Topic triggered when an existing platform endpoint is changed from your platform application.\n" + }, + "failureFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive failure feedback for this application.\n" + }, + "name": { + "type": "string", + "description": "The friendly name for the SNS platform application\n" + }, + "platform": { + "type": "string", + "description": "The platform that the app is registered with. See [Platform](http://docs.aws.amazon.com/sns/latest/dg/mobile-push-send-register.html) for supported platforms.\n" + }, + "platformCredential": { + "type": "string", + "description": "Application Platform credential. See [Credential](http://docs.aws.amazon.com/sns/latest/dg/mobile-push-send-register.html) for type of credential required for platform. The value of this attribute when stored into the state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources.\n" + }, + "platformPrincipal": { + "type": "string", + "description": "Application Platform principal. See [Principal](http://docs.aws.amazon.com/sns/latest/api/API_CreatePlatformApplication.html) for type of principal required for platform. The value of this attribute when stored into the state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources.\n" + }, + "successFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this application.\n" + }, + "successFeedbackSampleRate": { + "type": "string", + "description": "The percentage of success to sample (0-100)\n" + } + }, + "required": [ + "arn", + "name", + "platform", + "platformCredential" + ], + "inputProperties": { + "eventDeliveryFailureTopicArn": { + "type": "string", + "description": "SNS Topic triggered when a delivery to any of the platform endpoints associated with your platform application encounters a permanent failure.\n" + }, + "eventEndpointCreatedTopicArn": { + "type": "string", + "description": "SNS Topic triggered when a new platform endpoint is added to your platform application.\n" + }, + "eventEndpointDeletedTopicArn": { + "type": "string", + "description": "SNS Topic triggered when an existing platform endpoint is deleted from your platform application.\n" + }, + "eventEndpointUpdatedTopicArn": { + "type": "string", + "description": "SNS Topic triggered when an existing platform endpoint is changed from your platform application.\n" + }, + "failureFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive failure feedback for this application.\n" + }, + "name": { + "type": "string", + "description": "The friendly name for the SNS platform application\n" + }, + "platform": { + "type": "string", + "description": "The platform that the app is registered with. See [Platform](http://docs.aws.amazon.com/sns/latest/dg/mobile-push-send-register.html) for supported platforms.\n" + }, + "platformCredential": { + "type": "string", + "description": "Application Platform credential. See [Credential](http://docs.aws.amazon.com/sns/latest/dg/mobile-push-send-register.html) for type of credential required for platform. The value of this attribute when stored into the state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources.\n" + }, + "platformPrincipal": { + "type": "string", + "description": "Application Platform principal. See [Principal](http://docs.aws.amazon.com/sns/latest/api/API_CreatePlatformApplication.html) for type of principal required for platform. The value of this attribute when stored into the state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources.\n" + }, + "successFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this application.\n" + }, + "successFeedbackSampleRate": { + "type": "string", + "description": "The percentage of success to sample (0-100)\n" + } + }, + "requiredInputs": [ + "platform", + "platformCredential" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PlatformApplication resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the SNS platform application\n" + }, + "eventDeliveryFailureTopicArn": { + "type": "string", + "description": "SNS Topic triggered when a delivery to any of the platform endpoints associated with your platform application encounters a permanent failure.\n" + }, + "eventEndpointCreatedTopicArn": { + "type": "string", + "description": "SNS Topic triggered when a new platform endpoint is added to your platform application.\n" + }, + "eventEndpointDeletedTopicArn": { + "type": "string", + "description": "SNS Topic triggered when an existing platform endpoint is deleted from your platform application.\n" + }, + "eventEndpointUpdatedTopicArn": { + "type": "string", + "description": "SNS Topic triggered when an existing platform endpoint is changed from your platform application.\n" + }, + "failureFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive failure feedback for this application.\n" + }, + "name": { + "type": "string", + "description": "The friendly name for the SNS platform application\n" + }, + "platform": { + "type": "string", + "description": "The platform that the app is registered with. See [Platform](http://docs.aws.amazon.com/sns/latest/dg/mobile-push-send-register.html) for supported platforms.\n" + }, + "platformCredential": { + "type": "string", + "description": "Application Platform credential. See [Credential](http://docs.aws.amazon.com/sns/latest/dg/mobile-push-send-register.html) for type of credential required for platform. The value of this attribute when stored into the state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources.\n" + }, + "platformPrincipal": { + "type": "string", + "description": "Application Platform principal. See [Principal](http://docs.aws.amazon.com/sns/latest/api/API_CreatePlatformApplication.html) for type of principal required for platform. The value of this attribute when stored into the state is only a hash of the real value, so therefore it is not practical to use this as an attribute for other resources.\n" + }, + "successFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this application.\n" + }, + "successFeedbackSampleRate": { + "type": "string", + "description": "The percentage of success to sample (0-100)\n" + } + }, + "type": "object" + } + }, + "aws:sns/smsPreferences:SmsPreferences": { + "description": "Provides a way to set SNS SMS preferences.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst updateSmsPrefs = new aws.sns.SmsPreferences(\"update_sms_prefs\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nupdate_sms_prefs = aws.sns.SmsPreferences(\"updateSmsPrefs\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var updateSmsPrefs = new Aws.Sns.SmsPreferences(\"updateSmsPrefs\", new Aws.Sns.SmsPreferencesArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewSmsPreferences(ctx, \"updateSmsPrefs\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "defaultSenderId": { + "type": "string", + "description": "A string, such as your business brand, that is displayed as the sender on the receiving device.\n" + }, + "defaultSmsType": { + "type": "string", + "description": "The type of SMS message that you will send by default. Possible values are: Promotional, Transactional\n" + }, + "deliveryStatusIamRoleArn": { + "type": "string", + "description": "The ARN of the IAM role that allows Amazon SNS to write logs about SMS deliveries in CloudWatch Logs.\n" + }, + "deliveryStatusSuccessSamplingRate": { + "type": "string", + "description": "The percentage of successful SMS deliveries for which Amazon SNS will write logs in CloudWatch Logs. The value must be between 0 and 100.\n" + }, + "monthlySpendLimit": { + "type": "string", + "description": "The maximum amount in USD that you are willing to spend each month to send SMS messages.\n" + }, + "usageReportS3Bucket": { + "type": "string", + "description": "The name of the Amazon S3 bucket to receive daily SMS usage reports from Amazon SNS.\n" + } + }, + "inputProperties": { + "defaultSenderId": { + "type": "string", + "description": "A string, such as your business brand, that is displayed as the sender on the receiving device.\n" + }, + "defaultSmsType": { + "type": "string", + "description": "The type of SMS message that you will send by default. Possible values are: Promotional, Transactional\n" + }, + "deliveryStatusIamRoleArn": { + "type": "string", + "description": "The ARN of the IAM role that allows Amazon SNS to write logs about SMS deliveries in CloudWatch Logs.\n" + }, + "deliveryStatusSuccessSamplingRate": { + "type": "string", + "description": "The percentage of successful SMS deliveries for which Amazon SNS will write logs in CloudWatch Logs. The value must be between 0 and 100.\n" + }, + "monthlySpendLimit": { + "type": "string", + "description": "The maximum amount in USD that you are willing to spend each month to send SMS messages.\n" + }, + "usageReportS3Bucket": { + "type": "string", + "description": "The name of the Amazon S3 bucket to receive daily SMS usage reports from Amazon SNS.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SmsPreferences resources.\n", + "properties": { + "defaultSenderId": { + "type": "string", + "description": "A string, such as your business brand, that is displayed as the sender on the receiving device.\n" + }, + "defaultSmsType": { + "type": "string", + "description": "The type of SMS message that you will send by default. Possible values are: Promotional, Transactional\n" + }, + "deliveryStatusIamRoleArn": { + "type": "string", + "description": "The ARN of the IAM role that allows Amazon SNS to write logs about SMS deliveries in CloudWatch Logs.\n" + }, + "deliveryStatusSuccessSamplingRate": { + "type": "string", + "description": "The percentage of successful SMS deliveries for which Amazon SNS will write logs in CloudWatch Logs. The value must be between 0 and 100.\n" + }, + "monthlySpendLimit": { + "type": "string", + "description": "The maximum amount in USD that you are willing to spend each month to send SMS messages.\n" + }, + "usageReportS3Bucket": { + "type": "string", + "description": "The name of the Amazon S3 bucket to receive daily SMS usage reports from Amazon SNS.\n" + } + }, + "type": "object" + } + }, + "aws:sns/topic:Topic": { + "description": "Provides an SNS topic resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"user_updates\", {});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"userUpdates\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var userUpdates = new Aws.Sns.Topic(\"userUpdates\", new Aws.Sns.TopicArgs\n {\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopic(ctx, \"userUpdates\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Example with Delivery Policy\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"user_updates\", {\n deliveryPolicy: `{\n \"http\": {\n \"defaultHealthyRetryPolicy\": {\n \"minDelayTarget\": 20,\n \"maxDelayTarget\": 20,\n \"numRetries\": 3,\n \"numMaxDelayRetries\": 0,\n \"numNoDelayRetries\": 0,\n \"numMinDelayRetries\": 0,\n \"backoffFunction\": \"linear\"\n },\n \"disableSubscriptionOverrides\": false,\n \"defaultThrottlePolicy\": {\n \"maxReceivesPerSecond\": 1\n }\n }\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"userUpdates\", delivery_policy=\"\"\"{\n \"http\": {\n \"defaultHealthyRetryPolicy\": {\n \"minDelayTarget\": 20,\n \"maxDelayTarget\": 20,\n \"numRetries\": 3,\n \"numMaxDelayRetries\": 0,\n \"numNoDelayRetries\": 0,\n \"numMinDelayRetries\": 0,\n \"backoffFunction\": \"linear\"\n },\n \"disableSubscriptionOverrides\": false,\n \"defaultThrottlePolicy\": {\n \"maxReceivesPerSecond\": 1\n }\n }\n}\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var userUpdates = new Aws.Sns.Topic(\"userUpdates\", new Aws.Sns.TopicArgs\n {\n DeliveryPolicy = @\"{\n \"\"http\"\": {\n \"\"defaultHealthyRetryPolicy\"\": {\n \"\"minDelayTarget\"\": 20,\n \"\"maxDelayTarget\"\": 20,\n \"\"numRetries\"\": 3,\n \"\"numMaxDelayRetries\"\": 0,\n \"\"numNoDelayRetries\"\": 0,\n \"\"numMinDelayRetries\"\": 0,\n \"\"backoffFunction\"\": \"\"linear\"\"\n },\n \"\"disableSubscriptionOverrides\"\": false,\n \"\"defaultThrottlePolicy\"\": {\n \"\"maxReceivesPerSecond\"\": 1\n }\n }\n}\n\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopic(ctx, \"userUpdates\", &sns.TopicArgs{\n\t\t\tDeliveryPolicy: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"http\\\": {\\n\", \" \\\"defaultHealthyRetryPolicy\\\": {\\n\", \" \\\"minDelayTarget\\\": 20,\\n\", \" \\\"maxDelayTarget\\\": 20,\\n\", \" \\\"numRetries\\\": 3,\\n\", \" \\\"numMaxDelayRetries\\\": 0,\\n\", \" \\\"numNoDelayRetries\\\": 0,\\n\", \" \\\"numMinDelayRetries\\\": 0,\\n\", \" \\\"backoffFunction\\\": \\\"linear\\\"\\n\", \" },\\n\", \" \\\"disableSubscriptionOverrides\\\": false,\\n\", \" \\\"defaultThrottlePolicy\\\": {\\n\", \" \\\"maxReceivesPerSecond\\\": 1\\n\", \" }\\n\", \" }\\n\", \"}\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Example with Server-side encryption (SSE)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"user_updates\", {\n kmsMasterKeyId: \"alias/aws/sns\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"userUpdates\", kms_master_key_id=\"alias/aws/sns\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var userUpdates = new Aws.Sns.Topic(\"userUpdates\", new Aws.Sns.TopicArgs\n {\n KmsMasterKeyId = \"alias/aws/sns\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopic(ctx, \"userUpdates\", &sns.TopicArgs{\n\t\t\tKmsMasterKeyId: pulumi.String(\"alias/aws/sns\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Example with First-In-First-Out (FIFO)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"user_updates\", {\n contentBasedDeduplication: true,\n fifoTopic: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"userUpdates\",\n content_based_deduplication=True,\n fifo_topic=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var userUpdates = new Aws.Sns.Topic(\"userUpdates\", new Aws.Sns.TopicArgs\n {\n ContentBasedDeduplication = true,\n FifoTopic = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopic(ctx, \"userUpdates\", &sns.TopicArgs{\n\t\t\tContentBasedDeduplication: pulumi.Bool(true),\n\t\t\tFifoTopic: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Message Delivery Status Arguments\n\nThe `_success_feedback_role_arn` and `_failure_feedback_role_arn` arguments are used to give Amazon SNS write access to use CloudWatch Logs on your behalf. The `_success_feedback_sample_rate` argument is for specifying the sample rate percentage (0-100) of successfully delivered messages. After you configure the `_failure_feedback_role_arn` argument, then all failed message deliveries generate CloudWatch Logs.\n\n\n## Import\n\nSNS Topics can be imported using the `topic arn`, e.g.\n\n```sh\n $ pulumi import aws:sns/topic:Topic user_updates arn:aws:sns:us-west-2:0123456789012:my-topic\n```\n\n ", + "properties": { + "applicationFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "applicationSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "applicationSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "arn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the SNS topic, as a more obvious property (clone of id)\n" + }, + "contentBasedDeduplication": { + "type": "boolean", + "description": "Enables content-based deduplication for FIFO topics. For more information, see the [related documentation](https://docs.aws.amazon.com/sns/latest/dg/fifo-message-dedup.html)\n" + }, + "deliveryPolicy": { + "type": "string", + "description": "The SNS delivery policy. More on [AWS documentation](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html)\n" + }, + "displayName": { + "type": "string", + "description": "The display name for the topic\n" + }, + "fifoTopic": { + "type": "boolean", + "description": "Boolean indicating whether or not to create a FIFO (first-in-first-out) topic (default is `false`).\n" + }, + "firehoseFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "firehoseSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "firehoseSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "httpFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "httpSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "httpSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "kmsMasterKeyId": { + "type": "string", + "description": "The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see [Key Terms](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms)\n" + }, + "lambdaFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "lambdaSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "lambdaSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "name": { + "type": "string", + "description": "The name of the topic. Topic names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 256 characters long. For a FIFO (first-in-first-out) topic, the name must end with the `.fifo` suffix. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`\n" + }, + "owner": { + "type": "string", + "description": "The AWS Account ID of the SNS topic owner\n" + }, + "policy": { + "type": "string", + "description": "The fully-formed AWS policy as JSON.\n" + }, + "sqsFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "sqsSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "sqsSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "namePrefix", + "owner", + "policy", + "tagsAll" + ], + "inputProperties": { + "applicationFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "applicationSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "applicationSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "contentBasedDeduplication": { + "type": "boolean", + "description": "Enables content-based deduplication for FIFO topics. For more information, see the [related documentation](https://docs.aws.amazon.com/sns/latest/dg/fifo-message-dedup.html)\n" + }, + "deliveryPolicy": { + "type": "string", + "description": "The SNS delivery policy. More on [AWS documentation](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html)\n" + }, + "displayName": { + "type": "string", + "description": "The display name for the topic\n" + }, + "fifoTopic": { + "type": "boolean", + "description": "Boolean indicating whether or not to create a FIFO (first-in-first-out) topic (default is `false`).\n" + }, + "firehoseFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "firehoseSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "firehoseSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "httpFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "httpSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "httpSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "kmsMasterKeyId": { + "type": "string", + "description": "The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see [Key Terms](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms)\n" + }, + "lambdaFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "lambdaSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "lambdaSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "name": { + "type": "string", + "description": "The name of the topic. Topic names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 256 characters long. For a FIFO (first-in-first-out) topic, the name must end with the `.fifo` suffix. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`\n" + }, + "policy": { + "type": "string", + "description": "The fully-formed AWS policy as JSON.\n" + }, + "sqsFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "sqsSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "sqsSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Topic resources.\n", + "properties": { + "applicationFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "applicationSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "applicationSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "arn": { + "type": "string", + "$ref": "#/types/aws:index/aRN:ARN", + "description": "The ARN of the SNS topic, as a more obvious property (clone of id)\n" + }, + "contentBasedDeduplication": { + "type": "boolean", + "description": "Enables content-based deduplication for FIFO topics. For more information, see the [related documentation](https://docs.aws.amazon.com/sns/latest/dg/fifo-message-dedup.html)\n" + }, + "deliveryPolicy": { + "type": "string", + "description": "The SNS delivery policy. More on [AWS documentation](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html)\n" + }, + "displayName": { + "type": "string", + "description": "The display name for the topic\n" + }, + "fifoTopic": { + "type": "boolean", + "description": "Boolean indicating whether or not to create a FIFO (first-in-first-out) topic (default is `false`).\n" + }, + "firehoseFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "firehoseSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "firehoseSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "httpFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "httpSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "httpSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "kmsMasterKeyId": { + "type": "string", + "description": "The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. For more information, see [Key Terms](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms)\n" + }, + "lambdaFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "lambdaSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "lambdaSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "name": { + "type": "string", + "description": "The name of the topic. Topic names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 256 characters long. For a FIFO (first-in-first-out) topic, the name must end with the `.fifo` suffix. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`\n" + }, + "owner": { + "type": "string", + "description": "The AWS Account ID of the SNS topic owner\n" + }, + "policy": { + "type": "string", + "description": "The fully-formed AWS policy as JSON.\n" + }, + "sqsFailureFeedbackRoleArn": { + "type": "string", + "description": "IAM role for failure feedback\n" + }, + "sqsSuccessFeedbackRoleArn": { + "type": "string", + "description": "The IAM role permitted to receive success feedback for this topic\n" + }, + "sqsSuccessFeedbackSampleRate": { + "type": "integer", + "description": "Percentage of success to sample\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:sns/topicPolicy:TopicPolicy": { + "description": "Provides an SNS topic policy resource\n\n> **NOTE:** If a Principal is specified as just an AWS account ID rather than an ARN, AWS silently converts it to the ARN for the root user, causing future deployments to differ. To avoid this problem, just specify the full ARN, e.g. `arn:aws:iam::123456789012:root`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.sns.Topic(\"test\", {});\nconst snsTopicPolicy = test.arn.apply(arn => aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [{\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [_var[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [arn],\n sid: \"__default_statement_ID\",\n }],\n}));\nconst _default = new aws.sns.TopicPolicy(\"default\", {\n arn: test.arn,\n policy: snsTopicPolicy.apply(snsTopicPolicy => snsTopicPolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.sns.Topic(\"test\")\nsns_topic_policy = test.arn.apply(lambda arn: aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"AWS:SourceOwner\",\n values=[var[\"account-id\"]],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[arn],\n sid=\"__default_statement_ID\",\n )]))\ndefault = aws.sns.TopicPolicy(\"default\",\n arn=test.arn,\n policy=sns_topic_policy.json)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Sns.Topic(\"test\", new Aws.Sns.TopicArgs\n {\n });\n var snsTopicPolicy = test.Arn.Apply(arn => Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n PolicyId = \"__default_policy_ID\",\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Receive\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = \n {\n @var.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n \"*\",\n },\n },\n },\n Resources = \n {\n arn,\n },\n Sid = \"__default_statement_ID\",\n },\n },\n }));\n var @default = new Aws.Sns.TopicPolicy(\"default\", new Aws.Sns.TopicPolicyArgs\n {\n Arn = test.Arn,\n Policy = snsTopicPolicy.Apply(snsTopicPolicy => snsTopicPolicy.Json),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := sns.NewTopic(ctx, \"test\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicPolicy(ctx, \"_default\", &sns.TopicPolicyArgs{\n\t\t\tArn: test.Arn,\n\t\t\tPolicy: snsTopicPolicy.ApplyT(func(snsTopicPolicy iam.GetPolicyDocumentResult) (string, error) {\n\t\t\t\treturn snsTopicPolicy.Json, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSNS Topic Policy can be imported using the topic ARN, e.g.\n\n```sh\n $ pulumi import aws:sns/topicPolicy:TopicPolicy user_updates arn:aws:sns:us-west-2:0123456789012:my-topic\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the SNS topic\n" + }, + "owner": { + "type": "string", + "description": "The AWS Account ID of the SNS topic owner\n" + }, + "policy": { + "type": "string", + "description": "The fully-formed AWS policy as JSON.\n" + } + }, + "required": [ + "arn", + "owner", + "policy" + ], + "inputProperties": { + "arn": { + "type": "string", + "description": "The ARN of the SNS topic\n" + }, + "policy": { + "type": "string", + "description": "The fully-formed AWS policy as JSON.\n" + } + }, + "requiredInputs": [ + "arn", + "policy" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TopicPolicy resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the SNS topic\n" + }, + "owner": { + "type": "string", + "description": "The AWS Account ID of the SNS topic owner\n" + }, + "policy": { + "type": "string", + "description": "The fully-formed AWS policy as JSON.\n" + } + }, + "type": "object" + } + }, + "aws:sns/topicSubscription:TopicSubscription": { + "description": "Provides a resource for subscribing to SNS topics. Requires that an SNS topic exist for the subscription to attach to. This resource allows you to automatically place messages sent to SNS topics in SQS queues, send them as HTTP(S) POST requests to a given endpoint, send SMS messages, or notify devices / applications. The most likely use case for provider users will probably be SQS queues.\n\n> **NOTE:** If the SNS topic and SQS queue are in different AWS regions, the `aws.sns.TopicSubscription` must use an AWS provider that is in the same region as the SNS topic. If the `aws.sns.TopicSubscription` uses a provider with a different region than the SNS topic, this provider will fail to create the subscription.\n\n> **NOTE:** Setup of cross-account subscriptions from SNS topics to SQS queues requires the provider to have access to BOTH accounts.\n\n> **NOTE:** If an SNS topic and SQS queue are in different AWS accounts but the same region, the `aws.sns.TopicSubscription` must use the AWS provider for the account with the SQS queue. If `aws.sns.TopicSubscription` uses a Provider with a different account than the SQS queue, this provider creates the subscription but does not keep state and tries to re-create the subscription at every `apply`.\n\n> **NOTE:** If an SNS topic and SQS queue are in different AWS accounts and different AWS regions, the subscription needs to be initiated from the account with the SQS queue but in the region of the SNS topic.\n\n> **NOTE:** You cannot unsubscribe to a subscription that is pending confirmation. If you use `email`, `email-json`, or `http`/`https` (without auto-confirmation enabled), until the subscription is confirmed (e.g., outside of this provider), AWS does not allow this provider to delete / unsubscribe the subscription. If you `destroy` an unconfirmed subscription, this provider will remove the subscription from its state but the subscription will still exist in AWS. However, if you delete an SNS topic, SNS [deletes all the subscriptions](https://docs.aws.amazon.com/sns/latest/dg/sns-delete-subscription-topic.html) associated with the topic. Also, you can import a subscription after confirmation and then have the capability to delete it.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nYou can directly supply a topic and ARN by hand in the `topic_arn` property along with the queue ARN:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"user_updates_sqs_target\", {\n endpoint: \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n protocol: \"sqs\",\n topic: \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"userUpdatesSqsTarget\",\n endpoint=\"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n protocol=\"sqs\",\n topic=\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"userUpdatesSqsTarget\", new Aws.Sns.TopicSubscriptionArgs\n {\n Endpoint = \"arn:aws:sqs:us-west-2:432981146916:queue-too\",\n Protocol = \"sqs\",\n Topic = \"arn:aws:sns:us-west-2:432981146916:user-updates-topic\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.NewTopicSubscription(ctx, \"userUpdatesSqsTarget\", &sns.TopicSubscriptionArgs{\n\t\t\tEndpoint: pulumi.String(\"arn:aws:sqs:us-west-2:432981146916:queue-too\"),\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tTopic: pulumi.Any(\"arn:aws:sns:us-west-2:432981146916:user-updates-topic\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nAlternatively you can use the ARN properties of a managed SNS topic and SQS queue:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst userUpdates = new aws.sns.Topic(\"userUpdates\", {});\nconst userUpdatesQueue = new aws.sqs.Queue(\"userUpdatesQueue\", {});\nconst userUpdatesSqsTarget = new aws.sns.TopicSubscription(\"userUpdatesSqsTarget\", {\n topic: userUpdates.arn,\n protocol: \"sqs\",\n endpoint: userUpdatesQueue.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nuser_updates = aws.sns.Topic(\"userUpdates\")\nuser_updates_queue = aws.sqs.Queue(\"userUpdatesQueue\")\nuser_updates_sqs_target = aws.sns.TopicSubscription(\"userUpdatesSqsTarget\",\n topic=user_updates.arn,\n protocol=\"sqs\",\n endpoint=user_updates_queue.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var userUpdates = new Aws.Sns.Topic(\"userUpdates\", new Aws.Sns.TopicArgs\n {\n });\n var userUpdatesQueue = new Aws.Sqs.Queue(\"userUpdatesQueue\", new Aws.Sqs.QueueArgs\n {\n });\n var userUpdatesSqsTarget = new Aws.Sns.TopicSubscription(\"userUpdatesSqsTarget\", new Aws.Sns.TopicSubscriptionArgs\n {\n Topic = userUpdates.Arn,\n Protocol = \"sqs\",\n Endpoint = userUpdatesQueue.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tuserUpdates, err := sns.NewTopic(ctx, \"userUpdates\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserUpdatesQueue, err := sqs.NewQueue(ctx, \"userUpdatesQueue\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"userUpdatesSqsTarget\", &sns.TopicSubscriptionArgs{\n\t\t\tTopic: userUpdates.Arn,\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: userUpdatesQueue.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nYou can subscribe SNS topics to SQS queues in different Amazon accounts and regions:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst sns = config.getObject(\"sns\") || {\n \"account-id\": \"111111111111\",\n \"role-name\": \"service/service\",\n name: \"example-sns-topic\",\n display_name: \"example\",\n region: \"us-west-1\",\n};\nconst sqs = config.getObject(\"sqs\") || {\n \"account-id\": \"222222222222\",\n \"role-name\": \"service/service\",\n name: \"example-sqs-queue\",\n region: \"us-east-1\",\n};\nconst sns-topic-policy = aws.iam.getPolicyDocument({\n policyId: \"__default_policy_ID\",\n statements: [\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"AWS:SourceOwner\",\n values: [sns[\"account-id\"]],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__default_statement_ID\",\n },\n {\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions: [{\n test: \"StringLike\",\n variable: \"SNS:Endpoint\",\n values: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n }],\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n sid: \"__console_sub_0\",\n },\n ],\n});\nconst sqs-queue-policy = aws.iam.getPolicyDocument({\n policyId: `arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}/SQSDefaultPolicy`,\n statements: [{\n sid: \"example-sns-topic\",\n effect: \"Allow\",\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n actions: [\"SQS:SendMessage\"],\n resources: [`arn:aws:sqs:${sqs.region}:${sqs[\"account-id\"]}:${sqs.name}`],\n conditions: [{\n test: \"ArnEquals\",\n variable: \"aws:SourceArn\",\n values: [`arn:aws:sns:${sns.region}:${sns[\"account-id\"]}:${sns.name}`],\n }],\n }],\n});\n// provider to manage SNS topics\nconst awsSns = new aws.Provider(\"awsSns\", {\n region: sns.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sns[\"account-id\"]}:role/${sns[\"role-name\"]}`,\n sessionName: `sns-${sns.region}`,\n },\n});\n// provider to manage SQS queues\nconst awsSqs = new aws.Provider(\"awsSqs\", {\n region: sqs.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sqs[\"account-id\"]}:role/${sqs[\"role-name\"]}`,\n sessionName: `sqs-${sqs.region}`,\n },\n});\n// provider to subscribe SQS to SNS (using the SQS account but the SNS region)\nconst sns2sqs = new aws.Provider(\"sns2sqs\", {\n region: sns.region,\n assumeRole: {\n roleArn: `arn:aws:iam::${sqs[\"account-id\"]}:role/${sqs[\"role-name\"]}`,\n sessionName: `sns2sqs-${sns.region}`,\n },\n});\nconst sns_topicTopic = new aws.sns.Topic(\"sns-topicTopic\", {\n displayName: sns.display_name,\n policy: sns_topic_policy.then(sns_topic_policy => sns_topic_policy.json),\n}, {\n provider: \"aws.sns\",\n});\nconst sqs_queue = new aws.sqs.Queue(\"sqs-queue\", {policy: sqs_queue_policy.then(sqs_queue_policy => sqs_queue_policy.json)}, {\n provider: \"aws.sqs\",\n});\nconst sns_topicTopicSubscription = new aws.sns.TopicSubscription(\"sns-topicTopicSubscription\", {\n topic: sns_topicTopic.arn,\n protocol: \"sqs\",\n endpoint: sqs_queue.arn,\n}, {\n provider: \"aws.sns2sqs\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_pulumi as pulumi\n\nconfig = pulumi.Config()\nsns = config.get_object(\"sns\")\nif sns is None:\n sns = {\n \"account-id\": \"111111111111\",\n \"role-name\": \"service/service\",\n \"name\": \"example-sns-topic\",\n \"display_name\": \"example\",\n \"region\": \"us-west-1\",\n }\nsqs = config.get_object(\"sqs\")\nif sqs is None:\n sqs = {\n \"account-id\": \"222222222222\",\n \"role-name\": \"service/service\",\n \"name\": \"example-sqs-queue\",\n \"region\": \"us-east-1\",\n }\nsns_topic_policy = aws.iam.get_policy_document(policy_id=\"__default_policy_ID\",\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"AWS:SourceOwner\",\n values=[sns[\"account-id\"]],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__default_statement_ID\",\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"SNS:Endpoint\",\n values=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n )],\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n sid=\"__console_sub_0\",\n ),\n ])\nsqs_queue_policy = aws.iam.get_policy_document(policy_id=f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}/SQSDefaultPolicy\",\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"example-sns-topic\",\n effect=\"Allow\",\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n actions=[\"SQS:SendMessage\"],\n resources=[f\"arn:aws:sqs:{sqs['region']}:{sqs['account-id']}:{sqs['name']}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"ArnEquals\",\n variable=\"aws:SourceArn\",\n values=[f\"arn:aws:sns:{sns['region']}:{sns['account-id']}:{sns['name']}\"],\n )],\n )])\n# provider to manage SNS topics\naws_sns = pulumi.providers.Aws(\"awsSns\",\n region=sns[\"region\"],\n assume_role=aws.config.AssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sns['account-id']}:role/{sns['role-name']}\",\n session_name=f\"sns-{sns['region']}\",\n ))\n# provider to manage SQS queues\naws_sqs = pulumi.providers.Aws(\"awsSqs\",\n region=sqs[\"region\"],\n assume_role=aws.config.AssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sqs['account-id']}:role/{sqs['role-name']}\",\n session_name=f\"sqs-{sqs['region']}\",\n ))\n# provider to subscribe SQS to SNS (using the SQS account but the SNS region)\nsns2sqs = pulumi.providers.Aws(\"sns2sqs\",\n region=sns[\"region\"],\n assume_role=aws.config.AssumeRoleArgs(\n role_arn=f\"arn:aws:iam::{sqs['account-id']}:role/{sqs['role-name']}\",\n session_name=f\"sns2sqs-{sns['region']}\",\n ))\nsns_topic_topic = aws.sns.Topic(\"sns-topicTopic\",\n display_name=sns[\"display_name\"],\n policy=sns_topic_policy.json,\n opts=pulumi.ResourceOptions(provider=\"aws.sns\"))\nsqs_queue = aws.sqs.Queue(\"sqs-queue\", policy=sqs_queue_policy.json,\nopts=pulumi.ResourceOptions(provider=\"aws.sqs\"))\nsns_topic_topic_subscription = aws.sns.TopicSubscription(\"sns-topicTopicSubscription\",\n topic=sns_topic_topic.arn,\n protocol=\"sqs\",\n endpoint=sqs_queue.arn,\n opts=pulumi.ResourceOptions(provider=\"aws.sns2sqs\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var sns = config.GetObject(\"sns\") ?? \n {\n { \"account-id\", \"111111111111\" },\n { \"role-name\", \"service/service\" },\n { \"name\", \"example-sns-topic\" },\n { \"display_name\", \"example\" },\n { \"region\", \"us-west-1\" },\n };\n var sqs = config.GetObject(\"sqs\") ?? \n {\n { \"account-id\", \"222222222222\" },\n { \"role-name\", \"service/service\" },\n { \"name\", \"example-sqs-queue\" },\n { \"region\", \"us-east-1\" },\n };\n var sns_topic_policy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n PolicyId = \"__default_policy_ID\",\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"SNS:Subscribe\",\n \"SNS:SetTopicAttributes\",\n \"SNS:RemovePermission\",\n \"SNS:Publish\",\n \"SNS:ListSubscriptionsByTopic\",\n \"SNS:GetTopicAttributes\",\n \"SNS:DeleteTopic\",\n \"SNS:AddPermission\",\n },\n Conditions = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs\n {\n Test = \"StringEquals\",\n Variable = \"AWS:SourceOwner\",\n Values = \n {\n sns.Account_id,\n },\n },\n },\n Effect = \"Allow\",\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n \"*\",\n },\n },\n },\n Resources = \n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__default_statement_ID\",\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"SNS:Subscribe\",\n \"SNS:Receive\",\n },\n Conditions = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs\n {\n Test = \"StringLike\",\n Variable = \"SNS:Endpoint\",\n Values = \n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n },\n },\n Effect = \"Allow\",\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n \"*\",\n },\n },\n },\n Resources = \n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n Sid = \"__console_sub_0\",\n },\n },\n }));\n var sqs_queue_policy = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n PolicyId = $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}/SQSDefaultPolicy\",\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"example-sns-topic\",\n Effect = \"Allow\",\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n \"*\",\n },\n },\n },\n Actions = \n {\n \"SQS:SendMessage\",\n },\n Resources = \n {\n $\"arn:aws:sqs:{sqs.Region}:{sqs.Account_id}:{sqs.Name}\",\n },\n Conditions = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs\n {\n Test = \"ArnEquals\",\n Variable = \"aws:SourceArn\",\n Values = \n {\n $\"arn:aws:sns:{sns.Region}:{sns.Account_id}:{sns.Name}\",\n },\n },\n },\n },\n },\n }));\n // provider to manage SNS topics\n var awsSns = new Aws.Provider(\"awsSns\", new Aws.ProviderArgs\n {\n Region = sns.Region,\n AssumeRole = new Aws.Config.Inputs.AssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sns.Account_id}:role/{sns.Role_name}\",\n SessionName = $\"sns-{sns.Region}\",\n },\n });\n // provider to manage SQS queues\n var awsSqs = new Aws.Provider(\"awsSqs\", new Aws.ProviderArgs\n {\n Region = sqs.Region,\n AssumeRole = new Aws.Config.Inputs.AssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sqs.Account_id}:role/{sqs.Role_name}\",\n SessionName = $\"sqs-{sqs.Region}\",\n },\n });\n // provider to subscribe SQS to SNS (using the SQS account but the SNS region)\n var sns2sqs = new Aws.Provider(\"sns2sqs\", new Aws.ProviderArgs\n {\n Region = sns.Region,\n AssumeRole = new Aws.Config.Inputs.AssumeRoleArgs\n {\n RoleArn = $\"arn:aws:iam::{sqs.Account_id}:role/{sqs.Role_name}\",\n SessionName = $\"sns2sqs-{sns.Region}\",\n },\n });\n var sns_topicTopic = new Aws.Sns.Topic(\"sns-topicTopic\", new Aws.Sns.TopicArgs\n {\n DisplayName = sns.Display_name,\n Policy = sns_topic_policy.Apply(sns_topic_policy => sns_topic_policy.Json),\n }, new CustomResourceOptions\n {\n Provider = \"aws.sns\",\n });\n var sqs_queue = new Aws.Sqs.Queue(\"sqs-queue\", new Aws.Sqs.QueueArgs\n {\n Policy = sqs_queue_policy.Apply(sqs_queue_policy => sqs_queue_policy.Json),\n }, new CustomResourceOptions\n {\n Provider = \"aws.sqs\",\n });\n var sns_topicTopicSubscription = new Aws.Sns.TopicSubscription(\"sns-topicTopicSubscription\", new Aws.Sns.TopicSubscriptionArgs\n {\n Topic = sns_topicTopic.Arn,\n Protocol = \"sqs\",\n Endpoint = sqs_queue.Arn,\n }, new CustomResourceOptions\n {\n Provider = \"aws.sns2sqs\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/config\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/providers\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsns := map[string]interface{}{\n\t\t\t\"account-id\": \"111111111111\",\n\t\t\t\"role-name\": \"service/service\",\n\t\t\t\"name\": \"example-sns-topic\",\n\t\t\t\"display_name\": \"example\",\n\t\t\t\"region\": \"us-west-1\",\n\t\t}\n\t\tif param := cfg.GetBool(\"sns\"); param != nil {\n\t\t\tsns = param\n\t\t}\n\t\tsqs := map[string]interface{}{\n\t\t\t\"account-id\": \"222222222222\",\n\t\t\t\"role-name\": \"service/service\",\n\t\t\t\"name\": \"example-sqs-queue\",\n\t\t\t\"region\": \"us-east-1\",\n\t\t}\n\t\tif param := cfg.GetBool(\"sqs\"); param != nil {\n\t\t\tsqs = param\n\t\t}\n\t\topt0 := \"__default_policy_ID\"\n\t\tsns_topic_policy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tPolicyId: &opt0,\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"SNS:Subscribe\",\n\t\t\t\t\t\t\"SNS:SetTopicAttributes\",\n\t\t\t\t\t\t\"SNS:RemovePermission\",\n\t\t\t\t\t\t\"SNS:Publish\",\n\t\t\t\t\t\t\"SNS:ListSubscriptionsByTopic\",\n\t\t\t\t\t\t\"SNS:GetTopicAttributes\",\n\t\t\t\t\t\t\"SNS:DeleteTopic\",\n\t\t\t\t\t\t\"SNS:AddPermission\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t\tTest: \"StringEquals\",\n\t\t\t\t\t\t\tVariable: \"AWS:SourceOwner\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\tsns.Account - id,\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tEffect: \"Allow\",\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v%v%v%v\", \"arn:aws:sns:\", sns.Region, \":\", sns.Account-id, \":\", sns.Name),\n\t\t\t\t\t},\n\t\t\t\t\tSid: \"__default_statement_ID\",\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"SNS:Subscribe\",\n\t\t\t\t\t\t\"SNS:Receive\",\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t\tTest: \"StringLike\",\n\t\t\t\t\t\t\tVariable: \"SNS:Endpoint\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v%v%v%v\", \"arn:aws:sqs:\", sqs.Region, \":\", sqs.Account-id, \":\", sqs.Name),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tEffect: \"Allow\",\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v%v%v%v\", \"arn:aws:sns:\", sns.Region, \":\", sns.Account-id, \":\", sns.Name),\n\t\t\t\t\t},\n\t\t\t\t\tSid: \"__console_sub_0\",\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt1 := fmt.Sprintf(\"%v%v%v%v%v%v%v\", \"arn:aws:sqs:\", sqs.Region, \":\", sqs.Account-id, \":\", sqs.Name, \"/SQSDefaultPolicy\")\n\t\tsqs_queue_policy, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tPolicyId: &opt1,\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"example-sns-topic\",\n\t\t\t\t\tEffect: \"Allow\",\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"AWS\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"*\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"SQS:SendMessage\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v%v%v%v\", \"arn:aws:sqs:\", sqs.Region, \":\", sqs.Account-id, \":\", sqs.Name),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t\tTest: \"ArnEquals\",\n\t\t\t\t\t\t\tVariable: \"aws:SourceArn\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v%v%v%v\", \"arn:aws:sns:\", sns.Region, \":\", sns.Account-id, \":\", sns.Name),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = providers.Newaws(ctx, \"awsSns\", &providers.awsArgs{\n\t\t\tRegion: sns.Region,\n\t\t\tAssumeRole: config.AssumeRole{\n\t\t\t\tRoleArn: fmt.Sprintf(\"%v%v%v%v\", \"arn:aws:iam::\", sns.Account-id, \":role/\", sns.Role-name),\n\t\t\t\tSessionName: fmt.Sprintf(\"%v%v\", \"sns-\", sns.Region),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = providers.Newaws(ctx, \"awsSqs\", &providers.awsArgs{\n\t\t\tRegion: sqs.Region,\n\t\t\tAssumeRole: config.AssumeRole{\n\t\t\t\tRoleArn: fmt.Sprintf(\"%v%v%v%v\", \"arn:aws:iam::\", sqs.Account-id, \":role/\", sqs.Role-name),\n\t\t\t\tSessionName: fmt.Sprintf(\"%v%v\", \"sqs-\", sqs.Region),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = providers.Newaws(ctx, \"sns2sqs\", &providers.awsArgs{\n\t\t\tRegion: sns.Region,\n\t\t\tAssumeRole: config.AssumeRole{\n\t\t\t\tRoleArn: fmt.Sprintf(\"%v%v%v%v\", \"arn:aws:iam::\", sqs.Account-id, \":role/\", sqs.Role-name),\n\t\t\t\tSessionName: fmt.Sprintf(\"%v%v\", \"sns2sqs-\", sns.Region),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopic(ctx, \"sns_topicTopic\", &sns.TopicArgs{\n\t\t\tDisplayName: pulumi.String(sns.Display_name),\n\t\t\tPolicy: pulumi.String(sns_topic_policy.Json),\n\t\t}, pulumi.Provider(\"aws.sns\"))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sqs.NewQueue(ctx, \"sqs_queue\", &sqs.QueueArgs{\n\t\t\tPolicy: pulumi.String(sqs_queue_policy.Json),\n\t\t}, pulumi.Provider(\"aws.sqs\"))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicSubscription(ctx, \"sns_topicTopicSubscription\", &sns.TopicSubscriptionArgs{\n\t\t\tTopic: sns_topicTopic.Arn,\n\t\t\tProtocol: pulumi.String(\"sqs\"),\n\t\t\tEndpoint: sqs_queue.Arn,\n\t\t}, pulumi.Provider(\"aws.sns2sqs\"))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSNS Topic Subscriptions can be imported using the `subscription arn`, e.g.\n\n```sh\n $ pulumi import aws:sns/topicSubscription:TopicSubscription user_updates_sqs_target arn:aws:sns:us-west-2:0123456789012:my-topic:8a21d249-4329-4871-acc6-7be709c6ea7f\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the subscription.\n" + }, + "confirmationTimeoutInMinutes": { + "type": "integer", + "description": "Integer indicating number of minutes to wait in retrying mode for fetching subscription arn before marking it as failure. Only applicable for http and https protocols. Default is `1`.\n" + }, + "confirmationWasAuthenticated": { + "type": "boolean", + "description": "Whether the subscription confirmation request was authenticated.\n" + }, + "deliveryPolicy": { + "type": "string", + "description": "JSON String with the delivery policy (retries, backoff, etc.) that will be used in the subscription - this only applies to HTTP/S subscriptions. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html) for more details.\n" + }, + "endpoint": { + "type": "string", + "description": "Endpoint to send data to. The contents vary with the protocol. See details below.\n" + }, + "endpointAutoConfirms": { + "type": "boolean", + "description": "Whether the endpoint is capable of [auto confirming subscription](http://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.html#SendMessageToHttp.prepare) (e.g., PagerDuty). Default is `false`.\n" + }, + "filterPolicy": { + "type": "string", + "description": "JSON String with the filter policy that will be used in the subscription to filter messages seen by the target resource. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/message-filtering.html) for more details.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS account ID of the subscription's owner.\n" + }, + "pendingConfirmation": { + "type": "boolean", + "description": "Whether the subscription has not been confirmed.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use. Valid values are: `sqs`, `sms`, `lambda`, `firehose`, and `application`. Protocols `email`, `email-json`, `http` and `https` are also valid but partially supported. See details below.\n" + }, + "rawMessageDelivery": { + "type": "boolean", + "description": "Whether to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property). Default is `false`.\n" + }, + "redrivePolicy": { + "type": "string", + "description": "JSON String with the redrive policy that will be used in the subscription. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/sns-dead-letter-queues.html#how-messages-moved-into-dead-letter-queue) for more details.\n" + }, + "subscriptionRoleArn": { + "type": "string", + "description": "ARN of the IAM role to publish to Kinesis Data Firehose delivery stream. Refer to [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html).\n" + }, + "topic": { + "type": "string", + "description": "ARN of the SNS topic to subscribe to.\n" + } + }, + "required": [ + "arn", + "confirmationWasAuthenticated", + "endpoint", + "ownerId", + "pendingConfirmation", + "protocol", + "topic" + ], + "inputProperties": { + "confirmationTimeoutInMinutes": { + "type": "integer", + "description": "Integer indicating number of minutes to wait in retrying mode for fetching subscription arn before marking it as failure. Only applicable for http and https protocols. Default is `1`.\n" + }, + "deliveryPolicy": { + "type": "string", + "description": "JSON String with the delivery policy (retries, backoff, etc.) that will be used in the subscription - this only applies to HTTP/S subscriptions. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html) for more details.\n" + }, + "endpoint": { + "type": "string", + "description": "Endpoint to send data to. The contents vary with the protocol. See details below.\n" + }, + "endpointAutoConfirms": { + "type": "boolean", + "description": "Whether the endpoint is capable of [auto confirming subscription](http://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.html#SendMessageToHttp.prepare) (e.g., PagerDuty). Default is `false`.\n" + }, + "filterPolicy": { + "type": "string", + "description": "JSON String with the filter policy that will be used in the subscription to filter messages seen by the target resource. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/message-filtering.html) for more details.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use. Valid values are: `sqs`, `sms`, `lambda`, `firehose`, and `application`. Protocols `email`, `email-json`, `http` and `https` are also valid but partially supported. See details below.\n" + }, + "rawMessageDelivery": { + "type": "boolean", + "description": "Whether to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property). Default is `false`.\n" + }, + "redrivePolicy": { + "type": "string", + "description": "JSON String with the redrive policy that will be used in the subscription. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/sns-dead-letter-queues.html#how-messages-moved-into-dead-letter-queue) for more details.\n" + }, + "subscriptionRoleArn": { + "type": "string", + "description": "ARN of the IAM role to publish to Kinesis Data Firehose delivery stream. Refer to [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html).\n" + }, + "topic": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:sns/topic:Topic" + } + ], + "description": "ARN of the SNS topic to subscribe to.\n" + } + }, + "requiredInputs": [ + "endpoint", + "protocol", + "topic" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TopicSubscription resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the subscription.\n" + }, + "confirmationTimeoutInMinutes": { + "type": "integer", + "description": "Integer indicating number of minutes to wait in retrying mode for fetching subscription arn before marking it as failure. Only applicable for http and https protocols. Default is `1`.\n" + }, + "confirmationWasAuthenticated": { + "type": "boolean", + "description": "Whether the subscription confirmation request was authenticated.\n" + }, + "deliveryPolicy": { + "type": "string", + "description": "JSON String with the delivery policy (retries, backoff, etc.) that will be used in the subscription - this only applies to HTTP/S subscriptions. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/DeliveryPolicies.html) for more details.\n" + }, + "endpoint": { + "type": "string", + "description": "Endpoint to send data to. The contents vary with the protocol. See details below.\n" + }, + "endpointAutoConfirms": { + "type": "boolean", + "description": "Whether the endpoint is capable of [auto confirming subscription](http://docs.aws.amazon.com/sns/latest/dg/SendMessageToHttp.html#SendMessageToHttp.prepare) (e.g., PagerDuty). Default is `false`.\n" + }, + "filterPolicy": { + "type": "string", + "description": "JSON String with the filter policy that will be used in the subscription to filter messages seen by the target resource. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/message-filtering.html) for more details.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS account ID of the subscription's owner.\n" + }, + "pendingConfirmation": { + "type": "boolean", + "description": "Whether the subscription has not been confirmed.\n" + }, + "protocol": { + "type": "string", + "description": "Protocol to use. Valid values are: `sqs`, `sms`, `lambda`, `firehose`, and `application`. Protocols `email`, `email-json`, `http` and `https` are also valid but partially supported. See details below.\n" + }, + "rawMessageDelivery": { + "type": "boolean", + "description": "Whether to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property). Default is `false`.\n" + }, + "redrivePolicy": { + "type": "string", + "description": "JSON String with the redrive policy that will be used in the subscription. Refer to the [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/sns-dead-letter-queues.html#how-messages-moved-into-dead-letter-queue) for more details.\n" + }, + "subscriptionRoleArn": { + "type": "string", + "description": "ARN of the IAM role to publish to Kinesis Data Firehose delivery stream. Refer to [SNS docs](https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html).\n" + }, + "topic": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:sns/topic:Topic" + } + ], + "description": "ARN of the SNS topic to subscribe to.\n" + } + }, + "type": "object" + } + }, + "aws:sqs/queue:Queue": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst queue = new aws.sqs.Queue(\"queue\", {\n delaySeconds: 90,\n maxMessageSize: 2048,\n messageRetentionSeconds: 86400,\n receiveWaitTimeSeconds: 10,\n redrivePolicy: JSON.stringify({\n deadLetterTargetArn: aws_sqs_queue.queue_deadletter.arn,\n maxReceiveCount: 4,\n }),\n tags: {\n Environment: \"production\",\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\nqueue = aws.sqs.Queue(\"queue\",\n delay_seconds=90,\n max_message_size=2048,\n message_retention_seconds=86400,\n receive_wait_time_seconds=10,\n redrive_policy=json.dumps({\n \"deadLetterTargetArn\": aws_sqs_queue[\"queue_deadletter\"][\"arn\"],\n \"maxReceiveCount\": 4,\n }),\n tags={\n \"Environment\": \"production\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var queue = new Aws.Sqs.Queue(\"queue\", new Aws.Sqs.QueueArgs\n {\n DelaySeconds = 90,\n MaxMessageSize = 2048,\n MessageRetentionSeconds = 86400,\n ReceiveWaitTimeSeconds = 10,\n RedrivePolicy = JsonSerializer.Serialize(new Dictionary\n {\n { \"deadLetterTargetArn\", aws_sqs_queue.Queue_deadletter.Arn },\n { \"maxReceiveCount\", 4 },\n }),\n Tags = \n {\n { \"Environment\", \"production\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"deadLetterTargetArn\": aws_sqs_queue.Queue_deadletter.Arn,\n\t\t\t\"maxReceiveCount\": 4,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err := sqs.NewQueue(ctx, \"queue\", &sqs.QueueArgs{\n\t\t\tDelaySeconds: pulumi.Int(90),\n\t\t\tMaxMessageSize: pulumi.Int(2048),\n\t\t\tMessageRetentionSeconds: pulumi.Int(86400),\n\t\t\tReceiveWaitTimeSeconds: pulumi.Int(10),\n\t\t\tRedrivePolicy: pulumi.String(json0),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Environment\": pulumi.String(\"production\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## FIFO queue\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst queue = new aws.sqs.Queue(\"queue\", {\n contentBasedDeduplication: true,\n fifoQueue: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nqueue = aws.sqs.Queue(\"queue\",\n content_based_deduplication=True,\n fifo_queue=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var queue = new Aws.Sqs.Queue(\"queue\", new Aws.Sqs.QueueArgs\n {\n ContentBasedDeduplication = true,\n FifoQueue = true,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sqs.NewQueue(ctx, \"queue\", &sqs.QueueArgs{\n\t\t\tContentBasedDeduplication: pulumi.Bool(true),\n\t\t\tFifoQueue: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## High-throughput FIFO queue\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst terraformQueue = new aws.sqs.Queue(\"terraform_queue\", {\n deduplicationScope: \"messageGroup\",\n fifoQueue: true,\n fifoThroughputLimit: \"perMessageGroupId\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nterraform_queue = aws.sqs.Queue(\"terraformQueue\",\n deduplication_scope=\"messageGroup\",\n fifo_queue=True,\n fifo_throughput_limit=\"perMessageGroupId\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var terraformQueue = new Aws.Sqs.Queue(\"terraformQueue\", new Aws.Sqs.QueueArgs\n {\n DeduplicationScope = \"messageGroup\",\n FifoQueue = true,\n FifoThroughputLimit = \"perMessageGroupId\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sqs.NewQueue(ctx, \"terraformQueue\", &sqs.QueueArgs{\n\t\t\tDeduplicationScope: pulumi.String(\"messageGroup\"),\n\t\t\tFifoQueue: pulumi.Bool(true),\n\t\t\tFifoThroughputLimit: pulumi.String(\"perMessageGroupId\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n## Server-side encryption (SSE)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst queue = new aws.sqs.Queue(\"queue\", {\n kmsDataKeyReusePeriodSeconds: 300,\n kmsMasterKeyId: \"alias/aws/sqs\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nqueue = aws.sqs.Queue(\"queue\",\n kms_data_key_reuse_period_seconds=300,\n kms_master_key_id=\"alias/aws/sqs\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var queue = new Aws.Sqs.Queue(\"queue\", new Aws.Sqs.QueueArgs\n {\n KmsDataKeyReusePeriodSeconds = 300,\n KmsMasterKeyId = \"alias/aws/sqs\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sqs.NewQueue(ctx, \"queue\", &sqs.QueueArgs{\n\t\t\tKmsDataKeyReusePeriodSeconds: pulumi.Int(300),\n\t\t\tKmsMasterKeyId: pulumi.String(\"alias/aws/sqs\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\nSQS Queues can be imported using the `queue url`, e.g.\n\n```sh\n $ pulumi import aws:sqs/queue:Queue public_queue https://queue.amazonaws.com/80398EXAMPLE/MyQueue\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the SQS queue\n" + }, + "contentBasedDeduplication": { + "type": "boolean", + "description": "Enables content-based deduplication for FIFO queues. For more information, see the [related documentation](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing)\n" + }, + "deduplicationScope": { + "type": "string", + "description": "Specifies whether message deduplication occurs at the message group or queue level. Valid values are `messageGroup` and `queue` (default).\n" + }, + "delaySeconds": { + "type": "integer", + "description": "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes). The default for this attribute is 0 seconds.\n" + }, + "fifoQueue": { + "type": "boolean", + "description": "Boolean designating a FIFO queue. If not set, it defaults to `false` making it standard.\n" + }, + "fifoThroughputLimit": { + "type": "string", + "description": "Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are `perQueue` (default) and `perMessageGroupId`.\n" + }, + "kmsDataKeyReusePeriodSeconds": { + "type": "integer", + "description": "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). The default is 300 (5 minutes).\n" + }, + "kmsMasterKeyId": { + "type": "string", + "description": "The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see [Key Terms](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms).\n" + }, + "maxMessageSize": { + "type": "integer", + "description": "The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB). The default for this attribute is 262144 (256 KiB).\n" + }, + "messageRetentionSeconds": { + "type": "integer", + "description": "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). The default for this attribute is 345600 (4 days).\n" + }, + "name": { + "type": "string", + "description": "The name of the queue. Queue names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 80 characters long. For a FIFO (first-in-first-out) queue, the name must end with the `.fifo` suffix. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`\n" + }, + "policy": { + "type": "string", + "description": "The JSON policy for the SQS queue.\n" + }, + "receiveWaitTimeSeconds": { + "type": "integer", + "description": "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds). The default for this attribute is 0, meaning that the call will return immediately.\n" + }, + "redrivePolicy": { + "type": "string", + "description": "The JSON policy to set up the Dead Letter Queue, see [AWS docs](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/SQSDeadLetterQueue.html). **Note:** when specifying `maxReceiveCount`, you must specify it as an integer (`5`), and not a string (`\"5\"`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the queue. If configured with a provider `default_tags` configuration block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "url": { + "type": "string", + "description": "Same as `id`: The URL for the created Amazon SQS queue.\n" + }, + "visibilityTimeoutSeconds": { + "type": "integer", + "description": "The visibility timeout for the queue. An integer from 0 to 43200 (12 hours). The default for this attribute is 30. For more information about visibility timeout, see [AWS docs](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/AboutVT.html).\n" + } + }, + "required": [ + "arn", + "deduplicationScope", + "fifoThroughputLimit", + "kmsDataKeyReusePeriodSeconds", + "name", + "namePrefix", + "policy", + "tagsAll", + "url" + ], + "inputProperties": { + "contentBasedDeduplication": { + "type": "boolean", + "description": "Enables content-based deduplication for FIFO queues. For more information, see the [related documentation](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing)\n" + }, + "deduplicationScope": { + "type": "string", + "description": "Specifies whether message deduplication occurs at the message group or queue level. Valid values are `messageGroup` and `queue` (default).\n" + }, + "delaySeconds": { + "type": "integer", + "description": "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes). The default for this attribute is 0 seconds.\n" + }, + "fifoQueue": { + "type": "boolean", + "description": "Boolean designating a FIFO queue. If not set, it defaults to `false` making it standard.\n" + }, + "fifoThroughputLimit": { + "type": "string", + "description": "Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are `perQueue` (default) and `perMessageGroupId`.\n" + }, + "kmsDataKeyReusePeriodSeconds": { + "type": "integer", + "description": "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). The default is 300 (5 minutes).\n" + }, + "kmsMasterKeyId": { + "type": "string", + "description": "The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see [Key Terms](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms).\n" + }, + "maxMessageSize": { + "type": "integer", + "description": "The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB). The default for this attribute is 262144 (256 KiB).\n" + }, + "messageRetentionSeconds": { + "type": "integer", + "description": "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). The default for this attribute is 345600 (4 days).\n" + }, + "name": { + "type": "string", + "description": "The name of the queue. Queue names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 80 characters long. For a FIFO (first-in-first-out) queue, the name must end with the `.fifo` suffix. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`\n" + }, + "policy": { + "type": "string", + "description": "The JSON policy for the SQS queue.\n" + }, + "receiveWaitTimeSeconds": { + "type": "integer", + "description": "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds). The default for this attribute is 0, meaning that the call will return immediately.\n" + }, + "redrivePolicy": { + "type": "string", + "description": "The JSON policy to set up the Dead Letter Queue, see [AWS docs](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/SQSDeadLetterQueue.html). **Note:** when specifying `maxReceiveCount`, you must specify it as an integer (`5`), and not a string (`\"5\"`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the queue. If configured with a provider `default_tags` configuration block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "visibilityTimeoutSeconds": { + "type": "integer", + "description": "The visibility timeout for the queue. An integer from 0 to 43200 (12 hours). The default for this attribute is 30. For more information about visibility timeout, see [AWS docs](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/AboutVT.html).\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Queue resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the SQS queue\n" + }, + "contentBasedDeduplication": { + "type": "boolean", + "description": "Enables content-based deduplication for FIFO queues. For more information, see the [related documentation](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing)\n" + }, + "deduplicationScope": { + "type": "string", + "description": "Specifies whether message deduplication occurs at the message group or queue level. Valid values are `messageGroup` and `queue` (default).\n" + }, + "delaySeconds": { + "type": "integer", + "description": "The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes). The default for this attribute is 0 seconds.\n" + }, + "fifoQueue": { + "type": "boolean", + "description": "Boolean designating a FIFO queue. If not set, it defaults to `false` making it standard.\n" + }, + "fifoThroughputLimit": { + "type": "string", + "description": "Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are `perQueue` (default) and `perMessageGroupId`.\n" + }, + "kmsDataKeyReusePeriodSeconds": { + "type": "integer", + "description": "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). The default is 300 (5 minutes).\n" + }, + "kmsMasterKeyId": { + "type": "string", + "description": "The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see [Key Terms](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms).\n" + }, + "maxMessageSize": { + "type": "integer", + "description": "The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB). The default for this attribute is 262144 (256 KiB).\n" + }, + "messageRetentionSeconds": { + "type": "integer", + "description": "The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). The default for this attribute is 345600 (4 days).\n" + }, + "name": { + "type": "string", + "description": "The name of the queue. Queue names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 80 characters long. For a FIFO (first-in-first-out) queue, the name must end with the `.fifo` suffix. If omitted, this provider will assign a random, unique name. Conflicts with `name_prefix`\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`\n" + }, + "policy": { + "type": "string", + "description": "The JSON policy for the SQS queue.\n" + }, + "receiveWaitTimeSeconds": { + "type": "integer", + "description": "The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds). The default for this attribute is 0, meaning that the call will return immediately.\n" + }, + "redrivePolicy": { + "type": "string", + "description": "The JSON policy to set up the Dead Letter Queue, see [AWS docs](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/SQSDeadLetterQueue.html). **Note:** when specifying `maxReceiveCount`, you must specify it as an integer (`5`), and not a string (`\"5\"`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the queue. If configured with a provider `default_tags` configuration block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "url": { + "type": "string", + "description": "Same as `id`: The URL for the created Amazon SQS queue.\n" + }, + "visibilityTimeoutSeconds": { + "type": "integer", + "description": "The visibility timeout for the queue. An integer from 0 to 43200 (12 hours). The default for this attribute is 30. For more information about visibility timeout, see [AWS docs](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/AboutVT.html).\n" + } + }, + "type": "object" + } + }, + "aws:sqs/queuePolicy:QueuePolicy": { + "description": "Allows you to set a policy of an SQS Queue\nwhile referencing ARN of the queue within the policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst queue = new aws.sqs.Queue(\"queue\", {});\nconst test = new aws.sqs.QueuePolicy(\"test\", {\n queueUrl: queue.id,\n policy: pulumi.interpolate`{\n \"Version\": \"2012-10-17\",\n \"Id\": \"sqspolicy\",\n \"Statement\": [\n {\n \"Sid\": \"First\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"sqs:SendMessage\",\n \"Resource\": \"${queue.arn}\",\n \"Condition\": {\n \"ArnEquals\": {\n \"aws:SourceArn\": \"${aws_sns_topic.example.arn}\"\n }\n }\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nqueue = aws.sqs.Queue(\"queue\")\ntest = aws.sqs.QueuePolicy(\"test\",\n queue_url=queue.id,\n policy=queue.arn.apply(lambda arn: f\"\"\"{{\n \"Version\": \"2012-10-17\",\n \"Id\": \"sqspolicy\",\n \"Statement\": [\n {{\n \"Sid\": \"First\",\n \"Effect\": \"Allow\",\n \"Principal\": \"*\",\n \"Action\": \"sqs:SendMessage\",\n \"Resource\": \"{arn}\",\n \"Condition\": {{\n \"ArnEquals\": {{\n \"aws:SourceArn\": \"{aws_sns_topic[\"example\"][\"arn\"]}\"\n }}\n }}\n }}\n ]\n}}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var queue = new Aws.Sqs.Queue(\"queue\", new Aws.Sqs.QueueArgs\n {\n });\n var test = new Aws.Sqs.QueuePolicy(\"test\", new Aws.Sqs.QueuePolicyArgs\n {\n QueueUrl = queue.Id,\n Policy = queue.Arn.Apply(arn => @$\"{{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Id\"\": \"\"sqspolicy\"\",\n \"\"Statement\"\": [\n {{\n \"\"Sid\"\": \"\"First\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": \"\"*\"\",\n \"\"Action\"\": \"\"sqs:SendMessage\"\",\n \"\"Resource\"\": \"\"{arn}\"\",\n \"\"Condition\"\": {{\n \"\"ArnEquals\"\": {{\n \"\"aws:SourceArn\"\": \"\"{aws_sns_topic.Example.Arn}\"\"\n }}\n }}\n }}\n ]\n}}\n\"),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tqueue, err := sqs.NewQueue(ctx, \"queue\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sqs.NewQueuePolicy(ctx, \"test\", &sqs.QueuePolicyArgs{\n\t\t\tQueueUrl: queue.ID(),\n\t\t\tPolicy: queue.Arn.ApplyT(func(arn string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Id\\\": \\\"sqspolicy\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"First\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": \\\"*\\\",\\n\", \" \\\"Action\\\": \\\"sqs:SendMessage\\\",\\n\", \" \\\"Resource\\\": \\\"\", arn, \"\\\",\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"ArnEquals\\\": {\\n\", \" \\\"aws:SourceArn\\\": \\\"\", aws_sns_topic.Example.Arn, \"\\\"\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\"), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSQS Queue Policies can be imported using the queue URL, e.g.\n\n```sh\n $ pulumi import aws:sqs/queuePolicy:QueuePolicy test https://queue.amazonaws.com/0123456789012/myqueue\n```\n\n ", + "properties": { + "policy": { + "type": "string", + "description": "The JSON policy for the SQS queue.\n" + }, + "queueUrl": { + "type": "string", + "description": "The URL of the SQS Queue to which to attach the policy\n" + } + }, + "required": [ + "policy", + "queueUrl" + ], + "inputProperties": { + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The JSON policy for the SQS queue.\n" + }, + "queueUrl": { + "type": "string", + "description": "The URL of the SQS Queue to which to attach the policy\n" + } + }, + "requiredInputs": [ + "policy", + "queueUrl" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering QueuePolicy resources.\n", + "properties": { + "policy": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:iam/documents:PolicyDocument" + } + ], + "description": "The JSON policy for the SQS queue.\n" + }, + "queueUrl": { + "type": "string", + "description": "The URL of the SQS Queue to which to attach the policy\n" + } + }, + "type": "object" + } + }, + "aws:ssm/activation:Activation": { + "description": "Registers an on-premises server or virtual machine with Amazon EC2 so that it can be managed using Run Command.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testRole = new aws.iam.Role(\"testRole\", {assumeRolePolicy: ` {\n \"Version\": \"2012-10-17\",\n \"Statement\": {\n \"Effect\": \"Allow\",\n \"Principal\": {\"Service\": \"ssm.amazonaws.com\"},\n \"Action\": \"sts:AssumeRole\"\n }\n }\n`});\nconst testAttach = new aws.iam.RolePolicyAttachment(\"testAttach\", {\n role: testRole.name,\n policyArn: \"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\",\n});\nconst foo = new aws.ssm.Activation(\"foo\", {\n description: \"Test\",\n iamRole: testRole.id,\n registrationLimit: \"5\",\n}, {\n dependsOn: [testAttach],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_role = aws.iam.Role(\"testRole\", assume_role_policy=\"\"\" {\n \"Version\": \"2012-10-17\",\n \"Statement\": {\n \"Effect\": \"Allow\",\n \"Principal\": {\"Service\": \"ssm.amazonaws.com\"},\n \"Action\": \"sts:AssumeRole\"\n }\n }\n\"\"\")\ntest_attach = aws.iam.RolePolicyAttachment(\"testAttach\",\n role=test_role.name,\n policy_arn=\"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\")\nfoo = aws.ssm.Activation(\"foo\",\n description=\"Test\",\n iam_role=test_role.id,\n registration_limit=5,\n opts=pulumi.ResourceOptions(depends_on=[test_attach]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testRole = new Aws.Iam.Role(\"testRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\" {\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": {\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\"\"Service\"\": \"\"ssm.amazonaws.com\"\"},\n \"\"Action\"\": \"\"sts:AssumeRole\"\"\n }\n }\n\",\n });\n var testAttach = new Aws.Iam.RolePolicyAttachment(\"testAttach\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = testRole.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\",\n });\n var foo = new Aws.Ssm.Activation(\"foo\", new Aws.Ssm.ActivationArgs\n {\n Description = \"Test\",\n IamRole = testRole.Id,\n RegistrationLimit = 5,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n testAttach,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestRole, err := iam.NewRole(ctx, \"testRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v\", \" {\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": {\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\\"Service\\\": \\\"ssm.amazonaws.com\\\"},\\n\", \" \\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \" }\\n\", \" }\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestAttach, err := iam.NewRolePolicyAttachment(ctx, \"testAttach\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: testRole.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewActivation(ctx, \"foo\", &ssm.ActivationArgs{\n\t\t\tDescription: pulumi.String(\"Test\"),\n\t\t\tIamRole: testRole.ID(),\n\t\t\tRegistrationLimit: pulumi.Int(5),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\ttestAttach,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS SSM Activation can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:ssm/activation:Activation example e488f2f6-e686-4afb-8a04-ef6dfEXAMPLE\n```\n\n ", + "properties": { + "activationCode": { + "type": "string", + "description": "The code the system generates when it processes the activation.\n" + }, + "description": { + "type": "string", + "description": "The description of the resource that you want to register.\n" + }, + "expirationDate": { + "type": "string", + "description": "UTC timestamp in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) by which this activation request should expire. The default value is 24 hours from resource creation time. This provider will only perform drift detection of its value when present in a configuration.\n" + }, + "expired": { + "type": "boolean", + "description": "If the current activation has expired.\n" + }, + "iamRole": { + "type": "string", + "description": "The IAM Role to attach to the managed instance.\n" + }, + "name": { + "type": "string", + "description": "The default name of the registered managed instance.\n" + }, + "registrationCount": { + "type": "integer", + "description": "The number of managed instances that are currently registered using this activation.\n" + }, + "registrationLimit": { + "type": "integer", + "description": "The maximum number of managed instances you want to register. The default value is 1 instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "activationCode", + "expirationDate", + "expired", + "iamRole", + "name", + "registrationCount", + "registrationLimit", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the resource that you want to register.\n" + }, + "expirationDate": { + "type": "string", + "description": "UTC timestamp in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) by which this activation request should expire. The default value is 24 hours from resource creation time. This provider will only perform drift detection of its value when present in a configuration.\n" + }, + "iamRole": { + "type": "string", + "description": "The IAM Role to attach to the managed instance.\n" + }, + "name": { + "type": "string", + "description": "The default name of the registered managed instance.\n" + }, + "registrationLimit": { + "type": "integer", + "description": "The maximum number of managed instances you want to register. The default value is 1 instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "iamRole" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Activation resources.\n", + "properties": { + "activationCode": { + "type": "string", + "description": "The code the system generates when it processes the activation.\n" + }, + "description": { + "type": "string", + "description": "The description of the resource that you want to register.\n" + }, + "expirationDate": { + "type": "string", + "description": "UTC timestamp in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) by which this activation request should expire. The default value is 24 hours from resource creation time. This provider will only perform drift detection of its value when present in a configuration.\n" + }, + "expired": { + "type": "boolean", + "description": "If the current activation has expired.\n" + }, + "iamRole": { + "type": "string", + "description": "The IAM Role to attach to the managed instance.\n" + }, + "name": { + "type": "string", + "description": "The default name of the registered managed instance.\n" + }, + "registrationCount": { + "type": "integer", + "description": "The number of managed instances that are currently registered using this activation.\n" + }, + "registrationLimit": { + "type": "integer", + "description": "The maximum number of managed instances you want to register. The default value is 1 instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ssm/association:Association": { + "description": "Associates an SSM Document to an instance or EC2 tag.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ssm.Association(\"example\", {targets: [{\n key: \"InstanceIds\",\n values: [aws_instance.example.id],\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ssm.Association(\"example\", targets=[aws.ssm.AssociationTargetArgs(\n key=\"InstanceIds\",\n values=[aws_instance[\"example\"][\"id\"]],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ssm.Association(\"example\", new Aws.Ssm.AssociationArgs\n {\n Targets = \n {\n new Aws.Ssm.Inputs.AssociationTargetArgs\n {\n Key = \"InstanceIds\",\n Values = \n {\n aws_instance.Example.Id,\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewAssociation(ctx, \"example\", &ssm.AssociationArgs{\n\t\t\tTargets: ssm.AssociationTargetArray{\n\t\t\t\t&ssm.AssociationTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"InstanceIds\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_instance.Example.Id),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSSM associations can be imported using the `association_id`, e.g.\n\n```sh\n $ pulumi import aws:ssm/association:Association test-association 10abcdef-0abc-1234-5678-90abcdef123456\n```\n\n ", + "properties": { + "applyOnlyAtCronInterval": { + "type": "boolean", + "description": "By default, when you create a new or update associations, the system runs it immediately and then according to the schedule you specified. Enable this option if you do not want an association to run immediately after you create or update it. This parameter is not supported for rate expressions. Default: `false`.\n" + }, + "associationId": { + "type": "string", + "description": "The ID of the SSM association.\n" + }, + "associationName": { + "type": "string", + "description": "The descriptive name for the association.\n" + }, + "automationTargetParameterName": { + "type": "string", + "description": "Specify the target for the association. This target is required for associations that use an `Automation` document and target resources by using rate controls.\n" + }, + "complianceSeverity": { + "type": "string", + "description": "The compliance severity for the association. Can be one of the following: `UNSPECIFIED`, `LOW`, `MEDIUM`, `HIGH` or `CRITICAL`\n" + }, + "documentVersion": { + "type": "string", + "description": "The document version you want to associate with the target(s). Can be a specific version or the default version.\n" + }, + "instanceId": { + "type": "string", + "description": "The instance ID to apply an SSM document to. Use `targets` with key `InstanceIds` for document schema versions 2.0 and above.\n" + }, + "maxConcurrency": { + "type": "string", + "description": "The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.\n" + }, + "maxErrors": { + "type": "string", + "description": "The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.\n" + }, + "name": { + "type": "string", + "description": "The name of the SSM document to apply.\n" + }, + "outputLocation": { + "$ref": "#/types/aws:ssm/AssociationOutputLocation:AssociationOutputLocation", + "description": "An output location block. Output Location is documented below.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A block of arbitrary string parameters to pass to the SSM document.\n" + }, + "scheduleExpression": { + "type": "string", + "description": "A cron expression when the association will be applied to the target(s).\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/AssociationTarget:AssociationTarget" + }, + "description": "A block containing the targets of the SSM association. Targets are documented below. AWS currently supports a maximum of 5 targets.\n" + } + }, + "required": [ + "associationId", + "documentVersion", + "name", + "parameters", + "targets" + ], + "inputProperties": { + "applyOnlyAtCronInterval": { + "type": "boolean", + "description": "By default, when you create a new or update associations, the system runs it immediately and then according to the schedule you specified. Enable this option if you do not want an association to run immediately after you create or update it. This parameter is not supported for rate expressions. Default: `false`.\n" + }, + "associationName": { + "type": "string", + "description": "The descriptive name for the association.\n" + }, + "automationTargetParameterName": { + "type": "string", + "description": "Specify the target for the association. This target is required for associations that use an `Automation` document and target resources by using rate controls.\n" + }, + "complianceSeverity": { + "type": "string", + "description": "The compliance severity for the association. Can be one of the following: `UNSPECIFIED`, `LOW`, `MEDIUM`, `HIGH` or `CRITICAL`\n" + }, + "documentVersion": { + "type": "string", + "description": "The document version you want to associate with the target(s). Can be a specific version or the default version.\n" + }, + "instanceId": { + "type": "string", + "description": "The instance ID to apply an SSM document to. Use `targets` with key `InstanceIds` for document schema versions 2.0 and above.\n" + }, + "maxConcurrency": { + "type": "string", + "description": "The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.\n" + }, + "maxErrors": { + "type": "string", + "description": "The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.\n" + }, + "name": { + "type": "string", + "description": "The name of the SSM document to apply.\n" + }, + "outputLocation": { + "$ref": "#/types/aws:ssm/AssociationOutputLocation:AssociationOutputLocation", + "description": "An output location block. Output Location is documented below.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A block of arbitrary string parameters to pass to the SSM document.\n" + }, + "scheduleExpression": { + "type": "string", + "description": "A cron expression when the association will be applied to the target(s).\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/AssociationTarget:AssociationTarget" + }, + "description": "A block containing the targets of the SSM association. Targets are documented below. AWS currently supports a maximum of 5 targets.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Association resources.\n", + "properties": { + "applyOnlyAtCronInterval": { + "type": "boolean", + "description": "By default, when you create a new or update associations, the system runs it immediately and then according to the schedule you specified. Enable this option if you do not want an association to run immediately after you create or update it. This parameter is not supported for rate expressions. Default: `false`.\n" + }, + "associationId": { + "type": "string", + "description": "The ID of the SSM association.\n" + }, + "associationName": { + "type": "string", + "description": "The descriptive name for the association.\n" + }, + "automationTargetParameterName": { + "type": "string", + "description": "Specify the target for the association. This target is required for associations that use an `Automation` document and target resources by using rate controls.\n" + }, + "complianceSeverity": { + "type": "string", + "description": "The compliance severity for the association. Can be one of the following: `UNSPECIFIED`, `LOW`, `MEDIUM`, `HIGH` or `CRITICAL`\n" + }, + "documentVersion": { + "type": "string", + "description": "The document version you want to associate with the target(s). Can be a specific version or the default version.\n" + }, + "instanceId": { + "type": "string", + "description": "The instance ID to apply an SSM document to. Use `targets` with key `InstanceIds` for document schema versions 2.0 and above.\n" + }, + "maxConcurrency": { + "type": "string", + "description": "The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.\n" + }, + "maxErrors": { + "type": "string", + "description": "The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.\n" + }, + "name": { + "type": "string", + "description": "The name of the SSM document to apply.\n" + }, + "outputLocation": { + "$ref": "#/types/aws:ssm/AssociationOutputLocation:AssociationOutputLocation", + "description": "An output location block. Output Location is documented below.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A block of arbitrary string parameters to pass to the SSM document.\n" + }, + "scheduleExpression": { + "type": "string", + "description": "A cron expression when the association will be applied to the target(s).\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/AssociationTarget:AssociationTarget" + }, + "description": "A block containing the targets of the SSM association. Targets are documented below. AWS currently supports a maximum of 5 targets.\n" + } + }, + "type": "object" + } + }, + "aws:ssm/document:Document": { + "description": "Provides an SSM Document resource\n\n> **NOTE on updating SSM documents:** Only documents with a schema version of 2.0\nor greater can update their content once created, see [SSM Schema Features](http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html#document-schemas-features). To update a document with an older\nschema version you must recreate the resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ssm.Document(\"foo\", {\n content: ` {\n \"schemaVersion\": \"1.2\",\n \"description\": \"Check ip configuration of a Linux instance.\",\n \"parameters\": {\n\n },\n \"runtimeConfig\": {\n \"aws:runShellScript\": {\n \"properties\": [\n {\n \"id\": \"0.aws:runShellScript\",\n \"runCommand\": [\"ifconfig\"]\n }\n ]\n }\n }\n }\n`,\n documentType: \"Command\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ssm.Document(\"foo\",\n content=\"\"\" {\n \"schemaVersion\": \"1.2\",\n \"description\": \"Check ip configuration of a Linux instance.\",\n \"parameters\": {\n\n },\n \"runtimeConfig\": {\n \"aws:runShellScript\": {\n \"properties\": [\n {\n \"id\": \"0.aws:runShellScript\",\n \"runCommand\": [\"ifconfig\"]\n }\n ]\n }\n }\n }\n\n\"\"\",\n document_type=\"Command\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ssm.Document(\"foo\", new Aws.Ssm.DocumentArgs\n {\n Content = @\" {\n \"\"schemaVersion\"\": \"\"1.2\"\",\n \"\"description\"\": \"\"Check ip configuration of a Linux instance.\"\",\n \"\"parameters\"\": {\n\n },\n \"\"runtimeConfig\"\": {\n \"\"aws:runShellScript\"\": {\n \"\"properties\"\": [\n {\n \"\"id\"\": \"\"0.aws:runShellScript\"\",\n \"\"runCommand\"\": [\"\"ifconfig\"\"]\n }\n ]\n }\n }\n }\n\n\",\n DocumentType = \"Command\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewDocument(ctx, \"foo\", &ssm.DocumentArgs{\n\t\t\tContent: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \" {\\n\", \" \\\"schemaVersion\\\": \\\"1.2\\\",\\n\", \" \\\"description\\\": \\\"Check ip configuration of a Linux instance.\\\",\\n\", \" \\\"parameters\\\": {\\n\", \"\\n\", \" },\\n\", \" \\\"runtimeConfig\\\": {\\n\", \" \\\"aws:runShellScript\\\": {\\n\", \" \\\"properties\\\": [\\n\", \" {\\n\", \" \\\"id\\\": \\\"0.aws:runShellScript\\\",\\n\", \" \\\"runCommand\\\": [\\\"ifconfig\\\"]\\n\", \" }\\n\", \" ]\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \"\\n\")),\n\t\t\tDocumentType: pulumi.String(\"Command\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Permissions\n\nThe permissions attribute specifies how you want to share the document. If you share a document privately,\nyou must specify the AWS user account IDs for those people who can use the document. If you share a document\npublicly, you must specify All as the account ID.\n\nThe permissions mapping supports the following:\n\n* `type` - The permission type for the document. The permission type can be `Share`.\n* `account_ids` - The AWS user accounts that should have access to the document. The account IDs can either be a group of account IDs or `All`.\n\n\n## Import\n\nSSM Documents can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:ssm/document:Document example example\n```\n\n The `attachments_source` argument does not have an SSM API method for reading the attachment information detail after creation. If the argument is set in the provider configuration on an imported resource, this provider will always show a difference. To workaround this behavior, either omit the argument from the configuration or use [`ignoreChanges`](https://www.pulumi.com/docs/intro/concepts/programming-model/#ignorechanges) to hide the difference, e.g. terraform resource \"aws_ssm_document\" \"test\" {\n\n name\n\n\n\n\n\n\n\n\n\n= \"test_document\"\n\n document_type = \"Package\"\n\n attachments_source {\n\n\n\n key\n\n\n\n= \"SourceUrl\"\n\n\n\n values = [\"s3://${aws_s3_bucket.object_bucket.bucket}/test.zip\"]\n\n }\n\n # There is no AWS SSM API for reading attachments_source info directly\n\n lifecycle {\n\n\n\n ignore_changes = [attachments_source]\n\n } } ", + "properties": { + "arn": { + "type": "string" + }, + "attachmentsSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/DocumentAttachmentsSource:DocumentAttachmentsSource" + }, + "description": "One or more configuration blocks describing attachments sources to a version of a document. Defined below.\n" + }, + "content": { + "type": "string", + "description": "The JSON or YAML content of the document.\n" + }, + "createdDate": { + "type": "string", + "description": "The date the document was created.\n" + }, + "defaultVersion": { + "type": "string", + "description": "The default version of the document.\n" + }, + "description": { + "type": "string", + "description": "The description of the document.\n" + }, + "documentFormat": { + "type": "string", + "description": "The format of the document. Valid document types include: `JSON` and `YAML`\n" + }, + "documentType": { + "type": "string", + "description": "The type of the document. Valid document types include: `Automation`, `Command`, `Package`, `Policy`, and `Session`\n" + }, + "documentVersion": { + "type": "string", + "description": "The document version.\n" + }, + "hash": { + "type": "string", + "description": "The sha1 or sha256 of the document content\n" + }, + "hashType": { + "type": "string", + "description": "\"Sha1\" \"Sha256\". The hashing algorithm used when hashing the content.\n" + }, + "latestVersion": { + "type": "string", + "description": "The latest version of the document.\n" + }, + "name": { + "type": "string", + "description": "The name of the document.\n" + }, + "owner": { + "type": "string", + "description": "The AWS user account of the person who created the document.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/DocumentParameter:DocumentParameter" + }, + "description": "The parameters that are available to this document.\n" + }, + "permissions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Additional Permissions to attach to the document. See Permissions below for details.\n" + }, + "platformTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of OS platforms compatible with this SSM document, either \"Windows\" or \"Linux\".\n" + }, + "schemaVersion": { + "type": "string", + "description": "The schema version of the document.\n" + }, + "status": { + "type": "string", + "description": "\"Creating\", \"Active\" or \"Deleting\". The current status of the document.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)\n" + }, + "versionName": { + "type": "string", + "description": "A field specifying the version of the artifact you are creating with the document. For example, \"Release 12, Update 6\". This value is unique across all versions of a document and cannot be changed for an existing document version.\n" + } + }, + "required": [ + "arn", + "content", + "createdDate", + "defaultVersion", + "description", + "documentType", + "documentVersion", + "hash", + "hashType", + "latestVersion", + "name", + "owner", + "parameters", + "platformTypes", + "schemaVersion", + "status", + "tagsAll" + ], + "inputProperties": { + "attachmentsSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/DocumentAttachmentsSource:DocumentAttachmentsSource" + }, + "description": "One or more configuration blocks describing attachments sources to a version of a document. Defined below.\n" + }, + "content": { + "type": "string", + "description": "The JSON or YAML content of the document.\n" + }, + "documentFormat": { + "type": "string", + "description": "The format of the document. Valid document types include: `JSON` and `YAML`\n" + }, + "documentType": { + "type": "string", + "description": "The type of the document. Valid document types include: `Automation`, `Command`, `Package`, `Policy`, and `Session`\n" + }, + "name": { + "type": "string", + "description": "The name of the document.\n" + }, + "permissions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Additional Permissions to attach to the document. See Permissions below for details.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)\n" + }, + "versionName": { + "type": "string", + "description": "A field specifying the version of the artifact you are creating with the document. For example, \"Release 12, Update 6\". This value is unique across all versions of a document and cannot be changed for an existing document version.\n" + } + }, + "requiredInputs": [ + "content", + "documentType" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Document resources.\n", + "properties": { + "arn": { + "type": "string" + }, + "attachmentsSources": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/DocumentAttachmentsSource:DocumentAttachmentsSource" + }, + "description": "One or more configuration blocks describing attachments sources to a version of a document. Defined below.\n" + }, + "content": { + "type": "string", + "description": "The JSON or YAML content of the document.\n" + }, + "createdDate": { + "type": "string", + "description": "The date the document was created.\n" + }, + "defaultVersion": { + "type": "string", + "description": "The default version of the document.\n" + }, + "description": { + "type": "string", + "description": "The description of the document.\n" + }, + "documentFormat": { + "type": "string", + "description": "The format of the document. Valid document types include: `JSON` and `YAML`\n" + }, + "documentType": { + "type": "string", + "description": "The type of the document. Valid document types include: `Automation`, `Command`, `Package`, `Policy`, and `Session`\n" + }, + "documentVersion": { + "type": "string", + "description": "The document version.\n" + }, + "hash": { + "type": "string", + "description": "The sha1 or sha256 of the document content\n" + }, + "hashType": { + "type": "string", + "description": "\"Sha1\" \"Sha256\". The hashing algorithm used when hashing the content.\n" + }, + "latestVersion": { + "type": "string", + "description": "The latest version of the document.\n" + }, + "name": { + "type": "string", + "description": "The name of the document.\n" + }, + "owner": { + "type": "string", + "description": "The AWS user account of the person who created the document.\n" + }, + "parameters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/DocumentParameter:DocumentParameter" + }, + "description": "The parameters that are available to this document.\n" + }, + "permissions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Additional Permissions to attach to the document. See Permissions below for details.\n" + }, + "platformTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of OS platforms compatible with this SSM document, either \"Windows\" or \"Linux\".\n" + }, + "schemaVersion": { + "type": "string", + "description": "The schema version of the document.\n" + }, + "status": { + "type": "string", + "description": "\"Creating\", \"Active\" or \"Deleting\". The current status of the document.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetType": { + "type": "string", + "description": "The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)\n" + }, + "versionName": { + "type": "string", + "description": "A field specifying the version of the artifact you are creating with the document. For example, \"Release 12, Update 6\". This value is unique across all versions of a document and cannot be changed for an existing document version.\n" + } + }, + "type": "object" + } + }, + "aws:ssm/maintenanceWindow:MaintenanceWindow": { + "description": "Provides an SSM Maintenance Window resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst production = new aws.ssm.MaintenanceWindow(\"production\", {\n cutoff: 1,\n duration: 3,\n schedule: \"cron(0 16 ? * TUE *)\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nproduction = aws.ssm.MaintenanceWindow(\"production\",\n cutoff=1,\n duration=3,\n schedule=\"cron(0 16 ? * TUE *)\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var production = new Aws.Ssm.MaintenanceWindow(\"production\", new Aws.Ssm.MaintenanceWindowArgs\n {\n Cutoff = 1,\n Duration = 3,\n Schedule = \"cron(0 16 ? * TUE *)\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewMaintenanceWindow(ctx, \"production\", &ssm.MaintenanceWindowArgs{\n\t\t\tCutoff: pulumi.Int(1),\n\t\t\tDuration: pulumi.Int(3),\n\t\t\tSchedule: pulumi.String(\"cron(0 16 ? * TUE *)\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSSM\n\nMaintenance Windows can be imported using the `maintenance window id`, e.g.\n\n```sh\n $ pulumi import aws:ssm/maintenanceWindow:MaintenanceWindow imported-window mw-0123456789\n```\n\n ", + "properties": { + "allowUnassociatedTargets": { + "type": "boolean", + "description": "Whether targets must be registered with the Maintenance Window before tasks can be defined for those targets.\n" + }, + "cutoff": { + "type": "integer", + "description": "The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.\n" + }, + "description": { + "type": "string", + "description": "A description for the maintenance window.\n" + }, + "duration": { + "type": "integer", + "description": "The duration of the Maintenance Window in hours.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the maintenance window is enabled. Default: `true`.\n" + }, + "endDate": { + "type": "string", + "description": "Timestamp in [ISO-8601 extended format](https://www.iso.org/iso-8601-date-and-time-format.html) when to no longer run the maintenance window.\n" + }, + "name": { + "type": "string", + "description": "The name of the maintenance window.\n" + }, + "schedule": { + "type": "string", + "description": "The schedule of the Maintenance Window in the form of a [cron](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-cron.html) or rate expression.\n" + }, + "scheduleOffset": { + "type": "integer", + "description": "The number of days to wait after the date and time specified by a CRON expression before running the maintenance window.\n" + }, + "scheduleTimezone": { + "type": "string", + "description": "Timezone for schedule in [Internet Assigned Numbers Authority (IANA) Time Zone Database format](https://www.iana.org/time-zones). For example: `America/Los_Angeles`, `etc/UTC`, or `Asia/Seoul`.\n" + }, + "startDate": { + "type": "string", + "description": "Timestamp in [ISO-8601 extended format](https://www.iso.org/iso-8601-date-and-time-format.html) when to begin the maintenance window.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "cutoff", + "duration", + "name", + "schedule", + "tagsAll" + ], + "inputProperties": { + "allowUnassociatedTargets": { + "type": "boolean", + "description": "Whether targets must be registered with the Maintenance Window before tasks can be defined for those targets.\n" + }, + "cutoff": { + "type": "integer", + "description": "The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.\n" + }, + "description": { + "type": "string", + "description": "A description for the maintenance window.\n" + }, + "duration": { + "type": "integer", + "description": "The duration of the Maintenance Window in hours.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the maintenance window is enabled. Default: `true`.\n" + }, + "endDate": { + "type": "string", + "description": "Timestamp in [ISO-8601 extended format](https://www.iso.org/iso-8601-date-and-time-format.html) when to no longer run the maintenance window.\n" + }, + "name": { + "type": "string", + "description": "The name of the maintenance window.\n" + }, + "schedule": { + "type": "string", + "description": "The schedule of the Maintenance Window in the form of a [cron](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-cron.html) or rate expression.\n" + }, + "scheduleOffset": { + "type": "integer", + "description": "The number of days to wait after the date and time specified by a CRON expression before running the maintenance window.\n" + }, + "scheduleTimezone": { + "type": "string", + "description": "Timezone for schedule in [Internet Assigned Numbers Authority (IANA) Time Zone Database format](https://www.iana.org/time-zones). For example: `America/Los_Angeles`, `etc/UTC`, or `Asia/Seoul`.\n" + }, + "startDate": { + "type": "string", + "description": "Timestamp in [ISO-8601 extended format](https://www.iso.org/iso-8601-date-and-time-format.html) when to begin the maintenance window.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "cutoff", + "duration", + "schedule" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MaintenanceWindow resources.\n", + "properties": { + "allowUnassociatedTargets": { + "type": "boolean", + "description": "Whether targets must be registered with the Maintenance Window before tasks can be defined for those targets.\n" + }, + "cutoff": { + "type": "integer", + "description": "The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.\n" + }, + "description": { + "type": "string", + "description": "A description for the maintenance window.\n" + }, + "duration": { + "type": "integer", + "description": "The duration of the Maintenance Window in hours.\n" + }, + "enabled": { + "type": "boolean", + "description": "Whether the maintenance window is enabled. Default: `true`.\n" + }, + "endDate": { + "type": "string", + "description": "Timestamp in [ISO-8601 extended format](https://www.iso.org/iso-8601-date-and-time-format.html) when to no longer run the maintenance window.\n" + }, + "name": { + "type": "string", + "description": "The name of the maintenance window.\n" + }, + "schedule": { + "type": "string", + "description": "The schedule of the Maintenance Window in the form of a [cron](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-cron.html) or rate expression.\n" + }, + "scheduleOffset": { + "type": "integer", + "description": "The number of days to wait after the date and time specified by a CRON expression before running the maintenance window.\n" + }, + "scheduleTimezone": { + "type": "string", + "description": "Timezone for schedule in [Internet Assigned Numbers Authority (IANA) Time Zone Database format](https://www.iana.org/time-zones). For example: `America/Los_Angeles`, `etc/UTC`, or `Asia/Seoul`.\n" + }, + "startDate": { + "type": "string", + "description": "Timestamp in [ISO-8601 extended format](https://www.iso.org/iso-8601-date-and-time-format.html) when to begin the maintenance window.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ssm/maintenanceWindowTarget:MaintenanceWindowTarget": { + "description": "Provides an SSM Maintenance Window Target resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Instance Target\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst window = new aws.ssm.MaintenanceWindow(\"window\", {\n schedule: \"cron(0 16 ? * TUE *)\",\n duration: 3,\n cutoff: 1,\n});\nconst target1 = new aws.ssm.MaintenanceWindowTarget(\"target1\", {\n windowId: window.id,\n description: \"This is a maintenance window target\",\n resourceType: \"INSTANCE\",\n targets: [{\n key: \"tag:Name\",\n values: [\"acceptance_test\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwindow = aws.ssm.MaintenanceWindow(\"window\",\n schedule=\"cron(0 16 ? * TUE *)\",\n duration=3,\n cutoff=1)\ntarget1 = aws.ssm.MaintenanceWindowTarget(\"target1\",\n window_id=window.id,\n description=\"This is a maintenance window target\",\n resource_type=\"INSTANCE\",\n targets=[aws.ssm.MaintenanceWindowTargetTargetArgs(\n key=\"tag:Name\",\n values=[\"acceptance_test\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var window = new Aws.Ssm.MaintenanceWindow(\"window\", new Aws.Ssm.MaintenanceWindowArgs\n {\n Schedule = \"cron(0 16 ? * TUE *)\",\n Duration = 3,\n Cutoff = 1,\n });\n var target1 = new Aws.Ssm.MaintenanceWindowTarget(\"target1\", new Aws.Ssm.MaintenanceWindowTargetArgs\n {\n WindowId = window.Id,\n Description = \"This is a maintenance window target\",\n ResourceType = \"INSTANCE\",\n Targets = \n {\n new Aws.Ssm.Inputs.MaintenanceWindowTargetTargetArgs\n {\n Key = \"tag:Name\",\n Values = \n {\n \"acceptance_test\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twindow, err := ssm.NewMaintenanceWindow(ctx, \"window\", &ssm.MaintenanceWindowArgs{\n\t\t\tSchedule: pulumi.String(\"cron(0 16 ? * TUE *)\"),\n\t\t\tDuration: pulumi.Int(3),\n\t\t\tCutoff: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewMaintenanceWindowTarget(ctx, \"target1\", &ssm.MaintenanceWindowTargetArgs{\n\t\t\tWindowId: window.ID(),\n\t\t\tDescription: pulumi.String(\"This is a maintenance window target\"),\n\t\t\tResourceType: pulumi.String(\"INSTANCE\"),\n\t\t\tTargets: ssm.MaintenanceWindowTargetTargetArray{\n\t\t\t\t&ssm.MaintenanceWindowTargetTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"tag:Name\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"acceptance_test\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Resource Group Target\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst window = new aws.ssm.MaintenanceWindow(\"window\", {\n schedule: \"cron(0 16 ? * TUE *)\",\n duration: 3,\n cutoff: 1,\n});\nconst target1 = new aws.ssm.MaintenanceWindowTarget(\"target1\", {\n windowId: window.id,\n description: \"This is a maintenance window target\",\n resourceType: \"RESOURCE_GROUP\",\n targets: [{\n key: \"resource-groups:ResourceTypeFilters\",\n values: [\"AWS::EC2::Instance\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwindow = aws.ssm.MaintenanceWindow(\"window\",\n schedule=\"cron(0 16 ? * TUE *)\",\n duration=3,\n cutoff=1)\ntarget1 = aws.ssm.MaintenanceWindowTarget(\"target1\",\n window_id=window.id,\n description=\"This is a maintenance window target\",\n resource_type=\"RESOURCE_GROUP\",\n targets=[aws.ssm.MaintenanceWindowTargetTargetArgs(\n key=\"resource-groups:ResourceTypeFilters\",\n values=[\"AWS::EC2::Instance\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var window = new Aws.Ssm.MaintenanceWindow(\"window\", new Aws.Ssm.MaintenanceWindowArgs\n {\n Schedule = \"cron(0 16 ? * TUE *)\",\n Duration = 3,\n Cutoff = 1,\n });\n var target1 = new Aws.Ssm.MaintenanceWindowTarget(\"target1\", new Aws.Ssm.MaintenanceWindowTargetArgs\n {\n WindowId = window.Id,\n Description = \"This is a maintenance window target\",\n ResourceType = \"RESOURCE_GROUP\",\n Targets = \n {\n new Aws.Ssm.Inputs.MaintenanceWindowTargetTargetArgs\n {\n Key = \"resource-groups:ResourceTypeFilters\",\n Values = \n {\n \"AWS::EC2::Instance\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\twindow, err := ssm.NewMaintenanceWindow(ctx, \"window\", &ssm.MaintenanceWindowArgs{\n\t\t\tSchedule: pulumi.String(\"cron(0 16 ? * TUE *)\"),\n\t\t\tDuration: pulumi.Int(3),\n\t\t\tCutoff: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewMaintenanceWindowTarget(ctx, \"target1\", &ssm.MaintenanceWindowTargetArgs{\n\t\t\tWindowId: window.ID(),\n\t\t\tDescription: pulumi.String(\"This is a maintenance window target\"),\n\t\t\tResourceType: pulumi.String(\"RESOURCE_GROUP\"),\n\t\t\tTargets: ssm.MaintenanceWindowTargetTargetArray{\n\t\t\t\t&ssm.MaintenanceWindowTargetTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"resource-groups:ResourceTypeFilters\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"AWS::EC2::Instance\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSSM Maintenance Window targets can be imported using `WINDOW_ID/WINDOW_TARGET_ID`, e.g.\n\n```sh\n $ pulumi import aws:ssm/maintenanceWindowTarget:MaintenanceWindowTarget example mw-0c50858d01EXAMPLE/23639a0b-ddbc-4bca-9e72-78d96EXAMPLE\n```\n\n ", + "properties": { + "description": { + "type": "string", + "description": "The description of the maintenance window target.\n" + }, + "name": { + "type": "string", + "description": "The name of the maintenance window target.\n" + }, + "ownerInformation": { + "type": "string", + "description": "User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this Maintenance Window.\n" + }, + "resourceType": { + "type": "string", + "description": "The type of target being registered with the Maintenance Window. Possible values are `INSTANCE` and `RESOURCE_GROUP`.\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTargetTarget:MaintenanceWindowTargetTarget" + }, + "description": "The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs. You can specify targets using instance IDs, resource group names, or tags that have been applied to instances. For more information about these examples formats see\n(https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html)\n" + }, + "windowId": { + "type": "string", + "description": "The Id of the maintenance window to register the target with.\n" + } + }, + "required": [ + "name", + "resourceType", + "targets", + "windowId" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the maintenance window target.\n" + }, + "name": { + "type": "string", + "description": "The name of the maintenance window target.\n" + }, + "ownerInformation": { + "type": "string", + "description": "User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this Maintenance Window.\n" + }, + "resourceType": { + "type": "string", + "description": "The type of target being registered with the Maintenance Window. Possible values are `INSTANCE` and `RESOURCE_GROUP`.\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTargetTarget:MaintenanceWindowTargetTarget" + }, + "description": "The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs. You can specify targets using instance IDs, resource group names, or tags that have been applied to instances. For more information about these examples formats see\n(https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html)\n" + }, + "windowId": { + "type": "string", + "description": "The Id of the maintenance window to register the target with.\n" + } + }, + "requiredInputs": [ + "resourceType", + "targets", + "windowId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MaintenanceWindowTarget resources.\n", + "properties": { + "description": { + "type": "string", + "description": "The description of the maintenance window target.\n" + }, + "name": { + "type": "string", + "description": "The name of the maintenance window target.\n" + }, + "ownerInformation": { + "type": "string", + "description": "User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this Maintenance Window.\n" + }, + "resourceType": { + "type": "string", + "description": "The type of target being registered with the Maintenance Window. Possible values are `INSTANCE` and `RESOURCE_GROUP`.\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTargetTarget:MaintenanceWindowTargetTarget" + }, + "description": "The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs. You can specify targets using instance IDs, resource group names, or tags that have been applied to instances. For more information about these examples formats see\n(https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html)\n" + }, + "windowId": { + "type": "string", + "description": "The Id of the maintenance window to register the target with.\n" + } + }, + "type": "object" + } + }, + "aws:ssm/maintenanceWindowTask:MaintenanceWindowTask": { + "description": "Provides an SSM Maintenance Window Task resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Automation Tasks\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ssm.MaintenanceWindowTask(\"example\", {\n maxConcurrency: 2,\n maxErrors: 1,\n priority: 1,\n taskArn: \"AWS-RestartEC2Instance\",\n taskType: \"AUTOMATION\",\n windowId: aws_ssm_maintenance_window.example.id,\n targets: [{\n key: \"InstanceIds\",\n values: [aws_instance.example.id],\n }],\n taskInvocationParameters: {\n automationParameters: {\n documentVersion: `$LATEST`,\n parameters: [{\n name: \"InstanceId\",\n values: [aws_instance.example.id],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ssm.MaintenanceWindowTask(\"example\",\n max_concurrency=\"2\",\n max_errors=\"1\",\n priority=1,\n task_arn=\"AWS-RestartEC2Instance\",\n task_type=\"AUTOMATION\",\n window_id=aws_ssm_maintenance_window[\"example\"][\"id\"],\n targets=[aws.ssm.MaintenanceWindowTaskTargetArgs(\n key=\"InstanceIds\",\n values=[aws_instance[\"example\"][\"id\"]],\n )],\n task_invocation_parameters=aws.ssm.MaintenanceWindowTaskTaskInvocationParametersArgs(\n automation_parameters=aws.ssm.MaintenanceWindowTaskTaskInvocationParametersAutomationParametersArgs(\n document_version=\"$LATEST\",\n parameters=[aws.ssm.MaintenanceWindowTaskTaskInvocationParametersAutomationParametersParameterArgs(\n name=\"InstanceId\",\n values=[aws_instance[\"example\"][\"id\"]],\n )],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ssm.MaintenanceWindowTask(\"example\", new Aws.Ssm.MaintenanceWindowTaskArgs\n {\n MaxConcurrency = \"2\",\n MaxErrors = \"1\",\n Priority = 1,\n TaskArn = \"AWS-RestartEC2Instance\",\n TaskType = \"AUTOMATION\",\n WindowId = aws_ssm_maintenance_window.Example.Id,\n Targets = \n {\n new Aws.Ssm.Inputs.MaintenanceWindowTaskTargetArgs\n {\n Key = \"InstanceIds\",\n Values = \n {\n aws_instance.Example.Id,\n },\n },\n },\n TaskInvocationParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersArgs\n {\n AutomationParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersAutomationParametersArgs\n {\n DocumentVersion = \"$LATEST\",\n Parameters = \n {\n new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersAutomationParametersParameterArgs\n {\n Name = \"InstanceId\",\n Values = \n {\n aws_instance.Example.Id,\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewMaintenanceWindowTask(ctx, \"example\", &ssm.MaintenanceWindowTaskArgs{\n\t\t\tMaxConcurrency: pulumi.String(\"2\"),\n\t\t\tMaxErrors: pulumi.String(\"1\"),\n\t\t\tPriority: pulumi.Int(1),\n\t\t\tTaskArn: pulumi.String(\"AWS-RestartEC2Instance\"),\n\t\t\tTaskType: pulumi.String(\"AUTOMATION\"),\n\t\t\tWindowId: pulumi.Any(aws_ssm_maintenance_window.Example.Id),\n\t\t\tTargets: ssm.MaintenanceWindowTaskTargetArray{\n\t\t\t\t&ssm.MaintenanceWindowTaskTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"InstanceIds\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_instance.Example.Id),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTaskInvocationParameters: &ssm.MaintenanceWindowTaskTaskInvocationParametersArgs{\n\t\t\t\tAutomationParameters: &ssm.MaintenanceWindowTaskTaskInvocationParametersAutomationParametersArgs{\n\t\t\t\t\tDocumentVersion: pulumi.String(fmt.Sprintf(\"%v%v\", \"$\", \"LATEST\")),\n\t\t\t\t\tParameters: ssm.MaintenanceWindowTaskTaskInvocationParametersAutomationParametersParameterArray{\n\t\t\t\t\t\t&ssm.MaintenanceWindowTaskTaskInvocationParametersAutomationParametersParameterArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"InstanceId\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.Any(aws_instance.Example.Id),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Run Command Tasks\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ssm.MaintenanceWindowTask(\"example\", {\n maxConcurrency: 2,\n maxErrors: 1,\n priority: 1,\n taskArn: \"AWS-RunShellScript\",\n taskType: \"RUN_COMMAND\",\n windowId: aws_ssm_maintenance_window.example.id,\n targets: [{\n key: \"InstanceIds\",\n values: [aws_instance.example.id],\n }],\n taskInvocationParameters: {\n runCommandParameters: {\n outputS3Bucket: aws_s3_bucket.example.bucket,\n outputS3KeyPrefix: \"output\",\n serviceRoleArn: aws_iam_role.example.arn,\n timeoutSeconds: 600,\n notificationConfig: {\n notificationArn: aws_sns_topic.example.arn,\n notificationEvents: [\"All\"],\n notificationType: \"Command\",\n },\n parameters: [{\n name: \"commands\",\n values: [\"date\"],\n }],\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ssm.MaintenanceWindowTask(\"example\",\n max_concurrency=\"2\",\n max_errors=\"1\",\n priority=1,\n task_arn=\"AWS-RunShellScript\",\n task_type=\"RUN_COMMAND\",\n window_id=aws_ssm_maintenance_window[\"example\"][\"id\"],\n targets=[aws.ssm.MaintenanceWindowTaskTargetArgs(\n key=\"InstanceIds\",\n values=[aws_instance[\"example\"][\"id\"]],\n )],\n task_invocation_parameters=aws.ssm.MaintenanceWindowTaskTaskInvocationParametersArgs(\n run_command_parameters=aws.ssm.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersArgs(\n output_s3_bucket=aws_s3_bucket[\"example\"][\"bucket\"],\n output_s3_key_prefix=\"output\",\n service_role_arn=aws_iam_role[\"example\"][\"arn\"],\n timeout_seconds=600,\n notification_config=aws.ssm.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersNotificationConfigArgs(\n notification_arn=aws_sns_topic[\"example\"][\"arn\"],\n notification_events=[\"All\"],\n notification_type=\"Command\",\n ),\n parameters=[aws.ssm.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersParameterArgs(\n name=\"commands\",\n values=[\"date\"],\n )],\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ssm.MaintenanceWindowTask(\"example\", new Aws.Ssm.MaintenanceWindowTaskArgs\n {\n MaxConcurrency = \"2\",\n MaxErrors = \"1\",\n Priority = 1,\n TaskArn = \"AWS-RunShellScript\",\n TaskType = \"RUN_COMMAND\",\n WindowId = aws_ssm_maintenance_window.Example.Id,\n Targets = \n {\n new Aws.Ssm.Inputs.MaintenanceWindowTaskTargetArgs\n {\n Key = \"InstanceIds\",\n Values = \n {\n aws_instance.Example.Id,\n },\n },\n },\n TaskInvocationParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersArgs\n {\n RunCommandParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersArgs\n {\n OutputS3Bucket = aws_s3_bucket.Example.Bucket,\n OutputS3KeyPrefix = \"output\",\n ServiceRoleArn = aws_iam_role.Example.Arn,\n TimeoutSeconds = 600,\n NotificationConfig = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersNotificationConfigArgs\n {\n NotificationArn = aws_sns_topic.Example.Arn,\n NotificationEvents = \n {\n \"All\",\n },\n NotificationType = \"Command\",\n },\n Parameters = \n {\n new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersParameterArgs\n {\n Name = \"commands\",\n Values = \n {\n \"date\",\n },\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewMaintenanceWindowTask(ctx, \"example\", &ssm.MaintenanceWindowTaskArgs{\n\t\t\tMaxConcurrency: pulumi.String(\"2\"),\n\t\t\tMaxErrors: pulumi.String(\"1\"),\n\t\t\tPriority: pulumi.Int(1),\n\t\t\tTaskArn: pulumi.String(\"AWS-RunShellScript\"),\n\t\t\tTaskType: pulumi.String(\"RUN_COMMAND\"),\n\t\t\tWindowId: pulumi.Any(aws_ssm_maintenance_window.Example.Id),\n\t\t\tTargets: ssm.MaintenanceWindowTaskTargetArray{\n\t\t\t\t&ssm.MaintenanceWindowTaskTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"InstanceIds\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_instance.Example.Id),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTaskInvocationParameters: &ssm.MaintenanceWindowTaskTaskInvocationParametersArgs{\n\t\t\t\tRunCommandParameters: &ssm.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersArgs{\n\t\t\t\t\tOutputS3Bucket: pulumi.Any(aws_s3_bucket.Example.Bucket),\n\t\t\t\t\tOutputS3KeyPrefix: pulumi.String(\"output\"),\n\t\t\t\t\tServiceRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t\t\t\tTimeoutSeconds: pulumi.Int(600),\n\t\t\t\t\tNotificationConfig: &ssm.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersNotificationConfigArgs{\n\t\t\t\t\t\tNotificationArn: pulumi.Any(aws_sns_topic.Example.Arn),\n\t\t\t\t\t\tNotificationEvents: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"All\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tNotificationType: pulumi.String(\"Command\"),\n\t\t\t\t\t},\n\t\t\t\t\tParameters: ssm.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersParameterArray{\n\t\t\t\t\t\t&ssm.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersParameterArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"commands\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"date\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Step Function Tasks\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.ssm.MaintenanceWindowTask(\"example\", {\n maxConcurrency: 2,\n maxErrors: 1,\n priority: 1,\n taskArn: aws_sfn_activity.example.id,\n taskType: \"STEP_FUNCTIONS\",\n windowId: aws_ssm_maintenance_window.example.id,\n targets: [{\n key: \"InstanceIds\",\n values: [aws_instance.example.id],\n }],\n taskInvocationParameters: {\n stepFunctionsParameters: {\n input: \"{\\\"key1\\\":\\\"value1\\\"}\",\n name: \"example\",\n },\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ssm.MaintenanceWindowTask(\"example\",\n max_concurrency=\"2\",\n max_errors=\"1\",\n priority=1,\n task_arn=aws_sfn_activity[\"example\"][\"id\"],\n task_type=\"STEP_FUNCTIONS\",\n window_id=aws_ssm_maintenance_window[\"example\"][\"id\"],\n targets=[aws.ssm.MaintenanceWindowTaskTargetArgs(\n key=\"InstanceIds\",\n values=[aws_instance[\"example\"][\"id\"]],\n )],\n task_invocation_parameters=aws.ssm.MaintenanceWindowTaskTaskInvocationParametersArgs(\n step_functions_parameters=aws.ssm.MaintenanceWindowTaskTaskInvocationParametersStepFunctionsParametersArgs(\n input=\"{\\\"key1\\\":\\\"value1\\\"}\",\n name=\"example\",\n ),\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Ssm.MaintenanceWindowTask(\"example\", new Aws.Ssm.MaintenanceWindowTaskArgs\n {\n MaxConcurrency = \"2\",\n MaxErrors = \"1\",\n Priority = 1,\n TaskArn = aws_sfn_activity.Example.Id,\n TaskType = \"STEP_FUNCTIONS\",\n WindowId = aws_ssm_maintenance_window.Example.Id,\n Targets = \n {\n new Aws.Ssm.Inputs.MaintenanceWindowTaskTargetArgs\n {\n Key = \"InstanceIds\",\n Values = \n {\n aws_instance.Example.Id,\n },\n },\n },\n TaskInvocationParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersArgs\n {\n StepFunctionsParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersStepFunctionsParametersArgs\n {\n Input = \"{\\\"key1\\\":\\\"value1\\\"}\",\n Name = \"example\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewMaintenanceWindowTask(ctx, \"example\", &ssm.MaintenanceWindowTaskArgs{\n\t\t\tMaxConcurrency: pulumi.String(\"2\"),\n\t\t\tMaxErrors: pulumi.String(\"1\"),\n\t\t\tPriority: pulumi.Int(1),\n\t\t\tTaskArn: pulumi.Any(aws_sfn_activity.Example.Id),\n\t\t\tTaskType: pulumi.String(\"STEP_FUNCTIONS\"),\n\t\t\tWindowId: pulumi.Any(aws_ssm_maintenance_window.Example.Id),\n\t\t\tTargets: ssm.MaintenanceWindowTaskTargetArray{\n\t\t\t\t&ssm.MaintenanceWindowTaskTargetArgs{\n\t\t\t\t\tKey: pulumi.String(\"InstanceIds\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.Any(aws_instance.Example.Id),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTaskInvocationParameters: &ssm.MaintenanceWindowTaskTaskInvocationParametersArgs{\n\t\t\t\tStepFunctionsParameters: &ssm.MaintenanceWindowTaskTaskInvocationParametersStepFunctionsParametersArgs{\n\t\t\t\t\tInput: pulumi.String(\"{\\\"key1\\\":\\\"value1\\\"}\"),\n\t\t\t\t\tName: pulumi.String(\"example\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS Maintenance Window Task can be imported using the `window_id` and `window_task_id` separated by `/`.\n\n```sh\n $ pulumi import aws:ssm/maintenanceWindowTask:MaintenanceWindowTask task /\n```\n\n ", + "properties": { + "description": { + "type": "string", + "description": "The description of the maintenance window task.\n" + }, + "maxConcurrency": { + "type": "string", + "description": "The maximum number of targets this task can be run for in parallel.\n" + }, + "maxErrors": { + "type": "string", + "description": "The maximum number of errors allowed before this task stops being scheduled.\n" + }, + "name": { + "type": "string", + "description": "The name of the maintenance window task.\n" + }, + "priority": { + "type": "integer", + "description": "The priority of the task in the Maintenance Window, the lower the number the higher the priority. Tasks in a Maintenance Window are scheduled in priority order with tasks that have the same priority scheduled in parallel.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The role that should be assumed when executing the task. If a role is not provided, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created for you.\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTarget:MaintenanceWindowTaskTarget" + }, + "description": "The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.\n" + }, + "taskArn": { + "type": "string", + "description": "The ARN of the task to execute.\n" + }, + "taskInvocationParameters": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParameters:MaintenanceWindowTaskTaskInvocationParameters", + "description": "Configuration block with parameters for task execution.\n" + }, + "taskType": { + "type": "string", + "description": "The type of task being registered. Valid values: `AUTOMATION`, `LAMBDA`, `RUN_COMMAND` or `STEP_FUNCTIONS`.\n" + }, + "windowId": { + "type": "string", + "description": "The Id of the maintenance window to register the task with.\n" + } + }, + "required": [ + "maxConcurrency", + "maxErrors", + "name", + "serviceRoleArn", + "taskArn", + "taskType", + "windowId" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the maintenance window task.\n" + }, + "maxConcurrency": { + "type": "string", + "description": "The maximum number of targets this task can be run for in parallel.\n" + }, + "maxErrors": { + "type": "string", + "description": "The maximum number of errors allowed before this task stops being scheduled.\n" + }, + "name": { + "type": "string", + "description": "The name of the maintenance window task.\n" + }, + "priority": { + "type": "integer", + "description": "The priority of the task in the Maintenance Window, the lower the number the higher the priority. Tasks in a Maintenance Window are scheduled in priority order with tasks that have the same priority scheduled in parallel.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The role that should be assumed when executing the task. If a role is not provided, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created for you.\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTarget:MaintenanceWindowTaskTarget" + }, + "description": "The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.\n" + }, + "taskArn": { + "type": "string", + "description": "The ARN of the task to execute.\n" + }, + "taskInvocationParameters": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParameters:MaintenanceWindowTaskTaskInvocationParameters", + "description": "Configuration block with parameters for task execution.\n" + }, + "taskType": { + "type": "string", + "description": "The type of task being registered. Valid values: `AUTOMATION`, `LAMBDA`, `RUN_COMMAND` or `STEP_FUNCTIONS`.\n" + }, + "windowId": { + "type": "string", + "description": "The Id of the maintenance window to register the task with.\n" + } + }, + "requiredInputs": [ + "maxConcurrency", + "maxErrors", + "taskArn", + "taskType", + "windowId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering MaintenanceWindowTask resources.\n", + "properties": { + "description": { + "type": "string", + "description": "The description of the maintenance window task.\n" + }, + "maxConcurrency": { + "type": "string", + "description": "The maximum number of targets this task can be run for in parallel.\n" + }, + "maxErrors": { + "type": "string", + "description": "The maximum number of errors allowed before this task stops being scheduled.\n" + }, + "name": { + "type": "string", + "description": "The name of the maintenance window task.\n" + }, + "priority": { + "type": "integer", + "description": "The priority of the task in the Maintenance Window, the lower the number the higher the priority. Tasks in a Maintenance Window are scheduled in priority order with tasks that have the same priority scheduled in parallel.\n" + }, + "serviceRoleArn": { + "type": "string", + "description": "The role that should be assumed when executing the task. If a role is not provided, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created for you.\n" + }, + "targets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTarget:MaintenanceWindowTaskTarget" + }, + "description": "The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.\n" + }, + "taskArn": { + "type": "string", + "description": "The ARN of the task to execute.\n" + }, + "taskInvocationParameters": { + "$ref": "#/types/aws:ssm/MaintenanceWindowTaskTaskInvocationParameters:MaintenanceWindowTaskTaskInvocationParameters", + "description": "Configuration block with parameters for task execution.\n" + }, + "taskType": { + "type": "string", + "description": "The type of task being registered. Valid values: `AUTOMATION`, `LAMBDA`, `RUN_COMMAND` or `STEP_FUNCTIONS`.\n" + }, + "windowId": { + "type": "string", + "description": "The Id of the maintenance window to register the task with.\n" + } + }, + "type": "object" + } + }, + "aws:ssm/parameter:Parameter": { + "description": "Provides an SSM Parameter resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nTo store a basic string parameter:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.ssm.Parameter(\"foo\", {\n type: \"String\",\n value: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ssm.Parameter(\"foo\",\n type=\"String\",\n value=\"bar\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Ssm.Parameter(\"foo\", new Aws.Ssm.ParameterArgs\n {\n Type = \"String\",\n Value = \"bar\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewParameter(ctx, \"foo\", &ssm.ParameterArgs{\n\t\t\tType: pulumi.String(\"String\"),\n\t\t\tValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nTo store an encrypted string using the default SSM KMS key:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst _default = new aws.rds.Instance(\"default\", {\n allocatedStorage: 10,\n storageType: \"gp2\",\n engine: \"mysql\",\n engineVersion: \"5.7.16\",\n instanceClass: \"db.t2.micro\",\n name: \"mydb\",\n username: \"foo\",\n password: _var.database_master_password,\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.7\",\n});\nconst secret = new aws.ssm.Parameter(\"secret\", {\n description: \"The parameter description\",\n type: \"SecureString\",\n value: _var.database_master_password,\n tags: {\n environment: \"production\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.rds.Instance(\"default\",\n allocated_storage=10,\n storage_type=\"gp2\",\n engine=\"mysql\",\n engine_version=\"5.7.16\",\n instance_class=\"db.t2.micro\",\n name=\"mydb\",\n username=\"foo\",\n password=var[\"database_master_password\"],\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.7\")\nsecret = aws.ssm.Parameter(\"secret\",\n description=\"The parameter description\",\n type=\"SecureString\",\n value=var[\"database_master_password\"],\n tags={\n \"environment\": \"production\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = new Aws.Rds.Instance(\"default\", new Aws.Rds.InstanceArgs\n {\n AllocatedStorage = 10,\n StorageType = \"gp2\",\n Engine = \"mysql\",\n EngineVersion = \"5.7.16\",\n InstanceClass = \"db.t2.micro\",\n Name = \"mydb\",\n Username = \"foo\",\n Password = @var.Database_master_password,\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.7\",\n });\n var secret = new Aws.Ssm.Parameter(\"secret\", new Aws.Ssm.ParameterArgs\n {\n Description = \"The parameter description\",\n Type = \"SecureString\",\n Value = @var.Database_master_password,\n Tags = \n {\n { \"environment\", \"production\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.NewInstance(ctx, \"_default\", &rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tStorageType: pulumi.String(\"gp2\"),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.7.16\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.Any(_var.Database_master_password),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.7\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewParameter(ctx, \"secret\", &ssm.ParameterArgs{\n\t\t\tDescription: pulumi.String(\"The parameter description\"),\n\t\t\tType: pulumi.String(\"SecureString\"),\n\t\t\tValue: pulumi.Any(_var.Database_master_password),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"environment\": pulumi.String(\"production\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSSM Parameters can be imported using the `parameter store name`, e.g.\n\n```sh\n $ pulumi import aws:ssm/parameter:Parameter my_param /my_path/my_paramname\n```\n\n ", + "properties": { + "allowedPattern": { + "type": "string", + "description": "A regular expression used to validate the parameter value.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the parameter.\n" + }, + "dataType": { + "type": "string", + "description": "The data_type of the parameter. Valid values: text and aws:ec2:image for AMI format, see the [Native parameter support for Amazon Machine Image IDs\n](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-ec2-aliases.html)\n" + }, + "description": { + "type": "string", + "description": "The description of the parameter.\n" + }, + "keyId": { + "type": "string", + "description": "The KMS key id or arn for encrypting a SecureString.\n" + }, + "name": { + "type": "string", + "description": "The name of the parameter. If the name contains a path (e.g. any forward slashes (`/`)), it must be fully qualified with a leading forward slash (`/`). For additional requirements and constraints, see the [AWS SSM User Guide](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-parameter-name-constraints.html).\n" + }, + "overwrite": { + "type": "boolean", + "description": "Overwrite an existing parameter. If not specified, will default to `false` if the resource has not been created by this provider to avoid overwrite of existing resource and will default to `true` otherwise (lifecycle rules should then be used to manage the update behavior).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "tier": { + "type": "string", + "description": "The tier of the parameter. If not specified, will default to `Standard`. Valid tiers are `Standard`, `Advanced`, and `Intelligent-Tiering`. For more information on parameter tiers, see the [AWS SSM Parameter tier comparison and guide](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html).\n" + }, + "type": { + "type": "string", + "description": "The type of the parameter. Valid types are `String`, `StringList` and `SecureString`.\n" + }, + "value": { + "type": "string", + "description": "The value of the parameter.\n" + }, + "version": { + "type": "integer", + "description": "The version of the parameter.\n" + } + }, + "required": [ + "arn", + "dataType", + "keyId", + "name", + "tagsAll", + "type", + "value", + "version" + ], + "inputProperties": { + "allowedPattern": { + "type": "string", + "description": "A regular expression used to validate the parameter value.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the parameter.\n" + }, + "dataType": { + "type": "string", + "description": "The data_type of the parameter. Valid values: text and aws:ec2:image for AMI format, see the [Native parameter support for Amazon Machine Image IDs\n](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-ec2-aliases.html)\n" + }, + "description": { + "type": "string", + "description": "The description of the parameter.\n" + }, + "keyId": { + "type": "string", + "description": "The KMS key id or arn for encrypting a SecureString.\n" + }, + "name": { + "type": "string", + "description": "The name of the parameter. If the name contains a path (e.g. any forward slashes (`/`)), it must be fully qualified with a leading forward slash (`/`). For additional requirements and constraints, see the [AWS SSM User Guide](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-parameter-name-constraints.html).\n" + }, + "overwrite": { + "type": "boolean", + "description": "Overwrite an existing parameter. If not specified, will default to `false` if the resource has not been created by this provider to avoid overwrite of existing resource and will default to `true` otherwise (lifecycle rules should then be used to manage the update behavior).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "tier": { + "type": "string", + "description": "The tier of the parameter. If not specified, will default to `Standard`. Valid tiers are `Standard`, `Advanced`, and `Intelligent-Tiering`. For more information on parameter tiers, see the [AWS SSM Parameter tier comparison and guide](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html).\n" + }, + "type": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ssm/ParameterType:ParameterType" + } + ], + "description": "The type of the parameter. Valid types are `String`, `StringList` and `SecureString`.\n" + }, + "value": { + "type": "string", + "description": "The value of the parameter.\n" + } + }, + "requiredInputs": [ + "type", + "value" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Parameter resources.\n", + "properties": { + "allowedPattern": { + "type": "string", + "description": "A regular expression used to validate the parameter value.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the parameter.\n" + }, + "dataType": { + "type": "string", + "description": "The data_type of the parameter. Valid values: text and aws:ec2:image for AMI format, see the [Native parameter support for Amazon Machine Image IDs\n](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-ec2-aliases.html)\n" + }, + "description": { + "type": "string", + "description": "The description of the parameter.\n" + }, + "keyId": { + "type": "string", + "description": "The KMS key id or arn for encrypting a SecureString.\n" + }, + "name": { + "type": "string", + "description": "The name of the parameter. If the name contains a path (e.g. any forward slashes (`/`)), it must be fully qualified with a leading forward slash (`/`). For additional requirements and constraints, see the [AWS SSM User Guide](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-parameter-name-constraints.html).\n" + }, + "overwrite": { + "type": "boolean", + "description": "Overwrite an existing parameter. If not specified, will default to `false` if the resource has not been created by this provider to avoid overwrite of existing resource and will default to `true` otherwise (lifecycle rules should then be used to manage the update behavior).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the object. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "tier": { + "type": "string", + "description": "The tier of the parameter. If not specified, will default to `Standard`. Valid tiers are `Standard`, `Advanced`, and `Intelligent-Tiering`. For more information on parameter tiers, see the [AWS SSM Parameter tier comparison and guide](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-advanced-parameters.html).\n" + }, + "type": { + "type": "string", + "oneOf": [ + { + "type": "string" + }, + { + "type": "string", + "$ref": "#/types/aws:ssm/ParameterType:ParameterType" + } + ], + "description": "The type of the parameter. Valid types are `String`, `StringList` and `SecureString`.\n" + }, + "value": { + "type": "string", + "description": "The value of the parameter.\n" + }, + "version": { + "type": "integer", + "description": "The version of the parameter.\n" + } + }, + "type": "object" + } + }, + "aws:ssm/patchBaseline:PatchBaseline": { + "description": "Provides an SSM Patch Baseline resource\n\n> **NOTE on Patch Baselines:** The `approved_patches` and `approval_rule` are\nboth marked as optional fields, but the Patch Baseline requires that at least one\nof them is specified.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage using `approved_patches` only\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst production = new aws.ssm.PatchBaseline(\"production\", {\n approvedPatches: [\"KB123456\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nproduction = aws.ssm.PatchBaseline(\"production\", approved_patches=[\"KB123456\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var production = new Aws.Ssm.PatchBaseline(\"production\", new Aws.Ssm.PatchBaselineArgs\n {\n ApprovedPatches = \n {\n \"KB123456\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewPatchBaseline(ctx, \"production\", &ssm.PatchBaselineArgs{\n\t\t\tApprovedPatches: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"KB123456\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nAdvanced usage, specifying patch filters\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst production = new aws.ssm.PatchBaseline(\"production\", {\n approvalRules: [\n {\n approveAfterDays: 7,\n complianceLevel: \"HIGH\",\n patchFilters: [\n {\n key: \"PRODUCT\",\n values: [\"WindowsServer2016\"],\n },\n {\n key: \"CLASSIFICATION\",\n values: [\n \"CriticalUpdates\",\n \"SecurityUpdates\",\n \"Updates\",\n ],\n },\n {\n key: \"MSRC_SEVERITY\",\n values: [\n \"Critical\",\n \"Important\",\n \"Moderate\",\n ],\n },\n ],\n },\n {\n approveAfterDays: 7,\n patchFilters: [{\n key: \"PRODUCT\",\n values: [\"WindowsServer2012\"],\n }],\n },\n ],\n approvedPatches: [\n \"KB123456\",\n \"KB456789\",\n ],\n description: \"Patch Baseline Description\",\n globalFilters: [\n {\n key: \"PRODUCT\",\n values: [\"WindowsServer2008\"],\n },\n {\n key: \"CLASSIFICATION\",\n values: [\"ServicePacks\"],\n },\n {\n key: \"MSRC_SEVERITY\",\n values: [\"Low\"],\n },\n ],\n rejectedPatches: [\"KB987654\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nproduction = aws.ssm.PatchBaseline(\"production\",\n approval_rules=[\n aws.ssm.PatchBaselineApprovalRuleArgs(\n approve_after_days=7,\n compliance_level=\"HIGH\",\n patch_filters=[\n aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(\n key=\"PRODUCT\",\n values=[\"WindowsServer2016\"],\n ),\n aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(\n key=\"CLASSIFICATION\",\n values=[\n \"CriticalUpdates\",\n \"SecurityUpdates\",\n \"Updates\",\n ],\n ),\n aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(\n key=\"MSRC_SEVERITY\",\n values=[\n \"Critical\",\n \"Important\",\n \"Moderate\",\n ],\n ),\n ],\n ),\n aws.ssm.PatchBaselineApprovalRuleArgs(\n approve_after_days=7,\n patch_filters=[aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(\n key=\"PRODUCT\",\n values=[\"WindowsServer2012\"],\n )],\n ),\n ],\n approved_patches=[\n \"KB123456\",\n \"KB456789\",\n ],\n description=\"Patch Baseline Description\",\n global_filters=[\n aws.ssm.PatchBaselineGlobalFilterArgs(\n key=\"PRODUCT\",\n values=[\"WindowsServer2008\"],\n ),\n aws.ssm.PatchBaselineGlobalFilterArgs(\n key=\"CLASSIFICATION\",\n values=[\"ServicePacks\"],\n ),\n aws.ssm.PatchBaselineGlobalFilterArgs(\n key=\"MSRC_SEVERITY\",\n values=[\"Low\"],\n ),\n ],\n rejected_patches=[\"KB987654\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var production = new Aws.Ssm.PatchBaseline(\"production\", new Aws.Ssm.PatchBaselineArgs\n {\n ApprovalRules = \n {\n new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs\n {\n ApproveAfterDays = 7,\n ComplianceLevel = \"HIGH\",\n PatchFilters = \n {\n new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs\n {\n Key = \"PRODUCT\",\n Values = \n {\n \"WindowsServer2016\",\n },\n },\n new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs\n {\n Key = \"CLASSIFICATION\",\n Values = \n {\n \"CriticalUpdates\",\n \"SecurityUpdates\",\n \"Updates\",\n },\n },\n new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs\n {\n Key = \"MSRC_SEVERITY\",\n Values = \n {\n \"Critical\",\n \"Important\",\n \"Moderate\",\n },\n },\n },\n },\n new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs\n {\n ApproveAfterDays = 7,\n PatchFilters = \n {\n new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs\n {\n Key = \"PRODUCT\",\n Values = \n {\n \"WindowsServer2012\",\n },\n },\n },\n },\n },\n ApprovedPatches = \n {\n \"KB123456\",\n \"KB456789\",\n },\n Description = \"Patch Baseline Description\",\n GlobalFilters = \n {\n new Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs\n {\n Key = \"PRODUCT\",\n Values = \n {\n \"WindowsServer2008\",\n },\n },\n new Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs\n {\n Key = \"CLASSIFICATION\",\n Values = \n {\n \"ServicePacks\",\n },\n },\n new Aws.Ssm.Inputs.PatchBaselineGlobalFilterArgs\n {\n Key = \"MSRC_SEVERITY\",\n Values = \n {\n \"Low\",\n },\n },\n },\n RejectedPatches = \n {\n \"KB987654\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewPatchBaseline(ctx, \"production\", &ssm.PatchBaselineArgs{\n\t\t\tApprovalRules: ssm.PatchBaselineApprovalRuleArray{\n\t\t\t\t&ssm.PatchBaselineApprovalRuleArgs{\n\t\t\t\t\tApproveAfterDays: pulumi.Int(7),\n\t\t\t\t\tComplianceLevel: pulumi.String(\"HIGH\"),\n\t\t\t\t\tPatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{\n\t\t\t\t\t\t&ssm.PatchBaselineApprovalRulePatchFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"PRODUCT\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"WindowsServer2016\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&ssm.PatchBaselineApprovalRulePatchFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"CLASSIFICATION\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"CriticalUpdates\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"SecurityUpdates\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"Updates\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&ssm.PatchBaselineApprovalRulePatchFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"MSRC_SEVERITY\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Critical\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"Important\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"Moderate\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&ssm.PatchBaselineApprovalRuleArgs{\n\t\t\t\t\tApproveAfterDays: pulumi.Int(7),\n\t\t\t\t\tPatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{\n\t\t\t\t\t\t&ssm.PatchBaselineApprovalRulePatchFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"PRODUCT\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"WindowsServer2012\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tApprovedPatches: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"KB123456\"),\n\t\t\t\tpulumi.String(\"KB456789\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Patch Baseline Description\"),\n\t\t\tGlobalFilters: ssm.PatchBaselineGlobalFilterArray{\n\t\t\t\t&ssm.PatchBaselineGlobalFilterArgs{\n\t\t\t\t\tKey: pulumi.String(\"PRODUCT\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"WindowsServer2008\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&ssm.PatchBaselineGlobalFilterArgs{\n\t\t\t\t\tKey: pulumi.String(\"CLASSIFICATION\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"ServicePacks\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&ssm.PatchBaselineGlobalFilterArgs{\n\t\t\t\t\tKey: pulumi.String(\"MSRC_SEVERITY\"),\n\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"Low\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tRejectedPatches: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"KB987654\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nAdvanced usage, specifying Microsoft application and Windows patch rules\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst windowsOsApps = new aws.ssm.PatchBaseline(\"windows_os_apps\", {\n approvalRules: [\n {\n approveAfterDays: 7,\n patchFilters: [\n {\n key: \"CLASSIFICATION\",\n values: [\n \"CriticalUpdates\",\n \"SecurityUpdates\",\n ],\n },\n {\n key: \"MSRC_SEVERITY\",\n values: [\n \"Critical\",\n \"Important\",\n ],\n },\n ],\n },\n {\n approveAfterDays: 7,\n patchFilters: [\n {\n key: \"PATCH_SET\",\n values: [\"APPLICATION\"],\n },\n // Filter on Microsoft product if necessary\n {\n key: \"PRODUCT\",\n values: [\n \"Office 2013\",\n \"Office 2016\",\n ],\n },\n ],\n },\n ],\n description: \"Patch both Windows and Microsoft apps\",\n operatingSystem: \"WINDOWS\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nwindows_os_apps = aws.ssm.PatchBaseline(\"windowsOsApps\",\n approval_rules=[\n aws.ssm.PatchBaselineApprovalRuleArgs(\n approve_after_days=7,\n patch_filters=[\n aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(\n key=\"CLASSIFICATION\",\n values=[\n \"CriticalUpdates\",\n \"SecurityUpdates\",\n ],\n ),\n aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(\n key=\"MSRC_SEVERITY\",\n values=[\n \"Critical\",\n \"Important\",\n ],\n ),\n ],\n ),\n aws.ssm.PatchBaselineApprovalRuleArgs(\n approve_after_days=7,\n patch_filters=[\n aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(\n key=\"PATCH_SET\",\n values=[\"APPLICATION\"],\n ),\n aws.ssm.PatchBaselineApprovalRulePatchFilterArgs(\n key=\"PRODUCT\",\n values=[\n \"Office 2013\",\n \"Office 2016\",\n ],\n ),\n ],\n ),\n ],\n description=\"Patch both Windows and Microsoft apps\",\n operating_system=\"WINDOWS\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var windowsOsApps = new Aws.Ssm.PatchBaseline(\"windowsOsApps\", new Aws.Ssm.PatchBaselineArgs\n {\n ApprovalRules = \n {\n new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs\n {\n ApproveAfterDays = 7,\n PatchFilters = \n {\n new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs\n {\n Key = \"CLASSIFICATION\",\n Values = \n {\n \"CriticalUpdates\",\n \"SecurityUpdates\",\n },\n },\n new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs\n {\n Key = \"MSRC_SEVERITY\",\n Values = \n {\n \"Critical\",\n \"Important\",\n },\n },\n },\n },\n new Aws.Ssm.Inputs.PatchBaselineApprovalRuleArgs\n {\n ApproveAfterDays = 7,\n PatchFilters = \n {\n new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs\n {\n Key = \"PATCH_SET\",\n Values = \n {\n \"APPLICATION\",\n },\n },\n new Aws.Ssm.Inputs.PatchBaselineApprovalRulePatchFilterArgs\n {\n Key = \"PRODUCT\",\n Values = \n {\n \"Office 2013\",\n \"Office 2016\",\n },\n },\n },\n },\n },\n Description = \"Patch both Windows and Microsoft apps\",\n OperatingSystem = \"WINDOWS\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewPatchBaseline(ctx, \"windowsOsApps\", &ssm.PatchBaselineArgs{\n\t\t\tApprovalRules: ssm.PatchBaselineApprovalRuleArray{\n\t\t\t\t&ssm.PatchBaselineApprovalRuleArgs{\n\t\t\t\t\tApproveAfterDays: pulumi.Int(7),\n\t\t\t\t\tPatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{\n\t\t\t\t\t\t&ssm.PatchBaselineApprovalRulePatchFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"CLASSIFICATION\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"CriticalUpdates\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"SecurityUpdates\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&ssm.PatchBaselineApprovalRulePatchFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"MSRC_SEVERITY\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Critical\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"Important\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&ssm.PatchBaselineApprovalRuleArgs{\n\t\t\t\t\tApproveAfterDays: pulumi.Int(7),\n\t\t\t\t\tPatchFilters: ssm.PatchBaselineApprovalRulePatchFilterArray{\n\t\t\t\t\t\t&ssm.PatchBaselineApprovalRulePatchFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"PATCH_SET\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"APPLICATION\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&ssm.PatchBaselineApprovalRulePatchFilterArgs{\n\t\t\t\t\t\t\tKey: pulumi.String(\"PRODUCT\"),\n\t\t\t\t\t\t\tValues: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"Office 2013\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"Office 2016\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Patch both Windows and Microsoft apps\"),\n\t\t\tOperatingSystem: pulumi.String(\"WINDOWS\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nAdvanced usage, specifying alternate patch source repository\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst al201709 = new aws.ssm.PatchBaseline(\"al_2017_09\", {\n approvalRules: [{}],\n description: \"My patch repository for Amazon Linux 2017.09\",\n operatingSystem: \"AMAZON_LINUX\",\n sources: [{\n configuration: `[amzn-main]\nname=amzn-main-Base\nmirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list\nmirrorlist_expire=300\nmetadata_expire=300\npriority=10\nfailovermethod=priority\nfastestmirror_enabled=0\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga\nenabled=1\nretries=3\ntimeout=5\nreport_instanceid=yes\n`,\n name: \"My-AL2017.09\",\n products: [\"AmazonLinux2017.09\"],\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nal201709 = aws.ssm.PatchBaseline(\"al201709\",\n approval_rules=[aws.ssm.PatchBaselineApprovalRuleArgs()],\n description=\"My patch repository for Amazon Linux 2017.09\",\n operating_system=\"AMAZON_LINUX\",\n sources=[aws.ssm.PatchBaselineSourceArgs(\n configuration=\"\"\"[amzn-main]\nname=amzn-main-Base\nmirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list\nmirrorlist_expire=300\nmetadata_expire=300\npriority=10\nfailovermethod=priority\nfastestmirror_enabled=0\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga\nenabled=1\nretries=3\ntimeout=5\nreport_instanceid=yes\n\n\"\"\",\n name=\"My-AL2017.09\",\n products=[\"AmazonLinux2017.09\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var al201709 = new Aws.Ssm.PatchBaseline(\"al201709\", new Aws.Ssm.PatchBaselineArgs\n {\n ApprovalRules = \n {\n ,\n },\n Description = \"My patch repository for Amazon Linux 2017.09\",\n OperatingSystem = \"AMAZON_LINUX\",\n Sources = \n {\n new Aws.Ssm.Inputs.PatchBaselineSourceArgs\n {\n Configuration = @\"[amzn-main]\nname=amzn-main-Base\nmirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list\nmirrorlist_expire=300\nmetadata_expire=300\npriority=10\nfailovermethod=priority\nfastestmirror_enabled=0\ngpgcheck=1\ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga\nenabled=1\nretries=3\ntimeout=5\nreport_instanceid=yes\n\n\",\n Name = \"My-AL2017.09\",\n Products = \n {\n \"AmazonLinux2017.09\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.NewPatchBaseline(ctx, \"al201709\", &ssm.PatchBaselineArgs{\n\t\t\tApprovalRules: ssm.PatchBaselineApprovalRuleArray{\n\t\t\t\tnil,\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"My patch repository for Amazon Linux 2017.09\"),\n\t\t\tOperatingSystem: pulumi.String(\"AMAZON_LINUX\"),\n\t\t\tSources: ssm.PatchBaselineSourceArray{\n\t\t\t\t&ssm.PatchBaselineSourceArgs{\n\t\t\t\t\tConfiguration: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"[amzn-main]\\n\", \"name=amzn-main-Base\\n\", \"mirrorlist=http://repo./\", \"$\", \"awsregion./\", \"$\", \"awsdomain//\", \"$\", \"releasever/main/mirror.list\\n\", \"mirrorlist_expire=300\\n\", \"metadata_expire=300\\n\", \"priority=10\\n\", \"failovermethod=priority\\n\", \"fastestmirror_enabled=0\\n\", \"gpgcheck=1\\n\", \"gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga\\n\", \"enabled=1\\n\", \"retries=3\\n\", \"timeout=5\\n\", \"report_instanceid=yes\\n\", \"\\n\")),\n\t\t\t\t\tName: pulumi.String(\"My-AL2017.09\"),\n\t\t\t\t\tProducts: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"AmazonLinux2017.09\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSSM Patch Baselines can be imported by their baseline ID, e.g.\n\n```sh\n $ pulumi import aws:ssm/patchBaseline:PatchBaseline example pb-12345678\n```\n\n ", + "properties": { + "approvalRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/PatchBaselineApprovalRule:PatchBaselineApprovalRule" + }, + "description": "A set of rules used to include patches in the baseline. up to 10 approval rules can be specified. Each approval_rule block requires the fields documented below.\n" + }, + "approvedPatches": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of explicitly approved patches for the baseline.\n" + }, + "approvedPatchesComplianceLevel": { + "type": "string", + "description": "Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `INFORMATIONAL`, `UNSPECIFIED`. The default value is `UNSPECIFIED`.\n" + }, + "approvedPatchesEnableNonSecurity": { + "type": "boolean", + "description": "Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the patch baseline.\n" + }, + "description": { + "type": "string", + "description": "The description of the patch baseline.\n" + }, + "globalFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/PatchBaselineGlobalFilter:PatchBaselineGlobalFilter" + }, + "description": "A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are `PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID`.\n" + }, + "name": { + "type": "string", + "description": "The name specified to identify the patch source.\n" + }, + "operatingSystem": { + "type": "string", + "description": "Defines the operating system the patch baseline applies to. Supported operating systems include `WINDOWS`, `AMAZON_LINUX`, `AMAZON_LINUX_2`, `SUSE`, `UBUNTU`, `CENTOS`, and `REDHAT_ENTERPRISE_LINUX`. The Default value is `WINDOWS`.\n" + }, + "rejectedPatches": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of rejected patches.\n" + }, + "rejectedPatchesAction": { + "type": "string", + "description": "The action for Patch Manager to take on patches included in the `rejected_patches` list. Allow values are `ALLOW_AS_DEPENDENCY` and `BLOCK`.\n" + }, + "sources": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/PatchBaselineSource:PatchBaselineSource" + }, + "description": "Configuration block(s) with alternate sources for patches. Applies to Linux instances only. Documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "name", + "rejectedPatchesAction", + "tagsAll" + ], + "inputProperties": { + "approvalRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/PatchBaselineApprovalRule:PatchBaselineApprovalRule" + }, + "description": "A set of rules used to include patches in the baseline. up to 10 approval rules can be specified. Each approval_rule block requires the fields documented below.\n" + }, + "approvedPatches": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of explicitly approved patches for the baseline.\n" + }, + "approvedPatchesComplianceLevel": { + "type": "string", + "description": "Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `INFORMATIONAL`, `UNSPECIFIED`. The default value is `UNSPECIFIED`.\n" + }, + "approvedPatchesEnableNonSecurity": { + "type": "boolean", + "description": "Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.\n" + }, + "description": { + "type": "string", + "description": "The description of the patch baseline.\n" + }, + "globalFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/PatchBaselineGlobalFilter:PatchBaselineGlobalFilter" + }, + "description": "A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are `PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID`.\n" + }, + "name": { + "type": "string", + "description": "The name specified to identify the patch source.\n" + }, + "operatingSystem": { + "type": "string", + "description": "Defines the operating system the patch baseline applies to. Supported operating systems include `WINDOWS`, `AMAZON_LINUX`, `AMAZON_LINUX_2`, `SUSE`, `UBUNTU`, `CENTOS`, and `REDHAT_ENTERPRISE_LINUX`. The Default value is `WINDOWS`.\n" + }, + "rejectedPatches": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of rejected patches.\n" + }, + "rejectedPatchesAction": { + "type": "string", + "description": "The action for Patch Manager to take on patches included in the `rejected_patches` list. Allow values are `ALLOW_AS_DEPENDENCY` and `BLOCK`.\n" + }, + "sources": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/PatchBaselineSource:PatchBaselineSource" + }, + "description": "Configuration block(s) with alternate sources for patches. Applies to Linux instances only. Documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering PatchBaseline resources.\n", + "properties": { + "approvalRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/PatchBaselineApprovalRule:PatchBaselineApprovalRule" + }, + "description": "A set of rules used to include patches in the baseline. up to 10 approval rules can be specified. Each approval_rule block requires the fields documented below.\n" + }, + "approvedPatches": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of explicitly approved patches for the baseline.\n" + }, + "approvedPatchesComplianceLevel": { + "type": "string", + "description": "Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `INFORMATIONAL`, `UNSPECIFIED`. The default value is `UNSPECIFIED`.\n" + }, + "approvedPatchesEnableNonSecurity": { + "type": "boolean", + "description": "Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. Applies to Linux instances only.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the patch baseline.\n" + }, + "description": { + "type": "string", + "description": "The description of the patch baseline.\n" + }, + "globalFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/PatchBaselineGlobalFilter:PatchBaselineGlobalFilter" + }, + "description": "A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are `PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID`.\n" + }, + "name": { + "type": "string", + "description": "The name specified to identify the patch source.\n" + }, + "operatingSystem": { + "type": "string", + "description": "Defines the operating system the patch baseline applies to. Supported operating systems include `WINDOWS`, `AMAZON_LINUX`, `AMAZON_LINUX_2`, `SUSE`, `UBUNTU`, `CENTOS`, and `REDHAT_ENTERPRISE_LINUX`. The Default value is `WINDOWS`.\n" + }, + "rejectedPatches": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of rejected patches.\n" + }, + "rejectedPatchesAction": { + "type": "string", + "description": "The action for Patch Manager to take on patches included in the `rejected_patches` list. Allow values are `ALLOW_AS_DEPENDENCY` and `BLOCK`.\n" + }, + "sources": { + "type": "array", + "items": { + "$ref": "#/types/aws:ssm/PatchBaselineSource:PatchBaselineSource" + }, + "description": "Configuration block(s) with alternate sources for patches. Applies to Linux instances only. Documented below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ssm/patchGroup:PatchGroup": { + "description": "Provides an SSM Patch Group resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst production = new aws.ssm.PatchBaseline(\"production\", {approvedPatches: [\"KB123456\"]});\nconst patchgroup = new aws.ssm.PatchGroup(\"patchgroup\", {\n baselineId: production.id,\n patchGroup: \"patch-group-name\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nproduction = aws.ssm.PatchBaseline(\"production\", approved_patches=[\"KB123456\"])\npatchgroup = aws.ssm.PatchGroup(\"patchgroup\",\n baseline_id=production.id,\n patch_group=\"patch-group-name\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var production = new Aws.Ssm.PatchBaseline(\"production\", new Aws.Ssm.PatchBaselineArgs\n {\n ApprovedPatches = \n {\n \"KB123456\",\n },\n });\n var patchgroup = new Aws.Ssm.PatchGroup(\"patchgroup\", new Aws.Ssm.PatchGroupArgs\n {\n BaselineId = production.Id,\n PatchGroup = \"patch-group-name\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tproduction, err := ssm.NewPatchBaseline(ctx, \"production\", &ssm.PatchBaselineArgs{\n\t\t\tApprovedPatches: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"KB123456\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewPatchGroup(ctx, \"patchgroup\", &ssm.PatchGroupArgs{\n\t\t\tBaselineId: production.ID(),\n\t\t\tPatchGroup: pulumi.String(\"patch-group-name\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "properties": { + "baselineId": { + "type": "string", + "description": "The ID of the patch baseline to register the patch group with.\n" + }, + "patchGroup": { + "type": "string", + "description": "The name of the patch group that should be registered with the patch baseline.\n", + "language": { + "csharp": { + "name": "PatchGroupName" + } + } + } + }, + "required": [ + "baselineId", + "patchGroup" + ], + "inputProperties": { + "baselineId": { + "type": "string", + "description": "The ID of the patch baseline to register the patch group with.\n" + }, + "patchGroup": { + "type": "string", + "description": "The name of the patch group that should be registered with the patch baseline.\n", + "language": { + "csharp": { + "name": "PatchGroupName" + } + } + } + }, + "requiredInputs": [ + "baselineId", + "patchGroup" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PatchGroup resources.\n", + "properties": { + "baselineId": { + "type": "string", + "description": "The ID of the patch baseline to register the patch group with.\n" + }, + "patchGroup": { + "type": "string", + "description": "The name of the patch group that should be registered with the patch baseline.\n", + "language": { + "csharp": { + "name": "PatchGroupName" + } + } + } + }, + "type": "object" + } + }, + "aws:ssm/resourceDataSync:ResourceDataSync": { + "description": "Provides a SSM resource data sync.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst hogeBucket = new aws.s3.Bucket(\"hogeBucket\", {});\nconst hogeBucketPolicy = new aws.s3.BucketPolicy(\"hogeBucketPolicy\", {\n bucket: hogeBucket.bucket,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"SSMBucketPermissionsCheck\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ssm.amazonaws.com\"\n },\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::tf-test-bucket-1234\"\n },\n {\n \"Sid\": \" SSMBucketDelivery\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ssm.amazonaws.com\"\n },\n \"Action\": \"s3:PutObject\",\n \"Resource\": [\"arn:aws:s3:::tf-test-bucket-1234/*\"],\n \"Condition\": {\n \"StringEquals\": {\n \"s3:x-amz-acl\": \"bucket-owner-full-control\"\n }\n }\n }\n ]\n}\n`,\n});\nconst foo = new aws.ssm.ResourceDataSync(\"foo\", {s3Destination: {\n bucketName: hogeBucket.bucket,\n region: hogeBucket.region,\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nhoge_bucket = aws.s3.Bucket(\"hogeBucket\")\nhoge_bucket_policy = aws.s3.BucketPolicy(\"hogeBucketPolicy\",\n bucket=hoge_bucket.bucket,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"SSMBucketPermissionsCheck\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ssm.amazonaws.com\"\n },\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::tf-test-bucket-1234\"\n },\n {\n \"Sid\": \" SSMBucketDelivery\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"Service\": \"ssm.amazonaws.com\"\n },\n \"Action\": \"s3:PutObject\",\n \"Resource\": [\"arn:aws:s3:::tf-test-bucket-1234/*\"],\n \"Condition\": {\n \"StringEquals\": {\n \"s3:x-amz-acl\": \"bucket-owner-full-control\"\n }\n }\n }\n ]\n}\n\"\"\")\nfoo = aws.ssm.ResourceDataSync(\"foo\", s3_destination=aws.ssm.ResourceDataSyncS3DestinationArgs(\n bucket_name=hoge_bucket.bucket,\n region=hoge_bucket.region,\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var hogeBucket = new Aws.S3.Bucket(\"hogeBucket\", new Aws.S3.BucketArgs\n {\n });\n var hogeBucketPolicy = new Aws.S3.BucketPolicy(\"hogeBucketPolicy\", new Aws.S3.BucketPolicyArgs\n {\n Bucket = hogeBucket.BucketName,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"SSMBucketPermissionsCheck\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"ssm.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"s3:GetBucketAcl\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::tf-test-bucket-1234\"\"\n },\n {\n \"\"Sid\"\": \"\" SSMBucketDelivery\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"Service\"\": \"\"ssm.amazonaws.com\"\"\n },\n \"\"Action\"\": \"\"s3:PutObject\"\",\n \"\"Resource\"\": [\"\"arn:aws:s3:::tf-test-bucket-1234/*\"\"],\n \"\"Condition\"\": {\n \"\"StringEquals\"\": {\n \"\"s3:x-amz-acl\"\": \"\"bucket-owner-full-control\"\"\n }\n }\n }\n ]\n}\n\",\n });\n var foo = new Aws.Ssm.ResourceDataSync(\"foo\", new Aws.Ssm.ResourceDataSyncArgs\n {\n S3Destination = new Aws.Ssm.Inputs.ResourceDataSyncS3DestinationArgs\n {\n BucketName = hogeBucket.BucketName,\n Region = hogeBucket.Region,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\thogeBucket, err := s3.NewBucket(ctx, \"hogeBucket\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucketPolicy(ctx, \"hogeBucketPolicy\", &s3.BucketPolicyArgs{\n\t\t\tBucket: hogeBucket.Bucket,\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"SSMBucketPermissionsCheck\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"ssm.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"s3:GetBucketAcl\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::tf-test-bucket-1234\\\"\\n\", \" },\\n\", \" {\\n\", \" \\\"Sid\\\": \\\" SSMBucketDelivery\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"Service\\\": \\\"ssm.amazonaws.com\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"s3:PutObject\\\",\\n\", \" \\\"Resource\\\": [\\\"arn:aws:s3:::tf-test-bucket-1234/*\\\"],\\n\", \" \\\"Condition\\\": {\\n\", \" \\\"StringEquals\\\": {\\n\", \" \\\"s3:x-amz-acl\\\": \\\"bucket-owner-full-control\\\"\\n\", \" }\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ssm.NewResourceDataSync(ctx, \"foo\", &ssm.ResourceDataSyncArgs{\n\t\t\tS3Destination: &ssm.ResourceDataSyncS3DestinationArgs{\n\t\t\t\tBucketName: hogeBucket.Bucket,\n\t\t\t\tRegion: hogeBucket.Region,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSSM resource data sync can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:ssm/resourceDataSync:ResourceDataSync example example-name\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "Name for the configuration.\n" + }, + "s3Destination": { + "$ref": "#/types/aws:ssm/ResourceDataSyncS3Destination:ResourceDataSyncS3Destination", + "description": "Amazon S3 configuration details for the sync.\n" + } + }, + "required": [ + "name", + "s3Destination" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "Name for the configuration.\n" + }, + "s3Destination": { + "$ref": "#/types/aws:ssm/ResourceDataSyncS3Destination:ResourceDataSyncS3Destination", + "description": "Amazon S3 configuration details for the sync.\n" + } + }, + "requiredInputs": [ + "s3Destination" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ResourceDataSync resources.\n", + "properties": { + "name": { + "type": "string", + "description": "Name for the configuration.\n" + }, + "s3Destination": { + "$ref": "#/types/aws:ssm/ResourceDataSyncS3Destination:ResourceDataSyncS3Destination", + "description": "Amazon S3 configuration details for the sync.\n" + } + }, + "type": "object" + } + }, + "aws:ssoadmin/accountAssignment:AccountAssignment": { + "description": "Provides a Single Sign-On (SSO) Account Assignment resource\n\n\n## Import\n\nSSO Account Assignments can be imported using the `principal_id`, `principal_type`, `target_id`, `target_type`, `permission_set_arn`, `instance_arn` separated by commas (`,`) e.g.\n\n```sh\n $ pulumi import aws:ssoadmin/accountAssignment:AccountAssignment example f81d4fae-7dec-11d0-a765-00a0c91e6bf6,GROUP,1234567890,AWS_ACCOUNT,arn:aws:sso:::permissionSet/ssoins-0123456789abcdef/ps-0123456789abcdef,arn:aws:sso:::instance/ssoins-0123456789abcdef\n```\n\n ", + "properties": { + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance.\n" + }, + "permissionSetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.\n" + }, + "principalId": { + "type": "string", + "description": "An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, `f81d4fae-7dec-11d0-a765-00a0c91e6bf6`).\n" + }, + "principalType": { + "type": "string", + "description": "The entity type for which the assignment will be created. Valid values: `USER`, `GROUP`.\n" + }, + "targetId": { + "type": "string", + "description": "An AWS account identifier, typically a 10-12 digit string.\n" + }, + "targetType": { + "type": "string", + "description": "The entity type for which the assignment will be created. Valid values: `AWS_ACCOUNT`.\n" + } + }, + "required": [ + "instanceArn", + "permissionSetArn", + "principalId", + "principalType", + "targetId" + ], + "inputProperties": { + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance.\n" + }, + "permissionSetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.\n" + }, + "principalId": { + "type": "string", + "description": "An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, `f81d4fae-7dec-11d0-a765-00a0c91e6bf6`).\n" + }, + "principalType": { + "type": "string", + "description": "The entity type for which the assignment will be created. Valid values: `USER`, `GROUP`.\n" + }, + "targetId": { + "type": "string", + "description": "An AWS account identifier, typically a 10-12 digit string.\n" + }, + "targetType": { + "type": "string", + "description": "The entity type for which the assignment will be created. Valid values: `AWS_ACCOUNT`.\n" + } + }, + "requiredInputs": [ + "instanceArn", + "permissionSetArn", + "principalId", + "principalType", + "targetId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering AccountAssignment resources.\n", + "properties": { + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance.\n" + }, + "permissionSetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set that the admin wants to grant the principal access to.\n" + }, + "principalId": { + "type": "string", + "description": "An identifier for an object in SSO, such as a user or group. PrincipalIds are GUIDs (For example, `f81d4fae-7dec-11d0-a765-00a0c91e6bf6`).\n" + }, + "principalType": { + "type": "string", + "description": "The entity type for which the assignment will be created. Valid values: `USER`, `GROUP`.\n" + }, + "targetId": { + "type": "string", + "description": "An AWS account identifier, typically a 10-12 digit string.\n" + }, + "targetType": { + "type": "string", + "description": "The entity type for which the assignment will be created. Valid values: `AWS_ACCOUNT`.\n" + } + }, + "type": "object" + } + }, + "aws:ssoadmin/managedPolicyAttachment:ManagedPolicyAttachment": { + "description": "Provides an IAM managed policy for a Single Sign-On (SSO) Permission Set resource\n\n> **NOTE:** Creating this resource will automatically [Provision the Permission Set](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html) to apply the corresponding updates to all assigned accounts.\n\n\n## Import\n\nSSO Managed Policy Attachments can be imported using the `managed_policy_arn`, `permission_set_arn`, and `instance_arn` separated by a comma (`,`) e.g.\n\n```sh\n $ pulumi import aws:ssoadmin/managedPolicyAttachment:ManagedPolicyAttachment example arn:aws:iam::aws:policy/AlexaForBusinessDeviceSetup,arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72\n```\n\n ", + "properties": { + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.\n" + }, + "managedPolicyArn": { + "type": "string", + "description": "The IAM managed policy Amazon Resource Name (ARN) to be attached to the Permission Set.\n" + }, + "managedPolicyName": { + "type": "string", + "description": "The name of the IAM Managed Policy.\n" + }, + "permissionSetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set.\n" + } + }, + "required": [ + "instanceArn", + "managedPolicyArn", + "managedPolicyName", + "permissionSetArn" + ], + "inputProperties": { + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.\n" + }, + "managedPolicyArn": { + "type": "string", + "description": "The IAM managed policy Amazon Resource Name (ARN) to be attached to the Permission Set.\n" + }, + "permissionSetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set.\n" + } + }, + "requiredInputs": [ + "instanceArn", + "managedPolicyArn", + "permissionSetArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering ManagedPolicyAttachment resources.\n", + "properties": { + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.\n" + }, + "managedPolicyArn": { + "type": "string", + "description": "The IAM managed policy Amazon Resource Name (ARN) to be attached to the Permission Set.\n" + }, + "managedPolicyName": { + "type": "string", + "description": "The name of the IAM Managed Policy.\n" + }, + "permissionSetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set.\n" + } + }, + "type": "object" + } + }, + "aws:ssoadmin/permissionSet:PermissionSet": { + "description": "Provides a Single Sign-On (SSO) Permission Set resource\n\n> **NOTE:** Updating this resource will automatically [Provision the Permission Set](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html) to apply the corresponding updates to all assigned accounts.\n\n\n## Import\n\nSSO Permission Sets can be imported using the `arn` and `instance_arn` separated by a comma (`,`) e.g.\n\n```sh\n $ pulumi import aws:ssoadmin/permissionSet:PermissionSet example arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set.\n" + }, + "createdDate": { + "type": "string", + "description": "The date the Permission Set was created in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "description": { + "type": "string", + "description": "The description of the Permission Set.\n" + }, + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.\n" + }, + "name": { + "type": "string", + "description": "The name of the Permission Set.\n" + }, + "relayState": { + "type": "string", + "description": "The relay state URL used to redirect users within the application during the federation authentication process.\n" + }, + "sessionDuration": { + "type": "string", + "description": "The length of time that the application user sessions are valid in the ISO-8601 standard. Default: `PT1H`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "createdDate", + "instanceArn", + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description of the Permission Set.\n" + }, + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.\n" + }, + "name": { + "type": "string", + "description": "The name of the Permission Set.\n" + }, + "relayState": { + "type": "string", + "description": "The relay state URL used to redirect users within the application during the federation authentication process.\n" + }, + "sessionDuration": { + "type": "string", + "description": "The length of time that the application user sessions are valid in the ISO-8601 standard. Default: `PT1H`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "instanceArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PermissionSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set.\n" + }, + "createdDate": { + "type": "string", + "description": "The date the Permission Set was created in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "description": { + "type": "string", + "description": "The description of the Permission Set.\n" + }, + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.\n" + }, + "name": { + "type": "string", + "description": "The name of the Permission Set.\n" + }, + "relayState": { + "type": "string", + "description": "The relay state URL used to redirect users within the application during the federation authentication process.\n" + }, + "sessionDuration": { + "type": "string", + "description": "The length of time that the application user sessions are valid in the ISO-8601 standard. Default: `PT1H`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:ssoadmin/permissionSetInlinePolicy:PermissionSetInlinePolicy": { + "description": "Provides an IAM inline policy for a Single Sign-On (SSO) Permission Set resource\n\n> **NOTE:** AWS Single Sign-On (SSO) only supports one IAM inline policy per `aws.ssoadmin.PermissionSet` resource.\nCreating or updating this resource will automatically [Provision the Permission Set](https://docs.aws.amazon.com/singlesignon/latest/APIReference/API_ProvisionPermissionSet.html) to apply the corresponding updates to all assigned accounts.\n\n\n## Import\n\nSSO Permission Set Inline Policies can be imported using the `permission_set_arn` and `instance_arn` separated by a comma (`,`) e.g.\n\n```sh\n $ pulumi import aws:ssoadmin/permissionSetInlinePolicy:PermissionSetInlinePolicy example arn:aws:sso:::permissionSet/ssoins-2938j0x8920sbj72/ps-80383020jr9302rk,arn:aws:sso:::instance/ssoins-2938j0x8920sbj72\n```\n\n ", + "properties": { + "inlinePolicy": { + "type": "string", + "description": "The IAM inline policy to attach to a Permission Set.\n" + }, + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.\n" + }, + "permissionSetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set.\n" + } + }, + "required": [ + "inlinePolicy", + "instanceArn", + "permissionSetArn" + ], + "inputProperties": { + "inlinePolicy": { + "type": "string", + "description": "The IAM inline policy to attach to a Permission Set.\n" + }, + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.\n" + }, + "permissionSetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set.\n" + } + }, + "requiredInputs": [ + "inlinePolicy", + "instanceArn", + "permissionSetArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering PermissionSetInlinePolicy resources.\n", + "properties": { + "inlinePolicy": { + "type": "string", + "description": "The IAM inline policy to attach to a Permission Set.\n" + }, + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance under which the operation will be executed.\n" + }, + "permissionSetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Permission Set.\n" + } + }, + "type": "object" + } + }, + "aws:storagegateway/cache:Cache": { + "description": "Manages an AWS Storage Gateway cache.\n\n> **NOTE:** The Storage Gateway API provides no method to remove a cache disk. Destroying this resource does not perform any Storage Gateway actions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Cache(\"example\", {\n diskId: data.aws_storagegateway_local_disk.example.id,\n gatewayArn: aws_storagegateway_gateway.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Cache(\"example\",\n disk_id=data[\"aws_storagegateway_local_disk\"][\"example\"][\"id\"],\n gateway_arn=aws_storagegateway_gateway[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.Cache(\"example\", new Aws.StorageGateway.CacheArgs\n {\n DiskId = data.Aws_storagegateway_local_disk.Example.Id,\n GatewayArn = aws_storagegateway_gateway.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewCache(ctx, \"example\", &storagegateway.CacheArgs{\n\t\t\tDiskId: pulumi.Any(data.Aws_storagegateway_local_disk.Example.Id),\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_gateway.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_storagegateway_cache` can be imported by using the gateway Amazon Resource Name (ARN) and local disk identifier separated with a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:storagegateway/cache:Cache example arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678:pci-0000:03:00.0-scsi-0:0:0:0\n```\n\n ", + "properties": { + "diskId": { + "type": "string", + "description": "Local disk identifier. For example, `pci-0000:03:00.0-scsi-0:0:0:0`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + } + }, + "required": [ + "diskId", + "gatewayArn" + ], + "inputProperties": { + "diskId": { + "type": "string", + "description": "Local disk identifier. For example, `pci-0000:03:00.0-scsi-0:0:0:0`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + } + }, + "requiredInputs": [ + "diskId", + "gatewayArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Cache resources.\n", + "properties": { + "diskId": { + "type": "string", + "description": "Local disk identifier. For example, `pci-0000:03:00.0-scsi-0:0:0:0`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + } + }, + "type": "object" + } + }, + "aws:storagegateway/cachesIscsiVolume:CachesIscsiVolume": { + "description": "Manages an AWS Storage Gateway cached iSCSI volume.\n\n> **NOTE:** The gateway must have cache added (e.g. via the `aws.storagegateway.Cache` resource) before creating volumes otherwise the Storage Gateway API will return an error.\n\n> **NOTE:** The gateway must have an upload buffer added (e.g. via the `aws.storagegateway.UploadBuffer` resource) before the volume is operational to clients, however the Storage Gateway API will allow volume creation without error in that case and return volume status as `UPLOAD BUFFER NOT CONFIGURED`.\n\n{{% examples %}}\n## Example Usage\n\n> **NOTE:** These examples are referencing the `aws.storagegateway.Cache` resource `gateway_arn` attribute to ensure this provider properly adds cache before creating the volume. If you are not using this method, you may need to declare an expicit dependency (e.g. via `depends_on = [aws_storagegateway_cache.example]`) to ensure proper ordering.\n{{% example %}}\n### Create Empty Cached iSCSI Volume\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.CachesIscsiVolume(\"example\", {\n gatewayArn: aws_storagegateway_cache.example.gateway_arn,\n networkInterfaceId: aws_instance.example.private_ip,\n targetName: \"example\",\n volumeSizeInBytes: 5368709120,\n});\n// 5 GB\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.CachesIscsiVolume(\"example\",\n gateway_arn=aws_storagegateway_cache[\"example\"][\"gateway_arn\"],\n network_interface_id=aws_instance[\"example\"][\"private_ip\"],\n target_name=\"example\",\n volume_size_in_bytes=5368709120)\n# 5 GB\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.CachesIscsiVolume(\"example\", new Aws.StorageGateway.CachesIscsiVolumeArgs\n {\n GatewayArn = aws_storagegateway_cache.Example.Gateway_arn,\n NetworkInterfaceId = aws_instance.Example.Private_ip,\n TargetName = \"example\",\n VolumeSizeInBytes = 5368709120,\n });\n // 5 GB\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewCachesIscsiVolume(ctx, \"example\", &storagegateway.CachesIscsiVolumeArgs{\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_cache.Example.Gateway_arn),\n\t\t\tNetworkInterfaceId: pulumi.Any(aws_instance.Example.Private_ip),\n\t\t\tTargetName: pulumi.String(\"example\"),\n\t\t\tVolumeSizeInBytes: pulumi.Int(5368709120),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Create Cached iSCSI Volume From Snapshot\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.CachesIscsiVolume(\"example\", {\n gatewayArn: aws_storagegateway_cache.example.gateway_arn,\n networkInterfaceId: aws_instance.example.private_ip,\n snapshotId: aws_ebs_snapshot.example.id,\n targetName: \"example\",\n volumeSizeInBytes: aws_ebs_snapshot.example.volume_size * 1024 * 1024 * 1024,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.CachesIscsiVolume(\"example\",\n gateway_arn=aws_storagegateway_cache[\"example\"][\"gateway_arn\"],\n network_interface_id=aws_instance[\"example\"][\"private_ip\"],\n snapshot_id=aws_ebs_snapshot[\"example\"][\"id\"],\n target_name=\"example\",\n volume_size_in_bytes=aws_ebs_snapshot[\"example\"][\"volume_size\"] * 1024 * 1024 * 1024)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.CachesIscsiVolume(\"example\", new Aws.StorageGateway.CachesIscsiVolumeArgs\n {\n GatewayArn = aws_storagegateway_cache.Example.Gateway_arn,\n NetworkInterfaceId = aws_instance.Example.Private_ip,\n SnapshotId = aws_ebs_snapshot.Example.Id,\n TargetName = \"example\",\n VolumeSizeInBytes = aws_ebs_snapshot.Example.Volume_size * 1024 * 1024 * 1024,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewCachesIscsiVolume(ctx, \"example\", &storagegateway.CachesIscsiVolumeArgs{\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_cache.Example.Gateway_arn),\n\t\t\tNetworkInterfaceId: pulumi.Any(aws_instance.Example.Private_ip),\n\t\t\tSnapshotId: pulumi.Any(aws_ebs_snapshot.Example.Id),\n\t\t\tTargetName: pulumi.String(\"example\"),\n\t\t\tVolumeSizeInBytes: aws_ebs_snapshot.Example.Volume_size * 1024 * 1024 * 1024,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Create Cached iSCSI Volume From Source Volume\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.CachesIscsiVolume(\"example\", {\n gatewayArn: aws_storagegateway_cache.example.gateway_arn,\n networkInterfaceId: aws_instance.example.private_ip,\n sourceVolumeArn: aws_storagegateway_cached_iscsi_volume.existing.arn,\n targetName: \"example\",\n volumeSizeInBytes: aws_storagegateway_cached_iscsi_volume.existing.volume_size_in_bytes,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.CachesIscsiVolume(\"example\",\n gateway_arn=aws_storagegateway_cache[\"example\"][\"gateway_arn\"],\n network_interface_id=aws_instance[\"example\"][\"private_ip\"],\n source_volume_arn=aws_storagegateway_cached_iscsi_volume[\"existing\"][\"arn\"],\n target_name=\"example\",\n volume_size_in_bytes=aws_storagegateway_cached_iscsi_volume[\"existing\"][\"volume_size_in_bytes\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.CachesIscsiVolume(\"example\", new Aws.StorageGateway.CachesIscsiVolumeArgs\n {\n GatewayArn = aws_storagegateway_cache.Example.Gateway_arn,\n NetworkInterfaceId = aws_instance.Example.Private_ip,\n SourceVolumeArn = aws_storagegateway_cached_iscsi_volume.Existing.Arn,\n TargetName = \"example\",\n VolumeSizeInBytes = aws_storagegateway_cached_iscsi_volume.Existing.Volume_size_in_bytes,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewCachesIscsiVolume(ctx, \"example\", &storagegateway.CachesIscsiVolumeArgs{\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_cache.Example.Gateway_arn),\n\t\t\tNetworkInterfaceId: pulumi.Any(aws_instance.Example.Private_ip),\n\t\t\tSourceVolumeArn: pulumi.Any(aws_storagegateway_cached_iscsi_volume.Existing.Arn),\n\t\t\tTargetName: pulumi.String(\"example\"),\n\t\t\tVolumeSizeInBytes: pulumi.Any(aws_storagegateway_cached_iscsi_volume.Existing.Volume_size_in_bytes),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_storagegateway_cached_iscsi_volume` can be imported by using the volume Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:storagegateway/cachesIscsiVolume:CachesIscsiVolume example arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Volume Amazon Resource Name (ARN), e.g. `arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678`.\n" + }, + "chapEnabled": { + "type": "boolean", + "description": "Whether mutual CHAP is enabled for the iSCSI target.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "Set to `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3.\n" + }, + "kmsKey": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. Is required when `kms_encrypted` is set.\n" + }, + "lunNumber": { + "type": "integer", + "description": "Logical disk number.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted.\n" + }, + "networkInterfacePort": { + "type": "integer", + "description": "The port used to communicate with iSCSI targets.\n" + }, + "snapshotId": { + "type": "string", + "description": "The snapshot ID of the snapshot to restore as the new cached volume. e.g. `snap-1122aabb`.\n" + }, + "sourceVolumeArn": { + "type": "string", + "description": "The ARN for an existing volume. Specifying this ARN makes the new volume into an exact copy of the specified existing volume's latest recovery point. The `volume_size_in_bytes` value for this new volume must be equal to or larger than the size of the existing volume, in bytes.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetArn": { + "type": "string", + "description": "Target Amazon Resource Name (ARN), e.g. `arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/target/iqn.1997-05.com.amazon:TargetName`.\n" + }, + "targetName": { + "type": "string", + "description": "The name of the iSCSI target used by initiators to connect to the target and as a suffix for the target ARN. The target name must be unique across all volumes of a gateway.\n" + }, + "volumeArn": { + "type": "string", + "description": "Volume Amazon Resource Name (ARN), e.g. `arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678`.\n" + }, + "volumeId": { + "type": "string", + "description": "Volume ID, e.g. `vol-12345678`.\n" + }, + "volumeSizeInBytes": { + "type": "integer", + "description": "The size of the volume in bytes.\n" + } + }, + "required": [ + "arn", + "chapEnabled", + "gatewayArn", + "lunNumber", + "networkInterfaceId", + "networkInterfacePort", + "tagsAll", + "targetArn", + "targetName", + "volumeArn", + "volumeId", + "volumeSizeInBytes" + ], + "inputProperties": { + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "Set to `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3.\n" + }, + "kmsKey": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. Is required when `kms_encrypted` is set.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted.\n" + }, + "snapshotId": { + "type": "string", + "description": "The snapshot ID of the snapshot to restore as the new cached volume. e.g. `snap-1122aabb`.\n" + }, + "sourceVolumeArn": { + "type": "string", + "description": "The ARN for an existing volume. Specifying this ARN makes the new volume into an exact copy of the specified existing volume's latest recovery point. The `volume_size_in_bytes` value for this new volume must be equal to or larger than the size of the existing volume, in bytes.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetName": { + "type": "string", + "description": "The name of the iSCSI target used by initiators to connect to the target and as a suffix for the target ARN. The target name must be unique across all volumes of a gateway.\n" + }, + "volumeSizeInBytes": { + "type": "integer", + "description": "The size of the volume in bytes.\n" + } + }, + "requiredInputs": [ + "gatewayArn", + "networkInterfaceId", + "targetName", + "volumeSizeInBytes" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering CachesIscsiVolume resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Volume Amazon Resource Name (ARN), e.g. `arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678`.\n" + }, + "chapEnabled": { + "type": "boolean", + "description": "Whether mutual CHAP is enabled for the iSCSI target.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "Set to `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3.\n" + }, + "kmsKey": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. Is required when `kms_encrypted` is set.\n" + }, + "lunNumber": { + "type": "integer", + "description": "Logical disk number.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted.\n" + }, + "networkInterfacePort": { + "type": "integer", + "description": "The port used to communicate with iSCSI targets.\n" + }, + "snapshotId": { + "type": "string", + "description": "The snapshot ID of the snapshot to restore as the new cached volume. e.g. `snap-1122aabb`.\n" + }, + "sourceVolumeArn": { + "type": "string", + "description": "The ARN for an existing volume. Specifying this ARN makes the new volume into an exact copy of the specified existing volume's latest recovery point. The `volume_size_in_bytes` value for this new volume must be equal to or larger than the size of the existing volume, in bytes.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetArn": { + "type": "string", + "description": "Target Amazon Resource Name (ARN), e.g. `arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/target/iqn.1997-05.com.amazon:TargetName`.\n" + }, + "targetName": { + "type": "string", + "description": "The name of the iSCSI target used by initiators to connect to the target and as a suffix for the target ARN. The target name must be unique across all volumes of a gateway.\n" + }, + "volumeArn": { + "type": "string", + "description": "Volume Amazon Resource Name (ARN), e.g. `arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678`.\n" + }, + "volumeId": { + "type": "string", + "description": "Volume ID, e.g. `vol-12345678`.\n" + }, + "volumeSizeInBytes": { + "type": "integer", + "description": "The size of the volume in bytes.\n" + } + }, + "type": "object" + } + }, + "aws:storagegateway/fileSystemAssociation:FileSystemAssociation": { + "description": "Associate an Amazon FSx file system with the FSx File Gateway. After the association process is complete, the file shares on the Amazon FSx file system are available for access through the gateway. This operation only supports the FSx File Gateway type.\n\n[FSx File Gateway requirements](https://docs.aws.amazon.com/filegateway/latest/filefsxw/Requirements.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.FileSystemAssociation(\"example\", {\n gatewayArn: aws_storagegateway_gateway.example.arn,\n locationArn: aws_fsx_windows_file_system.example.arn,\n username: \"Admin\",\n password: \"avoid-plaintext-passwords\",\n auditDestinationArn: aws_s3_bucket.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.FileSystemAssociation(\"example\",\n gateway_arn=aws_storagegateway_gateway[\"example\"][\"arn\"],\n location_arn=aws_fsx_windows_file_system[\"example\"][\"arn\"],\n username=\"Admin\",\n password=\"avoid-plaintext-passwords\",\n audit_destination_arn=aws_s3_bucket[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.FileSystemAssociation(\"example\", new Aws.StorageGateway.FileSystemAssociationArgs\n {\n GatewayArn = aws_storagegateway_gateway.Example.Arn,\n LocationArn = aws_fsx_windows_file_system.Example.Arn,\n Username = \"Admin\",\n Password = \"avoid-plaintext-passwords\",\n AuditDestinationArn = aws_s3_bucket.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewFileSystemAssociation(ctx, \"example\", &storagegateway.FileSystemAssociationArgs{\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_gateway.Example.Arn),\n\t\t\tLocationArn: pulumi.Any(aws_fsx_windows_file_system.Example.Arn),\n\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\tAuditDestinationArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Required Services Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst awsServiceStoragegatewayAmiFILES3Latest = aws.ssm.getParameter({\n name: \"/aws/service/storagegateway/ami/FILE_S3/latest\",\n});\nconst testInstance = new aws.ec2.Instance(\"testInstance\", {\n ami: awsServiceStoragegatewayAmiFILES3Latest.then(awsServiceStoragegatewayAmiFILES3Latest => awsServiceStoragegatewayAmiFILES3Latest.value),\n associatePublicIpAddress: true,\n instanceType: data.aws_ec2_instance_type_offering.available.instance_type,\n vpcSecurityGroupIds: [aws_security_group.test.id],\n subnetId: aws_subnet.test[0].id,\n}, {\n dependsOn: [\n aws_route.test,\n aws_vpc_dhcp_options_association.test,\n ],\n});\nconst testGateway = new aws.storagegateway.Gateway(\"testGateway\", {\n gatewayIpAddress: testInstance.publicIp,\n gatewayName: \"test-sgw\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"FILE_FSX_SMB\",\n smbActiveDirectorySettings: {\n domainName: aws_directory_service_directory.test.name,\n password: aws_directory_service_directory.test.password,\n username: \"Admin\",\n },\n});\nconst testWindowsFileSystem = new aws.fsx.WindowsFileSystem(\"testWindowsFileSystem\", {\n activeDirectoryId: aws_directory_service_directory.test.id,\n securityGroupIds: [aws_security_group.test.id],\n skipFinalBackup: true,\n storageCapacity: 32,\n subnetIds: [aws_subnet.test[0].id],\n throughputCapacity: 8,\n});\nconst fsx = new aws.storagegateway.FileSystemAssociation(\"fsx\", {\n gatewayArn: testGateway.arn,\n locationArn: testWindowsFileSystem.arn,\n username: \"Admin\",\n password: aws_directory_service_directory.test.password,\n cacheAttributes: {\n cacheStaleTimeoutInSeconds: 400,\n },\n auditDestinationArn: aws_cloudwatch_log_group.test.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\naws_service_storagegateway_ami_files3_latest = aws.ssm.get_parameter(name=\"/aws/service/storagegateway/ami/FILE_S3/latest\")\ntest_instance = aws.ec2.Instance(\"testInstance\",\n ami=aws_service_storagegateway_ami_files3_latest.value,\n associate_public_ip_address=True,\n instance_type=data[\"aws_ec2_instance_type_offering\"][\"available\"][\"instance_type\"],\n vpc_security_group_ids=[aws_security_group[\"test\"][\"id\"]],\n subnet_id=aws_subnet[\"test\"][0][\"id\"],\n opts=pulumi.ResourceOptions(depends_on=[\n aws_route[\"test\"],\n aws_vpc_dhcp_options_association[\"test\"],\n ]))\ntest_gateway = aws.storagegateway.Gateway(\"testGateway\",\n gateway_ip_address=test_instance.public_ip,\n gateway_name=\"test-sgw\",\n gateway_timezone=\"GMT\",\n gateway_type=\"FILE_FSX_SMB\",\n smb_active_directory_settings=aws.storagegateway.GatewaySmbActiveDirectorySettingsArgs(\n domain_name=aws_directory_service_directory[\"test\"][\"name\"],\n password=aws_directory_service_directory[\"test\"][\"password\"],\n username=\"Admin\",\n ))\ntest_windows_file_system = aws.fsx.WindowsFileSystem(\"testWindowsFileSystem\",\n active_directory_id=aws_directory_service_directory[\"test\"][\"id\"],\n security_group_ids=[aws_security_group[\"test\"][\"id\"]],\n skip_final_backup=True,\n storage_capacity=32,\n subnet_ids=[aws_subnet[\"test\"][0][\"id\"]],\n throughput_capacity=8)\nfsx = aws.storagegateway.FileSystemAssociation(\"fsx\",\n gateway_arn=test_gateway.arn,\n location_arn=test_windows_file_system.arn,\n username=\"Admin\",\n password=aws_directory_service_directory[\"test\"][\"password\"],\n cache_attributes=aws.storagegateway.FileSystemAssociationCacheAttributesArgs(\n cache_stale_timeout_in_seconds=400,\n ),\n audit_destination_arn=aws_cloudwatch_log_group[\"test\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var awsServiceStoragegatewayAmiFILES3Latest = Output.Create(Aws.Ssm.GetParameter.InvokeAsync(new Aws.Ssm.GetParameterArgs\n {\n Name = \"/aws/service/storagegateway/ami/FILE_S3/latest\",\n }));\n var testInstance = new Aws.Ec2.Instance(\"testInstance\", new Aws.Ec2.InstanceArgs\n {\n Ami = awsServiceStoragegatewayAmiFILES3Latest.Apply(awsServiceStoragegatewayAmiFILES3Latest => awsServiceStoragegatewayAmiFILES3Latest.Value),\n AssociatePublicIpAddress = true,\n InstanceType = data.Aws_ec2_instance_type_offering.Available.Instance_type,\n VpcSecurityGroupIds = \n {\n aws_security_group.Test.Id,\n },\n SubnetId = aws_subnet.Test[0].Id,\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n aws_route.Test,\n aws_vpc_dhcp_options_association.Test,\n },\n });\n var testGateway = new Aws.StorageGateway.Gateway(\"testGateway\", new Aws.StorageGateway.GatewayArgs\n {\n GatewayIpAddress = testInstance.PublicIp,\n GatewayName = \"test-sgw\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"FILE_FSX_SMB\",\n SmbActiveDirectorySettings = new Aws.StorageGateway.Inputs.GatewaySmbActiveDirectorySettingsArgs\n {\n DomainName = aws_directory_service_directory.Test.Name,\n Password = aws_directory_service_directory.Test.Password,\n Username = \"Admin\",\n },\n });\n var testWindowsFileSystem = new Aws.Fsx.WindowsFileSystem(\"testWindowsFileSystem\", new Aws.Fsx.WindowsFileSystemArgs\n {\n ActiveDirectoryId = aws_directory_service_directory.Test.Id,\n SecurityGroupIds = \n {\n aws_security_group.Test.Id,\n },\n SkipFinalBackup = true,\n StorageCapacity = 32,\n SubnetIds = \n {\n aws_subnet.Test[0].Id,\n },\n ThroughputCapacity = 8,\n });\n var fsx = new Aws.StorageGateway.FileSystemAssociation(\"fsx\", new Aws.StorageGateway.FileSystemAssociationArgs\n {\n GatewayArn = testGateway.Arn,\n LocationArn = testWindowsFileSystem.Arn,\n Username = \"Admin\",\n Password = aws_directory_service_directory.Test.Password,\n CacheAttributes = new Aws.StorageGateway.Inputs.FileSystemAssociationCacheAttributesArgs\n {\n CacheStaleTimeoutInSeconds = 400,\n },\n AuditDestinationArn = aws_cloudwatch_log_group.Test.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/fsx\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tawsServiceStoragegatewayAmiFILES3Latest, err := ssm.LookupParameter(ctx, &ssm.LookupParameterArgs{\n\t\t\tName: \"/aws/service/storagegateway/ami/FILE_S3/latest\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestInstance, err := ec2.NewInstance(ctx, \"testInstance\", &ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(awsServiceStoragegatewayAmiFILES3Latest.Value),\n\t\t\tAssociatePublicIpAddress: pulumi.Bool(true),\n\t\t\tInstanceType: pulumi.Any(data.Aws_ec2_instance_type_offering.Available.Instance_type),\n\t\t\tVpcSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Test.Id),\n\t\t\t},\n\t\t\tSubnetId: pulumi.Any(aws_subnet.Test[0].Id),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\taws_route.Test,\n\t\t\taws_vpc_dhcp_options_association.Test,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestGateway, err := storagegateway.NewGateway(ctx, \"testGateway\", &storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: testInstance.PublicIp,\n\t\t\tGatewayName: pulumi.String(\"test-sgw\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"FILE_FSX_SMB\"),\n\t\t\tSmbActiveDirectorySettings: &storagegateway.GatewaySmbActiveDirectorySettingsArgs{\n\t\t\t\tDomainName: pulumi.Any(aws_directory_service_directory.Test.Name),\n\t\t\t\tPassword: pulumi.Any(aws_directory_service_directory.Test.Password),\n\t\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestWindowsFileSystem, err := fsx.NewWindowsFileSystem(ctx, \"testWindowsFileSystem\", &fsx.WindowsFileSystemArgs{\n\t\t\tActiveDirectoryId: pulumi.Any(aws_directory_service_directory.Test.Id),\n\t\t\tSecurityGroupIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_security_group.Test.Id),\n\t\t\t},\n\t\t\tSkipFinalBackup: pulumi.Bool(true),\n\t\t\tStorageCapacity: pulumi.Int(32),\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_subnet.Test[0].Id),\n\t\t\t},\n\t\t\tThroughputCapacity: pulumi.Int(8),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewFileSystemAssociation(ctx, \"fsx\", &storagegateway.FileSystemAssociationArgs{\n\t\t\tGatewayArn: testGateway.Arn,\n\t\t\tLocationArn: testWindowsFileSystem.Arn,\n\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\tPassword: pulumi.Any(aws_directory_service_directory.Test.Password),\n\t\t\tCacheAttributes: &storagegateway.FileSystemAssociationCacheAttributesArgs{\n\t\t\t\tCacheStaleTimeoutInSeconds: pulumi.Int(400),\n\t\t\t},\n\t\t\tAuditDestinationArn: pulumi.Any(aws_cloudwatch_log_group.Test.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n\n## Import\n\n`aws_storagegateway_file_system_association` can be imported by using the FSx file system association Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:storagegateway/fileSystemAssociation:FileSystemAssociation example arn:aws:storagegateway:us-east-1:123456789012:fs-association/fsa-0DA347732FDB40125\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the newly created file system association.\n" + }, + "auditDestinationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the storage used for the audit logs.\n" + }, + "cacheAttributes": { + "$ref": "#/types/aws:storagegateway/FileSystemAssociationCacheAttributes:FileSystemAssociationCacheAttributes", + "description": "Refresh cache information. see Cache Attributes for more details.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + }, + "locationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon FSx file system to associate with the FSx File Gateway.\n" + }, + "password": { + "type": "string", + "description": "The password of the user credential.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "username": { + "type": "string", + "description": "The user name of the user credential that has permission to access the root share of the Amazon FSx file system. The user account must belong to the Amazon FSx delegated admin user group.\n" + } + }, + "required": [ + "arn", + "gatewayArn", + "locationArn", + "password", + "tagsAll", + "username" + ], + "inputProperties": { + "auditDestinationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the storage used for the audit logs.\n" + }, + "cacheAttributes": { + "$ref": "#/types/aws:storagegateway/FileSystemAssociationCacheAttributes:FileSystemAssociationCacheAttributes", + "description": "Refresh cache information. see Cache Attributes for more details.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + }, + "locationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon FSx file system to associate with the FSx File Gateway.\n" + }, + "password": { + "type": "string", + "description": "The password of the user credential.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "username": { + "type": "string", + "description": "The user name of the user credential that has permission to access the root share of the Amazon FSx file system. The user account must belong to the Amazon FSx delegated admin user group.\n" + } + }, + "requiredInputs": [ + "gatewayArn", + "locationArn", + "password", + "username" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering FileSystemAssociation resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the newly created file system association.\n" + }, + "auditDestinationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the storage used for the audit logs.\n" + }, + "cacheAttributes": { + "$ref": "#/types/aws:storagegateway/FileSystemAssociationCacheAttributes:FileSystemAssociationCacheAttributes", + "description": "Refresh cache information. see Cache Attributes for more details.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + }, + "locationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon FSx file system to associate with the FSx File Gateway.\n" + }, + "password": { + "type": "string", + "description": "The password of the user credential.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. If configured with a provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block) present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider [`default_tags` configuration block](https://www.terraform.io/docs/providers/aws/index.html#default_tags-configuration-block).\n" + }, + "username": { + "type": "string", + "description": "The user name of the user credential that has permission to access the root share of the Amazon FSx file system. The user account must belong to the Amazon FSx delegated admin user group.\n" + } + }, + "type": "object" + } + }, + "aws:storagegateway/gateway:Gateway": { + "description": "Manages an AWS Storage Gateway file, tape, or volume gateway in the provider region.\n\n> **NOTE:** The Storage Gateway API requires the gateway to be connected to properly return information after activation. If you are receiving `The specified gateway is not connected` errors during resource creation (gateway activation), ensure your gateway instance meets the [Storage Gateway requirements](https://docs.aws.amazon.com/storagegateway/latest/userguide/Requirements.html).\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Local Cache\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testVolumeAttachment = new aws.ec2.VolumeAttachment(\"testVolumeAttachment\", {\n deviceName: \"/dev/xvdb\",\n volumeId: aws_ebs_volume.test.id,\n instanceId: aws_instance.test.id,\n});\nconst testLocalDisk = testVolumeAttachment.deviceName.apply(deviceName => aws.storagegateway.getLocalDisk({\n diskNode: deviceName,\n gatewayArn: aws_storagegateway_gateway.test.arn,\n}));\nconst testCache = new aws.storagegateway.Cache(\"testCache\", {\n diskId: testLocalDisk.apply(testLocalDisk => testLocalDisk.diskId),\n gatewayArn: aws_storagegateway_gateway.test.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_volume_attachment = aws.ec2.VolumeAttachment(\"testVolumeAttachment\",\n device_name=\"/dev/xvdb\",\n volume_id=aws_ebs_volume[\"test\"][\"id\"],\n instance_id=aws_instance[\"test\"][\"id\"])\ntest_local_disk = test_volume_attachment.device_name.apply(lambda device_name: aws.storagegateway.get_local_disk(disk_node=device_name,\n gateway_arn=aws_storagegateway_gateway[\"test\"][\"arn\"]))\ntest_cache = aws.storagegateway.Cache(\"testCache\",\n disk_id=test_local_disk.disk_id,\n gateway_arn=aws_storagegateway_gateway[\"test\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testVolumeAttachment = new Aws.Ec2.VolumeAttachment(\"testVolumeAttachment\", new Aws.Ec2.VolumeAttachmentArgs\n {\n DeviceName = \"/dev/xvdb\",\n VolumeId = aws_ebs_volume.Test.Id,\n InstanceId = aws_instance.Test.Id,\n });\n var testLocalDisk = testVolumeAttachment.DeviceName.Apply(deviceName => Aws.StorageGateway.GetLocalDisk.InvokeAsync(new Aws.StorageGateway.GetLocalDiskArgs\n {\n DiskNode = deviceName,\n GatewayArn = aws_storagegateway_gateway.Test.Arn,\n }));\n var testCache = new Aws.StorageGateway.Cache(\"testCache\", new Aws.StorageGateway.CacheArgs\n {\n DiskId = testLocalDisk.Apply(testLocalDisk => testLocalDisk.DiskId),\n GatewayArn = aws_storagegateway_gateway.Test.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestVolumeAttachment, err := ec2.NewVolumeAttachment(ctx, \"testVolumeAttachment\", &ec2.VolumeAttachmentArgs{\n\t\t\tDeviceName: pulumi.String(\"/dev/xvdb\"),\n\t\t\tVolumeId: pulumi.Any(aws_ebs_volume.Test.Id),\n\t\t\tInstanceId: pulumi.Any(aws_instance.Test.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewCache(ctx, \"testCache\", &storagegateway.CacheArgs{\n\t\t\tDiskId: testLocalDisk.ApplyT(func(testLocalDisk storagegateway.GetLocalDiskResult) (string, error) {\n\t\t\t\treturn testLocalDisk.DiskId, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_gateway.Test.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### FSx File Gateway\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"FILE_FSX_SMB\",\n smbActiveDirectorySettings: {\n domainName: \"corp.example.com\",\n password: \"avoid-plaintext-passwords\",\n username: \"Admin\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"FILE_FSX_SMB\",\n smb_active_directory_settings=aws.storagegateway.GatewaySmbActiveDirectorySettingsArgs(\n domain_name=\"corp.example.com\",\n password=\"avoid-plaintext-passwords\",\n username=\"Admin\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.Gateway(\"example\", new Aws.StorageGateway.GatewayArgs\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"FILE_FSX_SMB\",\n SmbActiveDirectorySettings = new Aws.StorageGateway.Inputs.GatewaySmbActiveDirectorySettingsArgs\n {\n DomainName = \"corp.example.com\",\n Password = \"avoid-plaintext-passwords\",\n Username = \"Admin\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", &storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"FILE_FSX_SMB\"),\n\t\t\tSmbActiveDirectorySettings: &storagegateway.GatewaySmbActiveDirectorySettingsArgs{\n\t\t\t\tDomainName: pulumi.String(\"corp.example.com\"),\n\t\t\t\tPassword: pulumi.String(\"avoid-plaintext-passwords\"),\n\t\t\t\tUsername: pulumi.String(\"Admin\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### S3 File Gateway\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"FILE_S3\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"FILE_S3\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.Gateway(\"example\", new Aws.StorageGateway.GatewayArgs\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"FILE_S3\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", &storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"FILE_S3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### Tape Gateway\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"VTL\",\n mediumChangerType: \"AWS-Gateway-VTL\",\n tapeDriveType: \"IBM-ULT3580-TD5\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"VTL\",\n medium_changer_type=\"AWS-Gateway-VTL\",\n tape_drive_type=\"IBM-ULT3580-TD5\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.Gateway(\"example\", new Aws.StorageGateway.GatewayArgs\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"VTL\",\n MediumChangerType = \"AWS-Gateway-VTL\",\n TapeDriveType = \"IBM-ULT3580-TD5\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", &storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"VTL\"),\n\t\t\tMediumChangerType: pulumi.String(\"AWS-Gateway-VTL\"),\n\t\t\tTapeDriveType: pulumi.String(\"IBM-ULT3580-TD5\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Volume Gateway (Cached)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"CACHED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"CACHED\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.Gateway(\"example\", new Aws.StorageGateway.GatewayArgs\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"CACHED\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", &storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"CACHED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Volume Gateway (Stored)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.Gateway(\"example\", {\n gatewayIpAddress: \"1.2.3.4\",\n gatewayName: \"example\",\n gatewayTimezone: \"GMT\",\n gatewayType: \"STORED\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.Gateway(\"example\",\n gateway_ip_address=\"1.2.3.4\",\n gateway_name=\"example\",\n gateway_timezone=\"GMT\",\n gateway_type=\"STORED\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.Gateway(\"example\", new Aws.StorageGateway.GatewayArgs\n {\n GatewayIpAddress = \"1.2.3.4\",\n GatewayName = \"example\",\n GatewayTimezone = \"GMT\",\n GatewayType = \"STORED\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewGateway(ctx, \"example\", &storagegateway.GatewayArgs{\n\t\t\tGatewayIpAddress: pulumi.String(\"1.2.3.4\"),\n\t\t\tGatewayName: pulumi.String(\"example\"),\n\t\t\tGatewayTimezone: pulumi.String(\"GMT\"),\n\t\t\tGatewayType: pulumi.String(\"STORED\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_storagegateway_gateway` can be imported by using the gateway Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:storagegateway/gateway:Gateway example arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678\n```\n\n Certain resource arguments, like `gateway_ip_address` do not have a Storage Gateway API method for reading the information after creation, either omit the argument from the provider configuration or use `ignoreChanges` to hide the difference. ", + "properties": { + "activationKey": { + "type": "string", + "description": "Gateway activation key during resource creation. Conflicts with `gateway_ip_address`. Additional information is available in the [Storage Gateway User Guide](https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html).\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the gateway.\n" + }, + "averageDownloadRateLimitInBitsPerSec": { + "type": "integer", + "description": "The average download bandwidth rate limit in bits per second. This is supported for the `CACHED`, `STORED`, and `VTL` gateway types.\n" + }, + "averageUploadRateLimitInBitsPerSec": { + "type": "integer", + "description": "The average upload bandwidth rate limit in bits per second. This is supported for the `CACHED`, `STORED`, and `VTL` gateway types.\n" + }, + "cloudwatchLogGroupArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon CloudWatch log group to use to monitor and log events in the gateway.\n" + }, + "ec2InstanceId": { + "type": "string", + "description": "The ID of the Amazon EC2 instance that was used to launch the gateway.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of endpoint for your gateway.\n" + }, + "gatewayId": { + "type": "string", + "description": "Identifier of the gateway.\n" + }, + "gatewayIpAddress": { + "type": "string", + "description": "Gateway IP address to retrieve activation key during resource creation. Conflicts with `activation_key`. Gateway must be accessible on port 80 from where this provider is running. Additional information is available in the [Storage Gateway User Guide](https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html).\n" + }, + "gatewayName": { + "type": "string", + "description": "Name of the gateway.\n" + }, + "gatewayNetworkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:storagegateway/GatewayGatewayNetworkInterface:GatewayGatewayNetworkInterface" + }, + "description": "An array that contains descriptions of the gateway network interfaces. See Gateway Network Interface.\n" + }, + "gatewayTimezone": { + "type": "string", + "description": "Time zone for the gateway. The time zone is of the format \"GMT\", \"GMT-hr:mm\", or \"GMT+hr:mm\". For example, `GMT-4:00` indicates the time is 4 hours behind GMT. The time zone is used, for example, for scheduling snapshots and your gateway's maintenance schedule.\n" + }, + "gatewayType": { + "type": "string", + "description": "Type of the gateway. The default value is `STORED`. Valid values: `CACHED`, `FILE_FSX_SMB`, `FILE_S3`, `STORED`, `VTL`.\n" + }, + "gatewayVpcEndpoint": { + "type": "string", + "description": "VPC endpoint address to be used when activating your gateway. This should be used when your instance is in a private subnet. Requires HTTP access from client computer running this provider. More info on what ports are required by your VPC Endpoint Security group in [Activating a Gateway in a Virtual Private Cloud](https://docs.aws.amazon.com/storagegateway/latest/userguide/gateway-private-link.html).\n" + }, + "hostEnvironment": { + "type": "string", + "description": "The type of hypervisor environment used by the host.\n" + }, + "mediumChangerType": { + "type": "string", + "description": "Type of medium changer to use for tape gateway. This provider cannot detect drift of this argument. Valid values: `STK-L700`, `AWS-Gateway-VTL`, `IBM-03584L32-0402`.\n" + }, + "smbActiveDirectorySettings": { + "$ref": "#/types/aws:storagegateway/GatewaySmbActiveDirectorySettings:GatewaySmbActiveDirectorySettings", + "description": "Nested argument with Active Directory domain join information for Server Message Block (SMB) file shares. Only valid for `FILE_S3` and `FILE_FSX_SMB` gateway types. Must be set before creating `ActiveDirectory` authentication SMB file shares. More details below.\n" + }, + "smbFileShareVisibility": { + "type": "boolean", + "description": "Specifies whether the shares on this gateway appear when listing shares.\n" + }, + "smbGuestPassword": { + "type": "string", + "description": "Guest password for Server Message Block (SMB) file shares. Only valid for `FILE_S3` and `FILE_FSX_SMB` gateway types. Must be set before creating `GuestAccess` authentication SMB file shares. This provider can only detect drift of the existence of a guest password, not its actual value from the gateway. This provider can however update the password with changing the argument.\n" + }, + "smbSecurityStrategy": { + "type": "string", + "description": "Specifies the type of security strategy. Valid values are: `ClientSpecified`, `MandatorySigning`, and `MandatoryEncryption`. See [Setting a Security Level for Your Gateway](https://docs.aws.amazon.com/storagegateway/latest/userguide/managing-gateway-file.html#security-strategy) for more information.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "tapeDriveType": { + "type": "string", + "description": "Type of tape drive to use for tape gateway. This provider cannot detect drift of this argument. Valid values: `IBM-ULT3580-TD5`.\n" + } + }, + "required": [ + "activationKey", + "arn", + "ec2InstanceId", + "endpointType", + "gatewayId", + "gatewayIpAddress", + "gatewayName", + "gatewayNetworkInterfaces", + "gatewayTimezone", + "hostEnvironment", + "smbSecurityStrategy", + "tagsAll" + ], + "inputProperties": { + "activationKey": { + "type": "string", + "description": "Gateway activation key during resource creation. Conflicts with `gateway_ip_address`. Additional information is available in the [Storage Gateway User Guide](https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html).\n" + }, + "averageDownloadRateLimitInBitsPerSec": { + "type": "integer", + "description": "The average download bandwidth rate limit in bits per second. This is supported for the `CACHED`, `STORED`, and `VTL` gateway types.\n" + }, + "averageUploadRateLimitInBitsPerSec": { + "type": "integer", + "description": "The average upload bandwidth rate limit in bits per second. This is supported for the `CACHED`, `STORED`, and `VTL` gateway types.\n" + }, + "cloudwatchLogGroupArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon CloudWatch log group to use to monitor and log events in the gateway.\n" + }, + "gatewayIpAddress": { + "type": "string", + "description": "Gateway IP address to retrieve activation key during resource creation. Conflicts with `activation_key`. Gateway must be accessible on port 80 from where this provider is running. Additional information is available in the [Storage Gateway User Guide](https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html).\n" + }, + "gatewayName": { + "type": "string", + "description": "Name of the gateway.\n" + }, + "gatewayTimezone": { + "type": "string", + "description": "Time zone for the gateway. The time zone is of the format \"GMT\", \"GMT-hr:mm\", or \"GMT+hr:mm\". For example, `GMT-4:00` indicates the time is 4 hours behind GMT. The time zone is used, for example, for scheduling snapshots and your gateway's maintenance schedule.\n" + }, + "gatewayType": { + "type": "string", + "description": "Type of the gateway. The default value is `STORED`. Valid values: `CACHED`, `FILE_FSX_SMB`, `FILE_S3`, `STORED`, `VTL`.\n" + }, + "gatewayVpcEndpoint": { + "type": "string", + "description": "VPC endpoint address to be used when activating your gateway. This should be used when your instance is in a private subnet. Requires HTTP access from client computer running this provider. More info on what ports are required by your VPC Endpoint Security group in [Activating a Gateway in a Virtual Private Cloud](https://docs.aws.amazon.com/storagegateway/latest/userguide/gateway-private-link.html).\n" + }, + "mediumChangerType": { + "type": "string", + "description": "Type of medium changer to use for tape gateway. This provider cannot detect drift of this argument. Valid values: `STK-L700`, `AWS-Gateway-VTL`, `IBM-03584L32-0402`.\n" + }, + "smbActiveDirectorySettings": { + "$ref": "#/types/aws:storagegateway/GatewaySmbActiveDirectorySettings:GatewaySmbActiveDirectorySettings", + "description": "Nested argument with Active Directory domain join information for Server Message Block (SMB) file shares. Only valid for `FILE_S3` and `FILE_FSX_SMB` gateway types. Must be set before creating `ActiveDirectory` authentication SMB file shares. More details below.\n" + }, + "smbFileShareVisibility": { + "type": "boolean", + "description": "Specifies whether the shares on this gateway appear when listing shares.\n" + }, + "smbGuestPassword": { + "type": "string", + "description": "Guest password for Server Message Block (SMB) file shares. Only valid for `FILE_S3` and `FILE_FSX_SMB` gateway types. Must be set before creating `GuestAccess` authentication SMB file shares. This provider can only detect drift of the existence of a guest password, not its actual value from the gateway. This provider can however update the password with changing the argument.\n" + }, + "smbSecurityStrategy": { + "type": "string", + "description": "Specifies the type of security strategy. Valid values are: `ClientSpecified`, `MandatorySigning`, and `MandatoryEncryption`. See [Setting a Security Level for Your Gateway](https://docs.aws.amazon.com/storagegateway/latest/userguide/managing-gateway-file.html#security-strategy) for more information.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "tapeDriveType": { + "type": "string", + "description": "Type of tape drive to use for tape gateway. This provider cannot detect drift of this argument. Valid values: `IBM-ULT3580-TD5`.\n" + } + }, + "requiredInputs": [ + "gatewayName", + "gatewayTimezone" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Gateway resources.\n", + "properties": { + "activationKey": { + "type": "string", + "description": "Gateway activation key during resource creation. Conflicts with `gateway_ip_address`. Additional information is available in the [Storage Gateway User Guide](https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html).\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the gateway.\n" + }, + "averageDownloadRateLimitInBitsPerSec": { + "type": "integer", + "description": "The average download bandwidth rate limit in bits per second. This is supported for the `CACHED`, `STORED`, and `VTL` gateway types.\n" + }, + "averageUploadRateLimitInBitsPerSec": { + "type": "integer", + "description": "The average upload bandwidth rate limit in bits per second. This is supported for the `CACHED`, `STORED`, and `VTL` gateway types.\n" + }, + "cloudwatchLogGroupArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon CloudWatch log group to use to monitor and log events in the gateway.\n" + }, + "ec2InstanceId": { + "type": "string", + "description": "The ID of the Amazon EC2 instance that was used to launch the gateway.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of endpoint for your gateway.\n" + }, + "gatewayId": { + "type": "string", + "description": "Identifier of the gateway.\n" + }, + "gatewayIpAddress": { + "type": "string", + "description": "Gateway IP address to retrieve activation key during resource creation. Conflicts with `activation_key`. Gateway must be accessible on port 80 from where this provider is running. Additional information is available in the [Storage Gateway User Guide](https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html).\n" + }, + "gatewayName": { + "type": "string", + "description": "Name of the gateway.\n" + }, + "gatewayNetworkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:storagegateway/GatewayGatewayNetworkInterface:GatewayGatewayNetworkInterface" + }, + "description": "An array that contains descriptions of the gateway network interfaces. See Gateway Network Interface.\n" + }, + "gatewayTimezone": { + "type": "string", + "description": "Time zone for the gateway. The time zone is of the format \"GMT\", \"GMT-hr:mm\", or \"GMT+hr:mm\". For example, `GMT-4:00` indicates the time is 4 hours behind GMT. The time zone is used, for example, for scheduling snapshots and your gateway's maintenance schedule.\n" + }, + "gatewayType": { + "type": "string", + "description": "Type of the gateway. The default value is `STORED`. Valid values: `CACHED`, `FILE_FSX_SMB`, `FILE_S3`, `STORED`, `VTL`.\n" + }, + "gatewayVpcEndpoint": { + "type": "string", + "description": "VPC endpoint address to be used when activating your gateway. This should be used when your instance is in a private subnet. Requires HTTP access from client computer running this provider. More info on what ports are required by your VPC Endpoint Security group in [Activating a Gateway in a Virtual Private Cloud](https://docs.aws.amazon.com/storagegateway/latest/userguide/gateway-private-link.html).\n" + }, + "hostEnvironment": { + "type": "string", + "description": "The type of hypervisor environment used by the host.\n" + }, + "mediumChangerType": { + "type": "string", + "description": "Type of medium changer to use for tape gateway. This provider cannot detect drift of this argument. Valid values: `STK-L700`, `AWS-Gateway-VTL`, `IBM-03584L32-0402`.\n" + }, + "smbActiveDirectorySettings": { + "$ref": "#/types/aws:storagegateway/GatewaySmbActiveDirectorySettings:GatewaySmbActiveDirectorySettings", + "description": "Nested argument with Active Directory domain join information for Server Message Block (SMB) file shares. Only valid for `FILE_S3` and `FILE_FSX_SMB` gateway types. Must be set before creating `ActiveDirectory` authentication SMB file shares. More details below.\n" + }, + "smbFileShareVisibility": { + "type": "boolean", + "description": "Specifies whether the shares on this gateway appear when listing shares.\n" + }, + "smbGuestPassword": { + "type": "string", + "description": "Guest password for Server Message Block (SMB) file shares. Only valid for `FILE_S3` and `FILE_FSX_SMB` gateway types. Must be set before creating `GuestAccess` authentication SMB file shares. This provider can only detect drift of the existence of a guest password, not its actual value from the gateway. This provider can however update the password with changing the argument.\n" + }, + "smbSecurityStrategy": { + "type": "string", + "description": "Specifies the type of security strategy. Valid values are: `ClientSpecified`, `MandatorySigning`, and `MandatoryEncryption`. See [Setting a Security Level for Your Gateway](https://docs.aws.amazon.com/storagegateway/latest/userguide/managing-gateway-file.html#security-strategy) for more information.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "tapeDriveType": { + "type": "string", + "description": "Type of tape drive to use for tape gateway. This provider cannot detect drift of this argument. Valid values: `IBM-ULT3580-TD5`.\n" + } + }, + "type": "object" + } + }, + "aws:storagegateway/nfsFileShare:NfsFileShare": { + "description": "Manages an AWS Storage Gateway NFS File Share.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.NfsFileShare(\"example\", {\n clientLists: [\"0.0.0.0/0\"],\n gatewayArn: aws_storagegateway_gateway.example.arn,\n locationArn: aws_s3_bucket.example.arn,\n roleArn: aws_iam_role.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.NfsFileShare(\"example\",\n client_lists=[\"0.0.0.0/0\"],\n gateway_arn=aws_storagegateway_gateway[\"example\"][\"arn\"],\n location_arn=aws_s3_bucket[\"example\"][\"arn\"],\n role_arn=aws_iam_role[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.NfsFileShare(\"example\", new Aws.StorageGateway.NfsFileShareArgs\n {\n ClientLists = \n {\n \"0.0.0.0/0\",\n },\n GatewayArn = aws_storagegateway_gateway.Example.Arn,\n LocationArn = aws_s3_bucket.Example.Arn,\n RoleArn = aws_iam_role.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewNfsFileShare(ctx, \"example\", &storagegateway.NfsFileShareArgs{\n\t\t\tClientLists: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"0.0.0.0/0\"),\n\t\t\t},\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_gateway.Example.Arn),\n\t\t\tLocationArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_storagegateway_nfs_file_share` can be imported by using the NFS File Share Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:storagegateway/nfsFileShare:NfsFileShare example arn:aws:storagegateway:us-east-1:123456789012:share/share-12345678\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the NFS File Share.\n" + }, + "cacheAttributes": { + "$ref": "#/types/aws:storagegateway/NfsFileShareCacheAttributes:NfsFileShareCacheAttributes", + "description": "Refresh cache information. see Cache Attributes for more details.\n" + }, + "clientLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks. Set to `[\"0.0.0.0/0\"]` to not limit access. Minimum 1 item. Maximum 100 items.\n" + }, + "defaultStorageClass": { + "type": "string", + "description": "The default storage class for objects put into an Amazon S3 bucket by the file gateway. Defaults to `S3_STANDARD`. Valid values: `S3_STANDARD`, `S3_STANDARD_IA`, `S3_ONEZONE_IA`.\n" + }, + "fileShareName": { + "type": "string", + "description": "The name of the file share. Must be set if an S3 prefix name is set in `location_arn`.\n" + }, + "fileshareId": { + "type": "string", + "description": "ID of the NFS File Share.\n" + }, + "gatewayArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the file gateway.\n" + }, + "guessMimeTypeEnabled": { + "type": "boolean", + "description": "Boolean value that enables guessing of the MIME type for uploaded objects based on file extensions. Defaults to `true`.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "Boolean value if `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. Defaults to `false`.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) for KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is true.\n" + }, + "locationArn": { + "type": "string", + "description": "The ARN of the backed storage used for storing file data.\n" + }, + "nfsFileShareDefaults": { + "$ref": "#/types/aws:storagegateway/NfsFileShareNfsFileShareDefaults:NfsFileShareNfsFileShareDefaults", + "description": "Nested argument with file share default values. More information below. see NFS File Share Defaults for more details.\n" + }, + "notificationPolicy": { + "type": "string", + "description": "The notification policy of the file share. For more information see the [AWS Documentation](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateNFSFileShare.html#StorageGateway-CreateNFSFileShare-request-NotificationPolicy). Default value is `{}`.\n" + }, + "objectAcl": { + "type": "string", + "description": "Access Control List permission for S3 bucket objects. Defaults to `private`.\n" + }, + "path": { + "type": "string", + "description": "File share path used by the NFS client to identify the mount point.\n" + }, + "readOnly": { + "type": "boolean", + "description": "Boolean to indicate write status of file share. File share does not accept writes if `true`. Defaults to `false`.\n" + }, + "requesterPays": { + "type": "boolean", + "description": "Boolean who pays the cost of the request and the data download from the Amazon S3 bucket. Set this value to `true` if you want the requester to pay instead of the bucket owner. Defaults to `false`.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.\n" + }, + "squash": { + "type": "string", + "description": "Maps a user to anonymous user. Defaults to `RootSquash`. Valid values: `RootSquash` (only root is mapped to anonymous user), `NoSquash` (no one is mapped to anonymous user), `AllSquash` (everyone is mapped to anonymous user)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "clientLists", + "fileShareName", + "fileshareId", + "gatewayArn", + "locationArn", + "path", + "roleArn", + "tagsAll" + ], + "inputProperties": { + "cacheAttributes": { + "$ref": "#/types/aws:storagegateway/NfsFileShareCacheAttributes:NfsFileShareCacheAttributes", + "description": "Refresh cache information. see Cache Attributes for more details.\n" + }, + "clientLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks. Set to `[\"0.0.0.0/0\"]` to not limit access. Minimum 1 item. Maximum 100 items.\n" + }, + "defaultStorageClass": { + "type": "string", + "description": "The default storage class for objects put into an Amazon S3 bucket by the file gateway. Defaults to `S3_STANDARD`. Valid values: `S3_STANDARD`, `S3_STANDARD_IA`, `S3_ONEZONE_IA`.\n" + }, + "fileShareName": { + "type": "string", + "description": "The name of the file share. Must be set if an S3 prefix name is set in `location_arn`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the file gateway.\n" + }, + "guessMimeTypeEnabled": { + "type": "boolean", + "description": "Boolean value that enables guessing of the MIME type for uploaded objects based on file extensions. Defaults to `true`.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "Boolean value if `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. Defaults to `false`.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) for KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is true.\n" + }, + "locationArn": { + "type": "string", + "description": "The ARN of the backed storage used for storing file data.\n" + }, + "nfsFileShareDefaults": { + "$ref": "#/types/aws:storagegateway/NfsFileShareNfsFileShareDefaults:NfsFileShareNfsFileShareDefaults", + "description": "Nested argument with file share default values. More information below. see NFS File Share Defaults for more details.\n" + }, + "notificationPolicy": { + "type": "string", + "description": "The notification policy of the file share. For more information see the [AWS Documentation](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateNFSFileShare.html#StorageGateway-CreateNFSFileShare-request-NotificationPolicy). Default value is `{}`.\n" + }, + "objectAcl": { + "type": "string", + "description": "Access Control List permission for S3 bucket objects. Defaults to `private`.\n" + }, + "readOnly": { + "type": "boolean", + "description": "Boolean to indicate write status of file share. File share does not accept writes if `true`. Defaults to `false`.\n" + }, + "requesterPays": { + "type": "boolean", + "description": "Boolean who pays the cost of the request and the data download from the Amazon S3 bucket. Set this value to `true` if you want the requester to pay instead of the bucket owner. Defaults to `false`.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.\n" + }, + "squash": { + "type": "string", + "description": "Maps a user to anonymous user. Defaults to `RootSquash`. Valid values: `RootSquash` (only root is mapped to anonymous user), `NoSquash` (no one is mapped to anonymous user), `AllSquash` (everyone is mapped to anonymous user)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "clientLists", + "gatewayArn", + "locationArn", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering NfsFileShare resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the NFS File Share.\n" + }, + "cacheAttributes": { + "$ref": "#/types/aws:storagegateway/NfsFileShareCacheAttributes:NfsFileShareCacheAttributes", + "description": "Refresh cache information. see Cache Attributes for more details.\n" + }, + "clientLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of clients that are allowed to access the file gateway. The list must contain either valid IP addresses or valid CIDR blocks. Set to `[\"0.0.0.0/0\"]` to not limit access. Minimum 1 item. Maximum 100 items.\n" + }, + "defaultStorageClass": { + "type": "string", + "description": "The default storage class for objects put into an Amazon S3 bucket by the file gateway. Defaults to `S3_STANDARD`. Valid values: `S3_STANDARD`, `S3_STANDARD_IA`, `S3_ONEZONE_IA`.\n" + }, + "fileShareName": { + "type": "string", + "description": "The name of the file share. Must be set if an S3 prefix name is set in `location_arn`.\n" + }, + "fileshareId": { + "type": "string", + "description": "ID of the NFS File Share.\n" + }, + "gatewayArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the file gateway.\n" + }, + "guessMimeTypeEnabled": { + "type": "boolean", + "description": "Boolean value that enables guessing of the MIME type for uploaded objects based on file extensions. Defaults to `true`.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "Boolean value if `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. Defaults to `false`.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) for KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is true.\n" + }, + "locationArn": { + "type": "string", + "description": "The ARN of the backed storage used for storing file data.\n" + }, + "nfsFileShareDefaults": { + "$ref": "#/types/aws:storagegateway/NfsFileShareNfsFileShareDefaults:NfsFileShareNfsFileShareDefaults", + "description": "Nested argument with file share default values. More information below. see NFS File Share Defaults for more details.\n" + }, + "notificationPolicy": { + "type": "string", + "description": "The notification policy of the file share. For more information see the [AWS Documentation](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateNFSFileShare.html#StorageGateway-CreateNFSFileShare-request-NotificationPolicy). Default value is `{}`.\n" + }, + "objectAcl": { + "type": "string", + "description": "Access Control List permission for S3 bucket objects. Defaults to `private`.\n" + }, + "path": { + "type": "string", + "description": "File share path used by the NFS client to identify the mount point.\n" + }, + "readOnly": { + "type": "boolean", + "description": "Boolean to indicate write status of file share. File share does not accept writes if `true`. Defaults to `false`.\n" + }, + "requesterPays": { + "type": "boolean", + "description": "Boolean who pays the cost of the request and the data download from the Amazon S3 bucket. Set this value to `true` if you want the requester to pay instead of the bucket owner. Defaults to `false`.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.\n" + }, + "squash": { + "type": "string", + "description": "Maps a user to anonymous user. Defaults to `RootSquash`. Valid values: `RootSquash` (only root is mapped to anonymous user), `NoSquash` (no one is mapped to anonymous user), `AllSquash` (everyone is mapped to anonymous user)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:storagegateway/smbFileShare:SmbFileShare": { + "description": "Manages an AWS Storage Gateway SMB File Share.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Active Directory Authentication\n\n> **NOTE:** The gateway must have already joined the Active Directory domain prior to SMB file share creation. e.g. via \"SMB Settings\" in the AWS Storage Gateway console or `smb_active_directory_settings` in the `aws.storagegateway.Gateway` resource.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.SmbFileShare(\"example\", {\n authentication: \"ActiveDirectory\",\n gatewayArn: aws_storagegateway_gateway.example.arn,\n locationArn: aws_s3_bucket.example.arn,\n roleArn: aws_iam_role.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.SmbFileShare(\"example\",\n authentication=\"ActiveDirectory\",\n gateway_arn=aws_storagegateway_gateway[\"example\"][\"arn\"],\n location_arn=aws_s3_bucket[\"example\"][\"arn\"],\n role_arn=aws_iam_role[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.SmbFileShare(\"example\", new Aws.StorageGateway.SmbFileShareArgs\n {\n Authentication = \"ActiveDirectory\",\n GatewayArn = aws_storagegateway_gateway.Example.Arn,\n LocationArn = aws_s3_bucket.Example.Arn,\n RoleArn = aws_iam_role.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewSmbFileShare(ctx, \"example\", &storagegateway.SmbFileShareArgs{\n\t\t\tAuthentication: pulumi.String(\"ActiveDirectory\"),\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_gateway.Example.Arn),\n\t\t\tLocationArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Guest Authentication\n\n> **NOTE:** The gateway must have already had the SMB guest password set prior to SMB file share creation. e.g. via \"SMB Settings\" in the AWS Storage Gateway console or `smb_guest_password` in the `aws.storagegateway.Gateway` resource.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.SmbFileShare(\"example\", {\n authentication: \"GuestAccess\",\n gatewayArn: aws_storagegateway_gateway.example.arn,\n locationArn: aws_s3_bucket.example.arn,\n roleArn: aws_iam_role.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.SmbFileShare(\"example\",\n authentication=\"GuestAccess\",\n gateway_arn=aws_storagegateway_gateway[\"example\"][\"arn\"],\n location_arn=aws_s3_bucket[\"example\"][\"arn\"],\n role_arn=aws_iam_role[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.SmbFileShare(\"example\", new Aws.StorageGateway.SmbFileShareArgs\n {\n Authentication = \"GuestAccess\",\n GatewayArn = aws_storagegateway_gateway.Example.Arn,\n LocationArn = aws_s3_bucket.Example.Arn,\n RoleArn = aws_iam_role.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewSmbFileShare(ctx, \"example\", &storagegateway.SmbFileShareArgs{\n\t\t\tAuthentication: pulumi.String(\"GuestAccess\"),\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_gateway.Example.Arn),\n\t\t\tLocationArn: pulumi.Any(aws_s3_bucket.Example.Arn),\n\t\t\tRoleArn: pulumi.Any(aws_iam_role.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_storagegateway_smb_file_share` can be imported by using the SMB File Share Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:storagegateway/smbFileShare:SmbFileShare example arn:aws:storagegateway:us-east-1:123456789012:share/share-12345678\n```\n\n ", + "properties": { + "accessBasedEnumeration": { + "type": "boolean", + "description": "The files and folders on this share will only be visible to users with read access. Default value is `false`.\n" + }, + "adminUserLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of users in the Active Directory that have admin access to the file share. Only valid if `authentication` is set to `ActiveDirectory`.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the SMB File Share.\n" + }, + "auditDestinationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the CloudWatch Log Group used for the audit logs.\n" + }, + "authentication": { + "type": "string", + "description": "The authentication method that users use to access the file share. Defaults to `ActiveDirectory`. Valid values: `ActiveDirectory`, `GuestAccess`.\n" + }, + "bucketRegion": { + "type": "string", + "description": "The region of the S3 buck used by the file share. Required when specifying a `vpc_endpoint_dns_name`.\n" + }, + "cacheAttributes": { + "$ref": "#/types/aws:storagegateway/SmbFileShareCacheAttributes:SmbFileShareCacheAttributes", + "description": "Refresh cache information. see Cache Attributes for more details.\n" + }, + "caseSensitivity": { + "type": "string", + "description": "The case of an object name in an Amazon S3 bucket. For `ClientSpecified`, the client determines the case sensitivity. For `CaseSensitive`, the gateway determines the case sensitivity. The default value is `ClientSpecified`.\n" + }, + "defaultStorageClass": { + "type": "string", + "description": "The default storage class for objects put into an Amazon S3 bucket by the file gateway. Defaults to `S3_STANDARD`. Valid values: `S3_STANDARD`, `S3_STANDARD_IA`, `S3_ONEZONE_IA`.\n" + }, + "fileShareName": { + "type": "string", + "description": "The name of the file share. Must be set if an S3 prefix name is set in `location_arn`.\n" + }, + "fileshareId": { + "type": "string", + "description": "ID of the SMB File Share.\n" + }, + "gatewayArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the file gateway.\n" + }, + "guessMimeTypeEnabled": { + "type": "boolean", + "description": "Boolean value that enables guessing of the MIME type for uploaded objects based on file extensions. Defaults to `true`.\n" + }, + "invalidUserLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of users in the Active Directory that are not allowed to access the file share. Only valid if `authentication` is set to `ActiveDirectory`.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "Boolean value if `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. Defaults to `false`.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) for KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is true.\n" + }, + "locationArn": { + "type": "string", + "description": "The ARN of the backed storage used for storing file data.\n" + }, + "notificationPolicy": { + "type": "string", + "description": "The notification policy of the file share. For more information see the [AWS Documentation](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateNFSFileShare.html#StorageGateway-CreateNFSFileShare-request-NotificationPolicy). Default value is `{}`.\n" + }, + "objectAcl": { + "type": "string", + "description": "Access Control List permission for S3 bucket objects. Defaults to `private`.\n" + }, + "oplocksEnabled": { + "type": "boolean", + "description": "Boolean to indicate Opportunistic lock (oplock) status. Defaults to `true`.\n" + }, + "path": { + "type": "string", + "description": "File share path used by the NFS client to identify the mount point.\n" + }, + "readOnly": { + "type": "boolean", + "description": "Boolean to indicate write status of file share. File share does not accept writes if `true`. Defaults to `false`.\n" + }, + "requesterPays": { + "type": "boolean", + "description": "Boolean who pays the cost of the request and the data download from the Amazon S3 bucket. Set this value to `true` if you want the requester to pay instead of the bucket owner. Defaults to `false`.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.\n" + }, + "smbAclEnabled": { + "type": "boolean", + "description": "Set this value to `true` to enable ACL (access control list) on the SMB fileshare. Set it to `false` to map file and directory permissions to the POSIX permissions. This setting applies only to `ActiveDirectory` authentication type.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "validUserLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of users in the Active Directory that are allowed to access the file share. Only valid if `authentication` is set to `ActiveDirectory`.\n" + }, + "vpcEndpointDnsName": { + "type": "string", + "description": "The DNS name of the VPC endpoint for S3 private link.\n" + } + }, + "required": [ + "arn", + "fileShareName", + "fileshareId", + "gatewayArn", + "locationArn", + "path", + "roleArn", + "tagsAll" + ], + "inputProperties": { + "accessBasedEnumeration": { + "type": "boolean", + "description": "The files and folders on this share will only be visible to users with read access. Default value is `false`.\n" + }, + "adminUserLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of users in the Active Directory that have admin access to the file share. Only valid if `authentication` is set to `ActiveDirectory`.\n" + }, + "auditDestinationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the CloudWatch Log Group used for the audit logs.\n" + }, + "authentication": { + "type": "string", + "description": "The authentication method that users use to access the file share. Defaults to `ActiveDirectory`. Valid values: `ActiveDirectory`, `GuestAccess`.\n" + }, + "bucketRegion": { + "type": "string", + "description": "The region of the S3 buck used by the file share. Required when specifying a `vpc_endpoint_dns_name`.\n" + }, + "cacheAttributes": { + "$ref": "#/types/aws:storagegateway/SmbFileShareCacheAttributes:SmbFileShareCacheAttributes", + "description": "Refresh cache information. see Cache Attributes for more details.\n" + }, + "caseSensitivity": { + "type": "string", + "description": "The case of an object name in an Amazon S3 bucket. For `ClientSpecified`, the client determines the case sensitivity. For `CaseSensitive`, the gateway determines the case sensitivity. The default value is `ClientSpecified`.\n" + }, + "defaultStorageClass": { + "type": "string", + "description": "The default storage class for objects put into an Amazon S3 bucket by the file gateway. Defaults to `S3_STANDARD`. Valid values: `S3_STANDARD`, `S3_STANDARD_IA`, `S3_ONEZONE_IA`.\n" + }, + "fileShareName": { + "type": "string", + "description": "The name of the file share. Must be set if an S3 prefix name is set in `location_arn`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the file gateway.\n" + }, + "guessMimeTypeEnabled": { + "type": "boolean", + "description": "Boolean value that enables guessing of the MIME type for uploaded objects based on file extensions. Defaults to `true`.\n" + }, + "invalidUserLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of users in the Active Directory that are not allowed to access the file share. Only valid if `authentication` is set to `ActiveDirectory`.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "Boolean value if `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. Defaults to `false`.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) for KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is true.\n" + }, + "locationArn": { + "type": "string", + "description": "The ARN of the backed storage used for storing file data.\n" + }, + "notificationPolicy": { + "type": "string", + "description": "The notification policy of the file share. For more information see the [AWS Documentation](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateNFSFileShare.html#StorageGateway-CreateNFSFileShare-request-NotificationPolicy). Default value is `{}`.\n" + }, + "objectAcl": { + "type": "string", + "description": "Access Control List permission for S3 bucket objects. Defaults to `private`.\n" + }, + "oplocksEnabled": { + "type": "boolean", + "description": "Boolean to indicate Opportunistic lock (oplock) status. Defaults to `true`.\n" + }, + "readOnly": { + "type": "boolean", + "description": "Boolean to indicate write status of file share. File share does not accept writes if `true`. Defaults to `false`.\n" + }, + "requesterPays": { + "type": "boolean", + "description": "Boolean who pays the cost of the request and the data download from the Amazon S3 bucket. Set this value to `true` if you want the requester to pay instead of the bucket owner. Defaults to `false`.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.\n" + }, + "smbAclEnabled": { + "type": "boolean", + "description": "Set this value to `true` to enable ACL (access control list) on the SMB fileshare. Set it to `false` to map file and directory permissions to the POSIX permissions. This setting applies only to `ActiveDirectory` authentication type.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "validUserLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of users in the Active Directory that are allowed to access the file share. Only valid if `authentication` is set to `ActiveDirectory`.\n" + }, + "vpcEndpointDnsName": { + "type": "string", + "description": "The DNS name of the VPC endpoint for S3 private link.\n" + } + }, + "requiredInputs": [ + "gatewayArn", + "locationArn", + "roleArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SmbFileShare resources.\n", + "properties": { + "accessBasedEnumeration": { + "type": "boolean", + "description": "The files and folders on this share will only be visible to users with read access. Default value is `false`.\n" + }, + "adminUserLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of users in the Active Directory that have admin access to the file share. Only valid if `authentication` is set to `ActiveDirectory`.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the SMB File Share.\n" + }, + "auditDestinationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the CloudWatch Log Group used for the audit logs.\n" + }, + "authentication": { + "type": "string", + "description": "The authentication method that users use to access the file share. Defaults to `ActiveDirectory`. Valid values: `ActiveDirectory`, `GuestAccess`.\n" + }, + "bucketRegion": { + "type": "string", + "description": "The region of the S3 buck used by the file share. Required when specifying a `vpc_endpoint_dns_name`.\n" + }, + "cacheAttributes": { + "$ref": "#/types/aws:storagegateway/SmbFileShareCacheAttributes:SmbFileShareCacheAttributes", + "description": "Refresh cache information. see Cache Attributes for more details.\n" + }, + "caseSensitivity": { + "type": "string", + "description": "The case of an object name in an Amazon S3 bucket. For `ClientSpecified`, the client determines the case sensitivity. For `CaseSensitive`, the gateway determines the case sensitivity. The default value is `ClientSpecified`.\n" + }, + "defaultStorageClass": { + "type": "string", + "description": "The default storage class for objects put into an Amazon S3 bucket by the file gateway. Defaults to `S3_STANDARD`. Valid values: `S3_STANDARD`, `S3_STANDARD_IA`, `S3_ONEZONE_IA`.\n" + }, + "fileShareName": { + "type": "string", + "description": "The name of the file share. Must be set if an S3 prefix name is set in `location_arn`.\n" + }, + "fileshareId": { + "type": "string", + "description": "ID of the SMB File Share.\n" + }, + "gatewayArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the file gateway.\n" + }, + "guessMimeTypeEnabled": { + "type": "boolean", + "description": "Boolean value that enables guessing of the MIME type for uploaded objects based on file extensions. Defaults to `true`.\n" + }, + "invalidUserLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of users in the Active Directory that are not allowed to access the file share. Only valid if `authentication` is set to `ActiveDirectory`.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "Boolean value if `true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. Defaults to `false`.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) for KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is true.\n" + }, + "locationArn": { + "type": "string", + "description": "The ARN of the backed storage used for storing file data.\n" + }, + "notificationPolicy": { + "type": "string", + "description": "The notification policy of the file share. For more information see the [AWS Documentation](https://docs.aws.amazon.com/storagegateway/latest/APIReference/API_CreateNFSFileShare.html#StorageGateway-CreateNFSFileShare-request-NotificationPolicy). Default value is `{}`.\n" + }, + "objectAcl": { + "type": "string", + "description": "Access Control List permission for S3 bucket objects. Defaults to `private`.\n" + }, + "oplocksEnabled": { + "type": "boolean", + "description": "Boolean to indicate Opportunistic lock (oplock) status. Defaults to `true`.\n" + }, + "path": { + "type": "string", + "description": "File share path used by the NFS client to identify the mount point.\n" + }, + "readOnly": { + "type": "boolean", + "description": "Boolean to indicate write status of file share. File share does not accept writes if `true`. Defaults to `false`.\n" + }, + "requesterPays": { + "type": "boolean", + "description": "Boolean who pays the cost of the request and the data download from the Amazon S3 bucket. Set this value to `true` if you want the requester to pay instead of the bucket owner. Defaults to `false`.\n" + }, + "roleArn": { + "type": "string", + "description": "The ARN of the AWS Identity and Access Management (IAM) role that a file gateway assumes when it accesses the underlying storage.\n" + }, + "smbAclEnabled": { + "type": "boolean", + "description": "Set this value to `true` to enable ACL (access control list) on the SMB fileshare. Set it to `false` to map file and directory permissions to the POSIX permissions. This setting applies only to `ActiveDirectory` authentication type.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "validUserLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of users in the Active Directory that are allowed to access the file share. Only valid if `authentication` is set to `ActiveDirectory`.\n" + }, + "vpcEndpointDnsName": { + "type": "string", + "description": "The DNS name of the VPC endpoint for S3 private link.\n" + } + }, + "type": "object" + } + }, + "aws:storagegateway/storedIscsiVolume:StoredIscsiVolume": { + "description": "Manages an AWS Storage Gateway stored iSCSI volume.\n\n> **NOTE:** The gateway must have a working storage added (e.g. via the `aws.storagegateway.WorkingStorage` resource) before the volume is operational to clients, however the Storage Gateway API will allow volume creation without error in that case and return volume status as `WORKING STORAGE NOT CONFIGURED`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Create Empty Stored iSCSI Volume\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.StoredIscsiVolume(\"example\", {\n gatewayArn: aws_storagegateway_cache.example.gateway_arn,\n networkInterfaceId: aws_instance.example.private_ip,\n targetName: \"example\",\n preserveExistingData: false,\n diskId: data.aws_storagegateway_local_disk.test.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.StoredIscsiVolume(\"example\",\n gateway_arn=aws_storagegateway_cache[\"example\"][\"gateway_arn\"],\n network_interface_id=aws_instance[\"example\"][\"private_ip\"],\n target_name=\"example\",\n preserve_existing_data=False,\n disk_id=data[\"aws_storagegateway_local_disk\"][\"test\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.StoredIscsiVolume(\"example\", new Aws.StorageGateway.StoredIscsiVolumeArgs\n {\n GatewayArn = aws_storagegateway_cache.Example.Gateway_arn,\n NetworkInterfaceId = aws_instance.Example.Private_ip,\n TargetName = \"example\",\n PreserveExistingData = false,\n DiskId = data.Aws_storagegateway_local_disk.Test.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewStoredIscsiVolume(ctx, \"example\", &storagegateway.StoredIscsiVolumeArgs{\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_cache.Example.Gateway_arn),\n\t\t\tNetworkInterfaceId: pulumi.Any(aws_instance.Example.Private_ip),\n\t\t\tTargetName: pulumi.String(\"example\"),\n\t\t\tPreserveExistingData: pulumi.Bool(false),\n\t\t\tDiskId: pulumi.Any(data.Aws_storagegateway_local_disk.Test.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Create Stored iSCSI Volume From Snapshot\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.StoredIscsiVolume(\"example\", {\n gatewayArn: aws_storagegateway_cache.example.gateway_arn,\n networkInterfaceId: aws_instance.example.private_ip,\n snapshotId: aws_ebs_snapshot.example.id,\n targetName: \"example\",\n preserveExistingData: false,\n diskId: data.aws_storagegateway_local_disk.test.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.StoredIscsiVolume(\"example\",\n gateway_arn=aws_storagegateway_cache[\"example\"][\"gateway_arn\"],\n network_interface_id=aws_instance[\"example\"][\"private_ip\"],\n snapshot_id=aws_ebs_snapshot[\"example\"][\"id\"],\n target_name=\"example\",\n preserve_existing_data=False,\n disk_id=data[\"aws_storagegateway_local_disk\"][\"test\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.StoredIscsiVolume(\"example\", new Aws.StorageGateway.StoredIscsiVolumeArgs\n {\n GatewayArn = aws_storagegateway_cache.Example.Gateway_arn,\n NetworkInterfaceId = aws_instance.Example.Private_ip,\n SnapshotId = aws_ebs_snapshot.Example.Id,\n TargetName = \"example\",\n PreserveExistingData = false,\n DiskId = data.Aws_storagegateway_local_disk.Test.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewStoredIscsiVolume(ctx, \"example\", &storagegateway.StoredIscsiVolumeArgs{\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_cache.Example.Gateway_arn),\n\t\t\tNetworkInterfaceId: pulumi.Any(aws_instance.Example.Private_ip),\n\t\t\tSnapshotId: pulumi.Any(aws_ebs_snapshot.Example.Id),\n\t\t\tTargetName: pulumi.String(\"example\"),\n\t\t\tPreserveExistingData: pulumi.Bool(false),\n\t\t\tDiskId: pulumi.Any(data.Aws_storagegateway_local_disk.Test.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_storagegateway_stored_iscsi_volume` can be imported by using the volume Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:storagegateway/storedIscsiVolume:StoredIscsiVolume example arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Volume Amazon Resource Name (ARN), e.g. `arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678`.\n" + }, + "chapEnabled": { + "type": "boolean", + "description": "Whether mutual CHAP is enabled for the iSCSI target.\n" + }, + "diskId": { + "type": "string", + "description": "The unique identifier for the gateway local disk that is configured as a stored volume.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "`true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. Optional.\n" + }, + "kmsKey": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is `true`.\n" + }, + "lunNumber": { + "type": "integer", + "description": "Logical disk number.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted.\n" + }, + "networkInterfacePort": { + "type": "integer", + "description": "The port used to communicate with iSCSI targets.\n" + }, + "preserveExistingData": { + "type": "boolean", + "description": "Specify this field as `true` if you want to preserve the data on the local disk. Otherwise, specifying this field as false creates an empty volume.\n" + }, + "snapshotId": { + "type": "string", + "description": "The snapshot ID of the snapshot to restore as the new stored volume. e.g. `snap-1122aabb`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetArn": { + "type": "string", + "description": "Target Amazon Resource Name (ARN), e.g. `arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/target/iqn.1997-05.com.amazon:TargetName`.\n" + }, + "targetName": { + "type": "string", + "description": "The name of the iSCSI target used by initiators to connect to the target and as a suffix for the target ARN. The target name must be unique across all volumes of a gateway.\n" + }, + "volumeAttachmentStatus": { + "type": "string", + "description": "A value that indicates whether a storage volume is attached to, detached from, or is in the process of detaching from a gateway.\n" + }, + "volumeId": { + "type": "string", + "description": "Volume ID, e.g. `vol-12345678`.\n" + }, + "volumeSizeInBytes": { + "type": "integer", + "description": "The size of the data stored on the volume in bytes.\n" + }, + "volumeStatus": { + "type": "string", + "description": "indicates the state of the storage volume.\n" + }, + "volumeType": { + "type": "string", + "description": "indicates the type of the volume.\n" + } + }, + "required": [ + "arn", + "chapEnabled", + "diskId", + "gatewayArn", + "lunNumber", + "networkInterfaceId", + "networkInterfacePort", + "preserveExistingData", + "tagsAll", + "targetArn", + "targetName", + "volumeAttachmentStatus", + "volumeId", + "volumeSizeInBytes", + "volumeStatus", + "volumeType" + ], + "inputProperties": { + "diskId": { + "type": "string", + "description": "The unique identifier for the gateway local disk that is configured as a stored volume.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "`true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. Optional.\n" + }, + "kmsKey": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is `true`.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted.\n" + }, + "preserveExistingData": { + "type": "boolean", + "description": "Specify this field as `true` if you want to preserve the data on the local disk. Otherwise, specifying this field as false creates an empty volume.\n" + }, + "snapshotId": { + "type": "string", + "description": "The snapshot ID of the snapshot to restore as the new stored volume. e.g. `snap-1122aabb`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetName": { + "type": "string", + "description": "The name of the iSCSI target used by initiators to connect to the target and as a suffix for the target ARN. The target name must be unique across all volumes of a gateway.\n" + } + }, + "requiredInputs": [ + "diskId", + "gatewayArn", + "networkInterfaceId", + "preserveExistingData", + "targetName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering StoredIscsiVolume resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Volume Amazon Resource Name (ARN), e.g. `arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/volume/vol-12345678`.\n" + }, + "chapEnabled": { + "type": "boolean", + "description": "Whether mutual CHAP is enabled for the iSCSI target.\n" + }, + "diskId": { + "type": "string", + "description": "The unique identifier for the gateway local disk that is configured as a stored volume.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + }, + "kmsEncrypted": { + "type": "boolean", + "description": "`true` to use Amazon S3 server side encryption with your own AWS KMS key, or `false` to use a key managed by Amazon S3. Optional.\n" + }, + "kmsKey": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS KMS key used for Amazon S3 server side encryption. This value can only be set when `kms_encrypted` is `true`.\n" + }, + "lunNumber": { + "type": "integer", + "description": "Logical disk number.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The network interface of the gateway on which to expose the iSCSI target. Only IPv4 addresses are accepted.\n" + }, + "networkInterfacePort": { + "type": "integer", + "description": "The port used to communicate with iSCSI targets.\n" + }, + "preserveExistingData": { + "type": "boolean", + "description": "Specify this field as `true` if you want to preserve the data on the local disk. Otherwise, specifying this field as false creates an empty volume.\n" + }, + "snapshotId": { + "type": "string", + "description": "The snapshot ID of the snapshot to restore as the new stored volume. e.g. `snap-1122aabb`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "targetArn": { + "type": "string", + "description": "Target Amazon Resource Name (ARN), e.g. `arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678/target/iqn.1997-05.com.amazon:TargetName`.\n" + }, + "targetName": { + "type": "string", + "description": "The name of the iSCSI target used by initiators to connect to the target and as a suffix for the target ARN. The target name must be unique across all volumes of a gateway.\n" + }, + "volumeAttachmentStatus": { + "type": "string", + "description": "A value that indicates whether a storage volume is attached to, detached from, or is in the process of detaching from a gateway.\n" + }, + "volumeId": { + "type": "string", + "description": "Volume ID, e.g. `vol-12345678`.\n" + }, + "volumeSizeInBytes": { + "type": "integer", + "description": "The size of the data stored on the volume in bytes.\n" + }, + "volumeStatus": { + "type": "string", + "description": "indicates the state of the storage volume.\n" + }, + "volumeType": { + "type": "string", + "description": "indicates the type of the volume.\n" + } + }, + "type": "object" + } + }, + "aws:storagegateway/tapePool:TapePool": { + "description": "Manages an AWS Storage Gateway Tape Pool.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.TapePool(\"example\", {\n poolName: \"example\",\n storageClass: \"GLACIER\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.TapePool(\"example\",\n pool_name=\"example\",\n storage_class=\"GLACIER\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.TapePool(\"example\", new Aws.StorageGateway.TapePoolArgs\n {\n PoolName = \"example\",\n StorageClass = \"GLACIER\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewTapePool(ctx, \"example\", &storagegateway.TapePoolArgs{\n\t\t\tPoolName: pulumi.String(\"example\"),\n\t\t\tStorageClass: pulumi.String(\"GLACIER\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_storagegateway_tape_pool` can be imported by using the volume Amazon Resource Name (ARN), e.g.\n\n```sh\n $ pulumi import aws:storagegateway/tapePool:TapePool example arn:aws:storagegateway:us-east-1:123456789012:tapepool/pool-12345678\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Volume Amazon Resource Name (ARN), e.g. `aws_storagegateway_tape_pool.example arn:aws:storagegateway:us-east-1:123456789012:tapepool/pool-12345678`.\n" + }, + "poolName": { + "type": "string", + "description": "The name of the new custom tape pool.\n" + }, + "retentionLockTimeInDays": { + "type": "integer", + "description": "Tape retention lock time is set in days. Tape retention lock can be enabled for up to 100 years (36,500 days). Default value is 0.\n" + }, + "retentionLockType": { + "type": "string", + "description": "Tape retention lock can be configured in two modes. When configured in governance mode, AWS accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root AWS account. Possible values are `COMPLIANCE`, `GOVERNANCE`, and `NONE`. Default value is `NONE`.\n" + }, + "storageClass": { + "type": "string", + "description": "The storage class that is associated with the new custom pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class that corresponds to the pool. Possible values are `DEEP_ARCHIVE` or `GLACIER`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "poolName", + "storageClass", + "tagsAll" + ], + "inputProperties": { + "poolName": { + "type": "string", + "description": "The name of the new custom tape pool.\n" + }, + "retentionLockTimeInDays": { + "type": "integer", + "description": "Tape retention lock time is set in days. Tape retention lock can be enabled for up to 100 years (36,500 days). Default value is 0.\n" + }, + "retentionLockType": { + "type": "string", + "description": "Tape retention lock can be configured in two modes. When configured in governance mode, AWS accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root AWS account. Possible values are `COMPLIANCE`, `GOVERNANCE`, and `NONE`. Default value is `NONE`.\n" + }, + "storageClass": { + "type": "string", + "description": "The storage class that is associated with the new custom pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class that corresponds to the pool. Possible values are `DEEP_ARCHIVE` or `GLACIER`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "poolName", + "storageClass" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering TapePool resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Volume Amazon Resource Name (ARN), e.g. `aws_storagegateway_tape_pool.example arn:aws:storagegateway:us-east-1:123456789012:tapepool/pool-12345678`.\n" + }, + "poolName": { + "type": "string", + "description": "The name of the new custom tape pool.\n" + }, + "retentionLockTimeInDays": { + "type": "integer", + "description": "Tape retention lock time is set in days. Tape retention lock can be enabled for up to 100 years (36,500 days). Default value is 0.\n" + }, + "retentionLockType": { + "type": "string", + "description": "Tape retention lock can be configured in two modes. When configured in governance mode, AWS accounts with specific IAM permissions are authorized to remove the tape retention lock from archived virtual tapes. When configured in compliance mode, the tape retention lock cannot be removed by any user, including the root AWS account. Possible values are `COMPLIANCE`, `GOVERNANCE`, and `NONE`. Default value is `NONE`.\n" + }, + "storageClass": { + "type": "string", + "description": "The storage class that is associated with the new custom pool. When you use your backup application to eject the tape, the tape is archived directly into the storage class that corresponds to the pool. Possible values are `DEEP_ARCHIVE` or `GLACIER`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:storagegateway/uploadBuffer:UploadBuffer": { + "description": "Manages an AWS Storage Gateway upload buffer.\n\n> **NOTE:** The Storage Gateway API provides no method to remove an upload buffer disk. Destroying this resource does not perform any Storage Gateway actions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Cached and VTL Gateway Type\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testLocalDisk = aws.storagegateway.getLocalDisk({\n diskNode: aws_volume_attachment.test.device_name,\n gatewayArn: aws_storagegateway_gateway.test.arn,\n});\nconst testUploadBuffer = new aws.storagegateway.UploadBuffer(\"testUploadBuffer\", {\n diskPath: testLocalDisk.then(testLocalDisk => testLocalDisk.diskPath),\n gatewayArn: aws_storagegateway_gateway.test.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_local_disk = aws.storagegateway.get_local_disk(disk_node=aws_volume_attachment[\"test\"][\"device_name\"],\n gateway_arn=aws_storagegateway_gateway[\"test\"][\"arn\"])\ntest_upload_buffer = aws.storagegateway.UploadBuffer(\"testUploadBuffer\",\n disk_path=test_local_disk.disk_path,\n gateway_arn=aws_storagegateway_gateway[\"test\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testLocalDisk = Output.Create(Aws.StorageGateway.GetLocalDisk.InvokeAsync(new Aws.StorageGateway.GetLocalDiskArgs\n {\n DiskNode = aws_volume_attachment.Test.Device_name,\n GatewayArn = aws_storagegateway_gateway.Test.Arn,\n }));\n var testUploadBuffer = new Aws.StorageGateway.UploadBuffer(\"testUploadBuffer\", new Aws.StorageGateway.UploadBufferArgs\n {\n DiskPath = testLocalDisk.Apply(testLocalDisk => testLocalDisk.DiskPath),\n GatewayArn = aws_storagegateway_gateway.Test.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := aws_volume_attachment.Test.Device_name\n\t\ttestLocalDisk, err := storagegateway.GetLocalDisk(ctx, &storagegateway.GetLocalDiskArgs{\n\t\t\tDiskNode: &opt0,\n\t\t\tGatewayArn: aws_storagegateway_gateway.Test.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewUploadBuffer(ctx, \"testUploadBuffer\", &storagegateway.UploadBufferArgs{\n\t\t\tDiskPath: pulumi.String(testLocalDisk.DiskPath),\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_gateway.Test.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Stored Gateway Type\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.storagegateway.getLocalDisk({\n diskNode: aws_volume_attachment.test.device_name,\n gatewayArn: aws_storagegateway_gateway.test.arn,\n});\nconst example = new aws.storagegateway.UploadBuffer(\"example\", {\n diskId: data.aws_storagegateway_local_disk.example.id,\n gatewayArn: aws_storagegateway_gateway.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.storagegateway.get_local_disk(disk_node=aws_volume_attachment[\"test\"][\"device_name\"],\n gateway_arn=aws_storagegateway_gateway[\"test\"][\"arn\"])\nexample = aws.storagegateway.UploadBuffer(\"example\",\n disk_id=data[\"aws_storagegateway_local_disk\"][\"example\"][\"id\"],\n gateway_arn=aws_storagegateway_gateway[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.StorageGateway.GetLocalDisk.InvokeAsync(new Aws.StorageGateway.GetLocalDiskArgs\n {\n DiskNode = aws_volume_attachment.Test.Device_name,\n GatewayArn = aws_storagegateway_gateway.Test.Arn,\n }));\n var example = new Aws.StorageGateway.UploadBuffer(\"example\", new Aws.StorageGateway.UploadBufferArgs\n {\n DiskId = data.Aws_storagegateway_local_disk.Example.Id,\n GatewayArn = aws_storagegateway_gateway.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := aws_volume_attachment.Test.Device_name\n\t\t_, err := storagegateway.GetLocalDisk(ctx, &storagegateway.GetLocalDiskArgs{\n\t\t\tDiskNode: &opt0,\n\t\t\tGatewayArn: aws_storagegateway_gateway.Test.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storagegateway.NewUploadBuffer(ctx, \"example\", &storagegateway.UploadBufferArgs{\n\t\t\tDiskId: pulumi.Any(data.Aws_storagegateway_local_disk.Example.Id),\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_gateway.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_storagegateway_upload_buffer` can be imported by using the gateway Amazon Resource Name (ARN) and local disk identifier separated with a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:storagegateway/uploadBuffer:UploadBuffer example arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678:pci-0000:03:00.0-scsi-0:0:0:0\n```\n\n ", + "properties": { + "diskId": { + "type": "string", + "description": "Local disk identifier. For example, `pci-0000:03:00.0-scsi-0:0:0:0`.\n" + }, + "diskPath": { + "type": "string", + "description": "Local disk path. For example, `/dev/nvme1n1`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + } + }, + "required": [ + "diskId", + "diskPath", + "gatewayArn" + ], + "inputProperties": { + "diskId": { + "type": "string", + "description": "Local disk identifier. For example, `pci-0000:03:00.0-scsi-0:0:0:0`.\n" + }, + "diskPath": { + "type": "string", + "description": "Local disk path. For example, `/dev/nvme1n1`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + } + }, + "requiredInputs": [ + "gatewayArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering UploadBuffer resources.\n", + "properties": { + "diskId": { + "type": "string", + "description": "Local disk identifier. For example, `pci-0000:03:00.0-scsi-0:0:0:0`.\n" + }, + "diskPath": { + "type": "string", + "description": "Local disk path. For example, `/dev/nvme1n1`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + } + }, + "type": "object" + } + }, + "aws:storagegateway/workingStorage:WorkingStorage": { + "description": "Manages an AWS Storage Gateway working storage.\n\n> **NOTE:** The Storage Gateway API provides no method to remove a working storage disk. Destroying this resource does not perform any Storage Gateway actions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.storagegateway.WorkingStorage(\"example\", {\n diskId: data.aws_storagegateway_local_disk.example.id,\n gatewayArn: aws_storagegateway_gateway.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.storagegateway.WorkingStorage(\"example\",\n disk_id=data[\"aws_storagegateway_local_disk\"][\"example\"][\"id\"],\n gateway_arn=aws_storagegateway_gateway[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.StorageGateway.WorkingStorage(\"example\", new Aws.StorageGateway.WorkingStorageArgs\n {\n DiskId = data.Aws_storagegateway_local_disk.Example.Id,\n GatewayArn = aws_storagegateway_gateway.Example.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storagegateway.NewWorkingStorage(ctx, \"example\", &storagegateway.WorkingStorageArgs{\n\t\t\tDiskId: pulumi.Any(data.Aws_storagegateway_local_disk.Example.Id),\n\t\t\tGatewayArn: pulumi.Any(aws_storagegateway_gateway.Example.Arn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\n`aws_storagegateway_working_storage` can be imported by using the gateway Amazon Resource Name (ARN) and local disk identifier separated with a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:storagegateway/workingStorage:WorkingStorage example arn:aws:storagegateway:us-east-1:123456789012:gateway/sgw-12345678:pci-0000:03:00.0-scsi-0:0:0:0\n```\n\n ", + "properties": { + "diskId": { + "type": "string", + "description": "Local disk identifier. For example, `pci-0000:03:00.0-scsi-0:0:0:0`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + } + }, + "required": [ + "diskId", + "gatewayArn" + ], + "inputProperties": { + "diskId": { + "type": "string", + "description": "Local disk identifier. For example, `pci-0000:03:00.0-scsi-0:0:0:0`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + } + }, + "requiredInputs": [ + "diskId", + "gatewayArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering WorkingStorage resources.\n", + "properties": { + "diskId": { + "type": "string", + "description": "Local disk identifier. For example, `pci-0000:03:00.0-scsi-0:0:0:0`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + } + }, + "type": "object" + } + }, + "aws:swf/domain:Domain": { + "description": "Provides an SWF Domain resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nTo register a basic SWF domain:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = new aws.swf.Domain(\"foo\", {\n description: \"SWF Domain\",\n workflowExecutionRetentionPeriodInDays: \"30\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.swf.Domain(\"foo\",\n description=\"SWF Domain\",\n workflow_execution_retention_period_in_days=\"30\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = new Aws.Swf.Domain(\"foo\", new Aws.Swf.DomainArgs\n {\n Description = \"SWF Domain\",\n WorkflowExecutionRetentionPeriodInDays = \"30\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/swf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := swf.NewDomain(ctx, \"foo\", &swf.DomainArgs{\n\t\t\tDescription: pulumi.String(\"SWF Domain\"),\n\t\t\tWorkflowExecutionRetentionPeriodInDays: pulumi.String(\"30\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSWF Domains can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:swf/domain:Domain foo test-domain\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "description": { + "type": "string", + "description": "The domain description.\n" + }, + "name": { + "type": "string", + "description": "The name of the domain. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "workflowExecutionRetentionPeriodInDays": { + "type": "string", + "description": "Length of time that SWF will continue to retain information about the workflow execution after the workflow execution is complete, must be between 0 and 90 days.\n" + } + }, + "required": [ + "arn", + "name", + "tagsAll", + "workflowExecutionRetentionPeriodInDays" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The domain description.\n" + }, + "name": { + "type": "string", + "description": "The name of the domain. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "workflowExecutionRetentionPeriodInDays": { + "type": "string", + "description": "Length of time that SWF will continue to retain information about the workflow execution after the workflow execution is complete, must be between 0 and 90 days.\n" + } + }, + "requiredInputs": [ + "workflowExecutionRetentionPeriodInDays" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Domain resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "description": { + "type": "string", + "description": "The domain description.\n" + }, + "name": { + "type": "string", + "description": "The name of the domain. If omitted, this provider will assign a random, unique name.\n" + }, + "namePrefix": { + "type": "string", + "description": "Creates a unique name beginning with the specified prefix. Conflicts with `name`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "workflowExecutionRetentionPeriodInDays": { + "type": "string", + "description": "Length of time that SWF will continue to retain information about the workflow execution after the workflow execution is complete, must be between 0 and 90 days.\n" + } + }, + "type": "object" + } + }, + "aws:synthetics/canary:Canary": { + "description": "Provides a Synthetics Canary resource.\n\n> **NOTE:** When you create a canary, AWS creates supporting implicit resources. See the Amazon CloudWatch Synthetics documentation on [DeleteCanary](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_DeleteCanary.html) for a full list. Neither AWS nor this provider deletes these implicit resources automatically when the canary is deleted. Before deleting a canary, ensure you have all the information about the canary that you need to delete the implicit resources using the AWS Console, or AWS CLI.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst some = new aws.synthetics.Canary(\"some\", {\n artifactS3Location: \"s3://some-bucket/\",\n executionRoleArn: \"some-role\",\n handler: \"exports.handler\",\n runtimeVersion: \"syn-1.0\",\n schedule: {\n expression: \"rate(0 minute)\",\n },\n zipFile: \"test-fixtures/lambdatest.zip\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsome = aws.synthetics.Canary(\"some\",\n artifact_s3_location=\"s3://some-bucket/\",\n execution_role_arn=\"some-role\",\n handler=\"exports.handler\",\n runtime_version=\"syn-1.0\",\n schedule=aws.synthetics.CanaryScheduleArgs(\n expression=\"rate(0 minute)\",\n ),\n zip_file=\"test-fixtures/lambdatest.zip\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var some = new Aws.Synthetics.Canary(\"some\", new Aws.Synthetics.CanaryArgs\n {\n ArtifactS3Location = \"s3://some-bucket/\",\n ExecutionRoleArn = \"some-role\",\n Handler = \"exports.handler\",\n RuntimeVersion = \"syn-1.0\",\n Schedule = new Aws.Synthetics.Inputs.CanaryScheduleArgs\n {\n Expression = \"rate(0 minute)\",\n },\n ZipFile = \"test-fixtures/lambdatest.zip\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/synthetics\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := synthetics.NewCanary(ctx, \"some\", &synthetics.CanaryArgs{\n\t\t\tArtifactS3Location: pulumi.String(\"s3://some-bucket/\"),\n\t\t\tExecutionRoleArn: pulumi.String(\"some-role\"),\n\t\t\tHandler: pulumi.String(\"exports.handler\"),\n\t\t\tRuntimeVersion: pulumi.String(\"syn-1.0\"),\n\t\t\tSchedule: &synthetics.CanaryScheduleArgs{\n\t\t\t\tExpression: pulumi.String(\"rate(0 minute)\"),\n\t\t\t},\n\t\t\tZipFile: pulumi.String(\"test-fixtures/lambdatest.zip\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nSynthetics Canaries can be imported using the `name`, e.g.\n\n```sh\n $ pulumi import aws:synthetics/canary:Canary some some-canary\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Canary.\n" + }, + "artifactS3Location": { + "type": "string", + "description": "Location in Amazon S3 where Synthetics stores artifacts from the test runs of this canary.\n" + }, + "engineArn": { + "type": "string", + "description": "ARN of the Lambda function that is used as your canary's engine.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "ARN of the IAM role to be used to run the canary. see [AWS Docs](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_CreateCanary.html#API_CreateCanary_RequestSyntax) for permissions needs for IAM Role.\n" + }, + "failureRetentionPeriod": { + "type": "integer", + "description": "Number of days to retain data about failed runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.\n" + }, + "handler": { + "type": "string", + "description": "Entry point to use for the source code when running the canary. This value must end with the string `.handler` .\n" + }, + "name": { + "type": "string", + "description": "Name for this canary. Has a maximum length of 21 characters. Valid characters are lowercase alphanumeric, hyphen, or underscore.\n" + }, + "runConfig": { + "$ref": "#/types/aws:synthetics/CanaryRunConfig:CanaryRunConfig", + "description": "Configuration block for individual canary runs. Detailed below.\n" + }, + "runtimeVersion": { + "type": "string", + "description": "Runtime version to use for the canary. Versions change often so consult the [Amazon CloudWatch documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library.html) for the latest valid versions. Values include `syn-python-selenium-1.0`, `syn-nodejs-puppeteer-3.0`, `syn-nodejs-2.2`, `syn-nodejs-2.1`, `syn-nodejs-2.0`, and `syn-1.0`.\n" + }, + "s3Bucket": { + "type": "string", + "description": "Full bucket name which is used if your canary script is located in S3. The bucket must already exist. Specify the full bucket name including s3:// as the start of the bucket name. **Conflicts with `zip_file`.**\n" + }, + "s3Key": { + "type": "string", + "description": "S3 key of your script. **Conflicts with `zip_file`.**\n" + }, + "s3Version": { + "type": "string", + "description": "S3 version ID of your script. **Conflicts with `zip_file`.**\n" + }, + "schedule": { + "$ref": "#/types/aws:synthetics/CanarySchedule:CanarySchedule", + "description": "Configuration block providing how often the canary is to run and when these test runs are to stop. Detailed below.\n" + }, + "sourceLocationArn": { + "type": "string", + "description": "ARN of the Lambda layer where Synthetics stores the canary script code.\n" + }, + "startCanary": { + "type": "boolean", + "description": "Whether to run or stop the canary.\n" + }, + "status": { + "type": "string", + "description": "Canary status.\n" + }, + "successRetentionPeriod": { + "type": "integer", + "description": "Number of days to retain data about successful runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timelines": { + "type": "array", + "items": { + "$ref": "#/types/aws:synthetics/CanaryTimeline:CanaryTimeline" + }, + "description": "Structure that contains information about when the canary was created, modified, and most recently run. see Timeline.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:synthetics/CanaryVpcConfig:CanaryVpcConfig", + "description": "Configuration block. Detailed below.\n" + }, + "zipFile": { + "type": "string", + "description": "ZIP file that contains the script, if you input your canary script directly into the canary instead of referring to an S3 location. It can be up to 5 MB. **Conflicts with `s3_bucket`, `s3_key`, and `s3_version`.**\n" + } + }, + "required": [ + "arn", + "artifactS3Location", + "engineArn", + "executionRoleArn", + "handler", + "name", + "runConfig", + "runtimeVersion", + "schedule", + "sourceLocationArn", + "status", + "tagsAll", + "timelines" + ], + "inputProperties": { + "artifactS3Location": { + "type": "string", + "description": "Location in Amazon S3 where Synthetics stores artifacts from the test runs of this canary.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "ARN of the IAM role to be used to run the canary. see [AWS Docs](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_CreateCanary.html#API_CreateCanary_RequestSyntax) for permissions needs for IAM Role.\n" + }, + "failureRetentionPeriod": { + "type": "integer", + "description": "Number of days to retain data about failed runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.\n" + }, + "handler": { + "type": "string", + "description": "Entry point to use for the source code when running the canary. This value must end with the string `.handler` .\n" + }, + "name": { + "type": "string", + "description": "Name for this canary. Has a maximum length of 21 characters. Valid characters are lowercase alphanumeric, hyphen, or underscore.\n" + }, + "runConfig": { + "$ref": "#/types/aws:synthetics/CanaryRunConfig:CanaryRunConfig", + "description": "Configuration block for individual canary runs. Detailed below.\n" + }, + "runtimeVersion": { + "type": "string", + "description": "Runtime version to use for the canary. Versions change often so consult the [Amazon CloudWatch documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library.html) for the latest valid versions. Values include `syn-python-selenium-1.0`, `syn-nodejs-puppeteer-3.0`, `syn-nodejs-2.2`, `syn-nodejs-2.1`, `syn-nodejs-2.0`, and `syn-1.0`.\n" + }, + "s3Bucket": { + "type": "string", + "description": "Full bucket name which is used if your canary script is located in S3. The bucket must already exist. Specify the full bucket name including s3:// as the start of the bucket name. **Conflicts with `zip_file`.**\n" + }, + "s3Key": { + "type": "string", + "description": "S3 key of your script. **Conflicts with `zip_file`.**\n" + }, + "s3Version": { + "type": "string", + "description": "S3 version ID of your script. **Conflicts with `zip_file`.**\n" + }, + "schedule": { + "$ref": "#/types/aws:synthetics/CanarySchedule:CanarySchedule", + "description": "Configuration block providing how often the canary is to run and when these test runs are to stop. Detailed below.\n" + }, + "startCanary": { + "type": "boolean", + "description": "Whether to run or stop the canary.\n" + }, + "successRetentionPeriod": { + "type": "integer", + "description": "Number of days to retain data about successful runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:synthetics/CanaryVpcConfig:CanaryVpcConfig", + "description": "Configuration block. Detailed below.\n" + }, + "zipFile": { + "type": "string", + "description": "ZIP file that contains the script, if you input your canary script directly into the canary instead of referring to an S3 location. It can be up to 5 MB. **Conflicts with `s3_bucket`, `s3_key`, and `s3_version`.**\n" + } + }, + "requiredInputs": [ + "artifactS3Location", + "executionRoleArn", + "handler", + "runtimeVersion", + "schedule" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Canary resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Canary.\n" + }, + "artifactS3Location": { + "type": "string", + "description": "Location in Amazon S3 where Synthetics stores artifacts from the test runs of this canary.\n" + }, + "engineArn": { + "type": "string", + "description": "ARN of the Lambda function that is used as your canary's engine.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "ARN of the IAM role to be used to run the canary. see [AWS Docs](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_CreateCanary.html#API_CreateCanary_RequestSyntax) for permissions needs for IAM Role.\n" + }, + "failureRetentionPeriod": { + "type": "integer", + "description": "Number of days to retain data about failed runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.\n" + }, + "handler": { + "type": "string", + "description": "Entry point to use for the source code when running the canary. This value must end with the string `.handler` .\n" + }, + "name": { + "type": "string", + "description": "Name for this canary. Has a maximum length of 21 characters. Valid characters are lowercase alphanumeric, hyphen, or underscore.\n" + }, + "runConfig": { + "$ref": "#/types/aws:synthetics/CanaryRunConfig:CanaryRunConfig", + "description": "Configuration block for individual canary runs. Detailed below.\n" + }, + "runtimeVersion": { + "type": "string", + "description": "Runtime version to use for the canary. Versions change often so consult the [Amazon CloudWatch documentation](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_Library.html) for the latest valid versions. Values include `syn-python-selenium-1.0`, `syn-nodejs-puppeteer-3.0`, `syn-nodejs-2.2`, `syn-nodejs-2.1`, `syn-nodejs-2.0`, and `syn-1.0`.\n" + }, + "s3Bucket": { + "type": "string", + "description": "Full bucket name which is used if your canary script is located in S3. The bucket must already exist. Specify the full bucket name including s3:// as the start of the bucket name. **Conflicts with `zip_file`.**\n" + }, + "s3Key": { + "type": "string", + "description": "S3 key of your script. **Conflicts with `zip_file`.**\n" + }, + "s3Version": { + "type": "string", + "description": "S3 version ID of your script. **Conflicts with `zip_file`.**\n" + }, + "schedule": { + "$ref": "#/types/aws:synthetics/CanarySchedule:CanarySchedule", + "description": "Configuration block providing how often the canary is to run and when these test runs are to stop. Detailed below.\n" + }, + "sourceLocationArn": { + "type": "string", + "description": "ARN of the Lambda layer where Synthetics stores the canary script code.\n" + }, + "startCanary": { + "type": "boolean", + "description": "Whether to run or stop the canary.\n" + }, + "status": { + "type": "string", + "description": "Canary status.\n" + }, + "successRetentionPeriod": { + "type": "integer", + "description": "Number of days to retain data about successful runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "timelines": { + "type": "array", + "items": { + "$ref": "#/types/aws:synthetics/CanaryTimeline:CanaryTimeline" + }, + "description": "Structure that contains information about when the canary was created, modified, and most recently run. see Timeline.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:synthetics/CanaryVpcConfig:CanaryVpcConfig", + "description": "Configuration block. Detailed below.\n" + }, + "zipFile": { + "type": "string", + "description": "ZIP file that contains the script, if you input your canary script directly into the canary instead of referring to an S3 location. It can be up to 5 MB. **Conflicts with `s3_bucket`, `s3_key`, and `s3_version`.**\n" + } + }, + "type": "object" + } + }, + "aws:timestreamwrite/database:Database": { + "description": "Provides a Timestream database resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.timestreamwrite.Database(\"example\", {\n databaseName: \"database-example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.timestreamwrite.Database(\"example\", database_name=\"database-example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.TimestreamWrite.Database(\"example\", new Aws.TimestreamWrite.DatabaseArgs\n {\n DatabaseName = \"database-example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/timestreamwrite\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := timestreamwrite.NewDatabase(ctx, \"example\", ×treamwrite.DatabaseArgs{\n\t\t\tDatabaseName: pulumi.String(\"database-example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Full usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.timestreamwrite.Database(\"example\", {\n databaseName: \"database-example\",\n kmsKeyId: aws_kms_key.example.arn,\n tags: {\n Name: \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.timestreamwrite.Database(\"example\",\n database_name=\"database-example\",\n kms_key_id=aws_kms_key[\"example\"][\"arn\"],\n tags={\n \"Name\": \"value\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.TimestreamWrite.Database(\"example\", new Aws.TimestreamWrite.DatabaseArgs\n {\n DatabaseName = \"database-example\",\n KmsKeyId = aws_kms_key.Example.Arn,\n Tags = \n {\n { \"Name\", \"value\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/timestreamwrite\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := timestreamwrite.NewDatabase(ctx, \"example\", ×treamwrite.DatabaseArgs{\n\t\t\tDatabaseName: pulumi.String(\"database-example\"),\n\t\t\tKmsKeyId: pulumi.Any(aws_kms_key.Example.Arn),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTimestream databases can be imported using the `database_name`, e.g.\n\n```sh\n $ pulumi import aws:timestreamwrite/database:Database example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN that uniquely identifies this database.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the Timestream database. Minimum length of 3. Maximum length of 64.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN (not Alias ARN) of the KMS key to be used to encrypt the data stored in the database. If the KMS key is not specified, the database will be encrypted with a Timestream managed KMS key located in your account. Refer to [AWS managed KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) for more info.\n" + }, + "tableCount": { + "type": "integer", + "description": "The total number of tables found within the Timestream database.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "databaseName", + "kmsKeyId", + "tableCount", + "tagsAll" + ], + "inputProperties": { + "databaseName": { + "type": "string", + "description": "The name of the Timestream database. Minimum length of 3. Maximum length of 64.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN (not Alias ARN) of the KMS key to be used to encrypt the data stored in the database. If the KMS key is not specified, the database will be encrypted with a Timestream managed KMS key located in your account. Refer to [AWS managed KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) for more info.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "databaseName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Database resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN that uniquely identifies this database.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the Timestream database. Minimum length of 3. Maximum length of 64.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN (not Alias ARN) of the KMS key to be used to encrypt the data stored in the database. If the KMS key is not specified, the database will be encrypted with a Timestream managed KMS key located in your account. Refer to [AWS managed KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) for more info.\n" + }, + "tableCount": { + "type": "integer", + "description": "The total number of tables found within the Timestream database.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:timestreamwrite/table:Table": { + "description": "Provides a Timestream table resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.timestreamwrite.Table(\"example\", {\n databaseName: aws_timestreamwrite_database.example.database_name,\n tableName: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.timestreamwrite.Table(\"example\",\n database_name=aws_timestreamwrite_database[\"example\"][\"database_name\"],\n table_name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.TimestreamWrite.Table(\"example\", new Aws.TimestreamWrite.TableArgs\n {\n DatabaseName = aws_timestreamwrite_database.Example.Database_name,\n TableName = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/timestreamwrite\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := timestreamwrite.NewTable(ctx, \"example\", ×treamwrite.TableArgs{\n\t\t\tDatabaseName: pulumi.Any(aws_timestreamwrite_database.Example.Database_name),\n\t\t\tTableName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Full usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.timestreamwrite.Table(\"example\", {\n databaseName: aws_timestreamwrite_database.example.database_name,\n tableName: \"example\",\n retentionProperties: {\n magneticStoreRetentionPeriodInDays: 30,\n memoryStoreRetentionPeriodInHours: 8,\n },\n tags: {\n Name: \"example-timestream-table\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.timestreamwrite.Table(\"example\",\n database_name=aws_timestreamwrite_database[\"example\"][\"database_name\"],\n table_name=\"example\",\n retention_properties=aws.timestreamwrite.TableRetentionPropertiesArgs(\n magnetic_store_retention_period_in_days=30,\n memory_store_retention_period_in_hours=8,\n ),\n tags={\n \"Name\": \"example-timestream-table\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.TimestreamWrite.Table(\"example\", new Aws.TimestreamWrite.TableArgs\n {\n DatabaseName = aws_timestreamwrite_database.Example.Database_name,\n TableName = \"example\",\n RetentionProperties = new Aws.TimestreamWrite.Inputs.TableRetentionPropertiesArgs\n {\n MagneticStoreRetentionPeriodInDays = 30,\n MemoryStoreRetentionPeriodInHours = 8,\n },\n Tags = \n {\n { \"Name\", \"example-timestream-table\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/timestreamwrite\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := timestreamwrite.NewTable(ctx, \"example\", ×treamwrite.TableArgs{\n\t\t\tDatabaseName: pulumi.Any(aws_timestreamwrite_database.Example.Database_name),\n\t\t\tTableName: pulumi.String(\"example\"),\n\t\t\tRetentionProperties: ×treamwrite.TableRetentionPropertiesArgs{\n\t\t\t\tMagneticStoreRetentionPeriodInDays: pulumi.Int(30),\n\t\t\t\tMemoryStoreRetentionPeriodInHours: pulumi.Int(8),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example-timestream-table\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTimestream tables can be imported using the `table_name` and `database_name` separate by a colon (`:`), e.g.\n\n```sh\n $ pulumi import aws:timestreamwrite/table:Table example ExampleTable:ExampleDatabase\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN that uniquely identifies this table.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the Timestream database.\n" + }, + "retentionProperties": { + "$ref": "#/types/aws:timestreamwrite/TableRetentionProperties:TableRetentionProperties", + "description": "The retention duration for the memory store and magnetic store. See Retention Properties below for more details. If not provided, `magnetic_store_retention_period_in_days` default to 73000 and `memory_store_retention_period_in_hours` defaults to 6.\n" + }, + "tableName": { + "type": "string", + "description": "The name of the Timestream table.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "required": [ + "arn", + "databaseName", + "retentionProperties", + "tableName", + "tagsAll" + ], + "inputProperties": { + "databaseName": { + "type": "string", + "description": "The name of the Timestream database.\n" + }, + "retentionProperties": { + "$ref": "#/types/aws:timestreamwrite/TableRetentionProperties:TableRetentionProperties", + "description": "The retention duration for the memory store and magnetic store. See Retention Properties below for more details. If not provided, `magnetic_store_retention_period_in_days` default to 73000 and `memory_store_retention_period_in_hours` defaults to 6.\n" + }, + "tableName": { + "type": "string", + "description": "The name of the Timestream table.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "requiredInputs": [ + "databaseName", + "tableName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Table resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN that uniquely identifies this table.\n" + }, + "databaseName": { + "type": "string", + "description": "The name of the Timestream database.\n" + }, + "retentionProperties": { + "$ref": "#/types/aws:timestreamwrite/TableRetentionProperties:TableRetentionProperties", + "description": "The retention duration for the memory store and magnetic store. See Retention Properties below for more details. If not provided, `magnetic_store_retention_period_in_days` default to 73000 and `memory_store_retention_period_in_hours` defaults to 6.\n" + }, + "tableName": { + "type": "string", + "description": "The name of the Timestream table.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + } + }, + "type": "object" + } + }, + "aws:transfer/server:Server": { + "description": "Provides a AWS Transfer Server resource.\n\n> **NOTE on AWS IAM permissions:** If the `endpoint_type` is set to `VPC`, the `ec2:DescribeVpcEndpoints` and `ec2:ModifyVpcEndpoint` [actions](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonec2.html#amazonec2-actions-as-permissions) are used.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n tags: {\n Name: \"Example\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\", tags={\n \"Name\": \"Example\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Transfer.Server(\"example\", new Aws.Transfer.ServerArgs\n {\n Tags = \n {\n { \"Name\", \"Example\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", &transfer.ServerArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"Example\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Security Policy Name\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n securityPolicyName: \"TransferSecurityPolicy-2020-06\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\", security_policy_name=\"TransferSecurityPolicy-2020-06\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Transfer.Server(\"example\", new Aws.Transfer.ServerArgs\n {\n SecurityPolicyName = \"TransferSecurityPolicy-2020-06\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", &transfer.ServerArgs{\n\t\t\tSecurityPolicyName: pulumi.String(\"TransferSecurityPolicy-2020-06\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### VPC Endpoint\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n endpointType: \"VPC\",\n endpointDetails: {\n addressAllocationIds: [aws_eip.example.id],\n subnetIds: [aws_subnet.example.id],\n vpcId: aws_vpc.example.id,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\",\n endpoint_type=\"VPC\",\n endpoint_details=aws.transfer.ServerEndpointDetailsArgs(\n address_allocation_ids=[aws_eip[\"example\"][\"id\"]],\n subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n vpc_id=aws_vpc[\"example\"][\"id\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Transfer.Server(\"example\", new Aws.Transfer.ServerArgs\n {\n EndpointType = \"VPC\",\n EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs\n {\n AddressAllocationIds = \n {\n aws_eip.Example.Id,\n },\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n VpcId = aws_vpc.Example.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", &transfer.ServerArgs{\n\t\t\tEndpointType: pulumi.String(\"VPC\"),\n\t\t\tEndpointDetails: &transfer.ServerEndpointDetailsArgs{\n\t\t\t\tAddressAllocationIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_eip.Example.Id),\n\t\t\t\t},\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Protocols\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.transfer.Server(\"example\", {\n endpointType: \"VPC\",\n endpointDetails: {\n subnetIds: [aws_subnet.example.id],\n vpcId: aws_vpc.example.id,\n },\n protocols: [\n \"FTP\",\n \"FTPS\",\n ],\n certificate: aws_acm_certificate.example.arn,\n identityProviderType: \"API_GATEWAY\",\n url: `${aws_api_gateway_deployment.example.invoke_url}${aws_api_gateway_resource.example.path}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.Server(\"example\",\n endpoint_type=\"VPC\",\n endpoint_details=aws.transfer.ServerEndpointDetailsArgs(\n subnet_ids=[aws_subnet[\"example\"][\"id\"]],\n vpc_id=aws_vpc[\"example\"][\"id\"],\n ),\n protocols=[\n \"FTP\",\n \"FTPS\",\n ],\n certificate=aws_acm_certificate[\"example\"][\"arn\"],\n identity_provider_type=\"API_GATEWAY\",\n url=f\"{aws_api_gateway_deployment['example']['invoke_url']}{aws_api_gateway_resource['example']['path']}\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Transfer.Server(\"example\", new Aws.Transfer.ServerArgs\n {\n EndpointType = \"VPC\",\n EndpointDetails = new Aws.Transfer.Inputs.ServerEndpointDetailsArgs\n {\n SubnetIds = \n {\n aws_subnet.Example.Id,\n },\n VpcId = aws_vpc.Example.Id,\n },\n Protocols = \n {\n \"FTP\",\n \"FTPS\",\n },\n Certificate = aws_acm_certificate.Example.Arn,\n IdentityProviderType = \"API_GATEWAY\",\n Url = $\"{aws_api_gateway_deployment.Example.Invoke_url}{aws_api_gateway_resource.Example.Path}\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.NewServer(ctx, \"example\", &transfer.ServerArgs{\n\t\t\tEndpointType: pulumi.String(\"VPC\"),\n\t\t\tEndpointDetails: &transfer.ServerEndpointDetailsArgs{\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\tpulumi.Any(aws_subnet.Example.Id),\n\t\t\t\t},\n\t\t\t\tVpcId: pulumi.Any(aws_vpc.Example.Id),\n\t\t\t},\n\t\t\tProtocols: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"FTP\"),\n\t\t\t\tpulumi.String(\"FTPS\"),\n\t\t\t},\n\t\t\tCertificate: pulumi.Any(aws_acm_certificate.Example.Arn),\n\t\t\tIdentityProviderType: pulumi.String(\"API_GATEWAY\"),\n\t\t\tUrl: pulumi.String(fmt.Sprintf(\"%v%v\", aws_api_gateway_deployment.Example.Invoke_url, aws_api_gateway_resource.Example.Path)),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTransfer Servers can be imported using the `server id`, e.g.\n\n```sh\n $ pulumi import aws:transfer/server:Server example s-12345678\n```\n\n Certain resource arguments, such as `host_key`, cannot be read via the API and imported into the provider. This provider will display a difference for these arguments the first run after import if declared in the provider configuration for an imported resource. ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Transfer Server\n" + }, + "certificate": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when `protocols` is set to `FTPS`\n" + }, + "domain": { + "type": "string", + "description": "The domain of the storage system that is used for file transfers. Valid values are: `S3` and `EFS`. The default value is `S3`.\n" + }, + "endpoint": { + "type": "string", + "description": "The endpoint of the Transfer Server (e.g. `s-12345678.server.transfer.REGION.amazonaws.com`)\n" + }, + "endpointDetails": { + "$ref": "#/types/aws:transfer/ServerEndpointDetails:ServerEndpointDetails", + "description": "The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC` (or `VPC_ENDPOINT`), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`. Defaults to `PUBLIC`.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. This option only applies to servers configured with a `SERVICE_MANAGED` `identity_provider_type`.\n" + }, + "hostKey": { + "type": "string", + "description": "RSA private key (e.g. as generated by the `ssh-keygen -N \"\" -m PEM -f my-new-server-key` command).\n" + }, + "hostKeyFingerprint": { + "type": "string", + "description": "This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the `ssh-keygen -l -E md5 -f my-new-server-key` command.\n" + }, + "identityProviderType": { + "type": "string", + "description": "The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.\n" + }, + "invocationRole": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identity_provider_type` of `API_GATEWAY`.\n" + }, + "loggingRole": { + "type": "string", + "description": "Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.\n" + }, + "protocols": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to `SFTP` . The available protocols are:\n* `SFTP`: File transfer over SSH\n* `FTPS`: File transfer with TLS encryption\n* `FTP`: Unencrypted file transfer\n" + }, + "securityPolicyName": { + "type": "string", + "description": "Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, and `TransferSecurityPolicy-FIPS-2020-06`. Default value is: `TransferSecurityPolicy-2018-11`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "url": { + "type": "string", + "description": "- URL of the service endpoint used to authenticate users with an `identity_provider_type` of `API_GATEWAY`.\n" + } + }, + "required": [ + "arn", + "endpoint", + "hostKeyFingerprint", + "protocols", + "tagsAll" + ], + "inputProperties": { + "certificate": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when `protocols` is set to `FTPS`\n" + }, + "domain": { + "type": "string", + "description": "The domain of the storage system that is used for file transfers. Valid values are: `S3` and `EFS`. The default value is `S3`.\n" + }, + "endpointDetails": { + "$ref": "#/types/aws:transfer/ServerEndpointDetails:ServerEndpointDetails", + "description": "The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC` (or `VPC_ENDPOINT`), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`. Defaults to `PUBLIC`.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. This option only applies to servers configured with a `SERVICE_MANAGED` `identity_provider_type`.\n" + }, + "hostKey": { + "type": "string", + "description": "RSA private key (e.g. as generated by the `ssh-keygen -N \"\" -m PEM -f my-new-server-key` command).\n" + }, + "identityProviderType": { + "type": "string", + "description": "The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.\n" + }, + "invocationRole": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identity_provider_type` of `API_GATEWAY`.\n" + }, + "loggingRole": { + "type": "string", + "description": "Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.\n" + }, + "protocols": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to `SFTP` . The available protocols are:\n* `SFTP`: File transfer over SSH\n* `FTPS`: File transfer with TLS encryption\n* `FTP`: Unencrypted file transfer\n" + }, + "securityPolicyName": { + "type": "string", + "description": "Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, and `TransferSecurityPolicy-FIPS-2020-06`. Default value is: `TransferSecurityPolicy-2018-11`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "url": { + "type": "string", + "description": "- URL of the service endpoint used to authenticate users with an `identity_provider_type` of `API_GATEWAY`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Server resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Transfer Server\n" + }, + "certificate": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. This is required when `protocols` is set to `FTPS`\n" + }, + "domain": { + "type": "string", + "description": "The domain of the storage system that is used for file transfers. Valid values are: `S3` and `EFS`. The default value is `S3`.\n" + }, + "endpoint": { + "type": "string", + "description": "The endpoint of the Transfer Server (e.g. `s-12345678.server.transfer.REGION.amazonaws.com`)\n" + }, + "endpointDetails": { + "$ref": "#/types/aws:transfer/ServerEndpointDetails:ServerEndpointDetails", + "description": "The virtual private cloud (VPC) endpoint settings that you want to configure for your SFTP server. Fields documented below.\n" + }, + "endpointType": { + "type": "string", + "description": "The type of endpoint that you want your SFTP server connect to. If you connect to a `VPC` (or `VPC_ENDPOINT`), your SFTP server isn't accessible over the public internet. If you want to connect your SFTP server via public internet, set `PUBLIC`. Defaults to `PUBLIC`.\n" + }, + "forceDestroy": { + "type": "boolean", + "description": "A boolean that indicates all users associated with the server should be deleted so that the Server can be destroyed without error. The default value is `false`. This option only applies to servers configured with a `SERVICE_MANAGED` `identity_provider_type`.\n" + }, + "hostKey": { + "type": "string", + "description": "RSA private key (e.g. as generated by the `ssh-keygen -N \"\" -m PEM -f my-new-server-key` command).\n" + }, + "hostKeyFingerprint": { + "type": "string", + "description": "This value contains the message-digest algorithm (MD5) hash of the server's host key. This value is equivalent to the output of the `ssh-keygen -l -E md5 -f my-new-server-key` command.\n" + }, + "identityProviderType": { + "type": "string", + "description": "The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.\n" + }, + "invocationRole": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identity_provider_type` of `API_GATEWAY`.\n" + }, + "loggingRole": { + "type": "string", + "description": "Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.\n" + }, + "protocols": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. This defaults to `SFTP` . The available protocols are:\n* `SFTP`: File transfer over SSH\n* `FTPS`: File transfer with TLS encryption\n* `FTP`: Unencrypted file transfer\n" + }, + "securityPolicyName": { + "type": "string", + "description": "Specifies the name of the security policy that is attached to the server. Possible values are `TransferSecurityPolicy-2018-11`, `TransferSecurityPolicy-2020-06`, and `TransferSecurityPolicy-FIPS-2020-06`. Default value is: `TransferSecurityPolicy-2018-11`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "url": { + "type": "string", + "description": "- URL of the service endpoint used to authenticate users with an `identity_provider_type` of `API_GATEWAY`.\n" + } + }, + "type": "object" + } + }, + "aws:transfer/sshKey:SshKey": { + "description": "Provides a AWS Transfer User SSH Key resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleServer = new aws.transfer.Server(\"exampleServer\", {\n identityProviderType: \"SERVICE_MANAGED\",\n tags: {\n NAME: \"tf-acc-test-transfer-server\",\n },\n});\nconst exampleRole = new aws.iam.Role(\"exampleRole\", {assumeRolePolicy: `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\"Effect\": \"Allow\",\n\t\t\"Principal\": {\n\t\t\t\"Service\": \"transfer.amazonaws.com\"\n\t\t},\n\t\t\"Action\": \"sts:AssumeRole\"\n\t\t}\n\t]\n}\n`});\nconst exampleUser = new aws.transfer.User(\"exampleUser\", {\n serverId: exampleServer.id,\n userName: \"tftestuser\",\n role: exampleRole.arn,\n tags: {\n NAME: \"tftestuser\",\n },\n});\nconst exampleSshKey = new aws.transfer.SshKey(\"exampleSshKey\", {\n serverId: exampleServer.id,\n userName: exampleUser.userName,\n body: \"... SSH key ...\",\n});\nconst exampleRolePolicy = new aws.iam.RolePolicy(\"exampleRolePolicy\", {\n role: exampleRole.id,\n policy: `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Sid\": \"AllowFullAccesstoS3\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"s3:*\"\n\t\t\t],\n\t\t\t\"Resource\": \"*\"\n\t\t}\n\t]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_server = aws.transfer.Server(\"exampleServer\",\n identity_provider_type=\"SERVICE_MANAGED\",\n tags={\n \"NAME\": \"tf-acc-test-transfer-server\",\n })\nexample_role = aws.iam.Role(\"exampleRole\", assume_role_policy=\"\"\"{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\"Effect\": \"Allow\",\n\t\t\"Principal\": {\n\t\t\t\"Service\": \"transfer.amazonaws.com\"\n\t\t},\n\t\t\"Action\": \"sts:AssumeRole\"\n\t\t}\n\t]\n}\n\"\"\")\nexample_user = aws.transfer.User(\"exampleUser\",\n server_id=example_server.id,\n user_name=\"tftestuser\",\n role=example_role.arn,\n tags={\n \"NAME\": \"tftestuser\",\n })\nexample_ssh_key = aws.transfer.SshKey(\"exampleSshKey\",\n server_id=example_server.id,\n user_name=example_user.user_name,\n body=\"... SSH key ...\")\nexample_role_policy = aws.iam.RolePolicy(\"exampleRolePolicy\",\n role=example_role.id,\n policy=\"\"\"{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Sid\": \"AllowFullAccesstoS3\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"s3:*\"\n\t\t\t],\n\t\t\t\"Resource\": \"*\"\n\t\t}\n\t]\n}\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleServer = new Aws.Transfer.Server(\"exampleServer\", new Aws.Transfer.ServerArgs\n {\n IdentityProviderType = \"SERVICE_MANAGED\",\n Tags = \n {\n { \"NAME\", \"tf-acc-test-transfer-server\" },\n },\n });\n var exampleRole = new Aws.Iam.Role(\"exampleRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{\n\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\"\"Principal\"\": {\n\t\t\t\"\"Service\"\": \"\"transfer.amazonaws.com\"\"\n\t\t},\n\t\t\"\"Action\"\": \"\"sts:AssumeRole\"\"\n\t\t}\n\t]\n}\n\",\n });\n var exampleUser = new Aws.Transfer.User(\"exampleUser\", new Aws.Transfer.UserArgs\n {\n ServerId = exampleServer.Id,\n UserName = \"tftestuser\",\n Role = exampleRole.Arn,\n Tags = \n {\n { \"NAME\", \"tftestuser\" },\n },\n });\n var exampleSshKey = new Aws.Transfer.SshKey(\"exampleSshKey\", new Aws.Transfer.SshKeyArgs\n {\n ServerId = exampleServer.Id,\n UserName = exampleUser.UserName,\n Body = \"... SSH key ...\",\n });\n var exampleRolePolicy = new Aws.Iam.RolePolicy(\"exampleRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = exampleRole.Id,\n Policy = @\"{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{\n\t\t\t\"\"Sid\"\": \"\"AllowFullAccesstoS3\"\",\n\t\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\t\"\"Action\"\": [\n\t\t\t\t\"\"s3:*\"\"\n\t\t\t],\n\t\t\t\"\"Resource\"\": \"\"*\"\"\n\t\t}\n\t]\n}\n\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleServer, err := transfer.NewServer(ctx, \"exampleServer\", &transfer.ServerArgs{\n\t\t\tIdentityProviderType: pulumi.String(\"SERVICE_MANAGED\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"NAME\": pulumi.String(\"tf-acc-test-transfer-server\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleRole, err := iam.NewRole(ctx, \"exampleRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \"\t\\\"Version\\\": \\\"2012-10-17\\\",\\n\", \"\t\\\"Statement\\\": [\\n\", \"\t\t{\\n\", \"\t\t\\\"Effect\\\": \\\"Allow\\\",\\n\", \"\t\t\\\"Principal\\\": {\\n\", \"\t\t\t\\\"Service\\\": \\\"transfer.amazonaws.com\\\"\\n\", \"\t\t},\\n\", \"\t\t\\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \"\t\t}\\n\", \"\t]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleUser, err := transfer.NewUser(ctx, \"exampleUser\", &transfer.UserArgs{\n\t\t\tServerId: exampleServer.ID(),\n\t\t\tUserName: pulumi.String(\"tftestuser\"),\n\t\t\tRole: exampleRole.Arn,\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"NAME\": pulumi.String(\"tftestuser\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transfer.NewSshKey(ctx, \"exampleSshKey\", &transfer.SshKeyArgs{\n\t\t\tServerId: exampleServer.ID(),\n\t\t\tUserName: exampleUser.UserName,\n\t\t\tBody: pulumi.String(\"... SSH key ...\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"exampleRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: exampleRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \"\t\\\"Version\\\": \\\"2012-10-17\\\",\\n\", \"\t\\\"Statement\\\": [\\n\", \"\t\t{\\n\", \"\t\t\t\\\"Sid\\\": \\\"AllowFullAccesstoS3\\\",\\n\", \"\t\t\t\\\"Effect\\\": \\\"Allow\\\",\\n\", \"\t\t\t\\\"Action\\\": [\\n\", \"\t\t\t\t\\\"s3:*\\\"\\n\", \"\t\t\t],\\n\", \"\t\t\t\\\"Resource\\\": \\\"*\\\"\\n\", \"\t\t}\\n\", \"\t]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTransfer SSH Public Key can be imported using the `server_id` and `user_name` and `ssh_public_key_id` separated by `/`.\n\n```sh\n $ pulumi import aws:transfer/sshKey:SshKey bar s-12345678/test-username/key-12345\n```\n\n ", + "properties": { + "body": { + "type": "string", + "description": "The public key portion of an SSH key pair.\n" + }, + "serverId": { + "type": "string", + "description": "The Server ID of the Transfer Server (e.g. `s-12345678`)\n" + }, + "userName": { + "type": "string", + "description": "The name of the user account that is assigned to one or more servers.\n" + } + }, + "required": [ + "body", + "serverId", + "userName" + ], + "inputProperties": { + "body": { + "type": "string", + "description": "The public key portion of an SSH key pair.\n" + }, + "serverId": { + "type": "string", + "description": "The Server ID of the Transfer Server (e.g. `s-12345678`)\n" + }, + "userName": { + "type": "string", + "description": "The name of the user account that is assigned to one or more servers.\n" + } + }, + "requiredInputs": [ + "body", + "serverId", + "userName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SshKey resources.\n", + "properties": { + "body": { + "type": "string", + "description": "The public key portion of an SSH key pair.\n" + }, + "serverId": { + "type": "string", + "description": "The Server ID of the Transfer Server (e.g. `s-12345678`)\n" + }, + "userName": { + "type": "string", + "description": "The name of the user account that is assigned to one or more servers.\n" + } + }, + "type": "object" + } + }, + "aws:transfer/user:User": { + "description": "Provides a AWS Transfer User resource. Managing SSH keys can be accomplished with the `aws.transfer.SshKey` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooServer = new aws.transfer.Server(\"fooServer\", {\n identityProviderType: \"SERVICE_MANAGED\",\n tags: {\n NAME: \"tf-acc-test-transfer-server\",\n },\n});\nconst fooRole = new aws.iam.Role(\"fooRole\", {assumeRolePolicy: `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\"Effect\": \"Allow\",\n\t\t\"Principal\": {\n\t\t\t\"Service\": \"transfer.amazonaws.com\"\n\t\t},\n\t\t\"Action\": \"sts:AssumeRole\"\n\t\t}\n\t]\n}\n`});\nconst fooRolePolicy = new aws.iam.RolePolicy(\"fooRolePolicy\", {\n role: fooRole.id,\n policy: `{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Sid\": \"AllowFullAccesstoS3\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"s3:*\"\n\t\t\t],\n\t\t\t\"Resource\": \"*\"\n\t\t}\n\t]\n}\n`,\n});\nconst fooUser = new aws.transfer.User(\"fooUser\", {\n serverId: fooServer.id,\n userName: \"tftestuser\",\n role: fooRole.arn,\n homeDirectoryType: \"LOGICAL\",\n homeDirectoryMappings: [{\n entry: \"/test.pdf\",\n target: \"/bucket3/test-path/tftestuser.pdf\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_server = aws.transfer.Server(\"fooServer\",\n identity_provider_type=\"SERVICE_MANAGED\",\n tags={\n \"NAME\": \"tf-acc-test-transfer-server\",\n })\nfoo_role = aws.iam.Role(\"fooRole\", assume_role_policy=\"\"\"{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\"Effect\": \"Allow\",\n\t\t\"Principal\": {\n\t\t\t\"Service\": \"transfer.amazonaws.com\"\n\t\t},\n\t\t\"Action\": \"sts:AssumeRole\"\n\t\t}\n\t]\n}\n\"\"\")\nfoo_role_policy = aws.iam.RolePolicy(\"fooRolePolicy\",\n role=foo_role.id,\n policy=\"\"\"{\n\t\"Version\": \"2012-10-17\",\n\t\"Statement\": [\n\t\t{\n\t\t\t\"Sid\": \"AllowFullAccesstoS3\",\n\t\t\t\"Effect\": \"Allow\",\n\t\t\t\"Action\": [\n\t\t\t\t\"s3:*\"\n\t\t\t],\n\t\t\t\"Resource\": \"*\"\n\t\t}\n\t]\n}\n\"\"\")\nfoo_user = aws.transfer.User(\"fooUser\",\n server_id=foo_server.id,\n user_name=\"tftestuser\",\n role=foo_role.arn,\n home_directory_type=\"LOGICAL\",\n home_directory_mappings=[aws.transfer.UserHomeDirectoryMappingArgs(\n entry=\"/test.pdf\",\n target=\"/bucket3/test-path/tftestuser.pdf\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooServer = new Aws.Transfer.Server(\"fooServer\", new Aws.Transfer.ServerArgs\n {\n IdentityProviderType = \"SERVICE_MANAGED\",\n Tags = \n {\n { \"NAME\", \"tf-acc-test-transfer-server\" },\n },\n });\n var fooRole = new Aws.Iam.Role(\"fooRole\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = @\"{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{\n\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\"\"Principal\"\": {\n\t\t\t\"\"Service\"\": \"\"transfer.amazonaws.com\"\"\n\t\t},\n\t\t\"\"Action\"\": \"\"sts:AssumeRole\"\"\n\t\t}\n\t]\n}\n\",\n });\n var fooRolePolicy = new Aws.Iam.RolePolicy(\"fooRolePolicy\", new Aws.Iam.RolePolicyArgs\n {\n Role = fooRole.Id,\n Policy = @\"{\n\t\"\"Version\"\": \"\"2012-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{\n\t\t\t\"\"Sid\"\": \"\"AllowFullAccesstoS3\"\",\n\t\t\t\"\"Effect\"\": \"\"Allow\"\",\n\t\t\t\"\"Action\"\": [\n\t\t\t\t\"\"s3:*\"\"\n\t\t\t],\n\t\t\t\"\"Resource\"\": \"\"*\"\"\n\t\t}\n\t]\n}\n\",\n });\n var fooUser = new Aws.Transfer.User(\"fooUser\", new Aws.Transfer.UserArgs\n {\n ServerId = fooServer.Id,\n UserName = \"tftestuser\",\n Role = fooRole.Arn,\n HomeDirectoryType = \"LOGICAL\",\n HomeDirectoryMappings = \n {\n new Aws.Transfer.Inputs.UserHomeDirectoryMappingArgs\n {\n Entry = \"/test.pdf\",\n Target = \"/bucket3/test-path/tftestuser.pdf\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooServer, err := transfer.NewServer(ctx, \"fooServer\", &transfer.ServerArgs{\n\t\t\tIdentityProviderType: pulumi.String(\"SERVICE_MANAGED\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"NAME\": pulumi.String(\"tf-acc-test-transfer-server\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooRole, err := iam.NewRole(ctx, \"fooRole\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \"\t\\\"Version\\\": \\\"2012-10-17\\\",\\n\", \"\t\\\"Statement\\\": [\\n\", \"\t\t{\\n\", \"\t\t\\\"Effect\\\": \\\"Allow\\\",\\n\", \"\t\t\\\"Principal\\\": {\\n\", \"\t\t\t\\\"Service\\\": \\\"transfer.amazonaws.com\\\"\\n\", \"\t\t},\\n\", \"\t\t\\\"Action\\\": \\\"sts:AssumeRole\\\"\\n\", \"\t\t}\\n\", \"\t]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRolePolicy(ctx, \"fooRolePolicy\", &iam.RolePolicyArgs{\n\t\t\tRole: fooRole.ID(),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \"\t\\\"Version\\\": \\\"2012-10-17\\\",\\n\", \"\t\\\"Statement\\\": [\\n\", \"\t\t{\\n\", \"\t\t\t\\\"Sid\\\": \\\"AllowFullAccesstoS3\\\",\\n\", \"\t\t\t\\\"Effect\\\": \\\"Allow\\\",\\n\", \"\t\t\t\\\"Action\\\": [\\n\", \"\t\t\t\t\\\"s3:*\\\"\\n\", \"\t\t\t],\\n\", \"\t\t\t\\\"Resource\\\": \\\"*\\\"\\n\", \"\t\t}\\n\", \"\t]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = transfer.NewUser(ctx, \"fooUser\", &transfer.UserArgs{\n\t\t\tServerId: fooServer.ID(),\n\t\t\tUserName: pulumi.String(\"tftestuser\"),\n\t\t\tRole: fooRole.Arn,\n\t\t\tHomeDirectoryType: pulumi.String(\"LOGICAL\"),\n\t\t\tHomeDirectoryMappings: transfer.UserHomeDirectoryMappingArray{\n\t\t\t\t&transfer.UserHomeDirectoryMappingArgs{\n\t\t\t\t\tEntry: pulumi.String(\"/test.pdf\"),\n\t\t\t\t\tTarget: pulumi.String(\"/bucket3/test-path/tftestuser.pdf\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nTransfer Users can be imported using the `server_id` and `user_name` separated by `/`.\n\n```sh\n $ pulumi import aws:transfer/user:User bar s-12345678/test-username\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Transfer User\n" + }, + "homeDirectory": { + "type": "string", + "description": "The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a `/`. The first item in the path is the name of the home bucket (accessible as `${Transfer:HomeBucket}` in the policy) and the rest is the home directory (accessible as `${Transfer:HomeDirectory}` in the policy). For example, `/example-bucket-1234/username` would set the home bucket to `example-bucket-1234` and the home directory to `username`.\n" + }, + "homeDirectoryMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:transfer/UserHomeDirectoryMapping:UserHomeDirectoryMapping" + }, + "description": "Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.\n" + }, + "homeDirectoryType": { + "type": "string", + "description": "The type of landing directory (folder) you mapped for your users' home directory. Valid values are `PATH` and `LOGICAL`.\n" + }, + "policy": { + "type": "string", + "description": "An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include `${Transfer:UserName}`, `${Transfer:HomeDirectory}`, and `${Transfer:HomeBucket}`. These are evaluated on-the-fly when navigating the bucket.\n" + }, + "posixProfile": { + "$ref": "#/types/aws:transfer/UserPosixProfile:UserPosixProfile", + "description": "Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.\n" + }, + "role": { + "type": "string", + "description": "Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.\n" + }, + "serverId": { + "type": "string", + "description": "The Server ID of the Transfer Server (e.g. `s-12345678`)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "userName": { + "type": "string", + "description": "The name used for log in to your SFTP server.\n" + } + }, + "required": [ + "arn", + "role", + "serverId", + "tagsAll", + "userName" + ], + "inputProperties": { + "homeDirectory": { + "type": "string", + "description": "The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a `/`. The first item in the path is the name of the home bucket (accessible as `${Transfer:HomeBucket}` in the policy) and the rest is the home directory (accessible as `${Transfer:HomeDirectory}` in the policy). For example, `/example-bucket-1234/username` would set the home bucket to `example-bucket-1234` and the home directory to `username`.\n" + }, + "homeDirectoryMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:transfer/UserHomeDirectoryMapping:UserHomeDirectoryMapping" + }, + "description": "Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.\n" + }, + "homeDirectoryType": { + "type": "string", + "description": "The type of landing directory (folder) you mapped for your users' home directory. Valid values are `PATH` and `LOGICAL`.\n" + }, + "policy": { + "type": "string", + "description": "An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include `${Transfer:UserName}`, `${Transfer:HomeDirectory}`, and `${Transfer:HomeBucket}`. These are evaluated on-the-fly when navigating the bucket.\n" + }, + "posixProfile": { + "$ref": "#/types/aws:transfer/UserPosixProfile:UserPosixProfile", + "description": "Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.\n" + }, + "role": { + "type": "string", + "description": "Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.\n" + }, + "serverId": { + "type": "string", + "description": "The Server ID of the Transfer Server (e.g. `s-12345678`)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "userName": { + "type": "string", + "description": "The name used for log in to your SFTP server.\n" + } + }, + "requiredInputs": [ + "role", + "serverId", + "userName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering User resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Transfer User\n" + }, + "homeDirectory": { + "type": "string", + "description": "The landing directory (folder) for a user when they log in to the server using their SFTP client. It should begin with a `/`. The first item in the path is the name of the home bucket (accessible as `${Transfer:HomeBucket}` in the policy) and the rest is the home directory (accessible as `${Transfer:HomeDirectory}` in the policy). For example, `/example-bucket-1234/username` would set the home bucket to `example-bucket-1234` and the home directory to `username`.\n" + }, + "homeDirectoryMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:transfer/UserHomeDirectoryMapping:UserHomeDirectoryMapping" + }, + "description": "Logical directory mappings that specify what S3 paths and keys should be visible to your user and how you want to make them visible. See Home Directory Mappings below.\n" + }, + "homeDirectoryType": { + "type": "string", + "description": "The type of landing directory (folder) you mapped for your users' home directory. Valid values are `PATH` and `LOGICAL`.\n" + }, + "policy": { + "type": "string", + "description": "An IAM JSON policy document that scopes down user access to portions of their Amazon S3 bucket. IAM variables you can use inside this policy include `${Transfer:UserName}`, `${Transfer:HomeDirectory}`, and `${Transfer:HomeBucket}`. These are evaluated on-the-fly when navigating the bucket.\n" + }, + "posixProfile": { + "$ref": "#/types/aws:transfer/UserPosixProfile:UserPosixProfile", + "description": "Specifies the full POSIX identity, including user ID (Uid), group ID (Gid), and any secondary groups IDs (SecondaryGids), that controls your users' access to your Amazon EFS file systems. See Posix Profile below.\n" + }, + "role": { + "type": "string", + "description": "Amazon Resource Name (ARN) of an IAM role that allows the service to controls your user’s access to your Amazon S3 bucket.\n" + }, + "serverId": { + "type": "string", + "description": "The Server ID of the Transfer Server (e.g. `s-12345678`)\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource. If configured with a provider `default_tags` configuration block, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider.\n" + }, + "userName": { + "type": "string", + "description": "The name used for log in to your SFTP server.\n" + } + }, + "type": "object" + } + }, + "aws:waf/byteMatchSet:ByteMatchSet": { + "description": "Provides a WAF Byte Match Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byteSet = new aws.waf.ByteMatchSet(\"byte_set\", {\n byteMatchTuples: [{\n fieldToMatch: {\n data: \"referer\",\n type: \"HEADER\",\n },\n positionalConstraint: \"CONTAINS\",\n targetString: \"badrefer1\",\n textTransformation: \"NONE\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbyte_set = aws.waf.ByteMatchSet(\"byteSet\", byte_match_tuples=[aws.waf.ByteMatchSetByteMatchTupleArgs(\n field_to_match=aws.waf.ByteMatchSetByteMatchTupleFieldToMatchArgs(\n data=\"referer\",\n type=\"HEADER\",\n ),\n positional_constraint=\"CONTAINS\",\n target_string=\"badrefer1\",\n text_transformation=\"NONE\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byteSet = new Aws.Waf.ByteMatchSet(\"byteSet\", new Aws.Waf.ByteMatchSetArgs\n {\n ByteMatchTuples = \n {\n new Aws.Waf.Inputs.ByteMatchSetByteMatchTupleArgs\n {\n FieldToMatch = new Aws.Waf.Inputs.ByteMatchSetByteMatchTupleFieldToMatchArgs\n {\n Data = \"referer\",\n Type = \"HEADER\",\n },\n PositionalConstraint = \"CONTAINS\",\n TargetString = \"badrefer1\",\n TextTransformation = \"NONE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.NewByteMatchSet(ctx, \"byteSet\", &waf.ByteMatchSetArgs{\n\t\t\tByteMatchTuples: waf.ByteMatchSetByteMatchTupleArray{\n\t\t\t\t&waf.ByteMatchSetByteMatchTupleArgs{\n\t\t\t\t\tFieldToMatch: &waf.ByteMatchSetByteMatchTupleFieldToMatchArgs{\n\t\t\t\t\t\tData: pulumi.String(\"referer\"),\n\t\t\t\t\t\tType: pulumi.String(\"HEADER\"),\n\t\t\t\t\t},\n\t\t\t\t\tPositionalConstraint: pulumi.String(\"CONTAINS\"),\n\t\t\t\t\tTargetString: pulumi.String(\"badrefer1\"),\n\t\t\t\t\tTextTransformation: pulumi.String(\"NONE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Byte Match Set can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:waf/byteMatchSet:ByteMatchSet byte_set a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "byteMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/ByteMatchSetByteMatchTuple:ByteMatchSetByteMatchTuple" + }, + "description": "Specifies the bytes (typically a string that corresponds\nwith ASCII characters) that you want to search for in web requests,\nthe location in requests that you want to search, and other settings.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Byte Match Set.\n" + } + }, + "required": [ + "name" + ], + "inputProperties": { + "byteMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/ByteMatchSetByteMatchTuple:ByteMatchSetByteMatchTuple" + }, + "description": "Specifies the bytes (typically a string that corresponds\nwith ASCII characters) that you want to search for in web requests,\nthe location in requests that you want to search, and other settings.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Byte Match Set.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ByteMatchSet resources.\n", + "properties": { + "byteMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/ByteMatchSetByteMatchTuple:ByteMatchSetByteMatchTuple" + }, + "description": "Specifies the bytes (typically a string that corresponds\nwith ASCII characters) that you want to search for in web requests,\nthe location in requests that you want to search, and other settings.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Byte Match Set.\n" + } + }, + "type": "object" + } + }, + "aws:waf/geoMatchSet:GeoMatchSet": { + "description": "Provides a WAF Geo Match Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst geoMatchSet = new aws.waf.GeoMatchSet(\"geo_match_set\", {\n geoMatchConstraints: [\n {\n type: \"Country\",\n value: \"US\",\n },\n {\n type: \"Country\",\n value: \"CA\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngeo_match_set = aws.waf.GeoMatchSet(\"geoMatchSet\", geo_match_constraints=[\n aws.waf.GeoMatchSetGeoMatchConstraintArgs(\n type=\"Country\",\n value=\"US\",\n ),\n aws.waf.GeoMatchSetGeoMatchConstraintArgs(\n type=\"Country\",\n value=\"CA\",\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var geoMatchSet = new Aws.Waf.GeoMatchSet(\"geoMatchSet\", new Aws.Waf.GeoMatchSetArgs\n {\n GeoMatchConstraints = \n {\n new Aws.Waf.Inputs.GeoMatchSetGeoMatchConstraintArgs\n {\n Type = \"Country\",\n Value = \"US\",\n },\n new Aws.Waf.Inputs.GeoMatchSetGeoMatchConstraintArgs\n {\n Type = \"Country\",\n Value = \"CA\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.NewGeoMatchSet(ctx, \"geoMatchSet\", &waf.GeoMatchSetArgs{\n\t\t\tGeoMatchConstraints: waf.GeoMatchSetGeoMatchConstraintArray{\n\t\t\t\t&waf.GeoMatchSetGeoMatchConstraintArgs{\n\t\t\t\t\tType: pulumi.String(\"Country\"),\n\t\t\t\t\tValue: pulumi.String(\"US\"),\n\t\t\t\t},\n\t\t\t\t&waf.GeoMatchSetGeoMatchConstraintArgs{\n\t\t\t\t\tType: pulumi.String(\"Country\"),\n\t\t\t\t\tValue: pulumi.String(\"CA\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Geo Match Set can be imported using their ID, e.g.\n\n```sh\n $ pulumi import aws:waf/geoMatchSet:GeoMatchSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "geoMatchConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/GeoMatchSetGeoMatchConstraint:GeoMatchSetGeoMatchConstraint" + }, + "description": "The GeoMatchConstraint objects which contain the country that you want AWS WAF to search for.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the GeoMatchSet.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "geoMatchConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/GeoMatchSetGeoMatchConstraint:GeoMatchSetGeoMatchConstraint" + }, + "description": "The GeoMatchConstraint objects which contain the country that you want AWS WAF to search for.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the GeoMatchSet.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering GeoMatchSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "geoMatchConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/GeoMatchSetGeoMatchConstraint:GeoMatchSetGeoMatchConstraint" + }, + "description": "The GeoMatchConstraint objects which contain the country that you want AWS WAF to search for.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the GeoMatchSet.\n" + } + }, + "type": "object" + } + }, + "aws:waf/ipSet:IpSet": { + "description": "Provides a WAF IPSet Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.waf.IpSet(\"ipset\", {\n ipSetDescriptors: [\n {\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n },\n {\n type: \"IPV4\",\n value: \"10.16.16.0/16\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.waf.IpSet(\"ipset\", ip_set_descriptors=[\n aws.waf.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n ),\n aws.waf.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"10.16.16.0/16\",\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ipset = new Aws.Waf.IpSet(\"ipset\", new Aws.Waf.IpSetArgs\n {\n IpSetDescriptors = \n {\n new Aws.Waf.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n new Aws.Waf.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"10.16.16.0/16\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.NewIpSet(ctx, \"ipset\", &waf.IpSetArgs{\n\t\t\tIpSetDescriptors: waf.IpSetIpSetDescriptorArray{\n\t\t\t\t&waf.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t\t&waf.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"10.16.16.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF IPSets can be imported using their ID, e.g.\n\n```sh\n $ pulumi import aws:waf/ipSet:IpSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF IPSet.\n" + }, + "ipSetDescriptors": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/IpSetIpSetDescriptor:IpSetIpSetDescriptor" + }, + "description": "One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) from which web requests originate.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the IPSet.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "ipSetDescriptors": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/IpSetIpSetDescriptor:IpSetIpSetDescriptor" + }, + "description": "One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) from which web requests originate.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the IPSet.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering IpSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF IPSet.\n" + }, + "ipSetDescriptors": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/IpSetIpSetDescriptor:IpSetIpSetDescriptor" + }, + "description": "One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR format) from which web requests originate.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the IPSet.\n" + } + }, + "type": "object" + } + }, + "aws:waf/rateBasedRule:RateBasedRule": { + "description": "Provides a WAF Rate Based Rule Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.waf.IpSet(\"ipset\", {ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n}]});\nconst wafrule = new aws.waf.RateBasedRule(\"wafrule\", {\n metricName: \"tfWAFRule\",\n rateKey: \"IP\",\n rateLimit: 100,\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n}, {\n dependsOn: [ipset],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.waf.IpSet(\"ipset\", ip_set_descriptors=[aws.waf.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n)])\nwafrule = aws.waf.RateBasedRule(\"wafrule\",\n metric_name=\"tfWAFRule\",\n rate_key=\"IP\",\n rate_limit=100,\n predicates=[aws.waf.RateBasedRulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )],\n opts=pulumi.ResourceOptions(depends_on=[ipset]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ipset = new Aws.Waf.IpSet(\"ipset\", new Aws.Waf.IpSetArgs\n {\n IpSetDescriptors = \n {\n new Aws.Waf.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n var wafrule = new Aws.Waf.RateBasedRule(\"wafrule\", new Aws.Waf.RateBasedRuleArgs\n {\n MetricName = \"tfWAFRule\",\n RateKey = \"IP\",\n RateLimit = 100,\n Predicates = \n {\n new Aws.Waf.Inputs.RateBasedRulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n ipset,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := waf.NewIpSet(ctx, \"ipset\", &waf.IpSetArgs{\n\t\t\tIpSetDescriptors: waf.IpSetIpSetDescriptorArray{\n\t\t\t\t&waf.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = waf.NewRateBasedRule(ctx, \"wafrule\", &waf.RateBasedRuleArgs{\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tRateKey: pulumi.String(\"IP\"),\n\t\t\tRateLimit: pulumi.Int(100),\n\t\t\tPredicates: waf.RateBasedRulePredicateArray{\n\t\t\t\t&waf.RateBasedRulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tipset,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Rated Based Rule can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:waf/rateBasedRule:RateBasedRule wafrule a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RateBasedRulePredicate:RateBasedRulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "rateKey": { + "type": "string", + "description": "Valid value is IP.\n" + }, + "rateLimit": { + "type": "integer", + "description": "The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "metricName", + "name", + "rateKey", + "rateLimit", + "tagsAll" + ], + "inputProperties": { + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RateBasedRulePredicate:RateBasedRulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "rateKey": { + "type": "string", + "description": "Valid value is IP.\n" + }, + "rateLimit": { + "type": "integer", + "description": "The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "metricName", + "rateKey", + "rateLimit" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RateBasedRule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RateBasedRulePredicate:RateBasedRulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "rateKey": { + "type": "string", + "description": "Valid value is IP.\n" + }, + "rateLimit": { + "type": "integer", + "description": "The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:waf/regexMatchSet:RegexMatchSet": { + "description": "Provides a WAF Regex Match Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRegexPatternSet = new aws.waf.RegexPatternSet(\"exampleRegexPatternSet\", {regexPatternStrings: [\n \"one\",\n \"two\",\n]});\nconst exampleRegexMatchSet = new aws.waf.RegexMatchSet(\"exampleRegexMatchSet\", {regexMatchTuples: [{\n fieldToMatch: {\n data: \"User-Agent\",\n type: \"HEADER\",\n },\n regexPatternSetId: exampleRegexPatternSet.id,\n textTransformation: \"NONE\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_regex_pattern_set = aws.waf.RegexPatternSet(\"exampleRegexPatternSet\", regex_pattern_strings=[\n \"one\",\n \"two\",\n])\nexample_regex_match_set = aws.waf.RegexMatchSet(\"exampleRegexMatchSet\", regex_match_tuples=[aws.waf.RegexMatchSetRegexMatchTupleArgs(\n field_to_match=aws.waf.RegexMatchSetRegexMatchTupleFieldToMatchArgs(\n data=\"User-Agent\",\n type=\"HEADER\",\n ),\n regex_pattern_set_id=example_regex_pattern_set.id,\n text_transformation=\"NONE\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRegexPatternSet = new Aws.Waf.RegexPatternSet(\"exampleRegexPatternSet\", new Aws.Waf.RegexPatternSetArgs\n {\n RegexPatternStrings = \n {\n \"one\",\n \"two\",\n },\n });\n var exampleRegexMatchSet = new Aws.Waf.RegexMatchSet(\"exampleRegexMatchSet\", new Aws.Waf.RegexMatchSetArgs\n {\n RegexMatchTuples = \n {\n new Aws.Waf.Inputs.RegexMatchSetRegexMatchTupleArgs\n {\n FieldToMatch = new Aws.Waf.Inputs.RegexMatchSetRegexMatchTupleFieldToMatchArgs\n {\n Data = \"User-Agent\",\n Type = \"HEADER\",\n },\n RegexPatternSetId = exampleRegexPatternSet.Id,\n TextTransformation = \"NONE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRegexPatternSet, err := waf.NewRegexPatternSet(ctx, \"exampleRegexPatternSet\", &waf.RegexPatternSetArgs{\n\t\t\tRegexPatternStrings: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"one\"),\n\t\t\t\tpulumi.String(\"two\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = waf.NewRegexMatchSet(ctx, \"exampleRegexMatchSet\", &waf.RegexMatchSetArgs{\n\t\t\tRegexMatchTuples: waf.RegexMatchSetRegexMatchTupleArray{\n\t\t\t\t&waf.RegexMatchSetRegexMatchTupleArgs{\n\t\t\t\t\tFieldToMatch: &waf.RegexMatchSetRegexMatchTupleFieldToMatchArgs{\n\t\t\t\t\t\tData: pulumi.String(\"User-Agent\"),\n\t\t\t\t\t\tType: pulumi.String(\"HEADER\"),\n\t\t\t\t\t},\n\t\t\t\t\tRegexPatternSetId: exampleRegexPatternSet.ID(),\n\t\t\t\t\tTextTransformation: pulumi.String(\"NONE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regex Match Set can be imported using their ID, e.g.\n\n```sh\n $ pulumi import aws:waf/regexMatchSet:RegexMatchSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Regex Match Set.\n" + }, + "regexMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RegexMatchSetRegexMatchTuple:RegexMatchSetRegexMatchTuple" + }, + "description": "The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name or description of the Regex Match Set.\n" + }, + "regexMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RegexMatchSetRegexMatchTuple:RegexMatchSetRegexMatchTuple" + }, + "description": "The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering RegexMatchSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Regex Match Set.\n" + }, + "regexMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RegexMatchSetRegexMatchTuple:RegexMatchSetRegexMatchTuple" + }, + "description": "The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.\n" + } + }, + "type": "object" + } + }, + "aws:waf/regexPatternSet:RegexPatternSet": { + "description": "Provides a WAF Regex Pattern Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.waf.RegexPatternSet(\"example\", {\n regexPatternStrings: [\n \"one\",\n \"two\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.waf.RegexPatternSet(\"example\", regex_pattern_strings=[\n \"one\",\n \"two\",\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Waf.RegexPatternSet(\"example\", new Aws.Waf.RegexPatternSetArgs\n {\n RegexPatternStrings = \n {\n \"one\",\n \"two\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.NewRegexPatternSet(ctx, \"example\", &waf.RegexPatternSetArgs{\n\t\t\tRegexPatternStrings: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"one\"),\n\t\t\t\tpulumi.String(\"two\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS WAF Regex Pattern Set can be imported using their ID, e.g.\n\n```sh\n $ pulumi import aws:waf/regexPatternSet:RegexPatternSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Regex Pattern Set.\n" + }, + "regexPatternStrings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of regular expression (regex) patterns that you want AWS WAF to search for, such as `B[a@]dB[o0]t`.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name or description of the Regex Pattern Set.\n" + }, + "regexPatternStrings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of regular expression (regex) patterns that you want AWS WAF to search for, such as `B[a@]dB[o0]t`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering RegexPatternSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Regex Pattern Set.\n" + }, + "regexPatternStrings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of regular expression (regex) patterns that you want AWS WAF to search for, such as `B[a@]dB[o0]t`.\n" + } + }, + "type": "object" + } + }, + "aws:waf/rule:Rule": { + "description": "Provides a WAF Rule Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.waf.IpSet(\"ipset\", {ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n}]});\nconst wafrule = new aws.waf.Rule(\"wafrule\", {\n metricName: \"tfWAFRule\",\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n}, {\n dependsOn: [ipset],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.waf.IpSet(\"ipset\", ip_set_descriptors=[aws.waf.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n)])\nwafrule = aws.waf.Rule(\"wafrule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.waf.RulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )],\n opts=pulumi.ResourceOptions(depends_on=[ipset]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ipset = new Aws.Waf.IpSet(\"ipset\", new Aws.Waf.IpSetArgs\n {\n IpSetDescriptors = \n {\n new Aws.Waf.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n var wafrule = new Aws.Waf.Rule(\"wafrule\", new Aws.Waf.RuleArgs\n {\n MetricName = \"tfWAFRule\",\n Predicates = \n {\n new Aws.Waf.Inputs.RulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n ipset,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := waf.NewIpSet(ctx, \"ipset\", &waf.IpSetArgs{\n\t\t\tIpSetDescriptors: waf.IpSetIpSetDescriptorArray{\n\t\t\t\t&waf.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = waf.NewRule(ctx, \"wafrule\", &waf.RuleArgs{\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: waf.RulePredicateArray{\n\t\t\t\t&waf.RulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tipset,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF rules can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:waf/rule:Rule example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF rule.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RulePredicate:RulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "metricName", + "name", + "tagsAll" + ], + "inputProperties": { + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RulePredicate:RulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "metricName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Rule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF rule.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule. The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RulePredicate:RulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:waf/ruleGroup:RuleGroup": { + "description": "Provides a WAF Rule Group Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRule = new aws.waf.Rule(\"exampleRule\", {metricName: \"example\"});\nconst exampleRuleGroup = new aws.waf.RuleGroup(\"exampleRuleGroup\", {\n metricName: \"example\",\n activatedRules: [{\n action: {\n type: \"COUNT\",\n },\n priority: 50,\n ruleId: exampleRule.id,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_rule = aws.waf.Rule(\"exampleRule\", metric_name=\"example\")\nexample_rule_group = aws.waf.RuleGroup(\"exampleRuleGroup\",\n metric_name=\"example\",\n activated_rules=[aws.waf.RuleGroupActivatedRuleArgs(\n action=aws.waf.RuleGroupActivatedRuleActionArgs(\n type=\"COUNT\",\n ),\n priority=50,\n rule_id=example_rule.id,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRule = new Aws.Waf.Rule(\"exampleRule\", new Aws.Waf.RuleArgs\n {\n MetricName = \"example\",\n });\n var exampleRuleGroup = new Aws.Waf.RuleGroup(\"exampleRuleGroup\", new Aws.Waf.RuleGroupArgs\n {\n MetricName = \"example\",\n ActivatedRules = \n {\n new Aws.Waf.Inputs.RuleGroupActivatedRuleArgs\n {\n Action = new Aws.Waf.Inputs.RuleGroupActivatedRuleActionArgs\n {\n Type = \"COUNT\",\n },\n Priority = 50,\n RuleId = exampleRule.Id,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRule, err := waf.NewRule(ctx, \"exampleRule\", &waf.RuleArgs{\n\t\t\tMetricName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = waf.NewRuleGroup(ctx, \"exampleRuleGroup\", &waf.RuleGroupArgs{\n\t\t\tMetricName: pulumi.String(\"example\"),\n\t\t\tActivatedRules: waf.RuleGroupActivatedRuleArray{\n\t\t\t\t&waf.RuleGroupActivatedRuleArgs{\n\t\t\t\t\tAction: &waf.RuleGroupActivatedRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"COUNT\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(50),\n\t\t\t\t\tRuleId: exampleRule.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Rule Group can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:waf/ruleGroup:RuleGroup example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "activatedRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RuleGroupActivatedRule:RuleGroupActivatedRule" + }, + "description": "A list of activated rules, see below\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the WAF rule group.\n" + }, + "metricName": { + "type": "string", + "description": "A friendly name for the metrics from the rule group\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the rule group\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "metricName", + "name", + "tagsAll" + ], + "inputProperties": { + "activatedRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RuleGroupActivatedRule:RuleGroupActivatedRule" + }, + "description": "A list of activated rules, see below\n" + }, + "metricName": { + "type": "string", + "description": "A friendly name for the metrics from the rule group\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the rule group\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "metricName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RuleGroup resources.\n", + "properties": { + "activatedRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/RuleGroupActivatedRule:RuleGroupActivatedRule" + }, + "description": "A list of activated rules, see below\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the WAF rule group.\n" + }, + "metricName": { + "type": "string", + "description": "A friendly name for the metrics from the rule group\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the rule group\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:waf/sizeConstraintSet:SizeConstraintSet": { + "description": "Provides a WAF Size Constraint Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sizeConstraintSet = new aws.waf.SizeConstraintSet(\"size_constraint_set\", {\n sizeConstraints: [{\n comparisonOperator: \"EQ\",\n fieldToMatch: {\n type: \"BODY\",\n },\n size: 4096,\n textTransformation: \"NONE\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsize_constraint_set = aws.waf.SizeConstraintSet(\"sizeConstraintSet\", size_constraints=[aws.waf.SizeConstraintSetSizeConstraintArgs(\n comparison_operator=\"EQ\",\n field_to_match=aws.waf.SizeConstraintSetSizeConstraintFieldToMatchArgs(\n type=\"BODY\",\n ),\n size=4096,\n text_transformation=\"NONE\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sizeConstraintSet = new Aws.Waf.SizeConstraintSet(\"sizeConstraintSet\", new Aws.Waf.SizeConstraintSetArgs\n {\n SizeConstraints = \n {\n new Aws.Waf.Inputs.SizeConstraintSetSizeConstraintArgs\n {\n ComparisonOperator = \"EQ\",\n FieldToMatch = new Aws.Waf.Inputs.SizeConstraintSetSizeConstraintFieldToMatchArgs\n {\n Type = \"BODY\",\n },\n Size = 4096,\n TextTransformation = \"NONE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.NewSizeConstraintSet(ctx, \"sizeConstraintSet\", &waf.SizeConstraintSetArgs{\n\t\t\tSizeConstraints: waf.SizeConstraintSetSizeConstraintArray{\n\t\t\t\t&waf.SizeConstraintSetSizeConstraintArgs{\n\t\t\t\t\tComparisonOperator: pulumi.String(\"EQ\"),\n\t\t\t\t\tFieldToMatch: &waf.SizeConstraintSetSizeConstraintFieldToMatchArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BODY\"),\n\t\t\t\t\t},\n\t\t\t\t\tSize: pulumi.Int(4096),\n\t\t\t\t\tTextTransformation: pulumi.String(\"NONE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS WAF Size Constraint Set can be imported using their ID, e.g.\n\n```sh\n $ pulumi import aws:waf/sizeConstraintSet:SizeConstraintSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Size Constraint Set.\n" + }, + "sizeConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/SizeConstraintSetSizeConstraint:SizeConstraintSetSizeConstraint" + }, + "description": "Specifies the parts of web requests that you want to inspect the size of.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name or description of the Size Constraint Set.\n" + }, + "sizeConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/SizeConstraintSetSizeConstraint:SizeConstraintSetSizeConstraint" + }, + "description": "Specifies the parts of web requests that you want to inspect the size of.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SizeConstraintSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Size Constraint Set.\n" + }, + "sizeConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/SizeConstraintSetSizeConstraint:SizeConstraintSetSizeConstraint" + }, + "description": "Specifies the parts of web requests that you want to inspect the size of.\n" + } + }, + "type": "object" + } + }, + "aws:waf/sqlInjectionMatchSet:SqlInjectionMatchSet": { + "description": "Provides a WAF SQL Injection Match Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sqlInjectionMatchSet = new aws.waf.SqlInjectionMatchSet(\"sql_injection_match_set\", {\n sqlInjectionMatchTuples: [{\n fieldToMatch: {\n type: \"QUERY_STRING\",\n },\n textTransformation: \"URL_DECODE\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsql_injection_match_set = aws.waf.SqlInjectionMatchSet(\"sqlInjectionMatchSet\", sql_injection_match_tuples=[aws.waf.SqlInjectionMatchSetSqlInjectionMatchTupleArgs(\n field_to_match=aws.waf.SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatchArgs(\n type=\"QUERY_STRING\",\n ),\n text_transformation=\"URL_DECODE\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sqlInjectionMatchSet = new Aws.Waf.SqlInjectionMatchSet(\"sqlInjectionMatchSet\", new Aws.Waf.SqlInjectionMatchSetArgs\n {\n SqlInjectionMatchTuples = \n {\n new Aws.Waf.Inputs.SqlInjectionMatchSetSqlInjectionMatchTupleArgs\n {\n FieldToMatch = new Aws.Waf.Inputs.SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatchArgs\n {\n Type = \"QUERY_STRING\",\n },\n TextTransformation = \"URL_DECODE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.NewSqlInjectionMatchSet(ctx, \"sqlInjectionMatchSet\", &waf.SqlInjectionMatchSetArgs{\n\t\t\tSqlInjectionMatchTuples: waf.SqlInjectionMatchSetSqlInjectionMatchTupleArray{\n\t\t\t\t&waf.SqlInjectionMatchSetSqlInjectionMatchTupleArgs{\n\t\t\t\t\tFieldToMatch: &waf.SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatchArgs{\n\t\t\t\t\t\tType: pulumi.String(\"QUERY_STRING\"),\n\t\t\t\t\t},\n\t\t\t\t\tTextTransformation: pulumi.String(\"URL_DECODE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS WAF SQL Injection Match Set can be imported using their ID, e.g.\n\n```sh\n $ pulumi import aws:waf/sqlInjectionMatchSet:SqlInjectionMatchSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name or description of the SQL Injection Match Set.\n" + }, + "sqlInjectionMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/SqlInjectionMatchSetSqlInjectionMatchTuple:SqlInjectionMatchSetSqlInjectionMatchTuple" + }, + "description": "The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.\n" + } + }, + "required": [ + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name or description of the SQL Injection Match Set.\n" + }, + "sqlInjectionMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/SqlInjectionMatchSetSqlInjectionMatchTuple:SqlInjectionMatchSetSqlInjectionMatchTuple" + }, + "description": "The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SqlInjectionMatchSet resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name or description of the SQL Injection Match Set.\n" + }, + "sqlInjectionMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/SqlInjectionMatchSetSqlInjectionMatchTuple:SqlInjectionMatchSetSqlInjectionMatchTuple" + }, + "description": "The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.\n" + } + }, + "type": "object" + } + }, + "aws:waf/webAcl:WebAcl": { + "description": "Provides a WAF Web ACL Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.waf.IpSet(\"ipset\", {ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n}]});\nconst wafrule = new aws.waf.Rule(\"wafrule\", {\n metricName: \"tfWAFRule\",\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n}, {\n dependsOn: [ipset],\n});\nconst wafAcl = new aws.waf.WebAcl(\"wafAcl\", {\n metricName: \"tfWebACL\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n action: {\n type: \"BLOCK\",\n },\n priority: 1,\n ruleId: wafrule.id,\n type: \"REGULAR\",\n }],\n}, {\n dependsOn: [\n ipset,\n wafrule,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.waf.IpSet(\"ipset\", ip_set_descriptors=[aws.waf.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n)])\nwafrule = aws.waf.Rule(\"wafrule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.waf.RulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )],\n opts=pulumi.ResourceOptions(depends_on=[ipset]))\nwaf_acl = aws.waf.WebAcl(\"wafAcl\",\n metric_name=\"tfWebACL\",\n default_action=aws.waf.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.waf.WebAclRuleArgs(\n action=aws.waf.WebAclRuleActionArgs(\n type=\"BLOCK\",\n ),\n priority=1,\n rule_id=wafrule.id,\n type=\"REGULAR\",\n )],\n opts=pulumi.ResourceOptions(depends_on=[\n ipset,\n wafrule,\n ]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ipset = new Aws.Waf.IpSet(\"ipset\", new Aws.Waf.IpSetArgs\n {\n IpSetDescriptors = \n {\n new Aws.Waf.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n var wafrule = new Aws.Waf.Rule(\"wafrule\", new Aws.Waf.RuleArgs\n {\n MetricName = \"tfWAFRule\",\n Predicates = \n {\n new Aws.Waf.Inputs.RulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n ipset,\n },\n });\n var wafAcl = new Aws.Waf.WebAcl(\"wafAcl\", new Aws.Waf.WebAclArgs\n {\n MetricName = \"tfWebACL\",\n DefaultAction = new Aws.Waf.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = \n {\n new Aws.Waf.Inputs.WebAclRuleArgs\n {\n Action = new Aws.Waf.Inputs.WebAclRuleActionArgs\n {\n Type = \"BLOCK\",\n },\n Priority = 1,\n RuleId = wafrule.Id,\n Type = \"REGULAR\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n ipset,\n wafrule,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := waf.NewIpSet(ctx, \"ipset\", &waf.IpSetArgs{\n\t\t\tIpSetDescriptors: waf.IpSetIpSetDescriptorArray{\n\t\t\t\t&waf.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twafrule, err := waf.NewRule(ctx, \"wafrule\", &waf.RuleArgs{\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: waf.RulePredicateArray{\n\t\t\t\t&waf.RulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tipset,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = waf.NewWebAcl(ctx, \"wafAcl\", &waf.WebAclArgs{\n\t\t\tMetricName: pulumi.String(\"tfWebACL\"),\n\t\t\tDefaultAction: &waf.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: waf.WebAclRuleArray{\n\t\t\t\t&waf.WebAclRuleArgs{\n\t\t\t\t\tAction: &waf.WebAclRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BLOCK\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: wafrule.ID(),\n\t\t\t\t\tType: pulumi.String(\"REGULAR\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tipset,\n\t\t\twafrule,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Logging\n\n> *NOTE:* The Kinesis Firehose Delivery Stream name must begin with `aws-waf-logs-` and be located in `us-east-1` region. See the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) for more information about enabling WAF logging.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.waf.WebAcl(\"example\", {loggingConfiguration: {\n logDestination: aws_kinesis_firehose_delivery_stream.example.arn,\n redactedFields: {\n fieldToMatches: [\n {\n type: \"URI\",\n },\n {\n data: \"referer\",\n type: \"HEADER\",\n },\n ],\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.waf.WebAcl(\"example\", logging_configuration=aws.waf.WebAclLoggingConfigurationArgs(\n log_destination=aws_kinesis_firehose_delivery_stream[\"example\"][\"arn\"],\n redacted_fields=aws.waf.WebAclLoggingConfigurationRedactedFieldsArgs(\n field_to_matches=[\n aws.waf.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(\n type=\"URI\",\n ),\n aws.waf.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(\n data=\"referer\",\n type=\"HEADER\",\n ),\n ],\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Waf.WebAcl(\"example\", new Aws.Waf.WebAclArgs\n {\n LoggingConfiguration = new Aws.Waf.Inputs.WebAclLoggingConfigurationArgs\n {\n LogDestination = aws_kinesis_firehose_delivery_stream.Example.Arn,\n RedactedFields = new Aws.Waf.Inputs.WebAclLoggingConfigurationRedactedFieldsArgs\n {\n FieldToMatches = \n {\n new Aws.Waf.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs\n {\n Type = \"URI\",\n },\n new Aws.Waf.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs\n {\n Data = \"referer\",\n Type = \"HEADER\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.NewWebAcl(ctx, \"example\", &waf.WebAclArgs{\n\t\t\tLoggingConfiguration: &waf.WebAclLoggingConfigurationArgs{\n\t\t\t\tLogDestination: pulumi.Any(aws_kinesis_firehose_delivery_stream.Example.Arn),\n\t\t\t\tRedactedFields: &waf.WebAclLoggingConfigurationRedactedFieldsArgs{\n\t\t\t\t\tFieldToMatches: waf.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArray{\n\t\t\t\t\t\t&waf.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"URI\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&waf.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{\n\t\t\t\t\t\t\tData: pulumi.String(\"referer\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"HEADER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Web ACL can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:waf/webAcl:WebAcl main 0c8e583e-18f3-4c13-9e2a-67c4805d2f94\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF WebACL.\n" + }, + "defaultAction": { + "$ref": "#/types/aws:waf/WebAclDefaultAction:WebAclDefaultAction", + "description": "Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:waf/WebAclLoggingConfiguration:WebAclLoggingConfiguration", + "description": "Configuration block to enable WAF logging. Detailed below.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this web ACL.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the web ACL.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/WebAclRule:WebAclRule" + }, + "description": "Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "defaultAction", + "metricName", + "name", + "tagsAll" + ], + "inputProperties": { + "defaultAction": { + "$ref": "#/types/aws:waf/WebAclDefaultAction:WebAclDefaultAction", + "description": "Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:waf/WebAclLoggingConfiguration:WebAclLoggingConfiguration", + "description": "Configuration block to enable WAF logging. Detailed below.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this web ACL.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the web ACL.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/WebAclRule:WebAclRule" + }, + "description": "Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "defaultAction", + "metricName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering WebAcl resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF WebACL.\n" + }, + "defaultAction": { + "$ref": "#/types/aws:waf/WebAclDefaultAction:WebAclDefaultAction", + "description": "Configuration block with action that you want AWS WAF to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL. Detailed below.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:waf/WebAclLoggingConfiguration:WebAclLoggingConfiguration", + "description": "Configuration block to enable WAF logging. Detailed below.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this web ACL.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the web ACL.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/WebAclRule:WebAclRule" + }, + "description": "Configuration blocks containing rules to associate with the web ACL and the settings for each rule. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:waf/xssMatchSet:XssMatchSet": { + "description": "Provides a WAF XSS Match Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst xssMatchSet = new aws.waf.XssMatchSet(\"xss_match_set\", {\n xssMatchTuples: [\n {\n fieldToMatch: {\n type: \"URI\",\n },\n textTransformation: \"NONE\",\n },\n {\n fieldToMatch: {\n type: \"QUERY_STRING\",\n },\n textTransformation: \"NONE\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nxss_match_set = aws.waf.XssMatchSet(\"xssMatchSet\", xss_match_tuples=[\n aws.waf.XssMatchSetXssMatchTupleArgs(\n field_to_match=aws.waf.XssMatchSetXssMatchTupleFieldToMatchArgs(\n type=\"URI\",\n ),\n text_transformation=\"NONE\",\n ),\n aws.waf.XssMatchSetXssMatchTupleArgs(\n field_to_match=aws.waf.XssMatchSetXssMatchTupleFieldToMatchArgs(\n type=\"QUERY_STRING\",\n ),\n text_transformation=\"NONE\",\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var xssMatchSet = new Aws.Waf.XssMatchSet(\"xssMatchSet\", new Aws.Waf.XssMatchSetArgs\n {\n XssMatchTuples = \n {\n new Aws.Waf.Inputs.XssMatchSetXssMatchTupleArgs\n {\n FieldToMatch = new Aws.Waf.Inputs.XssMatchSetXssMatchTupleFieldToMatchArgs\n {\n Type = \"URI\",\n },\n TextTransformation = \"NONE\",\n },\n new Aws.Waf.Inputs.XssMatchSetXssMatchTupleArgs\n {\n FieldToMatch = new Aws.Waf.Inputs.XssMatchSetXssMatchTupleFieldToMatchArgs\n {\n Type = \"QUERY_STRING\",\n },\n TextTransformation = \"NONE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.NewXssMatchSet(ctx, \"xssMatchSet\", &waf.XssMatchSetArgs{\n\t\t\tXssMatchTuples: waf.XssMatchSetXssMatchTupleArray{\n\t\t\t\t&waf.XssMatchSetXssMatchTupleArgs{\n\t\t\t\t\tFieldToMatch: &waf.XssMatchSetXssMatchTupleFieldToMatchArgs{\n\t\t\t\t\t\tType: pulumi.String(\"URI\"),\n\t\t\t\t\t},\n\t\t\t\t\tTextTransformation: pulumi.String(\"NONE\"),\n\t\t\t\t},\n\t\t\t\t&waf.XssMatchSetXssMatchTupleArgs{\n\t\t\t\t\tFieldToMatch: &waf.XssMatchSetXssMatchTupleFieldToMatchArgs{\n\t\t\t\t\t\tType: pulumi.String(\"QUERY_STRING\"),\n\t\t\t\t\t},\n\t\t\t\t\tTextTransformation: pulumi.String(\"NONE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF XSS Match Set can be imported using their ID, e.g.\n\n```sh\n $ pulumi import aws:waf/xssMatchSet:XssMatchSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "name": { + "type": "string", + "description": "The name or description of the SizeConstraintSet.\n" + }, + "xssMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/XssMatchSetXssMatchTuple:XssMatchSetXssMatchTuple" + }, + "description": "The parts of web requests that you want to inspect for cross-site scripting attacks.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name or description of the SizeConstraintSet.\n" + }, + "xssMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/XssMatchSetXssMatchTuple:XssMatchSetXssMatchTuple" + }, + "description": "The parts of web requests that you want to inspect for cross-site scripting attacks.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering XssMatchSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN)\n" + }, + "name": { + "type": "string", + "description": "The name or description of the SizeConstraintSet.\n" + }, + "xssMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:waf/XssMatchSetXssMatchTuple:XssMatchSetXssMatchTuple" + }, + "description": "The parts of web requests that you want to inspect for cross-site scripting attacks.\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/byteMatchSet:ByteMatchSet": { + "description": "Provides a WAF Regional Byte Match Set Resource for use with Application Load Balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byteSet = new aws.wafregional.ByteMatchSet(\"byte_set\", {\n byteMatchTuples: [{\n fieldToMatch: {\n data: \"referer\",\n type: \"HEADER\",\n },\n positionalConstraint: \"CONTAINS\",\n targetString: \"badrefer1\",\n textTransformation: \"NONE\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbyte_set = aws.wafregional.ByteMatchSet(\"byteSet\", byte_match_tuples=[aws.wafregional.ByteMatchSetByteMatchTupleArgs(\n field_to_match=aws.wafregional.ByteMatchSetByteMatchTupleFieldToMatchArgs(\n data=\"referer\",\n type=\"HEADER\",\n ),\n positional_constraint=\"CONTAINS\",\n target_string=\"badrefer1\",\n text_transformation=\"NONE\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byteSet = new Aws.WafRegional.ByteMatchSet(\"byteSet\", new Aws.WafRegional.ByteMatchSetArgs\n {\n ByteMatchTuples = \n {\n new Aws.WafRegional.Inputs.ByteMatchSetByteMatchTupleArgs\n {\n FieldToMatch = new Aws.WafRegional.Inputs.ByteMatchSetByteMatchTupleFieldToMatchArgs\n {\n Data = \"referer\",\n Type = \"HEADER\",\n },\n PositionalConstraint = \"CONTAINS\",\n TargetString = \"badrefer1\",\n TextTransformation = \"NONE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewByteMatchSet(ctx, \"byteSet\", &wafregional.ByteMatchSetArgs{\n\t\t\tByteMatchTuples: wafregional.ByteMatchSetByteMatchTupleArray{\n\t\t\t\t&wafregional.ByteMatchSetByteMatchTupleArgs{\n\t\t\t\t\tFieldToMatch: &wafregional.ByteMatchSetByteMatchTupleFieldToMatchArgs{\n\t\t\t\t\t\tData: pulumi.String(\"referer\"),\n\t\t\t\t\t\tType: pulumi.String(\"HEADER\"),\n\t\t\t\t\t},\n\t\t\t\t\tPositionalConstraint: pulumi.String(\"CONTAINS\"),\n\t\t\t\t\tTargetString: pulumi.String(\"badrefer1\"),\n\t\t\t\t\tTextTransformation: pulumi.String(\"NONE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regional Byte Match Set can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:wafregional/byteMatchSet:ByteMatchSet byte_set a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "byteMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/ByteMatchSetByteMatchTuple:ByteMatchSetByteMatchTuple" + }, + "description": "Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests. ByteMatchTuple documented below.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the ByteMatchSet.\n" + } + }, + "required": [ + "name" + ], + "inputProperties": { + "byteMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/ByteMatchSetByteMatchTuple:ByteMatchSetByteMatchTuple" + }, + "description": "Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests. ByteMatchTuple documented below.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the ByteMatchSet.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering ByteMatchSet resources.\n", + "properties": { + "byteMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/ByteMatchSetByteMatchTuple:ByteMatchSetByteMatchTuple" + }, + "description": "Settings for the ByteMatchSet, such as the bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests. ByteMatchTuple documented below.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the ByteMatchSet.\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/geoMatchSet:GeoMatchSet": { + "description": "Provides a WAF Regional Geo Match Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst geoMatchSet = new aws.wafregional.GeoMatchSet(\"geo_match_set\", {\n geoMatchConstraints: [\n {\n type: \"Country\",\n value: \"US\",\n },\n {\n type: \"Country\",\n value: \"CA\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngeo_match_set = aws.wafregional.GeoMatchSet(\"geoMatchSet\", geo_match_constraints=[\n aws.wafregional.GeoMatchSetGeoMatchConstraintArgs(\n type=\"Country\",\n value=\"US\",\n ),\n aws.wafregional.GeoMatchSetGeoMatchConstraintArgs(\n type=\"Country\",\n value=\"CA\",\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var geoMatchSet = new Aws.WafRegional.GeoMatchSet(\"geoMatchSet\", new Aws.WafRegional.GeoMatchSetArgs\n {\n GeoMatchConstraints = \n {\n new Aws.WafRegional.Inputs.GeoMatchSetGeoMatchConstraintArgs\n {\n Type = \"Country\",\n Value = \"US\",\n },\n new Aws.WafRegional.Inputs.GeoMatchSetGeoMatchConstraintArgs\n {\n Type = \"Country\",\n Value = \"CA\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewGeoMatchSet(ctx, \"geoMatchSet\", &wafregional.GeoMatchSetArgs{\n\t\t\tGeoMatchConstraints: wafregional.GeoMatchSetGeoMatchConstraintArray{\n\t\t\t\t&wafregional.GeoMatchSetGeoMatchConstraintArgs{\n\t\t\t\t\tType: pulumi.String(\"Country\"),\n\t\t\t\t\tValue: pulumi.String(\"US\"),\n\t\t\t\t},\n\t\t\t\t&wafregional.GeoMatchSetGeoMatchConstraintArgs{\n\t\t\t\t\tType: pulumi.String(\"Country\"),\n\t\t\t\t\tValue: pulumi.String(\"CA\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regional Geo Match Set can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:wafregional/geoMatchSet:GeoMatchSet geo_match_set a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "geoMatchConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/GeoMatchSetGeoMatchConstraint:GeoMatchSetGeoMatchConstraint" + }, + "description": "The Geo Match Constraint objects which contain the country that you want AWS WAF to search for.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Geo Match Set.\n" + } + }, + "required": [ + "name" + ], + "inputProperties": { + "geoMatchConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/GeoMatchSetGeoMatchConstraint:GeoMatchSetGeoMatchConstraint" + }, + "description": "The Geo Match Constraint objects which contain the country that you want AWS WAF to search for.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Geo Match Set.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering GeoMatchSet resources.\n", + "properties": { + "geoMatchConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/GeoMatchSetGeoMatchConstraint:GeoMatchSetGeoMatchConstraint" + }, + "description": "The Geo Match Constraint objects which contain the country that you want AWS WAF to search for.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the Geo Match Set.\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/ipSet:IpSet": { + "description": "Provides a WAF Regional IPSet Resource for use with Application Load Balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {\n ipSetDescriptors: [\n {\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n },\n {\n type: \"IPV4\",\n value: \"10.16.16.0/16\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.wafregional.IpSet(\"ipset\", ip_set_descriptors=[\n aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n ),\n aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"10.16.16.0/16\",\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new Aws.WafRegional.IpSetArgs\n {\n IpSetDescriptors = \n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"10.16.16.0/16\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewIpSet(ctx, \"ipset\", &wafregional.IpSetArgs{\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t&wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t\t&wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"10.16.16.0/16\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regional IPSets can be imported using their ID, e.g.\n\n```sh\n $ pulumi import aws:wafregional/ipSet:IpSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF IPSet.\n" + }, + "ipSetDescriptors": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/IpSetIpSetDescriptor:IpSetIpSetDescriptor" + }, + "description": "One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) from which web requests originate.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the IPSet.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "ipSetDescriptors": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/IpSetIpSetDescriptor:IpSetIpSetDescriptor" + }, + "description": "One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) from which web requests originate.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the IPSet.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering IpSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF IPSet.\n" + }, + "ipSetDescriptors": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/IpSetIpSetDescriptor:IpSetIpSetDescriptor" + }, + "description": "One or more pairs specifying the IP address type (IPV4 or IPV6) and the IP address range (in CIDR notation) from which web requests originate.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the IPSet.\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/rateBasedRule:RateBasedRule": { + "description": "Provides a WAF Rate Based Rule Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n}]});\nconst wafrule = new aws.wafregional.RateBasedRule(\"wafrule\", {\n metricName: \"tfWAFRule\",\n rateKey: \"IP\",\n rateLimit: 100,\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n}, {\n dependsOn: [ipset],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.wafregional.IpSet(\"ipset\", ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n)])\nwafrule = aws.wafregional.RateBasedRule(\"wafrule\",\n metric_name=\"tfWAFRule\",\n rate_key=\"IP\",\n rate_limit=100,\n predicates=[aws.wafregional.RateBasedRulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )],\n opts=pulumi.ResourceOptions(depends_on=[ipset]))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new Aws.WafRegional.IpSetArgs\n {\n IpSetDescriptors = \n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n var wafrule = new Aws.WafRegional.RateBasedRule(\"wafrule\", new Aws.WafRegional.RateBasedRuleArgs\n {\n MetricName = \"tfWAFRule\",\n RateKey = \"IP\",\n RateLimit = 100,\n Predicates = \n {\n new Aws.WafRegional.Inputs.RateBasedRulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n ipset,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := wafregional.NewIpSet(ctx, \"ipset\", &wafregional.IpSetArgs{\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t&wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewRateBasedRule(ctx, \"wafrule\", &wafregional.RateBasedRuleArgs{\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tRateKey: pulumi.String(\"IP\"),\n\t\t\tRateLimit: pulumi.Int(100),\n\t\t\tPredicates: wafregional.RateBasedRulePredicateArray{\n\t\t\t\t&wafregional.RateBasedRulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tipset,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regional Rate Based Rule can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:wafregional/rateBasedRule:RateBasedRule wafrule a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF Regional Rate Based Rule.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RateBasedRulePredicate:RateBasedRulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "rateKey": { + "type": "string", + "description": "Valid value is IP.\n" + }, + "rateLimit": { + "type": "integer", + "description": "The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "metricName", + "name", + "rateKey", + "rateLimit", + "tagsAll" + ], + "inputProperties": { + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RateBasedRulePredicate:RateBasedRulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "rateKey": { + "type": "string", + "description": "Valid value is IP.\n" + }, + "rateLimit": { + "type": "integer", + "description": "The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "metricName", + "rateKey", + "rateLimit" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RateBasedRule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF Regional Rate Based Rule.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RateBasedRulePredicate:RateBasedRulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "rateKey": { + "type": "string", + "description": "Valid value is IP.\n" + }, + "rateLimit": { + "type": "integer", + "description": "The maximum number of requests, which have an identical value in the field specified by the RateKey, allowed in a five-minute period. Minimum value is 100.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/regexMatchSet:RegexMatchSet": { + "description": "Provides a WAF Regional Regex Match Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRegexPatternSet = new aws.wafregional.RegexPatternSet(\"exampleRegexPatternSet\", {regexPatternStrings: [\n \"one\",\n \"two\",\n]});\nconst exampleRegexMatchSet = new aws.wafregional.RegexMatchSet(\"exampleRegexMatchSet\", {regexMatchTuples: [{\n fieldToMatch: {\n data: \"User-Agent\",\n type: \"HEADER\",\n },\n regexPatternSetId: exampleRegexPatternSet.id,\n textTransformation: \"NONE\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_regex_pattern_set = aws.wafregional.RegexPatternSet(\"exampleRegexPatternSet\", regex_pattern_strings=[\n \"one\",\n \"two\",\n])\nexample_regex_match_set = aws.wafregional.RegexMatchSet(\"exampleRegexMatchSet\", regex_match_tuples=[aws.wafregional.RegexMatchSetRegexMatchTupleArgs(\n field_to_match=aws.wafregional.RegexMatchSetRegexMatchTupleFieldToMatchArgs(\n data=\"User-Agent\",\n type=\"HEADER\",\n ),\n regex_pattern_set_id=example_regex_pattern_set.id,\n text_transformation=\"NONE\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRegexPatternSet = new Aws.WafRegional.RegexPatternSet(\"exampleRegexPatternSet\", new Aws.WafRegional.RegexPatternSetArgs\n {\n RegexPatternStrings = \n {\n \"one\",\n \"two\",\n },\n });\n var exampleRegexMatchSet = new Aws.WafRegional.RegexMatchSet(\"exampleRegexMatchSet\", new Aws.WafRegional.RegexMatchSetArgs\n {\n RegexMatchTuples = \n {\n new Aws.WafRegional.Inputs.RegexMatchSetRegexMatchTupleArgs\n {\n FieldToMatch = new Aws.WafRegional.Inputs.RegexMatchSetRegexMatchTupleFieldToMatchArgs\n {\n Data = \"User-Agent\",\n Type = \"HEADER\",\n },\n RegexPatternSetId = exampleRegexPatternSet.Id,\n TextTransformation = \"NONE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRegexPatternSet, err := wafregional.NewRegexPatternSet(ctx, \"exampleRegexPatternSet\", &wafregional.RegexPatternSetArgs{\n\t\t\tRegexPatternStrings: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"one\"),\n\t\t\t\tpulumi.String(\"two\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewRegexMatchSet(ctx, \"exampleRegexMatchSet\", &wafregional.RegexMatchSetArgs{\n\t\t\tRegexMatchTuples: wafregional.RegexMatchSetRegexMatchTupleArray{\n\t\t\t\t&wafregional.RegexMatchSetRegexMatchTupleArgs{\n\t\t\t\t\tFieldToMatch: &wafregional.RegexMatchSetRegexMatchTupleFieldToMatchArgs{\n\t\t\t\t\t\tData: pulumi.String(\"User-Agent\"),\n\t\t\t\t\t\tType: pulumi.String(\"HEADER\"),\n\t\t\t\t\t},\n\t\t\t\t\tRegexPatternSetId: exampleRegexPatternSet.ID(),\n\t\t\t\t\tTextTransformation: pulumi.String(\"NONE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regional Regex Match Set can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:wafregional/regexMatchSet:RegexMatchSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name or description of the Regex Match Set.\n" + }, + "regexMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RegexMatchSetRegexMatchTuple:RegexMatchSetRegexMatchTuple" + }, + "description": "The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.\n" + } + }, + "required": [ + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name or description of the Regex Match Set.\n" + }, + "regexMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RegexMatchSetRegexMatchTuple:RegexMatchSetRegexMatchTuple" + }, + "description": "The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering RegexMatchSet resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name or description of the Regex Match Set.\n" + }, + "regexMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RegexMatchSetRegexMatchTuple:RegexMatchSetRegexMatchTuple" + }, + "description": "The regular expression pattern that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings. See below.\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/regexPatternSet:RegexPatternSet": { + "description": "Provides a WAF Regional Regex Pattern Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafregional.RegexPatternSet(\"example\", {\n regexPatternStrings: [\n \"one\",\n \"two\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafregional.RegexPatternSet(\"example\", regex_pattern_strings=[\n \"one\",\n \"two\",\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafRegional.RegexPatternSet(\"example\", new Aws.WafRegional.RegexPatternSetArgs\n {\n RegexPatternStrings = \n {\n \"one\",\n \"two\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewRegexPatternSet(ctx, \"example\", &wafregional.RegexPatternSetArgs{\n\t\t\tRegexPatternStrings: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"one\"),\n\t\t\t\tpulumi.String(\"two\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regional Regex Pattern Set can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:wafregional/regexPatternSet:RegexPatternSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name or description of the Regex Pattern Set.\n" + }, + "regexPatternStrings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of regular expression (regex) patterns that you want AWS WAF to search for, such as `B[a@]dB[o0]t`.\n" + } + }, + "required": [ + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name or description of the Regex Pattern Set.\n" + }, + "regexPatternStrings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of regular expression (regex) patterns that you want AWS WAF to search for, such as `B[a@]dB[o0]t`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering RegexPatternSet resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name or description of the Regex Pattern Set.\n" + }, + "regexPatternStrings": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of regular expression (regex) patterns that you want AWS WAF to search for, such as `B[a@]dB[o0]t`.\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/rule:Rule": { + "description": "Provides an WAF Regional Rule Resource for use with Application Load Balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n}]});\nconst wafrule = new aws.wafregional.Rule(\"wafrule\", {\n metricName: \"tfWAFRule\",\n predicates: [{\n type: \"IPMatch\",\n dataId: ipset.id,\n negated: false,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.wafregional.IpSet(\"ipset\", ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n)])\nwafrule = aws.wafregional.Rule(\"wafrule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.wafregional.RulePredicateArgs(\n type=\"IPMatch\",\n data_id=ipset.id,\n negated=False,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new Aws.WafRegional.IpSetArgs\n {\n IpSetDescriptors = \n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n var wafrule = new Aws.WafRegional.Rule(\"wafrule\", new Aws.WafRegional.RuleArgs\n {\n MetricName = \"tfWAFRule\",\n Predicates = \n {\n new Aws.WafRegional.Inputs.RulePredicateArgs\n {\n Type = \"IPMatch\",\n DataId = ipset.Id,\n Negated = false,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := wafregional.NewIpSet(ctx, \"ipset\", &wafregional.IpSetArgs{\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t&wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewRule(ctx, \"wafrule\", &wafregional.RuleArgs{\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: wafregional.RulePredicateArray{\n\t\t\t\t&wafregional.RulePredicateArgs{\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Nested Fields\n\n### `predicate`\n\nSee the [WAF Documentation](https://docs.aws.amazon.com/waf/latest/APIReference/API_Predicate.html) for more information.\n\n#### Arguments\n\n* `type` - (Required) The type of predicate in a rule. Valid values: `ByteMatch`, `GeoMatch`, `IPMatch`, `RegexMatch`, `SizeConstraint`, `SqlInjectionMatch`, or `XssMatch`\n* `data_id` - (Required) The unique identifier of a predicate, such as the ID of a `ByteMatchSet` or `IPSet`.\n* `negated` - (Required) Whether to use the settings or the negated settings that you specified in the objects.\n\n\n## Import\n\nWAF Regional Rule can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:wafregional/rule:Rule wafrule a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF Regional Rule.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RulePredicate:RulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "metricName", + "name", + "tagsAll" + ], + "inputProperties": { + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RulePredicate:RulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "metricName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Rule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the WAF Regional Rule.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this rule.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the rule.\n" + }, + "predicates": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RulePredicate:RulePredicate" + }, + "description": "The objects to include in a rule (documented below).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/ruleGroup:RuleGroup": { + "description": "Provides a WAF Regional Rule Group Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleRule = new aws.wafregional.Rule(\"exampleRule\", {metricName: \"example\"});\nconst exampleRuleGroup = new aws.wafregional.RuleGroup(\"exampleRuleGroup\", {\n metricName: \"example\",\n activatedRules: [{\n action: {\n type: \"COUNT\",\n },\n priority: 50,\n ruleId: exampleRule.id,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_rule = aws.wafregional.Rule(\"exampleRule\", metric_name=\"example\")\nexample_rule_group = aws.wafregional.RuleGroup(\"exampleRuleGroup\",\n metric_name=\"example\",\n activated_rules=[aws.wafregional.RuleGroupActivatedRuleArgs(\n action=aws.wafregional.RuleGroupActivatedRuleActionArgs(\n type=\"COUNT\",\n ),\n priority=50,\n rule_id=example_rule.id,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleRule = new Aws.WafRegional.Rule(\"exampleRule\", new Aws.WafRegional.RuleArgs\n {\n MetricName = \"example\",\n });\n var exampleRuleGroup = new Aws.WafRegional.RuleGroup(\"exampleRuleGroup\", new Aws.WafRegional.RuleGroupArgs\n {\n MetricName = \"example\",\n ActivatedRules = \n {\n new Aws.WafRegional.Inputs.RuleGroupActivatedRuleArgs\n {\n Action = new Aws.WafRegional.Inputs.RuleGroupActivatedRuleActionArgs\n {\n Type = \"COUNT\",\n },\n Priority = 50,\n RuleId = exampleRule.Id,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleRule, err := wafregional.NewRule(ctx, \"exampleRule\", &wafregional.RuleArgs{\n\t\t\tMetricName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewRuleGroup(ctx, \"exampleRuleGroup\", &wafregional.RuleGroupArgs{\n\t\t\tMetricName: pulumi.String(\"example\"),\n\t\t\tActivatedRules: wafregional.RuleGroupActivatedRuleArray{\n\t\t\t\t&wafregional.RuleGroupActivatedRuleArgs{\n\t\t\t\t\tAction: &wafregional.RuleGroupActivatedRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"COUNT\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(50),\n\t\t\t\t\tRuleId: exampleRule.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regional Rule Group can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:wafregional/ruleGroup:RuleGroup example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "activatedRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RuleGroupActivatedRule:RuleGroupActivatedRule" + }, + "description": "A list of activated rules, see below\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the WAF Regional Rule Group.\n" + }, + "metricName": { + "type": "string", + "description": "A friendly name for the metrics from the rule group\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the rule group\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "metricName", + "name", + "tagsAll" + ], + "inputProperties": { + "activatedRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RuleGroupActivatedRule:RuleGroupActivatedRule" + }, + "description": "A list of activated rules, see below\n" + }, + "metricName": { + "type": "string", + "description": "A friendly name for the metrics from the rule group\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the rule group\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "metricName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RuleGroup resources.\n", + "properties": { + "activatedRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/RuleGroupActivatedRule:RuleGroupActivatedRule" + }, + "description": "A list of activated rules, see below\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the WAF Regional Rule Group.\n" + }, + "metricName": { + "type": "string", + "description": "A friendly name for the metrics from the rule group\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the rule group\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/sizeConstraintSet:SizeConstraintSet": { + "description": "Provides a WAF Regional Size Constraint Set Resource for use with Application Load Balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sizeConstraintSet = new aws.wafregional.SizeConstraintSet(\"size_constraint_set\", {\n sizeConstraints: [{\n comparisonOperator: \"EQ\",\n fieldToMatch: {\n type: \"BODY\",\n },\n size: 4096,\n textTransformation: \"NONE\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsize_constraint_set = aws.wafregional.SizeConstraintSet(\"sizeConstraintSet\", size_constraints=[aws.wafregional.SizeConstraintSetSizeConstraintArgs(\n comparison_operator=\"EQ\",\n field_to_match=aws.wafregional.SizeConstraintSetSizeConstraintFieldToMatchArgs(\n type=\"BODY\",\n ),\n size=4096,\n text_transformation=\"NONE\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sizeConstraintSet = new Aws.WafRegional.SizeConstraintSet(\"sizeConstraintSet\", new Aws.WafRegional.SizeConstraintSetArgs\n {\n SizeConstraints = \n {\n new Aws.WafRegional.Inputs.SizeConstraintSetSizeConstraintArgs\n {\n ComparisonOperator = \"EQ\",\n FieldToMatch = new Aws.WafRegional.Inputs.SizeConstraintSetSizeConstraintFieldToMatchArgs\n {\n Type = \"BODY\",\n },\n Size = 4096,\n TextTransformation = \"NONE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewSizeConstraintSet(ctx, \"sizeConstraintSet\", &wafregional.SizeConstraintSetArgs{\n\t\t\tSizeConstraints: wafregional.SizeConstraintSetSizeConstraintArray{\n\t\t\t\t&wafregional.SizeConstraintSetSizeConstraintArgs{\n\t\t\t\t\tComparisonOperator: pulumi.String(\"EQ\"),\n\t\t\t\t\tFieldToMatch: &wafregional.SizeConstraintSetSizeConstraintFieldToMatchArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BODY\"),\n\t\t\t\t\t},\n\t\t\t\t\tSize: pulumi.Int(4096),\n\t\t\t\t\tTextTransformation: pulumi.String(\"NONE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Size Constraint Set can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:wafregional/sizeConstraintSet:SizeConstraintSet size_constraint_set a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string" + }, + "name": { + "type": "string", + "description": "The name or description of the Size Constraint Set.\n" + }, + "sizeConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/SizeConstraintSetSizeConstraint:SizeConstraintSetSizeConstraint" + }, + "description": "Specifies the parts of web requests that you want to inspect the size of.\n" + } + }, + "required": [ + "arn", + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name or description of the Size Constraint Set.\n" + }, + "sizeConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/SizeConstraintSetSizeConstraint:SizeConstraintSetSizeConstraint" + }, + "description": "Specifies the parts of web requests that you want to inspect the size of.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SizeConstraintSet resources.\n", + "properties": { + "arn": { + "type": "string" + }, + "name": { + "type": "string", + "description": "The name or description of the Size Constraint Set.\n" + }, + "sizeConstraints": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/SizeConstraintSetSizeConstraint:SizeConstraintSetSizeConstraint" + }, + "description": "Specifies the parts of web requests that you want to inspect the size of.\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/sqlInjectionMatchSet:SqlInjectionMatchSet": { + "description": "Provides a WAF Regional SQL Injection Match Set Resource for use with Application Load Balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sqlInjectionMatchSet = new aws.wafregional.SqlInjectionMatchSet(\"sql_injection_match_set\", {\n sqlInjectionMatchTuples: [{\n fieldToMatch: {\n type: \"QUERY_STRING\",\n },\n textTransformation: \"URL_DECODE\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsql_injection_match_set = aws.wafregional.SqlInjectionMatchSet(\"sqlInjectionMatchSet\", sql_injection_match_tuples=[aws.wafregional.SqlInjectionMatchSetSqlInjectionMatchTupleArgs(\n field_to_match=aws.wafregional.SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatchArgs(\n type=\"QUERY_STRING\",\n ),\n text_transformation=\"URL_DECODE\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sqlInjectionMatchSet = new Aws.WafRegional.SqlInjectionMatchSet(\"sqlInjectionMatchSet\", new Aws.WafRegional.SqlInjectionMatchSetArgs\n {\n SqlInjectionMatchTuples = \n {\n new Aws.WafRegional.Inputs.SqlInjectionMatchSetSqlInjectionMatchTupleArgs\n {\n FieldToMatch = new Aws.WafRegional.Inputs.SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatchArgs\n {\n Type = \"QUERY_STRING\",\n },\n TextTransformation = \"URL_DECODE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewSqlInjectionMatchSet(ctx, \"sqlInjectionMatchSet\", &wafregional.SqlInjectionMatchSetArgs{\n\t\t\tSqlInjectionMatchTuples: wafregional.SqlInjectionMatchSetSqlInjectionMatchTupleArray{\n\t\t\t\t&wafregional.SqlInjectionMatchSetSqlInjectionMatchTupleArgs{\n\t\t\t\t\tFieldToMatch: &wafregional.SqlInjectionMatchSetSqlInjectionMatchTupleFieldToMatchArgs{\n\t\t\t\t\t\tType: pulumi.String(\"QUERY_STRING\"),\n\t\t\t\t\t},\n\t\t\t\t\tTextTransformation: pulumi.String(\"URL_DECODE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regional Sql Injection Match Set can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:wafregional/sqlInjectionMatchSet:SqlInjectionMatchSet sql_injection_match_set a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name or description of the SizeConstraintSet.\n" + }, + "sqlInjectionMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/SqlInjectionMatchSetSqlInjectionMatchTuple:SqlInjectionMatchSetSqlInjectionMatchTuple" + }, + "description": "The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.\n" + } + }, + "required": [ + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name or description of the SizeConstraintSet.\n" + }, + "sqlInjectionMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/SqlInjectionMatchSetSqlInjectionMatchTuple:SqlInjectionMatchSetSqlInjectionMatchTuple" + }, + "description": "The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering SqlInjectionMatchSet resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name or description of the SizeConstraintSet.\n" + }, + "sqlInjectionMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/SqlInjectionMatchSetSqlInjectionMatchTuple:SqlInjectionMatchSetSqlInjectionMatchTuple" + }, + "description": "The parts of web requests that you want AWS WAF to inspect for malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/webAcl:WebAcl": { + "description": "Provides a WAF Regional Web ACL Resource for use with Application Load Balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Regular Rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n}]});\nconst wafrule = new aws.wafregional.Rule(\"wafrule\", {\n metricName: \"tfWAFRule\",\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n});\nconst wafacl = new aws.wafregional.WebAcl(\"wafacl\", {\n metricName: \"tfWebACL\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n action: {\n type: \"BLOCK\",\n },\n priority: 1,\n ruleId: wafrule.id,\n type: \"REGULAR\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.wafregional.IpSet(\"ipset\", ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n)])\nwafrule = aws.wafregional.Rule(\"wafrule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.wafregional.RulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )])\nwafacl = aws.wafregional.WebAcl(\"wafacl\",\n metric_name=\"tfWebACL\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n action=aws.wafregional.WebAclRuleActionArgs(\n type=\"BLOCK\",\n ),\n priority=1,\n rule_id=wafrule.id,\n type=\"REGULAR\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new Aws.WafRegional.IpSetArgs\n {\n IpSetDescriptors = \n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n var wafrule = new Aws.WafRegional.Rule(\"wafrule\", new Aws.WafRegional.RuleArgs\n {\n MetricName = \"tfWAFRule\",\n Predicates = \n {\n new Aws.WafRegional.Inputs.RulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n });\n var wafacl = new Aws.WafRegional.WebAcl(\"wafacl\", new Aws.WafRegional.WebAclArgs\n {\n MetricName = \"tfWebACL\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = \n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs\n {\n Type = \"BLOCK\",\n },\n Priority = 1,\n RuleId = wafrule.Id,\n Type = \"REGULAR\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := wafregional.NewIpSet(ctx, \"ipset\", &wafregional.IpSetArgs{\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t&wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\twafrule, err := wafregional.NewRule(ctx, \"wafrule\", &wafregional.RuleArgs{\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: wafregional.RulePredicateArray{\n\t\t\t\t&wafregional.RulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAcl(ctx, \"wafacl\", &wafregional.WebAclArgs{\n\t\t\tMetricName: pulumi.String(\"tfWebACL\"),\n\t\t\tDefaultAction: &wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t&wafregional.WebAclRuleArgs{\n\t\t\t\t\tAction: &wafregional.WebAclRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BLOCK\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: wafrule.ID(),\n\t\t\t\t\tType: pulumi.String(\"REGULAR\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Group Rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafregional.WebAcl(\"example\", {\n metricName: \"example\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n priority: 1,\n ruleId: aws_wafregional_rule_group.example.id,\n type: \"GROUP\",\n overrideAction: {\n type: \"NONE\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafregional.WebAcl(\"example\",\n metric_name=\"example\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n priority=1,\n rule_id=aws_wafregional_rule_group[\"example\"][\"id\"],\n type=\"GROUP\",\n override_action=aws.wafregional.WebAclRuleOverrideActionArgs(\n type=\"NONE\",\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafRegional.WebAcl(\"example\", new Aws.WafRegional.WebAclArgs\n {\n MetricName = \"example\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = \n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Priority = 1,\n RuleId = aws_wafregional_rule_group.Example.Id,\n Type = \"GROUP\",\n OverrideAction = new Aws.WafRegional.Inputs.WebAclRuleOverrideActionArgs\n {\n Type = \"NONE\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewWebAcl(ctx, \"example\", &wafregional.WebAclArgs{\n\t\t\tMetricName: pulumi.String(\"example\"),\n\t\t\tDefaultAction: &wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t&wafregional.WebAclRuleArgs{\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: pulumi.Any(aws_wafregional_rule_group.Example.Id),\n\t\t\t\t\tType: pulumi.String(\"GROUP\"),\n\t\t\t\t\tOverrideAction: &wafregional.WebAclRuleOverrideActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"NONE\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Logging\n\n> *NOTE:* The Kinesis Firehose Delivery Stream name must begin with `aws-waf-logs-`. See the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) for more information about enabling WAF logging.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// ... other configuration ...\nconst example = new aws.wafregional.WebAcl(\"example\", {loggingConfiguration: {\n logDestination: aws_kinesis_firehose_delivery_stream.example.arn,\n redactedFields: {\n fieldToMatches: [\n {\n type: \"URI\",\n },\n {\n data: \"referer\",\n type: \"HEADER\",\n },\n ],\n },\n}});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\n# ... other configuration ...\nexample = aws.wafregional.WebAcl(\"example\", logging_configuration=aws.wafregional.WebAclLoggingConfigurationArgs(\n log_destination=aws_kinesis_firehose_delivery_stream[\"example\"][\"arn\"],\n redacted_fields=aws.wafregional.WebAclLoggingConfigurationRedactedFieldsArgs(\n field_to_matches=[\n aws.wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(\n type=\"URI\",\n ),\n aws.wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs(\n data=\"referer\",\n type=\"HEADER\",\n ),\n ],\n ),\n))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n // ... other configuration ...\n var example = new Aws.WafRegional.WebAcl(\"example\", new Aws.WafRegional.WebAclArgs\n {\n LoggingConfiguration = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationArgs\n {\n LogDestination = aws_kinesis_firehose_delivery_stream.Example.Arn,\n RedactedFields = new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsArgs\n {\n FieldToMatches = \n {\n new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs\n {\n Type = \"URI\",\n },\n new Aws.WafRegional.Inputs.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs\n {\n Data = \"referer\",\n Type = \"HEADER\",\n },\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewWebAcl(ctx, \"example\", &wafregional.WebAclArgs{\n\t\t\tLoggingConfiguration: &wafregional.WebAclLoggingConfigurationArgs{\n\t\t\t\tLogDestination: pulumi.Any(aws_kinesis_firehose_delivery_stream.Example.Arn),\n\t\t\t\tRedactedFields: &wafregional.WebAclLoggingConfigurationRedactedFieldsArgs{\n\t\t\t\t\tFieldToMatches: wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArray{\n\t\t\t\t\t\t&wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{\n\t\t\t\t\t\t\tType: pulumi.String(\"URI\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t&wafregional.WebAclLoggingConfigurationRedactedFieldsFieldToMatchArgs{\n\t\t\t\t\t\t\tData: pulumi.String(\"referer\"),\n\t\t\t\t\t\t\tType: pulumi.String(\"HEADER\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regional Web ACL can be imported using the id, e.g.\n\n```sh\n $ pulumi import aws:wafregional/webAcl:WebAcl wafacl a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the WAF Regional WebACL.\n" + }, + "defaultAction": { + "$ref": "#/types/aws:wafregional/WebAclDefaultAction:WebAclDefaultAction", + "description": "The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:wafregional/WebAclLoggingConfiguration:WebAclLoggingConfiguration", + "description": "Configuration block to enable WAF logging. Detailed below.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this web ACL.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the web ACL.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/WebAclRule:WebAclRule" + }, + "description": "Set of configuration blocks containing rules for the web ACL. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "defaultAction", + "metricName", + "name", + "tagsAll" + ], + "inputProperties": { + "defaultAction": { + "$ref": "#/types/aws:wafregional/WebAclDefaultAction:WebAclDefaultAction", + "description": "The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:wafregional/WebAclLoggingConfiguration:WebAclLoggingConfiguration", + "description": "Configuration block to enable WAF logging. Detailed below.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this web ACL.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the web ACL.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/WebAclRule:WebAclRule" + }, + "description": "Set of configuration blocks containing rules for the web ACL. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "defaultAction", + "metricName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering WebAcl resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the WAF Regional WebACL.\n" + }, + "defaultAction": { + "$ref": "#/types/aws:wafregional/WebAclDefaultAction:WebAclDefaultAction", + "description": "The action that you want AWS WAF Regional to take when a request doesn't match the criteria in any of the rules that are associated with the web ACL.\n" + }, + "loggingConfiguration": { + "$ref": "#/types/aws:wafregional/WebAclLoggingConfiguration:WebAclLoggingConfiguration", + "description": "Configuration block to enable WAF logging. Detailed below.\n" + }, + "metricName": { + "type": "string", + "description": "The name or description for the Amazon CloudWatch metric of this web ACL.\n" + }, + "name": { + "type": "string", + "description": "The name or description of the web ACL.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/WebAclRule:WebAclRule" + }, + "description": "Set of configuration blocks containing rules for the web ACL. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/webAclAssociation:WebAclAssociation": { + "description": "Manages an association with WAF Regional Web ACL.\n\n> **Note:** An Application Load Balancer can only be associated with one WAF Regional WebACL.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Application Load Balancer Association\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ipset = new aws.wafregional.IpSet(\"ipset\", {ipSetDescriptors: [{\n type: \"IPV4\",\n value: \"192.0.7.0/24\",\n}]});\nconst fooRule = new aws.wafregional.Rule(\"fooRule\", {\n metricName: \"tfWAFRule\",\n predicates: [{\n dataId: ipset.id,\n negated: false,\n type: \"IPMatch\",\n }],\n});\nconst fooWebAcl = new aws.wafregional.WebAcl(\"fooWebAcl\", {\n metricName: \"foo\",\n defaultAction: {\n type: \"ALLOW\",\n },\n rules: [{\n action: {\n type: \"BLOCK\",\n },\n priority: 1,\n ruleId: fooRule.id,\n }],\n});\nconst fooVpc = new aws.ec2.Vpc(\"fooVpc\", {cidrBlock: \"10.1.0.0/16\"});\nconst available = aws.getAvailabilityZones({});\nconst fooSubnet = new aws.ec2.Subnet(\"fooSubnet\", {\n vpcId: fooVpc.id,\n cidrBlock: \"10.1.1.0/24\",\n availabilityZone: available.then(available => available.names?[0]),\n});\nconst bar = new aws.ec2.Subnet(\"bar\", {\n vpcId: fooVpc.id,\n cidrBlock: \"10.1.2.0/24\",\n availabilityZone: available.then(available => available.names?[1]),\n});\nconst fooLoadBalancer = new aws.alb.LoadBalancer(\"fooLoadBalancer\", {\n internal: true,\n subnets: [\n fooSubnet.id,\n bar.id,\n ],\n});\nconst fooWebAclAssociation = new aws.wafregional.WebAclAssociation(\"fooWebAclAssociation\", {\n resourceArn: fooLoadBalancer.arn,\n webAclId: fooWebAcl.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nipset = aws.wafregional.IpSet(\"ipset\", ip_set_descriptors=[aws.wafregional.IpSetIpSetDescriptorArgs(\n type=\"IPV4\",\n value=\"192.0.7.0/24\",\n)])\nfoo_rule = aws.wafregional.Rule(\"fooRule\",\n metric_name=\"tfWAFRule\",\n predicates=[aws.wafregional.RulePredicateArgs(\n data_id=ipset.id,\n negated=False,\n type=\"IPMatch\",\n )])\nfoo_web_acl = aws.wafregional.WebAcl(\"fooWebAcl\",\n metric_name=\"foo\",\n default_action=aws.wafregional.WebAclDefaultActionArgs(\n type=\"ALLOW\",\n ),\n rules=[aws.wafregional.WebAclRuleArgs(\n action=aws.wafregional.WebAclRuleActionArgs(\n type=\"BLOCK\",\n ),\n priority=1,\n rule_id=foo_rule.id,\n )])\nfoo_vpc = aws.ec2.Vpc(\"fooVpc\", cidr_block=\"10.1.0.0/16\")\navailable = aws.get_availability_zones()\nfoo_subnet = aws.ec2.Subnet(\"fooSubnet\",\n vpc_id=foo_vpc.id,\n cidr_block=\"10.1.1.0/24\",\n availability_zone=available.names[0])\nbar = aws.ec2.Subnet(\"bar\",\n vpc_id=foo_vpc.id,\n cidr_block=\"10.1.2.0/24\",\n availability_zone=available.names[1])\nfoo_load_balancer = aws.alb.LoadBalancer(\"fooLoadBalancer\",\n internal=True,\n subnets=[\n foo_subnet.id,\n bar.id,\n ])\nfoo_web_acl_association = aws.wafregional.WebAclAssociation(\"fooWebAclAssociation\",\n resource_arn=foo_load_balancer.arn,\n web_acl_id=foo_web_acl.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ipset = new Aws.WafRegional.IpSet(\"ipset\", new Aws.WafRegional.IpSetArgs\n {\n IpSetDescriptors = \n {\n new Aws.WafRegional.Inputs.IpSetIpSetDescriptorArgs\n {\n Type = \"IPV4\",\n Value = \"192.0.7.0/24\",\n },\n },\n });\n var fooRule = new Aws.WafRegional.Rule(\"fooRule\", new Aws.WafRegional.RuleArgs\n {\n MetricName = \"tfWAFRule\",\n Predicates = \n {\n new Aws.WafRegional.Inputs.RulePredicateArgs\n {\n DataId = ipset.Id,\n Negated = false,\n Type = \"IPMatch\",\n },\n },\n });\n var fooWebAcl = new Aws.WafRegional.WebAcl(\"fooWebAcl\", new Aws.WafRegional.WebAclArgs\n {\n MetricName = \"foo\",\n DefaultAction = new Aws.WafRegional.Inputs.WebAclDefaultActionArgs\n {\n Type = \"ALLOW\",\n },\n Rules = \n {\n new Aws.WafRegional.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafRegional.Inputs.WebAclRuleActionArgs\n {\n Type = \"BLOCK\",\n },\n Priority = 1,\n RuleId = fooRule.Id,\n },\n },\n });\n var fooVpc = new Aws.Ec2.Vpc(\"fooVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.1.0.0/16\",\n });\n var available = Output.Create(Aws.GetAvailabilityZones.InvokeAsync());\n var fooSubnet = new Aws.Ec2.Subnet(\"fooSubnet\", new Aws.Ec2.SubnetArgs\n {\n VpcId = fooVpc.Id,\n CidrBlock = \"10.1.1.0/24\",\n AvailabilityZone = available.Apply(available => available.Names?[0]),\n });\n var bar = new Aws.Ec2.Subnet(\"bar\", new Aws.Ec2.SubnetArgs\n {\n VpcId = fooVpc.Id,\n CidrBlock = \"10.1.2.0/24\",\n AvailabilityZone = available.Apply(available => available.Names?[1]),\n });\n var fooLoadBalancer = new Aws.Alb.LoadBalancer(\"fooLoadBalancer\", new Aws.Alb.LoadBalancerArgs\n {\n Internal = true,\n Subnets = \n {\n fooSubnet.Id,\n bar.Id,\n },\n });\n var fooWebAclAssociation = new Aws.WafRegional.WebAclAssociation(\"fooWebAclAssociation\", new Aws.WafRegional.WebAclAssociationArgs\n {\n ResourceArn = fooLoadBalancer.Arn,\n WebAclId = fooWebAcl.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/alb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tipset, err := wafregional.NewIpSet(ctx, \"ipset\", &wafregional.IpSetArgs{\n\t\t\tIpSetDescriptors: wafregional.IpSetIpSetDescriptorArray{\n\t\t\t\t&wafregional.IpSetIpSetDescriptorArgs{\n\t\t\t\t\tType: pulumi.String(\"IPV4\"),\n\t\t\t\t\tValue: pulumi.String(\"192.0.7.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooRule, err := wafregional.NewRule(ctx, \"fooRule\", &wafregional.RuleArgs{\n\t\t\tMetricName: pulumi.String(\"tfWAFRule\"),\n\t\t\tPredicates: wafregional.RulePredicateArray{\n\t\t\t\t&wafregional.RulePredicateArgs{\n\t\t\t\t\tDataId: ipset.ID(),\n\t\t\t\t\tNegated: pulumi.Bool(false),\n\t\t\t\t\tType: pulumi.String(\"IPMatch\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooWebAcl, err := wafregional.NewWebAcl(ctx, \"fooWebAcl\", &wafregional.WebAclArgs{\n\t\t\tMetricName: pulumi.String(\"foo\"),\n\t\t\tDefaultAction: &wafregional.WebAclDefaultActionArgs{\n\t\t\t\tType: pulumi.String(\"ALLOW\"),\n\t\t\t},\n\t\t\tRules: wafregional.WebAclRuleArray{\n\t\t\t\t&wafregional.WebAclRuleArgs{\n\t\t\t\t\tAction: &wafregional.WebAclRuleActionArgs{\n\t\t\t\t\t\tType: pulumi.String(\"BLOCK\"),\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tRuleId: fooRule.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooVpc, err := ec2.NewVpc(ctx, \"fooVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.1.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooSubnet, err := ec2.NewSubnet(ctx, \"fooSubnet\", &ec2.SubnetArgs{\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.1.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewSubnet(ctx, \"bar\", &ec2.SubnetArgs{\n\t\t\tVpcId: fooVpc.ID(),\n\t\t\tCidrBlock: pulumi.String(\"10.1.2.0/24\"),\n\t\t\tAvailabilityZone: pulumi.String(available.Names[1]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfooLoadBalancer, err := alb.NewLoadBalancer(ctx, \"fooLoadBalancer\", &alb.LoadBalancerArgs{\n\t\t\tInternal: pulumi.Bool(true),\n\t\t\tSubnets: pulumi.StringArray{\n\t\t\t\tfooSubnet.ID(),\n\t\t\t\tbar.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafregional.NewWebAclAssociation(ctx, \"fooWebAclAssociation\", &wafregional.WebAclAssociationArgs{\n\t\t\tResourceArn: fooLoadBalancer.Arn,\n\t\t\tWebAclId: fooWebAcl.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAF Regional Web ACL Association can be imported using their `web_acl_id:resource_arn`, e.g.\n\n```sh\n $ pulumi import aws:wafregional/webAclAssociation:WebAclAssociation foo web_acl_id:resource_arn\n```\n\n ", + "properties": { + "resourceArn": { + "type": "string", + "description": "ARN of the resource to associate with. For example, an Application Load Balancer or API Gateway Stage.\n" + }, + "webAclId": { + "type": "string", + "description": "The ID of the WAF Regional WebACL to create an association.\n" + } + }, + "required": [ + "resourceArn", + "webAclId" + ], + "inputProperties": { + "resourceArn": { + "type": "string", + "description": "ARN of the resource to associate with. For example, an Application Load Balancer or API Gateway Stage.\n" + }, + "webAclId": { + "type": "string", + "description": "The ID of the WAF Regional WebACL to create an association.\n" + } + }, + "requiredInputs": [ + "resourceArn", + "webAclId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering WebAclAssociation resources.\n", + "properties": { + "resourceArn": { + "type": "string", + "description": "ARN of the resource to associate with. For example, an Application Load Balancer or API Gateway Stage.\n" + }, + "webAclId": { + "type": "string", + "description": "The ID of the WAF Regional WebACL to create an association.\n" + } + }, + "type": "object" + } + }, + "aws:wafregional/xssMatchSet:XssMatchSet": { + "description": "Provides a WAF Regional XSS Match Set Resource for use with Application Load Balancer.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst xssMatchSet = new aws.wafregional.XssMatchSet(\"xss_match_set\", {\n xssMatchTuples: [\n {\n fieldToMatch: {\n type: \"URI\",\n },\n textTransformation: \"NONE\",\n },\n {\n fieldToMatch: {\n type: \"QUERY_STRING\",\n },\n textTransformation: \"NONE\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nxss_match_set = aws.wafregional.XssMatchSet(\"xssMatchSet\", xss_match_tuples=[\n aws.wafregional.XssMatchSetXssMatchTupleArgs(\n field_to_match=aws.wafregional.XssMatchSetXssMatchTupleFieldToMatchArgs(\n type=\"URI\",\n ),\n text_transformation=\"NONE\",\n ),\n aws.wafregional.XssMatchSetXssMatchTupleArgs(\n field_to_match=aws.wafregional.XssMatchSetXssMatchTupleFieldToMatchArgs(\n type=\"QUERY_STRING\",\n ),\n text_transformation=\"NONE\",\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var xssMatchSet = new Aws.WafRegional.XssMatchSet(\"xssMatchSet\", new Aws.WafRegional.XssMatchSetArgs\n {\n XssMatchTuples = \n {\n new Aws.WafRegional.Inputs.XssMatchSetXssMatchTupleArgs\n {\n FieldToMatch = new Aws.WafRegional.Inputs.XssMatchSetXssMatchTupleFieldToMatchArgs\n {\n Type = \"URI\",\n },\n TextTransformation = \"NONE\",\n },\n new Aws.WafRegional.Inputs.XssMatchSetXssMatchTupleArgs\n {\n FieldToMatch = new Aws.WafRegional.Inputs.XssMatchSetXssMatchTupleFieldToMatchArgs\n {\n Type = \"QUERY_STRING\",\n },\n TextTransformation = \"NONE\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.NewXssMatchSet(ctx, \"xssMatchSet\", &wafregional.XssMatchSetArgs{\n\t\t\tXssMatchTuples: wafregional.XssMatchSetXssMatchTupleArray{\n\t\t\t\t&wafregional.XssMatchSetXssMatchTupleArgs{\n\t\t\t\t\tFieldToMatch: &wafregional.XssMatchSetXssMatchTupleFieldToMatchArgs{\n\t\t\t\t\t\tType: pulumi.String(\"URI\"),\n\t\t\t\t\t},\n\t\t\t\t\tTextTransformation: pulumi.String(\"NONE\"),\n\t\t\t\t},\n\t\t\t\t&wafregional.XssMatchSetXssMatchTupleArgs{\n\t\t\t\t\tFieldToMatch: &wafregional.XssMatchSetXssMatchTupleFieldToMatchArgs{\n\t\t\t\t\t\tType: pulumi.String(\"QUERY_STRING\"),\n\t\t\t\t\t},\n\t\t\t\t\tTextTransformation: pulumi.String(\"NONE\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nAWS WAF Regional XSS Match can be imported using the `id`, e.g.\n\n```sh\n $ pulumi import aws:wafregional/xssMatchSet:XssMatchSet example 12345abcde\n```\n\n ", + "properties": { + "name": { + "type": "string", + "description": "The name of the set\n" + }, + "xssMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/XssMatchSetXssMatchTuple:XssMatchSetXssMatchTuple" + }, + "description": "The parts of web requests that you want to inspect for cross-site scripting attacks.\n" + } + }, + "required": [ + "name" + ], + "inputProperties": { + "name": { + "type": "string", + "description": "The name of the set\n" + }, + "xssMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/XssMatchSetXssMatchTuple:XssMatchSetXssMatchTuple" + }, + "description": "The parts of web requests that you want to inspect for cross-site scripting attacks.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering XssMatchSet resources.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the set\n" + }, + "xssMatchTuples": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafregional/XssMatchSetXssMatchTuple:XssMatchSetXssMatchTuple" + }, + "description": "The parts of web requests that you want to inspect for cross-site scripting attacks.\n" + } + }, + "type": "object" + } + }, + "aws:wafv2/ipSet:IpSet": { + "description": "Provides a WAFv2 IP Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.IpSet(\"example\", {\n addresses: [\n \"1.2.3.4/32\",\n \"5.6.7.8/32\",\n ],\n description: \"Example IP set\",\n ipAddressVersion: \"IPV4\",\n scope: \"REGIONAL\",\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.IpSet(\"example\",\n addresses=[\n \"1.2.3.4/32\",\n \"5.6.7.8/32\",\n ],\n description=\"Example IP set\",\n ip_address_version=\"IPV4\",\n scope=\"REGIONAL\",\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.IpSet(\"example\", new Aws.WafV2.IpSetArgs\n {\n Addresses = \n {\n \"1.2.3.4/32\",\n \"5.6.7.8/32\",\n },\n Description = \"Example IP set\",\n IpAddressVersion = \"IPV4\",\n Scope = \"REGIONAL\",\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewIpSet(ctx, \"example\", &wafv2.IpSetArgs{\n\t\t\tAddresses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"1.2.3.4/32\"),\n\t\t\t\tpulumi.String(\"5.6.7.8/32\"),\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Example IP set\"),\n\t\t\tIpAddressVersion: pulumi.String(\"IPV4\"),\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAFv2 IP Sets can be imported using `ID/name/scope`\n\n```sh\n $ pulumi import aws:wafv2/ipSet:IpSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc/example/REGIONAL\n```\n\n ", + "properties": { + "addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Contains an array of strings that specify one or more IP addresses or blocks of IP addresses in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports all address ranges for IP versions IPv4 and IPv6.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the cluster.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the IP set.\n" + }, + "ipAddressVersion": { + "type": "string", + "description": "Specify IPV4 or IPV6. Valid values are `IPV4` or `IPV6`.\n" + }, + "lockToken": { + "type": "string" + }, + "name": { + "type": "string", + "description": "A friendly name of the IP set.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the Region US East (N. Virginia).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An array of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "ipAddressVersion", + "lockToken", + "name", + "scope", + "tagsAll" + ], + "inputProperties": { + "addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Contains an array of strings that specify one or more IP addresses or blocks of IP addresses in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports all address ranges for IP versions IPv4 and IPv6.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the IP set.\n" + }, + "ipAddressVersion": { + "type": "string", + "description": "Specify IPV4 or IPV6. Valid values are `IPV4` or `IPV6`.\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the IP set.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the Region US East (N. Virginia).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An array of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "ipAddressVersion", + "scope" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering IpSet resources.\n", + "properties": { + "addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Contains an array of strings that specify one or more IP addresses or blocks of IP addresses in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports all address ranges for IP versions IPv4 and IPv6.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the cluster.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the IP set.\n" + }, + "ipAddressVersion": { + "type": "string", + "description": "Specify IPV4 or IPV6. Valid values are `IPV4` or `IPV6`.\n" + }, + "lockToken": { + "type": "string" + }, + "name": { + "type": "string", + "description": "A friendly name of the IP set.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the Region US East (N. Virginia).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An array of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:wafv2/regexPatternSet:RegexPatternSet": { + "description": "Provides an AWS WAFv2 Regex Pattern Set Resource\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.RegexPatternSet(\"example\", {\n description: \"Example regex pattern set\",\n regularExpressions: [\n {\n regexString: \"one\",\n },\n {\n regexString: \"two\",\n },\n ],\n scope: \"REGIONAL\",\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.RegexPatternSet(\"example\",\n description=\"Example regex pattern set\",\n regular_expressions=[\n aws.wafv2.RegexPatternSetRegularExpressionArgs(\n regex_string=\"one\",\n ),\n aws.wafv2.RegexPatternSetRegularExpressionArgs(\n regex_string=\"two\",\n ),\n ],\n scope=\"REGIONAL\",\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.RegexPatternSet(\"example\", new Aws.WafV2.RegexPatternSetArgs\n {\n Description = \"Example regex pattern set\",\n RegularExpressions = \n {\n new Aws.WafV2.Inputs.RegexPatternSetRegularExpressionArgs\n {\n RegexString = \"one\",\n },\n new Aws.WafV2.Inputs.RegexPatternSetRegularExpressionArgs\n {\n RegexString = \"two\",\n },\n },\n Scope = \"REGIONAL\",\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewRegexPatternSet(ctx, \"example\", &wafv2.RegexPatternSetArgs{\n\t\t\tDescription: pulumi.String(\"Example regex pattern set\"),\n\t\t\tRegularExpressions: wafv2.RegexPatternSetRegularExpressionArray{\n\t\t\t\t&wafv2.RegexPatternSetRegularExpressionArgs{\n\t\t\t\t\tRegexString: pulumi.String(\"one\"),\n\t\t\t\t},\n\t\t\t\t&wafv2.RegexPatternSetRegularExpressionArgs{\n\t\t\t\t\tRegexString: pulumi.String(\"two\"),\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAFv2 Regex Pattern Sets can be imported using `ID/name/scope` e.g.\n\n```sh\n $ pulumi import aws:wafv2/regexPatternSet:RegexPatternSet example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc/example/REGIONAL\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the cluster.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the regular expression pattern set.\n" + }, + "lockToken": { + "type": "string" + }, + "name": { + "type": "string", + "description": "A friendly name of the regular expression pattern set.\n" + }, + "regularExpressions": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RegexPatternSetRegularExpression:RegexPatternSetRegularExpression" + }, + "description": "One or more blocks of regular expression patterns that you want AWS WAF to search for, such as `B[a@]dB[o0]t`. See Regular Expression below for details.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An array of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "arn", + "lockToken", + "name", + "scope", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "A friendly description of the regular expression pattern set.\n" + }, + "name": { + "type": "string", + "description": "A friendly name of the regular expression pattern set.\n" + }, + "regularExpressions": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RegexPatternSetRegularExpression:RegexPatternSetRegularExpression" + }, + "description": "One or more blocks of regular expression patterns that you want AWS WAF to search for, such as `B[a@]dB[o0]t`. See Regular Expression below for details.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An array of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "requiredInputs": [ + "scope" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RegexPatternSet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the cluster.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the regular expression pattern set.\n" + }, + "lockToken": { + "type": "string" + }, + "name": { + "type": "string", + "description": "A friendly name of the regular expression pattern set.\n" + }, + "regularExpressions": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RegexPatternSetRegularExpression:RegexPatternSetRegularExpression" + }, + "description": "One or more blocks of regular expression patterns that you want AWS WAF to search for, such as `B[a@]dB[o0]t`. See Regular Expression below for details.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An array of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:wafv2/ruleGroup:RuleGroup": { + "description": "Creates a WAFv2 Rule Group resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Simple\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.RuleGroup(\"example\", {\n capacity: 2,\n rules: [{\n action: {\n allow: {},\n },\n name: \"rule-1\",\n priority: 1,\n statement: {\n geoMatchStatement: {\n countryCodes: [\n \"US\",\n \"NL\",\n ],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n scope: \"REGIONAL\",\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.RuleGroup(\"example\",\n capacity=2,\n rules=[aws.wafv2.RuleGroupRuleArgs(\n action=aws.wafv2.RuleGroupRuleActionArgs(\n allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),\n ),\n name=\"rule-1\",\n priority=1,\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(\n country_codes=[\n \"US\",\n \"NL\",\n ],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n scope=\"REGIONAL\",\n visibility_config=aws.wafv2.RuleGroupVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.RuleGroup(\"example\", new Aws.WafV2.RuleGroupArgs\n {\n Capacity = 2,\n Rules = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Allow = ,\n },\n Name = \"rule-1\",\n Priority = 1,\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n \"NL\",\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n Scope = \"REGIONAL\",\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewRuleGroup(ctx, \"example\", &wafv2.RuleGroupArgs{\n\t\t\tCapacity: pulumi.Int(2),\n\t\t\tRules: wafv2.RuleGroupRuleArray{\n\t\t\t\t&wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tAction: &wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tAllow: nil,\n\t\t\t\t\t},\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tStatement: &wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tGeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t\tpulumi.String(\"NL\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tVisibilityConfig: &wafv2.RuleGroupVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Complex\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testIpSet = new aws.wafv2.IpSet(\"testIpSet\", {\n scope: \"REGIONAL\",\n ipAddressVersion: \"IPV4\",\n addresses: [\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n ],\n});\nconst testRegexPatternSet = new aws.wafv2.RegexPatternSet(\"testRegexPatternSet\", {\n scope: \"REGIONAL\",\n regularExpressions: [{\n regexString: \"one\",\n }],\n});\nconst example = new aws.wafv2.RuleGroup(\"example\", {\n description: \"An rule group containing all statements\",\n scope: \"REGIONAL\",\n capacity: 500,\n rules: [\n {\n name: \"rule-1\",\n priority: 1,\n action: {\n block: {},\n },\n statement: {\n notStatement: {\n statements: [{\n andStatement: {\n statements: [\n {\n geoMatchStatement: {\n countryCodes: [\"US\"],\n },\n },\n {\n byteMatchStatement: {\n positionalConstraint: \"CONTAINS\",\n searchString: \"word\",\n fieldToMatch: {\n allQueryArguments: {},\n },\n textTransformations: [\n {\n priority: 5,\n type: \"CMD_LINE\",\n },\n {\n priority: 2,\n type: \"LOWERCASE\",\n },\n ],\n },\n },\n ],\n },\n }],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"rule-1\",\n sampledRequestsEnabled: false,\n },\n },\n {\n name: \"rule-2\",\n priority: 2,\n action: {\n count: {},\n },\n statement: {\n orStatement: {\n statements: [\n {\n sqliMatchStatement: {\n fieldToMatch: {\n body: {},\n },\n textTransformations: [\n {\n priority: 5,\n type: \"URL_DECODE\",\n },\n {\n priority: 4,\n type: \"HTML_ENTITY_DECODE\",\n },\n {\n priority: 3,\n type: \"COMPRESS_WHITE_SPACE\",\n },\n ],\n },\n },\n {\n xssMatchStatement: {\n fieldToMatch: {\n method: {},\n },\n textTransformations: [{\n priority: 2,\n type: \"NONE\",\n }],\n },\n },\n ],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"rule-2\",\n sampledRequestsEnabled: false,\n },\n },\n {\n name: \"rule-3\",\n priority: 3,\n action: {\n block: {},\n },\n statement: {\n sizeConstraintStatement: {\n comparisonOperator: \"GT\",\n size: 100,\n fieldToMatch: {\n singleQueryArgument: {\n name: \"username\",\n },\n },\n textTransformations: [{\n priority: 5,\n type: \"NONE\",\n }],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"rule-3\",\n sampledRequestsEnabled: false,\n },\n },\n {\n name: \"rule-4\",\n priority: 4,\n action: {\n block: {},\n },\n statement: {\n orStatement: {\n statements: [\n {\n ipSetReferenceStatement: {\n arn: testIpSet.arn,\n },\n },\n {\n regexPatternSetReferenceStatement: {\n arn: testRegexPatternSet.arn,\n fieldToMatch: {\n singleHeader: {\n name: \"referer\",\n },\n },\n textTransformations: [{\n priority: 2,\n type: \"NONE\",\n }],\n },\n },\n ],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"rule-4\",\n sampledRequestsEnabled: false,\n },\n },\n ],\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n tags: {\n Name: \"example-and-statement\",\n Code: \"123456\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_ip_set = aws.wafv2.IpSet(\"testIpSet\",\n scope=\"REGIONAL\",\n ip_address_version=\"IPV4\",\n addresses=[\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n ])\ntest_regex_pattern_set = aws.wafv2.RegexPatternSet(\"testRegexPatternSet\",\n scope=\"REGIONAL\",\n regular_expressions=[aws.wafv2.RegexPatternSetRegularExpressionArgs(\n regex_string=\"one\",\n )])\nexample = aws.wafv2.RuleGroup(\"example\",\n description=\"An rule group containing all statements\",\n scope=\"REGIONAL\",\n capacity=500,\n rules=[\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-1\",\n priority=1,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n block=aws.wafv2.RuleGroupRuleActionBlockArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n not_statement=aws.wafv2.RuleGroupRuleStatementNotStatementArgs(\n statements=[aws.wafv2.RuleGroupRuleStatementNotStatementStatementArgs(\n and_statement=aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementArgs(\n statements=[\n aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementArgs(\n country_codes=[\"US\"],\n ),\n ),\n aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs(\n byte_match_statement=aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementArgs(\n positional_constraint=\"CONTAINS\",\n search_string=\"word\",\n field_to_match=aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchArgs(\n all_query_arguments=aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchAllQueryArgumentsArgs(),\n ),\n text_transformations=[\n aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs(\n priority=5,\n type=\"CMD_LINE\",\n ),\n aws.wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs(\n priority=2,\n type=\"LOWERCASE\",\n ),\n ],\n ),\n ),\n ],\n ),\n )],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"rule-1\",\n sampled_requests_enabled=False,\n ),\n ),\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-2\",\n priority=2,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n count=aws.wafv2.RuleGroupRuleActionCountArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n or_statement=aws.wafv2.RuleGroupRuleStatementOrStatementArgs(\n statements=[\n aws.wafv2.RuleGroupRuleStatementOrStatementStatementArgs(\n sqli_match_statement=aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementArgs(\n field_to_match=aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchArgs(\n body=aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchBodyArgs(),\n ),\n text_transformations=[\n aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs(\n priority=5,\n type=\"URL_DECODE\",\n ),\n aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs(\n priority=4,\n type=\"HTML_ENTITY_DECODE\",\n ),\n aws.wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs(\n priority=3,\n type=\"COMPRESS_WHITE_SPACE\",\n ),\n ],\n ),\n ),\n aws.wafv2.RuleGroupRuleStatementOrStatementStatementArgs(\n xss_match_statement=aws.wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementArgs(\n field_to_match=aws.wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchArgs(\n method=aws.wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchMethodArgs(),\n ),\n text_transformations=[aws.wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformationArgs(\n priority=2,\n type=\"NONE\",\n )],\n ),\n ),\n ],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"rule-2\",\n sampled_requests_enabled=False,\n ),\n ),\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-3\",\n priority=3,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n block=aws.wafv2.RuleGroupRuleActionBlockArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n size_constraint_statement=aws.wafv2.RuleGroupRuleStatementSizeConstraintStatementArgs(\n comparison_operator=\"GT\",\n size=100,\n field_to_match=aws.wafv2.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs(\n single_query_argument=aws.wafv2.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs(\n name=\"username\",\n ),\n ),\n text_transformations=[aws.wafv2.RuleGroupRuleStatementSizeConstraintStatementTextTransformationArgs(\n priority=5,\n type=\"NONE\",\n )],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"rule-3\",\n sampled_requests_enabled=False,\n ),\n ),\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-4\",\n priority=4,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n block=aws.wafv2.RuleGroupRuleActionBlockArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n or_statement=aws.wafv2.RuleGroupRuleStatementOrStatementArgs(\n statements=[\n aws.wafv2.RuleGroupRuleStatementOrStatementStatementArgs(\n ip_set_reference_statement=aws.wafv2.RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementArgs(\n arn=test_ip_set.arn,\n ),\n ),\n aws.wafv2.RuleGroupRuleStatementOrStatementStatementArgs(\n regex_pattern_set_reference_statement=aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementArgs(\n arn=test_regex_pattern_set.arn,\n field_to_match=aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchArgs(\n single_header=aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs(\n name=\"referer\",\n ),\n ),\n text_transformations=[aws.wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformationArgs(\n priority=2,\n type=\"NONE\",\n )],\n ),\n ),\n ],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"rule-4\",\n sampled_requests_enabled=False,\n ),\n ),\n ],\n visibility_config=aws.wafv2.RuleGroupVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ),\n tags={\n \"Name\": \"example-and-statement\",\n \"Code\": \"123456\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testIpSet = new Aws.WafV2.IpSet(\"testIpSet\", new Aws.WafV2.IpSetArgs\n {\n Scope = \"REGIONAL\",\n IpAddressVersion = \"IPV4\",\n Addresses = \n {\n \"1.1.1.1/32\",\n \"2.2.2.2/32\",\n },\n });\n var testRegexPatternSet = new Aws.WafV2.RegexPatternSet(\"testRegexPatternSet\", new Aws.WafV2.RegexPatternSetArgs\n {\n Scope = \"REGIONAL\",\n RegularExpressions = \n {\n new Aws.WafV2.Inputs.RegexPatternSetRegularExpressionArgs\n {\n RegexString = \"one\",\n },\n },\n });\n var example = new Aws.WafV2.RuleGroup(\"example\", new Aws.WafV2.RuleGroupArgs\n {\n Description = \"An rule group containing all statements\",\n Scope = \"REGIONAL\",\n Capacity = 500,\n Rules = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-1\",\n Priority = 1,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Block = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n NotStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementArgs\n {\n Statements = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementArgs\n {\n AndStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementArgs\n {\n Statements = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n },\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs\n {\n ByteMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementArgs\n {\n PositionalConstraint = \"CONTAINS\",\n SearchString = \"word\",\n FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchArgs\n {\n AllQueryArguments = ,\n },\n TextTransformations = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs\n {\n Priority = 5,\n Type = \"CMD_LINE\",\n },\n new Aws.WafV2.Inputs.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs\n {\n Priority = 2,\n Type = \"LOWERCASE\",\n },\n },\n },\n },\n },\n },\n },\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"rule-1\",\n SampledRequestsEnabled = false,\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-2\",\n Priority = 2,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Count = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n OrStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementArgs\n {\n Statements = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementArgs\n {\n SqliMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementArgs\n {\n FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchArgs\n {\n Body = ,\n },\n TextTransformations = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs\n {\n Priority = 5,\n Type = \"URL_DECODE\",\n },\n new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs\n {\n Priority = 4,\n Type = \"HTML_ENTITY_DECODE\",\n },\n new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs\n {\n Priority = 3,\n Type = \"COMPRESS_WHITE_SPACE\",\n },\n },\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementArgs\n {\n XssMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementXssMatchStatementArgs\n {\n FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchArgs\n {\n Method = ,\n },\n TextTransformations = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformationArgs\n {\n Priority = 2,\n Type = \"NONE\",\n },\n },\n },\n },\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"rule-2\",\n SampledRequestsEnabled = false,\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-3\",\n Priority = 3,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Block = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n SizeConstraintStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementSizeConstraintStatementArgs\n {\n ComparisonOperator = \"GT\",\n Size = 100,\n FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs\n {\n SingleQueryArgument = new Aws.WafV2.Inputs.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs\n {\n Name = \"username\",\n },\n },\n TextTransformations = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleStatementSizeConstraintStatementTextTransformationArgs\n {\n Priority = 5,\n Type = \"NONE\",\n },\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"rule-3\",\n SampledRequestsEnabled = false,\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-4\",\n Priority = 4,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Block = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n OrStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementArgs\n {\n Statements = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementArgs\n {\n IpSetReferenceStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementArgs\n {\n Arn = testIpSet.Arn,\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementArgs\n {\n RegexPatternSetReferenceStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementArgs\n {\n Arn = testRegexPatternSet.Arn,\n FieldToMatch = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchArgs\n {\n SingleHeader = new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs\n {\n Name = \"referer\",\n },\n },\n TextTransformations = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformationArgs\n {\n Priority = 2,\n Type = \"NONE\",\n },\n },\n },\n },\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"rule-4\",\n SampledRequestsEnabled = false,\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n Tags = \n {\n { \"Name\", \"example-and-statement\" },\n { \"Code\", \"123456\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestIpSet, err := wafv2.NewIpSet(ctx, \"testIpSet\", &wafv2.IpSetArgs{\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tIpAddressVersion: pulumi.String(\"IPV4\"),\n\t\t\tAddresses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"1.1.1.1/32\"),\n\t\t\t\tpulumi.String(\"2.2.2.2/32\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttestRegexPatternSet, err := wafv2.NewRegexPatternSet(ctx, \"testRegexPatternSet\", &wafv2.RegexPatternSetArgs{\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tRegularExpressions: wafv2.RegexPatternSetRegularExpressionArray{\n\t\t\t\t&wafv2.RegexPatternSetRegularExpressionArgs{\n\t\t\t\t\tRegexString: pulumi.String(\"one\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafv2.NewRuleGroup(ctx, \"example\", &wafv2.RuleGroupArgs{\n\t\t\tDescription: pulumi.String(\"An rule group containing all statements\"),\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tCapacity: pulumi.Int(500),\n\t\t\tRules: wafv2.RuleGroupRuleArray{\n\t\t\t\t&wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tAction: &wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tBlock: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: &wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tNotStatement: &wafv2.RuleGroupRuleStatementNotStatementArgs{\n\t\t\t\t\t\t\tStatements: wafv2.RuleGroupRuleStatementNotStatementStatementArray{\n\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementNotStatementStatementArgs{\n\t\t\t\t\t\t\t\t\tAndStatement: &wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementArgs{\n\t\t\t\t\t\t\t\t\t\tStatements: wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArray{\n\t\t\t\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tGeoMatchStatement: &wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tByteMatchStatement: &wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementArgs{\n\t\t\t\t\t\t\t\t\t\t\t\t\tPositionalConstraint: pulumi.String(\"CONTAINS\"),\n\t\t\t\t\t\t\t\t\t\t\t\t\tSearchString: pulumi.String(\"word\"),\n\t\t\t\t\t\t\t\t\t\t\t\t\tFieldToMatch: &wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementFieldToMatchArgs{\n\t\t\t\t\t\t\t\t\t\t\t\t\t\tAllQueryArguments: nil,\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\tTextTransformations: wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArray{\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs{\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tPriority: pulumi.Int(5),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tType: pulumi.String(\"CMD_LINE\"),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementNotStatementStatementAndStatementStatementByteMatchStatementTextTransformationArgs{\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\tType: pulumi.String(\"LOWERCASE\"),\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"rule-1\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-2\"),\n\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\tAction: &wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: &wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tOrStatement: &wafv2.RuleGroupRuleStatementOrStatementArgs{\n\t\t\t\t\t\t\tStatements: wafv2.RuleGroupRuleStatementOrStatementStatementArray{\n\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementOrStatementStatementArgs{\n\t\t\t\t\t\t\t\t\tSqliMatchStatement: &wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementArgs{\n\t\t\t\t\t\t\t\t\t\tFieldToMatch: &wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementFieldToMatchArgs{\n\t\t\t\t\t\t\t\t\t\t\tBody: nil,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tTextTransformations: wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArray{\n\t\t\t\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tPriority: pulumi.Int(5),\n\t\t\t\t\t\t\t\t\t\t\t\tType: pulumi.String(\"URL_DECODE\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tPriority: pulumi.Int(4),\n\t\t\t\t\t\t\t\t\t\t\t\tType: pulumi.String(\"HTML_ENTITY_DECODE\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementOrStatementStatementSqliMatchStatementTextTransformationArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tPriority: pulumi.Int(3),\n\t\t\t\t\t\t\t\t\t\t\t\tType: pulumi.String(\"COMPRESS_WHITE_SPACE\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementOrStatementStatementArgs{\n\t\t\t\t\t\t\t\t\tXssMatchStatement: &wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementArgs{\n\t\t\t\t\t\t\t\t\t\tFieldToMatch: &wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementFieldToMatchArgs{\n\t\t\t\t\t\t\t\t\t\t\tMethod: nil,\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tTextTransformations: wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformationArray{\n\t\t\t\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementOrStatementStatementXssMatchStatementTextTransformationArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\t\t\t\t\t\t\t\tType: pulumi.String(\"NONE\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"rule-2\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-3\"),\n\t\t\t\t\tPriority: pulumi.Int(3),\n\t\t\t\t\tAction: &wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tBlock: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: &wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tSizeConstraintStatement: &wafv2.RuleGroupRuleStatementSizeConstraintStatementArgs{\n\t\t\t\t\t\t\tComparisonOperator: pulumi.String(\"GT\"),\n\t\t\t\t\t\t\tSize: pulumi.Int(100),\n\t\t\t\t\t\t\tFieldToMatch: &wafv2.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchArgs{\n\t\t\t\t\t\t\t\tSingleQueryArgument: &wafv2.RuleGroupRuleStatementSizeConstraintStatementFieldToMatchSingleQueryArgumentArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"username\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tTextTransformations: wafv2.RuleGroupRuleStatementSizeConstraintStatementTextTransformationArray{\n\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementSizeConstraintStatementTextTransformationArgs{\n\t\t\t\t\t\t\t\t\tPriority: pulumi.Int(5),\n\t\t\t\t\t\t\t\t\tType: pulumi.String(\"NONE\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"rule-3\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-4\"),\n\t\t\t\t\tPriority: pulumi.Int(4),\n\t\t\t\t\tAction: &wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tBlock: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: &wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tOrStatement: &wafv2.RuleGroupRuleStatementOrStatementArgs{\n\t\t\t\t\t\t\tStatements: wafv2.RuleGroupRuleStatementOrStatementStatementArray{\n\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementOrStatementStatementArgs{\n\t\t\t\t\t\t\t\t\tIpSetReferenceStatement: &wafv2.RuleGroupRuleStatementOrStatementStatementIpSetReferenceStatementArgs{\n\t\t\t\t\t\t\t\t\t\tArn: testIpSet.Arn,\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementOrStatementStatementArgs{\n\t\t\t\t\t\t\t\t\tRegexPatternSetReferenceStatement: &wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementArgs{\n\t\t\t\t\t\t\t\t\t\tArn: testRegexPatternSet.Arn,\n\t\t\t\t\t\t\t\t\t\tFieldToMatch: &wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchArgs{\n\t\t\t\t\t\t\t\t\t\t\tSingleHeader: &wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementFieldToMatchSingleHeaderArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tName: pulumi.String(\"referer\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\tTextTransformations: wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformationArray{\n\t\t\t\t\t\t\t\t\t\t\t&wafv2.RuleGroupRuleStatementOrStatementStatementRegexPatternSetReferenceStatementTextTransformationArgs{\n\t\t\t\t\t\t\t\t\t\t\t\tPriority: pulumi.Int(2),\n\t\t\t\t\t\t\t\t\t\t\t\tType: pulumi.String(\"NONE\"),\n\t\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"rule-4\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tVisibilityConfig: &wafv2.RuleGroupVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"example-and-statement\"),\n\t\t\t\t\"Code\": pulumi.String(\"123456\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAFv2 Rule Group can be imported using `ID/name/scope` e.g.\n\n```sh\n $ pulumi import aws:wafv2/ruleGroup:RuleGroup example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc/example/REGIONAL\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n" + }, + "capacity": { + "type": "integer", + "description": "The web ACL capacity units (WCUs) required for this rule group. See [here](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRuleGroup.html#API_CreateRuleGroup_RequestSyntax) for general information and [here](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statements-list.html) for capacity specific information.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the rule group.\n" + }, + "lockToken": { + "type": "string" + }, + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRule:RuleGroupRule" + }, + "description": "The rule blocks used to identify the web requests that you want to `allow`, `block`, or `count`. See Rules below for details.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An array of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "visibilityConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupVisibilityConfig:RuleGroupVisibilityConfig", + "description": "Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.\n" + } + }, + "required": [ + "arn", + "capacity", + "lockToken", + "name", + "scope", + "tagsAll", + "visibilityConfig" + ], + "inputProperties": { + "capacity": { + "type": "integer", + "description": "The web ACL capacity units (WCUs) required for this rule group. See [here](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRuleGroup.html#API_CreateRuleGroup_RequestSyntax) for general information and [here](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statements-list.html) for capacity specific information.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the rule group.\n" + }, + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRule:RuleGroupRule" + }, + "description": "The rule blocks used to identify the web requests that you want to `allow`, `block`, or `count`. See Rules below for details.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An array of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "visibilityConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupVisibilityConfig:RuleGroupVisibilityConfig", + "description": "Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.\n" + } + }, + "requiredInputs": [ + "capacity", + "scope", + "visibilityConfig" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering RuleGroup resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n" + }, + "capacity": { + "type": "integer", + "description": "The web ACL capacity units (WCUs) required for this rule group. See [here](https://docs.aws.amazon.com/waf/latest/APIReference/API_CreateRuleGroup.html#API_CreateRuleGroup_RequestSyntax) for general information and [here](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statements-list.html) for capacity specific information.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the rule group.\n" + }, + "lockToken": { + "type": "string" + }, + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/RuleGroupRule:RuleGroupRule" + }, + "description": "The rule blocks used to identify the web requests that you want to `allow`, `block`, or `count`. See Rules below for details.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An array of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "visibilityConfig": { + "$ref": "#/types/aws:wafv2/RuleGroupVisibilityConfig:RuleGroupVisibilityConfig", + "description": "Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.\n" + } + }, + "type": "object" + } + }, + "aws:wafv2/webAcl:WebAcl": { + "description": "Creates a WAFv2 Web ACL resource.\n\n{{% examples %}}\n## Example Usage\n\nThis resource is based on `aws.wafv2.RuleGroup`, check the documentation of the `aws.wafv2.RuleGroup` resource to see examples of the various available statements.\n\n{{% example %}}\n### Managed Rule\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.WebAcl(\"example\", {\n defaultAction: {\n allow: {},\n },\n description: \"Example of a managed rule.\",\n rules: [{\n name: \"rule-1\",\n overrideAction: {\n count: {},\n },\n priority: 1,\n statement: {\n managedRuleGroupStatement: {\n excludedRules: [\n {\n name: \"SizeRestrictions_QUERYSTRING\",\n },\n {\n name: \"NoUserAgent_HEADER\",\n },\n ],\n name: \"AWSManagedRulesCommonRuleSet\",\n scopeDownStatement: {\n geoMatchStatement: {\n countryCodes: [\n \"US\",\n \"NL\",\n ],\n },\n },\n vendorName: \"AWS\",\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n scope: \"REGIONAL\",\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.WebAcl(\"example\",\n default_action=aws.wafv2.WebAclDefaultActionArgs(\n allow=aws.wafv2.WebAclDefaultActionAllowArgs(),\n ),\n description=\"Example of a managed rule.\",\n rules=[aws.wafv2.WebAclRuleArgs(\n name=\"rule-1\",\n override_action=aws.wafv2.WebAclRuleOverrideActionArgs(\n count=aws.wafv2.WebAclRuleOverrideActionCountArgs(),\n ),\n priority=1,\n statement=aws.wafv2.WebAclRuleStatementArgs(\n managed_rule_group_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs(\n excluded_rule=[\n {\n \"name\": \"SizeRestrictions_QUERYSTRING\",\n },\n {\n \"name\": \"NoUserAgent_HEADER\",\n },\n ],\n name=\"AWSManagedRulesCommonRuleSet\",\n scope_down_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs(\n geo_match_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs(\n country_codes=[\n \"US\",\n \"NL\",\n ],\n ),\n ),\n vendor_name=\"AWS\",\n ),\n ),\n visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n scope=\"REGIONAL\",\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.WebAcl(\"example\", new Aws.WafV2.WebAclArgs\n {\n DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs\n {\n Allow = ,\n },\n Description = \"Example of a managed rule.\",\n Rules = \n {\n new Aws.WafV2.Inputs.WebAclRuleArgs\n {\n Name = \"rule-1\",\n OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs\n {\n Count = ,\n },\n Priority = 1,\n Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs\n {\n ManagedRuleGroupStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementArgs\n {\n ExcludedRule = \n {\n \n {\n { \"name\", \"SizeRestrictions_QUERYSTRING\" },\n },\n \n {\n { \"name\", \"NoUserAgent_HEADER\" },\n },\n },\n Name = \"AWSManagedRulesCommonRuleSet\",\n ScopeDownStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n \"NL\",\n },\n },\n },\n VendorName = \"AWS\",\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n Scope = \"REGIONAL\",\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewWebAcl(ctx, \"example\", &wafv2.WebAclArgs{\n\t\t\tDefaultAction: &wafv2.WebAclDefaultActionArgs{\n\t\t\t\tAllow: nil,\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Example of a managed rule.\"),\n\t\t\tRules: wafv2.WebAclRuleArray{\n\t\t\t\t&wafv2.WebAclRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tOverrideAction: &wafv2.WebAclRuleOverrideActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tStatement: &wafv2.WebAclRuleStatementArgs{\n\t\t\t\t\t\tManagedRuleGroupStatement: &wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs{\n\t\t\t\t\t\t\tExcludedRule: []map[string]interface{}{\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"name\": \"SizeRestrictions_QUERYSTRING\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\t\t\t\t\"name\": \"NoUserAgent_HEADER\",\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tName: pulumi.String(\"AWSManagedRulesCommonRuleSet\"),\n\t\t\t\t\t\t\tScopeDownStatement: &wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementArgs{\n\t\t\t\t\t\t\t\tGeoMatchStatement: &wafv2.WebAclRuleStatementManagedRuleGroupStatementScopeDownStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"NL\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\tVendorName: pulumi.String(\"AWS\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tVisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Rate Based\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.WebAcl(\"example\", {\n defaultAction: {\n block: {},\n },\n description: \"Example of a rate based statement.\",\n rules: [{\n action: {\n count: {},\n },\n name: \"rule-1\",\n priority: 1,\n statement: {\n rateBasedStatement: {\n aggregateKeyType: \"IP\",\n limit: 10000,\n scopeDownStatement: {\n geoMatchStatement: {\n countryCodes: [\n \"US\",\n \"NL\",\n ],\n },\n },\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n scope: \"REGIONAL\",\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.WebAcl(\"example\",\n default_action=aws.wafv2.WebAclDefaultActionArgs(\n block=aws.wafv2.WebAclDefaultActionBlockArgs(),\n ),\n description=\"Example of a rate based statement.\",\n rules=[aws.wafv2.WebAclRuleArgs(\n action=aws.wafv2.WebAclRuleActionArgs(\n count=aws.wafv2.WebAclRuleActionCountArgs(),\n ),\n name=\"rule-1\",\n priority=1,\n statement=aws.wafv2.WebAclRuleStatementArgs(\n rate_based_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementArgs(\n aggregate_key_type=\"IP\",\n limit=10000,\n scope_down_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs(\n geo_match_statement=aws.wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs(\n country_codes=[\n \"US\",\n \"NL\",\n ],\n ),\n ),\n ),\n ),\n visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n scope=\"REGIONAL\",\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.WebAcl(\"example\", new Aws.WafV2.WebAclArgs\n {\n DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs\n {\n Block = ,\n },\n Description = \"Example of a rate based statement.\",\n Rules = \n {\n new Aws.WafV2.Inputs.WebAclRuleArgs\n {\n Action = new Aws.WafV2.Inputs.WebAclRuleActionArgs\n {\n Count = ,\n },\n Name = \"rule-1\",\n Priority = 1,\n Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs\n {\n RateBasedStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementArgs\n {\n AggregateKeyType = \"IP\",\n Limit = 10000,\n ScopeDownStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n \"NL\",\n },\n },\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n Scope = \"REGIONAL\",\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewWebAcl(ctx, \"example\", &wafv2.WebAclArgs{\n\t\t\tDefaultAction: &wafv2.WebAclDefaultActionArgs{\n\t\t\t\tBlock: nil,\n\t\t\t},\n\t\t\tDescription: pulumi.String(\"Example of a rate based statement.\"),\n\t\t\tRules: wafv2.WebAclRuleArray{\n\t\t\t\t&wafv2.WebAclRuleArgs{\n\t\t\t\t\tAction: &wafv2.WebAclRuleActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tStatement: &wafv2.WebAclRuleStatementArgs{\n\t\t\t\t\t\tRateBasedStatement: &wafv2.WebAclRuleStatementRateBasedStatementArgs{\n\t\t\t\t\t\t\tAggregateKeyType: pulumi.String(\"IP\"),\n\t\t\t\t\t\t\tLimit: pulumi.Int(10000),\n\t\t\t\t\t\t\tScopeDownStatement: &wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementArgs{\n\t\t\t\t\t\t\t\tGeoMatchStatement: &wafv2.WebAclRuleStatementRateBasedStatementScopeDownStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t\t\t\tpulumi.String(\"NL\"),\n\t\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tVisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Rule Group Reference\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.RuleGroup(\"example\", {\n capacity: 10,\n scope: \"REGIONAL\",\n rules: [\n {\n name: \"rule-1\",\n priority: 1,\n action: {\n count: {},\n },\n statement: {\n geoMatchStatement: {\n countryCodes: [\"NL\"],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n },\n {\n name: \"rule-to-exclude-a\",\n priority: 10,\n action: {\n allow: {},\n },\n statement: {\n geoMatchStatement: {\n countryCodes: [\"US\"],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n },\n {\n name: \"rule-to-exclude-b\",\n priority: 15,\n action: {\n allow: {},\n },\n statement: {\n geoMatchStatement: {\n countryCodes: [\"GB\"],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n },\n ],\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\nconst test = new aws.wafv2.WebAcl(\"test\", {\n scope: \"REGIONAL\",\n defaultAction: {\n block: {},\n },\n rules: [{\n name: \"rule-1\",\n priority: 1,\n overrideAction: {\n count: {},\n },\n statement: {\n ruleGroupReferenceStatement: {\n arn: example.arn,\n excludedRules: [\n {\n name: \"rule-to-exclude-b\",\n },\n {\n name: \"rule-to-exclude-a\",\n },\n ],\n },\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-rule-metric-name\",\n sampledRequestsEnabled: false,\n },\n }],\n tags: {\n Tag1: \"Value1\",\n Tag2: \"Value2\",\n },\n visibilityConfig: {\n cloudwatchMetricsEnabled: false,\n metricName: \"friendly-metric-name\",\n sampledRequestsEnabled: false,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.RuleGroup(\"example\",\n capacity=10,\n scope=\"REGIONAL\",\n rules=[\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-1\",\n priority=1,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n count=aws.wafv2.RuleGroupRuleActionCountArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(\n country_codes=[\"NL\"],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n ),\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-to-exclude-a\",\n priority=10,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(\n country_codes=[\"US\"],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n ),\n aws.wafv2.RuleGroupRuleArgs(\n name=\"rule-to-exclude-b\",\n priority=15,\n action=aws.wafv2.RuleGroupRuleActionArgs(\n allow=aws.wafv2.RuleGroupRuleActionAllowArgs(),\n ),\n statement=aws.wafv2.RuleGroupRuleStatementArgs(\n geo_match_statement=aws.wafv2.RuleGroupRuleStatementGeoMatchStatementArgs(\n country_codes=[\"GB\"],\n ),\n ),\n visibility_config=aws.wafv2.RuleGroupRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n ),\n ],\n visibility_config=aws.wafv2.RuleGroupVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\ntest = aws.wafv2.WebAcl(\"test\",\n scope=\"REGIONAL\",\n default_action=aws.wafv2.WebAclDefaultActionArgs(\n block=aws.wafv2.WebAclDefaultActionBlockArgs(),\n ),\n rules=[aws.wafv2.WebAclRuleArgs(\n name=\"rule-1\",\n priority=1,\n override_action=aws.wafv2.WebAclRuleOverrideActionArgs(\n count=aws.wafv2.WebAclRuleOverrideActionCountArgs(),\n ),\n statement=aws.wafv2.WebAclRuleStatementArgs(\n rule_group_reference_statement=aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs(\n arn=example.arn,\n excluded_rules=[\n aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs(\n name=\"rule-to-exclude-b\",\n ),\n aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs(\n name=\"rule-to-exclude-a\",\n ),\n ],\n ),\n ),\n visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-rule-metric-name\",\n sampled_requests_enabled=False,\n ),\n )],\n tags={\n \"Tag1\": \"Value1\",\n \"Tag2\": \"Value2\",\n },\n visibility_config=aws.wafv2.WebAclVisibilityConfigArgs(\n cloudwatch_metrics_enabled=False,\n metric_name=\"friendly-metric-name\",\n sampled_requests_enabled=False,\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.RuleGroup(\"example\", new Aws.WafV2.RuleGroupArgs\n {\n Capacity = 10,\n Scope = \"REGIONAL\",\n Rules = \n {\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-1\",\n Priority = 1,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Count = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"NL\",\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-to-exclude-a\",\n Priority = 10,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Allow = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"US\",\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n new Aws.WafV2.Inputs.RuleGroupRuleArgs\n {\n Name = \"rule-to-exclude-b\",\n Priority = 15,\n Action = new Aws.WafV2.Inputs.RuleGroupRuleActionArgs\n {\n Allow = ,\n },\n Statement = new Aws.WafV2.Inputs.RuleGroupRuleStatementArgs\n {\n GeoMatchStatement = new Aws.WafV2.Inputs.RuleGroupRuleStatementGeoMatchStatementArgs\n {\n CountryCodes = \n {\n \"GB\",\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.RuleGroupVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n var test = new Aws.WafV2.WebAcl(\"test\", new Aws.WafV2.WebAclArgs\n {\n Scope = \"REGIONAL\",\n DefaultAction = new Aws.WafV2.Inputs.WebAclDefaultActionArgs\n {\n Block = ,\n },\n Rules = \n {\n new Aws.WafV2.Inputs.WebAclRuleArgs\n {\n Name = \"rule-1\",\n Priority = 1,\n OverrideAction = new Aws.WafV2.Inputs.WebAclRuleOverrideActionArgs\n {\n Count = ,\n },\n Statement = new Aws.WafV2.Inputs.WebAclRuleStatementArgs\n {\n RuleGroupReferenceStatement = new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementArgs\n {\n Arn = example.Arn,\n ExcludedRules = \n {\n new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs\n {\n Name = \"rule-to-exclude-b\",\n },\n new Aws.WafV2.Inputs.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs\n {\n Name = \"rule-to-exclude-a\",\n },\n },\n },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclRuleVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-rule-metric-name\",\n SampledRequestsEnabled = false,\n },\n },\n },\n Tags = \n {\n { \"Tag1\", \"Value1\" },\n { \"Tag2\", \"Value2\" },\n },\n VisibilityConfig = new Aws.WafV2.Inputs.WebAclVisibilityConfigArgs\n {\n CloudwatchMetricsEnabled = false,\n MetricName = \"friendly-metric-name\",\n SampledRequestsEnabled = false,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := wafv2.NewRuleGroup(ctx, \"example\", &wafv2.RuleGroupArgs{\n\t\t\tCapacity: pulumi.Int(10),\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tRules: wafv2.RuleGroupRuleArray{\n\t\t\t\t&wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tAction: &wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: &wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tGeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"NL\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-a\"),\n\t\t\t\t\tPriority: pulumi.Int(10),\n\t\t\t\t\tAction: &wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tAllow: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: &wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tGeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"US\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t&wafv2.RuleGroupRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-b\"),\n\t\t\t\t\tPriority: pulumi.Int(15),\n\t\t\t\t\tAction: &wafv2.RuleGroupRuleActionArgs{\n\t\t\t\t\t\tAllow: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: &wafv2.RuleGroupRuleStatementArgs{\n\t\t\t\t\t\tGeoMatchStatement: &wafv2.RuleGroupRuleStatementGeoMatchStatementArgs{\n\t\t\t\t\t\t\tCountryCodes: pulumi.StringArray{\n\t\t\t\t\t\t\t\tpulumi.String(\"GB\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.RuleGroupRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tVisibilityConfig: &wafv2.RuleGroupVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = wafv2.NewWebAcl(ctx, \"test\", &wafv2.WebAclArgs{\n\t\t\tScope: pulumi.String(\"REGIONAL\"),\n\t\t\tDefaultAction: &wafv2.WebAclDefaultActionArgs{\n\t\t\t\tBlock: nil,\n\t\t\t},\n\t\t\tRules: wafv2.WebAclRuleArray{\n\t\t\t\t&wafv2.WebAclRuleArgs{\n\t\t\t\t\tName: pulumi.String(\"rule-1\"),\n\t\t\t\t\tPriority: pulumi.Int(1),\n\t\t\t\t\tOverrideAction: &wafv2.WebAclRuleOverrideActionArgs{\n\t\t\t\t\t\tCount: nil,\n\t\t\t\t\t},\n\t\t\t\t\tStatement: &wafv2.WebAclRuleStatementArgs{\n\t\t\t\t\t\tRuleGroupReferenceStatement: &wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs{\n\t\t\t\t\t\t\tArn: example.Arn,\n\t\t\t\t\t\t\tExcludedRules: wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArray{\n\t\t\t\t\t\t\t\t&wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-b\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t\t&wafv2.WebAclRuleStatementRuleGroupReferenceStatementExcludedRuleArgs{\n\t\t\t\t\t\t\t\t\tName: pulumi.String(\"rule-to-exclude-a\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tVisibilityConfig: &wafv2.WebAclRuleVisibilityConfigArgs{\n\t\t\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\t\t\tMetricName: pulumi.String(\"friendly-rule-metric-name\"),\n\t\t\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Tag1\": pulumi.String(\"Value1\"),\n\t\t\t\t\"Tag2\": pulumi.String(\"Value2\"),\n\t\t\t},\n\t\t\tVisibilityConfig: &wafv2.WebAclVisibilityConfigArgs{\n\t\t\t\tCloudwatchMetricsEnabled: pulumi.Bool(false),\n\t\t\t\tMetricName: pulumi.String(\"friendly-metric-name\"),\n\t\t\t\tSampledRequestsEnabled: pulumi.Bool(false),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAFv2 Web ACLs can be imported using `ID/Name/Scope` e.g.\n\n```sh\n $ pulumi import aws:wafv2/webAcl:WebAcl example a1b2c3d4-d5f6-7777-8888-9999aaaabbbbcccc/example/REGIONAL\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n" + }, + "capacity": { + "type": "integer", + "description": "The web ACL capacity units (WCUs) currently being used by this web ACL.\n" + }, + "defaultAction": { + "$ref": "#/types/aws:wafv2/WebAclDefaultAction:WebAclDefaultAction", + "description": "The action to perform if none of the `rules` contained in the WebACL match. See Default Action below for details.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the WebACL.\n" + }, + "lockToken": { + "type": "string" + }, + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRule:WebAclRule" + }, + "description": "The rule blocks used to identify the web requests that you want to `allow`, `block`, or `count`. See Rules below for details.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An map of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "visibilityConfig": { + "$ref": "#/types/aws:wafv2/WebAclVisibilityConfig:WebAclVisibilityConfig", + "description": "Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.\n" + } + }, + "required": [ + "arn", + "capacity", + "defaultAction", + "lockToken", + "name", + "scope", + "tagsAll", + "visibilityConfig" + ], + "inputProperties": { + "defaultAction": { + "$ref": "#/types/aws:wafv2/WebAclDefaultAction:WebAclDefaultAction", + "description": "The action to perform if none of the `rules` contained in the WebACL match. See Default Action below for details.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the WebACL.\n" + }, + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRule:WebAclRule" + }, + "description": "The rule blocks used to identify the web requests that you want to `allow`, `block`, or `count`. See Rules below for details.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An map of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "visibilityConfig": { + "$ref": "#/types/aws:wafv2/WebAclVisibilityConfig:WebAclVisibilityConfig", + "description": "Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.\n" + } + }, + "requiredInputs": [ + "defaultAction", + "scope", + "visibilityConfig" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering WebAcl resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IP Set that this statement references.\n" + }, + "capacity": { + "type": "integer", + "description": "The web ACL capacity units (WCUs) currently being used by this web ACL.\n" + }, + "defaultAction": { + "$ref": "#/types/aws:wafv2/WebAclDefaultAction:WebAclDefaultAction", + "description": "The action to perform if none of the `rules` contained in the WebACL match. See Default Action below for details.\n" + }, + "description": { + "type": "string", + "description": "A friendly description of the WebACL.\n" + }, + "lockToken": { + "type": "string" + }, + "name": { + "type": "string", + "description": "The name of the custom header. For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-`, to avoid confusion with the headers that are already in the request. For example, for the header name `sample`, AWS WAF inserts the header `x-amzn-waf-sample`.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclRule:WebAclRule" + }, + "description": "The rule blocks used to identify the web requests that you want to `allow`, `block`, or `count`. See Rules below for details.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An map of key:value pairs to associate with the resource. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "visibilityConfig": { + "$ref": "#/types/aws:wafv2/WebAclVisibilityConfig:WebAclVisibilityConfig", + "description": "Defines and enables Amazon CloudWatch metrics and web request sample collection. See Visibility Configuration below for details.\n" + } + }, + "type": "object" + } + }, + "aws:wafv2/webAclAssociation:WebAclAssociation": { + "description": "Creates a WAFv2 Web ACL Association.\n\n> **NOTE on associating a WAFv2 Web ACL with a Cloudfront distribution:** Do not use this resource to associate a WAFv2 Web ACL with a Cloudfront Distribution. The [AWS API call backing this resource](https://docs.aws.amazon.com/waf/latest/APIReference/API_AssociateWebACL.html) notes that you should use the [`web_acl_id`][2] property on the [`cloudfront_distribution`][2] instead.\n\n[1]: https://docs.aws.amazon.com/waf/latest/APIReference/API_AssociateWebACL.html\n[2]: https://www.terraform.io/docs/providers/aws/r/cloudfront_distribution.html#web_acl_id\n\n\n## Import\n\nWAFv2 Web ACL Association can be imported using `WEB_ACL_ARN,RESOURCE_ARN` e.g.\n\n```sh\n $ pulumi import aws:wafv2/webAclAssociation:WebAclAssociation example arn:aws:wafv2:...7ce849ea,arn:aws:apigateway:...ages/name\n```\n\n ", + "properties": { + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the resource to associate with the web ACL. This must be an ARN of an Application Load Balancer or an Amazon API Gateway stage.\n" + }, + "webAclArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Web ACL that you want to associate with the resource.\n" + } + }, + "required": [ + "resourceArn", + "webAclArn" + ], + "inputProperties": { + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the resource to associate with the web ACL. This must be an ARN of an Application Load Balancer or an Amazon API Gateway stage.\n" + }, + "webAclArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Web ACL that you want to associate with the resource.\n" + } + }, + "requiredInputs": [ + "resourceArn", + "webAclArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering WebAclAssociation resources.\n", + "properties": { + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the resource to associate with the web ACL. This must be an ARN of an Application Load Balancer or an Amazon API Gateway stage.\n" + }, + "webAclArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Web ACL that you want to associate with the resource.\n" + } + }, + "type": "object" + } + }, + "aws:wafv2/webAclLoggingConfiguration:WebAclLoggingConfiguration": { + "description": "Creates a WAFv2 Web ACL Logging Configuration resource.\n\n> **Note:** To start logging from a WAFv2 Web ACL, an Amazon Kinesis Data Firehose (e.g. `aws.kinesis.FirehoseDeliveryStream` resourc must also be created with a PUT source (not a stream) and in the region that you are operating.\nIf you are capturing logs for Amazon CloudFront, always create the firehose in US East (N. Virginia).\nBe sure to give the data firehose a name that starts with the prefix `aws-waf-logs-`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### With Redacted Fields\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.WebAclLoggingConfiguration(\"example\", {\n logDestinationConfigs: [aws_kinesis_firehose_delivery_stream.example.arn],\n resourceArn: aws_wafv2_web_acl.example.arn,\n redactedFields: [{\n singleHeader: {\n name: \"user-agent\",\n },\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.WebAclLoggingConfiguration(\"example\",\n log_destination_configs=[aws_kinesis_firehose_delivery_stream[\"example\"][\"arn\"]],\n resource_arn=aws_wafv2_web_acl[\"example\"][\"arn\"],\n redacted_fields=[aws.wafv2.WebAclLoggingConfigurationRedactedFieldArgs(\n single_header=aws.wafv2.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs(\n name=\"user-agent\",\n ),\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.WebAclLoggingConfiguration(\"example\", new Aws.WafV2.WebAclLoggingConfigurationArgs\n {\n LogDestinationConfigs = \n {\n aws_kinesis_firehose_delivery_stream.Example.Arn,\n },\n ResourceArn = aws_wafv2_web_acl.Example.Arn,\n RedactedFields = \n {\n new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldArgs\n {\n SingleHeader = new Aws.WafV2.Inputs.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs\n {\n Name = \"user-agent\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewWebAclLoggingConfiguration(ctx, \"example\", &wafv2.WebAclLoggingConfigurationArgs{\n\t\t\tLogDestinationConfigs: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_kinesis_firehose_delivery_stream.Example.Arn),\n\t\t\t},\n\t\t\tResourceArn: pulumi.Any(aws_wafv2_web_acl.Example.Arn),\n\t\t\tRedactedFields: wafv2.WebAclLoggingConfigurationRedactedFieldArray{\n\t\t\t\t&wafv2.WebAclLoggingConfigurationRedactedFieldArgs{\n\t\t\t\t\tSingleHeader: &wafv2.WebAclLoggingConfigurationRedactedFieldSingleHeaderArgs{\n\t\t\t\t\t\tName: pulumi.String(\"user-agent\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### With Logging Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.wafv2.WebAclLoggingConfiguration(\"example\", {\n logDestinationConfigs: [aws_kinesis_firehose_delivery_stream.example.arn],\n resourceArn: aws_wafv2_web_acl.example.arn,\n loggingFilter: {\n defaultBehavior: \"KEEP\",\n filters: [\n {\n behavior: \"DROP\",\n conditions: [\n {\n actionCondition: {\n action: \"COUNT\",\n },\n },\n {\n labelNameCondition: {\n labelName: \"awswaf:111122223333:rulegroup:testRules:LabelNameZ\",\n },\n },\n ],\n requirement: \"MEETS_ALL\",\n },\n {\n behavior: \"KEEP\",\n conditions: [{\n actionCondition: {\n action: \"ALLOW\",\n },\n }],\n requirement: \"MEETS_ANY\",\n },\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.WebAclLoggingConfiguration(\"example\",\n log_destination_configs=[aws_kinesis_firehose_delivery_stream[\"example\"][\"arn\"]],\n resource_arn=aws_wafv2_web_acl[\"example\"][\"arn\"],\n logging_filter=aws.wafv2.WebAclLoggingConfigurationLoggingFilterArgs(\n default_behavior=\"KEEP\",\n filters=[\n aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs(\n behavior=\"DROP\",\n conditions=[\n aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs(\n action_condition=aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs(\n action=\"COUNT\",\n ),\n ),\n aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs(\n label_name_condition=aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs(\n label_name=\"awswaf:111122223333:rulegroup:testRules:LabelNameZ\",\n ),\n ),\n ],\n requirement=\"MEETS_ALL\",\n ),\n aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs(\n behavior=\"KEEP\",\n conditions=[aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs(\n action_condition=aws.wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs(\n action=\"ALLOW\",\n ),\n )],\n requirement=\"MEETS_ANY\",\n ),\n ],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WafV2.WebAclLoggingConfiguration(\"example\", new Aws.WafV2.WebAclLoggingConfigurationArgs\n {\n LogDestinationConfigs = \n {\n aws_kinesis_firehose_delivery_stream.Example.Arn,\n },\n ResourceArn = aws_wafv2_web_acl.Example.Arn,\n LoggingFilter = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterArgs\n {\n DefaultBehavior = \"KEEP\",\n Filters = \n {\n new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs\n {\n Behavior = \"DROP\",\n Conditions = \n {\n new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs\n {\n ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs\n {\n Action = \"COUNT\",\n },\n },\n new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs\n {\n LabelNameCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs\n {\n LabelName = \"awswaf:111122223333:rulegroup:testRules:LabelNameZ\",\n },\n },\n },\n Requirement = \"MEETS_ALL\",\n },\n new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterArgs\n {\n Behavior = \"KEEP\",\n Conditions = \n {\n new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs\n {\n ActionCondition = new Aws.WafV2.Inputs.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs\n {\n Action = \"ALLOW\",\n },\n },\n },\n Requirement = \"MEETS_ANY\",\n },\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.NewWebAclLoggingConfiguration(ctx, \"example\", &wafv2.WebAclLoggingConfigurationArgs{\n\t\t\tLogDestinationConfigs: pulumi.StringArray{\n\t\t\t\tpulumi.Any(aws_kinesis_firehose_delivery_stream.Example.Arn),\n\t\t\t},\n\t\t\tResourceArn: pulumi.Any(aws_wafv2_web_acl.Example.Arn),\n\t\t\tLoggingFilter: &wafv2.WebAclLoggingConfigurationLoggingFilterArgs{\n\t\t\t\tDefaultBehavior: pulumi.String(\"KEEP\"),\n\t\t\t\tFilters: wafv2.WebAclLoggingConfigurationLoggingFilterFilterArray{\n\t\t\t\t\t&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{\n\t\t\t\t\t\tBehavior: pulumi.String(\"DROP\"),\n\t\t\t\t\t\tConditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{\n\t\t\t\t\t\t\t&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{\n\t\t\t\t\t\t\t\tActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{\n\t\t\t\t\t\t\t\t\tAction: pulumi.String(\"COUNT\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{\n\t\t\t\t\t\t\t\tLabelNameCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionLabelNameConditionArgs{\n\t\t\t\t\t\t\t\t\tLabelName: pulumi.String(\"awswaf:111122223333:rulegroup:testRules:LabelNameZ\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRequirement: pulumi.String(\"MEETS_ALL\"),\n\t\t\t\t\t},\n\t\t\t\t\t&wafv2.WebAclLoggingConfigurationLoggingFilterFilterArgs{\n\t\t\t\t\t\tBehavior: pulumi.String(\"KEEP\"),\n\t\t\t\t\t\tConditions: wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArray{\n\t\t\t\t\t\t\t&wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionArgs{\n\t\t\t\t\t\t\t\tActionCondition: &wafv2.WebAclLoggingConfigurationLoggingFilterFilterConditionActionConditionArgs{\n\t\t\t\t\t\t\t\t\tAction: pulumi.String(\"ALLOW\"),\n\t\t\t\t\t\t\t\t},\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t\tRequirement: pulumi.String(\"MEETS_ANY\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWAFv2 Web ACL Logging Configurations can be imported using the WAFv2 Web ACL ARN e.g.\n\n```sh\n $ pulumi import aws:wafv2/webAclLoggingConfiguration:WebAclLoggingConfiguration example arn:aws:wafv2:us-west-2:123456789012:regional/webacl/test-logs/a1b2c3d4-5678-90ab-cdef\n```\n\n ", + "properties": { + "logDestinationConfigs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that you want to associate with the web ACL. Currently, only 1 ARN is supported.\n" + }, + "loggingFilter": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationLoggingFilter:WebAclLoggingConfigurationLoggingFilter", + "description": "A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.\n" + }, + "redactedFields": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationRedactedField:WebAclLoggingConfigurationRedactedField" + }, + "description": "The parts of the request that you want to keep out of the logs. Up to 100 `redacted_fields` blocks are supported. See Redacted Fields below for more details.\n" + }, + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the web ACL that you want to associate with `log_destination_configs`.\n" + } + }, + "required": [ + "logDestinationConfigs", + "resourceArn" + ], + "inputProperties": { + "logDestinationConfigs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that you want to associate with the web ACL. Currently, only 1 ARN is supported.\n" + }, + "loggingFilter": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationLoggingFilter:WebAclLoggingConfigurationLoggingFilter", + "description": "A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.\n" + }, + "redactedFields": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationRedactedField:WebAclLoggingConfigurationRedactedField" + }, + "description": "The parts of the request that you want to keep out of the logs. Up to 100 `redacted_fields` blocks are supported. See Redacted Fields below for more details.\n" + }, + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the web ACL that you want to associate with `log_destination_configs`.\n" + } + }, + "requiredInputs": [ + "logDestinationConfigs", + "resourceArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering WebAclLoggingConfiguration resources.\n", + "properties": { + "logDestinationConfigs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that you want to associate with the web ACL. Currently, only 1 ARN is supported.\n" + }, + "loggingFilter": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationLoggingFilter:WebAclLoggingConfigurationLoggingFilter", + "description": "A configuration block that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation. See Logging Filter below for more details.\n" + }, + "redactedFields": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/WebAclLoggingConfigurationRedactedField:WebAclLoggingConfigurationRedactedField" + }, + "description": "The parts of the request that you want to keep out of the logs. Up to 100 `redacted_fields` blocks are supported. See Redacted Fields below for more details.\n" + }, + "resourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the web ACL that you want to associate with `log_destination_configs`.\n" + } + }, + "type": "object" + } + }, + "aws:worklink/fleet:Fleet": { + "description": "\n\n## Import\n\nWorkLink can be imported using the ARN, e.g.\n\n```sh\n $ pulumi import aws:worklink/fleet:Fleet test arn:aws:worklink::123456789012:fleet/example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the created WorkLink Fleet.\n" + }, + "auditStreamArn": { + "type": "string", + "description": "The ARN of the Amazon Kinesis data stream that receives the audit events. Kinesis data stream name must begin with `\"AmazonWorkLink-\"`.\n" + }, + "companyCode": { + "type": "string", + "description": "The identifier used by users to sign in to the Amazon WorkLink app.\n" + }, + "createdTime": { + "type": "string", + "description": "The time that the fleet was created.\n" + }, + "deviceCaCertificate": { + "type": "string", + "description": "The certificate chain, including intermediate certificates and the root certificate authority certificate used to issue device certificates.\n" + }, + "displayName": { + "type": "string", + "description": "The name of the fleet.\n" + }, + "identityProvider": { + "$ref": "#/types/aws:worklink/FleetIdentityProvider:FleetIdentityProvider", + "description": "Provide this to allow manage the identity provider configuration for the fleet. Fields documented below.\n" + }, + "lastUpdatedTime": { + "type": "string", + "description": "The time that the fleet was last updated.\n" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "network": { + "$ref": "#/types/aws:worklink/FleetNetwork:FleetNetwork", + "description": "Provide this to allow manage the company network configuration for the fleet. Fields documented below.\n" + }, + "optimizeForEndUserLocation": { + "type": "boolean", + "description": "The option to optimize for better performance by routing traffic through the closest AWS Region to users, which may be outside of your home Region. Defaults to `true`.\n" + } + }, + "required": [ + "arn", + "companyCode", + "createdTime", + "lastUpdatedTime", + "name" + ], + "inputProperties": { + "auditStreamArn": { + "type": "string", + "description": "The ARN of the Amazon Kinesis data stream that receives the audit events. Kinesis data stream name must begin with `\"AmazonWorkLink-\"`.\n" + }, + "deviceCaCertificate": { + "type": "string", + "description": "The certificate chain, including intermediate certificates and the root certificate authority certificate used to issue device certificates.\n" + }, + "displayName": { + "type": "string", + "description": "The name of the fleet.\n" + }, + "identityProvider": { + "$ref": "#/types/aws:worklink/FleetIdentityProvider:FleetIdentityProvider", + "description": "Provide this to allow manage the identity provider configuration for the fleet. Fields documented below.\n" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "network": { + "$ref": "#/types/aws:worklink/FleetNetwork:FleetNetwork", + "description": "Provide this to allow manage the company network configuration for the fleet. Fields documented below.\n" + }, + "optimizeForEndUserLocation": { + "type": "boolean", + "description": "The option to optimize for better performance by routing traffic through the closest AWS Region to users, which may be outside of your home Region. Defaults to `true`.\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering Fleet resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the created WorkLink Fleet.\n" + }, + "auditStreamArn": { + "type": "string", + "description": "The ARN of the Amazon Kinesis data stream that receives the audit events. Kinesis data stream name must begin with `\"AmazonWorkLink-\"`.\n" + }, + "companyCode": { + "type": "string", + "description": "The identifier used by users to sign in to the Amazon WorkLink app.\n" + }, + "createdTime": { + "type": "string", + "description": "The time that the fleet was created.\n" + }, + "deviceCaCertificate": { + "type": "string", + "description": "The certificate chain, including intermediate certificates and the root certificate authority certificate used to issue device certificates.\n" + }, + "displayName": { + "type": "string", + "description": "The name of the fleet.\n" + }, + "identityProvider": { + "$ref": "#/types/aws:worklink/FleetIdentityProvider:FleetIdentityProvider", + "description": "Provide this to allow manage the identity provider configuration for the fleet. Fields documented below.\n" + }, + "lastUpdatedTime": { + "type": "string", + "description": "The time that the fleet was last updated.\n" + }, + "name": { + "type": "string", + "description": "A region-unique name for the AMI.\n" + }, + "network": { + "$ref": "#/types/aws:worklink/FleetNetwork:FleetNetwork", + "description": "Provide this to allow manage the company network configuration for the fleet. Fields documented below.\n" + }, + "optimizeForEndUserLocation": { + "type": "boolean", + "description": "The option to optimize for better performance by routing traffic through the closest AWS Region to users, which may be outside of your home Region. Defaults to `true`.\n" + } + }, + "type": "object" + } + }, + "aws:worklink/websiteCertificateAuthorityAssociation:WebsiteCertificateAuthorityAssociation": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * from \"fs\";\n\nconst example = new aws.worklink.Fleet(\"example\", {});\nconst test = new aws.worklink.WebsiteCertificateAuthorityAssociation(\"test\", {\n fleetArn: aws_worklink_fleet.test.arn,\n certificate: fs.readFileSync(\"certificate.pem\"),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.worklink.Fleet(\"example\")\ntest = aws.worklink.WebsiteCertificateAuthorityAssociation(\"test\",\n fleet_arn=aws_worklink_fleet[\"test\"][\"arn\"],\n certificate=(lambda path: open(path).read())(\"certificate.pem\"))\n```\n```csharp\nusing System.IO;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.WorkLink.Fleet(\"example\", new Aws.WorkLink.FleetArgs\n {\n });\n var test = new Aws.WorkLink.WebsiteCertificateAuthorityAssociation(\"test\", new Aws.WorkLink.WebsiteCertificateAuthorityAssociationArgs\n {\n FleetArn = aws_worklink_fleet.Test.Arn,\n Certificate = File.ReadAllText(\"certificate.pem\"),\n });\n }\n\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWorkLink Website Certificate Authority can be imported using `FLEET-ARN,WEBSITE-CA-ID`, e.g.\n\n```sh\n $ pulumi import aws:worklink/websiteCertificateAuthorityAssociation:WebsiteCertificateAuthorityAssociation example arn:aws:worklink::123456789012:fleet/example,abcdefghijk\n```\n\n ", + "properties": { + "certificate": { + "type": "string", + "description": "The root certificate of the Certificate Authority.\n" + }, + "displayName": { + "type": "string", + "description": "The certificate name to display.\n" + }, + "fleetArn": { + "type": "string", + "description": "The ARN of the fleet.\n" + }, + "websiteCaId": { + "type": "string", + "description": "A unique identifier for the Certificate Authority.\n" + } + }, + "required": [ + "certificate", + "fleetArn", + "websiteCaId" + ], + "inputProperties": { + "certificate": { + "type": "string", + "description": "The root certificate of the Certificate Authority.\n" + }, + "displayName": { + "type": "string", + "description": "The certificate name to display.\n" + }, + "fleetArn": { + "type": "string", + "description": "The ARN of the fleet.\n" + } + }, + "requiredInputs": [ + "certificate", + "fleetArn" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering WebsiteCertificateAuthorityAssociation resources.\n", + "properties": { + "certificate": { + "type": "string", + "description": "The root certificate of the Certificate Authority.\n" + }, + "displayName": { + "type": "string", + "description": "The certificate name to display.\n" + }, + "fleetArn": { + "type": "string", + "description": "The ARN of the fleet.\n" + }, + "websiteCaId": { + "type": "string", + "description": "A unique identifier for the Certificate Authority.\n" + } + }, + "type": "object" + } + }, + "aws:workspaces/directory:Directory": { + "description": "Provides a WorkSpaces directory in AWS WorkSpaces Service.\n\n> **NOTE:** AWS WorkSpaces service requires [`workspaces_DefaultRole`](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-access-control.html#create-default-role) IAM role to operate normally.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst workspaces = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"workspaces.amazonaws.com\"],\n }],\n }],\n});\nconst workspacesDefault = new aws.iam.Role(\"workspacesDefault\", {assumeRolePolicy: workspaces.then(workspaces => workspaces.json)});\nconst workspacesDefaultServiceAccess = new aws.iam.RolePolicyAttachment(\"workspacesDefaultServiceAccess\", {\n role: workspacesDefault.name,\n policyArn: \"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\",\n});\nconst workspacesDefaultSelfServiceAccess = new aws.iam.RolePolicyAttachment(\"workspacesDefaultSelfServiceAccess\", {\n role: workspacesDefault.name,\n policyArn: \"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\",\n});\nconst exampleVpc = new aws.ec2.Vpc(\"exampleVpc\", {cidrBlock: \"10.0.0.0/16\"});\nconst exampleC = new aws.ec2.Subnet(\"exampleC\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1c\",\n cidrBlock: \"10.0.2.0/24\",\n});\nconst exampleD = new aws.ec2.Subnet(\"exampleD\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1d\",\n cidrBlock: \"10.0.3.0/24\",\n});\nconst exampleDirectory = new aws.workspaces.Directory(\"exampleDirectory\", {\n directoryId: exampleDirectoryservice / directoryDirectory.id,\n subnetIds: [\n exampleC.id,\n exampleD.id,\n ],\n tags: {\n Example: true,\n },\n selfServicePermissions: {\n changeComputeType: true,\n increaseVolumeSize: true,\n rebuildWorkspace: true,\n restartWorkspace: true,\n switchRunningMode: true,\n },\n workspaceAccessProperties: {\n deviceTypeAndroid: \"ALLOW\",\n deviceTypeChromeos: \"ALLOW\",\n deviceTypeIos: \"ALLOW\",\n deviceTypeOsx: \"ALLOW\",\n deviceTypeWeb: \"DENY\",\n deviceTypeWindows: \"DENY\",\n deviceTypeZeroclient: \"DENY\",\n },\n workspaceCreationProperties: {\n customSecurityGroupId: aws_security_group.example.id,\n defaultOu: \"OU=AWS,DC=Workgroup,DC=Example,DC=com\",\n enableInternetAccess: true,\n enableMaintenanceMode: true,\n userEnabledAsLocalAdministrator: true,\n },\n}, {\n dependsOn: [\n workspacesDefaultServiceAccess,\n workspacesDefaultSelfServiceAccess,\n ],\n});\nconst exampleA = new aws.ec2.Subnet(\"exampleA\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1a\",\n cidrBlock: \"10.0.0.0/24\",\n});\nconst exampleB = new aws.ec2.Subnet(\"exampleB\", {\n vpcId: exampleVpc.id,\n availabilityZone: \"us-east-1b\",\n cidrBlock: \"10.0.1.0/24\",\n});\nconst exampleDirectoryservice_directoryDirectory = new aws.directoryservice.Directory(\"exampleDirectoryservice/directoryDirectory\", {\n name: \"corp.example.com\",\n password: \"#S1ncerely\",\n size: \"Small\",\n vpcSettings: {\n vpcId: exampleVpc.id,\n subnetIds: [\n exampleA.id,\n exampleB.id,\n ],\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nworkspaces = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"sts:AssumeRole\"],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"Service\",\n identifiers=[\"workspaces.amazonaws.com\"],\n )],\n)])\nworkspaces_default = aws.iam.Role(\"workspacesDefault\", assume_role_policy=workspaces.json)\nworkspaces_default_service_access = aws.iam.RolePolicyAttachment(\"workspacesDefaultServiceAccess\",\n role=workspaces_default.name,\n policy_arn=\"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\")\nworkspaces_default_self_service_access = aws.iam.RolePolicyAttachment(\"workspacesDefaultSelfServiceAccess\",\n role=workspaces_default.name,\n policy_arn=\"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\")\nexample_vpc = aws.ec2.Vpc(\"exampleVpc\", cidr_block=\"10.0.0.0/16\")\nexample_c = aws.ec2.Subnet(\"exampleC\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1c\",\n cidr_block=\"10.0.2.0/24\")\nexample_d = aws.ec2.Subnet(\"exampleD\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1d\",\n cidr_block=\"10.0.3.0/24\")\nexample_directory = aws.workspaces.Directory(\"exampleDirectory\",\n directory_id=example_directoryservice / directory_directory[\"id\"],\n subnet_ids=[\n example_c.id,\n example_d.id,\n ],\n tags={\n \"Example\": \"true\",\n },\n self_service_permissions=aws.workspaces.DirectorySelfServicePermissionsArgs(\n change_compute_type=True,\n increase_volume_size=True,\n rebuild_workspace=True,\n restart_workspace=True,\n switch_running_mode=True,\n ),\n workspace_access_properties=aws.workspaces.DirectoryWorkspaceAccessPropertiesArgs(\n device_type_android=\"ALLOW\",\n device_type_chromeos=\"ALLOW\",\n device_type_ios=\"ALLOW\",\n device_type_osx=\"ALLOW\",\n device_type_web=\"DENY\",\n device_type_windows=\"DENY\",\n device_type_zeroclient=\"DENY\",\n ),\n workspace_creation_properties=aws.workspaces.DirectoryWorkspaceCreationPropertiesArgs(\n custom_security_group_id=aws_security_group[\"example\"][\"id\"],\n default_ou=\"OU=AWS,DC=Workgroup,DC=Example,DC=com\",\n enable_internet_access=True,\n enable_maintenance_mode=True,\n user_enabled_as_local_administrator=True,\n ),\n opts=pulumi.ResourceOptions(depends_on=[\n workspaces_default_service_access,\n workspaces_default_self_service_access,\n ]))\nexample_a = aws.ec2.Subnet(\"exampleA\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1a\",\n cidr_block=\"10.0.0.0/24\")\nexample_b = aws.ec2.Subnet(\"exampleB\",\n vpc_id=example_vpc.id,\n availability_zone=\"us-east-1b\",\n cidr_block=\"10.0.1.0/24\")\nexample_directoryservice_directory_directory = aws.directoryservice.Directory(\"exampleDirectoryservice/directoryDirectory\",\n name=\"corp.example.com\",\n password=\"#S1ncerely\",\n size=\"Small\",\n vpc_settings=aws.directoryservice.DirectoryVpcSettingsArgs(\n vpc_id=example_vpc.id,\n subnet_ids=[\n example_a.id,\n example_b.id,\n ],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var workspaces = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"sts:AssumeRole\",\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"Service\",\n Identifiers = \n {\n \"workspaces.amazonaws.com\",\n },\n },\n },\n },\n },\n }));\n var workspacesDefault = new Aws.Iam.Role(\"workspacesDefault\", new Aws.Iam.RoleArgs\n {\n AssumeRolePolicy = workspaces.Apply(workspaces => workspaces.Json),\n });\n var workspacesDefaultServiceAccess = new Aws.Iam.RolePolicyAttachment(\"workspacesDefaultServiceAccess\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = workspacesDefault.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\",\n });\n var workspacesDefaultSelfServiceAccess = new Aws.Iam.RolePolicyAttachment(\"workspacesDefaultSelfServiceAccess\", new Aws.Iam.RolePolicyAttachmentArgs\n {\n Role = workspacesDefault.Name,\n PolicyArn = \"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\",\n });\n var exampleVpc = new Aws.Ec2.Vpc(\"exampleVpc\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n var exampleC = new Aws.Ec2.Subnet(\"exampleC\", new Aws.Ec2.SubnetArgs\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1c\",\n CidrBlock = \"10.0.2.0/24\",\n });\n var exampleD = new Aws.Ec2.Subnet(\"exampleD\", new Aws.Ec2.SubnetArgs\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1d\",\n CidrBlock = \"10.0.3.0/24\",\n });\n var exampleDirectory = new Aws.Workspaces.Directory(\"exampleDirectory\", new Aws.Workspaces.DirectoryArgs\n {\n DirectoryId = exampleDirectoryservice / directoryDirectory.Id,\n SubnetIds = \n {\n exampleC.Id,\n exampleD.Id,\n },\n Tags = \n {\n { \"Example\", \"true\" },\n },\n SelfServicePermissions = new Aws.Workspaces.Inputs.DirectorySelfServicePermissionsArgs\n {\n ChangeComputeType = true,\n IncreaseVolumeSize = true,\n RebuildWorkspace = true,\n RestartWorkspace = true,\n SwitchRunningMode = true,\n },\n WorkspaceAccessProperties = new Aws.Workspaces.Inputs.DirectoryWorkspaceAccessPropertiesArgs\n {\n DeviceTypeAndroid = \"ALLOW\",\n DeviceTypeChromeos = \"ALLOW\",\n DeviceTypeIos = \"ALLOW\",\n DeviceTypeOsx = \"ALLOW\",\n DeviceTypeWeb = \"DENY\",\n DeviceTypeWindows = \"DENY\",\n DeviceTypeZeroclient = \"DENY\",\n },\n WorkspaceCreationProperties = new Aws.Workspaces.Inputs.DirectoryWorkspaceCreationPropertiesArgs\n {\n CustomSecurityGroupId = aws_security_group.Example.Id,\n DefaultOu = \"OU=AWS,DC=Workgroup,DC=Example,DC=com\",\n EnableInternetAccess = true,\n EnableMaintenanceMode = true,\n UserEnabledAsLocalAdministrator = true,\n },\n }, new CustomResourceOptions\n {\n DependsOn = \n {\n workspacesDefaultServiceAccess,\n workspacesDefaultSelfServiceAccess,\n },\n });\n var exampleA = new Aws.Ec2.Subnet(\"exampleA\", new Aws.Ec2.SubnetArgs\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1a\",\n CidrBlock = \"10.0.0.0/24\",\n });\n var exampleB = new Aws.Ec2.Subnet(\"exampleB\", new Aws.Ec2.SubnetArgs\n {\n VpcId = exampleVpc.Id,\n AvailabilityZone = \"us-east-1b\",\n CidrBlock = \"10.0.1.0/24\",\n });\n var exampleDirectoryservice_directoryDirectory = new Aws.DirectoryService.Directory(\"exampleDirectoryservice/directoryDirectory\", new Aws.DirectoryService.DirectoryArgs\n {\n Name = \"corp.example.com\",\n Password = \"#S1ncerely\",\n Size = \"Small\",\n VpcSettings = new Aws.DirectoryService.Inputs.DirectoryVpcSettingsArgs\n {\n VpcId = exampleVpc.Id,\n SubnetIds = \n {\n exampleA.Id,\n exampleB.Id,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tworkspaces, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"workspaces.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkspacesDefault, err := iam.NewRole(ctx, \"workspacesDefault\", &iam.RoleArgs{\n\t\t\tAssumeRolePolicy: pulumi.String(workspaces.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkspacesDefaultServiceAccess, err := iam.NewRolePolicyAttachment(ctx, \"workspacesDefaultServiceAccess\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: workspacesDefault.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonWorkSpacesServiceAccess\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tworkspacesDefaultSelfServiceAccess, err := iam.NewRolePolicyAttachment(ctx, \"workspacesDefaultSelfServiceAccess\", &iam.RolePolicyAttachmentArgs{\n\t\t\tRole: workspacesDefault.Name,\n\t\t\tPolicyArn: pulumi.String(\"arn:aws:iam::aws:policy/AmazonWorkSpacesSelfServiceAccess\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleVpc, err := ec2.NewVpc(ctx, \"exampleVpc\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleC, err := ec2.NewSubnet(ctx, \"exampleC\", &ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1c\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.2.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleD, err := ec2.NewSubnet(ctx, \"exampleD\", &ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1d\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.3.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workspaces.NewDirectory(ctx, \"exampleDirectory\", &workspaces.DirectoryArgs{\n\t\t\tDirectoryId: exampleDirectoryservice / directoryDirectory.Id,\n\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\texampleC.ID(),\n\t\t\t\texampleD.ID(),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Example\": pulumi.String(\"true\"),\n\t\t\t},\n\t\t\tSelfServicePermissions: &workspaces.DirectorySelfServicePermissionsArgs{\n\t\t\t\tChangeComputeType: pulumi.Bool(true),\n\t\t\t\tIncreaseVolumeSize: pulumi.Bool(true),\n\t\t\t\tRebuildWorkspace: pulumi.Bool(true),\n\t\t\t\tRestartWorkspace: pulumi.Bool(true),\n\t\t\t\tSwitchRunningMode: pulumi.Bool(true),\n\t\t\t},\n\t\t\tWorkspaceAccessProperties: &workspaces.DirectoryWorkspaceAccessPropertiesArgs{\n\t\t\t\tDeviceTypeAndroid: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeChromeos: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeIos: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeOsx: pulumi.String(\"ALLOW\"),\n\t\t\t\tDeviceTypeWeb: pulumi.String(\"DENY\"),\n\t\t\t\tDeviceTypeWindows: pulumi.String(\"DENY\"),\n\t\t\t\tDeviceTypeZeroclient: pulumi.String(\"DENY\"),\n\t\t\t},\n\t\t\tWorkspaceCreationProperties: &workspaces.DirectoryWorkspaceCreationPropertiesArgs{\n\t\t\t\tCustomSecurityGroupId: pulumi.Any(aws_security_group.Example.Id),\n\t\t\t\tDefaultOu: pulumi.String(\"OU=AWS,DC=Workgroup,DC=Example,DC=com\"),\n\t\t\t\tEnableInternetAccess: pulumi.Bool(true),\n\t\t\t\tEnableMaintenanceMode: pulumi.Bool(true),\n\t\t\t\tUserEnabledAsLocalAdministrator: pulumi.Bool(true),\n\t\t\t},\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\tworkspacesDefaultServiceAccess,\n\t\t\tworkspacesDefaultSelfServiceAccess,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleA, err := ec2.NewSubnet(ctx, \"exampleA\", &ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1a\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\texampleB, err := ec2.NewSubnet(ctx, \"exampleB\", &ec2.SubnetArgs{\n\t\t\tVpcId: exampleVpc.ID(),\n\t\t\tAvailabilityZone: pulumi.String(\"us-east-1b\"),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = directoryservice.NewDirectory(ctx, \"exampleDirectoryservice_directoryDirectory\", &directoryservice.DirectoryArgs{\n\t\t\tName: pulumi.String(\"corp.example.com\"),\n\t\t\tPassword: pulumi.String(\"#S1ncerely\"),\n\t\t\tSize: pulumi.String(\"Small\"),\n\t\t\tVpcSettings: &directoryservice.DirectoryVpcSettingsArgs{\n\t\t\t\tVpcId: exampleVpc.ID(),\n\t\t\t\tSubnetIds: pulumi.StringArray{\n\t\t\t\t\texampleA.ID(),\n\t\t\t\t\texampleB.ID(),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### IP Groups\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleIpGroup = new aws.workspaces.IpGroup(\"exampleIpGroup\", {});\nconst exampleDirectory = new aws.workspaces.Directory(\"exampleDirectory\", {\n directoryId: aws_directory_service_directory.example.id,\n ipGroupIds: [exampleIpGroup.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_ip_group = aws.workspaces.IpGroup(\"exampleIpGroup\")\nexample_directory = aws.workspaces.Directory(\"exampleDirectory\",\n directory_id=aws_directory_service_directory[\"example\"][\"id\"],\n ip_group_ids=[example_ip_group.id])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleIpGroup = new Aws.Workspaces.IpGroup(\"exampleIpGroup\", new Aws.Workspaces.IpGroupArgs\n {\n });\n var exampleDirectory = new Aws.Workspaces.Directory(\"exampleDirectory\", new Aws.Workspaces.DirectoryArgs\n {\n DirectoryId = aws_directory_service_directory.Example.Id,\n IpGroupIds = \n {\n exampleIpGroup.Id,\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleIpGroup, err := workspaces.NewIpGroup(ctx, \"exampleIpGroup\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workspaces.NewDirectory(ctx, \"exampleDirectory\", &workspaces.DirectoryArgs{\n\t\t\tDirectoryId: pulumi.Any(aws_directory_service_directory.Example.Id),\n\t\t\tIpGroupIds: pulumi.StringArray{\n\t\t\t\texampleIpGroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWorkspaces directory can be imported using the directory ID, e.g.\n\n```sh\n $ pulumi import aws:workspaces/directory:Directory main d-4444444444\n```\n\n ", + "properties": { + "alias": { + "type": "string", + "description": "The directory alias.\n" + }, + "customerUserName": { + "type": "string", + "description": "The user name for the service account.\n" + }, + "directoryId": { + "type": "string", + "description": "The directory identifier for registration in WorkSpaces service.\n" + }, + "directoryName": { + "type": "string", + "description": "The name of the directory.\n" + }, + "directoryType": { + "type": "string", + "description": "The directory type.\n" + }, + "dnsIpAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IP addresses of the DNS servers for the directory.\n" + }, + "iamRoleId": { + "type": "string", + "description": "The identifier of the IAM role. This is the role that allows Amazon WorkSpaces to make calls to other services, such as Amazon EC2, on your behalf.\n" + }, + "ipGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the IP access control groups associated with the directory.\n" + }, + "registrationCode": { + "type": "string", + "description": "The registration code for the directory. This is the code that users enter in their Amazon WorkSpaces client application to connect to the directory.\n" + }, + "selfServicePermissions": { + "$ref": "#/types/aws:workspaces/DirectorySelfServicePermissions:DirectorySelfServicePermissions", + "description": "Permissions to enable or disable self-service capabilities. Defined below.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the subnets where the directory resides.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the WorkSpaces directory. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "workspaceAccessProperties": { + "$ref": "#/types/aws:workspaces/DirectoryWorkspaceAccessProperties:DirectoryWorkspaceAccessProperties", + "description": "Specifies which devices and operating systems users can use to access their WorkSpaces. Defined below.\n" + }, + "workspaceCreationProperties": { + "$ref": "#/types/aws:workspaces/DirectoryWorkspaceCreationProperties:DirectoryWorkspaceCreationProperties", + "description": "Default properties that are used for creating WorkSpaces. Defined below.\n" + }, + "workspaceSecurityGroupId": { + "type": "string", + "description": "The identifier of the security group that is assigned to new WorkSpaces.\n" + } + }, + "required": [ + "alias", + "customerUserName", + "directoryId", + "directoryName", + "directoryType", + "dnsIpAddresses", + "iamRoleId", + "ipGroupIds", + "registrationCode", + "selfServicePermissions", + "subnetIds", + "tagsAll", + "workspaceAccessProperties", + "workspaceCreationProperties", + "workspaceSecurityGroupId" + ], + "inputProperties": { + "directoryId": { + "type": "string", + "description": "The directory identifier for registration in WorkSpaces service.\n" + }, + "ipGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the IP access control groups associated with the directory.\n" + }, + "selfServicePermissions": { + "$ref": "#/types/aws:workspaces/DirectorySelfServicePermissions:DirectorySelfServicePermissions", + "description": "Permissions to enable or disable self-service capabilities. Defined below.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the subnets where the directory resides.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the WorkSpaces directory. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "workspaceAccessProperties": { + "$ref": "#/types/aws:workspaces/DirectoryWorkspaceAccessProperties:DirectoryWorkspaceAccessProperties", + "description": "Specifies which devices and operating systems users can use to access their WorkSpaces. Defined below.\n" + }, + "workspaceCreationProperties": { + "$ref": "#/types/aws:workspaces/DirectoryWorkspaceCreationProperties:DirectoryWorkspaceCreationProperties", + "description": "Default properties that are used for creating WorkSpaces. Defined below.\n" + } + }, + "requiredInputs": [ + "directoryId" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Directory resources.\n", + "properties": { + "alias": { + "type": "string", + "description": "The directory alias.\n" + }, + "customerUserName": { + "type": "string", + "description": "The user name for the service account.\n" + }, + "directoryId": { + "type": "string", + "description": "The directory identifier for registration in WorkSpaces service.\n" + }, + "directoryName": { + "type": "string", + "description": "The name of the directory.\n" + }, + "directoryType": { + "type": "string", + "description": "The directory type.\n" + }, + "dnsIpAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IP addresses of the DNS servers for the directory.\n" + }, + "iamRoleId": { + "type": "string", + "description": "The identifier of the IAM role. This is the role that allows Amazon WorkSpaces to make calls to other services, such as Amazon EC2, on your behalf.\n" + }, + "ipGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the IP access control groups associated with the directory.\n" + }, + "registrationCode": { + "type": "string", + "description": "The registration code for the directory. This is the code that users enter in their Amazon WorkSpaces client application to connect to the directory.\n" + }, + "selfServicePermissions": { + "$ref": "#/types/aws:workspaces/DirectorySelfServicePermissions:DirectorySelfServicePermissions", + "description": "Permissions to enable or disable self-service capabilities. Defined below.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the subnets where the directory resides.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the WorkSpaces directory. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "workspaceAccessProperties": { + "$ref": "#/types/aws:workspaces/DirectoryWorkspaceAccessProperties:DirectoryWorkspaceAccessProperties", + "description": "Specifies which devices and operating systems users can use to access their WorkSpaces. Defined below.\n" + }, + "workspaceCreationProperties": { + "$ref": "#/types/aws:workspaces/DirectoryWorkspaceCreationProperties:DirectoryWorkspaceCreationProperties", + "description": "Default properties that are used for creating WorkSpaces. Defined below.\n" + }, + "workspaceSecurityGroupId": { + "type": "string", + "description": "The identifier of the security group that is assigned to new WorkSpaces.\n" + } + }, + "type": "object" + } + }, + "aws:workspaces/ipGroup:IpGroup": { + "description": "Provides an IP access control group in AWS WorkSpaces Service\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst contractors = new aws.workspaces.IpGroup(\"contractors\", {\n description: \"Contractors IP access control group\",\n rules: [\n {\n description: \"NY\",\n source: \"150.24.14.0/24\",\n },\n {\n description: \"LA\",\n source: \"125.191.14.85/32\",\n },\n {\n description: \"STL\",\n source: \"44.98.100.0/24\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncontractors = aws.workspaces.IpGroup(\"contractors\",\n description=\"Contractors IP access control group\",\n rules=[\n aws.workspaces.IpGroupRuleArgs(\n description=\"NY\",\n source=\"150.24.14.0/24\",\n ),\n aws.workspaces.IpGroupRuleArgs(\n description=\"LA\",\n source=\"125.191.14.85/32\",\n ),\n aws.workspaces.IpGroupRuleArgs(\n description=\"STL\",\n source=\"44.98.100.0/24\",\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var contractors = new Aws.Workspaces.IpGroup(\"contractors\", new Aws.Workspaces.IpGroupArgs\n {\n Description = \"Contractors IP access control group\",\n Rules = \n {\n new Aws.Workspaces.Inputs.IpGroupRuleArgs\n {\n Description = \"NY\",\n Source = \"150.24.14.0/24\",\n },\n new Aws.Workspaces.Inputs.IpGroupRuleArgs\n {\n Description = \"LA\",\n Source = \"125.191.14.85/32\",\n },\n new Aws.Workspaces.Inputs.IpGroupRuleArgs\n {\n Description = \"STL\",\n Source = \"44.98.100.0/24\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := workspaces.NewIpGroup(ctx, \"contractors\", &workspaces.IpGroupArgs{\n\t\t\tDescription: pulumi.String(\"Contractors IP access control group\"),\n\t\t\tRules: workspaces.IpGroupRuleArray{\n\t\t\t\t&workspaces.IpGroupRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"NY\"),\n\t\t\t\t\tSource: pulumi.String(\"150.24.14.0/24\"),\n\t\t\t\t},\n\t\t\t\t&workspaces.IpGroupRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"LA\"),\n\t\t\t\t\tSource: pulumi.String(\"125.191.14.85/32\"),\n\t\t\t\t},\n\t\t\t\t&workspaces.IpGroupRuleArgs{\n\t\t\t\t\tDescription: pulumi.String(\"STL\"),\n\t\t\t\t\tSource: pulumi.String(\"44.98.100.0/24\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWorkSpaces IP groups can be imported using their GroupID, e.g.\n\n```sh\n $ pulumi import aws:workspaces/ipGroup:IpGroup example wsipg-488lrtl3k\n```\n\n ", + "properties": { + "description": { + "type": "string", + "description": "The description.\n" + }, + "name": { + "type": "string", + "description": "The name of the IP group.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:workspaces/IpGroupRule:IpGroupRule" + }, + "description": "One or more pairs specifying the IP group rule (in CIDR format) from which web requests originate.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the WorkSpaces directory. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "required": [ + "name", + "tagsAll" + ], + "inputProperties": { + "description": { + "type": "string", + "description": "The description.\n" + }, + "name": { + "type": "string", + "description": "The name of the IP group.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:workspaces/IpGroupRule:IpGroupRule" + }, + "description": "One or more pairs specifying the IP group rule (in CIDR format) from which web requests originate.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the WorkSpaces directory. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "stateInputs": { + "description": "Input properties used for looking up and filtering IpGroup resources.\n", + "properties": { + "description": { + "type": "string", + "description": "The description.\n" + }, + "name": { + "type": "string", + "description": "The name of the IP group.\n" + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/types/aws:workspaces/IpGroupRule:IpGroupRule" + }, + "description": "One or more pairs specifying the IP group rule (in CIDR format) from which web requests originate.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the WorkSpaces directory. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + } + }, + "type": "object" + } + }, + "aws:workspaces/workspace:Workspace": { + "description": "Provides a workspace in [AWS Workspaces](https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces.html) Service\n\n> **NOTE:** AWS WorkSpaces service requires [`workspaces_DefaultRole`](https://docs.aws.amazon.com/workspaces/latest/adminguide/workspaces-access-control.html#create-default-role) IAM role to operate normally.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst valueWindows10 = aws.workspaces.getBundle({\n bundleId: \"wsb-bh8rsxt14\",\n});\nconst example = new aws.workspaces.Workspace(\"example\", {\n directoryId: aws_workspaces_directory.example.id,\n bundleId: valueWindows10.then(valueWindows10 => valueWindows10.id),\n userName: \"john.doe\",\n rootVolumeEncryptionEnabled: true,\n userVolumeEncryptionEnabled: true,\n volumeEncryptionKey: \"alias/aws/workspaces\",\n workspaceProperties: {\n computeTypeName: \"VALUE\",\n userVolumeSizeGib: 10,\n rootVolumeSizeGib: 80,\n runningMode: \"AUTO_STOP\",\n runningModeAutoStopTimeoutInMinutes: 60,\n },\n tags: {\n Department: \"IT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nvalue_windows10 = aws.workspaces.get_bundle(bundle_id=\"wsb-bh8rsxt14\")\nexample = aws.workspaces.Workspace(\"example\",\n directory_id=aws_workspaces_directory[\"example\"][\"id\"],\n bundle_id=value_windows10.id,\n user_name=\"john.doe\",\n root_volume_encryption_enabled=True,\n user_volume_encryption_enabled=True,\n volume_encryption_key=\"alias/aws/workspaces\",\n workspace_properties=aws.workspaces.WorkspaceWorkspacePropertiesArgs(\n compute_type_name=\"VALUE\",\n user_volume_size_gib=10,\n root_volume_size_gib=80,\n running_mode=\"AUTO_STOP\",\n running_mode_auto_stop_timeout_in_minutes=60,\n ),\n tags={\n \"Department\": \"IT\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var valueWindows10 = Output.Create(Aws.Workspaces.GetBundle.InvokeAsync(new Aws.Workspaces.GetBundleArgs\n {\n BundleId = \"wsb-bh8rsxt14\",\n }));\n var example = new Aws.Workspaces.Workspace(\"example\", new Aws.Workspaces.WorkspaceArgs\n {\n DirectoryId = aws_workspaces_directory.Example.Id,\n BundleId = valueWindows10.Apply(valueWindows10 => valueWindows10.Id),\n UserName = \"john.doe\",\n RootVolumeEncryptionEnabled = true,\n UserVolumeEncryptionEnabled = true,\n VolumeEncryptionKey = \"alias/aws/workspaces\",\n WorkspaceProperties = new Aws.Workspaces.Inputs.WorkspaceWorkspacePropertiesArgs\n {\n ComputeTypeName = \"VALUE\",\n UserVolumeSizeGib = 10,\n RootVolumeSizeGib = 80,\n RunningMode = \"AUTO_STOP\",\n RunningModeAutoStopTimeoutInMinutes = 60,\n },\n Tags = \n {\n { \"Department\", \"IT\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"wsb-bh8rsxt14\"\n\t\tvalueWindows10, err := workspaces.GetBundle(ctx, &workspaces.GetBundleArgs{\n\t\t\tBundleId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = workspaces.NewWorkspace(ctx, \"example\", &workspaces.WorkspaceArgs{\n\t\t\tDirectoryId: pulumi.Any(aws_workspaces_directory.Example.Id),\n\t\t\tBundleId: pulumi.String(valueWindows10.Id),\n\t\t\tUserName: pulumi.String(\"john.doe\"),\n\t\t\tRootVolumeEncryptionEnabled: pulumi.Bool(true),\n\t\t\tUserVolumeEncryptionEnabled: pulumi.Bool(true),\n\t\t\tVolumeEncryptionKey: pulumi.String(\"alias/aws/workspaces\"),\n\t\t\tWorkspaceProperties: &workspaces.WorkspaceWorkspacePropertiesArgs{\n\t\t\t\tComputeTypeName: pulumi.String(\"VALUE\"),\n\t\t\t\tUserVolumeSizeGib: pulumi.Int(10),\n\t\t\t\tRootVolumeSizeGib: pulumi.Int(80),\n\t\t\t\tRunningMode: pulumi.String(\"AUTO_STOP\"),\n\t\t\t\tRunningModeAutoStopTimeoutInMinutes: pulumi.Int(60),\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Department\": pulumi.String(\"IT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nWorkspaces can be imported using their ID, e.g.\n\n```sh\n $ pulumi import aws:workspaces/workspace:Workspace example ws-9z9zmbkhv\n```\n\n ", + "properties": { + "bundleId": { + "type": "string", + "description": "The ID of the bundle for the WorkSpace.\n" + }, + "computerName": { + "type": "string", + "description": "The name of the WorkSpace, as seen by the operating system.\n" + }, + "directoryId": { + "type": "string", + "description": "The ID of the directory for the WorkSpace.\n" + }, + "ipAddress": { + "type": "string", + "description": "The IP address of the WorkSpace.\n" + }, + "rootVolumeEncryptionEnabled": { + "type": "boolean", + "description": "Indicates whether the data stored on the root volume is encrypted.\n" + }, + "state": { + "type": "string", + "description": "The operational state of the WorkSpace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags for the WorkSpace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userName": { + "type": "string", + "description": "The user name of the user for the WorkSpace. This user name must exist in the directory for the WorkSpace.\n" + }, + "userVolumeEncryptionEnabled": { + "type": "boolean", + "description": "Indicates whether the data stored on the user volume is encrypted.\n" + }, + "volumeEncryptionKey": { + "type": "string", + "description": "The symmetric AWS KMS customer master key (CMK) used to encrypt data stored on your WorkSpace. Amazon WorkSpaces does not support asymmetric CMKs.\n" + }, + "workspaceProperties": { + "$ref": "#/types/aws:workspaces/WorkspaceWorkspaceProperties:WorkspaceWorkspaceProperties", + "description": "The WorkSpace properties.\n" + } + }, + "required": [ + "bundleId", + "computerName", + "directoryId", + "ipAddress", + "state", + "tagsAll", + "userName", + "workspaceProperties" + ], + "inputProperties": { + "bundleId": { + "type": "string", + "description": "The ID of the bundle for the WorkSpace.\n" + }, + "directoryId": { + "type": "string", + "description": "The ID of the directory for the WorkSpace.\n" + }, + "rootVolumeEncryptionEnabled": { + "type": "boolean", + "description": "Indicates whether the data stored on the root volume is encrypted.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags for the WorkSpace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userName": { + "type": "string", + "description": "The user name of the user for the WorkSpace. This user name must exist in the directory for the WorkSpace.\n" + }, + "userVolumeEncryptionEnabled": { + "type": "boolean", + "description": "Indicates whether the data stored on the user volume is encrypted.\n" + }, + "volumeEncryptionKey": { + "type": "string", + "description": "The symmetric AWS KMS customer master key (CMK) used to encrypt data stored on your WorkSpace. Amazon WorkSpaces does not support asymmetric CMKs.\n" + }, + "workspaceProperties": { + "$ref": "#/types/aws:workspaces/WorkspaceWorkspaceProperties:WorkspaceWorkspaceProperties", + "description": "The WorkSpace properties.\n" + } + }, + "requiredInputs": [ + "bundleId", + "directoryId", + "userName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Workspace resources.\n", + "properties": { + "bundleId": { + "type": "string", + "description": "The ID of the bundle for the WorkSpace.\n" + }, + "computerName": { + "type": "string", + "description": "The name of the WorkSpace, as seen by the operating system.\n" + }, + "directoryId": { + "type": "string", + "description": "The ID of the directory for the WorkSpace.\n" + }, + "ipAddress": { + "type": "string", + "description": "The IP address of the WorkSpace.\n" + }, + "rootVolumeEncryptionEnabled": { + "type": "boolean", + "description": "Indicates whether the data stored on the root volume is encrypted.\n" + }, + "state": { + "type": "string", + "description": "The operational state of the WorkSpace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags for the WorkSpace. .If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider .\n" + }, + "userName": { + "type": "string", + "description": "The user name of the user for the WorkSpace. This user name must exist in the directory for the WorkSpace.\n" + }, + "userVolumeEncryptionEnabled": { + "type": "boolean", + "description": "Indicates whether the data stored on the user volume is encrypted.\n" + }, + "volumeEncryptionKey": { + "type": "string", + "description": "The symmetric AWS KMS customer master key (CMK) used to encrypt data stored on your WorkSpace. Amazon WorkSpaces does not support asymmetric CMKs.\n" + }, + "workspaceProperties": { + "$ref": "#/types/aws:workspaces/WorkspaceWorkspaceProperties:WorkspaceWorkspaceProperties", + "description": "The WorkSpace properties.\n" + } + }, + "type": "object" + } + }, + "aws:xray/encryptionConfig:EncryptionConfig": { + "description": "Creates and manages an AWS XRay Encryption Config.\n\n> **NOTE:** Removing this resource from the provider has no effect to the encryption configuration within X-Ray.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.xray.EncryptionConfig(\"example\", {\n type: \"NONE\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.xray.EncryptionConfig(\"example\", type=\"NONE\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Xray.EncryptionConfig(\"example\", new Aws.Xray.EncryptionConfigArgs\n {\n Type = \"NONE\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/xray\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := xray.NewEncryptionConfig(ctx, \"example\", &xray.EncryptionConfigArgs{\n\t\t\tType: pulumi.String(\"NONE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n{{% /example %}}\n{{% example %}}\n### With KMS Key\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleKey = new aws.kms.Key(\"exampleKey\", {\n description: \"Some Key\",\n deletionWindowInDays: 7,\n policy: `{\n \"Version\": \"2012-10-17\",\n \"Id\": \"kms-tf-1\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n`,\n});\nconst exampleEncryptionConfig = new aws.xray.EncryptionConfig(\"exampleEncryptionConfig\", {\n type: \"KMS\",\n keyId: exampleKey.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_key = aws.kms.Key(\"exampleKey\",\n description=\"Some Key\",\n deletion_window_in_days=7,\n policy=\"\"\"{\n \"Version\": \"2012-10-17\",\n \"Id\": \"kms-tf-1\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"*\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n }\n ]\n}\n\"\"\")\nexample_encryption_config = aws.xray.EncryptionConfig(\"exampleEncryptionConfig\",\n type=\"KMS\",\n key_id=example_key.arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleKey = new Aws.Kms.Key(\"exampleKey\", new Aws.Kms.KeyArgs\n {\n Description = \"Some Key\",\n DeletionWindowInDays = 7,\n Policy = @\"{\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Id\"\": \"\"kms-tf-1\"\",\n \"\"Statement\"\": [\n {\n \"\"Sid\"\": \"\"Enable IAM User Permissions\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {\n \"\"AWS\"\": \"\"*\"\"\n },\n \"\"Action\"\": \"\"kms:*\"\",\n \"\"Resource\"\": \"\"*\"\"\n }\n ]\n}\n\",\n });\n var exampleEncryptionConfig = new Aws.Xray.EncryptionConfig(\"exampleEncryptionConfig\", new Aws.Xray.EncryptionConfigArgs\n {\n Type = \"KMS\",\n KeyId = exampleKey.Arn,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/xray\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleKey, err := kms.NewKey(ctx, \"exampleKey\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"Some Key\"),\n\t\t\tDeletionWindowInDays: pulumi.Int(7),\n\t\t\tPolicy: pulumi.String(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Id\\\": \\\"kms-tf-1\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"Enable IAM User Permissions\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": \\\"*\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"kms:*\\\",\\n\", \" \\\"Resource\\\": \\\"*\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = xray.NewEncryptionConfig(ctx, \"exampleEncryptionConfig\", &xray.EncryptionConfigArgs{\n\t\t\tType: pulumi.String(\"KMS\"),\n\t\t\tKeyId: exampleKey.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nXRay Encryption Config can be imported using the region name, e.g.\n\n```sh\n $ pulumi import aws:xray/encryptionConfig:EncryptionConfig example us-west-2\n```\n\n ", + "properties": { + "keyId": { + "type": "string", + "description": "An AWS KMS customer master key (CMK) ARN.\n" + }, + "type": { + "type": "string", + "description": "The type of encryption. Set to `KMS` to use your own key for encryption. Set to `NONE` for default encryption.\n" + } + }, + "required": [ + "type" + ], + "inputProperties": { + "keyId": { + "type": "string", + "description": "An AWS KMS customer master key (CMK) ARN.\n" + }, + "type": { + "type": "string", + "description": "The type of encryption. Set to `KMS` to use your own key for encryption. Set to `NONE` for default encryption.\n" + } + }, + "requiredInputs": [ + "type" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering EncryptionConfig resources.\n", + "properties": { + "keyId": { + "type": "string", + "description": "An AWS KMS customer master key (CMK) ARN.\n" + }, + "type": { + "type": "string", + "description": "The type of encryption. Set to `KMS` to use your own key for encryption. Set to `NONE` for default encryption.\n" + } + }, + "type": "object" + } + }, + "aws:xray/group:Group": { + "description": "Creates and manages an AWS XRay Group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.xray.Group(\"example\", {\n filterExpression: \"responsetime > 5\",\n groupName: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.xray.Group(\"example\",\n filter_expression=\"responsetime > 5\",\n group_name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Xray.Group(\"example\", new Aws.Xray.GroupArgs\n {\n FilterExpression = \"responsetime > 5\",\n GroupName = \"example\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/xray\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := xray.NewGroup(ctx, \"example\", &xray.GroupArgs{\n\t\t\tFilterExpression: pulumi.String(\"responsetime > 5\"),\n\t\t\tGroupName: pulumi.String(\"example\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nXRay Groups can be imported using the ARN, e.g.\n\n```sh\n $ pulumi import aws:xray/group:Group example arn:aws:xray:us-west-2:1234567890:group/example-group/TNGX7SW5U6QY36T4ZMOUA3HVLBYCZTWDIOOXY3CJAXTHSS3YCWUA\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Group.\n" + }, + "filterExpression": { + "type": "string", + "description": "The filter expression defining criteria by which to group traces. more info can be found in official [docs](https://docs.aws.amazon.com/xray/latest/devguide/xray-console-filters.html).\n" + }, + "groupName": { + "type": "string", + "description": "The name of the group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "arn", + "filterExpression", + "groupName", + "tagsAll" + ], + "inputProperties": { + "filterExpression": { + "type": "string", + "description": "The filter expression defining criteria by which to group traces. more info can be found in official [docs](https://docs.aws.amazon.com/xray/latest/devguide/xray-console-filters.html).\n" + }, + "groupName": { + "type": "string", + "description": "The name of the group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "requiredInputs": [ + "filterExpression", + "groupName" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering Group resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Group.\n" + }, + "filterExpression": { + "type": "string", + "description": "The filter expression defining criteria by which to group traces. more info can be found in official [docs](https://docs.aws.amazon.com/xray/latest/devguide/xray-console-filters.html).\n" + }, + "groupName": { + "type": "string", + "description": "The name of the group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + } + }, + "aws:xray/samplingRule:SamplingRule": { + "description": "Creates and manages an AWS XRay Sampling Rule.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.xray.SamplingRule(\"example\", {\n attributes: {\n Hello: \"Tris\",\n },\n fixedRate: 0.05,\n host: \"*\",\n httpMethod: \"*\",\n priority: 10000,\n reservoirSize: 1,\n resourceArn: \"*\",\n ruleName: \"example\",\n serviceName: \"*\",\n serviceType: \"*\",\n urlPath: \"*\",\n version: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.xray.SamplingRule(\"example\",\n attributes={\n \"Hello\": \"Tris\",\n },\n fixed_rate=0.05,\n host=\"*\",\n http_method=\"*\",\n priority=10000,\n reservoir_size=1,\n resource_arn=\"*\",\n rule_name=\"example\",\n service_name=\"*\",\n service_type=\"*\",\n url_path=\"*\",\n version=1)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = new Aws.Xray.SamplingRule(\"example\", new Aws.Xray.SamplingRuleArgs\n {\n Attributes = \n {\n { \"Hello\", \"Tris\" },\n },\n FixedRate = 0.05,\n Host = \"*\",\n HttpMethod = \"*\",\n Priority = 10000,\n ReservoirSize = 1,\n ResourceArn = \"*\",\n RuleName = \"example\",\n ServiceName = \"*\",\n ServiceType = \"*\",\n UrlPath = \"*\",\n Version = 1,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/xray\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := xray.NewSamplingRule(ctx, \"example\", &xray.SamplingRuleArgs{\n\t\t\tAttributes: pulumi.StringMap{\n\t\t\t\t\"Hello\": pulumi.String(\"Tris\"),\n\t\t\t},\n\t\t\tFixedRate: pulumi.Float64(0.05),\n\t\t\tHost: pulumi.String(\"*\"),\n\t\t\tHttpMethod: pulumi.String(\"*\"),\n\t\t\tPriority: pulumi.Int(10000),\n\t\t\tReservoirSize: pulumi.Int(1),\n\t\t\tResourceArn: pulumi.String(\"*\"),\n\t\t\tRuleName: pulumi.String(\"example\"),\n\t\t\tServiceName: pulumi.String(\"*\"),\n\t\t\tServiceType: pulumi.String(\"*\"),\n\t\t\tUrlPath: pulumi.String(\"*\"),\n\t\t\tVersion: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n\n## Import\n\nXRay Sampling Rules can be imported using the name, e.g.\n\n```sh\n $ pulumi import aws:xray/samplingRule:SamplingRule example example\n```\n\n ", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the sampling rule.\n" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Matches attributes derived from the request.\n" + }, + "fixedRate": { + "type": "number", + "description": "The percentage of matching requests to instrument, after the reservoir is exhausted.\n" + }, + "host": { + "type": "string", + "description": "Matches the hostname from a request URL.\n" + }, + "httpMethod": { + "type": "string", + "description": "Matches the HTTP method of a request.\n" + }, + "priority": { + "type": "integer", + "description": "The priority of the sampling rule.\n" + }, + "reservoirSize": { + "type": "integer", + "description": "A fixed number of matching requests to instrument per second, prior to applying the fixed rate. The reservoir is not used directly by services, but applies to all services using the rule collectively.\n" + }, + "resourceArn": { + "type": "string", + "description": "Matches the ARN of the AWS resource on which the service runs.\n" + }, + "ruleName": { + "type": "string", + "description": "The name of the sampling rule.\n" + }, + "serviceName": { + "type": "string", + "description": "Matches the `name` that the service uses to identify itself in segments.\n" + }, + "serviceType": { + "type": "string", + "description": "Matches the `origin` that the service uses to identify its type in segments.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "urlPath": { + "type": "string", + "description": "Matches the path from a request URL.\n" + }, + "version": { + "type": "integer", + "description": "The version of the sampling rule format (`1` )\n" + } + }, + "required": [ + "arn", + "fixedRate", + "host", + "httpMethod", + "priority", + "reservoirSize", + "resourceArn", + "serviceName", + "serviceType", + "tagsAll", + "urlPath", + "version" + ], + "inputProperties": { + "attributes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Matches attributes derived from the request.\n" + }, + "fixedRate": { + "type": "number", + "description": "The percentage of matching requests to instrument, after the reservoir is exhausted.\n" + }, + "host": { + "type": "string", + "description": "Matches the hostname from a request URL.\n" + }, + "httpMethod": { + "type": "string", + "description": "Matches the HTTP method of a request.\n" + }, + "priority": { + "type": "integer", + "description": "The priority of the sampling rule.\n" + }, + "reservoirSize": { + "type": "integer", + "description": "A fixed number of matching requests to instrument per second, prior to applying the fixed rate. The reservoir is not used directly by services, but applies to all services using the rule collectively.\n" + }, + "resourceArn": { + "type": "string", + "description": "Matches the ARN of the AWS resource on which the service runs.\n" + }, + "ruleName": { + "type": "string", + "description": "The name of the sampling rule.\n" + }, + "serviceName": { + "type": "string", + "description": "Matches the `name` that the service uses to identify itself in segments.\n" + }, + "serviceType": { + "type": "string", + "description": "Matches the `origin` that the service uses to identify its type in segments.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "urlPath": { + "type": "string", + "description": "Matches the path from a request URL.\n" + }, + "version": { + "type": "integer", + "description": "The version of the sampling rule format (`1` )\n" + } + }, + "requiredInputs": [ + "fixedRate", + "host", + "httpMethod", + "priority", + "reservoirSize", + "resourceArn", + "serviceName", + "serviceType", + "urlPath", + "version" + ], + "stateInputs": { + "description": "Input properties used for looking up and filtering SamplingRule resources.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the sampling rule.\n" + }, + "attributes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Matches attributes derived from the request.\n" + }, + "fixedRate": { + "type": "number", + "description": "The percentage of matching requests to instrument, after the reservoir is exhausted.\n" + }, + "host": { + "type": "string", + "description": "Matches the hostname from a request URL.\n" + }, + "httpMethod": { + "type": "string", + "description": "Matches the HTTP method of a request.\n" + }, + "priority": { + "type": "integer", + "description": "The priority of the sampling rule.\n" + }, + "reservoirSize": { + "type": "integer", + "description": "A fixed number of matching requests to instrument per second, prior to applying the fixed rate. The reservoir is not used directly by services, but applies to all services using the rule collectively.\n" + }, + "resourceArn": { + "type": "string", + "description": "Matches the ARN of the AWS resource on which the service runs.\n" + }, + "ruleName": { + "type": "string", + "description": "The name of the sampling rule.\n" + }, + "serviceName": { + "type": "string", + "description": "Matches the `name` that the service uses to identify itself in segments.\n" + }, + "serviceType": { + "type": "string", + "description": "Matches the `origin` that the service uses to identify its type in segments.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.\n" + }, + "tagsAll": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.\n" + }, + "urlPath": { + "type": "string", + "description": "Matches the path from a request URL.\n" + }, + "version": { + "type": "integer", + "description": "The version of the sampling rule format (`1` )\n" + } + }, + "type": "object" + } + } + }, + "functions": { + "aws:acm/getCertificate:getCertificate": { + "description": "Use this data source to get the ARN of a certificate in AWS Certificate\nManager (ACM), you can reference\nit by domain without having to hard code the ARNs as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\n// Find a certificate that is issued\nconst issued = pulumi.output(aws.acm.getCertificate({\n domain: \"tf.example.com\",\n statuses: [\"ISSUED\"],\n}));\n// Find a certificate issued by (not imported into) ACM\nconst amazonIssued = pulumi.output(aws.acm.getCertificate({\n domain: \"tf.example.com\",\n mostRecent: true,\n types: [\"AMAZON_ISSUED\"],\n}));\n// Find a RSA 4096 bit certificate\nconst rsa4096 = pulumi.output(aws.acm.getCertificate({\n domain: \"tf.example.com\",\n keyTypes: [\"RSA_4096\"],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nissued = aws.acm.get_certificate(domain=\"tf.example.com\",\n statuses=[\"ISSUED\"])\namazon_issued = aws.acm.get_certificate(domain=\"tf.example.com\",\n most_recent=True,\n types=[\"AMAZON_ISSUED\"])\nrsa4096 = aws.acm.get_certificate(domain=\"tf.example.com\",\n key_types=[\"RSA_4096\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var issued = Output.Create(Aws.Acm.GetCertificate.InvokeAsync(new Aws.Acm.GetCertificateArgs\n {\n Domain = \"tf.example.com\",\n Statuses = \n {\n \"ISSUED\",\n },\n }));\n var amazonIssued = Output.Create(Aws.Acm.GetCertificate.InvokeAsync(new Aws.Acm.GetCertificateArgs\n {\n Domain = \"tf.example.com\",\n MostRecent = true,\n Types = \n {\n \"AMAZON_ISSUED\",\n },\n }));\n var rsa4096 = Output.Create(Aws.Acm.GetCertificate.InvokeAsync(new Aws.Acm.GetCertificateArgs\n {\n Domain = \"tf.example.com\",\n KeyTypes = \n {\n \"RSA_4096\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{\n\t\t\tDomain: \"tf.example.com\",\n\t\t\tStatuses: []string{\n\t\t\t\t\"ISSUED\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt0 := true\n\t\t_, err = acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{\n\t\t\tDomain: \"tf.example.com\",\n\t\t\tMostRecent: &opt0,\n\t\t\tTypes: []string{\n\t\t\t\t\"AMAZON_ISSUED\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = acm.LookupCertificate(ctx, &acm.LookupCertificateArgs{\n\t\t\tDomain: \"tf.example.com\",\n\t\t\tKeyTypes: []string{\n\t\t\t\t\"RSA_4096\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCertificate.\n", + "properties": { + "domain": { + "type": "string", + "description": "The domain of the certificate to look up. If no certificate is found with this name, an error will be returned.\n" + }, + "keyTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of key algorithms to filter certificates. By default, ACM does not return all certificate types when searching. Valid values are `RSA_1024`, `RSA_2048`, `RSA_4096`, `EC_prime256v1`, `EC_secp384r1`, and `EC_secp521r1`.\n" + }, + "mostRecent": { + "type": "boolean", + "description": "If set to true, it sorts the certificates matched by previous criteria by the NotBefore field, returning only the most recent one. If set to false, it returns an error if more than one certificate is found. Defaults to false.\n" + }, + "statuses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of statuses on which to filter the returned list. Valid values are `PENDING_VALIDATION`, `ISSUED`,\n`INACTIVE`, `EXPIRED`, `VALIDATION_TIMED_OUT`, `REVOKED` and `FAILED`. If no value is specified, only certificates in the `ISSUED` state\nare returned.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags for the resource.\n" + }, + "types": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of types on which to filter the returned list. Valid values are `AMAZON_ISSUED` and `IMPORTED`.\n" + } + }, + "type": "object", + "required": [ + "domain" + ] + }, + "outputs": { + "description": "A collection of values returned by getCertificate.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the found certificate, suitable for referencing in other resources that support ACM certificates.\n" + }, + "domain": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "keyTypes": { + "type": "array", + "items": { + "type": "string" + } + }, + "mostRecent": { + "type": "boolean" + }, + "status": { + "type": "string", + "description": "Status of the found certificate.\n" + }, + "statuses": { + "type": "array", + "items": { + "type": "string" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags for the resource.\n" + }, + "types": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "arn", + "domain", + "status", + "tags", + "id" + ] + } + }, + "aws:acmpca/getCertificate:getCertificate": { + "description": "Get information on a Certificate issued by a AWS Certificate Manager Private Certificate Authority.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.acmpca.getCertificate({\n arn: \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/1234b4a0d73e2056789bdbe77d5b1a23\",\n certificateAuthorityArn: \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.acmpca.get_certificate(arn=\"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/1234b4a0d73e2056789bdbe77d5b1a23\",\n certificate_authority_arn=\"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Acmpca.GetCertificate.InvokeAsync(new Aws.Acmpca.GetCertificateArgs\n {\n Arn = \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/1234b4a0d73e2056789bdbe77d5b1a23\",\n CertificateAuthorityArn = \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acmpca\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acmpca.LookupCertificate(ctx, &acmpca.LookupCertificateArgs{\n\t\t\tArn: \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/1234b4a0d73e2056789bdbe77d5b1a23\",\n\t\t\tCertificateAuthorityArn: \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCertificate.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate issued by the private certificate authority.\n" + }, + "certificateAuthorityArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate authority.\n" + } + }, + "type": "object", + "required": [ + "arn", + "certificateAuthorityArn" + ] + }, + "outputs": { + "description": "A collection of values returned by getCertificate.\n", + "properties": { + "arn": { + "type": "string" + }, + "certificate": { + "type": "string", + "description": "The PEM-encoded certificate value.\n" + }, + "certificateAuthorityArn": { + "type": "string" + }, + "certificateChain": { + "type": "string", + "description": "The PEM-encoded certificate chain that includes any intermediate certificates and chains up to root CA.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "arn", + "certificate", + "certificateAuthorityArn", + "certificateChain", + "id" + ] + } + }, + "aws:acmpca/getCertificateAuthority:getCertificateAuthority": { + "description": "Get information on a AWS Certificate Manager Private Certificate Authority (ACM PCA Certificate Authority).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.acmpca.getCertificateAuthority({\n arn: \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.acmpca.get_certificate_authority(arn=\"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Acmpca.GetCertificateAuthority.InvokeAsync(new Aws.Acmpca.GetCertificateAuthorityArgs\n {\n Arn = \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/acmpca\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := acmpca.LookupCertificateAuthority(ctx, &acmpca.LookupCertificateAuthorityArgs{\n\t\t\tArn: \"arn:aws:acm-pca:us-east-1:123456789012:certificate-authority/12345678-1234-1234-1234-123456789012\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCertificateAuthority.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate authority.\n" + }, + "revocationConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:acmpca/getCertificateAuthorityRevocationConfiguration:getCertificateAuthorityRevocationConfiguration" + }, + "description": "Nested attribute containing revocation configuration.\n* `revocation_configuration.0.crl_configuration` - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.\n* `revocation_configuration.0.crl_configuration.0.custom_cname` - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.\n* `revocation_configuration.0.crl_configuration.0.enabled` - Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.\n* `revocation_configuration.0.crl_configuration.0.expiration_in_days` - Number of days until a certificate expires.\n* `revocation_configuration.0.crl_configuration.0.s3_bucket_name` - Name of the S3 bucket that contains the CRL.\n* `revocation_configuration.0.crl_configuration.0.s3_object_acl` - Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Specifies a key-value map of user-defined tags that are attached to the certificate authority.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getCertificateAuthority.\n", + "properties": { + "arn": { + "type": "string" + }, + "certificate": { + "type": "string", + "description": "Base64-encoded certificate authority (CA) certificate. Only available after the certificate authority certificate has been imported.\n" + }, + "certificateChain": { + "type": "string", + "description": "Base64-encoded certificate chain that includes any intermediate certificates and chains up to root on-premises certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. Only available after the certificate authority certificate has been imported.\n" + }, + "certificateSigningRequest": { + "type": "string", + "description": "The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "notAfter": { + "type": "string", + "description": "Date and time after which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.\n" + }, + "notBefore": { + "type": "string", + "description": "Date and time before which the certificate authority is not valid. Only available after the certificate authority certificate has been imported.\n" + }, + "revocationConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:acmpca/getCertificateAuthorityRevocationConfiguration:getCertificateAuthorityRevocationConfiguration" + }, + "description": "Nested attribute containing revocation configuration.\n* `revocation_configuration.0.crl_configuration` - Nested attribute containing configuration of the certificate revocation list (CRL), if any, maintained by the certificate authority.\n* `revocation_configuration.0.crl_configuration.0.custom_cname` - Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point.\n* `revocation_configuration.0.crl_configuration.0.enabled` - Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.\n* `revocation_configuration.0.crl_configuration.0.expiration_in_days` - Number of days until a certificate expires.\n* `revocation_configuration.0.crl_configuration.0.s3_bucket_name` - Name of the S3 bucket that contains the CRL.\n* `revocation_configuration.0.crl_configuration.0.s3_object_acl` - Whether the CRL is publicly readable or privately held in the CRL Amazon S3 bucket.\n" + }, + "serial": { + "type": "string", + "description": "Serial number of the certificate authority. Only available after the certificate authority certificate has been imported.\n" + }, + "status": { + "type": "string", + "description": "Status of the certificate authority.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Specifies a key-value map of user-defined tags that are attached to the certificate authority.\n" + }, + "type": { + "type": "string", + "description": "The type of the certificate authority.\n" + } + }, + "type": "object", + "required": [ + "arn", + "certificate", + "certificateChain", + "certificateSigningRequest", + "notAfter", + "notBefore", + "revocationConfigurations", + "serial", + "status", + "tags", + "type", + "id" + ] + } + }, + "aws:alb/getListener:getListener": { + "description": "> **Note:** `aws.alb.Listener` is known as `aws.lb.Listener`. The functionality is identical.\n\nProvides information about a Load Balancer Listener.\n\nThis data source can prove useful when a module accepts an LB Listener as an input variable and needs to know the LB it is attached to, or other information specific to the listener in question.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst listenerArn = config.require(\"listenerArn\");\nconst listener = aws.lb.getListener({\n arn: listenerArn,\n});\nconst selected = aws.lb.getLoadBalancer({\n name: \"default-public\",\n});\nconst selected443 = selected.then(selected => aws.lb.getListener({\n loadBalancerArn: selected.arn,\n port: 443,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlistener_arn = config.require(\"listenerArn\")\nlistener = aws.lb.get_listener(arn=listener_arn)\nselected = aws.lb.get_load_balancer(name=\"default-public\")\nselected443 = aws.lb.get_listener(load_balancer_arn=selected.arn,\n port=443)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var listenerArn = config.Require(\"listenerArn\");\n var listener = Output.Create(Aws.LB.GetListener.InvokeAsync(new Aws.LB.GetListenerArgs\n {\n Arn = listenerArn,\n }));\n var selected = Output.Create(Aws.LB.GetLoadBalancer.InvokeAsync(new Aws.LB.GetLoadBalancerArgs\n {\n Name = \"default-public\",\n }));\n var selected443 = selected.Apply(selected => Output.Create(Aws.LB.GetListener.InvokeAsync(new Aws.LB.GetListenerArgs\n {\n LoadBalancerArn = selected.Arn,\n Port = 443,\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlistenerArn := cfg.Require(\"listenerArn\")\n\t\topt0 := listenerArn\n\t\t_, err := lb.LookupListener(ctx, &lb.LookupListenerArgs{\n\t\t\tArn: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt1 := \"default-public\"\n\t\tselected, err := lb.LookupLoadBalancer(ctx, &lb.LookupLoadBalancerArgs{\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt2 := selected.Arn\n\t\topt3 := 443\n\t\t_, err = lb.LookupListener(ctx, &lb.LookupListenerArgs{\n\t\t\tLoadBalancerArn: &opt2,\n\t\t\tPort: &opt3,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getListener.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the listener. Required if `load_balancer_arn` and `port` is not set.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer. Required if `arn` is not set.\n" + }, + "port": { + "type": "integer", + "description": "Port of the listener. Required if `arn` is not set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getListener.\n", + "properties": { + "alpnPolicy": { + "type": "string" + }, + "arn": { + "type": "string" + }, + "certificateArn": { + "type": "string" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/getListenerDefaultAction:getListenerDefaultAction" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "loadBalancerArn": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "sslPolicy": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "alpnPolicy", + "arn", + "certificateArn", + "defaultActions", + "loadBalancerArn", + "port", + "protocol", + "sslPolicy", + "tags", + "id" + ] + } + }, + "aws:alb/getLoadBalancer:getLoadBalancer": { + "description": "> **Note:** `aws.alb.LoadBalancer` is known as `aws.lb.LoadBalancer`. The functionality is identical.\n\nProvides information about a Load Balancer.\n\nThis data source can prove useful when a module accepts an LB as an input\nvariable and needs to, for example, determine the security groups associated\nwith it, etc.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lbArn = config.get(\"lbArn\") || \"\";\nconst lbName = config.get(\"lbName\") || \"\";\nconst test = aws.lb.getLoadBalancer({\n arn: lbArn,\n name: lbName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlb_arn = config.get(\"lbArn\")\nif lb_arn is None:\n lb_arn = \"\"\nlb_name = config.get(\"lbName\")\nif lb_name is None:\n lb_name = \"\"\ntest = aws.lb.get_load_balancer(arn=lb_arn,\n name=lb_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lbArn = config.Get(\"lbArn\") ?? \"\";\n var lbName = config.Get(\"lbName\") ?? \"\";\n var test = Output.Create(Aws.LB.GetLoadBalancer.InvokeAsync(new Aws.LB.GetLoadBalancerArgs\n {\n Arn = lbArn,\n Name = lbName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlbArn := \"\"\n\t\tif param := cfg.Get(\"lbArn\"); param != \"\" {\n\t\t\tlbArn = param\n\t\t}\n\t\tlbName := \"\"\n\t\tif param := cfg.Get(\"lbName\"); param != \"\" {\n\t\t\tlbName = param\n\t\t}\n\t\topt0 := lbArn\n\t\topt1 := lbName\n\t\t_, err := lb.LookupLoadBalancer(ctx, &lb.LookupLoadBalancerArgs{\n\t\t\tArn: &opt0,\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLoadBalancer.\n", + "properties": { + "arn": { + "type": "string", + "description": "The full ARN of the load balancer.\n" + }, + "name": { + "type": "string", + "description": "The unique name of the load balancer.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match a pair on the desired load balancer.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLoadBalancer.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:alb/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs" + }, + "arn": { + "type": "string" + }, + "arnSuffix": { + "type": "string" + }, + "customerOwnedIpv4Pool": { + "type": "string" + }, + "dnsName": { + "type": "string" + }, + "dropInvalidHeaderFields": { + "type": "boolean" + }, + "enableDeletionProtection": { + "type": "boolean" + }, + "enableHttp2": { + "type": "boolean" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "idleTimeout": { + "type": "integer" + }, + "internal": { + "type": "boolean" + }, + "ipAddressType": { + "type": "string" + }, + "loadBalancerType": { + "type": "string" + }, + "name": { + "type": "string" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:alb/getLoadBalancerSubnetMapping:getLoadBalancerSubnetMapping" + } + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "accessLogs", + "arn", + "arnSuffix", + "customerOwnedIpv4Pool", + "dnsName", + "dropInvalidHeaderFields", + "enableDeletionProtection", + "enableHttp2", + "idleTimeout", + "internal", + "ipAddressType", + "loadBalancerType", + "name", + "securityGroups", + "subnetMappings", + "subnets", + "tags", + "vpcId", + "zoneId", + "id" + ] + } + }, + "aws:alb/getTargetGroup:getTargetGroup": { + "description": "> **Note:** `aws.alb.TargetGroup` is known as `aws.lb.TargetGroup`. The functionality is identical.\n\nProvides information about a Load Balancer Target Group.\n\nThis data source can prove useful when a module accepts an LB Target Group as an\ninput variable and needs to know its attributes. It can also be used to get the ARN of\nan LB Target Group for use in other resources, given LB Target Group name.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lbTgArn = config.get(\"lbTgArn\") || \"\";\nconst lbTgName = config.get(\"lbTgName\") || \"\";\nconst test = aws.lb.getTargetGroup({\n arn: lbTgArn,\n name: lbTgName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlb_tg_arn = config.get(\"lbTgArn\")\nif lb_tg_arn is None:\n lb_tg_arn = \"\"\nlb_tg_name = config.get(\"lbTgName\")\nif lb_tg_name is None:\n lb_tg_name = \"\"\ntest = aws.lb.get_target_group(arn=lb_tg_arn,\n name=lb_tg_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lbTgArn = config.Get(\"lbTgArn\") ?? \"\";\n var lbTgName = config.Get(\"lbTgName\") ?? \"\";\n var test = Output.Create(Aws.LB.GetTargetGroup.InvokeAsync(new Aws.LB.GetTargetGroupArgs\n {\n Arn = lbTgArn,\n Name = lbTgName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlbTgArn := \"\"\n\t\tif param := cfg.Get(\"lbTgArn\"); param != \"\" {\n\t\t\tlbTgArn = param\n\t\t}\n\t\tlbTgName := \"\"\n\t\tif param := cfg.Get(\"lbTgName\"); param != \"\" {\n\t\t\tlbTgName = param\n\t\t}\n\t\topt0 := lbTgArn\n\t\topt1 := lbTgName\n\t\t_, err := lb.LookupTargetGroup(ctx, &lb.LookupTargetGroupArgs{\n\t\t\tArn: &opt0,\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getTargetGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The full ARN of the target group.\n" + }, + "name": { + "type": "string", + "description": "The unique name of the target group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getTargetGroup.\n", + "properties": { + "arn": { + "type": "string" + }, + "arnSuffix": { + "type": "string" + }, + "deregistrationDelay": { + "type": "integer" + }, + "healthCheck": { + "$ref": "#/types/aws:alb/getTargetGroupHealthCheck:getTargetGroupHealthCheck" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean" + }, + "loadBalancingAlgorithmType": { + "type": "string" + }, + "name": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "preserveClientIp": { + "type": "string" + }, + "protocol": { + "type": "string" + }, + "protocolVersion": { + "type": "string" + }, + "proxyProtocolV2": { + "type": "boolean" + }, + "slowStart": { + "type": "integer" + }, + "stickiness": { + "$ref": "#/types/aws:alb/getTargetGroupStickiness:getTargetGroupStickiness" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetType": { + "type": "string" + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "arnSuffix", + "deregistrationDelay", + "healthCheck", + "lambdaMultiValueHeadersEnabled", + "loadBalancingAlgorithmType", + "name", + "port", + "preserveClientIp", + "protocol", + "protocolVersion", + "proxyProtocolV2", + "slowStart", + "stickiness", + "tags", + "targetType", + "vpcId", + "id" + ] + } + }, + "aws:apigateway/getDomainName:getDomainName": { + "description": "Use this data source to get the custom domain name for use with AWS API Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.apigateway.getDomainName({\n domainName: \"api.example.com\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigateway.get_domain_name(domain_name=\"api.example.com\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ApiGateway.GetDomainName.InvokeAsync(new Aws.ApiGateway.GetDomainNameArgs\n {\n DomainName = \"api.example.com\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.LookupDomainName(ctx, &apigateway.LookupDomainNameArgs{\n\t\t\tDomainName: \"api.example.com\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDomainName.\n", + "properties": { + "domainName": { + "type": "string", + "description": "The fully-qualified domain name to look up. If no domain name is found, an error will be returned.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags for the resource.\n" + } + }, + "type": "object", + "required": [ + "domainName" + ] + }, + "outputs": { + "description": "A collection of values returned by getDomainName.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the found custom domain name.\n" + }, + "certificateArn": { + "type": "string", + "description": "The ARN for an AWS-managed certificate that is used by edge-optimized endpoint for this domain name.\n" + }, + "certificateName": { + "type": "string", + "description": "The name of the certificate that is used by edge-optimized endpoint for this domain name.\n" + }, + "certificateUploadDate": { + "type": "string", + "description": "The upload date associated with the domain certificate.\n" + }, + "cloudfrontDomainName": { + "type": "string", + "description": "The hostname created by Cloudfront to represent the distribution that implements this domain name mapping.\n" + }, + "cloudfrontZoneId": { + "type": "string", + "description": "For convenience, the hosted zone ID (`Z2FDTNDATAQYW2`) that can be used to create a Route53 alias record for the distribution.\n" + }, + "domainName": { + "type": "string" + }, + "endpointConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigateway/getDomainNameEndpointConfiguration:getDomainNameEndpointConfiguration" + }, + "description": "List of objects with the endpoint configuration of this domain name.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "regionalCertificateArn": { + "type": "string", + "description": "The ARN for an AWS-managed certificate that is used for validating the regional domain name.\n" + }, + "regionalCertificateName": { + "type": "string", + "description": "The user-friendly name of the certificate that is used by regional endpoint for this domain name.\n" + }, + "regionalDomainName": { + "type": "string", + "description": "The hostname for the custom domain's regional endpoint.\n" + }, + "regionalZoneId": { + "type": "string", + "description": "The hosted zone ID that can be used to create a Route53 alias record for the regional endpoint.\n" + }, + "securityPolicy": { + "type": "string", + "description": "The security policy for the domain name.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags for the resource.\n" + } + }, + "type": "object", + "required": [ + "arn", + "certificateArn", + "certificateName", + "certificateUploadDate", + "cloudfrontDomainName", + "cloudfrontZoneId", + "domainName", + "endpointConfigurations", + "regionalCertificateArn", + "regionalCertificateName", + "regionalDomainName", + "regionalZoneId", + "securityPolicy", + "id" + ] + } + }, + "aws:apigateway/getKey:getKey": { + "description": "Use this data source to get the name and value of a pre-existing API Key, for\nexample to supply credentials for a dependency microservice.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myApiKey = pulumi.output(aws.apigateway.getKey({\n id: \"ru3mpjgse6\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_api_key = aws.apigateway.get_key(id=\"ru3mpjgse6\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myApiKey = Output.Create(Aws.ApiGateway.GetKey.InvokeAsync(new Aws.ApiGateway.GetKeyArgs\n {\n Id = \"ru3mpjgse6\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.GetKey(ctx, &apigateway.GetKeyArgs{\n\t\t\tId: \"ru3mpjgse6\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getKey.\n", + "properties": { + "id": { + "type": "string", + "description": "The ID of the API Key to look up.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the resource.\n" + } + }, + "type": "object", + "required": [ + "id" + ] + }, + "outputs": { + "description": "A collection of values returned by getKey.\n", + "properties": { + "createdDate": { + "type": "string", + "description": "The date and time when the API Key was created.\n" + }, + "description": { + "type": "string", + "description": "The description of the API Key.\n" + }, + "enabled": { + "type": "boolean", + "description": "Specifies whether the API Key is enabled.\n" + }, + "id": { + "type": "string", + "description": "Set to the ID of the API Key.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date and time when the API Key was last updated.\n" + }, + "name": { + "type": "string", + "description": "Set to the name of the API Key.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the resource.\n" + }, + "value": { + "type": "string", + "description": "Set to the value of the API Key.\n" + } + }, + "type": "object", + "required": [ + "createdDate", + "description", + "enabled", + "id", + "lastUpdatedDate", + "name", + "tags", + "value" + ] + } + }, + "aws:apigateway/getResource:getResource": { + "description": "Use this data source to get the id of a Resource in API Gateway.\nTo fetch the Resource, you must provide the REST API id as well as the full path. \n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myRestApi = aws.apigateway.getRestApi({\n name: \"my-rest-api\",\n});\nconst myResource = myRestApi.then(myRestApi => aws.apigateway.getResource({\n restApiId: myRestApi.id,\n path: \"/endpoint/path\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_rest_api = aws.apigateway.get_rest_api(name=\"my-rest-api\")\nmy_resource = aws.apigateway.get_resource(rest_api_id=my_rest_api.id,\n path=\"/endpoint/path\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myRestApi = Output.Create(Aws.ApiGateway.GetRestApi.InvokeAsync(new Aws.ApiGateway.GetRestApiArgs\n {\n Name = \"my-rest-api\",\n }));\n var myResource = myRestApi.Apply(myRestApi => Output.Create(Aws.ApiGateway.GetResource.InvokeAsync(new Aws.ApiGateway.GetResourceArgs\n {\n RestApiId = myRestApi.Id,\n Path = \"/endpoint/path\",\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmyRestApi, err := apigateway.LookupRestApi(ctx, &apigateway.LookupRestApiArgs{\n\t\t\tName: \"my-rest-api\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.LookupResource(ctx, &apigateway.LookupResourceArgs{\n\t\t\tRestApiId: myRestApi.Id,\n\t\t\tPath: \"/endpoint/path\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getResource.\n", + "properties": { + "path": { + "type": "string", + "description": "The full path of the resource. If no path is found, an error will be returned.\n" + }, + "restApiId": { + "type": "string", + "description": "The REST API id that owns the resource. If no REST API is found, an error will be returned.\n" + } + }, + "type": "object", + "required": [ + "path", + "restApiId" + ] + }, + "outputs": { + "description": "A collection of values returned by getResource.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "parentId": { + "type": "string", + "description": "Set to the ID of the parent Resource.\n" + }, + "path": { + "type": "string" + }, + "pathPart": { + "type": "string", + "description": "Set to the path relative to the parent Resource.\n" + }, + "restApiId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "parentId", + "path", + "pathPart", + "restApiId", + "id" + ] + } + }, + "aws:apigateway/getRestApi:getRestApi": { + "description": "Use this data source to get the id and root_resource_id of a REST API in\nAPI Gateway. To fetch the REST API you must provide a name to match against.\nAs there is no unique name constraint on REST APIs this data source will\nerror if there is more than one match.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myRestApi = pulumi.output(aws.apigateway.getRestApi({\n name: \"my-rest-api\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_rest_api = aws.apigateway.get_rest_api(name=\"my-rest-api\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myRestApi = Output.Create(Aws.ApiGateway.GetRestApi.InvokeAsync(new Aws.ApiGateway.GetRestApiArgs\n {\n Name = \"my-rest-api\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.LookupRestApi(ctx, &apigateway.LookupRestApiArgs{\n\t\t\tName: \"my-rest-api\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRestApi.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the REST API to look up. If no REST API is found with this name, an error will be returned. If multiple REST APIs are found with this name, an error will be returned.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getRestApi.\n", + "properties": { + "apiKeySource": { + "type": "string", + "description": "The source of the API key for requests.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the REST API.\n" + }, + "binaryMediaTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of binary media types supported by the REST API.\n" + }, + "description": { + "type": "string", + "description": "The description of the REST API.\n" + }, + "endpointConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigateway/getRestApiEndpointConfiguration:getRestApiEndpointConfiguration" + }, + "description": "The endpoint configuration of this RestApi showing the endpoint types of the API.\n" + }, + "executionArn": { + "type": "string", + "description": "The execution ARN part to be used in `lambda_permission`'s `source_arn` when allowing API Gateway to invoke a Lambda function, e.g. `arn:aws:execute-api:eu-west-2:123456789012:z4675bid1j`, which can be concatenated with allowed stage, method and resource path.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "minimumCompressionSize": { + "type": "integer", + "description": "Minimum response size to compress for the REST API.\n" + }, + "name": { + "type": "string" + }, + "policy": { + "type": "string", + "description": "JSON formatted policy document that controls access to the API Gateway.\n" + }, + "rootResourceId": { + "type": "string", + "description": "Set to the ID of the API Gateway Resource on the found REST API where the route matches '/'.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + } + }, + "type": "object", + "required": [ + "apiKeySource", + "arn", + "binaryMediaTypes", + "description", + "endpointConfigurations", + "executionArn", + "minimumCompressionSize", + "name", + "policy", + "rootResourceId", + "tags", + "id" + ] + } + }, + "aws:apigateway/getVpcLink:getVpcLink": { + "description": "Use this data source to get the id of a VPC Link in\nAPI Gateway. To fetch the VPC Link you must provide a name to match against.\nAs there is no unique name constraint on API Gateway VPC Links this data source will\nerror if there is more than one match.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myApiGatewayVpcLink = pulumi.output(aws.apigateway.getVpcLink({\n name: \"my-vpc-link\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_api_gateway_vpc_link = aws.apigateway.get_vpc_link(name=\"my-vpc-link\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myApiGatewayVpcLink = Output.Create(Aws.ApiGateway.GetVpcLink.InvokeAsync(new Aws.ApiGateway.GetVpcLinkArgs\n {\n Name = \"my-vpc-link\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.LookupVpcLink(ctx, &apigateway.LookupVpcLinkArgs{\n\t\t\tName: \"my-vpc-link\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVpcLink.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the API Gateway VPC Link to look up. If no API Gateway VPC Link is found with this name, an error will be returned.\nIf multiple API Gateway VPC Links are found with this name, an error will be returned.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getVpcLink.\n", + "properties": { + "description": { + "type": "string", + "description": "The description of the VPC link.\n" + }, + "id": { + "type": "string", + "description": "Set to the ID of the found API Gateway VPC Link.\n" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string", + "description": "The status of the VPC link.\n" + }, + "statusMessage": { + "type": "string", + "description": "The status message of the VPC link.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags\n" + }, + "targetArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of network load balancer arns in the VPC targeted by the VPC link. Currently AWS only supports 1 target.\n" + } + }, + "type": "object", + "required": [ + "description", + "id", + "name", + "status", + "statusMessage", + "tags", + "targetArns" + ] + } + }, + "aws:apigatewayv2/getApi:getApi": { + "description": "Provides details about a specific Amazon API Gateway Version 2 API.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.apigatewayv2.getApi({\n apiId: \"aabbccddee\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.get_api(api_id=\"aabbccddee\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ApiGatewayV2.GetApi.InvokeAsync(new Aws.ApiGatewayV2.GetApiArgs\n {\n ApiId = \"aabbccddee\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigatewayv2.LookupApi(ctx, &apigatewayv2.LookupApiArgs{\n\t\t\tApiId: \"aabbccddee\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getApi.\n", + "properties": { + "apiId": { + "type": "string", + "description": "The API identifier.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of resource tags.\n" + } + }, + "type": "object", + "required": [ + "apiId" + ] + }, + "outputs": { + "description": "A collection of values returned by getApi.\n", + "properties": { + "apiEndpoint": { + "type": "string", + "description": "The URI of the API, of the form `https://{api-id}.execute-api.{region}.amazonaws.com` for HTTP APIs and `wss://{api-id}.execute-api.{region}.amazonaws.com` for WebSocket APIs.\n" + }, + "apiId": { + "type": "string" + }, + "apiKeySelectionExpression": { + "type": "string", + "description": "An [API key selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-apikey-selection-expressions).\nApplicable for WebSocket APIs.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the API.\n" + }, + "corsConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:apigatewayv2/getApiCorsConfiguration:getApiCorsConfiguration" + }, + "description": "The cross-origin resource sharing (CORS) [configuration](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-cors.html).\nApplicable for HTTP APIs.\n" + }, + "description": { + "type": "string", + "description": "The description of the API.\n" + }, + "disableExecuteApiEndpoint": { + "type": "boolean", + "description": "Whether clients can invoke the API by using the default `execute-api` endpoint.\n" + }, + "executionArn": { + "type": "string", + "description": "The ARN prefix to be used in an `aws.lambda.Permission`'s `source_arn` attribute\nor in an `aws.iam.Policy` to authorize access to the [`@connections` API](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-how-to-call-websocket-api-connections.html).\nSee the [Amazon API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-control-access-iam.html) for details.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the API.\n" + }, + "protocolType": { + "type": "string", + "description": "The API protocol.\n" + }, + "routeSelectionExpression": { + "type": "string", + "description": "The [route selection expression](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-websocket-api-selection-expressions.html#apigateway-websocket-api-route-selection-expressions) for the API.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of resource tags.\n" + }, + "version": { + "type": "string", + "description": "A version identifier for the API.\n" + } + }, + "type": "object", + "required": [ + "apiEndpoint", + "apiId", + "apiKeySelectionExpression", + "arn", + "corsConfigurations", + "description", + "disableExecuteApiEndpoint", + "executionArn", + "name", + "protocolType", + "routeSelectionExpression", + "tags", + "version", + "id" + ] + } + }, + "aws:apigatewayv2/getApis:getApis": { + "description": "Provides details about multiple Amazon API Gateway Version 2 APIs.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.apigatewayv2.getApis({\n protocolType: \"HTTP\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.apigatewayv2.get_apis(protocol_type=\"HTTP\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ApiGatewayV2.GetApis.InvokeAsync(new Aws.ApiGatewayV2.GetApisArgs\n {\n ProtocolType = \"HTTP\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigatewayv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"HTTP\"\n\t\t_, err := apigatewayv2.GetApis(ctx, &apigatewayv2.GetApisArgs{\n\t\t\tProtocolType: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getApis.\n", + "properties": { + "name": { + "type": "string", + "description": "The API name.\n" + }, + "protocolType": { + "type": "string", + "description": "The API protocol.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired APIs.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getApis.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of API identifiers.\n" + }, + "name": { + "type": "string" + }, + "protocolType": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "ids", + "id" + ] + } + }, + "aws:applicationloadbalancing/getListener:getListener": { + "description": "> **Note:** `aws.alb.Listener` is known as `aws.lb.Listener`. The functionality is identical.\n\nProvides information about a Load Balancer Listener.\n\nThis data source can prove useful when a module accepts an LB Listener as an input variable and needs to know the LB it is attached to, or other information specific to the listener in question.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst listenerArn = config.require(\"listenerArn\");\nconst listener = aws.lb.getListener({\n arn: listenerArn,\n});\nconst selected = aws.lb.getLoadBalancer({\n name: \"default-public\",\n});\nconst selected443 = selected.then(selected => aws.lb.getListener({\n loadBalancerArn: selected.arn,\n port: 443,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlistener_arn = config.require(\"listenerArn\")\nlistener = aws.lb.get_listener(arn=listener_arn)\nselected = aws.lb.get_load_balancer(name=\"default-public\")\nselected443 = aws.lb.get_listener(load_balancer_arn=selected.arn,\n port=443)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var listenerArn = config.Require(\"listenerArn\");\n var listener = Output.Create(Aws.LB.GetListener.InvokeAsync(new Aws.LB.GetListenerArgs\n {\n Arn = listenerArn,\n }));\n var selected = Output.Create(Aws.LB.GetLoadBalancer.InvokeAsync(new Aws.LB.GetLoadBalancerArgs\n {\n Name = \"default-public\",\n }));\n var selected443 = selected.Apply(selected => Output.Create(Aws.LB.GetListener.InvokeAsync(new Aws.LB.GetListenerArgs\n {\n LoadBalancerArn = selected.Arn,\n Port = 443,\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlistenerArn := cfg.Require(\"listenerArn\")\n\t\topt0 := listenerArn\n\t\t_, err := lb.LookupListener(ctx, &lb.LookupListenerArgs{\n\t\t\tArn: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt1 := \"default-public\"\n\t\tselected, err := lb.LookupLoadBalancer(ctx, &lb.LookupLoadBalancerArgs{\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt2 := selected.Arn\n\t\topt3 := 443\n\t\t_, err = lb.LookupListener(ctx, &lb.LookupListenerArgs{\n\t\t\tLoadBalancerArn: &opt2,\n\t\t\tPort: &opt3,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getListener.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the listener. Required if `load_balancer_arn` and `port` is not set.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer. Required if `arn` is not set.\n" + }, + "port": { + "type": "integer", + "description": "Port of the listener. Required if `arn` is not set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getListener.\n", + "properties": { + "alpnPolicy": { + "type": "string" + }, + "arn": { + "type": "string" + }, + "certificateArn": { + "type": "string" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/getListenerDefaultAction:getListenerDefaultAction" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "loadBalancerArn": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "sslPolicy": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "alpnPolicy", + "arn", + "certificateArn", + "defaultActions", + "loadBalancerArn", + "port", + "protocol", + "sslPolicy", + "tags", + "id" + ] + }, + "deprecationMessage": "aws.applicationloadbalancing.getListener has been deprecated in favor of aws.alb.getListener" + }, + "aws:applicationloadbalancing/getLoadBalancer:getLoadBalancer": { + "description": "> **Note:** `aws.alb.LoadBalancer` is known as `aws.lb.LoadBalancer`. The functionality is identical.\n\nProvides information about a Load Balancer.\n\nThis data source can prove useful when a module accepts an LB as an input\nvariable and needs to, for example, determine the security groups associated\nwith it, etc.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lbArn = config.get(\"lbArn\") || \"\";\nconst lbName = config.get(\"lbName\") || \"\";\nconst test = aws.lb.getLoadBalancer({\n arn: lbArn,\n name: lbName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlb_arn = config.get(\"lbArn\")\nif lb_arn is None:\n lb_arn = \"\"\nlb_name = config.get(\"lbName\")\nif lb_name is None:\n lb_name = \"\"\ntest = aws.lb.get_load_balancer(arn=lb_arn,\n name=lb_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lbArn = config.Get(\"lbArn\") ?? \"\";\n var lbName = config.Get(\"lbName\") ?? \"\";\n var test = Output.Create(Aws.LB.GetLoadBalancer.InvokeAsync(new Aws.LB.GetLoadBalancerArgs\n {\n Arn = lbArn,\n Name = lbName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlbArn := \"\"\n\t\tif param := cfg.Get(\"lbArn\"); param != \"\" {\n\t\t\tlbArn = param\n\t\t}\n\t\tlbName := \"\"\n\t\tif param := cfg.Get(\"lbName\"); param != \"\" {\n\t\t\tlbName = param\n\t\t}\n\t\topt0 := lbArn\n\t\topt1 := lbName\n\t\t_, err := lb.LookupLoadBalancer(ctx, &lb.LookupLoadBalancerArgs{\n\t\t\tArn: &opt0,\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLoadBalancer.\n", + "properties": { + "arn": { + "type": "string", + "description": "The full ARN of the load balancer.\n" + }, + "name": { + "type": "string", + "description": "The unique name of the load balancer.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match a pair on the desired load balancer.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLoadBalancer.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:applicationloadbalancing/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs" + }, + "arn": { + "type": "string" + }, + "arnSuffix": { + "type": "string" + }, + "customerOwnedIpv4Pool": { + "type": "string" + }, + "dnsName": { + "type": "string" + }, + "dropInvalidHeaderFields": { + "type": "boolean" + }, + "enableDeletionProtection": { + "type": "boolean" + }, + "enableHttp2": { + "type": "boolean" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "idleTimeout": { + "type": "integer" + }, + "internal": { + "type": "boolean" + }, + "ipAddressType": { + "type": "string" + }, + "loadBalancerType": { + "type": "string" + }, + "name": { + "type": "string" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:applicationloadbalancing/getLoadBalancerSubnetMapping:getLoadBalancerSubnetMapping" + } + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "accessLogs", + "arn", + "arnSuffix", + "customerOwnedIpv4Pool", + "dnsName", + "dropInvalidHeaderFields", + "enableDeletionProtection", + "enableHttp2", + "idleTimeout", + "internal", + "ipAddressType", + "loadBalancerType", + "name", + "securityGroups", + "subnetMappings", + "subnets", + "tags", + "vpcId", + "zoneId", + "id" + ] + }, + "deprecationMessage": "aws.applicationloadbalancing.getLoadBalancer has been deprecated in favor of aws.alb.getLoadBalancer" + }, + "aws:applicationloadbalancing/getTargetGroup:getTargetGroup": { + "description": "> **Note:** `aws.alb.TargetGroup` is known as `aws.lb.TargetGroup`. The functionality is identical.\n\nProvides information about a Load Balancer Target Group.\n\nThis data source can prove useful when a module accepts an LB Target Group as an\ninput variable and needs to know its attributes. It can also be used to get the ARN of\nan LB Target Group for use in other resources, given LB Target Group name.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lbTgArn = config.get(\"lbTgArn\") || \"\";\nconst lbTgName = config.get(\"lbTgName\") || \"\";\nconst test = aws.lb.getTargetGroup({\n arn: lbTgArn,\n name: lbTgName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlb_tg_arn = config.get(\"lbTgArn\")\nif lb_tg_arn is None:\n lb_tg_arn = \"\"\nlb_tg_name = config.get(\"lbTgName\")\nif lb_tg_name is None:\n lb_tg_name = \"\"\ntest = aws.lb.get_target_group(arn=lb_tg_arn,\n name=lb_tg_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lbTgArn = config.Get(\"lbTgArn\") ?? \"\";\n var lbTgName = config.Get(\"lbTgName\") ?? \"\";\n var test = Output.Create(Aws.LB.GetTargetGroup.InvokeAsync(new Aws.LB.GetTargetGroupArgs\n {\n Arn = lbTgArn,\n Name = lbTgName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlbTgArn := \"\"\n\t\tif param := cfg.Get(\"lbTgArn\"); param != \"\" {\n\t\t\tlbTgArn = param\n\t\t}\n\t\tlbTgName := \"\"\n\t\tif param := cfg.Get(\"lbTgName\"); param != \"\" {\n\t\t\tlbTgName = param\n\t\t}\n\t\topt0 := lbTgArn\n\t\topt1 := lbTgName\n\t\t_, err := lb.LookupTargetGroup(ctx, &lb.LookupTargetGroupArgs{\n\t\t\tArn: &opt0,\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getTargetGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The full ARN of the target group.\n" + }, + "name": { + "type": "string", + "description": "The unique name of the target group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getTargetGroup.\n", + "properties": { + "arn": { + "type": "string" + }, + "arnSuffix": { + "type": "string" + }, + "deregistrationDelay": { + "type": "integer" + }, + "healthCheck": { + "$ref": "#/types/aws:applicationloadbalancing/getTargetGroupHealthCheck:getTargetGroupHealthCheck" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean" + }, + "loadBalancingAlgorithmType": { + "type": "string" + }, + "name": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "preserveClientIp": { + "type": "string" + }, + "protocol": { + "type": "string" + }, + "protocolVersion": { + "type": "string" + }, + "proxyProtocolV2": { + "type": "boolean" + }, + "slowStart": { + "type": "integer" + }, + "stickiness": { + "$ref": "#/types/aws:applicationloadbalancing/getTargetGroupStickiness:getTargetGroupStickiness" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetType": { + "type": "string" + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "arnSuffix", + "deregistrationDelay", + "healthCheck", + "lambdaMultiValueHeadersEnabled", + "loadBalancingAlgorithmType", + "name", + "port", + "preserveClientIp", + "protocol", + "protocolVersion", + "proxyProtocolV2", + "slowStart", + "stickiness", + "tags", + "targetType", + "vpcId", + "id" + ] + }, + "deprecationMessage": "aws.applicationloadbalancing.getTargetGroup has been deprecated in favor of aws.alb.getTargetGroup" + }, + "aws:appmesh/getMesh:getMesh": { + "description": "The App Mesh Mesh data source allows details of an App Mesh Mesh to be retrieved by its name and optionally the mesh_owner.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst simple = pulumi.output(aws.appmesh.getMesh({\n name: \"simpleapp\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsimple = aws.appmesh.get_mesh(name=\"simpleapp\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var simple = Output.Create(Aws.AppMesh.GetMesh.InvokeAsync(new Aws.AppMesh.GetMeshArgs\n {\n Name = \"simpleapp\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.LookupMesh(ctx, &appmesh.LookupMeshArgs{\n\t\t\tName: \"simpleapp\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst simple = current.then(current => aws.appmesh.getMesh({\n name: \"simpleapp\",\n meshOwner: current.accountId,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\nsimple = aws.appmesh.get_mesh(name=\"simpleapp\",\n mesh_owner=current.account_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var simple = current.Apply(current => Output.Create(Aws.AppMesh.GetMesh.InvokeAsync(new Aws.AppMesh.GetMeshArgs\n {\n Name = \"simpleapp\",\n MeshOwner = current.AccountId,\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt0 := current.AccountId\n\t\t_, err = appmesh.LookupMesh(ctx, &appmesh.LookupMeshArgs{\n\t\t\tName: \"simpleapp\",\n\t\t\tMeshOwner: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getMesh.\n", + "properties": { + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner.\n" + }, + "name": { + "type": "string", + "description": "The name of the service mesh.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getMesh.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the service mesh.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the service mesh.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the service mesh.\n" + }, + "meshOwner": { + "type": "string" + }, + "name": { + "type": "string" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "specs": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/getMeshSpec:getMeshSpec" + }, + "description": "The service mesh specification.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags.\n" + } + }, + "type": "object", + "required": [ + "arn", + "createdDate", + "lastUpdatedDate", + "meshOwner", + "name", + "resourceOwner", + "specs", + "tags", + "id" + ] + } + }, + "aws:appmesh/getVirtualService:getVirtualService": { + "description": "The App Mesh Virtual Service data source allows details of an App Mesh Virtual Service to be retrieved by its name, mesh_name, and optionally the mesh_owner.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.appmesh.getVirtualService({\n meshName: \"example-mesh\",\n name: \"example.mesh.local\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.appmesh.get_virtual_service(mesh_name=\"example-mesh\",\n name=\"example.mesh.local\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.AppMesh.GetVirtualService.InvokeAsync(new Aws.AppMesh.GetVirtualServiceArgs\n {\n MeshName = \"example-mesh\",\n Name = \"example.mesh.local\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := appmesh.LookupVirtualService(ctx, &appmesh.LookupVirtualServiceArgs{\n\t\t\tMeshName: \"example-mesh\",\n\t\t\tName: \"example.mesh.local\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nconst test = current.then(current => aws.appmesh.getVirtualService({\n name: \"example.mesh.local\",\n meshName: \"example-mesh\",\n meshOwner: current.accountId,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\ntest = aws.appmesh.get_virtual_service(name=\"example.mesh.local\",\n mesh_name=\"example-mesh\",\n mesh_owner=current.account_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n var test = current.Apply(current => Output.Create(Aws.AppMesh.GetVirtualService.InvokeAsync(new Aws.AppMesh.GetVirtualServiceArgs\n {\n Name = \"example.mesh.local\",\n MeshName = \"example-mesh\",\n MeshOwner = current.AccountId,\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/appmesh\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt0 := current.AccountId\n\t\t_, err = appmesh.LookupVirtualService(ctx, &appmesh.LookupVirtualServiceArgs{\n\t\t\tName: \"example.mesh.local\",\n\t\t\tMeshName: \"example-mesh\",\n\t\t\tMeshOwner: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVirtualService.\n", + "properties": { + "meshName": { + "type": "string", + "description": "The name of the service mesh in which the virtual service exists.\n" + }, + "meshOwner": { + "type": "string", + "description": "The AWS account ID of the service mesh's owner.\n" + }, + "name": { + "type": "string", + "description": "The name of the virtual service.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags.\n" + } + }, + "type": "object", + "required": [ + "meshName", + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getVirtualService.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the virtual service.\n" + }, + "createdDate": { + "type": "string", + "description": "The creation date of the virtual service.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The last update date of the virtual service.\n" + }, + "meshName": { + "type": "string" + }, + "meshOwner": { + "type": "string" + }, + "name": { + "type": "string" + }, + "resourceOwner": { + "type": "string", + "description": "The resource owner's AWS account ID.\n" + }, + "specs": { + "type": "array", + "items": { + "$ref": "#/types/aws:appmesh/getVirtualServiceSpec:getVirtualServiceSpec" + }, + "description": "The virtual service specification\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags.\n" + } + }, + "type": "object", + "required": [ + "arn", + "createdDate", + "lastUpdatedDate", + "meshName", + "meshOwner", + "name", + "resourceOwner", + "specs", + "id" + ] + } + }, + "aws:autoscaling/getAmiIds:getAmiIds": { + "description": "The Autoscaling Groups data source allows access to the list of AWS\nASGs within a specific region. This will allow you to pass a list of AutoScaling Groups to other resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst groups = aws.autoscaling.getAmiIds({\n filters: [\n {\n name: \"key\",\n values: [\"Team\"],\n },\n {\n name: \"value\",\n values: [\"Pets\"],\n },\n ],\n});\nconst slackNotifications = new aws.autoscaling.Notification(\"slackNotifications\", {\n groupNames: groups.then(groups => groups.names),\n notifications: [\n \"autoscaling:EC2_INSTANCE_LAUNCH\",\n \"autoscaling:EC2_INSTANCE_TERMINATE\",\n \"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\",\n \"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\",\n ],\n topicArn: \"TOPIC ARN\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngroups = aws.autoscaling.get_ami_ids(filters=[\n aws.autoscaling.GetAmiIdsFilterArgs(\n name=\"key\",\n values=[\"Team\"],\n ),\n aws.autoscaling.GetAmiIdsFilterArgs(\n name=\"value\",\n values=[\"Pets\"],\n ),\n])\nslack_notifications = aws.autoscaling.Notification(\"slackNotifications\",\n group_names=groups.names,\n notifications=[\n \"autoscaling:EC2_INSTANCE_LAUNCH\",\n \"autoscaling:EC2_INSTANCE_TERMINATE\",\n \"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\",\n \"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\",\n ],\n topic_arn=\"TOPIC ARN\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var groups = Output.Create(Aws.AutoScaling.GetAmiIds.InvokeAsync(new Aws.AutoScaling.GetAmiIdsArgs\n {\n Filters = \n {\n new Aws.AutoScaling.Inputs.GetAmiIdsFilterArgs\n {\n Name = \"key\",\n Values = \n {\n \"Team\",\n },\n },\n new Aws.AutoScaling.Inputs.GetAmiIdsFilterArgs\n {\n Name = \"value\",\n Values = \n {\n \"Pets\",\n },\n },\n },\n }));\n var slackNotifications = new Aws.AutoScaling.Notification(\"slackNotifications\", new Aws.AutoScaling.NotificationArgs\n {\n GroupNames = groups.Apply(groups => groups.Names),\n Notifications = \n {\n \"autoscaling:EC2_INSTANCE_LAUNCH\",\n \"autoscaling:EC2_INSTANCE_TERMINATE\",\n \"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\",\n \"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\",\n },\n TopicArn = \"TOPIC ARN\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroups, err := autoscaling.GetAmiIds(ctx, &autoscaling.GetAmiIdsArgs{\n\t\t\tFilters: []autoscaling.GetAmiIdsFilter{\n\t\t\t\tautoscaling.GetAmiIdsFilter{\n\t\t\t\t\tName: \"key\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"Team\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tautoscaling.GetAmiIdsFilter{\n\t\t\t\t\tName: \"value\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"Pets\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewNotification(ctx, \"slackNotifications\", &autoscaling.NotificationArgs{\n\t\t\tGroupNames: interface{}(groups.Names),\n\t\t\tNotifications: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_LAUNCH\"),\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_TERMINATE\"),\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\"),\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\"),\n\t\t\t},\n\t\t\tTopicArn: pulumi.String(\"TOPIC ARN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAmiIds.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/getAmiIdsFilter:getAmiIdsFilter" + }, + "description": "A filter used to scope the list e.g. by tags. See [related docs](http://docs.aws.amazon.com/AutoScaling/latest/APIReference/API_Filter.html).\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getAmiIds.\n", + "properties": { + "arns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the Autoscaling Groups Arns in the current region.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/getAmiIdsFilter:getAmiIdsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "names": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the Autoscaling Groups in the current region.\n" + } + }, + "type": "object", + "required": [ + "arns", + "names", + "id" + ] + } + }, + "aws:autoscaling/getGroup:getGroup": { + "description": "Use this data source to get information on an existing autoscaling group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = pulumi.output(aws.autoscaling.getGroup({\n name: \"foo\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.autoscaling.get_group(name=\"foo\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = Output.Create(Aws.AutoScaling.GetGroup.InvokeAsync(new Aws.AutoScaling.GetGroupArgs\n {\n Name = \"foo\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := autoscaling.LookupGroup(ctx, &autoscaling.LookupGroupArgs{\n\t\t\tName: \"foo\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getGroup.\n", + "properties": { + "name": { + "type": "string", + "description": "Specify the exact name of the desired autoscaling group.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Auto Scaling group.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more Availability Zones for the group.\n" + }, + "defaultCooldown": { + "type": "integer" + }, + "desiredCapacity": { + "type": "integer", + "description": "The desired size of the group.\n" + }, + "healthCheckGracePeriod": { + "type": "integer", + "description": "The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service.\n" + }, + "healthCheckType": { + "type": "string", + "description": "The service to use for the health checks. The valid values are EC2 and ELB.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "launchConfiguration": { + "type": "string", + "description": "The name of the associated launch configuration.\n" + }, + "launchTemplates": { + "type": "array", + "items": { + "$ref": "#/types/aws:autoscaling/getGroupLaunchTemplate:getGroupLaunchTemplate" + } + }, + "loadBalancers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more load balancers associated with the group.\n" + }, + "maxSize": { + "type": "integer", + "description": "The maximum size of the group.\n" + }, + "minSize": { + "type": "integer", + "description": "The minimum size of the group.\n" + }, + "name": { + "type": "string", + "description": "Name of the Auto Scaling Group.\n" + }, + "newInstancesProtectedFromScaleIn": { + "type": "boolean" + }, + "placementGroup": { + "type": "string", + "description": "The name of the placement group into which to launch your instances, if any. For more information, see Placement Groups (http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html) in the Amazon Elastic Compute Cloud User Guide.\n" + }, + "serviceLinkedRoleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the service-linked role that the Auto Scaling group uses to call other AWS services on your behalf.\n" + }, + "status": { + "type": "string", + "description": "The current state of the group when DeleteAutoScalingGroup is in progress.\n" + }, + "targetGroupArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Amazon Resource Names (ARN) of the target groups for your load balancer.\n" + }, + "terminationPolicies": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The termination policies for the group.\n" + }, + "vpcZoneIdentifier": { + "type": "string", + "description": "VPC ID for the group.\n" + } + }, + "type": "object", + "required": [ + "arn", + "availabilityZones", + "defaultCooldown", + "desiredCapacity", + "healthCheckGracePeriod", + "healthCheckType", + "launchConfiguration", + "launchTemplates", + "loadBalancers", + "maxSize", + "minSize", + "name", + "newInstancesProtectedFromScaleIn", + "placementGroup", + "serviceLinkedRoleArn", + "status", + "targetGroupArns", + "terminationPolicies", + "vpcZoneIdentifier", + "id" + ] + } + }, + "aws:backup/getPlan:getPlan": { + "description": "Use this data source to get information on an existing backup plan.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.backup.getPlan({\n planId: \"tf_example_backup_plan_id\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.get_plan(plan_id=\"tf_example_backup_plan_id\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Backup.GetPlan.InvokeAsync(new Aws.Backup.GetPlanArgs\n {\n PlanId = \"tf_example_backup_plan_id\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.LookupPlan(ctx, &backup.LookupPlanArgs{\n\t\t\tPlanId: \"tf_example_backup_plan_id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPlan.\n", + "properties": { + "planId": { + "type": "string", + "description": "The backup plan ID.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the plans you create.\n" + } + }, + "type": "object", + "required": [ + "planId" + ] + }, + "outputs": { + "description": "A collection of values returned by getPlan.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the backup plan.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The display name of a backup plan.\n" + }, + "planId": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the plans you create.\n" + }, + "version": { + "type": "string", + "description": "Unique, randomly generated, Unicode, UTF-8 encoded string that serves as the version ID of the backup plan.\n" + } + }, + "type": "object", + "required": [ + "arn", + "name", + "planId", + "tags", + "version", + "id" + ] + } + }, + "aws:backup/getSelection:getSelection": { + "description": "Use this data source to get information on an existing backup selection.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.backup.getSelection({\n planId: data.aws_backup_plan.example.id,\n selectionId: \"selection-id-example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.get_selection(plan_id=data[\"aws_backup_plan\"][\"example\"][\"id\"],\n selection_id=\"selection-id-example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Backup.GetSelection.InvokeAsync(new Aws.Backup.GetSelectionArgs\n {\n PlanId = data.Aws_backup_plan.Example.Id,\n SelectionId = \"selection-id-example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.LookupSelection(ctx, &backup.LookupSelectionArgs{\n\t\t\tPlanId: data.Aws_backup_plan.Example.Id,\n\t\t\tSelectionId: \"selection-id-example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSelection.\n", + "properties": { + "planId": { + "type": "string", + "description": "The backup plan ID associated with the selection of resources.\n" + }, + "selectionId": { + "type": "string", + "description": "The backup selection ID.\n" + } + }, + "type": "object", + "required": [ + "planId", + "selectionId" + ] + }, + "outputs": { + "description": "A collection of values returned by getSelection.\n", + "properties": { + "iamRoleArn": { + "type": "string", + "description": "The ARN of the IAM role that AWS Backup uses to authenticate when restoring and backing up the target resource. See the [AWS Backup Developer Guide](https://docs.aws.amazon.com/aws-backup/latest/devguide/access-control.html#managed-policies) for additional information about using AWS managed policies or creating custom policies attached to the IAM role.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The display name of a resource selection document.\n" + }, + "planId": { + "type": "string" + }, + "resources": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of strings that either contain Amazon Resource Names (ARNs) or match patterns of resources to assign to a backup plan..\n" + }, + "selectionId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "iamRoleArn", + "name", + "planId", + "resources", + "selectionId", + "id" + ] + } + }, + "aws:backup/getVault:getVault": { + "description": "Use this data source to get information on an existing backup vault.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.backup.getVault({\n name: \"example_backup_vault\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.backup.get_vault(name=\"example_backup_vault\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Backup.GetVault.InvokeAsync(new Aws.Backup.GetVaultArgs\n {\n Name = \"example_backup_vault\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/backup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := backup.LookupVault(ctx, &backup.LookupVaultArgs{\n\t\t\tName: \"example_backup_vault\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVault.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the backup vault.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the resources that you create.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getVault.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the vault.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The server-side encryption key that is used to protect your backups.\n" + }, + "name": { + "type": "string" + }, + "recoveryPoints": { + "type": "integer", + "description": "The number of recovery points that are stored in a backup vault.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata that you can assign to help organize the resources that you create.\n" + } + }, + "type": "object", + "required": [ + "arn", + "kmsKeyArn", + "name", + "recoveryPoints", + "tags", + "id" + ] + } + }, + "aws:batch/getComputeEnvironment:getComputeEnvironment": { + "description": "The Batch Compute Environment data source allows access to details of a specific\ncompute environment within AWS Batch.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst batch_mongo = pulumi.output(aws.batch.getComputeEnvironment({\n computeEnvironmentName: \"batch-mongo-production\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbatch_mongo = aws.batch.get_compute_environment(compute_environment_name=\"batch-mongo-production\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var batch_mongo = Output.Create(Aws.Batch.GetComputeEnvironment.InvokeAsync(new Aws.Batch.GetComputeEnvironmentArgs\n {\n ComputeEnvironmentName = \"batch-mongo-production\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.LookupComputeEnvironment(ctx, &batch.LookupComputeEnvironmentArgs{\n\t\t\tComputeEnvironmentName: \"batch-mongo-production\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getComputeEnvironment.\n", + "properties": { + "computeEnvironmentName": { + "type": "string", + "description": "The name of the Batch Compute Environment\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags\n" + } + }, + "type": "object", + "required": [ + "computeEnvironmentName" + ] + }, + "outputs": { + "description": "A collection of values returned by getComputeEnvironment.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the compute environment.\n" + }, + "computeEnvironmentName": { + "type": "string" + }, + "ecsClusterArn": { + "type": "string", + "description": "The ARN of the underlying Amazon ECS cluster used by the compute environment.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "serviceRole": { + "type": "string", + "description": "The ARN of the IAM role that allows AWS Batch to make calls to other AWS services on your behalf.\n" + }, + "state": { + "type": "string", + "description": "The state of the compute environment (for example, `ENABLED` or `DISABLED`). If the state is `ENABLED`, then the compute environment accepts jobs from a queue and can scale out automatically based on queues.\n" + }, + "status": { + "type": "string", + "description": "The current status of the compute environment (for example, `CREATING` or `VALID`).\n" + }, + "statusReason": { + "type": "string", + "description": "A short, human-readable string to provide additional details about the current status of the compute environment.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags\n" + }, + "type": { + "type": "string", + "description": "The type of the compute environment (for example, `MANAGED` or `UNMANAGED`).\n" + } + }, + "type": "object", + "required": [ + "arn", + "computeEnvironmentName", + "ecsClusterArn", + "serviceRole", + "state", + "status", + "statusReason", + "tags", + "type", + "id" + ] + } + }, + "aws:batch/getJobQueue:getJobQueue": { + "description": "The Batch Job Queue data source allows access to details of a specific\njob queue within AWS Batch.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test_queue = pulumi.output(aws.batch.getJobQueue({\n name: \"tf-test-batch-job-queue\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_queue = aws.batch.get_job_queue(name=\"tf-test-batch-job-queue\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test_queue = Output.Create(Aws.Batch.GetJobQueue.InvokeAsync(new Aws.Batch.GetJobQueueArgs\n {\n Name = \"tf-test-batch-job-queue\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/batch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := batch.LookupJobQueue(ctx, &batch.LookupJobQueueArgs{\n\t\t\tName: \"tf-test-batch-job-queue\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getJobQueue.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the job queue.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getJobQueue.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the job queue.\n" + }, + "computeEnvironmentOrders": { + "type": "array", + "items": { + "$ref": "#/types/aws:batch/getJobQueueComputeEnvironmentOrder:getJobQueueComputeEnvironmentOrder" + }, + "description": "The compute environments that are attached to the job queue and the order in\nwhich job placement is preferred. Compute environments are selected for job placement in ascending order.\n* `compute_environment_order.#.order` - The order of the compute environment.\n* `compute_environment_order.#.compute_environment` - The ARN of the compute environment.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "priority": { + "type": "integer", + "description": "The priority of the job queue. Job queues with a higher priority are evaluated first when\nassociated with the same compute environment.\n" + }, + "state": { + "type": "string", + "description": "Describes the ability of the queue to accept new jobs (for example, `ENABLED` or `DISABLED`).\n" + }, + "status": { + "type": "string", + "description": "The current status of the job queue (for example, `CREATING` or `VALID`).\n" + }, + "statusReason": { + "type": "string", + "description": "A short, human-readable string to provide additional details about the current status\nof the job queue.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags\n" + } + }, + "type": "object", + "required": [ + "arn", + "computeEnvironmentOrders", + "name", + "priority", + "state", + "status", + "statusReason", + "tags", + "id" + ] + } + }, + "aws:cloudformation/getCloudFormationType:getCloudFormationType": { + "description": "Provides details about a CloudFormation Type.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.cloudformation.getCloudFormationType({\n type: \"RESOURCE\",\n typeName: \"AWS::Athena::WorkGroup\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudformation.get_cloud_formation_type(type=\"RESOURCE\",\n type_name=\"AWS::Athena::WorkGroup\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.CloudFormation.GetCloudFormationType.InvokeAsync(new Aws.CloudFormation.GetCloudFormationTypeArgs\n {\n Type = \"RESOURCE\",\n TypeName = \"AWS::Athena::WorkGroup\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"RESOURCE\"\n\t\topt1 := \"AWS::Athena::WorkGroup\"\n\t\t_, err := cloudformation.LookupCloudFormationType(ctx, &cloudformation.LookupCloudFormationTypeArgs{\n\t\t\tType: &opt0,\n\t\t\tTypeName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCloudFormationType.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the CloudFormation Type. For example, `arn:aws:cloudformation:us-west-2::type/resource/AWS-EC2-VPC`.\n" + }, + "type": { + "type": "string", + "description": "CloudFormation Registry Type. For example, `RESOURCE`.\n" + }, + "typeName": { + "type": "string", + "description": "CloudFormation Type name. For example, `AWS::EC2::VPC`.\n" + }, + "versionId": { + "type": "string", + "description": "Identifier of the CloudFormation Type version.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getCloudFormationType.\n", + "properties": { + "arn": { + "type": "string" + }, + "defaultVersionId": { + "type": "string", + "description": "Identifier of the CloudFormation Type default version.\n" + }, + "deprecatedStatus": { + "type": "string", + "description": "Deprecation status of the CloudFormation Type.\n" + }, + "description": { + "type": "string", + "description": "Description of the CloudFormation Type.\n" + }, + "documentationUrl": { + "type": "string", + "description": "URL of the documentation for the CloudFormation Type.\n" + }, + "executionRoleArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM Role used to register the CloudFormation Type.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "isDefaultVersion": { + "type": "boolean", + "description": "Whether the CloudFormation Type version is the default version.\n" + }, + "loggingConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudformation/getCloudFormationTypeLoggingConfig:getCloudFormationTypeLoggingConfig" + }, + "description": "List of objects containing logging configuration.\n" + }, + "provisioningType": { + "type": "string", + "description": "Provisioning behavior of the CloudFormation Type.\n" + }, + "schema": { + "type": "string", + "description": "JSON document of the CloudFormation Type schema.\n" + }, + "sourceUrl": { + "type": "string", + "description": "URL of the source code for the CloudFormation Type.\n" + }, + "type": { + "type": "string" + }, + "typeArn": { + "type": "string" + }, + "typeName": { + "type": "string" + }, + "versionId": { + "type": "string" + }, + "visibility": { + "type": "string", + "description": "Scope of the CloudFormation Type.\n" + } + }, + "type": "object", + "required": [ + "arn", + "defaultVersionId", + "deprecatedStatus", + "description", + "documentationUrl", + "executionRoleArn", + "isDefaultVersion", + "loggingConfigs", + "provisioningType", + "schema", + "sourceUrl", + "type", + "typeArn", + "typeName", + "visibility", + "id" + ] + } + }, + "aws:cloudformation/getExport:getExport": { + "description": "The CloudFormation Export data source allows access to stack\nexports specified in the [Output](http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/outputs-section-structure.html) section of the Cloudformation Template using the optional Export Property.\n\n > Note: If you are trying to use a value from a Cloudformation Stack in the same deployment please use normal interpolation or Cloudformation Outputs.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst subnetId = aws.cloudformation.getExport({\n name: \"mySubnetIdExportName\",\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-abb07bcb\",\n instanceType: \"t2.micro\",\n subnetId: subnetId.then(subnetId => subnetId.value),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsubnet_id = aws.cloudformation.get_export(name=\"mySubnetIdExportName\")\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-abb07bcb\",\n instance_type=\"t2.micro\",\n subnet_id=subnet_id.value)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var subnetId = Output.Create(Aws.CloudFormation.GetExport.InvokeAsync(new Aws.CloudFormation.GetExportArgs\n {\n Name = \"mySubnetIdExportName\",\n }));\n var web = new Aws.Ec2.Instance(\"web\", new Aws.Ec2.InstanceArgs\n {\n Ami = \"ami-abb07bcb\",\n InstanceType = \"t2.micro\",\n SubnetId = subnetId.Apply(subnetId => subnetId.Value),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsubnetId, err := cloudformation.GetExport(ctx, &cloudformation.GetExportArgs{\n\t\t\tName: \"mySubnetIdExportName\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", &ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-abb07bcb\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tSubnetId: pulumi.String(subnetId.Value),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getExport.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the export as it appears in the console or from [list-exports](http://docs.aws.amazon.com/cli/latest/reference/cloudformation/list-exports.html)\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getExport.\n", + "properties": { + "exportingStackId": { + "type": "string", + "description": "The exporting_stack_id (AWS ARNs) equivalent `ExportingStackId` from [list-exports](http://docs.aws.amazon.com/cli/latest/reference/cloudformation/list-exports.html)\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "value": { + "type": "string", + "description": "The value from Cloudformation export identified by the export name found from [list-exports](http://docs.aws.amazon.com/cli/latest/reference/cloudformation/list-exports.html)\n" + } + }, + "type": "object", + "required": [ + "exportingStackId", + "name", + "value", + "id" + ] + } + }, + "aws:cloudformation/getStack:getStack": { + "description": "The CloudFormation Stack data source allows access to stack\noutputs and other useful data including the template body.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst network = aws.cloudformation.getStack({\n name: \"my-network-stack\",\n});\nconst web = new aws.ec2.Instance(\"web\", {\n ami: \"ami-abb07bcb\",\n instanceType: \"t2.micro\",\n subnetId: network.then(network => network.outputs?.SubnetId),\n tags: {\n Name: \"HelloWorld\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nnetwork = aws.cloudformation.get_stack(name=\"my-network-stack\")\nweb = aws.ec2.Instance(\"web\",\n ami=\"ami-abb07bcb\",\n instance_type=\"t2.micro\",\n subnet_id=network.outputs[\"SubnetId\"],\n tags={\n \"Name\": \"HelloWorld\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var network = Output.Create(Aws.CloudFormation.GetStack.InvokeAsync(new Aws.CloudFormation.GetStackArgs\n {\n Name = \"my-network-stack\",\n }));\n var web = new Aws.Ec2.Instance(\"web\", new Aws.Ec2.InstanceArgs\n {\n Ami = \"ami-abb07bcb\",\n InstanceType = \"t2.micro\",\n SubnetId = network.Apply(network => network.Outputs?.SubnetId),\n Tags = \n {\n { \"Name\", \"HelloWorld\" },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudformation\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tnetwork, err := cloudformation.LookupStack(ctx, &cloudformation.LookupStackArgs{\n\t\t\tName: \"my-network-stack\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"web\", &ec2.InstanceArgs{\n\t\t\tAmi: pulumi.String(\"ami-abb07bcb\"),\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tSubnetId: pulumi.String(network.Outputs.SubnetId),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"Name\": pulumi.String(\"HelloWorld\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getStack.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the stack\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags associated with this stack.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getStack.\n", + "properties": { + "capabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities\n" + }, + "description": { + "type": "string", + "description": "Description of the stack\n" + }, + "disableRollback": { + "type": "boolean", + "description": "Whether the rollback of the stack is disabled when stack creation fails\n" + }, + "iamRoleArn": { + "type": "string", + "description": "The ARN of the IAM role used to create the stack.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "notificationArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of SNS topic ARNs to publish stack related events\n" + }, + "outputs": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of outputs from the stack.\n" + }, + "parameters": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of parameters that specify input parameters for the stack.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags associated with this stack.\n" + }, + "templateBody": { + "type": "string", + "description": "Structure containing the template body.\n" + }, + "timeoutInMinutes": { + "type": "integer", + "description": "The amount of time that can pass before the stack status becomes `CREATE_FAILED`\n" + } + }, + "type": "object", + "required": [ + "capabilities", + "description", + "disableRollback", + "iamRoleArn", + "name", + "notificationArns", + "outputs", + "parameters", + "tags", + "templateBody", + "timeoutInMinutes", + "id" + ] + } + }, + "aws:cloudfront/getCachePolicy:getCachePolicy": { + "description": "Use this data source to retrieve information about a CloudFront cache policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.cloudfront.getCachePolicy({\n name: \"example-policy\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.get_cache_policy(name=\"example-policy\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.CloudFront.GetCachePolicy.InvokeAsync(new Aws.CloudFront.GetCachePolicyArgs\n {\n Name = \"example-policy\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"example-policy\"\n\t\t_, err := cloudfront.LookupCachePolicy(ctx, &cloudfront.LookupCachePolicyArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCachePolicy.\n", + "properties": { + "id": { + "type": "string", + "description": "The identifier for the cache policy.\n" + }, + "name": { + "type": "string", + "description": "A unique name to identify the cache policy.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getCachePolicy.\n", + "properties": { + "comment": { + "type": "string", + "description": "A comment to describe the cache policy.\n" + }, + "defaultTtl": { + "type": "integer", + "description": "The default amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the cache policy.\n" + }, + "id": { + "type": "string" + }, + "maxTtl": { + "type": "integer", + "description": "The maximum amount of time, in seconds, that objects stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "minTtl": { + "type": "integer", + "description": "The minimum amount of time, in seconds, that you want objects to stay in the CloudFront cache before CloudFront sends another request to the origin to see if the object has been updated.\n" + }, + "name": { + "type": "string" + }, + "parametersInCacheKeyAndForwardedToOrigins": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getCachePolicyParametersInCacheKeyAndForwardedToOrigin:getCachePolicyParametersInCacheKeyAndForwardedToOrigin" + }, + "description": "The HTTP headers, cookies, and URL query strings to include in the cache key. See Parameters In Cache Key And Forwarded To Origin for more information.\n" + } + }, + "type": "object", + "required": [ + "comment", + "defaultTtl", + "etag", + "maxTtl", + "minTtl", + "parametersInCacheKeyAndForwardedToOrigins" + ] + } + }, + "aws:cloudfront/getDistribution:getDistribution": { + "description": "Use this data source to retrieve information about a CloudFront distribution.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.cloudfront.getDistribution({\n id: \"EDFDVBD632BHDS5\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cloudfront.get_distribution(id=\"EDFDVBD632BHDS5\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.CloudFront.GetDistribution.InvokeAsync(new Aws.CloudFront.GetDistributionArgs\n {\n Id = \"EDFDVBD632BHDS5\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfront.LookupDistribution(ctx, &cloudfront.LookupDistributionArgs{\n\t\t\tId: \"EDFDVBD632BHDS5\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDistribution.\n", + "properties": { + "id": { + "type": "string", + "description": "The identifier for the distribution. For example: `EDFDVBD632BHDS5`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "id" + ] + }, + "outputs": { + "description": "A collection of values returned by getDistribution.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) for the distribution. For example: arn:aws:cloudfront::123456789012:distribution/EDFDVBD632BHDS5, where 123456789012 is your AWS account ID.\n" + }, + "domainName": { + "type": "string", + "description": "The domain name corresponding to the distribution. For\nexample: `d604721fxaaqy9.cloudfront.net`.\n" + }, + "enabled": { + "type": "boolean" + }, + "etag": { + "type": "string", + "description": "The current version of the distribution's information. For example:\n`E2QWRUHAPOMQZL`.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The CloudFront Route 53 zone ID that can be used to\nroute an [Alias Resource Record Set][7] to. This attribute is simply an\nalias for the zone ID `Z2FDTNDATAQYW2`.\n" + }, + "id": { + "type": "string", + "description": "The identifier for the distribution. For example: `EDFDVBD632BHDS5`.\n" + }, + "inProgressValidationBatches": { + "type": "integer", + "description": "The number of invalidation batches\ncurrently in progress.\n" + }, + "lastModifiedTime": { + "type": "string", + "description": "The date and time the distribution was last modified.\n" + }, + "status": { + "type": "string", + "description": "The current status of the distribution. `Deployed` if the\ndistribution's information is fully propagated throughout the Amazon\nCloudFront system.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "arn", + "domainName", + "enabled", + "etag", + "hostedZoneId", + "id", + "inProgressValidationBatches", + "lastModifiedTime", + "status" + ] + } + }, + "aws:cloudfront/getOriginRequestPolicy:getOriginRequestPolicy": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example below creates a CloudFront origin request policy.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.cloudfront.getOriginRequestPolicy({\n name: \"example-policy\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudfront.get_origin_request_policy(name=\"example-policy\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.CloudFront.GetOriginRequestPolicy.InvokeAsync(new Aws.CloudFront.GetOriginRequestPolicyArgs\n {\n Name = \"example-policy\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"example-policy\"\n\t\t_, err := cloudfront.LookupOriginRequestPolicy(ctx, &cloudfront.LookupOriginRequestPolicyArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getOriginRequestPolicy.\n", + "properties": { + "id": { + "type": "string", + "description": "The identifier for the origin request policy.\n" + }, + "name": { + "type": "string", + "description": "Unique name to identify the origin request policy.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getOriginRequestPolicy.\n", + "properties": { + "comment": { + "type": "string", + "description": "Comment to describe the origin request policy.\n" + }, + "cookiesConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getOriginRequestPolicyCookiesConfig:getOriginRequestPolicyCookiesConfig" + }, + "description": "Object that determines whether any cookies in viewer requests (and if so, which cookies) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Cookies Config for more information.\n" + }, + "etag": { + "type": "string", + "description": "The current version of the origin request policy.\n" + }, + "headersConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getOriginRequestPolicyHeadersConfig:getOriginRequestPolicyHeadersConfig" + }, + "description": "Object that determines whether any HTTP headers (and if so, which headers) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Headers Config for more information.\n" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "queryStringsConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:cloudfront/getOriginRequestPolicyQueryStringsConfig:getOriginRequestPolicyQueryStringsConfig" + }, + "description": "Object that determines whether any URL query strings in viewer requests (and if so, which query strings) are included in the origin request key and automatically included in requests that CloudFront sends to the origin. See Query Strings Config for more information.\n" + } + }, + "type": "object", + "required": [ + "comment", + "cookiesConfigs", + "etag", + "headersConfigs", + "queryStringsConfigs" + ] + } + }, + "aws:cloudhsmv2/getCluster:getCluster": { + "description": "Use this data source to get information about a CloudHSM v2 cluster\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst cluster = pulumi.output(aws.cloudhsmv2.getCluster({\n clusterId: \"cluster-testclusterid\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncluster = aws.cloudhsmv2.get_cluster(cluster_id=\"cluster-testclusterid\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var cluster = Output.Create(Aws.CloudHsmV2.GetCluster.InvokeAsync(new Aws.CloudHsmV2.GetClusterArgs\n {\n ClusterId = \"cluster-testclusterid\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudhsmv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudhsmv2.LookupCluster(ctx, &cloudhsmv2.LookupClusterArgs{\n\t\t\tClusterId: \"cluster-testclusterid\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCluster.\n", + "properties": { + "clusterId": { + "type": "string", + "description": "The id of Cloud HSM v2 cluster.\n" + }, + "clusterState": { + "type": "string", + "description": "The state of the cluster to be found.\n" + } + }, + "type": "object", + "required": [ + "clusterId" + ] + }, + "outputs": { + "description": "A collection of values returned by getCluster.\n", + "properties": { + "clusterCertificates": { + "$ref": "#/types/aws:cloudhsmv2/getClusterClusterCertificates:getClusterClusterCertificates", + "description": "The list of cluster certificates.\n* `cluster_certificates.0.cluster_certificate` - The cluster certificate issued (signed) by the issuing certificate authority (CA) of the cluster's owner.\n* `cluster_certificates.0.cluster_csr` - The certificate signing request (CSR). Available only in UNINITIALIZED state.\n* `cluster_certificates.0.aws_hardware_certificate` - The HSM hardware certificate issued (signed) by AWS CloudHSM.\n* `cluster_certificates.0.hsm_certificate` - The HSM certificate issued (signed) by the HSM hardware.\n* `cluster_certificates.0.manufacturer_hardware_certificate` - The HSM hardware certificate issued (signed) by the hardware manufacturer.\nThe number of available cluster certificates may vary depending on state of the cluster.\n" + }, + "clusterId": { + "type": "string" + }, + "clusterState": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "securityGroupId": { + "type": "string", + "description": "The ID of the security group associated with the CloudHSM cluster.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IDs of subnets in which cluster operates.\n" + }, + "vpcId": { + "type": "string", + "description": "The id of the VPC that the CloudHSM cluster resides in.\n" + } + }, + "type": "object", + "required": [ + "clusterCertificates", + "clusterId", + "clusterState", + "securityGroupId", + "subnetIds", + "vpcId", + "id" + ] + } + }, + "aws:cloudtrail/getFunction:getFunction": { + "description": "Provides information about a CloudFront Function.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst functionName = config.require(\"functionName\");\nconst existing = aws.cloudtrail.getFunction({\n name: functionName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nfunction_name = config.require(\"functionName\")\nexisting = aws.cloudtrail.get_function(name=function_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var functionName = config.Require(\"functionName\");\n var existing = Output.Create(Aws.CloudTrail.GetFunction.InvokeAsync(new Aws.CloudTrail.GetFunctionArgs\n {\n Name = functionName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tfunctionName := cfg.Require(\"functionName\")\n\t\t_, err := cloudtrail.GetFunction(ctx, &cloudtrail.GetFunctionArgs{\n\t\t\tName: functionName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getFunction.\n", + "properties": { + "name": { + "type": "string", + "description": "Name of the CloudFront function.\n" + }, + "stage": { + "type": "string", + "description": "The function’s stage, either `DEVELOPMENT` or `LIVE`.\n" + } + }, + "type": "object", + "required": [ + "name", + "stage" + ] + }, + "outputs": { + "description": "A collection of values returned by getFunction.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) identifying your CloudFront Function.\n" + }, + "code": { + "type": "string", + "description": "Source code of the function\n" + }, + "comment": { + "type": "string", + "description": "Comment.\n" + }, + "etag": { + "type": "string", + "description": "ETag hash of the function\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lastModifiedTime": { + "type": "string", + "description": "When this resource was last modified.\n" + }, + "name": { + "type": "string" + }, + "runtime": { + "type": "string", + "description": "Identifier of the function's runtime.\n" + }, + "stage": { + "type": "string" + }, + "status": { + "type": "string", + "description": "Status of the function. Can be `UNPUBLISHED`, `UNASSOCIATED` or `ASSOCIATED`.\n" + } + }, + "type": "object", + "required": [ + "arn", + "code", + "comment", + "etag", + "lastModifiedTime", + "name", + "runtime", + "stage", + "status", + "id" + ] + } + }, + "aws:cloudtrail/getServiceAccount:getServiceAccount": { + "description": "Use this data source to get the Account ID of the [AWS CloudTrail Service Account](http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-supported-regions.html)\nin a given region for the purpose of allowing CloudTrail to store trail data in S3.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = pulumi.output(aws.cloudtrail.getServiceAccount());\nconst bucket = new aws.s3.Bucket(\"bucket\", {\n forceDestroy: true,\n policy: pulumi.interpolate`{\n \"Version\": \"2008-10-17\",\n \"Statement\": [\n {\n \"Sid\": \"Put bucket policy needed for trails\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"${main.arn}\"\n },\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*\"\n },\n {\n \"Sid\": \"Get bucket policy needed for trails\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"${main.arn}\"\n },\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket\"\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.cloudtrail.get_service_account()\nbucket = aws.s3.Bucket(\"bucket\",\n force_destroy=True,\n policy=f\"\"\"{{\n \"Version\": \"2008-10-17\",\n \"Statement\": [\n {{\n \"Sid\": \"Put bucket policy needed for trails\",\n \"Effect\": \"Allow\",\n \"Principal\": {{\n \"AWS\": \"{main.arn}\"\n }},\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*\"\n }},\n {{\n \"Sid\": \"Get bucket policy needed for trails\",\n \"Effect\": \"Allow\",\n \"Principal\": {{\n \"AWS\": \"{main.arn}\"\n }},\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::tf-cloudtrail-logging-test-bucket\"\n }}\n ]\n}}\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = Output.Create(Aws.CloudTrail.GetServiceAccount.InvokeAsync());\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n ForceDestroy = true,\n Policy = Output.Tuple(main, main).Apply(values =>\n {\n var main = values.Item1;\n var main1 = values.Item2;\n return @$\"{{\n \"\"Version\"\": \"\"2008-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Sid\"\": \"\"Put bucket policy needed for trails\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n \"\"AWS\"\": \"\"{main.Arn}\"\"\n }},\n \"\"Action\"\": \"\"s3:PutObject\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*\"\"\n }},\n {{\n \"\"Sid\"\": \"\"Get bucket policy needed for trails\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n \"\"AWS\"\": \"\"{main1.Arn}\"\"\n }},\n \"\"Action\"\": \"\"s3:GetBucketAcl\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::tf-cloudtrail-logging-test-bucket\"\"\n }}\n ]\n}}\n\n\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudtrail\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := cloudtrail.GetServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Version\\\": \\\"2008-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"Put bucket policy needed for trails\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": \\\"\", main.Arn, \"\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"s3:PutObject\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::tf-cloudtrail-logging-test-bucket/*\\\"\\n\", \" },\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"Get bucket policy needed for trails\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": \\\"\", main.Arn, \"\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"s3:GetBucketAcl\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::tf-cloudtrail-logging-test-bucket\\\"\\n\", \" }\\n\", \" ]\\n\", \"}\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getServiceAccount.\n", + "properties": { + "region": { + "type": "string", + "description": "Name of the region whose AWS CloudTrail account ID is desired.\nDefaults to the region from the AWS provider configuration.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getServiceAccount.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the AWS CloudTrail service account in the selected region.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "region": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "id" + ] + } + }, + "aws:cloudwatch/getEventConnection:getEventConnection": { + "description": "Use this data source to retrieve information about a EventBridge connection.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.cloudwatch.getEventConnection({\n name: \"test\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.cloudwatch.get_event_connection(name=\"test\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.CloudWatch.GetEventConnection.InvokeAsync(new Aws.CloudWatch.GetEventConnectionArgs\n {\n Name = \"test\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.LookupEventConnection(ctx, &cloudwatch.LookupEventConnectionArgs{\n\t\t\tName: \"test\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getEventConnection.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the connection.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getEventConnection.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) for the connection.\n" + }, + "authorizationType": { + "type": "string", + "description": "The type of authorization to use to connect. One of `API_KEY`,`BASIC`,`OAUTH_CLIENT_CREDENTIALS`.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the connection.\n" + }, + "secretArn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) for the secret created from the authorization parameters specified for the connection.\n" + } + }, + "type": "object", + "required": [ + "arn", + "authorizationType", + "name", + "secretArn", + "id" + ] + } + }, + "aws:cloudwatch/getEventSource:getEventSource": { + "description": "Use this data source to get information about an EventBridge Partner Event Source. This data source will only return one partner event source. An error will be returned if multiple sources match the same name prefix.\n\n> **Note:** EventBridge was formerly known as CloudWatch Events. The functionality is identical.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplepartner = pulumi.output(aws.cloudwatch.getEventSource({\n namePrefix: \"aws.partner/examplepartner.com\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexamplepartner = aws.cloudwatch.get_event_source(name_prefix=\"aws.partner/examplepartner.com\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplepartner = Output.Create(Aws.CloudWatch.GetEventSource.InvokeAsync(new Aws.CloudWatch.GetEventSourceArgs\n {\n NamePrefix = \"aws.partner/examplepartner.com\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"aws.partner/examplepartner.com\"\n\t\t_, err := cloudwatch.GetEventSource(ctx, &cloudwatch.GetEventSourceArgs{\n\t\t\tNamePrefix: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getEventSource.\n", + "properties": { + "namePrefix": { + "type": "string", + "description": "Specifying this limits the results to only those partner event sources with names that start with the specified prefix\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getEventSource.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the partner event source\n" + }, + "createdBy": { + "type": "string", + "description": "The name of the SaaS partner that created the event source\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the event source\n" + }, + "namePrefix": { + "type": "string" + }, + "state": { + "type": "string", + "description": "The state of the event source (`ACTIVE` or `PENDING`)\n" + } + }, + "type": "object", + "required": [ + "arn", + "createdBy", + "name", + "state", + "id" + ] + } + }, + "aws:cloudwatch/getLogGroup:getLogGroup": { + "description": "Use this data source to get information about an AWS Cloudwatch Log Group\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.cloudwatch.getLogGroup({\n name: \"MyImportantLogs\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.cloudwatch.get_log_group(name=\"MyImportantLogs\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.CloudWatch.GetLogGroup.InvokeAsync(new Aws.CloudWatch.GetLogGroupArgs\n {\n Name = \"MyImportantLogs\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudwatch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudwatch.LookupLogGroup(ctx, &cloudwatch.LookupLogGroupArgs{\n\t\t\tName: \"MyImportantLogs\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLogGroup.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the Cloudwatch log group\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getLogGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Cloudwatch log group\n" + }, + "creationTime": { + "type": "integer", + "description": "The creation time of the log group, expressed as the number of milliseconds after Jan 1, 1970 00:00:00 UTC.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN of the KMS Key to use when encrypting log data.\n" + }, + "name": { + "type": "string" + }, + "retentionInDays": { + "type": "integer", + "description": "The number of days log events retained in the specified log group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assign to the resource.\n" + } + }, + "type": "object", + "required": [ + "arn", + "creationTime", + "kmsKeyId", + "name", + "retentionInDays", + "tags", + "id" + ] + } + }, + "aws:codeartifact/getAuthorizationToken:getAuthorizationToken": { + "description": "The CodeArtifact Authorization Token data source generates a temporary authentication token for accessing repositories in a CodeArtifact domain.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.codeartifact.getAuthorizationToken({\n domain: aws_codeartifact_domain.test.domain,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.codeartifact.get_authorization_token(domain=aws_codeartifact_domain[\"test\"][\"domain\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.CodeArtifact.GetAuthorizationToken.InvokeAsync(new Aws.CodeArtifact.GetAuthorizationTokenArgs\n {\n Domain = aws_codeartifact_domain.Test.Domain,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codeartifact\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codeartifact.GetAuthorizationToken(ctx, &codeartifact.GetAuthorizationTokenArgs{\n\t\t\tDomain: aws_codeartifact_domain.Test.Domain,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAuthorizationToken.\n", + "properties": { + "domain": { + "type": "string", + "description": "The name of the domain that is in scope for the generated authorization token.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "durationSeconds": { + "type": "integer", + "description": "The time, in seconds, that the generated authorization token is valid. Valid values are `0` and between `900` and `43200`.\n" + } + }, + "type": "object", + "required": [ + "domain" + ] + }, + "outputs": { + "description": "A collection of values returned by getAuthorizationToken.\n", + "properties": { + "authorizationToken": { + "type": "string", + "description": "Temporary authorization token.\n" + }, + "domain": { + "type": "string" + }, + "domainOwner": { + "type": "string" + }, + "durationSeconds": { + "type": "integer" + }, + "expiration": { + "type": "string", + "description": "The time in UTC RFC3339 format when the authorization token expires.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "authorizationToken", + "domain", + "domainOwner", + "expiration", + "id" + ] + } + }, + "aws:codeartifact/getRepositoryEndpoint:getRepositoryEndpoint": { + "description": "The CodeArtifact Repository Endpoint data source returns the endpoint of a repository for a specific package format.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.codeartifact.getRepositoryEndpoint({\n domain: aws_codeartifact_domain.test.domain,\n repository: aws_codeartifact_repository.test.repository,\n format: \"npm\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.codeartifact.get_repository_endpoint(domain=aws_codeartifact_domain[\"test\"][\"domain\"],\n repository=aws_codeartifact_repository[\"test\"][\"repository\"],\n format=\"npm\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.CodeArtifact.GetRepositoryEndpoint.InvokeAsync(new Aws.CodeArtifact.GetRepositoryEndpointArgs\n {\n Domain = aws_codeartifact_domain.Test.Domain,\n Repository = aws_codeartifact_repository.Test.Repository,\n Format = \"npm\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codeartifact\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codeartifact.GetRepositoryEndpoint(ctx, &codeartifact.GetRepositoryEndpointArgs{\n\t\t\tDomain: aws_codeartifact_domain.Test.Domain,\n\t\t\tRepository: aws_codeartifact_repository.Test.Repository,\n\t\t\tFormat: \"npm\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRepositoryEndpoint.\n", + "properties": { + "domain": { + "type": "string", + "description": "The name of the domain that contains the repository.\n" + }, + "domainOwner": { + "type": "string", + "description": "The account number of the AWS account that owns the domain.\n" + }, + "format": { + "type": "string", + "description": "Which endpoint of a repository to return. A repository has one endpoint for each package format: `npm`, `pypi`, `maven`, and `nuget`.\n" + }, + "repository": { + "type": "string", + "description": "The name of the repository.\n" + } + }, + "type": "object", + "required": [ + "domain", + "format", + "repository" + ] + }, + "outputs": { + "description": "A collection of values returned by getRepositoryEndpoint.\n", + "properties": { + "domain": { + "type": "string" + }, + "domainOwner": { + "type": "string" + }, + "format": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "repository": { + "type": "string" + }, + "repositoryEndpoint": { + "type": "string", + "description": "The URL of the returned endpoint.\n" + } + }, + "type": "object", + "required": [ + "domain", + "domainOwner", + "format", + "repository", + "repositoryEndpoint", + "id" + ] + } + }, + "aws:codecommit/getRepository:getRepository": { + "description": "The CodeCommit Repository data source allows the ARN, Repository ID, Repository URL for HTTP and Repository URL for SSH to be retrieved for an CodeCommit repository.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.codecommit.getRepository({\n repositoryName: \"MyTestRepository\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.codecommit.get_repository(repository_name=\"MyTestRepository\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.CodeCommit.GetRepository.InvokeAsync(new Aws.CodeCommit.GetRepositoryArgs\n {\n RepositoryName = \"MyTestRepository\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codecommit\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codecommit.LookupRepository(ctx, &codecommit.LookupRepositoryArgs{\n\t\t\tRepositoryName: \"MyTestRepository\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRepository.\n", + "properties": { + "repositoryName": { + "type": "string", + "description": "The name for the repository. This needs to be less than 100 characters.\n" + } + }, + "type": "object", + "required": [ + "repositoryName" + ] + }, + "outputs": { + "description": "A collection of values returned by getRepository.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the repository\n" + }, + "cloneUrlHttp": { + "type": "string", + "description": "The URL to use for cloning the repository over HTTPS.\n" + }, + "cloneUrlSsh": { + "type": "string", + "description": "The URL to use for cloning the repository over SSH.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "repositoryId": { + "type": "string", + "description": "The ID of the repository\n" + }, + "repositoryName": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "cloneUrlHttp", + "cloneUrlSsh", + "repositoryId", + "repositoryName", + "id" + ] + } + }, + "aws:codestarconnections/getConnection:getConnection": { + "description": "Provides details about CodeStar Connection.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.codestarconnections.getConnection({\n arn: aws_codestarconnections_connection.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.codestarconnections.get_connection(arn=aws_codestarconnections_connection[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.CodeStarConnections.GetConnection.InvokeAsync(new Aws.CodeStarConnections.GetConnectionArgs\n {\n Arn = aws_codestarconnections_connection.Example.Arn,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/codestarconnections\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := codestarconnections.LookupConnection(ctx, &codestarconnections.LookupConnectionArgs{\n\t\t\tArn: aws_codestarconnections_connection.Example.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getConnection.\n", + "properties": { + "arn": { + "type": "string", + "description": "The CodeStar Connection ARN.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value resource tags to associate with the resource.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getConnection.\n", + "properties": { + "arn": { + "type": "string" + }, + "connectionStatus": { + "type": "string", + "description": "The CodeStar Connection status. Possible values are `PENDING`, `AVAILABLE` and `ERROR`.\n" + }, + "hostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the host associated with the connection.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the CodeStar Connection. The name is unique in the calling AWS account.\n" + }, + "providerType": { + "type": "string", + "description": "The name of the external provider where your third-party code repository is configured. Possible values are `Bitbucket`, `GitHub`, or `GitHubEnterpriseServer`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value resource tags to associate with the resource.\n" + } + }, + "type": "object", + "required": [ + "arn", + "connectionStatus", + "hostArn", + "name", + "providerType", + "tags", + "id" + ] + } + }, + "aws:cognito/getUserPools:getUserPools": { + "description": "Use this data source to get a list of cognito user pools.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selectedRestApi = aws.apigateway.getRestApi({\n name: _var.api_gateway_name,\n});\nconst selectedUserPools = aws.cognito.getUserPools({\n name: _var.cognito_user_pool_name,\n});\nconst cognito = new aws.apigateway.Authorizer(\"cognito\", {\n type: \"COGNITO_USER_POOLS\",\n restApi: selectedRestApi.then(selectedRestApi => selectedRestApi.id),\n providerArns: selectedUserPools.then(selectedUserPools => selectedUserPools.arns),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected_rest_api = aws.apigateway.get_rest_api(name=var[\"api_gateway_name\"])\nselected_user_pools = aws.cognito.get_user_pools(name=var[\"cognito_user_pool_name\"])\ncognito = aws.apigateway.Authorizer(\"cognito\",\n type=\"COGNITO_USER_POOLS\",\n rest_api=selected_rest_api.id,\n provider_arns=selected_user_pools.arns)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var selectedRestApi = Output.Create(Aws.ApiGateway.GetRestApi.InvokeAsync(new Aws.ApiGateway.GetRestApiArgs\n {\n Name = @var.Api_gateway_name,\n }));\n var selectedUserPools = Output.Create(Aws.Cognito.GetUserPools.InvokeAsync(new Aws.Cognito.GetUserPoolsArgs\n {\n Name = @var.Cognito_user_pool_name,\n }));\n var cognito = new Aws.ApiGateway.Authorizer(\"cognito\", new Aws.ApiGateway.AuthorizerArgs\n {\n Type = \"COGNITO_USER_POOLS\",\n RestApi = selectedRestApi.Apply(selectedRestApi => selectedRestApi.Id),\n ProviderArns = selectedUserPools.Apply(selectedUserPools => selectedUserPools.Arns),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/apigateway\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cognito\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselectedRestApi, err := apigateway.LookupRestApi(ctx, &apigateway.LookupRestApiArgs{\n\t\t\tName: _var.Api_gateway_name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tselectedUserPools, err := cognito.GetUserPools(ctx, &cognito.GetUserPoolsArgs{\n\t\t\tName: _var.Cognito_user_pool_name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewAuthorizer(ctx, \"cognito\", &apigateway.AuthorizerArgs{\n\t\t\tType: pulumi.String(\"COGNITO_USER_POOLS\"),\n\t\t\tRestApi: pulumi.String(selectedRestApi.Id),\n\t\t\tProviderArns: interface{}(selectedUserPools.Arns),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getUserPools.\n", + "properties": { + "name": { + "type": "string", + "description": "Name of the cognito user pools. Name is not a unique attribute for cognito user pool, so multiple pools might be returned with given name.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getUserPools.\n", + "properties": { + "arns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of cognito user pool Amazon Resource Names (ARNs).\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The set of cognito user pool ids.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arns", + "ids", + "name", + "id" + ] + } + }, + "aws:cur/getReportDefinition:getReportDefinition": { + "description": "Use this data source to get information on an AWS Cost and Usage Report Definition.\n\n> *NOTE:* The AWS Cost and Usage Report service is only available in `us-east-1` currently.\n\n> *NOTE:* If AWS Organizations is enabled, only the master account can use this resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst reportDefinition = pulumi.output(aws.cur.getReportDefinition({\n reportName: \"example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nreport_definition = aws.cur.get_report_definition(report_name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var reportDefinition = Output.Create(Aws.Cur.GetReportDefinition.InvokeAsync(new Aws.Cur.GetReportDefinitionArgs\n {\n ReportName = \"example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cur\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cur.LookupReportDefinition(ctx, &cur.LookupReportDefinitionArgs{\n\t\t\tReportName: \"example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getReportDefinition.\n", + "properties": { + "reportName": { + "type": "string", + "description": "The name of the report definition to match.\n" + } + }, + "type": "object", + "required": [ + "reportName" + ] + }, + "outputs": { + "description": "A collection of values returned by getReportDefinition.\n", + "properties": { + "additionalArtifacts": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of additional artifacts.\n" + }, + "additionalSchemaElements": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of schema elements.\n" + }, + "compression": { + "type": "string", + "description": "Preferred format for report.\n" + }, + "format": { + "type": "string", + "description": "Preferred compression format for report.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "refreshClosedReports": { + "type": "boolean", + "description": "If true reports are updated after they have been finalized.\n" + }, + "reportName": { + "type": "string" + }, + "reportVersioning": { + "type": "string", + "description": "Overwrite the previous version of each report or to deliver the report in addition to the previous versions.\n" + }, + "s3Bucket": { + "type": "string", + "description": "Name of customer S3 bucket.\n" + }, + "s3Prefix": { + "type": "string", + "description": "Preferred report path prefix.\n" + }, + "s3Region": { + "type": "string", + "description": "Region of customer S3 bucket.\n" + }, + "timeUnit": { + "type": "string", + "description": "The frequency on which report data are measured and displayed.\n" + } + }, + "type": "object", + "required": [ + "additionalArtifacts", + "additionalSchemaElements", + "compression", + "format", + "refreshClosedReports", + "reportName", + "reportVersioning", + "s3Bucket", + "s3Prefix", + "s3Region", + "timeUnit", + "id" + ] + } + }, + "aws:directconnect/getGateway:getGateway": { + "description": "Retrieve information about a Direct Connect Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.directconnect.getGateway({\n name: \"example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.directconnect.get_gateway(name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.DirectConnect.GetGateway.InvokeAsync(new Aws.DirectConnect.GetGatewayArgs\n {\n Name = \"example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directconnect\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directconnect.LookupGateway(ctx, &directconnect.LookupGatewayArgs{\n\t\t\tName: \"example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getGateway.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the gateway to retrieve.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getGateway.\n", + "properties": { + "amazonSideAsn": { + "type": "string", + "description": "The ASN on the Amazon side of the connection.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "ownerAccountId": { + "type": "string", + "description": "AWS Account ID of the gateway.\n" + } + }, + "type": "object", + "required": [ + "amazonSideAsn", + "name", + "ownerAccountId", + "id" + ] + } + }, + "aws:directoryservice/getDirectory:getDirectory": { + "description": "Get attributes of AWS Directory Service directory (SimpleAD, Managed AD, AD Connector). It's especially useful to refer AWS Managed AD or on-premise AD in AD Connector configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.directoryservice.getDirectory({\n directoryId: aws_directory_service_directory.main.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.directoryservice.get_directory(directory_id=aws_directory_service_directory[\"main\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.DirectoryService.GetDirectory.InvokeAsync(new Aws.DirectoryService.GetDirectoryArgs\n {\n DirectoryId = aws_directory_service_directory.Main.Id,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/directoryservice\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := directoryservice.LookupDirectory(ctx, &directoryservice.LookupDirectoryArgs{\n\t\t\tDirectoryId: aws_directory_service_directory.Main.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDirectory.\n", + "properties": { + "directoryId": { + "type": "string", + "description": "The ID of the directory.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the directory/connector.\n" + } + }, + "type": "object", + "required": [ + "directoryId" + ] + }, + "outputs": { + "description": "A collection of values returned by getDirectory.\n", + "properties": { + "accessUrl": { + "type": "string", + "description": "The access URL for the directory/connector, such as http://alias.awsapps.com.\n" + }, + "alias": { + "type": "string", + "description": "The alias for the directory/connector, such as `d-991708b282.awsapps.com`.\n" + }, + "connectSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:directoryservice/getDirectoryConnectSetting:getDirectoryConnectSetting" + } + }, + "description": { + "type": "string", + "description": "A textual description for the directory/connector.\n" + }, + "directoryId": { + "type": "string" + }, + "dnsIpAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of IP addresses of the DNS servers for the directory/connector.\n" + }, + "edition": { + "type": "string", + "description": "(for `MicrosoftAD`) The Microsoft AD edition (`Standard` or `Enterprise`).\n" + }, + "enableSso": { + "type": "boolean", + "description": "The directory/connector single-sign on status.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The fully qualified name for the directory/connector.\n" + }, + "securityGroupId": { + "type": "string", + "description": "The ID of the security group created by the directory/connector.\n" + }, + "shortName": { + "type": "string", + "description": "The short name of the directory/connector, such as `CORP`.\n" + }, + "size": { + "type": "string", + "description": "(for `SimpleAD` and `ADConnector`) The size of the directory/connector (`Small` or `Large`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the directory/connector.\n" + }, + "type": { + "type": "string", + "description": "The directory type (`SimpleAD`, `ADConnector` or `MicrosoftAD`).\n" + }, + "vpcSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:directoryservice/getDirectoryVpcSetting:getDirectoryVpcSetting" + } + } + }, + "type": "object", + "required": [ + "accessUrl", + "alias", + "connectSettings", + "description", + "directoryId", + "dnsIpAddresses", + "edition", + "enableSso", + "name", + "securityGroupId", + "shortName", + "size", + "type", + "vpcSettings", + "id" + ] + } + }, + "aws:docdb/getEngineVersion:getEngineVersion": { + "description": "Information about a DocumentDB engine version.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.docdb.getEngineVersion({\n version: \"3.6.0\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.docdb.get_engine_version(version=\"3.6.0\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.DocDB.GetEngineVersion.InvokeAsync(new Aws.DocDB.GetEngineVersionArgs\n {\n Version = \"3.6.0\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"3.6.0\"\n\t\t_, err := docdb.GetEngineVersion(ctx, &docdb.GetEngineVersionArgs{\n\t\t\tVersion: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getEngineVersion.\n", + "properties": { + "engine": { + "type": "string", + "description": "DB engine. (Default: `docdb`)\n" + }, + "parameterGroupFamily": { + "type": "string", + "description": "The name of a specific DB parameter group family. An example parameter group family is `docdb3.6`.\n" + }, + "preferredVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ordered list of preferred engine versions. The first match in this list will be returned. If no preferred matches are found and the original search returned more than one result, an error is returned. If both the `version` and `preferred_versions` arguments are not configured, the data source will return the default version for the engine.\n" + }, + "version": { + "type": "string", + "description": "Version of the DB engine. For example, `3.6.0`. If `version` and `preferred_versions` are not set, the data source will provide information for the AWS-defined default version. If both the `version` and `preferred_versions` arguments are not configured, the data source will return the default version for the engine.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getEngineVersion.\n", + "properties": { + "engine": { + "type": "string" + }, + "engineDescription": { + "type": "string", + "description": "The description of the database engine.\n" + }, + "exportableLogTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of log types that the database engine has available for export to CloudWatch Logs.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "parameterGroupFamily": { + "type": "string" + }, + "preferredVersions": { + "type": "array", + "items": { + "type": "string" + } + }, + "supportsLogExportsToCloudwatch": { + "type": "boolean", + "description": "Indicates whether the engine version supports exporting the log types specified by `exportable_log_types` to CloudWatch Logs.\n" + }, + "validUpgradeTargets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A set of engine versions that this database engine version can be upgraded to.\n" + }, + "version": { + "type": "string" + }, + "versionDescription": { + "type": "string", + "description": "The description of the database engine version.\n" + } + }, + "type": "object", + "required": [ + "engineDescription", + "exportableLogTypes", + "parameterGroupFamily", + "supportsLogExportsToCloudwatch", + "validUpgradeTargets", + "version", + "versionDescription", + "id" + ] + } + }, + "aws:docdb/getOrderableDbInstance:getOrderableDbInstance": { + "description": "Information about DocumentDB orderable DB instances.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.docdb.getOrderableDbInstance({\n engine: \"docdb\",\n engineVersion: \"3.6.0\",\n licenseModel: \"na\",\n preferredInstanceClasses: [\n \"db.r5.large\",\n \"db.r4.large\",\n \"db.t3.medium\",\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.docdb.get_orderable_db_instance(engine=\"docdb\",\n engine_version=\"3.6.0\",\n license_model=\"na\",\n preferred_instance_classes=[\n \"db.r5.large\",\n \"db.r4.large\",\n \"db.t3.medium\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.DocDB.GetOrderableDbInstance.InvokeAsync(new Aws.DocDB.GetOrderableDbInstanceArgs\n {\n Engine = \"docdb\",\n EngineVersion = \"3.6.0\",\n LicenseModel = \"na\",\n PreferredInstanceClasses = \n {\n \"db.r5.large\",\n \"db.r4.large\",\n \"db.t3.medium\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/docdb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"docdb\"\n\t\topt1 := \"3.6.0\"\n\t\topt2 := \"na\"\n\t\t_, err := docdb.GetOrderableDbInstance(ctx, &docdb.GetOrderableDbInstanceArgs{\n\t\t\tEngine: &opt0,\n\t\t\tEngineVersion: &opt1,\n\t\t\tLicenseModel: &opt2,\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r5.large\",\n\t\t\t\t\"db.r4.large\",\n\t\t\t\t\"db.t3.medium\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getOrderableDbInstance.\n", + "properties": { + "engine": { + "type": "string", + "description": "DB engine. Default: `docdb`\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the DB engine.\n" + }, + "instanceClass": { + "type": "string", + "description": "DB instance class. Examples of classes are `db.r5.12xlarge`, `db.r5.24xlarge`, `db.r5.2xlarge`, `db.r5.4xlarge`, `db.r5.large`, `db.r5.xlarge`, and `db.t3.medium`. (Conflicts with `preferred_instance_classes`.)\n" + }, + "licenseModel": { + "type": "string", + "description": "License model. Default: `na`\n" + }, + "preferredInstanceClasses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ordered list of preferred DocumentDB DB instance classes. The first match in this list will be returned. If no preferred matches are found and the original search returned more than one result, an error is returned. (Conflicts with `instance_class`.)\n" + }, + "vpc": { + "type": "boolean", + "description": "Enable to show only VPC.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getOrderableDbInstance.\n", + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Availability zones where the instance is available.\n" + }, + "engine": { + "type": "string" + }, + "engineVersion": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceClass": { + "type": "string" + }, + "licenseModel": { + "type": "string" + }, + "preferredInstanceClasses": { + "type": "array", + "items": { + "type": "string" + } + }, + "vpc": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "availabilityZones", + "engineVersion", + "instanceClass", + "vpc", + "id" + ] + } + }, + "aws:dynamodb/getTable:getTable": { + "description": "Provides information about a DynamoDB table.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst tableName = pulumi.output(aws.dynamodb.getTable({\n name: \"tableName\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntable_name = aws.dynamodb.get_table(name=\"tableName\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var tableName = Output.Create(Aws.DynamoDB.GetTable.InvokeAsync(new Aws.DynamoDB.GetTableArgs\n {\n Name = \"tableName\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/dynamodb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dynamodb.LookupTable(ctx, &dynamodb.LookupTableArgs{\n\t\t\tName: \"tableName\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getTable.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the DynamoDB table.\n" + }, + "serverSideEncryption": { + "$ref": "#/types/aws:dynamodb/getTableServerSideEncryption:getTableServerSideEncryption" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getTable.\n", + "properties": { + "arn": { + "type": "string" + }, + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/getTableAttribute:getTableAttribute" + } + }, + "billingMode": { + "type": "string" + }, + "globalSecondaryIndexes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/getTableGlobalSecondaryIndex:getTableGlobalSecondaryIndex" + } + }, + "hashKey": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "localSecondaryIndexes": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/getTableLocalSecondaryIndex:getTableLocalSecondaryIndex" + } + }, + "name": { + "type": "string" + }, + "pointInTimeRecovery": { + "$ref": "#/types/aws:dynamodb/getTablePointInTimeRecovery:getTablePointInTimeRecovery" + }, + "rangeKey": { + "type": "string" + }, + "readCapacity": { + "type": "integer" + }, + "replicas": { + "type": "array", + "items": { + "$ref": "#/types/aws:dynamodb/getTableReplica:getTableReplica" + } + }, + "serverSideEncryption": { + "$ref": "#/types/aws:dynamodb/getTableServerSideEncryption:getTableServerSideEncryption" + }, + "streamArn": { + "type": "string" + }, + "streamEnabled": { + "type": "boolean" + }, + "streamLabel": { + "type": "string" + }, + "streamViewType": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "ttl": { + "$ref": "#/types/aws:dynamodb/getTableTtl:getTableTtl" + }, + "writeCapacity": { + "type": "integer" + } + }, + "type": "object", + "required": [ + "arn", + "attributes", + "billingMode", + "globalSecondaryIndexes", + "hashKey", + "localSecondaryIndexes", + "name", + "pointInTimeRecovery", + "rangeKey", + "readCapacity", + "replicas", + "serverSideEncryption", + "streamArn", + "streamEnabled", + "streamLabel", + "streamViewType", + "tags", + "ttl", + "writeCapacity", + "id" + ] + } + }, + "aws:ebs/getDefaultKmsKey:getDefaultKmsKey": { + "description": "Use this data source to get the default EBS encryption KMS key in the current region.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.ebs.getDefaultKmsKey({});\nconst example = new aws.ebs.Volume(\"example\", {\n availabilityZone: \"us-west-2a\",\n encrypted: true,\n kmsKeyId: current.then(current => current.keyArn),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.ebs.get_default_kms_key()\nexample = aws.ebs.Volume(\"example\",\n availability_zone=\"us-west-2a\",\n encrypted=True,\n kms_key_id=current.key_arn)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.Ebs.GetDefaultKmsKey.InvokeAsync());\n var example = new Aws.Ebs.Volume(\"example\", new Aws.Ebs.VolumeArgs\n {\n AvailabilityZone = \"us-west-2a\",\n Encrypted = true,\n KmsKeyId = current.Apply(current => current.KeyArn),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := ebs.LookupDefaultKmsKey(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ebs.NewVolume(ctx, \"example\", &ebs.VolumeArgs{\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-2a\"),\n\t\t\tEncrypted: pulumi.Bool(true),\n\t\t\tKmsKeyId: pulumi.String(current.KeyArn),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getDefaultKmsKey.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "keyArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the default KMS key uses to encrypt an EBS volume in this region when no key is specified in an API call that creates the volume and encryption by default is enabled.\n" + } + }, + "type": "object", + "required": [ + "keyArn", + "id" + ] + } + }, + "aws:ebs/getEbsVolumes:getEbsVolumes": { + "description": "`aws.ebs.getEbsVolumes` provides identifying information for EBS volumes matching given criteria.\n\nThis data source can be useful for getting a list of volume IDs with (for example) matching tags.\n", + "inputs": { + "description": "A collection of arguments for invoking getEbsVolumes.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ebs/getEbsVolumesFilter:getEbsVolumesFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired volumes.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getEbsVolumes.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ebs/getEbsVolumesFilter:getEbsVolumesFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A set of all the EBS Volume IDs found. This data source will fail if\nno volumes match the provided criteria.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "ids", + "id" + ] + } + }, + "aws:ebs/getEncryptionByDefault:getEncryptionByDefault": { + "description": "Provides a way to check whether default EBS encryption is enabled for your AWS account in the current AWS region.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = pulumi.output(aws.ebs.getEncryptionByDefault());\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.ebs.get_encryption_by_default()\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.Ebs.GetEncryptionByDefault.InvokeAsync());\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ebs.LookupEncryptionByDefault(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getEncryptionByDefault.\n", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether or not default EBS encryption is enabled. Returns as `true` or `false`.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "enabled", + "id" + ] + } + }, + "aws:ebs/getSnapshot:getSnapshot": { + "description": "Use this data source to get information about an EBS Snapshot for use when provisioning EBS Volumes\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ebsVolume = pulumi.output(aws.ebs.getSnapshot({\n filters: [\n {\n name: \"volume-size\",\n values: [\"40\"],\n },\n {\n name: \"tag:Name\",\n values: [\"Example\"],\n },\n ],\n mostRecent: true,\n owners: [\"self\"],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nebs_volume = aws.ebs.get_snapshot(filters=[\n aws.ebs.GetSnapshotFilterArgs(\n name=\"volume-size\",\n values=[\"40\"],\n ),\n aws.ebs.GetSnapshotFilterArgs(\n name=\"tag:Name\",\n values=[\"Example\"],\n ),\n ],\n most_recent=True,\n owners=[\"self\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ebsVolume = Output.Create(Aws.Ebs.GetSnapshot.InvokeAsync(new Aws.Ebs.GetSnapshotArgs\n {\n Filters = \n {\n new Aws.Ebs.Inputs.GetSnapshotFilterArgs\n {\n Name = \"volume-size\",\n Values = \n {\n \"40\",\n },\n },\n new Aws.Ebs.Inputs.GetSnapshotFilterArgs\n {\n Name = \"tag:Name\",\n Values = \n {\n \"Example\",\n },\n },\n },\n MostRecent = true,\n Owners = \n {\n \"self\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\t_, err := ebs.LookupSnapshot(ctx, &ebs.LookupSnapshotArgs{\n\t\t\tFilters: []ebs.GetSnapshotFilter{\n\t\t\t\tebs.GetSnapshotFilter{\n\t\t\t\t\tName: \"volume-size\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"40\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tebs.GetSnapshotFilter{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"Example\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tMostRecent: &opt0,\n\t\t\tOwners: []string{\n\t\t\t\t\"self\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSnapshot.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ebs/getSnapshotFilter:getSnapshotFilter" + }, + "description": "One or more name/value pairs to filter off of. There are\nseveral valid keys, for a full reference, check out\n[describe-snapshots in the AWS CLI reference][1].\n" + }, + "mostRecent": { + "type": "boolean", + "description": "If more than one result is returned, use the most recent snapshot.\n" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Returns the snapshots owned by the specified owner id. Multiple owners can be specified.\n" + }, + "restorableByUserIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more AWS accounts IDs that can create volumes from the snapshot.\n" + }, + "snapshotIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Returns information on a specific snapshot_id.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the resource.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getSnapshot.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EBS Snapshot.\n" + }, + "dataEncryptionKeyId": { + "type": "string", + "description": "The data encryption key identifier for the snapshot.\n" + }, + "description": { + "type": "string", + "description": "A description for the snapshot\n" + }, + "encrypted": { + "type": "boolean", + "description": "Whether the snapshot is encrypted.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ebs/getSnapshotFilter:getSnapshotFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "mostRecent": { + "type": "boolean" + }, + "ownerAlias": { + "type": "string", + "description": "Value from an Amazon-maintained list (`amazon`, `aws-marketplace`, `microsoft`) of snapshot owners.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the EBS snapshot owner.\n" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + } + }, + "restorableByUserIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "snapshotId": { + "type": "string", + "description": "The snapshot ID (e.g. snap-59fcb34e).\n" + }, + "snapshotIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "state": { + "type": "string", + "description": "The snapshot state.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the resource.\n" + }, + "volumeId": { + "type": "string", + "description": "The volume ID (e.g. vol-59fcb34e).\n" + }, + "volumeSize": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + } + }, + "type": "object", + "required": [ + "arn", + "dataEncryptionKeyId", + "description", + "encrypted", + "kmsKeyId", + "ownerAlias", + "ownerId", + "snapshotId", + "state", + "tags", + "volumeId", + "volumeSize", + "id" + ] + } + }, + "aws:ebs/getSnapshotIds:getSnapshotIds": { + "description": "Use this data source to get a list of EBS Snapshot IDs matching the specified\ncriteria.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ebsVolumes = pulumi.output(aws.ebs.getSnapshotIds({\n filters: [\n {\n name: \"volume-size\",\n values: [\"40\"],\n },\n {\n name: \"tag:Name\",\n values: [\"Example\"],\n },\n ],\n owners: [\"self\"],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nebs_volumes = aws.ebs.get_snapshot_ids(filters=[\n aws.ebs.GetSnapshotIdsFilterArgs(\n name=\"volume-size\",\n values=[\"40\"],\n ),\n aws.ebs.GetSnapshotIdsFilterArgs(\n name=\"tag:Name\",\n values=[\"Example\"],\n ),\n ],\n owners=[\"self\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ebsVolumes = Output.Create(Aws.Ebs.GetSnapshotIds.InvokeAsync(new Aws.Ebs.GetSnapshotIdsArgs\n {\n Filters = \n {\n new Aws.Ebs.Inputs.GetSnapshotIdsFilterArgs\n {\n Name = \"volume-size\",\n Values = \n {\n \"40\",\n },\n },\n new Aws.Ebs.Inputs.GetSnapshotIdsFilterArgs\n {\n Name = \"tag:Name\",\n Values = \n {\n \"Example\",\n },\n },\n },\n Owners = \n {\n \"self\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ebs.GetSnapshotIds(ctx, &ebs.GetSnapshotIdsArgs{\n\t\t\tFilters: []ebs.GetSnapshotIdsFilter{\n\t\t\t\tebs.GetSnapshotIdsFilter{\n\t\t\t\t\tName: \"volume-size\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"40\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tebs.GetSnapshotIdsFilter{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"Example\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"self\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSnapshotIds.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ebs/getSnapshotIdsFilter:getSnapshotIdsFilter" + }, + "description": "One or more name/value pairs to filter off of. There are\nseveral valid keys, for a full reference, check out\n[describe-volumes in the AWS CLI reference][1].\n" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Returns the snapshots owned by the specified owner id. Multiple owners can be specified.\n" + }, + "restorableByUserIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more AWS accounts IDs that can create volumes from the snapshot.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getSnapshotIds.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ebs/getSnapshotIdsFilter:getSnapshotIdsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EBS snapshot IDs, sorted by creation time in descending order.\n" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + } + }, + "restorableByUserIds": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "ids", + "id" + ] + } + }, + "aws:ebs/getVolume:getVolume": { + "description": "Use this data source to get information about an EBS volume for use in other\nresources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ebsVolume = pulumi.output(aws.ebs.getVolume({\n filters: [\n {\n name: \"volume-type\",\n values: [\"gp2\"],\n },\n {\n name: \"tag:Name\",\n values: [\"Example\"],\n },\n ],\n mostRecent: true,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nebs_volume = aws.ebs.get_volume(filters=[\n aws.ebs.GetVolumeFilterArgs(\n name=\"volume-type\",\n values=[\"gp2\"],\n ),\n aws.ebs.GetVolumeFilterArgs(\n name=\"tag:Name\",\n values=[\"Example\"],\n ),\n ],\n most_recent=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ebsVolume = Output.Create(Aws.Ebs.GetVolume.InvokeAsync(new Aws.Ebs.GetVolumeArgs\n {\n Filters = \n {\n new Aws.Ebs.Inputs.GetVolumeFilterArgs\n {\n Name = \"volume-type\",\n Values = \n {\n \"gp2\",\n },\n },\n new Aws.Ebs.Inputs.GetVolumeFilterArgs\n {\n Name = \"tag:Name\",\n Values = \n {\n \"Example\",\n },\n },\n },\n MostRecent = true,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ebs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\t_, err := ebs.LookupVolume(ctx, &ebs.LookupVolumeArgs{\n\t\t\tFilters: []ebs.GetVolumeFilter{\n\t\t\t\tebs.GetVolumeFilter{\n\t\t\t\t\tName: \"volume-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"gp2\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tebs.GetVolumeFilter{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"Example\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tMostRecent: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVolume.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ebs/getVolumeFilter:getVolumeFilter" + }, + "description": "One or more name/value pairs to filter off of. There are\nseveral valid keys, for a full reference, check out\n[describe-volumes in the AWS CLI reference][1].\n" + }, + "mostRecent": { + "type": "boolean", + "description": "If more than one result is returned, use the most\nrecent Volume.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the resource.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVolume.\n", + "properties": { + "arn": { + "type": "string", + "description": "The volume ARN (e.g. arn:aws:ec2:us-east-1:0123456789012:volume/vol-59fcb34e).\n" + }, + "availabilityZone": { + "type": "string", + "description": "The AZ where the EBS volume exists.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Whether the disk is encrypted.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ebs/getVolumeFilter:getVolumeFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "iops": { + "type": "integer", + "description": "The amount of IOPS for the disk.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "mostRecent": { + "type": "boolean" + }, + "multiAttachEnabled": { + "type": "boolean", + "description": "(Optional) Specifies whether Amazon EBS Multi-Attach is enabled.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost.\n" + }, + "size": { + "type": "integer", + "description": "The size of the drive in GiBs.\n" + }, + "snapshotId": { + "type": "string", + "description": "The snapshot_id the EBS volume is based off.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the resource.\n" + }, + "throughput": { + "type": "integer", + "description": "The throughput that the volume supports, in MiB/s.\n" + }, + "volumeId": { + "type": "string", + "description": "The volume ID (e.g. vol-59fcb34e).\n" + }, + "volumeType": { + "type": "string", + "description": "The type of EBS volume.\n" + } + }, + "type": "object", + "required": [ + "arn", + "availabilityZone", + "encrypted", + "iops", + "kmsKeyId", + "multiAttachEnabled", + "outpostArn", + "size", + "snapshotId", + "tags", + "throughput", + "volumeId", + "volumeType", + "id" + ] + } + }, + "aws:ec2/getAmi:getAmi": { + "description": "Use this data source to get the ID of a registered AMI for use in other\nresources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2.getAmi({\n executableUsers: [\"self\"],\n filters: [\n {\n name: \"name\",\n values: [\"myami-*\"],\n },\n {\n name: \"root-device-type\",\n values: [\"ebs\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n mostRecent: true,\n nameRegex: \"^myami-\\\\d{3}\",\n owners: [\"self\"],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_ami(executable_users=[\"self\"],\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"myami-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"root-device-type\",\n values=[\"ebs\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n most_recent=True,\n name_regex=\"^myami-\\\\d{3}\",\n owners=[\"self\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetAmi.InvokeAsync(new Aws.Ec2.GetAmiArgs\n {\n ExecutableUsers = \n {\n \"self\",\n },\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"myami-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"root-device-type\",\n Values = \n {\n \"ebs\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"virtualization-type\",\n Values = \n {\n \"hvm\",\n },\n },\n },\n MostRecent = true,\n NameRegex = \"^myami-\\\\d{3}\",\n Owners = \n {\n \"self\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\topt1 := \"^myami-\\\\d{3}\"\n\t\t_, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{\n\t\t\tExecutableUsers: []string{\n\t\t\t\t\"self\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"myami-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"root-device-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ebs\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tMostRecent: &opt0,\n\t\t\tNameRegex: &opt1,\n\t\t\tOwners: []string{\n\t\t\t\t\"self\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAmi.\n", + "properties": { + "executableUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Limit search to users with *explicit* launch permission on\nthe image. Valid items are the numeric account ID or `self`.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getAmiFilter:getAmiFilter" + }, + "description": "One or more name/value pairs to filter off of. There are\nseveral valid keys, for a full reference, check out\n[describe-images in the AWS CLI reference][1].\n" + }, + "mostRecent": { + "type": "boolean", + "description": "If more than one result is returned, use the most\nrecent AMI.\n" + }, + "nameRegex": { + "type": "string", + "description": "A regex string to apply to the AMI list returned\nby AWS. This allows more advanced filtering not supported from the AWS API. This\nfiltering is done locally on what AWS returns, and could have a performance\nimpact if the result is large. It is recommended to combine this with other\noptions to narrow down the list AWS returns.\n" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AMI owners to limit search. At least 1 value must be specified. Valid values: an AWS account ID, `self` (the current account), or an AWS owner alias (e.g. `amazon`, `aws-marketplace`, `microsoft`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Any tags assigned to the image.\n* `tags.#.key` - The key name of the tag.\n* `tags.#.value` - The value of the tag.\n" + } + }, + "type": "object", + "required": [ + "owners" + ] + }, + "outputs": { + "description": "A collection of values returned by getAmi.\n", + "properties": { + "architecture": { + "type": "string", + "description": "The OS architecture of the AMI (ie: `i386` or `x86_64`).\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the AMI.\n" + }, + "blockDeviceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getAmiBlockDeviceMapping:getAmiBlockDeviceMapping" + }, + "description": "Set of objects with block device mappings of the AMI.\n" + }, + "creationDate": { + "type": "string", + "description": "The date and time the image was created.\n" + }, + "description": { + "type": "string", + "description": "The description of the AMI that was provided during image\ncreation.\n" + }, + "enaSupport": { + "type": "boolean", + "description": "Specifies whether enhanced networking with ENA is enabled.\n" + }, + "executableUsers": { + "type": "array", + "items": { + "type": "string" + } + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getAmiFilter:getAmiFilter" + } + }, + "hypervisor": { + "type": "string", + "description": "The hypervisor type of the image.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "imageId": { + "type": "string", + "description": "The ID of the AMI. Should be the same as the resource `id`.\n" + }, + "imageLocation": { + "type": "string", + "description": "The location of the AMI.\n" + }, + "imageOwnerAlias": { + "type": "string", + "description": "The AWS account alias (for example, `amazon`, `self`) or\nthe AWS account ID of the AMI owner.\n" + }, + "imageType": { + "type": "string", + "description": "The type of image.\n" + }, + "kernelId": { + "type": "string", + "description": "The kernel associated with the image, if any. Only applicable\nfor machine images.\n" + }, + "mostRecent": { + "type": "boolean" + }, + "name": { + "type": "string", + "description": "The name of the AMI that was provided during image creation.\n" + }, + "nameRegex": { + "type": "string" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the image owner.\n" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + } + }, + "platform": { + "type": "string", + "description": "The value is Windows for `Windows` AMIs; otherwise blank.\n" + }, + "platformDetails": { + "type": "string", + "description": "The platform details associated with the billing code of the AMI.\n" + }, + "productCodes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getAmiProductCode:getAmiProductCode" + }, + "description": "Any product codes associated with the AMI.\n* `product_codes.#.product_code_id` - The product code.\n* `product_codes.#.product_code_type` - The type of product code.\n" + }, + "public": { + "type": "boolean", + "description": "`true` if the image has public launch permissions.\n" + }, + "ramdiskId": { + "type": "string", + "description": "The RAM disk associated with the image, if any. Only applicable\nfor machine images.\n" + }, + "rootDeviceName": { + "type": "string", + "description": "The device name of the root device.\n" + }, + "rootDeviceType": { + "type": "string", + "description": "The type of root device (ie: `ebs` or `instance-store`).\n" + }, + "rootSnapshotId": { + "type": "string", + "description": "The snapshot id associated with the root device, if any\n(only applies to `ebs` root devices).\n" + }, + "sriovNetSupport": { + "type": "string", + "description": "Specifies whether enhanced networking is enabled.\n" + }, + "state": { + "type": "string", + "description": "The current state of the AMI. If the state is `available`, the image\nis successfully registered and can be used to launch an instance.\n" + }, + "stateReason": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Describes a state change. Fields are `UNSET` if not available.\n* `state_reason.code` - The reason code for the state change.\n* `state_reason.message` - The message for the state change.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Any tags assigned to the image.\n* `tags.#.key` - The key name of the tag.\n* `tags.#.value` - The value of the tag.\n" + }, + "usageOperation": { + "type": "string", + "description": "The operation of the Amazon EC2 instance and the billing code that is associated with the AMI.\n" + }, + "virtualizationType": { + "type": "string", + "description": "The type of virtualization of the AMI (ie: `hvm` or\n`paravirtual`).\n" + } + }, + "type": "object", + "required": [ + "architecture", + "arn", + "blockDeviceMappings", + "creationDate", + "description", + "enaSupport", + "hypervisor", + "imageId", + "imageLocation", + "imageOwnerAlias", + "imageType", + "kernelId", + "name", + "ownerId", + "owners", + "platform", + "platformDetails", + "productCodes", + "public", + "ramdiskId", + "rootDeviceName", + "rootDeviceType", + "rootSnapshotId", + "sriovNetSupport", + "state", + "stateReason", + "tags", + "usageOperation", + "virtualizationType", + "id" + ] + } + }, + "aws:ec2/getAmiIds:getAmiIds": { + "description": "Use this data source to get a list of AMI IDs matching the specified criteria.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = pulumi.output(aws.ec2.getAmiIds({\n filters: [{\n name: \"name\",\n values: [\"ubuntu/images/ubuntu-*-*-amd64-server-*\"],\n }],\n owners: [\"099720109477\"],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami_ids(filters=[aws.ec2.GetAmiIdsFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/ubuntu-*-*-amd64-server-*\"],\n )],\n owners=[\"099720109477\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ubuntu = Output.Create(Aws.Ec2.GetAmiIds.InvokeAsync(new Aws.Ec2.GetAmiIdsArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiIdsFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"ubuntu/images/ubuntu-*-*-amd64-server-*\",\n },\n },\n },\n Owners = \n {\n \"099720109477\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetAmiIds(ctx, &ec2.GetAmiIdsArgs{\n\t\t\tFilters: []ec2.GetAmiIdsFilter{\n\t\t\t\tec2.GetAmiIdsFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/ubuntu-*-*-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAmiIds.\n", + "properties": { + "executableUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Limit search to users with *explicit* launch\npermission on the image. Valid items are the numeric account ID or `self`.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getAmiIdsFilter:getAmiIdsFilter" + }, + "description": "One or more name/value pairs to filter off of. There\nare several valid keys, for a full reference, check out\n[describe-images in the AWS CLI reference][1].\n" + }, + "nameRegex": { + "type": "string", + "description": "A regex string to apply to the AMI list returned\nby AWS. This allows more advanced filtering not supported from the AWS API.\nThis filtering is done locally on what AWS returns, and could have a performance\nimpact if the result is large. It is recommended to combine this with other\noptions to narrow down the list AWS returns.\n" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AMI owners to limit search. At least 1 value must be specified. Valid values: an AWS account ID, `self` (the current account), or an AWS owner alias (e.g. `amazon`, `aws-marketplace`, `microsoft`).\n" + }, + "sortAscending": { + "type": "boolean", + "description": "Used to sort AMIs by creation time.\n" + } + }, + "type": "object", + "required": [ + "owners" + ] + }, + "outputs": { + "description": "A collection of values returned by getAmiIds.\n", + "properties": { + "executableUsers": { + "type": "array", + "items": { + "type": "string" + } + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getAmiIdsFilter:getAmiIdsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + } + }, + "nameRegex": { + "type": "string" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + } + }, + "sortAscending": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "ids", + "owners", + "id" + ] + } + }, + "aws:ec2/getCoipPool:getCoipPool": { + "description": "Provides details about a specific EC2 Customer-Owned IP Pool.\n\nThis data source can prove useful when a module accepts a coip pool id as\nan input variable and needs to, for example, determine the CIDR block of that\nCOIP Pool.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example returns a specific coip pool ID\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst coipPoolId = config.requireObject(\"coipPoolId\");\nconst selected = aws.ec2.getCoipPool({\n id: coipPoolId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\ncoip_pool_id = config.require_object(\"coipPoolId\")\nselected = aws.ec2.get_coip_pool(id=coip_pool_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var coipPoolId = config.RequireObject(\"coipPoolId\");\n var selected = Output.Create(Aws.Ec2.GetCoipPool.InvokeAsync(new Aws.Ec2.GetCoipPoolArgs\n {\n Id = coipPoolId,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tcoipPoolId := cfg.RequireObject(\"coipPoolId\")\n\t\t_, err := ec2.GetCoipPool(ctx, &ec2.GetCoipPoolArgs{\n\t\t\tId: coipPoolId,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCoipPool.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getCoipPoolFilter:getCoipPoolFilter" + } + }, + "localGatewayRouteTableId": { + "type": "string", + "description": "Local Gateway Route Table Id assigned to desired COIP Pool\n" + }, + "poolId": { + "type": "string", + "description": "The id of the specific COIP Pool to retrieve.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match\na pair on the desired COIP Pool.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getCoipPool.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the COIP pool\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getCoipPoolFilter:getCoipPoolFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "localGatewayRouteTableId": { + "type": "string" + }, + "poolCidrs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of CIDR blocks in pool\n" + }, + "poolId": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "arn", + "localGatewayRouteTableId", + "poolCidrs", + "poolId", + "tags", + "id" + ] + } + }, + "aws:ec2/getCoipPools:getCoipPools": { + "description": "Provides information for multiple EC2 Customer-Owned IP Pools, such as their identifiers.\n", + "inputs": { + "description": "A collection of arguments for invoking getCoipPools.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getCoipPoolsFilter:getCoipPoolsFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match\na pair on the desired aws_ec2_coip_pools.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getCoipPools.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getCoipPoolsFilter:getCoipPoolsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "poolIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of COIP Pool Identifiers\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "poolIds", + "tags", + "id" + ] + } + }, + "aws:ec2/getCustomerGateway:getCustomerGateway": { + "description": "Get an existing AWS Customer Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = aws.ec2.getCustomerGateway({\n filters: [{\n name: \"tag:Name\",\n values: [\"foo-prod\"],\n }],\n});\nconst main = new aws.ec2.VpnGateway(\"main\", {\n vpcId: aws_vpc.main.id,\n amazonSideAsn: 7224,\n});\nconst transit = new aws.ec2.VpnConnection(\"transit\", {\n vpnGatewayId: main.id,\n customerGatewayId: foo.then(foo => foo.id),\n type: foo.then(foo => foo.type),\n staticRoutesOnly: false,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.get_customer_gateway(filters=[aws.ec2.GetCustomerGatewayFilterArgs(\n name=\"tag:Name\",\n values=[\"foo-prod\"],\n)])\nmain = aws.ec2.VpnGateway(\"main\",\n vpc_id=aws_vpc[\"main\"][\"id\"],\n amazon_side_asn=\"7224\")\ntransit = aws.ec2.VpnConnection(\"transit\",\n vpn_gateway_id=main.id,\n customer_gateway_id=foo.id,\n type=foo.type,\n static_routes_only=False)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = Output.Create(Aws.Ec2.GetCustomerGateway.InvokeAsync(new Aws.Ec2.GetCustomerGatewayArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetCustomerGatewayFilterArgs\n {\n Name = \"tag:Name\",\n Values = \n {\n \"foo-prod\",\n },\n },\n },\n }));\n var main = new Aws.Ec2.VpnGateway(\"main\", new Aws.Ec2.VpnGatewayArgs\n {\n VpcId = aws_vpc.Main.Id,\n AmazonSideAsn = \"7224\",\n });\n var transit = new Aws.Ec2.VpnConnection(\"transit\", new Aws.Ec2.VpnConnectionArgs\n {\n VpnGatewayId = main.Id,\n CustomerGatewayId = foo.Apply(foo => foo.Id),\n Type = foo.Apply(foo => foo.Type),\n StaticRoutesOnly = false,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfoo, err := ec2.LookupCustomerGateway(ctx, &ec2.LookupCustomerGatewayArgs{\n\t\t\tFilters: []ec2.GetCustomerGatewayFilter{\n\t\t\t\tec2.GetCustomerGatewayFilter{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"foo-prod\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tmain, err := ec2.NewVpnGateway(ctx, \"main\", &ec2.VpnGatewayArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Main.Id),\n\t\t\tAmazonSideAsn: pulumi.String(\"7224\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpnConnection(ctx, \"transit\", &ec2.VpnConnectionArgs{\n\t\t\tVpnGatewayId: main.ID(),\n\t\t\tCustomerGatewayId: pulumi.String(foo.Id),\n\t\t\tType: pulumi.String(foo.Type),\n\t\t\tStaticRoutesOnly: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCustomerGateway.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getCustomerGatewayFilter:getCustomerGatewayFilter" + }, + "description": "One or more [name-value pairs][dcg-filters] to filter by.\n" + }, + "id": { + "type": "string", + "description": "The ID of the gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value pairs assigned to the gateway.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getCustomerGateway.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the customer gateway.\n" + }, + "bgpAsn": { + "type": "integer", + "description": "(Optional) The gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN).\n" + }, + "deviceName": { + "type": "string", + "description": "(Optional) A name for the customer gateway device.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getCustomerGatewayFilter:getCustomerGatewayFilter" + } + }, + "id": { + "type": "string" + }, + "ipAddress": { + "type": "string", + "description": "(Optional) The IP address of the gateway's Internet-routable external interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value pairs assigned to the gateway.\n" + }, + "type": { + "type": "string", + "description": "(Optional) The type of customer gateway. The only type AWS supports at this time is \"ipsec.1\".\n" + } + }, + "type": "object", + "required": [ + "arn", + "bgpAsn", + "deviceName", + "id", + "ipAddress", + "tags", + "type" + ] + } + }, + "aws:ec2/getDedicatedHost:getDedicatedHost": { + "description": "Use this data source to get information about the host when allocating an EC2 Dedicated Host.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = new aws.ec2.DedicatedHost(\"test\", {\n autoPlacement: \"on\",\n availabilityZone: \"us-west-1a\",\n hostRecovery: \"on\",\n instanceType: \"c5.18xlarge\",\n});\nconst testData = test.id.apply(id => aws.ec2.getDedicatedHost({\n hostId: id,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.DedicatedHost(\"test\",\n auto_placement=\"on\",\n availability_zone=\"us-west-1a\",\n host_recovery=\"on\",\n instance_type=\"c5.18xlarge\")\ntest_data = test.id.apply(lambda id: aws.ec2.get_dedicated_host(host_id=id))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = new Aws.Ec2.DedicatedHost(\"test\", new Aws.Ec2.DedicatedHostArgs\n {\n AutoPlacement = \"on\",\n AvailabilityZone = \"us-west-1a\",\n HostRecovery = \"on\",\n InstanceType = \"c5.18xlarge\",\n });\n var testData = test.Id.Apply(id => Aws.Ec2.GetDedicatedHost.InvokeAsync(new Aws.Ec2.GetDedicatedHostArgs\n {\n HostId = id,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttest, err := ec2.NewDedicatedHost(ctx, \"test\", &ec2.DedicatedHostArgs{\n\t\t\tAutoPlacement: pulumi.String(\"on\"),\n\t\t\tAvailabilityZone: pulumi.String(\"us-west-1a\"),\n\t\t\tHostRecovery: pulumi.String(\"on\"),\n\t\t\tInstanceType: pulumi.String(\"c5.18xlarge\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDedicatedHost.\n", + "properties": { + "hostId": { + "type": "string", + "description": "The host ID.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "hostId" + ] + }, + "outputs": { + "description": "A collection of values returned by getDedicatedHost.\n", + "properties": { + "autoPlacement": { + "type": "string" + }, + "availabilityZone": { + "type": "string" + }, + "cores": { + "type": "integer", + "description": "The number of cores on the Dedicated Host.\n" + }, + "hostId": { + "type": "string", + "description": "The host ID.\n" + }, + "hostRecovery": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceFamily": { + "type": "string", + "description": "The instance family supported by the Dedicated Host. For example, m5.\n* `instance_type` -The instance type supported by the Dedicated Host. For example, m5.large. If the host supports multiple instance types, no instanceType is returned.\n" + }, + "instanceState": { + "type": "string" + }, + "instanceType": { + "type": "string" + }, + "sockets": { + "type": "integer", + "description": "The instance family supported by the Dedicated Host. For example, m5.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "totalVcpus": { + "type": "integer", + "description": "The total number of vCPUs on the Dedicated Host.\n" + } + }, + "type": "object", + "required": [ + "autoPlacement", + "availabilityZone", + "cores", + "hostId", + "hostRecovery", + "instanceFamily", + "instanceState", + "instanceType", + "sockets", + "tags", + "totalVcpus", + "id" + ] + } + }, + "aws:ec2/getElasticIp:getElasticIp": { + "description": "`aws.ec2.Eip` provides details about a specific Elastic IP.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Search By Allocation ID (VPC only)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byAllocationId = pulumi.output(aws.ec2.getElasticIp({\n id: \"eipalloc-12345678\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_allocation_id = aws.ec2.get_elastic_ip(id=\"eipalloc-12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byAllocationId = Output.Create(Aws.Ec2.GetElasticIp.InvokeAsync(new Aws.Ec2.GetElasticIpArgs\n {\n Id = \"eipalloc-12345678\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"eipalloc-12345678\"\n\t\t_, err := ec2.GetElasticIp(ctx, &ec2.GetElasticIpArgs{\n\t\t\tId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Search By Filters (EC2-Classic or VPC)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byFilter = pulumi.output(aws.ec2.getElasticIp({\n filters: [{\n name: \"tag:Name\",\n values: [\"exampleNameTagValue\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_filter = aws.ec2.get_elastic_ip(filters=[aws.ec2.GetElasticIpFilterArgs(\n name=\"tag:Name\",\n values=[\"exampleNameTagValue\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byFilter = Output.Create(Aws.Ec2.GetElasticIp.InvokeAsync(new Aws.Ec2.GetElasticIpArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetElasticIpFilterArgs\n {\n Name = \"tag:Name\",\n Values = \n {\n \"exampleNameTagValue\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetElasticIp(ctx, &ec2.GetElasticIpArgs{\n\t\t\tFilters: []ec2.GetElasticIpFilter{\n\t\t\t\tec2.GetElasticIpFilter{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"exampleNameTagValue\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Search By Public IP (EC2-Classic or VPC)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byPublicIp = pulumi.output(aws.ec2.getElasticIp({\n publicIp: \"1.2.3.4\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_public_ip = aws.ec2.get_elastic_ip(public_ip=\"1.2.3.4\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byPublicIp = Output.Create(Aws.Ec2.GetElasticIp.InvokeAsync(new Aws.Ec2.GetElasticIpArgs\n {\n PublicIp = \"1.2.3.4\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"1.2.3.4\"\n\t\t_, err := ec2.GetElasticIp(ctx, &ec2.GetElasticIpArgs{\n\t\t\tPublicIp: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Search By Tags (EC2-Classic or VPC)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byTags = pulumi.output(aws.ec2.getElasticIp({\n tags: {\n Name: \"exampleNameTagValue\",\n },\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_tags = aws.ec2.get_elastic_ip(tags={\n \"Name\": \"exampleNameTagValue\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byTags = Output.Create(Aws.Ec2.GetElasticIp.InvokeAsync(new Aws.Ec2.GetElasticIpArgs\n {\n Tags = \n {\n { \"Name\", \"exampleNameTagValue\" },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetElasticIp(ctx, &ec2.GetElasticIpArgs{\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Name\": \"exampleNameTagValue\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getElasticIp.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getElasticIpFilter:getElasticIpFilter" + }, + "description": "One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html).\n" + }, + "id": { + "type": "string", + "description": "The allocation id of the specific VPC EIP to retrieve. If a classic EIP is required, do NOT set `id`, only set `public_ip`\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP of the specific EIP to retrieve.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match a pair on the desired Elastic IP\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getElasticIp.\n", + "properties": { + "associationId": { + "type": "string", + "description": "The ID representing the association of the address with an instance in a VPC.\n" + }, + "carrierIp": { + "type": "string", + "description": "The carrier IP address.\n" + }, + "customerOwnedIp": { + "type": "string", + "description": "Customer Owned IP.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of a Customer Owned IP Pool. For more on customer owned IP addressed check out [Customer-owned IP addresses guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#ip-addressing)\n" + }, + "domain": { + "type": "string", + "description": "Indicates whether the address is for use in EC2-Classic (standard) or in a VPC (vpc).\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getElasticIpFilter:getElasticIpFilter" + } + }, + "id": { + "type": "string", + "description": "If VPC Elastic IP, the allocation identifier. If EC2-Classic Elastic IP, the public IP address.\n" + }, + "instanceId": { + "type": "string", + "description": "The ID of the instance that the address is associated with (if any).\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface.\n" + }, + "networkInterfaceOwnerId": { + "type": "string", + "description": "The ID of the AWS account that owns the network interface.\n" + }, + "privateDns": { + "type": "string", + "description": "The Private DNS associated with the Elastic IP address.\n" + }, + "privateIp": { + "type": "string", + "description": "The private IP address associated with the Elastic IP address.\n" + }, + "publicDns": { + "type": "string", + "description": "Public DNS associated with the Elastic IP address.\n" + }, + "publicIp": { + "type": "string", + "description": "Public IP address of Elastic IP.\n" + }, + "publicIpv4Pool": { + "type": "string", + "description": "The ID of an address pool.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags associated with Elastic IP.\n" + } + }, + "type": "object", + "required": [ + "associationId", + "carrierIp", + "customerOwnedIp", + "customerOwnedIpv4Pool", + "domain", + "id", + "instanceId", + "networkInterfaceId", + "networkInterfaceOwnerId", + "privateDns", + "privateIp", + "publicDns", + "publicIp", + "publicIpv4Pool", + "tags" + ] + } + }, + "aws:ec2/getInstance:getInstance": { + "description": "Use this data source to get the ID of an Amazon EC2 Instance for use in other\nresources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = pulumi.output(aws.ec2.getInstance({\n filters: [\n {\n name: \"image-id\",\n values: [\"ami-xxxxxxxx\"],\n },\n {\n name: \"tag:Name\",\n values: [\"instance-name-tag\"],\n },\n ],\n instanceId: \"i-instanceid\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ec2.get_instance(filters=[\n aws.ec2.GetInstanceFilterArgs(\n name=\"image-id\",\n values=[\"ami-xxxxxxxx\"],\n ),\n aws.ec2.GetInstanceFilterArgs(\n name=\"tag:Name\",\n values=[\"instance-name-tag\"],\n ),\n ],\n instance_id=\"i-instanceid\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = Output.Create(Aws.Ec2.GetInstance.InvokeAsync(new Aws.Ec2.GetInstanceArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetInstanceFilterArgs\n {\n Name = \"image-id\",\n Values = \n {\n \"ami-xxxxxxxx\",\n },\n },\n new Aws.Ec2.Inputs.GetInstanceFilterArgs\n {\n Name = \"tag:Name\",\n Values = \n {\n \"instance-name-tag\",\n },\n },\n },\n InstanceId = \"i-instanceid\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"i-instanceid\"\n\t\t_, err := ec2.LookupInstance(ctx, &ec2.LookupInstanceArgs{\n\t\t\tFilters: []ec2.GetInstanceFilter{\n\t\t\t\tec2.GetInstanceFilter{\n\t\t\t\t\tName: \"image-id\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ami-xxxxxxxx\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetInstanceFilter{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"instance-name-tag\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInstanceId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getInstance.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceFilter:getInstanceFilter" + }, + "description": "One or more name/value pairs to use as filters. There are\nseveral valid keys, for a full reference, check out\n[describe-instances in the AWS CLI reference][1].\n" + }, + "getPasswordData": { + "type": "boolean", + "description": "If true, wait for password data to become available and retrieve it. Useful for getting the administrator password for instances running Microsoft Windows. The password data is exported to the `password_data` attribute. See [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) for more information.\n" + }, + "getUserData": { + "type": "boolean", + "description": "Retrieve Base64 encoded User Data contents into the `user_data_base64` attribute. A SHA-1 hash of the User Data contents will always be present in the `user_data` attribute. Defaults to `false`.\n" + }, + "instanceId": { + "type": "string", + "description": "Specify the exact Instance ID with which to populate the data source.\n" + }, + "instanceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must\nexactly match a pair on the desired Instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the Instance.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getInstance.\n", + "properties": { + "ami": { + "type": "string", + "description": "The ID of the AMI used to launch the instance.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the instance.\n" + }, + "associatePublicIpAddress": { + "type": "boolean", + "description": "Whether or not the Instance is associated with a public IP address or not (Boolean).\n" + }, + "availabilityZone": { + "type": "string", + "description": "The availability zone of the Instance.\n" + }, + "creditSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceCreditSpecification:getInstanceCreditSpecification" + }, + "description": "The credit specification of the Instance.\n" + }, + "disableApiTermination": { + "type": "boolean" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceEbsBlockDevice:getInstanceEbsBlockDevice" + }, + "description": "The EBS block device mappings of the Instance.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "Whether the Instance is EBS optimized or not (Boolean).\n" + }, + "enclaveOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceEnclaveOption:getInstanceEnclaveOption" + }, + "description": "The enclave options of the Instance.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceEphemeralBlockDevice:getInstanceEphemeralBlockDevice" + }, + "description": "The ephemeral block device mappings of the Instance.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceFilter:getInstanceFilter" + } + }, + "getPasswordData": { + "type": "boolean" + }, + "getUserData": { + "type": "boolean" + }, + "hostId": { + "type": "string", + "description": "The Id of the dedicated host the instance will be assigned to.\n" + }, + "iamInstanceProfile": { + "type": "string", + "description": "The name of the instance profile associated with the Instance.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceId": { + "type": "string" + }, + "instanceState": { + "type": "string", + "description": "The state of the instance. One of: `pending`, `running`, `shutting-down`, `terminated`, `stopping`, `stopped`. See [Instance Lifecycle](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html) for more information.\n" + }, + "instanceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "instanceType": { + "type": "string", + "description": "The type of the Instance.\n" + }, + "keyName": { + "type": "string", + "description": "The key name of the Instance.\n" + }, + "metadataOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceMetadataOption:getInstanceMetadataOption" + }, + "description": "The metadata options of the Instance.\n" + }, + "monitoring": { + "type": "boolean", + "description": "Whether detailed monitoring is enabled or disabled for the Instance (Boolean).\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface that was created with the Instance.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost.\n" + }, + "passwordData": { + "type": "string", + "description": "Base-64 encoded encrypted password data for the instance.\nUseful for getting the administrator password for instances running Microsoft Windows.\nThis attribute is only exported if `get_password_data` is true.\nSee [GetPasswordData](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_GetPasswordData.html) for more information.\n" + }, + "placementGroup": { + "type": "string", + "description": "The placement group of the Instance.\n" + }, + "privateDns": { + "type": "string", + "description": "The private DNS name assigned to the Instance. Can only be\nused inside the Amazon EC2, and only available if you've enabled DNS hostnames\nfor your VPC.\n" + }, + "privateIp": { + "type": "string", + "description": "The private IP address assigned to the Instance.\n" + }, + "publicDns": { + "type": "string", + "description": "The public DNS name assigned to the Instance. For EC2-VPC, this\nis only available if you've enabled DNS hostnames for your VPC.\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP address assigned to the Instance, if applicable. **NOTE**: If you are using an `aws.ec2.Eip` with your instance, you should refer to the EIP's address directly and not use `public_ip`, as this field will change after the EIP is attached.\n" + }, + "rootBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceRootBlockDevice:getInstanceRootBlockDevice" + }, + "description": "The root block device mappings of the Instance\n" + }, + "secondaryPrivateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The secondary private IPv4 addresses assigned to the instance's primary network interface (eth0) in a VPC.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The associated security groups.\n" + }, + "sourceDestCheck": { + "type": "boolean", + "description": "Whether the network interface performs source/destination checking (Boolean).\n" + }, + "subnetId": { + "type": "string", + "description": "The VPC subnet ID.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the Instance.\n" + }, + "tenancy": { + "type": "string", + "description": "The tenancy of the instance: `dedicated`, `default`, `host`.\n" + }, + "userData": { + "type": "string", + "description": "SHA-1 hash of User Data supplied to the Instance.\n" + }, + "userDataBase64": { + "type": "string", + "description": "Base64 encoded contents of User Data supplied to the Instance. This attribute is only exported if `get_user_data` is true.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The associated security groups in a non-default VPC.\n" + } + }, + "type": "object", + "required": [ + "ami", + "arn", + "associatePublicIpAddress", + "availabilityZone", + "creditSpecifications", + "disableApiTermination", + "ebsBlockDevices", + "ebsOptimized", + "enclaveOptions", + "ephemeralBlockDevices", + "hostId", + "iamInstanceProfile", + "instanceState", + "instanceTags", + "instanceType", + "keyName", + "metadataOptions", + "monitoring", + "networkInterfaceId", + "outpostArn", + "passwordData", + "placementGroup", + "privateDns", + "privateIp", + "publicDns", + "publicIp", + "rootBlockDevices", + "secondaryPrivateIps", + "securityGroups", + "sourceDestCheck", + "subnetId", + "tags", + "tenancy", + "userData", + "userDataBase64", + "vpcSecurityGroupIds", + "id" + ] + } + }, + "aws:ec2/getInstanceType:getInstanceType": { + "description": "Get characteristics for a single EC2 Instance Type.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2.getInstanceType({\n instanceType: \"t2.micro\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_instance_type(instance_type=\"t2.micro\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetInstanceType.InvokeAsync(new Aws.Ec2.GetInstanceTypeArgs\n {\n InstanceType = \"t2.micro\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetInstanceType(ctx, &ec2.GetInstanceTypeArgs{\n\t\t\tInstanceType: \"t2.micro\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getInstanceType.\n", + "properties": { + "defaultCores": { + "type": "integer", + "description": "The default number of cores for the instance type.\n" + }, + "defaultThreadsPerCore": { + "type": "integer", + "description": "The default number of threads per core for the instance type.\n" + }, + "fpgas": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeFpga:getInstanceTypeFpga" + }, + "description": "Describes the FPGA accelerator settings for the instance type.\n* `fpgas.#.count` - The count of FPGA accelerators for the instance type.\n* `fpgas.#.manufacturer` - The manufacturer of the FPGA accelerator.\n* `fpgas.#.memory_size` - The size (in MiB) for the memory available to the FPGA accelerator.\n* `fpgas.#.name` - The name of the FPGA accelerator.\n" + }, + "gpuses": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeGpus:getInstanceTypeGpus" + }, + "description": "Describes the GPU accelerators for the instance type.\n* `gpus.#.count` - The number of GPUs for the instance type.\n* `gpus.#.manufacturer` - The manufacturer of the GPU accelerator.\n* `gpus.#.memory_size` - The size (in MiB) for the memory available to the GPU accelerator.\n* `gpus.#.name` - The name of the GPU accelerator.\n" + }, + "hypervisor": { + "type": "string", + "description": "Indicates the hypervisor used for the instance type.\n* `inference_accelerators` Describes the Inference accelerators for the instance type.\n* `inference_accelerators.#.count` - The number of Inference accelerators for the instance type.\n* `inference_accelerators.#.manufacturer` - The manufacturer of the Inference accelerator.\n* `inference_accelerators.#.name` - The name of the Inference accelerator.\n" + }, + "inferenceAccelerators": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeInferenceAccelerator:getInstanceTypeInferenceAccelerator" + } + }, + "instanceDisks": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeInstanceDisk:getInstanceTypeInstanceDisk" + }, + "description": "Describes the disks for the instance type.\n* `instance_disks.#.count` - The number of disks with this configuration.\n* `instance_disks.#.size` - The size of the disk in GB.\n* `instance_disks.#.type` - The type of disk.\n" + }, + "instanceType": { + "type": "string", + "description": "Instance\n" + }, + "maximumIpv6AddressesPerInterface": { + "type": "integer", + "description": "The maximum number of IPv6 addresses per network interface.\n" + }, + "totalFpgaMemory": { + "type": "integer", + "description": "The total memory of all FPGA accelerators for the instance type (in MiB).\n" + }, + "totalGpuMemory": { + "type": "integer", + "description": "The total size of the memory for the GPU accelerators for the instance type (in MiB).\n" + }, + "totalInstanceStorage": { + "type": "integer", + "description": "The total size of the instance disks, in GB.\n" + } + }, + "type": "object", + "required": [ + "instanceType" + ] + }, + "outputs": { + "description": "A collection of values returned by getInstanceType.\n", + "properties": { + "autoRecoverySupported": { + "type": "boolean", + "description": "`true` if auto recovery is supported.\n" + }, + "bareMetal": { + "type": "boolean", + "description": "`true` if it is a bare metal instance type.\n" + }, + "burstablePerformanceSupported": { + "type": "boolean", + "description": "`true` if the instance type is a burstable performance instance type.\n" + }, + "currentGeneration": { + "type": "boolean", + "description": "`true` if the instance type is a current generation.\n" + }, + "dedicatedHostsSupported": { + "type": "boolean", + "description": "`true` if Dedicated Hosts are supported on the instance type.\n" + }, + "defaultCores": { + "type": "integer", + "description": "The default number of cores for the instance type.\n" + }, + "defaultThreadsPerCore": { + "type": "integer", + "description": "The default number of threads per core for the instance type.\n" + }, + "defaultVcpus": { + "type": "integer", + "description": "The default number of vCPUs for the instance type.\n" + }, + "ebsEncryptionSupport": { + "type": "string", + "description": "Indicates whether Amazon EBS encryption is supported.\n" + }, + "ebsNvmeSupport": { + "type": "string", + "description": "Indicates whether non-volatile memory express (NVMe) is supported.\n" + }, + "ebsOptimizedSupport": { + "type": "string", + "description": "Indicates that the instance type is Amazon EBS-optimized.\n" + }, + "ebsPerformanceBaselineBandwidth": { + "type": "integer", + "description": "The baseline bandwidth performance for an EBS-optimized instance type, in Mbps.\n" + }, + "ebsPerformanceBaselineIops": { + "type": "integer", + "description": "The baseline input/output storage operations per seconds for an EBS-optimized instance type.\n" + }, + "ebsPerformanceBaselineThroughput": { + "type": "number", + "description": "The baseline throughput performance for an EBS-optimized instance type, in MBps.\n" + }, + "ebsPerformanceMaximumBandwidth": { + "type": "integer", + "description": "The maximum bandwidth performance for an EBS-optimized instance type, in Mbps.\n" + }, + "ebsPerformanceMaximumIops": { + "type": "integer", + "description": "The maximum input/output storage operations per second for an EBS-optimized instance type.\n" + }, + "ebsPerformanceMaximumThroughput": { + "type": "number", + "description": "The maximum throughput performance for an EBS-optimized instance type, in MBps.\n" + }, + "efaSupported": { + "type": "boolean", + "description": "Indicates whether Elastic Fabric Adapter (EFA) is supported.\n" + }, + "enaSupport": { + "type": "string", + "description": "Indicates whether Elastic Network Adapter (ENA) is supported.\n" + }, + "fpgas": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeFpga:getInstanceTypeFpga" + }, + "description": "Describes the FPGA accelerator settings for the instance type.\n* `fpgas.#.count` - The count of FPGA accelerators for the instance type.\n* `fpgas.#.manufacturer` - The manufacturer of the FPGA accelerator.\n* `fpgas.#.memory_size` - The size (in MiB) for the memory available to the FPGA accelerator.\n* `fpgas.#.name` - The name of the FPGA accelerator.\n" + }, + "freeTierEligible": { + "type": "boolean", + "description": "`true` if the instance type is eligible for the free tier.\n" + }, + "gpuses": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeGpus:getInstanceTypeGpus" + }, + "description": "Describes the GPU accelerators for the instance type.\n* `gpus.#.count` - The number of GPUs for the instance type.\n* `gpus.#.manufacturer` - The manufacturer of the GPU accelerator.\n* `gpus.#.memory_size` - The size (in MiB) for the memory available to the GPU accelerator.\n* `gpus.#.name` - The name of the GPU accelerator.\n" + }, + "hibernationSupported": { + "type": "boolean", + "description": "`true` if On-Demand hibernation is supported.\n" + }, + "hypervisor": { + "type": "string", + "description": "Indicates the hypervisor used for the instance type.\n* `inference_accelerators` Describes the Inference accelerators for the instance type.\n* `inference_accelerators.#.count` - The number of Inference accelerators for the instance type.\n* `inference_accelerators.#.manufacturer` - The manufacturer of the Inference accelerator.\n* `inference_accelerators.#.name` - The name of the Inference accelerator.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "inferenceAccelerators": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeInferenceAccelerator:getInstanceTypeInferenceAccelerator" + } + }, + "instanceDisks": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeInstanceDisk:getInstanceTypeInstanceDisk" + }, + "description": "Describes the disks for the instance type.\n* `instance_disks.#.count` - The number of disks with this configuration.\n* `instance_disks.#.size` - The size of the disk in GB.\n* `instance_disks.#.type` - The type of disk.\n" + }, + "instanceStorageSupported": { + "type": "boolean", + "description": "`true` if instance storage is supported.\n" + }, + "instanceType": { + "type": "string" + }, + "ipv6Supported": { + "type": "boolean", + "description": "`true` if IPv6 is supported.\n" + }, + "maximumIpv4AddressesPerInterface": { + "type": "integer", + "description": "The maximum number of IPv4 addresses per network interface.\n" + }, + "maximumIpv6AddressesPerInterface": { + "type": "integer", + "description": "The maximum number of IPv6 addresses per network interface.\n" + }, + "maximumNetworkInterfaces": { + "type": "integer", + "description": "The maximum number of network interfaces for the instance type.\n" + }, + "memorySize": { + "type": "integer", + "description": "Size of the instance memory, in MiB.\n" + }, + "networkPerformance": { + "type": "string", + "description": "Describes the network performance.\n" + }, + "supportedArchitectures": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of architectures supported by the instance type.\n" + }, + "supportedPlacementStrategies": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of supported placement groups types.\n" + }, + "supportedRootDeviceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Indicates the supported root device types.\n" + }, + "supportedUsagesClasses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Indicates whether the instance type is offered for spot or On-Demand.\n" + }, + "supportedVirtualizationTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The supported virtualization types.\n" + }, + "sustainedClockSpeed": { + "type": "number", + "description": "The speed of the processor, in GHz.\n" + }, + "totalFpgaMemory": { + "type": "integer", + "description": "The total memory of all FPGA accelerators for the instance type (in MiB).\n" + }, + "totalGpuMemory": { + "type": "integer", + "description": "The total size of the memory for the GPU accelerators for the instance type (in MiB).\n" + }, + "totalInstanceStorage": { + "type": "integer", + "description": "The total size of the instance disks, in GB.\n" + }, + "validCores": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of the valid number of cores that can be configured for the instance type.\n" + }, + "validThreadsPerCores": { + "type": "array", + "items": { + "type": "integer" + }, + "description": "List of the valid number of threads per core that can be configured for the instance type.\n" + } + }, + "type": "object", + "required": [ + "autoRecoverySupported", + "bareMetal", + "burstablePerformanceSupported", + "currentGeneration", + "dedicatedHostsSupported", + "defaultCores", + "defaultThreadsPerCore", + "defaultVcpus", + "ebsEncryptionSupport", + "ebsNvmeSupport", + "ebsOptimizedSupport", + "ebsPerformanceBaselineBandwidth", + "ebsPerformanceBaselineIops", + "ebsPerformanceBaselineThroughput", + "ebsPerformanceMaximumBandwidth", + "ebsPerformanceMaximumIops", + "ebsPerformanceMaximumThroughput", + "efaSupported", + "enaSupport", + "fpgas", + "freeTierEligible", + "gpuses", + "hibernationSupported", + "hypervisor", + "inferenceAccelerators", + "instanceDisks", + "instanceStorageSupported", + "instanceType", + "ipv6Supported", + "maximumIpv4AddressesPerInterface", + "maximumIpv6AddressesPerInterface", + "maximumNetworkInterfaces", + "memorySize", + "networkPerformance", + "supportedArchitectures", + "supportedPlacementStrategies", + "supportedRootDeviceTypes", + "supportedUsagesClasses", + "supportedVirtualizationTypes", + "sustainedClockSpeed", + "totalFpgaMemory", + "totalGpuMemory", + "totalInstanceStorage", + "validCores", + "validThreadsPerCores", + "id" + ] + } + }, + "aws:ec2/getInstanceTypeOffering:getInstanceTypeOffering": { + "description": "Information about single EC2 Instance Type Offering.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2.getInstanceTypeOffering({\n filters: [{\n name: \"instance-type\",\n values: [\n \"t2.micro\",\n \"t3.micro\",\n ],\n }],\n preferredInstanceTypes: [\n \"t3.micro\",\n \"t2.micro\",\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_instance_type_offering(filters=[aws.ec2.GetInstanceTypeOfferingFilterArgs(\n name=\"instance-type\",\n values=[\n \"t2.micro\",\n \"t3.micro\",\n ],\n )],\n preferred_instance_types=[\n \"t3.micro\",\n \"t2.micro\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetInstanceTypeOffering.InvokeAsync(new Aws.Ec2.GetInstanceTypeOfferingArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetInstanceTypeOfferingFilterArgs\n {\n Name = \"instance-type\",\n Values = \n {\n \"t2.micro\",\n \"t3.micro\",\n },\n },\n },\n PreferredInstanceTypes = \n {\n \"t3.micro\",\n \"t2.micro\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetInstanceTypeOffering(ctx, &ec2.GetInstanceTypeOfferingArgs{\n\t\t\tFilters: []ec2.GetInstanceTypeOfferingFilter{\n\t\t\t\tec2.GetInstanceTypeOfferingFilter{\n\t\t\t\t\tName: \"instance-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"t2.micro\",\n\t\t\t\t\t\t\"t3.micro\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tPreferredInstanceTypes: []string{\n\t\t\t\t\"t3.micro\",\n\t\t\t\t\"t2.micro\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getInstanceTypeOffering.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeOfferingFilter:getInstanceTypeOfferingFilter" + }, + "description": "One or more configuration blocks containing name-values filters. See the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstanceTypeOfferings.html) for supported filters. Detailed below.\n" + }, + "locationType": { + "type": "string", + "description": "Location type. Defaults to `region`. Valid values: `availability-zone`, `availability-zone-id`, and `region`.\n" + }, + "preferredInstanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ordered list of preferred EC2 Instance Types. The first match in this list will be returned. If no preferred matches are found and the original search returned more than one result, an error is returned.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getInstanceTypeOffering.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeOfferingFilter:getInstanceTypeOfferingFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceType": { + "type": "string", + "description": "EC2 Instance Type.\n" + }, + "locationType": { + "type": "string" + }, + "preferredInstanceTypes": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "instanceType", + "id" + ] + } + }, + "aws:ec2/getInstanceTypeOfferings:getInstanceTypeOfferings": { + "description": "Information about EC2 Instance Type Offerings.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2.getInstanceTypeOfferings({\n filters: [\n {\n name: \"instance-type\",\n values: [\n \"t2.micro\",\n \"t3.micro\",\n ],\n },\n {\n name: \"location\",\n values: [\"usw2-az4\"],\n },\n ],\n locationType: \"availability-zone-id\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_instance_type_offerings(filters=[\n aws.ec2.GetInstanceTypeOfferingsFilterArgs(\n name=\"instance-type\",\n values=[\n \"t2.micro\",\n \"t3.micro\",\n ],\n ),\n aws.ec2.GetInstanceTypeOfferingsFilterArgs(\n name=\"location\",\n values=[\"usw2-az4\"],\n ),\n ],\n location_type=\"availability-zone-id\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetInstanceTypeOfferings.InvokeAsync(new Aws.Ec2.GetInstanceTypeOfferingsArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetInstanceTypeOfferingsFilterArgs\n {\n Name = \"instance-type\",\n Values = \n {\n \"t2.micro\",\n \"t3.micro\",\n },\n },\n new Aws.Ec2.Inputs.GetInstanceTypeOfferingsFilterArgs\n {\n Name = \"location\",\n Values = \n {\n \"usw2-az4\",\n },\n },\n },\n LocationType = \"availability-zone-id\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"availability-zone-id\"\n\t\t_, err := ec2.GetInstanceTypeOfferings(ctx, &ec2.GetInstanceTypeOfferingsArgs{\n\t\t\tFilters: []ec2.GetInstanceTypeOfferingsFilter{\n\t\t\t\tec2.GetInstanceTypeOfferingsFilter{\n\t\t\t\t\tName: \"instance-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"t2.micro\",\n\t\t\t\t\t\t\"t3.micro\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetInstanceTypeOfferingsFilter{\n\t\t\t\t\tName: \"location\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"usw2-az4\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tLocationType: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getInstanceTypeOfferings.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeOfferingsFilter:getInstanceTypeOfferingsFilter" + }, + "description": "One or more configuration blocks containing name-values filters. See the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstanceTypeOfferings.html) for supported filters. Detailed below.\n" + }, + "locationType": { + "type": "string", + "description": "Location type. Defaults to `region`. Valid values: `availability-zone`, `availability-zone-id`, and `region`.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getInstanceTypeOfferings.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstanceTypeOfferingsFilter:getInstanceTypeOfferingsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 Instance Types.\n" + }, + "locationType": { + "type": "string" + }, + "locationTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of location types.\n" + }, + "locations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of locations.\n" + } + }, + "type": "object", + "required": [ + "instanceTypes", + "locationTypes", + "locations", + "id" + ] + } + }, + "aws:ec2/getInstances:getInstances": { + "description": "Use this data source to get IDs or IPs of Amazon EC2 instances to be referenced elsewhere,\ne.g. to allow easier migration from another management solution\nor to make it easier for an operator to connect through bastion host(s).\n\n> **Note:** It's strongly discouraged to use this data source for querying ephemeral\ninstances (e.g. managed via autoscaling group), as the output may change at any time\nand you'd need to re-run `apply` every time an instance comes up or dies.\n", + "inputs": { + "description": "A collection of arguments for invoking getInstances.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstancesFilter:getInstancesFilter" + }, + "description": "One or more name/value pairs to use as filters. There are\nseveral valid keys, for a full reference, check out\n[describe-instances in the AWS CLI reference][1].\n" + }, + "instanceStateNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of instance states that should be applicable to the desired instances. The permitted values are: `pending, running, shutting-down, stopped, stopping, terminated`. The default value is `running`.\n" + }, + "instanceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must\nexactly match a pair on desired instances.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getInstances.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInstancesFilter:getInstancesFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "IDs of instances found through the filter\n" + }, + "instanceStateNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "instanceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "privateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Private IP addresses of instances found through the filter\n" + }, + "publicIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Public IP addresses of instances found through the filter\n" + } + }, + "type": "object", + "required": [ + "ids", + "instanceTags", + "privateIps", + "publicIps", + "id" + ] + } + }, + "aws:ec2/getInternetGateway:getInternetGateway": { + "description": "`aws.ec2.InternetGateway` provides details about a specific Internet Gateway.\n", + "inputs": { + "description": "A collection of arguments for invoking getInternetGateway.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInternetGatewayFilter:getInternetGatewayFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "internetGatewayId": { + "type": "string", + "description": "The id of the specific Internet Gateway to retrieve.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired Internet Gateway.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getInternetGateway.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Internet Gateway.\n" + }, + "attachments": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInternetGatewayAttachment:getInternetGatewayAttachment" + } + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getInternetGatewayFilter:getInternetGatewayFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "internetGatewayId": { + "type": "string" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the internet gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "arn", + "attachments", + "internetGatewayId", + "ownerId", + "tags", + "id" + ] + } + }, + "aws:ec2/getLaunchConfiguration:getLaunchConfiguration": { + "description": "Provides information about a Launch Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = pulumi.output(aws.ec2.getLaunchConfiguration({\n name: \"test-launch-config\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_launch_configuration(name=\"test-launch-config\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ubuntu = Output.Create(Aws.Ec2.GetLaunchConfiguration.InvokeAsync(new Aws.Ec2.GetLaunchConfigurationArgs\n {\n Name = \"test-launch-config\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupLaunchConfiguration(ctx, &ec2.LookupLaunchConfigurationArgs{\n\t\t\tName: \"test-launch-config\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLaunchConfiguration.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the launch configuration.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getLaunchConfiguration.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name of the launch configuration.\n" + }, + "associatePublicIpAddress": { + "type": "boolean", + "description": "Whether a Public IP address is associated with the instance.\n" + }, + "ebsBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchConfigurationEbsBlockDevice:getLaunchConfigurationEbsBlockDevice" + }, + "description": "The EBS Block Devices attached to the instance.\n" + }, + "ebsOptimized": { + "type": "boolean", + "description": "Whether the launched EC2 instance will be EBS-optimized.\n" + }, + "enableMonitoring": { + "type": "boolean", + "description": "Whether Detailed Monitoring is Enabled.\n" + }, + "ephemeralBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchConfigurationEphemeralBlockDevice:getLaunchConfigurationEphemeralBlockDevice" + }, + "description": "The Ephemeral volumes on the instance.\n" + }, + "iamInstanceProfile": { + "type": "string", + "description": "The IAM Instance Profile to associate with launched instances.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "imageId": { + "type": "string", + "description": "The EC2 Image ID of the instance.\n" + }, + "instanceType": { + "type": "string", + "description": "The Instance Type of the instance to launch.\n" + }, + "keyName": { + "type": "string", + "description": "The Key Name that should be used for the instance.\n" + }, + "metadataOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchConfigurationMetadataOption:getLaunchConfigurationMetadataOption" + }, + "description": "The metadata options for the instance.\n" + }, + "name": { + "type": "string", + "description": "The Name of the launch configuration.\n" + }, + "placementTenancy": { + "type": "string", + "description": "The Tenancy of the instance.\n" + }, + "rootBlockDevices": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchConfigurationRootBlockDevice:getLaunchConfigurationRootBlockDevice" + }, + "description": "The Root Block Device of the instance.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of associated Security Group IDS.\n" + }, + "spotPrice": { + "type": "string", + "description": "The Price to use for reserving Spot instances.\n" + }, + "userData": { + "type": "string", + "description": "The User Data of the instance.\n" + }, + "vpcClassicLinkId": { + "type": "string", + "description": "The ID of a ClassicLink-enabled VPC.\n" + }, + "vpcClassicLinkSecurityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IDs of one or more Security Groups for the specified ClassicLink-enabled VPC.\n" + } + }, + "type": "object", + "required": [ + "arn", + "associatePublicIpAddress", + "ebsBlockDevices", + "ebsOptimized", + "enableMonitoring", + "ephemeralBlockDevices", + "iamInstanceProfile", + "imageId", + "instanceType", + "keyName", + "metadataOptions", + "name", + "placementTenancy", + "rootBlockDevices", + "securityGroups", + "spotPrice", + "userData", + "vpcClassicLinkId", + "vpcClassicLinkSecurityGroups", + "id" + ] + } + }, + "aws:ec2/getLaunchTemplate:getLaunchTemplate": { + "description": "Provides information about a Launch Template.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultLaunchTemplate = pulumi.output(aws.ec2.getLaunchTemplate({\n name: \"my-launch-template\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.get_launch_template(name=\"my-launch-template\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = Output.Create(Aws.Ec2.GetLaunchTemplate.InvokeAsync(new Aws.Ec2.GetLaunchTemplateArgs\n {\n Name = \"my-launch-template\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"my-launch-template\"\n\t\t_, err := ec2.LookupLaunchTemplate(ctx, &ec2.LookupLaunchTemplateArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.ec2.getLaunchTemplate({\n filters: [{\n name: \"launch-template-name\",\n values: [\"some-template\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_launch_template(filters=[aws.ec2.GetLaunchTemplateFilterArgs(\n name=\"launch-template-name\",\n values=[\"some-template\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Ec2.GetLaunchTemplate.InvokeAsync(new Aws.Ec2.GetLaunchTemplateArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetLaunchTemplateFilterArgs\n {\n Name = \"launch-template-name\",\n Values = \n {\n \"some-template\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupLaunchTemplate(ctx, &ec2.LookupLaunchTemplateArgs{\n\t\t\tFilters: []ec2.GetLaunchTemplateFilter{\n\t\t\t\tec2.GetLaunchTemplateFilter{\n\t\t\t\t\tName: \"launch-template-name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"some-template\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLaunchTemplate.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateFilter:getLaunchTemplateFilter" + }, + "description": "Configuration block(s) for filtering. Detailed below.\n" + }, + "id": { + "type": "string", + "description": "The ID of the specific launch template to retrieve.\n" + }, + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribeLaunchTemplates API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLaunchTemplates.html).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match a pair on the desired Launch Template.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLaunchTemplate.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the launch template.\n" + }, + "blockDeviceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateBlockDeviceMapping:getLaunchTemplateBlockDeviceMapping" + }, + "description": "Specify volumes to attach to the instance besides the volumes specified by the AMI.\n" + }, + "creditSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateCreditSpecification:getLaunchTemplateCreditSpecification" + }, + "description": "Customize the credit specification of the instance. See Credit\nSpecification below for more details.\n" + }, + "defaultVersion": { + "type": "integer", + "description": "The default version of the launch template.\n" + }, + "description": { + "type": "string", + "description": "Description of the launch template.\n" + }, + "disableApiTermination": { + "type": "boolean", + "description": "If `true`, enables [EC2 Instance\nTermination Protection](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#Using_ChangingDisableAPITermination)\n" + }, + "ebsOptimized": { + "type": "string", + "description": "If `true`, the launched EC2 instance will be EBS-optimized.\n" + }, + "elasticGpuSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateElasticGpuSpecification:getLaunchTemplateElasticGpuSpecification" + }, + "description": "The elastic GPU to attach to the instance. See Elastic GPU\nbelow for more details.\n" + }, + "enclaveOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateEnclaveOption:getLaunchTemplateEnclaveOption" + }, + "description": "The enclave options of the Instance.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateFilter:getLaunchTemplateFilter" + } + }, + "hibernationOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateHibernationOption:getLaunchTemplateHibernationOption" + }, + "description": "The hibernation options for the instance.\n" + }, + "iamInstanceProfiles": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateIamInstanceProfile:getLaunchTemplateIamInstanceProfile" + }, + "description": "The IAM Instance Profile to launch the instance with. See Instance Profile\nbelow for more details.\n" + }, + "id": { + "type": "string", + "description": "The ID of the launch template.\n" + }, + "imageId": { + "type": "string", + "description": "The AMI from which to launch the instance.\n" + }, + "instanceInitiatedShutdownBehavior": { + "type": "string", + "description": "Shutdown behavior for the instance. Can be `stop` or `terminate`.\n(Default: `stop`).\n" + }, + "instanceMarketOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateInstanceMarketOption:getLaunchTemplateInstanceMarketOption" + }, + "description": "The market (purchasing) option for the instance.\nbelow for details.\n" + }, + "instanceType": { + "type": "string", + "description": "The type of the instance.\n" + }, + "kernelId": { + "type": "string", + "description": "The kernel ID.\n" + }, + "keyName": { + "type": "string", + "description": "The key name to use for the instance.\n" + }, + "latestVersion": { + "type": "integer", + "description": "The latest version of the launch template.\n" + }, + "metadataOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateMetadataOption:getLaunchTemplateMetadataOption" + }, + "description": "The metadata options for the instance.\n" + }, + "monitorings": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateMonitoring:getLaunchTemplateMonitoring" + }, + "description": "The monitoring option for the instance.\n" + }, + "name": { + "type": "string" + }, + "networkInterfaces": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateNetworkInterface:getLaunchTemplateNetworkInterface" + }, + "description": "Customize network interfaces to be attached at instance boot time. See Network\nInterfaces below for more details.\n" + }, + "placements": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplatePlacement:getLaunchTemplatePlacement" + }, + "description": "The placement of the instance.\n" + }, + "ramDiskId": { + "type": "string", + "description": "The ID of the RAM disk.\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group names to associate with. If you are creating Instances in a VPC, use\n`vpc_security_group_ids` instead.\n" + }, + "tagSpecifications": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLaunchTemplateTagSpecification:getLaunchTemplateTagSpecification" + }, + "description": "The tags to apply to the resources during launch.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "(Optional) A map of tags to assign to the launch template.\n" + }, + "userData": { + "type": "string", + "description": "The Base64-encoded user data to provide when launching the instance.\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security group IDs to associate with.\n" + } + }, + "type": "object", + "required": [ + "arn", + "blockDeviceMappings", + "creditSpecifications", + "defaultVersion", + "description", + "disableApiTermination", + "ebsOptimized", + "elasticGpuSpecifications", + "enclaveOptions", + "hibernationOptions", + "iamInstanceProfiles", + "id", + "imageId", + "instanceInitiatedShutdownBehavior", + "instanceMarketOptions", + "instanceType", + "kernelId", + "keyName", + "latestVersion", + "metadataOptions", + "monitorings", + "networkInterfaces", + "placements", + "ramDiskId", + "securityGroupNames", + "tagSpecifications", + "tags", + "userData", + "vpcSecurityGroupIds" + ] + } + }, + "aws:ec2/getLocalGateway:getLocalGateway": { + "description": "Provides details about an EC2 Local Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example shows how one might accept a local gateway id as a variable.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst localGatewayId = config.requireObject(\"localGatewayId\");\nconst selected = aws.ec2.getLocalGateway({\n id: localGatewayId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlocal_gateway_id = config.require_object(\"localGatewayId\")\nselected = aws.ec2.get_local_gateway(id=local_gateway_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var localGatewayId = config.RequireObject(\"localGatewayId\");\n var selected = Output.Create(Aws.Ec2.GetLocalGateway.InvokeAsync(new Aws.Ec2.GetLocalGatewayArgs\n {\n Id = localGatewayId,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlocalGatewayId := cfg.RequireObject(\"localGatewayId\")\n\t\topt0 := localGatewayId\n\t\t_, err := ec2.GetLocalGateway(ctx, &ec2.GetLocalGatewayArgs{\n\t\t\tId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLocalGateway.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayFilter:getLocalGatewayFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "id": { + "type": "string", + "description": "The id of the specific Local Gateway to retrieve.\n" + }, + "state": { + "type": "string", + "description": "The current state of the desired Local Gateway.\nCan be either `\"pending\"` or `\"available\"`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match\na pair on the desired Local Gateway.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLocalGateway.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayFilter:getLocalGatewayFilter" + } + }, + "id": { + "type": "string" + }, + "outpostArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Outpost\n" + }, + "ownerId": { + "type": "string", + "description": "AWS account identifier that owns the Local Gateway.\n" + }, + "state": { + "type": "string", + "description": "State of the local gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "id", + "outpostArn", + "ownerId", + "state", + "tags" + ] + } + }, + "aws:ec2/getLocalGatewayRouteTable:getLocalGatewayRouteTable": { + "description": "Provides details about an EC2 Local Gateway Route Table.\n\nThis data source can prove useful when a module accepts a local gateway route table id as\nan input variable and needs to, for example, find the associated Outpost or Local Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example returns a specific local gateway route table ID\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst awsEc2LocalGatewayRouteTable = config.requireObject(\"awsEc2LocalGatewayRouteTable\");\nconst selected = aws.ec2.getLocalGatewayRouteTable({\n localGatewayRouteTableId: awsEc2LocalGatewayRouteTable,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\naws_ec2_local_gateway_route_table = config.require_object(\"awsEc2LocalGatewayRouteTable\")\nselected = aws.ec2.get_local_gateway_route_table(local_gateway_route_table_id=aws_ec2_local_gateway_route_table)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var awsEc2LocalGatewayRouteTable = config.RequireObject(\"awsEc2LocalGatewayRouteTable\");\n var selected = Output.Create(Aws.Ec2.GetLocalGatewayRouteTable.InvokeAsync(new Aws.Ec2.GetLocalGatewayRouteTableArgs\n {\n LocalGatewayRouteTableId = awsEc2LocalGatewayRouteTable,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tawsEc2LocalGatewayRouteTable := cfg.RequireObject(\"awsEc2LocalGatewayRouteTable\")\n\t\topt0 := awsEc2LocalGatewayRouteTable\n\t\t_, err := ec2.GetLocalGatewayRouteTable(ctx, &ec2.GetLocalGatewayRouteTableArgs{\n\t\t\tLocalGatewayRouteTableId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLocalGatewayRouteTable.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayRouteTableFilter:getLocalGatewayRouteTableFilter" + } + }, + "localGatewayId": { + "type": "string", + "description": "The id of the specific local gateway route table to retrieve.\n" + }, + "localGatewayRouteTableId": { + "type": "string", + "description": "Local Gateway Route Table Id assigned to desired local gateway route table\n" + }, + "outpostArn": { + "type": "string", + "description": "The arn of the Outpost the local gateway route table is associated with.\n" + }, + "state": { + "type": "string", + "description": "The state of the local gateway route table.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match\na pair on the desired local gateway route table.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLocalGatewayRouteTable.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayRouteTableFilter:getLocalGatewayRouteTableFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "localGatewayId": { + "type": "string" + }, + "localGatewayRouteTableId": { + "type": "string" + }, + "outpostArn": { + "type": "string" + }, + "state": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "localGatewayId", + "localGatewayRouteTableId", + "outpostArn", + "state", + "tags", + "id" + ] + } + }, + "aws:ec2/getLocalGatewayRouteTables:getLocalGatewayRouteTables": { + "description": "Provides information for multiple EC2 Local Gateway Route Tables, such as their identifiers.\n", + "inputs": { + "description": "A collection of arguments for invoking getLocalGatewayRouteTables.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayRouteTablesFilter:getLocalGatewayRouteTablesFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match\na pair on the desired local gateway route table.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLocalGatewayRouteTables.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayRouteTablesFilter:getLocalGatewayRouteTablesFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Local Gateway Route Table identifiers\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "ids", + "tags", + "id" + ] + } + }, + "aws:ec2/getLocalGatewayVirtualInterface:getLocalGatewayVirtualInterface": { + "description": "Provides details about an EC2 Local Gateway Virtual Interface. More information can be found in the [Outposts User Guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#routing).\n", + "inputs": { + "description": "A collection of arguments for invoking getLocalGatewayVirtualInterface.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayVirtualInterfaceFilter:getLocalGatewayVirtualInterfaceFilter" + }, + "description": "One or more configuration blocks containing name-values filters. See the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayVirtualInterfaces.html) for supported filters. Detailed below.\n" + }, + "id": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Virtual Interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags, each pair of which must exactly match a pair on the desired local gateway route table.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLocalGatewayVirtualInterface.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayVirtualInterfaceFilter:getLocalGatewayVirtualInterfaceFilter" + } + }, + "id": { + "type": "string" + }, + "localAddress": { + "type": "string", + "description": "Local address.\n" + }, + "localBgpAsn": { + "type": "integer", + "description": "Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the EC2 Local Gateway.\n" + }, + "localGatewayId": { + "type": "string", + "description": "Identifier of the EC2 Local Gateway.\n" + }, + "localGatewayVirtualInterfaceIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "peerAddress": { + "type": "string", + "description": "Peer address.\n" + }, + "peerBgpAsn": { + "type": "integer", + "description": "Border Gateway Protocol (BGP) Autonomous System Number (ASN) of the peer.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vlan": { + "type": "integer", + "description": "Virtual Local Area Network.\n" + } + }, + "type": "object", + "required": [ + "id", + "localAddress", + "localBgpAsn", + "localGatewayId", + "localGatewayVirtualInterfaceIds", + "peerAddress", + "peerBgpAsn", + "tags", + "vlan" + ] + } + }, + "aws:ec2/getLocalGatewayVirtualInterfaceGroup:getLocalGatewayVirtualInterfaceGroup": { + "description": "Provides details about an EC2 Local Gateway Virtual Interface Group. More information can be found in the [Outposts User Guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#routing).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2.getLocalGatewayVirtualInterfaceGroup({\n localGatewayId: data.aws_ec2_local_gateway.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_local_gateway_virtual_interface_group(local_gateway_id=data[\"aws_ec2_local_gateway\"][\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetLocalGatewayVirtualInterfaceGroup.InvokeAsync(new Aws.Ec2.GetLocalGatewayVirtualInterfaceGroupArgs\n {\n LocalGatewayId = data.Aws_ec2_local_gateway.Example.Id,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := data.Aws_ec2_local_gateway.Example.Id\n\t\t_, err := ec2.GetLocalGatewayVirtualInterfaceGroup(ctx, &ec2.GetLocalGatewayVirtualInterfaceGroupArgs{\n\t\t\tLocalGatewayId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLocalGatewayVirtualInterfaceGroup.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayVirtualInterfaceGroupFilter:getLocalGatewayVirtualInterfaceGroupFilter" + }, + "description": "One or more configuration blocks containing name-values filters. See the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayVirtualInterfaceGroups.html) for supported filters. Detailed below.\n" + }, + "id": { + "type": "string", + "description": "Identifier of EC2 Local Gateway Virtual Interface Group.\n" + }, + "localGatewayId": { + "type": "string", + "description": "Identifier of EC2 Local Gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags, each pair of which must exactly match a pair on the desired local gateway route table.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLocalGatewayVirtualInterfaceGroup.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayVirtualInterfaceGroupFilter:getLocalGatewayVirtualInterfaceGroupFilter" + } + }, + "id": { + "type": "string" + }, + "localGatewayId": { + "type": "string" + }, + "localGatewayVirtualInterfaceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Local Gateway Virtual Interface identifiers.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "id", + "localGatewayId", + "localGatewayVirtualInterfaceIds", + "tags" + ] + } + }, + "aws:ec2/getLocalGatewayVirtualInterfaceGroups:getLocalGatewayVirtualInterfaceGroups": { + "description": "Provides details about multiple EC2 Local Gateway Virtual Interface Groups, such as identifiers. More information can be found in the [Outposts User Guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#routing).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst all = pulumi.output(aws.ec2.getLocalGatewayVirtualInterfaceGroups());\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nall = aws.ec2.get_local_gateway_virtual_interface_groups()\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var all = Output.Create(Aws.Ec2.GetLocalGatewayVirtualInterfaceGroups.InvokeAsync());\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetLocalGatewayVirtualInterfaceGroups(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLocalGatewayVirtualInterfaceGroups.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayVirtualInterfaceGroupsFilter:getLocalGatewayVirtualInterfaceGroupsFilter" + }, + "description": "One or more configuration blocks containing name-values filters. See the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeLocalGatewayVirtualInterfaceGroups.html) for supported filters. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags, each pair of which must exactly match a pair on the desired local gateway route table.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLocalGatewayVirtualInterfaceGroups.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewayVirtualInterfaceGroupsFilter:getLocalGatewayVirtualInterfaceGroupsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Local Gateway Virtual Interface Group identifiers.\n" + }, + "localGatewayVirtualInterfaceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Local Gateway Virtual Interface identifiers.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "ids", + "localGatewayVirtualInterfaceIds", + "tags", + "id" + ] + } + }, + "aws:ec2/getLocalGateways:getLocalGateways": { + "description": "Provides information for multiple EC2 Local Gateways, such as their identifiers.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example retrieves Local Gateways with a resource tag of `service` set to `production`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst fooLocalGateways = aws.ec2.getLocalGateways({\n tags: {\n service: \"production\",\n },\n});\nexport const foo = fooLocalGateways.then(fooLocalGateways => fooLocalGateways.ids);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo_local_gateways = aws.ec2.get_local_gateways(tags={\n \"service\": \"production\",\n})\npulumi.export(\"foo\", foo_local_gateways.ids)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var fooLocalGateways = Output.Create(Aws.Ec2.GetLocalGateways.InvokeAsync(new Aws.Ec2.GetLocalGatewaysArgs\n {\n Tags = \n {\n { \"service\", \"production\" },\n },\n }));\n this.Foo = fooLocalGateways.Apply(fooLocalGateways => fooLocalGateways.Ids);\n }\n\n [Output(\"foo\")]\n public Output Foo { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tfooLocalGateways, err := ec2.GetLocalGateways(ctx, &ec2.GetLocalGatewaysArgs{\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"service\": \"production\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"foo\", fooLocalGateways.Ids)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLocalGateways.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewaysFilter:getLocalGatewaysFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match\na pair on the desired local_gateways.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLocalGateways.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getLocalGatewaysFilter:getLocalGatewaysFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of all the Local Gateway identifiers\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "ids", + "tags", + "id" + ] + } + }, + "aws:ec2/getManagedPrefixList:getManagedPrefixList": { + "description": "`aws.ec2.ManagedPrefixList` provides details about a specific AWS prefix list or\ncustomer-managed prefix list in the current region.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Find the regional DynamoDB prefix list\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = pulumi.output(aws.getRegion());\nconst example = current.apply(current => aws.ec2.getManagedPrefixList({\n name: `com.amazonaws.${current.name!}.dynamodb`,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\nexample = aws.ec2.get_managed_prefix_list(name=f\"com.amazonaws.{current.name}.dynamodb\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetRegion.InvokeAsync());\n var example = current.Apply(current => Output.Create(Aws.Ec2.GetManagedPrefixList.InvokeAsync(new Aws.Ec2.GetManagedPrefixListArgs\n {\n Name = $\"com.amazonaws.{current.Name}.dynamodb\",\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt0 := fmt.Sprintf(\"%v%v%v\", \"com.amazonaws.\", current.Name, \".dynamodb\")\n\t\t_, err = ec2.LookupManagedPrefixList(ctx, &ec2.LookupManagedPrefixListArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Find a managed prefix list using filters\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2.getManagedPrefixList({\n filters: [{\n name: \"prefix-list-name\",\n values: [\"my-prefix-list\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_managed_prefix_list(filters=[aws.ec2.GetManagedPrefixListFilterArgs(\n name=\"prefix-list-name\",\n values=[\"my-prefix-list\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetManagedPrefixList.InvokeAsync(new Aws.Ec2.GetManagedPrefixListArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetManagedPrefixListFilterArgs\n {\n Name = \"prefix-list-name\",\n Values = \n {\n \"my-prefix-list\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupManagedPrefixList(ctx, &ec2.LookupManagedPrefixListArgs{\n\t\t\tFilters: []ec2.GetManagedPrefixListFilter{\n\t\t\t\tec2.GetManagedPrefixListFilter{\n\t\t\t\t\tName: \"prefix-list-name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"my-prefix-list\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getManagedPrefixList.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getManagedPrefixListFilter:getManagedPrefixListFilter" + }, + "description": "Configuration block(s) for filtering. Detailed below.\n" + }, + "id": { + "type": "string", + "description": "The ID of the prefix list to select.\n" + }, + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the EC2 [DescribeManagedPrefixLists](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeManagedPrefixLists.html) API Reference.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getManagedPrefixList.\n", + "properties": { + "addressFamily": { + "type": "string", + "description": "The address family of the prefix list. Valid values are `IPv4` and `IPv6`.\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the selected prefix list.\n" + }, + "entries": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getManagedPrefixListEntry:getManagedPrefixListEntry" + }, + "description": "The set of entries in this prefix list. Each entry is an object with `cidr` and `description`.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getManagedPrefixListFilter:getManagedPrefixListFilter" + } + }, + "id": { + "type": "string", + "description": "The ID of the selected prefix list.\n" + }, + "maxEntries": { + "type": "integer", + "description": "When then prefix list is managed, the maximum number of entries it supports, or null otherwise.\n" + }, + "name": { + "type": "string", + "description": "The name of the selected prefix list.\n" + }, + "ownerId": { + "type": "string", + "description": "The Account ID of the owner of a customer-managed prefix list, or `AWS` otherwise.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource.\n" + }, + "version": { + "type": "integer" + } + }, + "type": "object", + "required": [ + "addressFamily", + "arn", + "entries", + "id", + "maxEntries", + "name", + "ownerId", + "tags", + "version" + ] + } + }, + "aws:ec2/getNatGateway:getNatGateway": { + "description": "Provides details about a specific Nat Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnetId = config.requireObject(\"subnetId\");\nconst default = aws.ec2.getNatGateway({\n subnetId: aws_subnet[\"public\"].id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnet_id = config.require_object(\"subnetId\")\ndefault = aws.ec2.get_nat_gateway(subnet_id=aws_subnet[\"public\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var subnetId = config.RequireObject(\"subnetId\");\n var @default = Output.Create(Aws.Ec2.GetNatGateway.InvokeAsync(new Aws.Ec2.GetNatGatewayArgs\n {\n SubnetId = aws_subnet.Public.Id,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\topt0 := aws_subnet.Public.Id\n\t\t_, err := ec2.LookupNatGateway(ctx, &ec2.LookupNatGatewayArgs{\n\t\t\tSubnetId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nUsage with tags:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst default = aws.ec2.getNatGateway({\n subnetId: aws_subnet[\"public\"].id,\n tags: {\n Name: \"gw NAT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault = aws.ec2.get_nat_gateway(subnet_id=aws_subnet[\"public\"][\"id\"],\n tags={\n \"Name\": \"gw NAT\",\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @default = Output.Create(Aws.Ec2.GetNatGateway.InvokeAsync(new Aws.Ec2.GetNatGatewayArgs\n {\n SubnetId = aws_subnet.Public.Id,\n Tags = \n {\n { \"Name\", \"gw NAT\" },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := aws_subnet.Public.Id\n\t\t_, err := ec2.LookupNatGateway(ctx, &ec2.LookupNatGatewayArgs{\n\t\t\tSubnetId: &opt0,\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Name\": \"gw NAT\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getNatGateway.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getNatGatewayFilter:getNatGatewayFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "id": { + "type": "string", + "description": "The id of the specific Nat Gateway to retrieve.\n" + }, + "state": { + "type": "string", + "description": "The state of the NAT gateway (pending | failed | available | deleting | deleted ).\n" + }, + "subnetId": { + "type": "string", + "description": "The id of subnet that the Nat Gateway resides in.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired Nat Gateway.\n" + }, + "vpcId": { + "type": "string", + "description": "The id of the VPC that the Nat Gateway resides in.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getNatGateway.\n", + "properties": { + "allocationId": { + "type": "string", + "description": "The Id of the EIP allocated to the selected Nat Gateway.\n" + }, + "connectivityType": { + "type": "string", + "description": "The connectivity type of the NAT Gateway.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getNatGatewayFilter:getNatGatewayFilter" + } + }, + "id": { + "type": "string" + }, + "networkInterfaceId": { + "type": "string", + "description": "The Id of the ENI allocated to the selected Nat Gateway.\n" + }, + "privateIp": { + "type": "string", + "description": "The private Ip address of the selected Nat Gateway.\n" + }, + "publicIp": { + "type": "string", + "description": "The public Ip (EIP) address of the selected Nat Gateway.\n" + }, + "state": { + "type": "string" + }, + "subnetId": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "allocationId", + "connectivityType", + "id", + "networkInterfaceId", + "privateIp", + "publicIp", + "state", + "subnetId", + "tags", + "vpcId" + ] + } + }, + "aws:ec2/getNetworkAcls:getNetworkAcls": { + "inputs": { + "description": "A collection of arguments for invoking getNetworkAcls.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getNetworkAclsFilter:getNetworkAclsFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired network ACLs.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID that you want to filter from.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getNetworkAcls.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getNetworkAclsFilter:getNetworkAclsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of all the network ACL ids found. This data source will fail if none are found.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ids", + "tags", + "id" + ] + } + }, + "aws:ec2/getNetworkInterface:getNetworkInterface": { + "description": "Use this data source to get information about a Network Interface.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = pulumi.output(aws.ec2.getNetworkInterface({\n id: \"eni-01234567\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.ec2.get_network_interface(id=\"eni-01234567\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = Output.Create(Aws.Ec2.GetNetworkInterface.InvokeAsync(new Aws.Ec2.GetNetworkInterfaceArgs\n {\n Id = \"eni-01234567\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"eni-01234567\"\n\t\t_, err := ec2.LookupNetworkInterface(ctx, &ec2.LookupNetworkInterfaceArgs{\n\t\t\tId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getNetworkInterface.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getNetworkInterfaceFilter:getNetworkInterfaceFilter" + }, + "description": "One or more name/value pairs to filter off of. There are several valid keys, for a full reference, check out [describe-network-interfaces](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-network-interfaces.html) in the AWS CLI reference.\n" + }, + "id": { + "type": "string", + "description": "The identifier for the network interface.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Any tags assigned to the network interface.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getNetworkInterface.\n", + "properties": { + "associations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getNetworkInterfaceAssociation:getNetworkInterfaceAssociation" + }, + "description": "The association information for an Elastic IP address (IPv4) associated with the network interface. See supported fields below.\n" + }, + "attachments": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getNetworkInterfaceAttachment:getNetworkInterfaceAttachment" + } + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone.\n" + }, + "description": { + "type": "string", + "description": "Description of the network interface.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getNetworkInterfaceFilter:getNetworkInterfaceFilter" + } + }, + "id": { + "type": "string" + }, + "interfaceType": { + "type": "string", + "description": "The type of interface.\n" + }, + "ipv6Addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IPv6 addresses to assign to the ENI.\n" + }, + "macAddress": { + "type": "string", + "description": "The MAC address.\n" + }, + "outpostArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Outpost.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the owner of the network interface.\n" + }, + "privateDnsName": { + "type": "string", + "description": "The private DNS name.\n" + }, + "privateIp": { + "type": "string", + "description": "The private IPv4 address of the network interface within the subnet.\n" + }, + "privateIps": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The private IPv4 addresses associated with the network interface.\n" + }, + "requesterId": { + "type": "string", + "description": "The ID of the entity that launched the instance on your behalf.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of security groups for the network interface.\n" + }, + "subnetId": { + "type": "string", + "description": "The ID of the subnet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Any tags assigned to the network interface.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC.\n" + } + }, + "type": "object", + "required": [ + "associations", + "attachments", + "availabilityZone", + "description", + "id", + "interfaceType", + "ipv6Addresses", + "macAddress", + "outpostArn", + "ownerId", + "privateDnsName", + "privateIp", + "privateIps", + "requesterId", + "securityGroups", + "subnetId", + "tags", + "vpcId" + ] + } + }, + "aws:ec2/getNetworkInterfaces:getNetworkInterfaces": { + "inputs": { + "description": "A collection of arguments for invoking getNetworkInterfaces.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getNetworkInterfacesFilter:getNetworkInterfacesFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired network interfaces.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getNetworkInterfaces.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getNetworkInterfacesFilter:getNetworkInterfacesFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of all the network interface ids found. This data source will fail if none are found.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "ids", + "tags", + "id" + ] + } + }, + "aws:ec2/getPrefixList:getPrefixList": { + "description": "`aws.ec2.getPrefixList` provides details about a specific prefix list (PL)\nin the current region.\n\nThis can be used both to validate a prefix list given in a variable\nand to obtain the CIDR blocks (IP address ranges) for the associated\nAWS service. The latter may be useful e.g. for adding network ACL\nrules.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst privateS3VpcEndpoint = new aws.ec2.VpcEndpoint(\"privateS3VpcEndpoint\", {\n vpcId: aws_vpc.foo.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n});\nconst privateS3PrefixList = privateS3VpcEndpoint.prefixListId.apply(prefixListId => aws.ec2.getPrefixList({\n prefixListId: prefixListId,\n}));\nconst bar = new aws.ec2.NetworkAcl(\"bar\", {vpcId: aws_vpc.foo.id});\nconst privateS3NetworkAclRule = new aws.ec2.NetworkAclRule(\"privateS3NetworkAclRule\", {\n networkAclId: bar.id,\n ruleNumber: 200,\n egress: false,\n protocol: \"tcp\",\n ruleAction: \"allow\",\n cidrBlock: privateS3PrefixList.apply(privateS3PrefixList => privateS3PrefixList.cidrBlocks?[0]),\n fromPort: 443,\n toPort: 443,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprivate_s3_vpc_endpoint = aws.ec2.VpcEndpoint(\"privateS3VpcEndpoint\",\n vpc_id=aws_vpc[\"foo\"][\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\")\nprivate_s3_prefix_list = private_s3_vpc_endpoint.prefix_list_id.apply(lambda prefix_list_id: aws.ec2.get_prefix_list(prefix_list_id=prefix_list_id))\nbar = aws.ec2.NetworkAcl(\"bar\", vpc_id=aws_vpc[\"foo\"][\"id\"])\nprivate_s3_network_acl_rule = aws.ec2.NetworkAclRule(\"privateS3NetworkAclRule\",\n network_acl_id=bar.id,\n rule_number=200,\n egress=False,\n protocol=\"tcp\",\n rule_action=\"allow\",\n cidr_block=private_s3_prefix_list.cidr_blocks[0],\n from_port=443,\n to_port=443)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var privateS3VpcEndpoint = new Aws.Ec2.VpcEndpoint(\"privateS3VpcEndpoint\", new Aws.Ec2.VpcEndpointArgs\n {\n VpcId = aws_vpc.Foo.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n });\n var privateS3PrefixList = privateS3VpcEndpoint.PrefixListId.Apply(prefixListId => Aws.Ec2.GetPrefixList.InvokeAsync(new Aws.Ec2.GetPrefixListArgs\n {\n PrefixListId = prefixListId,\n }));\n var bar = new Aws.Ec2.NetworkAcl(\"bar\", new Aws.Ec2.NetworkAclArgs\n {\n VpcId = aws_vpc.Foo.Id,\n });\n var privateS3NetworkAclRule = new Aws.Ec2.NetworkAclRule(\"privateS3NetworkAclRule\", new Aws.Ec2.NetworkAclRuleArgs\n {\n NetworkAclId = bar.Id,\n RuleNumber = 200,\n Egress = false,\n Protocol = \"tcp\",\n RuleAction = \"allow\",\n CidrBlock = privateS3PrefixList.Apply(privateS3PrefixList => privateS3PrefixList.CidrBlocks?[0]),\n FromPort = 443,\n ToPort = 443,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprivateS3VpcEndpoint, err := ec2.NewVpcEndpoint(ctx, \"privateS3VpcEndpoint\", &ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.s3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewNetworkAcl(ctx, \"bar\", &ec2.NetworkAclArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewNetworkAclRule(ctx, \"privateS3NetworkAclRule\", &ec2.NetworkAclRuleArgs{\n\t\t\tNetworkAclId: bar.ID(),\n\t\t\tRuleNumber: pulumi.Int(200),\n\t\t\tEgress: pulumi.Bool(false),\n\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\tRuleAction: pulumi.String(\"allow\"),\n\t\t\tCidrBlock: privateS3PrefixList.ApplyT(func(privateS3PrefixList ec2.GetPrefixListResult) (string, error) {\n\t\t\t\treturn privateS3PrefixList.CidrBlocks[0], nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.ec2.getPrefixList({\n filters: [{\n name: \"prefix-list-id\",\n values: [\"pl-68a54001\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_prefix_list(filters=[aws.ec2.GetPrefixListFilterArgs(\n name=\"prefix-list-id\",\n values=[\"pl-68a54001\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Ec2.GetPrefixList.InvokeAsync(new Aws.Ec2.GetPrefixListArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetPrefixListFilterArgs\n {\n Name = \"prefix-list-id\",\n Values = \n {\n \"pl-68a54001\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetPrefixList(ctx, &ec2.GetPrefixListArgs{\n\t\t\tFilters: []ec2.GetPrefixListFilter{\n\t\t\t\tec2.GetPrefixListFilter{\n\t\t\t\t\tName: \"prefix-list-id\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"pl-68a54001\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPrefixList.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getPrefixListFilter:getPrefixListFilter" + }, + "description": "Configuration block(s) for filtering. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribePrefixLists API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePrefixLists.html).\n" + }, + "prefixListId": { + "type": "string", + "description": "The ID of the prefix list to select.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getPrefixList.\n", + "properties": { + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of CIDR blocks for the AWS service associated with the prefix list.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getPrefixListFilter:getPrefixListFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the selected prefix list.\n" + }, + "prefixListId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "cidrBlocks", + "name", + "id" + ] + } + }, + "aws:ec2/getRoute:getRoute": { + "description": "`aws.ec2.Route` provides details about a specific Route.\n\nThis resource can prove useful when finding the resource associated with a CIDR. For example, finding the peering connection associated with a CIDR value.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example shows how one might use a CIDR value to find a network interface id and use this to create a data source of that network interface.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnetId = config.requireObject(\"subnetId\");\nconst selected = aws.ec2.getRouteTable({\n subnetId: subnetId,\n});\nconst route = aws.ec2.getRoute({\n routeTableId: aws_route_table.selected.id,\n destinationCidrBlock: \"10.0.1.0/24\",\n});\nconst interface = route.then(route => aws.ec2.getNetworkInterface({\n id: route.networkInterfaceId,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnet_id = config.require_object(\"subnetId\")\nselected = aws.ec2.get_route_table(subnet_id=subnet_id)\nroute = aws.ec2.get_route(route_table_id=aws_route_table[\"selected\"][\"id\"],\n destination_cidr_block=\"10.0.1.0/24\")\ninterface = aws.ec2.get_network_interface(id=route.network_interface_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var subnetId = config.RequireObject(\"subnetId\");\n var selected = Output.Create(Aws.Ec2.GetRouteTable.InvokeAsync(new Aws.Ec2.GetRouteTableArgs\n {\n SubnetId = subnetId,\n }));\n var route = Output.Create(Aws.Ec2.GetRoute.InvokeAsync(new Aws.Ec2.GetRouteArgs\n {\n RouteTableId = aws_route_table.Selected.Id,\n DestinationCidrBlock = \"10.0.1.0/24\",\n }));\n var @interface = route.Apply(route => Output.Create(Aws.Ec2.GetNetworkInterface.InvokeAsync(new Aws.Ec2.GetNetworkInterfaceArgs\n {\n Id = route.NetworkInterfaceId,\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\topt0 := subnetId\n\t\t_, err := ec2.LookupRouteTable(ctx, &ec2.LookupRouteTableArgs{\n\t\t\tSubnetId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt1 := \"10.0.1.0/24\"\n\t\troute, err := ec2.LookupRoute(ctx, &ec2.LookupRouteArgs{\n\t\t\tRouteTableId: aws_route_table.Selected.Id,\n\t\t\tDestinationCidrBlock: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt2 := route.NetworkInterfaceId\n\t\t_, err = ec2.LookupNetworkInterface(ctx, &ec2.LookupNetworkInterfaceArgs{\n\t\t\tId: &opt2,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRoute.\n", + "properties": { + "carrierGatewayId": { + "type": "string", + "description": "EC2 Carrier Gateway ID of the Route belonging to the Route Table.\n" + }, + "destinationCidrBlock": { + "type": "string", + "description": "CIDR block of the Route belonging to the Route Table.\n" + }, + "destinationIpv6CidrBlock": { + "type": "string", + "description": "IPv6 CIDR block of the Route belonging to the Route Table.\n" + }, + "destinationPrefixListId": { + "type": "string", + "description": "The ID of a managed prefix list destination of the Route belonging to the Route Table.\n" + }, + "egressOnlyGatewayId": { + "type": "string", + "description": "Egress Only Gateway ID of the Route belonging to the Route Table.\n" + }, + "gatewayId": { + "type": "string", + "description": "Gateway ID of the Route belonging to the Route Table.\n" + }, + "instanceId": { + "type": "string", + "description": "Instance ID of the Route belonging to the Route Table.\n" + }, + "localGatewayId": { + "type": "string", + "description": "Local Gateway ID of the Route belonging to the Route Table.\n" + }, + "natGatewayId": { + "type": "string", + "description": "NAT Gateway ID of the Route belonging to the Route Table.\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "Network Interface ID of the Route belonging to the Route Table.\n" + }, + "routeTableId": { + "type": "string", + "description": "The ID of the specific Route Table containing the Route entry.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "EC2 Transit Gateway ID of the Route belonging to the Route Table.\n" + }, + "vpcPeeringConnectionId": { + "type": "string", + "description": "VPC Peering Connection ID of the Route belonging to the Route Table.\n" + } + }, + "type": "object", + "required": [ + "routeTableId" + ] + }, + "outputs": { + "description": "A collection of values returned by getRoute.\n", + "properties": { + "carrierGatewayId": { + "type": "string" + }, + "destinationCidrBlock": { + "type": "string" + }, + "destinationIpv6CidrBlock": { + "type": "string" + }, + "destinationPrefixListId": { + "type": "string" + }, + "egressOnlyGatewayId": { + "type": "string" + }, + "gatewayId": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceId": { + "type": "string" + }, + "localGatewayId": { + "type": "string" + }, + "natGatewayId": { + "type": "string" + }, + "networkInterfaceId": { + "type": "string" + }, + "routeTableId": { + "type": "string" + }, + "transitGatewayId": { + "type": "string" + }, + "vpcPeeringConnectionId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "carrierGatewayId", + "destinationCidrBlock", + "destinationIpv6CidrBlock", + "destinationPrefixListId", + "egressOnlyGatewayId", + "gatewayId", + "instanceId", + "localGatewayId", + "natGatewayId", + "networkInterfaceId", + "routeTableId", + "transitGatewayId", + "vpcPeeringConnectionId", + "id" + ] + } + }, + "aws:ec2/getRouteTable:getRouteTable": { + "description": "`aws.ec2.RouteTable` provides details about a specific Route Table.\n\nThis resource can prove useful when a module accepts a Subnet ID as an input variable and needs to, for example, add a route in the Route Table.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example shows how one might accept a Route Table ID as a variable and use this data source to obtain the data necessary to create a route.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnetId = config.requireObject(\"subnetId\");\nconst selected = aws.ec2.getRouteTable({\n subnetId: subnetId,\n});\nconst route = new aws.ec2.Route(\"route\", {\n routeTableId: selected.then(selected => selected.id),\n destinationCidrBlock: \"10.0.1.0/22\",\n vpcPeeringConnectionId: \"pcx-45ff3dc1\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnet_id = config.require_object(\"subnetId\")\nselected = aws.ec2.get_route_table(subnet_id=subnet_id)\nroute = aws.ec2.Route(\"route\",\n route_table_id=selected.id,\n destination_cidr_block=\"10.0.1.0/22\",\n vpc_peering_connection_id=\"pcx-45ff3dc1\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var subnetId = config.RequireObject(\"subnetId\");\n var selected = Output.Create(Aws.Ec2.GetRouteTable.InvokeAsync(new Aws.Ec2.GetRouteTableArgs\n {\n SubnetId = subnetId,\n }));\n var route = new Aws.Ec2.Route(\"route\", new Aws.Ec2.RouteArgs\n {\n RouteTableId = selected.Apply(selected => selected.Id),\n DestinationCidrBlock = \"10.0.1.0/22\",\n VpcPeeringConnectionId = \"pcx-45ff3dc1\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\topt0 := subnetId\n\t\tselected, err := ec2.LookupRouteTable(ctx, &ec2.LookupRouteTableArgs{\n\t\t\tSubnetId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewRoute(ctx, \"route\", &ec2.RouteArgs{\n\t\t\tRouteTableId: pulumi.String(selected.Id),\n\t\t\tDestinationCidrBlock: pulumi.String(\"10.0.1.0/22\"),\n\t\t\tVpcPeeringConnectionId: pulumi.String(\"pcx-45ff3dc1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRouteTable.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getRouteTableFilter:getRouteTableFilter" + }, + "description": "Configuration block. Detailed below.\n" + }, + "gatewayId": { + "type": "string", + "description": "ID of an Internet Gateway or Virtual Private Gateway which is connected to the Route Table (not exported if not passed as a parameter).\n" + }, + "routeTableId": { + "type": "string", + "description": "ID of the specific Route Table to retrieve.\n" + }, + "subnetId": { + "type": "string", + "description": "ID of a Subnet which is connected to the Route Table (not exported if not passed as a parameter).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags, each pair of which must exactly match a pair on the desired Route Table.\n" + }, + "vpcId": { + "type": "string", + "description": "ID of the VPC that the desired Route Table belongs to.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getRouteTable.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the route table.\n" + }, + "associations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getRouteTableAssociation:getRouteTableAssociation" + }, + "description": "List of associations with attributes detailed below.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getRouteTableFilter:getRouteTableFilter" + } + }, + "gatewayId": { + "type": "string", + "description": "Gateway ID. Only set when associated with an Internet Gateway or Virtual Private Gateway.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ownerId": { + "type": "string", + "description": "ID of the AWS account that owns the route table.\n" + }, + "routeTableId": { + "type": "string", + "description": "Route Table ID.\n" + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getRouteTableRoute:getRouteTableRoute" + }, + "description": "List of routes with attributes detailed below.\n" + }, + "subnetId": { + "type": "string", + "description": "Subnet ID. Only set when associated with a subnet.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "associations", + "gatewayId", + "ownerId", + "routeTableId", + "routes", + "subnetId", + "tags", + "vpcId", + "id" + ] + } + }, + "aws:ec2/getRouteTables:getRouteTables": { + "description": "This resource can be useful for getting back a list of route table ids to be referenced elsewhere.\n", + "inputs": { + "description": "A collection of arguments for invoking getRouteTables.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getRouteTablesFilter:getRouteTablesFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired route tables.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID that you want to filter from.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getRouteTables.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getRouteTablesFilter:getRouteTablesFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A set of all the route table ids found. This data source will fail if none are found.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ids", + "tags", + "id" + ] + } + }, + "aws:ec2/getSecurityGroup:getSecurityGroup": { + "description": "`aws.ec2.SecurityGroup` provides details about a specific Security Group.\n\nThis resource can prove useful when a module accepts a Security Group id as\nan input variable and needs to, for example, determine the id of the\nVPC that the security group belongs to.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example shows how one might accept a Security Group id as a variable\nand use this data source to obtain the data necessary to create a subnet.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst securityGroupId = config.requireObject(\"securityGroupId\");\nconst selected = aws.ec2.getSecurityGroup({\n id: securityGroupId,\n});\nconst subnet = new aws.ec2.Subnet(\"subnet\", {\n vpcId: selected.then(selected => selected.vpcId),\n cidrBlock: \"10.0.1.0/24\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsecurity_group_id = config.require_object(\"securityGroupId\")\nselected = aws.ec2.get_security_group(id=security_group_id)\nsubnet = aws.ec2.Subnet(\"subnet\",\n vpc_id=selected.vpc_id,\n cidr_block=\"10.0.1.0/24\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var securityGroupId = config.RequireObject(\"securityGroupId\");\n var selected = Output.Create(Aws.Ec2.GetSecurityGroup.InvokeAsync(new Aws.Ec2.GetSecurityGroupArgs\n {\n Id = securityGroupId,\n }));\n var subnet = new Aws.Ec2.Subnet(\"subnet\", new Aws.Ec2.SubnetArgs\n {\n VpcId = selected.Apply(selected => selected.VpcId),\n CidrBlock = \"10.0.1.0/24\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsecurityGroupId := cfg.RequireObject(\"securityGroupId\")\n\t\topt0 := securityGroupId\n\t\tselected, err := ec2.LookupSecurityGroup(ctx, &ec2.LookupSecurityGroupArgs{\n\t\t\tId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSubnet(ctx, \"subnet\", &ec2.SubnetArgs{\n\t\t\tVpcId: pulumi.String(selected.VpcId),\n\t\t\tCidrBlock: pulumi.String(\"10.0.1.0/24\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSecurityGroup.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getSecurityGroupFilter:getSecurityGroupFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "id": { + "type": "string", + "description": "The id of the specific security group to retrieve.\n" + }, + "name": { + "type": "string", + "description": "The name of the field to filter by, as defined by\n[the underlying AWS API](http://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired security group.\n" + }, + "vpcId": { + "type": "string", + "description": "The id of the VPC that the desired security group belongs to.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getSecurityGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The computed ARN of the security group.\n" + }, + "description": { + "type": "string", + "description": "The description of the security group.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getSecurityGroupFilter:getSecurityGroupFilter" + } + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "description", + "id", + "name", + "tags", + "vpcId" + ] + } + }, + "aws:ec2/getSecurityGroups:getSecurityGroups": { + "description": "Use this data source to get IDs and VPC membership of Security Groups that are created\noutside of this provider.\n", + "inputs": { + "description": "A collection of arguments for invoking getSecurityGroups.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getSecurityGroupsFilter:getSecurityGroupsFilter" + }, + "description": "One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out [describe-security-groups in the AWS CLI reference][1].\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match for desired security groups.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getSecurityGroups.\n", + "properties": { + "arns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "ARNs of the matched security groups.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getSecurityGroupsFilter:getSecurityGroupsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "IDs of the matches security groups.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The VPC IDs of the matched security groups. The data source's tag or filter *will span VPCs* unless the `vpc-id` filter is also used.\n" + } + }, + "type": "object", + "required": [ + "arns", + "ids", + "tags", + "vpcIds", + "id" + ] + } + }, + "aws:ec2/getSpotPrice:getSpotPrice": { + "description": "Information about most recent Spot Price for a given EC2 instance.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2.getSpotPrice({\n availabilityZone: \"us-west-2a\",\n filters: [{\n name: \"product-description\",\n values: [\"Linux/UNIX\"],\n }],\n instanceType: \"t3.medium\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_spot_price(availability_zone=\"us-west-2a\",\n filters=[aws.ec2.GetSpotPriceFilterArgs(\n name=\"product-description\",\n values=[\"Linux/UNIX\"],\n )],\n instance_type=\"t3.medium\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetSpotPrice.InvokeAsync(new Aws.Ec2.GetSpotPriceArgs\n {\n AvailabilityZone = \"us-west-2a\",\n Filters = \n {\n new Aws.Ec2.Inputs.GetSpotPriceFilterArgs\n {\n Name = \"product-description\",\n Values = \n {\n \"Linux/UNIX\",\n },\n },\n },\n InstanceType = \"t3.medium\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"us-west-2a\"\n\t\topt1 := \"t3.medium\"\n\t\t_, err := ec2.GetSpotPrice(ctx, &ec2.GetSpotPriceArgs{\n\t\t\tAvailabilityZone: &opt0,\n\t\t\tFilters: []ec2.GetSpotPriceFilter{\n\t\t\t\tec2.GetSpotPriceFilter{\n\t\t\t\t\tName: \"product-description\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"Linux/UNIX\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tInstanceType: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSpotPrice.\n", + "properties": { + "availabilityZone": { + "type": "string", + "description": "The availability zone in which to query Spot price information.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getSpotPriceFilter:getSpotPriceFilter" + }, + "description": "One or more configuration blocks containing name-values filters. See the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSpotPriceHistory.html) for supported filters. Detailed below.\n" + }, + "instanceType": { + "type": "string", + "description": "The type of instance for which to query Spot Price information.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getSpotPrice.\n", + "properties": { + "availabilityZone": { + "type": "string" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getSpotPriceFilter:getSpotPriceFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceType": { + "type": "string" + }, + "spotPrice": { + "type": "string", + "description": "The most recent Spot Price value for the given instance type and AZ.\n" + }, + "spotPriceTimestamp": { + "type": "string", + "description": "The timestamp at which the Spot Price value was published.\n" + } + }, + "type": "object", + "required": [ + "spotPrice", + "spotPriceTimestamp", + "id" + ] + } + }, + "aws:ec2/getSubnet:getSubnet": { + "description": "`aws.ec2.Subnet` provides details about a specific VPC subnet.\n\nThis resource can prove useful when a module accepts a subnet ID as an input variable and needs to, for example, determine the ID of the VPC that the subnet belongs to.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example shows how one might accept a subnet ID as a variable and use this data source to obtain the data necessary to create a security group that allows connections from hosts in that subnet.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst subnetId = config.requireObject(\"subnetId\");\nconst selected = aws.ec2.getSubnet({\n id: subnetId,\n});\nconst subnet = new aws.ec2.SecurityGroup(\"subnet\", {\n vpcId: selected.then(selected => selected.vpcId),\n ingress: [{\n cidrBlocks: [selected.then(selected => selected.cidrBlock)],\n fromPort: 80,\n toPort: 80,\n protocol: \"tcp\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nsubnet_id = config.require_object(\"subnetId\")\nselected = aws.ec2.get_subnet(id=subnet_id)\nsubnet = aws.ec2.SecurityGroup(\"subnet\",\n vpc_id=selected.vpc_id,\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n cidr_blocks=[selected.cidr_block],\n from_port=80,\n to_port=80,\n protocol=\"tcp\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var subnetId = config.RequireObject(\"subnetId\");\n var selected = Output.Create(Aws.Ec2.GetSubnet.InvokeAsync(new Aws.Ec2.GetSubnetArgs\n {\n Id = subnetId,\n }));\n var subnet = new Aws.Ec2.SecurityGroup(\"subnet\", new Aws.Ec2.SecurityGroupArgs\n {\n VpcId = selected.Apply(selected => selected.VpcId),\n Ingress = \n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n CidrBlocks = \n {\n selected.Apply(selected => selected.CidrBlock),\n },\n FromPort = 80,\n ToPort = 80,\n Protocol = \"tcp\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tsubnetId := cfg.RequireObject(\"subnetId\")\n\t\topt0 := subnetId\n\t\tselected, err := ec2.LookupSubnet(ctx, &ec2.LookupSubnetArgs{\n\t\t\tId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"subnet\", &ec2.SecurityGroupArgs{\n\t\t\tVpcId: pulumi.String(selected.VpcId),\n\t\t\tIngress: ec2.SecurityGroupIngressArray{\n\t\t\t\t&ec2.SecurityGroupIngressArgs{\n\t\t\t\t\tCidrBlocks: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(selected.CidrBlock),\n\t\t\t\t\t},\n\t\t\t\t\tFromPort: pulumi.Int(80),\n\t\t\t\t\tToPort: pulumi.Int(80),\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter Example\n\nIf you want to match against tag `Name`, use:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = pulumi.output(aws.ec2.getSubnet({\n filters: [{\n name: \"tag:Name\",\n values: [\"yakdriver\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.ec2.get_subnet(filters=[aws.ec2.GetSubnetFilterArgs(\n name=\"tag:Name\",\n values=[\"yakdriver\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var selected = Output.Create(Aws.Ec2.GetSubnet.InvokeAsync(new Aws.Ec2.GetSubnetArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetSubnetFilterArgs\n {\n Name = \"tag:Name\",\n Values = \n {\n \"yakdriver\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupSubnet(ctx, &ec2.LookupSubnetArgs{\n\t\t\tFilters: []ec2.GetSubnetFilter{\n\t\t\t\tec2.GetSubnetFilter{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"yakdriver\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSubnet.\n", + "properties": { + "availabilityZone": { + "type": "string", + "description": "Availability zone where the subnet must reside.\n" + }, + "availabilityZoneId": { + "type": "string", + "description": "ID of the Availability Zone for the subnet.\n" + }, + "cidrBlock": { + "type": "string", + "description": "CIDR block of the desired subnet.\n" + }, + "defaultForAz": { + "type": "boolean", + "description": "Whether the desired subnet must be the default subnet for its associated availability zone.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getSubnetFilter:getSubnetFilter" + }, + "description": "Configuration block. Detailed below.\n" + }, + "id": { + "type": "string", + "description": "ID of the specific subnet to retrieve.\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "IPv6 CIDR block of the desired subnet.\n" + }, + "state": { + "type": "string", + "description": "State that the desired subnet must have.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of tags, each pair of which must exactly match a pair on the desired subnet.\n" + }, + "vpcId": { + "type": "string", + "description": "ID of the VPC that the desired subnet belongs to.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getSubnet.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the subnet.\n" + }, + "assignIpv6AddressOnCreation": { + "type": "boolean", + "description": "Whether an IPv6 address is assigned on creation.\n" + }, + "availabilityZone": { + "type": "string" + }, + "availabilityZoneId": { + "type": "string" + }, + "availableIpAddressCount": { + "type": "integer", + "description": "Available IP addresses of the subnet.\n" + }, + "cidrBlock": { + "type": "string" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "Identifier of customer owned IPv4 address pool.\n" + }, + "defaultForAz": { + "type": "boolean" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getSubnetFilter:getSubnetFilter" + } + }, + "id": { + "type": "string" + }, + "ipv6CidrBlock": { + "type": "string" + }, + "ipv6CidrBlockAssociationId": { + "type": "string", + "description": "Association ID of the IPv6 CIDR block.\n" + }, + "mapCustomerOwnedIpOnLaunch": { + "type": "boolean", + "description": "Whether customer owned IP addresses are assigned on network interface creation.\n" + }, + "mapPublicIpOnLaunch": { + "type": "boolean", + "description": "Whether public IP addresses are assigned on instance launch.\n" + }, + "outpostArn": { + "type": "string", + "description": "ARN of the Outpost.\n" + }, + "ownerId": { + "type": "string", + "description": "ID of the AWS account that owns the subnet.\n" + }, + "state": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "assignIpv6AddressOnCreation", + "availabilityZone", + "availabilityZoneId", + "availableIpAddressCount", + "cidrBlock", + "customerOwnedIpv4Pool", + "defaultForAz", + "id", + "ipv6CidrBlock", + "ipv6CidrBlockAssociationId", + "mapCustomerOwnedIpOnLaunch", + "mapPublicIpOnLaunch", + "outpostArn", + "ownerId", + "state", + "tags", + "vpcId" + ] + } + }, + "aws:ec2/getSubnetIds:getSubnetIds": { + "description": "`aws.ec2.getSubnetIds` provides a set of ids for a vpc_id\n\nThis resource can be useful for getting back a set of subnet ids for a vpc.\n", + "inputs": { + "description": "A collection of arguments for invoking getSubnetIds.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getSubnetIdsFilter:getSubnetIdsFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired subnets.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID that you want to filter from.\n" + } + }, + "type": "object", + "required": [ + "vpcId" + ] + }, + "outputs": { + "description": "A collection of values returned by getSubnetIds.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getSubnetIdsFilter:getSubnetIdsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A set of all the subnet ids found. This data source will fail if none are found.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ids", + "tags", + "vpcId", + "id" + ] + } + }, + "aws:ec2/getTransitGatewayRouteTables:getTransitGatewayRouteTables": { + "description": "Provides information for multiple EC2 Transit Gateway Route Tables, such as their identifiers.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following shows outputing all Transit Gateway Route Table Ids.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleTransitGatewayRouteTables = aws.ec2.getTransitGatewayRouteTables({});\nexport const example = data.aws_ec2_transit_gateway_route_table.example.ids;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_transit_gateway_route_tables = aws.ec2.get_transit_gateway_route_tables()\npulumi.export(\"example\", data[\"aws_ec2_transit_gateway_route_table\"][\"example\"][\"ids\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleTransitGatewayRouteTables = Output.Create(Aws.Ec2.GetTransitGatewayRouteTables.InvokeAsync());\n this.Example = data.Aws_ec2_transit_gateway_route_table.Example.Ids;\n }\n\n [Output(\"example\")]\n public Output Example { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetTransitGatewayRouteTables(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"example\", data.Aws_ec2_transit_gateway_route_table.Example.Ids)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getTransitGatewayRouteTables.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getTransitGatewayRouteTablesFilter:getTransitGatewayRouteTablesFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match\na pair on the desired transit gateway route table.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getTransitGatewayRouteTables.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getTransitGatewayRouteTablesFilter:getTransitGatewayRouteTablesFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Transit Gateway Route Table identifiers.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "ids", + "tags", + "id" + ] + } + }, + "aws:ec2/getVpc:getVpc": { + "description": "`aws.ec2.Vpc` provides details about a specific VPC.\n\nThis resource can prove useful when a module accepts a vpc id as\nan input variable and needs to, for example, determine the CIDR block of that\nVPC.\n", + "inputs": { + "description": "A collection of arguments for invoking getVpc.\n", + "properties": { + "cidrBlock": { + "type": "string", + "description": "The cidr block of the desired VPC.\n" + }, + "default": { + "type": "boolean", + "description": "Boolean constraint on whether the desired VPC is\nthe default VPC for the region.\n" + }, + "dhcpOptionsId": { + "type": "string", + "description": "The DHCP options id of the desired VPC.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcFilter:getVpcFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "id": { + "type": "string", + "description": "The id of the specific VPC to retrieve.\n" + }, + "state": { + "type": "string", + "description": "The current state of the desired VPC.\nCan be either `\"pending\"` or `\"available\"`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired VPC.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVpc.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of VPC\n" + }, + "cidrBlock": { + "type": "string", + "description": "The CIDR block for the association.\n" + }, + "cidrBlockAssociations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcCidrBlockAssociation:getVpcCidrBlockAssociation" + } + }, + "default": { + "type": "boolean" + }, + "dhcpOptionsId": { + "type": "string" + }, + "enableDnsHostnames": { + "type": "boolean", + "description": "Whether or not the VPC has DNS hostname support\n" + }, + "enableDnsSupport": { + "type": "boolean", + "description": "Whether or not the VPC has DNS support\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcFilter:getVpcFilter" + } + }, + "id": { + "type": "string" + }, + "instanceTenancy": { + "type": "string", + "description": "The allowed tenancy of instances launched into the\nselected VPC. May be any of `\"default\"`, `\"dedicated\"`, or `\"host\"`.\n" + }, + "ipv6AssociationId": { + "type": "string", + "description": "The association ID for the IPv6 CIDR block.\n" + }, + "ipv6CidrBlock": { + "type": "string", + "description": "The IPv6 CIDR block.\n" + }, + "mainRouteTableId": { + "type": "string", + "description": "The ID of the main route table associated with this VPC.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the VPC.\n" + }, + "state": { + "type": "string", + "description": "The State of the association.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "arn", + "cidrBlock", + "cidrBlockAssociations", + "default", + "dhcpOptionsId", + "enableDnsHostnames", + "enableDnsSupport", + "id", + "instanceTenancy", + "ipv6AssociationId", + "ipv6CidrBlock", + "mainRouteTableId", + "ownerId", + "state", + "tags" + ] + } + }, + "aws:ec2/getVpcDhcpOptions:getVpcDhcpOptions": { + "description": "Retrieve information about an EC2 DHCP Options configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Lookup by DHCP Options ID\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2.getVpcDhcpOptions({\n dhcpOptionsId: \"dopts-12345678\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_vpc_dhcp_options(dhcp_options_id=\"dopts-12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetVpcDhcpOptions.InvokeAsync(new Aws.Ec2.GetVpcDhcpOptionsArgs\n {\n DhcpOptionsId = \"dopts-12345678\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"dopts-12345678\"\n\t\t_, err := ec2.LookupVpcDhcpOptions(ctx, &ec2.LookupVpcDhcpOptionsArgs{\n\t\t\tDhcpOptionsId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Lookup by Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2.getVpcDhcpOptions({\n filters: [\n {\n name: \"key\",\n values: [\"domain-name\"],\n },\n {\n name: \"value\",\n values: [\"example.com\"],\n },\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_vpc_dhcp_options(filters=[\n aws.ec2.GetVpcDhcpOptionsFilterArgs(\n name=\"key\",\n values=[\"domain-name\"],\n ),\n aws.ec2.GetVpcDhcpOptionsFilterArgs(\n name=\"value\",\n values=[\"example.com\"],\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetVpcDhcpOptions.InvokeAsync(new Aws.Ec2.GetVpcDhcpOptionsArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetVpcDhcpOptionsFilterArgs\n {\n Name = \"key\",\n Values = \n {\n \"domain-name\",\n },\n },\n new Aws.Ec2.Inputs.GetVpcDhcpOptionsFilterArgs\n {\n Name = \"value\",\n Values = \n {\n \"example.com\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupVpcDhcpOptions(ctx, &ec2.LookupVpcDhcpOptionsArgs{\n\t\t\tFilters: []ec2.GetVpcDhcpOptionsFilter{\n\t\t\t\tec2.GetVpcDhcpOptionsFilter{\n\t\t\t\t\tName: \"key\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"domain-name\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetVpcDhcpOptionsFilter{\n\t\t\t\t\tName: \"value\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVpcDhcpOptions.\n", + "properties": { + "dhcpOptionsId": { + "type": "string", + "description": "The EC2 DHCP Options ID.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcDhcpOptionsFilter:getVpcDhcpOptionsFilter" + }, + "description": "List of custom filters as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVpcDhcpOptions.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the DHCP Options Set.\n" + }, + "dhcpOptionsId": { + "type": "string", + "description": "EC2 DHCP Options ID\n" + }, + "domainName": { + "type": "string", + "description": "The suffix domain name to used when resolving non Fully Qualified Domain Names. e.g. the `search` value in the `/etc/resolv.conf` file.\n" + }, + "domainNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of name servers.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcDhcpOptionsFilter:getVpcDhcpOptionsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "netbiosNameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NETBIOS name servers.\n" + }, + "netbiosNodeType": { + "type": "string", + "description": "The NetBIOS node type (1, 2, 4, or 8). For more information about these node types, see [RFC 2132](http://www.ietf.org/rfc/rfc2132.txt).\n" + }, + "ntpServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of NTP servers.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the DHCP options set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource.\n" + } + }, + "type": "object", + "required": [ + "arn", + "dhcpOptionsId", + "domainName", + "domainNameServers", + "netbiosNameServers", + "netbiosNodeType", + "ntpServers", + "ownerId", + "tags", + "id" + ] + } + }, + "aws:ec2/getVpcEndpoint:getVpcEndpoint": { + "description": "The VPC Endpoint data source provides details about\na specific VPC endpoint.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = aws.ec2.getVpcEndpoint({\n vpcId: aws_vpc.foo.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n});\nconst privateS3 = new aws.ec2.VpcEndpointRouteTableAssociation(\"privateS3\", {\n vpcEndpointId: s3.then(s3 => s3.id),\n routeTableId: aws_route_table[\"private\"].id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.ec2.get_vpc_endpoint(vpc_id=aws_vpc[\"foo\"][\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\")\nprivate_s3 = aws.ec2.VpcEndpointRouteTableAssociation(\"privateS3\",\n vpc_endpoint_id=s3.id,\n route_table_id=aws_route_table[\"private\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var s3 = Output.Create(Aws.Ec2.GetVpcEndpoint.InvokeAsync(new Aws.Ec2.GetVpcEndpointArgs\n {\n VpcId = aws_vpc.Foo.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n }));\n var privateS3 = new Aws.Ec2.VpcEndpointRouteTableAssociation(\"privateS3\", new Aws.Ec2.VpcEndpointRouteTableAssociationArgs\n {\n VpcEndpointId = s3.Apply(s3 => s3.Id),\n RouteTableId = aws_route_table.Private.Id,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := aws_vpc.Foo.Id\n\t\topt1 := \"com.amazonaws.us-west-2.s3\"\n\t\ts3, err := ec2.LookupVpcEndpoint(ctx, &ec2.LookupVpcEndpointArgs{\n\t\t\tVpcId: &opt0,\n\t\t\tServiceName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpointRouteTableAssociation(ctx, \"privateS3\", &ec2.VpcEndpointRouteTableAssociationArgs{\n\t\t\tVpcEndpointId: pulumi.String(s3.Id),\n\t\t\tRouteTableId: pulumi.Any(aws_route_table.Private.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVpcEndpoint.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcEndpointFilter:getVpcEndpointFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "id": { + "type": "string", + "description": "The ID of the specific VPC Endpoint to retrieve.\n" + }, + "serviceName": { + "type": "string", + "description": "The service name of the specific VPC Endpoint to retrieve. For AWS services the service name is usually in the form `com.amazonaws..` (the SageMaker Notebook service is an exception to this rule, the service name is in the form `aws.sagemaker..notebook`).\n" + }, + "state": { + "type": "string", + "description": "The state of the specific VPC Endpoint to retrieve.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the specific VPC Endpoint to retrieve.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the VPC in which the specific VPC Endpoint is used.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVpcEndpoint.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the VPC endpoint.\n" + }, + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of CIDR blocks for the exposed AWS service. Applicable for endpoints of type `Gateway`.\n" + }, + "dnsEntries": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcEndpointDnsEntry:getVpcEndpointDnsEntry" + }, + "description": "The DNS entries for the VPC Endpoint. Applicable for endpoints of type `Interface`. DNS blocks are documented below.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcEndpointFilter:getVpcEndpointFilter" + } + }, + "id": { + "type": "string" + }, + "networkInterfaceIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more network interfaces for the VPC Endpoint. Applicable for endpoints of type `Interface`.\n" + }, + "ownerId": { + "type": "string", + "description": "The ID of the AWS account that owns the VPC endpoint.\n" + }, + "policy": { + "type": "string", + "description": "The policy document associated with the VPC Endpoint. Applicable for endpoints of type `Gateway`.\n" + }, + "prefixListId": { + "type": "string", + "description": "The prefix list ID of the exposed AWS service. Applicable for endpoints of type `Gateway`.\n" + }, + "privateDnsEnabled": { + "type": "boolean", + "description": "Whether or not the VPC is associated with a private hosted zone - `true` or `false`. Applicable for endpoints of type `Interface`.\n" + }, + "requesterManaged": { + "type": "boolean", + "description": "Whether or not the VPC Endpoint is being managed by its service - `true` or `false`.\n" + }, + "routeTableIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more route tables associated with the VPC Endpoint. Applicable for endpoints of type `Gateway`.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more security groups associated with the network interfaces. Applicable for endpoints of type `Interface`.\n" + }, + "serviceName": { + "type": "string" + }, + "state": { + "type": "string" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more subnets in which the VPC Endpoint is located. Applicable for endpoints of type `Interface`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcEndpointType": { + "type": "string", + "description": "The VPC Endpoint type, `Gateway` or `Interface`.\n" + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "cidrBlocks", + "dnsEntries", + "id", + "networkInterfaceIds", + "ownerId", + "policy", + "prefixListId", + "privateDnsEnabled", + "requesterManaged", + "routeTableIds", + "securityGroupIds", + "serviceName", + "state", + "subnetIds", + "tags", + "vpcEndpointType", + "vpcId" + ] + } + }, + "aws:ec2/getVpcEndpointService:getVpcEndpointService": { + "description": "The VPC Endpoint Service data source details about a specific service that\ncan be specified when creating a VPC endpoint within the region configured in the provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### AWS Service\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = aws.ec2.getVpcEndpointService({\n service: \"s3\",\n serviceType: \"Gateway\",\n});\n// Create a VPC\nconst foo = new aws.ec2.Vpc(\"foo\", {cidrBlock: \"10.0.0.0/16\"});\n// Create a VPC endpoint\nconst ep = new aws.ec2.VpcEndpoint(\"ep\", {\n vpcId: foo.id,\n serviceName: s3.then(s3 => s3.serviceName),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.ec2.get_vpc_endpoint_service(service=\"s3\",\n service_type=\"Gateway\")\n# Create a VPC\nfoo = aws.ec2.Vpc(\"foo\", cidr_block=\"10.0.0.0/16\")\n# Create a VPC endpoint\nep = aws.ec2.VpcEndpoint(\"ep\",\n vpc_id=foo.id,\n service_name=s3.service_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var s3 = Output.Create(Aws.Ec2.GetVpcEndpointService.InvokeAsync(new Aws.Ec2.GetVpcEndpointServiceArgs\n {\n Service = \"s3\",\n ServiceType = \"Gateway\",\n }));\n // Create a VPC\n var foo = new Aws.Ec2.Vpc(\"foo\", new Aws.Ec2.VpcArgs\n {\n CidrBlock = \"10.0.0.0/16\",\n });\n // Create a VPC endpoint\n var ep = new Aws.Ec2.VpcEndpoint(\"ep\", new Aws.Ec2.VpcEndpointArgs\n {\n VpcId = foo.Id,\n ServiceName = s3.Apply(s3 => s3.ServiceName),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"s3\"\n\t\topt1 := \"Gateway\"\n\t\ts3, err := ec2.LookupVpcEndpointService(ctx, &ec2.LookupVpcEndpointServiceArgs{\n\t\t\tService: &opt0,\n\t\t\tServiceType: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tfoo, err := ec2.NewVpc(ctx, \"foo\", &ec2.VpcArgs{\n\t\t\tCidrBlock: pulumi.String(\"10.0.0.0/16\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewVpcEndpoint(ctx, \"ep\", &ec2.VpcEndpointArgs{\n\t\t\tVpcId: foo.ID(),\n\t\t\tServiceName: pulumi.String(s3.ServiceName),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Non-AWS Service\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst custome = pulumi.output(aws.ec2.getVpcEndpointService({\n serviceName: \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncustome = aws.ec2.get_vpc_endpoint_service(service_name=\"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var custome = Output.Create(Aws.Ec2.GetVpcEndpointService.InvokeAsync(new Aws.Ec2.GetVpcEndpointServiceArgs\n {\n ServiceName = \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"com.amazonaws.vpce.us-west-2.vpce-svc-0e87519c997c63cd8\"\n\t\t_, err := ec2.LookupVpcEndpointService(ctx, &ec2.LookupVpcEndpointServiceArgs{\n\t\t\tServiceName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.ec2.getVpcEndpointService({\n filters: [{\n name: \"service-name\",\n values: [\"some-service\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_vpc_endpoint_service(filters=[aws.ec2.GetVpcEndpointServiceFilterArgs(\n name=\"service-name\",\n values=[\"some-service\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Ec2.GetVpcEndpointService.InvokeAsync(new Aws.Ec2.GetVpcEndpointServiceArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetVpcEndpointServiceFilterArgs\n {\n Name = \"service-name\",\n Values = \n {\n \"some-service\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.LookupVpcEndpointService(ctx, &ec2.LookupVpcEndpointServiceArgs{\n\t\t\tFilters: []ec2.GetVpcEndpointServiceFilter{\n\t\t\t\tec2.GetVpcEndpointServiceFilter{\n\t\t\t\t\tName: \"service-name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"some-service\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVpcEndpointService.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcEndpointServiceFilter:getVpcEndpointServiceFilter" + }, + "description": "Configuration block(s) for filtering. Detailed below.\n" + }, + "service": { + "type": "string", + "description": "The common name of an AWS service (e.g. `s3`).\n" + }, + "serviceName": { + "type": "string", + "description": "The service name that is specified when creating a VPC endpoint. For AWS services the service name is usually in the form `com.amazonaws..` (the SageMaker Notebook service is an exception to this rule, the service name is in the form `aws.sagemaker..notebook`).\n" + }, + "serviceType": { + "type": "string", + "description": "The service type, `Gateway` or `Interface`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match a pair on the desired VPC Endpoint Service.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVpcEndpointService.\n", + "properties": { + "acceptanceRequired": { + "type": "boolean", + "description": "Whether or not VPC endpoint connection requests to the service must be accepted by the service owner - `true` or `false`.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the VPC endpoint service.\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The Availability Zones in which the service is available.\n" + }, + "baseEndpointDnsNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The DNS names for the service.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcEndpointServiceFilter:getVpcEndpointServiceFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "managesVpcEndpoints": { + "type": "boolean", + "description": "Whether or not the service manages its VPC endpoints - `true` or `false`.\n" + }, + "owner": { + "type": "string", + "description": "The AWS account ID of the service owner or `amazon`.\n" + }, + "privateDnsName": { + "type": "string", + "description": "The private DNS name for the service.\n" + }, + "service": { + "type": "string" + }, + "serviceId": { + "type": "string", + "description": "The ID of the endpoint service.\n" + }, + "serviceName": { + "type": "string" + }, + "serviceType": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource.\n" + }, + "vpcEndpointPolicySupported": { + "type": "boolean", + "description": "Whether or not the service supports endpoint policies - `true` or `false`.\n" + } + }, + "type": "object", + "required": [ + "acceptanceRequired", + "arn", + "availabilityZones", + "baseEndpointDnsNames", + "managesVpcEndpoints", + "owner", + "privateDnsName", + "serviceId", + "serviceName", + "serviceType", + "tags", + "vpcEndpointPolicySupported", + "id" + ] + } + }, + "aws:ec2/getVpcPeeringConnection:getVpcPeeringConnection": { + "description": "The VPC Peering Connection data source provides details about\na specific VPC peering connection.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst pc = aws.ec2.getVpcPeeringConnection({\n vpcId: aws_vpc.foo.id,\n peerCidrBlock: \"10.0.1.0/22\",\n});\n// Create a route table\nconst rt = new aws.ec2.RouteTable(\"rt\", {vpcId: aws_vpc.foo.id});\n// Create a route\nconst route = new aws.ec2.Route(\"route\", {\n routeTableId: rt.id,\n destinationCidrBlock: pc.then(pc => pc.peerCidrBlock),\n vpcPeeringConnectionId: pc.then(pc => pc.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\npc = aws.ec2.get_vpc_peering_connection(vpc_id=aws_vpc[\"foo\"][\"id\"],\n peer_cidr_block=\"10.0.1.0/22\")\n# Create a route table\nrt = aws.ec2.RouteTable(\"rt\", vpc_id=aws_vpc[\"foo\"][\"id\"])\n# Create a route\nroute = aws.ec2.Route(\"route\",\n route_table_id=rt.id,\n destination_cidr_block=pc.peer_cidr_block,\n vpc_peering_connection_id=pc.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var pc = Output.Create(Aws.Ec2.GetVpcPeeringConnection.InvokeAsync(new Aws.Ec2.GetVpcPeeringConnectionArgs\n {\n VpcId = aws_vpc.Foo.Id,\n PeerCidrBlock = \"10.0.1.0/22\",\n }));\n // Create a route table\n var rt = new Aws.Ec2.RouteTable(\"rt\", new Aws.Ec2.RouteTableArgs\n {\n VpcId = aws_vpc.Foo.Id,\n });\n // Create a route\n var route = new Aws.Ec2.Route(\"route\", new Aws.Ec2.RouteArgs\n {\n RouteTableId = rt.Id,\n DestinationCidrBlock = pc.Apply(pc => pc.PeerCidrBlock),\n VpcPeeringConnectionId = pc.Apply(pc => pc.Id),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := aws_vpc.Foo.Id\n\t\topt1 := \"10.0.1.0/22\"\n\t\tpc, err := ec2.LookupVpcPeeringConnection(ctx, &ec2.LookupVpcPeeringConnectionArgs{\n\t\t\tVpcId: &opt0,\n\t\t\tPeerCidrBlock: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trt, err := ec2.NewRouteTable(ctx, \"rt\", &ec2.RouteTableArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewRoute(ctx, \"route\", &ec2.RouteArgs{\n\t\t\tRouteTableId: rt.ID(),\n\t\t\tDestinationCidrBlock: pulumi.String(pc.PeerCidrBlock),\n\t\t\tVpcPeeringConnectionId: pulumi.String(pc.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVpcPeeringConnection.\n", + "properties": { + "cidrBlock": { + "type": "string", + "description": "The primary CIDR block of the requester VPC of the specific VPC Peering Connection to retrieve.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcPeeringConnectionFilter:getVpcPeeringConnectionFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "id": { + "type": "string", + "description": "The ID of the specific VPC Peering Connection to retrieve.\n" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the owner of the requester VPC of the specific VPC Peering Connection to retrieve.\n" + }, + "peerCidrBlock": { + "type": "string", + "description": "The primary CIDR block of the accepter VPC of the specific VPC Peering Connection to retrieve.\n" + }, + "peerOwnerId": { + "type": "string", + "description": "The AWS account ID of the owner of the accepter VPC of the specific VPC Peering Connection to retrieve.\n" + }, + "peerRegion": { + "type": "string", + "description": "The region of the accepter VPC of the specific VPC Peering Connection to retrieve.\n" + }, + "peerVpcId": { + "type": "string", + "description": "The ID of the accepter VPC of the specific VPC Peering Connection to retrieve.\n" + }, + "region": { + "type": "string", + "description": "The region of the requester VPC of the specific VPC Peering Connection to retrieve.\n" + }, + "status": { + "type": "string", + "description": "The status of the specific VPC Peering Connection to retrieve.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired VPC Peering Connection.\n" + }, + "vpcId": { + "type": "string", + "description": "The ID of the requester VPC of the specific VPC Peering Connection to retrieve.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVpcPeeringConnection.\n", + "properties": { + "accepter": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A configuration block that describes [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the accepter VPC.\n" + }, + "cidrBlock": { + "type": "string", + "description": "A CIDR block associated to the VPC of the specific VPC Peering Connection.\n" + }, + "cidrBlockSets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcPeeringConnectionCidrBlockSet:getVpcPeeringConnectionCidrBlockSet" + }, + "description": "List of objects with CIDR blocks of the requester VPC.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcPeeringConnectionFilter:getVpcPeeringConnectionFilter" + } + }, + "id": { + "type": "string" + }, + "ownerId": { + "type": "string" + }, + "peerCidrBlock": { + "type": "string" + }, + "peerCidrBlockSets": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcPeeringConnectionPeerCidrBlockSet:getVpcPeeringConnectionPeerCidrBlockSet" + }, + "description": "List of objects with CIDR blocks of the accepter VPC.\n" + }, + "peerOwnerId": { + "type": "string" + }, + "peerRegion": { + "type": "string" + }, + "peerVpcId": { + "type": "string" + }, + "region": { + "type": "string" + }, + "requester": { + "type": "object", + "additionalProperties": { + "type": "boolean" + }, + "description": "A configuration block that describes [VPC Peering Connection]\n(https://docs.aws.amazon.com/vpc/latest/peering/what-is-vpc-peering.html) options set for the requester VPC.\n" + }, + "status": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "accepter", + "cidrBlock", + "cidrBlockSets", + "id", + "ownerId", + "peerCidrBlock", + "peerCidrBlockSets", + "peerOwnerId", + "peerRegion", + "peerVpcId", + "region", + "requester", + "status", + "tags", + "vpcId" + ] + } + }, + "aws:ec2/getVpcPeeringConnections:getVpcPeeringConnections": { + "description": "Use this data source to get IDs of Amazon VPC peering connections\nTo get more details on each connection, use the data resource `aws.ec2.VpcPeeringConnection`\n", + "inputs": { + "description": "A collection of arguments for invoking getVpcPeeringConnections.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcPeeringConnectionsFilter:getVpcPeeringConnectionsFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match\na pair on the desired VPC Peering Connection.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVpcPeeringConnections.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcPeeringConnectionsFilter:getVpcPeeringConnectionsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IDs of the VPC Peering Connections.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "ids", + "tags", + "id" + ] + } + }, + "aws:ec2/getVpcs:getVpcs": { + "description": "This resource can be useful for getting back a list of VPC Ids for a region.\n\nThe following example retrieves a list of VPC Ids with a custom tag of `service` set to a value of \"production\".\n", + "inputs": { + "description": "A collection of arguments for invoking getVpcs.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcsFilter:getVpcsFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired vpcs.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVpcs.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpcsFilter:getVpcsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of all the VPC Ids found. This data source will fail if none are found.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "ids", + "tags", + "id" + ] + } + }, + "aws:ec2/getVpnGateway:getVpnGateway": { + "description": "The VPN Gateway data source provides details about\na specific VPN gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.ec2.getVpnGateway({\n filters: [{\n name: \"tag:Name\",\n values: [\"vpn-gw\"],\n }],\n});\nexport const vpnGatewayId = selected.then(selected => selected.id);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.ec2.get_vpn_gateway(filters=[aws.ec2.GetVpnGatewayFilterArgs(\n name=\"tag:Name\",\n values=[\"vpn-gw\"],\n)])\npulumi.export(\"vpnGatewayId\", selected.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var selected = Output.Create(Aws.Ec2.GetVpnGateway.InvokeAsync(new Aws.Ec2.GetVpnGatewayArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetVpnGatewayFilterArgs\n {\n Name = \"tag:Name\",\n Values = \n {\n \"vpn-gw\",\n },\n },\n },\n }));\n this.VpnGatewayId = selected.Apply(selected => selected.Id);\n }\n\n [Output(\"vpnGatewayId\")]\n public Output VpnGatewayId { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := ec2.LookupVpnGateway(ctx, &ec2.LookupVpnGatewayArgs{\n\t\t\tFilters: []ec2.GetVpnGatewayFilter{\n\t\t\t\tec2.GetVpnGatewayFilter{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"vpn-gw\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"vpnGatewayId\", selected.Id)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVpnGateway.\n", + "properties": { + "amazonSideAsn": { + "type": "string", + "description": "The Autonomous System Number (ASN) for the Amazon side of the specific VPN Gateway to retrieve.\n" + }, + "attachedVpcId": { + "type": "string", + "description": "The ID of a VPC attached to the specific VPN Gateway to retrieve.\n" + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone of the specific VPN Gateway to retrieve.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpnGatewayFilter:getVpnGatewayFilter" + }, + "description": "Custom filter block as described below.\n" + }, + "id": { + "type": "string", + "description": "The ID of the specific VPN Gateway to retrieve.\n" + }, + "state": { + "type": "string", + "description": "The state of the specific VPN Gateway to retrieve.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match\na pair on the desired VPN Gateway.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVpnGateway.\n", + "properties": { + "amazonSideAsn": { + "type": "string" + }, + "arn": { + "type": "string" + }, + "attachedVpcId": { + "type": "string" + }, + "availabilityZone": { + "type": "string" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2/getVpnGatewayFilter:getVpnGatewayFilter" + } + }, + "id": { + "type": "string" + }, + "state": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "amazonSideAsn", + "arn", + "attachedVpcId", + "availabilityZone", + "id", + "state", + "tags" + ] + } + }, + "aws:ec2transitgateway/getDirectConnectGatewayAttachment:getDirectConnectGatewayAttachment": { + "description": "Get information on an EC2 Transit Gateway's attachment to a Direct Connect Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### By Transit Gateway and Direct Connect Gateway Identifiers\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2transitgateway.getDirectConnectGatewayAttachment({\n transitGatewayId: aws_ec2_transit_gateway.example.id,\n dxGatewayId: aws_dx_gateway.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_direct_connect_gateway_attachment(transit_gateway_id=aws_ec2_transit_gateway[\"example\"][\"id\"],\n dx_gateway_id=aws_dx_gateway[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2TransitGateway.GetDirectConnectGatewayAttachment.InvokeAsync(new Aws.Ec2TransitGateway.GetDirectConnectGatewayAttachmentArgs\n {\n TransitGatewayId = aws_ec2_transit_gateway.Example.Id,\n DxGatewayId = aws_dx_gateway.Example.Id,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := aws_ec2_transit_gateway.Example.Id\n\t\topt1 := aws_dx_gateway.Example.Id\n\t\t_, err := ec2transitgateway.GetDirectConnectGatewayAttachment(ctx, &ec2transitgateway.GetDirectConnectGatewayAttachmentArgs{\n\t\t\tTransitGatewayId: &opt0,\n\t\t\tDxGatewayId: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDirectConnectGatewayAttachment.\n", + "properties": { + "dxGatewayId": { + "type": "string", + "description": "Identifier of the Direct Connect Gateway.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getDirectConnectGatewayAttachmentFilter:getDirectConnectGatewayAttachmentFilter" + }, + "description": "Configuration block(s) for filtering. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match a pair on the desired Transit Gateway Direct Connect Gateway Attachment.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of the EC2 Transit Gateway.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getDirectConnectGatewayAttachment.\n", + "properties": { + "dxGatewayId": { + "type": "string" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getDirectConnectGatewayAttachmentFilter:getDirectConnectGatewayAttachmentFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the EC2 Transit Gateway Attachment\n" + }, + "transitGatewayId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "tags", + "id" + ] + } + }, + "aws:ec2transitgateway/getPeeringAttachment:getPeeringAttachment": { + "description": "Get information on an EC2 Transit Gateway Peering Attachment.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### By Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2transitgateway.getPeeringAttachment({\n filters: [{\n name: \"transit-gateway-attachment-id\",\n values: [\"tgw-attach-12345678\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_peering_attachment(filters=[aws.ec2transitgateway.GetPeeringAttachmentFilterArgs(\n name=\"transit-gateway-attachment-id\",\n values=[\"tgw-attach-12345678\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2TransitGateway.GetPeeringAttachment.InvokeAsync(new Aws.Ec2TransitGateway.GetPeeringAttachmentArgs\n {\n Filters = \n {\n new Aws.Ec2TransitGateway.Inputs.GetPeeringAttachmentFilterArgs\n {\n Name = \"transit-gateway-attachment-id\",\n Values = \n {\n \"tgw-attach-12345678\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.LookupPeeringAttachment(ctx, &ec2transitgateway.LookupPeeringAttachmentArgs{\n\t\t\tFilters: []ec2transitgateway.GetPeeringAttachmentFilter{\n\t\t\t\tec2transitgateway.GetPeeringAttachmentFilter{\n\t\t\t\t\tName: \"transit-gateway-attachment-id\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"tgw-attach-12345678\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### By Identifier\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst attachment = pulumi.output(aws.ec2transitgateway.getPeeringAttachment({\n id: \"tgw-attach-12345678\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nattachment = aws.ec2transitgateway.get_peering_attachment(id=\"tgw-attach-12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var attachment = Output.Create(Aws.Ec2TransitGateway.GetPeeringAttachment.InvokeAsync(new Aws.Ec2TransitGateway.GetPeeringAttachmentArgs\n {\n Id = \"tgw-attach-12345678\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"tgw-attach-12345678\"\n\t\t_, err := ec2transitgateway.LookupPeeringAttachment(ctx, &ec2transitgateway.LookupPeeringAttachmentArgs{\n\t\t\tId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPeeringAttachment.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getPeeringAttachmentFilter:getPeeringAttachmentFilter" + }, + "description": "One or more configuration blocks containing name-values filters. Detailed below.\n" + }, + "id": { + "type": "string", + "description": "Identifier of the EC2 Transit Gateway Peering Attachment.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match\na pair on the specific EC2 Transit Gateway Peering Attachment to retrieve.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getPeeringAttachment.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getPeeringAttachmentFilter:getPeeringAttachmentFilter" + } + }, + "id": { + "type": "string" + }, + "peerAccountId": { + "type": "string", + "description": "Identifier of the peer AWS account\n" + }, + "peerRegion": { + "type": "string", + "description": "Identifier of the peer AWS region\n" + }, + "peerTransitGatewayId": { + "type": "string", + "description": "Identifier of the peer EC2 Transit Gateway\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of the local EC2 Transit Gateway\n" + } + }, + "type": "object", + "required": [ + "id", + "peerAccountId", + "peerRegion", + "peerTransitGatewayId", + "tags", + "transitGatewayId" + ] + } + }, + "aws:ec2transitgateway/getRouteTable:getRouteTable": { + "description": "Get information on an EC2 Transit Gateway Route Table.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### By Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2transitgateway.getRouteTable({\n filters: [\n {\n name: \"default-association-route-table\",\n values: [\"true\"],\n },\n {\n name: \"transit-gateway-id\",\n values: [\"tgw-12345678\"],\n },\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_route_table(filters=[\n aws.ec2transitgateway.GetRouteTableFilterArgs(\n name=\"default-association-route-table\",\n values=[\"true\"],\n ),\n aws.ec2transitgateway.GetRouteTableFilterArgs(\n name=\"transit-gateway-id\",\n values=[\"tgw-12345678\"],\n ),\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2TransitGateway.GetRouteTable.InvokeAsync(new Aws.Ec2TransitGateway.GetRouteTableArgs\n {\n Filters = \n {\n new Aws.Ec2TransitGateway.Inputs.GetRouteTableFilterArgs\n {\n Name = \"default-association-route-table\",\n Values = \n {\n \"true\",\n },\n },\n new Aws.Ec2TransitGateway.Inputs.GetRouteTableFilterArgs\n {\n Name = \"transit-gateway-id\",\n Values = \n {\n \"tgw-12345678\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.LookupRouteTable(ctx, &ec2transitgateway.LookupRouteTableArgs{\n\t\t\tFilters: []ec2transitgateway.GetRouteTableFilter{\n\t\t\t\tec2transitgateway.GetRouteTableFilter{\n\t\t\t\t\tName: \"default-association-route-table\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"true\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2transitgateway.GetRouteTableFilter{\n\t\t\t\t\tName: \"transit-gateway-id\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"tgw-12345678\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### By Identifier\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2transitgateway.getRouteTable({\n id: \"tgw-rtb-12345678\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_route_table(id=\"tgw-rtb-12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2TransitGateway.GetRouteTable.InvokeAsync(new Aws.Ec2TransitGateway.GetRouteTableArgs\n {\n Id = \"tgw-rtb-12345678\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"tgw-rtb-12345678\"\n\t\t_, err := ec2transitgateway.LookupRouteTable(ctx, &ec2transitgateway.LookupRouteTableArgs{\n\t\t\tId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRouteTable.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getRouteTableFilter:getRouteTableFilter" + }, + "description": "One or more configuration blocks containing name-values filters. Detailed below.\n" + }, + "id": { + "type": "string", + "description": "Identifier of the EC2 Transit Gateway Route Table.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the EC2 Transit Gateway Route Table\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getRouteTable.\n", + "properties": { + "arn": { + "type": "string", + "description": "EC2 Transit Gateway Route Table Amazon Resource Name (ARN).\n" + }, + "defaultAssociationRouteTable": { + "type": "boolean", + "description": "Boolean whether this is the default association route table for the EC2 Transit Gateway\n" + }, + "defaultPropagationRouteTable": { + "type": "boolean", + "description": "Boolean whether this is the default propagation route table for the EC2 Transit Gateway\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getRouteTableFilter:getRouteTableFilter" + } + }, + "id": { + "type": "string", + "description": "EC2 Transit Gateway Route Table identifier\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the EC2 Transit Gateway Route Table\n" + }, + "transitGatewayId": { + "type": "string", + "description": "EC2 Transit Gateway identifier\n" + } + }, + "type": "object", + "required": [ + "arn", + "defaultAssociationRouteTable", + "defaultPropagationRouteTable", + "id", + "tags", + "transitGatewayId" + ] + } + }, + "aws:ec2transitgateway/getTransitGateway:getTransitGateway": { + "description": "Get information on an EC2 Transit Gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### By Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2transitgateway.getTransitGateway({\n filters: [{\n name: \"options.amazon-side-asn\",\n values: [\"64512\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_transit_gateway(filters=[aws.ec2transitgateway.GetTransitGatewayFilterArgs(\n name=\"options.amazon-side-asn\",\n values=[\"64512\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2TransitGateway.GetTransitGateway.InvokeAsync(new Aws.Ec2TransitGateway.GetTransitGatewayArgs\n {\n Filters = \n {\n new Aws.Ec2TransitGateway.Inputs.GetTransitGatewayFilterArgs\n {\n Name = \"options.amazon-side-asn\",\n Values = \n {\n \"64512\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.LookupTransitGateway(ctx, &ec2transitgateway.LookupTransitGatewayArgs{\n\t\t\tFilters: []ec2transitgateway.GetTransitGatewayFilter{\n\t\t\t\tec2transitgateway.GetTransitGatewayFilter{\n\t\t\t\t\tName: \"options.amazon-side-asn\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"64512\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### By Identifier\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2transitgateway.getTransitGateway({\n id: \"tgw-12345678\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_transit_gateway(id=\"tgw-12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2TransitGateway.GetTransitGateway.InvokeAsync(new Aws.Ec2TransitGateway.GetTransitGatewayArgs\n {\n Id = \"tgw-12345678\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"tgw-12345678\"\n\t\t_, err := ec2transitgateway.LookupTransitGateway(ctx, &ec2transitgateway.LookupTransitGatewayArgs{\n\t\t\tId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getTransitGateway.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getTransitGatewayFilter:getTransitGatewayFilter" + }, + "description": "One or more configuration blocks containing name-values filters. Detailed below.\n" + }, + "id": { + "type": "string", + "description": "Identifier of the EC2 Transit Gateway.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the EC2 Transit Gateway\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getTransitGateway.\n", + "properties": { + "amazonSideAsn": { + "type": "integer", + "description": "Private Autonomous System Number (ASN) for the Amazon side of a BGP session\n" + }, + "arn": { + "type": "string", + "description": "EC2 Transit Gateway Amazon Resource Name (ARN)\n" + }, + "associationDefaultRouteTableId": { + "type": "string", + "description": "Identifier of the default association route table\n" + }, + "autoAcceptSharedAttachments": { + "type": "string", + "description": "Whether resource attachment requests are automatically accepted.\n" + }, + "defaultRouteTableAssociation": { + "type": "string", + "description": "Whether resource attachments are automatically associated with the default association route table.\n" + }, + "defaultRouteTablePropagation": { + "type": "string", + "description": "Whether resource attachments automatically propagate routes to the default propagation route table.\n" + }, + "description": { + "type": "string", + "description": "Description of the EC2 Transit Gateway\n" + }, + "dnsSupport": { + "type": "string", + "description": "Whether DNS support is enabled.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getTransitGatewayFilter:getTransitGatewayFilter" + } + }, + "id": { + "type": "string", + "description": "EC2 Transit Gateway identifier\n" + }, + "ownerId": { + "type": "string", + "description": "Identifier of the AWS account that owns the EC2 Transit Gateway\n" + }, + "propagationDefaultRouteTableId": { + "type": "string", + "description": "Identifier of the default propagation route table.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the EC2 Transit Gateway\n" + }, + "vpnEcmpSupport": { + "type": "string", + "description": "Whether VPN Equal Cost Multipath Protocol support is enabled.\n" + } + }, + "type": "object", + "required": [ + "amazonSideAsn", + "arn", + "associationDefaultRouteTableId", + "autoAcceptSharedAttachments", + "defaultRouteTableAssociation", + "defaultRouteTablePropagation", + "description", + "dnsSupport", + "id", + "ownerId", + "propagationDefaultRouteTableId", + "tags", + "vpnEcmpSupport" + ] + } + }, + "aws:ec2transitgateway/getVpcAttachment:getVpcAttachment": { + "description": "Get information on an EC2 Transit Gateway VPC Attachment.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### By Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2transitgateway.getVpcAttachment({\n filters: [{\n name: \"vpc-id\",\n values: [\"vpc-12345678\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_vpc_attachment(filters=[aws.ec2transitgateway.GetVpcAttachmentFilterArgs(\n name=\"vpc-id\",\n values=[\"vpc-12345678\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2TransitGateway.GetVpcAttachment.InvokeAsync(new Aws.Ec2TransitGateway.GetVpcAttachmentArgs\n {\n Filters = \n {\n new Aws.Ec2TransitGateway.Inputs.GetVpcAttachmentFilterArgs\n {\n Name = \"vpc-id\",\n Values = \n {\n \"vpc-12345678\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.LookupVpcAttachment(ctx, &ec2transitgateway.LookupVpcAttachmentArgs{\n\t\t\tFilters: []ec2transitgateway.GetVpcAttachmentFilter{\n\t\t\t\tec2transitgateway.GetVpcAttachmentFilter{\n\t\t\t\t\tName: \"vpc-id\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"vpc-12345678\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### By Identifier\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2transitgateway.getVpcAttachment({\n id: \"tgw-attach-12345678\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_vpc_attachment(id=\"tgw-attach-12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2TransitGateway.GetVpcAttachment.InvokeAsync(new Aws.Ec2TransitGateway.GetVpcAttachmentArgs\n {\n Id = \"tgw-attach-12345678\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"tgw-attach-12345678\"\n\t\t_, err := ec2transitgateway.LookupVpcAttachment(ctx, &ec2transitgateway.LookupVpcAttachmentArgs{\n\t\t\tId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVpcAttachment.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getVpcAttachmentFilter:getVpcAttachmentFilter" + }, + "description": "One or more configuration blocks containing name-values filters. Detailed below.\n" + }, + "id": { + "type": "string", + "description": "Identifier of the EC2 Transit Gateway VPC Attachment.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the EC2 Transit Gateway VPC Attachment\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVpcAttachment.\n", + "properties": { + "applianceModeSupport": { + "type": "string", + "description": "Whether Appliance Mode support is enabled.\n" + }, + "dnsSupport": { + "type": "string", + "description": "Whether DNS support is enabled.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getVpcAttachmentFilter:getVpcAttachmentFilter" + } + }, + "id": { + "type": "string", + "description": "EC2 Transit Gateway VPC Attachment identifier\n" + }, + "ipv6Support": { + "type": "string", + "description": "Whether IPv6 support is enabled.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Identifiers of EC2 Subnets.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the EC2 Transit Gateway VPC Attachment\n" + }, + "transitGatewayId": { + "type": "string", + "description": "EC2 Transit Gateway identifier\n" + }, + "vpcId": { + "type": "string", + "description": "Identifier of EC2 VPC.\n" + }, + "vpcOwnerId": { + "type": "string", + "description": "Identifier of the AWS account that owns the EC2 VPC.\n" + } + }, + "type": "object", + "required": [ + "applianceModeSupport", + "dnsSupport", + "id", + "ipv6Support", + "subnetIds", + "tags", + "transitGatewayId", + "vpcId", + "vpcOwnerId" + ] + } + }, + "aws:ec2transitgateway/getVpnAttachment:getVpnAttachment": { + "description": "Get information on an EC2 Transit Gateway VPN Attachment.\n\n> EC2 Transit Gateway VPN Attachments are implicitly created by VPN Connections referencing an EC2 Transit Gateway so there is no managed resource. For ease, the `aws.ec2.VpnConnection` resource includes a `transit_gateway_attachment_id` attribute which can replace some usage of this data source. For tagging the attachment, see the `aws.ec2.Tag` resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### By Transit Gateway and VPN Connection Identifiers\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ec2transitgateway.getVpnAttachment({\n transitGatewayId: aws_ec2_transit_gateway.example.id,\n vpnConnectionId: aws_vpn_connection.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2transitgateway.get_vpn_attachment(transit_gateway_id=aws_ec2_transit_gateway[\"example\"][\"id\"],\n vpn_connection_id=aws_vpn_connection[\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2TransitGateway.GetVpnAttachment.InvokeAsync(new Aws.Ec2TransitGateway.GetVpnAttachmentArgs\n {\n TransitGatewayId = aws_ec2_transit_gateway.Example.Id,\n VpnConnectionId = aws_vpn_connection.Example.Id,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := aws_ec2_transit_gateway.Example.Id\n\t\topt1 := aws_vpn_connection.Example.Id\n\t\t_, err := ec2transitgateway.GetVpnAttachment(ctx, &ec2transitgateway.GetVpnAttachmentArgs{\n\t\t\tTransitGatewayId: &opt0,\n\t\t\tVpnConnectionId: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.ec2transitgateway.getVpnAttachment({\n filters: [{\n name: \"resource-id\",\n values: [\"some-resource\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2transitgateway.get_vpn_attachment(filters=[aws.ec2transitgateway.GetVpnAttachmentFilterArgs(\n name=\"resource-id\",\n values=[\"some-resource\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Ec2TransitGateway.GetVpnAttachment.InvokeAsync(new Aws.Ec2TransitGateway.GetVpnAttachmentArgs\n {\n Filters = \n {\n new Aws.Ec2TransitGateway.Inputs.GetVpnAttachmentFilterArgs\n {\n Name = \"resource-id\",\n Values = \n {\n \"some-resource\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2transitgateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2transitgateway.GetVpnAttachment(ctx, &ec2transitgateway.GetVpnAttachmentArgs{\n\t\t\tFilters: []ec2transitgateway.GetVpnAttachmentFilter{\n\t\t\t\tec2transitgateway.GetVpnAttachmentFilter{\n\t\t\t\t\tName: \"resource-id\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"some-resource\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getVpnAttachment.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getVpnAttachmentFilter:getVpnAttachmentFilter" + }, + "description": "Configuration block(s) for filtering. Detailed below.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match a pair on the desired Transit Gateway VPN Attachment.\n" + }, + "transitGatewayId": { + "type": "string", + "description": "Identifier of the EC2 Transit Gateway.\n" + }, + "vpnConnectionId": { + "type": "string", + "description": "Identifier of the EC2 VPN Connection.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getVpnAttachment.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ec2transitgateway/getVpnAttachmentFilter:getVpnAttachmentFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value tags for the EC2 Transit Gateway VPN Attachment\n" + }, + "transitGatewayId": { + "type": "string" + }, + "vpnConnectionId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "tags", + "id" + ] + } + }, + "aws:ecr/getAuthorizationToken:getAuthorizationToken": { + "description": "The ECR Authorization Token data source allows the authorization token, proxy endpoint, token expiration date, user name and password to be retrieved for an ECR repository.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst token = pulumi.output(aws.ecr.getAuthorizationToken());\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntoken = aws.ecr.get_authorization_token()\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var token = Output.Create(Aws.Ecr.GetAuthorizationToken.InvokeAsync());\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecr.GetAuthorizationToken(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAuthorizationToken.\n", + "properties": { + "registryId": { + "type": "string", + "description": "AWS account ID of the ECR Repository. If not specified the default account is assumed.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getAuthorizationToken.\n", + "properties": { + "authorizationToken": { + "type": "string", + "description": "Temporary IAM authentication credentials to access the ECR repository encoded in base64 in the form of `user_name:password`.\n" + }, + "expiresAt": { + "type": "string", + "description": "The time in UTC RFC3339 format when the authorization token expires.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "password": { + "type": "string", + "description": "Password decoded from the authorization token.\n" + }, + "proxyEndpoint": { + "type": "string", + "description": "The registry URL to use in the docker login command.\n" + }, + "registryId": { + "type": "string" + }, + "userName": { + "type": "string", + "description": "User name decoded from the authorization token.\n" + } + }, + "type": "object", + "required": [ + "authorizationToken", + "expiresAt", + "password", + "proxyEndpoint", + "userName", + "id" + ] + } + }, + "aws:ecr/getCredentials:getCredentials": { + "inputs": { + "description": "A collection of arguments for invoking getCredentials.\n", + "properties": { + "registryId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "registryId" + ] + }, + "outputs": { + "description": "A collection of values returned by getCredentials.\n", + "properties": { + "authorizationToken": { + "type": "string" + }, + "expiresAt": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "proxyEndpoint": { + "type": "string" + }, + "registryId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "authorizationToken", + "expiresAt", + "proxyEndpoint", + "registryId", + "id" + ] + } + }, + "aws:ecr/getImage:getImage": { + "description": "The ECR Image data source allows the details of an image with a particular tag or digest to be retrieved.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst serviceImage = pulumi.output(aws.ecr.getImage({\n imageTag: \"latest\",\n repositoryName: \"my/service\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nservice_image = aws.ecr.get_image(image_tag=\"latest\",\n repository_name=\"my/service\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var serviceImage = Output.Create(Aws.Ecr.GetImage.InvokeAsync(new Aws.Ecr.GetImageArgs\n {\n ImageTag = \"latest\",\n RepositoryName = \"my/service\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"latest\"\n\t\t_, err := ecr.GetImage(ctx, &ecr.GetImageArgs{\n\t\t\tImageTag: &opt0,\n\t\t\tRepositoryName: \"my/service\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getImage.\n", + "properties": { + "imageDigest": { + "type": "string", + "description": "The sha256 digest of the image manifest. At least one of `image_digest` or `image_tag` must be specified.\n" + }, + "imageTag": { + "type": "string", + "description": "The tag associated with this image. At least one of `image_digest` or `image_tag` must be specified.\n" + }, + "registryId": { + "type": "string", + "description": "The ID of the Registry where the repository resides.\n" + }, + "repositoryName": { + "type": "string", + "description": "The name of the ECR Repository.\n" + } + }, + "type": "object", + "required": [ + "repositoryName" + ] + }, + "outputs": { + "description": "A collection of values returned by getImage.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "imageDigest": { + "type": "string" + }, + "imagePushedAt": { + "type": "integer", + "description": "The date and time, expressed as a unix timestamp, at which the current image was pushed to the repository.\n" + }, + "imageSizeInBytes": { + "type": "integer", + "description": "The size, in bytes, of the image in the repository.\n" + }, + "imageTag": { + "type": "string" + }, + "imageTags": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of tags associated with this image.\n" + }, + "registryId": { + "type": "string" + }, + "repositoryName": { + "type": "string" + } + }, + "type": "object", + "required": [ + "imageDigest", + "imagePushedAt", + "imageSizeInBytes", + "imageTags", + "registryId", + "repositoryName", + "id" + ] + } + }, + "aws:ecr/getRepository:getRepository": { + "description": "The ECR Repository data source allows the ARN, Repository URI and Registry ID to be retrieved for an ECR repository.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst service = pulumi.output(aws.ecr.getRepository({\n name: \"ecr-repository\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nservice = aws.ecr.get_repository(name=\"ecr-repository\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var service = Output.Create(Aws.Ecr.GetRepository.InvokeAsync(new Aws.Ecr.GetRepositoryArgs\n {\n Name = \"ecr-repository\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecr\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecr.LookupRepository(ctx, &ecr.LookupRepositoryArgs{\n\t\t\tName: \"ecr-repository\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRepository.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the ECR Repository.\n" + }, + "registryId": { + "type": "string", + "description": "The registry ID where the repository was created.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getRepository.\n", + "properties": { + "arn": { + "type": "string", + "description": "Full ARN of the repository.\n" + }, + "encryptionConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecr/getRepositoryEncryptionConfiguration:getRepositoryEncryptionConfiguration" + }, + "description": "Encryption configuration for the repository. See Encryption Configuration below.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "imageScanningConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecr/getRepositoryImageScanningConfiguration:getRepositoryImageScanningConfiguration" + }, + "description": "Configuration block that defines image scanning configuration for the repository. See Image Scanning Configuration below.\n" + }, + "imageTagMutability": { + "type": "string", + "description": "The tag mutability setting for the repository.\n" + }, + "name": { + "type": "string" + }, + "registryId": { + "type": "string" + }, + "repositoryUrl": { + "type": "string", + "description": "The URL of the repository (in the form `aws_account_id.dkr.ecr.region.amazonaws.com/repositoryName`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resource.\n" + } + }, + "type": "object", + "required": [ + "arn", + "encryptionConfigurations", + "imageScanningConfigurations", + "imageTagMutability", + "name", + "registryId", + "repositoryUrl", + "tags", + "id" + ] + } + }, + "aws:ecs/getCluster:getCluster": { + "description": "The ECS Cluster data source allows access to details of a specific\ncluster within an AWS ECS service.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecs_mongo = pulumi.output(aws.ecs.getCluster({\n clusterName: \"ecs-mongo-production\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_mongo = aws.ecs.get_cluster(cluster_name=\"ecs-mongo-production\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ecs_mongo = Output.Create(Aws.Ecs.GetCluster.InvokeAsync(new Aws.Ecs.GetClusterArgs\n {\n ClusterName = \"ecs-mongo-production\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.LookupCluster(ctx, &ecs.LookupClusterArgs{\n\t\t\tClusterName: \"ecs-mongo-production\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCluster.\n", + "properties": { + "clusterName": { + "type": "string", + "description": "The name of the ECS Cluster\n" + } + }, + "type": "object", + "required": [ + "clusterName" + ] + }, + "outputs": { + "description": "A collection of values returned by getCluster.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the ECS Cluster\n" + }, + "clusterName": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "pendingTasksCount": { + "type": "integer", + "description": "The number of pending tasks for the ECS Cluster\n" + }, + "registeredContainerInstancesCount": { + "type": "integer", + "description": "The number of registered container instances for the ECS Cluster\n" + }, + "runningTasksCount": { + "type": "integer", + "description": "The number of running tasks for the ECS Cluster\n" + }, + "settings": { + "type": "array", + "items": { + "$ref": "#/types/aws:ecs/getClusterSetting:getClusterSetting" + }, + "description": "The settings associated with the ECS Cluster.\n" + }, + "status": { + "type": "string", + "description": "The status of the ECS Cluster\n" + } + }, + "type": "object", + "required": [ + "arn", + "clusterName", + "pendingTasksCount", + "registeredContainerInstancesCount", + "runningTasksCount", + "settings", + "status", + "id" + ] + } + }, + "aws:ecs/getContainerDefinition:getContainerDefinition": { + "description": "The ECS container definition data source allows access to details of\na specific container within an AWS ECS service.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ecs-mongo = aws.ecs.getContainerDefinition({\n taskDefinition: aws_ecs_task_definition.mongo.id,\n containerName: \"mongodb\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\necs_mongo = aws.ecs.get_container_definition(task_definition=aws_ecs_task_definition[\"mongo\"][\"id\"],\n container_name=\"mongodb\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ecs_mongo = Output.Create(Aws.Ecs.GetContainerDefinition.InvokeAsync(new Aws.Ecs.GetContainerDefinitionArgs\n {\n TaskDefinition = aws_ecs_task_definition.Mongo.Id,\n ContainerName = \"mongodb\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.GetContainerDefinition(ctx, &ecs.GetContainerDefinitionArgs{\n\t\t\tTaskDefinition: aws_ecs_task_definition.Mongo.Id,\n\t\t\tContainerName: \"mongodb\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getContainerDefinition.\n", + "properties": { + "containerName": { + "type": "string", + "description": "The name of the container definition\n" + }, + "taskDefinition": { + "type": "string", + "description": "The ARN of the task definition which contains the container\n" + } + }, + "type": "object", + "required": [ + "containerName", + "taskDefinition" + ] + }, + "outputs": { + "description": "A collection of values returned by getContainerDefinition.\n", + "properties": { + "containerName": { + "type": "string" + }, + "cpu": { + "type": "integer", + "description": "The CPU limit for this container definition\n" + }, + "disableNetworking": { + "type": "boolean", + "description": "Indicator if networking is disabled\n" + }, + "dockerLabels": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Set docker labels\n" + }, + "environment": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The environment in use\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "image": { + "type": "string", + "description": "The docker image in use, including the digest\n" + }, + "imageDigest": { + "type": "string", + "description": "The digest of the docker image in use\n" + }, + "memory": { + "type": "integer", + "description": "The memory limit for this container definition\n" + }, + "memoryReservation": { + "type": "integer", + "description": "The soft limit (in MiB) of memory to reserve for the container. When system memory is under contention, Docker attempts to keep the container memory to this soft limit\n" + }, + "taskDefinition": { + "type": "string" + } + }, + "type": "object", + "required": [ + "containerName", + "cpu", + "disableNetworking", + "dockerLabels", + "environment", + "image", + "imageDigest", + "memory", + "memoryReservation", + "taskDefinition", + "id" + ] + } + }, + "aws:ecs/getService:getService": { + "description": "The ECS Service data source allows access to details of a specific\nService within a AWS ECS Cluster.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.ecs.getService({\n serviceName: \"example\",\n clusterArn: data.aws_ecs_cluster.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ecs.get_service(service_name=\"example\",\n cluster_arn=data[\"aws_ecs_cluster\"][\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ecs.GetService.InvokeAsync(new Aws.Ecs.GetServiceArgs\n {\n ServiceName = \"example\",\n ClusterArn = data.Aws_ecs_cluster.Example.Arn,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ecs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ecs.LookupService(ctx, &ecs.LookupServiceArgs{\n\t\t\tServiceName: \"example\",\n\t\t\tClusterArn: data.Aws_ecs_cluster.Example.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getService.\n", + "properties": { + "clusterArn": { + "type": "string", + "description": "The arn of the ECS Cluster\n" + }, + "serviceName": { + "type": "string", + "description": "The name of the ECS Service\n" + } + }, + "type": "object", + "required": [ + "clusterArn", + "serviceName" + ] + }, + "outputs": { + "description": "A collection of values returned by getService.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the ECS Service\n" + }, + "clusterArn": { + "type": "string" + }, + "desiredCount": { + "type": "integer", + "description": "The number of tasks for the ECS Service\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "launchType": { + "type": "string", + "description": "The launch type for the ECS Service\n" + }, + "schedulingStrategy": { + "type": "string", + "description": "The scheduling strategy for the ECS Service\n" + }, + "serviceName": { + "type": "string" + }, + "taskDefinition": { + "type": "string", + "description": "The family for the latest ACTIVE revision\n" + } + }, + "type": "object", + "required": [ + "arn", + "clusterArn", + "desiredCount", + "launchType", + "schedulingStrategy", + "serviceName", + "taskDefinition", + "id" + ] + } + }, + "aws:ecs/getTaskDefinition:getTaskDefinition": { + "description": "The ECS task definition data source allows access to details of\na specific AWS ECS task definition.\n\n", + "inputs": { + "description": "A collection of arguments for invoking getTaskDefinition.\n", + "properties": { + "taskDefinition": { + "type": "string", + "description": "The family for the latest ACTIVE revision, family and revision (family:revision) for a specific revision in the family, the ARN of the task definition to access to.\n" + } + }, + "type": "object", + "required": [ + "taskDefinition" + ] + }, + "outputs": { + "description": "A collection of values returned by getTaskDefinition.\n", + "properties": { + "family": { + "type": "string", + "description": "The family of this task definition\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "networkMode": { + "type": "string", + "description": "The Docker networking mode to use for the containers in this task.\n" + }, + "revision": { + "type": "integer", + "description": "The revision of this task definition\n" + }, + "status": { + "type": "string", + "description": "The status of this task definition\n" + }, + "taskDefinition": { + "type": "string" + }, + "taskRoleArn": { + "type": "string", + "description": "The ARN of the IAM role that containers in this task can assume\n" + } + }, + "type": "object", + "required": [ + "family", + "networkMode", + "revision", + "status", + "taskDefinition", + "taskRoleArn", + "id" + ] + } + }, + "aws:efs/getAccessPoint:getAccessPoint": { + "description": "Provides information about an Elastic File System (EFS) Access Point.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.efs.getAccessPoint({\n accessPointId: \"fsap-12345678\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.efs.get_access_point(access_point_id=\"fsap-12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Efs.GetAccessPoint.InvokeAsync(new Aws.Efs.GetAccessPointArgs\n {\n AccessPointId = \"fsap-12345678\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := efs.LookupAccessPoint(ctx, &efs.LookupAccessPointArgs{\n\t\t\tAccessPointId: \"fsap-12345678\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAccessPoint.\n", + "properties": { + "accessPointId": { + "type": "string", + "description": "The ID that identifies the file system.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags.\n" + } + }, + "type": "object", + "required": [ + "accessPointId" + ] + }, + "outputs": { + "description": "A collection of values returned by getAccessPoint.\n", + "properties": { + "accessPointId": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "fileSystemArn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "fileSystemId": { + "type": "string", + "description": "The ID of the file system for which the access point is intended.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ownerId": { + "type": "string" + }, + "posixUsers": { + "type": "array", + "items": { + "$ref": "#/types/aws:efs/getAccessPointPosixUser:getAccessPointPosixUser" + }, + "description": "Single element list containing operating system user and group applied to all file system requests made using the access point.\n" + }, + "rootDirectories": { + "type": "array", + "items": { + "$ref": "#/types/aws:efs/getAccessPointRootDirectory:getAccessPointRootDirectory" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of resource tags.\n" + } + }, + "type": "object", + "required": [ + "accessPointId", + "arn", + "fileSystemArn", + "fileSystemId", + "ownerId", + "posixUsers", + "rootDirectories", + "id" + ] + } + }, + "aws:efs/getAccessPoints:getAccessPoints": { + "description": "Provides information about multiple Elastic File System (EFS) Access Points.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.efs.getAccessPoints({\n fileSystemId: \"fs-12345678\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.efs.get_access_points(file_system_id=\"fs-12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Efs.GetAccessPoints.InvokeAsync(new Aws.Efs.GetAccessPointsArgs\n {\n FileSystemId = \"fs-12345678\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := efs.GetAccessPoints(ctx, &efs.GetAccessPointsArgs{\n\t\t\tFileSystemId: \"fs-12345678\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAccessPoints.\n", + "properties": { + "fileSystemId": { + "type": "string", + "description": "EFS File System identifier.\n" + } + }, + "type": "object", + "required": [ + "fileSystemId" + ] + }, + "outputs": { + "description": "A collection of values returned by getAccessPoints.\n", + "properties": { + "arns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Amazon Resource Names (ARNs).\n" + }, + "fileSystemId": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of identifiers.\n" + } + }, + "type": "object", + "required": [ + "arns", + "fileSystemId", + "ids", + "id" + ] + } + }, + "aws:efs/getFileSystem:getFileSystem": { + "description": "Provides information about an Elastic File System (EFS) File System.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst fileSystemId = config.get(\"fileSystemId\") || \"\";\nconst byId = aws.efs.getFileSystem({\n fileSystemId: fileSystemId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nfile_system_id = config.get(\"fileSystemId\")\nif file_system_id is None:\n file_system_id = \"\"\nby_id = aws.efs.get_file_system(file_system_id=file_system_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var fileSystemId = config.Get(\"fileSystemId\") ?? \"\";\n var byId = Output.Create(Aws.Efs.GetFileSystem.InvokeAsync(new Aws.Efs.GetFileSystemArgs\n {\n FileSystemId = fileSystemId,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tfileSystemId := \"\"\n\t\tif param := cfg.Get(\"fileSystemId\"); param != \"\" {\n\t\t\tfileSystemId = param\n\t\t}\n\t\topt0 := fileSystemId\n\t\t_, err := efs.LookupFileSystem(ctx, &efs.LookupFileSystemArgs{\n\t\t\tFileSystemId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getFileSystem.\n", + "properties": { + "creationToken": { + "type": "string", + "description": "Restricts the list to the file system with this creation token.\n" + }, + "fileSystemId": { + "type": "string", + "description": "The ID that identifies the file system (e.g. fs-ccfc0d65).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getFileSystem.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name of the file system.\n" + }, + "availabilityZoneId": { + "type": "string", + "description": "The identifier of the Availability Zone in which the file system's One Zone storage classes exist.\n" + }, + "availabilityZoneName": { + "type": "string", + "description": "The Availability Zone name in which the file system's One Zone storage classes exist.\n" + }, + "creationToken": { + "type": "string" + }, + "dnsName": { + "type": "string", + "description": "The DNS name for the filesystem per [documented convention](http://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html).\n" + }, + "encrypted": { + "type": "boolean", + "description": "Whether EFS is encrypted.\n" + }, + "fileSystemId": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "lifecyclePolicy": { + "$ref": "#/types/aws:efs/getFileSystemLifecyclePolicy:getFileSystemLifecyclePolicy", + "description": "A file system [lifecycle policy](https://docs.aws.amazon.com/efs/latest/ug/API_LifecyclePolicy.html) object.\n" + }, + "performanceMode": { + "type": "string", + "description": "The file system performance mode.\n" + }, + "provisionedThroughputInMibps": { + "type": "number", + "description": "The throughput, measured in MiB/s, that you want to provision for the file system.\n* `tags` -A map of tags to assign to the file system.\n" + }, + "sizeInBytes": { + "type": "integer", + "description": "The current byte count used by the file system.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "throughputMode": { + "type": "string", + "description": "Throughput mode for the file system.\n" + } + }, + "type": "object", + "required": [ + "arn", + "availabilityZoneId", + "availabilityZoneName", + "creationToken", + "dnsName", + "encrypted", + "fileSystemId", + "kmsKeyId", + "lifecyclePolicy", + "performanceMode", + "provisionedThroughputInMibps", + "sizeInBytes", + "tags", + "throughputMode", + "id" + ] + } + }, + "aws:efs/getMountTarget:getMountTarget": { + "description": "Provides information about an Elastic File System Mount Target (EFS).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst mountTargetId = config.get(\"mountTargetId\") || \"\";\nconst byId = aws.efs.getMountTarget({\n mountTargetId: mountTargetId,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nmount_target_id = config.get(\"mountTargetId\")\nif mount_target_id is None:\n mount_target_id = \"\"\nby_id = aws.efs.get_mount_target(mount_target_id=mount_target_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var mountTargetId = config.Get(\"mountTargetId\") ?? \"\";\n var byId = Output.Create(Aws.Efs.GetMountTarget.InvokeAsync(new Aws.Efs.GetMountTargetArgs\n {\n MountTargetId = mountTargetId,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/efs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tmountTargetId := \"\"\n\t\tif param := cfg.Get(\"mountTargetId\"); param != \"\" {\n\t\t\tmountTargetId = param\n\t\t}\n\t\topt0 := mountTargetId\n\t\t_, err := efs.LookupMountTarget(ctx, &efs.LookupMountTargetArgs{\n\t\t\tMountTargetId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getMountTarget.\n", + "properties": { + "accessPointId": { + "type": "string", + "description": "ID or ARN of the access point whose mount target that you want to find. It must be included if a `file_system_id` and `mount_target_id` are not included.\n" + }, + "fileSystemId": { + "type": "string", + "description": "ID or ARN of the file system whose mount target that you want to find. It must be included if an `access_point_id` and `mount_target_id` are not included.\n" + }, + "mountTargetId": { + "type": "string", + "description": "ID or ARN of the mount target that you want to find. It must be included in your request if an `access_point_id` and `file_system_id` are not included.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getMountTarget.\n", + "properties": { + "accessPointId": { + "type": "string" + }, + "availabilityZoneId": { + "type": "string", + "description": "The unique and consistent identifier of the Availability Zone (AZ) that the mount target resides in.\n" + }, + "availabilityZoneName": { + "type": "string", + "description": "The name of the Availability Zone (AZ) that the mount target resides in.\n" + }, + "dnsName": { + "type": "string", + "description": "The DNS name for the EFS file system.\n" + }, + "fileSystemArn": { + "type": "string", + "description": "Amazon Resource Name of the file system for which the mount target is intended.\n" + }, + "fileSystemId": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ipAddress": { + "type": "string", + "description": "Address at which the file system may be mounted via the mount target.\n" + }, + "mountTargetDnsName": { + "type": "string", + "description": "The DNS name for the given subnet/AZ per [documented convention](http://docs.aws.amazon.com/efs/latest/ug/mounting-fs-mount-cmd-dns-name.html).\n" + }, + "mountTargetId": { + "type": "string" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface that Amazon EFS created when it created the mount target.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS account ID that owns the resource.\n" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of VPC security group IDs attached to the mount target.\n" + }, + "subnetId": { + "type": "string", + "description": "ID of the mount target's subnet.\n" + } + }, + "type": "object", + "required": [ + "availabilityZoneId", + "availabilityZoneName", + "dnsName", + "fileSystemArn", + "fileSystemId", + "ipAddress", + "mountTargetDnsName", + "mountTargetId", + "networkInterfaceId", + "ownerId", + "securityGroups", + "subnetId", + "id" + ] + } + }, + "aws:eks/getAddon:getAddon": { + "description": "Retrieve information about an EKS add-on.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.eks.getAddon({\n addonName: \"vpc-cni\",\n clusterName: aws_eks_cluster.example.name,\n});\nexport const eksAddonOutputs = aws_eks_addon.example;\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.eks.get_addon(addon_name=\"vpc-cni\",\n cluster_name=aws_eks_cluster[\"example\"][\"name\"])\npulumi.export(\"eksAddonOutputs\", aws_eks_addon[\"example\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Eks.GetAddon.InvokeAsync(new Aws.Eks.GetAddonArgs\n {\n AddonName = \"vpc-cni\",\n ClusterName = aws_eks_cluster.Example.Name,\n }));\n this.EksAddonOutputs = aws_eks_addon.Example;\n }\n\n [Output(\"eksAddonOutputs\")]\n public Output EksAddonOutputs { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/eks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := eks.LookupAddon(ctx, &eks.LookupAddonArgs{\n\t\t\tAddonName: \"vpc-cni\",\n\t\t\tClusterName: aws_eks_cluster.Example.Name,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"eksAddonOutputs\", aws_eks_addon.Example)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAddon.\n", + "properties": { + "addonName": { + "type": "string", + "description": "Name of the EKS add-on. The name must match one of\nthe names returned by [list-addon](https://docs.aws.amazon.com/cli/latest/reference/eks/list-addons.html).\n" + }, + "clusterName": { + "type": "string", + "description": "Name of the EKS Cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "addonName", + "clusterName" + ] + }, + "outputs": { + "description": "A collection of values returned by getAddon.\n", + "properties": { + "addonName": { + "type": "string" + }, + "addonVersion": { + "type": "string", + "description": "The version of EKS add-on.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the EKS add-on.\n" + }, + "clusterName": { + "type": "string" + }, + "createdAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the EKS add-on was created.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "modifiedAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the EKS add-on was updated.\n" + }, + "serviceAccountRoleArn": { + "type": "string", + "description": "ARN of IAM role used for EKS add-on. If value is empty -\nthen add-on uses the IAM role assigned to the EKS Cluster node.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "addonName", + "addonVersion", + "arn", + "clusterName", + "createdAt", + "modifiedAt", + "serviceAccountRoleArn", + "tags", + "id" + ] + } + }, + "aws:eks/getCluster:getCluster": { + "description": "Retrieve information about an EKS Cluster.\n", + "inputs": { + "description": "A collection of arguments for invoking getCluster.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (`^[0-9A-Za-z][A-Za-z0-9\\-_]+$`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getCluster.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the cluster.\n" + }, + "certificateAuthority": { + "$ref": "#/types/aws:eks/getClusterCertificateAuthority:getClusterCertificateAuthority", + "description": "Nested attribute containing `certificate-authority-data` for your cluster.\n" + }, + "createdAt": { + "type": "string", + "description": "The Unix epoch time stamp in seconds for when the cluster was created.\n" + }, + "enabledClusterLogTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The enabled control plane logs.\n" + }, + "endpoint": { + "type": "string", + "description": "The endpoint for your Kubernetes API server.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "identities": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/getClusterIdentity:getClusterIdentity" + }, + "description": "Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. For an example using this information to enable IAM Roles for Service Accounts, see the `aws.eks.Cluster` resource documentation.\n" + }, + "kubernetesNetworkConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:eks/getClusterKubernetesNetworkConfig:getClusterKubernetesNetworkConfig" + }, + "description": "Nested list containing Kubernetes Network Configuration.\n" + }, + "name": { + "type": "string" + }, + "platformVersion": { + "type": "string", + "description": "The platform version for the cluster.\n" + }, + "roleArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.\n" + }, + "status": { + "type": "string", + "description": "The status of the EKS cluster. One of `CREATING`, `ACTIVE`, `DELETING`, `FAILED`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + }, + "version": { + "type": "string", + "description": "The Kubernetes server version for the cluster.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:eks/getClusterVpcConfig:getClusterVpcConfig", + "description": "Nested list containing VPC configuration for the cluster.\n" + } + }, + "type": "object", + "required": [ + "arn", + "certificateAuthority", + "createdAt", + "enabledClusterLogTypes", + "endpoint", + "identities", + "kubernetesNetworkConfigs", + "name", + "platformVersion", + "roleArn", + "status", + "tags", + "version", + "vpcConfig", + "id" + ] + } + }, + "aws:eks/getClusterAuth:getClusterAuth": { + "description": "Get an authentication token to communicate with an EKS cluster.\n\nUses IAM credentials from the AWS provider to generate a temporary token that is compatible with\n[AWS IAM Authenticator](https://github.com/kubernetes-sigs/aws-iam-authenticator) authentication.\nThis can be used to authenticate to an EKS cluster or to a cluster that has the AWS IAM Authenticator\nserver configured.\n", + "inputs": { + "description": "A collection of arguments for invoking getClusterAuth.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the cluster\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getClusterAuth.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "token": { + "type": "string", + "description": "The token to use to authenticate with the cluster.\n" + } + }, + "type": "object", + "required": [ + "name", + "token", + "id" + ] + } + }, + "aws:elasticache/getCluster:getCluster": { + "description": "Use this data source to get information about an Elasticache Cluster\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myCluster = pulumi.output(aws.elasticache.getCluster({\n clusterId: \"my-cluster-id\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_cluster = aws.elasticache.get_cluster(cluster_id=\"my-cluster-id\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myCluster = Output.Create(Aws.ElastiCache.GetCluster.InvokeAsync(new Aws.ElastiCache.GetClusterArgs\n {\n ClusterId = \"my-cluster-id\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticache.LookupCluster(ctx, &elasticache.LookupClusterArgs{\n\t\t\tClusterId: \"my-cluster-id\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCluster.\n", + "properties": { + "clusterId": { + "type": "string", + "description": "Group identifier.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags assigned to the resource\n" + } + }, + "type": "object", + "required": [ + "clusterId" + ] + }, + "outputs": { + "description": "A collection of values returned by getCluster.\n", + "properties": { + "arn": { + "type": "string" + }, + "availabilityZone": { + "type": "string", + "description": "The Availability Zone for the cache cluster.\n" + }, + "cacheNodes": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticache/getClusterCacheNode:getClusterCacheNode" + }, + "description": "List of node objects including `id`, `address`, `port` and `availability_zone`.\nReferenceable e.g. as `${data.aws_elasticache_cluster.bar.cache_nodes.0.address}`\n" + }, + "clusterAddress": { + "type": "string", + "description": "(Memcached only) The DNS name of the cache cluster without the port appended.\n" + }, + "clusterId": { + "type": "string" + }, + "configurationEndpoint": { + "type": "string", + "description": "(Memcached only) The configuration endpoint to allow host discovery.\n" + }, + "engine": { + "type": "string", + "description": "Name of the cache engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version number of the cache engine.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "maintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range for when maintenance\non the cache cluster is performed.\n" + }, + "nodeType": { + "type": "string", + "description": "The cluster node type.\n" + }, + "notificationTopicArn": { + "type": "string", + "description": "An Amazon Resource Name (ARN) of an\nSNS topic that ElastiCache notifications get sent to.\n" + }, + "numCacheNodes": { + "type": "integer", + "description": "The number of cache nodes that the cache cluster has.\n" + }, + "parameterGroupName": { + "type": "string", + "description": "Name of the parameter group associated with this cache cluster.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which each of the cache nodes will\naccept connections.\n" + }, + "replicationGroupId": { + "type": "string", + "description": "The replication group to which this cache cluster belongs.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List VPC security groups associated with the cache cluster.\n" + }, + "securityGroupNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of security group names associated with this cache cluster.\n" + }, + "snapshotRetentionLimit": { + "type": "integer", + "description": "The number of days for which ElastiCache will\nretain automatic cache cluster snapshots before deleting them.\n" + }, + "snapshotWindow": { + "type": "string", + "description": "The daily time range (in UTC) during which ElastiCache will\nbegin taking a daily snapshot of the cache cluster.\n" + }, + "subnetGroupName": { + "type": "string", + "description": "Name of the subnet group associated to the cache cluster.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags assigned to the resource\n" + } + }, + "type": "object", + "required": [ + "arn", + "availabilityZone", + "cacheNodes", + "clusterAddress", + "clusterId", + "configurationEndpoint", + "engine", + "engineVersion", + "maintenanceWindow", + "nodeType", + "notificationTopicArn", + "numCacheNodes", + "parameterGroupName", + "port", + "replicationGroupId", + "securityGroupIds", + "securityGroupNames", + "snapshotRetentionLimit", + "snapshotWindow", + "subnetGroupName", + "tags", + "id" + ] + } + }, + "aws:elasticache/getReplicationGroup:getReplicationGroup": { + "description": "Use this data source to get information about an Elasticache Replication Group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = pulumi.output(aws.elasticache.getReplicationGroup({\n replicationGroupId: \"example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.elasticache.get_replication_group(replication_group_id=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = Output.Create(Aws.ElastiCache.GetReplicationGroup.InvokeAsync(new Aws.ElastiCache.GetReplicationGroupArgs\n {\n ReplicationGroupId = \"example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticache.LookupReplicationGroup(ctx, &elasticache.LookupReplicationGroupArgs{\n\t\t\tReplicationGroupId: \"example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getReplicationGroup.\n", + "properties": { + "replicationGroupId": { + "type": "string", + "description": "The identifier for the replication group.\n" + } + }, + "type": "object", + "required": [ + "replicationGroupId" + ] + }, + "outputs": { + "description": "A collection of values returned by getReplicationGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the created ElastiCache Replication Group.\n" + }, + "authTokenEnabled": { + "type": "boolean", + "description": "Specifies whether an AuthToken (password) is enabled.\n" + }, + "automaticFailoverEnabled": { + "type": "boolean", + "description": "A flag whether a read-only replica will be automatically promoted to read/write primary if the existing primary fails.\n" + }, + "configurationEndpointAddress": { + "type": "string", + "description": "The configuration endpoint address to allow host discovery.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "memberClusters": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of all the nodes that are part of this replication group.\n" + }, + "multiAzEnabled": { + "type": "boolean", + "description": "Specifies whether Multi-AZ Support is enabled for the replication group.\n" + }, + "nodeType": { + "type": "string", + "description": "The cluster node type.\n" + }, + "numberCacheClusters": { + "type": "integer", + "description": "The number of cache clusters that the replication group has.\n" + }, + "port": { + "type": "integer", + "description": "The port number on which the configuration endpoint will accept connections.\n" + }, + "primaryEndpointAddress": { + "type": "string", + "description": "The endpoint of the primary node in this node group (shard).\n" + }, + "readerEndpointAddress": { + "type": "string", + "description": "The endpoint of the reader node in this node group (shard).\n" + }, + "replicationGroupDescription": { + "type": "string", + "description": "The description of the replication group.\n" + }, + "replicationGroupId": { + "type": "string" + }, + "snapshotRetentionLimit": { + "type": "integer", + "description": "The number of days for which ElastiCache retains automatic cache cluster snapshots before deleting them.\n" + }, + "snapshotWindow": { + "type": "string", + "description": "The daily time range (in UTC) during which ElastiCache begins taking a daily snapshot of your node group (shard).\n" + } + }, + "type": "object", + "required": [ + "arn", + "authTokenEnabled", + "automaticFailoverEnabled", + "configurationEndpointAddress", + "memberClusters", + "multiAzEnabled", + "nodeType", + "numberCacheClusters", + "port", + "primaryEndpointAddress", + "readerEndpointAddress", + "replicationGroupDescription", + "replicationGroupId", + "snapshotRetentionLimit", + "snapshotWindow", + "id" + ] + } + }, + "aws:elasticache/getUser:getUser": { + "description": "Use this data source to get information about an Elasticache User.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bar = pulumi.output(aws.elasticache.getUser({\n userId: \"example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbar = aws.elasticache.get_user(user_id=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bar = Output.Create(Aws.ElastiCache.GetUser.InvokeAsync(new Aws.ElastiCache.GetUserArgs\n {\n UserId = \"example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticache\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticache.LookupUser(ctx, &elasticache.LookupUserArgs{\n\t\t\tUserId: \"example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getUser.\n", + "properties": { + "accessString": { + "type": "string", + "description": "A string for what access a user possesses within the associated ElastiCache replication groups or clusters.\n" + }, + "engine": { + "type": "string" + }, + "noPasswordRequired": { + "type": "boolean" + }, + "passwords": { + "type": "array", + "items": { + "type": "string" + } + }, + "userId": { + "type": "string", + "description": "The identifier for the user.\n" + }, + "userName": { + "type": "string", + "description": "The user name of the user.\n" + } + }, + "type": "object", + "required": [ + "userId" + ] + }, + "outputs": { + "description": "A collection of values returned by getUser.\n", + "properties": { + "accessString": { + "type": "string", + "description": "A string for what access a user possesses within the associated ElastiCache replication groups or clusters.\n" + }, + "engine": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "noPasswordRequired": { + "type": "boolean" + }, + "passwords": { + "type": "array", + "items": { + "type": "string" + } + }, + "userId": { + "type": "string", + "description": "The identifier for the user.\n" + }, + "userName": { + "type": "string", + "description": "The user name of the user.\n" + } + }, + "type": "object", + "required": [ + "userId", + "id" + ] + } + }, + "aws:elasticbeanstalk/getApplication:getApplication": { + "description": "Retrieve information about an Elastic Beanstalk Application.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.elasticbeanstalk.getApplication({\n name: \"example\",\n});\nexport const arn = example.then(example => example.arn);\nexport const description = example.then(example => example.description);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.elasticbeanstalk.get_application(name=\"example\")\npulumi.export(\"arn\", example.arn)\npulumi.export(\"description\", example.description)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ElasticBeanstalk.GetApplication.InvokeAsync(new Aws.ElasticBeanstalk.GetApplicationArgs\n {\n Name = \"example\",\n }));\n this.Arn = example.Apply(example => example.Arn);\n this.Description = example.Apply(example => example.Description);\n }\n\n [Output(\"arn\")]\n public Output Arn { get; set; }\n [Output(\"description\")]\n public Output Description { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticbeanstalk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := elasticbeanstalk.LookupApplication(ctx, &elasticbeanstalk.LookupApplicationArgs{\n\t\t\tName: \"example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"arn\", example.Arn)\n\t\tctx.Export(\"description\", example.Description)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getApplication.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the application\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getApplication.\n", + "properties": { + "appversionLifecycle": { + "$ref": "#/types/aws:elasticbeanstalk/getApplicationAppversionLifecycle:getApplicationAppversionLifecycle" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the application.\n" + }, + "description": { + "type": "string", + "description": "Short description of the application\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "appversionLifecycle", + "arn", + "description", + "name", + "id" + ] + } + }, + "aws:elasticbeanstalk/getHostedZone:getHostedZone": { + "description": "Use this data source to get the ID of an [elastic beanstalk hosted zone](http://docs.aws.amazon.com/general/latest/gr/rande.html#elasticbeanstalk_region).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = pulumi.output(aws.elasticbeanstalk.getHostedZone());\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.elasticbeanstalk.get_hosted_zone()\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.ElasticBeanstalk.GetHostedZone.InvokeAsync());\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticbeanstalk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticbeanstalk.GetHostedZone(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getHostedZone.\n", + "properties": { + "region": { + "type": "string", + "description": "The region you'd like the zone for. By default, fetches the current region.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getHostedZone.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "region": { + "type": "string", + "description": "The region of the hosted zone.\n" + } + }, + "type": "object", + "required": [ + "id" + ] + } + }, + "aws:elasticbeanstalk/getSolutionStack:getSolutionStack": { + "description": "Use this data source to get the name of a elastic beanstalk solution stack.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst multiDocker = pulumi.output(aws.elasticbeanstalk.getSolutionStack({\n mostRecent: true,\n nameRegex: \"^64bit Amazon Linux (.*) Multi-container Docker (.*)$\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmulti_docker = aws.elasticbeanstalk.get_solution_stack(most_recent=True,\n name_regex=\"^64bit Amazon Linux (.*) Multi-container Docker (.*)$\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var multiDocker = Output.Create(Aws.ElasticBeanstalk.GetSolutionStack.InvokeAsync(new Aws.ElasticBeanstalk.GetSolutionStackArgs\n {\n MostRecent = true,\n NameRegex = \"^64bit Amazon Linux (.*) Multi-container Docker (.*)$\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticbeanstalk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\t_, err := elasticbeanstalk.GetSolutionStack(ctx, &elasticbeanstalk.GetSolutionStackArgs{\n\t\t\tMostRecent: &opt0,\n\t\t\tNameRegex: fmt.Sprintf(\"%v%v\", \"^64bit Amazon Linux (.*) Multi-container Docker (.*)\", \"$\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSolutionStack.\n", + "properties": { + "mostRecent": { + "type": "boolean", + "description": "If more than one result is returned, use the most\nrecent solution stack.\n" + }, + "nameRegex": { + "type": "string", + "description": "A regex string to apply to the solution stack list returned\nby AWS. See [Elastic Beanstalk Supported Platforms][beanstalk-platforms] from\nAWS documentation for reference solution stack names.\n" + } + }, + "type": "object", + "required": [ + "nameRegex" + ] + }, + "outputs": { + "description": "A collection of values returned by getSolutionStack.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "mostRecent": { + "type": "boolean" + }, + "name": { + "type": "string", + "description": "The name of the solution stack.\n" + }, + "nameRegex": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "nameRegex", + "id" + ] + } + }, + "aws:elasticloadbalancing/getHostedZoneId:getHostedZoneId": { + "description": "Use this data source to get the HostedZoneId of the AWS Elastic Load Balancing HostedZoneId\nin a given region for the purpose of using in an AWS Route53 Alias.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.elb.getHostedZoneId({});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: aws_route53_zone.primary.zone_id,\n name: \"example.com\",\n type: \"A\",\n aliases: [{\n name: aws_elb.main.dns_name,\n zoneId: main.then(main => main.id),\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.get_hosted_zone_id()\nwww = aws.route53.Record(\"www\",\n zone_id=aws_route53_zone[\"primary\"][\"zone_id\"],\n name=\"example.com\",\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=aws_elb[\"main\"][\"dns_name\"],\n zone_id=main.id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = Output.Create(Aws.Elb.GetHostedZoneId.InvokeAsync());\n var www = new Aws.Route53.Record(\"www\", new Aws.Route53.RecordArgs\n {\n ZoneId = aws_route53_zone.Primary.Zone_id,\n Name = \"example.com\",\n Type = \"A\",\n Aliases = \n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = aws_elb.Main.Dns_name,\n ZoneId = main.Apply(main => main.Id),\n EvaluateTargetHealth = true,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := elb.GetHostedZoneId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Primary.Zone_id),\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t&route53.RecordAliasArgs{\n\t\t\t\t\tName: pulumi.Any(aws_elb.Main.Dns_name),\n\t\t\t\t\tZoneId: pulumi.String(main.Id),\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getHostedZoneId.\n", + "properties": { + "region": { + "type": "string", + "description": "Name of the region whose AWS ELB HostedZoneId is desired.\nDefaults to the region from the AWS provider configuration.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getHostedZoneId.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "region": { + "type": "string" + } + }, + "type": "object", + "required": [ + "id" + ] + }, + "deprecationMessage": "aws.elasticloadbalancing.getHostedZoneId has been deprecated in favor of aws.elb.getHostedZoneId" + }, + "aws:elasticloadbalancing/getLoadBalancer:getLoadBalancer": { + "description": "Provides information about a \"classic\" Elastic Load Balancer (ELB).\nSee `LB` Data Source if you are looking for \"v2\"\nApplication Load Balancer (ALB) or Network Load Balancer (NLB).\n\nThis data source can prove useful when a module accepts an LB as an input\nvariable and needs to, for example, determine the security groups associated\nwith it, etc.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lbName = config.get(\"lbName\") || \"\";\nconst test = aws.elb.getLoadBalancer({\n name: lbName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlb_name = config.get(\"lbName\")\nif lb_name is None:\n lb_name = \"\"\ntest = aws.elb.get_load_balancer(name=lb_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lbName = config.Get(\"lbName\") ?? \"\";\n var test = Output.Create(Aws.Elb.GetLoadBalancer.InvokeAsync(new Aws.Elb.GetLoadBalancerArgs\n {\n Name = lbName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlbName := \"\"\n\t\tif param := cfg.Get(\"lbName\"); param != \"\" {\n\t\t\tlbName = param\n\t\t}\n\t\t_, err := elb.LookupLoadBalancer(ctx, &elb.LookupLoadBalancerArgs{\n\t\t\tName: lbName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLoadBalancer.\n", + "properties": { + "name": { + "type": "string", + "description": "The unique name of the load balancer.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getLoadBalancer.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:elasticloadbalancing/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs" + }, + "arn": { + "type": "string" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + } + }, + "connectionDraining": { + "type": "boolean" + }, + "connectionDrainingTimeout": { + "type": "integer" + }, + "crossZoneLoadBalancing": { + "type": "boolean" + }, + "dnsName": { + "type": "string" + }, + "healthCheck": { + "$ref": "#/types/aws:elasticloadbalancing/getLoadBalancerHealthCheck:getLoadBalancerHealthCheck" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "idleTimeout": { + "type": "integer" + }, + "instances": { + "type": "array", + "items": { + "type": "string" + } + }, + "internal": { + "type": "boolean" + }, + "listeners": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancing/getLoadBalancerListener:getLoadBalancerListener" + } + }, + "name": { + "type": "string" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + } + }, + "sourceSecurityGroup": { + "type": "string" + }, + "sourceSecurityGroupId": { + "type": "string" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "zoneId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "accessLogs", + "arn", + "availabilityZones", + "connectionDraining", + "connectionDrainingTimeout", + "crossZoneLoadBalancing", + "dnsName", + "healthCheck", + "idleTimeout", + "instances", + "internal", + "listeners", + "name", + "securityGroups", + "sourceSecurityGroup", + "sourceSecurityGroupId", + "subnets", + "tags", + "zoneId", + "id" + ] + }, + "deprecationMessage": "aws.elasticloadbalancing.getLoadBalancer has been deprecated in favor of aws.elb.getLoadBalancer" + }, + "aws:elasticloadbalancing/getServiceAccount:getServiceAccount": { + "description": "Use this data source to get the Account ID of the [AWS Elastic Load Balancing Service Account](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy)\nin a given region for the purpose of permitting in S3 bucket policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.elb.getServiceAccount({});\nconst elbLogs = new aws.s3.Bucket(\"elbLogs\", {\n acl: \"private\",\n policy: main.then(main => `{\n \"Id\": \"Policy\",\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:PutObject\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*\",\n \"Principal\": {\n \"AWS\": [\n \"${main.arn}\"\n ]\n }\n }\n ]\n}\n`),\n});\nconst bar = new aws.elb.LoadBalancer(\"bar\", {\n availabilityZones: [\"us-west-2a\"],\n accessLogs: {\n bucket: elbLogs.bucket,\n interval: 5,\n },\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.get_service_account()\nelb_logs = aws.s3.Bucket(\"elbLogs\",\n acl=\"private\",\n policy=f\"\"\"{{\n \"Id\": \"Policy\",\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": [\n \"s3:PutObject\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*\",\n \"Principal\": {{\n \"AWS\": [\n \"{main.arn}\"\n ]\n }}\n }}\n ]\n}}\n\"\"\")\nbar = aws.elb.LoadBalancer(\"bar\",\n availability_zones=[\"us-west-2a\"],\n access_logs=aws.elb.LoadBalancerAccessLogsArgs(\n bucket=elb_logs.bucket,\n interval=5,\n ),\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = Output.Create(Aws.Elb.GetServiceAccount.InvokeAsync());\n var elbLogs = new Aws.S3.Bucket(\"elbLogs\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n Policy = main.Apply(main => @$\"{{\n \"\"Id\"\": \"\"Policy\"\",\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": [\n \"\"s3:PutObject\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*\"\",\n \"\"Principal\"\": {{\n \"\"AWS\"\": [\n \"\"{main.Arn}\"\"\n ]\n }}\n }}\n ]\n}}\n\"),\n });\n var bar = new Aws.Elb.LoadBalancer(\"bar\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-west-2a\",\n },\n AccessLogs = new Aws.Elb.Inputs.LoadBalancerAccessLogsArgs\n {\n Bucket = elbLogs.BucketName,\n Interval = 5,\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := elb.GetServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\telbLogs, err := s3.NewBucket(ctx, \"elbLogs\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Id\\\": \\\"Policy\\\",\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:PutObject\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": [\\n\", \" \\\"\", main.Arn, \"\\\"\\n\", \" ]\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancer(ctx, \"bar\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t},\n\t\t\tAccessLogs: &elb.LoadBalancerAccessLogsArgs{\n\t\t\t\tBucket: elbLogs.Bucket,\n\t\t\t\tInterval: pulumi.Int(5),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getServiceAccount.\n", + "properties": { + "region": { + "type": "string", + "description": "Name of the region whose AWS ELB account ID is desired.\nDefaults to the region from the AWS provider configuration.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getServiceAccount.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the AWS ELB service account in the selected region.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "region": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "id" + ] + }, + "deprecationMessage": "aws.elasticloadbalancing.getServiceAccount has been deprecated in favor of aws.elb.getServiceAccount" + }, + "aws:elasticloadbalancingv2/getListener:getListener": { + "description": "> **Note:** `aws.alb.Listener` is known as `aws.lb.Listener`. The functionality is identical.\n\nProvides information about a Load Balancer Listener.\n\nThis data source can prove useful when a module accepts an LB Listener as an input variable and needs to know the LB it is attached to, or other information specific to the listener in question.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst listenerArn = config.require(\"listenerArn\");\nconst listener = aws.lb.getListener({\n arn: listenerArn,\n});\nconst selected = aws.lb.getLoadBalancer({\n name: \"default-public\",\n});\nconst selected443 = selected.then(selected => aws.lb.getListener({\n loadBalancerArn: selected.arn,\n port: 443,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlistener_arn = config.require(\"listenerArn\")\nlistener = aws.lb.get_listener(arn=listener_arn)\nselected = aws.lb.get_load_balancer(name=\"default-public\")\nselected443 = aws.lb.get_listener(load_balancer_arn=selected.arn,\n port=443)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var listenerArn = config.Require(\"listenerArn\");\n var listener = Output.Create(Aws.LB.GetListener.InvokeAsync(new Aws.LB.GetListenerArgs\n {\n Arn = listenerArn,\n }));\n var selected = Output.Create(Aws.LB.GetLoadBalancer.InvokeAsync(new Aws.LB.GetLoadBalancerArgs\n {\n Name = \"default-public\",\n }));\n var selected443 = selected.Apply(selected => Output.Create(Aws.LB.GetListener.InvokeAsync(new Aws.LB.GetListenerArgs\n {\n LoadBalancerArn = selected.Arn,\n Port = 443,\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlistenerArn := cfg.Require(\"listenerArn\")\n\t\topt0 := listenerArn\n\t\t_, err := lb.LookupListener(ctx, &lb.LookupListenerArgs{\n\t\t\tArn: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt1 := \"default-public\"\n\t\tselected, err := lb.LookupLoadBalancer(ctx, &lb.LookupLoadBalancerArgs{\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt2 := selected.Arn\n\t\topt3 := 443\n\t\t_, err = lb.LookupListener(ctx, &lb.LookupListenerArgs{\n\t\t\tLoadBalancerArn: &opt2,\n\t\t\tPort: &opt3,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getListener.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the listener. Required if `load_balancer_arn` and `port` is not set.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer. Required if `arn` is not set.\n" + }, + "port": { + "type": "integer", + "description": "Port of the listener. Required if `arn` is not set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getListener.\n", + "properties": { + "alpnPolicy": { + "type": "string" + }, + "arn": { + "type": "string" + }, + "certificateArn": { + "type": "string" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/getListenerDefaultAction:getListenerDefaultAction" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "loadBalancerArn": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "sslPolicy": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "alpnPolicy", + "arn", + "certificateArn", + "defaultActions", + "loadBalancerArn", + "port", + "protocol", + "sslPolicy", + "tags", + "id" + ] + }, + "deprecationMessage": "aws.elasticloadbalancingv2.getListener has been deprecated in favor of aws.lb.getListener" + }, + "aws:elasticloadbalancingv2/getLoadBalancer:getLoadBalancer": { + "description": "> **Note:** `aws.alb.LoadBalancer` is known as `aws.lb.LoadBalancer`. The functionality is identical.\n\nProvides information about a Load Balancer.\n\nThis data source can prove useful when a module accepts an LB as an input\nvariable and needs to, for example, determine the security groups associated\nwith it, etc.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lbArn = config.get(\"lbArn\") || \"\";\nconst lbName = config.get(\"lbName\") || \"\";\nconst test = aws.lb.getLoadBalancer({\n arn: lbArn,\n name: lbName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlb_arn = config.get(\"lbArn\")\nif lb_arn is None:\n lb_arn = \"\"\nlb_name = config.get(\"lbName\")\nif lb_name is None:\n lb_name = \"\"\ntest = aws.lb.get_load_balancer(arn=lb_arn,\n name=lb_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lbArn = config.Get(\"lbArn\") ?? \"\";\n var lbName = config.Get(\"lbName\") ?? \"\";\n var test = Output.Create(Aws.LB.GetLoadBalancer.InvokeAsync(new Aws.LB.GetLoadBalancerArgs\n {\n Arn = lbArn,\n Name = lbName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlbArn := \"\"\n\t\tif param := cfg.Get(\"lbArn\"); param != \"\" {\n\t\t\tlbArn = param\n\t\t}\n\t\tlbName := \"\"\n\t\tif param := cfg.Get(\"lbName\"); param != \"\" {\n\t\t\tlbName = param\n\t\t}\n\t\topt0 := lbArn\n\t\topt1 := lbName\n\t\t_, err := lb.LookupLoadBalancer(ctx, &lb.LookupLoadBalancerArgs{\n\t\t\tArn: &opt0,\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLoadBalancer.\n", + "properties": { + "arn": { + "type": "string", + "description": "The full ARN of the load balancer.\n" + }, + "name": { + "type": "string", + "description": "The unique name of the load balancer.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match a pair on the desired load balancer.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLoadBalancer.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:elasticloadbalancingv2/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs" + }, + "arn": { + "type": "string" + }, + "arnSuffix": { + "type": "string" + }, + "customerOwnedIpv4Pool": { + "type": "string" + }, + "dnsName": { + "type": "string" + }, + "dropInvalidHeaderFields": { + "type": "boolean" + }, + "enableDeletionProtection": { + "type": "boolean" + }, + "enableHttp2": { + "type": "boolean" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "idleTimeout": { + "type": "integer" + }, + "internal": { + "type": "boolean" + }, + "ipAddressType": { + "type": "string" + }, + "loadBalancerType": { + "type": "string" + }, + "name": { + "type": "string" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticloadbalancingv2/getLoadBalancerSubnetMapping:getLoadBalancerSubnetMapping" + } + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "accessLogs", + "arn", + "arnSuffix", + "customerOwnedIpv4Pool", + "dnsName", + "dropInvalidHeaderFields", + "enableDeletionProtection", + "enableHttp2", + "idleTimeout", + "internal", + "ipAddressType", + "loadBalancerType", + "name", + "securityGroups", + "subnetMappings", + "subnets", + "tags", + "vpcId", + "zoneId", + "id" + ] + }, + "deprecationMessage": "aws.elasticloadbalancingv2.getLoadBalancer has been deprecated in favor of aws.lb.getLoadBalancer" + }, + "aws:elasticloadbalancingv2/getTargetGroup:getTargetGroup": { + "description": "> **Note:** `aws.alb.TargetGroup` is known as `aws.lb.TargetGroup`. The functionality is identical.\n\nProvides information about a Load Balancer Target Group.\n\nThis data source can prove useful when a module accepts an LB Target Group as an\ninput variable and needs to know its attributes. It can also be used to get the ARN of\nan LB Target Group for use in other resources, given LB Target Group name.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lbTgArn = config.get(\"lbTgArn\") || \"\";\nconst lbTgName = config.get(\"lbTgName\") || \"\";\nconst test = aws.lb.getTargetGroup({\n arn: lbTgArn,\n name: lbTgName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlb_tg_arn = config.get(\"lbTgArn\")\nif lb_tg_arn is None:\n lb_tg_arn = \"\"\nlb_tg_name = config.get(\"lbTgName\")\nif lb_tg_name is None:\n lb_tg_name = \"\"\ntest = aws.lb.get_target_group(arn=lb_tg_arn,\n name=lb_tg_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lbTgArn = config.Get(\"lbTgArn\") ?? \"\";\n var lbTgName = config.Get(\"lbTgName\") ?? \"\";\n var test = Output.Create(Aws.LB.GetTargetGroup.InvokeAsync(new Aws.LB.GetTargetGroupArgs\n {\n Arn = lbTgArn,\n Name = lbTgName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlbTgArn := \"\"\n\t\tif param := cfg.Get(\"lbTgArn\"); param != \"\" {\n\t\t\tlbTgArn = param\n\t\t}\n\t\tlbTgName := \"\"\n\t\tif param := cfg.Get(\"lbTgName\"); param != \"\" {\n\t\t\tlbTgName = param\n\t\t}\n\t\topt0 := lbTgArn\n\t\topt1 := lbTgName\n\t\t_, err := lb.LookupTargetGroup(ctx, &lb.LookupTargetGroupArgs{\n\t\t\tArn: &opt0,\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getTargetGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The full ARN of the target group.\n" + }, + "name": { + "type": "string", + "description": "The unique name of the target group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getTargetGroup.\n", + "properties": { + "arn": { + "type": "string" + }, + "arnSuffix": { + "type": "string" + }, + "deregistrationDelay": { + "type": "integer" + }, + "healthCheck": { + "$ref": "#/types/aws:elasticloadbalancingv2/getTargetGroupHealthCheck:getTargetGroupHealthCheck" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean" + }, + "loadBalancingAlgorithmType": { + "type": "string" + }, + "name": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "preserveClientIp": { + "type": "string" + }, + "protocol": { + "type": "string" + }, + "protocolVersion": { + "type": "string" + }, + "proxyProtocolV2": { + "type": "boolean" + }, + "slowStart": { + "type": "integer" + }, + "stickiness": { + "$ref": "#/types/aws:elasticloadbalancingv2/getTargetGroupStickiness:getTargetGroupStickiness" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetType": { + "type": "string" + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "arnSuffix", + "deregistrationDelay", + "healthCheck", + "lambdaMultiValueHeadersEnabled", + "loadBalancingAlgorithmType", + "name", + "port", + "preserveClientIp", + "protocol", + "protocolVersion", + "proxyProtocolV2", + "slowStart", + "stickiness", + "tags", + "targetType", + "vpcId", + "id" + ] + }, + "deprecationMessage": "aws.elasticloadbalancingv2.getTargetGroup has been deprecated in favor of aws.lb.getTargetGroup" + }, + "aws:elasticsearch/getDomain:getDomain": { + "description": "Use this data source to get information about an Elasticsearch Domain\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst myDomain = pulumi.output(aws.elasticsearch.getDomain({\n domainName: \"my-domain-name\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_domain = aws.elasticsearch.get_domain(domain_name=\"my-domain-name\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var myDomain = Output.Create(Aws.ElasticSearch.GetDomain.InvokeAsync(new Aws.ElasticSearch.GetDomainArgs\n {\n DomainName = \"my-domain-name\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elasticsearch\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := elasticsearch.LookupDomain(ctx, &elasticsearch.LookupDomainArgs{\n\t\t\tDomainName: \"my-domain-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDomain.\n", + "properties": { + "domainName": { + "type": "string", + "description": "Name of the domain.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags assigned to the domain.\n" + } + }, + "type": "object", + "required": [ + "domainName" + ] + }, + "outputs": { + "description": "A collection of values returned by getDomain.\n", + "properties": { + "accessPolicies": { + "type": "string", + "description": "The policy document attached to the domain.\n" + }, + "advancedOptions": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value string pairs to specify advanced configuration options.\n" + }, + "advancedSecurityOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/getDomainAdvancedSecurityOption:getDomainAdvancedSecurityOption" + }, + "description": "Status of the Elasticsearch domain's advanced security options. The block consists of the following attributes:\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the domain.\n" + }, + "clusterConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/getDomainClusterConfig:getDomainClusterConfig" + }, + "description": "Cluster configuration of the domain.\n" + }, + "cognitoOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/getDomainCognitoOption:getDomainCognitoOption" + }, + "description": "Domain Amazon Cognito Authentication options for Kibana.\n" + }, + "created": { + "type": "boolean", + "description": "Status of the creation of the domain.\n" + }, + "deleted": { + "type": "boolean", + "description": "Status of the deletion of the domain.\n" + }, + "domainId": { + "type": "string", + "description": "Unique identifier for the domain.\n" + }, + "domainName": { + "type": "string" + }, + "ebsOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/getDomainEbsOption:getDomainEbsOption" + }, + "description": "EBS Options for the instances in the domain.\n" + }, + "elasticsearchVersion": { + "type": "string", + "description": "ElasticSearch version for the domain.\n" + }, + "encryptionAtRests": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/getDomainEncryptionAtRest:getDomainEncryptionAtRest" + }, + "description": "Domain encryption at rest related options.\n" + }, + "endpoint": { + "type": "string", + "description": "Domain-specific endpoint used to submit index, search, and data upload requests.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kibanaEndpoint": { + "type": "string", + "description": "Domain-specific endpoint used to access the Kibana application.\n" + }, + "logPublishingOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/getDomainLogPublishingOption:getDomainLogPublishingOption" + }, + "description": "Domain log publishing related options.\n" + }, + "nodeToNodeEncryptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/getDomainNodeToNodeEncryption:getDomainNodeToNodeEncryption" + }, + "description": "Domain in transit encryption related options.\n" + }, + "processing": { + "type": "boolean", + "description": "Status of a configuration change in the domain.\n* `snapshot_options` – Domain snapshot related options.\n" + }, + "snapshotOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/getDomainSnapshotOption:getDomainSnapshotOption" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags assigned to the domain.\n" + }, + "vpcOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:elasticsearch/getDomainVpcOption:getDomainVpcOption" + }, + "description": "VPC Options for private Elasticsearch domains.\n" + } + }, + "type": "object", + "required": [ + "accessPolicies", + "advancedOptions", + "advancedSecurityOptions", + "arn", + "clusterConfigs", + "cognitoOptions", + "created", + "deleted", + "domainId", + "domainName", + "ebsOptions", + "elasticsearchVersion", + "encryptionAtRests", + "endpoint", + "kibanaEndpoint", + "logPublishingOptions", + "nodeToNodeEncryptions", + "processing", + "snapshotOptions", + "tags", + "vpcOptions", + "id" + ] + } + }, + "aws:elb/getHostedZoneId:getHostedZoneId": { + "description": "Use this data source to get the HostedZoneId of the AWS Elastic Load Balancing HostedZoneId\nin a given region for the purpose of using in an AWS Route53 Alias.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.elb.getHostedZoneId({});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: aws_route53_zone.primary.zone_id,\n name: \"example.com\",\n type: \"A\",\n aliases: [{\n name: aws_elb.main.dns_name,\n zoneId: main.then(main => main.id),\n evaluateTargetHealth: true,\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.get_hosted_zone_id()\nwww = aws.route53.Record(\"www\",\n zone_id=aws_route53_zone[\"primary\"][\"zone_id\"],\n name=\"example.com\",\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=aws_elb[\"main\"][\"dns_name\"],\n zone_id=main.id,\n evaluate_target_health=True,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = Output.Create(Aws.Elb.GetHostedZoneId.InvokeAsync());\n var www = new Aws.Route53.Record(\"www\", new Aws.Route53.RecordArgs\n {\n ZoneId = aws_route53_zone.Primary.Zone_id,\n Name = \"example.com\",\n Type = \"A\",\n Aliases = \n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = aws_elb.Main.Dns_name,\n ZoneId = main.Apply(main => main.Id),\n EvaluateTargetHealth = true,\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := elb.GetHostedZoneId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.Any(aws_route53_zone.Primary.Zone_id),\n\t\t\tName: pulumi.String(\"example.com\"),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t&route53.RecordAliasArgs{\n\t\t\t\t\tName: pulumi.Any(aws_elb.Main.Dns_name),\n\t\t\t\t\tZoneId: pulumi.String(main.Id),\n\t\t\t\t\tEvaluateTargetHealth: pulumi.Bool(true),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getHostedZoneId.\n", + "properties": { + "region": { + "type": "string", + "description": "Name of the region whose AWS ELB HostedZoneId is desired.\nDefaults to the region from the AWS provider configuration.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getHostedZoneId.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "region": { + "type": "string" + } + }, + "type": "object", + "required": [ + "id" + ] + } + }, + "aws:elb/getLoadBalancer:getLoadBalancer": { + "description": "Provides information about a \"classic\" Elastic Load Balancer (ELB).\nSee `LB` Data Source if you are looking for \"v2\"\nApplication Load Balancer (ALB) or Network Load Balancer (NLB).\n\nThis data source can prove useful when a module accepts an LB as an input\nvariable and needs to, for example, determine the security groups associated\nwith it, etc.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lbName = config.get(\"lbName\") || \"\";\nconst test = aws.elb.getLoadBalancer({\n name: lbName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlb_name = config.get(\"lbName\")\nif lb_name is None:\n lb_name = \"\"\ntest = aws.elb.get_load_balancer(name=lb_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lbName = config.Get(\"lbName\") ?? \"\";\n var test = Output.Create(Aws.Elb.GetLoadBalancer.InvokeAsync(new Aws.Elb.GetLoadBalancerArgs\n {\n Name = lbName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlbName := \"\"\n\t\tif param := cfg.Get(\"lbName\"); param != \"\" {\n\t\t\tlbName = param\n\t\t}\n\t\t_, err := elb.LookupLoadBalancer(ctx, &elb.LookupLoadBalancerArgs{\n\t\t\tName: lbName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLoadBalancer.\n", + "properties": { + "name": { + "type": "string", + "description": "The unique name of the load balancer.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getLoadBalancer.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:elb/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs" + }, + "arn": { + "type": "string" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + } + }, + "connectionDraining": { + "type": "boolean" + }, + "connectionDrainingTimeout": { + "type": "integer" + }, + "crossZoneLoadBalancing": { + "type": "boolean" + }, + "dnsName": { + "type": "string" + }, + "healthCheck": { + "$ref": "#/types/aws:elb/getLoadBalancerHealthCheck:getLoadBalancerHealthCheck" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "idleTimeout": { + "type": "integer" + }, + "instances": { + "type": "array", + "items": { + "type": "string" + } + }, + "internal": { + "type": "boolean" + }, + "listeners": { + "type": "array", + "items": { + "$ref": "#/types/aws:elb/getLoadBalancerListener:getLoadBalancerListener" + } + }, + "name": { + "type": "string" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + } + }, + "sourceSecurityGroup": { + "type": "string" + }, + "sourceSecurityGroupId": { + "type": "string" + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "zoneId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "accessLogs", + "arn", + "availabilityZones", + "connectionDraining", + "connectionDrainingTimeout", + "crossZoneLoadBalancing", + "dnsName", + "healthCheck", + "idleTimeout", + "instances", + "internal", + "listeners", + "name", + "securityGroups", + "sourceSecurityGroup", + "sourceSecurityGroupId", + "subnets", + "tags", + "zoneId", + "id" + ] + } + }, + "aws:elb/getServiceAccount:getServiceAccount": { + "description": "Use this data source to get the Account ID of the [AWS Elastic Load Balancing Service Account](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-access-logs.html#attach-bucket-policy)\nin a given region for the purpose of permitting in S3 bucket policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = aws.elb.getServiceAccount({});\nconst elbLogs = new aws.s3.Bucket(\"elbLogs\", {\n acl: \"private\",\n policy: main.then(main => `{\n \"Id\": \"Policy\",\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:PutObject\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*\",\n \"Principal\": {\n \"AWS\": [\n \"${main.arn}\"\n ]\n }\n }\n ]\n}\n`),\n});\nconst bar = new aws.elb.LoadBalancer(\"bar\", {\n availabilityZones: [\"us-west-2a\"],\n accessLogs: {\n bucket: elbLogs.bucket,\n interval: 5,\n },\n listeners: [{\n instancePort: 8000,\n instanceProtocol: \"http\",\n lbPort: 80,\n lbProtocol: \"http\",\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.elb.get_service_account()\nelb_logs = aws.s3.Bucket(\"elbLogs\",\n acl=\"private\",\n policy=f\"\"\"{{\n \"Id\": \"Policy\",\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": [\n \"s3:PutObject\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*\",\n \"Principal\": {{\n \"AWS\": [\n \"{main.arn}\"\n ]\n }}\n }}\n ]\n}}\n\"\"\")\nbar = aws.elb.LoadBalancer(\"bar\",\n availability_zones=[\"us-west-2a\"],\n access_logs=aws.elb.LoadBalancerAccessLogsArgs(\n bucket=elb_logs.bucket,\n interval=5,\n ),\n listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"http\",\n lb_port=80,\n lb_protocol=\"http\",\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = Output.Create(Aws.Elb.GetServiceAccount.InvokeAsync());\n var elbLogs = new Aws.S3.Bucket(\"elbLogs\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n Policy = main.Apply(main => @$\"{{\n \"\"Id\"\": \"\"Policy\"\",\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": [\n \"\"s3:PutObject\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*\"\",\n \"\"Principal\"\": {{\n \"\"AWS\"\": [\n \"\"{main.Arn}\"\"\n ]\n }}\n }}\n ]\n}}\n\"),\n });\n var bar = new Aws.Elb.LoadBalancer(\"bar\", new Aws.Elb.LoadBalancerArgs\n {\n AvailabilityZones = \n {\n \"us-west-2a\",\n },\n AccessLogs = new Aws.Elb.Inputs.LoadBalancerAccessLogsArgs\n {\n Bucket = elbLogs.BucketName,\n Interval = 5,\n },\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"http\",\n LbPort = 80,\n LbProtocol = \"http\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := elb.GetServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\telbLogs, err := s3.NewBucket(ctx, \"elbLogs\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Id\\\": \\\"Policy\\\",\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:PutObject\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::my-elb-tf-test-bucket/AWSLogs/*\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": [\\n\", \" \\\"\", main.Arn, \"\\\"\\n\", \" ]\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancer(ctx, \"bar\", &elb.LoadBalancerArgs{\n\t\t\tAvailabilityZones: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"us-west-2a\"),\n\t\t\t},\n\t\t\tAccessLogs: &elb.LoadBalancerAccessLogsArgs{\n\t\t\t\tBucket: elbLogs.Bucket,\n\t\t\t\tInterval: pulumi.Int(5),\n\t\t\t},\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"http\"),\n\t\t\t\t\tLbPort: pulumi.Int(80),\n\t\t\t\t\tLbProtocol: pulumi.String(\"http\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getServiceAccount.\n", + "properties": { + "region": { + "type": "string", + "description": "Name of the region whose AWS ELB account ID is desired.\nDefaults to the region from the AWS provider configuration.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getServiceAccount.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the AWS ELB service account in the selected region.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "region": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "id" + ] + } + }, + "aws:globalaccelerator/getAccelerator:getAccelerator": { + "description": "Provides information about a Global Accelerator accelerator.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst acceleratorArn = config.get(\"acceleratorArn\") || \"\";\nconst acceleratorName = config.get(\"acceleratorName\") || \"\";\nconst example = aws.globalaccelerator.getAccelerator({\n arn: acceleratorArn,\n name: acceleratorName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\naccelerator_arn = config.get(\"acceleratorArn\")\nif accelerator_arn is None:\n accelerator_arn = \"\"\naccelerator_name = config.get(\"acceleratorName\")\nif accelerator_name is None:\n accelerator_name = \"\"\nexample = aws.globalaccelerator.get_accelerator(arn=accelerator_arn,\n name=accelerator_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var acceleratorArn = config.Get(\"acceleratorArn\") ?? \"\";\n var acceleratorName = config.Get(\"acceleratorName\") ?? \"\";\n var example = Output.Create(Aws.GlobalAccelerator.GetAccelerator.InvokeAsync(new Aws.GlobalAccelerator.GetAcceleratorArgs\n {\n Arn = acceleratorArn,\n Name = acceleratorName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/globalaccelerator\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tacceleratorArn := \"\"\n\t\tif param := cfg.Get(\"acceleratorArn\"); param != \"\" {\n\t\t\tacceleratorArn = param\n\t\t}\n\t\tacceleratorName := \"\"\n\t\tif param := cfg.Get(\"acceleratorName\"); param != \"\" {\n\t\t\tacceleratorName = param\n\t\t}\n\t\topt0 := acceleratorArn\n\t\topt1 := acceleratorName\n\t\t_, err := globalaccelerator.LookupAccelerator(ctx, &globalaccelerator.LookupAcceleratorArgs{\n\t\t\tArn: &opt0,\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAccelerator.\n", + "properties": { + "arn": { + "type": "string", + "description": "The full ARN of the Global Accelerator.\n" + }, + "name": { + "type": "string", + "description": "The unique name of the Global Accelerator.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getAccelerator.\n", + "properties": { + "arn": { + "type": "string" + }, + "attributes": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/getAcceleratorAttribute:getAcceleratorAttribute" + } + }, + "dnsName": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "hostedZoneId": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ipAddressType": { + "type": "string" + }, + "ipSets": { + "type": "array", + "items": { + "$ref": "#/types/aws:globalaccelerator/getAcceleratorIpSet:getAcceleratorIpSet" + } + }, + "name": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "arn", + "attributes", + "dnsName", + "enabled", + "hostedZoneId", + "ipAddressType", + "ipSets", + "name", + "tags", + "id" + ] + } + }, + "aws:glue/getConnection:getConnection": { + "description": "This data source can be used to fetch information about a specific Glue Connection.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.glue.getConnection({\n id: \"123456789123:connection\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.get_connection(id=\"123456789123:connection\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Glue.GetConnection.InvokeAsync(new Aws.Glue.GetConnectionArgs\n {\n Id = \"123456789123:connection\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.LookupConnection(ctx, &glue.LookupConnectionArgs{\n\t\t\tId: \"123456789123:connection\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getConnection.\n", + "properties": { + "id": { + "type": "string", + "description": "A concatenation of the catalog ID and connection name. For example, if your account ID is\n`123456789123` and the connection name is `conn` then the ID is `123456789123:conn`.\n" + } + }, + "type": "object", + "required": [ + "id" + ] + }, + "outputs": { + "description": "A collection of values returned by getConnection.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Glue Connection.\n" + }, + "catalogId": { + "type": "string", + "description": "The catalog ID of the Glue Connection.\n" + }, + "connectionProperties": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "connectionType": { + "type": "string", + "description": "The type of Glue Connection.\n" + }, + "description": { + "type": "string", + "description": "Description of the connection.\n" + }, + "id": { + "type": "string" + }, + "matchCriterias": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of criteria that can be used in selecting this connection.\n" + }, + "name": { + "type": "string", + "description": "The name of the Glue Connection.\n" + }, + "physicalConnectionRequirements": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/getConnectionPhysicalConnectionRequirement:getConnectionPhysicalConnectionRequirement" + }, + "description": "A map of physical connection requirements, such as VPC and SecurityGroup.\n" + } + }, + "type": "object", + "required": [ + "arn", + "catalogId", + "connectionProperties", + "connectionType", + "description", + "id", + "matchCriterias", + "name", + "physicalConnectionRequirements" + ] + } + }, + "aws:glue/getDataCatalogEncryptionSettings:getDataCatalogEncryptionSettings": { + "description": "This data source can be used to fetch information about AWS Glue Data Catalog Encryption Settings.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.glue.getDataCatalogEncryptionSettings({\n id: \"123456789123\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.get_data_catalog_encryption_settings(id=\"123456789123\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Glue.GetDataCatalogEncryptionSettings.InvokeAsync(new Aws.Glue.GetDataCatalogEncryptionSettingsArgs\n {\n Id = \"123456789123\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := glue.LookupDataCatalogEncryptionSettings(ctx, &glue.LookupDataCatalogEncryptionSettingsArgs{\n\t\t\tId: \"123456789123\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDataCatalogEncryptionSettings.\n", + "properties": { + "catalogId": { + "type": "string", + "description": "The ID of the Data Catalog. This is typically the AWS account ID.\n" + } + }, + "type": "object", + "required": [ + "catalogId" + ] + }, + "outputs": { + "description": "A collection of values returned by getDataCatalogEncryptionSettings.\n", + "properties": { + "catalogId": { + "type": "string" + }, + "dataCatalogEncryptionSettings": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/getDataCatalogEncryptionSettingsDataCatalogEncryptionSetting:getDataCatalogEncryptionSettingsDataCatalogEncryptionSetting" + }, + "description": "The security configuration to set. see Data Catalog Encryption Settings.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "catalogId", + "dataCatalogEncryptionSettings", + "id" + ] + } + }, + "aws:glue/getScript:getScript": { + "description": "Use this data source to generate a Glue script from a Directed Acyclic Graph (DAG).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Generate Python Script\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.glue.getScript({\n language: \"PYTHON\",\n dagEdges: [\n {\n source: \"datasource0\",\n target: \"applymapping1\",\n },\n {\n source: \"applymapping1\",\n target: \"selectfields2\",\n },\n {\n source: \"selectfields2\",\n target: \"resolvechoice3\",\n },\n {\n source: \"resolvechoice3\",\n target: \"datasink4\",\n },\n ],\n dagNodes: [\n {\n id: \"datasource0\",\n nodeType: \"DataSource\",\n args: [\n {\n name: \"database\",\n value: `\"${aws_glue_catalog_database.source.name}\"`,\n },\n {\n name: \"table_name\",\n value: `\"${aws_glue_catalog_table.source.name}\"`,\n },\n ],\n },\n {\n id: \"applymapping1\",\n nodeType: \"ApplyMapping\",\n args: [{\n name: \"mapping\",\n value: \"[(\\\"column1\\\", \\\"string\\\", \\\"column1\\\", \\\"string\\\")]\",\n }],\n },\n {\n id: \"selectfields2\",\n nodeType: \"SelectFields\",\n args: [{\n name: \"paths\",\n value: \"[\\\"column1\\\"]\",\n }],\n },\n {\n id: \"resolvechoice3\",\n nodeType: \"ResolveChoice\",\n args: [\n {\n name: \"choice\",\n value: \"\\\"MATCH_CATALOG\\\"\",\n },\n {\n name: \"database\",\n value: `\"${aws_glue_catalog_database.destination.name}\"`,\n },\n {\n name: \"table_name\",\n value: `\"${aws_glue_catalog_table.destination.name}\"`,\n },\n ],\n },\n {\n id: \"datasink4\",\n nodeType: \"DataSink\",\n args: [\n {\n name: \"database\",\n value: `\"${aws_glue_catalog_database.destination.name}\"`,\n },\n {\n name: \"table_name\",\n value: `\"${aws_glue_catalog_table.destination.name}\"`,\n },\n ],\n },\n ],\n});\nexport const pythonScript = example.then(example => example.pythonScript);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.get_script(language=\"PYTHON\",\n dag_edges=[\n aws.glue.GetScriptDagEdgeArgs(\n source=\"datasource0\",\n target=\"applymapping1\",\n ),\n aws.glue.GetScriptDagEdgeArgs(\n source=\"applymapping1\",\n target=\"selectfields2\",\n ),\n aws.glue.GetScriptDagEdgeArgs(\n source=\"selectfields2\",\n target=\"resolvechoice3\",\n ),\n aws.glue.GetScriptDagEdgeArgs(\n source=\"resolvechoice3\",\n target=\"datasink4\",\n ),\n ],\n dag_nodes=[\n aws.glue.GetScriptDagNodeArgs(\n id=\"datasource0\",\n node_type=\"DataSource\",\n args=[\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"database\",\n value=f\"\\\"{aws_glue_catalog_database['source']['name']}\\\"\",\n ),\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"table_name\",\n value=f\"\\\"{aws_glue_catalog_table['source']['name']}\\\"\",\n ),\n ],\n ),\n aws.glue.GetScriptDagNodeArgs(\n id=\"applymapping1\",\n node_type=\"ApplyMapping\",\n args=[aws.glue.GetScriptDagNodeArgArgs(\n name=\"mapping\",\n value=\"[(\\\"column1\\\", \\\"string\\\", \\\"column1\\\", \\\"string\\\")]\",\n )],\n ),\n aws.glue.GetScriptDagNodeArgs(\n id=\"selectfields2\",\n node_type=\"SelectFields\",\n args=[aws.glue.GetScriptDagNodeArgArgs(\n name=\"paths\",\n value=\"[\\\"column1\\\"]\",\n )],\n ),\n aws.glue.GetScriptDagNodeArgs(\n id=\"resolvechoice3\",\n node_type=\"ResolveChoice\",\n args=[\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"choice\",\n value=\"\\\"MATCH_CATALOG\\\"\",\n ),\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"database\",\n value=f\"\\\"{aws_glue_catalog_database['destination']['name']}\\\"\",\n ),\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"table_name\",\n value=f\"\\\"{aws_glue_catalog_table['destination']['name']}\\\"\",\n ),\n ],\n ),\n aws.glue.GetScriptDagNodeArgs(\n id=\"datasink4\",\n node_type=\"DataSink\",\n args=[\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"database\",\n value=f\"\\\"{aws_glue_catalog_database['destination']['name']}\\\"\",\n ),\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"table_name\",\n value=f\"\\\"{aws_glue_catalog_table['destination']['name']}\\\"\",\n ),\n ],\n ),\n ])\npulumi.export(\"pythonScript\", example.python_script)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Glue.GetScript.InvokeAsync(new Aws.Glue.GetScriptArgs\n {\n Language = \"PYTHON\",\n DagEdges = \n {\n new Aws.Glue.Inputs.GetScriptDagEdgeArgs\n {\n Source = \"datasource0\",\n Target = \"applymapping1\",\n },\n new Aws.Glue.Inputs.GetScriptDagEdgeArgs\n {\n Source = \"applymapping1\",\n Target = \"selectfields2\",\n },\n new Aws.Glue.Inputs.GetScriptDagEdgeArgs\n {\n Source = \"selectfields2\",\n Target = \"resolvechoice3\",\n },\n new Aws.Glue.Inputs.GetScriptDagEdgeArgs\n {\n Source = \"resolvechoice3\",\n Target = \"datasink4\",\n },\n },\n DagNodes = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgs\n {\n Id = \"datasource0\",\n NodeType = \"DataSource\",\n Args = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"database\",\n Value = $\"\\\"{aws_glue_catalog_database.Source.Name}\\\"\",\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"table_name\",\n Value = $\"\\\"{aws_glue_catalog_table.Source.Name}\\\"\",\n },\n },\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgs\n {\n Id = \"applymapping1\",\n NodeType = \"ApplyMapping\",\n Args = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"mapping\",\n Value = \"[(\\\"column1\\\", \\\"string\\\", \\\"column1\\\", \\\"string\\\")]\",\n },\n },\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgs\n {\n Id = \"selectfields2\",\n NodeType = \"SelectFields\",\n Args = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"paths\",\n Value = \"[\\\"column1\\\"]\",\n },\n },\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgs\n {\n Id = \"resolvechoice3\",\n NodeType = \"ResolveChoice\",\n Args = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"choice\",\n Value = \"\\\"MATCH_CATALOG\\\"\",\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"database\",\n Value = $\"\\\"{aws_glue_catalog_database.Destination.Name}\\\"\",\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"table_name\",\n Value = $\"\\\"{aws_glue_catalog_table.Destination.Name}\\\"\",\n },\n },\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgs\n {\n Id = \"datasink4\",\n NodeType = \"DataSink\",\n Args = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"database\",\n Value = $\"\\\"{aws_glue_catalog_database.Destination.Name}\\\"\",\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"table_name\",\n Value = $\"\\\"{aws_glue_catalog_table.Destination.Name}\\\"\",\n },\n },\n },\n },\n }));\n this.PythonScript = example.Apply(example => example.PythonScript);\n }\n\n [Output(\"pythonScript\")]\n public Output PythonScript { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"PYTHON\"\n\t\texample, err := glue.GetScript(ctx, &glue.GetScriptArgs{\n\t\t\tLanguage: &opt0,\n\t\t\tDagEdges: []glue.GetScriptDagEdge{\n\t\t\t\tglue.GetScriptDagEdge{\n\t\t\t\t\tSource: \"datasource0\",\n\t\t\t\t\tTarget: \"applymapping1\",\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagEdge{\n\t\t\t\t\tSource: \"applymapping1\",\n\t\t\t\t\tTarget: \"selectfields2\",\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagEdge{\n\t\t\t\t\tSource: \"selectfields2\",\n\t\t\t\t\tTarget: \"resolvechoice3\",\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagEdge{\n\t\t\t\t\tSource: \"resolvechoice3\",\n\t\t\t\t\tTarget: \"datasink4\",\n\t\t\t\t},\n\t\t\t},\n\t\t\tDagNodes: []glue.GetScriptDagNode{\n\t\t\t\tglue.GetScriptDagNode{\n\t\t\t\t\tId: \"datasource0\",\n\t\t\t\t\tNodeType: \"DataSource\",\n\t\t\t\t\tArgs: []glue.GetScriptDagNodeArg{\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"database\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_database.Source.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"table_name\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_table.Source.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagNode{\n\t\t\t\t\tId: \"applymapping1\",\n\t\t\t\t\tNodeType: \"ApplyMapping\",\n\t\t\t\t\tArgs: []glue.GetScriptDagNodeArg{\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"mapping\",\n\t\t\t\t\t\t\tValue: \"[(\\\"column1\\\", \\\"string\\\", \\\"column1\\\", \\\"string\\\")]\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagNode{\n\t\t\t\t\tId: \"selectfields2\",\n\t\t\t\t\tNodeType: \"SelectFields\",\n\t\t\t\t\tArgs: []glue.GetScriptDagNodeArg{\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"paths\",\n\t\t\t\t\t\t\tValue: \"[\\\"column1\\\"]\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagNode{\n\t\t\t\t\tId: \"resolvechoice3\",\n\t\t\t\t\tNodeType: \"ResolveChoice\",\n\t\t\t\t\tArgs: []glue.GetScriptDagNodeArg{\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"choice\",\n\t\t\t\t\t\t\tValue: \"\\\"MATCH_CATALOG\\\"\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"database\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_database.Destination.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"table_name\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_table.Destination.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagNode{\n\t\t\t\t\tId: \"datasink4\",\n\t\t\t\t\tNodeType: \"DataSink\",\n\t\t\t\t\tArgs: []glue.GetScriptDagNodeArg{\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"database\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_database.Destination.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"table_name\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_table.Destination.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"pythonScript\", example.PythonScript)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Generate Scala Code\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.glue.getScript({\n language: \"SCALA\",\n dagEdges: [\n {\n source: \"datasource0\",\n target: \"applymapping1\",\n },\n {\n source: \"applymapping1\",\n target: \"selectfields2\",\n },\n {\n source: \"selectfields2\",\n target: \"resolvechoice3\",\n },\n {\n source: \"resolvechoice3\",\n target: \"datasink4\",\n },\n ],\n dagNodes: [\n {\n id: \"datasource0\",\n nodeType: \"DataSource\",\n args: [\n {\n name: \"database\",\n value: `\"${aws_glue_catalog_database.source.name}\"`,\n },\n {\n name: \"table_name\",\n value: `\"${aws_glue_catalog_table.source.name}\"`,\n },\n ],\n },\n {\n id: \"applymapping1\",\n nodeType: \"ApplyMapping\",\n args: [{\n name: \"mappings\",\n value: \"[(\\\"column1\\\", \\\"string\\\", \\\"column1\\\", \\\"string\\\")]\",\n }],\n },\n {\n id: \"selectfields2\",\n nodeType: \"SelectFields\",\n args: [{\n name: \"paths\",\n value: \"[\\\"column1\\\"]\",\n }],\n },\n {\n id: \"resolvechoice3\",\n nodeType: \"ResolveChoice\",\n args: [\n {\n name: \"choice\",\n value: \"\\\"MATCH_CATALOG\\\"\",\n },\n {\n name: \"database\",\n value: `\"${aws_glue_catalog_database.destination.name}\"`,\n },\n {\n name: \"table_name\",\n value: `\"${aws_glue_catalog_table.destination.name}\"`,\n },\n ],\n },\n {\n id: \"datasink4\",\n nodeType: \"DataSink\",\n args: [\n {\n name: \"database\",\n value: `\"${aws_glue_catalog_database.destination.name}\"`,\n },\n {\n name: \"table_name\",\n value: `\"${aws_glue_catalog_table.destination.name}\"`,\n },\n ],\n },\n ],\n});\nexport const scalaCode = example.then(example => example.scalaCode);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.glue.get_script(language=\"SCALA\",\n dag_edges=[\n aws.glue.GetScriptDagEdgeArgs(\n source=\"datasource0\",\n target=\"applymapping1\",\n ),\n aws.glue.GetScriptDagEdgeArgs(\n source=\"applymapping1\",\n target=\"selectfields2\",\n ),\n aws.glue.GetScriptDagEdgeArgs(\n source=\"selectfields2\",\n target=\"resolvechoice3\",\n ),\n aws.glue.GetScriptDagEdgeArgs(\n source=\"resolvechoice3\",\n target=\"datasink4\",\n ),\n ],\n dag_nodes=[\n aws.glue.GetScriptDagNodeArgs(\n id=\"datasource0\",\n node_type=\"DataSource\",\n args=[\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"database\",\n value=f\"\\\"{aws_glue_catalog_database['source']['name']}\\\"\",\n ),\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"table_name\",\n value=f\"\\\"{aws_glue_catalog_table['source']['name']}\\\"\",\n ),\n ],\n ),\n aws.glue.GetScriptDagNodeArgs(\n id=\"applymapping1\",\n node_type=\"ApplyMapping\",\n args=[aws.glue.GetScriptDagNodeArgArgs(\n name=\"mappings\",\n value=\"[(\\\"column1\\\", \\\"string\\\", \\\"column1\\\", \\\"string\\\")]\",\n )],\n ),\n aws.glue.GetScriptDagNodeArgs(\n id=\"selectfields2\",\n node_type=\"SelectFields\",\n args=[aws.glue.GetScriptDagNodeArgArgs(\n name=\"paths\",\n value=\"[\\\"column1\\\"]\",\n )],\n ),\n aws.glue.GetScriptDagNodeArgs(\n id=\"resolvechoice3\",\n node_type=\"ResolveChoice\",\n args=[\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"choice\",\n value=\"\\\"MATCH_CATALOG\\\"\",\n ),\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"database\",\n value=f\"\\\"{aws_glue_catalog_database['destination']['name']}\\\"\",\n ),\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"table_name\",\n value=f\"\\\"{aws_glue_catalog_table['destination']['name']}\\\"\",\n ),\n ],\n ),\n aws.glue.GetScriptDagNodeArgs(\n id=\"datasink4\",\n node_type=\"DataSink\",\n args=[\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"database\",\n value=f\"\\\"{aws_glue_catalog_database['destination']['name']}\\\"\",\n ),\n aws.glue.GetScriptDagNodeArgArgs(\n name=\"table_name\",\n value=f\"\\\"{aws_glue_catalog_table['destination']['name']}\\\"\",\n ),\n ],\n ),\n ])\npulumi.export(\"scalaCode\", example.scala_code)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Glue.GetScript.InvokeAsync(new Aws.Glue.GetScriptArgs\n {\n Language = \"SCALA\",\n DagEdges = \n {\n new Aws.Glue.Inputs.GetScriptDagEdgeArgs\n {\n Source = \"datasource0\",\n Target = \"applymapping1\",\n },\n new Aws.Glue.Inputs.GetScriptDagEdgeArgs\n {\n Source = \"applymapping1\",\n Target = \"selectfields2\",\n },\n new Aws.Glue.Inputs.GetScriptDagEdgeArgs\n {\n Source = \"selectfields2\",\n Target = \"resolvechoice3\",\n },\n new Aws.Glue.Inputs.GetScriptDagEdgeArgs\n {\n Source = \"resolvechoice3\",\n Target = \"datasink4\",\n },\n },\n DagNodes = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgs\n {\n Id = \"datasource0\",\n NodeType = \"DataSource\",\n Args = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"database\",\n Value = $\"\\\"{aws_glue_catalog_database.Source.Name}\\\"\",\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"table_name\",\n Value = $\"\\\"{aws_glue_catalog_table.Source.Name}\\\"\",\n },\n },\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgs\n {\n Id = \"applymapping1\",\n NodeType = \"ApplyMapping\",\n Args = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"mappings\",\n Value = \"[(\\\"column1\\\", \\\"string\\\", \\\"column1\\\", \\\"string\\\")]\",\n },\n },\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgs\n {\n Id = \"selectfields2\",\n NodeType = \"SelectFields\",\n Args = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"paths\",\n Value = \"[\\\"column1\\\"]\",\n },\n },\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgs\n {\n Id = \"resolvechoice3\",\n NodeType = \"ResolveChoice\",\n Args = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"choice\",\n Value = \"\\\"MATCH_CATALOG\\\"\",\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"database\",\n Value = $\"\\\"{aws_glue_catalog_database.Destination.Name}\\\"\",\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"table_name\",\n Value = $\"\\\"{aws_glue_catalog_table.Destination.Name}\\\"\",\n },\n },\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgs\n {\n Id = \"datasink4\",\n NodeType = \"DataSink\",\n Args = \n {\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"database\",\n Value = $\"\\\"{aws_glue_catalog_database.Destination.Name}\\\"\",\n },\n new Aws.Glue.Inputs.GetScriptDagNodeArgArgs\n {\n Name = \"table_name\",\n Value = $\"\\\"{aws_glue_catalog_table.Destination.Name}\\\"\",\n },\n },\n },\n },\n }));\n this.ScalaCode = example.Apply(example => example.ScalaCode);\n }\n\n [Output(\"scalaCode\")]\n public Output ScalaCode { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/glue\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"SCALA\"\n\t\texample, err := glue.GetScript(ctx, &glue.GetScriptArgs{\n\t\t\tLanguage: &opt0,\n\t\t\tDagEdges: []glue.GetScriptDagEdge{\n\t\t\t\tglue.GetScriptDagEdge{\n\t\t\t\t\tSource: \"datasource0\",\n\t\t\t\t\tTarget: \"applymapping1\",\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagEdge{\n\t\t\t\t\tSource: \"applymapping1\",\n\t\t\t\t\tTarget: \"selectfields2\",\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagEdge{\n\t\t\t\t\tSource: \"selectfields2\",\n\t\t\t\t\tTarget: \"resolvechoice3\",\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagEdge{\n\t\t\t\t\tSource: \"resolvechoice3\",\n\t\t\t\t\tTarget: \"datasink4\",\n\t\t\t\t},\n\t\t\t},\n\t\t\tDagNodes: []glue.GetScriptDagNode{\n\t\t\t\tglue.GetScriptDagNode{\n\t\t\t\t\tId: \"datasource0\",\n\t\t\t\t\tNodeType: \"DataSource\",\n\t\t\t\t\tArgs: []glue.GetScriptDagNodeArg{\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"database\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_database.Source.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"table_name\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_table.Source.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagNode{\n\t\t\t\t\tId: \"applymapping1\",\n\t\t\t\t\tNodeType: \"ApplyMapping\",\n\t\t\t\t\tArgs: []glue.GetScriptDagNodeArg{\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"mappings\",\n\t\t\t\t\t\t\tValue: \"[(\\\"column1\\\", \\\"string\\\", \\\"column1\\\", \\\"string\\\")]\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagNode{\n\t\t\t\t\tId: \"selectfields2\",\n\t\t\t\t\tNodeType: \"SelectFields\",\n\t\t\t\t\tArgs: []glue.GetScriptDagNodeArg{\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"paths\",\n\t\t\t\t\t\t\tValue: \"[\\\"column1\\\"]\",\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagNode{\n\t\t\t\t\tId: \"resolvechoice3\",\n\t\t\t\t\tNodeType: \"ResolveChoice\",\n\t\t\t\t\tArgs: []glue.GetScriptDagNodeArg{\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"choice\",\n\t\t\t\t\t\t\tValue: \"\\\"MATCH_CATALOG\\\"\",\n\t\t\t\t\t\t},\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"database\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_database.Destination.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"table_name\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_table.Destination.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tglue.GetScriptDagNode{\n\t\t\t\t\tId: \"datasink4\",\n\t\t\t\t\tNodeType: \"DataSink\",\n\t\t\t\t\tArgs: []glue.GetScriptDagNodeArg{\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"database\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_database.Destination.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tglue.GetScriptDagNodeArg{\n\t\t\t\t\t\t\tName: \"table_name\",\n\t\t\t\t\t\t\tValue: fmt.Sprintf(\"%v%v%v\", \"\\\"\", aws_glue_catalog_table.Destination.Name, \"\\\"\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"scalaCode\", example.ScalaCode)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getScript.\n", + "properties": { + "dagEdges": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/getScriptDagEdge:getScriptDagEdge" + }, + "description": "A list of the edges in the DAG. Defined below.\n" + }, + "dagNodes": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/getScriptDagNode:getScriptDagNode" + }, + "description": "A list of the nodes in the DAG. Defined below.\n" + }, + "language": { + "type": "string", + "description": "The programming language of the resulting code from the DAG. Defaults to `PYTHON`. Valid values are `PYTHON` and `SCALA`.\n" + } + }, + "type": "object", + "required": [ + "dagEdges", + "dagNodes" + ] + }, + "outputs": { + "description": "A collection of values returned by getScript.\n", + "properties": { + "dagEdges": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/getScriptDagEdge:getScriptDagEdge" + } + }, + "dagNodes": { + "type": "array", + "items": { + "$ref": "#/types/aws:glue/getScriptDagNode:getScriptDagNode" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "language": { + "type": "string" + }, + "pythonScript": { + "type": "string", + "description": "The Python script generated from the DAG when the `language` argument is set to `PYTHON`.\n" + }, + "scalaCode": { + "type": "string", + "description": "The Scala code generated from the DAG when the `language` argument is set to `SCALA`.\n" + } + }, + "type": "object", + "required": [ + "dagEdges", + "dagNodes", + "pythonScript", + "scalaCode", + "id" + ] + } + }, + "aws:guardduty/getDetector:getDetector": { + "description": "Retrieve information about a GuardDuty detector.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.guardduty.getDetector());\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.guardduty.get_detector()\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.GuardDuty.GetDetector.InvokeAsync());\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/guardduty\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := guardduty.LookupDetector(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDetector.\n", + "properties": { + "id": { + "type": "string", + "description": "The ID of the detector.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getDetector.\n", + "properties": { + "findingPublishingFrequency": { + "type": "string", + "description": "The frequency of notifications sent about subsequent finding occurrences.\n" + }, + "id": { + "type": "string" + }, + "serviceRoleArn": { + "type": "string", + "description": "The service-linked role that grants GuardDuty access to the resources in the AWS account.\n" + }, + "status": { + "type": "string", + "description": "The current status of the detector.\n" + } + }, + "type": "object", + "required": [ + "findingPublishingFrequency", + "id", + "serviceRoleArn", + "status" + ] + } + }, + "aws:iam/getAccountAlias:getAccountAlias": { + "description": "The IAM Account Alias data source allows access to the account alias\nfor the effective account in which this provider is working.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.iam.getAccountAlias({});\nexport const accountId = current.then(current => current.accountAlias);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.iam.get_account_alias()\npulumi.export(\"accountId\", current.account_alias)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.Iam.GetAccountAlias.InvokeAsync());\n this.AccountId = current.Apply(current => current.AccountAlias);\n }\n\n [Output(\"accountId\")]\n public Output AccountId { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := iam.LookupAccountAlias(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"accountId\", current.AccountAlias)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getAccountAlias.\n", + "properties": { + "accountAlias": { + "type": "string", + "description": "The alias associated with the AWS account.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "accountAlias", + "id" + ] + } + }, + "aws:iam/getGroup:getGroup": { + "description": "This data source can be used to fetch information about a specific\nIAM group. By using this data source, you can reference IAM group\nproperties without having to hard code ARNs as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.iam.getGroup({\n groupName: \"an_example_group_name\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_group(group_name=\"an_example_group_name\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Iam.GetGroup.InvokeAsync(new Aws.Iam.GetGroupArgs\n {\n GroupName = \"an_example_group_name\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.LookupGroup(ctx, &iam.LookupGroupArgs{\n\t\t\tGroupName: \"an_example_group_name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getGroup.\n", + "properties": { + "groupName": { + "type": "string", + "description": "The friendly IAM group name to match.\n" + } + }, + "type": "object", + "required": [ + "groupName" + ] + }, + "outputs": { + "description": "A collection of values returned by getGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the iam user.\n" + }, + "groupId": { + "type": "string", + "description": "The stable and unique string identifying the group.\n" + }, + "groupName": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "path": { + "type": "string", + "description": "The path to the iam user.\n" + }, + "users": { + "type": "array", + "items": { + "$ref": "#/types/aws:iam/getGroupUser:getGroupUser" + }, + "description": "List of objects containing group member information. See supported fields below.\n" + } + }, + "type": "object", + "required": [ + "arn", + "groupId", + "groupName", + "path", + "users", + "id" + ] + } + }, + "aws:iam/getInstanceProfile:getInstanceProfile": { + "description": "This data source can be used to fetch information about a specific\nIAM instance profile. By using this data source, you can reference IAM\ninstance profile properties without having to hard code ARNs as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.iam.getInstanceProfile({\n name: \"an_example_instance_profile_name\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_instance_profile(name=\"an_example_instance_profile_name\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Iam.GetInstanceProfile.InvokeAsync(new Aws.Iam.GetInstanceProfileArgs\n {\n Name = \"an_example_instance_profile_name\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.LookupInstanceProfile(ctx, &iam.LookupInstanceProfileArgs{\n\t\t\tName: \"an_example_instance_profile_name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getInstanceProfile.\n", + "properties": { + "name": { + "type": "string", + "description": "The friendly IAM instance profile name to match.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getInstanceProfile.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the instance profile.\n" + }, + "createDate": { + "type": "string", + "description": "The string representation of the date the instance profile\nwas created.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string", + "description": "The path to the instance profile.\n" + }, + "roleArn": { + "type": "string", + "description": "The role arn associated with this instance profile.\n" + }, + "roleId": { + "type": "string", + "description": "The role id associated with this instance profile.\n" + }, + "roleName": { + "type": "string", + "description": "The role name associated with this instance profile.\n" + } + }, + "type": "object", + "required": [ + "arn", + "createDate", + "name", + "path", + "roleArn", + "roleId", + "roleName", + "id" + ] + } + }, + "aws:iam/getPolicy:getPolicy": { + "description": "This data source can be used to fetch information about a specific\nIAM policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### By ARN\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.iam.getPolicy({\n arn: \"arn:aws:iam::123456789012:policy/UsersManageOwnCredentials\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy(arn=\"arn:aws:iam::123456789012:policy/UsersManageOwnCredentials\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Iam.GetPolicy.InvokeAsync(new Aws.Iam.GetPolicyArgs\n {\n Arn = \"arn:aws:iam::123456789012:policy/UsersManageOwnCredentials\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"arn:aws:iam::123456789012:policy/UsersManageOwnCredentials\"\n\t\t_, err := iam.LookupPolicy(ctx, &iam.LookupPolicyArgs{\n\t\t\tArn: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### By Name\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.iam.getPolicy({\n name: \"test_policy\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_policy(name=\"test_policy\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Iam.GetPolicy.InvokeAsync(new Aws.Iam.GetPolicyArgs\n {\n Name = \"test_policy\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"test_policy\"\n\t\t_, err := iam.LookupPolicy(ctx, &iam.LookupPolicyArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPolicy.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the IAM policy.\n" + }, + "name": { + "type": "string", + "description": "The name of the IAM policy.\n" + }, + "pathPrefix": { + "type": "string", + "description": "The prefix of the path to the IAM policy. Defaults to a slash (`/`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of tags for the IAM Policy.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getPolicy.\n", + "properties": { + "arn": { + "type": "string" + }, + "description": { + "type": "string", + "description": "The description of the policy.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string", + "description": "The path to the policy.\n" + }, + "pathPrefix": { + "type": "string" + }, + "policy": { + "type": "string", + "description": "The policy document of the policy.\n" + }, + "policyId": { + "type": "string", + "description": "The policy's ID.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value mapping of tags for the IAM Policy.\n" + } + }, + "type": "object", + "required": [ + "arn", + "description", + "name", + "path", + "policy", + "policyId", + "tags", + "id" + ] + } + }, + "aws:iam/getPolicyDocument:getPolicyDocument": { + "description": "Generates an IAM policy document in JSON format for use with resources that expect policy documents such as `aws.iam.Policy`.\n\nUsing this data source to generate policy documents is *optional*. It is also valid to use literal JSON strings in your configuration or to use the `file` interpolation function to read a raw JSON policy document from a file.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Example\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst examplePolicyDocument = aws.iam.getPolicyDocument({\n statements: [\n {\n sid: \"1\",\n actions: [\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n ],\n resources: [\"arn:aws:s3:::*\"],\n },\n {\n actions: [\"s3:ListBucket\"],\n resources: [`arn:aws:s3:::${_var.s3_bucket_name}`],\n conditions: [{\n test: \"StringLike\",\n variable: \"s3:prefix\",\n values: [\n \"\",\n \"home/\",\n \"home/&{aws:username}/\",\n ],\n }],\n },\n {\n actions: [\"s3:*\"],\n resources: [\n `arn:aws:s3:::${_var.s3_bucket_name}/home/&{aws:username}`,\n `arn:aws:s3:::${_var.s3_bucket_name}/home/&{aws:username}/*`,\n ],\n },\n ],\n});\nconst examplePolicy = new aws.iam.Policy(\"examplePolicy\", {\n path: \"/\",\n policy: examplePolicyDocument.then(examplePolicyDocument => examplePolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_policy_document = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"1\",\n actions=[\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n ],\n resources=[\"arn:aws:s3:::*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:ListBucket\"],\n resources=[f\"arn:aws:s3:::{var['s3_bucket_name']}\"],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringLike\",\n variable=\"s3:prefix\",\n values=[\n \"\",\n \"home/\",\n \"home/&{aws:username}/\",\n ],\n )],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:*\"],\n resources=[\n f\"arn:aws:s3:::{var['s3_bucket_name']}/home/&{{aws:username}}\",\n f\"arn:aws:s3:::{var['s3_bucket_name']}/home/&{{aws:username}}/*\",\n ],\n ),\n])\nexample_policy = aws.iam.Policy(\"examplePolicy\",\n path=\"/\",\n policy=example_policy_document.json)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var examplePolicyDocument = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"1\",\n Actions = \n {\n \"s3:ListAllMyBuckets\",\n \"s3:GetBucketLocation\",\n },\n Resources = \n {\n \"arn:aws:s3:::*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"s3:ListBucket\",\n },\n Resources = \n {\n $\"arn:aws:s3:::{@var.S3_bucket_name}\",\n },\n Conditions = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs\n {\n Test = \"StringLike\",\n Variable = \"s3:prefix\",\n Values = \n {\n \"\",\n \"home/\",\n \"home/&{aws:username}/\",\n },\n },\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"s3:*\",\n },\n Resources = \n {\n $\"arn:aws:s3:::{@var.S3_bucket_name}/home/&{{aws:username}}\",\n $\"arn:aws:s3:::{@var.S3_bucket_name}/home/&{{aws:username}}/*\",\n },\n },\n },\n }));\n var examplePolicy = new Aws.Iam.Policy(\"examplePolicy\", new Aws.Iam.PolicyArgs\n {\n Path = \"/\",\n Policy = examplePolicyDocument.Apply(examplePolicyDocument => examplePolicyDocument.Json),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texamplePolicyDocument, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"1\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListAllMyBuckets\",\n\t\t\t\t\t\t\"s3:GetBucketLocation\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v\", \"arn:aws:s3:::\", _var.S3_bucket_name),\n\t\t\t\t\t},\n\t\t\t\t\tConditions: []iam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\tiam.GetPolicyDocumentStatementCondition{\n\t\t\t\t\t\t\tTest: \"StringLike\",\n\t\t\t\t\t\t\tVariable: \"s3:prefix\",\n\t\t\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\t\t\"\",\n\t\t\t\t\t\t\t\t\"home/\",\n\t\t\t\t\t\t\t\t\"home/&{aws:username}/\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v\", \"arn:aws:s3:::\", _var.S3_bucket_name, \"/home/&{aws:username}\"),\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v\", \"arn:aws:s3:::\", _var.S3_bucket_name, \"/home/&{aws:username}/*\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewPolicy(ctx, \"examplePolicy\", &iam.PolicyArgs{\n\t\t\tPath: pulumi.String(\"/\"),\n\t\t\tPolicy: pulumi.String(examplePolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example Using A Source Document\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst source = aws.iam.getPolicyDocument({\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n },\n ],\n});\nconst sourceJsonExample = source.then(source => aws.iam.getPolicyDocument({\n sourceJson: source.json,\n statements: [{\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource = aws.iam.get_policy_document(statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n ),\n])\nsource_json_example = aws.iam.get_policy_document(source_json=source.json,\n statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var source = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"ec2:*\",\n },\n Resources = \n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"SidToOverride\",\n Actions = \n {\n \"s3:*\",\n },\n Resources = \n {\n \"*\",\n },\n },\n },\n }));\n var sourceJsonExample = source.Apply(source => Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n SourceJson = source.Json,\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"SidToOverride\",\n Actions = \n {\n \"s3:*\",\n },\n Resources = \n {\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n },\n },\n },\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsource, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"SidToOverride\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt0 := source.Json\n\t\t_, err = iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tSourceJson: &opt0,\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"SidToOverride\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::somebucket\",\n\t\t\t\t\t\t\"arn:aws:s3:::somebucket/*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n`data.aws_iam_policy_document.source_json_example.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing Pulumi;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example Using An Override Document\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst override = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\"*\"],\n }],\n});\nconst overrideJsonExample = override.then(override => aws.iam.getPolicyDocument({\n overrideJson: override.json,\n statements: [\n {\n actions: [\"ec2:*\"],\n resources: [\"*\"],\n },\n {\n sid: \"SidToOverride\",\n actions: [\"s3:*\"],\n resources: [\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n },\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\noverride = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\"*\"],\n)])\noverride_json_example = aws.iam.get_policy_document(override_json=override.json,\n statements=[\n aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"ec2:*\"],\n resources=[\"*\"],\n ),\n aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"SidToOverride\",\n actions=[\"s3:*\"],\n resources=[\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n ],\n ),\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var @override = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"SidToOverride\",\n Actions = \n {\n \"s3:*\",\n },\n Resources = \n {\n \"*\",\n },\n },\n },\n }));\n var overrideJsonExample = @override.Apply(@override => Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n OverrideJson = @override.Json,\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"ec2:*\",\n },\n Resources = \n {\n \"*\",\n },\n },\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"SidToOverride\",\n Actions = \n {\n \"s3:*\",\n },\n Resources = \n {\n \"arn:aws:s3:::somebucket\",\n \"arn:aws:s3:::somebucket/*\",\n },\n },\n },\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\toverride, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"SidToOverride\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt0 := override.Json\n\t\t_, err = iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tOverrideJson: &opt0,\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"SidToOverride\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:*\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"arn:aws:s3:::somebucket\",\n\t\t\t\t\t\t\"arn:aws:s3:::somebucket/*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n`data.aws_iam_policy_document.override_json_example.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing Pulumi;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Example with Both Source and Override Documents\n\nYou can also combine `source_json` and `override_json` in the same document.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst source = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceholder\",\n actions: [\"ec2:DescribeAccountAttributes\"],\n resources: [\"*\"],\n }],\n});\nconst override = aws.iam.getPolicyDocument({\n statements: [{\n sid: \"OverridePlaceholder\",\n actions: [\"s3:GetObject\"],\n resources: [\"*\"],\n }],\n});\nconst politik = Promise.all([source, override]).then(([source, override]) => aws.iam.getPolicyDocument({\n sourceJson: source.json,\n overrideJson: override.json,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsource = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceholder\",\n actions=[\"ec2:DescribeAccountAttributes\"],\n resources=[\"*\"],\n)])\noverride = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n sid=\"OverridePlaceholder\",\n actions=[\"s3:GetObject\"],\n resources=[\"*\"],\n)])\npolitik = aws.iam.get_policy_document(source_json=source.json,\n override_json=override.json)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var source = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"OverridePlaceholder\",\n Actions = \n {\n \"ec2:DescribeAccountAttributes\",\n },\n Resources = \n {\n \"*\",\n },\n },\n },\n }));\n var @override = Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Sid = \"OverridePlaceholder\",\n Actions = \n {\n \"s3:GetObject\",\n },\n Resources = \n {\n \"*\",\n },\n },\n },\n }));\n var politik = Output.Tuple(source, @override).Apply(values =>\n {\n var source = values.Item1;\n var @override = values.Item2;\n return Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n SourceJson = source.Json,\n OverrideJson = @override.Json,\n }));\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsource, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"OverridePlaceholder\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:DescribeAccountAttributes\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toverride, err := iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tSid: \"OverridePlaceholder\",\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:GetObject\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt0 := source.Json\n\t\topt1 := override.Json\n\t\t_, err = iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tSourceJson: &opt0,\n\t\t\tOverrideJson: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n`data.aws_iam_policy_document.politik.json` will evaluate to:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\n```\n```python\nimport pulumi\n```\n```csharp\nusing Pulumi;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPolicyDocument.\n", + "properties": { + "overrideJson": { + "type": "string", + "description": "IAM policy document whose statements with non-blank `sid`s will override statements with the same `sid` from documents assigned to the `source_json`, `source_policy_documents`, and `override_policy_documents` arguments. Non-overriding statements will be added to the exported document.\n" + }, + "overridePolicyDocuments": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank `sid`s will override statements with the same `sid` from earlier documents in the list. Statements with non-blank `sid`s will also override statements with the same `sid` from documents provided in the `source_json` and `source_policy_documents` arguments. Non-overriding statements will be added to the exported document.\n" + }, + "policyId": { + "type": "string", + "description": "ID for the policy document.\n" + }, + "sourceJson": { + "type": "string", + "description": "IAM policy document used as a base for the exported policy document. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements.\n" + }, + "sourcePolicyDocuments": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of IAM policy documents that are merged together into the exported document. Statements defined in `source_policy_documents` or `source_json` must have unique `sid`s. Statements with the same `sid` from documents assigned to the `override_json` and `override_policy_documents` arguments will override source statements.\n" + }, + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:iam/getPolicyDocumentStatement:getPolicyDocumentStatement" + }, + "description": "Configuration block for a policy statement. Detailed below.\n" + }, + "version": { + "type": "string", + "description": "IAM policy document version. Valid values are `2008-10-17` and `2012-10-17`. Defaults to `2012-10-17`. For more information, see the [AWS IAM User Guide](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_version.html).\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getPolicyDocument.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "json": { + "type": "string", + "description": "Standard JSON policy document rendered based on the arguments above.\n" + }, + "overrideJson": { + "type": "string" + }, + "overridePolicyDocuments": { + "type": "array", + "items": { + "type": "string" + } + }, + "policyId": { + "type": "string" + }, + "sourceJson": { + "type": "string" + }, + "sourcePolicyDocuments": { + "type": "array", + "items": { + "type": "string" + } + }, + "statements": { + "type": "array", + "items": { + "$ref": "#/types/aws:iam/getPolicyDocumentStatement:getPolicyDocumentStatement" + } + }, + "version": { + "type": "string" + } + }, + "type": "object", + "required": [ + "json", + "id" + ] + } + }, + "aws:iam/getRole:getRole": { + "description": "This data source can be used to fetch information about a specific\nIAM role. By using this data source, you can reference IAM role\nproperties without having to hard code ARNs as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.iam.getRole({\n name: \"an_example_role_name\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_role(name=\"an_example_role_name\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Iam.GetRole.InvokeAsync(new Aws.Iam.GetRoleArgs\n {\n Name = \"an_example_role_name\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.LookupRole(ctx, &iam.LookupRoleArgs{\n\t\t\tName: \"an_example_role_name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRole.\n", + "properties": { + "name": { + "type": "string", + "description": "The friendly IAM role name to match.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags attached to the role.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getRole.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) specifying the role.\n" + }, + "assumeRolePolicy": { + "type": "string", + "description": "The policy document associated with the role.\n" + }, + "createDate": { + "type": "string", + "description": "Creation date of the role in RFC 3339 format.\n" + }, + "description": { + "type": "string", + "description": "Description for the role.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "maxSessionDuration": { + "type": "integer", + "description": "Maximum session duration.\n" + }, + "name": { + "type": "string" + }, + "path": { + "type": "string", + "description": "The path to the role.\n" + }, + "permissionsBoundary": { + "type": "string", + "description": "The ARN of the policy that is used to set the permissions boundary for the role.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags attached to the role.\n" + }, + "uniqueId": { + "type": "string", + "description": "The stable and unique string identifying the role.\n" + } + }, + "type": "object", + "required": [ + "arn", + "assumeRolePolicy", + "createDate", + "description", + "maxSessionDuration", + "name", + "path", + "permissionsBoundary", + "tags", + "uniqueId", + "id" + ] + } + }, + "aws:iam/getServerCertificate:getServerCertificate": { + "description": "Use this data source to lookup information about IAM Server Certificates.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst my-domain = aws.iam.getServerCertificate({\n namePrefix: \"my-domain.org\",\n latest: true,\n});\nconst elb = new aws.elb.LoadBalancer(\"elb\", {listeners: [{\n instancePort: 8000,\n instanceProtocol: \"https\",\n lbPort: 443,\n lbProtocol: \"https\",\n sslCertificateId: my_domain.then(my_domain => my_domain.arn),\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmy_domain = aws.iam.get_server_certificate(name_prefix=\"my-domain.org\",\n latest=True)\nelb = aws.elb.LoadBalancer(\"elb\", listeners=[aws.elb.LoadBalancerListenerArgs(\n instance_port=8000,\n instance_protocol=\"https\",\n lb_port=443,\n lb_protocol=\"https\",\n ssl_certificate_id=my_domain.arn,\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var my_domain = Output.Create(Aws.Iam.GetServerCertificate.InvokeAsync(new Aws.Iam.GetServerCertificateArgs\n {\n NamePrefix = \"my-domain.org\",\n Latest = true,\n }));\n var elb = new Aws.Elb.LoadBalancer(\"elb\", new Aws.Elb.LoadBalancerArgs\n {\n Listeners = \n {\n new Aws.Elb.Inputs.LoadBalancerListenerArgs\n {\n InstancePort = 8000,\n InstanceProtocol = \"https\",\n LbPort = 443,\n LbProtocol = \"https\",\n SslCertificateId = my_domain.Apply(my_domain => my_domain.Arn),\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/elb\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"my-domain.org\"\n\t\topt1 := true\n\t\tmy_domain, err := iam.LookupServerCertificate(ctx, &iam.LookupServerCertificateArgs{\n\t\t\tNamePrefix: &opt0,\n\t\t\tLatest: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = elb.NewLoadBalancer(ctx, \"elb\", &elb.LoadBalancerArgs{\n\t\t\tListeners: elb.LoadBalancerListenerArray{\n\t\t\t\t&elb.LoadBalancerListenerArgs{\n\t\t\t\t\tInstancePort: pulumi.Int(8000),\n\t\t\t\t\tInstanceProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tLbPort: pulumi.Int(443),\n\t\t\t\t\tLbProtocol: pulumi.String(\"https\"),\n\t\t\t\t\tSslCertificateId: pulumi.String(my_domain.Arn),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getServerCertificate.\n", + "properties": { + "latest": { + "type": "boolean", + "description": "sort results by expiration date. returns the certificate with expiration date in furthest in the future.\n" + }, + "name": { + "type": "string", + "description": "exact name of the cert to lookup\n" + }, + "namePrefix": { + "type": "string", + "description": "prefix of cert to filter by\n" + }, + "pathPrefix": { + "type": "string", + "description": "prefix of path to filter by\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getServerCertificate.\n", + "properties": { + "arn": { + "type": "string" + }, + "certificateBody": { + "type": "string" + }, + "certificateChain": { + "type": "string" + }, + "expirationDate": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "latest": { + "type": "boolean" + }, + "name": { + "type": "string" + }, + "namePrefix": { + "type": "string" + }, + "path": { + "type": "string" + }, + "pathPrefix": { + "type": "string" + }, + "uploadDate": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "certificateBody", + "certificateChain", + "expirationDate", + "name", + "path", + "uploadDate", + "id" + ] + } + }, + "aws:iam/getSessionContext:getSessionContext": { + "inputs": { + "description": "A collection of arguments for invoking getSessionContext.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN for an assumed role.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getSessionContext.\n", + "properties": { + "arn": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "issuerArn": { + "type": "string", + "description": "IAM source role ARN if `arn` corresponds to an STS assumed role. Otherwise, `issuer_arn` is equal to `arn`.\n" + }, + "issuerId": { + "type": "string", + "description": "Unique identifier of the IAM role that issues the STS assumed role.\n" + }, + "issuerName": { + "type": "string", + "description": "Name of the source role. Only available if `arn` corresponds to an STS assumed role.\n" + }, + "sessionName": { + "type": "string", + "description": "Name of the STS session. Only available if `arn` corresponds to an STS assumed role.\n" + } + }, + "type": "object", + "required": [ + "arn", + "issuerArn", + "issuerId", + "issuerName", + "sessionName", + "id" + ] + } + }, + "aws:iam/getUser:getUser": { + "description": "This data source can be used to fetch information about a specific\nIAM user. By using this data source, you can reference IAM user\nproperties without having to hard code ARNs or unique IDs as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.iam.getUser({\n userName: \"an_example_user_name\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.get_user(user_name=\"an_example_user_name\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Iam.GetUser.InvokeAsync(new Aws.Iam.GetUserArgs\n {\n UserName = \"an_example_user_name\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.LookupUser(ctx, &iam.LookupUserArgs{\n\t\t\tUserName: \"an_example_user_name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getUser.\n", + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value pairs associated with the user.\n" + }, + "userName": { + "type": "string", + "description": "The friendly IAM user name to match.\n" + } + }, + "type": "object", + "required": [ + "userName" + ] + }, + "outputs": { + "description": "A collection of values returned by getUser.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) assigned by AWS for this user.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "path": { + "type": "string", + "description": "Path in which this user was created.\n" + }, + "permissionsBoundary": { + "type": "string", + "description": "The ARN of the policy that is used to set the permissions boundary for the user.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value pairs associated with the user.\n" + }, + "userId": { + "type": "string", + "description": "The unique ID assigned by AWS for this user.\n" + }, + "userName": { + "type": "string", + "description": "The name associated to this User\n" + } + }, + "type": "object", + "required": [ + "arn", + "path", + "permissionsBoundary", + "tags", + "userId", + "userName", + "id" + ] + } + }, + "aws:identitystore/getGroup:getGroup": { + "description": "Use this data source to get an Identity Store Group.\n", + "inputs": { + "description": "A collection of arguments for invoking getGroup.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:identitystore/getGroupFilter:getGroupFilter" + }, + "description": "Configuration block(s) for filtering. Currently, the AWS Identity Store API supports only 1 filter. Detailed below.\n" + }, + "groupId": { + "type": "string", + "description": "The identifier for a group in the Identity Store.\n" + }, + "identityStoreId": { + "type": "string", + "description": "The Identity Store ID associated with the Single Sign-On Instance.\n" + } + }, + "type": "object", + "required": [ + "filters", + "identityStoreId" + ] + }, + "outputs": { + "description": "A collection of values returned by getGroup.\n", + "properties": { + "displayName": { + "type": "string", + "description": "The group's display name value.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:identitystore/getGroupFilter:getGroupFilter" + } + }, + "groupId": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "identityStoreId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "displayName", + "filters", + "groupId", + "identityStoreId", + "id" + ] + } + }, + "aws:identitystore/getUser:getUser": { + "description": "Use this data source to get an Identity Store User.\n", + "inputs": { + "description": "A collection of arguments for invoking getUser.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:identitystore/getUserFilter:getUserFilter" + }, + "description": "Configuration block(s) for filtering. Currently, the AWS Identity Store API supports only 1 filter. Detailed below.\n" + }, + "identityStoreId": { + "type": "string", + "description": "The Identity Store ID associated with the Single Sign-On Instance.\n" + }, + "userId": { + "type": "string", + "description": "The identifier for a user in the Identity Store.\n" + } + }, + "type": "object", + "required": [ + "filters", + "identityStoreId" + ] + }, + "outputs": { + "description": "A collection of values returned by getUser.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:identitystore/getUserFilter:getUserFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "identityStoreId": { + "type": "string" + }, + "userId": { + "type": "string" + }, + "userName": { + "type": "string", + "description": "The user's user name value.\n" + } + }, + "type": "object", + "required": [ + "filters", + "identityStoreId", + "userId", + "userName", + "id" + ] + } + }, + "aws:imagebuilder/getComponent:getComponent": { + "description": "Provides details about an Image Builder Component.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.imagebuilder.getComponent({\n arn: \"arn:aws:imagebuilder:us-west-2:aws:component/amazon-cloudwatch-agent-linux/1.0.0\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.get_component(arn=\"arn:aws:imagebuilder:us-west-2:aws:component/amazon-cloudwatch-agent-linux/1.0.0\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ImageBuilder.GetComponent.InvokeAsync(new Aws.ImageBuilder.GetComponentArgs\n {\n Arn = \"arn:aws:imagebuilder:us-west-2:aws:component/amazon-cloudwatch-agent-linux/1.0.0\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.LookupComponent(ctx, &imagebuilder.LookupComponentArgs{\n\t\t\tArn: \"arn:aws:imagebuilder:us-west-2:aws:component/amazon-cloudwatch-agent-linux/1.0.0\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getComponent.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the component.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the component.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getComponent.\n", + "properties": { + "arn": { + "type": "string" + }, + "changeDescription": { + "type": "string", + "description": "Change description of the component.\n" + }, + "data": { + "type": "string", + "description": "Data of the component.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the component was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the component.\n" + }, + "encrypted": { + "type": "boolean", + "description": "Encryption status of the component.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Key Management Service (KMS) Key used to encrypt the component.\n" + }, + "name": { + "type": "string", + "description": "Name of the component.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the component.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the component.\n" + }, + "supportedOsVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Operating Systems (OSes) supported by the component.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the component.\n" + }, + "type": { + "type": "string", + "description": "Type of the component.\n" + }, + "version": { + "type": "string", + "description": "Version of the component.\n" + } + }, + "type": "object", + "required": [ + "arn", + "changeDescription", + "data", + "dateCreated", + "description", + "encrypted", + "kmsKeyId", + "name", + "owner", + "platform", + "supportedOsVersions", + "tags", + "type", + "version", + "id" + ] + } + }, + "aws:imagebuilder/getDistributionConfiguration:getDistributionConfiguration": { + "description": "Provides details about an Image Builder Distribution Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.imagebuilder.getDistributionConfiguration({\n arn: \"arn:aws:imagebuilder:us-west-2:aws:distribution-configuration/example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.get_distribution_configuration(arn=\"arn:aws:imagebuilder:us-west-2:aws:distribution-configuration/example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ImageBuilder.GetDistributionConfiguration.InvokeAsync(new Aws.ImageBuilder.GetDistributionConfigurationArgs\n {\n Arn = \"arn:aws:imagebuilder:us-west-2:aws:distribution-configuration/example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.LookupDistributionConfiguration(ctx, &imagebuilder.LookupDistributionConfigurationArgs{\n\t\t\tArn: \"arn:aws:imagebuilder:us-west-2:aws:distribution-configuration/example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDistributionConfiguration.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the distribution configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the distribution configuration.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getDistributionConfiguration.\n", + "properties": { + "arn": { + "type": "string" + }, + "dateCreated": { + "type": "string", + "description": "Date the distribution configuration was created.\n" + }, + "dateUpdated": { + "type": "string", + "description": "Date the distribution configuration was updated.\n" + }, + "description": { + "type": "string", + "description": "Description to apply to distributed AMI.\n" + }, + "distributions": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getDistributionConfigurationDistribution:getDistributionConfigurationDistribution" + }, + "description": "Set of distributions.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "Name of the distribution configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the distribution configuration.\n" + } + }, + "type": "object", + "required": [ + "arn", + "dateCreated", + "dateUpdated", + "description", + "distributions", + "name", + "tags", + "id" + ] + } + }, + "aws:imagebuilder/getImage:getImage": { + "description": "Provides details about an Image Builder Image.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Latest\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.imagebuilder.getImage({\n arn: \"arn:aws:imagebuilder:us-west-2:aws:image/amazon-linux-2-x86/x.x.x\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.get_image(arn=\"arn:aws:imagebuilder:us-west-2:aws:image/amazon-linux-2-x86/x.x.x\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ImageBuilder.GetImage.InvokeAsync(new Aws.ImageBuilder.GetImageArgs\n {\n Arn = \"arn:aws:imagebuilder:us-west-2:aws:image/amazon-linux-2-x86/x.x.x\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.LookupImage(ctx, &imagebuilder.LookupImageArgs{\n\t\t\tArn: \"arn:aws:imagebuilder:us-west-2:aws:image/amazon-linux-2-x86/x.x.x\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getImage.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the image. The suffix can either be specified with wildcards (`x.x.x`) to fetch the latest build version or a full build version (e.g. `2020.11.26/1`) to fetch an exact version.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getImage.\n", + "properties": { + "arn": { + "type": "string" + }, + "buildVersionArn": { + "type": "string", + "description": "Build version Amazon Resource Name (ARN) of the image. This will always have the `#.#.#/#` suffix.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the image was created.\n" + }, + "distributionConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Distribution Configuration.\n" + }, + "enhancedImageMetadataEnabled": { + "type": "boolean", + "description": "Whether additional information about the image being created is collected.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "imageRecipeArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Recipe.\n" + }, + "imageTestsConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getImageImageTestsConfiguration:getImageImageTestsConfiguration" + }, + "description": "List of an object with image tests configuration.\n" + }, + "infrastructureConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the AMI.\n" + }, + "osVersion": { + "type": "string", + "description": "Operating System version of the image.\n" + }, + "outputResources": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getImageOutputResource:getImageOutputResource" + }, + "description": "List of objects with resources created by the image.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the image.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image.\n" + }, + "version": { + "type": "string", + "description": "Version of the image.\n" + } + }, + "type": "object", + "required": [ + "arn", + "buildVersionArn", + "dateCreated", + "distributionConfigurationArn", + "enhancedImageMetadataEnabled", + "imageRecipeArn", + "imageTestsConfigurations", + "infrastructureConfigurationArn", + "name", + "osVersion", + "outputResources", + "platform", + "tags", + "version", + "id" + ] + } + }, + "aws:imagebuilder/getImagePipeline:getImagePipeline": { + "description": "Provides details about an Image Builder Image Pipeline.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.imagebuilder.getImagePipeline({\n arn: \"arn:aws:imagebuilder:us-west-2:aws:image-pipeline/example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.get_image_pipeline(arn=\"arn:aws:imagebuilder:us-west-2:aws:image-pipeline/example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ImageBuilder.GetImagePipeline.InvokeAsync(new Aws.ImageBuilder.GetImagePipelineArgs\n {\n Arn = \"arn:aws:imagebuilder:us-west-2:aws:image-pipeline/example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.LookupImagePipeline(ctx, &imagebuilder.LookupImagePipelineArgs{\n\t\t\tArn: \"arn:aws:imagebuilder:us-west-2:aws:image-pipeline/example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getImagePipeline.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the image pipeline.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image pipeline.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getImagePipeline.\n", + "properties": { + "arn": { + "type": "string" + }, + "dateCreated": { + "type": "string", + "description": "Date the image pipeline was created.\n" + }, + "dateLastRun": { + "type": "string", + "description": "Date the image pipeline was last run.\n" + }, + "dateNextRun": { + "type": "string", + "description": "Date the image pipeline will run next.\n" + }, + "dateUpdated": { + "type": "string", + "description": "Date the image pipeline was updated.\n" + }, + "description": { + "type": "string", + "description": "Description of the image pipeline.\n" + }, + "distributionConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Distribution Configuration.\n" + }, + "enhancedImageMetadataEnabled": { + "type": "boolean", + "description": "Whether additional information about the image being created is collected.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "imageRecipeArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Recipe.\n" + }, + "imageTestsConfigurations": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getImagePipelineImageTestsConfiguration:getImagePipelineImageTestsConfiguration" + }, + "description": "List of an object with image tests configuration.\n" + }, + "infrastructureConfigurationArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the Image Builder Infrastructure Configuration.\n" + }, + "name": { + "type": "string", + "description": "Name of the image pipeline.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the image pipeline.\n" + }, + "schedules": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getImagePipelineSchedule:getImagePipelineSchedule" + }, + "description": "List of an object with schedule settings.\n" + }, + "status": { + "type": "string", + "description": "Status of the image pipeline.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image pipeline.\n" + } + }, + "type": "object", + "required": [ + "arn", + "dateCreated", + "dateLastRun", + "dateNextRun", + "dateUpdated", + "description", + "distributionConfigurationArn", + "enhancedImageMetadataEnabled", + "imageRecipeArn", + "imageTestsConfigurations", + "infrastructureConfigurationArn", + "name", + "platform", + "schedules", + "status", + "tags", + "id" + ] + } + }, + "aws:imagebuilder/getImageRecipe:getImageRecipe": { + "description": "Provides details about an Image Builder Image Recipe.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.imagebuilder.getImageRecipe({\n arn: \"arn:aws:imagebuilder:us-east-1:aws:image-recipe/example/1.0.0\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.get_image_recipe(arn=\"arn:aws:imagebuilder:us-east-1:aws:image-recipe/example/1.0.0\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ImageBuilder.GetImageRecipe.InvokeAsync(new Aws.ImageBuilder.GetImageRecipeArgs\n {\n Arn = \"arn:aws:imagebuilder:us-east-1:aws:image-recipe/example/1.0.0\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.LookupImageRecipe(ctx, &imagebuilder.LookupImageRecipeArgs{\n\t\t\tArn: \"arn:aws:imagebuilder:us-east-1:aws:image-recipe/example/1.0.0\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getImageRecipe.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the image recipe.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image recipe.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getImageRecipe.\n", + "properties": { + "arn": { + "type": "string" + }, + "blockDeviceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getImageRecipeBlockDeviceMapping:getImageRecipeBlockDeviceMapping" + }, + "description": "Set of objects with block device mappings for the the image recipe.\n" + }, + "components": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getImageRecipeComponent:getImageRecipeComponent" + }, + "description": "List of objects with components for the image recipe.\n" + }, + "dateCreated": { + "type": "string", + "description": "Date the image recipe was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the image recipe.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "Name of the image recipe.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the image recipe.\n" + }, + "parentImage": { + "type": "string", + "description": "Platform of the image recipe.\n" + }, + "platform": { + "type": "string", + "description": "Platform of the image recipe.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the image recipe.\n" + }, + "version": { + "type": "string", + "description": "Version of the image recipe.\n" + }, + "workingDirectory": { + "type": "string", + "description": "The working directory used during build and test workflows.\n" + } + }, + "type": "object", + "required": [ + "arn", + "blockDeviceMappings", + "components", + "dateCreated", + "description", + "name", + "owner", + "parentImage", + "platform", + "version", + "workingDirectory", + "id" + ] + } + }, + "aws:imagebuilder/getInfrastructureConfiguration:getInfrastructureConfiguration": { + "description": "Provides details about an Image Builder Infrastructure Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.imagebuilder.getInfrastructureConfiguration({\n arn: \"arn:aws:imagebuilder:us-west-2:aws:infrastructure-configuration/example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.imagebuilder.get_infrastructure_configuration(arn=\"arn:aws:imagebuilder:us-west-2:aws:infrastructure-configuration/example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ImageBuilder.GetInfrastructureConfiguration.InvokeAsync(new Aws.ImageBuilder.GetInfrastructureConfigurationArgs\n {\n Arn = \"arn:aws:imagebuilder:us-west-2:aws:infrastructure-configuration/example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/imagebuilder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := imagebuilder.LookupInfrastructureConfiguration(ctx, &imagebuilder.LookupInfrastructureConfigurationArgs{\n\t\t\tArn: \"arn:aws:imagebuilder:us-west-2:aws:infrastructure-configuration/example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getInfrastructureConfiguration.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the infrastructure configuration.\n" + }, + "resourceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the infrastructure created by the infrastructure configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the infrastructure configuration.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getInfrastructureConfiguration.\n", + "properties": { + "arn": { + "type": "string" + }, + "dateCreated": { + "type": "string", + "description": "Date the infrastructure configuration was updated.\n" + }, + "dateUpdated": { + "type": "string" + }, + "description": { + "type": "string", + "description": "Description of the infrastructure configuration.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceProfileName": { + "type": "string", + "description": "Name of the IAM Instance Profile associated with the configuration.\n" + }, + "instanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Instance Types associated with the configuration.\n" + }, + "keyPair": { + "type": "string", + "description": "Name of the EC2 Key Pair associated with the configuration.\n" + }, + "loggings": { + "type": "array", + "items": { + "$ref": "#/types/aws:imagebuilder/getInfrastructureConfigurationLogging:getInfrastructureConfigurationLogging" + }, + "description": "Nested list of logging settings.\n" + }, + "name": { + "type": "string", + "description": "Name of the infrastructure configuration.\n" + }, + "resourceTags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the infrastructure created by the infrastructure configuration.\n" + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of EC2 Security Group identifiers associated with the configuration.\n" + }, + "snsTopicArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the SNS Topic associated with the configuration.\n" + }, + "subnetId": { + "type": "string", + "description": "Identifier of the EC2 Subnet associated with the configuration.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags for the infrastructure configuration.\n" + }, + "terminateInstanceOnFailure": { + "type": "boolean", + "description": "Whether instances are terminated on failure.\n" + } + }, + "type": "object", + "required": [ + "arn", + "dateCreated", + "dateUpdated", + "description", + "instanceProfileName", + "instanceTypes", + "keyPair", + "loggings", + "name", + "resourceTags", + "securityGroupIds", + "snsTopicArn", + "subnetId", + "tags", + "terminateInstanceOnFailure", + "id" + ] + } + }, + "aws:index/getAmi:getAmi": { + "description": "Use this data source to get the ID of a registered AMI for use in other\nresources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ec2.getAmi({\n executableUsers: [\"self\"],\n filters: [\n {\n name: \"name\",\n values: [\"myami-*\"],\n },\n {\n name: \"root-device-type\",\n values: [\"ebs\"],\n },\n {\n name: \"virtualization-type\",\n values: [\"hvm\"],\n },\n ],\n mostRecent: true,\n nameRegex: \"^myami-\\\\d{3}\",\n owners: [\"self\"],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ec2.get_ami(executable_users=[\"self\"],\n filters=[\n aws.ec2.GetAmiFilterArgs(\n name=\"name\",\n values=[\"myami-*\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"root-device-type\",\n values=[\"ebs\"],\n ),\n aws.ec2.GetAmiFilterArgs(\n name=\"virtualization-type\",\n values=[\"hvm\"],\n ),\n ],\n most_recent=True,\n name_regex=\"^myami-\\\\d{3}\",\n owners=[\"self\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ec2.GetAmi.InvokeAsync(new Aws.Ec2.GetAmiArgs\n {\n ExecutableUsers = \n {\n \"self\",\n },\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"myami-*\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"root-device-type\",\n Values = \n {\n \"ebs\",\n },\n },\n new Aws.Ec2.Inputs.GetAmiFilterArgs\n {\n Name = \"virtualization-type\",\n Values = \n {\n \"hvm\",\n },\n },\n },\n MostRecent = true,\n NameRegex = \"^myami-\\\\d{3}\",\n Owners = \n {\n \"self\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\topt1 := \"^myami-\\\\d{3}\"\n\t\t_, err := ec2.LookupAmi(ctx, &ec2.LookupAmiArgs{\n\t\t\tExecutableUsers: []string{\n\t\t\t\t\"self\",\n\t\t\t},\n\t\t\tFilters: []ec2.GetAmiFilter{\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"myami-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"root-device-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ebs\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tec2.GetAmiFilter{\n\t\t\t\t\tName: \"virtualization-type\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"hvm\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tMostRecent: &opt0,\n\t\t\tNameRegex: &opt1,\n\t\t\tOwners: []string{\n\t\t\t\t\"self\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAmi.\n", + "properties": { + "executableUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Limit search to users with *explicit* launch permission on\nthe image. Valid items are the numeric account ID or `self`.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAmiFilter:getAmiFilter" + }, + "description": "One or more name/value pairs to filter off of. There are\nseveral valid keys, for a full reference, check out\n[describe-images in the AWS CLI reference][1].\n" + }, + "mostRecent": { + "type": "boolean", + "description": "If more than one result is returned, use the most\nrecent AMI.\n" + }, + "nameRegex": { + "type": "string", + "description": "A regex string to apply to the AMI list returned\nby AWS. This allows more advanced filtering not supported from the AWS API. This\nfiltering is done locally on what AWS returns, and could have a performance\nimpact if the result is large. It is recommended to combine this with other\noptions to narrow down the list AWS returns.\n" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AMI owners to limit search. At least 1 value must be specified. Valid values: an AWS account ID, `self` (the current account), or an AWS owner alias (e.g. `amazon`, `aws-marketplace`, `microsoft`).\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Any tags assigned to the image.\n* `tags.#.key` - The key name of the tag.\n* `tags.#.value` - The value of the tag.\n" + } + }, + "type": "object", + "required": [ + "owners" + ] + }, + "outputs": { + "description": "A collection of values returned by getAmi.\n", + "properties": { + "architecture": { + "type": "string", + "description": "The OS architecture of the AMI (ie: `i386` or `x86_64`).\n" + }, + "arn": { + "type": "string", + "description": "The ARN of the AMI.\n" + }, + "blockDeviceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAmiBlockDeviceMapping:getAmiBlockDeviceMapping" + }, + "description": "Set of objects with block device mappings of the AMI.\n" + }, + "creationDate": { + "type": "string", + "description": "The date and time the image was created.\n" + }, + "description": { + "type": "string", + "description": "The description of the AMI that was provided during image\ncreation.\n" + }, + "enaSupport": { + "type": "boolean", + "description": "Specifies whether enhanced networking with ENA is enabled.\n" + }, + "executableUsers": { + "type": "array", + "items": { + "type": "string" + } + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAmiFilter:getAmiFilter" + } + }, + "hypervisor": { + "type": "string", + "description": "The hypervisor type of the image.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "imageId": { + "type": "string", + "description": "The ID of the AMI. Should be the same as the resource `id`.\n" + }, + "imageLocation": { + "type": "string", + "description": "The location of the AMI.\n" + }, + "imageOwnerAlias": { + "type": "string", + "description": "The AWS account alias (for example, `amazon`, `self`) or\nthe AWS account ID of the AMI owner.\n" + }, + "imageType": { + "type": "string", + "description": "The type of image.\n" + }, + "kernelId": { + "type": "string", + "description": "The kernel associated with the image, if any. Only applicable\nfor machine images.\n" + }, + "mostRecent": { + "type": "boolean" + }, + "name": { + "type": "string", + "description": "The name of the AMI that was provided during image creation.\n" + }, + "nameRegex": { + "type": "string" + }, + "ownerId": { + "type": "string", + "description": "The AWS account ID of the image owner.\n" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + } + }, + "platform": { + "type": "string", + "description": "The value is Windows for `Windows` AMIs; otherwise blank.\n" + }, + "platformDetails": { + "type": "string", + "description": "The platform details associated with the billing code of the AMI.\n" + }, + "productCodes": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAmiProductCode:getAmiProductCode" + }, + "description": "Any product codes associated with the AMI.\n* `product_codes.#.product_code_id` - The product code.\n* `product_codes.#.product_code_type` - The type of product code.\n" + }, + "public": { + "type": "boolean", + "description": "`true` if the image has public launch permissions.\n" + }, + "ramdiskId": { + "type": "string", + "description": "The RAM disk associated with the image, if any. Only applicable\nfor machine images.\n" + }, + "rootDeviceName": { + "type": "string", + "description": "The device name of the root device.\n" + }, + "rootDeviceType": { + "type": "string", + "description": "The type of root device (ie: `ebs` or `instance-store`).\n" + }, + "rootSnapshotId": { + "type": "string", + "description": "The snapshot id associated with the root device, if any\n(only applies to `ebs` root devices).\n" + }, + "sriovNetSupport": { + "type": "string", + "description": "Specifies whether enhanced networking is enabled.\n" + }, + "state": { + "type": "string", + "description": "The current state of the AMI. If the state is `available`, the image\nis successfully registered and can be used to launch an instance.\n" + }, + "stateReason": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Describes a state change. Fields are `UNSET` if not available.\n* `state_reason.code` - The reason code for the state change.\n* `state_reason.message` - The message for the state change.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Any tags assigned to the image.\n* `tags.#.key` - The key name of the tag.\n* `tags.#.value` - The value of the tag.\n" + }, + "usageOperation": { + "type": "string", + "description": "The operation of the Amazon EC2 instance and the billing code that is associated with the AMI.\n" + }, + "virtualizationType": { + "type": "string", + "description": "The type of virtualization of the AMI (ie: `hvm` or\n`paravirtual`).\n" + } + }, + "type": "object", + "required": [ + "architecture", + "arn", + "blockDeviceMappings", + "creationDate", + "description", + "enaSupport", + "hypervisor", + "imageId", + "imageLocation", + "imageOwnerAlias", + "imageType", + "kernelId", + "name", + "ownerId", + "owners", + "platform", + "platformDetails", + "productCodes", + "public", + "ramdiskId", + "rootDeviceName", + "rootDeviceType", + "rootSnapshotId", + "sriovNetSupport", + "state", + "stateReason", + "tags", + "usageOperation", + "virtualizationType", + "id" + ] + }, + "deprecationMessage": "aws.getAmi has been deprecated in favor of aws.ec2.getAmi" + }, + "aws:index/getAmiIds:getAmiIds": { + "description": "Use this data source to get a list of AMI IDs matching the specified criteria.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst ubuntu = pulumi.output(aws.ec2.getAmiIds({\n filters: [{\n name: \"name\",\n values: [\"ubuntu/images/ubuntu-*-*-amd64-server-*\"],\n }],\n owners: [\"099720109477\"],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nubuntu = aws.ec2.get_ami_ids(filters=[aws.ec2.GetAmiIdsFilterArgs(\n name=\"name\",\n values=[\"ubuntu/images/ubuntu-*-*-amd64-server-*\"],\n )],\n owners=[\"099720109477\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var ubuntu = Output.Create(Aws.Ec2.GetAmiIds.InvokeAsync(new Aws.Ec2.GetAmiIdsArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetAmiIdsFilterArgs\n {\n Name = \"name\",\n Values = \n {\n \"ubuntu/images/ubuntu-*-*-amd64-server-*\",\n },\n },\n },\n Owners = \n {\n \"099720109477\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetAmiIds(ctx, &ec2.GetAmiIdsArgs{\n\t\t\tFilters: []ec2.GetAmiIdsFilter{\n\t\t\t\tec2.GetAmiIdsFilter{\n\t\t\t\t\tName: \"name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"ubuntu/images/ubuntu-*-*-amd64-server-*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tOwners: []string{\n\t\t\t\t\"099720109477\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAmiIds.\n", + "properties": { + "executableUsers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Limit search to users with *explicit* launch\npermission on the image. Valid items are the numeric account ID or `self`.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAmiIdsFilter:getAmiIdsFilter" + }, + "description": "One or more name/value pairs to filter off of. There\nare several valid keys, for a full reference, check out\n[describe-images in the AWS CLI reference][1].\n" + }, + "nameRegex": { + "type": "string", + "description": "A regex string to apply to the AMI list returned\nby AWS. This allows more advanced filtering not supported from the AWS API.\nThis filtering is done locally on what AWS returns, and could have a performance\nimpact if the result is large. It is recommended to combine this with other\noptions to narrow down the list AWS returns.\n" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of AMI owners to limit search. At least 1 value must be specified. Valid values: an AWS account ID, `self` (the current account), or an AWS owner alias (e.g. `amazon`, `aws-marketplace`, `microsoft`).\n" + }, + "sortAscending": { + "type": "boolean", + "description": "Used to sort AMIs by creation time.\n" + } + }, + "type": "object", + "required": [ + "owners" + ] + }, + "outputs": { + "description": "A collection of values returned by getAmiIds.\n", + "properties": { + "executableUsers": { + "type": "array", + "items": { + "type": "string" + } + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAmiIdsFilter:getAmiIdsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + } + }, + "nameRegex": { + "type": "string" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + } + }, + "sortAscending": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "ids", + "owners", + "id" + ] + }, + "deprecationMessage": "aws.getAmiIds has been deprecated in favor of aws.ec2.getAmiIds" + }, + "aws:index/getArn:getArn": { + "description": "Parses an Amazon Resource Name (ARN) into its constituent parts.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dbInstance = pulumi.output(aws.getArn({\n arn: \"arn:aws:rds:eu-west-1:123456789012:db:mysql-db\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndb_instance = aws.get_arn(arn=\"arn:aws:rds:eu-west-1:123456789012:db:mysql-db\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dbInstance = Output.Create(Aws.GetArn.InvokeAsync(new Aws.GetArnArgs\n {\n Arn = \"arn:aws:rds:eu-west-1:123456789012:db:mysql-db\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.GetArn(ctx, &GetArnArgs{\n\t\t\tArn: \"arn:aws:rds:eu-west-1:123456789012:db:mysql-db\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getArn.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN to parse.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getArn.\n", + "properties": { + "account": { + "type": "string", + "description": "The [ID](https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html) of the AWS account that owns the resource, without the hyphens.\n" + }, + "arn": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "partition": { + "type": "string", + "description": "The partition that the resource is in.\n" + }, + "region": { + "type": "string", + "description": "The region the resource resides in.\nNote that the ARNs for some resources do not require a region, so this component might be omitted.\n" + }, + "resource": { + "type": "string", + "description": "The content of this part of the ARN varies by service.\nIt often includes an indicator of the type of resource—for example, an IAM user or Amazon RDS database —followed by a slash (/) or a colon (:), followed by the resource name itself.\n" + }, + "service": { + "type": "string", + "description": "The [service namespace](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#genref-aws-service-namespaces) that identifies the AWS product.\n" + } + }, + "type": "object", + "required": [ + "account", + "arn", + "partition", + "region", + "resource", + "service", + "id" + ] + } + }, + "aws:index/getAutoscalingGroups:getAutoscalingGroups": { + "description": "The Autoscaling Groups data source allows access to the list of AWS\nASGs within a specific region. This will allow you to pass a list of AutoScaling Groups to other resources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst groups = aws.autoscaling.getAmiIds({\n filters: [\n {\n name: \"key\",\n values: [\"Team\"],\n },\n {\n name: \"value\",\n values: [\"Pets\"],\n },\n ],\n});\nconst slackNotifications = new aws.autoscaling.Notification(\"slackNotifications\", {\n groupNames: groups.then(groups => groups.names),\n notifications: [\n \"autoscaling:EC2_INSTANCE_LAUNCH\",\n \"autoscaling:EC2_INSTANCE_TERMINATE\",\n \"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\",\n \"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\",\n ],\n topicArn: \"TOPIC ARN\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ngroups = aws.autoscaling.get_ami_ids(filters=[\n aws.autoscaling.GetAmiIdsFilterArgs(\n name=\"key\",\n values=[\"Team\"],\n ),\n aws.autoscaling.GetAmiIdsFilterArgs(\n name=\"value\",\n values=[\"Pets\"],\n ),\n])\nslack_notifications = aws.autoscaling.Notification(\"slackNotifications\",\n group_names=groups.names,\n notifications=[\n \"autoscaling:EC2_INSTANCE_LAUNCH\",\n \"autoscaling:EC2_INSTANCE_TERMINATE\",\n \"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\",\n \"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\",\n ],\n topic_arn=\"TOPIC ARN\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var groups = Output.Create(Aws.AutoScaling.GetAmiIds.InvokeAsync(new Aws.AutoScaling.GetAmiIdsArgs\n {\n Filters = \n {\n new Aws.AutoScaling.Inputs.GetAmiIdsFilterArgs\n {\n Name = \"key\",\n Values = \n {\n \"Team\",\n },\n },\n new Aws.AutoScaling.Inputs.GetAmiIdsFilterArgs\n {\n Name = \"value\",\n Values = \n {\n \"Pets\",\n },\n },\n },\n }));\n var slackNotifications = new Aws.AutoScaling.Notification(\"slackNotifications\", new Aws.AutoScaling.NotificationArgs\n {\n GroupNames = groups.Apply(groups => groups.Names),\n Notifications = \n {\n \"autoscaling:EC2_INSTANCE_LAUNCH\",\n \"autoscaling:EC2_INSTANCE_TERMINATE\",\n \"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\",\n \"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\",\n },\n TopicArn = \"TOPIC ARN\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/autoscaling\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tgroups, err := autoscaling.GetAmiIds(ctx, &autoscaling.GetAmiIdsArgs{\n\t\t\tFilters: []autoscaling.GetAmiIdsFilter{\n\t\t\t\tautoscaling.GetAmiIdsFilter{\n\t\t\t\t\tName: \"key\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"Team\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\tautoscaling.GetAmiIdsFilter{\n\t\t\t\t\tName: \"value\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"Pets\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = autoscaling.NewNotification(ctx, \"slackNotifications\", &autoscaling.NotificationArgs{\n\t\t\tGroupNames: interface{}(groups.Names),\n\t\t\tNotifications: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_LAUNCH\"),\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_TERMINATE\"),\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_LAUNCH_ERROR\"),\n\t\t\t\tpulumi.String(\"autoscaling:EC2_INSTANCE_TERMINATE_ERROR\"),\n\t\t\t},\n\t\t\tTopicArn: pulumi.String(\"TOPIC ARN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAutoscalingGroups.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAutoscalingGroupsFilter:getAutoscalingGroupsFilter" + }, + "description": "A filter used to scope the list e.g. by tags. See [related docs](http://docs.aws.amazon.com/AutoScaling/latest/APIReference/API_Filter.html).\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getAutoscalingGroups.\n", + "properties": { + "arns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the Autoscaling Groups Arns in the current region.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAutoscalingGroupsFilter:getAutoscalingGroupsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "names": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the Autoscaling Groups in the current region.\n" + } + }, + "type": "object", + "required": [ + "arns", + "names", + "id" + ] + }, + "deprecationMessage": "aws.getAutoscalingGroups has been deprecated in favor of aws.autoscaling.getAmiIds" + }, + "aws:index/getAvailabilityZone:getAvailabilityZone": { + "description": "`aws.getAvailabilityZone` provides details about a specific availability zone (AZ)\nin the current region.\n\nThis can be used both to validate an availability zone given in a variable\nand to split the AZ name into its component parts of an AWS region and an\nAZ identifier letter. The latter may be useful e.g. for implementing a\nconsistent subnet numbering scheme across several regions by mapping both\nthe region and the subnet letter to network numbers.\n\nThis is different from the `aws.getAvailabilityZones` (plural) data source,\nwhich provides a list of the available zones.\n", + "inputs": { + "description": "A collection of arguments for invoking getAvailabilityZone.\n", + "properties": { + "allAvailabilityZones": { + "type": "boolean", + "description": "Set to `true` to include all Availability Zones and Local Zones regardless of your opt in status.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAvailabilityZoneFilter:getAvailabilityZoneFilter" + }, + "description": "Configuration block(s) for filtering. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribeAvailabilityZones API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAvailabilityZones.html).\n" + }, + "state": { + "type": "string", + "description": "A specific availability zone state to require. May be any of `\"available\"`, `\"information\"` or `\"impaired\"`.\n" + }, + "zoneId": { + "type": "string", + "description": "The zone ID of the availability zone to select.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getAvailabilityZone.\n", + "properties": { + "allAvailabilityZones": { + "type": "boolean" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAvailabilityZoneFilter:getAvailabilityZoneFilter" + } + }, + "groupName": { + "type": "string", + "description": "For Availability Zones, this is the same value as the Region name. For Local Zones, the name of the associated group, for example `us-west-2-lax-1`.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "nameSuffix": { + "type": "string", + "description": "The part of the AZ name that appears after the region name, uniquely identifying the AZ within its region.\nFor Availability Zones this is usually a single letter, for example `a` for the `us-west-2a` zone.\nFor Local and Wavelength Zones this is a longer string, for example `wl1-sfo-wlz-1` for the `us-west-2-wl1-sfo-wlz-1` zone.\n" + }, + "networkBorderGroup": { + "type": "string", + "description": "The name of the location from which the address is advertised.\n" + }, + "optInStatus": { + "type": "string", + "description": "For Availability Zones, this always has the value of `opt-in-not-required`. For Local Zones, this is the opt in status. The possible values are `opted-in` and `not-opted-in`.\n" + }, + "parentZoneId": { + "type": "string", + "description": "The ID of the zone that handles some of the Local Zone or Wavelength Zone control plane operations, such as API calls.\n" + }, + "parentZoneName": { + "type": "string", + "description": "The name of the zone that handles some of the Local Zone or Wavelength Zone control plane operations, such as API calls.\n" + }, + "region": { + "type": "string", + "description": "The region where the selected availability zone resides. This is always the region selected on the provider, since this data source searches only within that region.\n" + }, + "state": { + "type": "string" + }, + "zoneId": { + "type": "string" + }, + "zoneType": { + "type": "string", + "description": "The type of zone. Values are `availability-zone`, `local-zone`, and `wavelength-zone`.\n" + } + }, + "type": "object", + "required": [ + "groupName", + "name", + "nameSuffix", + "networkBorderGroup", + "optInStatus", + "parentZoneId", + "parentZoneName", + "region", + "state", + "zoneId", + "zoneType", + "id" + ] + } + }, + "aws:index/getAvailabilityZones:getAvailabilityZones": { + "description": "The Availability Zones data source allows access to the list of AWS\nAvailability Zones which can be accessed by an AWS account within the region\nconfigured in the provider.\n\nThis is different from the `aws.getAvailabilityZone` (singular) data source,\nwhich provides some details about a specific availability zone.\n\n> When [Local Zones](https://aws.amazon.com/about-aws/global-infrastructure/localzones/) are enabled in a region, by default the API and this data source include both Local Zones and Availability Zones. To return only Availability Zones, see the example section below.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### By State\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst available = aws.getAvailabilityZones({\n state: \"available\",\n});\nconst primary = new aws.ec2.Subnet(\"primary\", {availabilityZone: available.then(available => available.names?[0])});\n// ...\nconst secondary = new aws.ec2.Subnet(\"secondary\", {availabilityZone: available.then(available => available.names?[1])});\n// ...\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\navailable = aws.get_availability_zones(state=\"available\")\nprimary = aws.ec2.Subnet(\"primary\", availability_zone=available.names[0])\n# ...\nsecondary = aws.ec2.Subnet(\"secondary\", availability_zone=available.names[1])\n# ...\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var available = Output.Create(Aws.GetAvailabilityZones.InvokeAsync(new Aws.GetAvailabilityZonesArgs\n {\n State = \"available\",\n }));\n var primary = new Aws.Ec2.Subnet(\"primary\", new Aws.Ec2.SubnetArgs\n {\n AvailabilityZone = available.Apply(available => available.Names?[0]),\n });\n // ...\n var secondary = new Aws.Ec2.Subnet(\"secondary\", new Aws.Ec2.SubnetArgs\n {\n AvailabilityZone = available.Apply(available => available.Names?[1]),\n });\n // ...\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"available\"\n\t\tavailable, err := aws.GetAvailabilityZones(ctx, &GetAvailabilityZonesArgs{\n\t\t\tState: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSubnet(ctx, \"primary\", &ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(available.Names[0]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSubnet(ctx, \"secondary\", &ec2.SubnetArgs{\n\t\t\tAvailabilityZone: pulumi.String(available.Names[1]),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### By Filter\n\nAll Local Zones (regardless of opt-in status):\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.getAvailabilityZones({\n allAvailabilityZones: true,\n filters: [{\n name: \"opt-in-status\",\n values: [\n \"not-opted-in\",\n \"opted-in\",\n ],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.get_availability_zones(all_availability_zones=True,\n filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\n \"not-opted-in\",\n \"opted-in\",\n ],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.GetAvailabilityZones.InvokeAsync(new Aws.GetAvailabilityZonesArgs\n {\n AllAvailabilityZones = true,\n Filters = \n {\n new Aws.Inputs.GetAvailabilityZonesFilterArgs\n {\n Name = \"opt-in-status\",\n Values = \n {\n \"not-opted-in\",\n \"opted-in\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\t_, err := aws.GetAvailabilityZones(ctx, &GetAvailabilityZonesArgs{\n\t\t\tAllAvailabilityZones: &opt0,\n\t\t\tFilters: []GetAvailabilityZonesFilter{\n\t\t\t\tGetAvailabilityZonesFilter{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"not-opted-in\",\n\t\t\t\t\t\t\"opted-in\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nOnly Availability Zones (no Local Zones):\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.getAvailabilityZones({\n filters: [{\n name: \"opt-in-status\",\n values: [\"opt-in-not-required\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.get_availability_zones(filters=[aws.GetAvailabilityZonesFilterArgs(\n name=\"opt-in-status\",\n values=[\"opt-in-not-required\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.GetAvailabilityZones.InvokeAsync(new Aws.GetAvailabilityZonesArgs\n {\n Filters = \n {\n new Aws.Inputs.GetAvailabilityZonesFilterArgs\n {\n Name = \"opt-in-status\",\n Values = \n {\n \"opt-in-not-required\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.GetAvailabilityZones(ctx, &GetAvailabilityZonesArgs{\n\t\t\tFilters: []GetAvailabilityZonesFilter{\n\t\t\t\tGetAvailabilityZonesFilter{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"opt-in-not-required\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAvailabilityZones.\n", + "properties": { + "allAvailabilityZones": { + "type": "boolean", + "description": "Set to `true` to include all Availability Zones and Local Zones regardless of your opt in status.\n" + }, + "excludeNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Availability Zone names to exclude.\n" + }, + "excludeZoneIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Availability Zone IDs to exclude.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAvailabilityZonesFilter:getAvailabilityZonesFilter" + }, + "description": "Configuration block(s) for filtering. Detailed below.\n" + }, + "state": { + "type": "string", + "description": "Allows to filter list of Availability Zones based on their\ncurrent state. Can be either `\"available\"`, `\"information\"`, `\"impaired\"` or\n`\"unavailable\"`. By default the list includes a complete set of Availability Zones\nto which the underlying AWS account has access, regardless of their state.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getAvailabilityZones.\n", + "properties": { + "allAvailabilityZones": { + "type": "boolean" + }, + "excludeNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "excludeZoneIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getAvailabilityZonesFilter:getAvailabilityZonesFilter" + } + }, + "groupNames": { + "type": "array", + "items": { + "type": "string" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "names": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the Availability Zone names available to the account.\n" + }, + "state": { + "type": "string" + }, + "zoneIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the Availability Zone IDs available to the account.\n" + } + }, + "type": "object", + "required": [ + "groupNames", + "names", + "zoneIds", + "id" + ] + } + }, + "aws:index/getBillingServiceAccount:getBillingServiceAccount": { + "description": "Use this data source to get the Account ID of the [AWS Billing and Cost Management Service Account](http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-getting-started.html#step-2) for the purpose of permitting in S3 bucket policy.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = pulumi.output(aws.getBillingServiceAccount());\nconst billingLogs = new aws.s3.Bucket(\"billing_logs\", {\n acl: \"private\",\n policy: pulumi.interpolate`{\n \"Id\": \"Policy\",\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {\n \"Action\": [\n \"s3:GetBucketAcl\", \"s3:GetBucketPolicy\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:s3:::my-billing-tf-test-bucket\",\n \"Principal\": {\n \"AWS\": [\n \"${main.arn}\"\n ]\n }\n },\n {\n \"Action\": [\n \"s3:PutObject\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:s3:::my-billing-tf-test-bucket/*\",\n \"Principal\": {\n \"AWS\": [\n \"${main.arn}\"\n ]\n }\n }\n ]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.get_billing_service_account()\nbilling_logs = aws.s3.Bucket(\"billingLogs\",\n acl=\"private\",\n policy=f\"\"\"{{\n \"Id\": \"Policy\",\n \"Version\": \"2012-10-17\",\n \"Statement\": [\n {{\n \"Action\": [\n \"s3:GetBucketAcl\", \"s3:GetBucketPolicy\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:s3:::my-billing-tf-test-bucket\",\n \"Principal\": {{\n \"AWS\": [\n \"{main.arn}\"\n ]\n }}\n }},\n {{\n \"Action\": [\n \"s3:PutObject\"\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"arn:aws:s3:::my-billing-tf-test-bucket/*\",\n \"Principal\": {{\n \"AWS\": [\n \"{main.arn}\"\n ]\n }}\n }}\n ]\n}}\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = Output.Create(Aws.GetBillingServiceAccount.InvokeAsync());\n var billingLogs = new Aws.S3.Bucket(\"billingLogs\", new Aws.S3.BucketArgs\n {\n Acl = \"private\",\n Policy = Output.Tuple(main, main).Apply(values =>\n {\n var main = values.Item1;\n var main1 = values.Item2;\n return @$\"{{\n \"\"Id\"\": \"\"Policy\"\",\n \"\"Version\"\": \"\"2012-10-17\"\",\n \"\"Statement\"\": [\n {{\n \"\"Action\"\": [\n \"\"s3:GetBucketAcl\"\", \"\"s3:GetBucketPolicy\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::my-billing-tf-test-bucket\"\",\n \"\"Principal\"\": {{\n \"\"AWS\"\": [\n \"\"{main.Arn}\"\"\n ]\n }}\n }},\n {{\n \"\"Action\"\": [\n \"\"s3:PutObject\"\"\n ],\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::my-billing-tf-test-bucket/*\"\",\n \"\"Principal\"\": {{\n \"\"AWS\"\": [\n \"\"{main1.Arn}\"\"\n ]\n }}\n }}\n ]\n}}\n\n\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := aws.GetBillingServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"billingLogs\", &s3.BucketArgs{\n\t\t\tAcl: pulumi.String(\"private\"),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \" \\\"Id\\\": \\\"Policy\\\",\\n\", \" \\\"Version\\\": \\\"2012-10-17\\\",\\n\", \" \\\"Statement\\\": [\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:GetBucketAcl\\\", \\\"s3:GetBucketPolicy\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::my-billing-tf-test-bucket\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": [\\n\", \" \\\"\", main.Arn, \"\\\"\\n\", \" ]\\n\", \" }\\n\", \" },\\n\", \" {\\n\", \" \\\"Action\\\": [\\n\", \" \\\"s3:PutObject\\\"\\n\", \" ],\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::my-billing-tf-test-bucket/*\\\",\\n\", \" \\\"Principal\\\": {\\n\", \" \\\"AWS\\\": [\\n\", \" \\\"\", main.Arn, \"\\\"\\n\", \" ]\\n\", \" }\\n\", \" }\\n\", \" ]\\n\", \"}\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getBillingServiceAccount.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the AWS billing service account.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "arn", + "id" + ] + } + }, + "aws:index/getCallerIdentity:getCallerIdentity": { + "description": "Use this data source to get the access to the effective Account ID, User ID, and ARN in\nwhich this provider is authorized.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.getCallerIdentity({});\nexport const accountId = current.then(current => current.accountId);\nexport const callerArn = current.then(current => current.arn);\nexport const callerUser = current.then(current => current.userId);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_caller_identity()\npulumi.export(\"accountId\", current.account_id)\npulumi.export(\"callerArn\", current.arn)\npulumi.export(\"callerUser\", current.user_id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetCallerIdentity.InvokeAsync());\n this.AccountId = current.Apply(current => current.AccountId);\n this.CallerArn = current.Apply(current => current.Arn);\n this.CallerUser = current.Apply(current => current.UserId);\n }\n\n [Output(\"accountId\")]\n public Output AccountId { get; set; }\n [Output(\"callerArn\")]\n public Output CallerArn { get; set; }\n [Output(\"callerUser\")]\n public Output CallerUser { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetCallerIdentity(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"accountId\", current.AccountId)\n\t\tctx.Export(\"callerArn\", current.Arn)\n\t\tctx.Export(\"callerUser\", current.UserId)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getCallerIdentity.\n", + "properties": { + "accountId": { + "type": "string", + "description": "AWS Account ID number of the account that owns or contains the calling entity.\n" + }, + "arn": { + "type": "string", + "description": "ARN associated with the calling entity.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "userId": { + "type": "string", + "description": "Unique identifier of the calling entity.\n" + } + }, + "type": "object", + "required": [ + "accountId", + "arn", + "userId", + "id" + ] + } + }, + "aws:index/getCanonicalUserId:getCanonicalUserId": { + "description": "The Canonical User ID data source allows access to the [canonical user ID](http://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html)\nfor the effective account in which this provider is working. \n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.s3.getCanonicalUserId({});\nexport const canonicalUserId = current.then(current => current.id);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.s3.get_canonical_user_id()\npulumi.export(\"canonicalUserId\", current.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.S3.GetCanonicalUserId.InvokeAsync());\n this.CanonicalUserId = current.Apply(current => current.Id);\n }\n\n [Output(\"canonicalUserId\")]\n public Output CanonicalUserId { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := s3.GetCanonicalUserId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"canonicalUserId\", current.Id)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getCanonicalUserId.\n", + "properties": { + "displayName": { + "type": "string", + "description": "The human-friendly name linked to the canonical user ID. The bucket owner's display name. **NOTE:** [This value](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTServiceGET.html) is only included in the response in the US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Ireland), and South America (São Paulo) regions.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "displayName", + "id" + ] + }, + "deprecationMessage": "aws.getCanonicalUserId has been deprecated in favor of aws.s3.getCanonicalUserId" + }, + "aws:index/getDefaultTags:getDefaultTags": { + "inputs": { + "description": "A collection of arguments for invoking getDefaultTags.\n", + "properties": { + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Blocks of default tags set on the provider. See details below.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getDefaultTags.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Blocks of default tags set on the provider. See details below.\n" + } + }, + "type": "object", + "required": [ + "tags", + "id" + ] + } + }, + "aws:index/getElasticIp:getElasticIp": { + "description": "`aws.ec2.Eip` provides details about a specific Elastic IP.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Search By Allocation ID (VPC only)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byAllocationId = pulumi.output(aws.ec2.getElasticIp({\n id: \"eipalloc-12345678\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_allocation_id = aws.ec2.get_elastic_ip(id=\"eipalloc-12345678\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byAllocationId = Output.Create(Aws.Ec2.GetElasticIp.InvokeAsync(new Aws.Ec2.GetElasticIpArgs\n {\n Id = \"eipalloc-12345678\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"eipalloc-12345678\"\n\t\t_, err := ec2.GetElasticIp(ctx, &ec2.GetElasticIpArgs{\n\t\t\tId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Search By Filters (EC2-Classic or VPC)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byFilter = pulumi.output(aws.ec2.getElasticIp({\n filters: [{\n name: \"tag:Name\",\n values: [\"exampleNameTagValue\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_filter = aws.ec2.get_elastic_ip(filters=[aws.ec2.GetElasticIpFilterArgs(\n name=\"tag:Name\",\n values=[\"exampleNameTagValue\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byFilter = Output.Create(Aws.Ec2.GetElasticIp.InvokeAsync(new Aws.Ec2.GetElasticIpArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetElasticIpFilterArgs\n {\n Name = \"tag:Name\",\n Values = \n {\n \"exampleNameTagValue\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetElasticIp(ctx, &ec2.GetElasticIpArgs{\n\t\t\tFilters: []ec2.GetElasticIpFilter{\n\t\t\t\tec2.GetElasticIpFilter{\n\t\t\t\t\tName: \"tag:Name\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"exampleNameTagValue\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Search By Public IP (EC2-Classic or VPC)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byPublicIp = pulumi.output(aws.ec2.getElasticIp({\n publicIp: \"1.2.3.4\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_public_ip = aws.ec2.get_elastic_ip(public_ip=\"1.2.3.4\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byPublicIp = Output.Create(Aws.Ec2.GetElasticIp.InvokeAsync(new Aws.Ec2.GetElasticIpArgs\n {\n PublicIp = \"1.2.3.4\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"1.2.3.4\"\n\t\t_, err := ec2.GetElasticIp(ctx, &ec2.GetElasticIpArgs{\n\t\t\tPublicIp: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Search By Tags (EC2-Classic or VPC)\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byTags = pulumi.output(aws.ec2.getElasticIp({\n tags: {\n Name: \"exampleNameTagValue\",\n },\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_tags = aws.ec2.get_elastic_ip(tags={\n \"Name\": \"exampleNameTagValue\",\n})\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byTags = Output.Create(Aws.Ec2.GetElasticIp.InvokeAsync(new Aws.Ec2.GetElasticIpArgs\n {\n Tags = \n {\n { \"Name\", \"exampleNameTagValue\" },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetElasticIp(ctx, &ec2.GetElasticIpArgs{\n\t\t\tTags: map[string]interface{}{\n\t\t\t\t\"Name\": \"exampleNameTagValue\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getElasticIp.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getElasticIpFilter:getElasticIpFilter" + }, + "description": "One or more name/value pairs to use as filters. There are several valid keys, for a full reference, check out the [EC2 API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html).\n" + }, + "id": { + "type": "string", + "description": "The allocation id of the specific VPC EIP to retrieve. If a classic EIP is required, do NOT set `id`, only set `public_ip`\n" + }, + "publicIp": { + "type": "string", + "description": "The public IP of the specific EIP to retrieve.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags, each pair of which must exactly match a pair on the desired Elastic IP\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getElasticIp.\n", + "properties": { + "associationId": { + "type": "string", + "description": "The ID representing the association of the address with an instance in a VPC.\n" + }, + "carrierIp": { + "type": "string", + "description": "The carrier IP address.\n" + }, + "customerOwnedIp": { + "type": "string", + "description": "Customer Owned IP.\n" + }, + "customerOwnedIpv4Pool": { + "type": "string", + "description": "The ID of a Customer Owned IP Pool. For more on customer owned IP addressed check out [Customer-owned IP addresses guide](https://docs.aws.amazon.com/outposts/latest/userguide/outposts-networking-components.html#ip-addressing)\n" + }, + "domain": { + "type": "string", + "description": "Indicates whether the address is for use in EC2-Classic (standard) or in a VPC (vpc).\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getElasticIpFilter:getElasticIpFilter" + } + }, + "id": { + "type": "string", + "description": "If VPC Elastic IP, the allocation identifier. If EC2-Classic Elastic IP, the public IP address.\n" + }, + "instanceId": { + "type": "string", + "description": "The ID of the instance that the address is associated with (if any).\n" + }, + "networkInterfaceId": { + "type": "string", + "description": "The ID of the network interface.\n" + }, + "networkInterfaceOwnerId": { + "type": "string", + "description": "The ID of the AWS account that owns the network interface.\n" + }, + "privateDns": { + "type": "string", + "description": "The Private DNS associated with the Elastic IP address.\n" + }, + "privateIp": { + "type": "string", + "description": "The private IP address associated with the Elastic IP address.\n" + }, + "publicDns": { + "type": "string", + "description": "Public DNS associated with the Elastic IP address.\n" + }, + "publicIp": { + "type": "string", + "description": "Public IP address of Elastic IP.\n" + }, + "publicIpv4Pool": { + "type": "string", + "description": "The ID of an address pool.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of tags associated with Elastic IP.\n" + } + }, + "type": "object", + "required": [ + "associationId", + "carrierIp", + "customerOwnedIp", + "customerOwnedIpv4Pool", + "domain", + "id", + "instanceId", + "networkInterfaceId", + "networkInterfaceOwnerId", + "privateDns", + "privateIp", + "publicDns", + "publicIp", + "publicIpv4Pool", + "tags" + ] + }, + "deprecationMessage": "aws.getElasticIp has been deprecated in favor of aws.ec2.getElasticIp" + }, + "aws:index/getIpRanges:getIpRanges": { + "description": "Use this data source to get the IP ranges of various AWS products and services. For more information about the contents of this data source and required JSON syntax if referencing a custom URL, see the [AWS IP Address Ranges documentation](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst europeanEc2 = aws.getIpRanges({\n regions: [\n \"eu-west-1\",\n \"eu-central-1\",\n ],\n services: [\"ec2\"],\n});\nconst fromEurope = new aws.ec2.SecurityGroup(\"fromEurope\", {\n ingress: [{\n fromPort: \"443\",\n toPort: \"443\",\n protocol: \"tcp\",\n cidrBlocks: europeanEc2.then(europeanEc2 => europeanEc2.cidrBlocks),\n ipv6CidrBlocks: europeanEc2.then(europeanEc2 => europeanEc2.ipv6CidrBlocks),\n }],\n tags: {\n CreateDate: europeanEc2.then(europeanEc2 => europeanEc2.createDate),\n SyncToken: europeanEc2.then(europeanEc2 => europeanEc2.syncToken),\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\neuropean_ec2 = aws.get_ip_ranges(regions=[\n \"eu-west-1\",\n \"eu-central-1\",\n ],\n services=[\"ec2\"])\nfrom_europe = aws.ec2.SecurityGroup(\"fromEurope\",\n ingress=[aws.ec2.SecurityGroupIngressArgs(\n from_port=443,\n to_port=443,\n protocol=\"tcp\",\n cidr_blocks=european_ec2.cidr_blocks,\n ipv6_cidr_blocks=european_ec2.ipv6_cidr_blocks,\n )],\n tags={\n \"CreateDate\": european_ec2.create_date,\n \"SyncToken\": european_ec2.sync_token,\n })\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var europeanEc2 = Output.Create(Aws.GetIpRanges.InvokeAsync(new Aws.GetIpRangesArgs\n {\n Regions = \n {\n \"eu-west-1\",\n \"eu-central-1\",\n },\n Services = \n {\n \"ec2\",\n },\n }));\n var fromEurope = new Aws.Ec2.SecurityGroup(\"fromEurope\", new Aws.Ec2.SecurityGroupArgs\n {\n Ingress = \n {\n new Aws.Ec2.Inputs.SecurityGroupIngressArgs\n {\n FromPort = 443,\n ToPort = 443,\n Protocol = \"tcp\",\n CidrBlocks = europeanEc2.Apply(europeanEc2 => europeanEc2.CidrBlocks),\n Ipv6CidrBlocks = europeanEc2.Apply(europeanEc2 => europeanEc2.Ipv6CidrBlocks),\n },\n },\n Tags = \n {\n { \"CreateDate\", europeanEc2.Apply(europeanEc2 => europeanEc2.CreateDate) },\n { \"SyncToken\", europeanEc2.Apply(europeanEc2 => europeanEc2.SyncToken) },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\teuropeanEc2, err := aws.GetIpRanges(ctx, &GetIpRangesArgs{\n\t\t\tRegions: []string{\n\t\t\t\t\"eu-west-1\",\n\t\t\t\t\"eu-central-1\",\n\t\t\t},\n\t\t\tServices: []string{\n\t\t\t\t\"ec2\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewSecurityGroup(ctx, \"fromEurope\", &ec2.SecurityGroupArgs{\n\t\t\tIngress: ec2.SecurityGroupIngressArray{\n\t\t\t\t&ec2.SecurityGroupIngressArgs{\n\t\t\t\t\tFromPort: pulumi.Int(443),\n\t\t\t\t\tToPort: pulumi.Int(443),\n\t\t\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\t\t\tCidrBlocks: interface{}(europeanEc2.CidrBlocks),\n\t\t\t\t\tIpv6CidrBlocks: interface{}(europeanEc2.Ipv6CidrBlocks),\n\t\t\t\t},\n\t\t\t},\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"CreateDate\": pulumi.String(europeanEc2.CreateDate),\n\t\t\t\t\"SyncToken\": pulumi.Int(europeanEc2.SyncToken),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getIpRanges.\n", + "properties": { + "regions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Filter IP ranges by regions (or include all regions, if\nomitted). Valid items are `global` (for `cloudfront`) as well as all AWS regions\n(e.g. `eu-central-1`)\n" + }, + "services": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Filter IP ranges by services. Valid items are `amazon`\n(for amazon.com), `amazon_connect`, `api_gateway`, `cloud9`, `cloudfront`,\n`codebuild`, `dynamodb`, `ec2`, `ec2_instance_connect`, `globalaccelerator`,\n`route53`, `route53_healthchecks`, `s3` and `workspaces_gateways`. See the\n[`service` attribute][2] documentation for other possible values.\n" + }, + "url": { + "type": "string", + "description": "Custom URL for source JSON file. Syntax must match [AWS IP Address Ranges documentation](https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html). Defaults to `https://ip-ranges.amazonaws.com/ip-ranges.json`.\n" + } + }, + "type": "object", + "required": [ + "services" + ] + }, + "outputs": { + "description": "A collection of values returned by getIpRanges.\n", + "properties": { + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The lexically ordered list of CIDR blocks.\n" + }, + "createDate": { + "type": "string", + "description": "The publication time of the IP ranges (e.g. `2016-08-03-23-46-05`).\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ipv6CidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The lexically ordered list of IPv6 CIDR blocks.\n" + }, + "regions": { + "type": "array", + "items": { + "type": "string" + } + }, + "services": { + "type": "array", + "items": { + "type": "string" + } + }, + "syncToken": { + "type": "integer", + "description": "The publication time of the IP ranges, in Unix epoch time format\n(e.g. `1470267965`).\n" + }, + "url": { + "type": "string" + } + }, + "type": "object", + "required": [ + "cidrBlocks", + "createDate", + "ipv6CidrBlocks", + "services", + "syncToken", + "id" + ] + } + }, + "aws:index/getPartition:getPartition": { + "description": "Use this data source to lookup current AWS partition in which this provider is working\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = pulumi.output(aws.getPartition());\nconst s3Policy = current.apply(current => aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"s3:ListBucket\"],\n resources: [`arn:${current.partition}:s3:::my-bucket`],\n sid: \"1\",\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_partition()\ns3_policy = aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n actions=[\"s3:ListBucket\"],\n resources=[f\"arn:{current.partition}:s3:::my-bucket\"],\n sid=\"1\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetPartition.InvokeAsync());\n var s3Policy = current.Apply(current => Output.Create(Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Actions = \n {\n \"s3:ListBucket\",\n },\n Resources = \n {\n $\"arn:{current.Partition}:s3:::my-bucket\",\n },\n Sid = \"1\",\n },\n },\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := aws.GetPartition(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.GetPolicyDocument(ctx, &iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\tiam.GetPolicyDocumentStatement{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\tfmt.Sprintf(\"%v%v%v\", \"arn:\", current.Partition, \":s3:::my-bucket\"),\n\t\t\t\t\t},\n\t\t\t\t\tSid: \"1\",\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getPartition.\n", + "properties": { + "dnsSuffix": { + "type": "string", + "description": "Base DNS domain name for the current partition (e.g. `amazonaws.com` in AWS Commercial, `amazonaws.com.cn` in AWS China).\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "partition": { + "type": "string", + "description": "Identifier of the current partition (e.g. `aws` in AWS Commercial, `aws-cn` in AWS China).\n" + }, + "reverseDnsPrefix": { + "type": "string", + "description": "Prefix of service names (e.g. `com.amazonaws` in AWS Commercial, `cn.com.amazonaws` in AWS China).\n" + } + }, + "type": "object", + "required": [ + "dnsSuffix", + "partition", + "reverseDnsPrefix", + "id" + ] + } + }, + "aws:index/getPrefixList:getPrefixList": { + "description": "`aws.ec2.getPrefixList` provides details about a specific prefix list (PL)\nin the current region.\n\nThis can be used both to validate a prefix list given in a variable\nand to obtain the CIDR blocks (IP address ranges) for the associated\nAWS service. The latter may be useful e.g. for adding network ACL\nrules.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst privateS3VpcEndpoint = new aws.ec2.VpcEndpoint(\"privateS3VpcEndpoint\", {\n vpcId: aws_vpc.foo.id,\n serviceName: \"com.amazonaws.us-west-2.s3\",\n});\nconst privateS3PrefixList = privateS3VpcEndpoint.prefixListId.apply(prefixListId => aws.ec2.getPrefixList({\n prefixListId: prefixListId,\n}));\nconst bar = new aws.ec2.NetworkAcl(\"bar\", {vpcId: aws_vpc.foo.id});\nconst privateS3NetworkAclRule = new aws.ec2.NetworkAclRule(\"privateS3NetworkAclRule\", {\n networkAclId: bar.id,\n ruleNumber: 200,\n egress: false,\n protocol: \"tcp\",\n ruleAction: \"allow\",\n cidrBlock: privateS3PrefixList.apply(privateS3PrefixList => privateS3PrefixList.cidrBlocks?[0]),\n fromPort: 443,\n toPort: 443,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprivate_s3_vpc_endpoint = aws.ec2.VpcEndpoint(\"privateS3VpcEndpoint\",\n vpc_id=aws_vpc[\"foo\"][\"id\"],\n service_name=\"com.amazonaws.us-west-2.s3\")\nprivate_s3_prefix_list = private_s3_vpc_endpoint.prefix_list_id.apply(lambda prefix_list_id: aws.ec2.get_prefix_list(prefix_list_id=prefix_list_id))\nbar = aws.ec2.NetworkAcl(\"bar\", vpc_id=aws_vpc[\"foo\"][\"id\"])\nprivate_s3_network_acl_rule = aws.ec2.NetworkAclRule(\"privateS3NetworkAclRule\",\n network_acl_id=bar.id,\n rule_number=200,\n egress=False,\n protocol=\"tcp\",\n rule_action=\"allow\",\n cidr_block=private_s3_prefix_list.cidr_blocks[0],\n from_port=443,\n to_port=443)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var privateS3VpcEndpoint = new Aws.Ec2.VpcEndpoint(\"privateS3VpcEndpoint\", new Aws.Ec2.VpcEndpointArgs\n {\n VpcId = aws_vpc.Foo.Id,\n ServiceName = \"com.amazonaws.us-west-2.s3\",\n });\n var privateS3PrefixList = privateS3VpcEndpoint.PrefixListId.Apply(prefixListId => Aws.Ec2.GetPrefixList.InvokeAsync(new Aws.Ec2.GetPrefixListArgs\n {\n PrefixListId = prefixListId,\n }));\n var bar = new Aws.Ec2.NetworkAcl(\"bar\", new Aws.Ec2.NetworkAclArgs\n {\n VpcId = aws_vpc.Foo.Id,\n });\n var privateS3NetworkAclRule = new Aws.Ec2.NetworkAclRule(\"privateS3NetworkAclRule\", new Aws.Ec2.NetworkAclRuleArgs\n {\n NetworkAclId = bar.Id,\n RuleNumber = 200,\n Egress = false,\n Protocol = \"tcp\",\n RuleAction = \"allow\",\n CidrBlock = privateS3PrefixList.Apply(privateS3PrefixList => privateS3PrefixList.CidrBlocks?[0]),\n FromPort = 443,\n ToPort = 443,\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprivateS3VpcEndpoint, err := ec2.NewVpcEndpoint(ctx, \"privateS3VpcEndpoint\", &ec2.VpcEndpointArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t\tServiceName: pulumi.String(\"com.amazonaws.us-west-2.s3\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tbar, err := ec2.NewNetworkAcl(ctx, \"bar\", &ec2.NetworkAclArgs{\n\t\t\tVpcId: pulumi.Any(aws_vpc.Foo.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewNetworkAclRule(ctx, \"privateS3NetworkAclRule\", &ec2.NetworkAclRuleArgs{\n\t\t\tNetworkAclId: bar.ID(),\n\t\t\tRuleNumber: pulumi.Int(200),\n\t\t\tEgress: pulumi.Bool(false),\n\t\t\tProtocol: pulumi.String(\"tcp\"),\n\t\t\tRuleAction: pulumi.String(\"allow\"),\n\t\t\tCidrBlock: privateS3PrefixList.ApplyT(func(privateS3PrefixList ec2.GetPrefixListResult) (string, error) {\n\t\t\t\treturn privateS3PrefixList.CidrBlocks[0], nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t\tFromPort: pulumi.Int(443),\n\t\t\tToPort: pulumi.Int(443),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.ec2.getPrefixList({\n filters: [{\n name: \"prefix-list-id\",\n values: [\"pl-68a54001\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ec2.get_prefix_list(filters=[aws.ec2.GetPrefixListFilterArgs(\n name=\"prefix-list-id\",\n values=[\"pl-68a54001\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Ec2.GetPrefixList.InvokeAsync(new Aws.Ec2.GetPrefixListArgs\n {\n Filters = \n {\n new Aws.Ec2.Inputs.GetPrefixListFilterArgs\n {\n Name = \"prefix-list-id\",\n Values = \n {\n \"pl-68a54001\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ec2.GetPrefixList(ctx, &ec2.GetPrefixListArgs{\n\t\t\tFilters: []ec2.GetPrefixListFilter{\n\t\t\t\tec2.GetPrefixListFilter{\n\t\t\t\t\tName: \"prefix-list-id\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"pl-68a54001\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPrefixList.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getPrefixListFilter:getPrefixListFilter" + }, + "description": "Configuration block(s) for filtering. Detailed below.\n" + }, + "name": { + "type": "string", + "description": "The name of the filter field. Valid values can be found in the [EC2 DescribePrefixLists API Reference](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribePrefixLists.html).\n" + }, + "prefixListId": { + "type": "string", + "description": "The ID of the prefix list to select.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getPrefixList.\n", + "properties": { + "cidrBlocks": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of CIDR blocks for the AWS service associated with the prefix list.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getPrefixListFilter:getPrefixListFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the selected prefix list.\n" + }, + "prefixListId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "cidrBlocks", + "name", + "id" + ] + }, + "deprecationMessage": "aws.getPrefixList has been deprecated in favor of aws.ec2.getPrefixList" + }, + "aws:index/getRegion:getRegion": { + "description": "`aws.getRegion` provides details about a specific AWS region.\n\nAs well as validating a given region name this resource can be used to\ndiscover the name of the region configured within the provider. The latter\ncan be useful in a child module which is inheriting an AWS provider\nconfiguration from its parent module.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example shows how the resource might be used to obtain\nthe name of the AWS region configured on the provider.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = pulumi.output(aws.getRegion());\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_region()\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetRegion.InvokeAsync());\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.GetRegion(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRegion.\n", + "properties": { + "endpoint": { + "type": "string", + "description": "The EC2 endpoint of the region to select.\n" + }, + "name": { + "type": "string", + "description": "The full name of the region to select.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getRegion.\n", + "properties": { + "description": { + "type": "string", + "description": "The region's description in this format: \"Location (Region name)\".\n" + }, + "endpoint": { + "type": "string", + "description": "The EC2 endpoint for the selected region.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the selected region.\n" + } + }, + "type": "object", + "required": [ + "description", + "endpoint", + "name", + "id" + ] + } + }, + "aws:index/getRegions:getRegions": { + "description": "Provides information about AWS Regions. Can be used to filter regions i.e. by Opt-In status or only regions enabled for current account. To get details like endpoint and description of each region the data source can be combined with the `aws.getRegion` data source.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nEnabled AWS Regions:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = pulumi.output(aws.getRegions());\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_regions()\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetRegions.InvokeAsync());\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := aws.GetRegions(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nAll the regions regardless of the availability\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = pulumi.output(aws.getRegions({\n allRegions: true,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_regions(all_regions=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetRegions.InvokeAsync(new Aws.GetRegionsArgs\n {\n AllRegions = true,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\t_, err := aws.GetRegions(ctx, &GetRegionsArgs{\n\t\t\tAllRegions: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nTo see regions that are filtered by `\"not-opted-in\"`, the `all_regions` argument needs to be set to `true` or no results will be returned.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = pulumi.output(aws.getRegions({\n allRegions: true,\n filters: [{\n name: \"opt-in-status\",\n values: [\"not-opted-in\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.get_regions(all_regions=True,\n filters=[aws.GetRegionsFilterArgs(\n name=\"opt-in-status\",\n values=[\"not-opted-in\"],\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.GetRegions.InvokeAsync(new Aws.GetRegionsArgs\n {\n AllRegions = true,\n Filters = \n {\n new Aws.Inputs.GetRegionsFilterArgs\n {\n Name = \"opt-in-status\",\n Values = \n {\n \"not-opted-in\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\t_, err := aws.GetRegions(ctx, &GetRegionsArgs{\n\t\t\tAllRegions: &opt0,\n\t\t\tFilters: []GetRegionsFilter{\n\t\t\t\tGetRegionsFilter{\n\t\t\t\t\tName: \"opt-in-status\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"not-opted-in\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRegions.\n", + "properties": { + "allRegions": { + "type": "boolean", + "description": "If true the source will query all regions regardless of availability.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getRegionsFilter:getRegionsFilter" + }, + "description": "Configuration block(s) to use as filters. Detailed below.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getRegions.\n", + "properties": { + "allRegions": { + "type": "boolean" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:index/getRegionsFilter:getRegionsFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "names": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Names of regions that meets the criteria.\n" + } + }, + "type": "object", + "required": [ + "names", + "id" + ] + } + }, + "aws:inspector/getRulesPackages:getRulesPackages": { + "description": "The AWS Inspector Rules Packages data source allows access to the list of AWS\nInspector Rules Packages which can be used by AWS Inspector within the region\nconfigured in the provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst rules = aws.inspector.getRulesPackages({});\n// e.g. Use in aws_inspector_assessment_template\nconst group = new aws.inspector.ResourceGroup(\"group\", {tags: {\n test: \"test\",\n}});\nconst assessmentAssessmentTarget = new aws.inspector.AssessmentTarget(\"assessmentAssessmentTarget\", {resourceGroupArn: group.arn});\nconst assessmentAssessmentTemplate = new aws.inspector.AssessmentTemplate(\"assessmentAssessmentTemplate\", {\n targetArn: assessmentAssessmentTarget.arn,\n duration: \"60\",\n rulesPackageArns: rules.then(rules => rules.arns),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nrules = aws.inspector.get_rules_packages()\n# e.g. Use in aws_inspector_assessment_template\ngroup = aws.inspector.ResourceGroup(\"group\", tags={\n \"test\": \"test\",\n})\nassessment_assessment_target = aws.inspector.AssessmentTarget(\"assessmentAssessmentTarget\", resource_group_arn=group.arn)\nassessment_assessment_template = aws.inspector.AssessmentTemplate(\"assessmentAssessmentTemplate\",\n target_arn=assessment_assessment_target.arn,\n duration=60,\n rules_package_arns=rules.arns)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var rules = Output.Create(Aws.Inspector.GetRulesPackages.InvokeAsync());\n // e.g. Use in aws_inspector_assessment_template\n var @group = new Aws.Inspector.ResourceGroup(\"group\", new Aws.Inspector.ResourceGroupArgs\n {\n Tags = \n {\n { \"test\", \"test\" },\n },\n });\n var assessmentAssessmentTarget = new Aws.Inspector.AssessmentTarget(\"assessmentAssessmentTarget\", new Aws.Inspector.AssessmentTargetArgs\n {\n ResourceGroupArn = @group.Arn,\n });\n var assessmentAssessmentTemplate = new Aws.Inspector.AssessmentTemplate(\"assessmentAssessmentTemplate\", new Aws.Inspector.AssessmentTemplateArgs\n {\n TargetArn = assessmentAssessmentTarget.Arn,\n Duration = 60,\n RulesPackageArns = rules.Apply(rules => rules.Arns),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/inspector\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trules, err := inspector.GetRulesPackages(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := inspector.NewResourceGroup(ctx, \"group\", &inspector.ResourceGroupArgs{\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"test\": pulumi.String(\"test\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tassessmentAssessmentTarget, err := inspector.NewAssessmentTarget(ctx, \"assessmentAssessmentTarget\", &inspector.AssessmentTargetArgs{\n\t\t\tResourceGroupArn: group.Arn,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = inspector.NewAssessmentTemplate(ctx, \"assessmentAssessmentTemplate\", &inspector.AssessmentTemplateArgs{\n\t\t\tTargetArn: assessmentAssessmentTarget.Arn,\n\t\t\tDuration: pulumi.Int(60),\n\t\t\tRulesPackageArns: interface{}(rules.Arns),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getRulesPackages.\n", + "properties": { + "arns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the AWS Inspector Rules Packages arns available in the AWS region.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "arns", + "id" + ] + } + }, + "aws:iot/getEndpoint:getEndpoint": { + "description": "Returns a unique endpoint specific to the AWS account making the call.\n", + "inputs": { + "description": "A collection of arguments for invoking getEndpoint.\n", + "properties": { + "endpointType": { + "type": "string", + "description": "Endpoint type. Valid values: `iot:CredentialProvider`, `iot:Data`, `iot:Data-ATS`, `iot:Job`.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getEndpoint.\n", + "properties": { + "endpointAddress": { + "type": "string", + "description": "The endpoint based on `endpoint_type`:\n* No `endpoint_type`: Either `iot:Data` or `iot:Data-ATS` [depending on region](https://aws.amazon.com/blogs/iot/aws-iot-core-ats-endpoints/)\n* `iot:CredentialsProvider`: `IDENTIFIER.credentials.iot.REGION.amazonaws.com`\n* `iot:Data`: `IDENTIFIER.iot.REGION.amazonaws.com`\n* `iot:Data-ATS`: `IDENTIFIER-ats.iot.REGION.amazonaws.com`\n* `iot:Job`: `IDENTIFIER.jobs.iot.REGION.amazonaws.com`\n" + }, + "endpointType": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "endpointAddress", + "id" + ] + } + }, + "aws:kinesis/getStream:getStream": { + "description": "Use this data source to get information about a Kinesis Stream for use in other\nresources.\n\nFor more details, see the [Amazon Kinesis Documentation](https://aws.amazon.com/documentation/kinesis/).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst stream = pulumi.output(aws.kinesis.getStream({\n name: \"stream-name\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nstream = aws.kinesis.get_stream(name=\"stream-name\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var stream = Output.Create(Aws.Kinesis.GetStream.InvokeAsync(new Aws.Kinesis.GetStreamArgs\n {\n Name = \"stream-name\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kinesis.LookupStream(ctx, &kinesis.LookupStreamArgs{\n\t\t\tName: \"stream-name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getStream.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the Kinesis Stream.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assigned to the stream.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getStream.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Kinesis Stream (same as id).\n" + }, + "closedShards": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of shard ids in the CLOSED state. See [Shard State](https://docs.aws.amazon.com/streams/latest/dev/kinesis-using-sdk-java-after-resharding.html#kinesis-using-sdk-java-resharding-data-routing) for more.\n" + }, + "creationTimestamp": { + "type": "integer", + "description": "The approximate UNIX timestamp that the stream was created.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the Kinesis Stream.\n" + }, + "openShards": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of shard ids in the OPEN state. See [Shard State](https://docs.aws.amazon.com/streams/latest/dev/kinesis-using-sdk-java-after-resharding.html#kinesis-using-sdk-java-resharding-data-routing) for more.\n" + }, + "retentionPeriod": { + "type": "integer", + "description": "Length of time (in hours) data records are accessible after they are added to the stream.\n" + }, + "shardLevelMetrics": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of shard-level CloudWatch metrics which are enabled for the stream. See [Monitoring with CloudWatch](https://docs.aws.amazon.com/streams/latest/dev/monitoring-with-cloudwatch.html) for more.\n" + }, + "status": { + "type": "string", + "description": "The current status of the stream. The stream status is one of CREATING, DELETING, ACTIVE, or UPDATING.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags to assigned to the stream.\n" + } + }, + "type": "object", + "required": [ + "arn", + "closedShards", + "creationTimestamp", + "name", + "openShards", + "retentionPeriod", + "shardLevelMetrics", + "status", + "tags", + "id" + ] + } + }, + "aws:kinesis/getStreamConsumer:getStreamConsumer": { + "description": "Provides details about a Kinesis Stream Consumer.\n\nFor more details, see the [Amazon Kinesis Stream Consumer Documentation](https://docs.aws.amazon.com/streams/latest/dev/amazon-kinesis-consumers.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.kinesis.getStreamConsumer({\n name: \"example-consumer\",\n streamArn: aws_kinesis_stream.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.kinesis.get_stream_consumer(name=\"example-consumer\",\n stream_arn=aws_kinesis_stream[\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Kinesis.GetStreamConsumer.InvokeAsync(new Aws.Kinesis.GetStreamConsumerArgs\n {\n Name = \"example-consumer\",\n StreamArn = aws_kinesis_stream.Example.Arn,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"example-consumer\"\n\t\t_, err := kinesis.LookupStreamConsumer(ctx, &kinesis.LookupStreamConsumerArgs{\n\t\t\tName: &opt0,\n\t\t\tStreamArn: aws_kinesis_stream.Example.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getStreamConsumer.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the stream consumer.\n" + }, + "name": { + "type": "string", + "description": "Name of the stream consumer.\n" + }, + "streamArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the data stream the consumer is registered with.\n" + } + }, + "type": "object", + "required": [ + "streamArn" + ] + }, + "outputs": { + "description": "A collection of values returned by getStreamConsumer.\n", + "properties": { + "arn": { + "type": "string" + }, + "creationTimestamp": { + "type": "string", + "description": "Approximate timestamp in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) of when the stream consumer was created.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string", + "description": "The current status of the stream consumer.\n" + }, + "streamArn": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "creationTimestamp", + "name", + "status", + "streamArn", + "id" + ] + } + }, + "aws:kms/getAlias:getAlias": { + "description": "Use this data source to get the ARN of a KMS key alias.\nBy using this data source, you can reference key alias\nwithout having to hard code the ARN as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst s3 = pulumi.output(aws.kms.getAlias({\n name: \"alias/aws/s3\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ns3 = aws.kms.get_alias(name=\"alias/aws/s3\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var s3 = Output.Create(Aws.Kms.GetAlias.InvokeAsync(new Aws.Kms.GetAliasArgs\n {\n Name = \"alias/aws/s3\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.LookupAlias(ctx, &kms.LookupAliasArgs{\n\t\t\tName: \"alias/aws/s3\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAlias.\n", + "properties": { + "name": { + "type": "string", + "description": "The display name of the alias. The name must start with the word \"alias\" followed by a forward slash (alias/)\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getAlias.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name(ARN) of the key alias.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "targetKeyArn": { + "type": "string", + "description": "ARN pointed to by the alias.\n" + }, + "targetKeyId": { + "type": "string", + "description": "Key identifier pointed to by the alias.\n" + } + }, + "type": "object", + "required": [ + "arn", + "name", + "targetKeyArn", + "targetKeyId", + "id" + ] + } + }, + "aws:kms/getCipherText:getCipherText": { + "description": "The KMS ciphertext data source allows you to encrypt plaintext into ciphertext\nby using an AWS KMS customer master key. The value returned by this data source\nchanges every apply. For a stable ciphertext value, see the `aws.kms.Ciphertext`\nresource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst oauthConfig = new aws.kms.Key(\"oauthConfig\", {\n description: \"oauth config\",\n isEnabled: true,\n});\nconst oauth = oauthConfig.keyId.apply(keyId => aws.kms.getCipherText({\n keyId: keyId,\n plaintext: `{\n \"client_id\": \"e587dbae22222f55da22\",\n \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n}\n`,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\noauth_config = aws.kms.Key(\"oauthConfig\",\n description=\"oauth config\",\n is_enabled=True)\noauth = oauth_config.key_id.apply(lambda key_id: aws.kms.get_cipher_text(key_id=key_id,\n plaintext=\"\"\"{\n \"client_id\": \"e587dbae22222f55da22\",\n \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n}\n\"\"\"))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var oauthConfig = new Aws.Kms.Key(\"oauthConfig\", new Aws.Kms.KeyArgs\n {\n Description = \"oauth config\",\n IsEnabled = true,\n });\n var oauth = oauthConfig.KeyId.Apply(keyId => Aws.Kms.GetCipherText.InvokeAsync(new Aws.Kms.GetCipherTextArgs\n {\n KeyId = keyId,\n Plaintext = @\"{\n \"\"client_id\"\": \"\"e587dbae22222f55da22\"\",\n \"\"client_secret\"\": \"\"8289575d00000ace55e1815ec13673955721b8a5\"\"\n}\n\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\toauthConfig, err := kms.NewKey(ctx, \"oauthConfig\", &kms.KeyArgs{\n\t\t\tDescription: pulumi.String(\"oauth config\"),\n\t\t\tIsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCipherText.\n", + "properties": { + "context": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "An optional mapping that makes up the encryption context.\n" + }, + "keyId": { + "type": "string", + "description": "Globally unique key ID for the customer master key.\n" + }, + "plaintext": { + "type": "string", + "description": "Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.\n" + } + }, + "type": "object", + "required": [ + "keyId", + "plaintext" + ] + }, + "outputs": { + "description": "A collection of values returned by getCipherText.\n", + "properties": { + "ciphertextBlob": { + "type": "string", + "description": "Base64 encoded ciphertext\n" + }, + "context": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "keyId": { + "type": "string" + }, + "plaintext": { + "type": "string" + } + }, + "type": "object", + "required": [ + "ciphertextBlob", + "keyId", + "plaintext", + "id" + ] + } + }, + "aws:kms/getKey:getKey": { + "description": "Use this data source to get detailed information about\nthe specified KMS Key with flexible key id input.\nThis can be useful to reference key alias\nwithout having to hard code the ARN as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byAlias = pulumi.output(aws.kms.getKey({\n keyId: \"alias/my-key\",\n}));\nconst byId = pulumi.output(aws.kms.getKey({\n keyId: \"1234abcd-12ab-34cd-56ef-1234567890ab\",\n}));\nconst byAliasArn = pulumi.output(aws.kms.getKey({\n keyId: \"arn:aws:kms:us-east-1:111122223333:alias/my-key\",\n}));\nconst byKeyArn = pulumi.output(aws.kms.getKey({\n keyId: \"arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_alias = aws.kms.get_key(key_id=\"alias/my-key\")\nby_id = aws.kms.get_key(key_id=\"1234abcd-12ab-34cd-56ef-1234567890ab\")\nby_alias_arn = aws.kms.get_key(key_id=\"arn:aws:kms:us-east-1:111122223333:alias/my-key\")\nby_key_arn = aws.kms.get_key(key_id=\"arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byAlias = Output.Create(Aws.Kms.GetKey.InvokeAsync(new Aws.Kms.GetKeyArgs\n {\n KeyId = \"alias/my-key\",\n }));\n var byId = Output.Create(Aws.Kms.GetKey.InvokeAsync(new Aws.Kms.GetKeyArgs\n {\n KeyId = \"1234abcd-12ab-34cd-56ef-1234567890ab\",\n }));\n var byAliasArn = Output.Create(Aws.Kms.GetKey.InvokeAsync(new Aws.Kms.GetKeyArgs\n {\n KeyId = \"arn:aws:kms:us-east-1:111122223333:alias/my-key\",\n }));\n var byKeyArn = Output.Create(Aws.Kms.GetKey.InvokeAsync(new Aws.Kms.GetKeyArgs\n {\n KeyId = \"arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.LookupKey(ctx, &kms.LookupKeyArgs{\n\t\t\tKeyId: \"alias/my-key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{\n\t\t\tKeyId: \"1234abcd-12ab-34cd-56ef-1234567890ab\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{\n\t\t\tKeyId: \"arn:aws:kms:us-east-1:111122223333:alias/my-key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{\n\t\t\tKeyId: \"arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getKey.\n", + "properties": { + "grantTokens": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of grant tokens\n" + }, + "keyId": { + "type": "string", + "description": "Key identifier which can be one of the following format:\n* Key ID. E.g: `1234abcd-12ab-34cd-56ef-1234567890ab`\n* Key ARN. E.g.: `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`\n* Alias name. E.g.: `alias/my-key`\n* Alias ARN: E.g.: `arn:aws:kms:us-east-1:111122223333:alias/my-key`\n" + } + }, + "type": "object", + "required": [ + "keyId" + ] + }, + "outputs": { + "description": "A collection of values returned by getKey.\n", + "properties": { + "arn": { + "type": "string" + }, + "awsAccountId": { + "type": "string" + }, + "creationDate": { + "type": "string" + }, + "customerMasterKeySpec": { + "type": "string" + }, + "deletionDate": { + "type": "string" + }, + "description": { + "type": "string" + }, + "enabled": { + "type": "boolean" + }, + "expirationModel": { + "type": "string" + }, + "grantTokens": { + "type": "array", + "items": { + "type": "string" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "keyId": { + "type": "string" + }, + "keyManager": { + "type": "string" + }, + "keyState": { + "type": "string" + }, + "keyUsage": { + "type": "string" + }, + "origin": { + "type": "string" + }, + "validTo": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "awsAccountId", + "creationDate", + "customerMasterKeySpec", + "deletionDate", + "description", + "enabled", + "expirationModel", + "keyId", + "keyManager", + "keyState", + "keyUsage", + "origin", + "validTo", + "id" + ] + } + }, + "aws:kms/getPublicKey:getPublicKey": { + "description": "Use this data source to get the public key about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byAlias = pulumi.output(aws.kms.getPublicKey({\n keyId: \"alias/my-key\",\n}));\nconst byId = pulumi.output(aws.kms.getPublicKey({\n keyId: \"1234abcd-12ab-34cd-56ef-1234567890ab\",\n}));\nconst byAliasArn = pulumi.output(aws.kms.getPublicKey({\n keyId: \"arn:aws:kms:us-east-1:111122223333:alias/my-key\",\n}));\nconst byKeyArn = pulumi.output(aws.kms.getPublicKey({\n keyId: \"arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_alias = aws.kms.get_public_key(key_id=\"alias/my-key\")\nby_id = aws.kms.get_public_key(key_id=\"1234abcd-12ab-34cd-56ef-1234567890ab\")\nby_alias_arn = aws.kms.get_public_key(key_id=\"arn:aws:kms:us-east-1:111122223333:alias/my-key\")\nby_key_arn = aws.kms.get_public_key(key_id=\"arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byAlias = Output.Create(Aws.Kms.GetPublicKey.InvokeAsync(new Aws.Kms.GetPublicKeyArgs\n {\n KeyId = \"alias/my-key\",\n }));\n var byId = Output.Create(Aws.Kms.GetPublicKey.InvokeAsync(new Aws.Kms.GetPublicKeyArgs\n {\n KeyId = \"1234abcd-12ab-34cd-56ef-1234567890ab\",\n }));\n var byAliasArn = Output.Create(Aws.Kms.GetPublicKey.InvokeAsync(new Aws.Kms.GetPublicKeyArgs\n {\n KeyId = \"arn:aws:kms:us-east-1:111122223333:alias/my-key\",\n }));\n var byKeyArn = Output.Create(Aws.Kms.GetPublicKey.InvokeAsync(new Aws.Kms.GetPublicKeyArgs\n {\n KeyId = \"arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{\n\t\t\tKeyId: \"alias/my-key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{\n\t\t\tKeyId: \"1234abcd-12ab-34cd-56ef-1234567890ab\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{\n\t\t\tKeyId: \"arn:aws:kms:us-east-1:111122223333:alias/my-key\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{\n\t\t\tKeyId: \"arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPublicKey.\n", + "properties": { + "grantTokens": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of grant tokens\n" + }, + "keyId": { + "type": "string", + "description": "Key identifier which can be one of the following format:\n* Key ID. E.g - `1234abcd-12ab-34cd-56ef-1234567890ab`\n* Key ARN. E.g. - `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`\n* Alias name. E.g. - `alias/my-key`\n* Alias ARN - E.g. - `arn:aws:kms:us-east-1:111122223333:alias/my-key`\n" + } + }, + "type": "object", + "required": [ + "keyId" + ] + }, + "outputs": { + "description": "A collection of values returned by getPublicKey.\n", + "properties": { + "arn": { + "type": "string", + "description": "Key ARN of the asymmetric CMK from which the public key was downloaded.\n" + }, + "customerMasterKeySpec": { + "type": "string", + "description": "Type of the public key that was downloaded.\n" + }, + "encryptionAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Encryption algorithms that AWS KMS supports for this key. Only set when the `key_usage` of the public key is `ENCRYPT_DECRYPT`.\n" + }, + "grantTokens": { + "type": "array", + "items": { + "type": "string" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "keyId": { + "type": "string" + }, + "keyUsage": { + "type": "string", + "description": "Permitted use of the public key. Valid values are `ENCRYPT_DECRYPT` or `SIGN_VERIFY`\n" + }, + "publicKey": { + "type": "string", + "description": "Exported public key. The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in [RFC 5280](https://tools.ietf.org/html/rfc5280). The value is Base64-encoded.\n" + }, + "signingAlgorithms": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Signing algorithms that AWS KMS supports for this key. Only set when the `key_usage` of the public key is `SIGN_VERIFY`.\n" + } + }, + "type": "object", + "required": [ + "arn", + "customerMasterKeySpec", + "encryptionAlgorithms", + "keyId", + "keyUsage", + "publicKey", + "signingAlgorithms", + "id" + ] + } + }, + "aws:kms/getSecret:getSecret": { + "inputs": { + "description": "A collection of arguments for invoking getSecret.\n", + "properties": { + "secrets": { + "type": "array", + "items": { + "$ref": "#/types/aws:kms/getSecretSecret:getSecretSecret" + } + } + }, + "type": "object", + "required": [ + "secrets" + ] + }, + "outputs": { + "description": "A collection of values returned by getSecret.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "secrets": { + "type": "array", + "items": { + "$ref": "#/types/aws:kms/getSecretSecret:getSecretSecret" + } + } + }, + "type": "object", + "required": [ + "secrets", + "id" + ] + } + }, + "aws:kms/getSecrets:getSecrets": { + "description": "Decrypt multiple secrets from data encrypted with the AWS KMS service.\n", + "inputs": { + "description": "A collection of arguments for invoking getSecrets.\n", + "properties": { + "secrets": { + "type": "array", + "items": { + "$ref": "#/types/aws:kms/getSecretsSecret:getSecretsSecret" + }, + "description": "One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.\n" + } + }, + "type": "object", + "required": [ + "secrets" + ] + }, + "outputs": { + "description": "A collection of values returned by getSecrets.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "plaintext": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map containing each `secret` `name` as the key with its decrypted plaintext value\n" + }, + "secrets": { + "type": "array", + "items": { + "$ref": "#/types/aws:kms/getSecretsSecret:getSecretsSecret" + } + } + }, + "type": "object", + "required": [ + "plaintext", + "secrets", + "id" + ] + } + }, + "aws:lakeformation/getDataLakeSettings:getDataLakeSettings": { + "description": "Get Lake Formation principals designated as data lake administrators and lists of principal permission entries for default create database and default create table permissions.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.lakeformation.getDataLakeSettings({\n catalogId: \"14916253649\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.get_data_lake_settings(catalog_id=\"14916253649\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.LakeFormation.GetDataLakeSettings.InvokeAsync(new Aws.LakeFormation.GetDataLakeSettingsArgs\n {\n CatalogId = \"14916253649\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"14916253649\"\n\t\t_, err := lakeformation.LookupDataLakeSettings(ctx, &lakeformation.LookupDataLakeSettingsArgs{\n\t\t\tCatalogId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDataLakeSettings.\n", + "properties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, the account ID.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getDataLakeSettings.\n", + "properties": { + "admins": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of ARNs of AWS Lake Formation principals (IAM users or roles).\n" + }, + "catalogId": { + "type": "string" + }, + "createDatabaseDefaultPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lakeformation/getDataLakeSettingsCreateDatabaseDefaultPermission:getDataLakeSettingsCreateDatabaseDefaultPermission" + }, + "description": "Up to three configuration blocks of principal permissions for default create database permissions. Detailed below.\n" + }, + "createTableDefaultPermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lakeformation/getDataLakeSettingsCreateTableDefaultPermission:getDataLakeSettingsCreateTableDefaultPermission" + }, + "description": "Up to three configuration blocks of principal permissions for default create table permissions. Detailed below.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "trustedResourceOwners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of the resource-owning account IDs that the caller's account can use to share their user access details (user ARNs).\n" + } + }, + "type": "object", + "required": [ + "admins", + "createDatabaseDefaultPermissions", + "createTableDefaultPermissions", + "trustedResourceOwners", + "id" + ] + } + }, + "aws:lakeformation/getPermissions:getPermissions": { + "description": "Get permissions for a principal to access metadata in the Data Catalog and data organized in underlying data storage such as Amazon S3. Permissions are granted to a principal, in a Data Catalog, relative to a Lake Formation resource, which includes the Data Catalog, databases, and tables. For more information, see [Security and Access Control to Metadata and Data in Lake Formation](https://docs.aws.amazon.com/lake-formation/latest/dg/security-data-access.html).\n\n> **NOTE:** This data source deals with explicitly granted permissions. Lake Formation grants implicit permissions to data lake administrators, database creators, and table creators. For more information, see [Implicit Lake Formation Permissions](https://docs.aws.amazon.com/lake-formation/latest/dg/implicit-permissions.html).\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Permissions For A Lake Formation S3 Resource\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.lakeformation.getPermissions({\n principal: aws_iam_role.workflow_role.arn,\n dataLocation: {\n arn: aws_lakeformation_resource.test.arn,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lakeformation.get_permissions(principal=aws_iam_role[\"workflow_role\"][\"arn\"],\n data_location=aws.lakeformation.GetPermissionsDataLocationArgs(\n arn=aws_lakeformation_resource[\"test\"][\"arn\"],\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.LakeFormation.GetPermissions.InvokeAsync(new Aws.LakeFormation.GetPermissionsArgs\n {\n Principal = aws_iam_role.Workflow_role.Arn,\n DataLocation = new Aws.LakeFormation.Inputs.GetPermissionsDataLocationArgs\n {\n Arn = aws_lakeformation_resource.Test.Arn,\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{\n\t\t\tPrincipal: aws_iam_role.Workflow_role.Arn,\n\t\t\tDataLocation: lakeformation.GetPermissionsDataLocation{\n\t\t\t\tArn: aws_lakeformation_resource.Test.Arn,\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Permissions For A Glue Catalog Database\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.lakeformation.getPermissions({\n principal: aws_iam_role.workflow_role.arn,\n database: {\n name: aws_glue_catalog_database.test.name,\n catalogId: \"110376042874\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.lakeformation.get_permissions(principal=aws_iam_role[\"workflow_role\"][\"arn\"],\n database=aws.lakeformation.GetPermissionsDatabaseArgs(\n name=aws_glue_catalog_database[\"test\"][\"name\"],\n catalog_id=\"110376042874\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.LakeFormation.GetPermissions.InvokeAsync(new Aws.LakeFormation.GetPermissionsArgs\n {\n Principal = aws_iam_role.Workflow_role.Arn,\n Database = new Aws.LakeFormation.Inputs.GetPermissionsDatabaseArgs\n {\n Name = aws_glue_catalog_database.Test.Name,\n CatalogId = \"110376042874\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.LookupPermissions(ctx, &lakeformation.LookupPermissionsArgs{\n\t\t\tPrincipal: aws_iam_role.Workflow_role.Arn,\n\t\t\tDatabase: lakeformation.GetPermissionsDatabase{\n\t\t\t\tName: aws_glue_catalog_database.Test.Name,\n\t\t\t\tCatalogId: \"110376042874\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPermissions.\n", + "properties": { + "catalogId": { + "type": "string", + "description": "Identifier for the Data Catalog. By default, it is the account ID of the caller.\n" + }, + "catalogResource": { + "type": "boolean", + "description": "Whether the permissions are to be granted for the Data Catalog. Defaults to `false`.\n" + }, + "dataLocation": { + "$ref": "#/types/aws:lakeformation/getPermissionsDataLocation:getPermissionsDataLocation", + "description": "Configuration block for a data location resource. Detailed below.\n" + }, + "database": { + "$ref": "#/types/aws:lakeformation/getPermissionsDatabase:getPermissionsDatabase", + "description": "Configuration block for a database resource. Detailed below.\n" + }, + "principal": { + "type": "string", + "description": "Principal to be granted the permissions on the resource. Supported principals are IAM users or IAM roles.\n" + }, + "table": { + "$ref": "#/types/aws:lakeformation/getPermissionsTable:getPermissionsTable", + "description": "Configuration block for a table resource. Detailed below.\n" + }, + "tableWithColumns": { + "$ref": "#/types/aws:lakeformation/getPermissionsTableWithColumns:getPermissionsTableWithColumns", + "description": "Configuration block for a table with columns resource. Detailed below.\n" + } + }, + "type": "object", + "required": [ + "principal" + ] + }, + "outputs": { + "description": "A collection of values returned by getPermissions.\n", + "properties": { + "catalogId": { + "type": "string" + }, + "catalogResource": { + "type": "boolean" + }, + "dataLocation": { + "$ref": "#/types/aws:lakeformation/getPermissionsDataLocation:getPermissionsDataLocation" + }, + "database": { + "$ref": "#/types/aws:lakeformation/getPermissionsDatabase:getPermissionsDatabase" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "permissions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of permissions granted to the principal. For details on permissions, see [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html).\n" + }, + "permissionsWithGrantOptions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Subset of `permissions` which the principal can pass.\n" + }, + "principal": { + "type": "string" + }, + "table": { + "$ref": "#/types/aws:lakeformation/getPermissionsTable:getPermissionsTable" + }, + "tableWithColumns": { + "$ref": "#/types/aws:lakeformation/getPermissionsTableWithColumns:getPermissionsTableWithColumns" + } + }, + "type": "object", + "required": [ + "dataLocation", + "database", + "permissions", + "permissionsWithGrantOptions", + "principal", + "table", + "tableWithColumns", + "id" + ] + } + }, + "aws:lakeformation/getResource:getResource": { + "description": "Provides details about a Lake Formation resource.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.lakeformation.getResource({\n arn: \"arn:aws:s3:::tf-acc-test-9151654063908211878\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.lakeformation.get_resource(arn=\"arn:aws:s3:::tf-acc-test-9151654063908211878\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.LakeFormation.GetResource.InvokeAsync(new Aws.LakeFormation.GetResourceArgs\n {\n Arn = \"arn:aws:s3:::tf-acc-test-9151654063908211878\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lakeformation\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lakeformation.LookupResource(ctx, &lakeformation.LookupResourceArgs{\n\t\t\tArn: \"arn:aws:s3:::tf-acc-test-9151654063908211878\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getResource.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the resource, an S3 path.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getResource.\n", + "properties": { + "arn": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lastModified": { + "type": "string", + "description": "The date and time the resource was last modified in [RFC 3339 format](https://tools.ietf.org/html/rfc3339#section-5.8).\n" + }, + "roleArn": { + "type": "string", + "description": "Role that the resource was registered with.\n" + } + }, + "type": "object", + "required": [ + "arn", + "lastModified", + "roleArn", + "id" + ] + } + }, + "aws:lambda/getAlias:getAlias": { + "description": "Provides information about a Lambda Alias.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst production = pulumi.output(aws.lambda.getAlias({\n functionName: \"my-lambda-func\",\n name: \"production\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nproduction = aws.lambda.get_alias(function_name=\"my-lambda-func\",\n name=\"production\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var production = Output.Create(Aws.Lambda.GetAlias.InvokeAsync(new Aws.Lambda.GetAliasArgs\n {\n FunctionName = \"my-lambda-func\",\n Name = \"production\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.LookupAlias(ctx, &lambda.LookupAliasArgs{\n\t\t\tFunctionName: \"my-lambda-func\",\n\t\t\tName: \"production\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getAlias.\n", + "properties": { + "functionName": { + "type": "string", + "description": "Name of the aliased Lambda function.\n" + }, + "name": { + "type": "string", + "description": "Name of the Lambda alias.\n" + } + }, + "type": "object", + "required": [ + "functionName", + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getAlias.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) identifying the Lambda function alias.\n" + }, + "description": { + "type": "string", + "description": "Description of alias.\n" + }, + "functionName": { + "type": "string" + }, + "functionVersion": { + "type": "string", + "description": "Lambda function version which the alias uses.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "invokeArn": { + "type": "string", + "description": "The ARN to be used for invoking Lambda Function from API Gateway - to be used in aws_api_gateway_integration's `uri`.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "description", + "functionName", + "functionVersion", + "invokeArn", + "name", + "id" + ] + } + }, + "aws:lambda/getCodeSigningConfig:getCodeSigningConfig": { + "description": "Provides information about a Lambda Code Signing Config. A code signing configuration defines a list of allowed signing profiles and defines the code-signing validation policy (action to be taken if deployment validation checks fail).\n\nFor information about Lambda code signing configurations and how to use them, see [configuring code signing for Lambda functions](https://docs.aws.amazon.com/lambda/latest/dg/configuration-codesigning.html)\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst existingCsc = pulumi.output(aws.lambda.getCodeSigningConfig({\n arn: `arn:aws:lambda:${var_aws_region}:${var_aws_account}:code-signing-config:csc-0f6c334abcdea4d8b`,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexisting_csc = aws.lambda.get_code_signing_config(arn=f\"arn:aws:lambda:{var['aws_region']}:{var['aws_account']}:code-signing-config:csc-0f6c334abcdea4d8b\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var existingCsc = Output.Create(Aws.Lambda.GetCodeSigningConfig.InvokeAsync(new Aws.Lambda.GetCodeSigningConfigArgs\n {\n Arn = $\"arn:aws:lambda:{@var.Aws_region}:{@var.Aws_account}:code-signing-config:csc-0f6c334abcdea4d8b\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lambda.LookupCodeSigningConfig(ctx, &lambda.LookupCodeSigningConfigArgs{\n\t\t\tArn: fmt.Sprintf(\"%v%v%v%v%v\", \"arn:aws:lambda:\", _var.Aws_region, \":\", _var.Aws_account, \":code-signing-config:csc-0f6c334abcdea4d8b\"),\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCodeSigningConfig.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the code signing configuration.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getCodeSigningConfig.\n", + "properties": { + "allowedPublishers": { + "type": "array", + "items": { + "$ref": "#/types/aws:lambda/getCodeSigningConfigAllowedPublisher:getCodeSigningConfigAllowedPublisher" + }, + "description": "List of allowed publishers as signing profiles for this code signing configuration.\n" + }, + "arn": { + "type": "string" + }, + "configId": { + "type": "string", + "description": "Unique identifier for the code signing configuration.\n" + }, + "description": { + "type": "string", + "description": "Code signing configuration description.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lastModified": { + "type": "string", + "description": "The date and time that the code signing configuration was last modified.\n" + }, + "policies": { + "type": "array", + "items": { + "$ref": "#/types/aws:lambda/getCodeSigningConfigPolicy:getCodeSigningConfigPolicy" + }, + "description": "List of code signing policies that control the validation failure action for signature mismatch or expiry.\n" + } + }, + "type": "object", + "required": [ + "allowedPublishers", + "arn", + "configId", + "description", + "lastModified", + "policies", + "id" + ] + } + }, + "aws:lambda/getFunction:getFunction": { + "description": "Provides information about a Lambda Function.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst functionName = config.require(\"functionName\");\nconst existing = aws.lambda.getFunction({\n functionName: functionName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nfunction_name = config.require(\"functionName\")\nexisting = aws.lambda.get_function(function_name=function_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var functionName = config.Require(\"functionName\");\n var existing = Output.Create(Aws.Lambda.GetFunction.InvokeAsync(new Aws.Lambda.GetFunctionArgs\n {\n FunctionName = functionName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tfunctionName := cfg.Require(\"functionName\")\n\t\t_, err := lambda.LookupFunction(ctx, &lambda.LookupFunctionArgs{\n\t\t\tFunctionName: functionName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getFunction.\n", + "properties": { + "functionName": { + "type": "string", + "description": "Name of the lambda function.\n" + }, + "qualifier": { + "type": "string", + "description": "Alias name or version number of the lambda function. e.g. `$LATEST`, `my-alias`, or `1`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "functionName" + ] + }, + "outputs": { + "description": "A collection of values returned by getFunction.\n", + "properties": { + "arn": { + "type": "string", + "description": "Unqualified (no `:QUALIFIER` or `:VERSION` suffix) Amazon Resource Name (ARN) identifying your Lambda Function. See also `qualified_arn`.\n" + }, + "codeSigningConfigArn": { + "type": "string", + "description": "Amazon Resource Name (ARN) for a Code Signing Configuration.\n" + }, + "deadLetterConfig": { + "$ref": "#/types/aws:lambda/getFunctionDeadLetterConfig:getFunctionDeadLetterConfig", + "description": "Configure the function's *dead letter queue*.\n" + }, + "description": { + "type": "string", + "description": "Description of what your Lambda Function does.\n" + }, + "environment": { + "$ref": "#/types/aws:lambda/getFunctionEnvironment:getFunctionEnvironment", + "description": "The Lambda environment's configuration settings.\n" + }, + "fileSystemConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws:lambda/getFunctionFileSystemConfig:getFunctionFileSystemConfig" + }, + "description": "The connection settings for an Amazon EFS file system.\n" + }, + "functionName": { + "type": "string" + }, + "handler": { + "type": "string", + "description": "The function entrypoint in your code.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "invokeArn": { + "type": "string", + "description": "The ARN to be used for invoking Lambda Function from API Gateway.\n" + }, + "kmsKeyArn": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "lastModified": { + "type": "string", + "description": "The date this resource was last modified.\n" + }, + "layers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Lambda Layer ARNs attached to your Lambda Function.\n" + }, + "memorySize": { + "type": "integer", + "description": "Amount of memory in MB your Lambda Function can use at runtime.\n" + }, + "qualifiedArn": { + "type": "string", + "description": "Qualified (`:QUALIFIER` or `:VERSION` suffix) Amazon Resource Name (ARN) identifying your Lambda Function. See also `arn`.\n" + }, + "qualifier": { + "type": "string" + }, + "reservedConcurrentExecutions": { + "type": "integer", + "description": "The amount of reserved concurrent executions for this lambda function or `-1` if unreserved.\n" + }, + "role": { + "type": "string", + "description": "IAM role attached to the Lambda Function.\n" + }, + "runtime": { + "type": "string", + "description": "The runtime environment for the Lambda function.\n" + }, + "signingJobArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of a signing job.\n" + }, + "signingProfileVersionArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for a signing profile version.\n" + }, + "sourceCodeHash": { + "type": "string", + "description": "Base64-encoded representation of raw SHA-256 sum of the zip file.\n" + }, + "sourceCodeSize": { + "type": "integer", + "description": "The size in bytes of the function .zip file.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "timeout": { + "type": "integer", + "description": "The function execution time at which Lambda should terminate the function.\n" + }, + "tracingConfig": { + "$ref": "#/types/aws:lambda/getFunctionTracingConfig:getFunctionTracingConfig", + "description": "Tracing settings of the function.\n" + }, + "version": { + "type": "string", + "description": "The version of the Lambda function.\n" + }, + "vpcConfig": { + "$ref": "#/types/aws:lambda/getFunctionVpcConfig:getFunctionVpcConfig", + "description": "VPC configuration associated with your Lambda function.\n" + } + }, + "type": "object", + "required": [ + "arn", + "codeSigningConfigArn", + "deadLetterConfig", + "description", + "environment", + "fileSystemConfigs", + "functionName", + "handler", + "invokeArn", + "kmsKeyArn", + "lastModified", + "layers", + "memorySize", + "qualifiedArn", + "reservedConcurrentExecutions", + "role", + "runtime", + "signingJobArn", + "signingProfileVersionArn", + "sourceCodeHash", + "sourceCodeSize", + "tags", + "timeout", + "tracingConfig", + "version", + "vpcConfig", + "id" + ] + } + }, + "aws:lambda/getInvocation:getInvocation": { + "description": "Use this data source to invoke custom lambda functions as data source.\nThe lambda function is invoked with [RequestResponse](https://docs.aws.amazon.com/lambda/latest/dg/API_Invoke.html#API_Invoke_RequestSyntax)\ninvocation type.\n", + "inputs": { + "description": "A collection of arguments for invoking getInvocation.\n", + "properties": { + "functionName": { + "type": "string", + "description": "The name of the lambda function.\n" + }, + "input": { + "type": "string", + "description": "A string in JSON format that is passed as payload to the lambda function.\n" + }, + "qualifier": { + "type": "string", + "description": "The qualifier (a.k.a version) of the lambda function. Defaults\nto `$LATEST`.\n" + } + }, + "type": "object", + "required": [ + "functionName", + "input" + ] + }, + "outputs": { + "description": "A collection of values returned by getInvocation.\n", + "properties": { + "functionName": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "input": { + "type": "string" + }, + "qualifier": { + "type": "string" + }, + "result": { + "type": "string", + "description": "String result of the lambda function invocation.\n" + } + }, + "type": "object", + "required": [ + "functionName", + "input", + "result", + "id" + ] + } + }, + "aws:lambda/getLayerVersion:getLayerVersion": { + "description": "Provides information about a Lambda Layer Version.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst layerName = config.require(\"layerName\");\nconst existing = aws.lambda.getLayerVersion({\n layerName: layerName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlayer_name = config.require(\"layerName\")\nexisting = aws.lambda.get_layer_version(layer_name=layer_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var layerName = config.Require(\"layerName\");\n var existing = Output.Create(Aws.Lambda.GetLayerVersion.InvokeAsync(new Aws.Lambda.GetLayerVersionArgs\n {\n LayerName = layerName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlayerName := cfg.Require(\"layerName\")\n\t\t_, err := lambda.LookupLayerVersion(ctx, &lambda.LookupLayerVersionArgs{\n\t\t\tLayerName: layerName,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLayerVersion.\n", + "properties": { + "compatibleRuntime": { + "type": "string", + "description": "Specific runtime the layer version must support. Conflicts with `version`. If specified, the latest available layer version supporting the provided runtime will be used.\n" + }, + "layerName": { + "type": "string", + "description": "Name of the lambda layer.\n" + }, + "version": { + "type": "integer", + "description": "Specific layer version. Conflicts with `compatible_runtime`. If omitted, the latest available layer version will be used.\n" + } + }, + "type": "object", + "required": [ + "layerName" + ] + }, + "outputs": { + "description": "A collection of values returned by getLayerVersion.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Lambda Layer with version.\n" + }, + "compatibleRuntime": { + "type": "string" + }, + "compatibleRuntimes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of [Runtimes](https://docs.aws.amazon.com/lambda/latest/dg/API_GetLayerVersion.html#SSS-GetLayerVersion-response-CompatibleRuntimes) the specific Lambda Layer version is compatible with.\n" + }, + "createdDate": { + "type": "string", + "description": "The date this resource was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the specific Lambda Layer version.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "layerArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Lambda Layer without version.\n" + }, + "layerName": { + "type": "string" + }, + "licenseInfo": { + "type": "string", + "description": "License info associated with the specific Lambda Layer version.\n" + }, + "signingJobArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of a signing job.\n" + }, + "signingProfileVersionArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for a signing profile version.\n" + }, + "sourceCodeHash": { + "type": "string", + "description": "Base64-encoded representation of raw SHA-256 sum of the zip file.\n" + }, + "sourceCodeSize": { + "type": "integer", + "description": "The size in bytes of the function .zip file.\n" + }, + "version": { + "type": "integer", + "description": "This Lamba Layer version.\n" + } + }, + "type": "object", + "required": [ + "arn", + "compatibleRuntimes", + "createdDate", + "description", + "layerArn", + "layerName", + "licenseInfo", + "signingJobArn", + "signingProfileVersionArn", + "sourceCodeHash", + "sourceCodeSize", + "version", + "id" + ] + } + }, + "aws:lb/getListener:getListener": { + "description": "> **Note:** `aws.alb.Listener` is known as `aws.lb.Listener`. The functionality is identical.\n\nProvides information about a Load Balancer Listener.\n\nThis data source can prove useful when a module accepts an LB Listener as an input variable and needs to know the LB it is attached to, or other information specific to the listener in question.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst listenerArn = config.require(\"listenerArn\");\nconst listener = aws.lb.getListener({\n arn: listenerArn,\n});\nconst selected = aws.lb.getLoadBalancer({\n name: \"default-public\",\n});\nconst selected443 = selected.then(selected => aws.lb.getListener({\n loadBalancerArn: selected.arn,\n port: 443,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlistener_arn = config.require(\"listenerArn\")\nlistener = aws.lb.get_listener(arn=listener_arn)\nselected = aws.lb.get_load_balancer(name=\"default-public\")\nselected443 = aws.lb.get_listener(load_balancer_arn=selected.arn,\n port=443)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var listenerArn = config.Require(\"listenerArn\");\n var listener = Output.Create(Aws.LB.GetListener.InvokeAsync(new Aws.LB.GetListenerArgs\n {\n Arn = listenerArn,\n }));\n var selected = Output.Create(Aws.LB.GetLoadBalancer.InvokeAsync(new Aws.LB.GetLoadBalancerArgs\n {\n Name = \"default-public\",\n }));\n var selected443 = selected.Apply(selected => Output.Create(Aws.LB.GetListener.InvokeAsync(new Aws.LB.GetListenerArgs\n {\n LoadBalancerArn = selected.Arn,\n Port = 443,\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlistenerArn := cfg.Require(\"listenerArn\")\n\t\topt0 := listenerArn\n\t\t_, err := lb.LookupListener(ctx, &lb.LookupListenerArgs{\n\t\t\tArn: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt1 := \"default-public\"\n\t\tselected, err := lb.LookupLoadBalancer(ctx, &lb.LookupLoadBalancerArgs{\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt2 := selected.Arn\n\t\topt3 := 443\n\t\t_, err = lb.LookupListener(ctx, &lb.LookupListenerArgs{\n\t\t\tLoadBalancerArn: &opt2,\n\t\t\tPort: &opt3,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getListener.\n", + "properties": { + "arn": { + "type": "string", + "description": "ARN of the listener. Required if `load_balancer_arn` and `port` is not set.\n" + }, + "loadBalancerArn": { + "type": "string", + "description": "ARN of the load balancer. Required if `arn` is not set.\n" + }, + "port": { + "type": "integer", + "description": "Port of the listener. Required if `arn` is not set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getListener.\n", + "properties": { + "alpnPolicy": { + "type": "string" + }, + "arn": { + "type": "string" + }, + "certificateArn": { + "type": "string" + }, + "defaultActions": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/getListenerDefaultAction:getListenerDefaultAction" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "loadBalancerArn": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "protocol": { + "type": "string" + }, + "sslPolicy": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "alpnPolicy", + "arn", + "certificateArn", + "defaultActions", + "loadBalancerArn", + "port", + "protocol", + "sslPolicy", + "tags", + "id" + ] + } + }, + "aws:lb/getLoadBalancer:getLoadBalancer": { + "description": "> **Note:** `aws.alb.LoadBalancer` is known as `aws.lb.LoadBalancer`. The functionality is identical.\n\nProvides information about a Load Balancer.\n\nThis data source can prove useful when a module accepts an LB as an input\nvariable and needs to, for example, determine the security groups associated\nwith it, etc.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lbArn = config.get(\"lbArn\") || \"\";\nconst lbName = config.get(\"lbName\") || \"\";\nconst test = aws.lb.getLoadBalancer({\n arn: lbArn,\n name: lbName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlb_arn = config.get(\"lbArn\")\nif lb_arn is None:\n lb_arn = \"\"\nlb_name = config.get(\"lbName\")\nif lb_name is None:\n lb_name = \"\"\ntest = aws.lb.get_load_balancer(arn=lb_arn,\n name=lb_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lbArn = config.Get(\"lbArn\") ?? \"\";\n var lbName = config.Get(\"lbName\") ?? \"\";\n var test = Output.Create(Aws.LB.GetLoadBalancer.InvokeAsync(new Aws.LB.GetLoadBalancerArgs\n {\n Arn = lbArn,\n Name = lbName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlbArn := \"\"\n\t\tif param := cfg.Get(\"lbArn\"); param != \"\" {\n\t\t\tlbArn = param\n\t\t}\n\t\tlbName := \"\"\n\t\tif param := cfg.Get(\"lbName\"); param != \"\" {\n\t\t\tlbName = param\n\t\t}\n\t\topt0 := lbArn\n\t\topt1 := lbName\n\t\t_, err := lb.LookupLoadBalancer(ctx, &lb.LookupLoadBalancerArgs{\n\t\t\tArn: &opt0,\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLoadBalancer.\n", + "properties": { + "arn": { + "type": "string", + "description": "The full ARN of the load balancer.\n" + }, + "name": { + "type": "string", + "description": "The unique name of the load balancer.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of tags, each pair of which must exactly match a pair on the desired load balancer.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getLoadBalancer.\n", + "properties": { + "accessLogs": { + "$ref": "#/types/aws:lb/getLoadBalancerAccessLogs:getLoadBalancerAccessLogs" + }, + "arn": { + "type": "string" + }, + "arnSuffix": { + "type": "string" + }, + "customerOwnedIpv4Pool": { + "type": "string" + }, + "dnsName": { + "type": "string" + }, + "dropInvalidHeaderFields": { + "type": "boolean" + }, + "enableDeletionProtection": { + "type": "boolean" + }, + "enableHttp2": { + "type": "boolean" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "idleTimeout": { + "type": "integer" + }, + "internal": { + "type": "boolean" + }, + "ipAddressType": { + "type": "string" + }, + "loadBalancerType": { + "type": "string" + }, + "name": { + "type": "string" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + } + }, + "subnetMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws:lb/getLoadBalancerSubnetMapping:getLoadBalancerSubnetMapping" + } + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "accessLogs", + "arn", + "arnSuffix", + "customerOwnedIpv4Pool", + "dnsName", + "dropInvalidHeaderFields", + "enableDeletionProtection", + "enableHttp2", + "idleTimeout", + "internal", + "ipAddressType", + "loadBalancerType", + "name", + "securityGroups", + "subnetMappings", + "subnets", + "tags", + "vpcId", + "zoneId", + "id" + ] + } + }, + "aws:lb/getTargetGroup:getTargetGroup": { + "description": "> **Note:** `aws.alb.TargetGroup` is known as `aws.lb.TargetGroup`. The functionality is identical.\n\nProvides information about a Load Balancer Target Group.\n\nThis data source can prove useful when a module accepts an LB Target Group as an\ninput variable and needs to know its attributes. It can also be used to get the ARN of\nan LB Target Group for use in other resources, given LB Target Group name.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst lbTgArn = config.get(\"lbTgArn\") || \"\";\nconst lbTgName = config.get(\"lbTgName\") || \"\";\nconst test = aws.lb.getTargetGroup({\n arn: lbTgArn,\n name: lbTgName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nlb_tg_arn = config.get(\"lbTgArn\")\nif lb_tg_arn is None:\n lb_tg_arn = \"\"\nlb_tg_name = config.get(\"lbTgName\")\nif lb_tg_name is None:\n lb_tg_name = \"\"\ntest = aws.lb.get_target_group(arn=lb_tg_arn,\n name=lb_tg_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var lbTgArn = config.Get(\"lbTgArn\") ?? \"\";\n var lbTgName = config.Get(\"lbTgName\") ?? \"\";\n var test = Output.Create(Aws.LB.GetTargetGroup.InvokeAsync(new Aws.LB.GetTargetGroupArgs\n {\n Arn = lbTgArn,\n Name = lbTgName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tlbTgArn := \"\"\n\t\tif param := cfg.Get(\"lbTgArn\"); param != \"\" {\n\t\t\tlbTgArn = param\n\t\t}\n\t\tlbTgName := \"\"\n\t\tif param := cfg.Get(\"lbTgName\"); param != \"\" {\n\t\t\tlbTgName = param\n\t\t}\n\t\topt0 := lbTgArn\n\t\topt1 := lbTgName\n\t\t_, err := lb.LookupTargetGroup(ctx, &lb.LookupTargetGroupArgs{\n\t\t\tArn: &opt0,\n\t\t\tName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getTargetGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The full ARN of the target group.\n" + }, + "name": { + "type": "string", + "description": "The unique name of the target group.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getTargetGroup.\n", + "properties": { + "arn": { + "type": "string" + }, + "arnSuffix": { + "type": "string" + }, + "deregistrationDelay": { + "type": "integer" + }, + "healthCheck": { + "$ref": "#/types/aws:lb/getTargetGroupHealthCheck:getTargetGroupHealthCheck" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lambdaMultiValueHeadersEnabled": { + "type": "boolean" + }, + "loadBalancingAlgorithmType": { + "type": "string" + }, + "name": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "preserveClientIp": { + "type": "string" + }, + "protocol": { + "type": "string" + }, + "protocolVersion": { + "type": "string" + }, + "proxyProtocolV2": { + "type": "boolean" + }, + "slowStart": { + "type": "integer" + }, + "stickiness": { + "$ref": "#/types/aws:lb/getTargetGroupStickiness:getTargetGroupStickiness" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetType": { + "type": "string" + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "arnSuffix", + "deregistrationDelay", + "healthCheck", + "lambdaMultiValueHeadersEnabled", + "loadBalancingAlgorithmType", + "name", + "port", + "preserveClientIp", + "protocol", + "protocolVersion", + "proxyProtocolV2", + "slowStart", + "stickiness", + "tags", + "targetType", + "vpcId", + "id" + ] + } + }, + "aws:lex/getBot:getBot": { + "description": "Provides details about a specific Amazon Lex Bot.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst orderFlowersBot = pulumi.output(aws.lex.getBot({\n name: \"OrderFlowers\",\n version: \"$LATEST\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norder_flowers_bot = aws.lex.get_bot(name=\"OrderFlowers\",\n version=\"$LATEST\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var orderFlowersBot = Output.Create(Aws.Lex.GetBot.InvokeAsync(new Aws.Lex.GetBotArgs\n {\n Name = \"OrderFlowers\",\n Version = \"$LATEST\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := fmt.Sprintf(\"%v%v\", \"$\", \"LATEST\")\n\t\t_, err := lex.LookupBot(ctx, &lex.LookupBotArgs{\n\t\t\tName: \"OrderFlowers\",\n\t\t\tVersion: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getBot.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the bot. The name is case sensitive.\n" + }, + "version": { + "type": "string", + "description": "The version or alias of the bot.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getBot.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the bot.\n" + }, + "checksum": { + "type": "string", + "description": "Checksum of the bot used to identify a specific revision of the bot's `$LATEST` version.\n" + }, + "childDirected": { + "type": "boolean", + "description": "Specifies if this Amazon Lex Bot is related to a website, program, or other application that is directed or targeted, in whole or in part, to children under age 13 and subject to COPPA.\n" + }, + "createdDate": { + "type": "string", + "description": "The date that the bot was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the bot.\n" + }, + "detectSentiment": { + "type": "boolean", + "description": "When set to true user utterances are sent to Amazon Comprehend for sentiment analysis.\n" + }, + "enableModelImprovements": { + "type": "boolean", + "description": "Set to true if natural language understanding improvements are enabled.\n" + }, + "failureReason": { + "type": "string", + "description": "If the `status` is `FAILED`, the reason why the bot failed to build.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "idleSessionTtlInSeconds": { + "type": "integer", + "description": "The maximum time in seconds that Amazon Lex retains the data gathered in a conversation.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date that the bot was updated.\n" + }, + "locale": { + "type": "string", + "description": "Specifies the target locale for the bot. Any intent used in the bot must be compatible with the locale of the bot.\n" + }, + "name": { + "type": "string", + "description": "The name of the bot, case sensitive.\n" + }, + "nluIntentConfidenceThreshold": { + "type": "number", + "description": "The threshold where Amazon Lex will insert the AMAZON.FallbackIntent, AMAZON.KendraSearchIntent, or both when returning alternative intents in a PostContent or PostText response. AMAZON.FallbackIntent and AMAZON.KendraSearchIntent are only inserted if they are configured for the bot.\n" + }, + "status": { + "type": "string", + "description": "The status of the bot.\n" + }, + "version": { + "type": "string", + "description": "The version of the bot. For a new bot, the version is always `$LATEST`.\n" + }, + "voiceId": { + "type": "string", + "description": "The Amazon Polly voice ID that the Amazon Lex Bot uses for voice interactions with the user.\n" + } + }, + "type": "object", + "required": [ + "arn", + "checksum", + "childDirected", + "createdDate", + "description", + "detectSentiment", + "enableModelImprovements", + "failureReason", + "idleSessionTtlInSeconds", + "lastUpdatedDate", + "locale", + "name", + "nluIntentConfidenceThreshold", + "status", + "voiceId", + "id" + ] + } + }, + "aws:lex/getBotAlias:getBotAlias": { + "description": "Provides details about a specific Amazon Lex Bot Alias.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst orderFlowersProd = pulumi.output(aws.lex.getBotAlias({\n botName: \"OrderFlowers\",\n name: \"OrderFlowersProd\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norder_flowers_prod = aws.lex.get_bot_alias(bot_name=\"OrderFlowers\",\n name=\"OrderFlowersProd\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var orderFlowersProd = Output.Create(Aws.Lex.GetBotAlias.InvokeAsync(new Aws.Lex.GetBotAliasArgs\n {\n BotName = \"OrderFlowers\",\n Name = \"OrderFlowersProd\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := lex.LookupBotAlias(ctx, &lex.LookupBotAliasArgs{\n\t\t\tBotName: \"OrderFlowers\",\n\t\t\tName: \"OrderFlowersProd\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getBotAlias.\n", + "properties": { + "botName": { + "type": "string", + "description": "The name of the bot.\n" + }, + "name": { + "type": "string", + "description": "The name of the bot alias. The name is case sensitive.\n" + } + }, + "type": "object", + "required": [ + "botName", + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getBotAlias.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the bot alias.\n" + }, + "botName": { + "type": "string", + "description": "The name of the bot.\n" + }, + "botVersion": { + "type": "string", + "description": "The version of the bot that the alias points to.\n" + }, + "checksum": { + "type": "string", + "description": "Checksum of the bot alias.\n" + }, + "createdDate": { + "type": "string", + "description": "The date that the bot alias was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the alias.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date that the bot alias was updated. When you create a resource, the creation date and the last updated date are the same.\n" + }, + "name": { + "type": "string", + "description": "The name of the alias. The name is not case sensitive.\n" + } + }, + "type": "object", + "required": [ + "arn", + "botName", + "botVersion", + "checksum", + "createdDate", + "description", + "lastUpdatedDate", + "name", + "id" + ] + } + }, + "aws:lex/getIntent:getIntent": { + "description": "Provides details about a specific Amazon Lex Intent.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst orderFlowers = pulumi.output(aws.lex.getIntent({\n name: \"OrderFlowers\",\n version: \"$LATEST\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norder_flowers = aws.lex.get_intent(name=\"OrderFlowers\",\n version=\"$LATEST\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var orderFlowers = Output.Create(Aws.Lex.GetIntent.InvokeAsync(new Aws.Lex.GetIntentArgs\n {\n Name = \"OrderFlowers\",\n Version = \"$LATEST\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := fmt.Sprintf(\"%v%v\", \"$\", \"LATEST\")\n\t\t_, err := lex.LookupIntent(ctx, &lex.LookupIntentArgs{\n\t\t\tName: \"OrderFlowers\",\n\t\t\tVersion: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getIntent.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the intent. The name is case sensitive.\n" + }, + "version": { + "type": "string", + "description": "The version of the intent.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getIntent.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the Lex intent.\n" + }, + "checksum": { + "type": "string", + "description": "Checksum identifying the version of the intent that was created. The checksum is not\nincluded as an argument because the resource will add it automatically when updating the intent.\n" + }, + "createdDate": { + "type": "string", + "description": "The date when the intent version was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the intent.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date when the $LATEST version of this intent was updated.\n" + }, + "name": { + "type": "string", + "description": "The name of the intent, not case sensitive.\n" + }, + "parentIntentSignature": { + "type": "string", + "description": "A unique identifier for the built-in intent to base this\nintent on. To find the signature for an intent, see\n[Standard Built-in Intents](https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/built-in-intent-ref/standard-intents)\nin the Alexa Skills Kit.\n" + }, + "version": { + "type": "string", + "description": "The version of the bot.\n" + } + }, + "type": "object", + "required": [ + "arn", + "checksum", + "createdDate", + "description", + "lastUpdatedDate", + "name", + "parentIntentSignature", + "id" + ] + } + }, + "aws:lex/getSlotType:getSlotType": { + "description": "Provides details about a specific Amazon Lex Slot Type.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst flowerTypes = pulumi.output(aws.lex.getSlotType({\n name: \"FlowerTypes\",\n version: \"1\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nflower_types = aws.lex.get_slot_type(name=\"FlowerTypes\",\n version=\"1\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var flowerTypes = Output.Create(Aws.Lex.GetSlotType.InvokeAsync(new Aws.Lex.GetSlotTypeArgs\n {\n Name = \"FlowerTypes\",\n Version = \"1\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"1\"\n\t\t_, err := lex.LookupSlotType(ctx, &lex.LookupSlotTypeArgs{\n\t\t\tName: \"FlowerTypes\",\n\t\t\tVersion: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSlotType.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the slot type. The name is case sensitive.\n" + }, + "version": { + "type": "string", + "description": "The version of the slot type.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getSlotType.\n", + "properties": { + "checksum": { + "type": "string", + "description": "Checksum identifying the version of the slot type that was created. The checksum is\nnot included as an argument because the resource will add it automatically when updating the slot type.\n" + }, + "createdDate": { + "type": "string", + "description": "The date when the slot type version was created.\n" + }, + "description": { + "type": "string", + "description": "A description of the slot type.\n" + }, + "enumerationValues": { + "type": "array", + "items": { + "$ref": "#/types/aws:lex/getSlotTypeEnumerationValue:getSlotTypeEnumerationValue" + }, + "description": "A set of EnumerationValue objects that defines the values that\nthe slot type can take. Each value can have a set of synonyms, which are additional values that help\ntrain the machine learning model about the values that it resolves for a slot.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "lastUpdatedDate": { + "type": "string", + "description": "The date when the $LATEST version of this slot type was updated.\n" + }, + "name": { + "type": "string", + "description": "The name of the slot type. The name is not case sensitive.\n" + }, + "valueSelectionStrategy": { + "type": "string", + "description": "Determines the slot resolution strategy that Amazon Lex\nuses to return slot type values. `ORIGINAL_VALUE` returns the value entered by the user if the user\nvalue is similar to the slot value. `TOP_RESOLUTION` returns the first value in the resolution list\nif there is a resolution list for the slot, otherwise null is returned.\n" + }, + "version": { + "type": "string", + "description": "The version of the slot type.\n" + } + }, + "type": "object", + "required": [ + "checksum", + "createdDate", + "description", + "enumerationValues", + "lastUpdatedDate", + "name", + "valueSelectionStrategy", + "id" + ] + } + }, + "aws:mq/getBroker:getBroker": { + "description": "Provides information about a MQ Broker.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst config = new pulumi.Config();\nconst brokerId = config.get(\"brokerId\") || \"\";\nconst brokerName = config.get(\"brokerName\") || \"\";\nconst byId = aws.mq.getBroker({\n brokerId: brokerId,\n});\nconst byName = aws.mq.getBroker({\n brokerName: brokerName,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nconfig = pulumi.Config()\nbroker_id = config.get(\"brokerId\")\nif broker_id is None:\n broker_id = \"\"\nbroker_name = config.get(\"brokerName\")\nif broker_name is None:\n broker_name = \"\"\nby_id = aws.mq.get_broker(broker_id=broker_id)\nby_name = aws.mq.get_broker(broker_name=broker_name)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var config = new Config();\n var brokerId = config.Get(\"brokerId\") ?? \"\";\n var brokerName = config.Get(\"brokerName\") ?? \"\";\n var byId = Output.Create(Aws.Mq.GetBroker.InvokeAsync(new Aws.Mq.GetBrokerArgs\n {\n BrokerId = brokerId,\n }));\n var byName = Output.Create(Aws.Mq.GetBroker.InvokeAsync(new Aws.Mq.GetBrokerArgs\n {\n BrokerName = brokerName,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/mq\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi/config\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcfg := config.New(ctx, \"\")\n\t\tbrokerId := \"\"\n\t\tif param := cfg.Get(\"brokerId\"); param != \"\" {\n\t\t\tbrokerId = param\n\t\t}\n\t\tbrokerName := \"\"\n\t\tif param := cfg.Get(\"brokerName\"); param != \"\" {\n\t\t\tbrokerName = param\n\t\t}\n\t\topt0 := brokerId\n\t\t_, err := mq.LookupBroker(ctx, &mq.LookupBrokerArgs{\n\t\t\tBrokerId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt1 := brokerName\n\t\t_, err = mq.LookupBroker(ctx, &mq.LookupBrokerArgs{\n\t\t\tBrokerName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getBroker.\n", + "properties": { + "brokerId": { + "type": "string", + "description": "The unique id of the mq broker.\n" + }, + "brokerName": { + "type": "string", + "description": "The unique name of the mq broker.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getBroker.\n", + "properties": { + "arn": { + "type": "string" + }, + "authenticationStrategy": { + "type": "string" + }, + "autoMinorVersionUpgrade": { + "type": "boolean" + }, + "brokerId": { + "type": "string" + }, + "brokerName": { + "type": "string" + }, + "configuration": { + "$ref": "#/types/aws:mq/getBrokerConfiguration:getBrokerConfiguration" + }, + "deploymentMode": { + "type": "string" + }, + "encryptionOptions": { + "type": "array", + "items": { + "$ref": "#/types/aws:mq/getBrokerEncryptionOption:getBrokerEncryptionOption" + } + }, + "engineType": { + "type": "string" + }, + "engineVersion": { + "type": "string" + }, + "hostInstanceType": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instances": { + "type": "array", + "items": { + "$ref": "#/types/aws:mq/getBrokerInstance:getBrokerInstance" + } + }, + "ldapServerMetadatas": { + "type": "array", + "items": { + "$ref": "#/types/aws:mq/getBrokerLdapServerMetadata:getBrokerLdapServerMetadata" + } + }, + "logs": { + "$ref": "#/types/aws:mq/getBrokerLogs:getBrokerLogs" + }, + "maintenanceWindowStartTime": { + "$ref": "#/types/aws:mq/getBrokerMaintenanceWindowStartTime:getBrokerMaintenanceWindowStartTime" + }, + "publiclyAccessible": { + "type": "boolean" + }, + "securityGroups": { + "type": "array", + "items": { + "type": "string" + } + }, + "storageType": { + "type": "string" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "users": { + "type": "array", + "items": { + "$ref": "#/types/aws:mq/getBrokerUser:getBrokerUser" + } + } + }, + "type": "object", + "required": [ + "arn", + "authenticationStrategy", + "autoMinorVersionUpgrade", + "brokerId", + "brokerName", + "configuration", + "deploymentMode", + "encryptionOptions", + "engineType", + "engineVersion", + "hostInstanceType", + "instances", + "ldapServerMetadatas", + "logs", + "maintenanceWindowStartTime", + "publiclyAccessible", + "securityGroups", + "storageType", + "subnetIds", + "tags", + "users", + "id" + ] + } + }, + "aws:msk/getCluster:getCluster": { + "description": "Get information on an Amazon MSK Cluster.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.msk.getCluster({\n clusterName: \"example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.msk.get_cluster(cluster_name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Msk.GetCluster.InvokeAsync(new Aws.Msk.GetClusterArgs\n {\n ClusterName = \"example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/msk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := msk.LookupCluster(ctx, &msk.LookupClusterArgs{\n\t\t\tClusterName: \"example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCluster.\n", + "properties": { + "clusterName": { + "type": "string", + "description": "Name of the cluster.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value pairs assigned to the cluster.\n" + } + }, + "type": "object", + "required": [ + "clusterName" + ] + }, + "outputs": { + "description": "A collection of values returned by getCluster.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the MSK cluster.\n" + }, + "bootstrapBrokers": { + "type": "string", + "description": "Comma separated list of one or more hostname:port pairs of kafka brokers suitable to bootstrap connectivity to the kafka cluster. Contains a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `PLAINTEXT` or `TLS_PLAINTEXT`. The resource sorts values alphabetically. AWS may not always return all endpoints so this value is not guaranteed to be stable across applies.\n" + }, + "bootstrapBrokersSaslIam": { + "type": "string", + "description": "One or more DNS names (or IP addresses) and SASL IAM port pairs. For example, `b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9098`. This attribute will have a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `TLS_PLAINTEXT` or `TLS` and `client_authentication.0.sasl.0.iam` is set to `true`. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.\n" + }, + "bootstrapBrokersSaslScram": { + "type": "string", + "description": "One or more DNS names (or IP addresses) and SASL SCRAM port pairs. For example, `b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9096`. This attribute will have a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `TLS_PLAINTEXT` or `TLS` and `client_authentication.0.sasl.0.scram` is set to `true`. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.\n" + }, + "bootstrapBrokersTls": { + "type": "string", + "description": "One or more DNS names (or IP addresses) and TLS port pairs. For example, `b-1.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094,b-2.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094,b-3.exampleClusterName.abcde.c2.kafka.us-east-1.amazonaws.com:9094`. This attribute will have a value if `encryption_info.0.encryption_in_transit.0.client_broker` is set to `TLS_PLAINTEXT` or `TLS`. The resource sorts the list alphabetically. AWS may not always return all endpoints so the values may not be stable across applies.\n" + }, + "clusterName": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kafkaVersion": { + "type": "string", + "description": "Apache Kafka version.\n" + }, + "numberOfBrokerNodes": { + "type": "integer", + "description": "Number of broker nodes in the cluster.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Map of key-value pairs assigned to the cluster.\n" + }, + "zookeeperConnectString": { + "type": "string", + "description": "A comma separated list of one or more hostname:port pairs to use to connect to the Apache Zookeeper cluster. The returned values are sorted alphbetically. The AWS API may not return all endpoints, so this value is not guaranteed to be stable across applies.\n" + } + }, + "type": "object", + "required": [ + "arn", + "bootstrapBrokers", + "bootstrapBrokersSaslIam", + "bootstrapBrokersSaslScram", + "bootstrapBrokersTls", + "clusterName", + "kafkaVersion", + "numberOfBrokerNodes", + "tags", + "zookeeperConnectString", + "id" + ] + } + }, + "aws:msk/getConfiguration:getConfiguration": { + "description": "Get information on an Amazon MSK Configuration.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.msk.getConfiguration({\n name: \"example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.msk.get_configuration(name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Msk.GetConfiguration.InvokeAsync(new Aws.Msk.GetConfigurationArgs\n {\n Name = \"example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/msk\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := msk.LookupConfiguration(ctx, &msk.LookupConfigurationArgs{\n\t\t\tName: \"example\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getConfiguration.\n", + "properties": { + "name": { + "type": "string", + "description": "Name of the configuration.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getConfiguration.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the configuration.\n" + }, + "description": { + "type": "string", + "description": "Description of the configuration.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kafkaVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Apache Kafka versions which can use this configuration.\n" + }, + "latestRevision": { + "type": "integer", + "description": "Latest revision of the configuration.\n" + }, + "name": { + "type": "string" + }, + "serverProperties": { + "type": "string", + "description": "Contents of the server.properties file.\n" + } + }, + "type": "object", + "required": [ + "arn", + "description", + "kafkaVersions", + "latestRevision", + "name", + "serverProperties", + "id" + ] + } + }, + "aws:neptune/getEngineVersion:getEngineVersion": { + "description": "Information about a Neptune engine version.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.neptune.getEngineVersion({\n preferredVersions: [\n \"1.0.3.0\",\n \"1.0.2.2\",\n \"1.0.2.1\",\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.neptune.get_engine_version(preferred_versions=[\n \"1.0.3.0\",\n \"1.0.2.2\",\n \"1.0.2.1\",\n])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Neptune.GetEngineVersion.InvokeAsync(new Aws.Neptune.GetEngineVersionArgs\n {\n PreferredVersions = \n {\n \"1.0.3.0\",\n \"1.0.2.2\",\n \"1.0.2.1\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := neptune.GetEngineVersion(ctx, &neptune.GetEngineVersionArgs{\n\t\t\tPreferredVersions: []string{\n\t\t\t\t\"1.0.3.0\",\n\t\t\t\t\"1.0.2.2\",\n\t\t\t\t\"1.0.2.1\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getEngineVersion.\n", + "properties": { + "engine": { + "type": "string", + "description": "DB engine. (Default: `neptune`)\n" + }, + "parameterGroupFamily": { + "type": "string", + "description": "The name of a specific DB parameter group family. An example parameter group family is `neptune1`.\n" + }, + "preferredVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ordered list of preferred engine versions. The first match in this list will be returned. If no preferred matches are found and the original search returned more than one result, an error is returned. If both the `version` and `preferred_versions` arguments are not configured, the data source will return the default version for the engine.\n" + }, + "version": { + "type": "string", + "description": "Version of the DB engine. For example, `1.0.1.0`, `1.0.2.2`, and `1.0.3.0`. If both the `version` and `preferred_versions` arguments are not configured, the data source will return the default version for the engine.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getEngineVersion.\n", + "properties": { + "engine": { + "type": "string" + }, + "engineDescription": { + "type": "string", + "description": "The description of the database engine.\n" + }, + "exportableLogTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of log types that the database engine has available for export to CloudWatch Logs.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "parameterGroupFamily": { + "type": "string" + }, + "preferredVersions": { + "type": "array", + "items": { + "type": "string" + } + }, + "supportedTimezones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of the time zones supported by this engine.\n" + }, + "supportsLogExportsToCloudwatch": { + "type": "boolean", + "description": "Indicates whether the engine version supports exporting the log types specified by `exportable_log_types` to CloudWatch Logs.\n" + }, + "supportsReadReplica": { + "type": "boolean", + "description": "Indicates whether the database engine version supports read replicas.\n" + }, + "validUpgradeTargets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of engine versions that this database engine version can be upgraded to.\n" + }, + "version": { + "type": "string" + }, + "versionDescription": { + "type": "string", + "description": "The description of the database engine version.\n" + } + }, + "type": "object", + "required": [ + "engineDescription", + "exportableLogTypes", + "parameterGroupFamily", + "supportedTimezones", + "supportsLogExportsToCloudwatch", + "supportsReadReplica", + "validUpgradeTargets", + "version", + "versionDescription", + "id" + ] + } + }, + "aws:neptune/getOrderableDbInstance:getOrderableDbInstance": { + "description": "Information about Neptune orderable DB instances.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.neptune.getOrderableDbInstance({\n engineVersion: \"1.0.3.0\",\n preferredInstanceClasses: [\n \"db.r5.large\",\n \"db.r4.large\",\n \"db.t3.medium\",\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.neptune.get_orderable_db_instance(engine_version=\"1.0.3.0\",\n preferred_instance_classes=[\n \"db.r5.large\",\n \"db.r4.large\",\n \"db.t3.medium\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Neptune.GetOrderableDbInstance.InvokeAsync(new Aws.Neptune.GetOrderableDbInstanceArgs\n {\n EngineVersion = \"1.0.3.0\",\n PreferredInstanceClasses = \n {\n \"db.r5.large\",\n \"db.r4.large\",\n \"db.t3.medium\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/neptune\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"1.0.3.0\"\n\t\t_, err := neptune.GetOrderableDbInstance(ctx, &neptune.GetOrderableDbInstanceArgs{\n\t\t\tEngineVersion: &opt0,\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r5.large\",\n\t\t\t\t\"db.r4.large\",\n\t\t\t\t\"db.t3.medium\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getOrderableDbInstance.\n", + "properties": { + "engine": { + "type": "string", + "description": "DB engine. (Default: `neptune`)\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the DB engine. For example, `1.0.1.0`, `1.0.1.2`, `1.0.2.2`, and `1.0.3.0`.\n" + }, + "instanceClass": { + "type": "string", + "description": "DB instance class. Examples of classes are `db.r5.large`, `db.r5.xlarge`, `db.r4.large`, `db.r5.4xlarge`, `db.r5.12xlarge`, `db.r4.xlarge`, and `db.t3.medium`.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model. (Default: `amazon-license`)\n" + }, + "preferredInstanceClasses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ordered list of preferred Neptune DB instance classes. The first match in this list will be returned. If no preferred matches are found and the original search returned more than one result, an error is returned.\n" + }, + "vpc": { + "type": "boolean", + "description": "Enable to show only VPC offerings.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getOrderableDbInstance.\n", + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Availability zones where the instance is available.\n" + }, + "engine": { + "type": "string" + }, + "engineVersion": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceClass": { + "type": "string" + }, + "licenseModel": { + "type": "string" + }, + "maxIopsPerDbInstance": { + "type": "integer", + "description": "Maximum total provisioned IOPS for a DB instance.\n" + }, + "maxIopsPerGib": { + "type": "number", + "description": "Maximum provisioned IOPS per GiB for a DB instance.\n" + }, + "maxStorageSize": { + "type": "integer", + "description": "Maximum storage size for a DB instance.\n" + }, + "minIopsPerDbInstance": { + "type": "integer", + "description": "Minimum total provisioned IOPS for a DB instance.\n" + }, + "minIopsPerGib": { + "type": "number", + "description": "Minimum provisioned IOPS per GiB for a DB instance.\n" + }, + "minStorageSize": { + "type": "integer", + "description": "Minimum storage size for a DB instance.\n" + }, + "multiAzCapable": { + "type": "boolean", + "description": "Whether a DB instance is Multi-AZ capable.\n" + }, + "preferredInstanceClasses": { + "type": "array", + "items": { + "type": "string" + } + }, + "readReplicaCapable": { + "type": "boolean", + "description": "Whether a DB instance can have a read replica.\n" + }, + "storageType": { + "type": "string", + "description": "The storage type for a DB instance.\n" + }, + "supportsEnhancedMonitoring": { + "type": "boolean", + "description": "Whether a DB instance supports Enhanced Monitoring at intervals from 1 to 60 seconds.\n" + }, + "supportsIamDatabaseAuthentication": { + "type": "boolean", + "description": "Whether a DB instance supports IAM database authentication.\n" + }, + "supportsIops": { + "type": "boolean", + "description": "Whether a DB instance supports provisioned IOPS.\n" + }, + "supportsPerformanceInsights": { + "type": "boolean", + "description": "Whether a DB instance supports Performance Insights.\n" + }, + "supportsStorageEncryption": { + "type": "boolean", + "description": "Whether a DB instance supports encrypted storage.\n" + }, + "vpc": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "availabilityZones", + "engineVersion", + "instanceClass", + "maxIopsPerDbInstance", + "maxIopsPerGib", + "maxStorageSize", + "minIopsPerDbInstance", + "minIopsPerGib", + "minStorageSize", + "multiAzCapable", + "readReplicaCapable", + "storageType", + "supportsEnhancedMonitoring", + "supportsIamDatabaseAuthentication", + "supportsIops", + "supportsPerformanceInsights", + "supportsStorageEncryption", + "vpc", + "id" + ] + } + }, + "aws:organizations/getDelegatedAdministrators:getDelegatedAdministrators": { + "description": "Get a list the AWS accounts that are designated as delegated administrators in this organization\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.organizations.getDelegatedAdministrators({\n servicePrincipal: \"SERVICE PRINCIPAL\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.organizations.get_delegated_administrators(service_principal=\"SERVICE PRINCIPAL\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Organizations.GetDelegatedAdministrators.InvokeAsync(new Aws.Organizations.GetDelegatedAdministratorsArgs\n {\n ServicePrincipal = \"SERVICE PRINCIPAL\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"SERVICE PRINCIPAL\"\n\t\t_, err := organizations.GetDelegatedAdministrators(ctx, &organizations.GetDelegatedAdministratorsArgs{\n\t\t\tServicePrincipal: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDelegatedAdministrators.\n", + "properties": { + "servicePrincipal": { + "type": "string", + "description": "Specifies a service principal name. If specified, then the operation lists the delegated administrators only for the specified service. If you don't specify a service principal, the operation lists all delegated administrators for all services in your organization.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getDelegatedAdministrators.\n", + "properties": { + "delegatedAdministrators": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/getDelegatedAdministratorsDelegatedAdministrator:getDelegatedAdministratorsDelegatedAdministrator" + }, + "description": "The list of delegated administrators in your organization, which have the following attributes:\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "servicePrincipal": { + "type": "string" + } + }, + "type": "object", + "required": [ + "delegatedAdministrators", + "id" + ] + } + }, + "aws:organizations/getDelegatedServices:getDelegatedServices": { + "description": "Get a list the AWS services for which the specified account is a delegated administrator\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.organizations.getDelegatedServices({\n accountId: \"AWS ACCOUNT ID\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.organizations.get_delegated_services(account_id=\"AWS ACCOUNT ID\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Organizations.GetDelegatedServices.InvokeAsync(new Aws.Organizations.GetDelegatedServicesArgs\n {\n AccountId = \"AWS ACCOUNT ID\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.GetDelegatedServices(ctx, &organizations.GetDelegatedServicesArgs{\n\t\t\tAccountId: \"AWS ACCOUNT ID\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDelegatedServices.\n", + "properties": { + "accountId": { + "type": "string", + "description": "The account ID number of a delegated administrator account in the organization.\n" + } + }, + "type": "object", + "required": [ + "accountId" + ] + }, + "outputs": { + "description": "A collection of values returned by getDelegatedServices.\n", + "properties": { + "accountId": { + "type": "string" + }, + "delegatedServices": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/getDelegatedServicesDelegatedService:getDelegatedServicesDelegatedService" + }, + "description": "The services for which the account is a delegated administrator, which have the following attributes:\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "accountId", + "delegatedServices", + "id" + ] + } + }, + "aws:organizations/getOrganization:getOrganization": { + "description": "Get information about the organization that the user's account belongs to\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### SNS topic that can be interacted by the organization only\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.organizations.getOrganization({});\nconst snsTopic = new aws.sns.Topic(\"snsTopic\", {});\nconst snsTopicPolicyPolicyDocument = pulumi.all([example, snsTopic.arn]).apply(([example, arn]) => aws.iam.getPolicyDocument({\n statements: [{\n effect: \"Allow\",\n actions: [\n \"SNS:Subscribe\",\n \"SNS:Publish\",\n ],\n conditions: [{\n test: \"StringEquals\",\n variable: \"aws:PrincipalOrgID\",\n values: [example.id],\n }],\n principals: [{\n type: \"AWS\",\n identifiers: [\"*\"],\n }],\n resources: [arn],\n }],\n}));\nconst snsTopicPolicyTopicPolicy = new aws.sns.TopicPolicy(\"snsTopicPolicyTopicPolicy\", {\n arn: snsTopic.arn,\n policy: snsTopicPolicyPolicyDocument.apply(snsTopicPolicyPolicyDocument => snsTopicPolicyPolicyDocument.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.organizations.get_organization()\nsns_topic = aws.sns.Topic(\"snsTopic\")\nsns_topic_policy_policy_document = sns_topic.arn.apply(lambda arn: aws.iam.get_policy_document(statements=[aws.iam.GetPolicyDocumentStatementArgs(\n effect=\"Allow\",\n actions=[\n \"SNS:Subscribe\",\n \"SNS:Publish\",\n ],\n conditions=[aws.iam.GetPolicyDocumentStatementConditionArgs(\n test=\"StringEquals\",\n variable=\"aws:PrincipalOrgID\",\n values=[example.id],\n )],\n principals=[aws.iam.GetPolicyDocumentStatementPrincipalArgs(\n type=\"AWS\",\n identifiers=[\"*\"],\n )],\n resources=[arn],\n)]))\nsns_topic_policy_topic_policy = aws.sns.TopicPolicy(\"snsTopicPolicyTopicPolicy\",\n arn=sns_topic.arn,\n policy=sns_topic_policy_policy_document.json)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Organizations.GetOrganization.InvokeAsync());\n var snsTopic = new Aws.Sns.Topic(\"snsTopic\", new Aws.Sns.TopicArgs\n {\n });\n var snsTopicPolicyPolicyDocument = Output.Tuple(example, snsTopic.Arn).Apply(values =>\n {\n var example = values.Item1;\n var arn = values.Item2;\n return Aws.Iam.GetPolicyDocument.InvokeAsync(new Aws.Iam.GetPolicyDocumentArgs\n {\n Statements = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementArgs\n {\n Effect = \"Allow\",\n Actions = \n {\n \"SNS:Subscribe\",\n \"SNS:Publish\",\n },\n Conditions = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementConditionArgs\n {\n Test = \"StringEquals\",\n Variable = \"aws:PrincipalOrgID\",\n Values = \n {\n example.Id,\n },\n },\n },\n Principals = \n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalArgs\n {\n Type = \"AWS\",\n Identifiers = \n {\n \"*\",\n },\n },\n },\n Resources = \n {\n arn,\n },\n },\n },\n });\n });\n var snsTopicPolicyTopicPolicy = new Aws.Sns.TopicPolicy(\"snsTopicPolicyTopicPolicy\", new Aws.Sns.TopicPolicyArgs\n {\n Arn = snsTopic.Arn,\n Policy = snsTopicPolicyPolicyDocument.Apply(snsTopicPolicyPolicyDocument => snsTopicPolicyPolicyDocument.Json),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texample, err := organizations.LookupOrganization(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsnsTopic, err := sns.NewTopic(ctx, \"snsTopic\", nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = sns.NewTopicPolicy(ctx, \"snsTopicPolicyTopicPolicy\", &sns.TopicPolicyArgs{\n\t\t\tArn: snsTopic.Arn,\n\t\t\tPolicy: pulumi.String(snsTopicPolicyPolicyDocument.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getOrganization.\n", + "properties": { + "accounts": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/getOrganizationAccount:getOrganizationAccount" + }, + "description": "List of organization accounts including the master account. For a list excluding the master account, see the `non_master_accounts` attribute. All elements have these attributes:\n" + }, + "arn": { + "type": "string", + "description": "ARN of the root\n" + }, + "awsServiceAccessPrincipals": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of AWS service principal names that have integration enabled with your organization. Organization must have `feature_set` set to `ALL`. For additional information, see the [AWS Organizations User Guide](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_integrate_services.html).\n" + }, + "enabledPolicyTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of Organizations policy types that are enabled in the Organization Root. Organization must have `feature_set` set to `ALL`. For additional information about valid policy types (e.g. `SERVICE_CONTROL_POLICY`), see the [AWS Organizations API Reference](https://docs.aws.amazon.com/organizations/latest/APIReference/API_EnablePolicyType.html).\n" + }, + "featureSet": { + "type": "string", + "description": "The FeatureSet of the organization.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "masterAccountArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the account that is designated as the master account for the organization.\n" + }, + "masterAccountEmail": { + "type": "string", + "description": "The email address that is associated with the AWS account that is designated as the master account for the organization.\n" + }, + "masterAccountId": { + "type": "string", + "description": "The unique identifier (ID) of the master account of an organization.\n" + }, + "nonMasterAccounts": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/getOrganizationNonMasterAccount:getOrganizationNonMasterAccount" + }, + "description": "List of organization accounts excluding the master account. For a list including the master account, see the `accounts` attribute. All elements have these attributes:\n" + }, + "roots": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/getOrganizationRoot:getOrganizationRoot" + }, + "description": "List of organization roots. All elements have these attributes:\n" + } + }, + "type": "object", + "required": [ + "accounts", + "arn", + "awsServiceAccessPrincipals", + "enabledPolicyTypes", + "featureSet", + "masterAccountArn", + "masterAccountEmail", + "masterAccountId", + "nonMasterAccounts", + "roots", + "id" + ] + } + }, + "aws:organizations/getOrganizationalUnits:getOrganizationalUnits": { + "description": "Get all direct child organizational units under a parent organizational unit. This only provides immediate children, not all children.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst org = aws.organizations.getOrganization({});\nconst ou = org.then(org => aws.organizations.getOrganizationalUnits({\n parentId: org.roots?[0]?.id,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\norg = aws.organizations.get_organization()\nou = aws.organizations.get_organizational_units(parent_id=org.roots[0].id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var org = Output.Create(Aws.Organizations.GetOrganization.InvokeAsync());\n var ou = org.Apply(org => Output.Create(Aws.Organizations.GetOrganizationalUnits.InvokeAsync(new Aws.Organizations.GetOrganizationalUnitsArgs\n {\n ParentId = org.Roots?[0]?.Id,\n })));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\torg, err := organizations.LookupOrganization(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.GetOrganizationalUnits(ctx, &organizations.GetOrganizationalUnitsArgs{\n\t\t\tParentId: org.Roots[0].Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getOrganizationalUnits.\n", + "properties": { + "parentId": { + "type": "string", + "description": "The parent ID of the organizational unit.\n" + } + }, + "type": "object", + "required": [ + "parentId" + ] + }, + "outputs": { + "description": "A collection of values returned by getOrganizationalUnits.\n", + "properties": { + "childrens": { + "type": "array", + "items": { + "$ref": "#/types/aws:organizations/getOrganizationalUnitsChildren:getOrganizationalUnitsChildren" + }, + "description": "List of child organizational units, which have the following attributes:\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "parentId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "childrens", + "parentId", + "id" + ] + } + }, + "aws:outposts/getOutpost:getOutpost": { + "description": "Provides details about an Outposts Outpost.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.outposts.getOutpost({\n name: \"example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.outposts.get_outpost(name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Outposts.GetOutpost.InvokeAsync(new Aws.Outposts.GetOutpostArgs\n {\n Name = \"example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/outposts\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"example\"\n\t\t_, err := outposts.GetOutpost(ctx, &outposts.GetOutpostArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getOutpost.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN).\n" + }, + "id": { + "type": "string", + "description": "Identifier of the Outpost.\n" + }, + "name": { + "type": "string", + "description": "Name of the Outpost.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS Account identifier of the Outpost owner.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getOutpost.\n", + "properties": { + "arn": { + "type": "string" + }, + "availabilityZone": { + "type": "string", + "description": "Availability Zone name.\n" + }, + "availabilityZoneId": { + "type": "string", + "description": "Availability Zone identifier.\n" + }, + "description": { + "type": "string", + "description": "Description.\n" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "ownerId": { + "type": "string" + }, + "siteId": { + "type": "string", + "description": "Site identifier.\n" + } + }, + "type": "object", + "required": [ + "arn", + "availabilityZone", + "availabilityZoneId", + "description", + "id", + "name", + "ownerId", + "siteId" + ] + } + }, + "aws:outposts/getOutpostInstanceType:getOutpostInstanceType": { + "description": "Information about single Outpost Instance Type.\n", + "inputs": { + "description": "A collection of arguments for invoking getOutpostInstanceType.\n", + "properties": { + "arn": { + "type": "string", + "description": "Outpost Amazon Resource Name (ARN).\n" + }, + "instanceType": { + "type": "string", + "description": "Desired instance type. Conflicts with `preferred_instance_types`.\n" + }, + "preferredInstanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ordered list of preferred instance types. The first match in this list will be returned. If no preferred matches are found and the original search returned more than one result, an error is returned. Conflicts with `instance_type`.\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getOutpostInstanceType.\n", + "properties": { + "arn": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceType": { + "type": "string" + }, + "preferredInstanceTypes": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "arn", + "instanceType", + "id" + ] + } + }, + "aws:outposts/getOutpostInstanceTypes:getOutpostInstanceTypes": { + "description": "Information about Outposts Instance Types.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.outposts.getOutpostInstanceTypes({\n arn: data.aws_outposts_outpost.example.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.outposts.get_outpost_instance_types(arn=data[\"aws_outposts_outpost\"][\"example\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Outposts.GetOutpostInstanceTypes.InvokeAsync(new Aws.Outposts.GetOutpostInstanceTypesArgs\n {\n Arn = data.Aws_outposts_outpost.Example.Arn,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/outposts\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := outposts.GetOutpostInstanceTypes(ctx, &outposts.GetOutpostInstanceTypesArgs{\n\t\t\tArn: data.Aws_outposts_outpost.Example.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getOutpostInstanceTypes.\n", + "properties": { + "arn": { + "type": "string", + "description": "Outpost Amazon Resource Name (ARN).\n" + } + }, + "type": "object", + "required": [ + "arn" + ] + }, + "outputs": { + "description": "A collection of values returned by getOutpostInstanceTypes.\n", + "properties": { + "arn": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of instance types.\n" + } + }, + "type": "object", + "required": [ + "arn", + "instanceTypes", + "id" + ] + } + }, + "aws:outposts/getOutposts:getOutposts": { + "description": "Provides details about multiple Outposts.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.outposts.getOutposts({\n siteId: data.aws_outposts_site.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.outposts.get_outposts(site_id=data[\"aws_outposts_site\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Outposts.GetOutposts.InvokeAsync(new Aws.Outposts.GetOutpostsArgs\n {\n SiteId = data.Aws_outposts_site.Id,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/outposts\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := data.Aws_outposts_site.Id\n\t\t_, err := outposts.GetOutposts(ctx, &outposts.GetOutpostsArgs{\n\t\t\tSiteId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getOutposts.\n", + "properties": { + "availabilityZone": { + "type": "string", + "description": "Availability Zone name.\n" + }, + "availabilityZoneId": { + "type": "string", + "description": "Availability Zone identifier.\n" + }, + "ownerId": { + "type": "string", + "description": "AWS Account identifier of the Outpost owner.\n" + }, + "siteId": { + "type": "string", + "description": "Site identifier.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getOutposts.\n", + "properties": { + "arns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Amazon Resource Names (ARNs).\n" + }, + "availabilityZone": { + "type": "string" + }, + "availabilityZoneId": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of identifiers.\n" + }, + "ownerId": { + "type": "string" + }, + "siteId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arns", + "availabilityZone", + "availabilityZoneId", + "ids", + "ownerId", + "siteId", + "id" + ] + } + }, + "aws:outposts/getSite:getSite": { + "description": "Provides details about an Outposts Site.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.outposts.getSite({\n name: \"example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.outposts.get_site(name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Outposts.GetSite.InvokeAsync(new Aws.Outposts.GetSiteArgs\n {\n Name = \"example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/outposts\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"example\"\n\t\t_, err := outposts.GetSite(ctx, &outposts.GetSiteArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSite.\n", + "properties": { + "id": { + "type": "string", + "description": "Identifier of the Site.\n" + }, + "name": { + "type": "string", + "description": "Name of the Site.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getSite.\n", + "properties": { + "accountId": { + "type": "string", + "description": "AWS Account identifier.\n" + }, + "description": { + "type": "string", + "description": "Description.\n" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "accountId", + "description", + "id", + "name" + ] + } + }, + "aws:outposts/getSites:getSites": { + "description": "Provides details about multiple Outposts Sites.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst all = pulumi.output(aws.outposts.getSites());\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nall = aws.outposts.get_sites()\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var all = Output.Create(Aws.Outposts.GetSites.InvokeAsync());\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/outposts\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := outposts.GetSites(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getSites.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ids": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Outposts Site identifiers.\n" + } + }, + "type": "object", + "required": [ + "ids", + "id" + ] + } + }, + "aws:pricing/getProduct:getProduct": { + "description": "Use this data source to get the pricing information of all products in AWS.\nThis data source is only available in a us-east-1 or ap-south-1 provider.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.pricing.getProduct({\n filters: [\n {\n field: \"instanceType\",\n value: \"c5.xlarge\",\n },\n {\n field: \"operatingSystem\",\n value: \"Linux\",\n },\n {\n field: \"location\",\n value: \"US East (N. Virginia)\",\n },\n {\n field: \"preInstalledSw\",\n value: \"NA\",\n },\n {\n field: \"licenseModel\",\n value: \"No License required\",\n },\n {\n field: \"tenancy\",\n value: \"Shared\",\n },\n {\n field: \"capacitystatus\",\n value: \"Used\",\n },\n ],\n serviceCode: \"AmazonEC2\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.pricing.get_product(filters=[\n aws.pricing.GetProductFilterArgs(\n field=\"instanceType\",\n value=\"c5.xlarge\",\n ),\n aws.pricing.GetProductFilterArgs(\n field=\"operatingSystem\",\n value=\"Linux\",\n ),\n aws.pricing.GetProductFilterArgs(\n field=\"location\",\n value=\"US East (N. Virginia)\",\n ),\n aws.pricing.GetProductFilterArgs(\n field=\"preInstalledSw\",\n value=\"NA\",\n ),\n aws.pricing.GetProductFilterArgs(\n field=\"licenseModel\",\n value=\"No License required\",\n ),\n aws.pricing.GetProductFilterArgs(\n field=\"tenancy\",\n value=\"Shared\",\n ),\n aws.pricing.GetProductFilterArgs(\n field=\"capacitystatus\",\n value=\"Used\",\n ),\n ],\n service_code=\"AmazonEC2\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Pricing.GetProduct.InvokeAsync(new Aws.Pricing.GetProductArgs\n {\n Filters = \n {\n new Aws.Pricing.Inputs.GetProductFilterArgs\n {\n Field = \"instanceType\",\n Value = \"c5.xlarge\",\n },\n new Aws.Pricing.Inputs.GetProductFilterArgs\n {\n Field = \"operatingSystem\",\n Value = \"Linux\",\n },\n new Aws.Pricing.Inputs.GetProductFilterArgs\n {\n Field = \"location\",\n Value = \"US East (N. Virginia)\",\n },\n new Aws.Pricing.Inputs.GetProductFilterArgs\n {\n Field = \"preInstalledSw\",\n Value = \"NA\",\n },\n new Aws.Pricing.Inputs.GetProductFilterArgs\n {\n Field = \"licenseModel\",\n Value = \"No License required\",\n },\n new Aws.Pricing.Inputs.GetProductFilterArgs\n {\n Field = \"tenancy\",\n Value = \"Shared\",\n },\n new Aws.Pricing.Inputs.GetProductFilterArgs\n {\n Field = \"capacitystatus\",\n Value = \"Used\",\n },\n },\n ServiceCode = \"AmazonEC2\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/pricing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pricing.GetProduct(ctx, &pricing.GetProductArgs{\n\t\t\tFilters: []pricing.GetProductFilter{\n\t\t\t\tpricing.GetProductFilter{\n\t\t\t\t\tField: \"instanceType\",\n\t\t\t\t\tValue: \"c5.xlarge\",\n\t\t\t\t},\n\t\t\t\tpricing.GetProductFilter{\n\t\t\t\t\tField: \"operatingSystem\",\n\t\t\t\t\tValue: \"Linux\",\n\t\t\t\t},\n\t\t\t\tpricing.GetProductFilter{\n\t\t\t\t\tField: \"location\",\n\t\t\t\t\tValue: \"US East (N. Virginia)\",\n\t\t\t\t},\n\t\t\t\tpricing.GetProductFilter{\n\t\t\t\t\tField: \"preInstalledSw\",\n\t\t\t\t\tValue: \"NA\",\n\t\t\t\t},\n\t\t\t\tpricing.GetProductFilter{\n\t\t\t\t\tField: \"licenseModel\",\n\t\t\t\t\tValue: \"No License required\",\n\t\t\t\t},\n\t\t\t\tpricing.GetProductFilter{\n\t\t\t\t\tField: \"tenancy\",\n\t\t\t\t\tValue: \"Shared\",\n\t\t\t\t},\n\t\t\t\tpricing.GetProductFilter{\n\t\t\t\t\tField: \"capacitystatus\",\n\t\t\t\t\tValue: \"Used\",\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceCode: \"AmazonEC2\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.pricing.getProduct({\n filters: [\n {\n field: \"instanceType\",\n value: \"ds1.xlarge\",\n },\n {\n field: \"location\",\n value: \"US East (N. Virginia)\",\n },\n ],\n serviceCode: \"AmazonRedshift\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.pricing.get_product(filters=[\n aws.pricing.GetProductFilterArgs(\n field=\"instanceType\",\n value=\"ds1.xlarge\",\n ),\n aws.pricing.GetProductFilterArgs(\n field=\"location\",\n value=\"US East (N. Virginia)\",\n ),\n ],\n service_code=\"AmazonRedshift\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Pricing.GetProduct.InvokeAsync(new Aws.Pricing.GetProductArgs\n {\n Filters = \n {\n new Aws.Pricing.Inputs.GetProductFilterArgs\n {\n Field = \"instanceType\",\n Value = \"ds1.xlarge\",\n },\n new Aws.Pricing.Inputs.GetProductFilterArgs\n {\n Field = \"location\",\n Value = \"US East (N. Virginia)\",\n },\n },\n ServiceCode = \"AmazonRedshift\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/pricing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pricing.GetProduct(ctx, &pricing.GetProductArgs{\n\t\t\tFilters: []pricing.GetProductFilter{\n\t\t\t\tpricing.GetProductFilter{\n\t\t\t\t\tField: \"instanceType\",\n\t\t\t\t\tValue: \"ds1.xlarge\",\n\t\t\t\t},\n\t\t\t\tpricing.GetProductFilter{\n\t\t\t\t\tField: \"location\",\n\t\t\t\t\tValue: \"US East (N. Virginia)\",\n\t\t\t\t},\n\t\t\t},\n\t\t\tServiceCode: \"AmazonRedshift\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getProduct.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:pricing/getProductFilter:getProductFilter" + }, + "description": "A list of filters. Passed directly to the API (see GetProducts API reference). These filters must describe a single product, this resource will fail if more than one product is returned by the API.\n" + }, + "serviceCode": { + "type": "string", + "description": "The code of the service. Available service codes can be fetched using the DescribeServices pricing API call.\n" + } + }, + "type": "object", + "required": [ + "filters", + "serviceCode" + ] + }, + "outputs": { + "description": "A collection of values returned by getProduct.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:pricing/getProductFilter:getProductFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "result": { + "type": "string", + "description": "Set to the product returned from the API.\n" + }, + "serviceCode": { + "type": "string" + } + }, + "type": "object", + "required": [ + "filters", + "result", + "serviceCode", + "id" + ] + } + }, + "aws:qldb/getLedger:getLedger": { + "description": "Use this data source to fetch information about a Quantum Ledger Database.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.qldb.getLedger({\n name: \"an_example_ledger\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.qldb.get_ledger(name=\"an_example_ledger\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Qldb.GetLedger.InvokeAsync(new Aws.Qldb.GetLedgerArgs\n {\n Name = \"an_example_ledger\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/qldb\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := qldb.LookupLedger(ctx, &qldb.LookupLedgerArgs{\n\t\t\tName: \"an_example_ledger\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLedger.\n", + "properties": { + "name": { + "type": "string", + "description": "The friendly name of the ledger to match.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getLedger.\n", + "properties": { + "arn": { + "type": "string" + }, + "deletionProtection": { + "type": "boolean" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "permissionsMode": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "deletionProtection", + "name", + "permissionsMode", + "id" + ] + } + }, + "aws:ram/getResourceShare:getResourceShare": { + "description": "`aws.ram.ResourceShare` Retrieve information about a RAM Resource Share.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.ram.getResourceShare({\n name: \"example\",\n resourceOwner: \"SELF\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.ram.get_resource_share(name=\"example\",\n resource_owner=\"SELF\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Ram.GetResourceShare.InvokeAsync(new Aws.Ram.GetResourceShareArgs\n {\n Name = \"example\",\n ResourceOwner = \"SELF\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ram\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ram.LookupResourceShare(ctx, &ram.LookupResourceShareArgs{\n\t\t\tName: \"example\",\n\t\t\tResourceOwner: \"SELF\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}\n## Search by filters\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst tagFilter = pulumi.output(aws.ram.getResourceShare({\n filters: [{\n name: \"NameOfTag\",\n values: [\"exampleNameTagValue\"],\n }],\n name: \"MyResourceName\",\n resourceOwner: \"SELF\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntag_filter = aws.ram.get_resource_share(filters=[aws.ram.GetResourceShareFilterArgs(\n name=\"NameOfTag\",\n values=[\"exampleNameTagValue\"],\n )],\n name=\"MyResourceName\",\n resource_owner=\"SELF\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var tagFilter = Output.Create(Aws.Ram.GetResourceShare.InvokeAsync(new Aws.Ram.GetResourceShareArgs\n {\n Filters = \n {\n new Aws.Ram.Inputs.GetResourceShareFilterArgs\n {\n Name = \"NameOfTag\",\n Values = \n {\n \"exampleNameTagValue\",\n },\n },\n },\n Name = \"MyResourceName\",\n ResourceOwner = \"SELF\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ram\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ram.LookupResourceShare(ctx, &ram.LookupResourceShareArgs{\n\t\t\tFilters: []ram.GetResourceShareFilter{\n\t\t\t\tram.GetResourceShareFilter{\n\t\t\t\t\tName: \"NameOfTag\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"exampleNameTagValue\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tName: \"MyResourceName\",\n\t\t\tResourceOwner: \"SELF\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n", + "inputs": { + "description": "A collection of arguments for invoking getResourceShare.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ram/getResourceShareFilter:getResourceShareFilter" + }, + "description": "A filter used to scope the list e.g. by tags. See [related docs] (https://docs.aws.amazon.com/ram/latest/APIReference/API_TagFilter.html).\n" + }, + "name": { + "type": "string", + "description": "The name of the tag key to filter on.\n" + }, + "resourceOwner": { + "type": "string", + "description": "The owner of the resource share. Valid values are SELF or OTHER-ACCOUNTS\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The Tags attached to the RAM share\n" + } + }, + "type": "object", + "required": [ + "name", + "resourceOwner" + ] + }, + "outputs": { + "description": "A collection of values returned by getResourceShare.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the resource share.\n" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:ram/getResourceShareFilter:getResourceShareFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "owningAccountId": { + "type": "string", + "description": "The ID of the AWS account that owns the resource share.\n" + }, + "resourceOwner": { + "type": "string" + }, + "status": { + "type": "string", + "description": "The Status of the RAM share.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The Tags attached to the RAM share\n" + } + }, + "type": "object", + "required": [ + "arn", + "name", + "owningAccountId", + "resourceOwner", + "status", + "tags", + "id" + ] + } + }, + "aws:rds/getCertificate:getCertificate": { + "description": "Information about an RDS Certificate.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.rds.getCertificate({\n latestValidTill: true,\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.rds.get_certificate(latest_valid_till=True)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Rds.GetCertificate.InvokeAsync(new Aws.Rds.GetCertificateArgs\n {\n LatestValidTill = true,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\t_, err := rds.GetCertificate(ctx, &rds.GetCertificateArgs{\n\t\t\tLatestValidTill: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCertificate.\n", + "properties": { + "id": { + "type": "string", + "description": "Certificate identifier. For example, `rds-ca-2019`.\n" + }, + "latestValidTill": { + "type": "boolean", + "description": "When enabled, returns the certificate with the latest `ValidTill`.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getCertificate.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the certificate.\n" + }, + "certificateType": { + "type": "string", + "description": "Type of certificate. For example, `CA`.\n" + }, + "customerOverride": { + "type": "boolean", + "description": "Boolean whether there is an override for the default certificate identifier.\n" + }, + "customerOverrideValidTill": { + "type": "string", + "description": "If there is an override for the default certificate identifier, when the override expires.\n" + }, + "id": { + "type": "string" + }, + "latestValidTill": { + "type": "boolean" + }, + "thumbprint": { + "type": "string", + "description": "Thumbprint of the certificate.\n" + }, + "validFrom": { + "type": "string", + "description": "[RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) of certificate starting validity date.\n" + }, + "validTill": { + "type": "string", + "description": "[RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) of certificate ending validity date.\n" + } + }, + "type": "object", + "required": [ + "arn", + "certificateType", + "customerOverride", + "customerOverrideValidTill", + "id", + "thumbprint", + "validFrom", + "validTill" + ] + } + }, + "aws:rds/getCluster:getCluster": { + "description": "Provides information about an RDS cluster.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst clusterName = pulumi.output(aws.rds.getCluster({\n clusterIdentifier: \"clusterName\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncluster_name = aws.rds.get_cluster(cluster_identifier=\"clusterName\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var clusterName = Output.Create(Aws.Rds.GetCluster.InvokeAsync(new Aws.Rds.GetClusterArgs\n {\n ClusterIdentifier = \"clusterName\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.LookupCluster(ctx, &rds.LookupClusterArgs{\n\t\t\tClusterIdentifier: \"clusterName\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCluster.\n", + "properties": { + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier of the RDS cluster.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "clusterIdentifier" + ] + }, + "outputs": { + "description": "A collection of values returned by getCluster.\n", + "properties": { + "arn": { + "type": "string" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + } + }, + "backtrackWindow": { + "type": "integer" + }, + "backupRetentionPeriod": { + "type": "integer" + }, + "clusterIdentifier": { + "type": "string" + }, + "clusterMembers": { + "type": "array", + "items": { + "type": "string" + } + }, + "clusterResourceId": { + "type": "string" + }, + "databaseName": { + "type": "string" + }, + "dbClusterParameterGroupName": { + "type": "string" + }, + "dbSubnetGroupName": { + "type": "string" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + } + }, + "endpoint": { + "type": "string" + }, + "engine": { + "type": "string" + }, + "engineVersion": { + "type": "string" + }, + "finalSnapshotIdentifier": { + "type": "string" + }, + "hostedZoneId": { + "type": "string" + }, + "iamDatabaseAuthenticationEnabled": { + "type": "boolean" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kmsKeyId": { + "type": "string" + }, + "masterUsername": { + "type": "string" + }, + "port": { + "type": "integer" + }, + "preferredBackupWindow": { + "type": "string" + }, + "preferredMaintenanceWindow": { + "type": "string" + }, + "readerEndpoint": { + "type": "string" + }, + "replicationSourceIdentifier": { + "type": "string" + }, + "storageEncrypted": { + "type": "boolean" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "arn", + "availabilityZones", + "backtrackWindow", + "backupRetentionPeriod", + "clusterIdentifier", + "clusterMembers", + "clusterResourceId", + "databaseName", + "dbClusterParameterGroupName", + "dbSubnetGroupName", + "enabledCloudwatchLogsExports", + "endpoint", + "engine", + "engineVersion", + "finalSnapshotIdentifier", + "hostedZoneId", + "iamDatabaseAuthenticationEnabled", + "iamRoles", + "kmsKeyId", + "masterUsername", + "port", + "preferredBackupWindow", + "preferredMaintenanceWindow", + "readerEndpoint", + "replicationSourceIdentifier", + "storageEncrypted", + "tags", + "vpcSecurityGroupIds", + "id" + ] + } + }, + "aws:rds/getClusterSnapshot:getClusterSnapshot": { + "description": "Use this data source to get information about a DB Cluster Snapshot for use when provisioning DB clusters.\n\n> **NOTE:** This data source does not apply to snapshots created on DB Instances.\nSee the `aws.rds.Snapshot` data source for DB Instance snapshots.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst developmentFinalSnapshot = aws.rds.getClusterSnapshot({\n dbClusterIdentifier: \"development_cluster\",\n mostRecent: true,\n});\n// Use the last snapshot of the dev database before it was destroyed to create\n// a new dev database.\nconst auroraCluster = new aws.rds.Cluster(\"auroraCluster\", {\n clusterIdentifier: \"development_cluster\",\n snapshotIdentifier: developmentFinalSnapshot.then(developmentFinalSnapshot => developmentFinalSnapshot.id),\n dbSubnetGroupName: \"my_db_subnet_group\",\n});\nconst auroraClusterInstance = new aws.rds.ClusterInstance(\"auroraClusterInstance\", {\n clusterIdentifier: auroraCluster.id,\n instanceClass: \"db.t2.small\",\n dbSubnetGroupName: \"my_db_subnet_group\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndevelopment_final_snapshot = aws.rds.get_cluster_snapshot(db_cluster_identifier=\"development_cluster\",\n most_recent=True)\n# Use the last snapshot of the dev database before it was destroyed to create\n# a new dev database.\naurora_cluster = aws.rds.Cluster(\"auroraCluster\",\n cluster_identifier=\"development_cluster\",\n snapshot_identifier=development_final_snapshot.id,\n db_subnet_group_name=\"my_db_subnet_group\")\naurora_cluster_instance = aws.rds.ClusterInstance(\"auroraClusterInstance\",\n cluster_identifier=aurora_cluster.id,\n instance_class=\"db.t2.small\",\n db_subnet_group_name=\"my_db_subnet_group\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var developmentFinalSnapshot = Output.Create(Aws.Rds.GetClusterSnapshot.InvokeAsync(new Aws.Rds.GetClusterSnapshotArgs\n {\n DbClusterIdentifier = \"development_cluster\",\n MostRecent = true,\n }));\n // Use the last snapshot of the dev database before it was destroyed to create\n // a new dev database.\n var auroraCluster = new Aws.Rds.Cluster(\"auroraCluster\", new Aws.Rds.ClusterArgs\n {\n ClusterIdentifier = \"development_cluster\",\n SnapshotIdentifier = developmentFinalSnapshot.Apply(developmentFinalSnapshot => developmentFinalSnapshot.Id),\n DbSubnetGroupName = \"my_db_subnet_group\",\n });\n var auroraClusterInstance = new Aws.Rds.ClusterInstance(\"auroraClusterInstance\", new Aws.Rds.ClusterInstanceArgs\n {\n ClusterIdentifier = auroraCluster.Id,\n InstanceClass = \"db.t2.small\",\n DbSubnetGroupName = \"my_db_subnet_group\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"development_cluster\"\n\t\topt1 := true\n\t\tdevelopmentFinalSnapshot, err := rds.LookupClusterSnapshot(ctx, &rds.LookupClusterSnapshotArgs{\n\t\t\tDbClusterIdentifier: &opt0,\n\t\t\tMostRecent: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tauroraCluster, err := rds.NewCluster(ctx, \"auroraCluster\", &rds.ClusterArgs{\n\t\t\tClusterIdentifier: pulumi.String(\"development_cluster\"),\n\t\t\tSnapshotIdentifier: pulumi.String(developmentFinalSnapshot.Id),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_db_subnet_group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewClusterInstance(ctx, \"auroraClusterInstance\", &rds.ClusterInstanceArgs{\n\t\t\tClusterIdentifier: auroraCluster.ID(),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.small\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_db_subnet_group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getClusterSnapshot.\n", + "properties": { + "dbClusterIdentifier": { + "type": "string", + "description": "Returns the list of snapshots created by the specific db_cluster\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string", + "description": "Returns information on a specific snapshot_id.\n" + }, + "includePublic": { + "type": "boolean", + "description": "Set this value to true to include manual DB Cluster Snapshots that are public and can be\ncopied or restored by any AWS account, otherwise set this value to false. The default is `false`.\n" + }, + "includeShared": { + "type": "boolean", + "description": "Set this value to true to include shared manual DB Cluster Snapshots from other\nAWS accounts that this AWS account has been given permission to copy or restore, otherwise set this value to false.\nThe default is `false`.\n" + }, + "mostRecent": { + "type": "boolean", + "description": "If more than one result is returned, use the most recent Snapshot.\n" + }, + "snapshotType": { + "type": "string", + "description": "The type of snapshots to be returned. If you don't specify a SnapshotType\nvalue, then both automated and manual DB cluster snapshots are returned. Shared and public DB Cluster Snapshots are not\nincluded in the returned results by default. Possible values are, `automated`, `manual`, `shared`, `public` and `awsbackup`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the resource.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getClusterSnapshot.\n", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size in gigabytes (GB).\n" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of EC2 Availability Zones that instances in the DB cluster snapshot can be restored in.\n" + }, + "dbClusterIdentifier": { + "type": "string", + "description": "Specifies the DB cluster identifier of the DB cluster that this DB cluster snapshot was created from.\n" + }, + "dbClusterSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB Cluster Snapshot.\n" + }, + "dbClusterSnapshotIdentifier": { + "type": "string" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the database engine for this DB cluster snapshot.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "includePublic": { + "type": "boolean" + }, + "includeShared": { + "type": "boolean" + }, + "kmsKeyId": { + "type": "string", + "description": "If storage_encrypted is true, the AWS KMS key identifier for the encrypted DB cluster snapshot.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for the restored DB cluster.\n" + }, + "mostRecent": { + "type": "boolean" + }, + "port": { + "type": "integer", + "description": "Port that the DB cluster was listening on at the time of the snapshot.\n" + }, + "snapshotCreateTime": { + "type": "string", + "description": "Time when the snapshot was taken, in Universal Coordinated Time (UTC).\n" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbClusterSnapshotArn": { + "type": "string" + }, + "status": { + "type": "string", + "description": "The status of this DB Cluster Snapshot.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB cluster snapshot is encrypted.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the resource.\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC ID associated with the DB cluster snapshot.\n" + } + }, + "type": "object", + "required": [ + "allocatedStorage", + "availabilityZones", + "dbClusterSnapshotArn", + "engine", + "engineVersion", + "kmsKeyId", + "licenseModel", + "port", + "snapshotCreateTime", + "sourceDbClusterSnapshotArn", + "status", + "storageEncrypted", + "tags", + "vpcId", + "id" + ] + } + }, + "aws:rds/getEngineVersion:getEngineVersion": { + "description": "Information about an RDS engine version.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.rds.getEngineVersion({\n engine: \"mysql\",\n preferredVersions: [\n \"5.7.42\",\n \"5.7.19\",\n \"5.7.17\",\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.rds.get_engine_version(engine=\"mysql\",\n preferred_versions=[\n \"5.7.42\",\n \"5.7.19\",\n \"5.7.17\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Rds.GetEngineVersion.InvokeAsync(new Aws.Rds.GetEngineVersionArgs\n {\n Engine = \"mysql\",\n PreferredVersions = \n {\n \"5.7.42\",\n \"5.7.19\",\n \"5.7.17\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.GetEngineVersion(ctx, &rds.GetEngineVersionArgs{\n\t\t\tEngine: \"mysql\",\n\t\t\tPreferredVersions: []string{\n\t\t\t\t\"5.7.42\",\n\t\t\t\t\"5.7.19\",\n\t\t\t\t\"5.7.17\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getEngineVersion.\n", + "properties": { + "engine": { + "type": "string", + "description": "DB engine. Engine values include `aurora`, `aurora-mysql`, `aurora-postgresql`, `docdb`, `mariadb`, `mysql`, `neptune`, `oracle-ee`, `oracle-se`, `oracle-se1`, `oracle-se2`, `postgres`, `sqlserver-ee`, `sqlserver-ex`, `sqlserver-se`, and `sqlserver-web`.\n" + }, + "parameterGroupFamily": { + "type": "string", + "description": "The name of a specific DB parameter group family. Examples of parameter group families are `mysql8.0`, `mariadb10.4`, and `postgres12`.\n" + }, + "preferredVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ordered list of preferred engine versions. The first match in this list will be returned. If no preferred matches are found and the original search returned more than one result, an error is returned. If both the `version` and `preferred_versions` arguments are not configured, the data source will return the default version for the engine.\n" + }, + "version": { + "type": "string", + "description": "Version of the DB engine. For example, `5.7.22`, `10.1.34`, and `12.3`. If both the `version` and `preferred_versions` arguments are not configured, the data source will return the default version for the engine.\n" + } + }, + "type": "object", + "required": [ + "engine" + ] + }, + "outputs": { + "description": "A collection of values returned by getEngineVersion.\n", + "properties": { + "defaultCharacterSet": { + "type": "string", + "description": "The default character set for new instances of this engine version.\n" + }, + "engine": { + "type": "string" + }, + "engineDescription": { + "type": "string", + "description": "The description of the database engine.\n" + }, + "exportableLogTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of log types that the database engine has available for export to CloudWatch Logs.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "parameterGroupFamily": { + "type": "string" + }, + "preferredVersions": { + "type": "array", + "items": { + "type": "string" + } + }, + "status": { + "type": "string", + "description": "The status of the DB engine version, either available or deprecated.\n" + }, + "supportedCharacterSets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of the character sets supported by this engine.\n" + }, + "supportedFeatureNames": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of features supported by the DB engine.\n" + }, + "supportedModes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of the supported DB engine modes.\n" + }, + "supportedTimezones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of the time zones supported by this engine.\n" + }, + "supportsGlobalDatabases": { + "type": "boolean", + "description": "Indicates whether you can use Aurora global databases with a specific DB engine version.\n" + }, + "supportsLogExportsToCloudwatch": { + "type": "boolean", + "description": "Indicates whether the engine version supports exporting the log types specified by `exportable_log_types` to CloudWatch Logs.\n" + }, + "supportsParallelQuery": { + "type": "boolean", + "description": "Indicates whether you can use Aurora parallel query with a specific DB engine version.\n" + }, + "supportsReadReplica": { + "type": "boolean", + "description": "Indicates whether the database engine version supports read replicas.\n" + }, + "validUpgradeTargets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of engine versions that this database engine version can be upgraded to.\n" + }, + "version": { + "type": "string" + }, + "versionDescription": { + "type": "string", + "description": "The description of the database engine version.\n" + } + }, + "type": "object", + "required": [ + "defaultCharacterSet", + "engine", + "engineDescription", + "exportableLogTypes", + "parameterGroupFamily", + "status", + "supportedCharacterSets", + "supportedFeatureNames", + "supportedModes", + "supportedTimezones", + "supportsGlobalDatabases", + "supportsLogExportsToCloudwatch", + "supportsParallelQuery", + "supportsReadReplica", + "validUpgradeTargets", + "version", + "versionDescription", + "id" + ] + } + }, + "aws:rds/getEventCategories:getEventCategories": { + "description": "{{% examples %}}\n## Example Usage\n{{% example %}}\n\nList the event categories of all the RDS resources.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventCategories = aws.rds.getEventCategories({});\nexport const example = exampleEventCategories.then(exampleEventCategories => exampleEventCategories.eventCategories);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_categories = aws.rds.get_event_categories()\npulumi.export(\"example\", example_event_categories.event_categories)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleEventCategories = Output.Create(Aws.Rds.GetEventCategories.InvokeAsync());\n this.Example = exampleEventCategories.Apply(exampleEventCategories => exampleEventCategories.EventCategories);\n }\n\n [Output(\"example\")]\n public Output Example { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleEventCategories, err := rds.GetEventCategories(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"example\", exampleEventCategories.EventCategories)\n\t\treturn nil\n\t})\n}\n```\n\nList the event categories specific to the RDS resource `db-snapshot`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleEventCategories = aws.rds.getEventCategories({\n sourceType: \"db-snapshot\",\n});\nexport const example = exampleEventCategories.then(exampleEventCategories => exampleEventCategories.eventCategories);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_event_categories = aws.rds.get_event_categories(source_type=\"db-snapshot\")\npulumi.export(\"example\", example_event_categories.event_categories)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleEventCategories = Output.Create(Aws.Rds.GetEventCategories.InvokeAsync(new Aws.Rds.GetEventCategoriesArgs\n {\n SourceType = \"db-snapshot\",\n }));\n this.Example = exampleEventCategories.Apply(exampleEventCategories => exampleEventCategories.EventCategories);\n }\n\n [Output(\"example\")]\n public Output Example { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"db-snapshot\"\n\t\texampleEventCategories, err := rds.GetEventCategories(ctx, &rds.GetEventCategoriesArgs{\n\t\t\tSourceType: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"example\", exampleEventCategories.EventCategories)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getEventCategories.\n", + "properties": { + "sourceType": { + "type": "string", + "description": "The type of source that will be generating the events. Valid options are db-instance, db-security-group, db-parameter-group, db-snapshot, db-cluster or db-cluster-snapshot.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getEventCategories.\n", + "properties": { + "eventCategories": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the event categories.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "sourceType": { + "type": "string" + } + }, + "type": "object", + "required": [ + "eventCategories", + "id" + ] + } + }, + "aws:rds/getInstance:getInstance": { + "description": "Use this data source to get information about an RDS instance\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst database = pulumi.output(aws.rds.getInstance({\n dbInstanceIdentifier: \"my-test-database\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndatabase = aws.rds.get_instance(db_instance_identifier=\"my-test-database\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var database = Output.Create(Aws.Rds.GetInstance.InvokeAsync(new Aws.Rds.GetInstanceArgs\n {\n DbInstanceIdentifier = \"my-test-database\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.LookupInstance(ctx, &rds.LookupInstanceArgs{\n\t\t\tDbInstanceIdentifier: \"my-test-database\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getInstance.\n", + "properties": { + "dbInstanceIdentifier": { + "type": "string", + "description": "The name of the RDS instance\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "dbInstanceIdentifier" + ] + }, + "outputs": { + "description": "A collection of values returned by getInstance.\n", + "properties": { + "address": { + "type": "string", + "description": "The hostname of the RDS instance. See also `endpoint` and `port`.\n" + }, + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size specified in gigabytes.\n" + }, + "autoMinorVersionUpgrade": { + "type": "boolean", + "description": "Indicates that minor version patches are applied automatically.\n" + }, + "availabilityZone": { + "type": "string", + "description": "Specifies the name of the Availability Zone the DB instance is located in.\n" + }, + "backupRetentionPeriod": { + "type": "integer", + "description": "Specifies the number of days for which automatic DB snapshots are retained.\n" + }, + "caCertIdentifier": { + "type": "string", + "description": "Specifies the identifier of the CA certificate for the DB instance.\n" + }, + "dbClusterIdentifier": { + "type": "string", + "description": "If the DB instance is a member of a DB cluster, contains the name of the DB cluster that the DB instance is a member of.\n" + }, + "dbInstanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB instance.\n" + }, + "dbInstanceClass": { + "type": "string", + "description": "Contains the name of the compute and memory capacity class of the DB instance.\n" + }, + "dbInstanceIdentifier": { + "type": "string" + }, + "dbInstancePort": { + "type": "integer", + "description": "Specifies the port that the DB instance listens on.\n" + }, + "dbName": { + "type": "string", + "description": "Contains the name of the initial database of this instance that was provided at create time, if one was specified when the DB instance was created. This same name is returned for the life of the DB instance.\n" + }, + "dbParameterGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Provides the list of DB parameter groups applied to this DB instance.\n" + }, + "dbSecurityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Provides List of DB security groups associated to this DB instance.\n" + }, + "dbSubnetGroup": { + "type": "string", + "description": "Specifies the name of the subnet group associated with the DB instance.\n" + }, + "enabledCloudwatchLogsExports": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of log types to export to cloudwatch.\n" + }, + "endpoint": { + "type": "string", + "description": "The connection endpoint in `address:port` format.\n" + }, + "engine": { + "type": "string", + "description": "Provides the name of the database engine to be used for this DB instance.\n" + }, + "engineVersion": { + "type": "string", + "description": "Indicates the database engine version.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The canonical hosted zone ID of the DB instance (to be used in a Route 53 Alias record).\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "iops": { + "type": "integer", + "description": "Specifies the Provisioned IOPS (I/O operations per second) value.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "If StorageEncrypted is true, the KMS key identifier for the encrypted DB instance.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for this DB instance.\n" + }, + "masterUsername": { + "type": "string", + "description": "Contains the master username for the DB instance.\n" + }, + "monitoringInterval": { + "type": "integer", + "description": "The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance.\n" + }, + "monitoringRoleArn": { + "type": "string", + "description": "The ARN for the IAM role that permits RDS to send Enhanced Monitoring metrics to CloudWatch Logs.\n" + }, + "multiAz": { + "type": "boolean", + "description": "Specifies if the DB instance is a Multi-AZ deployment.\n" + }, + "optionGroupMemberships": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Provides the list of option group memberships for this DB instance.\n" + }, + "port": { + "type": "integer", + "description": "The database port.\n" + }, + "preferredBackupWindow": { + "type": "string", + "description": "Specifies the daily time range during which automated backups are created.\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "Specifies the weekly time range during which system maintenance can occur in UTC.\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Specifies the accessibility options for the DB instance.\n" + }, + "replicateSourceDb": { + "type": "string", + "description": "The identifier of the source DB that this is a replica of.\n" + }, + "resourceId": { + "type": "string", + "description": "The RDS Resource ID of this instance.\n" + }, + "storageEncrypted": { + "type": "boolean", + "description": "Specifies whether the DB instance is encrypted.\n" + }, + "storageType": { + "type": "string", + "description": "Specifies the storage type associated with DB instance.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "timezone": { + "type": "string", + "description": "The time zone of the DB instance.\n" + }, + "vpcSecurityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Provides a list of VPC security group elements that the DB instance belongs to.\n" + } + }, + "type": "object", + "required": [ + "address", + "allocatedStorage", + "autoMinorVersionUpgrade", + "availabilityZone", + "backupRetentionPeriod", + "caCertIdentifier", + "dbClusterIdentifier", + "dbInstanceArn", + "dbInstanceClass", + "dbInstanceIdentifier", + "dbInstancePort", + "dbName", + "dbParameterGroups", + "dbSecurityGroups", + "dbSubnetGroup", + "enabledCloudwatchLogsExports", + "endpoint", + "engine", + "engineVersion", + "hostedZoneId", + "iops", + "kmsKeyId", + "licenseModel", + "masterUsername", + "monitoringInterval", + "monitoringRoleArn", + "multiAz", + "optionGroupMemberships", + "port", + "preferredBackupWindow", + "preferredMaintenanceWindow", + "publiclyAccessible", + "replicateSourceDb", + "resourceId", + "storageEncrypted", + "storageType", + "tags", + "timezone", + "vpcSecurityGroups", + "id" + ] + } + }, + "aws:rds/getOrderableDbInstance:getOrderableDbInstance": { + "description": "Information about RDS orderable DB instances and valid parameter combinations.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.rds.getOrderableDbInstance({\n engine: \"mysql\",\n engineVersion: \"5.7.22\",\n licenseModel: \"general-public-license\",\n preferredInstanceClasses: [\n \"db.r6.xlarge\",\n \"db.m4.large\",\n \"db.t3.small\",\n ],\n storageType: \"standard\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.rds.get_orderable_db_instance(engine=\"mysql\",\n engine_version=\"5.7.22\",\n license_model=\"general-public-license\",\n preferred_instance_classes=[\n \"db.r6.xlarge\",\n \"db.m4.large\",\n \"db.t3.small\",\n ],\n storage_type=\"standard\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Rds.GetOrderableDbInstance.InvokeAsync(new Aws.Rds.GetOrderableDbInstanceArgs\n {\n Engine = \"mysql\",\n EngineVersion = \"5.7.22\",\n LicenseModel = \"general-public-license\",\n PreferredInstanceClasses = \n {\n \"db.r6.xlarge\",\n \"db.m4.large\",\n \"db.t3.small\",\n },\n StorageType = \"standard\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"5.7.22\"\n\t\topt1 := \"general-public-license\"\n\t\topt2 := \"standard\"\n\t\t_, err := rds.GetOrderableDbInstance(ctx, &rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: \"mysql\",\n\t\t\tEngineVersion: &opt0,\n\t\t\tLicenseModel: &opt1,\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.r6.xlarge\",\n\t\t\t\t\"db.m4.large\",\n\t\t\t\t\"db.t3.small\",\n\t\t\t},\n\t\t\tStorageType: &opt2,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nValid parameter combinations can also be found with `preferred_engine_versions` and/or `preferred_instance_classes`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.rds.getOrderableDbInstance({\n engine: \"mysql\",\n licenseModel: \"general-public-license\",\n preferredEngineVersions: [\n \"5.6.35\",\n \"5.6.41\",\n \"5.6.44\",\n ],\n preferredInstanceClasses: [\n \"db.t2.small\",\n \"db.t3.medium\",\n \"db.t3.large\",\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.rds.get_orderable_db_instance(engine=\"mysql\",\n license_model=\"general-public-license\",\n preferred_engine_versions=[\n \"5.6.35\",\n \"5.6.41\",\n \"5.6.44\",\n ],\n preferred_instance_classes=[\n \"db.t2.small\",\n \"db.t3.medium\",\n \"db.t3.large\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Rds.GetOrderableDbInstance.InvokeAsync(new Aws.Rds.GetOrderableDbInstanceArgs\n {\n Engine = \"mysql\",\n LicenseModel = \"general-public-license\",\n PreferredEngineVersions = \n {\n \"5.6.35\",\n \"5.6.41\",\n \"5.6.44\",\n },\n PreferredInstanceClasses = \n {\n \"db.t2.small\",\n \"db.t3.medium\",\n \"db.t3.large\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"general-public-license\"\n\t\t_, err := rds.GetOrderableDbInstance(ctx, &rds.GetOrderableDbInstanceArgs{\n\t\t\tEngine: \"mysql\",\n\t\t\tLicenseModel: &opt0,\n\t\t\tPreferredEngineVersions: []string{\n\t\t\t\t\"5.6.35\",\n\t\t\t\t\"5.6.41\",\n\t\t\t\t\"5.6.44\",\n\t\t\t},\n\t\t\tPreferredInstanceClasses: []string{\n\t\t\t\t\"db.t2.small\",\n\t\t\t\t\"db.t3.medium\",\n\t\t\t\t\"db.t3.large\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getOrderableDbInstance.\n", + "properties": { + "availabilityZoneGroup": { + "type": "string", + "description": "Availability zone group.\n" + }, + "engine": { + "type": "string", + "description": "DB engine. Engine values include `aurora`, `aurora-mysql`, `aurora-postgresql`, `docdb`, `mariadb`, `mysql`, `neptune`, `oracle-ee`, `oracle-se`, `oracle-se1`, `oracle-se2`, `postgres`, `sqlserver-ee`, `sqlserver-ex`, `sqlserver-se`, and `sqlserver-web`.\n" + }, + "engineVersion": { + "type": "string", + "description": "Version of the DB engine. If none is provided, the AWS-defined default version will be used.\n" + }, + "instanceClass": { + "type": "string", + "description": "DB instance class. Examples of classes are `db.m3.2xlarge`, `db.t2.small`, and `db.m3.medium`.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model. Examples of license models are `general-public-license`, `bring-your-own-license`, and `amazon-license`.\n" + }, + "preferredEngineVersions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ordered list of preferred RDS DB instance engine versions. The first match in this list will be returned. If no preferred matches are found and the original search returned more than one result, an error is returned.\n" + }, + "preferredInstanceClasses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ordered list of preferred RDS DB instance classes. The first match in this list will be returned. If no preferred matches are found and the original search returned more than one result, an error is returned.\n" + }, + "storageType": { + "type": "string", + "description": "Storage types. Examples of storage types are `standard`, `io1`, `gp2`, and `aurora`.\n" + }, + "supportsEnhancedMonitoring": { + "type": "boolean", + "description": "Enable this to ensure a DB instance supports Enhanced Monitoring at intervals from 1 to 60 seconds.\n" + }, + "supportsGlobalDatabases": { + "type": "boolean", + "description": "Enable this to ensure a DB instance supports Aurora global databases with a specific combination of other DB engine attributes.\n" + }, + "supportsIamDatabaseAuthentication": { + "type": "boolean", + "description": "Enable this to ensure a DB instance supports IAM database authentication.\n" + }, + "supportsIops": { + "type": "boolean", + "description": "Enable this to ensure a DB instance supports provisioned IOPS.\n" + }, + "supportsKerberosAuthentication": { + "type": "boolean", + "description": "Enable this to ensure a DB instance supports Kerberos Authentication.\n" + }, + "supportsPerformanceInsights": { + "type": "boolean", + "description": "Enable this to ensure a DB instance supports Performance Insights.\n" + }, + "supportsStorageAutoscaling": { + "type": "boolean", + "description": "Enable this to ensure Amazon RDS can automatically scale storage for DB instances that use the specified DB instance class.\n" + }, + "supportsStorageEncryption": { + "type": "boolean", + "description": "Enable this to ensure a DB instance supports encrypted storage.\n" + }, + "vpc": { + "type": "boolean", + "description": "Boolean that indicates whether to show only VPC or non-VPC offerings.\n" + } + }, + "type": "object", + "required": [ + "engine" + ] + }, + "outputs": { + "description": "A collection of values returned by getOrderableDbInstance.\n", + "properties": { + "availabilityZoneGroup": { + "type": "string" + }, + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Availability zones where the instance is available.\n" + }, + "engine": { + "type": "string" + }, + "engineVersion": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceClass": { + "type": "string" + }, + "licenseModel": { + "type": "string" + }, + "maxIopsPerDbInstance": { + "type": "integer", + "description": "Maximum total provisioned IOPS for a DB instance.\n" + }, + "maxIopsPerGib": { + "type": "number", + "description": "Maximum provisioned IOPS per GiB for a DB instance.\n" + }, + "maxStorageSize": { + "type": "integer", + "description": "Maximum storage size for a DB instance.\n" + }, + "minIopsPerDbInstance": { + "type": "integer", + "description": "Minimum total provisioned IOPS for a DB instance.\n" + }, + "minIopsPerGib": { + "type": "number", + "description": "Minimum provisioned IOPS per GiB for a DB instance.\n" + }, + "minStorageSize": { + "type": "integer", + "description": "Minimum storage size for a DB instance.\n" + }, + "multiAzCapable": { + "type": "boolean", + "description": "Whether a DB instance is Multi-AZ capable.\n" + }, + "outpostCapable": { + "type": "boolean", + "description": "Whether a DB instance supports RDS on Outposts.\n" + }, + "preferredEngineVersions": { + "type": "array", + "items": { + "type": "string" + } + }, + "preferredInstanceClasses": { + "type": "array", + "items": { + "type": "string" + } + }, + "readReplicaCapable": { + "type": "boolean", + "description": "Whether a DB instance can have a read replica.\n" + }, + "storageType": { + "type": "string" + }, + "supportedEngineModes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the supported DB engine modes.\n" + }, + "supportsEnhancedMonitoring": { + "type": "boolean" + }, + "supportsGlobalDatabases": { + "type": "boolean" + }, + "supportsIamDatabaseAuthentication": { + "type": "boolean" + }, + "supportsIops": { + "type": "boolean" + }, + "supportsKerberosAuthentication": { + "type": "boolean" + }, + "supportsPerformanceInsights": { + "type": "boolean" + }, + "supportsStorageAutoscaling": { + "type": "boolean" + }, + "supportsStorageEncryption": { + "type": "boolean" + }, + "vpc": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "availabilityZoneGroup", + "availabilityZones", + "engine", + "engineVersion", + "instanceClass", + "licenseModel", + "maxIopsPerDbInstance", + "maxIopsPerGib", + "maxStorageSize", + "minIopsPerDbInstance", + "minIopsPerGib", + "minStorageSize", + "multiAzCapable", + "outpostCapable", + "readReplicaCapable", + "storageType", + "supportedEngineModes", + "supportsEnhancedMonitoring", + "supportsGlobalDatabases", + "supportsIamDatabaseAuthentication", + "supportsIops", + "supportsKerberosAuthentication", + "supportsPerformanceInsights", + "supportsStorageAutoscaling", + "supportsStorageEncryption", + "vpc", + "id" + ] + } + }, + "aws:rds/getSnapshot:getSnapshot": { + "description": "Use this data source to get information about a DB Snapshot for use when provisioning DB instances\n\n> **NOTE:** This data source does not apply to snapshots created on Aurora DB clusters.\nSee the `aws.rds.ClusterSnapshot` data source for DB Cluster snapshots.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst prod = new aws.rds.Instance(\"prod\", {\n allocatedStorage: 10,\n engine: \"mysql\",\n engineVersion: \"5.6.17\",\n instanceClass: \"db.t2.micro\",\n name: \"mydb\",\n username: \"foo\",\n password: \"bar\",\n dbSubnetGroupName: \"my_database_subnet_group\",\n parameterGroupName: \"default.mysql5.6\",\n});\nconst latestProdSnapshot = prod.id.apply(id => aws.rds.getSnapshot({\n dbInstanceIdentifier: id,\n mostRecent: true,\n}));\n// Use the latest production snapshot to create a dev instance.\nconst dev = new aws.rds.Instance(\"dev\", {\n instanceClass: \"db.t2.micro\",\n name: \"mydbdev\",\n snapshotIdentifier: latestProdSnapshot.apply(latestProdSnapshot => latestProdSnapshot.id),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nprod = aws.rds.Instance(\"prod\",\n allocated_storage=10,\n engine=\"mysql\",\n engine_version=\"5.6.17\",\n instance_class=\"db.t2.micro\",\n name=\"mydb\",\n username=\"foo\",\n password=\"bar\",\n db_subnet_group_name=\"my_database_subnet_group\",\n parameter_group_name=\"default.mysql5.6\")\nlatest_prod_snapshot = prod.id.apply(lambda id: aws.rds.get_snapshot(db_instance_identifier=id,\n most_recent=True))\n# Use the latest production snapshot to create a dev instance.\ndev = aws.rds.Instance(\"dev\",\n instance_class=\"db.t2.micro\",\n name=\"mydbdev\",\n snapshot_identifier=latest_prod_snapshot.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var prod = new Aws.Rds.Instance(\"prod\", new Aws.Rds.InstanceArgs\n {\n AllocatedStorage = 10,\n Engine = \"mysql\",\n EngineVersion = \"5.6.17\",\n InstanceClass = \"db.t2.micro\",\n Name = \"mydb\",\n Username = \"foo\",\n Password = \"bar\",\n DbSubnetGroupName = \"my_database_subnet_group\",\n ParameterGroupName = \"default.mysql5.6\",\n });\n var latestProdSnapshot = prod.Id.Apply(id => Aws.Rds.GetSnapshot.InvokeAsync(new Aws.Rds.GetSnapshotArgs\n {\n DbInstanceIdentifier = id,\n MostRecent = true,\n }));\n // Use the latest production snapshot to create a dev instance.\n var dev = new Aws.Rds.Instance(\"dev\", new Aws.Rds.InstanceArgs\n {\n InstanceClass = \"db.t2.micro\",\n Name = \"mydbdev\",\n SnapshotIdentifier = latestProdSnapshot.Apply(latestProdSnapshot => latestProdSnapshot.Id),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tprod, err := rds.NewInstance(ctx, \"prod\", &rds.InstanceArgs{\n\t\t\tAllocatedStorage: pulumi.Int(10),\n\t\t\tEngine: pulumi.String(\"mysql\"),\n\t\t\tEngineVersion: pulumi.String(\"5.6.17\"),\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tName: pulumi.String(\"mydb\"),\n\t\t\tUsername: pulumi.String(\"foo\"),\n\t\t\tPassword: pulumi.String(\"bar\"),\n\t\t\tDbSubnetGroupName: pulumi.String(\"my_database_subnet_group\"),\n\t\t\tParameterGroupName: pulumi.String(\"default.mysql5.6\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = rds.NewInstance(ctx, \"dev\", &rds.InstanceArgs{\n\t\t\tInstanceClass: pulumi.String(\"db.t2.micro\"),\n\t\t\tName: pulumi.String(\"mydbdev\"),\n\t\t\tSnapshotIdentifier: latestProdSnapshot.ApplyT(func(latestProdSnapshot rds.GetSnapshotResult) (string, error) {\n\t\t\t\treturn latestProdSnapshot.Id, nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSnapshot.\n", + "properties": { + "dbInstanceIdentifier": { + "type": "string", + "description": "Returns the list of snapshots created by the specific db_instance\n" + }, + "dbSnapshotIdentifier": { + "type": "string", + "description": "Returns information on a specific snapshot_id.\n" + }, + "includePublic": { + "type": "boolean", + "description": "Set this value to true to include manual DB snapshots that are public and can be\ncopied or restored by any AWS account, otherwise set this value to false. The default is `false`.\n" + }, + "includeShared": { + "type": "boolean", + "description": "Set this value to true to include shared manual DB snapshots from other\nAWS accounts that this AWS account has been given permission to copy or restore, otherwise set this value to false.\nThe default is `false`.\n" + }, + "mostRecent": { + "type": "boolean", + "description": "If more than one result is returned, use the most\nrecent Snapshot.\n" + }, + "snapshotType": { + "type": "string", + "description": "The type of snapshots to be returned. If you don't specify a SnapshotType\nvalue, then both automated and manual snapshots are returned. Shared and public DB snapshots are not\nincluded in the returned results by default. Possible values are, `automated`, `manual`, `shared`, `public` and `awsbackup`.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getSnapshot.\n", + "properties": { + "allocatedStorage": { + "type": "integer", + "description": "Specifies the allocated storage size in gigabytes (GB).\n" + }, + "availabilityZone": { + "type": "string", + "description": "Specifies the name of the Availability Zone the DB instance was located in at the time of the DB snapshot.\n" + }, + "dbInstanceIdentifier": { + "type": "string" + }, + "dbSnapshotArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB snapshot.\n" + }, + "dbSnapshotIdentifier": { + "type": "string" + }, + "encrypted": { + "type": "boolean", + "description": "Specifies whether the DB snapshot is encrypted.\n" + }, + "engine": { + "type": "string", + "description": "Specifies the name of the database engine.\n" + }, + "engineVersion": { + "type": "string", + "description": "Specifies the version of the database engine.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "includePublic": { + "type": "boolean" + }, + "includeShared": { + "type": "boolean" + }, + "iops": { + "type": "integer", + "description": "Specifies the Provisioned IOPS (I/O operations per second) value of the DB instance at the time of the snapshot.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The ARN for the KMS encryption key.\n" + }, + "licenseModel": { + "type": "string", + "description": "License model information for the restored DB instance.\n" + }, + "mostRecent": { + "type": "boolean" + }, + "optionGroupName": { + "type": "string", + "description": "Provides the option group name for the DB snapshot.\n" + }, + "port": { + "type": "integer" + }, + "snapshotCreateTime": { + "type": "string", + "description": "Provides the time when the snapshot was taken, in Universal Coordinated Time (UTC).\n" + }, + "snapshotType": { + "type": "string" + }, + "sourceDbSnapshotIdentifier": { + "type": "string", + "description": "The DB snapshot Arn that the DB snapshot was copied from. It only has value in case of cross customer or cross region copy.\n" + }, + "sourceRegion": { + "type": "string", + "description": "The region that the DB snapshot was created in or copied from.\n" + }, + "status": { + "type": "string", + "description": "Specifies the status of this DB snapshot.\n" + }, + "storageType": { + "type": "string", + "description": "Specifies the storage type associated with DB snapshot.\n" + }, + "vpcId": { + "type": "string", + "description": "Specifies the ID of the VPC associated with the DB snapshot.\n" + } + }, + "type": "object", + "required": [ + "allocatedStorage", + "availabilityZone", + "dbSnapshotArn", + "encrypted", + "engine", + "engineVersion", + "iops", + "kmsKeyId", + "licenseModel", + "optionGroupName", + "port", + "snapshotCreateTime", + "sourceDbSnapshotIdentifier", + "sourceRegion", + "status", + "storageType", + "vpcId", + "id" + ] + } + }, + "aws:rds/getSubnetGroup:getSubnetGroup": { + "description": "Use this data source to get information about an RDS subnet group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst database = pulumi.output(aws.rds.getSubnetGroup({\n name: \"my-test-database-subnet-group\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndatabase = aws.rds.get_subnet_group(name=\"my-test-database-subnet-group\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var database = Output.Create(Aws.Rds.GetSubnetGroup.InvokeAsync(new Aws.Rds.GetSubnetGroupArgs\n {\n Name = \"my-test-database-subnet-group\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/rds\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := rds.LookupSubnetGroup(ctx, &rds.LookupSubnetGroupArgs{\n\t\t\tName: \"my-test-database-subnet-group\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSubnetGroup.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the RDS database subnet group.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getSubnetGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the DB subnet group.\n" + }, + "description": { + "type": "string", + "description": "Provides the description of the DB subnet group.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "status": { + "type": "string", + "description": "Provides the status of the DB subnet group.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Contains a list of subnet identifiers.\n" + }, + "vpcId": { + "type": "string", + "description": "Provides the VPC ID of the subnet group.\n" + } + }, + "type": "object", + "required": [ + "arn", + "description", + "name", + "status", + "subnetIds", + "vpcId", + "id" + ] + } + }, + "aws:redshift/getCluster:getCluster": { + "description": "Provides details about a specific redshift cluster.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testCluster = aws.redshift.getCluster({\n clusterIdentifier: \"test-cluster\",\n});\nconst testStream = new aws.kinesis.FirehoseDeliveryStream(\"testStream\", {\n destination: \"redshift\",\n s3Configuration: {\n roleArn: aws_iam_role.firehose_role.arn,\n bucketArn: aws_s3_bucket.bucket.arn,\n bufferSize: 10,\n bufferInterval: 400,\n compressionFormat: \"GZIP\",\n },\n redshiftConfiguration: {\n roleArn: aws_iam_role.firehose_role.arn,\n clusterJdbcurl: Promise.all([testCluster, testCluster]).then(([testCluster, testCluster1]) => `jdbc:redshift://${testCluster.endpoint}/${testCluster1.databaseName}`),\n username: \"testuser\",\n password: \"T3stPass\",\n dataTableName: \"test-table\",\n copyOptions: \"delimiter '|'\",\n dataTableColumns: \"test-col\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest_cluster = aws.redshift.get_cluster(cluster_identifier=\"test-cluster\")\ntest_stream = aws.kinesis.FirehoseDeliveryStream(\"testStream\",\n destination=\"redshift\",\n s3_configuration=aws.kinesis.FirehoseDeliveryStreamS3ConfigurationArgs(\n role_arn=aws_iam_role[\"firehose_role\"][\"arn\"],\n bucket_arn=aws_s3_bucket[\"bucket\"][\"arn\"],\n buffer_size=10,\n buffer_interval=400,\n compression_format=\"GZIP\",\n ),\n redshift_configuration=aws.kinesis.FirehoseDeliveryStreamRedshiftConfigurationArgs(\n role_arn=aws_iam_role[\"firehose_role\"][\"arn\"],\n cluster_jdbcurl=f\"jdbc:redshift://{test_cluster.endpoint}/{test_cluster.database_name}\",\n username=\"testuser\",\n password=\"T3stPass\",\n data_table_name=\"test-table\",\n copy_options=\"delimiter '|'\",\n data_table_columns=\"test-col\",\n ))\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var testCluster = Output.Create(Aws.RedShift.GetCluster.InvokeAsync(new Aws.RedShift.GetClusterArgs\n {\n ClusterIdentifier = \"test-cluster\",\n }));\n var testStream = new Aws.Kinesis.FirehoseDeliveryStream(\"testStream\", new Aws.Kinesis.FirehoseDeliveryStreamArgs\n {\n Destination = \"redshift\",\n S3Configuration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamS3ConfigurationArgs\n {\n RoleArn = aws_iam_role.Firehose_role.Arn,\n BucketArn = aws_s3_bucket.Bucket.Arn,\n BufferSize = 10,\n BufferInterval = 400,\n CompressionFormat = \"GZIP\",\n },\n RedshiftConfiguration = new Aws.Kinesis.Inputs.FirehoseDeliveryStreamRedshiftConfigurationArgs\n {\n RoleArn = aws_iam_role.Firehose_role.Arn,\n ClusterJdbcurl = Output.Tuple(testCluster, testCluster).Apply(values =>\n {\n var testCluster = values.Item1;\n var testCluster1 = values.Item2;\n return $\"jdbc:redshift://{testCluster.Endpoint}/{testCluster1.DatabaseName}\";\n }),\n Username = \"testuser\",\n Password = \"T3stPass\",\n DataTableName = \"test-table\",\n CopyOptions = \"delimiter '|'\",\n DataTableColumns = \"test-col\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kinesis\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttestCluster, err := redshift.LookupCluster(ctx, &redshift.LookupClusterArgs{\n\t\t\tClusterIdentifier: \"test-cluster\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kinesis.NewFirehoseDeliveryStream(ctx, \"testStream\", &kinesis.FirehoseDeliveryStreamArgs{\n\t\t\tDestination: pulumi.String(\"redshift\"),\n\t\t\tS3Configuration: &kinesis.FirehoseDeliveryStreamS3ConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose_role.Arn),\n\t\t\t\tBucketArn: pulumi.Any(aws_s3_bucket.Bucket.Arn),\n\t\t\t\tBufferSize: pulumi.Int(10),\n\t\t\t\tBufferInterval: pulumi.Int(400),\n\t\t\t\tCompressionFormat: pulumi.String(\"GZIP\"),\n\t\t\t},\n\t\t\tRedshiftConfiguration: &kinesis.FirehoseDeliveryStreamRedshiftConfigurationArgs{\n\t\t\t\tRoleArn: pulumi.Any(aws_iam_role.Firehose_role.Arn),\n\t\t\t\tClusterJdbcurl: pulumi.String(fmt.Sprintf(\"%v%v%v%v\", \"jdbc:redshift://\", testCluster.Endpoint, \"/\", testCluster.DatabaseName)),\n\t\t\t\tUsername: pulumi.String(\"testuser\"),\n\t\t\t\tPassword: pulumi.String(\"T3stPass\"),\n\t\t\t\tDataTableName: pulumi.String(\"test-table\"),\n\t\t\t\tCopyOptions: pulumi.String(\"delimiter '|'\"),\n\t\t\t\tDataTableColumns: pulumi.String(\"test-col\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getCluster.\n", + "properties": { + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags associated to the cluster\n" + } + }, + "type": "object", + "required": [ + "clusterIdentifier" + ] + }, + "outputs": { + "description": "A collection of values returned by getCluster.\n", + "properties": { + "allowVersionUpgrade": { + "type": "boolean", + "description": "Whether major version upgrades can be applied during maintenance period\n" + }, + "automatedSnapshotRetentionPeriod": { + "type": "integer", + "description": "The backup retention period\n" + }, + "availabilityZone": { + "type": "string", + "description": "The availability zone of the cluster\n" + }, + "bucketName": { + "type": "string", + "description": "The name of the S3 bucket where the log files are to be stored\n" + }, + "clusterIdentifier": { + "type": "string", + "description": "The cluster identifier\n" + }, + "clusterParameterGroupName": { + "type": "string", + "description": "The name of the parameter group to be associated with this cluster\n" + }, + "clusterPublicKey": { + "type": "string", + "description": "The public key for the cluster\n" + }, + "clusterRevisionNumber": { + "type": "string", + "description": "The cluster revision number\n" + }, + "clusterSecurityGroups": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The security groups associated with the cluster\n" + }, + "clusterSubnetGroupName": { + "type": "string", + "description": "The name of a cluster subnet group to be associated with this cluster\n" + }, + "clusterType": { + "type": "string", + "description": "The cluster type\n" + }, + "clusterVersion": { + "type": "string" + }, + "databaseName": { + "type": "string", + "description": "The name of the default database in the cluster\n" + }, + "elasticIp": { + "type": "string", + "description": "The Elastic IP of the cluster\n" + }, + "enableLogging": { + "type": "boolean", + "description": "Whether cluster logging is enabled\n" + }, + "encrypted": { + "type": "boolean", + "description": "Whether the cluster data is encrypted\n" + }, + "endpoint": { + "type": "string", + "description": "The cluster endpoint\n" + }, + "enhancedVpcRouting": { + "type": "boolean", + "description": "Whether enhanced VPC routing is enabled\n" + }, + "iamRoles": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IAM roles associated to the cluster\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The KMS encryption key associated to the cluster\n" + }, + "masterUsername": { + "type": "string", + "description": "Username for the master DB user\n" + }, + "nodeType": { + "type": "string", + "description": "The cluster node type\n" + }, + "numberOfNodes": { + "type": "integer", + "description": "The number of nodes in the cluster\n" + }, + "port": { + "type": "integer", + "description": "The port the cluster responds on\n" + }, + "preferredMaintenanceWindow": { + "type": "string", + "description": "The maintenance window\n" + }, + "publiclyAccessible": { + "type": "boolean", + "description": "Whether the cluster is publicly accessible\n" + }, + "s3KeyPrefix": { + "type": "string", + "description": "The folder inside the S3 bucket where the log files are stored\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags associated to the cluster\n" + }, + "vpcId": { + "type": "string", + "description": "The VPC Id associated with the cluster\n" + }, + "vpcSecurityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The VPC security group Ids associated with the cluster\n" + } + }, + "type": "object", + "required": [ + "allowVersionUpgrade", + "automatedSnapshotRetentionPeriod", + "availabilityZone", + "bucketName", + "clusterIdentifier", + "clusterParameterGroupName", + "clusterPublicKey", + "clusterRevisionNumber", + "clusterSecurityGroups", + "clusterSubnetGroupName", + "clusterType", + "clusterVersion", + "databaseName", + "elasticIp", + "enableLogging", + "encrypted", + "endpoint", + "enhancedVpcRouting", + "iamRoles", + "kmsKeyId", + "masterUsername", + "nodeType", + "numberOfNodes", + "port", + "preferredMaintenanceWindow", + "publiclyAccessible", + "s3KeyPrefix", + "vpcId", + "vpcSecurityGroupIds", + "id" + ] + } + }, + "aws:redshift/getOrderableCluster:getOrderableCluster": { + "description": "Information about Redshift Orderable Clusters and valid parameter combinations.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.redshift.getOrderableCluster({\n clusterType: \"multi-node\",\n preferredNodeTypes: [\n \"dc2.large\",\n \"ds2.xlarge\",\n ],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.redshift.get_orderable_cluster(cluster_type=\"multi-node\",\n preferred_node_types=[\n \"dc2.large\",\n \"ds2.xlarge\",\n ])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.RedShift.GetOrderableCluster.InvokeAsync(new Aws.RedShift.GetOrderableClusterArgs\n {\n ClusterType = \"multi-node\",\n PreferredNodeTypes = \n {\n \"dc2.large\",\n \"ds2.xlarge\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"multi-node\"\n\t\t_, err := redshift.GetOrderableCluster(ctx, &redshift.GetOrderableClusterArgs{\n\t\t\tClusterType: &opt0,\n\t\t\tPreferredNodeTypes: []string{\n\t\t\t\t\"dc2.large\",\n\t\t\t\t\"ds2.xlarge\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getOrderableCluster.\n", + "properties": { + "clusterType": { + "type": "string", + "description": "Reshift Cluster type. e.g. `multi-node` or `single-node`\n" + }, + "clusterVersion": { + "type": "string", + "description": "Redshift Cluster version. e.g. `1.0`\n" + }, + "nodeType": { + "type": "string", + "description": "Redshift Cluster node type. e.g. `dc2.8xlarge`\n" + }, + "preferredNodeTypes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Ordered list of preferred Redshift Cluster node types. The first match in this list will be returned. If no preferred matches are found and the original search returned more than one result, an error is returned.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getOrderableCluster.\n", + "properties": { + "availabilityZones": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of Availability Zone names where the Redshit Cluster is available.\n" + }, + "clusterType": { + "type": "string" + }, + "clusterVersion": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "nodeType": { + "type": "string" + }, + "preferredNodeTypes": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "availabilityZones", + "clusterType", + "clusterVersion", + "nodeType", + "id" + ] + } + }, + "aws:redshift/getServiceAccount:getServiceAccount": { + "description": "Use this data source to get the Account ID of the [AWS Redshift Service Account](http://docs.aws.amazon.com/redshift/latest/mgmt/db-auditing.html#db-auditing-enable-logging)\nin a given region for the purpose of allowing Redshift to store audit data in S3.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst main = pulumi.output(aws.redshift.getServiceAccount());\nconst bucket = new aws.s3.Bucket(\"bucket\", {\n forceDestroy: true,\n policy: pulumi.interpolate`{\n\t\"Version\": \"2008-10-17\",\n\t\"Statement\": [\n\t\t{\n \"Sid\": \"Put bucket policy needed for audit logging\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n\t\t \"AWS\": \"${main.arn}\"\n },\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::tf-redshift-logging-test-bucket/*\"\n },\n {\n \"Sid\": \"Get bucket policy needed for audit logging \",\n \"Effect\": \"Allow\",\n \"Principal\": {\n\t\t \"AWS\": \"${main.arn}\"\n },\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::tf-redshift-logging-test-bucket\"\n }\n\t]\n}\n`,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nmain = aws.redshift.get_service_account()\nbucket = aws.s3.Bucket(\"bucket\",\n force_destroy=True,\n policy=f\"\"\"{{\n\t\"Version\": \"2008-10-17\",\n\t\"Statement\": [\n\t\t{{\n \"Sid\": \"Put bucket policy needed for audit logging\",\n \"Effect\": \"Allow\",\n \"Principal\": {{\n\t\t \"AWS\": \"{main.arn}\"\n }},\n \"Action\": \"s3:PutObject\",\n \"Resource\": \"arn:aws:s3:::tf-redshift-logging-test-bucket/*\"\n }},\n {{\n \"Sid\": \"Get bucket policy needed for audit logging \",\n \"Effect\": \"Allow\",\n \"Principal\": {{\n\t\t \"AWS\": \"{main.arn}\"\n }},\n \"Action\": \"s3:GetBucketAcl\",\n \"Resource\": \"arn:aws:s3:::tf-redshift-logging-test-bucket\"\n }}\n\t]\n}}\n\n\"\"\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var main = Output.Create(Aws.RedShift.GetServiceAccount.InvokeAsync());\n var bucket = new Aws.S3.Bucket(\"bucket\", new Aws.S3.BucketArgs\n {\n ForceDestroy = true,\n Policy = Output.Tuple(main, main).Apply(values =>\n {\n var main = values.Item1;\n var main1 = values.Item2;\n return @$\"{{\n\t\"\"Version\"\": \"\"2008-10-17\"\",\n\t\"\"Statement\"\": [\n\t\t{{\n \"\"Sid\"\": \"\"Put bucket policy needed for audit logging\"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n\t\t \"\"AWS\"\": \"\"{main.Arn}\"\"\n }},\n \"\"Action\"\": \"\"s3:PutObject\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::tf-redshift-logging-test-bucket/*\"\"\n }},\n {{\n \"\"Sid\"\": \"\"Get bucket policy needed for audit logging \"\",\n \"\"Effect\"\": \"\"Allow\"\",\n \"\"Principal\"\": {{\n\t\t \"\"AWS\"\": \"\"{main1.Arn}\"\"\n }},\n \"\"Action\"\": \"\"s3:GetBucketAcl\"\",\n \"\"Resource\"\": \"\"arn:aws:s3:::tf-redshift-logging-test-bucket\"\"\n }}\n\t]\n}}\n\n\";\n }),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/redshift\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmain, err := redshift.GetServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = s3.NewBucket(ctx, \"bucket\", &s3.BucketArgs{\n\t\t\tForceDestroy: pulumi.Bool(true),\n\t\t\tPolicy: pulumi.Any(fmt.Sprintf(\"%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v%v\", \"{\\n\", \"\t\\\"Version\\\": \\\"2008-10-17\\\",\\n\", \"\t\\\"Statement\\\": [\\n\", \"\t\t{\\n\", \" \\\"Sid\\\": \\\"Put bucket policy needed for audit logging\\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \"\t\t \\\"AWS\\\": \\\"\", main.Arn, \"\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"s3:PutObject\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::tf-redshift-logging-test-bucket/*\\\"\\n\", \" },\\n\", \" {\\n\", \" \\\"Sid\\\": \\\"Get bucket policy needed for audit logging \\\",\\n\", \" \\\"Effect\\\": \\\"Allow\\\",\\n\", \" \\\"Principal\\\": {\\n\", \"\t\t \\\"AWS\\\": \\\"\", main.Arn, \"\\\"\\n\", \" },\\n\", \" \\\"Action\\\": \\\"s3:GetBucketAcl\\\",\\n\", \" \\\"Resource\\\": \\\"arn:aws:s3:::tf-redshift-logging-test-bucket\\\"\\n\", \" }\\n\", \"\t]\\n\", \"}\\n\", \"\\n\")),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getServiceAccount.\n", + "properties": { + "region": { + "type": "string", + "description": "Name of the region whose AWS Redshift account ID is desired.\nDefaults to the region from the AWS provider configuration.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getServiceAccount.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the AWS Redshift service account in the selected region.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "region": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "id" + ] + } + }, + "aws:resourcegroupstaggingapi/getResources:getResources": { + "description": "Provides details about resource tagging.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Get All Resource Tag Mappings\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.resourcegroupstaggingapi.getResources());\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.resourcegroupstaggingapi.get_resources()\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.ResourceGroupsTaggingApi.GetResources.InvokeAsync());\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/resourcegroupstaggingapi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := resourcegroupstaggingapi.GetResources(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter By Tag Key and Value\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.resourcegroupstaggingapi.getResources({\n tagFilters: [{\n key: \"tag-key\",\n values: [\n \"tag-value-1\",\n \"tag-value-2\",\n ],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.resourcegroupstaggingapi.get_resources(tag_filters=[aws.resourcegroupstaggingapi.GetResourcesTagFilterArgs(\n key=\"tag-key\",\n values=[\n \"tag-value-1\",\n \"tag-value-2\",\n ],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.ResourceGroupsTaggingApi.GetResources.InvokeAsync(new Aws.ResourceGroupsTaggingApi.GetResourcesArgs\n {\n TagFilters = \n {\n new Aws.ResourceGroupsTaggingApi.Inputs.GetResourcesTagFilterArgs\n {\n Key = \"tag-key\",\n Values = \n {\n \"tag-value-1\",\n \"tag-value-2\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/resourcegroupstaggingapi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := resourcegroupstaggingapi.GetResources(ctx, &resourcegroupstaggingapi.GetResourcesArgs{\n\t\t\tTagFilters: []resourcegroupstaggingapi.GetResourcesTagFilter{\n\t\t\t\tresourcegroupstaggingapi.GetResourcesTagFilter{\n\t\t\t\t\tKey: \"tag-key\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"tag-value-1\",\n\t\t\t\t\t\t\"tag-value-2\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter By Resource Type\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.resourcegroupstaggingapi.getResources({\n resourceTypeFilters: [\"ec2:instance\"],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.resourcegroupstaggingapi.get_resources(resource_type_filters=[\"ec2:instance\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.ResourceGroupsTaggingApi.GetResources.InvokeAsync(new Aws.ResourceGroupsTaggingApi.GetResourcesArgs\n {\n ResourceTypeFilters = \n {\n \"ec2:instance\",\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/resourcegroupstaggingapi\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := resourcegroupstaggingapi.GetResources(ctx, &resourcegroupstaggingapi.GetResourcesArgs{\n\t\t\tResourceTypeFilters: []string{\n\t\t\t\t\"ec2:instance\",\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getResources.\n", + "properties": { + "excludeCompliantResources": { + "type": "boolean", + "description": "Specifies whether to exclude resources that are compliant with the tag policy. You can use this parameter only if the `include_compliance_details` argument is also set to `true`.\n" + }, + "includeComplianceDetails": { + "type": "boolean", + "description": "Specifies whether to include details regarding the compliance with the effective tag policy.\n" + }, + "resourceArnLists": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies a list of ARNs of resources for which you want to retrieve tag data. Conflicts with `filter`.\n" + }, + "resourceTypeFilters": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The constraints on the resources that you want returned. The format of each resource type is `service:resourceType`. For example, specifying a resource type of `ec2` returns all Amazon EC2 resources (which includes EC2 instances). Specifying a resource type of `ec2:instance` returns only EC2 instances.\n" + }, + "tagFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:resourcegroupstaggingapi/getResourcesTagFilter:getResourcesTagFilter" + }, + "description": "Specifies a list of Tag Filters (keys and values) to restrict the output to only those resources that have the specified tag and, if included, the specified value. See Tag Filter below. Conflicts with `resource_arn_list`.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getResources.\n", + "properties": { + "excludeCompliantResources": { + "type": "boolean" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "includeComplianceDetails": { + "type": "boolean" + }, + "resourceArnLists": { + "type": "array", + "items": { + "type": "string" + } + }, + "resourceTagMappingLists": { + "type": "array", + "items": { + "$ref": "#/types/aws:resourcegroupstaggingapi/getResourcesResourceTagMappingList:getResourcesResourceTagMappingList" + }, + "description": "List of objects matching the search criteria.\n" + }, + "resourceTypeFilters": { + "type": "array", + "items": { + "type": "string" + } + }, + "tagFilters": { + "type": "array", + "items": { + "$ref": "#/types/aws:resourcegroupstaggingapi/getResourcesTagFilter:getResourcesTagFilter" + } + } + }, + "type": "object", + "required": [ + "resourceTagMappingLists", + "id" + ] + } + }, + "aws:route53/getDelegationSet:getDelegationSet": { + "description": "`aws.route53.DelegationSet` provides details about a specific Route 53 Delegation Set.\n\nThis data source allows to find a list of name servers associated with a specific delegation set.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example shows how to get a delegation set from its id.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst dset = pulumi.output(aws.route53.getDelegationSet({\n id: \"MQWGHCBFAKEID\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndset = aws.route53.get_delegation_set(id=\"MQWGHCBFAKEID\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var dset = Output.Create(Aws.Route53.GetDelegationSet.InvokeAsync(new Aws.Route53.GetDelegationSetArgs\n {\n Id = \"MQWGHCBFAKEID\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.LookupDelegationSet(ctx, &route53.LookupDelegationSetArgs{\n\t\t\tId: \"MQWGHCBFAKEID\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDelegationSet.\n", + "properties": { + "id": { + "type": "string", + "description": "The Hosted Zone id of the desired delegation set.\n" + } + }, + "type": "object", + "required": [ + "id" + ] + }, + "outputs": { + "description": "A collection of values returned by getDelegationSet.\n", + "properties": { + "callerReference": { + "type": "string" + }, + "id": { + "type": "string" + }, + "nameServers": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "callerReference", + "id", + "nameServers" + ] + } + }, + "aws:route53/getResolverEndpoint:getResolverEndpoint": { + "description": "`aws.route53.ResolverEndpoint` provides details about a specific Route53 Resolver Endpoint.\n\nThis data source allows to find a list of IPaddresses associated with a specific Route53 Resolver Endpoint.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.route53.getResolverEndpoint({\n resolverEndpointId: \"rslvr-in-1abc2345ef678g91h\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.get_resolver_endpoint(resolver_endpoint_id=\"rslvr-in-1abc2345ef678g91h\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Route53.GetResolverEndpoint.InvokeAsync(new Aws.Route53.GetResolverEndpointArgs\n {\n ResolverEndpointId = \"rslvr-in-1abc2345ef678g91h\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"rslvr-in-1abc2345ef678g91h\"\n\t\t_, err := route53.LookupResolverEndpoint(ctx, &route53.LookupResolverEndpointArgs{\n\t\t\tResolverEndpointId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.route53.getResolverEndpoint({\n filters: [{\n name: \"NAME\",\n values: [\"MyResolverExampleName\"],\n }],\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.get_resolver_endpoint(filters=[aws.route53.GetResolverEndpointFilterArgs(\n name=\"NAME\",\n values=[\"MyResolverExampleName\"],\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Route53.GetResolverEndpoint.InvokeAsync(new Aws.Route53.GetResolverEndpointArgs\n {\n Filters = \n {\n new Aws.Route53.Inputs.GetResolverEndpointFilterArgs\n {\n Name = \"NAME\",\n Values = \n {\n \"MyResolverExampleName\",\n },\n },\n },\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := route53.LookupResolverEndpoint(ctx, &route53.LookupResolverEndpointArgs{\n\t\t\tFilters: []route53.GetResolverEndpointFilter{\n\t\t\t\troute53.GetResolverEndpointFilter{\n\t\t\t\t\tName: \"NAME\",\n\t\t\t\t\tValues: []string{\n\t\t\t\t\t\t\"MyResolverExampleName\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getResolverEndpoint.\n", + "properties": { + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/getResolverEndpointFilter:getResolverEndpointFilter" + }, + "description": "One or more name/value pairs to use as filters. There are\nseveral valid keys, for a full reference, check out\n[Route53resolver Filter value in the AWS API reference][1].\n" + }, + "resolverEndpointId": { + "type": "string", + "description": "The ID of the Route53 Resolver Endpoint.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getResolverEndpoint.\n", + "properties": { + "arn": { + "type": "string" + }, + "direction": { + "type": "string" + }, + "filters": { + "type": "array", + "items": { + "$ref": "#/types/aws:route53/getResolverEndpointFilter:getResolverEndpointFilter" + } + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + } + }, + "name": { + "type": "string" + }, + "resolverEndpointId": { + "type": "string" + }, + "status": { + "type": "string" + }, + "vpcId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "direction", + "ipAddresses", + "name", + "status", + "vpcId", + "id" + ] + } + }, + "aws:route53/getResolverRule:getResolverRule": { + "description": "`aws.route53.ResolverRule` provides details about a specific Route53 Resolver rule.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example shows how to get a Route53 Resolver rule based on its associated domain name and rule type.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.route53.getResolverRule({\n domainName: \"subdomain.example.com\",\n ruleType: \"SYSTEM\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.get_resolver_rule(domain_name=\"subdomain.example.com\",\n rule_type=\"SYSTEM\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Route53.GetResolverRule.InvokeAsync(new Aws.Route53.GetResolverRuleArgs\n {\n DomainName = \"subdomain.example.com\",\n RuleType = \"SYSTEM\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"subdomain.example.com\"\n\t\topt1 := \"SYSTEM\"\n\t\t_, err := route53.LookupResolverRule(ctx, &route53.LookupResolverRuleArgs{\n\t\t\tDomainName: &opt0,\n\t\t\tRuleType: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getResolverRule.\n", + "properties": { + "domainName": { + "type": "string", + "description": "The domain name the desired resolver rule forwards DNS queries for. Conflicts with `resolver_rule_id`.\n" + }, + "name": { + "type": "string", + "description": "The friendly name of the desired resolver rule. Conflicts with `resolver_rule_id`.\n" + }, + "resolverEndpointId": { + "type": "string", + "description": "The ID of the outbound resolver endpoint of the desired resolver rule. Conflicts with `resolver_rule_id`.\n" + }, + "resolverRuleId": { + "type": "string", + "description": "The ID of the desired resolver rule. Conflicts with `domain_name`, `name`, `resolver_endpoint_id` and `rule_type`.\n" + }, + "ruleType": { + "type": "string", + "description": "The rule type of the desired resolver rule. Valid values are `FORWARD`, `SYSTEM` and `RECURSIVE`. Conflicts with `resolver_rule_id`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resolver rule.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getResolverRule.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN (Amazon Resource Name) for the resolver rule.\n" + }, + "domainName": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "ownerId": { + "type": "string", + "description": "When a rule is shared with another AWS account, the account ID of the account that the rule is shared with.\n" + }, + "resolverEndpointId": { + "type": "string" + }, + "resolverRuleId": { + "type": "string" + }, + "ruleType": { + "type": "string" + }, + "shareStatus": { + "type": "string", + "description": "Whether the rules is shared and, if so, whether the current account is sharing the rule with another account, or another account is sharing the rule with the current account.\nValues are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the resolver rule.\n" + } + }, + "type": "object", + "required": [ + "arn", + "domainName", + "name", + "ownerId", + "resolverEndpointId", + "resolverRuleId", + "ruleType", + "shareStatus", + "tags", + "id" + ] + } + }, + "aws:route53/getResolverRules:getResolverRules": { + "description": "`aws.route53.getResolverRules` provides details about a set of Route53 Resolver rules.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nRetrieving the default resolver rule.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.route53.getResolverRules({\n ownerId: \"Route 53 Resolver\",\n ruleType: \"RECURSIVE\",\n shareStatus: \"NOT_SHARED\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.get_resolver_rules(owner_id=\"Route 53 Resolver\",\n rule_type=\"RECURSIVE\",\n share_status=\"NOT_SHARED\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Route53.GetResolverRules.InvokeAsync(new Aws.Route53.GetResolverRulesArgs\n {\n OwnerId = \"Route 53 Resolver\",\n RuleType = \"RECURSIVE\",\n ShareStatus = \"NOT_SHARED\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"Route 53 Resolver\"\n\t\topt1 := \"RECURSIVE\"\n\t\topt2 := \"NOT_SHARED\"\n\t\t_, err := route53.GetResolverRules(ctx, &route53.GetResolverRulesArgs{\n\t\t\tOwnerId: &opt0,\n\t\t\tRuleType: &opt1,\n\t\t\tShareStatus: &opt2,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.route53.getResolverRules({\n ruleType: \"FORWARD\",\n shareStatus: \"SHARED_WITH_ME\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.route53.get_resolver_rules(rule_type=\"FORWARD\",\n share_status=\"SHARED_WITH_ME\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Route53.GetResolverRules.InvokeAsync(new Aws.Route53.GetResolverRulesArgs\n {\n RuleType = \"FORWARD\",\n ShareStatus = \"SHARED_WITH_ME\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"FORWARD\"\n\t\topt1 := \"SHARED_WITH_ME\"\n\t\t_, err := route53.GetResolverRules(ctx, &route53.GetResolverRulesArgs{\n\t\t\tRuleType: &opt0,\n\t\t\tShareStatus: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getResolverRules.\n", + "properties": { + "ownerId": { + "type": "string", + "description": "When the desired resolver rules are shared with another AWS account, the account ID of the account that the rules are shared with.\n" + }, + "resolverEndpointId": { + "type": "string", + "description": "The ID of the outbound resolver endpoint for the desired resolver rules.\n" + }, + "ruleType": { + "type": "string", + "description": "The rule type of the desired resolver rules. Valid values are `FORWARD`, `SYSTEM` and `RECURSIVE`.\n" + }, + "shareStatus": { + "type": "string", + "description": "Whether the desired resolver rules are shared and, if so, whether the current account is sharing the rules with another account, or another account is sharing the rules with the current account. Valid values are `NOT_SHARED`, `SHARED_BY_ME` or `SHARED_WITH_ME`\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getResolverRules.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ownerId": { + "type": "string" + }, + "resolverEndpointId": { + "type": "string" + }, + "resolverRuleIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IDs of the matched resolver rules.\n" + }, + "ruleType": { + "type": "string" + }, + "shareStatus": { + "type": "string" + } + }, + "type": "object", + "required": [ + "resolverRuleIds", + "id" + ] + } + }, + "aws:route53/getZone:getZone": { + "description": "`aws.route53.Zone` provides details about a specific Route 53 Hosted Zone.\n\nThis data source allows to find a Hosted Zone ID given Hosted Zone name and certain search criteria.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example shows how to get a Hosted Zone from its name and from this data how to create a Record Set.\n\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.route53.getZone({\n name: \"test.com.\",\n privateZone: true,\n});\nconst www = new aws.route53.Record(\"www\", {\n zoneId: selected.then(selected => selected.zoneId),\n name: selected.then(selected => `www.${selected.name}`),\n type: \"A\",\n ttl: \"300\",\n records: [\"10.0.0.1\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.route53.get_zone(name=\"test.com.\",\n private_zone=True)\nwww = aws.route53.Record(\"www\",\n zone_id=selected.zone_id,\n name=f\"www.{selected.name}\",\n type=\"A\",\n ttl=300,\n records=[\"10.0.0.1\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var selected = Output.Create(Aws.Route53.GetZone.InvokeAsync(new Aws.Route53.GetZoneArgs\n {\n Name = \"test.com.\",\n PrivateZone = true,\n }));\n var www = new Aws.Route53.Record(\"www\", new Aws.Route53.RecordArgs\n {\n ZoneId = selected.Apply(selected => selected.ZoneId),\n Name = selected.Apply(selected => $\"www.{selected.Name}\"),\n Type = \"A\",\n Ttl = 300,\n Records = \n {\n \"10.0.0.1\",\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"test.com.\"\n\t\topt1 := true\n\t\tselected, err := route53.LookupZone(ctx, &route53.LookupZoneArgs{\n\t\t\tName: &opt0,\n\t\t\tPrivateZone: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"www\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.String(selected.ZoneId),\n\t\t\tName: pulumi.String(fmt.Sprintf(\"%v%v\", \"www.\", selected.Name)),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tTtl: pulumi.Int(300),\n\t\t\tRecords: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"10.0.0.1\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getZone.\n", + "properties": { + "name": { + "type": "string", + "description": "The Hosted Zone name of the desired Hosted Zone.\n" + }, + "privateZone": { + "type": "boolean", + "description": "Used with `name` field to get a private Hosted Zone.\n" + }, + "resourceRecordSetCount": { + "type": "integer", + "description": "The number of Record Set in the Hosted Zone.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Used with `name` field. A map of tags, each pair of which must exactly match a pair on the desired Hosted Zone.\n" + }, + "vpcId": { + "type": "string", + "description": "Used with `name` field to get a private Hosted Zone associated with the vpc_id (in this case, private_zone is not mandatory).\n" + }, + "zoneId": { + "type": "string", + "description": "The Hosted Zone id of the desired Hosted Zone.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getZone.\n", + "properties": { + "callerReference": { + "type": "string", + "description": "Caller Reference of the Hosted Zone.\n" + }, + "comment": { + "type": "string", + "description": "The comment field of the Hosted Zone.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "linkedServiceDescription": { + "type": "string", + "description": "The description provided by the service that created the Hosted Zone (e.g. `arn:aws:servicediscovery:us-east-1:1234567890:namespace/ns-xxxxxxxxxxxxxxxx`).\n" + }, + "linkedServicePrincipal": { + "type": "string", + "description": "The service that created the Hosted Zone (e.g. `servicediscovery.amazonaws.com`).\n" + }, + "name": { + "type": "string" + }, + "nameServers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of DNS name servers for the Hosted Zone.\n" + }, + "privateZone": { + "type": "boolean" + }, + "resourceRecordSetCount": { + "type": "integer", + "description": "The number of Record Set in the Hosted Zone.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "vpcId": { + "type": "string" + }, + "zoneId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "callerReference", + "comment", + "linkedServiceDescription", + "linkedServicePrincipal", + "name", + "nameServers", + "resourceRecordSetCount", + "tags", + "vpcId", + "zoneId", + "id" + ] + } + }, + "aws:s3/getBucket:getBucket": { + "description": "Provides details about a specific S3 bucket.\n\nThis resource may prove useful when setting up a Route53 record, or an origin for a CloudFront\nDistribution.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Route53 Record\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.s3.getBucket({\n bucket: \"bucket.test.com\",\n});\nconst testZone = aws.route53.getZone({\n name: \"test.com.\",\n});\nconst example = new aws.route53.Record(\"example\", {\n zoneId: testZone.then(testZone => testZone.id),\n name: \"bucket\",\n type: \"A\",\n aliases: [{\n name: selected.then(selected => selected.websiteDomain),\n zoneId: selected.then(selected => selected.hostedZoneId),\n }],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.s3.get_bucket(bucket=\"bucket.test.com\")\ntest_zone = aws.route53.get_zone(name=\"test.com.\")\nexample = aws.route53.Record(\"example\",\n zone_id=test_zone.id,\n name=\"bucket\",\n type=\"A\",\n aliases=[aws.route53.RecordAliasArgs(\n name=selected.website_domain,\n zone_id=selected.hosted_zone_id,\n )])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var selected = Output.Create(Aws.S3.GetBucket.InvokeAsync(new Aws.S3.GetBucketArgs\n {\n Bucket = \"bucket.test.com\",\n }));\n var testZone = Output.Create(Aws.Route53.GetZone.InvokeAsync(new Aws.Route53.GetZoneArgs\n {\n Name = \"test.com.\",\n }));\n var example = new Aws.Route53.Record(\"example\", new Aws.Route53.RecordArgs\n {\n ZoneId = testZone.Apply(testZone => testZone.Id),\n Name = \"bucket\",\n Type = \"A\",\n Aliases = \n {\n new Aws.Route53.Inputs.RecordAliasArgs\n {\n Name = selected.Apply(selected => selected.WebsiteDomain),\n ZoneId = selected.Apply(selected => selected.HostedZoneId),\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/route53\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := s3.LookupBucket(ctx, &s3.LookupBucketArgs{\n\t\t\tBucket: \"bucket.test.com\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt0 := \"test.com.\"\n\t\ttestZone, err := route53.LookupZone(ctx, &route53.LookupZoneArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = route53.NewRecord(ctx, \"example\", &route53.RecordArgs{\n\t\t\tZoneId: pulumi.String(testZone.Id),\n\t\t\tName: pulumi.String(\"bucket\"),\n\t\t\tType: pulumi.String(\"A\"),\n\t\t\tAliases: route53.RecordAliasArray{\n\t\t\t\t&route53.RecordAliasArgs{\n\t\t\t\t\tName: pulumi.String(selected.WebsiteDomain),\n\t\t\t\t\tZoneId: pulumi.String(selected.HostedZoneId),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### CloudFront Origin\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst selected = aws.s3.getBucket({\n bucket: \"a-test-bucket\",\n});\nconst test = new aws.cloudfront.Distribution(\"test\", {origins: [{\n domainName: selected.then(selected => selected.bucketDomainName),\n originId: \"s3-selected-bucket\",\n}]});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nselected = aws.s3.get_bucket(bucket=\"a-test-bucket\")\ntest = aws.cloudfront.Distribution(\"test\", origins=[aws.cloudfront.DistributionOriginArgs(\n domain_name=selected.bucket_domain_name,\n origin_id=\"s3-selected-bucket\",\n)])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var selected = Output.Create(Aws.S3.GetBucket.InvokeAsync(new Aws.S3.GetBucketArgs\n {\n Bucket = \"a-test-bucket\",\n }));\n var test = new Aws.CloudFront.Distribution(\"test\", new Aws.CloudFront.DistributionArgs\n {\n Origins = \n {\n new Aws.CloudFront.Inputs.DistributionOriginArgs\n {\n DomainName = selected.Apply(selected => selected.BucketDomainName),\n OriginId = \"s3-selected-bucket\",\n },\n },\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/cloudfront\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tselected, err := s3.LookupBucket(ctx, &s3.LookupBucketArgs{\n\t\t\tBucket: \"a-test-bucket\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfront.NewDistribution(ctx, \"test\", &cloudfront.DistributionArgs{\n\t\t\tOrigins: cloudfront.DistributionOriginArray{\n\t\t\t\t&cloudfront.DistributionOriginArgs{\n\t\t\t\t\tDomainName: pulumi.String(selected.BucketDomainName),\n\t\t\t\t\tOriginId: pulumi.String(\"s3-selected-bucket\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getBucket.\n", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket\n" + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "outputs": { + "description": "A collection of values returned by getBucket.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the bucket. Will be of format `arn:aws:s3:::bucketname`.\n" + }, + "bucket": { + "type": "string" + }, + "bucketDomainName": { + "type": "string", + "description": "The bucket domain name. Will be of format `bucketname.s3.amazonaws.com`.\n" + }, + "bucketRegionalDomainName": { + "type": "string", + "description": "The bucket region-specific domain name. The bucket domain name including the region name, please refer [here](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region) for format. Note: The AWS CloudFront allows specifying S3 region-specific endpoint when creating S3 origin, it will prevent [redirect issues](https://forums.aws.amazon.com/thread.jspa?threadID=216814) from CloudFront to S3 Origin URL.\n" + }, + "hostedZoneId": { + "type": "string", + "description": "The [Route 53 Hosted Zone ID](https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_website_region_endpoints) for this bucket's region.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "region": { + "type": "string", + "description": "The AWS region this bucket resides in.\n" + }, + "websiteDomain": { + "type": "string", + "description": "The domain of the website endpoint, if the bucket is configured with a website. If not, this will be an empty string. This is used to create Route 53 alias records.\n" + }, + "websiteEndpoint": { + "type": "string", + "description": "The website endpoint, if the bucket is configured with a website. If not, this will be an empty string.\n" + } + }, + "type": "object", + "required": [ + "arn", + "bucket", + "bucketDomainName", + "bucketRegionalDomainName", + "hostedZoneId", + "region", + "websiteDomain", + "websiteEndpoint", + "id" + ] + } + }, + "aws:s3/getBucketObject:getBucketObject": { + "description": "The S3 object data source allows access to the metadata and\n_optionally_ (see below) content of an object stored inside S3 bucket.\n\n> **Note:** The content of an object (`body` field) is available only for objects which have a human-readable `Content-Type` (`text/*` and `application/json`). This is to prevent printing unsafe characters and potentially downloading large amount of data which would be thrown away in favour of metadata.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nThe following example retrieves a text object (which must have a `Content-Type`\nvalue starting with `text/`) and uses it as the `user_data` for an EC2 instance:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst bootstrapScript = aws.s3.getBucketObject({\n bucket: \"ourcorp-deploy-config\",\n key: \"ec2-bootstrap-script.sh\",\n});\nconst example = new aws.ec2.Instance(\"example\", {\n instanceType: \"t2.micro\",\n ami: \"ami-2757f631\",\n userData: bootstrapScript.then(bootstrapScript => bootstrapScript.body),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbootstrap_script = aws.s3.get_bucket_object(bucket=\"ourcorp-deploy-config\",\n key=\"ec2-bootstrap-script.sh\")\nexample = aws.ec2.Instance(\"example\",\n instance_type=\"t2.micro\",\n ami=\"ami-2757f631\",\n user_data=bootstrap_script.body)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var bootstrapScript = Output.Create(Aws.S3.GetBucketObject.InvokeAsync(new Aws.S3.GetBucketObjectArgs\n {\n Bucket = \"ourcorp-deploy-config\",\n Key = \"ec2-bootstrap-script.sh\",\n }));\n var example = new Aws.Ec2.Instance(\"example\", new Aws.Ec2.InstanceArgs\n {\n InstanceType = \"t2.micro\",\n Ami = \"ami-2757f631\",\n UserData = bootstrapScript.Apply(bootstrapScript => bootstrapScript.Body),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ec2\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tbootstrapScript, err := s3.LookupBucketObject(ctx, &s3.LookupBucketObjectArgs{\n\t\t\tBucket: \"ourcorp-deploy-config\",\n\t\t\tKey: \"ec2-bootstrap-script.sh\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ec2.NewInstance(ctx, \"example\", &ec2.InstanceArgs{\n\t\t\tInstanceType: pulumi.String(\"t2.micro\"),\n\t\t\tAmi: pulumi.String(\"ami-2757f631\"),\n\t\t\tUserData: pulumi.String(bootstrapScript.Body),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nThe following, more-complex example retrieves only the metadata for a zip\nfile stored in S3, which is then used to pass the most recent `version_id`\nto AWS Lambda for use as a function implementation. More information about\nLambda functions is available in the documentation for\n`aws.lambda.Function`.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst lambda = aws.s3.getBucketObject({\n bucket: \"ourcorp-lambda-functions\",\n key: \"hello-world.zip\",\n});\nconst testLambda = new aws.lambda.Function(\"testLambda\", {\n s3Bucket: lambda.then(lambda => lambda.bucket),\n s3Key: lambda.then(lambda => lambda.key),\n s3ObjectVersion: lambda.then(lambda => lambda.versionId),\n role: aws_iam_role.iam_for_lambda.arn,\n handler: \"exports.test\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nlambda_ = aws.s3.get_bucket_object(bucket=\"ourcorp-lambda-functions\",\n key=\"hello-world.zip\")\ntest_lambda = aws.lambda_.Function(\"testLambda\",\n s3_bucket=lambda_.bucket,\n s3_key=lambda_.key,\n s3_object_version=lambda_.version_id,\n role=aws_iam_role[\"iam_for_lambda\"][\"arn\"],\n handler=\"exports.test\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var lambda = Output.Create(Aws.S3.GetBucketObject.InvokeAsync(new Aws.S3.GetBucketObjectArgs\n {\n Bucket = \"ourcorp-lambda-functions\",\n Key = \"hello-world.zip\",\n }));\n var testLambda = new Aws.Lambda.Function(\"testLambda\", new Aws.Lambda.FunctionArgs\n {\n S3Bucket = lambda.Apply(lambda => lambda.Bucket),\n S3Key = lambda.Apply(lambda => lambda.Key),\n S3ObjectVersion = lambda.Apply(lambda => lambda.VersionId),\n Role = aws_iam_role.Iam_for_lambda.Arn,\n Handler = \"exports.test\",\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/lambda\"\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tlambda, err := s3.LookupBucketObject(ctx, &s3.LookupBucketObjectArgs{\n\t\t\tBucket: \"ourcorp-lambda-functions\",\n\t\t\tKey: \"hello-world.zip\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = lambda.NewFunction(ctx, \"testLambda\", &lambda.FunctionArgs{\n\t\t\tS3Bucket: pulumi.String(lambda.Bucket),\n\t\t\tS3Key: pulumi.String(lambda.Key),\n\t\t\tS3ObjectVersion: pulumi.String(lambda.VersionId),\n\t\t\tRole: pulumi.Any(aws_iam_role.Iam_for_lambda.Arn),\n\t\t\tHandler: pulumi.String(\"exports.test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getBucketObject.\n", + "properties": { + "bucket": { + "type": "string", + "description": "The name of the bucket to read the object from. Alternatively, an [S3 access point](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) ARN can be specified\n" + }, + "key": { + "type": "string", + "description": "The full path to the object inside the bucket\n" + }, + "range": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the object.\n" + }, + "versionId": { + "type": "string", + "description": "Specific version ID of the object returned (defaults to latest version)\n" + } + }, + "type": "object", + "required": [ + "bucket", + "key" + ] + }, + "outputs": { + "description": "A collection of values returned by getBucketObject.\n", + "properties": { + "body": { + "type": "string", + "description": "Object data (see **limitations above** to understand cases in which this field is actually available)\n" + }, + "bucket": { + "type": "string" + }, + "bucketKeyEnabled": { + "type": "boolean", + "description": "(Optional) Whether or not to use [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) for SSE-KMS.\n" + }, + "cacheControl": { + "type": "string", + "description": "Specifies caching behavior along the request/reply chain.\n" + }, + "contentDisposition": { + "type": "string", + "description": "Specifies presentational information for the object.\n" + }, + "contentEncoding": { + "type": "string", + "description": "Specifies what content encodings have been applied to the object and thus what decoding mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.\n" + }, + "contentLanguage": { + "type": "string", + "description": "The language the content is in.\n" + }, + "contentLength": { + "type": "integer", + "description": "Size of the body in bytes.\n" + }, + "contentType": { + "type": "string", + "description": "A standard MIME type describing the format of the object data.\n" + }, + "etag": { + "type": "string", + "description": "[ETag](https://en.wikipedia.org/wiki/HTTP_ETag) generated for the object (an MD5 sum of the object content in case it's not encrypted)\n" + }, + "expiration": { + "type": "string", + "description": "If the object expiration is configured (see [object lifecycle management](http://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html)), the field includes this header. It includes the expiry-date and rule-id key value pairs providing object expiration information. The value of the rule-id is URL encoded.\n" + }, + "expires": { + "type": "string", + "description": "The date and time at which the object is no longer cacheable.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "key": { + "type": "string" + }, + "lastModified": { + "type": "string", + "description": "Last modified date of the object in RFC1123 format (e.g. `Mon, 02 Jan 2006 15:04:05 MST`)\n" + }, + "metadata": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of metadata stored with the object in S3\n" + }, + "objectLockLegalHoldStatus": { + "type": "string", + "description": "Indicates whether this object has an active [legal hold](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-legal-holds). This field is only returned if you have permission to view an object's legal hold status.\n" + }, + "objectLockMode": { + "type": "string", + "description": "The object lock [retention mode](https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html#object-lock-retention-modes) currently in place for this object.\n" + }, + "objectLockRetainUntilDate": { + "type": "string", + "description": "The date and time when this object's object lock will expire.\n" + }, + "range": { + "type": "string" + }, + "serverSideEncryption": { + "type": "string", + "description": "If the object is stored using server-side encryption (KMS or Amazon S3-managed encryption key), this field includes the chosen encryption and algorithm used.\n" + }, + "sseKmsKeyId": { + "type": "string", + "description": "If present, specifies the ID of the Key Management Service (KMS) master encryption key that was used for the object.\n" + }, + "storageClass": { + "type": "string", + "description": "[Storage class](http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html) information of the object. Available for all objects except for `Standard` storage class objects.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the object.\n" + }, + "versionId": { + "type": "string", + "description": "The latest version ID of the object returned.\n" + }, + "websiteRedirectLocation": { + "type": "string", + "description": "If the bucket is configured as a website, redirects requests for this object to another object in the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.\n" + } + }, + "type": "object", + "required": [ + "body", + "bucket", + "bucketKeyEnabled", + "cacheControl", + "contentDisposition", + "contentEncoding", + "contentLanguage", + "contentLength", + "contentType", + "etag", + "expiration", + "expires", + "key", + "lastModified", + "metadata", + "objectLockLegalHoldStatus", + "objectLockMode", + "objectLockRetainUntilDate", + "serverSideEncryption", + "sseKmsKeyId", + "storageClass", + "tags", + "versionId", + "websiteRedirectLocation", + "id" + ] + } + }, + "aws:s3/getBucketObjects:getBucketObjects": { + "description": "> **NOTE on `max_keys`:** Retrieving very large numbers of keys can adversely affect this provider's performance.\n\nThe bucket-objects data source returns keys (i.e., file names) and other metadata about objects in an S3 bucket.\n", + "inputs": { + "description": "A collection of arguments for invoking getBucketObjects.\n", + "properties": { + "bucket": { + "type": "string", + "description": "Lists object keys in this S3 bucket. Alternatively, an [S3 access point](https://docs.aws.amazon.com/AmazonS3/latest/dev/using-access-points.html) ARN can be specified\n" + }, + "delimiter": { + "type": "string", + "description": "A character used to group keys (Default: none)\n" + }, + "encodingType": { + "type": "string", + "description": "Encodes keys using this method (Default: none; besides none, only \"url\" can be used)\n" + }, + "fetchOwner": { + "type": "boolean", + "description": "Boolean specifying whether to populate the owner list (Default: false)\n" + }, + "maxKeys": { + "type": "integer", + "description": "Maximum object keys to return (Default: 1000)\n" + }, + "prefix": { + "type": "string", + "description": "Limits results to object keys with this prefix (Default: none)\n" + }, + "startAfter": { + "type": "string", + "description": "Returns key names lexicographically after a specific object key in your bucket (Default: none; S3 lists object keys in UTF-8 character encoding in lexicographical order)\n" + } + }, + "type": "object", + "required": [ + "bucket" + ] + }, + "outputs": { + "description": "A collection of values returned by getBucketObjects.\n", + "properties": { + "bucket": { + "type": "string" + }, + "commonPrefixes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of any keys between `prefix` and the next occurrence of `delimiter` (i.e., similar to subdirectories of the `prefix` \"directory\"); the list is only returned when you specify `delimiter`\n" + }, + "delimiter": { + "type": "string" + }, + "encodingType": { + "type": "string" + }, + "fetchOwner": { + "type": "boolean" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "keys": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of strings representing object keys\n" + }, + "maxKeys": { + "type": "integer" + }, + "owners": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of strings representing object owner IDs (see `fetch_owner` above)\n" + }, + "prefix": { + "type": "string" + }, + "startAfter": { + "type": "string" + } + }, + "type": "object", + "required": [ + "bucket", + "commonPrefixes", + "keys", + "owners", + "id" + ] + } + }, + "aws:s3/getCanonicalUserId:getCanonicalUserId": { + "description": "The Canonical User ID data source allows access to the [canonical user ID](http://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html)\nfor the effective account in which this provider is working. \n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst current = aws.s3.getCanonicalUserId({});\nexport const canonicalUserId = current.then(current => current.id);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncurrent = aws.s3.get_canonical_user_id()\npulumi.export(\"canonicalUserId\", current.id)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var current = Output.Create(Aws.S3.GetCanonicalUserId.InvokeAsync());\n this.CanonicalUserId = current.Apply(current => current.Id);\n }\n\n [Output(\"canonicalUserId\")]\n public Output CanonicalUserId { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/s3\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tcurrent, err := s3.GetCanonicalUserId(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"canonicalUserId\", current.Id)\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "outputs": { + "description": "A collection of values returned by getCanonicalUserId.\n", + "properties": { + "displayName": { + "type": "string", + "description": "The human-friendly name linked to the canonical user ID. The bucket owner's display name. **NOTE:** [This value](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTServiceGET.html) is only included in the response in the US East (N. Virginia), US West (N. California), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), EU (Ireland), and South America (São Paulo) regions.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "displayName", + "id" + ] + } + }, + "aws:sagemaker/getPrebuiltEcrImage:getPrebuiltEcrImage": { + "description": "Get information about prebuilt Amazon SageMaker Docker images.\n\n> **NOTE:** The AWS provider creates a validly constructed `registry_path` but does not verify that the `registry_path` corresponds to an existing image. For example, using a `registry_path` containing an `image_tag` that does not correspond to a Docker image in the ECR repository, will result in an error.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nBasic usage:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.sagemaker.getPrebuiltEcrImage({\n imageTag: \"2.2-1.0.11.0\",\n repositoryName: \"sagemaker-scikit-learn\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.sagemaker.get_prebuilt_ecr_image(image_tag=\"2.2-1.0.11.0\",\n repository_name=\"sagemaker-scikit-learn\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Sagemaker.GetPrebuiltEcrImage.InvokeAsync(new Aws.Sagemaker.GetPrebuiltEcrImageArgs\n {\n ImageTag = \"2.2-1.0.11.0\",\n RepositoryName = \"sagemaker-scikit-learn\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sagemaker\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"2.2-1.0.11.0\"\n\t\t_, err := sagemaker.GetPrebuiltEcrImage(ctx, &sagemaker.GetPrebuiltEcrImageArgs{\n\t\t\tImageTag: &opt0,\n\t\t\tRepositoryName: \"sagemaker-scikit-learn\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPrebuiltEcrImage.\n", + "properties": { + "dnsSuffix": { + "type": "string", + "description": "The DNS suffix to use in the registry path. If not specified, the AWS provider sets it to the DNS suffix for the current region.\n" + }, + "imageTag": { + "type": "string", + "description": "The image tag for the Docker image. If not specified, the AWS provider sets the value to `1`, which for many repositories indicates the latest version. Some repositories, such as XGBoost, do not support `1` or `latest` and specific version must be used.\n" + }, + "region": { + "type": "string", + "description": "The region to use in the registry path. If not specified, the AWS provider sets it to the current region.\n" + }, + "repositoryName": { + "type": "string", + "description": "The name of the repository, which is generally the algorithm or library. Values include `blazingtext`, `factorization-machines`, `forecasting-deepar`, `image-classification`, `ipinsights`, `kmeans`, `knn`, `lda`, `linear-learner`, `mxnet-inference-eia`, `mxnet-inference`, `mxnet-training`, `ntm`, `object-detection`, `object2vec`, `pca`, `pytorch-inference-eia`, `pytorch-inference`, `pytorch-training`, `randomcutforest`, `sagemaker-scikit-learn`, `sagemaker-sparkml-serving`, `sagemaker-xgboost`, `semantic-segmentation`, `seq2seq`, `tensorflow-inference-eia`, `tensorflow-inference`, and `tensorflow-training`.\n" + } + }, + "type": "object", + "required": [ + "repositoryName" + ] + }, + "outputs": { + "description": "A collection of values returned by getPrebuiltEcrImage.\n", + "properties": { + "dnsSuffix": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "imageTag": { + "type": "string" + }, + "region": { + "type": "string" + }, + "registryId": { + "type": "string", + "description": "The account ID containing the image. For example, `469771592824`.\n" + }, + "registryPath": { + "type": "string", + "description": "The Docker image URL. For example, `341280168497.dkr.ecr.ca-central-1.amazonaws.com/sagemaker-sparkml-serving:2.4`.\n" + }, + "repositoryName": { + "type": "string" + } + }, + "type": "object", + "required": [ + "registryId", + "registryPath", + "repositoryName", + "id" + ] + } + }, + "aws:secretsmanager/getSecret:getSecret": { + "description": "Retrieve metadata information about a Secrets Manager secret. To retrieve a secret value, see the `aws.secretsmanager.SecretVersion`.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### ARN\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst by_arn = pulumi.output(aws.secretsmanager.getSecret({\n arn: \"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_arn = aws.secretsmanager.get_secret(arn=\"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var by_arn = Output.Create(Aws.SecretsManager.GetSecret.InvokeAsync(new Aws.SecretsManager.GetSecretArgs\n {\n Arn = \"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456\"\n\t\t_, err := secretsmanager.LookupSecret(ctx, &secretsmanager.LookupSecretArgs{\n\t\t\tArn: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Name\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst by_name = pulumi.output(aws.secretsmanager.getSecret({\n name: \"example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_name = aws.secretsmanager.get_secret(name=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var by_name = Output.Create(Aws.SecretsManager.GetSecret.InvokeAsync(new Aws.SecretsManager.GetSecretArgs\n {\n Name = \"example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"example\"\n\t\t_, err := secretsmanager.LookupSecret(ctx, &secretsmanager.LookupSecretArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSecret.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the secret to retrieve.\n" + }, + "name": { + "type": "string", + "description": "The name of the secret to retrieve.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getSecret.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the secret.\n" + }, + "description": { + "type": "string", + "description": "A description of the secret.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "kmsKeyId": { + "type": "string", + "description": "The Key Management Service (KMS) Customer Master Key (CMK) associated with the secret.\n" + }, + "name": { + "type": "string" + }, + "policy": { + "type": "string", + "description": "The resource-based policy document that's attached to the secret.\n" + }, + "rotationEnabled": { + "type": "boolean", + "description": "Whether rotation is enabled or not.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation data source instead" + }, + "rotationLambdaArn": { + "type": "string", + "description": "Rotation Lambda function Amazon Resource Name (ARN) if rotation is enabled.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation data source instead" + }, + "rotationRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:secretsmanager/getSecretRotationRule:getSecretRotationRule" + }, + "description": "Rotation rules if rotation is enabled.\n", + "deprecationMessage": "Use the aws_secretsmanager_secret_rotation data source instead" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags of the secret.\n" + } + }, + "type": "object", + "required": [ + "arn", + "description", + "kmsKeyId", + "name", + "policy", + "rotationEnabled", + "rotationLambdaArn", + "rotationRules", + "tags", + "id" + ] + } + }, + "aws:secretsmanager/getSecretRotation:getSecretRotation": { + "description": "Retrieve information about a Secrets Manager secret rotation. To retrieve secret metadata, see the `aws.secretsmanager.Secret` data source. To retrieve a secret value, see the `aws.secretsmanager.SecretVersion` data source.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Retrieve Secret Rotation Configuration\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.secretsmanager.getSecretRotation({\n secretId: data.aws_secretsmanager_secret.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.secretsmanager.get_secret_rotation(secret_id=data[\"aws_secretsmanager_secret\"][\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.SecretsManager.GetSecretRotation.InvokeAsync(new Aws.SecretsManager.GetSecretRotationArgs\n {\n SecretId = data.Aws_secretsmanager_secret.Example.Id,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.LookupSecretRotation(ctx, &secretsmanager.LookupSecretRotationArgs{\n\t\t\tSecretId: data.Aws_secretsmanager_secret.Example.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSecretRotation.\n", + "properties": { + "secretId": { + "type": "string", + "description": "Specifies the secret containing the version that you want to retrieve. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.\n" + } + }, + "type": "object", + "required": [ + "secretId" + ] + }, + "outputs": { + "description": "A collection of values returned by getSecretRotation.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "rotationEnabled": { + "type": "boolean", + "description": "The ARN of the secret.\n" + }, + "rotationLambdaArn": { + "type": "string", + "description": "The decrypted part of the protected secret information that was originally provided as a string.\n" + }, + "rotationRules": { + "type": "array", + "items": { + "$ref": "#/types/aws:secretsmanager/getSecretRotationRotationRule:getSecretRotationRotationRule" + }, + "description": "The decrypted part of the protected secret information that was originally provided as a binary. Base64 encoded.\n" + }, + "secretId": { + "type": "string" + } + }, + "type": "object", + "required": [ + "rotationEnabled", + "rotationLambdaArn", + "rotationRules", + "secretId", + "id" + ] + } + }, + "aws:secretsmanager/getSecretVersion:getSecretVersion": { + "description": "Retrieve information about a Secrets Manager secret version, including its secret value. To retrieve secret metadata, see the `aws.secretsmanager.Secret` data source.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Retrieve Current Secret Version\n\nBy default, this data sources retrieves information based on the `AWSCURRENT` staging label.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = aws.secretsmanager.getSecretVersion({\n secretId: data.aws_secretsmanager_secret.example.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.secretsmanager.get_secret_version(secret_id=data[\"aws_secretsmanager_secret\"][\"example\"][\"id\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.SecretsManager.GetSecretVersion.InvokeAsync(new Aws.SecretsManager.GetSecretVersionArgs\n {\n SecretId = data.Aws_secretsmanager_secret.Example.Id,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{\n\t\t\tSecretId: data.Aws_secretsmanager_secret.Example.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Retrieve Specific Secret Version\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst by-version-stage = aws.secretsmanager.getSecretVersion({\n secretId: data.aws_secretsmanager_secret.example.id,\n versionStage: \"example\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_version_stage = aws.secretsmanager.get_secret_version(secret_id=data[\"aws_secretsmanager_secret\"][\"example\"][\"id\"],\n version_stage=\"example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var by_version_stage = Output.Create(Aws.SecretsManager.GetSecretVersion.InvokeAsync(new Aws.SecretsManager.GetSecretVersionArgs\n {\n SecretId = data.Aws_secretsmanager_secret.Example.Id,\n VersionStage = \"example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/secretsmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"example\"\n\t\t_, err := secretsmanager.LookupSecretVersion(ctx, &secretsmanager.LookupSecretVersionArgs{\n\t\t\tSecretId: data.Aws_secretsmanager_secret.Example.Id,\n\t\t\tVersionStage: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSecretVersion.\n", + "properties": { + "secretId": { + "type": "string", + "description": "Specifies the secret containing the version that you want to retrieve. You can specify either the Amazon Resource Name (ARN) or the friendly name of the secret.\n" + }, + "versionId": { + "type": "string", + "description": "Specifies the unique identifier of the version of the secret that you want to retrieve. Overrides `version_stage`.\n" + }, + "versionStage": { + "type": "string", + "description": "Specifies the secret version that you want to retrieve by the staging label attached to the version. Defaults to `AWSCURRENT`.\n" + } + }, + "type": "object", + "required": [ + "secretId" + ] + }, + "outputs": { + "description": "A collection of values returned by getSecretVersion.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the secret.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "secretBinary": { + "type": "string", + "description": "The decrypted part of the protected secret information that was originally provided as a binary. Base64 encoded.\n" + }, + "secretId": { + "type": "string" + }, + "secretString": { + "type": "string", + "description": "The decrypted part of the protected secret information that was originally provided as a string.\n" + }, + "versionId": { + "type": "string", + "description": "The unique identifier of this version of the secret.\n" + }, + "versionStage": { + "type": "string" + }, + "versionStages": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "type": "object", + "required": [ + "arn", + "secretBinary", + "secretId", + "secretString", + "versionId", + "versionStages", + "id" + ] + } + }, + "aws:serverlessrepository/getApplication:getApplication": { + "description": "Use this data source to get information about an AWS Serverless Application Repository application. For example, this can be used to determine the required `capabilities` for an application.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst exampleApplication = aws.serverlessrepository.getApplication({\n applicationId: \"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\",\n});\nconst exampleCloudFormationStack = new aws.serverlessrepository.CloudFormationStack(\"exampleCloudFormationStack\", {\n applicationId: exampleApplication.then(exampleApplication => exampleApplication.applicationId),\n semanticVersion: exampleApplication.then(exampleApplication => exampleApplication.semanticVersion),\n capabilities: exampleApplication.then(exampleApplication => exampleApplication.requiredCapabilities),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample_application = aws.serverlessrepository.get_application(application_id=\"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\")\nexample_cloud_formation_stack = aws.serverlessrepository.CloudFormationStack(\"exampleCloudFormationStack\",\n application_id=example_application.application_id,\n semantic_version=example_application.semantic_version,\n capabilities=example_application.required_capabilities)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var exampleApplication = Output.Create(Aws.ServerlessRepository.GetApplication.InvokeAsync(new Aws.ServerlessRepository.GetApplicationArgs\n {\n ApplicationId = \"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\",\n }));\n var exampleCloudFormationStack = new Aws.ServerlessRepository.CloudFormationStack(\"exampleCloudFormationStack\", new Aws.ServerlessRepository.CloudFormationStackArgs\n {\n ApplicationId = exampleApplication.Apply(exampleApplication => exampleApplication.ApplicationId),\n SemanticVersion = exampleApplication.Apply(exampleApplication => exampleApplication.SemanticVersion),\n Capabilities = exampleApplication.Apply(exampleApplication => exampleApplication.RequiredCapabilities),\n });\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/serverlessrepository\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\texampleApplication, err := serverlessrepository.GetApplication(ctx, &serverlessrepository.GetApplicationArgs{\n\t\t\tApplicationId: \"arn:aws:serverlessrepo:us-east-1:123456789012:applications/ExampleApplication\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serverlessrepository.NewCloudFormationStack(ctx, \"exampleCloudFormationStack\", &serverlessrepository.CloudFormationStackArgs{\n\t\t\tApplicationId: pulumi.String(exampleApplication.ApplicationId),\n\t\t\tSemanticVersion: pulumi.String(exampleApplication.SemanticVersion),\n\t\t\tCapabilities: interface{}(exampleApplication.RequiredCapabilities),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getApplication.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The ARN of the application.\n" + }, + "semanticVersion": { + "type": "string", + "description": "The requested version of the application. By default, retrieves the latest version.\n" + } + }, + "type": "object", + "required": [ + "applicationId" + ] + }, + "outputs": { + "description": "A collection of values returned by getApplication.\n", + "properties": { + "applicationId": { + "type": "string", + "description": "The ARN of the application.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the application.\n" + }, + "requiredCapabilities": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of capabilities describing the permissions needed to deploy the application.\n" + }, + "semanticVersion": { + "type": "string" + }, + "sourceCodeUrl": { + "type": "string", + "description": "A URL pointing to the source code of the application version.\n" + }, + "templateUrl": { + "type": "string", + "description": "A URL pointing to the Cloud Formation template for the application version.\n" + } + }, + "type": "object", + "required": [ + "applicationId", + "name", + "requiredCapabilities", + "semanticVersion", + "sourceCodeUrl", + "templateUrl", + "id" + ] + } + }, + "aws:servicecatalog/getConstraint:getConstraint": { + "description": "Provides information on a Service Catalog Constraint.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.servicecatalog.getConstraint({\n acceptLanguage: \"en\",\n id: \"cons-hrvy0335\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.get_constraint(accept_language=\"en\",\n id=\"cons-hrvy0335\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ServiceCatalog.GetConstraint.InvokeAsync(new Aws.ServiceCatalog.GetConstraintArgs\n {\n AcceptLanguage = \"en\",\n Id = \"cons-hrvy0335\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"en\"\n\t\t_, err := servicecatalog.LookupConstraint(ctx, &servicecatalog.LookupConstraintArgs{\n\t\t\tAcceptLanguage: &opt0,\n\t\t\tId: \"cons-hrvy0335\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getConstraint.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "description": { + "type": "string", + "description": "Description of the constraint.\n" + }, + "id": { + "type": "string", + "description": "Constraint identifier.\n" + } + }, + "type": "object", + "required": [ + "id" + ] + }, + "outputs": { + "description": "A collection of values returned by getConstraint.\n", + "properties": { + "acceptLanguage": { + "type": "string" + }, + "description": { + "type": "string", + "description": "Description of the constraint.\n" + }, + "id": { + "type": "string" + }, + "owner": { + "type": "string", + "description": "Owner of the constraint.\n" + }, + "parameters": { + "type": "string", + "description": "Constraint parameters in JSON format.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier.\n" + }, + "status": { + "type": "string", + "description": "Constraint status.\n" + }, + "type": { + "type": "string", + "description": "Type of constraint. Valid values are `LAUNCH`, `NOTIFICATION`, `RESOURCE_UPDATE`, `STACKSET`, and `TEMPLATE`.\n" + } + }, + "type": "object", + "required": [ + "description", + "id", + "owner", + "parameters", + "portfolioId", + "productId", + "status", + "type" + ] + } + }, + "aws:servicecatalog/getLaunchPaths:getLaunchPaths": { + "description": "Lists the paths to the specified product. A path is how the user has access to a specified product, and is necessary when provisioning a product. A path also determines the constraints put on the product.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.servicecatalog.getLaunchPaths({\n productId: \"prod-yakog5pdriver\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.get_launch_paths(product_id=\"prod-yakog5pdriver\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ServiceCatalog.GetLaunchPaths.InvokeAsync(new Aws.ServiceCatalog.GetLaunchPathsArgs\n {\n ProductId = \"prod-yakog5pdriver\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.GetLaunchPaths(ctx, &servicecatalog.GetLaunchPathsArgs{\n\t\t\tProductId: \"prod-yakog5pdriver\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLaunchPaths.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier.\n" + } + }, + "type": "object", + "required": [ + "productId" + ] + }, + "outputs": { + "description": "A collection of values returned by getLaunchPaths.\n", + "properties": { + "acceptLanguage": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "productId": { + "type": "string" + }, + "summaries": { + "type": "array", + "items": { + "$ref": "#/types/aws:servicecatalog/getLaunchPathsSummary:getLaunchPathsSummary" + }, + "description": "Block with information about the launch path. See details below.\n" + } + }, + "type": "object", + "required": [ + "productId", + "summaries", + "id" + ] + } + }, + "aws:servicecatalog/getPortfolio:getPortfolio": { + "description": "Provides information for a Service Catalog Portfolio.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst portfolio = pulumi.output(aws.servicecatalog.getPortfolio({\n id: \"port-07052002\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nportfolio = aws.servicecatalog.get_portfolio(id=\"port-07052002\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var portfolio = Output.Create(Aws.ServiceCatalog.GetPortfolio.InvokeAsync(new Aws.ServiceCatalog.GetPortfolioArgs\n {\n Id = \"port-07052002\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.LookupPortfolio(ctx, &servicecatalog.LookupPortfolioArgs{\n\t\t\tId: \"port-07052002\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPortfolio.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "id": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags applied to the portfolio.\n" + } + }, + "type": "object", + "required": [ + "id" + ] + }, + "outputs": { + "description": "A collection of values returned by getPortfolio.\n", + "properties": { + "acceptLanguage": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "Portfolio ARN.\n" + }, + "createdTime": { + "type": "string", + "description": "Time the portfolio was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the portfolio\n" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string", + "description": "Portfolio name.\n" + }, + "providerName": { + "type": "string", + "description": "Name of the person or organization who owns the portfolio.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags applied to the portfolio.\n" + } + }, + "type": "object", + "required": [ + "arn", + "createdTime", + "description", + "id", + "name", + "providerName", + "tags" + ] + } + }, + "aws:servicecatalog/getPortfolioConstraints:getPortfolioConstraints": { + "description": "Provides information on Service Catalog Portfolio Constraints.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.servicecatalog.getPortfolioConstraints({\n portfolioId: \"port-3lli3b3an\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.get_portfolio_constraints(portfolio_id=\"port-3lli3b3an\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ServiceCatalog.GetPortfolioConstraints.InvokeAsync(new Aws.ServiceCatalog.GetPortfolioConstraintsArgs\n {\n PortfolioId = \"port-3lli3b3an\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.GetPortfolioConstraints(ctx, &servicecatalog.GetPortfolioConstraintsArgs{\n\t\t\tPortfolioId: \"port-3lli3b3an\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPortfolioConstraints.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "portfolioId": { + "type": "string", + "description": "Portfolio identifier.\n" + }, + "productId": { + "type": "string", + "description": "Product identifier.\n" + } + }, + "type": "object", + "required": [ + "portfolioId" + ] + }, + "outputs": { + "description": "A collection of values returned by getPortfolioConstraints.\n", + "properties": { + "acceptLanguage": { + "type": "string" + }, + "details": { + "type": "array", + "items": { + "$ref": "#/types/aws:servicecatalog/getPortfolioConstraintsDetail:getPortfolioConstraintsDetail" + }, + "description": "List of information about the constraints. See details below.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "portfolioId": { + "type": "string", + "description": "Identifier of the portfolio the product resides in. The constraint applies only to the instance of the product that lives within this portfolio.\n" + }, + "productId": { + "type": "string", + "description": "Identifier of the product the constraint applies to. A constraint applies to a specific instance of a product within a certain portfolio.\n" + } + }, + "type": "object", + "required": [ + "details", + "portfolioId", + "id" + ] + } + }, + "aws:servicecatalog/getProduct:getProduct": { + "description": "Provides information on a Service Catalog Product.\n\n> **Tip:** A \"provisioning artifact\" is also referred to as a \"version.\" A \"distributor\" is also referred to as a \"vendor.\"\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Basic Usage\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.servicecatalog.getProduct({\n id: \"prod-dnigbtea24ste\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicecatalog.get_product(id=\"prod-dnigbtea24ste\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ServiceCatalog.GetProduct.InvokeAsync(new Aws.ServiceCatalog.GetProductArgs\n {\n Id = \"prod-dnigbtea24ste\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicecatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicecatalog.LookupProduct(ctx, &servicecatalog.LookupProductArgs{\n\t\t\tId: \"prod-dnigbtea24ste\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getProduct.\n", + "properties": { + "acceptLanguage": { + "type": "string", + "description": "Language code. Valid values: `en` (English), `jp` (Japanese), `zh` (Chinese). Default value is `en`.\n" + }, + "id": { + "type": "string", + "description": "Product ID.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the product.\n" + } + }, + "type": "object", + "required": [ + "id" + ] + }, + "outputs": { + "description": "A collection of values returned by getProduct.\n", + "properties": { + "acceptLanguage": { + "type": "string" + }, + "arn": { + "type": "string", + "description": "ARN of the product.\n" + }, + "createdTime": { + "type": "string", + "description": "Time when the product was created.\n" + }, + "description": { + "type": "string", + "description": "Description of the product.\n" + }, + "distributor": { + "type": "string", + "description": "Distributor (i.e., vendor) of the product.\n" + }, + "hasDefaultPath": { + "type": "boolean", + "description": "Whether the product has a default path.\n" + }, + "id": { + "type": "string" + }, + "name": { + "type": "string", + "description": "Name of the product.\n" + }, + "owner": { + "type": "string", + "description": "Owner of the product.\n" + }, + "status": { + "type": "string", + "description": "Status of the product.\n" + }, + "supportDescription": { + "type": "string", + "description": "Support information about the product.\n" + }, + "supportEmail": { + "type": "string", + "description": "Contact email for product support.\n" + }, + "supportUrl": { + "type": "string", + "description": "Contact URL for product support.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Tags to apply to the product.\n" + }, + "type": { + "type": "string", + "description": "Type of product.\n" + } + }, + "type": "object", + "required": [ + "arn", + "createdTime", + "description", + "distributor", + "hasDefaultPath", + "id", + "name", + "owner", + "status", + "supportDescription", + "supportEmail", + "supportUrl", + "tags", + "type" + ] + } + }, + "aws:servicediscovery/getDnsNamespace:getDnsNamespace": { + "description": "Retrieves information about a Service Discovery private or public DNS namespace.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = pulumi.output(aws.servicediscovery.getDnsNamespace({\n name: \"example.service.local\",\n type: \"DNS_PRIVATE\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.servicediscovery.get_dns_namespace(name=\"example.service.local\",\n type=\"DNS_PRIVATE\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.ServiceDiscovery.GetDnsNamespace.InvokeAsync(new Aws.ServiceDiscovery.GetDnsNamespaceArgs\n {\n Name = \"example.service.local\",\n Type = \"DNS_PRIVATE\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicediscovery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicediscovery.GetDnsNamespace(ctx, &servicediscovery.GetDnsNamespaceArgs{\n\t\t\tName: \"example.service.local\",\n\t\t\tType: \"DNS_PRIVATE\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDnsNamespace.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the namespace.\n" + }, + "type": { + "type": "string", + "description": "The type of the namespace. Allowed values are `DNS_PUBLIC` or `DNS_PRIVATE`.\n" + } + }, + "type": "object", + "required": [ + "name", + "type" + ] + }, + "outputs": { + "description": "A collection of values returned by getDnsNamespace.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the namespace.\n" + }, + "description": { + "type": "string", + "description": "A description of the namespace.\n" + }, + "hostedZone": { + "type": "string", + "description": "The ID for the hosted zone that Amazon Route 53 creates when you create a namespace.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "description", + "hostedZone", + "name", + "type", + "id" + ] + } + }, + "aws:servicequotas/getService:getService": { + "description": "Retrieve information about a Service Quotas Service.\n\n> **NOTE:** Global quotas apply to all AWS regions, but can only be accessed in `us-east-1` in the Commercial partition or `us-gov-west-1` in the GovCloud partition. In other regions, the AWS API will return the error `The request failed because the specified service does not exist.`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.servicequotas.getService({\n serviceName: \"Amazon Virtual Private Cloud (Amazon VPC)\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.servicequotas.get_service(service_name=\"Amazon Virtual Private Cloud (Amazon VPC)\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.ServiceQuotas.GetService.InvokeAsync(new Aws.ServiceQuotas.GetServiceArgs\n {\n ServiceName = \"Amazon Virtual Private Cloud (Amazon VPC)\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicequotas\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicequotas.GetService(ctx, &servicequotas.GetServiceArgs{\n\t\t\tServiceName: \"Amazon Virtual Private Cloud (Amazon VPC)\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getService.\n", + "properties": { + "serviceName": { + "type": "string", + "description": "Service name to lookup within Service Quotas. Available values can be found with the [AWS CLI service-quotas list-services command](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-services.html).\n" + } + }, + "type": "object", + "required": [ + "serviceName" + ] + }, + "outputs": { + "description": "A collection of values returned by getService.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "serviceCode": { + "type": "string", + "description": "Code of the service.\n" + }, + "serviceName": { + "type": "string" + } + }, + "type": "object", + "required": [ + "serviceCode", + "serviceName", + "id" + ] + } + }, + "aws:servicequotas/getServiceQuota:getServiceQuota": { + "description": "Retrieve information about a Service Quota.\n\n> **NOTE:** Global quotas apply to all AWS regions, but can only be accessed in `us-east-1` in the Commercial partition or `us-gov-west-1` in the GovCloud partition. In other regions, the AWS API will return the error `The request failed because the specified service does not exist.`\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst byQuotaCode = pulumi.output(aws.servicequotas.getServiceQuota({\n quotaCode: \"L-F678F1CE\",\n serviceCode: \"vpc\",\n}));\nconst byQuotaName = pulumi.output(aws.servicequotas.getServiceQuota({\n quotaName: \"VPCs per Region\",\n serviceCode: \"vpc\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nby_quota_code = aws.servicequotas.get_service_quota(quota_code=\"L-F678F1CE\",\n service_code=\"vpc\")\nby_quota_name = aws.servicequotas.get_service_quota(quota_name=\"VPCs per Region\",\n service_code=\"vpc\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var byQuotaCode = Output.Create(Aws.ServiceQuotas.GetServiceQuota.InvokeAsync(new Aws.ServiceQuotas.GetServiceQuotaArgs\n {\n QuotaCode = \"L-F678F1CE\",\n ServiceCode = \"vpc\",\n }));\n var byQuotaName = Output.Create(Aws.ServiceQuotas.GetServiceQuota.InvokeAsync(new Aws.ServiceQuotas.GetServiceQuotaArgs\n {\n QuotaName = \"VPCs per Region\",\n ServiceCode = \"vpc\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/servicequotas\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"L-F678F1CE\"\n\t\t_, err := servicequotas.LookupServiceQuota(ctx, &servicequotas.LookupServiceQuotaArgs{\n\t\t\tQuotaCode: &opt0,\n\t\t\tServiceCode: \"vpc\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topt1 := \"VPCs per Region\"\n\t\t_, err = servicequotas.LookupServiceQuota(ctx, &servicequotas.LookupServiceQuotaArgs{\n\t\t\tQuotaName: &opt1,\n\t\t\tServiceCode: \"vpc\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getServiceQuota.\n", + "properties": { + "quotaCode": { + "type": "string", + "description": "Quota code within the service. When configured, the data source directly looks up the service quota. Available values can be found with the [AWS CLI service-quotas list-service-quotas command](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-service-quotas.html).\n" + }, + "quotaName": { + "type": "string", + "description": "Quota name within the service. When configured, the data source searches through all service quotas to find the matching quota name. Available values can be found with the [AWS CLI service-quotas list-service-quotas command](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-service-quotas.html).\n" + }, + "serviceCode": { + "type": "string", + "description": "Service code for the quota. Available values can be found with the `aws.servicequotas.getService` data source or [AWS CLI service-quotas list-services command](https://docs.aws.amazon.com/cli/latest/reference/service-quotas/list-services.html).\n" + } + }, + "type": "object", + "required": [ + "serviceCode" + ] + }, + "outputs": { + "description": "A collection of values returned by getServiceQuota.\n", + "properties": { + "adjustable": { + "type": "boolean", + "description": "Whether the service quota is adjustable.\n" + }, + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the service quota.\n" + }, + "defaultValue": { + "type": "number", + "description": "Default value of the service quota.\n" + }, + "globalQuota": { + "type": "boolean", + "description": "Whether the service quota is global for the AWS account.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "quotaCode": { + "type": "string" + }, + "quotaName": { + "type": "string" + }, + "serviceCode": { + "type": "string" + }, + "serviceName": { + "type": "string", + "description": "Name of the service.\n" + }, + "value": { + "type": "number", + "description": "Current value of the service quota.\n" + } + }, + "type": "object", + "required": [ + "adjustable", + "arn", + "defaultValue", + "globalQuota", + "quotaCode", + "quotaName", + "serviceCode", + "serviceName", + "value", + "id" + ] + } + }, + "aws:sfn/getActivity:getActivity": { + "description": "Provides a Step Functions Activity data source\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst sfnActivity = pulumi.output(aws.sfn.getActivity({\n name: \"my-activity\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nsfn_activity = aws.sfn.get_activity(name=\"my-activity\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var sfnActivity = Output.Create(Aws.Sfn.GetActivity.InvokeAsync(new Aws.Sfn.GetActivityArgs\n {\n Name = \"my-activity\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"my-activity\"\n\t\t_, err := sfn.LookupActivity(ctx, &sfn.LookupActivityArgs{\n\t\t\tName: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getActivity.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) that identifies the activity.\n" + }, + "name": { + "type": "string", + "description": "The name that identifies the activity.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getActivity.\n", + "properties": { + "arn": { + "type": "string" + }, + "creationDate": { + "type": "string", + "description": "The date the activity was created.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "creationDate", + "name", + "id" + ] + } + }, + "aws:sfn/getStateMachine:getStateMachine": { + "description": "Use this data source to get the ARN of a State Machine in AWS Step\nFunction (SFN). By using this data source, you can reference a\nstate machine without having to hard code the ARNs as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.sfn.getStateMachine({\n name: \"an_example_sfn_name\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sfn.get_state_machine(name=\"an_example_sfn_name\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Sfn.GetStateMachine.InvokeAsync(new Aws.Sfn.GetStateMachineArgs\n {\n Name = \"an_example_sfn_name\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sfn\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sfn.LookupStateMachine(ctx, &sfn.LookupStateMachineArgs{\n\t\t\tName: \"an_example_sfn_name\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getStateMachine.\n", + "properties": { + "name": { + "type": "string", + "description": "The friendly name of the state machine to match.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getStateMachine.\n", + "properties": { + "arn": { + "type": "string", + "description": "Set to the arn of the state function.\n" + }, + "creationDate": { + "type": "string", + "description": "The date the state machine was created.\n" + }, + "definition": { + "type": "string", + "description": "Set to the state machine definition.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "roleArn": { + "type": "string", + "description": "Set to the role_arn used by the state function.\n" + }, + "status": { + "type": "string", + "description": "Set to the current status of the state machine.\n" + } + }, + "type": "object", + "required": [ + "arn", + "creationDate", + "definition", + "name", + "roleArn", + "status", + "id" + ] + } + }, + "aws:signer/getSigningJob:getSigningJob": { + "description": "Provides information about a Signer Signing Job.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst buildSigningJob = pulumi.output(aws.signer.getSigningJob({\n jobId: \"9ed7e5c3-b8d4-4da0-8459-44e0b068f7ee\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nbuild_signing_job = aws.signer.get_signing_job(job_id=\"9ed7e5c3-b8d4-4da0-8459-44e0b068f7ee\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var buildSigningJob = Output.Create(Aws.Signer.GetSigningJob.InvokeAsync(new Aws.Signer.GetSigningJobArgs\n {\n JobId = \"9ed7e5c3-b8d4-4da0-8459-44e0b068f7ee\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/signer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := signer.LookupSigningJob(ctx, &signer.LookupSigningJobArgs{\n\t\t\tJobId: \"9ed7e5c3-b8d4-4da0-8459-44e0b068f7ee\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSigningJob.\n", + "properties": { + "jobId": { + "type": "string", + "description": "The ID of the signing job on output.\n" + } + }, + "type": "object", + "required": [ + "jobId" + ] + }, + "outputs": { + "description": "A collection of values returned by getSigningJob.\n", + "properties": { + "completedAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the signing job was completed.\n" + }, + "createdAt": { + "type": "string", + "description": "Date and time in [RFC3339 format](https://tools.ietf.org/html/rfc3339#section-5.8) that the signing job was created.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "jobId": { + "type": "string" + }, + "jobInvoker": { + "type": "string", + "description": "The IAM entity that initiated the signing job.\n" + }, + "jobOwner": { + "type": "string", + "description": "The AWS account ID of the job owner.\n" + }, + "platformDisplayName": { + "type": "string", + "description": "A human-readable name for the signing platform associated with the signing job.\n" + }, + "platformId": { + "type": "string", + "description": "The platform to which your signed code image will be distributed.\n" + }, + "profileName": { + "type": "string", + "description": "The name of the profile that initiated the signing operation.\n" + }, + "profileVersion": { + "type": "string", + "description": "The version of the signing profile used to initiate the signing job.\n" + }, + "requestedBy": { + "type": "string", + "description": "The IAM principal that requested the signing job.\n" + }, + "revocationRecords": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/getSigningJobRevocationRecord:getSigningJobRevocationRecord" + }, + "description": "A revocation record if the signature generated by the signing job has been revoked. Contains a timestamp and the ID of the IAM entity that revoked the signature.\n" + }, + "signatureExpiresAt": { + "type": "string", + "description": "The time when the signature of a signing job expires.\n" + }, + "signedObjects": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/getSigningJobSignedObject:getSigningJobSignedObject" + }, + "description": "Name of the S3 bucket where the signed code image is saved by code signing.\n" + }, + "sources": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/getSigningJobSource:getSigningJobSource" + }, + "description": "The object that contains the name of your S3 bucket or your raw code.\n" + }, + "status": { + "type": "string", + "description": "Status of the signing job.\n" + }, + "statusReason": { + "type": "string", + "description": "String value that contains the status reason.\n" + } + }, + "type": "object", + "required": [ + "completedAt", + "createdAt", + "jobId", + "jobInvoker", + "jobOwner", + "platformDisplayName", + "platformId", + "profileName", + "profileVersion", + "requestedBy", + "revocationRecords", + "signatureExpiresAt", + "signedObjects", + "sources", + "status", + "statusReason", + "id" + ] + } + }, + "aws:signer/getSigningProfile:getSigningProfile": { + "description": "Provides information about a Signer Signing Profile.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst productionSigningProfile = pulumi.output(aws.signer.getSigningProfile({\n name: \"prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nproduction_signing_profile = aws.signer.get_signing_profile(name=\"prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var productionSigningProfile = Output.Create(Aws.Signer.GetSigningProfile.InvokeAsync(new Aws.Signer.GetSigningProfileArgs\n {\n Name = \"prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/signer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := signer.LookupSigningProfile(ctx, &signer.LookupSigningProfileArgs{\n\t\t\tName: \"prod_profile_DdW3Mk1foYL88fajut4mTVFGpuwfd4ACO6ANL0D1uIj7lrn8adK\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getSigningProfile.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the target signing profile.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags associated with the signing profile.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getSigningProfile.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the signing profile.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "platformDisplayName": { + "type": "string", + "description": "A human-readable name for the signing platform associated with the signing profile.\n" + }, + "platformId": { + "type": "string", + "description": "The ID of the platform that is used by the target signing profile.\n" + }, + "revocationRecords": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/getSigningProfileRevocationRecord:getSigningProfileRevocationRecord" + }, + "description": "Revocation information for a signing profile.\n" + }, + "signatureValidityPeriods": { + "type": "array", + "items": { + "$ref": "#/types/aws:signer/getSigningProfileSignatureValidityPeriod:getSigningProfileSignatureValidityPeriod" + }, + "description": "The validity period for a signing job.\n" + }, + "status": { + "type": "string", + "description": "The status of the target signing profile.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A list of tags associated with the signing profile.\n" + }, + "version": { + "type": "string", + "description": "The current version of the signing profile.\n" + }, + "versionArn": { + "type": "string", + "description": "The signing profile ARN, including the profile version.\n" + } + }, + "type": "object", + "required": [ + "arn", + "name", + "platformDisplayName", + "platformId", + "revocationRecords", + "signatureValidityPeriods", + "status", + "tags", + "version", + "versionArn", + "id" + ] + } + }, + "aws:sns/getTopic:getTopic": { + "description": "Use this data source to get the ARN of a topic in AWS Simple Notification\nService (SNS). By using this data source, you can reference SNS topics\nwithout having to hard code the ARNs as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.sns.getTopic({\n name: \"an_example_topic\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sns.get_topic(name=\"an_example_topic\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Sns.GetTopic.InvokeAsync(new Aws.Sns.GetTopicArgs\n {\n Name = \"an_example_topic\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sns.LookupTopic(ctx, &sns.LookupTopicArgs{\n\t\t\tName: \"an_example_topic\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getTopic.\n", + "properties": { + "name": { + "type": "string", + "description": "The friendly name of the topic to match.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getTopic.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the found topic, suitable for referencing in other resources that support SNS topics.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "name", + "id" + ] + } + }, + "aws:sqs/getQueue:getQueue": { + "description": "Use this data source to get the ARN and URL of queue in AWS Simple Queue Service (SQS).\nBy using this data source, you can reference SQS queues without having to hardcode\nthe ARNs as input.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.sqs.getQueue({\n name: \"queue\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.sqs.get_queue(name=\"queue\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Sqs.GetQueue.InvokeAsync(new Aws.Sqs.GetQueueArgs\n {\n Name = \"queue\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/sqs\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := sqs.LookupQueue(ctx, &sqs.LookupQueueArgs{\n\t\t\tName: \"queue\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getQueue.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the queue to match.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the resource.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getQueue.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the queue.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags for the resource.\n" + }, + "url": { + "type": "string", + "description": "The URL of the queue.\n" + } + }, + "type": "object", + "required": [ + "arn", + "name", + "tags", + "url", + "id" + ] + } + }, + "aws:ssm/getDocument:getDocument": { + "description": "Gets the contents of the specified Systems Manager document.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nTo get the contents of the document owned by AWS.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = aws.ssm.getDocument({\n name: \"AWS-GatherSoftwareInventory\",\n documentFormat: \"YAML\",\n});\nexport const content = foo.then(foo => foo.content);\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ssm.get_document(name=\"AWS-GatherSoftwareInventory\",\n document_format=\"YAML\")\npulumi.export(\"content\", foo.content)\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = Output.Create(Aws.Ssm.GetDocument.InvokeAsync(new Aws.Ssm.GetDocumentArgs\n {\n Name = \"AWS-GatherSoftwareInventory\",\n DocumentFormat = \"YAML\",\n }));\n this.Content = foo.Apply(foo => foo.Content);\n }\n\n [Output(\"content\")]\n public Output Content { get; set; }\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"YAML\"\n\t\tfoo, err := ssm.LookupDocument(ctx, &ssm.LookupDocumentArgs{\n\t\t\tName: \"AWS-GatherSoftwareInventory\",\n\t\t\tDocumentFormat: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"content\", foo.Content)\n\t\treturn nil\n\t})\n}\n```\n\nTo get the contents of the custom document.\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.ssm.getDocument({\n name: aws_ssm_document.test.name,\n documentFormat: \"JSON\",\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.ssm.get_document(name=aws_ssm_document[\"test\"][\"name\"],\n document_format=\"JSON\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.Ssm.GetDocument.InvokeAsync(new Aws.Ssm.GetDocumentArgs\n {\n Name = aws_ssm_document.Test.Name,\n DocumentFormat = \"JSON\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"JSON\"\n\t\t_, err := ssm.LookupDocument(ctx, &ssm.LookupDocumentArgs{\n\t\t\tName: aws_ssm_document.Test.Name,\n\t\t\tDocumentFormat: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDocument.\n", + "properties": { + "documentFormat": { + "type": "string", + "description": "Returns the document in the specified format. The document format can be either JSON or YAML. JSON is the default format.\n" + }, + "documentVersion": { + "type": "string", + "description": "The document version for which you want information.\n" + }, + "name": { + "type": "string", + "description": "The name of the Systems Manager document.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getDocument.\n", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of the document.\n" + }, + "content": { + "type": "string", + "description": "The contents of the document.\n" + }, + "documentFormat": { + "type": "string" + }, + "documentType": { + "type": "string", + "description": "The type of the document.\n" + }, + "documentVersion": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "content", + "documentType", + "name", + "id" + ] + } + }, + "aws:ssm/getParameter:getParameter": { + "description": "Provides an SSM Parameter data source.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst foo = pulumi.output(aws.ssm.getParameter({\n name: \"foo\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nfoo = aws.ssm.get_parameter(name=\"foo\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var foo = Output.Create(Aws.Ssm.GetParameter.InvokeAsync(new Aws.Ssm.GetParameterArgs\n {\n Name = \"foo\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := ssm.LookupParameter(ctx, &ssm.LookupParameterArgs{\n\t\t\tName: \"foo\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\n> **Note:** The data source is currently following the behavior of the [SSM API](https://docs.aws.amazon.com/sdk-for-go/api/service/ssm/#Parameter) to return a string value, regardless of parameter type.\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getParameter.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the parameter.\n" + }, + "withDecryption": { + "type": "boolean", + "description": "Whether to return decrypted `SecureString` value. Defaults to `true`.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getParameter.\n", + "properties": { + "arn": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "type": { + "type": "string" + }, + "value": { + "type": "string" + }, + "version": { + "type": "integer" + }, + "withDecryption": { + "type": "boolean" + } + }, + "type": "object", + "required": [ + "arn", + "name", + "type", + "value", + "version", + "id" + ] + } + }, + "aws:ssm/getPatchBaseline:getPatchBaseline": { + "description": "Provides an SSM Patch Baseline data source. Useful if you wish to reuse the default baselines provided.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\nTo retrieve a baseline provided by AWS:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst centos = pulumi.output(aws.ssm.getPatchBaseline({\n namePrefix: \"AWS-\",\n operatingSystem: \"CENTOS\",\n owner: \"AWS\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ncentos = aws.ssm.get_patch_baseline(name_prefix=\"AWS-\",\n operating_system=\"CENTOS\",\n owner=\"AWS\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var centos = Output.Create(Aws.Ssm.GetPatchBaseline.InvokeAsync(new Aws.Ssm.GetPatchBaselineArgs\n {\n NamePrefix = \"AWS-\",\n OperatingSystem = \"CENTOS\",\n Owner = \"AWS\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"AWS-\"\n\t\topt1 := \"CENTOS\"\n\t\t_, err := ssm.LookupPatchBaseline(ctx, &ssm.LookupPatchBaselineArgs{\n\t\t\tNamePrefix: &opt0,\n\t\t\tOperatingSystem: &opt1,\n\t\t\tOwner: \"AWS\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n\nTo retrieve a baseline on your account:\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst defaultCustom = pulumi.output(aws.ssm.getPatchBaseline({\n defaultBaseline: true,\n namePrefix: \"MyCustomBaseline\",\n operatingSystem: \"WINDOWS\",\n owner: \"Self\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ndefault_custom = aws.ssm.get_patch_baseline(default_baseline=True,\n name_prefix=\"MyCustomBaseline\",\n operating_system=\"WINDOWS\",\n owner=\"Self\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var defaultCustom = Output.Create(Aws.Ssm.GetPatchBaseline.InvokeAsync(new Aws.Ssm.GetPatchBaselineArgs\n {\n DefaultBaseline = true,\n NamePrefix = \"MyCustomBaseline\",\n OperatingSystem = \"WINDOWS\",\n Owner = \"Self\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/ssm\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := true\n\t\topt1 := \"MyCustomBaseline\"\n\t\topt2 := \"WINDOWS\"\n\t\t_, err := ssm.LookupPatchBaseline(ctx, &ssm.LookupPatchBaselineArgs{\n\t\t\tDefaultBaseline: &opt0,\n\t\t\tNamePrefix: &opt1,\n\t\t\tOperatingSystem: &opt2,\n\t\t\tOwner: \"Self\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getPatchBaseline.\n", + "properties": { + "defaultBaseline": { + "type": "boolean", + "description": "Filters the results against the baselines default_baseline field.\n" + }, + "namePrefix": { + "type": "string", + "description": "Filter results by the baseline name prefix.\n" + }, + "operatingSystem": { + "type": "string", + "description": "The specified OS for the baseline.\n" + }, + "owner": { + "type": "string", + "description": "The owner of the baseline. Valid values: `All`, `AWS`, `Self` (the current account).\n" + } + }, + "type": "object", + "required": [ + "owner" + ] + }, + "outputs": { + "description": "A collection of values returned by getPatchBaseline.\n", + "properties": { + "defaultBaseline": { + "type": "boolean" + }, + "description": { + "type": "string", + "description": "The description of the baseline.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the baseline.\n" + }, + "namePrefix": { + "type": "string" + }, + "operatingSystem": { + "type": "string" + }, + "owner": { + "type": "string" + } + }, + "type": "object", + "required": [ + "description", + "name", + "owner", + "id" + ] + } + }, + "aws:ssoadmin/getInstances:getInstances": { + "description": "Use this data source to get ARNs and Identity Store IDs of Single Sign-On (SSO) Instances.\n", + "outputs": { + "description": "A collection of values returned by getInstances.\n", + "properties": { + "arns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of Amazon Resource Names (ARNs) of the SSO Instances.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "identityStoreIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Set of identifiers of the identity stores connected to the SSO Instances.\n" + } + }, + "type": "object", + "required": [ + "arns", + "identityStoreIds", + "id" + ] + } + }, + "aws:ssoadmin/getPermissionSet:getPermissionSet": { + "description": "Use this data source to get a Single Sign-On (SSO) Permission Set.\n", + "inputs": { + "description": "A collection of arguments for invoking getPermissionSet.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the permission set.\n" + }, + "instanceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the SSO Instance associated with the permission set.\n" + }, + "name": { + "type": "string", + "description": "The name of the SSO Permission Set.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + } + }, + "type": "object", + "required": [ + "instanceArn" + ] + }, + "outputs": { + "description": "A collection of values returned by getPermissionSet.\n", + "properties": { + "arn": { + "type": "string" + }, + "createdDate": { + "type": "string" + }, + "description": { + "type": "string", + "description": "The description of the Permission Set.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "instanceArn": { + "type": "string" + }, + "name": { + "type": "string" + }, + "relayState": { + "type": "string", + "description": "The relay state URL used to redirect users within the application during the federation authentication process.\n" + }, + "sessionDuration": { + "type": "string", + "description": "The length of time that the application user sessions are valid in the ISO-8601 standard.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Key-value map of resource tags.\n" + } + }, + "type": "object", + "required": [ + "arn", + "createdDate", + "description", + "instanceArn", + "name", + "relayState", + "sessionDuration", + "tags", + "id" + ] + } + }, + "aws:storagegateway/getLocalDisk:getLocalDisk": { + "description": "Retrieve information about a Storage Gateway local disk. The disk identifier is useful for adding the disk as a cache or upload buffer to a gateway.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst test = aws.storagegateway.getLocalDisk({\n diskPath: aws_volume_attachment.test.device_name,\n gatewayArn: aws_storagegateway_gateway.test.arn,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ntest = aws.storagegateway.get_local_disk(disk_path=aws_volume_attachment[\"test\"][\"device_name\"],\n gateway_arn=aws_storagegateway_gateway[\"test\"][\"arn\"])\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var test = Output.Create(Aws.StorageGateway.GetLocalDisk.InvokeAsync(new Aws.StorageGateway.GetLocalDiskArgs\n {\n DiskPath = aws_volume_attachment.Test.Device_name,\n GatewayArn = aws_storagegateway_gateway.Test.Arn,\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/storagegateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := aws_volume_attachment.Test.Device_name\n\t\t_, err := storagegateway.GetLocalDisk(ctx, &storagegateway.GetLocalDiskArgs{\n\t\t\tDiskPath: &opt0,\n\t\t\tGatewayArn: aws_storagegateway_gateway.Test.Arn,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getLocalDisk.\n", + "properties": { + "diskNode": { + "type": "string", + "description": "The device node of the local disk to retrieve. For example, `/dev/sdb`.\n" + }, + "diskPath": { + "type": "string", + "description": "The device path of the local disk to retrieve. For example, `/dev/xvdb` or `/dev/nvme1n1`.\n" + }, + "gatewayArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the gateway.\n" + } + }, + "type": "object", + "required": [ + "gatewayArn" + ] + }, + "outputs": { + "description": "A collection of values returned by getLocalDisk.\n", + "properties": { + "diskId": { + "type": "string", + "description": "The disk identifier. e.g. `pci-0000:03:00.0-scsi-0:0:0:0`\n" + }, + "diskNode": { + "type": "string" + }, + "diskPath": { + "type": "string" + }, + "gatewayArn": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + } + }, + "type": "object", + "required": [ + "diskId", + "diskNode", + "diskPath", + "gatewayArn", + "id" + ] + } + }, + "aws:transfer/getServer:getServer": { + "description": "Use this data source to get the ARN of an AWS Transfer Server for use in other\nresources.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.transfer.getServer({\n serverId: \"s-1234567\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.transfer.get_server(server_id=\"s-1234567\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Transfer.GetServer.InvokeAsync(new Aws.Transfer.GetServerArgs\n {\n ServerId = \"s-1234567\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/transfer\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := transfer.LookupServer(ctx, &transfer.LookupServerArgs{\n\t\t\tServerId: \"s-1234567\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getServer.\n", + "properties": { + "serverId": { + "type": "string", + "description": "ID for an SFTP server.\n" + } + }, + "type": "object", + "required": [ + "serverId" + ] + }, + "outputs": { + "description": "A collection of values returned by getServer.\n", + "properties": { + "arn": { + "type": "string", + "description": "Amazon Resource Name (ARN) of Transfer Server.\n" + }, + "certificate": { + "type": "string", + "description": "The ARN of any certificate.\n" + }, + "domain": { + "type": "string", + "description": "The domain of the storage system that is used for file transfers.\n" + }, + "endpoint": { + "type": "string", + "description": "The endpoint of the Transfer Server (e.g. `s-12345678.server.transfer.REGION.amazonaws.com`).\n" + }, + "endpointType": { + "type": "string", + "description": "The type of endpoint that the server is connected to.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "identityProviderType": { + "type": "string", + "description": "The mode of authentication enabled for this service. The default value is `SERVICE_MANAGED`, which allows you to store and access SFTP user credentials within the service. `API_GATEWAY` indicates that user authentication requires a call to an API Gateway endpoint URL provided by you to integrate an identity provider of your choice.\n" + }, + "invocationRole": { + "type": "string", + "description": "Amazon Resource Name (ARN) of the IAM role used to authenticate the user account with an `identity_provider_type` of `API_GATEWAY`.\n" + }, + "loggingRole": { + "type": "string", + "description": "Amazon Resource Name (ARN) of an IAM role that allows the service to write your SFTP users’ activity to your Amazon CloudWatch logs for monitoring and auditing purposes.\n" + }, + "protocols": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint.\n" + }, + "securityPolicyName": { + "type": "string", + "description": "The name of the security policy that is attached to the server.\n" + }, + "serverId": { + "type": "string" + }, + "url": { + "type": "string", + "description": "URL of the service endpoint used to authenticate users with an `identity_provider_type` of `API_GATEWAY`.\n" + } + }, + "type": "object", + "required": [ + "arn", + "certificate", + "domain", + "endpoint", + "endpointType", + "identityProviderType", + "invocationRole", + "loggingRole", + "protocols", + "securityPolicyName", + "serverId", + "url", + "id" + ] + } + }, + "aws:waf/getIpset:getIpset": { + "description": "`aws.waf.IpSet` Retrieves a WAF IP Set Resource Id.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.waf.getIpset({\n name: \"tfWAFIPSet\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.waf.get_ipset(name=\"tfWAFIPSet\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Waf.GetIpset.InvokeAsync(new Aws.Waf.GetIpsetArgs\n {\n Name = \"tfWAFIPSet\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.GetIpset(ctx, &waf.GetIpsetArgs{\n\t\t\tName: \"tfWAFIPSet\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getIpset.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAF IP set.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getIpset.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "id" + ] + } + }, + "aws:waf/getRateBasedRule:getRateBasedRule": { + "description": "`aws.waf.RateBasedRule` Retrieves a WAF Rate Based Rule Resource Id.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.waf.getRateBasedRule({\n name: \"tfWAFRateBasedRule\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.waf.get_rate_based_rule(name=\"tfWAFRateBasedRule\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Waf.GetRateBasedRule.InvokeAsync(new Aws.Waf.GetRateBasedRuleArgs\n {\n Name = \"tfWAFRateBasedRule\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.LookupRateBasedRule(ctx, &waf.LookupRateBasedRuleArgs{\n\t\t\tName: \"tfWAFRateBasedRule\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRateBasedRule.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAF rate based rule.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getRateBasedRule.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "id" + ] + } + }, + "aws:waf/getRule:getRule": { + "description": "`aws.waf.Rule` Retrieves a WAF Rule Resource Id.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.waf.getRule({\n name: \"tfWAFRule\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.waf.get_rule(name=\"tfWAFRule\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Waf.GetRule.InvokeAsync(new Aws.Waf.GetRuleArgs\n {\n Name = \"tfWAFRule\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.LookupRule(ctx, &waf.LookupRuleArgs{\n\t\t\tName: \"tfWAFRule\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRule.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAF rule.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getRule.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "id" + ] + } + }, + "aws:waf/getWebAcl:getWebAcl": { + "description": "`aws.waf.WebAcl` Retrieves a WAF Web ACL Resource Id.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.waf.getWebAcl({\n name: \"tfWAFWebACL\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.waf.get_web_acl(name=\"tfWAFWebACL\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Waf.GetWebAcl.InvokeAsync(new Aws.Waf.GetWebAclArgs\n {\n Name = \"tfWAFWebACL\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/waf\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := waf.LookupWebAcl(ctx, &waf.LookupWebAclArgs{\n\t\t\tName: \"tfWAFWebACL\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getWebAcl.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAF Web ACL.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getWebAcl.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "id" + ] + } + }, + "aws:wafregional/getIpset:getIpset": { + "description": "`aws.wafregional.IpSet` Retrieves a WAF Regional IP Set Resource Id.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.wafregional.getIpset({\n name: \"tfWAFRegionalIPSet\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafregional.get_ipset(name=\"tfWAFRegionalIPSet\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.WafRegional.GetIpset.InvokeAsync(new Aws.WafRegional.GetIpsetArgs\n {\n Name = \"tfWAFRegionalIPSet\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.GetIpset(ctx, &wafregional.GetIpsetArgs{\n\t\t\tName: \"tfWAFRegionalIPSet\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getIpset.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAF Regional IP set.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getIpset.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "id" + ] + } + }, + "aws:wafregional/getRateBasedMod:getRateBasedMod": { + "description": "`aws.wafregional.RateBasedRule` Retrieves a WAF Regional Rate Based Rule Resource Id.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.wafregional.getRateBasedMod({\n name: \"tfWAFRegionalRateBasedRule\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafregional.get_rate_based_mod(name=\"tfWAFRegionalRateBasedRule\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.WafRegional.GetRateBasedMod.InvokeAsync(new Aws.WafRegional.GetRateBasedModArgs\n {\n Name = \"tfWAFRegionalRateBasedRule\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.GetRateBasedMod(ctx, &wafregional.GetRateBasedModArgs{\n\t\t\tName: \"tfWAFRegionalRateBasedRule\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRateBasedMod.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAF Regional rate based rule.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getRateBasedMod.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "id" + ] + } + }, + "aws:wafregional/getRule:getRule": { + "description": "`aws.wafregional.Rule` Retrieves a WAF Regional Rule Resource Id.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.wafregional.getRule({\n name: \"tfWAFRegionalRule\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafregional.get_rule(name=\"tfWAFRegionalRule\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.WafRegional.GetRule.InvokeAsync(new Aws.WafRegional.GetRuleArgs\n {\n Name = \"tfWAFRegionalRule\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.LookupRule(ctx, &wafregional.LookupRuleArgs{\n\t\t\tName: \"tfWAFRegionalRule\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRule.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAF Regional rule.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getRule.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "id" + ] + } + }, + "aws:wafregional/getWebAcl:getWebAcl": { + "description": "`aws.wafregional.WebAcl` Retrieves a WAF Regional Web ACL Resource Id.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.wafregional.getWebAcl({\n name: \"tfWAFRegionalWebACL\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafregional.get_web_acl(name=\"tfWAFRegionalWebACL\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.WafRegional.GetWebAcl.InvokeAsync(new Aws.WafRegional.GetWebAclArgs\n {\n Name = \"tfWAFRegionalWebACL\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafregional\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafregional.LookupWebAcl(ctx, &wafregional.LookupWebAclArgs{\n\t\t\tName: \"tfWAFRegionalWebACL\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getWebAcl.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAF Regional Web ACL.\n" + } + }, + "type": "object", + "required": [ + "name" + ] + }, + "outputs": { + "description": "A collection of values returned by getWebAcl.\n", + "properties": { + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + } + }, + "type": "object", + "required": [ + "name", + "id" + ] + } + }, + "aws:wafv2/getIpSet:getIpSet": { + "description": "Retrieves the summary of a WAFv2 IP Set.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.wafv2.getIpSet({\n name: \"some-ip-set\",\n scope: \"REGIONAL\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.get_ip_set(name=\"some-ip-set\",\n scope=\"REGIONAL\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.WafV2.GetIpSet.InvokeAsync(new Aws.WafV2.GetIpSetArgs\n {\n Name = \"some-ip-set\",\n Scope = \"REGIONAL\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.LookupIpSet(ctx, &wafv2.LookupIpSetArgs{\n\t\t\tName: \"some-ip-set\",\n\t\t\tScope: \"REGIONAL\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getIpSet.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAFv2 IP Set.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + } + }, + "type": "object", + "required": [ + "name", + "scope" + ] + }, + "outputs": { + "description": "A collection of values returned by getIpSet.\n", + "properties": { + "addresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An array of strings that specify one or more IP addresses or blocks of IP addresses in Classless Inter-Domain Routing (CIDR) notation.\n" + }, + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the entity.\n" + }, + "description": { + "type": "string", + "description": "The description of the set that helps with identification.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ipAddressVersion": { + "type": "string", + "description": "The IP address version of the set.\n" + }, + "name": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "type": "object", + "required": [ + "addresses", + "arn", + "description", + "ipAddressVersion", + "name", + "scope", + "id" + ] + } + }, + "aws:wafv2/getRegexPatternSet:getRegexPatternSet": { + "description": "Retrieves the summary of a WAFv2 Regex Pattern Set.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.wafv2.getRegexPatternSet({\n name: \"some-regex-pattern-set\",\n scope: \"REGIONAL\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.get_regex_pattern_set(name=\"some-regex-pattern-set\",\n scope=\"REGIONAL\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.WafV2.GetRegexPatternSet.InvokeAsync(new Aws.WafV2.GetRegexPatternSetArgs\n {\n Name = \"some-regex-pattern-set\",\n Scope = \"REGIONAL\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.LookupRegexPatternSet(ctx, &wafv2.LookupRegexPatternSetArgs{\n\t\t\tName: \"some-regex-pattern-set\",\n\t\t\tScope: \"REGIONAL\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRegexPatternSet.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAFv2 Regex Pattern Set.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + } + }, + "type": "object", + "required": [ + "name", + "scope" + ] + }, + "outputs": { + "description": "A collection of values returned by getRegexPatternSet.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the entity.\n" + }, + "description": { + "type": "string", + "description": "The description of the set that helps with identification.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "regularExpressions": { + "type": "array", + "items": { + "$ref": "#/types/aws:wafv2/getRegexPatternSetRegularExpression:getRegexPatternSetRegularExpression" + }, + "description": "One or more blocks of regular expression patterns that AWS WAF is searching for. See Regular Expression below for details.\n" + }, + "scope": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "description", + "name", + "regularExpressions", + "scope", + "id" + ] + } + }, + "aws:wafv2/getRuleGroup:getRuleGroup": { + "description": "Retrieves the summary of a WAFv2 Rule Group.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.wafv2.getRuleGroup({\n name: \"some-rule-group\",\n scope: \"REGIONAL\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.get_rule_group(name=\"some-rule-group\",\n scope=\"REGIONAL\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.WafV2.GetRuleGroup.InvokeAsync(new Aws.WafV2.GetRuleGroupArgs\n {\n Name = \"some-rule-group\",\n Scope = \"REGIONAL\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.LookupRuleGroup(ctx, &wafv2.LookupRuleGroupArgs{\n\t\t\tName: \"some-rule-group\",\n\t\t\tScope: \"REGIONAL\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getRuleGroup.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAFv2 Rule Group.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + } + }, + "type": "object", + "required": [ + "name", + "scope" + ] + }, + "outputs": { + "description": "A collection of values returned by getRuleGroup.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the entity.\n" + }, + "description": { + "type": "string", + "description": "The description of the rule group that helps with identification.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "description", + "name", + "scope", + "id" + ] + } + }, + "aws:wafv2/getWebAcl:getWebAcl": { + "description": "Retrieves the summary of a WAFv2 Web ACL.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.wafv2.getWebAcl({\n name: \"some-web-acl\",\n scope: \"REGIONAL\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.wafv2.get_web_acl(name=\"some-web-acl\",\n scope=\"REGIONAL\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.WafV2.GetWebAcl.InvokeAsync(new Aws.WafV2.GetWebAclArgs\n {\n Name = \"some-web-acl\",\n Scope = \"REGIONAL\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := wafv2.LookupWebAcl(ctx, &wafv2.LookupWebAclArgs{\n\t\t\tName: \"some-web-acl\",\n\t\t\tScope: \"REGIONAL\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getWebAcl.\n", + "properties": { + "name": { + "type": "string", + "description": "The name of the WAFv2 Web ACL.\n" + }, + "scope": { + "type": "string", + "description": "Specifies whether this is for an AWS CloudFront distribution or for a regional application. Valid values are `CLOUDFRONT` or `REGIONAL`. To work with CloudFront, you must also specify the region `us-east-1` (N. Virginia) on the AWS provider.\n" + } + }, + "type": "object", + "required": [ + "name", + "scope" + ] + }, + "outputs": { + "description": "A collection of values returned by getWebAcl.\n", + "properties": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the entity.\n" + }, + "description": { + "type": "string", + "description": "The description of the WebACL that helps with identification.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string" + }, + "scope": { + "type": "string" + } + }, + "type": "object", + "required": [ + "arn", + "description", + "name", + "scope", + "id" + ] + } + }, + "aws:workspaces/getBundle:getBundle": { + "description": "Retrieve information about an AWS WorkSpaces bundle.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### By ID\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.workspaces.getBundle({\n bundleId: \"wsb-b0s22j3d7\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.workspaces.get_bundle(bundle_id=\"wsb-b0s22j3d7\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Workspaces.GetBundle.InvokeAsync(new Aws.Workspaces.GetBundleArgs\n {\n BundleId = \"wsb-b0s22j3d7\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"wsb-b0s22j3d7\"\n\t\t_, err := workspaces.GetBundle(ctx, &workspaces.GetBundleArgs{\n\t\t\tBundleId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### By Owner & Name\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.workspaces.getBundle({\n name: \"Value with Windows 10 and Office 2016\",\n owner: \"AMAZON\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.workspaces.get_bundle(name=\"Value with Windows 10 and Office 2016\",\n owner=\"AMAZON\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Workspaces.GetBundle.InvokeAsync(new Aws.Workspaces.GetBundleArgs\n {\n Name = \"Value with Windows 10 and Office 2016\",\n Owner = \"AMAZON\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"Value with Windows 10 and Office 2016\"\n\t\topt1 := \"AMAZON\"\n\t\t_, err := workspaces.GetBundle(ctx, &workspaces.GetBundleArgs{\n\t\t\tName: &opt0,\n\t\t\tOwner: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getBundle.\n", + "properties": { + "bundleId": { + "type": "string", + "description": "The ID of the bundle.\n" + }, + "name": { + "type": "string", + "description": "The name of the bundle. You cannot combine this parameter with `bundle_id`.\n" + }, + "owner": { + "type": "string", + "description": "The owner of the bundles. You have to leave it blank for own bundles. You cannot combine this parameter with `bundle_id`.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getBundle.\n", + "properties": { + "bundleId": { + "type": "string", + "description": "The ID of the bundle.\n" + }, + "computeTypes": { + "type": "array", + "items": { + "$ref": "#/types/aws:workspaces/getBundleComputeType:getBundleComputeType" + }, + "description": "The compute type. See supported fields below.\n" + }, + "description": { + "type": "string", + "description": "The description of the bundle.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "name": { + "type": "string", + "description": "The name of the compute type.\n" + }, + "owner": { + "type": "string", + "description": "The owner of the bundle.\n" + }, + "rootStorages": { + "type": "array", + "items": { + "$ref": "#/types/aws:workspaces/getBundleRootStorage:getBundleRootStorage" + }, + "description": "The root volume. See supported fields below.\n" + }, + "userStorages": { + "type": "array", + "items": { + "$ref": "#/types/aws:workspaces/getBundleUserStorage:getBundleUserStorage" + }, + "description": "The user storage. See supported fields below.\n" + } + }, + "type": "object", + "required": [ + "computeTypes", + "description", + "rootStorages", + "userStorages", + "id" + ] + } + }, + "aws:workspaces/getDirectory:getDirectory": { + "description": "Retrieve information about an AWS WorkSpaces directory.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.workspaces.getDirectory({\n directoryId: \"d-9067783251\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.workspaces.get_directory(directory_id=\"d-9067783251\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Workspaces.GetDirectory.InvokeAsync(new Aws.Workspaces.GetDirectoryArgs\n {\n DirectoryId = \"d-9067783251\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := workspaces.LookupDirectory(ctx, &workspaces.LookupDirectoryArgs{\n\t\t\tDirectoryId: \"d-9067783251\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getDirectory.\n", + "properties": { + "directoryId": { + "type": "string", + "description": "The directory identifier for registration in WorkSpaces service.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the WorkSpaces directory.\n" + } + }, + "type": "object", + "required": [ + "directoryId" + ] + }, + "outputs": { + "description": "A collection of values returned by getDirectory.\n", + "properties": { + "alias": { + "type": "string", + "description": "The directory alias.\n" + }, + "customerUserName": { + "type": "string", + "description": "The user name for the service account.\n" + }, + "directoryId": { + "type": "string" + }, + "directoryName": { + "type": "string", + "description": "The name of the directory.\n" + }, + "directoryType": { + "type": "string", + "description": "The directory type.\n" + }, + "dnsIpAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The IP addresses of the DNS servers for the directory.\n" + }, + "iamRoleId": { + "type": "string", + "description": "The identifier of the IAM role. This is the role that allows Amazon WorkSpaces to make calls to other services, such as Amazon EC2, on your behalf.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ipGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the IP access control groups associated with the directory.\n" + }, + "registrationCode": { + "type": "string", + "description": "The registration code for the directory. This is the code that users enter in their Amazon WorkSpaces client application to connect to the directory.\n" + }, + "selfServicePermissions": { + "type": "array", + "items": { + "$ref": "#/types/aws:workspaces/getDirectorySelfServicePermission:getDirectorySelfServicePermission" + }, + "description": "The permissions to enable or disable self-service capabilities.\n" + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The identifiers of the subnets where the directory resides.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A map of tags assigned to the WorkSpaces directory.\n" + }, + "workspaceAccessProperties": { + "type": "array", + "items": { + "$ref": "#/types/aws:workspaces/getDirectoryWorkspaceAccessProperty:getDirectoryWorkspaceAccessProperty" + }, + "description": "(Optional) Specifies which devices and operating systems users can use to access their WorkSpaces. Defined below.\n" + }, + "workspaceCreationProperties": { + "type": "array", + "items": { + "$ref": "#/types/aws:workspaces/getDirectoryWorkspaceCreationProperty:getDirectoryWorkspaceCreationProperty" + }, + "description": "The default properties that are used for creating WorkSpaces. Defined below.\n" + }, + "workspaceSecurityGroupId": { + "type": "string", + "description": "The identifier of the security group that is assigned to new WorkSpaces. Defined below.\n" + } + }, + "type": "object", + "required": [ + "alias", + "customerUserName", + "directoryId", + "directoryName", + "directoryType", + "dnsIpAddresses", + "iamRoleId", + "ipGroupIds", + "registrationCode", + "selfServicePermissions", + "subnetIds", + "workspaceAccessProperties", + "workspaceCreationProperties", + "workspaceSecurityGroupId", + "id" + ] + } + }, + "aws:workspaces/getImage:getImage": { + "description": "Use this data source to get information about a Workspaces image.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.workspaces.getImage({\n imageId: \"wsi-ten5h0y19\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.workspaces.get_image(image_id=\"wsi-ten5h0y19\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Workspaces.GetImage.InvokeAsync(new Aws.Workspaces.GetImageArgs\n {\n ImageId = \"wsi-ten5h0y19\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := workspaces.GetImage(ctx, &workspaces.GetImageArgs{\n\t\t\tImageId: \"wsi-ten5h0y19\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getImage.\n", + "properties": { + "imageId": { + "type": "string", + "description": "The ID of the image.\n" + } + }, + "type": "object", + "required": [ + "imageId" + ] + }, + "outputs": { + "description": "A collection of values returned by getImage.\n", + "properties": { + "description": { + "type": "string", + "description": "The description of the image.\n" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "imageId": { + "type": "string" + }, + "name": { + "type": "string", + "description": "The name of the image.\n" + }, + "operatingSystemType": { + "type": "string" + }, + "requiredTenancy": { + "type": "string", + "description": "Specifies whether the image is running on dedicated hardware. When Bring Your Own License (BYOL) is enabled, this value is set to DEDICATED. For more information, see [Bring Your Own Windows Desktop Images](https://docs.aws.amazon.com/workspaces/latest/adminguide/byol-windows-images.html).\n" + }, + "state": { + "type": "string", + "description": "The status of the image.\n" + } + }, + "type": "object", + "required": [ + "description", + "imageId", + "name", + "operatingSystemType", + "requiredTenancy", + "state", + "id" + ] + } + }, + "aws:workspaces/getWorkspace:getWorkspace": { + "description": "Use this data source to get information about a workspace in [AWS Workspaces](https://docs.aws.amazon.com/workspaces/latest/adminguide/amazon-workspaces.html) Service.\n\n{{% examples %}}\n## Example Usage\n{{% example %}}\n### Filter By Workspace ID\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.workspaces.getWorkspace({\n workspaceId: \"ws-cj5xcxsz5\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.workspaces.get_workspace(workspace_id=\"ws-cj5xcxsz5\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Workspaces.GetWorkspace.InvokeAsync(new Aws.Workspaces.GetWorkspaceArgs\n {\n WorkspaceId = \"ws-cj5xcxsz5\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"ws-cj5xcxsz5\"\n\t\t_, err := workspaces.LookupWorkspace(ctx, &workspaces.LookupWorkspaceArgs{\n\t\t\tWorkspaceId: &opt0,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% example %}}\n### Filter By Directory ID & User Name\n\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = pulumi.output(aws.workspaces.getWorkspace({\n directoryId: \"d-9967252f57\",\n userName: \"Example\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.workspaces.get_workspace(directory_id=\"d-9967252f57\",\n user_name=\"Example\")\n```\n```csharp\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nclass MyStack : Stack\n{\n public MyStack()\n {\n var example = Output.Create(Aws.Workspaces.GetWorkspace.InvokeAsync(new Aws.Workspaces.GetWorkspaceArgs\n {\n DirectoryId = \"d-9967252f57\",\n UserName = \"Example\",\n }));\n }\n\n}\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/workspaces\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\topt0 := \"d-9967252f57\"\n\t\topt1 := \"Example\"\n\t\t_, err := workspaces.LookupWorkspace(ctx, &workspaces.LookupWorkspaceArgs{\n\t\t\tDirectoryId: &opt0,\n\t\t\tUserName: &opt1,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n{{% /example %}}\n{{% /examples %}}", + "inputs": { + "description": "A collection of arguments for invoking getWorkspace.\n", + "properties": { + "directoryId": { + "type": "string", + "description": "The ID of the directory for the WorkSpace. You have to specify `user_name` along with `directory_id`. You cannot combine this parameter with `workspace_id`.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags for the WorkSpace.\n" + }, + "userName": { + "type": "string", + "description": "The user name of the user for the WorkSpace. This user name must exist in the directory for the WorkSpace. You cannot combine this parameter with `workspace_id`.\n" + }, + "workspaceId": { + "type": "string", + "description": "The ID of the WorkSpace. You cannot combine this parameter with `directory_id`.\n" + } + }, + "type": "object" + }, + "outputs": { + "description": "A collection of values returned by getWorkspace.\n", + "properties": { + "bundleId": { + "type": "string" + }, + "computerName": { + "type": "string", + "description": "The name of the WorkSpace, as seen by the operating system.\n" + }, + "directoryId": { + "type": "string" + }, + "id": { + "type": "string", + "description": "The provider-assigned unique ID for this managed resource.\n" + }, + "ipAddress": { + "type": "string", + "description": "The IP address of the WorkSpace.\n" + }, + "rootVolumeEncryptionEnabled": { + "type": "boolean" + }, + "state": { + "type": "string", + "description": "The operational state of the WorkSpace.\n" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "userName": { + "type": "string" + }, + "userVolumeEncryptionEnabled": { + "type": "boolean" + }, + "volumeEncryptionKey": { + "type": "string" + }, + "workspaceId": { + "type": "string" + }, + "workspaceProperties": { + "type": "array", + "items": { + "$ref": "#/types/aws:workspaces/getWorkspaceWorkspaceProperty:getWorkspaceWorkspaceProperty" + } + } + }, + "type": "object", + "required": [ + "bundleId", + "computerName", + "directoryId", + "ipAddress", + "rootVolumeEncryptionEnabled", + "state", + "tags", + "userName", + "userVolumeEncryptionEnabled", + "volumeEncryptionKey", + "workspaceId", + "workspaceProperties", + "id" + ] + } + } + }, + "language": { + "csharp": { + "compatibility": "tfbridge20", + "namespaces": { + "accessanalyzer": "AccessAnalyzer", + "acm": "Acm", + "acmpca": "Acmpca", + "alb": "Alb", + "amp": "Amp", + "amplify": "Amplify", + "apigateway": "ApiGateway", + "apigatewayv2": "ApiGatewayV2", + "appautoscaling": "AppAutoScaling", + "appconfig": "AppConfig", + "applicationloadbalancing": "ApplicationLoadBalancing", + "appmesh": "AppMesh", + "apprunner": "AppRunner", + "appsync": "AppSync", + "athena": "Athena", + "autoscaling": "AutoScaling", + "autoscalingplans": "AutoScalingPlans", + "aws": "Aws", + "backup": "Backup", + "batch": "Batch", + "budgets": "Budgets", + "cfg": "Cfg", + "cloud9": "Cloud9", + "cloudformation": "CloudFormation", + "cloudfront": "CloudFront", + "cloudhsmv2": "CloudHsmV2", + "cloudtrail": "CloudTrail", + "cloudwatch": "CloudWatch", + "codeartifact": "CodeArtifact", + "codebuild": "CodeBuild", + "codecommit": "CodeCommit", + "codedeploy": "CodeDeploy", + "codepipeline": "CodePipeline", + "codestarconnections": "CodeStarConnections", + "codestarnotifications": "CodeStarNotifications", + "cognito": "Cognito", + "cur": "Cur", + "datapipeline": "DataPipeline", + "datasync": "DataSync", + "dax": "Dax", + "devicefarm": "DeviceFarm", + "directconnect": "DirectConnect", + "directoryservice": "DirectoryService", + "dlm": "Dlm", + "dms": "Dms", + "docdb": "DocDB", + "dynamodb": "DynamoDB", + "ebs": "Ebs", + "ec2": "Ec2", + "ec2clientvpn": "Ec2ClientVpn", + "ec2transitgateway": "Ec2TransitGateway", + "ecr": "Ecr", + "ecrpublic": "EcrPublic", + "ecs": "Ecs", + "efs": "Efs", + "eks": "Eks", + "elasticache": "ElastiCache", + "elasticbeanstalk": "ElasticBeanstalk", + "elasticloadbalancing": "ElasticLoadBalancing", + "elasticloadbalancingv2": "ElasticLoadBalancingV2", + "elasticsearch": "ElasticSearch", + "elastictranscoder": "ElasticTranscoder", + "elb": "Elb", + "emr": "Emr", + "fms": "Fms", + "fsx": "Fsx", + "gamelift": "GameLift", + "glacier": "Glacier", + "globalaccelerator": "GlobalAccelerator", + "glue": "Glue", + "guardduty": "GuardDuty", + "iam": "Iam", + "identitystore": "IdentityStore", + "imagebuilder": "ImageBuilder", + "index": "index", + "inspector": "Inspector", + "iot": "Iot", + "kinesis": "Kinesis", + "kinesisanalyticsv2": "KinesisAnalyticsV2", + "kms": "Kms", + "lakeformation": "LakeFormation", + "lambda": "Lambda", + "lb": "LB", + "lex": "Lex", + "licensemanager": "LicenseManager", + "lightsail": "LightSail", + "macie": "Macie", + "macie2": "Macie2", + "mediaconvert": "MediaConvert", + "mediapackage": "MediaPackage", + "mediastore": "MediaStore", + "mq": "Mq", + "msk": "Msk", + "mwaa": "Mwaa", + "neptune": "Neptune", + "networkfirewall": "NetworkFirewall", + "opsworks": "OpsWorks", + "organizations": "Organizations", + "outposts": "Outposts", + "pinpoint": "Pinpoint", + "pricing": "Pricing", + "qldb": "Qldb", + "quicksight": "Quicksight", + "ram": "Ram", + "rds": "Rds", + "redshift": "RedShift", + "resourcegroups": "ResourceGroups", + "resourcegroupstaggingapi": "ResourceGroupsTaggingApi", + "route53": "Route53", + "s3": "S3", + "s3control": "S3Control", + "s3outposts": "S3Outposts", + "sagemaker": "Sagemaker", + "schemas": "Schemas", + "secretsmanager": "SecretsManager", + "securityhub": "SecurityHub", + "serverlessrepository": "ServerlessRepository", + "servicecatalog": "ServiceCatalog", + "servicediscovery": "ServiceDiscovery", + "servicequotas": "ServiceQuotas", + "ses": "Ses", + "sfn": "Sfn", + "shield": "Shield", + "signer": "Signer", + "simpledb": "SimpleDB", + "sns": "Sns", + "sqs": "Sqs", + "ssm": "Ssm", + "ssoadmin": "SsoAdmin", + "storagegateway": "StorageGateway", + "swf": "Swf", + "synthetics": "Synthetics", + "timestreamwrite": "TimestreamWrite", + "transfer": "Transfer", + "waf": "Waf", + "wafregional": "WafRegional", + "wafv2": "WafV2", + "worklink": "WorkLink", + "workspaces": "Workspaces", + "xray": "Xray" + }, + "packageReferences": { + "Pulumi": "3.*" + } + }, + "go": { + "generateResourceContainerTypes": true, + "importBasePath": "github.com/pulumi/pulumi-aws/sdk/v4/go/aws" + }, + "nodejs": { + "compatibility": "tfbridge20", + "dependencies": { + "@pulumi/pulumi": "^3.0.0", + "aws-sdk": "^2.0.0", + "builtin-modules": "3.0.0", + "mime": "^2.0.0", + "read-package-tree": "^5.2.1", + "resolve": "^1.7.1" + }, + "devDependencies": { + "@types/mime": "^2.0.0", + "@types/node": "^8.0.0" + }, + "disableUnionOutputTypes": true, + "packageDescription": "A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.", + "packageName": "", + "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/terraform-providers/terraform-provider-aws)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> first check the [`pulumi/pulumi-aws` repo](https://github.com/pulumi/pulumi-aws/issues); however, if that doesn't turn up anything,\n> please consult the source [`terraform-providers/terraform-provider-aws` repo](https://github.com/terraform-providers/terraform-provider-aws/issues).", + "typescriptVersion": "" + }, + "python": { + "compatibility": "tfbridge20", + "readme": "> This provider is a derived work of the [Terraform Provider](https://github.com/terraform-providers/terraform-provider-aws)\n> distributed under [MPL 2.0](https://www.mozilla.org/en-US/MPL/2.0/). If you encounter a bug or missing feature,\n> first check the [`pulumi/pulumi-aws` repo](https://github.com/pulumi/pulumi-aws/issues); however, if that doesn't turn up anything,\n> please consult the source [`terraform-providers/terraform-provider-aws` repo](https://github.com/terraform-providers/terraform-provider-aws/issues).", + "requires": { + "pulumi": ">=3.0.0,<4.0.0" + } + } + }, + "version": "4.15.0" +} diff --git a/pkg/codegen/testing/utils/host.go b/pkg/codegen/testing/utils/host.go index 45239b1817db..979a17c0f215 100644 --- a/pkg/codegen/testing/utils/host.go +++ b/pkg/codegen/testing/utils/host.go @@ -26,6 +26,7 @@ func NewHost(schemaDirectoryPath string) plugin.Host { // schema files in the given schema directory. This is the minimal set of schemas that must be // supplied. return deploytest.NewPluginHost(nil, nil, nil, + mockProvider("aws", "4.15.0"), mockProvider("aws", "4.26.0"), mockProvider("aws", "4.36.0"), mockProvider("aws", "4.37.1"),